From a104f8ac4376ced7bd5a252757ab2c6f6b7efa5b Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 14 Jul 2025 21:19:58 +0000 Subject: [PATCH 01/11] Adapt @hugovk's proof-of-concept CI definition refactor Suggested by @hugovk [1]. [1]: https://github.com/hugovk/cpython/commit/a3f2ba9eb0c9bd1927d9a34faed98234afe88c70 --- .github/workflows/build.yml | 131 +++++++------------------- .github/workflows/reusable-ubuntu.yml | 2 +- 2 files changed, 35 insertions(+), 98 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 05f20e12f4653d..b068aaf96755e5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -260,8 +260,8 @@ jobs: free-threading: ${{ matrix.free-threading }} os: ${{ matrix.os }} - build-ubuntu-ssltests-openssl: - name: 'Ubuntu SSL tests with OpenSSL' + build-ubuntu-ssltests: + name: 'Ubuntu SSL tests' runs-on: ${{ matrix.os }} timeout-minutes: 60 needs: build-context @@ -269,75 +269,19 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-24.04] - openssl_ver: [3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.1] + include: + - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.0.16 } + - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.1.8 } + - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.2.4 } + - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.3.3 } + - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.4.1 } + - { os: ubuntu-24.04, ssl: aws-lc, ssl_ver: 1.55.0 } # See Tools/ssl/make_ssl_data.py for notes on adding a new version env: - OPENSSL_VER: ${{ matrix.openssl_ver }} - MULTISSL_DIR: ${{ github.workspace }}/multissl - OPENSSL_DIR: ${{ github.workspace }}/multissl/openssl/${{ matrix.openssl_ver }} - LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/openssl/${{ matrix.openssl_ver }}/lib - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Runner image version - run: echo "IMAGE_OS_VERSION=${ImageOS}-${ImageVersion}" >> "$GITHUB_ENV" - - name: Restore config.cache - uses: actions/cache@v4 - with: - path: config.cache - key: ${{ github.job }}-${{ env.IMAGE_OS_VERSION }}-${{ needs.build-context.outputs.config-hash }} - - name: Register gcc problem matcher - run: echo "::add-matcher::.github/problem-matchers/gcc.json" - - name: Install dependencies - run: sudo ./.github/workflows/posix-deps-apt.sh - - name: Configure OpenSSL env vars - run: | - echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV" - echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/openssl/${OPENSSL_VER}" >> "$GITHUB_ENV" - echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/openssl/${OPENSSL_VER}/lib" >> "$GITHUB_ENV" - - name: 'Restore OpenSSL build' - id: cache-openssl - uses: actions/cache@v4 - with: - path: ./multissl/openssl/${{ env.OPENSSL_VER }} - key: ${{ matrix.os }}-multissl-openssl-${{ env.OPENSSL_VER }} - - name: Install OpenSSL - if: steps.cache-openssl.outputs.cache-hit != 'true' - run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux - - name: Add ccache to PATH - run: | - echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" - - name: Configure ccache action - uses: hendrikmuhs/ccache-action@v1.2 - with: - save: false - - name: Configure CPython - run: ./configure CFLAGS="-fdiagnostics-format=json" --config-cache --enable-slower-safety --with-pydebug --with-openssl="$OPENSSL_DIR" - - name: Build CPython - run: make -j4 - - name: Display build info - run: make pythoninfo - - name: SSL tests - run: ./python Lib/test/ssltests.py - - build-ubuntu-ssltests-awslc: - name: 'Ubuntu SSL tests with AWS-LC' - runs-on: ${{ matrix.os }} - timeout-minutes: 60 - needs: build-context - if: needs.build-context.outputs.run-tests == 'true' - strategy: - fail-fast: false - matrix: - os: [ubuntu-24.04] - awslc_ver: [1.55.0] - env: - AWSLC_VER: ${{ matrix.awslc_ver}} + SSL_VER: ${{ matrix.ssl_ver }} MULTISSL_DIR: ${{ github.workspace }}/multissl - OPENSSL_DIR: ${{ github.workspace }}/multissl/aws-lc/${{ matrix.awslc_ver }} - LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/aws-lc/${{ matrix.awslc_ver }}/lib + SSL_DIR: ${{ github.workspace }}/multissl/${{ matrix.ssl }}/${{ matrix.ssl_ver }} + LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/${{ matrix.ssl }}/${{ matrix.ssl_ver }}/lib steps: - uses: actions/checkout@v4 with: @@ -356,22 +300,18 @@ jobs: - name: Configure SSL lib env vars run: | echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV" - echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}" >> "$GITHUB_ENV" - echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}/lib" >> "$GITHUB_ENV" - - name: 'Restore AWS-LC build' - id: cache-aws-lc + echo "SSL_DIR=${GITHUB_WORKSPACE}/multissl/${{ matrix.ssl }}/${SSL_VER}" >> "$GITHUB_ENV" + echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/${{ matrix.ssl }}/${SSL_VER}/lib" >> "$GITHUB_ENV" + - name: 'Restore SSL build' + id: cache-ssl uses: actions/cache@v4 with: - path: ./multissl/aws-lc/${{ matrix.awslc_ver }} - key: ${{ matrix.os }}-multissl-aws-lc-${{ matrix.awslc_ver }} - - name: Install AWS-LC - if: steps.cache-aws-lc.outputs.cache-hit != 'true' + path: ./multissl/${{ env.SSL }}/${{ env.SSL_VER }} + key: ${{ matrix.os }}-multissl-${{ env.SSL }}-${{ env.SSL_VER }} + - name: Install SSL + if: steps.cache-ssl.outputs.cache-hit != 'true' run: | - python3 Tools/ssl/multissltests.py \ - --steps=library \ - --base-directory "$MULTISSL_DIR" \ - --awslc ${{ matrix.awslc_ver }} \ - --system Linux + python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --system Linux --ssl ${{ matrix.ssl }} --ssl-versions ${{ matrix.ssl_ver }} - name: Add ccache to PATH run: | echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" @@ -381,18 +321,18 @@ jobs: save: false - name: Configure CPython run: | - ./configure CFLAGS="-fdiagnostics-format=json" \ - --config-cache \ - --enable-slower-safety \ - --with-pydebug \ - --with-openssl="$OPENSSL_DIR" \ - --with-builtin-hashlib-hashes=blake2 \ - --with-ssl-default-suites=openssl + CMD=(./configure CFLAGS="-fdiagnostics-format=json" --config-cache --enable-slower-safety --with-pydebug --with-openssl="$SSL_DIR") + if [ "${{ matrix.ssl }}" = "openssl" ]; then + "${CMD[@]}" + else + "${CMD[@]}" --with-builtin-hashlib-hashes=blake2 --with-ssl-default-suites=openssl + fi - name: Build CPython - run: make -j + run: make -j4 - name: Display build info run: make pythoninfo - name: Verify python is linked to AWS-LC + if: matrix.ssl == 'aws-lc' run: ./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' | grep AWS-LC - name: SSL tests run: ./python Lib/test/ssltests.py @@ -435,7 +375,7 @@ jobs: key: ${{ runner.os }}-multissl-openssl-${{ env.OPENSSL_VER }} - name: Install OpenSSL if: steps.cache-openssl.outputs.cache-hit != 'true' - run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux + run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --ssl 'openssl' --ssl-versions "$OPENSSL_VER" --system Linux - name: Add ccache to PATH run: | echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" @@ -567,7 +507,7 @@ jobs: key: ${{ matrix.os }}-multissl-openssl-${{ env.OPENSSL_VER }} - name: Install OpenSSL if: steps.cache-openssl.outputs.cache-hit != 'true' - run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux + run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --ssl 'openssl' --ssl-versions "$OPENSSL_VER" --system Linux - name: Add ccache to PATH run: | echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" @@ -703,8 +643,7 @@ jobs: - build-windows-msi - build-macos - build-ubuntu - - build-ubuntu-ssltests-awslc - - build-ubuntu-ssltests-openssl + - build-ubuntu-ssltests - build-wasi - test-hypothesis - build-asan @@ -719,8 +658,7 @@ jobs: with: allowed-failures: >- build-windows-msi, - build-ubuntu-ssltests-awslc, - build-ubuntu-ssltests-openssl, + build-ubuntu-ssltests, test-hypothesis, cifuzz, allowed-skips: >- @@ -738,8 +676,7 @@ jobs: check-generated-files, build-macos, build-ubuntu, - build-ubuntu-ssltests-awslc, - build-ubuntu-ssltests-openssl, + build-ubuntu-ssltests, build-wasi, test-hypothesis, build-asan, diff --git a/.github/workflows/reusable-ubuntu.yml b/.github/workflows/reusable-ubuntu.yml index 76b19fd5d1a72e..607e7949161812 100644 --- a/.github/workflows/reusable-ubuntu.yml +++ b/.github/workflows/reusable-ubuntu.yml @@ -60,7 +60,7 @@ jobs: key: ${{ inputs.os }}-multissl-openssl-${{ env.OPENSSL_VER }} - name: Install OpenSSL if: steps.cache-openssl.outputs.cache-hit != 'true' - run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux + run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --ssl openssl --ssl-versions "$OPENSSL_VER" --system Linux - name: Add ccache to PATH run: | echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" From 3fcbe0d66363d53223d74d7542cbb6d3f3059959 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 14 Jul 2025 21:21:29 +0000 Subject: [PATCH 02/11] Preliminary refactor of multissltests.py, TODO migrate to classes --- Tools/ssl/multissltests.py | 74 ++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 40 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index f4c8fde8346fd9..969d5cc4b91e5d 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -86,33 +86,19 @@ parser.add_argument( '--disable-ancient', action='store_true', - help="Don't test OpenSSL and LibreSSL versions without upstream support", + help="Don't test SSL versions without upstream support", ) parser.add_argument( - '--openssl', - nargs='+', - default=(), - help=( - "OpenSSL versions, defaults to '{}' (ancient: '{}') if no " - "OpenSSL and LibreSSL versions are given." - ).format(OPENSSL_RECENT_VERSIONS, OPENSSL_OLD_VERSIONS) -) -parser.add_argument( - '--libressl', - nargs='+', - default=(), - help=( - "LibreSSL versions, defaults to '{}' (ancient: '{}') if no " - "OpenSSL and LibreSSL versions are given." - ).format(LIBRESSL_RECENT_VERSIONS, LIBRESSL_OLD_VERSIONS) + '--ssl', + choices=['openssl', 'awslc', 'libressl'], + default=None, + help="Which SSL lib to test. If not specified, all are tested.", ) parser.add_argument( - '--awslc', + '--ssl-versions', nargs='+', - default=(), - help=( - "AWS-LC versions, defaults to '{}' if no crypto library versions are given." - ).format(AWSLC_RECENT_VERSIONS) + default=None, + help="SSL lib version(s), default depends on value passed to --ssl", ) parser.add_argument( '--tests', @@ -507,19 +493,6 @@ def configure_make(): def main(): args = parser.parse_args() - if not args.openssl and not args.libressl and not args.awslc: - args.openssl = list(OPENSSL_RECENT_VERSIONS) - args.libressl = list(LIBRESSL_RECENT_VERSIONS) - args.awslc = list(AWSLC_RECENT_VERSIONS) - if not args.disable_ancient: - args.openssl.extend(OPENSSL_OLD_VERSIONS) - args.libressl.extend(LIBRESSL_OLD_VERSIONS) - - logging.basicConfig( - level=logging.DEBUG if args.debug else logging.INFO, - format="*** %(levelname)s %(message)s" - ) - start = datetime.now() if args.steps in {'modules', 'tests'}: @@ -535,13 +508,34 @@ def main(): # check for configure and run make configure_make() + logging.basicConfig( + level=logging.DEBUG if args.debug else logging.INFO, + format="*** %(levelname)s %(message)s" + ) + + ssl_libs = { + "openssl": [ + BuildOpenSSL, OPENSSL_OLD_VERSIONS, OPENSSL_RECENT_VERSIONS, [] + ], + "libressl": [ + BuildLibreSSL, LIBRESSL_OLD_VERSIONS, LIBRESSL_RECENT_VERSIONS, [] + ], + "awslc": [BuildAWSLC, [], AWSLC_RECENT_VERSIONS, []], + } + if args.ssl and args.ssl_versions: + ssl_libs[args.ssl][3] += args.ssl_versions + elif args.ssl: + ssl_libs[args.ssl][3] += ssl_libs[args.ssl][2] + else: + ssl_libs["openssl"][3] += ssl_libs["openssl"][2] + ssl_libs["libressl"][3] += ssl_libs["libressl"][2] + ssl_libs["awslc"][3] += ssl_libs["awslc"][2] + if not args.disable_ancient: + ssl_libs["openssl"][3] += ssl_libs["openssl"][1] + ssl_libs["libressl"][3] += ssl_libs["libressl"][1] # download and register builder builds = [] - for build_class, versions in [ - (BuildOpenSSL, args.openssl), - (BuildLibreSSL, args.libressl), - (BuildAWSLC, args.awslc), - ]: + for build_class, _, _, versions in ssl_libs.values(): for version in versions: build = build_class(version, args) build.install() From 5d8ec9aaea218a1e1f298e9065c9ba63cd9e05d9 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 14 Jul 2025 21:27:53 +0000 Subject: [PATCH 03/11] Fix aws-lc/awslc lib name discrepancy --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b068aaf96755e5..665befea8787c7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -275,7 +275,7 @@ jobs: - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.2.4 } - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.3.3 } - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.4.1 } - - { os: ubuntu-24.04, ssl: aws-lc, ssl_ver: 1.55.0 } + - { os: ubuntu-24.04, ssl: awslc, ssl_ver: 1.55.0 } # See Tools/ssl/make_ssl_data.py for notes on adding a new version env: SSL_VER: ${{ matrix.ssl_ver }} From 991c6b28096b4bfbb6634dcd07d725c7d9141f0d Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 14 Jul 2025 21:45:13 +0000 Subject: [PATCH 04/11] Migrate AbstractBuilder to abc --- Tools/ssl/multissltests.py | 104 +++++++++++++++++++++++++++---------- 1 file changed, 78 insertions(+), 26 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 969d5cc4b91e5d..916d1fd989ba92 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -24,6 +24,7 @@ """ from __future__ import print_function +import abc import argparse from datetime import datetime import logging @@ -146,11 +147,7 @@ ) -class AbstractBuilder(object): - library = None - url_templates = None - src_template = None - build_template = None +class AbstractBuilder(object, metaclass=abc.ABCMeta): depend_target = None install_target = 'install' if hasattr(os, 'process_cpu_count'): @@ -158,6 +155,26 @@ class AbstractBuilder(object): else: jobs = os.cpu_count() + @property + @abstractmethod + def library(self): + pass + + @property + @abstractmethod + def url_templates(self): + pass + + @property + @abstractmethod + def src_template(self): + pass + + @property + @abstractmethod + def build_template(self): + pass + module_files = ( os.path.join(PYTHONROOT, "Modules/_ssl.c"), os.path.join(PYTHONROOT, "Modules/_hashopenssl.c"), @@ -167,9 +184,10 @@ class AbstractBuilder(object): def __init__(self, version, args): self.version = version self.args = args + libdir = self.library.lower().replace("-", "") # installation directory self.install_dir = os.path.join( - os.path.join(args.base_directory, self.library.lower()), version + os.path.join(args.base_directory, libdir), version ) # source file self.src_dir = os.path.join(args.base_directory, 'src') @@ -396,18 +414,30 @@ def run_python_tests(self, tests, network=True): class BuildOpenSSL(AbstractBuilder): - library = "OpenSSL" - url_templates = ( - "https://github.com/openssl/openssl/releases/download/openssl-{v}/openssl-{v}.tar.gz", - "https://www.openssl.org/source/openssl-{v}.tar.gz", - "https://www.openssl.org/source/old/{s}/openssl-{v}.tar.gz" - ) - src_template = "openssl-{}.tar.gz" - build_template = "openssl-{}" # only install software, skip docs install_target = 'install_sw' depend_target = 'depend' + @property + def library(self): + return "OpenSSL" + + @property + def url_templates(self): + return ( + "https://github.com/openssl/openssl/releases/download/openssl-{v}/openssl-{v}.tar.gz", + "https://www.openssl.org/source/openssl-{v}.tar.gz", + "https://www.openssl.org/source/old/{s}/openssl-{v}.tar.gz", + ) + + @property + def src_template(self): + return "openssl-{}.tar.gz" + + @property + def build_template(self): + return "openssl-{}" + def _post_install(self): if self.version.startswith("3."): self._post_install_3xx() @@ -443,21 +473,43 @@ def short_version(self): class BuildLibreSSL(AbstractBuilder): - library = "LibreSSL" - url_templates = ( - "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-{v}.tar.gz", - ) - src_template = "libressl-{}.tar.gz" - build_template = "libressl-{}" + @property + def library(self): + return "LibreSSL" + + @property + def url_templates(self): + return ( + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-{v}.tar.gz", + ) + + @property + def src_template(self): + return "libressl-{}.tar.gz" + + @property + def build_template(self): + "libressl-{}" class BuildAWSLC(AbstractBuilder): - library = "AWS-LC" - url_templates = ( - "https://github.com/aws/aws-lc/archive/refs/tags/v{v}.tar.gz", - ) - src_template = "aws-lc-{}.tar.gz" - build_template = "aws-lc-{}" + @property + def library(self): + return "AWS-LC" + + @property + def url_templates(self): + return ( + "https://github.com/aws/aws-lc/archive/refs/tags/v{v}.tar.gz", + ) + + @property + def src_template(self): + return "aws-lc-{}.tar.gz" + + @property + def build_template(self): + return "aws-lc-{}" def _build_src(self, config_args=()): cwd = self.build_dir From 7b5149941e3a43cd041d9f3a8a9d73c2bbad600b Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 14 Jul 2025 21:53:45 +0000 Subject: [PATCH 05/11] Fix imports --- Tools/ssl/multissltests.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 916d1fd989ba92..4a20d41a529189 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -24,7 +24,8 @@ """ from __future__ import print_function -import abc +from abc import abstractmethod +from abc import ABCMeta import argparse from datetime import datetime import logging @@ -147,7 +148,7 @@ ) -class AbstractBuilder(object, metaclass=abc.ABCMeta): +class AbstractBuilder(object, metaclass=ABCMeta): depend_target = None install_target = 'install' if hasattr(os, 'process_cpu_count'): From 66381275b0896a153fc50fbd5f35fa3b0ba48d1e Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 16 Jul 2025 19:36:43 +0000 Subject: [PATCH 06/11] Complete ABC refactor --- Tools/ssl/multissltests.py | 146 +++++++++++++++++++------------------ 1 file changed, 77 insertions(+), 69 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 4a20d41a529189..69305c638b5acb 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -44,29 +44,6 @@ log = logging.getLogger("multissl") -OPENSSL_OLD_VERSIONS = [ - "1.1.1w", -] - -OPENSSL_RECENT_VERSIONS = [ - "3.0.16", - "3.1.8", - "3.2.4", - "3.3.3", - "3.4.1", - # See make_ssl_data.py for notes on adding a new version. -] - -LIBRESSL_OLD_VERSIONS = [ -] - -LIBRESSL_RECENT_VERSIONS = [ -] - -AWSLC_RECENT_VERSIONS = [ - "1.55.0", -] - # store files in ../multissl HERE = os.path.dirname(os.path.abspath(__file__)) PYTHONROOT = os.path.abspath(os.path.join(HERE, '..', '..')) @@ -155,32 +132,40 @@ class AbstractBuilder(object, metaclass=ABCMeta): jobs = os.process_cpu_count() else: jobs = os.cpu_count() + module_files = ( + os.path.join(PYTHONROOT, "Modules/_ssl.c"), + os.path.join(PYTHONROOT, "Modules/_hashopenssl.c"), + ) + module_libs = ("_ssl", "_hashlib") @property @abstractmethod - def library(self): + def library(self=None): pass @property @abstractmethod - def url_templates(self): + def url_templates(self=None): pass @property @abstractmethod - def src_template(self): + def src_template(self=None): pass @property @abstractmethod - def build_template(self): + def build_template(self=None): pass - module_files = ( - os.path.join(PYTHONROOT, "Modules/_ssl.c"), - os.path.join(PYTHONROOT, "Modules/_hashopenssl.c"), - ) - module_libs = ("_ssl", "_hashlib") + @property + @abstractmethod + def recent_versions(): + pass + + @property + def old_versions(): + return [] def __init__(self, version, args): self.version = version @@ -420,11 +405,11 @@ class BuildOpenSSL(AbstractBuilder): depend_target = 'depend' @property - def library(self): + def library(self=None): return "OpenSSL" @property - def url_templates(self): + def url_templates(self=None): return ( "https://github.com/openssl/openssl/releases/download/openssl-{v}/openssl-{v}.tar.gz", "https://www.openssl.org/source/openssl-{v}.tar.gz", @@ -432,13 +417,28 @@ def url_templates(self): ) @property - def src_template(self): + def src_template(self=None): return "openssl-{}.tar.gz" @property - def build_template(self): + def build_template(self=None): return "openssl-{}" + @property + def recent_versions(): + return [ + "3.0.16", + "3.1.8", + "3.2.4", + "3.3.3", + "3.4.1", + # See make_ssl_data.py for notes on adding a new version. + ] + + @property + def old_versions(): + return [ "1.1.1w" ] + def _post_install(self): if self.version.startswith("3."): self._post_install_3xx() @@ -475,43 +475,53 @@ def short_version(self): class BuildLibreSSL(AbstractBuilder): @property - def library(self): + def library(self=None): return "LibreSSL" @property - def url_templates(self): + def url_templates(self=None): return ( "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-{v}.tar.gz", ) @property - def src_template(self): + def src_template(self=None): return "libressl-{}.tar.gz" @property - def build_template(self): + def build_template(self=None): "libressl-{}" + @property + def recent_versions(): + return [] + class BuildAWSLC(AbstractBuilder): @property - def library(self): + def library(self=None): return "AWS-LC" @property - def url_templates(self): + def url_templates(self=None): return ( "https://github.com/aws/aws-lc/archive/refs/tags/v{v}.tar.gz", ) @property - def src_template(self): + def src_template(self=None): return "aws-lc-{}.tar.gz" @property - def build_template(self): + def build_template(self=None): return "aws-lc-{}" + @property + def recent_versions(): + return [ + "1.55.0", + ] + def _build_src(self, config_args=()): cwd = self.build_dir log.info("Running build in {}".format(cwd)) @@ -566,33 +576,31 @@ def main(): format="*** %(levelname)s %(message)s" ) - ssl_libs = { - "openssl": [ - BuildOpenSSL, OPENSSL_OLD_VERSIONS, OPENSSL_RECENT_VERSIONS, [] - ], - "libressl": [ - BuildLibreSSL, LIBRESSL_OLD_VERSIONS, LIBRESSL_RECENT_VERSIONS, [] - ], - "awslc": [BuildAWSLC, [], AWSLC_RECENT_VERSIONS, []], - } - if args.ssl and args.ssl_versions: - ssl_libs[args.ssl][3] += args.ssl_versions - elif args.ssl: - ssl_libs[args.ssl][3] += ssl_libs[args.ssl][2] + versions = [] + ssl_libs = AbstractBuilder.__subclasses__() + if args.ssl: + lib_name = lambda x: x.library.fget().lower().replace("-", "") + libs = [l for l in ssl_libs if lib_name(l) == args.ssl] + assert len(libs) == 1 + cls = libs.pop() + if args.ssl_versions: + versions += [(cls, v) for v in args.ssl_versions] + else: + versions += [(cls, v) for v in cls.recent_versions.fget()] else: - ssl_libs["openssl"][3] += ssl_libs["openssl"][2] - ssl_libs["libressl"][3] += ssl_libs["libressl"][2] - ssl_libs["awslc"][3] += ssl_libs["awslc"][2] - if not args.disable_ancient: - ssl_libs["openssl"][3] += ssl_libs["openssl"][1] - ssl_libs["libressl"][3] += ssl_libs["libressl"][1] - # download and register builder + if args.ssl_versions: + print("ERROR: SSL versions specified without specifying library") + exit(1) + for cls in ssl_libs: + versions += [(cls, v) for v in cls.recent_versions.fget()] + if not args.disable_ancient: + versions += [(cls, v) for v in cls.old_versions.fget()] + builds = [] - for build_class, _, _, versions in ssl_libs.values(): - for version in versions: - build = build_class(version, args) - build.install() - builds.append(build) + for build_class, version in versions: + build = build_class(version, args) + build.install() + builds.append(build) if args.steps in {'modules', 'tests'}: for build in builds: From 4e0a8caa51ac461604b7a6e7b7d082db02a790d3 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 16 Jul 2025 19:52:47 +0000 Subject: [PATCH 07/11] Colorize parser --- Tools/ssl/multissltests.py | 1 + 1 file changed, 1 insertion(+) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 69305c638b5acb..3fa1776d734e0f 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -57,6 +57,7 @@ "versions." ), ) +parser.color = True parser.add_argument( '--debug', action='store_true', From 1a90e0c3414f9c77607658e5a9c5450ea3de05d9 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 16 Jul 2025 19:54:46 +0000 Subject: [PATCH 08/11] Adjust compatibility comment --- Tools/ssl/multissltests.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 3fa1776d734e0f..88e2f0c7c78ad8 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -18,7 +18,8 @@ search paths for header files and shared libraries. It's known to work on Linux with GCC and clang. -Please keep this script compatible with Python 2.7, and 3.4 to 3.7. +Please keep this script compatible with all currently-maintained Python +versions. (c) 2013-2017 Christian Heimes """ From 1fcb49f9d440dd2d8cff58a4902a57e747f3fbea Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 20:08:58 +0000 Subject: [PATCH 09/11] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20b?= =?UTF-8?q?lurb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst diff --git a/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst b/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst new file mode 100644 index 00000000000000..2cee0f7c034a06 --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst @@ -0,0 +1 @@ +Refactor multissltests.py and build.yml to better support testing additional cryptography libraries in the future. From dd969fbaf1a84aa0a97c2024ec43c837c3d9a9ef Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 16 Jul 2025 20:10:08 +0000 Subject: [PATCH 10/11] =?UTF-8?q?Revert=20"=F0=9F=93=9C=F0=9F=A4=96=20Adde?= =?UTF-8?q?d=20by=20blurb=5Fit."?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 1fcb49f9d440dd2d8cff58a4902a57e747f3fbea. --- .../next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst | 1 - 1 file changed, 1 deletion(-) delete mode 100644 Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst diff --git a/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst b/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst deleted file mode 100644 index 2cee0f7c034a06..00000000000000 --- a/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst +++ /dev/null @@ -1 +0,0 @@ -Refactor multissltests.py and build.yml to better support testing additional cryptography libraries in the future. From 3343120065d82d492326063e59ef2df381f808f3 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 16 Jul 2025 20:12:33 +0000 Subject: [PATCH 11/11] Include old versions when using default versions --- Tools/ssl/multissltests.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 88e2f0c7c78ad8..2c8264dd09076b 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -589,6 +589,8 @@ def main(): versions += [(cls, v) for v in args.ssl_versions] else: versions += [(cls, v) for v in cls.recent_versions.fget()] + if not args.disable_ancient: + versions += [(cls, v) for v in cls.old_versions.fget()] else: if args.ssl_versions: print("ERROR: SSL versions specified without specifying library") pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy