1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
name: Wheel Builder
on:
repository_dispatch:
types: [wheel-builder]
jobs:
manylinux:
runs-on: ubuntu-latest
container: ${{ matrix.MANYLINUX.CONTAINER }}
strategy:
matrix:
PYTHON: ["cp27-cp27m", "cp27-cp27mu", "cp35-cp35m"]
MANYLINUX:
- NAME: manylinux1_x86_64
CONTAINER: "pyca/cryptography-manylinux1:x86_64"
- NAME: manylinux2010_x86_64
CONTAINER: "pyca/cryptography-manylinux2010:x86_64"
name: "Python ${{ matrix.PYTHON }} for ${{ matrix.MANYLINUX.NAME }}"
steps:
- run: /opt/python/${{ matrix.PYTHON }}/bin/python -m virtualenv .venv
- name: Downgrade pip, can't remember why
run: .venv/bin/pip install -U pip==10.0.1
- name: Install Python dependencies
run: .venv/bin/pip install cffi six ipaddress "enum34; python_version < '3'"
- run: |
REGEX="cp3([0-9])*"
if [[ "${{ matrix.PYTHON }}" =~ $REGEX ]]; then
PY_LIMITED_API="--build-option --py-limited-api=cp3${BASH_REMATCH[1]}"
fi
LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \
CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \
.venv/bin/pip wheel cryptography==${{ github.event.client_payload.BUILD_VERSION }} --no-binary cryptography --no-deps --wheel-dir=tmpwheelhouse $PY_LIMITED_API
- run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptograph*.whl -w wheelhouse/
- run: unzip wheelhouse/*.whl -d execstack.check
- run: |
results=$(execstack execstack.check/cryptography/hazmat/bindings/*.so)
count=$(echo "$results" | grep -c '^X' || true)
if [ "$count" -ne 0 ]; then
exit 1
else
exit 0
fi
- name: Upgrade pip again so we can actually use manylinux2010
run: .venv/bin/pip install -U pip
- run: .venv/bin/pip install cryptography --no-index -f wheelhouse/
- run: |
.venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- run: mkdir cryptography-wheelhouse
- run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/
- uses: actions/upload-artifact@v1
with:
name: "cryptography-${{ github.event.client_payload.BUILD_VERSION }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON }}"
path: cryptography-wheelhouse/
windows:
runs-on: windows-latest
strategy:
matrix:
WINDOWS:
- {ARCH: 'x86', WINDOWS: 'win32'}
- {ARCH: 'x64', WINDOWS: 'win64'}
PYTHON:
- {VERSION: "2.7", TOXENV: "py27", MSVC_VERSION: "2010"}
- {VERSION: "3.5", TOXENV: "py35", MSVC_VERSION: "2019"}
- {VERSION: "3.6", TOXENV: "py36", MSVC_VERSION: "2019"}
- {VERSION: "3.7", TOXENV: "py37", MSVC_VERSION: "2019"}
- {VERSION: "3.8", TOXENV: "py38", MSVC_VERSION: "2019"}
name: "Python ${{ matrix.PYTHON.VERSION }} on ${{ matrix.WINDOWS.WINDOWS }}"
steps:
- uses: actions/checkout@master
- name: Setup python
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.PYTHON.VERSION }}
architecture: ${{ matrix.WINDOWS.ARCH }}
- name: Install MSVC for Python 2.7
run: |
Invoke-WebRequest -Uri https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi -OutFile VCForPython27.msi
Start-Process msiexec -Wait -ArgumentList @('/i', 'VCForPython27.msi', '/qn', 'ALLUSERS=1')
Remove-Item VCForPython27.msi -Force
shell: powershell
if: matrix.PYTHON.VERSION == '2.7'
- run: pip install requests
- name: Download OpenSSL
run: |
python .github/workflows/download_openssl.py openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}
echo "::set-env name=INCLUDE::C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/include;%INCLUDE%"
echo "::set-env name=LIB::C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/lib;%LIB%"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: pip install cffi six ipaddress "enum34; python_version < '3'"
- run: pip wheel cryptography==${{ github.event.client_payload.BUILD_VERSION }} --wheel-dir=wheelhouse --no-binary cryptography
- run: pip install -f wheelhouse --no-index cryptography
- name: Print the OpenSSL we built and linked against
run: |
python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- run: mkdir cryptography-wheelhouse
- run: move wheelhouse\cryptography*.whl cryptography-wheelhouse\
- uses: actions/upload-artifact@v1
with:
name: "cryptography-${{ github.event.client_payload.BUILD_VERSION }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}"
path: cryptography-wheelhouse\
|