Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-127330: Update for OpenSSL 3.4 #127331

Merged
merged 10 commits into from
Nov 28, 2024
Merged

gh-127330: Update for OpenSSL 3.4 #127331

merged 10 commits into from
Nov 28, 2024
+719 −11

Conversation

encukou
Copy link
Member

@encukou encukou commented Nov 27, 2024
edited by bedevere-app bot
Loading

Add git describe output to headers generated by make_ssl_data.py

IMO, this info is more important than the date when the file was generated.
It does mean that the tool now requires a Git checkout of OpenSSL, not for example a release tarball.

I've regenerated the older file to add the info. To the other older file I added a note about manual edits.

Add notes on how to add a new OpenSSL version

I believe that what I wrote is the correct process. ssl experts, do you want to you verify? @jackjansen, @tiran, @dstufft, @alex

Add 3.4 error messages and multissl tests

Hopefully we'll start getting fewer [SYS] unknown error in tests! (See #127257)

@encukou
Add git describe output to make_ssl_data.py
318838a 
Also:
- Avoid the deprecated `datetime.datetime.utcnow()`
- Fix newline

This requires that the OpenSSL source tree is a Git checkout,
and that you have Git installed. Both should be fine for a tool
run manually by people who can change the tool.
@encukou
Add notes on adding a new OpenSSL version
7ebe9aa
@encukou
Generate data for OpenSSL 3.4 and add it to multissltests
16f47c6
@encukou
Regenerate _ssl_data_111.h, to show the source commit
bc310fe
@encukou
_ssl_data_300.h: Edit the headsr to log manual edits
2f256a3
@encukou
Fix typo
e734721
@encukou encukou changed the title gh-27330: Update for OpenSSL 3.4 gh-127330: Update for OpenSSL 3.4 Nov 27, 2024
@bedevere-app bedevere-app bot mentioned this pull request Nov 27, 2024
Closed
@encukou encukou mentioned this pull request Nov 27, 2024
Closed
@encukou
Copy link
Member Author

encukou commented Nov 27, 2024

!buildbot Arch

@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @encukou for commit ea72022 🤖

The command will test the builders whose names match following regular expression: Arch

The builders matched are:

  • AMD64 Arch Linux Perf PR
  • AMD64 Arch Linux Asan PR
  • AMD64 Arch Linux Valgrind PR
  • aarch64 Fedora Rawhide LTO PR
  • AMD64 Arch Linux Usan PR
  • aarch64 RHEL8 LTO PR
  • AMD64 Arch Linux TraceRefs PR
  • aarch64 Fedora Stable Clang PR
  • aarch64 Ubuntu 22.04 BigMem PR
  • aarch64 CentOS9 LTO + PGO PR
  • aarch64 Fedora Stable LTO + PGO PR
  • aarch64 Fedora Stable PR
  • aarch64 Fedora Rawhide Clang Installed PR
  • aarch64 CentOS9 LTO PR
  • aarch64 Fedora Rawhide LTO + PGO PR
  • aarch64 Fedora Stable Refleaks PR
  • aarch64 RHEL8 Refleaks PR
  • aarch64 Fedora Rawhide NoGIL refleaks PR
  • AMD64 Arch Linux Usan Function PR
  • aarch64 Fedora Rawhide Clang PR
  • aarch64 Android PR
  • aarch64 Fedora Rawhide PR
  • aarch64 CentOS9 Refleaks PR
  • aarch64 RHEL8 PR
  • AMD64 Arch Linux VintageParser PR
  • aarch64 Fedora Stable LTO PR
  • aarch64 Fedora Stable Clang Installed PR
  • aarch64 Fedora Rawhide NoGIL PR
  • aarch64 RHEL8 LTO + PGO PR
  • AMD64 Arch Linux Asan Debug PR
  • aarch64 Fedora Rawhide Refleaks PR

@alex
Copy link
Member

alex commented Nov 27, 2024

I think this looks right, but I've never actually done the process myself :-)

The only other thing we might want is bumping the version that's used in the Windows and macOS builds.

@ned-deily
Copy link
Member

I believe @gpshead has done these updates most recently.

@ned-deily
Copy link
Member

ned-deily commented Nov 27, 2024
edited
Loading

The only other thing we might want is bumping the version that's used in the Windows and macOS builds.

Up to now, we've treated that as a separate decision, independent of what version(s) CPython supports. In particular, we have been taking the conservative approach and sticking with OpenSSL 3.0.x which is documented as that project's LTS version. We will eventually have to revisit that, i.e. before 2026-09-07, but it doesn't need to be part of this process.

@gpshead gpshead self-assigned this Nov 27, 2024
@petermarko
Copy link

This does not seem to fix #125936
After picking commit "Generate data for OpenSSL 3.4 and add it to multissltests" to 3.13.0, the test are still failing.
I don't see the afected tests being run in https://github.com/python/cpython/actions/runs/12051565064/job/33602924793
Not sure what I'm missing here...

gpshead
gpshead approved these changes Nov 27, 2024
View reviewed changes
Tools/ssl/make_ssl_data.py Outdated Show resolved Hide resolved
@encukou
Copy link
Member Author

encukou commented Nov 28, 2024

@petermarko, yes, this is better error reporting in general, but doesn't affect the bug we're getting there. I'll send another PR for a better error message for that case, and then, hopefully, one to fix the underlying bug.

encukou
encukou commented Nov 28, 2024
View reviewed changes
Tools/ssl/make_ssl_data.py Outdated Show resolved Hide resolved
@encukou encukou merged commit db5c576 into python:main Nov 28, 2024
41 checks passed
@encukou encukou deleted the make_ssl_data branch November 28, 2024 12:29
halstead pushed a commit to yoctoproject/poky that referenced this pull request Nov 29, 2024
@petermarko @rpurdie
python: backport patches to support openssl 3.4.0
7b1afc5 
python/cpython#127331
python/cpython#127361

(From OE-Core rev: e271e9cbf896f1fb97d56c426e4217a6d2105ea4)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead pushed a commit to openembedded/openembedded-core that referenced this pull request Nov 29, 2024
@petermarko @rpurdie
python: backport patches to support openssl 3.4.0
e271e9c 
python/cpython#127331
python/cpython#127361

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead pushed a commit to yoctoproject/poky that referenced this pull request Nov 29, 2024
@petermarko @rpurdie
python: backport patches to support openssl 3.4.0
cdea008 
python/cpython#127331
python/cpython#127361

(From OE-Core rev: e5f3a1793e34fb4cd1e53ca60b67f9a9f084b7a6)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead pushed a commit to openembedded/openembedded-core that referenced this pull request Nov 29, 2024
@petermarko @rpurdie
python: backport patches to support openssl 3.4.0
e5f3a17 
python/cpython#127331
python/cpython#127361

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
daregit pushed a commit to daregit/yocto-combined that referenced this pull request Nov 29, 2024
@petermarko @rpurdie
src/poky:python: backport patches to support openssl 3.4.0
204b22b 
python/cpython#127331
python/cpython#127361

(From OE-Core rev: e5f3a1793e34fb4cd1e53ca60b67f9a9f084b7a6)

Signed-off-by: Peter Marko <peter.markosiemens.com>
Signed-off-by: Richard Purdie <richard.purdielinuxfoundation.org>
daregit pushed a commit to daregit/yocto-combined that referenced this pull request Dec 1, 2024
@petermarko @rpurdie
src/poky:python: backport patches to support openssl 3.4.0
7b9baee 
python/cpython#127331
python/cpython#127361

(From OE-Core rev: e5f3a1793e34fb4cd1e53ca60b67f9a9f084b7a6)

Signed-off-by: Peter Marko <peter.markosiemens.com>
Signed-off-by: Richard Purdie <richard.purdielinuxfoundation.org>
leimaohui pushed a commit to ubinux/yocto-ubinux that referenced this pull request Dec 25, 2024
@petermarko @leimaohui
python: backport patches to support openssl 3.4.0
e856ce7 
python/cpython#127331
python/cpython#127361

(From OE-Core rev: e5f3a1793e34fb4cd1e53ca60b67f9a9f084b7a6)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
leimaohui pushed a commit to ubinux/yocto-ubinux that referenced this pull request Dec 25, 2024
@petermarko @leimaohui
python: backport patches to support openssl 3.4.0
05affd7 
python/cpython#127331
python/cpython#127361

(From OE-Core rev: e5f3a1793e34fb4cd1e53ca60b67f9a9f084b7a6)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
@jcfp jcfp mentioned this pull request Dec 27, 2024
Open
ebonnal pushed a commit to ebonnal/cpython that referenced this pull request Jan 12, 2025
@encukou @ebonnal
pythongh-127330: Update for OpenSSL 3.4 & document+improve the update…
f716e46 
… process (pythonGH-127331)

- Add `git describe` output to headers generated by `make_ssl_data.py`

  This info is more important than the date when the file was generated.
  It does mean that the tool now requires a Git checkout of OpenSSL,
  not for example a release tarball.

- Regenerate the older file to add the info.
  To the other older file, add a note about manual edits.

- Add notes on how to add a new OpenSSL version

- Add 3.4 error messages and multissl tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpshead gpshead gpshead approved these changes

@ezio-melotti ezio-melotti Awaiting requested review from ezio-melotti ezio-melotti is a code owner

@hugovk hugovk Awaiting requested review from hugovk hugovk is a code owner

@ericsnowcurrently ericsnowcurrently Awaiting requested review from ericsnowcurrently ericsnowcurrently is a code owner

Assignees

@gpshead gpshead

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@encukou @bedevere-bot @alex @ned-deily @petermarko @gpshead