New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
multissl doesn't support tarballs in /source/old/ #84344
Comments
Tools/ssl/multissltests.py expects to find OpenSSL tarballs in: Like: https://www.openssl.org/source/openssl-1.1.1f.tar.gz Problem: OpenSSL moves old versions to https://www.openssl.org/source/old/ If Tools/ssl/multissltests.py fails to download a tarball (HTTP error 404), it should try to get it from /source/old/. It would prevent us to have to upgrade OpenSSL version immediately in all Python branches of all CIs (Azure Pipelines and Travis CI) as soon as OpenSSL decides to move a tarball. This move is not under our control. Upgrading OpenSSL is a good practice. Breaking our CI is not :-) |
When OpenSSL moves a tarball, all our pre-commit CIs are broken and suddenly, all PRs can no longer be merged. We have first write PRs to update the configuration of our CI to use the newer OpenSSL version, merge these PRs, and then *all* pending PRs must be rebased on top of these merged PRS to retrieve the newer CI configuration. There are currently 1085 pending PRs at https://github.com/python/cpython/pulls Well, for most of them, the CI already passed so we can merge them. But if a reviewer requires changes, the CI will re-run and then fail :-( Moreover, fixing multissltests.py doesn't help neither, since again, PRs should be rebased to retrieve multissltests.py changes. I hope that I'm wrong and the situation is not so bad. -- Another solution would be to enhance our workflow to always rebase PRs on the development branch. Something like what https://mergify.io/ does. I'm not sure what is the configuration of Azure Pipelines, GitHub actions and Travis CI. Would it be possible to make them rebase the PRs before running tests. |
Ah crap :/ That's annoying. This breaks all CI of all our active branches and all open PRs. I'll fix the issue and talk to OpenSSL upstream. |
Benjamin, Larry, |
Do you mean continue to provide old versions in /source/ directory as well? Maybe they move tarballs to /source/old/ on purpose, to force users to use the latest versions which get fixes for new vulnerabilities? |
Thanks for the fix! |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: