From 8aa1eb385c69ddc17e271acad82bade9da7884b8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 18 Mar 2018 15:02:49 -0400 Subject: change our manylinux1 and macos wheel builders to build limited api (#4113) * change our manylinux1 and macos wheel builders to build limited api pip does not currently support the--py-limited-api cli flag that wheel uses so we have to switch to downloading and then building via setup.py bdist_wheel for now. However, we can get rid of everything but the py34 builder on mac/linux/linux32, saving us 6 wheels now (and soon 9 with the release of python 3.7) * some newlines * review feedback --- .jenkins/Jenkinsfile-cryptography-wheel-builder | 40 ++++++++++++++++++++----- 1 file changed, 32 insertions(+), 8 deletions(-) (limited to '.jenkins') diff --git a/.jenkins/Jenkinsfile-cryptography-wheel-builder b/.jenkins/Jenkinsfile-cryptography-wheel-builder index 0f66bfb0..b0a2fff1 100644 --- a/.jenkins/Jenkinsfile-cryptography-wheel-builder +++ b/.jenkins/Jenkinsfile-cryptography-wheel-builder @@ -16,22 +16,26 @@ def configs = [ ], [ label: 'sierra', - versions: ['py27', 'py34', 'py35', 'py36'], + # The py3x version listed here corresponds to the minimum ABI version + # the wheels will support. e.g. py34 supports py34+ + versions: ['py27', 'py34'], ], [ label: 'docker', imageName: 'pyca/cryptography-manylinux1:i686', + # The py3x version listed here corresponds to the minimum ABI version + # the wheels will support. e.g. cp34-cp34m supports py34+ versions: [ 'cp27-cp27m', 'cp27-cp27mu', 'cp34-cp34m', - 'cp35-cp35m', 'cp36-cp36m' ], ], [ label: 'docker', imageName: 'pyca/cryptography-manylinux1:x86_64', + # The py3x version listed here corresponds to the minimum ABI version + # the wheels will support. e.g. cp34-cp34m supports py34+ versions: [ 'cp27-cp27m', 'cp27-cp27mu', 'cp34-cp34m', - 'cp35-cp35m', 'cp36-cp36m' ], ], ] @@ -88,8 +92,6 @@ def build(version, label, imageName) { def pythonPath = [ py27: "/Library/Frameworks/Python.framework/Versions/2.7/bin/python2.7", py34: "/Library/Frameworks/Python.framework/Versions/3.4/bin/python3.4", - py35: "/Library/Frameworks/Python.framework/Versions/3.5/bin/python3.5", - py36: "/Library/Frameworks/Python.framework/Versions/3.6/bin/python3.6", ] ansiColor { sh """#!/usr/bin/env bash @@ -107,7 +109,19 @@ def build(version, label, imageName) { virtualenv .venv -p ${pythonPath[version]} source .venv/bin/activate pip install -U wheel # upgrade wheel to latest before we use it to build the wheel - CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS="1" LDFLAGS="/usr/local/opt/openssl@1.1/lib/libcrypto.a /usr/local/opt/openssl@1.1/lib/libssl.a" CFLAGS="-I/usr/local/opt/openssl@1.1/include -mmacosx-version-min=10.9" pip wheel cryptography==$BUILD_VERSION --wheel-dir=wheelhouse --no-binary cryptography + pip install cffi six idna asn1crypto ipaddress enum34 + pip download cryptography==$BUILD_VERSION --no-binary cryptography --no-deps + tar zxf cryptography* + pushd cryptography* + REGEX="cp3([0-9])*" + if [[ "${version}" =~ $REGEX ]]; then + PY_LIMITED_API="--py-limited-api=cp3${BASH_REMATCH[1]}" + fi + CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS="1" \ + LDFLAGS="/usr/local/opt/openssl@1.1/lib/libcrypto.a /usr/local/opt/openssl@1.1/lib/libssl.a" \ + CFLAGS="-I/usr/local/opt/openssl@1.1/include -mmacosx-version-min=10.9" \ + python setup.py bdist_wheel --dist-dir=../wheelhouse \$PY_LIMITED_API + popd pip install -f wheelhouse cryptography --no-index python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" otool -L `find .venv -name '_openssl*.so'` @@ -122,6 +136,10 @@ def build(version, label, imageName) { } sh """#!/usr/bin/env bash set -x -e + + $linux32 /opt/python/$version/bin/pip install cffi six idna asn1crypto ipaddress enum34 + $linux32 /opt/python/$version/bin/pip download cryptography==$BUILD_VERSION --no-binary cryptography --no-deps + tar zxf cryptography* # Because we are doing this as root in the container, but we write to a mounted dir that is outside the container # we need to make sure we set these files writable such that the jenkins user can delete them afterwards mkdir -p tmpwheelhouse @@ -129,10 +147,16 @@ def build(version, label, imageName) { chmod -R 777 tmpwheelhouse chmod -R 777 wheelhouse - $linux32 /opt/python/$version/bin/pip install cffi six idna asn1crypto ipaddress enum34 + pushd cryptography* + REGEX="cp3([0-9])*" + if [[ "${version}" =~ $REGEX ]]; then + PY_LIMITED_API="--py-limited-api=cp3${BASH_REMATCH[1]}" + fi LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \ CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \ - $linux32 /opt/python/$version/bin/pip wheel cryptography==$BUILD_VERSION -w tmpwheelhouse/ --no-binary cryptography --no-deps + $linux32 /opt/python/$version/bin/python setup.py bdist_wheel --dist-dir=../tmpwheelhouse \$PY_LIMITED_API + popd + chmod -R 777 cryptography* $linux32 auditwheel repair tmpwheelhouse/cryptography*.whl -w wheelhouse/ unzip wheelhouse/*.whl -d execstack.check chmod -R 777 execstack.check -- cgit v1.2.3