trigger: none pr: none jobs: - job: 'macOS' pool: vmImage: 'macOS-10.14' strategy: matrix: Python27: python.version: '2.7' PYTHON_DOWNLOAD_URL: "https://www.python.org/ftp/python/2.7.16/python-2.7.16-macosx10.6.pkg" PYTHON_BIN_PATH: /Library/Frameworks/Python.framework/Versions/2.7/bin/python Python3: python.version: '3.4' PYTHON_DOWNLOAD_URL: "https://www.python.org/ftp/python/3.7.3/python-3.7.3-macosx10.6.pkg" PYTHON_BIN_PATH: /Library/Frameworks/Python.framework/Versions/3.7/bin/python3 steps: - script: | set -e set -x curl "$PYTHON_DOWNLOAD_URL" -o python.pkg sudo installer -pkg python.pkg -target / displayName: Download and install Python - script: brew update displayName: Update brew - script: brew install openssl@1.1 displayName: Install OpenSSL with brew - script: $PYTHON_BIN_PATH -m pip install -U virtualenv displayName: Install virtualenv - script: $PYTHON_BIN_PATH -m virtualenv .venv displayName: Create virtualenv - script: .venv/bin/pip install -U wheel displayName: Update wheel to the latest version - script: .venv/bin/pip install -U pip==10.0.1 displayName: Downgrade pip lol - script: .venv/bin/pip install cffi six asn1crypto ipaddress "enum34; python_version < '3'" displayName: Install our Python dependencies - script: | set -e set -x REGEX="3\.([0-9])*" if [[ "$PYTHON_VERSION" =~ $REGEX ]]; then PY_LIMITED_API="--build-option --py-limited-api=cp3${BASH_REMATCH[1]}" fi CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS="1" \ LDFLAGS="/usr/local/opt/openssl@1.1/lib/libcrypto.a /usr/local/opt/openssl@1.1/lib/libssl.a" \ CFLAGS="-I/usr/local/opt/openssl@1.1/include -mmacosx-version-min=10.9" \ .venv/bin/pip wheel cryptography==$BUILD_VERSION --wheel-dir=wheelhouse --no-binary cryptography --no-deps $PY_LIMITED_API displayName: Build the wheel - script: .venv/bin/pip install --no-index -f wheelhouse cryptography displayName: Test installing the wheel - script: | .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" displayName: Print the OpenSSL we built and linked against - script: otool -L `find .venv -name '_openssl*.so'` displayName: Print everything we link against - script: lipo -info `find .venv -name '*.so'` displayName: Print the architectures in our fat mach-o binary - script: otool -L `find .venv -name '_openssl*.so'` | grep -vG "libcrypto\\|libssl" displayName: Verify that we did not link against OpenSSL - task: PublishBuildArtifacts@1 inputs: pathToPublish: wheelhouse/ artifactName: cryptography-macos-python$(python.version) - job: 'manylinux1' pool: vmImage: 'ubuntu-16.04' container: 'pyca/cryptography-manylinux1:x86_64' strategy: matrix: Python27m: PYTHON_VERSION: 'cp27-cp27m' Python27mu: PYTHON_VERSION: 'cp27-cp27mu' Python3m: PYTHON_VERSION: 'cp34-cp34m' steps: - script: /opt/python/$PYTHON_VERSION/bin/python -m virtualenv .venv displayName: Create virtualenv - script: .venv/bin/pip install -U pip==10.0.1 displayName: Downgrade pip lol - script: .venv/bin/pip install cffi six asn1crypto ipaddress enum34 displayName: Install our Python dependencies - script: | set -e set -x REGEX="cp3([0-9])*" if [[ "$PYTHON_VERSION" =~ $REGEX ]]; then PY_LIMITED_API="--build-option --py-limited-api=cp3${BASH_REMATCH[1]}" fi LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \ CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \ .venv/bin/pip wheel cryptography==$BUILD_VERSION --no-binary cryptography --no-deps --wheel-dir=tmpwheelhouse $PY_LIMITED_API displayName: Build the wheel - script: auditwheel repair tmpwheelhouse/cryptograph*.whl -w wheelhouse/ displayName: Run auditwheel - script: unzip wheelhouse/*.whl -d execstack.check displayName: Unzip the wheel - script: | set -e set -x results=$(execstack execstack.check/cryptography/hazmat/bindings/*.so) count=$(echo "$results" | grep -c '^X' || true) if [ "$count" -ne 0 ]; then exit 1 else exit 0 fi displayName: Run execstack on the wheel - script: .venv/bin/pip install cryptography==$BUILD_VERSION --no-index -f wheelhouse/ displayName: Test installing the wheel - script: | .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" displayName: Print the OpenSSL we built and linked against - task: PublishBuildArtifacts@1 inputs: pathToPublish: wheelhouse/ artifactName: cryptography-manylinux1-$(PYTHON_VERSION) - job: 'windows' pool: vmImage: 'windows-2019' container: $[variables.containerImage] strategy: matrix: Python27-x86: containerImage: 'pyca/cryptography-runner-windows:py27-x86' PYTHON_VERSION: '27' OPENSSL_DIR: 'OpenSSL-Win32-2010' WINDOWS_ARCH: 'x86' Python27-x86-64: containerImage: 'pyca/cryptography-runner-windows:py27-x86_64' PYTHON_VERSION: '27' OPENSSL_DIR: 'OpenSSL-Win64-2010' WINDOWS_ARCH: 'x86_64' Python34-x86: containerImage: 'pyca/cryptography-runner-windows:py34-x86' PYTHON_VERSION: '34' OPENSSL_DIR: 'OpenSSL-Win32-2010' WINDOWS_ARCH: 'x86' Python34-x86-64: containerImage: 'pyca/cryptography-runner-windows:py34-x86_64' PYTHON_VERSION: '34' OPENSSL_DIR: 'OpenSSL-Win64-2010' WINDOWS_ARCH: 'x86_64' Python35-x86: containerImage: 'pyca/cryptography-runner-windows:py35-x86' PYTHON_VERSION: '35' OPENSSL_DIR: 'OpenSSL-Win32-2015' WINDOWS_ARCH: 'x86' Python35-x86-64: containerImage: 'pyca/cryptography-runner-windows:py35-x86_64' PYTHON_VERSION: '35' OPENSSL_DIR: 'OpenSSL-Win64-2015' WINDOWS_ARCH: 'x86_64' Python36-x86: containerImage: 'pyca/cryptography-runner-windows:py3-x86' PYTHON_VERSION: '36' OPENSSL_DIR: 'OpenSSL-Win32-2015' WINDOWS_ARCH: 'x86' Python36-x86-64: containerImage: 'pyca/cryptography-runner-windows:py3-x86_64' PYTHON_VERSION: '36' OPENSSL_DIR: 'OpenSSL-Win64-2015' WINDOWS_ARCH: 'x86_64' Python37-x86: containerImage: 'pyca/cryptography-runner-windows:py3-x86' PYTHON_VERSION: '37' OPENSSL_DIR: 'OpenSSL-Win32-2015' WINDOWS_ARCH: 'x86' Python37-x86-64: containerImage: 'pyca/cryptography-runner-windows:py3-x86_64' PYTHON_VERSION: '37' OPENSSL_DIR: 'OpenSSL-Win64-2015' WINDOWS_ARCH: 'x86_64' steps: - script: '"C:/Python%PYTHON_VERSION%/python.exe" -m pip install -U pip==10.0.1' displayName: Downgrade pip lol - script: '"C:/Python%PYTHON_VERSION%/Scripts/pip" install wheel cffi six asn1crypto ipaddress enum34' displayName: Install wheel and our Python dependencies - script: | set INCLUDE=C:/%OPENSSL_DIR%/include;%INCLUDE% set LIB=C:/%OPENSSL_DIR%/lib;%LIB% C:/Python%PYTHON_VERSION%/Scripts/pip wheel cryptography==%BUILD_VERSION% --wheel-dir=wheelhouse --no-binary cryptography displayName: Build the wheel - script: '"C:/Python%PYTHON_VERSION%/Scripts/pip" install -f wheelhouse cryptography --no-index' displayName: Test installing the wheel - script: | "C:/Python%PYTHON_VERSION%/python" -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" displayName: Print the OpenSSL we built and linked against - script: mkdir cryptography-wheelhouse displayName: Create a directory for placing the final wheel in - script: move wheelhouse\cryptography*.whl cryptography-wheelhouse\ displayName: Move the cryptography wheel into the final wheel house - task: PublishBuildArtifacts@1 inputs: pathToPublish: cryptography-wheelhouse/ artifactName: cryptography-windows-$(WINDOWS_ARCH)-python$(PYTHON_VERSION)