trigger: none pr: none jobs: - job: 'macOS' pool: vmImage: 'macOS-10.14' strategy: matrix: Python27: python.version: '2.7' PYTHON_DOWNLOAD_URL: "https://www.python.org/ftp/python/2.7.16/python-2.7.16-macosx10.6.pkg" PYTHON_BIN_PATH: /Library/Frameworks/Python.framework/Versions/2.7/bin/python Python3: python.version: '3.4' PYTHON_DOWNLOAD_URL: "https://www.python.org/ftp/python/3.7.3/python-3.7.3-macosx10.6.pkg" PYTHON_BIN_PATH: /Library/Frameworks/Python.framework/Versions/3.7/bin/python3 steps: - script: | set -e set -x curl "$PYTHON_DOWNLOAD_URL" -o python.pkg sudo installer -pkg python.pkg -target / displayName: Download and install Python - script: brew update displayName: Update brew - script: brew install openssl@1.1 displayName: Install OpenSSL with brew - script: $PYTHON_BIN_PATH -m pip install -U virtualenv displayName: Install virtualenv - script: $PYTHON_BIN_PATH -m virtualenv .venv displayName: Create virtualenv - script: .venv/bin/pip install -U wheel displayName: Update wheel to the latest version - script: .venv/bin/pip install cffi six idna asn1crypto ipaddress "enum34; python_version < '3'" displayName: Install our Python dependencies - script: | set -e set -x REGEX="3\.([0-9])*" if [[ "$PYTHON_VERSION" =~ $REGEX ]]; then PY_LIMITED_API="--build-option --py-limited-api=cp3${BASH_REMATCH[1]}" fi CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS="1" \ LDFLAGS="/usr/local/opt/openssl@1.1/lib/libcrypto.a /usr/local/opt/openssl@1.1/lib/libssl.a" \ CFLAGS="-I/usr/local/opt/openssl@1.1/include -mmacosx-version-min=10.9" \ .venv/bin/pip wheel cryptography==$BUILD_VERSION --no-use-pep517 --wheel-dir=wheelhouse --no-binary cryptography --no-deps $PY_LIMITED_API displayName: Build the wheel - script: .venv/bin/pip install --no-index -f wheelhouse cryptography displayName: Test installing the wheel - script: | .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" displayName: Print the OpenSSL we built and linked against - script: otool -L `find .venv -name '_openssl*.so'` displayName: Print everything we link against - script: lipo -info `find .venv -name '*.so'` displayName: Print the architectures in our fat mach-o binary - script: otool -L `find .venv -name '_openssl*.so'` | grep -vG "libcrypto\\|libssl" displayName: Verify that we did not link against OpenSSL - upload: wheelhouse/ artifact: cryptography-macos-python$(python.version) - job: 'manylinux1' pool: vmImage: 'ubuntu-16.04' container: 'pyca/cryptography-manylinux1:x86_64' strategy: matrix: Python27m: PYTHON_VERSION: 'cp27-cp27m' Python27mu: PYTHON_VERSION: 'cp27-cp27mu' Python3m: PYTHON_VERSION: 'cp34-cp34m' steps: - script: /opt/python/$PYTHON_VERSION/bin/python -m virtualenv .venv displayName: Create virtualenv - script: .venv/bin/pip install cffi six idna asn1crypto ipaddress enum34 displayName: Install our Python dependencies - script: | set -e set -x REGEX="cp3([0-9])*" if [[ "$PYTHON_VERSION" =~ $REGEX ]]; then PY_LIMITED_API="--build-option --py-limited-api=cp3${BASH_REMATCH[1]}" fi LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \ CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \ .venv/bin/pip wheel cryptography==$BUILD_VERSION --no-use-pep517 --no-binary cryptography --no-deps --wheel-dir=tmpwheelhouse $PY_LIMITED_API displayName: Build the wheel - script: auditwheel repair tmpwheelhouse/cryptograph*.whl -w wheelhouse/ displayName: Run auditwheel - script: unzip wheelhouse/*.whl -d execstack.check displayName: Unzip the wheel - script: | set -e set -x results=$(execstack execstack.check/cryptography/hazmat/bindings/*.so) count=$(echo "$results" | grep -c '^X' || true) if [ "$count" -ne 0 ]; then exit 1 else exit 0 fi displayName: Run execstack on the wheel - script: .venv/bin/pip install cryptography==$BUILD_VERSION --no-index -f wheelhouse/ displayName: Test installing the wheel - script: | .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" displayName: Print the OpenSSL we built and linked against - upload: wheelhouse/ artifact: cryptography-manylinux1-$(PYTHON_VERSION)