From 50de15ef37a06271ea0f4588fa5de7a09503ee66 Mon Sep 17 00:00:00 2001 From: "H. Vetinari" Date: Sun, 26 Apr 2020 15:41:43 +0200 Subject: [PATCH 1/6] re-enable a previously broken test that was fixed upstream See openssl/openssl#7680 --- recipe/build.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/recipe/build.sh b/recipe/build.sh index a6cb10d6..b5340cde 100644 --- a/recipe/build.sh +++ b/recipe/build.sh @@ -62,10 +62,6 @@ CC=${CC}" ${CPPFLAGS} ${CFLAGS}" \ # make -j${CPU_COUNT} ${VERBOSE_AT} make -j${CPU_COUNT} -# expected error: https://github.com/openssl/openssl/issues/6953 -# OK to ignore: https://github.com/openssl/openssl/issues/6953#issuecomment-415428340 -rm test/recipes/04-test_err.t - # When testing this via QEMU, even though it ends printing: # "ALL TESTS SUCCESSFUL." # .. it exits with a failure code. From ddabaea37ffcb6da8b2ec4358af3dd3100614176 Mon Sep 17 00:00:00 2001 From: "H. Vetinari" Date: Sun, 26 Apr 2020 20:14:32 +0200 Subject: [PATCH 2/6] add check for system-libs in activation script --- recipe/activate.bat | 26 ++++++++++++++++++++++++++ recipe/bld.bat | 14 ++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 recipe/activate.bat diff --git a/recipe/activate.bat b/recipe/activate.bat new file mode 100644 index 00000000..391ad1cd --- /dev/null +++ b/recipe/activate.bat @@ -0,0 +1,26 @@ +:: Check whether there are dlls for openssl on the system path that would gets +:: picked up by the windows loader before those in the conda environment. +:: If yes, warn that the environment is potentially vulnerable. + +@echo off + +set "HAS_SYS_LIBS=F" +set "HAS_SYS_SSL=F" +set "HAS_SYS_CRYPTO=F" +if exist C:\Windows\System32\libssl-1_1-x64.dll ( + set "HAS_SYS_LIBS=T" + set "HAS_SYS_SSL=T" +) +if exist C:\Windows\System32\libcrypto-1_1-x64.dll ( + set "HAS_SYS_LIBS=T" + set "HAS_SYS_CRYPTO=T" +) + +:: The carets are used for escaping brackets, which would otherwise be interpreted (and fail). +if "%HAS_SYS_LIBS%"=="T" ( + ECHO WARNING: Your system contains ^(potentially^) outdated libraries under: + if "%HAS_SYS_SSL%"=="T" ECHO WARNING: %LIBSSL_PATH% + if "%HAS_SYS_CRYPTO%"=="T" ECHO WARNING: %LIBCRYPTO_PATH% + ECHO WARNING: These libraries will be linked before those in the conda + ECHO WARNING: environment and might make your installation vulnerable! +) diff --git a/recipe/bld.bat b/recipe/bld.bat index 30a8a8d1..e8abc70b 100644 --- a/recipe/bld.bat +++ b/recipe/bld.bat @@ -22,5 +22,19 @@ rem if errorlevel 1 exit 1 rem nmake -f ms\ntdll.mak rem if errorlevel 1 exit 1 +:: take care of activation scripts; +:: from https://conda-forge.org/docs/maintainer/adding_pkgs.html#activate-scripts +setlocal EnableDelayedExpansion + +:: Copy the [de]activate scripts to %PREFIX%\etc\conda\[de]activate.d. +:: This will allow them to be run on environment activation. +for %%F in (activate deactivate) DO ( + if not exist %PREFIX%\etc\conda\%%F.d mkdir %PREFIX%\etc\conda\%%F.d + copy %RECIPE_DIR%\%%F.bat %PREFIX%\etc\conda\%%F.d\%PKG_NAME%_%%F.bat +) +:: TODO: add these in the loop above (comments in the loop can cause errors) +:: Copy unix shell activation scripts, needed by Windows Bash users +:: copy %RECIPE_DIR%\%%F.sh %PREFIX%\etc\conda\%%F.d\%PKG_NAME%_%%F.sh + nmake test if errorlevel 1 exit 1 From c548d99b673db301abb77d64e5b3399214b0c408 Mon Sep 17 00:00:00 2001 From: "H. Vetinari" Date: Sun, 26 Apr 2020 20:39:02 +0200 Subject: [PATCH 3/6] bump build number --- recipe/meta.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipe/meta.yaml b/recipe/meta.yaml index 57a0d637..e2d6e22c 100644 --- a/recipe/meta.yaml +++ b/recipe/meta.yaml @@ -11,7 +11,7 @@ source: - 0001-Don-t-use-USE_BCRYPTGENRANDOM-for-VS-older-than-2015.patch build: - number: 0 + number: 1 requirements: build: From dee17f2856545ef2506ec2f10f2dfad1437262b7 Mon Sep 17 00:00:00 2001 From: conda-forge-linter Date: Sun, 26 Apr 2020 22:13:11 +0000 Subject: [PATCH 4/6] MNT: Re-rendered with conda-build 3.19.2, conda-smithy 3.6.17, and conda-forge-pinning 2020.04.26.19.17.14 --- .azure-pipelines/azure-pipelines-osx.yml | 15 +++++++-------- .azure-pipelines/azure-pipelines-win.yml | 5 ----- .scripts/run_docker_build.sh | 4 +++- README.md | 2 +- 4 files changed, 11 insertions(+), 15 deletions(-) diff --git a/.azure-pipelines/azure-pipelines-osx.yml b/.azure-pipelines/azure-pipelines-osx.yml index ea0a1cf4..0808a1ad 100755 --- a/.azure-pipelines/azure-pipelines-osx.yml +++ b/.azure-pipelines/azure-pipelines-osx.yml @@ -20,14 +20,6 @@ jobs: echo "Fast Finish" - - script: | - echo "Removing homebrew from Azure to avoid conflicts." - curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/uninstall > ~/uninstall_homebrew - chmod +x ~/uninstall_homebrew - ~/uninstall_homebrew -fq - rm ~/uninstall_homebrew - displayName: Remove homebrew - - bash: | echo "##vso[task.prependpath]$CONDA/bin" sudo chown -R $USER $CONDA @@ -38,6 +30,13 @@ jobs: conda install -n base -c conda-forge --quiet --yes conda-forge-ci-setup=2 conda-build displayName: 'Add conda-forge-ci-setup=2' + - script: | + echo "Mangling homebrew from Azure to avoid conflicts." + source activate base + /usr/bin/sudo mangle_homebrew + /usr/bin/sudo -k + displayName: Mangle homebrew + - script: | source activate base echo "Configuring conda." diff --git a/.azure-pipelines/azure-pipelines-win.yml b/.azure-pipelines/azure-pipelines-win.yml index 5b713f88..302f6734 100755 --- a/.azure-pipelines/azure-pipelines-win.yml +++ b/.azure-pipelines/azure-pipelines-win.yml @@ -74,11 +74,6 @@ jobs: displayName: conda-forge build setup - - script: | - rmdir C:\strawberry /s /q - continueOnError: true - displayName: remove strawberryperl - # Special cased version setting some more things! - script: | call activate base diff --git a/.scripts/run_docker_build.sh b/.scripts/run_docker_build.sh index 066a8575..253723c8 100755 --- a/.scripts/run_docker_build.sh +++ b/.scripts/run_docker_build.sh @@ -52,8 +52,10 @@ mkdir -p "$ARTIFACTS" DONE_CANARY="$ARTIFACTS/conda-forge-build-done-${CONFIG}" rm -f "$DONE_CANARY" +# Allow people to specify extra default arguments to `docker run` (e.g. `--rm`) +DOCKER_RUN_ARGS="${CONDA_FORGE_DOCKER_RUN_ARGS}" if [ -z "${CI}" ]; then - DOCKER_RUN_ARGS="-it " + DOCKER_RUN_ARGS="-it ${DOCKER_RUN_ARGS}" fi export UPLOAD_PACKAGES="${UPLOAD_PACKAGES:-True}" diff --git a/README.md b/README.md index a3891f2f..701c7ea1 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Current build status Drone - linux + linux From af73fe62167fcca8e1f4e7ea2ccd8763f5752627 Mon Sep 17 00:00:00 2001 From: "H. Vetinari" Date: Fri, 1 May 2020 22:15:25 +0200 Subject: [PATCH 5/6] fix missing variables --- recipe/activate.bat | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/recipe/activate.bat b/recipe/activate.bat index 391ad1cd..fe3dd2b9 100644 --- a/recipe/activate.bat +++ b/recipe/activate.bat @@ -4,14 +4,17 @@ @echo off +set "LIBSSL_PATH=C:\Windows\System32\libssl-1_1-x64.dll" +set "LIBCRYPTO_PATH=C:\Windows\System32\libcrypto-1_1-x64.dll" + set "HAS_SYS_LIBS=F" set "HAS_SYS_SSL=F" set "HAS_SYS_CRYPTO=F" -if exist C:\Windows\System32\libssl-1_1-x64.dll ( +if exist %LIBSSL_PATH% ( set "HAS_SYS_LIBS=T" set "HAS_SYS_SSL=T" ) -if exist C:\Windows\System32\libcrypto-1_1-x64.dll ( +if exist %LIBCRYPTO_PATH% ( set "HAS_SYS_LIBS=T" set "HAS_SYS_CRYPTO=T" ) From 7ae83af024a408d6750fb8a9d0cb9d2ff73faf69 Mon Sep 17 00:00:00 2001 From: "H. Vetinari" Date: Fri, 1 May 2020 22:15:34 +0200 Subject: [PATCH 6/6] add check for system-libs in activation script also for bash-on-win --- recipe/activate.sh | 29 +++++++++++++++++++++++++++++ recipe/bld.bat | 5 ++--- 2 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 recipe/activate.sh diff --git a/recipe/activate.sh b/recipe/activate.sh new file mode 100644 index 00000000..78550e58 --- /dev/null +++ b/recipe/activate.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Check whether there are dlls for openssl on the system path that would gets +# picked up by the windows loader before those in the conda environment. +# If yes, warn that the environment is potentially vulnerable. + +LIBSSL_PATH=/c/Windows/System32/libssl-1_1-x64.dll +LIBCRYPTO_PATH=/c/Windows/System32/libcrypto-1_1-x64.dll + +HAS_SYS_LIBS=F +HAS_SYS_SSL=F +HAS_SYS_CRYPTO=F +if [ -f "$LIBSSL_PATH" ]; then + HAS_SYS_LIBS=T + HAS_SYS_SSL=T +fi +if [ -f "$LIBCRYPTO_PATH" ]; then + HAS_SYS_LIBS=T + HAS_SYS_CRYPTO=T +fi + +# The carets are used for escaping brackets, which would otherwise be interpreted (and fail). +if [ $HAS_SYS_LIBS == "T" ]; then + echo "WARNING: Your system contains (potentially) outdated libraries under:" + if [ $HAS_SYS_SSL == "T" ]; then echo "WARNING: $LIBSSL_PATH"; fi + if [ $HAS_SYS_CRYPTO == "T" ]; then echo "WARNING: $LIBCRYPTO_PATH"; fi + echo "WARNING: These libraries will be linked before those in the conda" + echo "WARNING: environment and might make your installation vulnerable!" +fi diff --git a/recipe/bld.bat b/recipe/bld.bat index e8abc70b..d37ae395 100644 --- a/recipe/bld.bat +++ b/recipe/bld.bat @@ -31,10 +31,9 @@ setlocal EnableDelayedExpansion for %%F in (activate deactivate) DO ( if not exist %PREFIX%\etc\conda\%%F.d mkdir %PREFIX%\etc\conda\%%F.d copy %RECIPE_DIR%\%%F.bat %PREFIX%\etc\conda\%%F.d\%PKG_NAME%_%%F.bat + :: Copy unix shell activation scripts, needed by Windows Bash users + copy %RECIPE_DIR%\%%F.sh %PREFIX%\etc\conda\%%F.d\%PKG_NAME%_%%F.sh ) -:: TODO: add these in the loop above (comments in the loop can cause errors) -:: Copy unix shell activation scripts, needed by Windows Bash users -:: copy %RECIPE_DIR%\%%F.sh %PREFIX%\etc\conda\%%F.d\%PKG_NAME%_%%F.sh nmake test if errorlevel 1 exit 1