Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gh-119400: make_ssl_certs: update reference test data automatically, pass in expiration dates as parameters #119400 #119401

Merged
merged 4 commits into from
Sep 25, 2024

Conversation

kanavin
Copy link
Contributor

@kanavin kanavin commented May 22, 2024

As discussed here:
#107594

make_ssl_certs.py has a few shortcomings. In particular:

  • it generates certificates, but does not update reference data in tests that use them, instead asking the user to copy paste the data by hand (expiration dates and serial numbers in particular)
  • it is supposed to be run by hand and isn't executed in builds, which means its output has to be checked into git, cluttering the source tree, and complicating reviews of pull requests that change that output.
  • expiration dates are hardcoded into the tool and can't be passed in as parameters

This pull request aims to address first and last issue, so then #107594 can move forward on top of them.

@kanavin
Copy link
Contributor Author

kanavin commented May 22, 2024

OSError: [Errno 30] Read-only file system: '/home/runner/work/cpython/cpython-ro-srcdir/Lib/test/certdata'

This means CI is set up so that modifying the source tree is not possible. Suggestions? I still think it's worth making make_ssl_certs execution a part of the build, but the complication is that its output needs to be written into build dir, and both installation and tests needs to find it there.

@kanavin
Copy link
Contributor Author

kanavin commented May 23, 2024

OSError: [Errno 30] Read-only file system: '/home/runner/work/cpython/cpython-ro-srcdir/Lib/test/certdata'

This means CI is set up so that modifying the source tree is not possible. Suggestions? I still think it's worth making make_ssl_certs execution a part of the build, but the complication is that its output needs to be written into build dir, and both installation and tests needs to find it there.

I've concluded that this is not feasible for now:

  • needs invasive changes to Makefile
  • requires openssl executable at build time
  • breaks build reproducibility as every build is going to have different certificates installed, even if they're only used for testing.

I'll drop that from this PR, and make it only about not hardcoding reference certificate data and expiration parameters.

@kanavin kanavin changed the title gh-119400: make_ssl_certs: run at build time, update reference test data automatically #119400 gh-119400: make_ssl_certs: update reference test data automatically, pass in expiration dates as parameters #119400 May 23, 2024
@kanavin kanavin force-pushed the fix-make-ssl-certs branch from 87c0672 to be2c50f Compare May 23, 2024 09:59
@kumaraditya303 kumaraditya303 removed their request for review June 23, 2024 07:54
@kanavin
Copy link
Contributor Author

kanavin commented Sep 6, 2024

This seems to be not getting any attention, is there something I can do to push it forward?

@gvanrossum gvanrossum requested review from encukou and sethmlarson and removed request for 1st1, asvetlov and gvanrossum September 6, 2024 15:59
Copy link
Member

@encukou encukou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay; my review queue grew too long and I had to trim it.
This looks great, but let's change a few details:

Lib/test/test_asyncio/utils.py Outdated Show resolved Hide resolved
Lib/test/certdata/allsans.pem Outdated Show resolved Hide resolved
Lib/test/certdata/make_ssl_certs.py Outdated Show resolved Hide resolved
kanavin and others added 2 commits September 25, 2024 11:37
The script was simply printing the reference data and asking
users to update it by hand into the test suites. This can
be easily improved by writing the data into files and
having the test cases load the files.

Co-authored-by: Petr Viktorin <encukou@gmail.com>
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
…mand line

Note that the defaults are same as they were, so if nothing is
specified, the script works exactly as before.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
@kanavin kanavin requested a review from encukou September 25, 2024 10:02
@kanavin
Copy link
Contributor Author

kanavin commented Sep 25, 2024

@encukou Thanks, everything should be addressed now.

@encukou encukou enabled auto-merge (squash) September 25, 2024 20:59
@encukou encukou merged commit 1ff1b89 into python:main Sep 25, 2024
34 checks passed
emilyemorehouse added a commit to lysnikolaou/cpython that referenced this pull request Sep 26, 2024
* main: (69 commits)
  Add "annotate" SET_FUNCTION_ATTRIBUTE bit to dis. (python#124566)
  pythongh-124412: Add helpers for converting annotations to source format (python#124551)
  pythongh-119180: Disallow instantiation of ConstEvaluator objects (python#124561)
  For-else deserves its own section in the tutorial (python#123946)
  Add 3.13 as a version option to the crash issue template (python#124560)
  pythongh-123242: Note that type.__annotations__ may not exist (python#124557)
  pythongh-119180: Make FORWARDREF format look at __annotations__ first (python#124479)
  pythonGH-58058: Add quick reference for `ArgumentParser` to argparse docs (pythongh-124227)
  pythongh-41431: Add `datetime.time.strptime()` and `datetime.date.strptime()` (python#120752)
  pythongh-102450: Add ISO-8601 alternative for midnight to `fromisoformat()` calls. (python#105856)
  pythongh-124370: Add "howto" for free-threaded Python (python#124371)
  pythongh-121277: Allow `.. versionadded:: next` in docs (pythonGH-121278)
  pythongh-119400:  make_ssl_certs: update reference test data automatically, pass in expiration dates as parameters python#119400  (pythonGH-119401)
  pythongh-119180: Avoid going through AST and eval() when possible in annotationlib (python#124337)
  pythongh-124448: Update Windows builds to use Tcl/Tk 8.6.15 (pythonGH-124449)
  pythongh-123884 Tee of tee was not producing n independent iterators (pythongh-124490)
  pythongh-124378: Update test_ttk for Tcl/Tk 8.6.15 (pythonGH-124542)
  pythongh-124513: Check args in framelocalsproxy_new() (python#124515)
  pythongh-101100: Add a table of class attributes to the "Custom classes" section of the data model docs (python#124480)
  Doc: Use ``major.minor`` for documentation distribution archive filenames (python#124489)
  ...
kanavin added a commit to kanavin/cpython that referenced this pull request Sep 26, 2024
…utomatically, pass in expiration dates as parameters python#119400  (pythonGH-119401)"

This reverts commit 1ff1b89.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants