Merge pull request #12 from kelsos/updates

Update to OpenSSL v3

.github/workflows/build.yml

@@ -11,10 +11,10 @@ on:
       - 'v*'
 
 env:
-  LIB_VERSION: '2024.1.2'
-  PYTHON_VERSION: '3.11.7'
-  CIBW_VERSION: '2.16.2'
-  CIBW_BUILD: 'cp311-*'
+  LIB_VERSION: '2024.10.1'
+  PYTHON_VERSION: '3.11.9'
+  CIBW_VERSION: '2.21.3'
+  CIBW_BUILD: 'cp311-* cp312-*'
   CIBW_SKIP: '*-musllinux_*'
   CIBW_BUILD_VERBOSITY: 1
 
@@ -30,11 +30,11 @@ jobs:
         ARCH:
           - NAME: x86_64
             CFLAGS: "-mmacosx-version-min=10.09 -march=core2"
-            OPENSSLDIR: "/usr/local/etc/openssl@1.1"
+            OPENSSLDIR: "/usr/local/etc/openssl@3"
             FLAGS: no-shared no-asm no-idea no-camellia no-seed no-bf no-cast no-rc2 no-rc4 no-rc5 no-md2 no-md4 no-ecdh no-sock no-ssl3 no-dsa no-dh no-ec no-ecdsa no-tls1 no-rfc3779 no-whirlpool no-srp no-mdc2 no-ecdh no-engine no-srtp no-weak-ssl-ciphers
           - NAME: arm64
             CFLAGS: "-mmacosx-version-min=11.0"
-            OPENSSLDIR: "/opt/homebrew/etc/openssl@1.1"
+            OPENSSLDIR: "/opt/homebrew/etc/openssl@3"
             FLAGS: no-shared no-asm no-idea no-camellia no-seed no-bf no-cast no-rc2 no-rc4 no-rc5 no-md2 no-md4 no-ecdh no-sock no-ssl3 no-dsa no-dh no-ec no-ecdsa no-tls1 no-rfc3779 no-whirlpool no-srp no-mdc2 no-ecdh no-engine no-srtp no-weak-ssl-ciphers
     name: "Build OpenSSL for macOS (${{ matrix.ARCH.NAME }})"
     steps:
@@ -94,6 +94,7 @@ jobs:
     name: 'Build wheels for macOS'
     runs-on: macos-13
     strategy:
+      fail-fast: false
       matrix:
         arch: [arm64, x86_64, universal2]
     needs: [build_macos_openssl_universal2]
@@ -119,7 +120,7 @@ jobs:
         run: python -m cibuildwheel --output-dir wheelhouse
         env:
           CIBW_ARCHS_MACOS: ${{ matrix.arch }}
-          CIBW_BEFORE_BUILD_MACOS: ./build.sh
+          CIBW_BEFORE_ALL_MACOS: ./build.sh
       - uses: actions/upload-artifact@v4
         with:
           name: pypi-wheels-macos-${{ matrix.arch }}
@@ -129,6 +130,7 @@ jobs:
     name: 'Build wheels for Linux'
     runs-on: ubuntu-20.04
     strategy:
+      fail-fast: false
       matrix:
         arch: [ aarch64, native ]
     steps:
@@ -147,13 +149,15 @@ jobs:
           platforms: arm64
       - name: prepare build directory
         run: ./scripts/prepare.sh
+        env:
+          CIBW_ARCHS_LINUX: ${{ matrix.arch }}
       - name: Install cibuildwheel
         run: python -m pip install cibuildwheel==${{ env.CIBW_VERSION }}
       - name: Build wheels
         working-directory: build
         run: python -m cibuildwheel --output-dir wheelhouse
         env:
-          CIBW_BEFORE_BUILD_LINUX: ./build.sh
+          CIBW_BEFORE_ALL_LINUX: ./build.sh
           CIBW_ARCHS_LINUX: ${{ matrix.arch }}
       - uses: actions/upload-artifact@v4
         with:
@@ -180,7 +184,7 @@ jobs:
         working-directory: build
         run: python -m cibuildwheel --output-dir wheelhouse
         env:
-          CIBW_BEFORE_BUILD: Powershell.exe -F ./build.ps1
+          CIBW_BEFORE_ALL_WINDOWS: Powershell.exe -F ./build.ps1
           CIBW_ARCHS_WINDOWS: "native"
       - name: clean openssl conf
         shell: pwsh

README.md

@@ -1,9 +1,9 @@
 # rotki-pysqlcipher3
 
 ![PyPI - Version](https://img.shields.io/pypi/v/rotki-pysqlcipher3)
-![SQLCipher - Version](https://img.shields.io/badge/SQLCipher-v4.5.3-green)
-![SQLite - Version](https://img.shields.io/badge/SQLite-3.39.4-green)
-![OpenSSL - Version](https://img.shields.io/badge/OpenSSL-1.1.1w-green)
+![SQLCipher - Version](https://img.shields.io/badge/SQLCipher-v4.6.1-green)
+![SQLite - Version](https://img.shields.io/badge/SQLite-3.46.1-green)
+![OpenSSL - Version](https://img.shields.io/badge/OpenSSL-3.0.15-green)
 
 
 
@@ -13,7 +13,7 @@ Configuration for providing pre-build [pysqlcipher3](https://github.com/rigglema
 
 This is a collections of patches and scripts to build wheels for rotki and publish them on PyPI.
 
-It builds wheels for CPython 3.9-3.10 for the following architectures:
+It builds wheels for CPython 3.11 & 3.12 for the following architectures:
 
 - Linux x86_64
 - Linux aarch64
@@ -23,7 +23,7 @@ It builds wheels for CPython 3.9-3.10 for the following architectures:
 - macOS universal2
 
 The package is intended to be a drop-in replacement for the [pysqlcipher3 package](https://pypi.org/project/pysqlcipher3/).
-And it is statically linked with [SQLCipher](https://github.com/sqlcipher/sqlcipher) 4.x and [OpenSSL](https://github.com/openssl/openssl) 1.1.x.
+And it is statically linked with [SQLCipher](https://github.com/sqlcipher/sqlcipher) 4.x and [OpenSSL](https://github.com/openssl/openssl) 3.0.x LTS.
 
 ## License
 The following license applies to the scripts and patches of this repo. 

patches/patch-gen.py

@@ -1,12 +1,27 @@
 #!/usr/bin/env python3
 # -*- coding: ISO-8859-1 -*-
+import os
 import sys
+import platform
 from pathlib import Path
 
 import click
 import datetime
 from jinja2 import Template
 
+linux_arch = os.getenv('CIBW_ARCHS_LINUX')
+
+if platform.system() == 'Linux':
+    if linux_arch is None or linux_arch == 'native':
+        linux_arch = platform.machine()
+
+# When running on x86_64 cibuildwheel will put it in lib64 but aarch64 will still use the lib directory
+if linux_arch == 'x86_64':
+    openssl_lib_dir = "/usr/local/ssl/lib64/"
+else:
+    openssl_lib_dir = "/usr/local/ssl/lib/"
+
+
 openssl = {
     "mac": {
         "lib": "./openssl/lib/",
@@ -17,7 +32,7 @@
         "include": ".\\openssl\\include",
     },
     "linux": {
-        "lib": "/usr/local/ssl/lib/",
+        "lib": openssl_lib_dir,
         "include": "/usr/local/ssl/include/",
     }
 }

scripts/linux/build.sh

@@ -5,7 +5,7 @@ WORKDIR=$PWD
 
 if [[ -n "$(command -v yum)" ]]; then
   echo "Installing tcl using yum"
-  yum -y install tcl-devel
+  yum -y install tcl-devel perl-IPC-Cmd
 fi
 
 if [[ -n "$(command -v apt-get)" ]]; then
@@ -23,34 +23,37 @@ else
   exit 1
 fi
 
-echo "🏗️ Building OpenSSL"
+echo "🏗 Building OpenSSL"
 cd openssl || exit 1
+
+echo "⚙ Running Configure"
 ./Configure $OPENSSL_CONFIGURATION no-shared no-asm no-idea no-camellia no-weak-ssl-ciphers \
   no-seed no-bf no-cast no-rc2 no-rc4 no-rc5 no-md2 \
   no-md4 no-ecdh no-sock no-ssl3 \
   no-dsa no-dh no-ec no-ecdsa no-tls1 \
   no-rfc3779 no-whirlpool no-srp \
   no-mdc2 no-ecdh no-engine no-srtp \
-  --prefix=/usr/local/ssl --openssldir=/usr/local/ssl > /dev/null
+  --prefix=/usr/local/ssl --openssldir=/usr/local/ssl > /dev/null || exit 1
 
-make > /dev/null
-make install_sw > /dev/null
+echo "🔨 Running make"
+make all > /dev/null || exit 1
+make install_sw > /dev/null || exit 1
 
-echo "✔️ OpenSSL Build Complete"
+echo "✔ OpenSSL Build Complete"
 
-echo "🏗️ Creating SQLCipher amalgamation"
+echo "🏗 Creating SQLCipher amalgamation"
 
 cd "$WORKDIR/sqlcipher" || exit 1
 
 ./configure \
   --enable-tempstore=yes \
   --disable-shared \
   --enable-static=yes \
-  --with-crypto-lib=none > /dev/null
+  --with-crypto-lib=none > /dev/null || exit 1
 
-make sqlite3.c > /dev/null
+make sqlite3.c > /dev/null || exit 1
 
-echo "✔️ SQLCipher amalgamation created"
+echo "✔ SQLCipher amalgamation created"
 
 echo "Moving amalgamation to $WORKDIR/amalgamation"
 

scripts/linux/local-build.sh

@@ -11,10 +11,10 @@ fi
 
 echo activating venv-ci
 source /tmp/.venv-ci/bin/activate
-pip install cibuildwheel==2.13.1
+pip install cibuildwheel==2.21.3
 
-export CIBW_BEFORE_BUILD='./build.sh'
-export CIBW_BUILD='cp310-*'
+export CIBW_BEFORE_ALL='./build.sh'
+export CIBW_BUILD='cp311-* cp312-*'
 export CIBW_SKIP='*-musllinux_*'
 export CIBW_ARCHS='native'
 export CIBW_BUILD_VERBOSITY=1

scripts/mac/build.sh

@@ -1,10 +1,10 @@
 #!/usr/bin/env bash
 
 WORKDIR=$PWD
-ARCH_POSTFIX=$(echo $_PYTHON_HOST_PLATFORM | sed -En 's/macosx-..\..-(.*)/\1/p')
+ARCH_POSTFIX=${CIBW_ARCHS_MACOS}
 
 echo "Copying OpenSSL ${ARCH_POSTFIX} to openssl/"
-cp -R "openssl-macos-$ARCH_POSTFIX" openssl/
+cp -R "openssl-macos-$ARCH_POSTFIX" openssl/ || exit 1
 
 cd "sqlcipher" || exit 1
 
@@ -16,9 +16,9 @@ echo "Creating SQLCipher amalgamation"
   --enable-static=yes \
   --with-crypto-lib=none \
   CFLAGS="-DSQLITE_HAS_CODEC -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_FTS3_PARENTHESIS -I$WORKDIR/openssl/include" \
-  LDFLAGS="$WORKDIR/openssl/lib/libcrypto.a" > /dev/null
+  LDFLAGS="$WORKDIR/openssl/lib/libcrypto.a" > /dev/null || exit 1
 
-make sqlite3.c > /dev/null
+make sqlite3.c > /dev/null || exit 1
 
 if [[ ! -d "$WORKDIR/amalgamation" ]]; then
   mkdir -p "$WORKDIR/amalgamation"

scripts/mac/local-build.sh

@@ -11,10 +11,10 @@ fi
 
 echo activating venv-ci
 source /tmp/.venv-ci/bin/activate
-pip3 install cibuildwheel==2.13.1
+pip3 install cibuildwheel==2.21.3
 
-export CIBW_BEFORE_BUILD='./build.sh'
-export CIBW_BUILD='cp310-*'
+export CIBW_BEFORE_ALL='./build.sh'
+export CIBW_BUILD='cp311-*'
 export CIBW_SKIP='*-musllinux_*'
 export CIBW_ARCHS='native'
 export CIBW_BUILD_VERBOSITY=1

scripts/win/local-build.ps1

@@ -20,11 +20,11 @@ if ((-not (Test-Path "$Env:Temp\.venv-ci" -PathType Container))) {
 
 echo "Activating .venv-ci"
 & $Env:Temp\.venv-ci\Scripts\activate.ps1
-pip install cibuildwheel==2.6.1
+pip install cibuildwheel==2.21.3
 ExitOnFailure("Failed to activate rotki VirtualEnv")
 
-$env:CIBW_BEFORE_BUILD = 'PowerShell.exe -File .\build.ps1'
-$env:CIBW_BUILD = 'cp39-*'
+$env:CIBW_BEFORE_ALL = 'PowerShell.exe -File .\build.ps1'
+$env:CIBW_BUILD = 'cp311-*'
 $env:CIBW_ARCHS = 'native'
 $env:CIBW_BUILD_VERBOSITY = 1