From f3a27bddc684b9518e062d8a9bd10deb777e2791 Mon Sep 17 00:00:00 2001 From: Amin Solhizadeh Date: Wed, 15 Apr 2026 09:43:13 +0200 Subject: [PATCH] Bump windows libs - xmlsec1 to v1.3.10 - OpenSSL to v3.5.6 --- .github/workflows/cache_libs.yml | 7 +-- .github/workflows/macosx.yml | 7 ++- .github/workflows/manylinux.yml | 7 ++- .github/workflows/wheels.yml | 7 ++- .gitignore | 4 ++ .../lib_xmlsec_dependency_builder.py | 6 +-- libs/README.md | 50 +++++++++++++++++++ 7 files changed, 79 insertions(+), 9 deletions(-) create mode 100644 libs/README.md diff --git a/.github/workflows/cache_libs.yml b/.github/workflows/cache_libs.yml index 1ac325e1..e962af32 100644 --- a/.github/workflows/cache_libs.yml +++ b/.github/workflows/cache_libs.yml @@ -40,11 +40,11 @@ on: required: false type: string WIN_OPENSSL_VERSION: - default: "3.0.16.pl1" + default: "3.5.6" required: false type: string WIN_XMLSEC1_VERSION: - default: "1.3.7" + default: "1.3.10" required: false type: string WIN_ZLIB_VERSION: @@ -110,7 +110,8 @@ jobs: libs/*.xz libs/*.gz libs/*.zip - key: libs-${{ runner.os }}-${{ runner.arch }}-${{ env.LIBXML2_VERSION }}-${{ env.LIBXSLT_VERSION }} + key: >- + libs-${{ runner.os }}-${{ runner.arch }}-${{ env.LIBICONV_VERSION }}-${{ env.LIBXML2_VERSION }}-${{ env.LIBXSLT_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.XMLSEC1_VERSION }}-${{ env.ZLIB_VERSION }} - uses: actions/setup-python@v6 with: diff --git a/.github/workflows/macosx.yml b/.github/workflows/macosx.yml index 522a2a0a..c9d8034e 100644 --- a/.github/workflows/macosx.yml +++ b/.github/workflows/macosx.yml @@ -14,8 +14,12 @@ jobs: runs-on: macos-latest env: + LIBICONV_VERSION: ${{ needs.cache_libs.outputs.LIBICONV_VERSION }} LIBXML2_VERSION: ${{ needs.cache_libs.outputs.LIBXML2_VERSION }} LIBXSLT_VERSION: ${{ needs.cache_libs.outputs.LIBXSLT_VERSION }} + OPENSSL_VERSION: ${{ needs.cache_libs.outputs.OPENSSL_VERSION }} + XMLSEC1_VERSION: ${{ needs.cache_libs.outputs.XMLSEC1_VERSION }} + ZLIB_VERSION: ${{ needs.cache_libs.outputs.ZLIB_VERSION }} strategy: matrix: @@ -33,7 +37,8 @@ jobs: libs/*.xz libs/*.gz libs/*.zip - key: libs-${{ runner.os }}-${{ runner.arch }}-${{ env.LIBXML2_VERSION }}-${{ env.LIBXSLT_VERSION }} + key: >- + libs-${{ runner.os }}-${{ runner.arch }}-${{ env.LIBICONV_VERSION }}-${{ env.LIBXML2_VERSION }}-${{ env.LIBXSLT_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.XMLSEC1_VERSION }}-${{ env.ZLIB_VERSION }} - uses: actions/setup-python@v4 with: diff --git a/.github/workflows/manylinux.yml b/.github/workflows/manylinux.yml index ff04f9ae..fe31b66e 100644 --- a/.github/workflows/manylinux.yml +++ b/.github/workflows/manylinux.yml @@ -14,8 +14,12 @@ jobs: runs-on: ubuntu-latest env: + LIBICONV_VERSION: ${{ needs.cache_libs.outputs.LIBICONV_VERSION }} LIBXML2_VERSION: ${{ needs.cache_libs.outputs.LIBXML2_VERSION }} LIBXSLT_VERSION: ${{ needs.cache_libs.outputs.LIBXSLT_VERSION }} + OPENSSL_VERSION: ${{ needs.cache_libs.outputs.OPENSSL_VERSION }} + XMLSEC1_VERSION: ${{ needs.cache_libs.outputs.XMLSEC1_VERSION }} + ZLIB_VERSION: ${{ needs.cache_libs.outputs.ZLIB_VERSION }} strategy: matrix: @@ -37,7 +41,8 @@ jobs: libs/*.xz libs/*.gz libs/*.zip - key: libs-${{ runner.os }}-${{ runner.arch }}-${{ env.LIBXML2_VERSION }}-${{ env.LIBXSLT_VERSION }} + key: >- + libs-${{ runner.os }}-${{ runner.arch }}-${{ env.LIBICONV_VERSION }}-${{ env.LIBXML2_VERSION }}-${{ env.LIBXSLT_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.XMLSEC1_VERSION }}-${{ env.ZLIB_VERSION }} # Keep this job on the host runner so JS-based actions (for example actions/cache) # can run, then execute build/test inside the target manylinux/musllinux container. diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index fa80a645..422b038e 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -110,8 +110,12 @@ jobs: runs-on: ${{ matrix.os }} env: + LIBICONV_VERSION: ${{ contains(matrix.os, 'windows-') && needs.cache_libs.outputs.WIN_LIBICONV_VERSION || needs.cache_libs.outputs.LIBICONV_VERSION }} LIBXML2_VERSION: ${{ contains(matrix.os, 'windows-') && needs.cache_libs.outputs.WIN_LIBXML2_VERSION || needs.cache_libs.outputs.LIBXML2_VERSION }} LIBXSLT_VERSION: ${{ contains(matrix.os, 'windows-') && needs.cache_libs.outputs.WIN_LIBXSLT_VERSION || needs.cache_libs.outputs.LIBXSLT_VERSION }} + OPENSSL_VERSION: ${{ contains(matrix.os, 'windows-') && needs.cache_libs.outputs.WIN_OPENSSL_VERSION || needs.cache_libs.outputs.OPENSSL_VERSION }} + XMLSEC1_VERSION: ${{ contains(matrix.os, 'windows-') && needs.cache_libs.outputs.WIN_XMLSEC1_VERSION || needs.cache_libs.outputs.XMLSEC1_VERSION }} + ZLIB_VERSION: ${{ contains(matrix.os, 'windows-') && needs.cache_libs.outputs.WIN_ZLIB_VERSION || needs.cache_libs.outputs.ZLIB_VERSION }} strategy: fail-fast: false @@ -131,7 +135,8 @@ jobs: libs/*.xz libs/*.gz libs/*.zip - key: libs-${{ runner.os }}-${{ runner.arch }}-${{ env.LIBXML2_VERSION }}-${{ env.LIBXSLT_VERSION }} + key: >- + libs-${{ runner.os }}-${{ runner.arch }}-${{ env.LIBICONV_VERSION }}-${{ env.LIBXML2_VERSION }}-${{ env.LIBXSLT_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.XMLSEC1_VERSION }}-${{ env.ZLIB_VERSION }} - name: Set up QEMU if: runner.os == 'Linux' diff --git a/.gitignore b/.gitignore index 15f47985..39315f44 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,7 @@ *.pyo *.egg* *.so + +# Downloaded dependency archives +/libs/* +!/libs/README.md diff --git a/build_support/lib_xmlsec_dependency_builder.py b/build_support/lib_xmlsec_dependency_builder.py index 49dcab7f..93117e16 100644 --- a/build_support/lib_xmlsec_dependency_builder.py +++ b/build_support/lib_xmlsec_dependency_builder.py @@ -35,7 +35,7 @@ def triplet(self) -> str: class LibXmlsecDependencyBuilder: - WINDOWS_LIBS_DOWNLOAD_RELEASE_URL = 'https://github.com/mxamin/python-xmlsec-win-binaries/releases/download/2025.07.10/' + WINDOWS_LIBS_DOWNLOAD_RELEASE_URL = 'https://github.com/mxamin/python-xmlsec-win-binaries/releases/download/2026.04.20/' LIB_VERSION_ENV_VARS: ClassVar[dict[str, str]] = { 'libiconv_version': 'PYXMLSEC_LIBICONV_VERSION', 'libxml2_version': 'PYXMLSEC_LIBXML2_VERSION', @@ -56,8 +56,8 @@ class LibXmlsecDependencyBuilder: 'libiconv_version': '1.18-1', 'libxml2_version': '2.11.9-3', # Make sure it matches with lxml 'libxslt_version': '1.1.39', - 'openssl_version': '3.0.16.pl1', - 'xmlsec1_version': '1.3.7', + 'openssl_version': '3.5.6', + 'xmlsec1_version': '1.3.10', 'zlib_version': '1.3.1', } diff --git a/libs/README.md b/libs/README.md new file mode 100644 index 00000000..a5151563 --- /dev/null +++ b/libs/README.md @@ -0,0 +1,50 @@ +# Dependency archive cache + +This directory is used as the local cache for third-party libraries needed by +the static build tooling. + +## How it works + +`build_libs_xmlsec.py` and `LibXmlsecDependencyBuilder` look in `libs/` first. +If a matching archive is already present here, that file is reused. If not, the +build tooling downloads the archive into this directory and then continues. + +The default lookup path is: + +```bash +libs/ +``` + +You can override it with either: + +```bash +python build_libs_xmlsec.py --libs-dir /path/to/cache +``` + +or: + +```bash +export PYXMLSEC_LIBS_DIR=/path/to/cache +``` + +## What belongs here + +Store downloaded source or binary archives here, for example: + +- `openssl*.tar.gz` +- `zlib*.tar.gz` +- `libiconv*.tar.gz` +- `libxml2*.tar.xz` +- `libxslt*.tar.xz` +- `xmlsec1*.tar.gz` +- Windows binary archives such as `libxml2-..zip` + +Extracted build artifacts do not belong in this directory. Those are created +under `build/tmp/libs/`. + +## Why keep this directory + +- Speeds up local rebuilds by reusing previously downloaded archives. +- Matches the CI cache strategy in `.github/workflows/cache_libs.yml`. +- Makes it possible to pre-populate dependency archives for offline or + repeatable builds.