Ensure HTTPS support for subvertpy binary wheels#213
Merged
jelmer merged 4 commits intojelmer:mainfrom Mar 21, 2026
Merged
Conversation
When subvertpy is installed from a binary wheel the hardcoded path to certificates in bundled openssl does not necessarily exist on the host system so we ensure one can be found or manipulating remote svn repos through HTTPS does not work.
anlambert
force-pushed
the
wheel-fix-https
branch
from
81411df to
d128aaa
Compare
Add caching of macports tree to avoid recompiling all dependencies when pushing new commits and speedup build jobs. Cache is automatically cleared after 7 days of inactivity. Update cache when new software versions are released by macports.
Install rust with homebrew. Ensure wheels can be repaired by setting a required rust link flag.
anlambert
force-pushed
the
wheel-fix-https
branch
from
d128aaa to
cea6f10
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
After upgrading to
subvertpy 0.11.1usingpip, I noticed that attempting to communicate with a remote subversion server through HTTPS was not functional as aSubversionExceptionwas raised at each connection attempt.As
subvertpy 0.11.1offers a manylinux binary wheel for Python 3.12 that got installed in my venv, I suspected it was related. I missed that issue when I submitted #181, I should have more battle tested the wheels, my bad.After some investigations, HTTPS connection does not work as the openssl library bundled in the wheel does not find the CA SSL certificate on the host system. The openssl library will try to look on some hardcoded default path but there is a few chances that it exists on the host, especially on linux as it depends on distributions.
To mitigate that issue, the simplest way I found is to bundle the CA certificates extracted from Mozilla in the wheel data and set the
SSL_CERT_FILEenvironment variable to target it whensubvertpywas installed from a binary wheel. It fixes the HTTPS issue on all platforms.I would suggest to remove the uploaded binary wheels on PyPI for
subvertpy 0.11.1and only keep the sdist as this is an annoying issue for users.I also added a couple of commits to improve the CI for macos: