Skip to content

Ensure HTTPS support for subvertpy binary wheels#213

Merged
jelmer merged 4 commits intojelmer:mainfrom
anlambert:wheel-fix-https
Mar 21, 2026
Merged

Ensure HTTPS support for subvertpy binary wheels#213
jelmer merged 4 commits intojelmer:mainfrom
anlambert:wheel-fix-https

Conversation

@anlambert
Copy link
Contributor

@anlambert anlambert commented Mar 20, 2026

After upgrading to subvertpy 0.11.1 using pip, I noticed that attempting to communicate with a remote subversion server through HTTPS was not functional as a SubversionException was raised at each connection attempt.

As subvertpy 0.11.1 offers a manylinux binary wheel for Python 3.12 that got installed in my venv, I suspected it was related. I missed that issue when I submitted #181, I should have more battle tested the wheels, my bad.

After some investigations, HTTPS connection does not work as the openssl library bundled in the wheel does not find the CA SSL certificate on the host system. The openssl library will try to look on some hardcoded default path but there is a few chances that it exists on the host, especially on linux as it depends on distributions.

To mitigate that issue, the simplest way I found is to bundle the CA certificates extracted from Mozilla in the wheel data and set the SSL_CERT_FILE environment variable to target it when subvertpy was installed from a binary wheel. It fixes the HTTPS issue on all platforms.

I would suggest to remove the uploaded binary wheels on PyPI for subvertpy 0.11.1 and only keep the sdist as this is an annoying issue for users.

I also added a couple of commits to improve the CI for macos:

  • all jobs have been fixed
  • the wheel jobs now cache the macports tree to avoid recompiling all dependencies at each build, builds are much more faster once the cache is filled

@anlambert
Ensure HTTPS support for subvertpy binary wheels
a172a15 
When subvertpy is installed from a binary wheel the hardcoded path to
certificates in bundled openssl does not necessarily exist on the host
system so we ensure one can be found or manipulating remote svn repos
through HTTPS does not work.
@anlambert
ci: Fix macos builds in pythonpackage workflow
899c90d
@anlambert
ci: Cache macports tree for macos wheels jobs
cbfc7e7 
Add caching of macports tree to avoid recompiling all dependencies
when pushing new commits and speedup build jobs.

Cache is automatically cleared after 7 days of inactivity.

Update cache when new software versions are released by macports.
@anlambert
ci: Fix builds of macos wheels
cea6f10 
Install rust with homebrew.

Ensure wheels can be repaired by setting a required rust link flag.
@jelmer jelmer merged commit 72dbade into jelmer:main Mar 21, 2026
39 checks passed
@jelmer
Copy link
Owner

jelmer commented Mar 23, 2026

@anlambert Did you mean to also propose this for the 0.11 branch?

@anlambert
Copy link
Contributor Author

anlambert commented Mar 23, 2026

@anlambert Did you mean to also propose this for the 0.11 branch?

It depends if you want to push a new release for the 0.11 branch with only a fix for the binary wheels.

As only the manylinux wheels were uploaded for the 0.11.1, removing them using the PyPI GUI will not change anything for users prior the 0.11.1 release as it was already required to compile the C extensions when installing subvertpy.

But I can submit the same fix for the 0.11 branch if needed.

@jelmer
Copy link
Owner

jelmer commented Mar 23, 2026 via email

@anlambert
Copy link
Contributor Author

anlambert commented Mar 23, 2026

Ack, let me adapt this to 0.11 and I will submit it as a new pull request.

@anlambert anlambert mentioned this pull request Mar 23, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anlambert @jelmer