From 1bd02c85788677fdd3029a0495fb3268e8c63f49 Mon Sep 17 00:00:00 2001
From: Antoine Lambert <anlambert@softwareheritage.org>
Date: Mon, 23 Mar 2026 18:33:25 +0100
Subject: [PATCH 1/3] Ensure HTTPS support for subvertpy binary wheels

When subvertpy is installed from a binary wheel the hardcoded path to
certificates in bundled openssl does not necessarily exist on the host
system so we ensure one can be found or manipulating remote svn repos
through HTTPS does not work.
---
 .github/workflows/macos-wheels.yml     |  8 +++++++-
 .github/workflows/manylinux-wheels.yml |  7 ++++++-
 .github/workflows/windows-wheels.yml   | 20 ++++++++++++++------
 .gitignore                             |  3 +++
 pyproject.toml                         |  4 ++++
 setup.py                               | 12 ++++++++----
 subvertpy/__init__.py                  | 11 +++++++++++
 7 files changed, 53 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/macos-wheels.yml b/.github/workflows/macos-wheels.yml
index 84496163..733ea3b9 100644
--- a/.github/workflows/macos-wheels.yml
+++ b/.github/workflows/macos-wheels.yml
@@ -54,7 +54,13 @@ jobs:
         working-directory: wheelhouse
         run: |
           pip install $(ls -t | head -1)
-          python -c "from subvertpy import client, ra, repos, subr, wc"
+
+          # check modules import and https support
+          python -c "
+          from subvertpy import client, ra, repos, subr, wc;
+          client = client.Client(auth=ra.Auth([ra.get_username_provider()]));
+          client.info('https://svn.pld-linux.org/svn')"
+
           cd ../ && mv subvertpy/tests . && rm -rf subvertpy && python -m pytest tests
       - uses: actions/upload-artifact@v4
         with:
diff --git a/.github/workflows/manylinux-wheels.yml b/.github/workflows/manylinux-wheels.yml
index 55a4af36..6aa14249 100644
--- a/.github/workflows/manylinux-wheels.yml
+++ b/.github/workflows/manylinux-wheels.yml
@@ -33,8 +33,13 @@ jobs:
       - name: Test wheel can be installed and subvertpy module imported
         run: |
           $Python3_ROOT_DIR/bin/pip install $(ls -t | head -1)
+
+          # check modules import and https support
           $Python3_ROOT_DIR/bin/python -c "
-          from subvertpy import client, ra, repos, subr, wc"
+          from subvertpy import client, ra, repos, subr, wc;
+          client = client.Client(auth=ra.Auth([ra.get_username_provider()]));
+          client.info('https://svn.pld-linux.org/svn')"
+
           pip3 install pytest
           cd ../ && mv subvertpy/tests . && rm -rf subvertpy && python3 -m pytest tests
         working-directory: wheelhouse
diff --git a/.github/workflows/windows-wheels.yml b/.github/workflows/windows-wheels.yml
index 396b51c3..362c202d 100644
--- a/.github/workflows/windows-wheels.yml
+++ b/.github/workflows/windows-wheels.yml
@@ -62,12 +62,20 @@ jobs:
       - name: Test built wheel can be installed and imported
         working-directory: wheelhouse
         run: |
-          set PATH=%Python3_ROOT_DIR%\Scripts:%PATH%
-          set PYTHONIOENCODING=utf-8
-          for /f "tokens=*" %%g in ('dir /b *.whl') do (set wheel=%%g)
-          pip install %wheel%
-          python -c "from subvertpy import client, ra, repos, subr, wc"
-          cd .. && python -m pytest tests
+          python_dir=$(cygpath -u $Python3_ROOT_DIR)
+          export PATH=$python_dir:$python_dir/Scripts:$PATH
+
+          pip install $(ls -t | head -1)
+
+          # check modules import and https support
+          python -c "
+          from subvertpy import client, ra, repos, subr, wc;
+          client = client.Client(auth=ra.Auth([ra.get_username_provider()]));
+          client.info('https://svn.pld-linux.org/svn')"
+
+          pip install pytest
+          cd ../ && rm -rf subvertpy && python -m pytest tests
+        shell: msys2 {0}
       - uses: actions/upload-artifact@v4
         with:
           name: subvertpy-wheel-windows-${{ matrix.python-version }}
diff --git a/.gitignore b/.gitignore
index 4020c07f..d2bee715 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,6 @@ apidocs
 .tox/
 .pybuild
 subvertpy.egg-info
+
+# bundled certificate for wheels
+subvertpy/cert/cacert.pem
diff --git a/pyproject.toml b/pyproject.toml
index e0c12635..70603e33 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,3 +1,7 @@
+[build-system]
+requires = ["setuptools", "requests"]
+build-backend = "setuptools.build_meta"
+
 [tool.ruff]
 exclude = [
     "build",
diff --git a/setup.py b/setup.py
index 036bdac2..37945665 100755
--- a/setup.py
+++ b/setup.py
@@ -282,10 +282,14 @@ def subvertpy_modules():
 
 
 def package_data():
-    if sys.platform == "win32":
-        return {"subvertpy": ["subvertpy/*.dll"]}
-    else:
-        return {}
+    import requests
+
+    os.makedirs("subvertpy/cert", exist_ok=True)
+    with open("subvertpy/cert/cacert.pem", "wb") as cert:
+        response = requests.get("https://curl.se/ca/cacert.pem")
+        response.raise_for_status()
+        cert.write(response.content)
+    return {"subvertpy": ["cert/cacert.pem"]}
 
 
 subvertpy_version = (0, 11, 1)
diff --git a/subvertpy/__init__.py b/subvertpy/__init__.py
index bf5add8f..2ae1d34c 100644
--- a/subvertpy/__init__.py
+++ b/subvertpy/__init__.py
@@ -101,6 +101,17 @@
 SSL_UNKNOWNCA = 0x00000008
 SSL_OTHER = 0x40000000
 
+_module_dir = os.path.dirname(__file__)
+_wheel_libs_dir = os.path.join(_module_dir, "../subvertpy.libs")
+_wheel_dylibs_dir = os.path.join(_module_dir, ".dylibs")
+
+if os.path.exists(_wheel_libs_dir) or os.path.exists(_wheel_dylibs_dir):
+    # when subvertpy is installed from a binary wheel the hardcoded path to
+    # certificates in bundled openssl does not necessarily exist on the host
+    # system so we ensure one can be found or manipulating remote svn repos
+    # through HTTPS does not work
+    os.environ["SSL_CERT_FILE"] = os.path.join(_module_dir, "cert/cacert.pem")
+
 
 class SubversionException(Exception):
     """A Subversion exception"""

From 2585e8fb5b1d0d01c652ae021537d3c0ae684131 Mon Sep 17 00:00:00 2001
From: Antoine Lambert <anlambert@softwareheritage.org>
Date: Mon, 23 Mar 2026 18:36:17 +0100
Subject: [PATCH 2/3] ci: Cache macports tree for macos wheels jobs

Add caching of macports tree to avoid recompiling all dependencies
when pushing new commits and speedup build jobs.

Cache is automatically cleared after 7 days of inactivity.

Update cache when new software versions are released by macports.
---
 .github/workflows/macos-wheels.yml | 31 +++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/macos-wheels.yml b/.github/workflows/macos-wheels.yml
index 733ea3b9..d2f591b6 100644
--- a/.github/workflows/macos-wheels.yml
+++ b/.github/workflows/macos-wheels.yml
@@ -24,8 +24,26 @@ jobs:
           python-version: ${{ matrix.python-version }}
       - name: Install build and pytest Python packages
         run: sudo pip install build pytest
-      - name: Install MacPorts
+      # sudo is required to restore macports cache, apply same workaround from
+      # https://github.com/actions/cache/issues/629#issuecomment-1189184648
+      - name: Install gtar wrapper
         run: |
+          gtar_path=$(which gtar)
+          echo "#!/bin/sh" > gtar
+          echo "exec sudo $gtar_path.orig \"\$@\"" >> gtar
+          sudo mv $gtar_path $gtar_path.orig
+          sudo mv gtar $gtar_path
+          sudo chmod +x $gtar_path
+      - name: Restore macports cache
+        id: restore-macports-cache
+        uses: actions/cache/restore@v5
+        with:
+          path: /opt/local/
+          key: macports-cache-${{ matrix.config.arch }}-${{ matrix.config.os }}
+          restore-keys: macports-cache-${{ matrix.config.arch }}-${{ matrix.config.os }}
+      - name: Install MacPorts and other tools
+        run: |
+          brew install md5sha1sum
           curl -LO https://raw.githubusercontent.com/GiovanniBussi/macports-ci/master/macports-ci
           source ./macports-ci install --sync=rsync
       - name: Set macOS deployment target and install MacOSX sdk 11.3
@@ -37,6 +55,17 @@ jobs:
           sudo mv MacOSX11.3.sdk /Library/Developer/CommandLineTools/SDKs/
       - name: Install subvertpy build dependencies
         run: sudo port -N -s install subversion db48
+      # hash software source paths including versions to get a cache key
+      - name: Compute cache key
+        id: cache-key
+        run: |
+          echo "value=$(find /opt/local/var/macports/software | sha1sum | cut -c1-40)" >> $GITHUB_OUTPUT
+        shell: bash
+      - name: Save macports cache
+        uses: actions/cache/save@v5
+        with:
+          path: /opt/local/
+          key: macports-cache-${{ matrix.config.arch }}-${{ matrix.config.os }}-${{ steps.cache-key.outputs.value }}
       - name: Sets CIBW_BUILD and SDKROOT environment variable
         env:
           pyVer: "${{matrix.python-version}}"

From 727b14d5d243fd3f101bc622bf69c4c2e9921af2 Mon Sep 17 00:00:00 2001
From: Antoine Lambert <anlambert@softwareheritage.org>
Date: Mon, 23 Mar 2026 20:43:14 +0100
Subject: [PATCH 3/3] ci: Ensure to update apt repositories for sdist build

---
 .github/workflows/sdist.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/sdist.yml b/.github/workflows/sdist.yml
index 65f2c8bc..eb1384c8 100644
--- a/.github/workflows/sdist.yml
+++ b/.github/workflows/sdist.yml
@@ -12,7 +12,7 @@ jobs:
         with:
           python-version: "3.x"
       - name: Install dependencies
-        run: sudo apt-get install -y libsvn-dev
+        run: sudo apt update && sudo apt install -y libsvn-dev
       - name: Build sdist
         run: |
           pip install build