build git ourselves for TLS 1.2 support #159
Conversation
|
|
|
(This isn't ready for merge yet as git is not actually building properly because everything is awful) |
|
Looks like it's all building successfully now. This should be ready for review. |
| CURL_ROOT=curl-7.57.0 | ||
| # https://github.com/Homebrew/homebrew-core/blob/e3a8622111ecefe444194cade5cca3c69165e26c/Formula/curl.rb#L6 | ||
| CURL_HASH=c92fe31a348eae079121b73884065e600c533493eb50f1f6cee9c48a3f454826 | ||
| CURL_ROOT=curl_7.52.1 |
There was a problem hiding this comment.
The reason for the version downgrade is probably due to the mirror switch to Debian?
There was a problem hiding this comment.
For others who might find this PR, yes this was the reason. I'd prefer to just go to 7.58.0, but that would require switching to ADD in docker. I do think we should switch to that and use less bash to build this thing now that --squash is an option, but that's best done in manylinux2.
|
Well, we're clearly trying to bail out a boat while it sinks, so I guess we better hurry up with the bailing... (PEP 571 will be what we evacuate to.) |
|
Github's just giving me a "server error" when I try to click merge... |
As of today GitHub no longer allows connections < TLS 1.2. This breaks git in the manylinux1 containers since they're linked against system OpenSSL. It also breaks building the containers at all because they try to fetch the newer curl from github via the old system curl.
To resolve this we can link our own copy of git against the OpenSSL we link the Pythons against, but there are a few knock-on effects...
ADD) to solve the bootstrap problem. To make this minimally invasive I've just swapped to the debian mirror and downgraded curl for now.