diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 88535218b..2b1ef67ee 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -192,21 +192,28 @@ jobs: openbsd: runs-on: ubuntu-22.04 # latest + strategy: + fail-fast: false + matrix: + # OpenBSD only supports the two most recent releases + version: ['7.4', '7.5'] steps: # Cannot use builder to checkout as OpenBSD doesn't ship git in the base install - uses: actions/checkout@v3 with: submodules: true - name: Build ${{ env.PACKAGE_NAME }} + consumers - uses: cross-platform-actions/action@v0.23.0 + uses: cross-platform-actions/action@v0.24.0 with: operating_system: openbsd - version: '7.4' + version: ${{ matrix.version }} cpu_count: 4 shell: bash environment_variables: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_DEFAULT_REGION AWS_REGION run: | sudo pkg_add awscli py3-pip py3-urllib3 + python3 -m venv .venv + source .venv/bin/activate python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz', 'builder')" chmod a+x builder ./builder build -p ${{ env.PACKAGE_NAME }} diff --git a/crt/aws-lc b/crt/aws-lc index 6284822a2..92bf53276 160000 --- a/crt/aws-lc +++ b/crt/aws-lc @@ -1 +1 @@ -Subproject commit 6284822a2e30d9a8497ba7e07bf3f506808912f2 +Subproject commit 92bf53276029a71f01303e5adb1c5dbc379f1150 diff --git a/setup.py b/setup.py index df0ff039e..43b053b4d 100644 --- a/setup.py +++ b/setup.py @@ -334,17 +334,23 @@ def awscrt_ext(): if using_system_libcrypto(): libraries += ['crypto'] + else: + # hide the symbols from libcrypto.a + # this prevents weird crashes if an application also ends up using + # libcrypto.so from the system's OpenSSL installation. + extra_link_args += ['-Wl,--exclude-libs,libcrypto.a'] + + # OpenBSD 7.4+ defaults to linking with --execute-only, which is bad for AWS-LC. + # See: https://github.com/aws/aws-lc/blob/4b07805bddc55f68e5ce8c42f215da51c7a4e099/CMakeLists.txt#L44-L53 + # (If AWS-LC's CMakeLists.txt removes these lines in the future, we can remove this hack here as well) + if sys.platform.startswith('openbsd'): + extra_link_args += ['-Wl,--no-execute-only'] # FreeBSD doesn't have execinfo as a part of libc like other Unix variant. # Passing linker flag to link execinfo properly if sys.platform.startswith('freebsd'): extra_link_args += ['-lexecinfo'] - # hide the symbols from libcrypto.a - # this prevents weird crashes if an application also ends up using - # libcrypto.so from the system's OpenSSL installation. - extra_link_args += ['-Wl,--exclude-libs,libcrypto.a'] - # python usually adds -pthread automatically, but we've observed # rare cases where that didn't happen, so let's be explicit. extra_link_args += ['-pthread']