New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP, BLD, MAINT: git security/version shim #16139
Merged
tylerjereddy
merged 1 commit into
scipy:maintenance/1.8.x
from
tylerjereddy:treddy_git_security_shim
May 8, 2022
Merged
WIP, BLD, MAINT: git security/version shim #16139
tylerjereddy
merged 1 commit into
scipy:maintenance/1.8.x
from
tylerjereddy:treddy_git_security_shim
May 8, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* this is an attempt to deal with the new security measure in git: https://github.blog/2022-04-12-git-security-vulnerability-announced/ * it has been blocking the release of SciPy 1.8.1 and NumPy point release for some time * I'm going to try to point the problem wheels repo PR at the hash of this commit/branch before merging if possible: MacPython/scipy-wheels#167 * based on feedback from Henry over here, this does seem to help locally: pypa/manylinux#1309 (comment)
tylerjereddy
added a commit
to tylerjereddy/scipy-wheels
that referenced
this pull request
May 8, 2022
This fixes the issue in the wheels repo, which has been problematic for weeks, and none of the CI failures are related to the changes here, so I'm going to go ahead and merge the backport. I may do a slight update to release notes/ grab a few more backports before releasing though. |
tylerjereddy
added a commit
to MacPython/scipy-wheels
that referenced
this pull request
May 8, 2022
* MAINT: wheels 1.8.1 prep * restore Pythran for Windows builds to see if we are good to go there (if so, we can close gh-162 as well) * bump `BUILD_COMMIT` to point to the latest relevant maintenance branch--this should also tell me if anything strange is happening with things that may be pinned since the `1.8.0` rel * MAINT: PR 167 revisions * try pinning setuptools for Linux jobs; the wheel versions seem wrong with bleeding edge setuptools * MAINT: PR 167 revisions * try pinning `DOCKER_TEST_IMAGE` to avoid the issues related to: https://github.blog/2022-04-12-git-security-vulnerability-announced/ * Revert "MAINT: PR 167 revisions" This reverts commit a090151. * MAINT: PR 167 revisions * try using this command: pypa/manylinux#1309 (comment) * to deal with this in newer manylinux images: https://github.blog/2022-04-12-git-security-vulnerability-announced/ * MAINT: PR 167 revisions * try to address some of the issues with `git config` commands showing up in CI * MAINT: PR 167 revisions * revert some `config.sh` changes that were not helping * MAINT: PR 167 revisions * try shimming the `git` commands in `clean_code()` based on feedback from Matti related to the new `git` vulnerability fix * DEBUG: narrow CI * disable most of the CI while I debug * MAINT: PR 167 revisions * try adding the safe directory command inside of `repo_dir`, which presumably will include running this command in each of the submodules * Try workaround in scipy/scipy#16139 * MAINT: simplify after git fix.
tylerjereddy
removed
the
needs-work
Items that are pending response from the author
label
May 8, 2022
5 tasks
tylerjereddy
added a commit
to tylerjereddy/scipy
that referenced
this pull request
May 31, 2022
* replicated scipygh-16139 on the latest maintenance branch because the `master` branch of the wheels repo will encounter the issues described in that PR (for example, see: MacPython/scipy-wheels#166 which has Travis and Azure failures caused by those same versioning issues) * I think the `cwd` is still correct even though the patch is being applied to a different file this time (used to be `setup.py`), though we could double check this by pointing the wheels PR at the commit hash of this PR if we want * any reason not to forward port this as well at this point, if we're going to need to keep backporting it?
tylerjereddy
added a commit
to tylerjereddy/scipy
that referenced
this pull request
May 31, 2022
* replicated scipygh-16139 on the latest maintenance branch because the `master` branch of the wheels repo will encounter the issues described in that PR (for example, see: MacPython/scipy-wheels#166 which has Travis and Azure failures caused by those same versioning issues) * I think the `cwd` is still correct even though the patch is being applied to a different file this time (used to be `setup.py`), though we could double check this by pointing the wheels PR at the commit hash of this PR if we want * any reason not to forward port this as well at this point, if we're going to need to keep backporting it?
tylerjereddy
added a commit
to tylerjereddy/scipy
that referenced
this pull request
May 31, 2022
* replicated scipygh-16139 on the latest maintenance branch because the `master` branch of the wheels repo will encounter the issues described in that PR (for example, see: MacPython/scipy-wheels#166 which has Travis and Azure failures caused by those same versioning issues) * I think the `cwd` is still correct even though the patch is being applied to a different file this time (used to be `setup.py`), though we could double check this by pointing the wheels PR at the commit hash of this PR if we want * any reason not to forward port this as well at this point, if we're going to need to keep backporting it?
rgommers
pushed a commit
that referenced
this pull request
Jun 1, 2022
replicated gh-16139 on the latest maintenance branch because the `master` branch of the wheels repo will encounter the issues described in that PR (for example, see: MacPython/scipy-wheels#166 which has Travis and Azure failures caused by those same versioning issues) [ci skip]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Don't merge yet please, still debug stage.
this is an attempt to deal with the new
security measure in git:
https://github.blog/2022-04-12-git-security-vulnerability-announced/
it has been blocking the release of SciPy 1.8.1
and NumPy point release for some time
I'm going to try to point the problem wheels
repo PR at the hash of this commit/branch before
merging if possible: (this may mean temporarily pointing
the submodule remote at my fork to avoid merging to
main repo)
MAINT: wheels 1.8.1 prep MacPython/scipy-wheels#167
based on feedback from Henry over here, this does
seem to help locally:
versioneer
/setuptools_scm
are unable to infer the correct version pypa/manylinux#1309 (comment)