Fix windows examples CI by upgrading TLS trust store #1171
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As described in python/cpython#80192 (comment)
mishazharov
changed the title
|
👍 |
jsharpe
approved these changes
Feb 15, 2024
There was a problem hiding this comment.
Thanks for sorting this; this looks great!
@meteorcloudy shall I upstream this fix into the continuous-integration pipeline setup for Windows? This fixes some TLS certificate verification errors we've been seeing in some builds.
|
@jsharpe Please do! Probably in https://github.com/bazelbuild/continuous-integration/blob/master/buildkite/setup-windows.ps1 This might be related to bazelbuild/bazel-central-registry#1367 (comment) ? /cc @mattyclarkson |
Likely. If we get the TLS update in the CI I'll put up the following patch to test in the BCR. From f319e309fcb060715ab0f20a0c1de5cd3b37900f Mon Sep 17 00:00:00 2001
From: Matt Clarkson <matthew.clarkson@arm.com>
Date: Thu, 15 Feb 2024 14:25:01 +0000
Subject: [PATCH] ci: enable Windows for `toolchain_utils`
---
modules/toolchain_utils/1.0.0-beta.1/presubmit.yml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/modules/toolchain_utils/1.0.0-beta.1/presubmit.yml b/modules/toolchain_utils/1.0.0-beta.1/presubmit.yml
index c0aeab4..bed7fe2 100644
--- a/modules/toolchain_utils/1.0.0-beta.1/presubmit.yml
+++ b/modules/toolchain_utils/1.0.0-beta.1/presubmit.yml
@@ -6,8 +6,7 @@ bcr_test_module:
- ubuntu2004
- macos
- macos_arm64
- # TODO: enable this once the `gitlab.arm.com` does not use a self-signed certificate
- # - windows
+ - windows
tasks:
run_tests:
name: Run end-to-end Tests
--
2.42.0The comment in that file is misleading, we're not actually using a self-signed certificate: it just doesn't validate on the BCR CI. A TLS update may solve that issue. |
meteorcloudy
added a commit
to bazelbuild/continuous-integration
that referenced
this pull request
Mar 8, 2024
fmeum
referenced
this pull request
in bazel-contrib/toolchains_llvm
Jul 4, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | rules_foreign_cc | bazel_dep | minor | `0.10.1` -> `0.11.1` | | [rules_foreign_cc](https://github.com/bazelbuild/rules_foreign_cc) | http_archive | patch | `0.11.0` -> `0.11.1` | --- ### Release Notes <details> <summary>bazelbuild/rules_foreign_cc (rules_foreign_cc)</summary> ### [`v0.11.1`](https://github.com/bazelbuild/rules_foreign_cc/releases/tag/0.11.1) [Compare Source](https://github.com/bazelbuild/rules_foreign_cc/compare/0.11.0...0.11.1) #### Using Bzlmod with Bazel 6 1. Enable with `common --enable_bzlmod` in `.bazelrc`. 2. Add to your `MODULE.bazel` file: ```starlark bazel_dep(name = "rules_foreign_cc", version = "0.11.1") ``` #### Using WORKSPACE Paste this snippet into your file: ```starlark load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") http_archive( name = "rules_foreign_cc", sha256 = "4b33d62cf109bcccf286b30ed7121129cc34cf4f4ed9d8a11f38d9108f40ba74", strip_prefix = "rules_foreign_cc-0.11.1", url = "https://github.com/bazelbuild/rules_foreign_cc/releases/download/0.11.1/rules_foreign_cc-0.11.1.tar.gz", ) load("@​rules_foreign_cc//foreign_cc:repositories.bzl", "rules_foreign_cc_dependencies") ### This sets up some common toolchains for building targets. For more details, please see ### https://bazelbuild.github.io/rules_foreign_cc/0.11.1/flatten.html#rules_foreign_cc_dependencies rules_foreign_cc_dependencies() ``` **Full Changelog**: bazel-contrib/rules_foreign_cc@0.10.1...0.11.1 #### What's Changed - Add missing sha256 for meson_src 1.1.1 by [@​lalten](https://github.com/lalten) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1111](https://github.com/bazelbuild/rules_foreign_cc/pull/1111) - Set an empty tools_data attribute for boost by [@​attilaolah](https://github.com/attilaolah) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1112](https://github.com/bazelbuild/rules_foreign_cc/pull/1112) - Advertise CcInfo provider by [@​calebzulawski](https://github.com/calebzulawski) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1118](https://github.com/bazelbuild/rules_foreign_cc/pull/1118) - Allow file targets in native_tool_toolchain() by [@​sitaktif](https://github.com/sitaktif) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1117](https://github.com/bazelbuild/rules_foreign_cc/pull/1117) - set CC and CXX and their flags in meson by [@​xytan0056](https://github.com/xytan0056) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1098](https://github.com/bazelbuild/rules_foreign_cc/pull/1098) - Turn off bzlmod in CI for now by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1142](https://github.com/bazelbuild/rules_foreign_cc/pull/1142) - Fix `//openssl/...` by calling `openssl_setup()` by [@​bcsgh](https://github.com/bcsgh) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1137](https://github.com/bazelbuild/rules_foreign_cc/pull/1137) - Sort tests under examples/third_party and add zlib to the list. by [@​bcsgh](https://github.com/bcsgh) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1136](https://github.com/bazelbuild/rules_foreign_cc/pull/1136) - Use gazelle to generate bzl_library targets by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1127](https://github.com/bazelbuild/rules_foreign_cc/pull/1127) - Use platform specific configs in bazelrc to reduce scope of settings by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1144](https://github.com/bazelbuild/rules_foreign_cc/pull/1144) - Update to ubuntu 20.04 on RBE by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1145](https://github.com/bazelbuild/rules_foreign_cc/pull/1145) - Remove explicit mention of bazel 4.x support by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1146](https://github.com/bazelbuild/rules_foreign_cc/pull/1146) - Add mirrors to external repositories by [@​mishazharov](https://github.com/mishazharov) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1153](https://github.com/bazelbuild/rules_foreign_cc/pull/1153) - Build msvc cmake with prebuilt cmake by [@​matt-sm](https://github.com/matt-sm) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1148](https://github.com/bazelbuild/rules_foreign_cc/pull/1148) - Simplify the toolchain registration for bzlmod by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1105](https://github.com/bazelbuild/rules_foreign_cc/pull/1105) - Update CMake versions by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1159](https://github.com/bazelbuild/rules_foreign_cc/pull/1159) - Fix tool path for nmake by [@​jsun-splunk](https://github.com/jsun-splunk) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1165](https://github.com/bazelbuild/rules_foreign_cc/pull/1165) - chore(deps): Bump rules_apple. Fixes [#​1156](https://github.com/bazelbuild/rules_foreign_cc/issues/1156) by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1166](https://github.com/bazelbuild/rules_foreign_cc/pull/1166) - Add make 4.4.1 by [@​novas0x2a](https://github.com/novas0x2a) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1167](https://github.com/bazelbuild/rules_foreign_cc/pull/1167) - Increase resiliency of `runnable_binary` by [@​mishazharov](https://github.com/mishazharov) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1134](https://github.com/bazelbuild/rules_foreign_cc/pull/1134) - Fix windows examples CI by upgrading TLS trust store by [@​mishazharov](https://github.com/mishazharov) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1171](https://github.com/bazelbuild/rules_foreign_cc/pull/1171) - Fixes the CI failure at Bazel@HEAD by [@​sgowroji](https://github.com/sgowroji) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1173](https://github.com/bazelbuild/rules_foreign_cc/pull/1173) - Add j2objc fragment to rules by [@​sgowroji](https://github.com/sgowroji) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1175](https://github.com/bazelbuild/rules_foreign_cc/pull/1175) - Cater for different drive letters when normalizing path by [@​matt-sm](https://github.com/matt-sm) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1169](https://github.com/bazelbuild/rules_foreign_cc/pull/1169) - Fix [#​1161](https://github.com/bazelbuild/rules_foreign_cc/issues/1161): set the `CMAKE` environment variables for prebuilt toolchains. by [@​thb-sb](https://github.com/thb-sb) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1163](https://github.com/bazelbuild/rules_foreign_cc/pull/1163) - Add aarch64 to prebuild library constraints for macos by [@​dmeijboom](https://github.com/dmeijboom) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1176](https://github.com/bazelbuild/rules_foreign_cc/pull/1176) - Use a sed delimiter that is unlikely to appear in the input by [@​mkauf](https://github.com/mkauf) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1184](https://github.com/bazelbuild/rules_foreign_cc/pull/1184) - Update rules_apple by [@​sgowroji](https://github.com/sgowroji) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1190](https://github.com/bazelbuild/rules_foreign_cc/pull/1190) - Fix - Copy Dir ignores hidden files on macOS by [@​LaurenceTews](https://github.com/LaurenceTews) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1188](https://github.com/bazelbuild/rules_foreign_cc/pull/1188) - fix(docs): Port docs generation to bzlmod to fix user facing doc generation by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1193](https://github.com/bazelbuild/rules_foreign_cc/pull/1193) - Revert "fix(docs): Port docs generation to bzlmod to fix user facing doc generation" by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1194](https://github.com/bazelbuild/rules_foreign_cc/pull/1194) - chore(deps): Add ninja 1.12.0 and latest versions of cmake by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1192](https://github.com/bazelbuild/rules_foreign_cc/pull/1192) - adjust relative msvc paths by [@​matt-sm](https://github.com/matt-sm) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1180](https://github.com/bazelbuild/rules_foreign_cc/pull/1180) - Make pkgconfig Hermetic by [@​dstufft](https://github.com/dstufft) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1069](https://github.com/bazelbuild/rules_foreign_cc/pull/1069) - Exclude filenames with spaces from cmake toolchains by [@​illicitonion](https://github.com/illicitonion) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1199](https://github.com/bazelbuild/rules_foreign_cc/pull/1199) - fix: change cygpath to mixed mode by [@​jsun-splunk](https://github.com/jsun-splunk) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1204](https://github.com/bazelbuild/rules_foreign_cc/pull/1204) - fix: path expansion on windows by [@​jsun-splunk](https://github.com/jsun-splunk) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1207](https://github.com/bazelbuild/rules_foreign_cc/pull/1207) - Revert inadvertent direct commit to main by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1213](https://github.com/bazelbuild/rules_foreign_cc/pull/1213) - Update framework.bzl to account for externalIncludes by [@​layus](https://github.com/layus) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1215](https://github.com/bazelbuild/rules_foreign_cc/pull/1215) - chore(deps): cmake/ninja: add new versions by [@​novas0x2a](https://github.com/novas0x2a) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1212](https://github.com/bazelbuild/rules_foreign_cc/pull/1212) - Revert "cmake: use variable expansion on generator args" by [@​jsharpe](https://github.com/jsharpe) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1219](https://github.com/bazelbuild/rules_foreign_cc/pull/1219) - Add in custom glib patch by [@​andrewkatson](https://github.com/andrewkatson) in [https://github.com/bazelbuild/rules_foreign_cc/pull/1211](https://github.com/bazelbuild/rules_foreign_cc/pull/1211) #### New Contributors - [@​lalten](https://github.com/lalten) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1111](https://github.com/bazelbuild/rules_foreign_cc/pull/1111) - [@​sitaktif](https://github.com/sitaktif) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1117](https://github.com/bazelbuild/rules_foreign_cc/pull/1117) - [@​mishazharov](https://github.com/mishazharov) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1153](https://github.com/bazelbuild/rules_foreign_cc/pull/1153) - [@​matt-sm](https://github.com/matt-sm) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1148](https://github.com/bazelbuild/rules_foreign_cc/pull/1148) - [@​jsun-splunk](https://github.com/jsun-splunk) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1165](https://github.com/bazelbuild/rules_foreign_cc/pull/1165) - [@​sgowroji](https://github.com/sgowroji) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1173](https://github.com/bazelbuild/rules_foreign_cc/pull/1173) - [@​thb-sb](https://github.com/thb-sb) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1163](https://github.com/bazelbuild/rules_foreign_cc/pull/1163) - [@​dmeijboom](https://github.com/dmeijboom) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1176](https://github.com/bazelbuild/rules_foreign_cc/pull/1176) - [@​mkauf](https://github.com/mkauf) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1184](https://github.com/bazelbuild/rules_foreign_cc/pull/1184) - [@​LaurenceTews](https://github.com/LaurenceTews) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1188](https://github.com/bazelbuild/rules_foreign_cc/pull/1188) - [@​layus](https://github.com/layus) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1215](https://github.com/bazelbuild/rules_foreign_cc/pull/1215) - [@​andrewkatson](https://github.com/andrewkatson) made their first contribution in [https://github.com/bazelbuild/rules_foreign_cc/pull/1211](https://github.com/bazelbuild/rules_foreign_cc/pull/1211) **Full Changelog**: bazel-contrib/rules_foreign_cc@0.10.1...0.11.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/bazel-contrib/toolchains_llvm). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjEuOSIsInVwZGF0ZWRJblZlciI6IjM3LjQyMS45IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is an attempt to fix the CI windows failure caused by out of date TLS certificates, the solution is lifted from the python repo link here python/cpython#80192 (comment)
I couldn't get the windows build to work locally, so CI was the testbed