Skip to content

initial EncryptedClientHello support in ssl module #11

initial EncryptedClientHello support in ssl module

initial EncryptedClientHello support in ssl module #11

Workflow file for this run

name: builder
on:
workflow_dispatch:
push:
schedule:
- cron: '30 5 * * *'
jobs:
packages:
runs-on: ubuntu-24.04
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: merge upstream
run: |
git remote add upstream https://github.com/python/cpython.git
git fetch upstream
git -c user.name=Github -c user.email=none merge upstream/main
- name: Cache ccache
uses: actions/cache@v4
with:
path: /home/runner/.cache/ccache
key: ccache
- name: Prepare build environment
run: |
sudo DEBIAN_FRONTEND=noninteractive apt update && sudo DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends sbuild mmdebstrap debian-archive-keyring ccache uidmap quilt
mkdir -p "$HOME/.cache/sbuild"
# shellcheck disable=SC2016
mmdebstrap --variant=buildd --include=apt,ccache,ca-certificates \
--keyring=/usr/share/keyrings/debian-archive-keyring.gpg \
--customize-hook='chroot "$1" update-ccache-symlinks' \
testing "$HOME/.cache/sbuild/testing-amd64.tar"
ccache --zero-stats --max-size=10.0G
chmod a+X "$HOME" "$HOME/.cache"
chmod -R a+rwX "$HOME/.cache/ccache"
cat << "EOF" > "$HOME/.quiltrc"
QUILT_PATCHES=debian/patches
QUILT_NO_DIFF_INDEX=1
QUILT_NO_DIFF_TIMESTAMPS=1
QUILT_REFRESH_ARGS="-p ab"
QUILT_DIFF_ARGS="--color=auto" # If you want some color when using `quilt diff`.
QUILT_PATCH_OPTS="--reject-format=unified"
QUILT_COLORS="diff_hdr=1;32:diff_add=1;34:diff_rem=1;31:diff_hunk=1;33:diff_ctx=35:diff_cctx=33"
EOF
cat << "EOF" > "$HOME/.sbuildrc"
$build_environment = { "CCACHE_DIR" => "/build/ccache" };
$path = "/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games";
$build_path = "/build/package/";
$dsc_dir = "package";
$unshare_bind_mounts = [ { directory => "$HOME/.cache/ccache", mountpoint => "/build/ccache" } ];
$verbose = 1;
EOF
mkdir "$HOME/apt_repo"
- name: Run sbuild
run: |
quilt push -a
# shellcheck disable=SC2016
sed -i "1 s/([^)]*)/($(git describe --tags | sed 's/^[^0-9]*//;s/-/./g;s/_/./g')-$(date -u '+%Y%m%d.%H%M%S%N'))/" debian/changelog
sbuild -d testing --chroot-mode=unshare --no-clean-source --no-run-lintian \
--extra-repository="deb [trusted=yes] https://github.com/defo-project/openssl/raw/packages/ ./" \
--dpkg-source-opts="-Zgzip -z1 --format=1.0 -sn" --build-dir="$HOME/apt_repo"
cd "$HOME/apt_repo"
apt-ftparchive packages . > Packages
apt-ftparchive release . > Release
# - name: Test packages
# run: |
# mmdebstrap --verbose --chrooted-customize-hook="curl --ech true --doh-url 'https://1.1.1.1/dns-query' 'https://defo.ie/ech-check.php' | grep 'SSL_ECH_STATUS: success'" \
# --variant=essential --include=ca-certificates,curl testing /dev/null \
# "deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian testing main" \
# "deb [trusted=yes] https://github.com/defo-project/openssl/raw/packages/ /" \
# "deb [trusted=yes] copy:/$HOME/apt_repo /"
- name: Upload apt repository
run: |
cd "$HOME/apt_repo"
BRANCH=packages
REPOSITORY="$(printf "%s" "$GITHUB_REPOSITORY" | tr / _)"
echo "echo \"deb [trusted=yes] $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/raw/$BRANCH/ /\" | sudo tee /etc/apt/sources.list.d/$REPOSITORY.list" >> README.md
git init -b "$BRANCH"
git remote add origin "$(echo "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git" | sed "s#https://#https://x-access-token:${{ secrets.GITHUB_TOKEN }}@#")"
git add .
git -c user.name=Github -c user.email=none commit --message="Generated with $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
git push --force origin "$BRANCH"