From cb6587ac2d89046224b431d3166b715f626dc247 Mon Sep 17 00:00:00 2001 From: Allister Banks Date: Wed, 18 Jun 2025 15:05:00 +0900 Subject: [PATCH 1/4] mostly dep updates, remove bad option to RP --no-unsign was the culprit stopping pip from updating and several of the old pip versions weren't installing cleanly, bumped those versions and sha's of RP/MP among other minor tweaks. --- build_python_framework_pkgs.zsh | 37 ++++++++++++--------------------- requirements_minimal.txt | 6 +++--- 2 files changed, 16 insertions(+), 27 deletions(-) diff --git a/build_python_framework_pkgs.zsh b/build_python_framework_pkgs.zsh index ae4ac22..ae9c616 100755 --- a/build_python_framework_pkgs.zsh +++ b/build_python_framework_pkgs.zsh @@ -4,10 +4,10 @@ # Adaptd from https://github.com/munki/munki/blob/Munki3dev/code/tools/build_python_framework.sh # IMPORTANT # Run this with your current directory being the path where this script is located - -# Harcoded versions -RP_SHA="fb4dd9b024b249c71713f14d887f4bcea78aa8b0" -MP_SHA="0fcd47faf0fb2b4e8a0256a77be315a3cb6ab319" +# set -x +# Harcoded (commit) versions of relocatable-python & munki-pkg +RP_SHA="8ee72fe3a5dbef733365370ebf44f25022b895ef" # https://github.com/gregneagle/relocatable-python/commits/main/ +MP_SHA="96cffb4eac9207c1130404ec1fee8f4777fa38fd" # https://github.com/munki/munki-pkg/commits/main/ MACOS_VERSION=11 # use 10.9 for non-universal PYTHON_PRERELEASE_VERSION= PYTHON_BASEURL="https://www.python.org/ftp/python/%s/python-%s${PYTHON_PRERELEASE_VERSION}-macos%s.pkg" @@ -19,7 +19,8 @@ RP_BINDIR="/tmp/relocatable-python" MP_BINDIR="/tmp/munki-pkg" CONSOLEUSER=$(/usr/bin/stat -f "%Su" /dev/console) PIPCACHEDIR="/Users/${CONSOLEUSER}/Library/Caches/pip" -XCODE_PATH="/Applications/Xcode_15.2.app" +XCODE_PATH="/Applications/Xcode.app" +XCODE_BUILD_PATH="$XCODE_PATH/Contents/Developer/usr/bin/xcodebuild" XCODE_NOTARY_PATH="$XCODE_PATH/Contents/Developer/usr/bin/notarytool" XCODE_STAPLER_PATH="$XCODE_PATH/Contents/Developer/usr/bin/stapler" NEWSUBBUILD=$((80620 + $(/usr/bin/git rev-parse HEAD~0 | xargs -I{} /usr/bin/git rev-list --count {}))) @@ -56,13 +57,13 @@ fi if [ -n "$4" ]; then PYTHON_VERSION=$4 else - PYTHON_VERSION=3.12.1 + PYTHON_VERSION=3.13.5 fi if [ -n "$5" ]; then PYTHON_MAJOR_VERSION=$5 else - PYTHON_MAJOR_VERSION=3.12 + PYTHON_MAJOR_VERSION=3.13 fi # Set python bin version based on PYTHON_VERSION PYTHON_BIN_VERSION="${PYTHON_VERSION%.*}" @@ -96,8 +97,8 @@ if [ -d "${PIPCACHEDIR}" ]; then /usr/bin/sudo /bin/rm -rf "${PIPCACHEDIR}" fi -# kill homebrew packages -/usr/local/bin/brew remove --force $(/usr/local/bin/brew list) +# # kill homebrew packages +# /usr/local/bin/brew remove --force $(/usr/local/bin/brew list) # Ensure Xcode is set to run-time sudo xcode-select -s "$XCODE_PATH" @@ -141,18 +142,7 @@ else fi # make a symbolic link to help with interactive use -if [[ "${PYTHON_MAJOR_VERSION}" == "3.9" ]]; then - /bin/ln -s "$PYTHON_BIN_NEW" "$TOOLSDIR/$TYPE/payload/usr/local/bin/managed_python3" -fi -if [[ "${PYTHON_MAJOR_VERSION}" == "3.10" ]]; then - /bin/ln -s "$PYTHON_BIN_NEW" "$TOOLSDIR/$TYPE/payload/usr/local/bin/managed_python3" -fi -if [[ "${PYTHON_MAJOR_VERSION}" == "3.11" ]]; then - /bin/ln -s "$PYTHON_BIN_NEW" "$TOOLSDIR/$TYPE/payload/usr/local/bin/managed_python3" -fi -if [[ "${PYTHON_MAJOR_VERSION}" == "3.12" ]]; then - /bin/ln -s "$PYTHON_BIN_NEW" "$TOOLSDIR/$TYPE/payload/usr/local/bin/managed_python3" -fi +/bin/ln -s "$PYTHON_BIN_NEW" "$TOOLSDIR/$TYPE/payload/usr/local/bin/managed_python3" SB_RESULT="$?" if [ "${SB_RESULT}" != "0" ]; then @@ -166,14 +156,13 @@ fi # C_INCLUDE_PATH="/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/Current/Headers/" export C_INCLUDE_PATH="/Library/ManagedFrameworks/Python/Python.framework/Versions/Current/Headers/" - C_INCLUDE_PATH="/Library/ManagedFrameworks/Python/Python.framework/Versions/Current/Headers/" RP_EXTRACT_BINDIR="${RP_BINDIR}/relocatable-python-${RP_SHA}" + "${RP_EXTRACT_BINDIR}/make_relocatable_python_framework.py" \ --baseurl "${PYTHON_BASEURL}" \ --python-version "${PYTHON_VERSION}" \ --os-version "${MACOS_VERSION}" \ --upgrade-pip \ ---no-unsign \ --pip-requirements "${TOOLSDIR}/requirements_${TYPE}.txt" \ --destination "${FRAMEWORKDIR}" @@ -235,7 +224,7 @@ else /usr/bin/find "$TOOLSDIR/$TYPE/payload${FRAMEWORKDIR}/Python3.framework/Versions/${PYTHON_BIN_VERSION}/lib" -type f -name "*dylib" -exec /usr/bin/codesign -s - --preserve-metadata=identifier,entitlements,flags,runtime -f {} \; /usr/bin/codesign -s - --deep --force --preserve-metadata=identifier,entitlements,flags,runtime "$TOOLSDIR/$TYPE/payload${FRAMEWORKDIR}/Python3.framework/Versions/${PYTHON_BIN_VERSION}/Resources/Python.app" /usr/bin/codesign -s - --force --preserve-metadata=identifier,entitlements,flags,runtime "$TOOLSDIR/$TYPE/payload${FRAMEWORKDIR}/Python3.framework/Versions/${PYTHON_BIN_VERSION}/Python" - /usr/bin/codesign -s - --force --preserve-metadata=identifier,entitlements,flags,runtime "$TOOLSDIR/$TYPE/payload${FRAMEWORKDIR}Python3.framework/Versions/Current/Python" + /usr/bin/codesign -s - --force --preserve-metadata=identifier,entitlements,flags,runtime "$TOOLSDIR/$TYPE/payload${FRAMEWORKDIR}/Python3.framework/Versions/Current/Python" fi # Print out some information about the signatures diff --git a/requirements_minimal.txt b/requirements_minimal.txt index b6277d1..c2c6126 100644 --- a/requirements_minimal.txt +++ b/requirements_minimal.txt @@ -1,7 +1,7 @@ -cffi==1.16.0 +cffi==1.17.1 --no-binary cffi pycparser==2.21 -pyobjc==10.1 +pyobjc==11.1 six==1.16.0 -xattr==1.0.0 +xattr==1.1.4 --no-binary xattr From 7664d6c55205f3b742fad9df2f1c192c9a6c165a Mon Sep 17 00:00:00 2001 From: Allister Banks Date: Wed, 18 Jun 2025 15:14:48 +0900 Subject: [PATCH 2/4] potentially fix test issue as flagged after previous commit --- .github/workflows/build_python_3.10.yml | 2 +- .github/workflows/build_python_3.11.yml | 2 +- .github/workflows/build_python_3.12.yml | 2 +- .github/workflows/build_python_3.9.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_python_3.10.yml b/.github/workflows/build_python_3.10.yml index d44e691..fc53801 100644 --- a/.github/workflows/build_python_3.10.yml +++ b/.github/workflows/build_python_3.10.yml @@ -89,7 +89,7 @@ jobs: files: ${{github.workspace}}/outputs/*.pkg - name: Upload packages - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@v4.6.2 with: name: packages path: outputs/ diff --git a/.github/workflows/build_python_3.11.yml b/.github/workflows/build_python_3.11.yml index 9b9ec16..0592aaa 100644 --- a/.github/workflows/build_python_3.11.yml +++ b/.github/workflows/build_python_3.11.yml @@ -84,7 +84,7 @@ jobs: files: ${{github.workspace}}/outputs/*.pkg - name: Upload packages - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@v4.6.2 with: name: packages path: outputs/ diff --git a/.github/workflows/build_python_3.12.yml b/.github/workflows/build_python_3.12.yml index 10b6532..16089e8 100644 --- a/.github/workflows/build_python_3.12.yml +++ b/.github/workflows/build_python_3.12.yml @@ -84,7 +84,7 @@ jobs: files: ${{github.workspace}}/outputs/*.pkg - name: Upload packages - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@v4.6.2 with: name: packages path: outputs/ diff --git a/.github/workflows/build_python_3.9.yml b/.github/workflows/build_python_3.9.yml index 17b394a..01c068b 100644 --- a/.github/workflows/build_python_3.9.yml +++ b/.github/workflows/build_python_3.9.yml @@ -89,7 +89,7 @@ jobs: files: ${{github.workspace}}/outputs/*.pkg - name: Upload packages - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@v4.6.2 with: name: packages path: outputs/ From 4c19213da3df37d1a9a3a6cfe93303339903f6f7 Mon Sep 17 00:00:00 2001 From: Allister Banks Date: Tue, 24 Jun 2025 22:59:22 +0900 Subject: [PATCH 3/4] as per recommended restorations instead of tag use commit, in case build node needs homebrew purgin' --- .github/workflows/build_python_3.10.yml | 2 +- .github/workflows/build_python_3.11.yml | 2 +- .github/workflows/build_python_3.12.yml | 2 +- .github/workflows/build_python_3.9.yml | 2 +- build_python_framework_pkgs.zsh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_python_3.10.yml b/.github/workflows/build_python_3.10.yml index fc53801..4db841c 100644 --- a/.github/workflows/build_python_3.10.yml +++ b/.github/workflows/build_python_3.10.yml @@ -89,7 +89,7 @@ jobs: files: ${{github.workspace}}/outputs/*.pkg - name: Upload packages - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: packages path: outputs/ diff --git a/.github/workflows/build_python_3.11.yml b/.github/workflows/build_python_3.11.yml index 0592aaa..6b32a97 100644 --- a/.github/workflows/build_python_3.11.yml +++ b/.github/workflows/build_python_3.11.yml @@ -84,7 +84,7 @@ jobs: files: ${{github.workspace}}/outputs/*.pkg - name: Upload packages - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: packages path: outputs/ diff --git a/.github/workflows/build_python_3.12.yml b/.github/workflows/build_python_3.12.yml index 16089e8..c881e23 100644 --- a/.github/workflows/build_python_3.12.yml +++ b/.github/workflows/build_python_3.12.yml @@ -84,7 +84,7 @@ jobs: files: ${{github.workspace}}/outputs/*.pkg - name: Upload packages - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: packages path: outputs/ diff --git a/.github/workflows/build_python_3.9.yml b/.github/workflows/build_python_3.9.yml index 01c068b..fd9d592 100644 --- a/.github/workflows/build_python_3.9.yml +++ b/.github/workflows/build_python_3.9.yml @@ -89,7 +89,7 @@ jobs: files: ${{github.workspace}}/outputs/*.pkg - name: Upload packages - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: packages path: outputs/ diff --git a/build_python_framework_pkgs.zsh b/build_python_framework_pkgs.zsh index ae9c616..cea94c6 100755 --- a/build_python_framework_pkgs.zsh +++ b/build_python_framework_pkgs.zsh @@ -98,7 +98,7 @@ if [ -d "${PIPCACHEDIR}" ]; then fi # # kill homebrew packages -# /usr/local/bin/brew remove --force $(/usr/local/bin/brew list) +/usr/local/bin/brew remove --force $(/usr/local/bin/brew list) # Ensure Xcode is set to run-time sudo xcode-select -s "$XCODE_PATH" From e95b45eedb5b4fa98bf4a5d3d6f4de3fd118a462 Mon Sep 17 00:00:00 2001 From: Allister Banks Date: Tue, 24 Jun 2025 23:38:07 +0900 Subject: [PATCH 4/4] restore whitespace it's just typing --- build_python_framework_pkgs.zsh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_python_framework_pkgs.zsh b/build_python_framework_pkgs.zsh index cea94c6..bd20060 100755 --- a/build_python_framework_pkgs.zsh +++ b/build_python_framework_pkgs.zsh @@ -97,7 +97,7 @@ if [ -d "${PIPCACHEDIR}" ]; then /usr/bin/sudo /bin/rm -rf "${PIPCACHEDIR}" fi -# # kill homebrew packages +# kill homebrew packages /usr/local/bin/brew remove --force $(/usr/local/bin/brew list) # Ensure Xcode is set to run-time