Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(py): update to python 3.13.5-20250612 for security fixes (#26518) 

* fix(py): update to python 3.13.5-20250612 for security fixes

3.13.4 fixed various CVEs. Upgrade to 3.13.5 per upstream expedited
release to fix problems with 3.13.4.

* https://www.python.org/downloads/release/python-3133/
* https://www.python.org/downloads/release/python-3134/
* https://www.python.org/downloads/release/python-3135/

* fix(py): use equivalent x86_64-pc-windows-msvc instead of -shared variant

Per https://github.com/astral-sh/python-build-standalone/releases/tag/20250311,
"Windows artifacts with the -shared suffix will no longer be published:
this variant became the default in 20240415 and duplicate archives have
been published under the -shared suffix for backwards compatibility. Use
the equivalent archives without the suffix.

* chore: update README_processing_engine.md for latest versions
pull/26519/merge
Jamie Strandboge 2025-06-13 13:01:30 -06:00 committed by GitHub
parent bc41c04656
commit 4cdf57d6dc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.circleci/config.yml
View File

@ -103,8 +103,8 @@ parameters:
# Consistent environment setup for Python Build Standalone # Consistent environment setup for Python Build Standalone
pbs_config: &pbs_config pbs_config: &pbs_config
PBS_DATE: "20250212" PBS_DATE: "20250612"
PBS_VERSION: "3.13.2" PBS_VERSION: "3.13.5"
# Consistent Cargo environment configuration # Consistent Cargo environment configuration
cargo_env: &cargo_env cargo_env: &cargo_env

10
.circleci/scripts/fetch-python-standalone.bash
View File

@ -33,7 +33,7 @@ readonly PBS_TOP_DIR="/tmp/workspace"
# - aarch64-apple-darwin # - aarch64-apple-darwin
# - aarch64-unknown-linux-gnu # - aarch64-unknown-linux-gnu
# - x86_64-unknown-linux-gnu # - x86_64-unknown-linux-gnu
# - x86_64-pc-windows-msvc-shared # - x86_64-pc-windows-msvc
# #
# Note: musl builds of python-build-standablone currently (as of 2025-02-04) # Note: musl builds of python-build-standablone currently (as of 2025-02-04)
# have limitations: # have limitations:
@ -47,13 +47,13 @@ readonly PBS_TOP_DIR="/tmp/workspace"
# - https://github.com/astral-sh/python-build-standalone/blob/main/docs/running.rst # - https://github.com/astral-sh/python-build-standalone/blob/main/docs/running.rst
# - https://edu.chainguard.dev/chainguard/chainguard-images/about/images-compiled-programs/glibc-vs-musl/#python-builds # - https://edu.chainguard.dev/chainguard/chainguard-images/about/images-compiled-programs/glibc-vs-musl/#python-builds
# - https://pythonspeed.com/articles/alpine-docker-python/ # - https://pythonspeed.com/articles/alpine-docker-python/
readonly TARGETS="aarch64-apple-darwin aarch64-unknown-linux-gnu x86_64-unknown-linux-gnu x86_64-pc-windows-msvc-shared" readonly TARGETS="aarch64-apple-darwin aarch64-unknown-linux-gnu x86_64-unknown-linux-gnu x86_64-pc-windows-msvc"
fetch() { fetch() {
target="$1" target="$1"
suffix="${2}" suffix="${2}"
if [ "${suffix}" = "full.tar.zst" ]; then if [ "${suffix}" = "full.tar.zst" ]; then
if [ "${target}" = "x86_64-pc-windows-msvc-shared" ]; then if [ "${target}" = "x86_64-pc-windows-msvc" ]; then
suffix="pgo-${2}" suffix="pgo-${2}"
else else
suffix="debug-${2}" suffix="debug-${2}"
@ -84,7 +84,7 @@ fetch() {
echo "Unpacking ${binary} to '${DOWNLOAD_DIR}'" echo "Unpacking ${binary} to '${DOWNLOAD_DIR}'"
UNPACK_DIR="${DOWNLOAD_DIR}/${target}" UNPACK_DIR="${DOWNLOAD_DIR}/${target}"
if [ "${target}" = "x86_64-pc-windows-msvc-shared" ]; then if [ "${target}" = "x86_64-pc-windows-msvc" ]; then
UNPACK_DIR="${DOWNLOAD_DIR}/x86_64-pc-windows-gnu" UNPACK_DIR="${DOWNLOAD_DIR}/x86_64-pc-windows-gnu"
fi fi
mkdir "${UNPACK_DIR}" 2>/dev/null || true mkdir "${UNPACK_DIR}" 2>/dev/null || true
@ -103,7 +103,7 @@ fetch() {
echo "Creating ${UNPACK_DIR}/pyo3_config_file.txt" echo "Creating ${UNPACK_DIR}/pyo3_config_file.txt"
PYO3_CONFIG_FILE="${UNPACK_DIR}/pyo3_config_file.txt" PYO3_CONFIG_FILE="${UNPACK_DIR}/pyo3_config_file.txt"
PBS_DIR="${PBS_TOP_DIR}"/$(basename "${DOWNLOAD_DIR}")/$(basename "${UNPACK_DIR}") PBS_DIR="${PBS_TOP_DIR}"/$(basename "${DOWNLOAD_DIR}")/$(basename "${UNPACK_DIR}")
if [ "${target}" = "x86_64-pc-windows-msvc-shared" ]; then if [ "${target}" = "x86_64-pc-windows-msvc" ]; then
cat > "${PYO3_CONFIG_FILE}" <<EOM cat > "${PYO3_CONFIG_FILE}" <<EOM
implementation=CPython implementation=CPython
version=${PBS_MAJ_MIN} version=${PBS_MAJ_MIN}

20
README_processing_engine.md
View File

@ -104,12 +104,12 @@ At a high level, the build process for Official builds consists of:
``` ```
implementation=CPython implementation=CPython
version=3.11 version=3.13
shared=true shared=true
abi3=false abi3=false
lib_name=python3.11 lib_name=python3.13
lib_dir=/path/to/python-standalone/python/lib lib_dir=/path/to/python-standalone/python/lib
executable=/path/to/python-standalone/python/bin/python3.11 executable=/path/to/python-standalone/python/bin/python3.13
pointer_width=64 pointer_width=64
build_flags= build_flags=
suppress_build_script_link_lines=false suppress_build_script_link_lines=false
@ -191,18 +191,18 @@ Local development with python-build-standalone currently consists of:
1. download python-build-standalone and unpack it somewhere 1. download python-build-standalone and unpack it somewhere
* get from https://github.com/astral-sh/python-build-standalone/releases * get from https://github.com/astral-sh/python-build-standalone/releases
* based on your host OS, choose one of `aarch64-apple-darwin-install_only_stripped.tar.gz`, `aarch64-unknown-linux-gnu-install_only_stripped.tar.gz`, `x86_64-pc-windows-msvc-shared-install_only_stripped.tar.gz`, `x86_64-unknown-linux-gnu-install_only_stripped.tar.gz` * based on your host OS, choose one of `aarch64-apple-darwin-install_only_stripped.tar.gz`, `aarch64-unknown-linux-gnu-install_only_stripped.tar.gz`, `x86_64-pc-windows-msvc-install_only_stripped.tar.gz`, `x86_64-unknown-linux-gnu-install_only_stripped.tar.gz`
2. create `pyo3_config_file.txt` to match the unpacked dir and downloaded python version. Eg, if downloaded and unpacked a 3.11.x version to `/tmp/python`: 2. create `pyo3_config_file.txt` to match the unpacked dir and downloaded python version. Eg, if downloaded and unpacked a 3.13.x version to `/tmp/python`:
``` ```
$ cat ./pyo3_config_file.txt $ cat ./pyo3_config_file.txt
implementation=CPython implementation=CPython
version=3.11 version=3.13
shared=true shared=true
abi3=false abi3=false
lib_name=python3.11 lib_name=python3.13
lib_dir=/tmp/python/lib lib_dir=/tmp/python/lib
executable=/tmp/python/bin/python3.11 executable=/tmp/python/bin/python3.13
pointer_width=64 pointer_width=64
build_flags= build_flags=
suppress_build_script_link_lines=false suppress_build_script_link_lines=false
@ -222,7 +222,7 @@ Local development with python-build-standalone currently consists of:
$ patchelf --set-rpath '$ORIGIN/python/lib' ./target/<profile>/influxdb3 $ patchelf --set-rpath '$ORIGIN/python/lib' ./target/<profile>/influxdb3
# osx (be sure to match the libpython version with what you downloaded) # osx (be sure to match the libpython version with what you downloaded)
$ install_name_tool -change '/install/lib/libpython3.11.dylib' '@executable_path/python/lib/libpython3.11.dylib' ./target/<profile>/influxdb3 $ install_name_tool -change '/install/lib/libpython3.13.dylib' '@executable_path/python/lib/libpython3.13.dylib' ./target/<profile>/influxdb3
``` ```
5. Linux/OSX: put the python runtime in the expected location (XXX: may be 5. Linux/OSX: put the python runtime in the expected location (XXX: may be
@ -284,7 +284,7 @@ builds:
* `aarch64-apple-darwin-install_only_stripped.tar.gz` * `aarch64-apple-darwin-install_only_stripped.tar.gz`
* `aarch64-unknown-linux-gnu-install_only_stripped.tar.gz` * `aarch64-unknown-linux-gnu-install_only_stripped.tar.gz`
* `x86_64-unknown-linux-gnu-install_only_stripped.tar.gz` * `x86_64-unknown-linux-gnu-install_only_stripped.tar.gz`
* `x86_64-pc-windows-msvc-shared-install_only_stripped.tar.gz` * `x86_64-pc-windows-msvc-install_only_stripped.tar.gz`
### How will InfluxData maintain the embedded interpreter? ### How will InfluxData maintain the embedded interpreter?