summaryrefslogtreecommitdiffstats
path: root/Mac/BuildScript
diff options
context:
space:
mode:
authorNed Deily <nad@python.org>2016-02-24 14:01:48 (GMT)
committerNed Deily <nad@python.org>2016-02-24 14:01:48 (GMT)
commit59884989f7688478b86769d209a0570d81322ebf (patch)
treeddbd99358f2bd29e0bcc23a44454ac753cab6705 /Mac/BuildScript
parent020250f91f61d752bed18117e0570c1425b5d595 (diff)
downloadcpython-59884989f7688478b86769d209a0570d81322ebf.zip
cpython-59884989f7688478b86769d209a0570d81322ebf.tar.gz
cpython-59884989f7688478b86769d209a0570d81322ebf.tar.bz2
Change OS X installer builds targeted for 10.10 and above to build
and link with a private copy of OpenSSL, like installers targeted for 10.5 already do, since Apple has deprecated use of the system OpenSSL and removed its header files from the Xcode 7 SDK. Note that this configuration is not currently used to build any python.org-supplied installers and that the private copy of OpenSSL requires its own root certificates.
Diffstat (limited to 'Mac/BuildScript')
-rwxr-xr-xMac/BuildScript/build-installer.py9
1 files changed, 7 insertions, 2 deletions
diff --git a/Mac/BuildScript/build-installer.py b/Mac/BuildScript/build-installer.py
index 609aaf2..9177356b 100755
--- a/Mac/BuildScript/build-installer.py
+++ b/Mac/BuildScript/build-installer.py
@@ -206,7 +206,7 @@ def library_recipes():
LT_10_5 = bool(getDeptargetTuple() < (10, 5))
- if getDeptargetTuple() < (10, 6):
+ if not (10, 5) < getDeptargetTuple() < (10, 10):
# The OpenSSL libs shipped with OS X 10.5 and earlier are
# hopelessly out-of-date and do not include Apple's tie-in to
# the root certificates in the user and system keychains via TEA
@@ -226,7 +226,8 @@ def library_recipes():
# now more obvious with cert checking enabled by default in the
# standard library.
#
- # For builds with 10.6+ SDKs, continue to use the deprecated but
+ # For builds with 10.6 through 10.9 SDKs,
+ # continue to use the deprecated but
# less out-of-date Apple 0.9.8 libs for now. While they are less
# secure than using an up-to-date 1.0.1 version, doing so
# avoids the big problems of forcing users to have to manage
@@ -234,6 +235,10 @@ def library_recipes():
# APIs for cert validation from keychains if validation using the
# standard OpenSSL locations (/System/Library/OpenSSL, normally empty)
# fails.
+ #
+ # Since Apple removed the header files for the deprecated system
+ # OpenSSL as of the Xcode 7 release (for OS X 10.10+), we do not
+ # have much choice but to build our own copy here, too.
result.extend([
dict(