From bc912d04645e65a8d5a240eb133dc2c03f0babc6 Mon Sep 17 00:00:00 2001 From: Tim Felgentreff Date: Wed, 22 Apr 2026 08:39:18 +0200 Subject: [PATCH 1/5] [GR-74994] Update Bouncy Castle artifacts to 1.84 --- THIRD_PARTY_LICENSE.txt | 4 ++-- mx.graalpython/suite.py | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/THIRD_PARTY_LICENSE.txt b/THIRD_PARTY_LICENSE.txt index 61d5122dbe..e27628c4ee 100644 --- a/THIRD_PARTY_LICENSE.txt +++ b/THIRD_PARTY_LICENSE.txt @@ -39,9 +39,9 @@ SOFTWARE. ================================================================================ -Bouncy Castle Crypto API 1.68 +Bouncy Castle Crypto API 1.84 -Copyright (c) 2000-2021 The Legion of the Bouncy Castle Inc. +Copyright (c) 2000-2023 The Legion of the Bouncy Castle Inc. (https://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software diff --git a/mx.graalpython/suite.py b/mx.graalpython/suite.py index fa5bf2a25a..b8e1ce2c3b 100644 --- a/mx.graalpython/suite.py +++ b/mx.graalpython/suite.py @@ -110,32 +110,32 @@ "digest": "sha512:bd77164795b5cbfbe864f64021e67e37f39cb9aba9abdd894d53fbb6857abe074923808918d1dc3bb0706253e726b2b9704cd0c3bc744d70e220c7356fa4995e", }, "BOUNCYCASTLE-PROVIDER": { - "digest": "sha512:e51cc843ca130ad4a15ff667360063bbb583af3f22e14193840a734da6665b470ba1855ce975f88a94ddd6419aa020d3a9966980bc1deb7514f92a7215d6e229", - "sourceDigest": "sha512:a2fe72266afcffce846dde5735d0fa28935942177375dd1c29bac819c1163f2da967e0b893d33d43868b6cdb8aa469e05fa460543d5448fa1e34155dcf86b0b7", + "digest": "sha512:4b7e5696830023bad1594d9f9766898f78018ec7d6ec34de23f2a6683b02803b92ffe8ab5d21f1a717eb4fafa8e22dcf3a4b6dd275bd86c7cb02609987fe92f5", + "sourceDigest": "sha512:2d266985014d38f701ac4c8e5482d767488e6fdd48d16973703ef2268138baf71b53ac283c969004bad709e1664b2f2446a1f56102af876d35ccceb03e44fbb9", "maven": { "groupId": "org.bouncycastle", "artifactId": "bcprov-jdk18on", - "version": "1.83", + "version": "1.84", }, "moduleName": "org.bouncycastle.provider", }, "BOUNCYCASTLE-PKIX": { - "digest": "sha512:9c67d990a56a5c448f9bb9edbb8b99dc15971e16de7e6f10c3eab129a1389eef4882c5a5d910ac4ddc27d44f7bc9fa4054c7f56dc031154c131bccc50ebd67b9", - "sourceDigest": "sha512:f24ad816393ed53d737db3c976ef37e4e009c2a366a1b97f80dace063320336ed1463b526eb6913cd1d462c2be18debd43ac1cab415639f900706e8e4fc13fe1", + "digest": "sha512:01644d7e0c6041ea8c8629f6ad73f7206efa2797d954da1507dd43c5d262a161194ed84e960234cf5c53787033f1181aa4965e0d6ebfe82ca040de13ca307565", + "sourceDigest": "sha512:2c405cbefcd75b97b11df470025f3e51286bd11fd735607d8d512133ec49f9887dc282b4af0f434b49064fa1eab3e14d1f2c860187fb9fb8939330fc64602ba4", "maven": { "groupId": "org.bouncycastle", "artifactId": "bcpkix-jdk18on", - "version": "1.83", + "version": "1.84", }, "moduleName": "org.bouncycastle.pkix", }, "BOUNCYCASTLE-UTIL": { - "digest": "sha512:e19831d4afc0a709fd57694f33bfe3a8e881cba287c34fb076a44ef436e56e6bdf49299ca9525028a4de9bf5fadeaa254654d0e527855f1f5659c5a7be538576", - "sourceDigest": "sha512:bc4195692721827b41e21eaa14f9cf14dffe6f141ddfb8ac26d2a89f4ead3f1611671f8b6d39ec4be479c2ccf6e4bf33176123474f852910dc7dcc23485bd036", + "digest": "sha512:e001b244723fb3c4d1e06862bb857512015a92d7e18650ae3447a3d258274ec8ed37b8cba958397b00f8dd73463943e9a9489dd5dbddbe24b24cd6fae5ca8a62", + "sourceDigest": "sha512:01ece60806f4ba9bc78509a4521eab164b37197d8d0ad647c46b77deff0aebdc5191875690edb513fd8266be41daaaf0ccca1b0c7a53df1d059950b79d0f4a26", "maven": { "groupId": "org.bouncycastle", "artifactId": "bcutil-jdk18on", - "version": "1.83", + "version": "1.84", }, "moduleName": "org.bouncycastle.util", }, From d3c2525ce66d87c5a12bc48f8565032943af9160 Mon Sep 17 00:00:00 2001 From: Tim Felgentreff Date: Wed, 22 Apr 2026 08:43:21 +0200 Subject: [PATCH 2/5] Make it easy to exclude standalone Bouncy Castle packaging --- mx.graalpython/mx_graalpython.py | 34 +++++++++++++++++++++++++++++++- mx.graalpython/suite.py | 5 ----- 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/mx.graalpython/mx_graalpython.py b/mx.graalpython/mx_graalpython.py index fafa84544e..dc30dccf05 100644 --- a/mx.graalpython/mx_graalpython.py +++ b/mx.graalpython/mx_graalpython.py @@ -129,6 +129,7 @@ def get_boolean_env(name, default=False): WIN32 = sys.platform == "win32" BUILD_NATIVE_IMAGE_WITH_ASSERTIONS = get_boolean_env('BUILD_WITH_ASSERTIONS', CI) BYTECODE_DSL_INTERPRETER = get_boolean_env('BYTECODE_DSL_INTERPRETER', True) +GRAALPY_WITH_BOUNCYCASTLE = get_boolean_env("GRAALPY_WITH_BOUNCYCASTLE", True) mx_gate.add_jacoco_excludes([ "com.oracle.graal.python.pegparser.sst", @@ -160,6 +161,29 @@ def wants_debug_build(flags=os.environ.get("CFLAGS", "")): )) +def _is_graalos_build(): + return "musl" in mx_subst.path_substitutions.substitute("") + + +def _with_bouncycastle(): + return GRAALPY_WITH_BOUNCYCASTLE and not _is_graalos_build() + + +if GRAALPY_WITH_BOUNCYCASTLE: + setattr(ThinLauncherProject, "_original_cflags_without_graalpy_bouncycastle", ThinLauncherProject.cflags) + + def _flags_with_bc_args(self): + if "graalpy" in repr(self) and not _is_graalos_build(): + if dvmargs := getattr(self, "default_vm_args", None): + arg = '--vm.-add-modules=graalpython.bouncycastle,org.bouncycastle.provider,org.bouncycastle.pkix,org.bouncycastle.util' + if arg not in dvmargs: + mx.log("Appending bouncycastle to GraalPy launcher -add-modules") + dvmargs.append(arg) + return self._original_cflags_without_graalpy_bouncycastle + + setattr(ThinLauncherProject, "cflags", property(_flags_with_bc_args)) + + if WIN32: # let's check if VS compilers are on the PATH if not os.environ.get("LIB"): @@ -246,6 +270,14 @@ def get_jdk(): def graalpy_standalone_deps(): include_truffle_runtime = not mx.env_var_to_bool("EXCLUDE_TRUFFLE_RUNTIME") deps = mx_truffle.resolve_truffle_dist_names(use_optimized_runtime=include_truffle_runtime) + if _with_bouncycastle(): + mx.log("Including bouncycastle with GraalPy standalone") + deps += [ + "graalpython:GRAALPYTHON_BOUNCYCASTLE", + "graalpython:BOUNCYCASTLE-PROVIDER", + "graalpython:BOUNCYCASTLE-PKIX", + "graalpython:BOUNCYCASTLE-UTIL", + ] return deps @@ -289,7 +321,7 @@ def libpythonvm_build_args(): if os.environ.get("GITHUB_CI"): build_args += github_ci_build_args() - if graalos := ("musl" in mx_subst.path_substitutions.substitute("")): + if graalos := _is_graalos_build(): build_args += ['-H:+GraalOS'] else: build_args += [ diff --git a/mx.graalpython/suite.py b/mx.graalpython/suite.py index b8e1ce2c3b..8a86692b0f 100644 --- a/mx.graalpython/suite.py +++ b/mx.graalpython/suite.py @@ -882,7 +882,6 @@ "default_vm_args": [ "--vm.Xss16777216", # request 16M of stack '--vm.-enable-native-access=org.graalvm.shadowed.jline', - '--vm.-add-modules=graalpython.bouncycastle,org.bouncycastle.provider,org.bouncycastle.pkix,org.bouncycastle.util', ], "multitarget": [ {"os": ["linux"], "libc": ["glibc", "default"], "compiler": ["llvm-toolchain", "host", "*"]}, @@ -1481,10 +1480,6 @@ "distDependencies": [ "graalpython:GRAALPYTHON-LAUNCHER", "graalpython:GRAALPYTHON", - "graalpython:GRAALPYTHON_BOUNCYCASTLE", - "graalpython:BOUNCYCASTLE-PROVIDER", - "graalpython:BOUNCYCASTLE-PKIX", - "graalpython:BOUNCYCASTLE-UTIL", "sdk:TOOLS_FOR_STANDALONE", ], "dynamicDistDependencies": "graalpy_standalone_deps", From bcff705bbfc14b60406a14bbc222dd96266f01f4 Mon Sep 17 00:00:00 2001 From: Tim Felgentreff Date: Thu, 23 Apr 2026 11:27:47 +0200 Subject: [PATCH 3/5] Use substitution for standalone BouncyCastle flags --- mx.graalpython/mx_graalpython.py | 18 +++++------------- mx.graalpython/suite.py | 5 +++-- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/mx.graalpython/mx_graalpython.py b/mx.graalpython/mx_graalpython.py index dc30dccf05..07f4b81df9 100644 --- a/mx.graalpython/mx_graalpython.py +++ b/mx.graalpython/mx_graalpython.py @@ -169,19 +169,10 @@ def _with_bouncycastle(): return GRAALPY_WITH_BOUNCYCASTLE and not _is_graalos_build() -if GRAALPY_WITH_BOUNCYCASTLE: - setattr(ThinLauncherProject, "_original_cflags_without_graalpy_bouncycastle", ThinLauncherProject.cflags) - - def _flags_with_bc_args(self): - if "graalpy" in repr(self) and not _is_graalos_build(): - if dvmargs := getattr(self, "default_vm_args", None): - arg = '--vm.-add-modules=graalpython.bouncycastle,org.bouncycastle.provider,org.bouncycastle.pkix,org.bouncycastle.util' - if arg not in dvmargs: - mx.log("Appending bouncycastle to GraalPy launcher -add-modules") - dvmargs.append(arg) - return self._original_cflags_without_graalpy_bouncycastle - - setattr(ThinLauncherProject, "cflags", property(_flags_with_bc_args)) +def bcflags(): + if _with_bouncycastle(): + return '--vm.-add-modules=graalpython.bouncycastle,org.bouncycastle.provider,org.bouncycastle.pkix,org.bouncycastle.util' + return '' if WIN32: @@ -2019,6 +2010,7 @@ def abi_version(): mx_subst.results_substitutions.register_no_arg('graalpy_ext', graalpy_ext) mx_subst.results_substitutions.register_no_arg('graalpy_cmake_build_type', graalpy_cmake_build_type) +mx_subst.string_substitutions.register_no_arg('bcflags', bcflags) def update_import(name, suite_py: Path, args): diff --git a/mx.graalpython/suite.py b/mx.graalpython/suite.py index 8a86692b0f..6e2da14533 100644 --- a/mx.graalpython/suite.py +++ b/mx.graalpython/suite.py @@ -53,7 +53,7 @@ }, { "name": "tools", - "version": "dbc733f99ceebfd8bd02911b8e7313787affd49a", + "version": "d98d0663dc5d103bc3a142266befac796b52cdb3", "subdir": True, "urls": [ {"url": "https://github.com/oracle/graal", "kind": "git"}, @@ -61,7 +61,7 @@ }, { "name": "regex", - "version": "dbc733f99ceebfd8bd02911b8e7313787affd49a", + "version": "d98d0663dc5d103bc3a142266befac796b52cdb3", "subdir": True, "urls": [ {"url": "https://github.com/oracle/graal", "kind": "git"}, @@ -882,6 +882,7 @@ "default_vm_args": [ "--vm.Xss16777216", # request 16M of stack '--vm.-enable-native-access=org.graalvm.shadowed.jline', + '', ], "multitarget": [ {"os": ["linux"], "libc": ["glibc", "default"], "compiler": ["llvm-toolchain", "host", "*"]}, From e0d0615e404a852f4f6bbea4e8132342a6e146c2 Mon Sep 17 00:00:00 2001 From: Tim Felgentreff Date: Thu, 23 Apr 2026 17:06:23 +0200 Subject: [PATCH 4/5] Skip transient on macos --- .../src/tests/unittest_tags/test_strptime.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/graalpython/com.oracle.graal.python.test/src/tests/unittest_tags/test_strptime.txt b/graalpython/com.oracle.graal.python.test/src/tests/unittest_tags/test_strptime.txt index 3d9b76b04c..5cc388c5b8 100644 --- a/graalpython/com.oracle.graal.python.test/src/tests/unittest_tags/test_strptime.txt +++ b/graalpython/com.oracle.graal.python.test/src/tests/unittest_tags/test_strptime.txt @@ -41,6 +41,8 @@ test.test_strptime.StrptimeTests.test_strptime_exception_context @ darwin-arm64, test.test_strptime.StrptimeTests.test_time_locale @ darwin-arm64,linux-aarch64,linux-aarch64-github,linux-x86_64,linux-x86_64-github,win32-AMD64,win32-AMD64-github # Seems to be dependent on the actual time/date/timezone of the machine, at least on GraalPy. Needs investigation !test.test_strptime.StrptimeTests.test_timezone +# Transiently fails with trying to look up "gmt+1:00" instead of "gmt" for unknown reasons +!test.test_strptime.LocaleTime_Tests.test_timezone @ darwin-arm64 test.test_strptime.StrptimeTests.test_unconverteddata @ darwin-arm64,linux-aarch64,linux-aarch64-github,linux-x86_64,linux-x86_64-github,win32-AMD64,win32-AMD64-github test.test_strptime.StrptimeTests.test_weekday @ darwin-arm64,linux-aarch64,linux-aarch64-github,linux-x86_64,linux-x86_64-github,win32-AMD64,win32-AMD64-github test.test_strptime.StrptimeTests.test_weekday_locale @ darwin-arm64,linux-aarch64,linux-aarch64-github,linux-x86_64,linux-x86_64-github,win32-AMD64,win32-AMD64-github From 8dbb048e900ff3b33808ebcbaa69c313426132d4 Mon Sep 17 00:00:00 2001 From: Tim Felgentreff Date: Thu, 23 Apr 2026 17:16:30 +0200 Subject: [PATCH 5/5] [GR-74994] Restore JDK 21 compatibility in CertUtils --- .../graal/python/builtins/objects/ssl/CertUtils.java | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/ssl/CertUtils.java b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/ssl/CertUtils.java index 98eca6f85d..7ece06023f 100644 --- a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/ssl/CertUtils.java +++ b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/ssl/CertUtils.java @@ -733,7 +733,7 @@ static PrivateKey getPrivateKey(PythonContext context, Node inliningTarget, PCon PrivateKey privateKey = null; String algorithm = cert.getPublicKey().getAlgorithm(); try { - String pemText = reader.readAllAsString(); + String pemText = readAll(reader); int fromIndex = 0; PemBlockWithContent rawBlock; while ((rawBlock = findNextPemBlock(pemText, fromIndex)) != null) { @@ -773,6 +773,16 @@ static PrivateKey getPrivateKey(PythonContext context, Node inliningTarget, PCon return privateKey; } + private static String readAll(BufferedReader reader) throws IOException { + StringBuilder sb = new StringBuilder(); + char[] buf = new char[8192]; + int n; + while ((n = reader.read(buf)) != -1) { + sb.append(buf, 0, n); + } + return sb.toString(); + } + private static PemBlockWithContent findNextPemBlock(String data, int fromIndex) throws IOException { int begin = data.indexOf("-----BEGIN ", fromIndex); if (begin < 0) {