From: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Date: Wed, 19 Apr 2023 11:19:23 +0000 (+0100)
Subject: CI: fix scheduled fuzzer issues with pyOpenSSL
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fbbae192772fd8b2e45af34930f7e820fc04e05;p=thirdparty%2Ffreeradius-server.git

CI: fix scheduled fuzzer issues with pyOpenSSL

Force install of new version of pyOpenSSL before PyGithub is
installed - that depends on a newer cryptography pkg which then
breaks everything with old pyOpenSSL.

https://github.com/pyca/pyopenssl/issues/1143
---

diff --git a/.github/workflows/ci-scheduled-fuzzing.yml b/.github/workflows/ci-scheduled-fuzzing.yml
index 5e3e38fdf0c..441432672a7 100644
--- a/.github/workflows/ci-scheduled-fuzzing.yml
+++ b/.github/workflows/ci-scheduled-fuzzing.yml
@@ -282,10 +282,16 @@ jobs:
     #  create the actual commit due to the "signed-commits" branch protection
     #  rule for the master branch.
     #
+    #  Force reinstall of pyOpenSSL is to work around Python
+    #  cryptograpy package issue - PyGithub pulls in a newer
+    #  version which clashes with older apt-installed pyOpenSSL
+    #  https://github.com/pyca/pyopenssl/issues/1143
+    #
     - name: Monthly push back of corpus
       run: |
         export FILE=src/tests/fuzzer-corpus/$PROTOCOL.tar
         if ! git diff --exit-code "$FILE"; then
+          sudo pip3 install --force-reinstall -I -U pyOpenSSL
           pip install PyGithub
           git add "$FILE"
           OID="$(git lfs ls-files -l -I "$FILE" | cut -f1 -d ' ')"