From b83b48629de128a0b04c71b40ea4dc8b9aafc6e8 Mon Sep 17 00:00:00 2001 From: black-sliver <59490463+black-sliver@users.noreply.github.com> Date: Sat, 30 Nov 2024 17:23:28 +0100 Subject: [PATCH] Core: rework python version check (#4294) * Docs: update min required version and add comment about security. * Core: rework python version check * CI: set min micro update for build and release --- .github/workflows/build.yml | 6 ++++-- .github/workflows/release.yml | 3 ++- ModuleUpdate.py | 11 +++++++++-- docs/running from source.md | 4 +++- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ab94326d8188..27ca76e41f8f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,7 +31,8 @@ jobs: - name: Install python uses: actions/setup-python@v5 with: - python-version: '3.12' + python-version: '~3.12.7' + check-latest: true - name: Download run-time dependencies run: | Invoke-WebRequest -Uri https://github.com/Ijwu/Enemizer/releases/download/${Env:ENEMIZER_VERSION}/win-x64.zip -OutFile enemizer.zip @@ -111,7 +112,8 @@ jobs: - name: Get a recent python uses: actions/setup-python@v5 with: - python-version: '3.12' + python-version: '~3.12.7' + check-latest: true - name: Install build-time dependencies run: | echo "PYTHON=python3.12" >> $GITHUB_ENV diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b28ec8733408..aec4f90998cf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,7 +44,8 @@ jobs: - name: Get a recent python uses: actions/setup-python@v5 with: - python-version: '3.12' + python-version: '~3.12.7' + check-latest: true - name: Install build-time dependencies run: | echo "PYTHON=python3.12" >> $GITHUB_ENV diff --git a/ModuleUpdate.py b/ModuleUpdate.py index dada16cefcaf..04cf25ea5594 100644 --- a/ModuleUpdate.py +++ b/ModuleUpdate.py @@ -5,8 +5,15 @@ import warnings -if sys.version_info < (3, 10, 11): - raise RuntimeError(f"Incompatible Python Version found: {sys.version_info}. 3.10.11+ is supported.") +if sys.platform in ("win32", "darwin") and sys.version_info < (3, 10, 11): + # Official micro version updates. This should match the number in docs/running from source.md. + raise RuntimeError(f"Incompatible Python Version found: {sys.version_info}. Official 3.10.15+ is supported.") +elif sys.platform in ("win32", "darwin") and sys.version_info < (3, 10, 15): + # There are known security issues, but no easy way to install fixed versions on Windows for testing. + warnings.warn(f"Python Version {sys.version_info} has security issues. Don't use in production.") +elif sys.version_info < (3, 10, 1): + # Other platforms may get security backports instead of micro updates, so the number is unreliable. + raise RuntimeError(f"Incompatible Python Version found: {sys.version_info}. 3.10.1+ is supported.") # don't run update if environment is frozen/compiled or if not the parent process (skip in subprocess) _skip_update = bool(getattr(sys, "frozen", False) or multiprocessing.parent_process()) diff --git a/docs/running from source.md b/docs/running from source.md index 66dd1925c897..33d6b3928e54 100644 --- a/docs/running from source.md +++ b/docs/running from source.md @@ -7,7 +7,9 @@ use that version. These steps are for developers or platforms without compiled r ## General What you'll need: - * [Python 3.10.15 or newer](https://www.python.org/downloads/), not the Windows Store version + * [Python 3.10.11 or newer](https://www.python.org/downloads/), not the Windows Store version + * On Windows, please consider only using the latest supported version in production environments since security + updates for older versions are not easily available. * Python 3.12.x is currently the newest supported version * pip: included in downloads from python.org, separate in many Linux distributions * Matching C compiler