Copilot commented on code in PR #50053:
URL: https://github.com/apache/arrow/pull/50053#discussion_r3310826192
##########
ci/vcpkg/ports.patch:
##########
@@ -1,17 +1,20 @@
diff --git a/ports/curl/portfile.cmake b/ports/curl/portfile.cmake
-index 6788bc7b7f..6b689dedf0 100644
+index 73f5aece46..68cdb3966f 100644
--- a/ports/curl/portfile.cmake
+++ b/ports/curl/portfile.cmake
-@@ -83,10 +83,13 @@ vcpkg_cmake_configure(
+@@ -89,6 +89,8 @@ vcpkg_cmake_configure(
-DENABLE_CURL_MANUAL=OFF
-DIMPORT_LIB_SUFFIX= # empty
-DSHARE_LIB_OBJECT=OFF
+ -DCURL_CA_PATH=none
+ -DCURL_CA_BUNDLE=none
+ -DCURL_USE_CMAKECONFIG=ON
-DCURL_USE_PKGCONFIG=ON
Review Comment:
This patch forces curl to be built with `CURL_CA_PATH=none` and
`CURL_CA_BUNDLE=none`, which disables libcurl’s built-in CA bundle/path
configuration. That can cause TLS verification failures for HTTPS (and may lead
to insecure workarounds like disabling verification) in components that use
curl indirectly (e.g., cloud storage integrations). Consider removing these
overrides or setting them to a known CA bundle path available in the manylinux
images (and ensuring `ca-certificates` is installed).
##########
ci/vcpkg/ports.patch:
##########
@@ -1,17 +1,20 @@
diff --git a/ports/curl/portfile.cmake b/ports/curl/portfile.cmake
-index 6788bc7b7f..6b689dedf0 100644
+index 73f5aece46..68cdb3966f 100644
--- a/ports/curl/portfile.cmake
+++ b/ports/curl/portfile.cmake
-@@ -83,10 +83,13 @@ vcpkg_cmake_configure(
+@@ -89,6 +89,8 @@ vcpkg_cmake_configure(
-DENABLE_CURL_MANUAL=OFF
-DIMPORT_LIB_SUFFIX= # empty
-DSHARE_LIB_OBJECT=OFF
+ -DCURL_CA_PATH=none
+ -DCURL_CA_BUNDLE=none
+ -DCURL_USE_CMAKECONFIG=ON
-DCURL_USE_PKGCONFIG=ON
-DCMAKE_DISABLE_FIND_PACKAGE_Perl=ON
- MAYBE_UNUSED_VARIABLES
- PKG_CONFIG_EXECUTABLE
+@@ -98,6 +100,7 @@ vcpkg_cmake_configure(
+ VCPKG_LOCK_FIND_PACKAGE_Libidn2
+ VCPKG_LOCK_FIND_PACKAGE_Libssh2
+ VCPKG_LOCK_FIND_PACKAGE_NGHTTP2
+ ${EXTRA_ARGS_DEBUG}
Review Comment:
In the curl port patch, `${EXTRA_ARGS_DEBUG}` is being added under
`MAYBE_UNUSED_VARIABLES`. That section expects *variable names* (e.g.
`EXTRA_ARGS_DEBUG`), not an expanded list value. Expanding here can inject
`-D...` arguments into the variable-name list and can break
`vcpkg_cmake_configure()` processing. Replace it with `EXTRA_ARGS_DEBUG` (no
`${}`) or move the expanded args to the appropriate `OPTIONS_DEBUG`/`OPTIONS`
section as intended by the upstream portfile.
##########
.env:
##########
@@ -92,11 +92,11 @@ TZ=UTC
# Used through compose.yaml and serves as the default version for the
# ci/scripts/install_vcpkg.sh script. Prefer to use short SHAs to keep the
# docker tags more readable.
-VCPKG="66c0373dc7fca549e5803087b9487edfe3aca0a1" # 2026.01.16 Release
+VCPKG="9b965a116838c6cdcd36bca60d1b81b030c8ab8d" # 2026.05.27 (not release,
upstream commit)
# This must be updated when we update
# ci/docker/python-*-windows-*.dockerfile or the vcpkg config.
# This is a workaround for our CI problem that "archery docker build" doesn't
# use pulled built images in dev/tasks/python-wheels/github.windows.yml.
-PYTHON_WHEEL_WINDOWS_IMAGE_REVISION=2026-03-04
-PYTHON_WHEEL_WINDOWS_TEST_IMAGE_REVISION=2026-03-04
+PYTHON_WHEEL_WINDOWS_IMAGE_REVISION=2026-05-27
+PYTHON_WHEEL_WINDOWS_TEST_IMAGE_REVISION=2026-05-27
Review Comment:
The PR description still contains the default template placeholders (e.g.
“TBD”, “This PR includes breaking changes…”, “Critical Fix…”) which appears
inconsistent with a CI-only vcpkg bump. Please update the description to
accurately reflect scope/testing and remove the template boilerplate so
reviewers/users aren’t misled.
##########
ci/scripts/install_bison.sh:
##########
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set -e
+
+if [ "$#" -ne 2 ]; then
+ echo "Usage: $0 <version> <prefix>"
+ exit 1
+fi
+
+version=$1
+prefix=$2
+
+mkdir -p /tmp/bison
+url="https://ftp.gnu.org/gnu/bison/bison-${version}.tar.gz";
+
+wget -q "${url}" -O - | tar -xzf - --directory /tmp/bison --strip-components=1
+
+pushd /tmp/bison
+./configure --prefix=${prefix}
Review Comment:
`./configure --prefix=${prefix}` leaves `${prefix}` unquoted, which can
break if the prefix contains spaces or glob characters and is inconsistent with
quoting used in other install scripts here. Quote `${prefix}` (and similarly
ensure any other variable expansions in command args are quoted).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
