Build HDF5 from source in wheels to avoid vulnerablity

CI workflow: remove system hdf5-devel install and instead download, configure and build HDF5 2.0.0 from source (cmake configure/build/install) due to distro security/maintenance concerns

Author: philippeVerney

.github/workflows/github-actions.yml

@@ -168,6 +168,7 @@ jobs:
       - name: Build wheels
         # Cannot use a more recent version than v2.22.0 because of fetpapi wheel which uses AVRO which cannot be built with GNU 14.
         uses: pypa/cibuildwheel@v2.22.0
+        # RedHat nor Debian maintain security patches for hdf5. We consequently build the latest HDF5 version.
         env:
           CIBW_BUILD: cp38-manylinux_* cp39-manylinux_* cp310-manylinux_* cp311-manylinux_* cp312-manylinux_* cp313-manylinux_*
           CIBW_ARCHS: auto64
@@ -177,10 +178,20 @@ jobs:
             yum search epel-release &&
             yum info epel-release &&
             yum install -y epel-release &&
-            yum --enablerepo=epel install -y minizip1.2-devel hdf5-devel cmake3 &&
+            yum --enablerepo=epel install -y minizip1.2-devel cmake3 &&
+            wget --no-verbose https://support.hdfgroup.org/releases/hdf5/v2_0/v2_0_0/downloads/hdf5-2.0.0.tar.gz && 
+            tar -xzf hdf5-2.0.0.tar.gz &&
+            cd hdf5-2.0.0 &&
             mkdir build &&
             cd build &&
-            cmake3 -DCMAKE_BUILD_TYPE=Release -DWITH_PYTHON_WRAPPING=TRUE -DCMAKE_INSTALL_PREFIX:STRING=/fesapi-install {project} &&
+            cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE:STRING=Release -DHDF5_ENABLE_ZLIB_SUPPORT:BOOL=ON -DBUILD_SHARED_LIBS:BOOL=OFF -DHDF5_BUILD_FORTRAN:BOOL=OFF -DHDF5_BUILD_JAVA:BOOL=OFF -DHDF5_ENABLE_PARALLEL:BOOL=OFF -DHDF5_BUILD_CPP_LIB:BOOL=OFF -DHDF5_BUILD_HL_LIB:BOOL=OFF -DHDF5_BUILD_EXAMPLES:BOOL=OFF -DHDF5_BUILD_GENERATORS:BOOL=OFF -DHDF5_BUILD_TOOLS:BOOL=OFF -DHDF5_BUILD_UTILS:BOOL=OFF -DBUILD_TESTING:BOOL=OFF -DCMAKE_INSTALL_PREFIX:STRING=${{ github.workspace }}/../hdf5-install .. &&
+            cmake --build . --config Release &&
+            make -j4 &&
+            make install &&
+            cd ../.. &&
+            mkdir build &&
+            cd build &&
+            cmake3 -DCMAKE_BUILD_TYPE=Release -DHDF5_ROOT=${{ github.workspace }}/../hdf5-install -DWITH_PYTHON_WRAPPING=TRUE -DCMAKE_INSTALL_PREFIX:STRING=/fesapi-install {project} &&
             cmake3 --build . -j2 --config Release &&
             cmake3 --install .
           CIBW_REPAIR_WHEEL_COMMAND_LINUX: >

example/example.cpp

@@ -5786,7 +5786,7 @@ void appendAContinuousProp(const string& filePath)
 }
 
 // filepath is defined in a macro to better check memory leak
-#define filePath u8"../../testingPackageCpp22.epc"
+#define filePath u8"../../testingPackageCpp.epc"
 int main()
 {
 	try {