diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index b64828ab61dc0..c05c5974a052f 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -57,7 +57,7 @@ jobs: fail-fast: false matrix: PYTHON: - - { VERSION: "cp37-cp37m", ABI_VERSION: 'cp37' } + - { VERSION: "cp37-cp37m" } - { VERSION: "pp38-pypy38_pp73" } - { VERSION: "pp39-pypy39_pp73" } MANYLINUX: @@ -108,12 +108,9 @@ jobs: - run: mkdir tmpwheelhouse - name: Build the wheel run: | - if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then - PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" - fi OPENSSL_DIR="/opt/pyca/cryptography/openssl" \ OPENSSL_STATIC=1 \ - .venv/bin/python -m pip wheel -v $PY_LIMITED_API cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl tmpwheelhouse + .venv/bin/python -m pip wheel -v cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl tmpwheelhouse env: RUSTUP_HOME: /root/.rustup - run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptograph*.whl -w wheelhouse/ @@ -144,7 +141,6 @@ jobs: matrix: PYTHON: - VERSION: '3.11' - ABI_VERSION: 'cp37' # Despite the name, this is built for the macOS 11 SDK on arm64 and 10.9+ on intel DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg' BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3' @@ -156,7 +152,6 @@ jobs: # build against _PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2' - VERSION: '3.11' - ABI_VERSION: 'cp37' DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg' BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3' DEPLOYMENT_TARGET: '10.12' @@ -175,7 +170,7 @@ jobs: DEPLOYMENT_TARGET: '10.12' _PYTHON_HOST_PLATFORM: 'macosx-10.9-x86_64' ARCHFLAGS: '-arch x86_64' - name: "${{ matrix.PYTHON.VERSION }} ABI ${{ matrix.PYTHON.ABI_VERSION }} macOS ${{ matrix.PYTHON.ARCHFLAGS }}" + name: "${{ matrix.PYTHON.VERSION }} macOS ${{ matrix.PYTHON.ARCHFLAGS }}" steps: - uses: actions/download-artifact@v3.0.2 with: @@ -213,13 +208,9 @@ jobs: - run: mkdir wheelhouse - name: Build the wheel run: | - if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then - PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" - fi - OPENSSL_DIR="$(readlink -f ../openssl-macos-universal2/)" \ OPENSSL_STATIC=1 \ - venv/bin/python -m pip wheel -v $PY_LIMITED_API cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl wheelhouse + venv/bin/python -m pip wheel -v cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl wheelhouse env: MACOSX_DEPLOYMENT_TARGET: ${{ matrix.PYTHON.DEPLOYMENT_TARGET }} ARCHFLAGS: ${{ matrix.PYTHON.ARCHFLAGS }} @@ -250,7 +241,7 @@ jobs: - {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'} - {ARCH: 'x64', WINDOWS: 'win64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'} PYTHON: - - {VERSION: "3.11", "ABI_VERSION": "cp37"} + - {VERSION: "3.11"} - {VERSION: "pypy-3.8"} - {VERSION: "pypy-3.9"} exclude: @@ -259,7 +250,7 @@ jobs: PYTHON: {VERSION: "pypy-3.8"} - WINDOWS: {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'} PYTHON: {VERSION: "pypy-3.9"} - name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.WINDOWS }} ${{ matrix.PYTHON.ABI_VERSION }}" + name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.WINDOWS }}" steps: - uses: actions/download-artifact@v3.0.2 with: @@ -294,11 +285,7 @@ jobs: - run: python -m pip install cffi setuptools-rust - run: mkdir wheelhouse - run: | - if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then - PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" - fi - - python -m pip wheel -v cryptography*.tar.gz $PY_LIMITED_API -w dist/ && mv dist/cryptography*.whl wheelhouse/ + python -m pip wheel -v cryptography*.tar.gz -w dist/ && mv dist/cryptography*.whl wheelhouse/ shell: bash - run: pip install -f wheelhouse --no-index cryptography - name: Print the OpenSSL we built and linked against @@ -309,5 +296,5 @@ jobs: - run: move wheelhouse\cryptography*.whl cryptography-wheelhouse\ - uses: actions/upload-artifact@v3.1.2 with: - name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION}}" + name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}" path: cryptography-wheelhouse\ diff --git a/MANIFEST.in b/MANIFEST.in deleted file mode 100644 index dcffd6024d1c9..0000000000000 --- a/MANIFEST.in +++ /dev/null @@ -1,24 +0,0 @@ -include CHANGELOG.rst -include CONTRIBUTING.rst -include LICENSE -include LICENSE.APACHE -include LICENSE.BSD -include README.rst -include noxfile.py - -include pyproject.toml -recursive-include src py.typed *.pyi - -recursive-include docs * -recursive-include src/_cffi_src *.py *.c *.h -recursive-include src/rust Cargo.toml Cargo.lock *.rs -prune docs/_build -recursive-include tests *.py -exclude vectors -recursive-exclude vectors * -exclude src/rust/target -recursive-exclude src/rust/target * - -recursive-exclude .github * - -exclude release.py .readthedocs.yml ci-constraints-requirements.txt mypy.ini diff --git a/pyproject.toml b/pyproject.toml index 6f786bdb7e9ac..95dcab70d1e5a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,13 +1,14 @@ [build-system] requires = [ - # First version of setuptools to support pyproject.toml configuration - "setuptools>=61.0.0", - "wheel", + "maturin==1.0.0b9", + # Must be kept in sync with `project.dependencies` "cffi>=1.12; platform_python_implementation != 'PyPy'", - "setuptools-rust>=0.11.4", + # Needed because cffi imports distutils, and in Python 3.12, distutils has + # been removed from the stdlib, but installing setuptools puts it back. + "setuptools", ] -build-backend = "setuptools.build_meta" +build-backend = "maturin" [project] name = "cryptography" @@ -54,14 +55,6 @@ source = "https://github.com/pyca/cryptography/" issues = "https://github.com/pyca/cryptography/issues" changelog = "https://cryptography.io/en/latest/changelog/" -[tool.setuptools] -zip-safe = false -package-dir = {"" = "src"} - -[tool.setuptools.packages.find] -where = ["src"] -include = ["cryptography*"] - [project.optional-dependencies] ssh = ["bcrypt >=3.1.5"] @@ -80,6 +73,42 @@ docstest = ["pyenchant >=1.6.11", "twine >=1.12.0", "sphinxcontrib-spelling >=4 sdist = ["build"] pep8test = ["black", "ruff", "mypy", "check-sdist"] +[tool.maturin] +python-source = "src" +python-packages = ["cryptography"] +manifest-path = "src/rust/Cargo.toml" +module-name = "cryptography.hazmat.bindings._rust" +locked = true +sdist-generator = "git" +include = [ + "CHANGELOG.rst", + "CONTRIBUTING.rst", + "LICENSE", + "LICENSE.APACHE", + "LICENSE.BSD", + + "docs/**/*", + + "src/_cffi_src/**/*.py", + "src/_cffi_src/**/*.c", + "src/_cffi_src/**/*.h", + + "src/rust/**/Cargo.toml", + "src/rust/**/Cargo.lock", + "src/rust/**/*.rs", + + "tests/**/*.py", +] +exclude = [ + "vectors/**/*", + "src/rust/target/**/*", + "docs/_build/**/*", + ".github/**/*", + ".readthedocs.yml", + "ci-constraints-requirements.txt", + "mypy.ini", +] + [tool.black] line-length = 79 target-version = ["py37"] diff --git a/setup.py b/setup.py deleted file mode 100644 index 4fe0c027c17cb..0000000000000 --- a/setup.py +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/bin/env python - -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -import os -import platform -import re -import shutil -import subprocess -import sys -import warnings - -from setuptools import setup - -try: - from setuptools_rust import RustExtension -except ImportError: - print( - """ - =============================DEBUG ASSISTANCE========================== - If you are seeing an error here please try the following to - successfully install cryptography: - - Upgrade to the latest pip and try again. This will fix errors for most - users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip - =============================DEBUG ASSISTANCE========================== - """ - ) - raise - - -# distutils emits this warning if you pass `setup()` an unknown option. This -# is what happens if you somehow run this file without `cffi` installed: -# `cffi_modules` is an unknown option. -warnings.filterwarnings("error", message="Unknown distribution option") - -base_dir = os.path.dirname(__file__) -src_dir = os.path.join(base_dir, "src") - -# When executing the setup.py, we need to be able to import ourselves, this -# means that we need to add the src/ directory to the sys.path. -sys.path.insert(0, src_dir) - -if hasattr(sys, "pypy_version_info") and sys.pypy_version_info < (7, 3, 10): - raise RuntimeError("cryptography is not compatible with PyPy3 < 7.3.10") - -try: - # See pyproject.toml for most of the config metadata. - setup( - rust_extensions=[ - RustExtension( - "cryptography.hazmat.bindings._rust", - "src/rust/Cargo.toml", - py_limited_api=True, - rust_version=">=1.56.0", - ) - ], - ) -except: # noqa: E722 - # Note: This is a bare exception that re-raises so that we don't interfere - # with anything the installation machinery might want to do. Because we - # print this for any exception this msg can appear (e.g. in verbose logs) - # even if there's no failure. For example, SetupRequirementsError is raised - # during PEP517 building and prints this text. setuptools raises SystemExit - # when compilation fails right now, but it's possible this isn't stable - # or a public API commitment so we'll remain ultra conservative. - - import pkg_resources - - print( - """ - =============================DEBUG ASSISTANCE============================= - If you are seeing a compilation error please try the following steps to - successfully install cryptography: - 1) Upgrade to the latest pip and try again. This will fix errors for most - users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip - 2) Read https://cryptography.io/en/latest/installation/ for specific - instructions for your platform. - 3) Check our frequently asked questions for more information: - https://cryptography.io/en/latest/faq/ - 4) Ensure you have a recent Rust toolchain installed: - https://cryptography.io/en/latest/installation/#rust - """ - ) - print(f" Python: {'.'.join(str(v) for v in sys.version_info[:3])}") - print(f" platform: {platform.platform()}") - for dist in ["pip", "setuptools", "setuptools_rust"]: - try: - version = pkg_resources.get_distribution(dist).version - except pkg_resources.DistributionNotFound: - version = "n/a" - print(f" {dist}: {version}") - version = "n/a" - if shutil.which("rustc") is not None: - try: - # If for any reason `rustc --version` fails, silently ignore it - rustc_output = subprocess.run( - ["rustc", "--version"], - capture_output=True, - timeout=0.5, - encoding="utf8", - check=True, - ).stdout - version = re.sub("^rustc ", "", rustc_output.strip()) - except subprocess.SubprocessError: - pass - print(f" rustc: {version}") - - print( - """\ - =============================DEBUG ASSISTANCE============================= - """ - ) - raise diff --git a/src/rust/cryptography-cffi/build.rs b/src/rust/cryptography-cffi/build.rs index 9a93b50bc4380..18640ba919eac 100644 --- a/src/rust/cryptography-cffi/build.rs +++ b/src/rust/cryptography-cffi/build.rs @@ -24,6 +24,7 @@ fn main() { let out_dir = env::var("OUT_DIR").unwrap(); // FIXME: maybe pyo3-build-config should provide a way to do this? + println!("cargo:rerun-if-env-changed=PYO3_PYTHON"); let python = env::var("PYO3_PYTHON").unwrap_or_else(|_| "python3".to_string()); println!("cargo:rerun-if-changed=../../_cffi_src/"); let output = Command::new(&python)