From e241d7529f797c5a50bcd35c3094c5f347062d68 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 30 Jun 2024 09:33:19 -0400 Subject: [PATCH 1/2] Minimally migrate to pyproject.toml --- .circleci/build-wheel.sh | 33 ---------- .circleci/config.yml | 97 ----------------------------- .github/workflows/wheel-builder.yml | 60 +++++++++--------- MANIFEST.in | 1 - pyproject.toml | 42 ++++++++++++- setup.py | 35 ----------- src/nacl/__init__.py | 16 +---- 7 files changed, 73 insertions(+), 211 deletions(-) delete mode 100755 .circleci/build-wheel.sh delete mode 100644 .circleci/config.yml diff --git a/.circleci/build-wheel.sh b/.circleci/build-wheel.sh deleted file mode 100755 index 88dbd559..00000000 --- a/.circleci/build-wheel.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -ex - -cd /test - -echo "Building for ${PLATFORM}" - -PYBIN="/opt/python/${PYTHON}/bin" - -mkdir -p /test/wheelhouse.final - -"${PYBIN}"/python -m venv .venv - -.venv/bin/pip install -U pip wheel cffi - -.venv/bin/python setup.py sdist -cd dist -tar zxf PyNaCl*.tar.gz -rm -rf PyNaCl*.tar.gz -cd PyNaCl* - -REGEX="cp3([0-9])*" -if [[ "${PYBIN}" =~ $REGEX ]]; then - PY_LIMITED_API="--py-limited-api=cp3${BASH_REMATCH[1]}" -fi - -LIBSODIUM_MAKE_ARGS="-j$(nproc)" ../../.venv/bin/python setup.py bdist_wheel "$PY_LIMITED_API" - -auditwheel repair --plat "${PLATFORM}" -w wheelhouse/ dist/PyNaCl*.whl - -../../.venv/bin/pip install pynacl --no-index -f wheelhouse/ -../../.venv/bin/python -c "import nacl.signing; key = nacl.signing.SigningKey.generate();signature = key.sign(b'test'); key.verify_key.verify(signature)" - -mv wheelhouse/* /test/wheelhouse.final diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index fe4b6190..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,97 +0,0 @@ -version: 2.1 - -commands: - docker-pull: - parameters: - image: - type: string - steps: - - run: docker pull <> - docker-run: - parameters: - image: - type: string - command: - type: string - steps: - - run: docker run -e PLATFORM -e PYTHON -v $(pwd):/test <> /bin/bash -c 'cd /test;<>' - -jobs: - linux-arm64: - machine: - image: ubuntu-2004:current - resource_class: arm.medium - parameters: - image: - type: string - toxenv: - type: string - steps: - - checkout - - docker-pull: - image: <> - - docker-run: - image: <> - command: /venv/bin/pip install tox && /venv/bin/tox -e <> - linux-arm64-wheel: - machine: - image: ubuntu-2004:current - resource_class: arm.medium - parameters: - image: - type: string - platform: - type: string - python: - type: string - environment: - PLATFORM: <> - PYTHON: <> - steps: - - checkout - - docker-pull: - image: <> - - docker-run: - image: <> - command: /test/.circleci/build-wheel.sh - - store_artifacts: - path: wheelhouse.final - -workflows: - ci: - jobs: - - linux-arm64: - # Changing this name should only be done in conjunction with updating - # the required checks on GH - name: linux-arm64-ci - image: ghcr.io/pyca/cryptography-runner-ubuntu-jammy:aarch64 - toxenv: py310 - # This makes sure it runs on all tags in addition to PRs/branches. - # By default CircleCI ignores tags. - filters: - tags: - only: /.*/ - - linux-arm64-wheel: - name: manylinux2014_aarch64-wheel - image: ghcr.io/pyca/cryptography-manylinux2014_aarch64:latest - python: cp36-cp36m - platform: manylinux2014_aarch64 - filters: - tags: - only: /.*/ - - linux-arm64-wheel: - name: manylinux_2_28_aarch64-wheel - image: ghcr.io/pyca/cryptography-manylinux_2_28:aarch64 - python: cp36-cp36m - platform: manylinux_2_28_aarch64 - filters: - tags: - only: /.*/ - - linux-arm64-wheel: - name: musllinux_1_1_aarch64-wheel - image: ghcr.io/pyca/cryptography-musllinux_1_1:aarch64 - python: cp36-cp36m - platform: musllinux_1_1_aarch64 - filters: - tags: - only: /.*/ diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index 6ea4d710..654ab6b9 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -19,7 +19,7 @@ on: jobs: manylinux: - runs-on: ubuntu-latest + runs-on: ${{ matrix.MANYLINUX.RUNNER }} container: image: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }} volumes: @@ -28,17 +28,30 @@ jobs: strategy: matrix: PYTHON: - - { VERSION: "cp36-cp36m", PATH: "/opt/python/cp36-cp36m/bin/python", ABI_VERSION: 'cp36' } + - { VERSION: "cp37-cp37m", PATH: "/opt/python/cp311-cp311/bin/python", ABI_VERSION: 'cp37' } MANYLINUX: - - { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64" } - - { name: "manylinux_2_28_x86_64", CONTAINER: "cryptography-manylinux_2_28:x86_64"} - - { name: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64"} + - { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest" } + - { name: "manylinux_2_28_x86_64", CONTAINER: "cryptography-manylinux_2_28:x86_64", RUNNER: "ubuntu-latest" } + - { name: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest" } + + - { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64] } + - { name: "manylinux_2_28_aarch64", CONTAINER: "cryptography-manylinux_2_28:aarch64", RUNNER: [self-hosted, Linux, ARM64] } + - { name: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64] } name: "${{ matrix.PYTHON.VERSION }} for ${{ matrix.MANYLINUX.NAME }}" steps: - name: Ridiculous-er workaround for static node20 run: | cp -R /staticnode/* /staticnodecontainer/ + - name: Ridiculous alpine workaround for actions support on arm64 + run: | + # This modifies /etc/os-release so the JS actions + # from GH can't detect that it's on alpine:aarch64. It will + # then use a glibc nodejs, which works fine when gcompat + # is installed in the container (which it is) + sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release + if: startsWith(matrix.MANYLINUX.NAME, 'musllinux') && endsWith(matrix.MANYLINUX.NAME, 'aarch64') + - uses: actions/checkout@v4.1.7 with: # The tag to build or the tag received by the tag event @@ -46,16 +59,11 @@ jobs: persist-credentials: false - run: ${{ matrix.PYTHON.PATH }} -m venv .venv - name: Install python dependencies - run: .venv/bin/pip install -U pip cffi wheel - - name: Make sdist - run: .venv/bin/python setup.py sdist - - run: tar zxvf dist/PyNaCl*.tar.gz && mkdir tmpwheelhouse + run: .venv/bin/pip install -U pip cffi wheel build - run: | - if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then - PY_LIMITED_API="--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }}" - fi - cd PyNaCl* - LIBSODIUM_MAKE_ARGS="-j$(nproc)" ../.venv/bin/python setup.py bdist_wheel $PY_LIMITED_API && mv dist/PyNaCl*.whl ../tmpwheelhouse + mkdir tmpwheelhouse + LIBSODIUM_MAKE_ARGS="-j$(nproc)" .venv/bin/python -m build --wheel --config-setting=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} + mv dist/PyNaCl*.whl tmpwheelhouse/ - run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/PyNaCl*.whl -w wheelhouse/ - run: .venv/bin/pip install pynacl --no-index -f wheelhouse/ - run: | @@ -65,11 +73,11 @@ jobs: - run: mv wheelhouse/PyNaCl*.whl pynacl-wheelhouse/ - uses: actions/upload-artifact@v4 with: - name: "pynacl-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}- ${{ matrix.PYTHON.VERSION }}" + name: "pynacl-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}" path: pynacl-wheelhouse/ macos: - runs-on: macos-11 + runs-on: macos-13 strategy: matrix: PYTHON: @@ -91,15 +99,13 @@ jobs: PYTHON_DOWNLOAD_URL: ${{ matrix.PYTHON.DOWNLOAD_URL }} - run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install -U virtualenv - run: ${{ matrix.PYTHON.BIN_PATH }} -m virtualenv venv - - run: venv/bin/pip install -U pip wheel cffi - - name: Make sdist - run: venv/bin/python setup.py sdist - - run: tar zxvf dist/pynacl*.tar.gz && mkdir wheelhouse + - run: venv/bin/pip install -U pip wheel cffi build - name: Build the wheel run: | - cd pynacl* + mkdir wheelhouse LIBSODIUM_MAKE_ARGS="-j$(sysctl -n hw.ncpu)" \ - ../venv/bin/python setup.py bdist_wheel --py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} && mv dist/PyNaCl*.whl ../wheelhouse + venv/bin/python -m build --wheel --config-setting=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} + mv dist/PyNaCl*.whl wheelhouse/ env: PYTHON_VERSION: ${{ matrix.PYTHON.ABI_VERSION }} MACOSX_DEPLOYMENT_TARGET: '10.10' @@ -148,15 +154,13 @@ jobs: shell: bash - name: Install wheel and our Python dependencies - run: python -m pip install -U pip wheel cffi - - name: Make sdist - run: python setup.py sdist - - run: tar zxvf dist/PyNaCl*.tar.gz && mkdir wheelhouse - shell: bash + run: python -m pip install -U pip wheel cffi build - name: Build the wheel run: | + mkdir wheelhouse call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\Tools\VsDevCmd.bat" -no_logo -arch=${{ matrix.WINDOWS.VS_ARCH }} - cd PyNaCl* && python setup.py bdist_wheel --py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} && mv dist/PyNaCl*.whl ../wheelhouse + python -m build --wheel --config-setting=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} + mv dist/PyNaCl*.whl wheelhouse/ shell: cmd env: PYNACL_SODIUM_LIBRARY_NAME: sodium diff --git a/MANIFEST.in b/MANIFEST.in index 9fdd5239..b3ebc7ce 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -39,7 +39,6 @@ recursive-include src/bindings *.py *.h # Remove our CI files recursive-exclude .github * -recursive-exclude .circleci * # Remove readthedocs config exclude .readthedocs.yml diff --git a/pyproject.toml b/pyproject.toml index 9caa8ff1..c00c319d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,12 +1,50 @@ [build-system] -# Must be kept in sync with `setup_requirements` in `setup.py` +# Must be kept in sync with `dependencies` below requires = [ - "setuptools>=40.8.0", + "setuptools>=61.0.0", "wheel", "cffi>=1.4.1; platform_python_implementation != 'PyPy'", ] build-backend = "setuptools.build_meta" +[project] +dynamic = ["readme"] + +name = "PyNaCl" +# Must be kept in sync with `src/nacl/__init__.py` +version = "1.6.0.dev1" +authors = [ + {name = "The PyNaCl developers", email = "cryptography-dev@python.org"} +] +description = "Python binding to the Networking and Cryptography (NaCl) library" +license = {text = "Apache-2.0"} +classifiers = [ + "Programming Language :: Python :: Implementation :: CPython", + "Programming Language :: Python :: Implementation :: PyPy", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.6", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", +] +requires-python = ">=3.6" +dependencies = [ + "cffi>=1.4.1; platform_python_implementation != 'PyPy'" +] + +[project.optional-dependencies] +tests = [ + "pytest>=3.2.1,!=3.3.0", + "hypothesis>=3.27.0", +] +docs = [ + "sphinx<7", + "sphinx_rtd_theme" +] + [tool.black] line-length = 79 target-version = ["py36"] diff --git a/setup.py b/setup.py index 1d462562..2fb87445 100644 --- a/setup.py +++ b/setup.py @@ -30,24 +30,12 @@ from setuptools.command.build_ext import build_ext as _build_ext -requirements = [] -setup_requirements = ["setuptools"] -test_requirements = [ - "pytest>=3.2.1,!=3.3.0", - "hypothesis>=3.27.0", -] -docs_requirements = ["sphinx<7", "sphinx_rtd_theme"] - - if platform.python_implementation() == "PyPy": if sys.pypy_version_info < (2, 6): raise RuntimeError( "PyNaCl is not compatible with PyPy < 2.6. Please " "upgrade PyPy to use this library." ) -else: - requirements.append("cffi>=1.4.1") - setup_requirements.append("cffi>=1.4.1") def here(*paths): @@ -194,19 +182,8 @@ def run(self): setup( - name=nacl.__title__, - version=nacl.__version__, - description=nacl.__summary__, long_description="\n".join((README, INSTALL, CHANGELOG)), url=nacl.__uri__, - license=nacl.__license__, - author=nacl.__author__, - author_email=nacl.__email__, - python_requires=">=3.6", - setup_requires=setup_requirements, - install_requires=requirements, - extras_require={"tests": test_requirements, "docs": docs_requirements}, - tests_require=test_requirements, package_dir={"": "src"}, packages=["nacl", "nacl.pwhash", "nacl.bindings"], package_data={"nacl": ["py.typed"]}, @@ -215,16 +192,4 @@ def run(self): cmdclass={"build_clib": build_clib, "build_ext": build_ext}, distclass=Distribution, zip_safe=False, - classifiers=[ - "Programming Language :: Python :: Implementation :: CPython", - "Programming Language :: Python :: Implementation :: PyPy", - "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", - "Programming Language :: Python :: 3.8", - "Programming Language :: Python :: 3.9", - "Programming Language :: Python :: 3.10", - "Programming Language :: Python :: 3.11", - "Programming Language :: Python :: 3.12", - ], ) diff --git a/src/nacl/__init__.py b/src/nacl/__init__.py index 49483f43..f251746e 100644 --- a/src/nacl/__init__.py +++ b/src/nacl/__init__.py @@ -14,26 +14,12 @@ __all__ = [ - "__title__", - "__summary__", "__uri__", "__version__", - "__author__", "__email__", - "__license__", - "__copyright__", ] -__title__ = "PyNaCl" -__summary__ = ( - "Python binding to the Networking and Cryptography (NaCl) library" -) __uri__ = "https://github.com/pyca/pynacl/" +# Must be kept in sync with `pyproject.toml` __version__ = "1.6.0.dev1" - -__author__ = "The PyNaCl developers" -__email__ = "cryptography-dev@python.org" - -__license__ = "Apache License 2.0" -__copyright__ = "Copyright 2013-2018 {}".format(__author__) From 89753d3ecdc7896e9db48e61a311b32079e30a1f Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 30 Jun 2024 09:38:18 -0400 Subject: [PATCH 2/2] Bump minimum to py37 --- .github/workflows/ci.yml | 6 ++---- .github/workflows/wheel-builder.yml | 4 ++-- README.rst | 2 +- pyproject.toml | 3 +-- 4 files changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4fc65621..40a580ab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,6 @@ jobs: - {VERSION: "3.12", TOXENV: "mypy", COVERAGE: "false"} - {VERSION: "pypy-3.9", TOXENV: "pypy3"} - {VERSION: "pypy-3.10", TOXENV: "pypy3"} - - {VERSION: "3.6", TOXENV: "py36"} - {VERSION: "3.7", TOXENV: "py37"} - {VERSION: "3.8", TOXENV: "py38"} - {VERSION: "3.9", TOXENV: "py39"} @@ -71,11 +70,11 @@ jobs: - 'macos-13' - 'macos-latest' PYTHON: - - {VERSION: "3.6", TOXENV: "py36"} + - {VERSION: "3.7", TOXENV: "py37"} - {VERSION: "3.12", TOXENV: "py312"} - {VERSION: "3.12", TOXENV: "py312", NOTE: " (minimal build)", SODIUM_INSTALL_MINIMAL: "1"} exclude: - - PYTHON: {VERSION: "3.6", TOXENV: "py36"} + - PYTHON: {VERSION: "3.7", TOXENV: "py37"} RUNNER: macos-latest name: "Python ${{ matrix.PYTHON.VERSION }}${{ matrix.PYTHON.NOTE }} on ${{ matrix.RUNNER }}" steps: @@ -103,7 +102,6 @@ jobs: - {ARCH: 'x86', SODIUM_ARCH: 'Win32'} - {ARCH: 'x64', SODIUM_ARCH: 'x64'} PYTHON: - - {VERSION: "3.6", TOXENV: "py36", SODIUM_MSVC_VERSION: "v142"} - {VERSION: "3.7", TOXENV: "py37", SODIUM_MSVC_VERSION: "v142"} - {VERSION: "3.8", TOXENV: "py38", SODIUM_MSVC_VERSION: "v142"} - {VERSION: "3.9", TOXENV: "py39", SODIUM_MSVC_VERSION: "v142"} diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index 654ab6b9..260271a3 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -82,7 +82,7 @@ jobs: matrix: PYTHON: - VERSION: '3.10' - ABI_VERSION: 'cp36' + ABI_VERSION: 'cp37' DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.10.1/python-3.10.1-macos11.pkg' BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.10/bin/python3' name: "Python ${{ matrix.PYTHON.VERSION }} for ABI ${{ matrix.PYTHON.ABI_VERSION }} on macOS" @@ -130,7 +130,7 @@ jobs: - {ARCH: 'x86', SODIUM_ARCH: 'Win32', VS_ARCH: 'x86'} - {ARCH: 'x64', SODIUM_ARCH: 'x64', VS_ARCH: 'amd64'} PYTHON: - - {VERSION: "3.9", SODIUM_MSVC_VERSION: "v142", "ABI_VERSION": "cp36"} + - {VERSION: "3.9", SODIUM_MSVC_VERSION: "v142", "ABI_VERSION": "cp37"} name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.ARCH }} ${{ matrix.PYTHON.ABI_VERSION }}" steps: - uses: actions/checkout@v4.1.7 diff --git a/README.rst b/README.rst index aca3b917..81ae389c 100644 --- a/README.rst +++ b/README.rst @@ -15,7 +15,7 @@ PyNaCl: Python binding to the libsodium library PyNaCl is a Python binding to `libsodium`_, which is a fork of the `Networking and Cryptography library`_. These libraries have a stated goal of -improving usability, security and speed. It supports Python 3.6+ as well as +improving usability, security and speed. It supports Python 3.7+ as well as PyPy 3. .. _libsodium: https://github.com/jedisct1/libsodium diff --git a/pyproject.toml b/pyproject.toml index c00c319d..e152bd84 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -22,7 +22,6 @@ classifiers = [ "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", @@ -30,7 +29,7 @@ classifiers = [ "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", ] -requires-python = ">=3.6" +requires-python = ">=3.7" dependencies = [ "cffi>=1.4.1; platform_python_implementation != 'PyPy'" ]