Replace XML-RPC with gRPC for PyMOL RPC services #4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduced a new gRPC-based implementation to replace the deprecated XML-RPC framework used in PyMOL. This migration addresses security vulnerabilities in XML-RPC (e.g., CVE-2016-5004) and provides a modern, efficient, and extensible framework for remote procedure calls. Updated associated protobuf definitions and Python gRPC bindings accordingly.
Updated the CI workflow to trigger on pushes to the "production" branch and pull requests targeting "main," "production," or "incubating." This ensures proper testing coverage for additional branches and improves development workflow consistency.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a major update to PyMOL's remote control capabilities by replacing the legacy XML-RPC interface with a new, modern gRPC-based service. This improves security, performance, and maintainability, and is accompanied by the addition of protocol buffer definitions and generated Python code for the gRPC API. The workflow for building wheels is also updated to better support multiple branches.
Remote control API modernization
modules/pymol/pml_grpc.py, providing a comprehensive set of remote control methods for PyMOL, including molecular visualization commands, object manipulation, and compatibility methods for legacy workflows.proto/pymol_rpc.proto, specifying all request/response message types and thePyMolRPCservice interface.modules/pymol/pymol_rpc_pb2.pyto support serialization and deserialization for the gRPC service.Security and transition improvements
modules/pymol/invocation.pyto enforce the use of gRPC for remote control, deprecating the insecure XML-RPC implementation and documenting the associated vulnerabilities.Build workflow enhancements
.github/workflows/wheels.yamlto trigger on additional branches (production,main,incubating) and on pull requests, improving CI coverage for the new remote control features.