diff --git a/.github/requirements/build-requirements.in b/.github/requirements/build-requirements.in index 564eacec8d48..6a05b5d06b61 100644 --- a/.github/requirements/build-requirements.in +++ b/.github/requirements/build-requirements.in @@ -2,7 +2,7 @@ setuptools>=61.0.0 wheel cffi>=1.12; platform_python_implementation != 'PyPy' -setuptools-rust>=1.7.0 +maturin>=1,<2 # WARN: changing the requirements here DOES NOT update the dependencies used for building at the github workflow, as the build process used build-requirements.txt # To update build-requirements.txt according to the dependencies here, run pip-compile --allow-unsafe --generate-hashes build-requirements.in diff --git a/.github/requirements/build-requirements.txt b/.github/requirements/build-requirements.txt index 70fe56dc3ca1..6a695847aca0 100644 --- a/.github/requirements/build-requirements.txt +++ b/.github/requirements/build-requirements.txt @@ -58,22 +58,29 @@ cffi==1.16.0 ; platform_python_implementation != "PyPy" \ --hash=sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956 \ --hash=sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357 # via -r build-requirements.in +maturin==1.5.0 \ + --hash=sha256:0b976116b7cfaafbc8c3f0acfaec6702520c49e86e48ea80e2c282b7f8118c1a \ + --hash=sha256:1b29bf8771f27d2e6b2685c82de952b5732ee79e5c0030ffd5dab5ccb99137a1 \ + --hash=sha256:2e4c01370a5c10b6c4887bee66d3582bdb38c3805168c1393f072bd266da08d4 \ + --hash=sha256:76e3270ff87b5484976d23e3d88475cd64acf41b54f561263f253d8fca0baab3 \ + --hash=sha256:9cba3737cb92ce5c1bd82cbb9b1fde412b2aac8882ac38b8340980f5eb858d8c \ + --hash=sha256:a5c038ded82c7595d99e94a208aa8af2b5c94eef4c8fcf5ef6e841957e506201 \ + --hash=sha256:b3a499ff5960e46115488e68011809ce99857864ce3a91cf5d0fff3adbd89e8c \ + --hash=sha256:d277adf9b27143627ba7be7ea254513d3e85008fb16a94638b56884a41b4e5a2 \ + --hash=sha256:d6a314472e07b6bdfa4cdf97d24cda1defe008d36d4b75de2efd3383e7a2d7bf \ + --hash=sha256:e046ea2aed687991d58c42f6276dfcc0c037092934654f538b5877fd57dd3a9c \ + --hash=sha256:eb35dfe5994ad2c34d2874a73720847ecc2adb28f934e9a7cbcdb8826b240e60 \ + --hash=sha256:f271f315fb78d2ff5fdf60f8d3ada2a04a66ac6fbd3cbb318c4eb4e9766449bc \ + --hash=sha256:faa0d099a8045afc9977284cb3a1c26e5ebc9a7f0fe4d53b7ee17f62fd279f4a + # via -r build-requirements.in pycparser==2.22 \ --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \ --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc # via cffi -semantic-version==2.10.0 \ - --hash=sha256:bdabb6d336998cbb378d4b9db3a4b56a1e3235701dc05ea2690d9a997ed5041c \ - --hash=sha256:de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177 - # via setuptools-rust -setuptools-rust==1.9.0 \ - --hash=sha256:409caf49dcf7ad9bd510b4bf4011fbad504e745fae98f57fe1c06f3a97719638 \ - --hash=sha256:704df0948f2e4cc60c2596ad6e840ea679f4f43e58ed4ad0c1857807240eab96 - # via -r build-requirements.in tomli==2.0.1 \ --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \ --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f - # via setuptools-rust + # via maturin wheel==0.43.0 \ --hash=sha256:465ef92c69fa5c5da2d1cf8ac40559a8c940886afcef87dcf14b9470862f1d85 \ --hash=sha256:55c570405f142630c6b9f72fe09d9b67cf1477fcf543ae5b8dcb1f5b7377da81 @@ -85,4 +92,3 @@ setuptools==69.2.0 \ --hash=sha256:c21c49fb1042386df081cb5d86759792ab89efca84cf114889191cd09aacc80c # via # -r build-requirements.in - # setuptools-rust diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index 18579f6c60fc..1f78455a39d6 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -57,8 +57,8 @@ jobs: fail-fast: false matrix: PYTHON: - - { VERSION: "cp311-cp311", ABI_VERSION: 'cp37' } - - { VERSION: "cp311-cp311", ABI_VERSION: 'cp39' } + - { VERSION: "cp311-cp311", ABI_VERSION: 'py37' } + - { VERSION: "cp311-cp311", ABI_VERSION: 'py39' } - { VERSION: "pp39-pypy39_pp73" } - { VERSION: "pp310-pypy310_pp73" } MANYLINUX: @@ -131,8 +131,10 @@ jobs: - name: Build the wheel run: | if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then - PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" + PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" fi + + source .venv/bin/activate OPENSSL_DIR="/opt/pyca/cryptography/openssl" \ OPENSSL_STATIC=1 \ .venv/bin/python -m pip wheel -v --no-deps $PY_LIMITED_API cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl tmpwheelhouse @@ -166,7 +168,7 @@ jobs: matrix: PYTHON: - VERSION: '3.11' - ABI_VERSION: 'cp37' + ABI_VERSION: 'py37' # Despite the name, this is built for the macOS 11 SDK on arm64 and 10.9+ on intel DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg' BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3' @@ -178,7 +180,7 @@ jobs: # build against _PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2' - VERSION: '3.11' - ABI_VERSION: 'cp39' + ABI_VERSION: 'py39' # Despite the name, this is built for the macOS 11 SDK on arm64 and 10.9+ on intel DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg' BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3' @@ -190,7 +192,7 @@ jobs: # build against _PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2' - VERSION: '3.11' - ABI_VERSION: 'cp37' + ABI_VERSION: 'py37' DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg' BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3' DEPLOYMENT_TARGET: '10.12' @@ -257,9 +259,10 @@ jobs: - name: Build the wheel run: | if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then - PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" + PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" fi + source venv/bin/activate OPENSSL_DIR="$(readlink -f ../openssl-macos-universal2/)" \ OPENSSL_STATIC=1 \ venv/bin/python -m pip wheel -v --no-deps $PY_LIMITED_API cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl wheelhouse @@ -293,8 +296,8 @@ jobs: - {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'} - {ARCH: 'x64', WINDOWS: 'win64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'} PYTHON: - - {VERSION: "3.11", "ABI_VERSION": "cp37"} - - {VERSION: "3.11", "ABI_VERSION": "cp39"} + - {VERSION: "3.11", "ABI_VERSION": "py37"} + - {VERSION: "3.11", "ABI_VERSION": "py39"} - {VERSION: "pypy-3.9"} - {VERSION: "pypy-3.10"} exclude: @@ -348,7 +351,7 @@ jobs: - run: mkdir wheelhouse - run: | if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then - PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" + PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" fi python -m pip wheel -v --no-deps cryptography*.tar.gz $PY_LIMITED_API -w dist/ && mv dist/cryptography*.whl wheelhouse/ diff --git a/MANIFEST.in b/MANIFEST.in deleted file mode 100644 index dcffd6024d1c..000000000000 --- a/MANIFEST.in +++ /dev/null @@ -1,24 +0,0 @@ -include CHANGELOG.rst -include CONTRIBUTING.rst -include LICENSE -include LICENSE.APACHE -include LICENSE.BSD -include README.rst -include noxfile.py - -include pyproject.toml -recursive-include src py.typed *.pyi - -recursive-include docs * -recursive-include src/_cffi_src *.py *.c *.h -recursive-include src/rust Cargo.toml Cargo.lock *.rs -prune docs/_build -recursive-include tests *.py -exclude vectors -recursive-exclude vectors * -exclude src/rust/target -recursive-exclude src/rust/target * - -recursive-exclude .github * - -exclude release.py .readthedocs.yml ci-constraints-requirements.txt mypy.ini diff --git a/pyproject.toml b/pyproject.toml index 64e33aac8aca..4cfc675e2556 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -2,14 +2,15 @@ # These requirements must be kept sync with the requirements in # ./github/requirements/build-requirements.{in,txt} requires = [ - # First version of setuptools to support pyproject.toml configuration - "setuptools>=61.0.0", - "wheel", + "maturin>=1,<2", + # Must be kept in sync with `project.dependencies` "cffi>=1.12; platform_python_implementation != 'PyPy'", - "setuptools-rust>=1.7.0", + # Needed because cffi imports distutils, and in Python 3.12, distutils has + # been removed from the stdlib, but installing setuptools puts it back. + "setuptools", ] -build-backend = "setuptools.build_meta" +build-backend = "maturin" [project] name = "cryptography" @@ -57,14 +58,6 @@ source = "https://github.com/pyca/cryptography/" issues = "https://github.com/pyca/cryptography/issues" changelog = "https://cryptography.io/en/latest/changelog/" -[tool.setuptools] -zip-safe = false -package-dir = {"" = "src"} - -[tool.setuptools.packages.find] -where = ["src"] -include = ["cryptography*"] - [project.optional-dependencies] ssh = ["bcrypt >=3.1.5"] @@ -86,12 +79,42 @@ sdist = ["build"] # `click` included because its needed to type check `release.py` pep8test = ["ruff", "mypy", "check-sdist", "click"] -[[tool.setuptools-rust.ext-modules]] -target = "cryptography.hazmat.bindings._rust" -path = "src/rust/Cargo.toml" -py-limited-api = "auto" -rust-version = ">=1.65.0" - +[tool.maturin] +python-source = "src" +python-packages = ["cryptography"] +manifest-path = "src/rust/Cargo.toml" +module-name = "cryptography.hazmat.bindings._rust" +locked = true +sdist-generator = "git" +features = ["pyo3/abi3-py37"] +include = [ + "CHANGELOG.rst", + "CONTRIBUTING.rst", + "LICENSE", + "LICENSE.APACHE", + "LICENSE.BSD", + + "docs/**/*", + + "src/_cffi_src/**/*.py", + "src/_cffi_src/**/*.c", + "src/_cffi_src/**/*.h", + + "src/rust/**/Cargo.toml", + "src/rust/**/Cargo.lock", + "src/rust/**/*.rs", + + "tests/**/*.py", +] +exclude = [ + "vectors/**/*", + "src/rust/target/**/*", + "docs/_build/**/*", + ".github/**/*", + ".readthedocs.yml", + "ci-constraints-requirements.txt", + "mypy.ini", +] [tool.pytest.ini_options] addopts = "-r s --capture=no --strict-markers --benchmark-disable"