Update to pyo3-0.23 #11954
Merged
Update to pyo3-0.23 #11954
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
|
Is tehre a reason not to push a change to cargo.toml to point at git? Or are there patches on top of github that are still needed? |
|
With sadness, you'll need to rebase on main, we moved the pyo3 dep to be a workspace one. |
Nope no particular reason, I just had it pointed at a local clone with |
|
this should fix it diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs
index 5758acccb..66afa08f1 100644
--- a/src/rust/src/x509/certificate.rs
+++ b/src/rust/src/x509/certificate.rs
@@ -716,7 +716,7 @@ pub(crate) fn parse_access_descriptions(
fn parse_naming_authority<'p>(
py: pyo3::Python<'p>,
- authority: NamingAuthority<'p>,
+ authority: NamingAuthority<'_>,
) -> CryptographyResult<pyo3::Bound<'p, pyo3::PyAny>> {
let py_id = match &authority.id {
Some(data) => oid_to_py_oid(py, data)?,
@@ -736,10 +736,10 @@ fn parse_naming_authority<'p>(
.call1((py_id, py_url, py_text))?)
}
-fn parse_profession_infos<'a>(
- py: pyo3::Python<'a>,
+fn parse_profession_infos<'p, 'a>(
+ py: pyo3::Python<'p>,
profession_infos: &asn1::SequenceOf<'a, ProfessionInfo<'a>>,
-) -> CryptographyResult<pyo3::Bound<'a, pyo3::PyAny>> {
+) -> CryptographyResult<pyo3::Bound<'p, pyo3::PyAny>> {
let py_infos = pyo3::types::PyList::empty(py);
for info in profession_infos.clone() {
let py_naming_authority = match info.naming_authority {
@@ -782,10 +782,10 @@ fn parse_profession_infos<'a>(
Ok(py_infos.into_any())
}
-fn parse_admissions<'a>(
- py: pyo3::Python<'a>,
+fn parse_admissions<'p, 'a>(
+ py: pyo3::Python<'p>,
admissions: &asn1::SequenceOf<'a, Admission<'a>>,
-) -> CryptographyResult<pyo3::Bound<'a, pyo3::PyAny>> {
+) -> CryptographyResult<pyo3::Bound<'p, pyo3::PyAny>> {
let py_admissions = pyo3::types::PyList::empty(py);
for admission in admissions.clone() {
let py_admission_authority = match admission.admission_authority { |
|
woohoo, tests pass! |
alex
reviewed
Nov 15, 2024
src/rust/src/backend/ec.rs
Outdated
| @@ -34,8 +34,8 @@ fn curve_from_py_curve( | |||
| if !py_curve.is_instance(&types::ELLIPTIC_CURVE.get(py)?)? { | |||
| if allow_curve_class { | |||
| let warning_cls = types::DEPRECATED_IN_42.get(py)?; | |||
| let warning_msg = "Curve argument must be an instance of an EllipticCurve class. Did you pass a class by mistake? This will be an exception in a future version of cryptography."; | |||
| pyo3::PyErr::warn_bound(py, &warning_cls, warning_msg, 1)?; | |||
| let warning_msg = std::ffi::CString::new("Curve argument must be an instance of an EllipticCurve class. Did you pass a class by mistake? This will be an exception in a future version of cryptography.").unwrap(); | |||
There was a problem hiding this comment.
We can use CStr::from_bytes_with_nul and save an allocation here
src/rust/src/x509/certificate.rs
Outdated
| "Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_before_utc.", | ||
| 1, | ||
| )?; | ||
| let message = std::ffi::CString::new("Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_before_utc.").unwrap(); |
src/rust/src/x509/certificate.rs
Outdated
| "Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc.", | ||
| 1, | ||
| )?; | ||
| let message = std::ffi::CString::new("Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc.").unwrap(); |
src/rust/src/x509/certificate.rs
Outdated
| "Parsed a negative serial number, which is disallowed by RFC 5280. Loading this certificate will cause an exception in the next release of cryptography.", | ||
| 1, | ||
| )?; | ||
| let message = std::ffi::CString::new("Parsed a negative serial number, which is disallowed by RFC 5280. Loading this certificate will cause an exception in the next release of cryptography.").unwrap(); |
src/rust/src/x509/certificate.rs
Outdated
| "The parsed certificate contains a NULL parameter value in its signature algorithm parameters. This is invalid and will be rejected in a future version of cryptography. If this certificate was created via Java, please upgrade to JDK21+ or the latest JDK11/17 once a fix is issued. If this certificate was created in some other fashion please report the issue to the cryptography issue tracker. See https://github.com/pyca/cryptography/issues/8996 and https://github.com/pyca/cryptography/issues/9253 for more details.", | ||
| 2, | ||
| )?; | ||
| let message = std::ffi::CString::new("The parsed certificate contains a NULL parameter value in its signature algorithm parameters. This is invalid and will be rejected in a future version of cryptography. If this certificate was created via Java, please upgrade to JDK21+ or the latest JDK11/17 once a fix is issued. If this certificate was created in some other fashion please report the issue to the cryptography issue tracker. See https://github.com/pyca/cryptography/issues/8996 and https://github.com/pyca/cryptography/issues/9253 for more details.").unwrap(); |
src/rust/src/x509/ocsp_resp.rs
Outdated
| "Properties that return a naïve datetime object have been deprecated. Please switch to this_update_utc.", | ||
| 1, | ||
| )?; | ||
| let message = std::ffi::CString::new("Properties that return a naïve datetime object have been deprecated. Please switch to this_update_utc.").unwrap(); |
src/rust/src/x509/ocsp_resp.rs
Outdated
| "Properties that return a naïve datetime object have been deprecated. Please switch to next_update_utc.", | ||
| 1, | ||
| )?; | ||
| let message = std::ffi::CString::new("Properties that return a naïve datetime object have been deprecated. Please switch to next_update_utc.").unwrap(); |
src/rust/src/x509/ocsp_resp.rs
Outdated
| "Properties that return a naïve datetime object have been deprecated. Please switch to revocation_time_utc.", | ||
| 1, | ||
| )?; | ||
| let message = std::ffi::CString::new("Properties that return a naïve datetime object have been deprecated. Please switch to revocation_time_utc.").unwrap(); |
src/rust/src/x509/ocsp_resp.rs
Outdated
| "Properties that return a naïve datetime object have been deprecated. Please switch to this_update_utc.", | ||
| 1, | ||
| )?; | ||
| let message = std::ffi::CString::new("Properties that return a naïve datetime object have been deprecated. Please switch to revocation_time_utc.").unwrap(); |
src/rust/src/x509/ocsp_resp.rs
Outdated
| "Properties that return a naïve datetime object have been deprecated. Please switch to next_update_utc.", | ||
| 1, | ||
| )?; | ||
| let message = std::ffi::CString::new("Properties that return a naïve datetime object have been deprecated. Please switch to next_update_utc.").unwrap(); |
|
Release is up! You should be able to point this at 0.23 on crates.io now |
ngoldbaum
commented
Nov 15, 2024
|
Sorry for all the noise, I was getting confused by the nox sessions before |
ngoldbaum
commented
Nov 15, 2024
alex
approved these changes
Nov 15, 2024
Closed
|
That was quick. Awesome work @ngoldbaum |
|
Getting free-threading working will be harder. I want to see whether I can disable the cffi dependency and make some headway while work on free-threading in cffi proceeds. |
|
In practice, it may be _marginally_ faster for us to make enough
progress on pyOpenSSL deprecations for us to remove cffi entirely.
pyca/pyopenssl#1321 tracks that work, and
our plan is that once that work is complete, we'll migrate pyOpenSSL
to be in Rust, and then drop cffi entirely.
pyca/pyopenssl#1376 is the latest PR on that,
which as you can see is blocked on upstream work in certbot.
So there's quite a stack of yaks. But given that cffi is largely in
maintenance mode at this point, this might be a path an interested
contributor could try pursuing.
…On Fri, Nov 15, 2024 at 7:15 PM Nathan Goldbaum ***@***.***> wrote:
Getting free-threading working will be harder. I want to see whether I can disable the cffi dependency and make some headway while work on free-threading in cffi proceeds.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you modified the open/close state.Message ID: ***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.