diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 4ccb303..33fbd31 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -64,7 +64,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] + python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"] os: [ubuntu-latest, macOS-latest] steps: - uses: actions/checkout@v3 @@ -104,8 +104,6 @@ jobs: cache-dependency-path: | ./pdm.lock ./Cargo.lock - - name: Work around requests bug https://github.com/psf/requests/issues/6437 - run: pip install --force requests==2.29.0 - uses: actions-rust-lang/setup-rust-toolchain@v1 - name: Install dependencies run: | diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2ac2223..46be51a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,18 +9,33 @@ repos: - id: check-yaml - id: check-added-large-files - - repo: https://github.com/charliermarsh/ruff-pre-commit - rev: "v0.0.264" + - repo: local hooks: - id: ruff name: Check python (ruff) - args: [--show-source, --fix, --exit-non-zero-on-fix] - - - repo: https://github.com/psf/black - rev: 23.1.0 - hooks: - - id: black - name: Check black + language: system + types_or: [python, pyi] + require_serial: true + entry: pdm run ruff check --force-exclude + args: + [--output-format=full, --fix, --show-fixes, --exit-non-zero-on-fix] + - id: ruff-format + name: Format python (ruff) + language: system + types_or: [python, pyi] + require_serial: true + entry: pdm run ruff format --force-exclude + - id: nixfmt + name: Format Nix (nixfmt) + types: [nix] + language: system + require_serial: true + entry: bash -c 'command -v nix && nix "$@" || echo "skipping nixfmt"' nix + args: + - --experimental-features + - nix-command flakes + - --accept-flake-config + - fmt - repo: https://github.com/python-jsonschema/check-jsonschema rev: 0.21.0 diff --git a/Cargo.lock b/Cargo.lock index 6c5a345..91778bb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -11,6 +11,18 @@ dependencies = [ "memchr", ] +[[package]] +name = "anes" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" + +[[package]] +name = "anstyle" +version = "1.0.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bec1de6f59aedf83baf9ff929c98f2ad654b97c9510f4e70cf6f661d49fd5b1" + [[package]] name = "approx" version = "0.5.1" @@ -26,29 +38,12 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6" -[[package]] -name = "atty" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" -dependencies = [ - "hermit-abi 0.1.19", - "libc", - "winapi", -] - [[package]] name = "autocfg" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" -[[package]] -name = "bitflags" -version = "1.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" - [[package]] name = "bumpalo" version = "3.13.0" @@ -67,37 +62,78 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "ciborium" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e" +dependencies = [ + "ciborium-io", + "ciborium-ll", + "serde", +] + +[[package]] +name = "ciborium-io" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757" + +[[package]] +name = "ciborium-ll" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9" +dependencies = [ + "ciborium-io", + "half", +] + [[package]] name = "clap" -version = "2.34.0" +version = "4.5.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" +checksum = "b97f376d85a664d5837dbae44bf546e6477a679ff6610010f17276f686d867e8" dependencies = [ - "bitflags", - "textwrap", - "unicode-width", + "clap_builder", ] +[[package]] +name = "clap_builder" +version = "4.5.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19bc80abd44e4bed93ca373a0704ccbd1b710dc5749406201bb018272808dc54" +dependencies = [ + "anstyle", + "clap_lex", +] + +[[package]] +name = "clap_lex" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97" + [[package]] name = "criterion" -version = "0.3.6" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b01d6de93b2b6c65e17c634a26653a29d107b3c98c607c765bf38d041531cd8f" +checksum = "f2b12d017a929603d80db1831cd3a24082f8137ce19c69e6447f54f5fc8d692f" dependencies = [ - "atty", + "anes", "cast", + "ciborium", "clap", "criterion-plot", - "csv", + "is-terminal", "itertools", - "lazy_static", "num-traits", + "once_cell", "oorandom", "plotters", "rayon", "regex", "serde", - "serde_cbor", "serde_derive", "serde_json", "tinytemplate", @@ -106,9 +142,9 @@ dependencies = [ [[package]] name = "criterion-plot" -version = "0.4.5" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2673cc8207403546f45f5fd319a974b1e6983ad1a3ee7e6041650013be041876" +checksum = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1" dependencies = [ "cast", "itertools", @@ -144,7 +180,7 @@ dependencies = [ "autocfg", "cfg-if", "crossbeam-utils", - "memoffset 0.9.0", + "memoffset", "scopeguard", ] @@ -158,25 +194,10 @@ dependencies = [ ] [[package]] -name = "csv" -version = "1.2.2" +name = "crunchy" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "626ae34994d3d8d668f4269922248239db4ae42d538b14c398b74a52208e8086" -dependencies = [ - "csv-core", - "itoa", - "ryu", - "serde", -] - -[[package]] -name = "csv-core" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b2466559f260f48ad25fe6317b3c8dac77b5bdb5763ac7d9d6103530663bc90" -dependencies = [ - "memchr", -] +checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7" [[package]] name = "either" @@ -201,7 +222,7 @@ checksum = "5e9a1f9f7d83e59740248a6e14ecf93929ade55027844dfcea78beafccc15745" dependencies = [ "proc-macro2", "quote", - "syn 2.0.25", + "syn", ] [[package]] @@ -217,18 +238,19 @@ dependencies = [ [[package]] name = "half" -version = "1.8.2" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" +checksum = "6dd08c532ae367adf81c312a4580bc67f1d0fe8bc9c460520283f4c0ff277888" +dependencies = [ + "cfg-if", + "crunchy", +] [[package]] -name = "hermit-abi" -version = "0.1.19" +name = "heck" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" -dependencies = [ - "libc", -] +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" @@ -236,11 +258,28 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b" +[[package]] +name = "hermit-abi" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" + [[package]] name = "indoc" -version = "1.0.9" +version = "2.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa799dd5ed20a7e349f3b4639aa80d74549c81716d9ec4f994c9b5815598306" +checksum = "b248f5224d1d606005e02c97f5aa4e88eeb230488bcc03bc9ca4d7991399f2b5" + +[[package]] +name = "is-terminal" +version = "0.4.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b" +dependencies = [ + "hermit-abi 0.4.0", + "libc", + "windows-sys", +] [[package]] name = "itertools" @@ -268,42 +307,26 @@ dependencies = [ [[package]] name = "landlock" -version = "0.2.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "520baa32708c4e957d2fc3a186bc5bd8d26637c33137f399ddfc202adb240068" +checksum = "18738c5d4c7fae6727a96adb94722ef7ce82f3eafea0a11777e258a93816537e" dependencies = [ "enumflags2", "libc", "thiserror", ] -[[package]] -name = "lazy_static" -version = "1.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" - [[package]] name = "libc" version = "0.2.147" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" -[[package]] -name = "lock_api" -version = "0.4.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16" -dependencies = [ - "autocfg", - "scopeguard", -] - [[package]] name = "log" -version = "0.4.19" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "memchr" @@ -311,15 +334,6 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" -[[package]] -name = "memoffset" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1" -dependencies = [ - "autocfg", -] - [[package]] name = "memoffset" version = "0.9.0" @@ -360,29 +374,6 @@ version = "11.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" -[[package]] -name = "parking_lot" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" -dependencies = [ - "lock_api", - "parking_lot_core", -] - -[[package]] -name = "parking_lot_core" -version = "0.9.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447" -dependencies = [ - "cfg-if", - "libc", - "redox_syscall", - "smallvec", - "windows-targets", -] - [[package]] name = "plotters" version = "0.3.5" @@ -411,6 +402,12 @@ dependencies = [ "plotters-backend", ] +[[package]] +name = "portable-atomic" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc9c68a3f6da06753e9335d63e27f6b9754dd1920d941135b7ea8224f141adb2" + [[package]] name = "ppv-lite86" version = "0.2.17" @@ -419,24 +416,25 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "proc-macro2" -version = "1.0.64" +version = "1.0.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da" +checksum = "b3e4daa0dcf6feba26f985457cdf104d4b4256fc5a09547140f3631bb076b19a" dependencies = [ "unicode-ident", ] [[package]] name = "pyo3" -version = "0.18.3" +version = "0.22.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3b1ac5b3731ba34fdaa9785f8d74d17448cd18f30cf19e0c7e7b1fdb5272109" +checksum = "15ee168e30649f7f234c3d49ef5a7a6cbf5134289bc46c29ff3155fa3221c225" dependencies = [ "cfg-if", "indoc", "libc", - "memoffset 0.8.0", - "parking_lot", + "memoffset", + "once_cell", + "portable-atomic", "pyo3-build-config", "pyo3-ffi", "pyo3-macros", @@ -445,9 +443,9 @@ dependencies = [ [[package]] name = "pyo3-build-config" -version = "0.18.3" +version = "0.22.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cb946f5ac61bb61a5014924910d936ebd2b23b705f7a4a3c40b05c720b079a3" +checksum = "e61cef80755fe9e46bb8a0b8f20752ca7676dcc07a5277d8b7768c6172e529b3" dependencies = [ "once_cell", "target-lexicon", @@ -455,9 +453,9 @@ dependencies = [ [[package]] name = "pyo3-ffi" -version = "0.18.3" +version = "0.22.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd4d7c5337821916ea2a1d21d1092e8443cf34879e53a0ac653fbb98f44ff65c" +checksum = "67ce096073ec5405f5ee2b8b31f03a68e02aa10d5d4f565eca04acc41931fa1c" dependencies = [ "libc", "pyo3-build-config", @@ -465,9 +463,9 @@ dependencies = [ [[package]] name = "pyo3-log" -version = "0.8.1" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9c8b57fe71fb5dcf38970ebedc2b1531cf1c14b1b9b4c560a182a57e115575c" +checksum = "3ac84e6eec1159bc2a575c9ae6723baa6ee9d45873e9bebad1e3ad7e8d28a443" dependencies = [ "arc-swap", "log", @@ -476,32 +474,34 @@ dependencies = [ [[package]] name = "pyo3-macros" -version = "0.18.3" +version = "0.22.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9d39c55dab3fc5a4b25bbd1ac10a2da452c4aca13bb450f22818a002e29648d" +checksum = "2440c6d12bc8f3ae39f1e775266fa5122fd0c8891ce7520fa6048e683ad3de28" dependencies = [ "proc-macro2", "pyo3-macros-backend", "quote", - "syn 1.0.109", + "syn", ] [[package]] name = "pyo3-macros-backend" -version = "0.18.3" +version = "0.22.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97daff08a4c48320587b5224cc98d609e3c27b6d437315bd40b605c98eeb5918" +checksum = "1be962f0e06da8f8465729ea2cb71a416d2257dff56cbe40a70d3e62a93ae5d1" dependencies = [ + "heck", "proc-macro2", + "pyo3-build-config", "quote", - "syn 1.0.109", + "syn", ] [[package]] name = "quote" -version = "1.0.29" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "573015e8ab27661678357f27dc26460738fd2b6c86e46f386fde94cb5d913105" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -558,15 +558,6 @@ dependencies = [ "num_cpus", ] -[[package]] -name = "redox_syscall" -version = "0.3.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29" -dependencies = [ - "bitflags", -] - [[package]] name = "regex" version = "1.9.1" @@ -622,15 +613,8 @@ name = "serde" version = "1.0.171" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "30e27d1e4fd7659406c492fd6cfaf2066ba8773de45ca75e855590f856dc34a9" - -[[package]] -name = "serde_cbor" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2bef2ebfde456fb76bbcf9f59315333decc4fda0b2b44b420243c11e0f5ec1f5" dependencies = [ - "half", - "serde", + "serde_derive", ] [[package]] @@ -641,7 +625,7 @@ checksum = "389894603bd18c46fa56231694f8d827779c0951a667087194cf9de94ed24682" dependencies = [ "proc-macro2", "quote", - "syn 2.0.25", + "syn", ] [[package]] @@ -655,28 +639,11 @@ dependencies = [ "serde", ] -[[package]] -name = "smallvec" -version = "1.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62bb4feee49fdd9f707ef802e22365a35de4b7b299de4763d44bfea899442ff9" - [[package]] name = "syn" -version = "1.0.109" +version = "2.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "syn" -version = "2.0.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15e3fc8c0c74267e2df136e5e5fb656a464158aa57624053375eb9c8c6e25ae2" +checksum = "89132cd0bf050864e1d38dc3bbc07a0eb8e7530af26344d3d2bbbef83499f590" dependencies = [ "proc-macro2", "quote", @@ -685,37 +652,28 @@ dependencies = [ [[package]] name = "target-lexicon" -version = "0.12.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b1c7f239eb94671427157bd93b3694320f3668d4e1eff08c7285366fd777fac" - -[[package]] -name = "textwrap" -version = "0.11.0" +version = "0.12.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" -dependencies = [ - "unicode-width", -] +checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1" [[package]] name = "thiserror" -version = "1.0.40" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "978c9a314bd8dc99be594bc3c175faaa9794be04a5a5e153caba6915336cebac" +checksum = "d50af8abc119fb8bb6dbabcfa89656f46f84aa0ac7688088608076ad2b459a84" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.40" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f" +checksum = "08904e7672f5eb876eaaf87e0ce17857500934f4981c4a0ab2b4aa98baac7fc3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.25", + "syn", ] [[package]] @@ -730,7 +688,7 @@ dependencies = [ [[package]] name = "unblob-native" -version = "0.1.2" +version = "0.1.3" dependencies = [ "approx", "criterion", @@ -739,6 +697,7 @@ dependencies = [ "pyo3", "pyo3-log", "rand", + "thiserror", ] [[package]] @@ -747,17 +706,11 @@ version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "22049a19f4a68748a168c0fc439f9516686aa045927ff767eca0a85101fb6e73" -[[package]] -name = "unicode-width" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" - [[package]] name = "unindent" -version = "0.1.11" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1766d682d402817b5ac4490b3c3002d91dfa0d22812f341609f97b08757359c" +checksum = "c7de7d73e1754487cb58364ee906a499937a0dfabd86bcb980fa99ec8c8fa2ce" [[package]] name = "walkdir" @@ -796,7 +749,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.25", + "syn", "wasm-bindgen-shared", ] @@ -818,7 +771,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.25", + "syn", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -870,15 +823,25 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-targets" -version = "0.48.1" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05d4b17490f70499f20b9e791dcf6a299785ce8af4d709018206dc5b4953e95f" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", "windows_i686_gnu", + "windows_i686_gnullvm", "windows_i686_msvc", "windows_x86_64_gnu", "windows_x86_64_gnullvm", @@ -887,42 +850,48 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.48.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" -version = "0.48.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" -version = "0.48.0" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" -version = "0.48.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" -version = "0.48.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" -version = "0.48.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" -version = "0.48.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" diff --git a/Cargo.toml b/Cargo.toml index 167a370..2398c2c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "unblob-native" -version = "0.1.2" +version = "0.1.3" edition = "2021" license = "MIT" @@ -12,16 +12,17 @@ crate-type = [ ] [dependencies] -log = "0.4.18" -pyo3 = "0.18.3" -pyo3-log = "0.8.1" +log = "0.4.22" +pyo3 = "0.22.3" +pyo3-log = "0.11.0" +thiserror = "1.0.64" [target.'cfg(target_os = "linux")'.dependencies] -landlock = "0.2.0" +landlock = "0.4.1" [dev-dependencies] approx = "0.5.0" -criterion = "0.3.5" +criterion = "0.5.1" rand = "0.8.4" [[bench]] diff --git a/default.nix b/default.nix index 8a07453..2712837 100644 --- a/default.nix +++ b/default.nix @@ -1,11 +1,12 @@ -{ lib -, stdenv -, craneLib -, nixFilter -, maturin -, rustPlatform -, libiconv -, python3 +{ + lib, + stdenv, + craneLib, + nixFilter, + maturin, + rustPlatform, + libiconv, + python3, }: let @@ -20,12 +21,14 @@ let # and the standalone dylib which is used for tests and benchmarks doNotLinkInheritedArtifacts = true; - buildInputs = [ - python3 - ] ++ lib.optionals stdenv.isDarwin [ - # Additional darwin specific inputs can be set here - libiconv - ]; + buildInputs = + [ + python3 + ] + ++ lib.optionals stdenv.isDarwin [ + # Additional darwin specific inputs can be set here + libiconv + ]; }; # Build *just* the cargo dependencies, so we can reuse @@ -34,9 +37,12 @@ let # Build the actual crate itself, reusing the dependency # artifacts from above. - libunblob-native = craneLib.buildPackage (commonArgs // { - inherit cargoArtifacts; - }); + libunblob-native = craneLib.buildPackage ( + commonArgs + // { + inherit cargoArtifacts; + } + ); self = python3.pkgs.buildPythonPackage { inherit (libunblob-native) pname version; @@ -64,39 +70,44 @@ let lockFile = ./Cargo.lock; }; - nativeBuildInputs = - (with rustPlatform; [ + nativeBuildInputs = ( + with rustPlatform; + [ cargoSetupHook maturinBuildHook - ]); - + ] + ); passthru = { - inherit cargoArtifacts craneLib commonArgs libunblob-native; + inherit + cargoArtifacts + craneLib + commonArgs + libunblob-native + ; tests = { pytest = - with python3.pkgs; buildPythonPackage - { - inherit (libunblob-native) pname version; - format = "other"; - - src = nixFilter - { - root = ./.; - include = [ - "pyproject.toml" - "tests" - ]; - }; - - dontBuild = true; - dontInstall = true; - - nativeCheckInputs = [ - self - pytestCheckHook + with python3.pkgs; + buildPythonPackage { + inherit (libunblob-native) pname version; + format = "other"; + + src = nixFilter { + root = ./.; + include = [ + "pyproject.toml" + "tests" ]; }; + + dontBuild = true; + dontInstall = true; + + nativeCheckInputs = [ + self + pytestCheckHook + ]; + }; }; }; }; diff --git a/flake.lock b/flake.lock index 0a90fd0..7fce595 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "advisory-db": { "flake": false, "locked": { - "lastModified": 1724510776, - "narHash": "sha256-K9CHOXzHPfNjZsz3dC9Vhdryz70dyaDTsCjFJHB19xA=", + "lastModified": 1728429239, + "narHash": "sha256-k1KRRgmfKNhO9eU55FMkkzkneqAlwz5oLC5NSiEfGxs=", "owner": "rustsec", "repo": "advisory-db", - "rev": "dd0703e582ab7edc2637bc3385d540c3dbffa0db", + "rev": "acb7ce45817b13dd34cb32540ff18be4e1f3ba09", "type": "github" }, "original": { @@ -17,17 +17,12 @@ } }, "crane": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, "locked": { - "lastModified": 1724537630, - "narHash": "sha256-gpqINM71zp3kw5XYwUXa84ZtPnCmLLnByuFoYesT1bY=", + "lastModified": 1728344376, + "narHash": "sha256-lxTce2XE6mfJH8Zk6yBbqsbu9/jpwdymbSH5cCbiVOA=", "owner": "ipetkov", "repo": "crane", - "rev": "3e08f4b1fc9aaede5dd511d8f5f4ef27501e49b0", + "rev": "fd86b78f5f35f712c72147427b1eb81a9bd55d0b", "type": "github" }, "original": { @@ -41,11 +36,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -71,11 +66,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724395761, - "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", + "lastModified": 1728538411, + "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ae815cee91b417be55d43781eb4b73ae1ecc396c", + "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index af80874..a0b5b5f 100644 --- a/flake.nix +++ b/flake.nix @@ -6,10 +6,7 @@ nix-filter.url = "github:numtide/nix-filter"; - crane = { - url = "github:ipetkov/crane"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + crane.url = "github:ipetkov/crane"; flake-utils.url = "github:numtide/flake-utils"; @@ -19,85 +16,112 @@ }; }; - outputs = { self, nixpkgs, nix-filter, crane, flake-utils, advisory-db, ... }: { - overlays.default = final: prev: - let - craneLib = crane.lib.${final.system}; - nixFilter = nix-filter.lib; - in - { - pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ - (python-final: python-prev: { - unblob-native = python-final.callPackage ./. { inherit craneLib nixFilter; }; - }) - ]; - }; - } - // flake-utils.lib.eachDefaultSystem (system: - let - pkgs = import nixpkgs { - inherit system; - overlays = [ self.overlays.default ]; - }; - - inherit (pkgs.python3Packages) unblob-native; - in + outputs = { - - checks = unblob-native.tests // ( + self, + nixpkgs, + nix-filter, + crane, + flake-utils, + advisory-db, + ... + }: + { + overlays.default = + final: prev: let - inherit (unblob-native) cargoArtifacts commonArgs craneLib libunblob-native src; + craneLib = crane.mkLib final; + nixFilter = nix-filter.lib; in { - # Build the crate as part of `nix flake check` for convenience - inherit libunblob-native; - - # Run clippy (and deny all warnings) on the crate source, - # again, reusing the dependency artifacts from above. - # - # Note that this is done as a separate derivation so that - # we can block the CI if there are issues here, but not - # prevent downstream consumers from building our crate by itself. - libunblob-native-clippy = craneLib.cargoClippy (commonArgs // { - inherit cargoArtifacts; - cargoClippyExtraArgs = "--all-targets -- --deny warnings"; - }); - - libunblob-native-doc = craneLib.cargoDoc (commonArgs // { - inherit cargoArtifacts; - }); - - # Check formatting - libunblob-native-fmt = craneLib.cargoFmt { - inherit src; - }; - - # Audit dependencies - libunblob-native-audit = craneLib.cargoAudit { - inherit src advisory-db; - }; - - } - ); - - packages = { - default = unblob-native; - inherit unblob-native; - }; - - devShells.default = pkgs.mkShell { - inputsFrom = builtins.attrValues self.checks.${system}; - - nativeBuildInputs = with pkgs; [ - black - maturin - pdm - ruff - rustc - cargo - ]; - }; - - formatter = pkgs.nixpkgs-fmt; - }); + pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ + (python-final: python-prev: { + unblob-native = python-final.callPackage ./. { inherit craneLib nixFilter; }; + }) + ]; + }; + } + // flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ self.overlays.default ]; + }; + + inherit (pkgs.python3Packages) unblob-native; + in + { + + checks = + unblob-native.tests + // ( + let + inherit (unblob-native) + cargoArtifacts + commonArgs + craneLib + libunblob-native + src + ; + in + { + # Build the crate as part of `nix flake check` for convenience + inherit libunblob-native; + + # Run clippy (and deny all warnings) on the crate source, + # again, reusing the dependency artifacts from above. + # + # Note that this is done as a separate derivation so that + # we can block the CI if there are issues here, but not + # prevent downstream consumers from building our crate by itself. + libunblob-native-clippy = craneLib.cargoClippy ( + commonArgs + // { + inherit cargoArtifacts; + cargoClippyExtraArgs = "--all-targets -- --deny warnings"; + } + ); + + libunblob-native-doc = craneLib.cargoDoc ( + commonArgs + // { + inherit cargoArtifacts; + } + ); + + # Check formatting + libunblob-native-fmt = craneLib.cargoFmt { + inherit src; + }; + + # Audit dependencies + libunblob-native-audit = craneLib.cargoAudit { + inherit src advisory-db; + }; + + } + ); + + packages = { + default = unblob-native; + inherit unblob-native; + }; + + devShells.default = pkgs.mkShell { + inputsFrom = builtins.attrValues self.checks.${system}; + + nativeBuildInputs = with pkgs; [ + black + maturin + pdm + ruff + rustc + cargo + ]; + }; + + formatter = pkgs.nixfmt-rfc-style; + } + ); } diff --git a/pdm.lock b/pdm.lock index 8f92858..e63728f 100644 --- a/pdm.lock +++ b/pdm.lock @@ -4,32 +4,16 @@ [metadata] groups = ["default", "dev", "test"] strategy = ["cross_platform"] -lock_version = "4.4" -content_hash = "sha256:059c14537cbb124d6a6d0a3efcf15ed933cada57de74904f7048c38992d060f1" +lock_version = "4.5.0" +content_hash = "sha256:fa4a6e5ed6074d8e68af326103d3232afbfd3c73c2c48484740a5a28794c3f09" -[[package]] -name = "atomicwrites" -version = "1.4.1" -requires_python = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -summary = "Atomic file writes." -files = [ - {file = "atomicwrites-1.4.1.tar.gz", hash = "sha256:81b2c9071a49367a7f770170e5eec8cb66567cfbbc8c73d20ce5ca4a8d71cf11"}, -] - -[[package]] -name = "attrs" -version = "23.1.0" -requires_python = ">=3.7" -summary = "Classes Without Boilerplate" -files = [ - {file = "attrs-23.1.0-py3-none-any.whl", hash = "sha256:1f28b4522cdc2fb4256ac1a020c78acf9cba2c6b461ccd2c126f3aa8e8335d04"}, - {file = "attrs-23.1.0.tar.gz", hash = "sha256:6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015"}, -] +[[metadata.targets]] +requires_python = ">=3.8" [[package]] name = "black" -version = "23.3.0" -requires_python = ">=3.7" +version = "24.8.0" +requires_python = ">=3.8" summary = "The uncompromising code formatter." dependencies = [ "click>=8.0.0", @@ -38,31 +22,31 @@ dependencies = [ "pathspec>=0.9.0", "platformdirs>=2", "tomli>=1.1.0; python_version < \"3.11\"", - "typing-extensions>=3.10.0.0; python_version < \"3.10\"", + "typing-extensions>=4.0.1; python_version < \"3.11\"", ] files = [ - {file = "black-23.3.0-cp310-cp310-macosx_10_16_arm64.whl", hash = "sha256:0945e13506be58bf7db93ee5853243eb368ace1c08a24c65ce108986eac65915"}, - {file = "black-23.3.0-cp310-cp310-macosx_10_16_universal2.whl", hash = "sha256:67de8d0c209eb5b330cce2469503de11bca4085880d62f1628bd9972cc3366b9"}, - {file = "black-23.3.0-cp310-cp310-macosx_10_16_x86_64.whl", hash = "sha256:7c3eb7cea23904399866c55826b31c1f55bbcd3890ce22ff70466b907b6775c2"}, - {file = "black-23.3.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:32daa9783106c28815d05b724238e30718f34155653d4d6e125dc7daec8e260c"}, - {file = "black-23.3.0-cp310-cp310-win_amd64.whl", hash = "sha256:35d1381d7a22cc5b2be2f72c7dfdae4072a3336060635718cc7e1ede24221d6c"}, - {file = "black-23.3.0-cp311-cp311-macosx_10_16_arm64.whl", hash = "sha256:a8a968125d0a6a404842fa1bf0b349a568634f856aa08ffaff40ae0dfa52e7c6"}, - {file = "black-23.3.0-cp311-cp311-macosx_10_16_universal2.whl", hash = "sha256:c7ab5790333c448903c4b721b59c0d80b11fe5e9803d8703e84dcb8da56fec1b"}, - {file = "black-23.3.0-cp311-cp311-macosx_10_16_x86_64.whl", hash = "sha256:a6f6886c9869d4daae2d1715ce34a19bbc4b95006d20ed785ca00fa03cba312d"}, - {file = "black-23.3.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6f3c333ea1dd6771b2d3777482429864f8e258899f6ff05826c3a4fcc5ce3f70"}, - {file = "black-23.3.0-cp311-cp311-win_amd64.whl", hash = "sha256:11c410f71b876f961d1de77b9699ad19f939094c3a677323f43d7a29855fe326"}, - {file = "black-23.3.0-cp38-cp38-macosx_10_16_arm64.whl", hash = "sha256:48f9d345675bb7fbc3dd85821b12487e1b9a75242028adad0333ce36ed2a6d27"}, - {file = "black-23.3.0-cp38-cp38-macosx_10_16_universal2.whl", hash = "sha256:714290490c18fb0126baa0fca0a54ee795f7502b44177e1ce7624ba1c00f2331"}, - {file = "black-23.3.0-cp38-cp38-macosx_10_16_x86_64.whl", hash = "sha256:064101748afa12ad2291c2b91c960be28b817c0c7eaa35bec09cc63aa56493c5"}, - {file = "black-23.3.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:562bd3a70495facf56814293149e51aa1be9931567474993c7942ff7d3533961"}, - {file = "black-23.3.0-cp38-cp38-win_amd64.whl", hash = "sha256:e198cf27888ad6f4ff331ca1c48ffc038848ea9f031a3b40ba36aced7e22f2c8"}, - {file = "black-23.3.0-cp39-cp39-macosx_10_16_arm64.whl", hash = "sha256:3238f2aacf827d18d26db07524e44741233ae09a584273aa059066d644ca7b30"}, - {file = "black-23.3.0-cp39-cp39-macosx_10_16_universal2.whl", hash = "sha256:f0bd2f4a58d6666500542b26354978218a9babcdc972722f4bf90779524515f3"}, - {file = "black-23.3.0-cp39-cp39-macosx_10_16_x86_64.whl", hash = "sha256:92c543f6854c28a3c7f39f4d9b7694f9a6eb9d3c5e2ece488c327b6e7ea9b266"}, - {file = "black-23.3.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3a150542a204124ed00683f0db1f5cf1c2aaaa9cc3495b7a3b5976fb136090ab"}, - {file = "black-23.3.0-cp39-cp39-win_amd64.whl", hash = "sha256:6b39abdfb402002b8a7d030ccc85cf5afff64ee90fa4c5aebc531e3ad0175ddb"}, - {file = "black-23.3.0-py3-none-any.whl", hash = "sha256:ec751418022185b0c1bb7d7736e6933d40bbb14c14a0abcf9123d1b159f98dd4"}, - {file = "black-23.3.0.tar.gz", hash = "sha256:1c7b8d606e728a41ea1ccbd7264677e494e87cf630e399262ced92d4a8dac940"}, + {file = "black-24.8.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:09cdeb74d494ec023ded657f7092ba518e8cf78fa8386155e4a03fdcc44679e6"}, + {file = "black-24.8.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:81c6742da39f33b08e791da38410f32e27d632260e599df7245cccee2064afeb"}, + {file = "black-24.8.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:707a1ca89221bc8a1a64fb5e15ef39cd755633daa672a9db7498d1c19de66a42"}, + {file = "black-24.8.0-cp310-cp310-win_amd64.whl", hash = "sha256:d6417535d99c37cee4091a2f24eb2b6d5ec42b144d50f1f2e436d9fe1916fe1a"}, + {file = "black-24.8.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:fb6e2c0b86bbd43dee042e48059c9ad7830abd5c94b0bc518c0eeec57c3eddc1"}, + {file = "black-24.8.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:837fd281f1908d0076844bc2b801ad2d369c78c45cf800cad7b61686051041af"}, + {file = "black-24.8.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:62e8730977f0b77998029da7971fa896ceefa2c4c4933fcd593fa599ecbf97a4"}, + {file = "black-24.8.0-cp311-cp311-win_amd64.whl", hash = "sha256:72901b4913cbac8972ad911dc4098d5753704d1f3c56e44ae8dce99eecb0e3af"}, + {file = "black-24.8.0-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:7c046c1d1eeb7aea9335da62472481d3bbf3fd986e093cffd35f4385c94ae368"}, + {file = "black-24.8.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:649f6d84ccbae73ab767e206772cc2d7a393a001070a4c814a546afd0d423aed"}, + {file = "black-24.8.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:2b59b250fdba5f9a9cd9d0ece6e6d993d91ce877d121d161e4698af3eb9c1018"}, + {file = "black-24.8.0-cp312-cp312-win_amd64.whl", hash = "sha256:6e55d30d44bed36593c3163b9bc63bf58b3b30e4611e4d88a0c3c239930ed5b2"}, + {file = "black-24.8.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:505289f17ceda596658ae81b61ebbe2d9b25aa78067035184ed0a9d855d18afd"}, + {file = "black-24.8.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:b19c9ad992c7883ad84c9b22aaa73562a16b819c1d8db7a1a1a49fb7ec13c7d2"}, + {file = "black-24.8.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:1f13f7f386f86f8121d76599114bb8c17b69d962137fc70efe56137727c7047e"}, + {file = "black-24.8.0-cp38-cp38-win_amd64.whl", hash = "sha256:f490dbd59680d809ca31efdae20e634f3fae27fba3ce0ba3208333b713bc3920"}, + {file = "black-24.8.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:eab4dd44ce80dea27dc69db40dab62d4ca96112f87996bca68cd75639aeb2e4c"}, + {file = "black-24.8.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:3c4285573d4897a7610054af5a890bde7c65cb466040c5f0c8b732812d7f0e5e"}, + {file = "black-24.8.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:9e84e33b37be070ba135176c123ae52a51f82306def9f7d063ee302ecab2cf47"}, + {file = "black-24.8.0-cp39-cp39-win_amd64.whl", hash = "sha256:73bbf84ed136e45d451a260c6b73ed674652f90a2b3211d6a35e78054563a9bb"}, + {file = "black-24.8.0-py3-none-any.whl", hash = "sha256:972085c618ee94f402da1af548a4f218c754ea7e5dc70acb168bfaca4c2542ed"}, + {file = "black-24.8.0.tar.gz", hash = "sha256:2500945420b6784c38b9ee885af039f5e7471ef284ab03fa35ecdde4688cd83f"}, ] [[package]] @@ -82,6 +66,7 @@ requires_python = ">=3.7" summary = "Composable command line interface toolkit" dependencies = [ "colorama; platform_system == \"Windows\"", + "importlib-metadata; python_version < \"3.8\"", ] files = [ {file = "click-8.1.3-py3-none-any.whl", hash = "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"}, @@ -107,6 +92,16 @@ files = [ {file = "distlib-0.3.6.tar.gz", hash = "sha256:14bad2d9b04d3a36127ac97f30b12a19268f211063d8f8ee4f47108896e11b46"}, ] +[[package]] +name = "exceptiongroup" +version = "1.2.2" +requires_python = ">=3.7" +summary = "Backport of PEP 654 (exception groups)" +files = [ + {file = "exceptiongroup-1.2.2-py3-none-any.whl", hash = "sha256:3111b9d131c238bec2f8f516e123e14ba243563fb135d3fe885990585aa7795b"}, + {file = "exceptiongroup-1.2.2.tar.gz", hash = "sha256:47c2edf7c6738fafb49fd34290706d1a1a2f4d1c6df275526b62cbb4aa5393cc"}, +] + [[package]] name = "filelock" version = "3.12.0" @@ -185,6 +180,9 @@ name = "platformdirs" version = "3.5.0" requires_python = ">=3.7" summary = "A small Python package for determining appropriate platform-specific dirs, e.g. a \"user data dir\"." +dependencies = [ + "typing-extensions>=4.5; python_version < \"3.8\"", +] files = [ {file = "platformdirs-3.5.0-py3-none-any.whl", hash = "sha256:47692bc24c1958e8b0f13dd727307cff1db103fca36399f457da8e05f222fdc4"}, {file = "platformdirs-3.5.0.tar.gz", hash = "sha256:7954a68d0ba23558d753f73437c55f89027cf8f5108c19844d4b82e5af396335"}, @@ -192,18 +190,18 @@ files = [ [[package]] name = "pluggy" -version = "1.0.0" -requires_python = ">=3.6" +version = "1.5.0" +requires_python = ">=3.8" summary = "plugin and hook calling mechanisms for python" files = [ - {file = "pluggy-1.0.0-py2.py3-none-any.whl", hash = "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"}, - {file = "pluggy-1.0.0.tar.gz", hash = "sha256:4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159"}, + {file = "pluggy-1.5.0-py3-none-any.whl", hash = "sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669"}, + {file = "pluggy-1.5.0.tar.gz", hash = "sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1"}, ] [[package]] name = "pre-commit" -version = "2.21.0" -requires_python = ">=3.7" +version = "3.5.0" +requires_python = ">=3.8" summary = "A framework for managing and maintaining multi-language pre-commit hooks." dependencies = [ "cfgv>=2.0.0", @@ -213,51 +211,40 @@ dependencies = [ "virtualenv>=20.10.0", ] files = [ - {file = "pre_commit-2.21.0-py2.py3-none-any.whl", hash = "sha256:e2f91727039fc39a92f58a588a25b87f936de6567eed4f0e673e0507edc75bad"}, - {file = "pre_commit-2.21.0.tar.gz", hash = "sha256:31ef31af7e474a8d8995027fefdfcf509b5c913ff31f2015b4ec4beb26a6f658"}, -] - -[[package]] -name = "py" -version = "1.11.0" -requires_python = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" -summary = "library with cross-python path, ini-parsing, io, code, log facilities" -files = [ - {file = "py-1.11.0-py2.py3-none-any.whl", hash = "sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378"}, - {file = "py-1.11.0.tar.gz", hash = "sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719"}, + {file = "pre_commit-3.5.0-py2.py3-none-any.whl", hash = "sha256:841dc9aef25daba9a0238cd27984041fa0467b4199fc4852e27950664919f660"}, + {file = "pre_commit-3.5.0.tar.gz", hash = "sha256:5804465c675b659b0862f07907f96295d490822a450c4c40e747d0b1c6ebcb32"}, ] [[package]] name = "pyright" -version = "1.1.306" +version = "1.1.384" requires_python = ">=3.7" summary = "Command line wrapper for pyright" dependencies = [ "nodeenv>=1.6.0", + "typing-extensions>=4.1", ] files = [ - {file = "pyright-1.1.306-py3-none-any.whl", hash = "sha256:008eb2a29584ae274a154d749cf81476a3073fb562a462eac8d43a753378b9db"}, - {file = "pyright-1.1.306.tar.gz", hash = "sha256:16d5d198be64de497d5f9002000a271176c381e21b977ca5566cf779b643c9ed"}, + {file = "pyright-1.1.384-py3-none-any.whl", hash = "sha256:f0b6f4db2da38f27aeb7035c26192f034587875f751b847e9ad42ed0c704ac9e"}, + {file = "pyright-1.1.384.tar.gz", hash = "sha256:25e54d61f55cbb45f1195ff89c488832d7a45d59f3e132f178fdf9ef6cafc706"}, ] [[package]] name = "pytest" -version = "7.0.1" -requires_python = ">=3.6" +version = "8.3.3" +requires_python = ">=3.8" summary = "pytest: simple powerful testing with Python" dependencies = [ - "atomicwrites>=1.0; sys_platform == \"win32\"", - "attrs>=19.2.0", "colorama; sys_platform == \"win32\"", + "exceptiongroup>=1.0.0rc8; python_version < \"3.11\"", "iniconfig", "packaging", - "pluggy<2.0,>=0.12", - "py>=1.8.2", - "tomli>=1.0.0", + "pluggy<2,>=1.5", + "tomli>=1; python_version < \"3.11\"", ] files = [ - {file = "pytest-7.0.1-py3-none-any.whl", hash = "sha256:9ce3ff477af913ecf6321fe337b93a2c0dcf2a0a1439c43f5452112c1e4280db"}, - {file = "pytest-7.0.1.tar.gz", hash = "sha256:e30905a0c131d3d94b89624a1cc5afec3e0ba2fbdb151867d8e0ebd49850f171"}, + {file = "pytest-8.3.3-py3-none-any.whl", hash = "sha256:a6853c7375b2663155079443d2e45de913a911a11d669df02a50814944db57b2"}, + {file = "pytest-8.3.3.tar.gz", hash = "sha256:70b98107bd648308a7952b06e6ca9a50bc660be218d53c257cc1fc94fda10181"}, ] [[package]] @@ -308,27 +295,28 @@ files = [ [[package]] name = "ruff" -version = "0.0.264" +version = "0.6.9" requires_python = ">=3.7" -summary = "An extremely fast Python linter, written in Rust." +summary = "An extremely fast Python linter and code formatter, written in Rust." files = [ - {file = "ruff-0.0.264-py3-none-macosx_10_7_x86_64.whl", hash = "sha256:ec2fa192c035b8b68cc2b91049c561cd69543e2b8c4d157d9aa7727320bedcca"}, - {file = "ruff-0.0.264-py3-none-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl", hash = "sha256:d97ba8db0fb601ffe9ee996ebb97c698e427a2fd4514fefbe7b803111354f783"}, - {file = "ruff-0.0.264-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4564e0f245eb515c6ed63988c21e9c40bcfd485cd1ec63bdd790f9a81d301f15"}, - {file = "ruff-0.0.264-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:323ae6c1702b26c96d0fbf939c5959c37e79021f86b70f63634df918bc77f36e"}, - {file = "ruff-0.0.264-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:18a29ed37bf8cfe6dce8a2db56c313a64c0804095108753621f3c3321e0c9c5f"}, - {file = "ruff-0.0.264-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:d628de91e2be7a83128526636097d2dd890669a06143f826f6c591d79aeefbc4"}, - {file = "ruff-0.0.264-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:91c6eb4f979b661a2dd850d9ac803842bb7b66d4926de84f09c787af82590f73"}, - {file = "ruff-0.0.264-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:04ec5d75e4bca754cedd20d53e2ba4920d6259e7579abfb2e8e30c3c80e41b17"}, - {file = "ruff-0.0.264-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:71fd865ebacc1083259b3fb7e3eb45235a86e62e21830b8a6b067be0ec54aa2e"}, - {file = "ruff-0.0.264-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:cd4f60ffc3eb15802c554a9c8581bf2117c4d3d06fbc57e0ba58f04cb1aaa47f"}, - {file = "ruff-0.0.264-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:05ee163a046fc593d150179d23f4af447fb82f3e59cd34e031ea0868c65bb8e8"}, - {file = "ruff-0.0.264-py3-none-musllinux_1_2_i686.whl", hash = "sha256:484e395d1984ab9e1e66bd42e7a5192decfee86998d07d36ee50b2fadccc8734"}, - {file = "ruff-0.0.264-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:67326fdc9ac0a1b13e229c6e24e8d115863c52cd710faaaaa588851535281d6c"}, - {file = "ruff-0.0.264-py3-none-win32.whl", hash = "sha256:5a8658ebcc37d62f72840cbdf564171c1a2b6831db482b4d917962541a2f4a44"}, - {file = "ruff-0.0.264-py3-none-win_amd64.whl", hash = "sha256:068a82a29d80848a56e3d9d4308e6e0ca8b2ecdaf5ac342a292545a59b7f2c21"}, - {file = "ruff-0.0.264-py3-none-win_arm64.whl", hash = "sha256:3e2c38449548e122f2612843a7c04e22b4fd491656955c57b8cb05df11639ad6"}, - {file = "ruff-0.0.264.tar.gz", hash = "sha256:8fcd4b693ca1374eb7a5796581c90689f884f98f388740d94f0702fd30f8f78f"}, + {file = "ruff-0.6.9-py3-none-linux_armv6l.whl", hash = "sha256:064df58d84ccc0ac0fcd63bc3090b251d90e2a372558c0f057c3f75ed73e1ccd"}, + {file = "ruff-0.6.9-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:140d4b5c9f5fc7a7b074908a78ab8d384dd7f6510402267bc76c37195c02a7ec"}, + {file = "ruff-0.6.9-py3-none-macosx_11_0_arm64.whl", hash = "sha256:53fd8ca5e82bdee8da7f506d7b03a261f24cd43d090ea9db9a1dc59d9313914c"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:645d7d8761f915e48a00d4ecc3686969761df69fb561dd914a773c1a8266e14e"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:eae02b700763e3847595b9d2891488989cac00214da7f845f4bcf2989007d577"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7d5ccc9e58112441de8ad4b29dcb7a86dc25c5f770e3c06a9d57e0e5eba48829"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:417b81aa1c9b60b2f8edc463c58363075412866ae4e2b9ab0f690dc1e87ac1b5"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3c866b631f5fbce896a74a6e4383407ba7507b815ccc52bcedabb6810fdb3ef7"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7b118afbb3202f5911486ad52da86d1d52305b59e7ef2031cea3425142b97d6f"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a67267654edc23c97335586774790cde402fb6bbdb3c2314f1fc087dee320bfa"}, + {file = "ruff-0.6.9-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:3ef0cc774b00fec123f635ce5c547dac263f6ee9fb9cc83437c5904183b55ceb"}, + {file = "ruff-0.6.9-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:12edd2af0c60fa61ff31cefb90aef4288ac4d372b4962c2864aeea3a1a2460c0"}, + {file = "ruff-0.6.9-py3-none-musllinux_1_2_i686.whl", hash = "sha256:55bb01caeaf3a60b2b2bba07308a02fca6ab56233302406ed5245180a05c5625"}, + {file = "ruff-0.6.9-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:925d26471fa24b0ce5a6cdfab1bb526fb4159952385f386bdcc643813d472039"}, + {file = "ruff-0.6.9-py3-none-win32.whl", hash = "sha256:eb61ec9bdb2506cffd492e05ac40e5bc6284873aceb605503d8494180d6fc84d"}, + {file = "ruff-0.6.9-py3-none-win_amd64.whl", hash = "sha256:785d31851c1ae91f45b3d8fe23b8ae4b5170089021fbb42402d811135f0b7117"}, + {file = "ruff-0.6.9-py3-none-win_arm64.whl", hash = "sha256:a9641e31476d601f83cd602608739a0840e348bda93fec9f1ee816f8b6798b93"}, + {file = "ruff-0.6.9.tar.gz", hash = "sha256:b076ef717a8e5bc819514ee1d602bbdca5b4420ae13a9cf61a0c0a4f53a2baa2"}, ] [[package]] @@ -369,6 +357,7 @@ summary = "Virtual Python Environment builder" dependencies = [ "distlib<1,>=0.3.6", "filelock<4,>=3.11", + "importlib-metadata>=6.4.1; python_version < \"3.8\"", "platformdirs<4,>=3.2", ] files = [ diff --git a/pyproject.toml b/pyproject.toml index f1fabb2..688aa41 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,37 +9,14 @@ readme = "README.md" requires-python = ">=3.8" dynamic = ["version"] # Calculated from the rust module version +dependencies = [] [project.urls] homepage = "https://unblob.org" repository = "https://github.com/onekey-sec/unblob-native" -[tool.pdm.scripts] -venv = "pdm sync -d" -pre-commit = "pre-commit run --all" -pyright = "pyright" -pytest = "python -m pytest tests" -clippy = "cargo clippy --all-targets -- --deny warnings" -test = "cargo test" -all = { composite = ["clippy", "test", "venv", "pre-commit", "pyright", "pytest"] } - -[tool.pdm.dev-dependencies] -dev = [ - "black ~= 23.3.0", - "pre-commit ~= 2.20", - "pyright == 1.1.306", - "ruff ~= 0.0.264", -] - -test = [ - "pytest ~= 7.0.0", -] - -[tool.pdm.resolution.overrides] -pyyaml = "~= 6.0.1" # For Python 3.12 compatibility - [build-system] -requires = ["maturin>=0.14,<0.15"] +requires = ["maturin>=1.0,<2.0"] build-backend = "maturin" [tool.maturin] @@ -54,6 +31,7 @@ features = [ [tool.ruff] target-version = "py38" +[tool.ruff.lint] select = [ "A", # flake8-builtins "ARG", # flake8-unused-arguments @@ -67,7 +45,6 @@ select = [ "FBT", # flake8-boolean-trap "G", # flake8-logging-format "I", # isort - "ISC", # flake8-implicit-str-concats "N", # pep8-naming "PIE", # flake8-pie "PYI", # flake8-pyi @@ -93,10 +70,11 @@ ignore = [ "D203", # one-blank-line-before-class: D211 (no-blank-line-before-class) is used instead "D213", # multi-line-summary-second-line: D212 (multi-line-summary-first-line) is used instead "E501", # line-too-long: Let black handle line length violations + "TRY003", # raise-vanilla-args: We are adding contextual information in exception messages "UP007", # non-pep604-annotation: Python 3.8 support needs legacy annotations ] -[tool.ruff.per-file-ignores] +[tool.ruff.lint.per-file-ignores] "python/unblob_native/__init__.py" = [ "F403", "A001", @@ -108,10 +86,10 @@ ignore = [ "S101", # assert: Enable usage of asserts ] -[tool.ruff.isort] +[tool.ruff.lint.isort] known-first-party = ["unblob_native"] -[tool.ruff.flake8-pytest-style] +[tool.ruff.lint.flake8-pytest-style] fixture-parentheses = false mark-parentheses = false parametrize-names-type = "csv" @@ -136,3 +114,24 @@ reportUnusedCallResult = "warning" reportUnknownArgumentType = "none" reportUnknownVariableType = "none" reportUnknownMemberType = "none" + +[tool.pdm.scripts] +venv = "pdm sync -d" +pre-commit = "pre-commit run --all" +pyright = "pyright" +pytest = "python -m pytest tests" +clippy = "cargo clippy --all-targets -- --deny warnings" +test = "cargo test" +all = { composite = ["clippy", "test", "venv", "pre-commit", "pyright", "pytest"] } + +[tool.pdm.dev-dependencies] +dev = [ + "black>=24.8.0", + "pre-commit>=3.5.0", + "pyright>=1.1.384", + "ruff>=0.6.9", +] + +test = [ + "pytest>=8.3.3", +] diff --git a/src/lib.rs b/src/lib.rs index d9e70f8..076096c 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -5,9 +5,9 @@ use pyo3::prelude::*; /// Performance-critical functionality #[pymodule] -fn _native(py: Python, m: &PyModule) -> PyResult<()> { - math_tools::init_module(py, m)?; - sandbox::init_module(py, m)?; +fn _native(m: &Bound<'_, PyModule>) -> PyResult<()> { + math_tools::init_module(m)?; + sandbox::init_module(m)?; pyo3_log::init(); diff --git a/src/math_tools.rs b/src/math_tools.rs index 1597444..e5eb118 100644 --- a/src/math_tools.rs +++ b/src/math_tools.rs @@ -25,13 +25,15 @@ pub fn py_shannon_entropy(py: Python, data: &[u8]) -> PyResult { py.allow_threads(|| Ok(shannon_entropy(data))) } -pub fn init_module(py: Python, root_module: &PyModule) -> PyResult<()> { - let module = PyModule::new(py, "math_tools")?; - module.add_function(wrap_pyfunction!(py_shannon_entropy, module)?)?; +pub fn init_module(root_module: &Bound<'_, PyModule>) -> PyResult<()> { + let module = PyModule::new_bound(root_module.py(), "math_tools")?; + module.add_function(wrap_pyfunction!(py_shannon_entropy, &module)?)?; - root_module.add_submodule(module)?; + root_module.add_submodule(&module)?; - py.import("sys")? + root_module + .py() + .import_bound("sys")? .getattr("modules")? .set_item("unblob_native.math", module)?; diff --git a/src/sandbox/linux.rs b/src/sandbox/linux.rs index 75d6182..9620f9b 100644 --- a/src/sandbox/linux.rs +++ b/src/sandbox/linux.rs @@ -1,11 +1,12 @@ use landlock::{ - path_beneath_rules, Access, AccessFs, Ruleset, RulesetAttr, RulesetCreatedAttr, ABI, + path_beneath_rules, Access, AccessFs, Ruleset, RulesetAttr, RulesetCreatedAttr, RulesetStatus, + ABI, }; use log; use std::path::Path; -use crate::sandbox::AccessFS; +use crate::sandbox::{AccessFS, SandboxError}; impl AccessFS { fn read(&self) -> Option<&Path> { @@ -41,7 +42,7 @@ impl AccessFS { } } -pub fn restrict_access(access_rules: &[AccessFS]) -> Result<(), Box> { +pub fn restrict_access(access_rules: &[AccessFS]) -> Result<(), SandboxError> { let abi = ABI::V2; let read_only: Vec<&Path> = access_rules.iter().filter_map(AccessFS::read).collect(); @@ -55,7 +56,7 @@ pub fn restrict_access(access_rules: &[AccessFS]) -> Result<(), Box = access_rules.iter().filter_map(AccessFS::make_dir).collect(); - let status = Ruleset::new() + let status = Ruleset::default() .handle_access(AccessFs::from_all(abi))? .create()? .add_rules(path_beneath_rules(read_write, AccessFs::from_all(abi)))? @@ -64,6 +65,11 @@ pub fn restrict_access(access_rules: &[AccessFS]) -> Result<(), Box PyResult<()> { +fn py_restrict_access(rules: &Bound<'_, PyTuple>) -> PyResult<()> { sandbox_impl::restrict_access( &rules .iter() .map(|r| Ok(r.extract::()?.access)) .collect::>>()?, ) - .map_err(|err| SandboxError::new_err(err.to_string())) + .map_err(|err| PySandboxError::new_err((PySandboxErrorKind::from(&err), err.to_string()))) } -create_exception!(unblob_native.sandbox, SandboxError, PyException); +create_exception!(unblob_native.sandbox, PySandboxError, PyException); + +#[pyclass(eq, eq_int, name = "SandboxErrorKind")] +#[derive(PartialEq)] +enum PySandboxErrorKind { + NotImplementend, + NotEnforced, + Unknown, +} + +impl From<&SandboxError> for PySandboxErrorKind { + fn from(value: &SandboxError) -> Self { + #[allow(unreachable_patterns)] // There are conditional pattern variants that may not exist + match value { + SandboxError::NotImplemented => Self::NotImplementend, + SandboxError::NotEnforced => Self::NotEnforced, + _ => Self::Unknown, + } + } +} #[pyclass(name = "AccessFS", module = "unblob_native.sandbox")] #[derive(Clone)] @@ -62,14 +94,19 @@ impl PyAccessFS { } } -pub fn init_module(py: Python, root_module: &PyModule) -> PyResult<()> { - let module = PyModule::new(py, "sandbox")?; - module.add_function(wrap_pyfunction!(py_restrict_access, module)?)?; +pub fn init_module(root_module: &Bound<'_, PyModule>) -> PyResult<()> { + let module = PyModule::new_bound(root_module.py(), "sandbox")?; + module.add_function(wrap_pyfunction!(py_restrict_access, &module)?)?; module.add_class::()?; - module.add("SandboxError", py.get_type::())?; + module.add( + "SandboxError", + root_module.py().get_type_bound::(), + )?; - root_module.add_submodule(module)?; - py.import("sys")? + root_module.add_submodule(&module)?; + root_module + .py() + .import_bound("sys")? .getattr("modules")? .set_item("unblob_native.sandbox", module)?; diff --git a/src/sandbox/unsupported.rs b/src/sandbox/unsupported.rs index 55a148a..2e0d958 100644 --- a/src/sandbox/unsupported.rs +++ b/src/sandbox/unsupported.rs @@ -1,5 +1,5 @@ -use crate::sandbox::AccessFS; +use crate::sandbox::{AccessFS, SandboxError}; -pub fn restrict_access(_access_rules: &[AccessFS]) -> Result<(), Box> { - Err("Sandboxing FS access is unavailable on this system")? +pub fn restrict_access(_access_rules: &[AccessFS]) -> Result<(), SandboxError> { + Err(SandboxError::NotImplemented)? } diff --git a/tests/test_sandbox.py b/tests/test_sandbox.py index 3b2f4ab..4685109 100644 --- a/tests/test_sandbox.py +++ b/tests/test_sandbox.py @@ -1,4 +1,8 @@ +import ctypes +import errno +import os import platform +from ctypes import c_uint32 from pathlib import Path import pytest @@ -31,9 +35,42 @@ def sandbox_path(tmp_path_factory: pytest.TempPathFactory) -> Path: return sandbox_path +# In include/uapi/asm-generic/unistd.h: +# #define __NR_landlock_create_ruleset 444 +__NR_landlock_create_ruleset = 444 +# In include/uapi/linux/landlock.h: +# #define LANDLOCK_CREATE_RULESET_VERSION (1U << 0) +LANDLOCK_CREATE_RULESET_VERSION = 1 << 0 + + +def landlock_supported() -> int: + if platform.system() != "Linux": + return 0 + + # https://docs.kernel.org/userspace-api/landlock.html#creating-a-new-ruleset + libc = ctypes.CDLL(None, use_errno=True) + + max_abi_version = libc.syscall( + __NR_landlock_create_ruleset, + None, + ctypes.c_size_t(0), + c_uint32(LANDLOCK_CREATE_RULESET_VERSION), + ) + if max_abi_version > 0: + return max_abi_version + + err = ctypes.get_errno() + if err in ( + errno.EOPNOTSUPP, # disabled at boot time + errno.ENOSYS, # not implememented + ): + return 0 + + raise RuntimeError("landlock_create_ruleset failed", err, os.strerror(err)) + + @pytest.mark.skipif( - platform.system() != "Linux" or platform.machine() != "x86_64", - reason="Only supported on Linux x86-64.", + not landlock_supported(), reason="Landlock support is not available on this system" ) def test_read_sandboxing(request: pytest.FixtureRequest, sandbox_path: Path): restrict_access(