Draft
Conversation
Python related package updates are now specified in the uv.lock file which should be updated using `uv sync`
Use uv to run and manage the environment in which the check.py runs. * Add the dependencies required to run the check.py script to a new check dependency group. Note that to avoid automatically installing these dependencies into the environment the dev group is not used. * Update check.py to use `uv run` * Update the check workflow to use uv.
This rips out the mirror uploading logic from the `pythonbuild` rust CLI and moves it to Python, mainly because the rust aws sdk is clearly not mature enough to support our use case, as evidenced by astral-sh#1047 I've also had to start using `--no-dev` on some existing `uv run` invocations because `moto` wouldn't cleanly install in some build jobs (like when building CPython for Windows). ## Test plan Apart from unit tests, there's now an integration test with a local, mocked S3 provider (using `moto`). Dry run release on this branch: https://github.com/astral-sh/python-build-standalone/actions/runs/23550742376
…l-sh#1057) I'm planning to introduce running of the full stdlib test harness into CI. As a prerequisite to this work, I want to shore up the running of tests against the Python distribution. Right now, we have a mechanism in `test-distribution.py` to extract the distribution and run the stdlib test harness. This commit moves and modernizes the logic so it resides in `pythonbuild`. `test-distribution.py` is switched to use `uv`, matching other scripts in the root directory. Future commits will significantly refactor this code for testing distribution, including unifying the Rust-based `verify_distribution.py` into the now `pythonbuild` based testing mechanism.
We move the custom `unittest` based tests from this file into a new `pythonbuild/disttests` package, deleting `src/verify_distribution.py` in the process. We teach the new `pythonbuild.testdist` code to run our custom unittests given an extracted Python distribution. They now run by default. Rust code for executing the Python in the distribution has been removed. CI tests have been updated to invoke `test-distribution.py` when we support running the interpreter. Behavior of `test-distribution.py` / `pythonbuild.disttests` has been changed so stdlib tests are no longer run by default. This is necessary to preserve backwards compatibility to keep CI passing. Functionality is still a bit klunky IMO. I'll clean up the CLI UX a bit in future commits.
Otherwise we run into a build issue with `cryptography` on Windows ARM. This should fix CI on the `main` branch.
Bumps [quinn-proto](https://github.com/quinn-rs/quinn) from 0.11.9 to 0.11.14. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/quinn-rs/quinn/releases">quinn-proto's releases</a>.</em></p> <blockquote> <h2>quinn-proto 0.11.14</h2> <p><a href="https://github.com/jxs"><code>@jxs</code></a> reported a denial of service issue in quinn-proto 5 days ago:</p> <ul> <li><a href="https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98">https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98</a></li> </ul> <p>We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.</p> <p>Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.</p> <h2>What's Changed</h2> <ul> <li>Fix over-permissive proto dependency edge by <a href="https://github.com/Ralith"><code>@Ralith</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2385">quinn-rs/quinn#2385</a></li> <li>0.11.x: avoid unwrapping VarInt decoding during parameter parsing by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2559">quinn-rs/quinn#2559</a></li> </ul> <h2>quinn-proto 0.11.11</h2> <h2>What's Changed</h2> <ul> <li>Prefer sending extra ping again by <a href="https://github.com/flub"><code>@flub</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2172">quinn-rs/quinn#2172</a></li> <li>fix: Do not produce tail-loss probes larger than segment size by <a href="https://github.com/flub"><code>@flub</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2167">quinn-rs/quinn#2167</a></li> <li>Avoid inference hazard for integer comparisons by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2188">quinn-rs/quinn#2188</a></li> <li>fix: respecting max_datagrams in poll_transmit by <a href="https://github.com/filipe-cantarelli"><code>@filipe-cantarelli</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2185">quinn-rs/quinn#2185</a></li> <li>Bump the quinn-proto version to 0.11.11 for release by <a href="https://github.com/faern"><code>@faern</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2209">quinn-rs/quinn#2209</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/quinn-rs/quinn/commit/2c315aa7f9c2a6c1db87f8f51f40623a427c78fd"><code>2c315aa</code></a> proto: bump version to 0.11.14</li> <li><a href="https://github.com/quinn-rs/quinn/commit/8ad47f431e7deb82c08b09c2e33ef85aa88fd212"><code>8ad47f4</code></a> Use newer rustls-pki-types PEM parser API</li> <li><a href="https://github.com/quinn-rs/quinn/commit/c81c0289abe30d8437ccbf9b6304e2bc9c707cea"><code>c81c028</code></a> ci: fix workflow syntax</li> <li><a href="https://github.com/quinn-rs/quinn/commit/0050172969f7e69e136c433181330da7790d8d73"><code>0050172</code></a> ci: pin wasm-bindgen-cli version</li> <li><a href="https://github.com/quinn-rs/quinn/commit/8a6f82c58d1c565eab78f986e614223e6ed76a85"><code>8a6f82c</code></a> Take semver-compatible dependency updates</li> <li><a href="https://github.com/quinn-rs/quinn/commit/e52db4ad8df0f9720e7b0e32ecc0e48c9a93de0f"><code>e52db4a</code></a> Apply suggestions from clippy 1.91</li> <li><a href="https://github.com/quinn-rs/quinn/commit/6df7275c582ca9b7225e0ccf9f9871a55eb73155"><code>6df7275</code></a> chore: Fix <code>unnecessary_unwrap</code> clippy</li> <li><a href="https://github.com/quinn-rs/quinn/commit/c8eefa07e087b06d8f2b78ff262ce8ac952994f1"><code>c8eefa0</code></a> proto: avoid unwrapping varint decoding during parameters parsing</li> <li><a href="https://github.com/quinn-rs/quinn/commit/9723a977754c8662001b0fef97aab8f3ddf1df92"><code>9723a97</code></a> fuzz: add fuzzing target for parsing transport parameters</li> <li><a href="https://github.com/quinn-rs/quinn/commit/eaf0ef30252cef4acec21f150427e604cd4271c9"><code>eaf0ef3</code></a> Fix over-permissive proto dependency edge (<a href="https://redirect.github.com/quinn-rs/quinn/issues/2385">#2385</a>)</li> <li>Additional commits viewable in <a href="https://github.com/quinn-rs/quinn/compare/quinn-proto-0.11.9...quinn-proto-0.11.14">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/astral-sh/python-build-standalone/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Mark the stack memory as non-executable using the '-Wl,-z,noexecstack' flag on aarch64 and x86_64 linux platforms. Other linux targets are cross-compiled, this flag is left off for the time being. closes astral-sh#1061
Remove -use-gnu-stack from the BOLT flags used to optimize CPython as it incorrectly removes the PT_GNU_STACK segment causing glibc to default to an executable stack, for example when creating a new thread. This can be reverted when llvm/llvm-project#174191 is fixed in LLVM Should be applied after astral-sh#1064 closes astral-sh#956
* Update CPython 3.15 to 3.15.0a7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Warning
Merge conflicts detected when merging upstream tag 20260408 into main.
The conflict markers have been committed so they are visible in the PR diff.
Conflicting files
Resolution