CodSpeedHQ · coco-speed · Sep 7, 2024 · Sep 7, 2024 · Sep 7, 2024 · Sep 7, 2024
diff --git a/.github/actions/fetch-vectors/action.yml b/.github/actions/fetch-vectors/action.yml
@@ -16,5 +16,5 @@ runs:
       with:
         repository: "C2SP/x509-limbo"
         path: "x509-limbo"
-        # Latest commit on the x509-limbo main branch, as of Sep 06, 2024.
-        ref: "ec0fc56b5ac4a1713dae4a0c62904395000fbfbf" # x509-limbo-ref
+        # Latest commit on the x509-limbo main branch, as of Sep 11, 2024.
+        ref: "c9d011c6b696074a5a636c7cd40df8e4bd3cd67b" # x509-limbo-ref
diff --git a/.github/requirements/publish-requirements.in b/.github/requirements/publish-requirements.in
@@ -1,5 +1,8 @@
 twine
 requests
 
-# WARN: changing the requirements here DOES NOT update the dependencies used for publishing at the github workflow, as the process used publish-requirements.txt
-# To update publish-requirements.txt according to the dependencies here, run pip-compile --allow-unsafe --generate-hashes publish-requirements.in
+# WARN: changing the requirements here DOES NOT update the dependencies used
+# for publishing at the github workflow, as the process uses
+# `publish-requirements.txt`.
+# To update `publish-requirements.txt`, run the command indicated in the
+# header of that file.
diff --git a/.github/requirements/publish-requirements.txt b/.github/requirements/publish-requirements.txt
@@ -1,9 +1,5 @@
-#
-# This file is autogenerated by pip-compile with Python 3.11
-# by the following command:
-#
-#    pip-compile --generate-hashes publish-requirements.in
-#
+# This file was autogenerated by uv via the following command:
+#    uv pip compile --universal -p 3.11 --generate-hashes .github/requirements/publish-requirements.in
 backports-tarfile==1.2.0 \
     --hash=sha256:77e284d754527b01fb1e6fa8a1afe577858ebe4e9dad8919e34c862cb399bc34 \
     --hash=sha256:d75e02c268746e1b8144c278978b6e98e85de6ad16f8e4b0844a154557eca991
@@ -246,9 +242,9 @@ mdurl==0.1.2 \
     --hash=sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 \
     --hash=sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba
     # via markdown-it-py
-more-itertools==10.4.0 \
-    --hash=sha256:0f7d9f83a0a8dcfa8a2694a770590d98a67ea943e3d9f5298309a484758c4e27 \
-    --hash=sha256:fe0e63c4ab068eac62410ab05cccca2dc71ec44ba8ef29916a0090df061cf923
+more-itertools==10.5.0 \
+    --hash=sha256:037b0d3203ce90cca8ab1defbbdac29d5f993fc20131f3664dc8d6acfa872aef \
+    --hash=sha256:5482bfef7849c25dc3c6dd53a6173ae4795da2a41a80faea6700d9f5846c5da6
     # via
     #   jaraco-classes
     #   jaraco-functools
@@ -303,9 +299,9 @@ rfc3986==2.0.0 \
     --hash=sha256:50b1502b60e289cb37883f3dfd34532b8873c7de9f49bb546641ce9cbd256ebd \
     --hash=sha256:97aacf9dbd4bfd829baad6e6309fa6573aaf1be3f6fa735c8ab05e46cecb261c
     # via twine
-rich==13.8.0 \
-    --hash=sha256:2e85306a063b9492dffc86278197a60cbece75bcb766022f3436f567cae11bdc \
-    --hash=sha256:a5ac1f1cd448ade0d59cc3356f7db7a7ccda2c8cbae9c7a90c28ff463d3e91f4
+rich==13.8.1 \
+    --hash=sha256:1760a3c0848469b97b558fc61c85233e3dafb69c7a071b4d60c38099d3cd4c06 \
+    --hash=sha256:8260cda28e3db6bf04d2d1ef4dbc03ba80a824c88b0e7668a0f23126a424844a
     # via twine
 secretstorage==3.3.3 \
     --hash=sha256:2403533ef369eca6d2ba81718576c5e0f564d5cca1b58f73a8b23e7d4eeebd77 \

diff --git a/.github/requirements/uv-requirements.txt b/.github/requirements/uv-requirements.txt
@@ -0,0 +1,21 @@
+# This file was autogenerated by uv via the following command:
+#    uv pip compile --universal -p 3.8 --generate-hashes -
+uv==0.4.8 \
+    --hash=sha256:0c4e4b5ec8aa789cbf4ec2a16494215ebb448aeecf5a2c43a31a904f9fecd327 \
+    --hash=sha256:1e7329b862540a3a3987e79781acc2c7b0f4eb89d3f43930e21e7b85e4716bf0 \
+    --hash=sha256:23dcb8c866dab0f7565c8e88e2c2ba185ab17182706260d53e9c640a96918818 \
+    --hash=sha256:3ad38a03d1007152b9e7a4d262b81c24b95184f8921514d3475a4db6d84fdc78 \
+    --hash=sha256:3dbff364ca85e8d52cbeae3bc9050d4e3080636b009bd577f58628a4b9561a26 \
+    --hash=sha256:461597ddfd2132e2dea6779758e6e22cd39aaab8d86809f01e3fe45c29152f9a \
+    --hash=sha256:484965360638a3ce422d2b61df52de94600d2cfce88eb1ca2dbcf4c8e60e5b37 \
+    --hash=sha256:5487a86207edef7464cf78e52adb2bbe369332f3cea6043d1f0c8ee90dda90b3 \
+    --hash=sha256:5e7c0428afdd90280f3f32272f0520430e93539c54ae806021c2b7c55caae908 \
+    --hash=sha256:6ac13a6fa4f7d78fd44229ffcc5023a1a6627f142e00c896d7e28b041d9ff910 \
+    --hash=sha256:7b4364b27dca2e11d99d7f1822a4650d48c5ec6d7f3332f2bc344d6262575ae9 \
+    --hash=sha256:8e09e8e39548c7f9fb2c6e073eea6e4c3861539634ef768aa23e1ded10d41ca7 \
+    --hash=sha256:a14de914254edce926c5c9afa0ddbfb45d0043c583a928fb614f9c5225f480c3 \
+    --hash=sha256:a4e9b042cd1fdce94fa3ccbc79578b239ba1f186f296505e272d44e080892c18 \
+    --hash=sha256:bfa6c08501d6c3b7355854a2d56f493ba89b126eb87090fcc31f79c81754d366 \
+    --hash=sha256:cdf4b6afc99b0ff0ab1416fbcb25ac704bcf161b7c8d3d92a031097f60a60321 \
+    --hash=sha256:e7ec102f9f3e9bd788dc94d271c7cfc7b0a968f799ab2cd9ba9d250563a28f81 \
+    --hash=sha256:faa70d7f20adf457d8c584206da7b86b1ed0e0b0e286c19ba000795db8e8a06c
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -44,10 +44,10 @@ jobs:
           - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "3.8.4"}}
           - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "3.9.2"}}
           - {VERSION: "3.12", NOXSESSION: "tests-randomorder"}
-          # Latest commit on the BoringSSL master branch, as of Sep 07, 2024.
-          - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "boringssl", VERSION: "01e1ae3687e391a076fe470471f096db1f6d6bb4"}}
-          # Latest commit on the OpenSSL master branch, as of Sep 07, 2024.
-          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "5c82588173d33222b33693f698bc9c7614675e9f"}}
+          # Latest commit on the BoringSSL master branch, as of Sep 11, 2024.
+          - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "boringssl", VERSION: "6abe18402eb2a5e9b00158c6459646a948c53060"}}
+          # Latest commit on the OpenSSL master branch, as of Sep 11, 2024.
+          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "2478d3b7f5c4c2da9828e05308b34a4b078035f8"}}
           # Builds with various Rust versions. Includes MSRV and next
           # potential future MSRV.
           - {VERSION: "3.12", NOXSESSION: "rust,tests", RUST: "1.65.0"}

diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml
@@ -21,6 +21,7 @@ on:
 
 env:
   BUILD_REQUIREMENTS_PATH: .github/requirements/build-requirements.txt
+  UV_REQUIREMENTS_PATH: .github/requirements/uv-requirements.txt
 
 jobs:
   sdist:
@@ -33,7 +34,7 @@ jobs:
           ref: ${{ github.event.inputs.version || github.ref }}
           persist-credentials: false
 
-      - run: python -m pip install uv
+      - run: python -m pip install -r $UV_REQUIREMENTS_PATH
 
       - name: Make sdist (cryptography)
         run: uv build --build-constraint=$BUILD_REQUIREMENTS_PATH --require-hashes --sdist
@@ -195,6 +196,7 @@ jobs:
           persist-credentials: false
           sparse-checkout: |
             ${{ env.BUILD_REQUIREMENTS_PATH }}
+            ${{ env.UV_REQUIREMENTS_PATH }}
           sparse-checkout-cone-mode: false
       - name: Setup python
         run: |
@@ -222,46 +224,41 @@ jobs:
           toolchain: stable
           # Add the arm64 target in addition to the native arch (x86_64)
           target: aarch64-apple-darwin
-      - run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv
-      - name: Install Python dependencies
-        run: venv/bin/pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }}
-
       - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: cryptography-sdist
+
+      - run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install -r ${{ env.UV_REQUIREMENTS_PATH }}
       - run: mkdir wheelhouse
       - name: Build the wheel
         run: |
           if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
-              PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation"
+              PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }}"
           fi
 
-          # `maturin` has a binary that needs to be on the $PATH, so we
-          # activate the venv.
-          source venv/bin/activate
           OPENSSL_DIR="$(readlink -f ../openssl-macos-universal2/)" \
               OPENSSL_STATIC=1 \
-              venv/bin/python -m pip wheel -v --no-deps $PY_LIMITED_API cryptograph*.tar.gz -w dist/
-          mv dist/cryptography*.whl wheelhouse
+              uv build --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH $PY_LIMITED_API cryptography*.tar.gz -o wheelhouse/
         env:
           MACOSX_DEPLOYMENT_TARGET: ${{ matrix.PYTHON.DEPLOYMENT_TARGET }}
           ARCHFLAGS: ${{ matrix.PYTHON.ARCHFLAGS }}
           _PYTHON_HOST_PLATFORM: ${{ matrix.PYTHON._PYTHON_HOST_PLATFORM }}
-      - run: venv/bin/pip install -f wheelhouse/ --no-index cryptography
+
+      - run: uv venv
+      - run: uv pip install --require-hashes -r $BUILD_REQUIREMENTS_PATH
+      - run: uv pip install cryptography --no-index -f wheelhouse/
       - name: Show the wheel's minimum macOS SDK and architectures
         run: |
-          find venv/lib/*/site-packages/cryptography/hazmat/bindings -name '*.so' -exec vtool -show {} \;
+          find .venv/lib/*/site-packages/cryptography/hazmat/bindings -name '*.so' -exec vtool -show {} \;
       - run: |
-          venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
+          echo "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" | uv run -
 
-      - run: mkdir cryptography-wheelhouse
-      - run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/
       - run: |
-          echo "CRYPTOGRAPHY_WHEEL_NAME=$(basename $(ls cryptography-wheelhouse/cryptography*.whl))" >> $GITHUB_ENV
+          echo "CRYPTOGRAPHY_WHEEL_NAME=$(basename $(ls wheelhouse/cryptography*.whl))" >> $GITHUB_ENV
       - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: "${{ env.CRYPTOGRAPHY_WHEEL_NAME }}"
-          path: cryptography-wheelhouse/
+          path: wheelhouse/
 
   windows:
     needs: [sdist]
@@ -290,6 +287,7 @@ jobs:
           persist-credentials: false
           sparse-checkout: |
             ${{ env.BUILD_REQUIREMENTS_PATH }}
+            ${{ env.UV_REQUIREMENTS_PATH }}
           sparse-checkout-cone-mode: false
 
       - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@@ -320,25 +318,25 @@ jobs:
             echo "OPENSSL_DIR=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}" >> $GITHUB_ENV
             echo "OPENSSL_STATIC=1" >> $GITHUB_ENV
         shell: bash
-      - name: Install Python dependencies
-        run: python -m pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }}
+
+      - run: pip install -r ${{ env.UV_REQUIREMENTS_PATH }}
       - run: mkdir wheelhouse
       - run: |
           if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
-              PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation"
+              PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }}"
           fi
 
-          python -m pip wheel -v --no-deps cryptography*.tar.gz $PY_LIMITED_API -w dist/
-          mv dist/cryptography*.whl wheelhouse/
+          uv build --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH cryptography*.tar.gz $PY_LIMITED_API -o wheelhouse/
         shell: bash
-      - run: pip install -f wheelhouse --no-index cryptography
+
+      - run: uv venv
+      - run: uv pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }}
+      - run: uv pip install cryptography --no-index -f wheelhouse/
       - name: Print the OpenSSL we built and linked against
         run: |
-            python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
+            echo "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" | uv run -
 
-      - run: mkdir cryptography-wheelhouse
-      - run: move wheelhouse\cryptography*.whl cryptography-wheelhouse\
       - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION }}"
-          path: cryptography-wheelhouse\
+          path: wheelhouse\