mirrors/uv
1
0
Fork 0
mirror of https://github.com/astral-sh/uv.git synced 2025-10-27 02:17:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
uv/crates
History
Krishnan Chandra 4b4128446d
Support xz compressed packages (#5513) 
## Summary

Closes #2187.

The [xz
backdoor](https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27)
is still fairly recent, but luckily the [Rust `xz2` crate bundles
version 5.2.5 of the C `xz`
package](https://github.com/alexcrichton/xz2-rs/tree/main/lzma-sys),
which is before the backdoor was introduced.

It's worth noting that a security risk still exists if you have a
compromised version of `xz` installed on your system, but that risk is
not introduced by `uv` or the Rust packages in general.

## Test Plan

Tried installing the package mentioned in the linked issue: `python-apt
@
https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/python-apt/2.7.6/python-apt_2.7.6.tar.xz`

(Note that this will only work on Ubuntu - I tried on a Mac and while
the archive was extracted properly, the package did not install because
of some missing files)

---------

Co-authored-by: Charlie Marsh <charlie.r.marsh@gmail.com>
2024-07-28 18:37:48 +00:00
..
bench Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
cache-key Use hasher to compute resolution hash (#5495) 2024-07-26 23:24:09 +00:00
distribution-filename Match wheel tags against Requires-Python major-minor (#5289) 2024-07-22 14:33:53 +00:00
distribution-types Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
install-wheel-rs Use existing METADATA parser in wheel installer (#5508) 2024-07-27 14:38:16 -04:00
once-map Use lockfile to prefill resolver index (#4495) 2024-07-12 18:49:28 -04:00
pep440-rs Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
pep508-rs Remove some unused methods (#5512) 2024-07-28 17:20:12 +00:00
platform-tags Process completed Python installs and uninstalls as a stream (#5203) 2024-07-19 12:50:38 +00:00
pypi-types Use existing METADATA parser in wheel installer (#5508) 2024-07-27 14:38:16 -04:00
requirements-txt Rename Error::IO to Error::Io (#5174) 2024-07-18 04:13:45 +00:00
uv Avoid warning users for missing self-extra lower bounds (#5518) 2024-07-28 18:35:18 +00:00
uv-auth Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
uv-build Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
uv-cache Use hasher to compute resolution hash (#5495) 2024-07-26 23:24:09 +00:00
uv-cli Remove some unused methods (#5512) 2024-07-28 17:20:12 +00:00
uv-client Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
uv-configuration Make --reinstall imply --refresh (#5425) 2024-07-25 09:45:58 -04:00
uv-dev Move workspace abstractions to uv-workspace crate (#5236) 2024-07-20 02:15:32 +00:00
uv-dispatch Handle universal vs. fork markers with ResolverMarkers (#5099) 2024-07-17 18:59:33 +02:00
uv-distribution Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
uv-extract Support xz compressed packages (#5513) 2024-07-28 18:37:48 +00:00
uv-fs Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
uv-git Remove some unused methods (#5512) 2024-07-28 17:20:12 +00:00
uv-installer Remove some unused methods (#5512) 2024-07-28 17:20:12 +00:00
uv-macros Autogenerate possible values for enums in reference documentation (#5137) 2024-07-17 12:37:33 -04:00
uv-normalize Use hasher to compute resolution hash (#5495) 2024-07-26 23:24:09 +00:00
uv-options-metadata Autogenerate possible values for enums in reference documentation (#5137) 2024-07-17 12:37:33 -04:00
uv-python Remove some unused methods (#5512) 2024-07-28 17:20:12 +00:00
uv-requirements Add support for requirements files in uv run (#4973) 2024-07-23 12:51:09 -04:00
uv-resolver Avoid warning users for missing self-extra lower bounds (#5518) 2024-07-28 18:35:18 +00:00
uv-scripts Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
uv-settings Make --reinstall imply --refresh (#5425) 2024-07-25 09:45:58 -04:00
uv-shell Add Windows path updates for uv tool (#5029) 2024-07-13 01:55:05 +00:00
uv-state Cache tool environments in uv tool run (#4784) 2024-07-03 19:25:39 -04:00
uv-tool Skip invalid tools in uv tool list (#5156) 2024-07-18 17:56:40 +00:00
uv-trampoline Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
uv-types Enforce hashes in lockfile install (#5170) 2024-07-17 23:10:37 +00:00
uv-version Bump version to v0.2.30 (#5486) 2024-07-26 13:36:05 -04:00
uv-virtualenv Avoid canonicalizing executables on Windows (#5446) 2024-07-26 08:57:33 -04:00
uv-warnings Upgrade to Rust 1.80.0 (#5472) 2024-07-27 01:49:47 +00:00
uv-workspace Allow uv pip install for unmanaged projects (#5504) 2024-07-27 02:10:18 +00:00
README.md Move workspace abstractions to uv-workspace crate (#5236) 2024-07-20 02:15:32 +00:00

README.md

Crates

bench

Functionality for benchmarking uv.

cache-key

Generic functionality for caching paths, URLs, and other resources across platforms.

distribution-filename

Parse built distribution (wheel) and source distribution (sdist) filenames to extract structured metadata.

distribution-types

Abstractions for representing built distributions (wheels) and source distributions (sdists), and the sources from which they can be downloaded.

install-wheel-rs

Install built distributions (wheels) into a virtual environment.]

once-map

A waitmap-like concurrent hash map for executing tasks exactly once.

pep440-rs

Utilities for interacting with Python version numbers and specifiers.

pep508-rs

Utilities for interacting with PEP 508 dependency specifiers.

platform-host

Functionality for detecting the current platform (operating system, architecture, etc.).

platform-tags

Functionality for parsing and inferring Python platform tags as per PEP 425.

uv

Command-line interface for the uv package manager.

uv-build

A PEP 517-compatible build frontend for uv.

uv-cache

Functionality for caching Python packages and associated metadata.

uv-client

Client for interacting with PyPI-compatible HTTP APIs.

uv-dev

Development utilities for uv.

uv-dispatch

A centralized struct for resolving and building source distributions in isolated environments. Implements the traits defined in uv-types.

uv-distribution

Client for interacting with built distributions (wheels) and source distributions (sdists). Capable of fetching metadata, distribution contents, etc.

uv-extract

Utilities for extracting files from archives.

uv-fs

Utilities for interacting with the filesystem.

uv-git

Functionality for interacting with Git repositories.

uv-installer

Functionality for installing Python packages into a virtual environment.

uv-python

Functionality for detecting and leveraging the current Python interpreter.

uv-normalize

Normalize package and extra names as per Python specifications.

uv-package

Types and functionality for working with Python packages, e.g., parsing wheel files.

uv-requirements

Utilities for reading package requirements from pyproject.toml and requirements.txt files.

uv-resolver

Functionality for resolving Python packages and their dependencies.

uv-shell

Utilities for detecting and manipulating shell environments.

uv-types

Shared traits for uv, to avoid circular dependencies.

pypi-types

General-purpose type definitions for types used in PyPI-compatible APIs.

uv-virtualenv

A venv replacement to create virtual environments in Rust.

uv-warnings

User-facing warnings for uv.

uv-workspace

Workspace abstractions for uv.

requirements-txt

Functionality for parsing requirements.txt files.