Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "redwood" Sequoia Rust/Python bridge #6828

Merged
merged 3 commits into from
Jun 6, 2023
Merged

Add "redwood" Sequoia Rust/Python bridge #6828

merged 3 commits into from
Jun 6, 2023

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented May 30, 2023
edited
Loading

Status

Ready for review, but depends on #6832

Description of Changes

See individual commit messages.

Refs #6814.
Fixes #6814.
Fixes #6816.

Testing

How should the reviewer test this PR?

  • Visual review of Rust code
  • CI passes
  • Bringing up a development environment (make dev) works
  • Bringing up a development environment a second time doesn't recompile everything from scratch

Deployment

Any special considerations for deployment? This PR merely introduces Rust code and builds it for the development environment, it should have no impact on staging/prod installs yet.

Checklist

  • Linting (make lint) and tests (make test) pass in the development container
  • I have written a test plan and validated it for this PR
  • I have opened a PR in the docs repo for these changes, or will do so later - will do so later once more of the Rust stuff is in place.

If you added or updated a production code dependency:

Since this includes Rust code, we're going to defer the review to #6500.

@legoktm legoktm changed the title Rust redwood Add "redwood" Sequoia Rust/Python bridge May 30, 2023
@legoktm legoktm force-pushed the rust-redwood branch 2 times, most recently from 42f4fe8 to 5d5708c Compare June 2, 2023 01:40
@legoktm legoktm marked this pull request as ready for review June 2, 2023 15:24
@legoktm legoktm requested a review from a team as a code owner June 2, 2023 15:24
cfm
cfm requested changes Jun 6, 2023
View reviewed changes
Copy link
Member

@cfm cfm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test plan checks out! Please take (or leave :-) the inline comments in the spirit of an initial read-through.

I'll review #6832 tomorrow, which will let you rebase this from develop along with any changes you make in response to the review.

Makefile Show resolved Hide resolved
Makefile Show resolved Hide resolved
redwood/redwood.pyi Outdated Show resolved Hide resolved
securedrop/dockerfiles/focal/python3/SlimDockerfile Show resolved Hide resolved
securedrop/bin/dev-deps Show resolved Hide resolved
redwood/src/lib.rs Show resolved Hide resolved
redwood/src/decryption.rs Outdated Show resolved Hide resolved
redwood/src/decryption.rs Outdated Show resolved Hide resolved
redwood/src/decryption.rs Outdated Show resolved Hide resolved
redwood/src/decryption.rs Outdated Show resolved Hide resolved
@legoktm legoktm force-pushed the rust-redwood branch 3 times, most recently from ba97ac1 to de44480 Compare June 6, 2023 02:54
@cfm cfm mentioned this pull request Jun 6, 2023
Merged
4 tasks
cfm
cfm requested changes Jun 6, 2023
View reviewed changes
Copy link
Member

@cfm cfm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for quick turnaround on those changes, @legoktm! From my perspective this is ready to go. However, it doesn't rebase cleanly from develop after #6832. Can you rebase, and then I'll do a final review before merge?

legoktm added 3 commits June 6, 2023 18:06
@legoktm
Add "redwood" Sequoia Rust/Python bridge
d7b3b7a 
Sequoia is a modern PGP library written in Rust that we're going to
switch SecureDrop over to using instead of gpg/pretty_bad_protocol for
our encryption/decryption needs. The overall transition has been
explored and discussed in #6399 and
<https://github.com/freedomofpress/securedrop-engineering/blob/main/proposals/approved/sequoia-server.md>.

This adds the Rust code we will compile into a Python wheel, named
"redwood", to call into the Sequoia library. Four functions are exposed:

* generate_source_key_pair
* encrypt_message
* encrypt_file
* decrypt

The functions are rather self-explanatory and Python type stubs are
provided as well.

The `rust-toolchain.toml` file instructs rustup to use Rust 1.69.0
(current latest version), we'll figure out a toolchain upgrade cadence
later on.

It should now be possible to build a redwood wheel:
$ maturin build -m redwood/Cargo.toml
@legoktm
Add Rust checks to Makefile and CircleCI
1563ceb 
These lint and test solely the Rust code (no Python). The following
tools are enabled:

* rustfmt: code formatting (like black)
* clippy: linting (like flake8+pylint+mypy)
* cargo test: Rust test suite

Running maturin to verify the Python integration will happen in the next
commit, when it's hooked into the development environment.

Refs #6814.
@legoktm
Build and install redwood wheel in all developer tooling
c636c14 
We need to compile Rust code before we can launch the development
environment and run tests.

Add a build_redwood step to `securedrop/bin/dev-deps` that uses maturin
to build a wheel and install it into the securedrop-app-code virtualenv.

maturin is only needed at build time, so it is pinned in a new
`build-requirements.txt`

Fixes #6814.
Fixes #6816.
@legoktm legoktm requested a review from cfm June 6, 2023 22:10
@legoktm
Copy link
Member Author

legoktm commented Jun 6, 2023

Rebased!

cfm
cfm approved these changes Jun 6, 2023
View reviewed changes
Copy link
Member

@cfm cfm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks terrific, @legoktm. It's a joy to see what these functions look like in Rust! Thank you for leading this effort.

I'll merge as soon as CI is green.

@legoktm
Copy link
Member Author

legoktm commented Jun 6, 2023

Oh actually, I'm wondering if we need to do a diff review for maturin now? Like, it's mostly Rust but there is a bit of Python in it that I assume we should peek at?

@legoktm
Copy link
Member Author

legoktm commented Jun 6, 2023

But also it's kind of useless to review the Python parts without the Rust parts, so I'm also ok with deferring it to #6500, with that being a blocker for actual usage of the code.

@cfm
Copy link
Member

cfm commented Jun 6, 2023

I agree, @legoktm. I've also updated #6399 to emphasize that blocking status for production acceptance and release.

@cfm cfm merged commit 14c8a13 into develop Jun 6, 2023
@cfm cfm mentioned this pull request Jun 16, 2023
Closed
@cfm cfm mentioned this pull request Aug 8, 2023
Merged
13 tasks
@legoktm legoktm deleted the rust-redwood branch September 27, 2023 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cfm cfm cfm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Development environment builds Rust code (optionally with live-reload) CI runs Rust-specific lint/test jobs
2 participants
@legoktm @cfm