From: Tamir Duberstein <tamird@kernel.org>
To: "Kernel.org Tools" <tools@kernel.org>
Cc: Konstantin Ryabitsev <konstantin@linuxfoundation.org>,
Tamir Duberstein <tamird@kernel.org>
Subject: [PATCH patatt 7/7] Import PyNaCl unconditionally
Date: Sun, 19 Apr 2026 21:22:27 -0400 [thread overview]
Message-ID: <20260419-stronger-type-checking-v1-7-5c108048d2c7@kernel.org> (raw)
In-Reply-To: <20260419-stronger-type-checking-v1-0-5c108048d2c7@kernel.org>
PyNaCl became a non-optional runtime dependency in
7eb7dfaf4c9f6028519f5209041da1cb61302cd8, so importing it lazily and
translating missing imports to RuntimeError only hides packaging
problems.
Import the required PyNaCl symbols at module load time and remove the
matching test skip for an unavailable dependency.
Signed-off-by: Tamir Duberstein <tamird@kernel.org>
---
src/patatt/__init__.py | 22 ++++------------------
tests/conftest.py | 6 +-----
2 files changed, 5 insertions(+), 23 deletions(-)
diff --git a/src/patatt/__init__.py b/src/patatt/__init__.py
index b20074a..5c8a480 100644
--- a/src/patatt/__init__.py
+++ b/src/patatt/__init__.py
@@ -24,6 +24,10 @@ from io import BytesIO
from pathlib import Path
from typing import Any, Dict, List, Optional, Set, Tuple, Union
+from nacl.encoding import Base64Encoder
+from nacl.exceptions import BadSignatureError
+from nacl.signing import SigningKey, VerifyKey
+
GitConfigType = Dict[str, Union[str, List[str]]]
AttestationResult = Tuple[
int, Optional[str], Optional[str], Optional[str], Optional[str], List[str]
@@ -450,12 +454,6 @@ class DevsigHeader:
@staticmethod
def _sign_ed25519(payload: bytes, privkey: bytes) -> Tuple[bytes, bytes]:
global KEYCACHE
- try:
- from nacl.encoding import Base64Encoder
- from nacl.signing import SigningKey
- except ModuleNotFoundError:
- raise RuntimeError('This operation requires PyNaCl libraries')
-
if privkey not in KEYCACHE:
sk = SigningKey(privkey, encoder=Base64Encoder)
vk = base64.b64encode(sk.verify_key.encode())
@@ -469,13 +467,6 @@ class DevsigHeader:
@staticmethod
def _validate_ed25519(sigdata: bytes, pubkey: bytes) -> bytes:
- try:
- from nacl.encoding import Base64Encoder
- from nacl.exceptions import BadSignatureError
- from nacl.signing import VerifyKey
- except ModuleNotFoundError:
- raise RuntimeError('This operation requires PyNaCl libraries')
-
vk = VerifyKey(pubkey, encoder=Base64Encoder)
try:
return vk.verify(sigdata, encoder=Base64Encoder)
@@ -1734,11 +1725,6 @@ def cmd_validate(cmdargs: argparse.Namespace, config: GitConfigType) -> None:
def cmd_genkey(cmdargs: argparse.Namespace, config: GitConfigType) -> None:
- try:
- from nacl.signing import SigningKey
- except ModuleNotFoundError:
- raise RuntimeError('This operation requires PyNaCl libraries')
-
# Do we have the signingkey defined?
usercfg = get_config_from_git(r'user\..*')
if not config.get('identity'):
diff --git a/tests/conftest.py b/tests/conftest.py
index a2d2124..2301d1b 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -4,6 +4,7 @@ from pathlib import Path
from typing import Dict, Generator
import pytest
+from nacl.signing import SigningKey
from patatt import DevsigHeader, PatattMessage
@@ -49,11 +50,6 @@ def patatt_message(sample_email_bytes: bytes) -> PatattMessage:
@pytest.fixture
def sample_ed25519_key_pair() -> Dict[str, bytes]:
"""Generate a sample ed25519 key pair for testing."""
- try:
- from nacl.signing import SigningKey
- except ImportError:
- pytest.skip('PyNaCl not installed, skipping ed25519 tests')
-
# Generate a key pair
private_key = SigningKey.generate()
public_key = private_key.verify_key
--
2.53.0
next prev parent reply other threads:[~2026-04-20 1:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 1:22 [PATCH patatt 0/7] Harden local checks Tamir Duberstein
2026-04-20 1:22 ` [PATCH patatt 1/7] Add local CI script Tamir Duberstein
2026-04-20 1:22 ` [PATCH patatt 2/7] Add Ruff import checks Tamir Duberstein
2026-04-20 1:22 ` [PATCH patatt 3/7] Add Ruff format check Tamir Duberstein
2026-04-20 1:22 ` [PATCH patatt 4/7] Add pyright strict checks Tamir Duberstein
2026-04-20 1:22 ` [PATCH patatt 5/7] Add ty checks Tamir Duberstein
2026-04-20 1:22 ` [PATCH patatt 6/7] Reduce dictionary lookups Tamir Duberstein
2026-04-20 1:22 ` Tamir Duberstein [this message]
2026-04-27 20:20 ` [PATCH patatt 0/7] Harden local checks Tamir Duberstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260419-stronger-type-checking-v1-7-5c108048d2c7@kernel.org \
--to=tamird@kernel.org \
--cc=konstantin@linuxfoundation.org \
--cc=tools@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.