Add S3 request signing #15925
Merged
Add S3 request signing #15925
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
charliermarsh
commented
Sep 18, 2025
| "num-traits", | ||
| "wasm-bindgen", | ||
| "windows-link 0.2.0", | ||
| ] |
There was a problem hiding this comment.
I'd like to add Jiff support upstream if we can, possibly before merging this \cc @BurntSushi
There was a problem hiding this comment.
From a very quick glance, it's probably non-trivial for them to support both. Depending.
Anywho, I opened an issue: apache/opendal-reqsign#631
charliermarsh
commented
Sep 18, 2025
charliermarsh
had a problem deploying
to
uv-test-registries
GitHub Actions
Error
charliermarsh
commented
Sep 18, 2025
charliermarsh
force-pushed
the
charlie/s3
branch
2 times, most recently
from
8a22c31 to
416b2d7
Compare
charliermarsh
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
zanieb
reviewed
Sep 18, 2025
zanieb
reviewed
Sep 18, 2025
|
Pretty easy! |
charliermarsh
force-pushed
the
charlie/s3
branch
2 times, most recently
from
d0a28fb to
8283afc
Compare
charliermarsh
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
charliermarsh
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
charliermarsh
force-pushed
the
charlie/s3
branch
from
9bb4c4f to
08c7928
Compare
charliermarsh
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
charliermarsh
force-pushed
the
charlie/s3
branch
from
08c7928 to
560b4f6
Compare
charliermarsh
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
charliermarsh
force-pushed
the
charlie/s3
branch
2 times, most recently
from
0a6a7f2 to
714366e
Compare
charliermarsh
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
charliermarsh
added
enhancement
|
I think this is ready for a real review. |
zanieb
reviewed
Sep 22, 2025
| .method(request.method().clone()) | ||
| .uri(uri) | ||
| .body(()) | ||
| .unwrap(); |
There was a problem hiding this comment.
Should we note why this unwrap is safe?
zanieb
approved these changes
Sep 22, 2025
charliermarsh
force-pushed
the
charlie/s3
branch
from
714366e to
6ac0ea4
Compare
charliermarsh
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Sep 24, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.8.17` -> `0.8.22` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.8.22`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0822) [Compare Source](astral-sh/uv@0.8.21...0.8.22) Released on 2025-09-23. ##### Python - Upgrade Pyodide to 0.28.3 ([#​15999](astral-sh/uv#15999)) ##### Security - Upgrade `astral-tokio-tar` to 0.5.5 which [hardens tar archive extraction](GHSA-3wgq-wrwc-vqmv) ([#​16004](astral-sh/uv#16004)) ### [`v0.8.21`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0821) [Compare Source](astral-sh/uv@0.8.20...0.8.21) Released on 2025-09-23. ##### Enhancements - Refresh lockfile when `--refresh` is provided ([#​15994](astral-sh/uv#15994)) ##### Preview features Add support for S3 request signing ([#​15925](astral-sh/uv#15925)) ### [`v0.8.20`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0820) [Compare Source](astral-sh/uv@0.8.19...0.8.20) Released on 2025-09-22. ##### Enhancements - Add `--force` flag for `uv cache clean` ([#​15992](astral-sh/uv#15992)) - Improve resolution errors with proxied packages ([#​15200](astral-sh/uv#15200)) ##### Preview features - Allow upgrading pre-release versions of the same minor Python version ([#​15959](astral-sh/uv#15959)) ##### Bug fixes - Hide `freethreaded+debug` Python downloads in `uv python list` ([#​15985](astral-sh/uv#15985)) - Retain the cache lock and temporary caches during `uv run` and `uvx` ([#​15990](astral-sh/uv#15990)) ##### Documentation - Add `package` level conflicts to the conflicting dependencies docs ([#​15963](astral-sh/uv#15963)) - Document pyodide support ([#​15962](astral-sh/uv#15962)) - Document support for free-threaded and debug Python versions ([#​15961](astral-sh/uv#15961)) - Expand the contribution docs on issue selection ([#​15966](astral-sh/uv#15966)) - Tweak title for viewing version in project guide ([#​15964](astral-sh/uv#15964)) ### [`v0.8.19`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0819) [Compare Source](astral-sh/uv@0.8.18...0.8.19) Released on 2025-09-19. ##### Python - Add CPython 3.14.0rc3 - Upgrade OpenSSL to 3.5.3 See the [python-build-standalone release notes](https://github.com/astral-sh/python-build-standalone/releases/tag/20250918) for more details. ##### Bug fixes - Make `uv cache clean` parallel process safe ([#​15888](astral-sh/uv#15888)) - Fix implied `platform_machine` marker for `win_arm64` platform tag ([#​15921](astral-sh/uv#15921)) ### [`v0.8.18`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0818) [Compare Source](astral-sh/uv@0.8.17...0.8.18) Released on 2025-09-17. ##### Enhancements - Add PyG packages to torch backend ([#​15911](astral-sh/uv#15911)) - Add handling for unnamed conda environments in base environment detection ([#​15681](astral-sh/uv#15681)) - Allow selection of debug build interpreters ([#​11520](astral-sh/uv#11520)) - Improve `uv init` defaults for native build backend cache keys ([#​15705](astral-sh/uv#15705)) - Error when `pyproject.toml` target does not exist for dependency groups ([#​15831](astral-sh/uv#15831)) - Infer check URL from publish URL when known ([#​15886](astral-sh/uv#15886)) - Support Gitlab CI/CD as a trusted publisher ([#​15583](astral-sh/uv#15583)) - Add GraalPy 25.0.0 with support for Python 3.12 ([#​15900](astral-sh/uv#15900)) - Add `--no-clear` to `uv venv` to disable removal prompts ([#​15795](astral-sh/uv#15795)) - Add conflict detection between `--only-group` and `--extra` flags ([#​15788](astral-sh/uv#15788)) - Allow `[project]` to be missing from a `pyproject.toml` ([#​14113](astral-sh/uv#14113)) - Always treat conda environments named `base` and `root` as base environments ([#​15682](astral-sh/uv#15682)) - Improve log message when direct build for `uv_build` is skipped ([#​15898](astral-sh/uv#15898)) - Log when the cache is disabled ([#​15828](astral-sh/uv#15828)) - Show pyx organization name after authenticating ([#​15823](astral-sh/uv#15823)) - Use `_CONDA_ROOT` to detect Conda base environments ([#​15680](astral-sh/uv#15680)) - Include blake2b hash in `uv publish` upload form ([#​15794](astral-sh/uv#15794)) - Fix misleading debug message when removing environments in `uv sync` ([#​15881](astral-sh/uv#15881)) ##### Deprecations - Deprecate `tool.uv.dev-dependencies` ([#​15469](astral-sh/uv#15469)) - Revert "feat(ci): build loongarch64 binaries in CI ([#​15387](astral-sh/uv#15387))" ([#​15820](astral-sh/uv#15820)) ##### Preview features - Propagate preview flag to client for `native-auth` feature ([#​15872](astral-sh/uv#15872)) - Store native credentials for realms with the https scheme stripped ([#​15879](astral-sh/uv#15879)) - Use the root index URL when retrieving credentials from the native store ([#​15873](astral-sh/uv#15873)) ##### Bug fixes - Fix `uv sync --no-sources` not switching from editable to registry installations ([#​15234](astral-sh/uv#15234)) - Avoid display of an empty string when a path is the working directory ([#​15897](astral-sh/uv#15897)) - Allow cached environment reuse with `@latest` ([#​15827](astral-sh/uv#15827)) - Allow escaping spaces in --env-file handling ([#​15815](astral-sh/uv#15815)) - Avoid ANSI codes in debug! messages ([#​15843](astral-sh/uv#15843)) - Improve BSD tag construction ([#​15829](astral-sh/uv#15829)) - Include SHA when listing lockfile changes ([#​15817](astral-sh/uv#15817)) - Invert the logic for determining if a path is a base conda environment ([#​15679](astral-sh/uv#15679)) - Load credentials for explicit members when lowering ([#​15844](astral-sh/uv#15844)) - Re-add `triton` as a torch backend package ([#​15910](astral-sh/uv#15910)) - Respect `UV_INSECURE_NO_ZIP_VALIDATION=1` in duplicate header errors ([#​15912](astral-sh/uv#15912)) ##### Documentation - Add GitHub Actions to PyPI trusted publishing example ([#​15753](astral-sh/uv#15753)) - Add Coiled integration documentation ([#​14430](astral-sh/uv#14430)) - Add verbose output to the getting help section ([#​15915](astral-sh/uv#15915)) - Document `NO_PROXY` support ([#​15816](astral-sh/uv#15816)) - Document cache-keys for native build backends ([#​15811](astral-sh/uv#15811)) - Add documentation for dependency group `requires-python` ([#​14282](astral-sh/uv#14282)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMTUuNiIsInVwZGF0ZWRJblZlciI6IjQxLjEyNS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
shaanmajid
pushed a commit
to shaanmajid/uv
that referenced
this pull request
Sep 24, 2025
## Summary This PR enables users to mark a URL as an S3 endpoint, at which point uv will sign requests to that URL by detecting credentials from the standard AWS environment variables, configuration files, etc. Signing is handled by the [reqsign](https://docs.rs/reqsign/latest/reqsign/) crate, which we can also use in the future to sign requests for other providers.
charliermarsh
pushed a commit
that referenced
this pull request
Oct 8, 2025
This follows up #15925. cc @BurntSushi @charliermarsh Signed-off-by: tison <wander4096@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR enables users to mark a URL as an S3 endpoint, at which point uv will sign requests to that URL by detecting credentials from the standard AWS environment variables, configuration files, etc.
Signing is handled by the reqsign crate, which we can also use in the future to sign requests for other providers.