Merge branch 'main' of github.com:radumarias/zeroize-python

radumarias · Jun 2, 2024 · 91768e7 · 91768e7
2 parents 8bc10c7 + 4a6b996
commit 91768e7
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 24 deletions.
diff --git a/.github/workflows/PyPI.yml b/.github/workflows/PyPI.yml
@@ -6,32 +6,13 @@
 name: PyPI
 
 on:
-  push:
-    branches:
-      - main
-      - master
-    tags:
-      - '*'
-  pull_request:
-  workflow_dispatch:
+  release:
+    types: [published]
 
 permissions:
   contents: read
 
 jobs:
-  tests:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Trigger target workflow
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          curl -X POST \
-            -H "Accept: application/vnd.github.v3+json" \
-            -H "Authorization: token $GITHUB_TOKEN" \
-            https://api.github.com/repos/${{ github.repository }}/actions/workflows/tests.yml/dispatches \
-            -d '{"ref":"main"}'
-            
   linux:
     runs-on: ${{ matrix.platform.runner }}
     strategy:
@@ -139,7 +120,7 @@ jobs:
     name: Release
     runs-on: ubuntu-latest
     if: "startsWith(github.ref, 'refs/tags/')"
-    needs: [tests, linux, windows, macos, sdist]
+    needs: [linux, windows, macos, sdist]
     steps:
       - uses: actions/download-artifact@v4
       - name: Publish to PyPI

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -13,7 +13,7 @@ jobs:
 
     strategy:
       matrix:
-        python-version: [3.7, 3.8, 3.9]
+        python-version: [3.7, 3.8, 3.9, "3.10"]
 
     steps:
     - name: Check out repository code
@@ -31,7 +31,7 @@ jobs:
         pip install maturin
         maturin develop --release        
         pip install pytest
-        pip install -r requirements.txt
+        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
 
     - name: Run tests
       run: |

diff --git a/README.md b/README.md
@@ -10,6 +10,10 @@ Uses a portable pure Rust implementation that works everywhere.
 It uses [zeroize](https://crates.io/crates/zeroize) crate under the hood.  
 It can work with `bytearray` and numpy array.
 
+> ⚠️ **Warning**  
+> **Currently it doens't work in the case of [Copy-on-write fork](https://en.wikipedia.org/wiki/Copy-on-write)  
+> Also it doesn't work if memory is moved or moved to swap file. You can use `crypes` with `libc.mlockall` to lock the memory from being swapped, see example below.***
+
 # Example
 
 ```python
@@ -35,6 +39,40 @@ assert all(arr_np == 0)
 
 print("all good, bye!")
 ```
+
+# Use `crypes` with `libc.mlockall()` to lock the memory from being swapped
+
+```python
+import ctypes
+
+MCL_CURRENT = 1
+MCL_FUTURE  = 2
+
+libc = ctypes.CDLL('libc.so.6', use_errno=True)
+
+def mlockall(flags=MCL_CURRENT|MCL_FUTURE):
+    result = libc.mlockall(flags)
+    if result != 0:
+        raise Exception("cannot lock memmory, errno=%s" % ctypes.get_errno())
+
+def munlockall():
+    result = libc.munlockall()
+    if result != 0:
+        raise Exception("cannot lock memmory, errno=%s" % ctypes.get_errno())
+
+
+if __name__ == '__main__':
+    mlockall()
+    print("memmory locked")
+
+    # allocate your data here
+    # ...
+    # zeroize it
+
+    munlockall()
+    print("memmory unlocked")
+```
+
 # Building from source
 
 ## Browser