The Python programming language
Go to file
Gregory P. Smith 7191b7662e
gh-97514: Authenticate the forkserver control socket. (GH-99309)
This adds authentication to the forkserver control socket. In the past only filesystem permissions protected this socket from code injection into the forkserver process by limiting access to the same UID, which didn't exist when Linux abstract namespace sockets were used (see issue) meaning that any process in the same system network namespace could inject code. We've since stopped using abstract namespace sockets by default, but protecting our control sockets regardless of type is a good idea.

This reuses the HMAC based shared key auth already used by `multiprocessing.connection` sockets for other purposes.

Doing this is useful so that filesystem permissions are not relied upon and trust isn't implied by default between all processes running as the same UID with access to the unix socket.

### pyperformance benchmarks

No significant changes. Including `concurrent_imap` which exercises `multiprocessing.Pool.imap` in that suite.

### Microbenchmarks

This does _slightly_ slow down forkserver use. How much so appears to depend on the platform. Modern platforms and simple platforms are less impacted. This PR adds additional IPC round trips to the control socket to tell forkserver to spawn a new process. Systems with potentially high latency IPC are naturally impacted more.

Typically a 1-4% slowdown on a very targeted process creation microbenchmark, with a worst case overloaded system slowdown of 20%.  No evidence that these slowdowns appear in practical sense.  See the PR for details.
2024-11-20 08:18:58 -08:00
.azure-pipelines gh-122544: Change OS image in Azure pipeline to Ubuntu 24.04 (#125344) 2024-11-06 00:10:12 +01:00
.devcontainer gh-124612: Good bye dockerfile and use GHCR package (gh-124626) 2024-09-26 12:58:15 -07:00
.github codeowners: add myself to getpath, site, and venv (#126994) 2024-11-19 12:43:34 +00:00
Android Increase minimum Android API level to 24 (#125946) 2024-10-25 08:41:07 +08:00
Doc gh-97514: Authenticate the forkserver control socket. (GH-99309) 2024-11-20 08:18:58 -08:00
Grammar gh-122951: Simplify the grammar of the assignment rule (#124998) 2024-10-06 11:55:56 +02:00
Include Merge remote-tracking branch 'upstream/main' 2024-11-19 22:10:24 +02:00
InternalDocs Revert "GH-126491: GC: Mark objects reachable from roots before doing cycle collection (GH-126502)" (#126983) 2024-11-19 11:25:09 +02:00
Lib gh-97514: Authenticate the forkserver control socket. (GH-99309) 2024-11-20 08:18:58 -08:00
Mac gh-126133: Only use start year in PSF copyright, remove end years (#126236) 2024-11-12 15:59:19 +02:00
Misc gh-97514: Authenticate the forkserver control socket. (GH-99309) 2024-11-20 08:18:58 -08:00
Modules gh-126991: Fix reference leak in loading pickle's opcode BUILD (GH-126990) 2024-11-19 18:00:35 +02:00
Objects gh-126980: Fix `bytearray.__buffer__` crash on `PyBUF_{READ,WRITE}` (#126981) 2024-11-19 17:44:53 +03:00
PC gh-126133: Only use start year in PSF copyright, remove end years (#126236) 2024-11-12 15:59:19 +02:00
PCbuild gh-124111: Update tkinter for compatibility with Tcl/Tk 9.0.0 (GH-124156) 2024-11-14 12:45:08 -06:00
Parser gh-126240: handle `NULL` returned by `_Py_asdl_expr_seq_new` (#126241) 2024-10-31 17:24:07 +03:00
Programs gh-125063: marshal: Add version 5, improve documentation (GH-126829) 2024-11-15 13:48:57 +01:00
Python GH-126892: Reset warmup counters when JIT compiling code (GH-126893) 2024-11-20 08:11:25 -08:00
Tools gh-125729: Makes the installation of the turtle module dependent on the Tcl/Tk install option (GH-126176) 2024-11-19 17:19:33 +00:00
iOS gh-126167: Modify iOS Testbed to read arguments from Info.plist (#126169) 2024-11-18 07:43:41 +08:00
.coveragerc gh-106368: Improve coverage reports for argument clinic (#107693) 2023-08-06 20:40:55 +01:00
.editorconfig gh-115317: Rewrite changelog filter to use vanilla JavaScript (#115324) 2024-02-12 22:17:33 +00:00
.gitattributes gh-121735: Fix module-adjacent references in zip files (#123037) 2024-09-11 22:33:07 -04:00
.gitignore gh-114099 - Add iOS framework loading machinery. (GH-116454) 2024-03-19 08:36:19 -04:00
.mailmap Update name in acknowledgements and add mailmap (#103696) 2023-04-30 03:21:20 +00:00
.pre-commit-config.yaml Pre-commit: prevent spaces in news entry paths (#126063) 2024-10-28 23:04:10 +02:00
.readthedocs.yml gh-122544: Change OS image in readthedocs.yml to ubuntu-24.04 (#122568) 2024-08-02 09:09:27 +03:00
LICENSE gh-126133: Only use start year in PSF copyright, remove end years (#126236) 2024-11-12 15:59:19 +02:00
Makefile.pre.in gh-126413: Add translation tests for getopt and optparse (GH-126698) 2024-11-12 00:16:39 +02:00
README.rst Python 3.14.0a2 2024-11-19 16:52:44 +02:00
aclocal.m4 gh-89640: Pull in update to float word order detection in autoconf-archive (#126747) 2024-11-13 21:57:33 +01:00
config.guess
config.sub gh-114099: Add configure and Makefile targets to support iOS compilation. (GH-115390) 2024-02-25 20:21:10 -05:00
configure gh-126691: Remove --with-emscripten-target (#126787) 2024-11-16 09:44:05 +08:00
configure.ac gh-126691: Remove --with-emscripten-target (#126787) 2024-11-16 09:44:05 +08:00
install-sh
pyconfig.h.in gh-89640: Hardcode WASM float word ordering as little endian (#126387) 2024-11-04 21:48:09 +01:00

README.rst

This is Python version 3.14.0 alpha 2
=====================================

.. image:: https://github.com/python/cpython/actions/workflows/build.yml/badge.svg?branch=main&event=push
   :alt: CPython build status on GitHub Actions
   :target: https://github.com/python/cpython/actions

.. image:: https://dev.azure.com/python/cpython/_apis/build/status/Azure%20Pipelines%20CI?branchName=main
   :alt: CPython build status on Azure DevOps
   :target: https://dev.azure.com/python/cpython/_build/latest?definitionId=4&branchName=main

.. image:: https://img.shields.io/badge/discourse-join_chat-brightgreen.svg
   :alt: Python Discourse chat
   :target: https://discuss.python.org/


Copyright © 2001 Python Software Foundation.  All rights reserved.

See the end of this file for further copyright and license information.

.. contents::

General Information
-------------------

- Website: https://www.python.org
- Source code: https://github.com/python/cpython
- Issue tracker: https://github.com/python/cpython/issues
- Documentation: https://docs.python.org
- Developer's Guide: https://devguide.python.org/

Contributing to CPython
-----------------------

For more complete instructions on contributing to CPython development,
see the `Developer Guide`_.

.. _Developer Guide: https://devguide.python.org/

Using Python
------------

Installable Python kits, and information about using Python, are available at
`python.org`_.

.. _python.org: https://www.python.org/

Build Instructions
------------------

On Unix, Linux, BSD, macOS, and Cygwin::

    ./configure
    make
    make test
    sudo make install

This will install Python as ``python3``.

You can pass many options to the configure script; run ``./configure --help``
to find out more.  On macOS case-insensitive file systems and on Cygwin,
the executable is called ``python.exe``; elsewhere it's just ``python``.

Building a complete Python installation requires the use of various
additional third-party libraries, depending on your build platform and
configure options.  Not all standard library modules are buildable or
useable on all platforms.  Refer to the
`Install dependencies <https://devguide.python.org/getting-started/setup-building.html#build-dependencies>`_
section of the `Developer Guide`_ for current detailed information on
dependencies for various Linux distributions and macOS.

On macOS, there are additional configure and build options related
to macOS framework and universal builds.  Refer to `Mac/README.rst
<https://github.com/python/cpython/blob/main/Mac/README.rst>`_.

On Windows, see `PCbuild/readme.txt
<https://github.com/python/cpython/blob/main/PCbuild/readme.txt>`_.

To build Windows installer, see `Tools/msi/README.txt
<https://github.com/python/cpython/blob/main/Tools/msi/README.txt>`_.

If you wish, you can create a subdirectory and invoke configure from there.
For example::

    mkdir debug
    cd debug
    ../configure --with-pydebug
    make
    make test

(This will fail if you *also* built at the top-level directory.  You should do
a ``make clean`` at the top-level first.)

To get an optimized build of Python, ``configure --enable-optimizations``
before you run ``make``.  This sets the default make targets up to enable
Profile Guided Optimization (PGO) and may be used to auto-enable Link Time
Optimization (LTO) on some platforms.  For more details, see the sections
below.

Profile Guided Optimization
^^^^^^^^^^^^^^^^^^^^^^^^^^^

PGO takes advantage of recent versions of the GCC or Clang compilers.  If used,
either via ``configure --enable-optimizations`` or by manually running
``make profile-opt`` regardless of configure flags, the optimized build
process will perform the following steps:

The entire Python directory is cleaned of temporary files that may have
resulted from a previous compilation.

An instrumented version of the interpreter is built, using suitable compiler
flags for each flavor. Note that this is just an intermediary step.  The
binary resulting from this step is not good for real-life workloads as it has
profiling instructions embedded inside.

After the instrumented interpreter is built, the Makefile will run a training
workload.  This is necessary in order to profile the interpreter's execution.
Note also that any output, both stdout and stderr, that may appear at this step
is suppressed.

The final step is to build the actual interpreter, using the information
collected from the instrumented one.  The end result will be a Python binary
that is optimized; suitable for distribution or production installation.


Link Time Optimization
^^^^^^^^^^^^^^^^^^^^^^

Enabled via configure's ``--with-lto`` flag.  LTO takes advantage of the
ability of recent compiler toolchains to optimize across the otherwise
arbitrary ``.o`` file boundary when building final executables or shared
libraries for additional performance gains.


What's New
----------

We have a comprehensive overview of the changes in the `What's New in Python
3.14 <https://docs.python.org/3.14/whatsnew/3.14.html>`_ document.  For a more
detailed change log, read `Misc/NEWS
<https://github.com/python/cpython/tree/main/Misc/NEWS.d>`_, but a full
accounting of changes can only be gleaned from the `commit history
<https://github.com/python/cpython/commits/main>`_.

If you want to install multiple versions of Python, see the section below
entitled "Installing multiple versions".


Documentation
-------------

`Documentation for Python 3.14 <https://docs.python.org/3.14/>`_ is online,
updated daily.

It can also be downloaded in many formats for faster access.  The documentation
is downloadable in HTML, PDF, and reStructuredText formats; the latter version
is primarily for documentation authors, translators, and people with special
formatting requirements.

For information about building Python's documentation, refer to `Doc/README.rst
<https://github.com/python/cpython/blob/main/Doc/README.rst>`_.


Testing
-------

To test the interpreter, type ``make test`` in the top-level directory.  The
test set produces some output.  You can generally ignore the messages about
skipped tests due to optional features which can't be imported.  If a message
is printed about a failed test or a traceback or core dump is produced,
something is wrong.

By default, tests are prevented from overusing resources like disk space and
memory.  To enable these tests, run ``make buildbottest``.

If any tests fail, you can re-run the failing test(s) in verbose mode.  For
example, if ``test_os`` and ``test_gdb`` failed, you can run::

    make test TESTOPTS="-v test_os test_gdb"

If the failure persists and appears to be a problem with Python rather than
your environment, you can `file a bug report
<https://github.com/python/cpython/issues>`_ and include relevant output from
that command to show the issue.

See `Running & Writing Tests <https://devguide.python.org/testing/run-write-tests.html>`_
for more on running tests.

Installing multiple versions
----------------------------

On Unix and Mac systems if you intend to install multiple versions of Python
using the same installation prefix (``--prefix`` argument to the configure
script) you must take care that your primary python executable is not
overwritten by the installation of a different version.  All files and
directories installed using ``make altinstall`` contain the major and minor
version and can thus live side-by-side.  ``make install`` also creates
``${prefix}/bin/python3`` which refers to ``${prefix}/bin/python3.X``.  If you
intend to install multiple versions using the same prefix you must decide which
version (if any) is your "primary" version.  Install that version using
``make install``.  Install all other versions using ``make altinstall``.

For example, if you want to install Python 2.7, 3.6, and 3.14 with 3.14 being the
primary version, you would execute ``make install`` in your 3.14 build directory
and ``make altinstall`` in the others.


Release Schedule
----------------

See `PEP 745 <https://peps.python.org/pep-0745/>`__ for Python 3.14 release details.


Copyright and License Information
---------------------------------


Copyright © 2001 Python Software Foundation.  All rights reserved.

Copyright © 2000 BeOpen.com.  All rights reserved.

Copyright © 1995-2001 Corporation for National Research Initiatives.  All
rights reserved.

Copyright © 1991-1995 Stichting Mathematisch Centrum.  All rights reserved.

See the `LICENSE <https://github.com/python/cpython/blob/main/LICENSE>`_ for
information on the history of this software, terms & conditions for usage, and a
DISCLAIMER OF ALL WARRANTIES.

This Python distribution contains *no* GNU General Public License (GPL) code,
so it may be used in proprietary projects.  There are interfaces to some GNU
code but these are entirely optional.

All trademarks referenced herein are property of their respective holders.