Updated protoc binaries + add helper in order to try fix build breakage.
Ended up being due to an AI-generated update to pip-system-certs that
was not reviewed carefully enough:
https://gitlab.com/alelec/pip-system-certs/-/issues/36
The updated mypy/black needed some tweaks to our files.
- Switch to Qt 6.8 for repo default, as 6.7 depends on an older
libwebp/tiff which is unavailable on newer installs
- Drop tools/mac-x86, as we no longer need to test against Qt 5
- Add flags to cross compile wheels on Mac and Linux
- Bump glibc target to 2_36, building on Debian Stable
- Increase mpv timeout on macOS to allow for initial gatekeeper checks
- Ship both arm64 and amd64 uv on Linux, with a bash stub to pick
the appropriate arch.
This is convenient, but suboptimal on a Mac at the moment. The first
run of mpv will take a number of seconds for security checks to run,
and our mpv code ends up timing out, repeating the process each time.
Our installer stub will need to invoke mpv once first to get it validated.
We could address this by distributing the audio with the installer/stub,
or perhaps by putting the binaries in a .pkg file that's notarized+stapled
and then included in the wheel.
Closes#3787, and is a step towards #3081 and #4022
This change breaks our PyOxidizer bundling process. While we probably
could update it to work with the new venvs & lockfile, my intention
is to use this as a base to try out a uv-based packager/installer.
Some notes about the changes:
- Use uv for python download + venv installation
- Drop python/requirements* in favour of pyproject files / uv.lock
- Bumped to latest Python 3.9 version. The move to 3.13 should be
a fairly trivial change when we're ready.
- Dropped the old write_wheel.py in favour of uv/hatchling. This has
the unfortunate side-effect of dropping leading zeros in our wheels,
which we could try hack around in the future.
- Switch to Qt 6.7 for the dev repo, as it's the first PyQt version
with a Linux/ARM WebEngine wheel.
- Unified our macOS deployment target with minimum required for ARM.
- Dropped unused fluent python files
- Dropped unused python license generation
- Dropped helpers to run under Qt 5, as our wheels were already
requiring Qt 6 to install.
* Treat play_file() and co as internal routines without protection
Our code and add-ons need a way to play audio from arbitrary locations. I propose we treat the _tag API as suitable for user input, and the _file API for internal use.
* Mention basename in the *_file() paths
We were (partially) doing this for MpvManager, but not for
Windows' SimpleMpvPlayer. By passing a media file starting
with a special scheme, a malicious actor could have caused a file to
be written to the filesystem on Windows.
Thanks once again to Michael Lappas for the report.
* add left margin to browser when sidebar is closed
* listen for event instead of explicit user action
* refresh sidebar on visibility change
* Add a margin on macOS even when not collapsed
---------
Co-authored-by: Damien Elmes <gpg@ankiweb.net>
Instantiating `MPV(MPVBase)` triggers multiple synchronous `command()` calls to the mpv process during callback registration. These calls block the main thread and degrade startup performance. This change defers registration via `taskman.run_in_background`.
* use non breaking spaces for names on about page
* Update qt/aqt/about.py
Co-authored-by: llama <gh@siid.sh>
---------
Co-authored-by: llama <gh@siid.sh>
(originally merged into a PR branch)
* Make URL schemes dialog more ergonomic
* add name to contributors list
* Title Case
* Tweak build instructions so Cursor picks them up
* Use a warning icon for the URL scheme pop-up
* Default to cancelling
mpv looks for ytdl on the path, which includes the CWD on Windows.
A malicious shared deck could place an executable called yt-dlp.exe in the
media folder, which mpv would then helpfully invoke the first time
a YouTube link was encountered.
A big thank you to Michael Lappas for the report.
