build(deps): bump astral-sh/setup-uv from 5 to 6

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 5 to 6.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/v5...v6)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/dependabot.yml

@@ -1,6 +1,7 @@
 version: 2
+enable-beta-ecosystems: true
 updates:
-- package-ecosystem: pip
+- package-ecosystem: uv
   directory: "/"
   schedule:
     interval: daily

.github/workflows/pythonpackage.yml

@@ -24,23 +24,15 @@ jobs:
       uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
-    - name: Run image
+    - name: Install uv
-      uses: abatilo/actions-poetry@v4
+      uses: astral-sh/setup-uv@v6
       with:
-        poetry-version: ${{ matrix.poetry-version }}
+        version: "0.4.30"
-    - name: Setup a local virtual environment (if no poetry.toml file)
+        enable-cache: true
-      run: |
+        cache-dependency-glob: "uv.lock"
-        poetry config virtualenvs.create true --local
+    - name: Install the project
-        poetry config virtualenvs.in-project true --local
+      run: uv sync --all-extras --dev
-    - uses: actions/cache@v4
-      name: Define a cache for the virtual environment based on the dependencies lock file
-      with:
-        path: ./.venv
-        key: venv-${{ hashFiles('poetry.lock') }}
-    - name: Install the project dependencies
-      run: poetry install
     - name: Lint with flake8
-      run: |
+      run: uv run flake8 sshuttle tests --count --show-source --statistics
-        poetry run flake8 sshuttle tests --count --show-source --statistics
     - name: Run the automated tests
-      run: poetry run pytest -v
+      run: uv run pytest -v

.github/workflows/release-please.yml

@@ -12,44 +12,55 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+      tag_name: ${{ steps.release.outputs.tag_name }}
     steps:
       - uses: googleapis/release-please-action@v4
+        id: release
         with:
           token: ${{ secrets.MY_RELEASE_PLEASE_TOKEN }}
           release-type: python
 
-  upload-pypi:
+  build-pypi:
-    name: Upload to pypi
+    name: Build for pypi
     needs: [release-please]
     if: ${{ needs.release-please.outputs.release_created == 'true' }}
     runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python 3.12
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.12
+    - name: Install uv
+      uses: astral-sh/setup-uv@v6
+      with:
+        version: "0.4.30"
+        enable-cache: true
+        cache-dependency-glob: "uv.lock"
+    - name: Build project
+      run: uv build
+    - name: Store the distribution packages
+      uses: actions/upload-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+
+  upload-pypi:
+    name: Upload to pypi
+    needs: [build-pypi]
+    runs-on: ubuntu-latest
     environment:
       name: pypi
       url: https://pypi.org/p/sshuttle
     permissions:
       id-token: write
     steps:
-    - uses: actions/checkout@v4
+    - name: Download all the dists
-    - name: Set up Python 3.12
+      uses: actions/download-artifact@v4
-      uses: actions/setup-python@v5
       with:
-        python-version: 3.12
+        name: python-package-distributions
-    - name: Run image
+        path: dist/
-      uses: abatilo/actions-poetry@v4
-      with:
-        poetry-version: main
-    - name: Setup a local virtual environment (if no poetry.toml file)
-      run: |
-        poetry config virtualenvs.create true --local
-        poetry config virtualenvs.in-project true --local
-    - uses: actions/cache@v4
-      name: Define a cache for the virtual environment based on the dependencies lock file
-      with:
-        path: ./.venv
-        key: venv-${{ hashFiles('poetry.lock') }}
-    - name: Install the project dependencies
-      run: poetry install
-    - name: Package project
-      run: poetry build
     - name: Publish package distributions to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1

.readthedocs.yaml

@@ -5,10 +5,9 @@ build:
   tools:
     python: "3.10"
   jobs:
-    post_create_environment:
-      - pip install poetry
     post_install:
-      - VIRTUAL_ENV=$READTHEDOCS_VIRTUALENV_PATH poetry install --with docs
+      - pip install uv
+      - UV_PROJECT_ENVIRONMENT=$READTHEDOCS_VIRTUALENV_PATH uv sync --all-extras --group docs --link-mode=copy
 
 sphinx:
   configuration: docs/conf.py

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## [1.3.1](https://github.com/sshuttle/sshuttle/compare/v1.3.0...v1.3.1) (2025-03-25)
+
+
+### Bug Fixes
+
+* add pycodestyle config ([5942376](https://github.com/sshuttle/sshuttle/commit/5942376090395d0a8dfe38fe012a519268199341))
+* add python lint tools ([ae3c022](https://github.com/sshuttle/sshuttle/commit/ae3c022d1d67de92f1c4712d06eb8ae76c970624))
+* correct bad version number at runtime ([7b66253](https://github.com/sshuttle/sshuttle/commit/7b662536ba92d724ed8f86a32a21282fea66047c))
+* Restore "nft" method ([375810a](https://github.com/sshuttle/sshuttle/commit/375810a9a8910a51db22c9fe4c0658c39b16c9e7))
+
 ## [1.3.0](https://github.com/sshuttle/sshuttle/compare/v1.2.0...v1.3.0) (2025-02-23)
 
 

docs/conf.py

@@ -16,7 +16,7 @@
 import sys
 import os
 sys.path.insert(0, os.path.abspath('..'))
-import sshuttle.version  # NOQA
+import sshuttle  # NOQA
 
 # If extensions (or modules to document with autodoc) are in another directory,
 # add these directories to sys.path here. If the directory is relative to the
@@ -56,7 +56,7 @@ copyright = '2016, Brian May'
 # built documents.
 #
 # The full version, including alpha/beta/rc tags.
-release = sshuttle.version.version
+release = sshuttle.__version__
 # The short X.Y version.
 version = '.'.join(release.split('.')[:2])
 

flake.lock

@@ -18,52 +18,13 @@
         "type": "github"
       }
     },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "nix-github-actions": {
-      "inputs": {
-        "nixpkgs": [
-          "poetry2nix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1729742964,
-        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
-        "owner": "nix-community",
-        "repo": "nix-github-actions",
-        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nix-github-actions",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1738702386,
+        "lastModified": 1740743217,
-        "narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=",
+        "narHash": "sha256-brsCRzLqimpyhORma84c3W2xPbIidZlIc3JGIuQVSNI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e",
+        "rev": "b27ba4eb322d9d2bf2dc9ada9fd59442f50c8d7c",
         "type": "github"
       },
       "original": {
@@ -73,27 +34,49 @@
         "type": "github"
       }
     },
-    "poetry2nix": {
+    "pyproject-build-systems": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
-        "nix-github-actions": "nix-github-actions",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": "systems_3",
+        "pyproject-nix": [
-        "treefmt-nix": "treefmt-nix"
+          "pyproject-nix"
+        ],
+        "uv2nix": [
+          "uv2nix"
+        ]
       },
       "locked": {
-        "lastModified": 1738741221,
+        "lastModified": 1740362541,
-        "narHash": "sha256-UiTOA89yQV5YNlO1ZAp4IqJUGWOnTyBC83netvt8rQE=",
+        "narHash": "sha256-S8Mno07MspggOv/xIz5g8hB2b/C5HPiX8E+rXzKY+5U=",
-        "owner": "nix-community",
+        "owner": "pyproject-nix",
-        "repo": "poetry2nix",
+        "repo": "build-system-pkgs",
-        "rev": "be1fe795035d3d36359ca9135b26dcc5321b31fb",
+        "rev": "e151741c848ba92331af91f4e47640a1fb82be19",
         "type": "github"
       },
       "original": {
-        "owner": "nix-community",
+        "owner": "pyproject-nix",
-        "repo": "poetry2nix",
+        "repo": "build-system-pkgs",
+        "type": "github"
+      }
+    },
+    "pyproject-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1739758351,
+        "narHash": "sha256-Aoa4dEoC7Hf6+gFVk/SDquZTMFlmlfsgdTWuqQxzePs=",
+        "owner": "pyproject-nix",
+        "repo": "pyproject.nix",
+        "rev": "1329712f7f9af3a8b270764ba338a455b7323811",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pyproject-nix",
+        "repo": "pyproject.nix",
         "type": "github"
       }
     },
@@ -101,7 +84,9 @@
       "inputs": {
         "flake-utils": "flake-utils",
         "nixpkgs": "nixpkgs",
-        "poetry2nix": "poetry2nix"
+        "pyproject-build-systems": "pyproject-build-systems",
+        "pyproject-nix": "pyproject-nix",
+        "uv2nix": "uv2nix"
       }
     },
     "systems": {
@@ -119,54 +104,26 @@
         "type": "github"
       }
     },
-    "systems_2": {
+    "uv2nix": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_3": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "treefmt-nix": {
       "inputs": {
         "nixpkgs": [
-          "poetry2nix",
           "nixpkgs"
+        ],
+        "pyproject-nix": [
+          "pyproject-nix"
         ]
       },
       "locked": {
-        "lastModified": 1730120726,
+        "lastModified": 1740497536,
-        "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
+        "narHash": "sha256-K+8wsVooqhaqyxuvew3+62mgOfRLJ7whv7woqPU3Ypo=",
-        "owner": "numtide",
+        "owner": "pyproject-nix",
-        "repo": "treefmt-nix",
+        "repo": "uv2nix",
-        "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
+        "rev": "d01fd3a141755ad5d5b93dd9fcbd76d6401f5bac",
         "type": "github"
       },
       "original": {
-        "owner": "numtide",
+        "owner": "pyproject-nix",
-        "repo": "treefmt-nix",
+        "repo": "uv2nix",
         "type": "github"
       }
     }

flake.nix

@@ -1,11 +1,24 @@
 {
   description = "Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.";
 
-  inputs.flake-utils.url = "github:numtide/flake-utils";
+  inputs = {
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    flake-utils.url = "github:numtide/flake-utils";
-  inputs.poetry2nix = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
-    url = "github:nix-community/poetry2nix";
+    pyproject-nix = {
-    inputs.nixpkgs.follows = "nixpkgs";
+      url = "github:pyproject-nix/pyproject.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    uv2nix = {
+      url = "github:pyproject-nix/uv2nix";
+      inputs.pyproject-nix.follows = "pyproject-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    pyproject-build-systems = {
+      url = "github:pyproject-nix/build-system-pkgs";
+      inputs.pyproject-nix.follows = "pyproject-nix";
+      inputs.uv2nix.follows = "uv2nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =
@@ -13,42 +26,90 @@
       self,
       nixpkgs,
       flake-utils,
-      poetry2nix,
+      pyproject-nix,
+      uv2nix,
+      pyproject-build-systems,
     }:
     flake-utils.lib.eachDefaultSystem (
       system:
       let
-        p2n = import poetry2nix { inherit pkgs; };
+        inherit (nixpkgs) lib;
-        overrides = p2n.defaultPoetryOverrides.extend (
-          self: super: {
-            nh3 = super.nh3.override { preferWheel = true; };
-            bump2version = super.bump2version.overridePythonAttrs (old: {
-              buildInputs = (old.buildInputs or [ ]) ++ [ super.setuptools ];
-            });
-          }
-        );
 
-        poetry_env = p2n.mkPoetryEnv {
-          python = pkgs.python3;
-          projectDir = self;
-          inherit overrides;
-        };
-        poetry_app = p2n.mkPoetryApplication {
-          python = pkgs.python3;
-          projectDir = self;
-          inherit overrides;
-        };
         pkgs = nixpkgs.legacyPackages.${system};
+
+        python = pkgs.python312;
+
+        workspace = uv2nix.lib.workspace.loadWorkspace { workspaceRoot = ./.; };
+
+        # Create package overlay from workspace.
+        overlay = workspace.mkPyprojectOverlay {
+          sourcePreference = "sdist";
+        };
+
+        # Extend generated overlay with build fixups
+        #
+        # Uv2nix can only work with what it has, and uv.lock is missing essential metadata to perform some builds.
+        # This is an additional overlay implementing build fixups.
+        # See:
+        # - https://pyproject-nix.github.io/uv2nix/FAQ.html
+        pyprojectOverrides =
+          final: prev:
+          # Implement build fixups here.
+          # Note that uv2nix is _not_ using Nixpkgs buildPythonPackage.
+          # It's using https://pyproject-nix.github.io/pyproject.nix/build.html
+          let
+            inherit (final) resolveBuildSystem;
+            inherit (builtins) mapAttrs;
+
+            # Build system dependencies specified in the shape expected by resolveBuildSystem
+            # The empty lists below are lists of optional dependencies.
+            #
+            # A package `foo` with specification written as:
+            # `setuptools-scm[toml]` in pyproject.toml would be written as
+            # `foo.setuptools-scm = [ "toml" ]` in Nix
+            buildSystemOverrides = {
+              chardet.setuptools = [ ];
+              colorlog.setuptools = [ ];
+              python-debian.setuptools = [ ];
+              pluggy.setuptools = [ ];
+              pathspec.flit-core = [ ];
+              packaging.flit-core = [ ];
+            };
+
+          in
+          mapAttrs (
+            name: spec:
+            prev.${name}.overrideAttrs (old: {
+              nativeBuildInputs = old.nativeBuildInputs ++ resolveBuildSystem spec;
+            })
+          ) buildSystemOverrides;
+
+        pythonSet =
+          (pkgs.callPackage pyproject-nix.build.packages {
+            inherit python;
+          }).overrideScope
+            (
+              lib.composeManyExtensions [
+                pyproject-build-systems.overlays.default
+                overlay
+                pyprojectOverrides
+              ]
+            );
+
+        inherit (pkgs.callPackages pyproject-nix.build.util { }) mkApplication;
+        package = mkApplication {
+          venv = pythonSet.mkVirtualEnv "sshuttle" workspace.deps.default;
+          package = pythonSet.sshuttle;
+        };
       in
       {
         packages = {
-          sshuttle = poetry_app;
+          sshuttle = package;
-          default = self.packages.${system}.sshuttle;
+          default = package;
         };
         devShells.default = pkgs.mkShell {
           packages = [
-            pkgs.poetry
+            pkgs.uv
-            poetry_env
           ];
         };
       }

pyproject.toml

@@ -1,9 +1,13 @@
-[tool.poetry]
+[project]
+authors = [
+    {name = "Brian May", email = "brian@linuxpenguins.xyz"},
+]
+license = {text = "LGPL-2.1"}
+requires-python = "<4.0,>=3.9"
+dependencies = []
 name = "sshuttle"
-version = "1.3.0"
+version = "1.3.1"
 description = "Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling."
-authors = ["Brian May <brian@linuxpenguins.xyz>"]
-license = "LGPL-2.1"
 readme = "README.rst"
 classifiers = [
     "Development Status :: 5 - Production/Stable",
@@ -18,27 +22,36 @@ classifiers = [
     "Topic :: System :: Networking",
 ]
 
-[tool.poetry.dependencies]
+[project.scripts]
-python = "^3.9"
-
-[tool.poetry.group.dev.dependencies]
-pytest = "^8.0.1"
-pytest-cov = ">=4.1,<7.0"
-flake8 = "^7.0.0"
-pyflakes = "^3.2.0"
-bump2version = "^1.0.1"
-twine = ">=5,<7"
-
-[build-system]
-requires = ["poetry-core"]
-build-backend = "poetry.core.masonry.api"
-
-[tool.poetry.scripts]
 sshuttle = "sshuttle.cmdline:main"
 
-[tool.poetry.group.docs]
+[dependency-groups]
-optional = true
+dev = [
+    "pytest<9.0.0,>=8.0.1",
+    "pytest-cov<7.0,>=4.1",
+    "flake8<8.0.0,>=7.0.0",
+    "pyflakes<4.0.0,>=3.2.0",
+    "bump2version<2.0.0,>=1.0.1",
+    "twine<7,>=5",
+    "black>=25.1.0",
+    "jedi-language-server>=0.44.0",
+    "pylsp-mypy>=0.7.0",
+    "python-lsp-server>=1.12.2",
+    "ruff>=0.11.2",
+]
+docs = [
+    "sphinx==8.1.3; python_version ~= \"3.10\"",
+    "furo==2024.8.6",
+]
 
-[tool.poetry.group.docs.dependencies]
+[tool.uv]
-sphinx = { version = "8.1.3", python = ">=3.10,<4.0" }
+default-groups = []
-furo = "2024.8.6"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.sdist]
+exclude = [
+    "/.jj"
+]

setup.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.3.0
+current_version = 1.3.1
 
 [bumpversion:file:setup.py]
 
@@ -23,5 +23,8 @@ show-source = true
 statistics = true
 max-line-length = 128
 
+[pycodestyle]
+max-line-length = 128
+
 [tool:pytest]
 addopts = --cov=sshuttle --cov-branch --cov-report=term-missing

sshuttle/__init__.py

@@ -1,4 +1 @@
-try:
+__version__ = "1.3.1"
-    from sshuttle.version import version as __version__
-except ImportError:
-    __version__ = "unknown"

sshuttle/options.py

@@ -247,7 +247,7 @@ parser.add_argument(
 if sys.platform == 'win32':
     method_choices = ["auto", "windivert"]
 else:
-    method_choices = ["auto", "nat", "tproxy", "pf", "ipfw"]
+    method_choices = ["auto", "nft", "nat", "tproxy", "pf", "ipfw"]
 
 parser.add_argument(
     "--method",

sshuttle/sudoers.py

@@ -5,7 +5,15 @@ from uuid import uuid4
 
 
 def build_config(user_name):
-    template = '''
+    """Generates a sudoers configuration to allow passwordless execution of sshuttle."""
+
+    argv0 = os.path.abspath(sys.argv[0])
+    is_python_script = argv0.endswith('.py')
+    executable = f"{sys.executable} {argv0}" if is_python_script else argv0
+    dist_packages = os.path.dirname(os.path.abspath(__file__))
+    cmd_alias = f"SSHUTTLE{uuid4().hex[-3:].upper()}"
+
+    template = f"""
 # WARNING: If you intend to restrict a user to only running the
 # sshuttle command as root, THIS CONFIGURATION IS INSECURE.
 # When a user can run sshuttle as root (with or without a password),
@@ -16,27 +24,18 @@ def build_config(user_name):
 # sshuttle without needing to enter a sudo password. To use this
 # configuration, run 'visudo /etc/sudoers.d/sshuttle_auto' as root and
 # paste this text into the editor that it opens. If you want to give
-# multiple users these privileges, you may wish to use use different
+# multiple users these privileges, you may wish to use different
 # filenames for each one (i.e., /etc/sudoers.d/sshuttle_auto_john).
 
 # This configuration was initially generated by the
 # 'sshuttle --sudoers-no-modify' command.
 
-Cmnd_Alias %(ca)s = /usr/bin/env PYTHONPATH=%(dist_packages)s %(py)s %(path)s *
+Cmnd_Alias {cmd_alias} = /usr/bin/env PYTHONPATH={dist_packages} {executable} *
 
-%(user_name)s ALL=NOPASSWD: %(ca)s
+{user_name} ALL=NOPASSWD: {cmd_alias}
-'''
+"""
 
-    content = template % {
+    return template
-        # randomize command alias to avoid collisions
-        'ca': 'SSHUTTLE%(num)s' % {'num': uuid4().hex[-3:].upper()},
-        'dist_packages': os.path.dirname(os.path.abspath(__file__))[:-9],
-        'py': sys.executable,
-        'path': sys.argv[0],
-        'user_name': user_name,
-    }
-
-    return content
 
 
 def sudoers(user_name=None):

sshuttle/version.py

@@ -1 +0,0 @@
-__version__ = version = '1.2.0'