Seeing the following error in the [grpc_portability](https://fusion2.corp.google.com/ci;ids=1930537984/kokoro/prod:grpc%2Fcore%2Fmaster%2Flinux%2Fgrpc_portability/activity/3abaaa26-ee47-4ae6-a7ca-29c42e92857a/tests) build:
```
2024-04-05 04:25:38,790 WARNING: All log messages before absl::InitializeLog() is called are written to STDERR
I0000 00:00:1712290838.800474 1083330 config.cc:239] gRPC experiments: work_serializer_dispatch:off; default-enabled: call_status_override_on_cancellation, event_engine_dns, event_engine_listener, http2_stats_fix, monitoring_experiment, pending_queue_cap, work_serializer_clears_time_cache
I0000 00:00:1712290838.800793 1083330 ev_epoll1_linux.cc:123] grpc epoll fd: 3
Note: Google Test filter = ServiceConfigParserTest.DoubleRegistration
[==========] Running 1 test from 1 test suite.
[----------] Global test environment set-up.
[----------] 1 test from ServiceConfigParserTest
[ RUN ] ServiceConfigParserTest.DoubleRegistration
[WARNING] /var/local/git/grpc/third_party/googletest/googletest/src/gtest-death-test.cc:1102:: Death tests use fork(), which is unsafe particularly in a threaded context. For this test, Google Test detected 4 threads. See https://github.com/google/googletest/blob/main/docs/advanced.md#death-tests-and-threads for more explanation and suggested solutions, especially if this is the last message you see before your test times o
ut.
2024-04-05 04:25:38,791 TIMEOUT: cmake/build/service_config_test --gtest_filter=ServiceConfigParserTest.DoubleRegistration GRPC_POLL_STRATEGY=epoll1 [pid=1083328, time=300.0sec]
```
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#36261
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36261 from yijiem:fix-tests-1.63-release 5605defcba
PiperOrigin-RevId: 622222161
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#36182
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36182 from yijiem:grpc-metrics-async-gauge 8614485f3d
PiperOrigin-RevId: 622182710
Rolling this (https://github.com/grpc/grpc/pull/36153) back as master branch is failing in mac with the following error
```
+ python3 workspace_python_macos_opt_native/tools/run_tests/run_tests.py -t -j 4 -x run_tests/python_macos_opt_native/sponge_log.xml --report_suite_name python_macos_opt_native -l python -c opt --iomgr_platform native --max_time 3600 --report_multi_target
Traceback (most recent call last):
File "/Volumes/BuildData/tmpfs/altsrc/github/grpc/workspace_python_macos_opt_native/tools/run_tests/run_tests.py", line 50, in
from python_utils.upload_test_results import upload_results_to_bq
File "/Volumes/BuildData/tmpfs/altsrc/github/grpc/workspace_python_macos_opt_native/tools/run_tests/python_utils/upload_test_results.py", line 30, in
import big_query_utils
File "/Volumes/BuildData/tmpfs/altsrc/github/grpc/workspace_python_macos_opt_native/tools/gcp/utils/big_query_utils.py", line 21, in
from apiclient import discovery
File "/Users/kbuilder/.local/lib/python3.10/site-packages/apiclient/__init__.py", line 3, in
from googleapiclient import channel, discovery, errors, http, mimeparse, model
File "/Users/kbuilder/.local/lib/python3.10/site-packages/googleapiclient/discovery.py", line 64, in
from googleapiclient import _auth, mimeparse
File "/Users/kbuilder/.local/lib/python3.10/site-packages/googleapiclient/_auth.py", line 34, in
import oauth2client.client
File "/Users/kbuilder/.local/lib/python3.10/site-packages/oauth2client/client.py", line 45, in
from oauth2client import crypt
File "/Users/kbuilder/.local/lib/python3.10/site-packages/oauth2client/crypt.py", line 45, in
from oauth2client import _openssl_crypt
File "/Users/kbuilder/.local/lib/python3.10/site-packages/oauth2client/_openssl_crypt.py", line 16, in
from OpenSSL import crypto
File "/Users/kbuilder/.local/lib/python3.10/site-packages/OpenSSL/__init__.py", line 8, in
from OpenSSL import crypto, SSL
File "/Users/kbuilder/.local/lib/python3.10/site-packages/OpenSSL/crypto.py", line 1556, in
class X509StoreFlags(object):
File "/Users/kbuilder/.local/lib/python3.10/site-packages/OpenSSL/crypto.py", line 1575, in X509StoreFlags
NOTIFY_POLICY = _lib.X509_V_FLAG_NOTIFY_POLICY
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'. Did you mean: 'X509_V_FLAG_EXPLICIT_POLICY'?
```
Closes#36255
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36255 from veblush:rb-36153 79c86e160e
PiperOrigin-RevId: 621886345
See #36176. The only difference is a temporary shim for Secure credentials types, which was already discussed and approved separately.
Closes#36242
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36242 from drfloob:reland/36176 f07bebe289
PiperOrigin-RevId: 621879911
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.6 to 42.0.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p>
<blockquote>
<p>42.0.4 - 2024-02-20</p>
<pre><code>
* Fixed a null-pointer-dereference and segfault that could occur when creating
a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
definitions in :rfc:`2633` :rfc:`3370`.
<p>.. _v42-0-3:</p>
<p>42.0.3 - 2024-02-15
</code></pre></p>
<ul>
<li>Fixed an initialization issue that caused key loading failures for some
users.</li>
</ul>
<p>.. _v42-0-2:</p>
<p>42.0.2 - 2024-01-30</p>
<pre><code>
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
``X25519PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
``X448PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
and ``DHPrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
<p>.. _v42-0-1:</p>
<p>42.0.1 - 2024-01-24
</code></pre></p>
<ul>
<li>Fixed an issue with incorrect keyword-argument naming with <code>EllipticCurvePrivateKey</code>
:meth:<code>~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign</code>.</li>
<li>Resolved compatibility issue with loading certain RSA public keys in
:func:<code>~cryptography.hazmat.primitives.serialization.load_pem_public_key</code>.</li>
</ul>
<p>.. _v42-0-0:</p>
<p>42.0.0 - 2024-01-22</p>
<pre><code>
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="fe18470f7d"><code>fe18470</code></a> Bump for 42.0.4 release (<a href="https://redirect.github.com/pyca/cryptography/issues/10445">#10445</a>)</li>
<li><a href="aaa2dd06ed"><code>aaa2dd0</code></a> Fix ASN.1 issues in PKCS#7 and S/MIME signing (<a href="https://redirect.github.com/pyca/cryptography/issues/10373">#10373</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10442">#10442</a>)</li>
<li><a href="7a4d012991"><code>7a4d012</code></a> Fixes <a href="https://redirect.github.com/pyca/cryptography/issues/10422">#10422</a> -- don't crash when a PKCS#12 key and cert don't match (<a href="https://redirect.github.com/pyca/cryptography/issues/10423">#10423</a>) ...</li>
<li><a href="df314bb182"><code>df314bb</code></a> backport actions m1 switch to 42.0.x (<a href="https://redirect.github.com/pyca/cryptography/issues/10415">#10415</a>)</li>
<li><a href="c49a7a5271"><code>c49a7a5</code></a> changelog and version bump for 42.0.3 (<a href="https://redirect.github.com/pyca/cryptography/issues/10396">#10396</a>)</li>
<li><a href="396bcf64c5"><code>396bcf6</code></a> fix provider loading take two (<a href="https://redirect.github.com/pyca/cryptography/issues/10390">#10390</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10395">#10395</a>)</li>
<li><a href="0e0e46f5f7"><code>0e0e46f</code></a> backport: initialize openssl's legacy provider in rust (<a href="https://redirect.github.com/pyca/cryptography/issues/10323">#10323</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10333">#10333</a>)</li>
<li><a href="2202123b50"><code>2202123</code></a> changelog and version bump 42.0.2 (<a href="https://redirect.github.com/pyca/cryptography/issues/10268">#10268</a>)</li>
<li><a href="f7032bdd40"><code>f7032bd</code></a> bump openssl in CI (<a href="https://redirect.github.com/pyca/cryptography/issues/10298">#10298</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10299">#10299</a>)</li>
<li><a href="002e886f16"><code>002e886</code></a> Fixes <a href="https://redirect.github.com/pyca/cryptography/issues/10294">#10294</a> -- correct accidental change to exchange kwarg (<a href="https://redirect.github.com/pyca/cryptography/issues/10295">#10295</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10296">#10296</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/3.4.6...42.0.4">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=3.4.6&new-version=42.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/grpc/grpc/network/alerts).
</details>
Closes#36153
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36153 from grpc:dependabot/pip/tools/internal_ci/helper_scripts/cryptography-42.0.4 7a8a0d3528
PiperOrigin-RevId: 621637071
When parsing `action` fails we don't touch that memory in the object loader, yet we still call `PostLoad` to fill in any other errors. In that case we are currently relying on undefined behavior to have this test work -- why msan didn't flag it upsets me.
Default `action` to some safe value to avoid the undefined behavior, and log the bad action in the error message to ease debugging here in the future.
Closes#36244
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36244 from ctiller:rbac-undef d94b04a508
PiperOrigin-RevId: 621599880
This paves the way for removing `GetEndpoint()` from the transport API, which is a prereq for removing `grpc_endpoint_shutdown()`.
Closes#36237
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36237 from markdroth:endpoint_filter_cleanup_rbac 46a41400e0
PiperOrigin-RevId: 621537397
Following up to #33961 `Party` no longer needs to refer to `Arena`, and decoupling gives us a few more degrees of freedom in the design of a final `CallSpine`.
Also flesh out `LogStateChange` usage so that all state transitions are traced when that tracer is enabled.
Closes#36229
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36229 from ctiller:arenaless-party 51ae8eb898
PiperOrigin-RevId: 621525912
Soon we'll want to wind back some of the custom header ordering rules that we enforce in gRPC to make some workflow issues easier. As a first step, remove the `port_platform.h` as first header requirement -- where we need it, CI will show a problem -- and removing it lets us remove one of the bigger ordering constraints we have.
Closes#36234
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36234 from ctiller:port-platform-requirement 93eb96a7b4
PiperOrigin-RevId: 621327253
These tests are slow and can timeout, this diff increase the number of concurrent jobs to 4 and 8, which may help avoid timeouts.
These parameters are also configured differently in [many other tests](https://github.com/search?q=repo%3Agrpc%2Fgrpc+inner_jobs&type=code).
```
2024-03-10 07:00:56,453 START: run_tests_c_macos_dbg_native
2024-03-10 07:06:44,335 PASSED: run_tests_c_macos_dbg_native [time=347.9sec, retries=0:0]
2024-03-10 07:06:44,335 START: run_tests_c_macos_opt_native
2024-03-10 07:12:54,717 PASSED: run_tests_c_macos_opt_native [time=370.4sec, retries=0:0]
2024-03-10 07:12:54,717 START: run_tests_c++_macos_dbg_native
2024-03-10 09:19:00,785 PASSED: run_tests_c++_macos_dbg_native [time=7566.1sec, retries=0:0]
2024-03-10 09:19:00,788 START: run_tests_c++_macos_opt_native
ERROR: Aborting VM command due to timeout of 14400 seconds
```
Closes#36190
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36190 from HannahShiSFB:basic-c-cpp-macos-jobs c026a6afbc
PiperOrigin-RevId: 621306368
modeled after absl/time
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#36219
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36219 from yijiem:fix-infinities e102d7fe21
PiperOrigin-RevId: 621287985
Issue https://github.com/grpc/grpc/issues/34304
Allows to disable systemd support,
as well as linking with libsystemd,
when it is not required.
The option has three possible values:
AUTO - Default, Will try to find libsystemd. If found, systemd support will be enabled.
ON - Enable systemd support. Build will fail if libsystemd is not found.
OFF - Disable systemd support.
Closes#34384
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/34384 from kirpichik:cmake-use-systemd-option 96f5f4bd68
PiperOrigin-RevId: 621274356
Ref: b/332425004
Adding a workaround for x86 builds that run into trouble with using an installed abseil library.
Closes#36220
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36220 from yashykt:FixPortabilityLinux 672ccdb3ff
PiperOrigin-RevId: 621259080
This was a concept that I thought we'd need, but as work has continued it's clear that the right api is CallDestination (or variants thereof)
Closes#36226
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36226 from ctiller:call_factory c30a893f3a
PiperOrigin-RevId: 621255162
Also addressing a TODO from previous PRs where `authority` is not being populated in the `ChannelScope`.
Closes#36189
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36189 from yashykt:OTelChannelScope e76f9ce0ca
PiperOrigin-RevId: 621231764
In Cython 3, cdef functions that really will not raise exceptions must be declared as `noexcept`. Fixed by this commit.
Update requirements to `cython >= 3.0` in requirements*.txt and setup.py.
Fixes issue #33918.
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#35995
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35995 from badshah400:master b3277bac15
PiperOrigin-RevId: 621214091
Forked from #35957
This PR refactors the credentials types to remove Secure and Insecure Channel and Call credentials types. We standardize on a `c_creds()` accessor method for all credentials types, which can now be treated uniformly. This notably removes special-case handling of insecure credentials.
The special code-paths for insecure creds are no longer necessary in the wake of #25586.
Closes#36176
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36176 from drfloob:fork/35957/creds-API fd64d59c23
PiperOrigin-RevId: 621008166
It looks like we're settling on moving this functionality into the channel itself - so removing the filter makes sense (especially since it had some significant bugs)
Closes#36213
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36213 from ctiller:x-ex 3040dcec95
PiperOrigin-RevId: 620996358
Protobuf for Ruby bumped the major version to 4. [package](https://rubygems.org/gems/google-protobuf) so the Ruby gemspec should be updated to have 4 instead of 3.
But gRPC's other dependencies don't work with Protobuf 4.x so I fixed the version of google-protobuf for gRPC Ruby to 3.25 which was the last version gRPC used.
Closes#36215
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36215 from veblush:ruby-protobuf 171a6d63bc
PiperOrigin-RevId: 620987535
- client initial metadata is always supplied at initiator construction
- stack configuration is lazily supplied
Closes#36005
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36005 from ctiller:chan3-no-push 423869d77b
PiperOrigin-RevId: 620971618
Instead, build a library and re-use that across compilations.
This still invokes a link step per target, and we'll want to deal with that at some point too, but at least this makes some progress to not being as wasteful with our compilation resources.
Additionally: remove bm_pollset -- it was having some problems compiling, and we really don't need it anymore.
Closes#36197
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36197 from ctiller:maintain-this-shite 9955026e23
PiperOrigin-RevId: 620946543
Previously we wrote `DualRefCounted : public Orphanable`, but this is wrong: `Orphan`-ing is a private implementation detail to `DualRefCounted`, but a public interface to `Orphanable`.
This bug means that it's possible to write `OrphanablePtr<T>` when `T` is derived from `DualRefCounted`, leading to hard to diagnose bugs - especially when moving a previously `Orphanable` type to be `DualRefCounted`.
This change removes the inheritance from `Orphanable`, and instead adds an overridable method `Orphaned` that implementors of `DualRefCounted` can implement.
In this way we get:
* compiler errors if someone chooses to write `OrphanablePtr` for one of these types
* compiler errors if someone implements `Orphan()` instead of `Orphaned()` in the wrong place (or vice versa)
Closes#36194
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36194 from ctiller:orf b96b831a96
PiperOrigin-RevId: 620916632
Internally, use `std::vector` instead of `ChunkedVector` to hold extra metadatum.
I'm not totally convinced this is the right move, so it's going to be a try it and monitor for a month or so thing... I might roll back if performance is actually affected (but I think we'll see some wins and losses and overall about a wash).
Closes#36118
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36118 from ctiller:YUPYUPYUP 68e0acd0a2
PiperOrigin-RevId: 620902195
This removes two Executor::Run dependencies, and requires that all ServerCallbackCall implementations implement the new `RunAsync` method. There's one other known other implementation of ServerCallbackCall that will need to be updated.
We could also support an "inefficient" path that uses the default engine (not implemented here), for all subclasses that do not want to update. As far as anyone is aware, the ServerCallbackCall class was never intended to be subclassed externally.
Closes#36126
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36126 from drfloob:server-callback-on-ee 6242a78a3f
PiperOrigin-RevId: 619621598