install release script deps by default

.gitignore

@@ -16,6 +16,7 @@ _trial_temp*/
 __pycache__/
 
 # We do want poetry, cargo and flake lockfiles.
+!uv.lock
 !poetry.lock
 !Cargo.lock
 !flake.lock
@@ -26,7 +27,6 @@ __pycache__/
 /*.log.*
 /*.log.config
 /*.pid
-/.python-version
 /*.signing.key
 /env/
 /.venv*/

.python-version

@@ -0,0 +1 @@
+3.13

pyproject.toml

@@ -1,38 +1,38 @@
 [tool.towncrier]
-    package = "synapse"
-    filename = "CHANGES.md"
-    directory = "changelog.d"
-    issue_format = "[\\#{issue}](https://github.com/element-hq/synapse/issues/{issue})"
+package = "synapse"
+filename = "CHANGES.md"
+directory = "changelog.d"
+issue_format = "[\\#{issue}](https://github.com/element-hq/synapse/issues/{issue})"
 
-    [[tool.towncrier.type]]
-        directory = "feature"
-        name = "Features"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "feature"
+name = "Features"
+showcontent = true
 
-    [[tool.towncrier.type]]
-        directory = "bugfix"
-        name = "Bugfixes"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "bugfix"
+name = "Bugfixes"
+showcontent = true
 
-    [[tool.towncrier.type]]
-        directory = "docker"
-        name = "Updates to the Docker image"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "docker"
+name = "Updates to the Docker image"
+showcontent = true
 
-    [[tool.towncrier.type]]
-        directory = "doc"
-        name = "Improved Documentation"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "doc"
+name = "Improved Documentation"
+showcontent = true
 
-    [[tool.towncrier.type]]
-        directory = "removal"
-        name = "Deprecations and Removals"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "removal"
+name = "Deprecations and Removals"
+showcontent = true
 
-    [[tool.towncrier.type]]
-        directory = "misc"
-        name = "Internal Changes"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "misc"
+name = "Internal Changes"
+showcontent = true
 
 [tool.ruff]
 line-length = 88
@@ -47,11 +47,7 @@ target-version = "py39"
 # flake8-bugbear compatible checks. Its error codes are described at
 # https://beta.ruff.rs/docs/rules/#flake8-bugbear-b
 #  B023: Functions defined inside a loop must not use variables redefined in the loop
-ignore = [
-    "B023",
-    "E501",
-    "E731",
-]
+ignore = ["B023", "E501", "E731"]
 select = [
     # pycodestyle
     "E",
@@ -78,7 +74,15 @@ select = [
 
 [tool.ruff.lint.isort]
 combine-as-imports = true
-section-order = ["future", "standard-library", "third-party", "twisted", "first-party", "testing", "local-folder"]
+section-order = [
+    "future",
+    "standard-library",
+    "third-party",
+    "twisted",
+    "first-party",
+    "testing",
+    "local-folder",
+]
 known-first-party = ["synapse"]
 
 [tool.ruff.lint.isort.sections]
@@ -95,188 +99,112 @@ line-ending = "auto"
 manifest-path = "rust/Cargo.toml"
 module-name = "synapse.synapse_rust"
 
-[tool.poetry]
+[project]
 name = "matrix-synapse"
 version = "1.123.0"
 description = "Homeserver for the Matrix decentralised comms protocol"
-authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
+authors = [
+    { name = "Matrix.org Team and Contributors", email = "packages@matrix.org" },
+]
 license = "AGPL-3.0-or-later"
 readme = "README.rst"
 repository = "https://github.com/element-hq/synapse"
-packages = [
-    { include = "synapse" },
-]
+packages = [{ include = "synapse" }]
+requires-python = ">=3.9"
 classifiers = [
     "Development Status :: 5 - Production/Stable",
     "Topic :: Communications :: Chat",
 ]
-include = [
-    { path = "AUTHORS.rst", format = "sdist" },
-    { path = "book.toml", format = "sdist" },
-    { path = "changelog.d", format = "sdist" },
-    { path = "CHANGES.md", format = "sdist" },
-    { path = "CONTRIBUTING.md", format = "sdist" },
-    { path = "demo", format = "sdist" },
-    { path = "docs", format = "sdist" },
-    { path = "INSTALL.md", format = "sdist" },
-    { path = "mypy.ini", format = "sdist" },
-    { path = "scripts-dev", format = "sdist" },
-    { path = "synmark", format="sdist" },
-    { path = "sytest-blacklist", format = "sdist" },
-    { path = "tests", format = "sdist" },
-    { path = "UPGRADE.rst", format = "sdist" },
-    { path = "Cargo.toml", format = "sdist" },
-    { path = "Cargo.lock", format = "sdist" },
-    { path = "rust/Cargo.toml", format = "sdist" },
-    { path = "rust/build.rs", format = "sdist" },
-    { path = "rust/src/**", format = "sdist" },
-]
-exclude = [
-    { path = "synapse/*.so", format = "sdist"}
+
+dependencies = [
+    # we use the TYPE_CHECKER.redefine method added in jsonschema 3.0.0
+    "jsonschema>=3.0.0",
+    # We choose 2.0 as a lower bound: the most recent backwards incompatible release.
+    # It seems generally available, judging by https://pkgs.org/search/?q=immutabledict
+    "immutabledict>=2.0",
+    # We require 2.1.0 or higher for type hints. Previous guard was >= 1.1.0
+    "unpaddedbase64>=2.1.0",
+    # We require 2.0.0 for immutabledict support.
+    "canonicaljson>=2.0.0",
+    # we use the type definitions added in signedjson 1.1.
+    "signedjson>=1.1.0",
+    # validating SSL certs for IP addresses requires service_identity 18.1.
+    "service-identity>=18.1.0",
+    # Twisted 18.9 introduces some logger improvements that the structured
+    # logger utilises
+    "Twisted[tls]>=18.9.0",
+    "treq>=15.1",
+    # Twisted has required pyopenssl 16.0 since about Twisted 16.6.
+    "pyOpenSSL>=16.0.0",
+    "PyYAML>=5.3",
+    "pyasn1>=0.1.9",
+    "pyasn1-modules>=0.0.7",
+    "bcrypt>=3.1.7",
+    # 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863.
+    "Pillow>=10.0.1",
+    # We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
+    "sortedcontainers>=1.5.2",
+    "pymacaroons>=0.13.0",
+    "msgpack>=0.5.2",
+    "phonenumbers>=8.2.0",
+    # we use GaugeHistogramMetric, which was added in prom-client 0.4.0.
+    "prometheus-client>=0.4.0",
+    # we use `order`, which arrived in attrs 19.2.0.
+    # Note: 21.1.0 broke `/sync`, see https://github.com/matrix-org/synapse/issues/9936
+    "attrs>=19.2.0,!=21.1.0",
+    "netaddr>=0.7.18",
+    # Jinja 2.x is incompatible with MarkupSafe>=2.1. To ensure that admins do not
+    # end up with a broken installation, with recent MarkupSafe but old Jinja, we
+    # add a lower bound to the Jinja2 dependency.
+    "Jinja2>=3.0",
+    "bleach>=1.4.3",
+    # We use `assert_never`, which were added in `typing-extensions` 4.1.
+    "typing-extensions>=4.1",
+    # We enforce that we have a `cryptography` version that bundles an `openssl`
+    # with the latest security patches.
+    "cryptography>=3.4.7",
+    # ijson 3.1.4 fixes a bug with "." in property names
+    "ijson>=3.1.4",
+    "matrix-common>=1.3.0",
+    # We need packaging.verison.Version(...).major added in 20.0.
+    "packaging>=20.0",
+    # We support pydantic v1 and pydantic v2 via the pydantic.v1 compat module.
+    # See https://github.com/matrix-org/synapse/issues/15858
+    "pydantic>=1.7.4,<3",
+    # This is for building the rust components during "poetry install", which
+    # currently ignores the `build-system.requires` directive (c.f.
+    # https://github.com/python-poetry/poetry/issues/6154). Both `pip install` and
+    # `poetry build` do the right thing without this explicit dependency.
+    #
+    # This isn't really a dev-dependency, as `poetry install --no-dev` will fail,
+    # but the alternative is to add it to the main list of deps where it isn't
+    # needed.
+    "setuptools_rust>=1.3",
+    # This is used for parsing multipart responses
+    "python-multipart>=0.0.9",
 ]
 
-[tool.poetry.build]
-script = "build_rust.py"
-generate-setup-file = true
-
-[tool.poetry.scripts]
-synapse_homeserver = "synapse.app.homeserver:main"
-synapse_worker = "synapse.app.generic_worker:main"
-synctl = "synapse._scripts.synctl:main"
-
-export_signing_key = "synapse._scripts.export_signing_key:main"
-generate_config = "synapse._scripts.generate_config:main"
-generate_log_config = "synapse._scripts.generate_log_config:main"
-generate_signing_key = "synapse._scripts.generate_signing_key:main"
-hash_password = "synapse._scripts.hash_password:main"
-register_new_matrix_user = "synapse._scripts.register_new_matrix_user:main"
-synapse_port_db = "synapse._scripts.synapse_port_db:main"
-synapse_review_recent_signups = "synapse._scripts.review_recent_signups:main"
-update_synapse_database = "synapse._scripts.update_synapse_database:main"
-
-[tool.poetry.dependencies]
-python = "^3.9.0"
-
-# Mandatory Dependencies
-# ----------------------
-# we use the TYPE_CHECKER.redefine method added in jsonschema 3.0.0
-jsonschema = ">=3.0.0"
-# We choose 2.0 as a lower bound: the most recent backwards incompatible release.
-# It seems generally available, judging by https://pkgs.org/search/?q=immutabledict
-immutabledict = ">=2.0"
-# We require 2.1.0 or higher for type hints. Previous guard was >= 1.1.0
-unpaddedbase64 = ">=2.1.0"
-# We require 2.0.0 for immutabledict support.
-canonicaljson = "^2.0.0"
-# we use the type definitions added in signedjson 1.1.
-signedjson = "^1.1.0"
-# validating SSL certs for IP addresses requires service_identity 18.1.
-service-identity = ">=18.1.0"
-# Twisted 18.9 introduces some logger improvements that the structured
-# logger utilises
-Twisted = {extras = ["tls"], version = ">=18.9.0"}
-treq = ">=15.1"
-# Twisted has required pyopenssl 16.0 since about Twisted 16.6.
-pyOpenSSL = ">=16.0.0"
-PyYAML = ">=5.3"
-pyasn1 = ">=0.1.9"
-pyasn1-modules = ">=0.0.7"
-bcrypt = ">=3.1.7"
-# 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863.
-# Packagers that already took care of libwebp can lower that down to 5.4.0.
-Pillow = ">=10.0.1"
-# We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
-sortedcontainers = ">=1.5.2"
-pymacaroons = ">=0.13.0"
-msgpack = ">=0.5.2"
-phonenumbers = ">=8.2.0"
-# we use GaugeHistogramMetric, which was added in prom-client 0.4.0.
-prometheus-client = ">=0.4.0"
-# we use `order`, which arrived in attrs 19.2.0.
-# Note: 21.1.0 broke `/sync`, see https://github.com/matrix-org/synapse/issues/9936
-attrs = ">=19.2.0,!=21.1.0"
-netaddr = ">=0.7.18"
-# Jinja 2.x is incompatible with MarkupSafe>=2.1. To ensure that admins do not
-# end up with a broken installation, with recent MarkupSafe but old Jinja, we
-# add a lower bound to the Jinja2 dependency.
-Jinja2 = ">=3.0"
-bleach = ">=1.4.3"
-# We use `assert_never`, which were added in `typing-extensions` 4.1.
-typing-extensions = ">=4.1"
-# We enforce that we have a `cryptography` version that bundles an `openssl`
-# with the latest security patches.
-cryptography = ">=3.4.7"
-# ijson 3.1.4 fixes a bug with "." in property names
-ijson = ">=3.1.4"
-matrix-common = "^1.3.0"
-# We need packaging.verison.Version(...).major added in 20.0.
-packaging = ">=20.0"
-# We support pydantic v1 and pydantic v2 via the pydantic.v1 compat module.
-# See https://github.com/matrix-org/synapse/issues/15858
-pydantic = ">=1.7.4, <3"
-
-# This is for building the rust components during "poetry install", which
-# currently ignores the `build-system.requires` directive (c.f.
-# https://github.com/python-poetry/poetry/issues/6154). Both `pip install` and
-# `poetry build` do the right thing without this explicit dependency.
-#
-# This isn't really a dev-dependency, as `poetry install --no-dev` will fail,
-# but the alternative is to add it to the main list of deps where it isn't
-# needed.
-setuptools_rust = ">=1.3"
-
-# This is used for parsing multipart responses
-python-multipart = ">=0.0.9"
-
-# Optional Dependencies
-# ---------------------
-matrix-synapse-ldap3 = { version = ">=0.1", optional = true }
-psycopg2 = { version = ">=2.8", markers = "platform_python_implementation != 'PyPy'", optional = true }
-psycopg2cffi = { version = ">=2.8", markers = "platform_python_implementation == 'PyPy'", optional = true }
-psycopg2cffi-compat = { version = "==1.1", markers = "platform_python_implementation == 'PyPy'", optional = true }
-pysaml2 = { version = ">=4.5.0", optional = true }
-authlib = { version = ">=0.15.1", optional = true }
-# systemd-python is necessary for logging to the systemd journal via
-# `systemd.journal.JournalHandler`, as is documented in
-# `contrib/systemd/log_config.yaml`.
-# Note: systemd-python 231 appears to have been yanked from pypi
-systemd-python = { version = ">=231", optional = true }
-lxml = { version = ">=4.5.2", optional = true }
-sentry-sdk = { version = ">=0.7.2", optional = true }
-opentracing = { version = ">=2.2.0", optional = true }
-jaeger-client = { version = ">=4.0.0", optional = true }
-txredisapi = { version = ">=1.4.7", optional = true }
-hiredis = { version = "*", optional = true }
-Pympler = { version = "*", optional = true }
-parameterized = { version = ">=0.7.4", optional = true }
-idna = { version = ">=2.5", optional = true }
-pyicu = { version = ">=2.10.2", optional = true }
-
-[tool.poetry.extras]
-# NB: Packages that should be part of `pip install matrix-synapse[all]` need to be specified
-# twice: once here, and once in the `all` extra.
-matrix-synapse-ldap3 = ["matrix-synapse-ldap3"]
-postgres = ["psycopg2", "psycopg2cffi", "psycopg2cffi-compat"]
-saml2 = ["pysaml2"]
-oidc = ["authlib"]
-# systemd-python is necessary for logging to the systemd journal via
-# `systemd.journal.JournalHandler`, as is documented in
-# `contrib/systemd/log_config.yaml`.
-systemd = ["systemd-python"]
-url-preview = ["lxml"]
-sentry = ["sentry-sdk"]
-opentracing = ["jaeger-client", "opentracing"]
-jwt = ["authlib"]
+[project.optional-dependencies]
+matrix-synapse-ldap3 = ["matrix-synapse-ldap3>=0.1"]
+postgres = [
+    "psycopg2>=2.8; platform_python_implementation != 'PyPy'",
+    "psycopg2cffi>=2.8; platform_python_implementation == 'PyPy'",
+    "psycopg2cffi-compat>=1.1; platform_python_implementation == 'PyPy'",
+]
+saml2 = ["pysaml2>=4.5.0"]
+oidc = ["authlib>=0.15.1"]
+#systemd = ["systemd-python>=231; platform_system == 'Linux'"]
+url-preview = ["lxml>=4.5.2"]
+sentry = ["sentry-sdk>=0.7.2"]
+opentracing = ["jaeger-client>=4.0.0", "opentracing>=2.2.0"]
+jwt = ["authlib>=0.15.1"]
 # hiredis is not a *strict* dependency, but it makes things much faster.
 # (if it is not installed, we fall back to slow code.)
-redis = ["txredisapi", "hiredis"]
-# Required to use experimental `caches.track_memory_usage` config option.
-cache-memory = ["pympler"]
-test = ["parameterized", "idna"]
-# Allows for better search for international characters in the user directory. This
-# requires libicu's development headers installed on the system (e.g. libicu-dev on
-# Debian-based distributions).
-user-search = ["pyicu"]
+redis = ["txredisapi>=1.4.7", "hiredis>=0.1.0"]
+# Required to use experimental `caches.track_memory
+cache-memory = ["pympler>=0.9.2"]
+test = ["parameterized>=0.7.4", "idna>=2.5"]
+user-search = ["pyicu>=2.10.2"]
 
 # The duplication here is awful. I hate hate hate hate hate it. However, for now I want
 # to ensure you can still `pip install matrix-synapse[all]` like today. Two motivations:
@@ -291,87 +219,112 @@ user-search = ["pyicu"]
 # Some of our extra names _are_ package names, which can lead to great confusion.
 all = [
     # matrix-synapse-ldap3
-    "matrix-synapse-ldap3",
+    "matrix-synapse-ldap3>=0.1",
     # postgres
-    "psycopg2", "psycopg2cffi", "psycopg2cffi-compat",
+    "psycopg2>=2.8; platform_python_implementation != 'PyPy'",
+    "psycopg2cffi>=2.8; platform_python_implementation == 'PyPy'",
+    "psycopg2cffi-compat>=1.1; platform_python_implementation == 'PyPy'",
     # saml2
-    "pysaml2",
+    "pysaml2>=4.5.0",
     # oidc and jwt
-    "authlib",
+    "authlib>=0.15.1",
     # url-preview
-    "lxml",
+    "lxml>=4.5.2",
     # sentry
-    "sentry-sdk",
+    "sentry-sdk>=0.7.2",
     # opentracing
-    "jaeger-client", "opentracing",
+    "jaeger-client>=4.0.0",
+    "opentracing>=2.2.0",
     # redis
-    "txredisapi", "hiredis",
+    "txredisapi>=1.4.7",
+    "hiredis>=0.1.0",
     # cache-memory
-    "pympler",
+    "pympler>=0.9.2",
     # improved user search
-    "pyicu",
-    # omitted:
-    #   - test: it's useful to have this separate from dev deps in the olddeps job
-    #   - systemd: this is a system-based requirement
+    "pyicu>=2.10.2",
 ]
 
-[tool.poetry.dev-dependencies]
-# We pin development dependencies in poetry.lock so that our tests don't start
-# failing on new releases. Keeping lower bounds loose here means that dependabot
-# can bump versions without having to update the content-hash in the lockfile.
-# This helps prevents merge conflicts when running a batch of dependabot updates.
-ruff = "0.7.3"
-# Type checking only works with the pydantic.v1 compat module from pydantic v2
-pydantic = "^2"
+[project.scripts]
+synapse_homeserver = "synapse.app.homeserver:main"
+synapse_worker = "synapse.app.generic_worker:main"
+synctl = "synapse._scripts.synctl:main"
 
-# Typechecking
-lxml-stubs = ">=0.4.0"
-mypy = "*"
-mypy-zope = "*"
-types-bleach = ">=4.1.0"
-types-commonmark = ">=0.9.2"
-types-jsonschema = ">=3.2.0"
-types-netaddr = ">=0.8.0.6"
-types-opentracing = ">=2.4.2"
-types-Pillow = ">=8.3.4"
-types-psycopg2 = ">=2.9.9"
-types-pyOpenSSL = ">=20.0.7"
-types-PyYAML = ">=5.4.10"
-types-requests = ">=2.26.0"
-types-setuptools = ">=57.4.0"
+export_signing_key = "synapse._scripts.export_signing_key:main"
+generate_config = "synapse._scripts.generate_config:main"
+generate_log_config = "synapse._scripts.generate_log_config:main"
+generate_signing_key = "synapse._scripts.generate_signing_key:main"
+hash_password = "synapse._scripts.hash_password:main"
+register_new_matrix_user = "synapse._scripts.register_new_matrix_user:main"
+synapse_port_db = "synapse._scripts.synapse_port_db:main"
+synapse_review_recent_signups = "synapse._scripts.review_recent_signups:main"
+update_synapse_database = "synapse._scripts.update_synapse_database:main"
 
-# Dependencies which are exclusively required by unit test code. This is
-# NOT a list of all modules that are necessary to run the unit tests.
-# Tests assume that all optional dependencies are installed.
-# parameterized<0.7.4 can create classes with names that would normally be invalid
-# identifiers. trial really does not like this when running with multiple workers.
-parameterized = ">=0.7.4"
-idna = ">=2.5"
-
-# The following are used by the release script
-click = ">=8.1.3"
-# GitPython was == 3.1.14; bumped to 3.1.20, the first release with type hints.
-GitPython = ">=3.1.20"
-commonmark = ">=0.9.1"
-pygithub = ">=1.55"
-# The following are executed as commands by the release script.
-twine = "*"
-# Towncrier min version comes from https://github.com/matrix-org/synapse/pull/3425. Rationale unclear.
-towncrier = ">=18.6.0rc1"
-
-# Used for checking the Poetry lockfile
-tomli = ">=1.2.3"
+[dependency-groups]
+dev = [
+    "ruff==0.7.3",
+    "mypy",
+    "mypy-zope",
+    "types-bleach>=4.1.0",
+    "types-commonmark>=0.9.2",
+    "types-jsonschema>=3.2.0",
+    "types-netaddr>=0.8.0.6",
+    "types-opentracing>=2.4.2",
+    "types-Pillow>=8.3.4",
+    "types-psycopg2>=2.9.9",
+    "types-pyOpenSSL>=20.0.7",
+    "types-PyYAML>=5.4.10",
+    "types-requests>=2.26.0",
+    "types-setuptools>=57.4.0",
+    "parameterized>=0.7.4",
+    "idna>=2.5",
+    "pyicu>=2.10.2",
+]
 
+release = [
+    "click>=8.1.3",
+    "GitPython>=3.1.20",
+    "commonmark>=0.9.1",
+    "pygithub>=1.55",
+    "twine",
+    # Towncrier min version comes from https://github.com/matrix-org/synapse/pull/3425. Rationale unclear.
+    "towncrier>=18.6.0rc1",
+    # Used for checking the Poetry lockfile
+    "tomli>=1.2.3",
+]
 
 [build-system]
-# The upper bounds here are defensive, intended to prevent situations like
-# https://github.com/matrix-org/synapse/issues/13849 and
-# https://github.com/matrix-org/synapse/issues/14079 where we see buildtime or
-# runtime errors caused by build system changes.
-# We are happy to raise these upper bounds upon request,
-# provided we check that it's safe to do so (i.e. that CI passes).
-requires = ["poetry-core>=1.1.0,<=1.9.1", "setuptools_rust>=1.3,<=1.10.2"]
-build-backend = "poetry.core.masonry.api"
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.uv]
+default-groups = ["dev", "release"]
+
+[tool.hatch.build.targets.wheel]
+packages = ["synapse"]
+
+[tool.hatch.build.targets.sdist]
+include = [
+    { path = "AUTHORS.rst", format = "sdist" },
+    { path = "book.toml", format = "sdist" },
+    { path = "changelog.d", format = "sdist" },
+    { path = "CHANGES.md", format = "sdist" },
+    { path = "CONTRIBUTING.md", format = "sdist" },
+    { path = "demo", format = "sdist" },
+    { path = "docs", format = "sdist" },
+    { path = "INSTALL.md", format = "sdist" },
+    { path = "mypy.ini", format = "sdist" },
+    { path = "scripts-dev", format = "sdist" },
+    { path = "synmark", format = "sdist" },
+    { path = "sytest-blacklist", format = "sdist" },
+    { path = "tests", format = "sdist" },
+    { path = "UPGRADE.rst", format = "sdist" },
+    { path = "Cargo.toml", format = "sdist" },
+    { path = "Cargo.lock", format = "sdist" },
+    { path = "rust/Cargo.toml", format = "sdist" },
+    { path = "rust/build.rs", format = "sdist" },
+    { path = "rust/src/**", format = "sdist" },
+]
+exclude = [{ path = "synapse/*.so", format = "sdist" }]
 
 
 [tool.cibuildwheel]
@@ -391,7 +344,7 @@ skip = "cp36* cp37* cp38* pp37* pp38* *-musllinux_i686 pp*aarch64 *-musllinux_aa
 # We temporarily pin Rust to 1.82.0 to work around
 # https://github.com/element-hq/synapse/issues/17988
 before-all = "curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.82.0 -y --profile minimal"
-environment= { PATH = "$PATH:$HOME/.cargo/bin" }
+environment = { PATH = "$PATH:$HOME/.cargo/bin" }
 
 # For some reason if we don't manually clean the build directory we
 # can end up polluting the next build with a .so that is for the wrong