pyrox.dev
1{ stdenv
2, buildPythonPackage
3, fetchPypi
4, openssl
5, cryptography_vectors
6, darwin
7, idna
8, asn1crypto
9, packaging
10, six
11, pythonOlder
12, enum34
13, ipaddress
14, isPyPy
15, cffi
16, pytest
17, pretend
18, iso8601
19, pytz
20, hypothesis
21}:
22
23let
24 version = "2.1.4";
25in assert version == cryptography_vectors.version; buildPythonPackage rec {
26 # also bump cryptography_vectors
27 pname = "cryptography";
28 inherit version;
29
30 src = fetchPypi {
31 inherit pname version;
32 sha256 = "e4d967371c5b6b2e67855066471d844c5d52d210c36c28d49a8507b96e2c5291";
33 };
34
35 outputs = [ "out" "dev" ];
36
37 buildInputs = [ openssl cryptography_vectors ]
38 ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
39 propagatedBuildInputs = [
40 idna
41 asn1crypto
42 packaging
43 six
44 ] ++ stdenv.lib.optional (pythonOlder "3.4") enum34
45 ++ stdenv.lib.optional (pythonOlder "3.3") ipaddress
46 ++ stdenv.lib.optional (!isPyPy) cffi;
47
48 checkInputs = [
49 pytest
50 pretend
51 iso8601
52 pytz
53 hypothesis
54 ];
55
56 # The test assumes that if we're on Sierra or higher, that we use `getentropy`, but for binary
57 # compatibility with pre-Sierra for binary caches, we hide that symbol so the library doesn't
58 # use it. This boils down to them checking compatibility with `getentropy` in two different places,
59 # so let's neuter the second test.
60 postPatch = ''
61 substituteInPlace ./tests/hazmat/backends/test_openssl.py --replace '"16.0"' '"99.0"'
62 '';
63
64 # IOKit's dependencies are inconsistent between OSX versions, so this is the best we
65 # can do until nix 1.11's release
66 __impureHostDeps = [ "/usr/lib" ];
67}