pkgs/development/python-modules/nassl/default.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / development / python-modules / nassl / default.nix
at 22.05-pre 4.4 kB view raw
  1{ lib
  2, fetchFromGitHub
  3, fetchurl
  4, buildPythonPackage
  5, pkgsStatic
  6, openssl_1_1
  7, openssl_1_0_2
  8, invoke
  9, tls-parser
 10, cacert
 11, pytestCheckHook
 12, pythonOlder
 13}:
 14
 15let
 16  zlibStatic = (pkgsStatic.zlib.override {
 17    splitStaticOutput = false;
 18  }).overrideAttrs (oldAttrs: {
 19    NIX_CFLAGS_COMPILE = "${oldAttrs.NIX_CFLAGS_COMPILE} -fPIC";
 20  });
 21  nasslOpensslArgs = {
 22    static = true;
 23    enableSSL2 = true;
 24  };
 25  nasslOpensslFlagsCommon = [
 26    "zlib"
 27    "no-zlib-dynamic"
 28    "no-shared"
 29    "--with-zlib-lib=${zlibStatic.out}/lib"
 30    "--with-zlib-include=${zlibStatic.out.dev}/include"
 31    "enable-rc5"
 32    "enable-md2"
 33    "enable-gost"
 34    "enable-cast"
 35    "enable-idea"
 36    "enable-ripemd"
 37    "enable-mdc2"
 38    "-fPIC"
 39  ];
 40  opensslStatic = (openssl_1_1.override nasslOpensslArgs).overrideAttrs (
 41    oldAttrs: rec {
 42      name = "openssl-${version}";
 43      version = "1.1.1h";
 44      src = fetchurl {
 45        url = "https://www.openssl.org/source/${name}.tar.gz";
 46        sha256 = "1ncmcnh5bmxkwrvm0m1q4kdcjjfpwvlyjspjhibkxc6p9dvsi72w";
 47      };
 48      configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon ++ [
 49        "enable-weak-ssl-ciphers"
 50        "enable-tls1_3"
 51        "no-async"
 52      ];
 53      patches = builtins.filter (
 54        p: (builtins.baseNameOf (toString p)) != "macos-yosemite-compat.patch"
 55      ) oldAttrs.patches;
 56      buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ];
 57      meta = oldAttrs.meta // {
 58        knownVulnerabilities = [
 59          "CVE-2020-1971"
 60          "CVE-2021-23840"
 61          "CVE-2021-23841"
 62          "CVE-2021-3449"
 63          "CVE-2021-3450"
 64          "CVE-2021-3711"
 65          "CVE-2021-3712"
 66        ];
 67      };
 68    }
 69  );
 70  opensslLegacyStatic = (openssl_1_0_2.override nasslOpensslArgs).overrideAttrs (
 71    oldAttrs: rec {
 72      name = "openssl-${version}";
 73      version = "1.0.2e";
 74      src = fetchurl {
 75        url = "https://www.openssl.org/source/${name}.tar.gz";
 76        sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72";
 77      };
 78      configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon;
 79      patches = builtins.filter (
 80        p: (builtins.baseNameOf (toString p)) == "darwin64-arm64.patch"
 81      ) oldAttrs.patches;
 82      buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ];
 83      # openssl_1_0_2 needs `withDocs = false`
 84      outputs = lib.remove "doc" oldAttrs.outputs;
 85    }
 86  );
 87in
 88buildPythonPackage rec {
 89  pname = "nassl";
 90  version = "4.0.1";
 91  disabled = pythonOlder "3.7";
 92
 93  src = fetchFromGitHub {
 94    owner = "nabla-c0d3";
 95    repo = pname;
 96    rev = version;
 97    hash = "sha256-QzO7ABh2weBO6NVFIj7kZpS8ashbDGompuvdKteJeUc=";
 98  };
 99
100  postPatch = let
101    legacyOpenSSLVersion = lib.replaceStrings ["."] ["_"] opensslLegacyStatic.version;
102    modernOpenSSLVersion = lib.replaceStrings ["."] ["_"] opensslStatic.version;
103    zlibVersion = zlibStatic.version;
104  in ''
105    mkdir -p deps/openssl-OpenSSL_${legacyOpenSSLVersion}/
106    cp ${opensslLegacyStatic.out}/lib/libssl.a \
107      ${opensslLegacyStatic.out}/lib/libcrypto.a \
108      deps/openssl-OpenSSL_${legacyOpenSSLVersion}/
109    ln -s ${opensslLegacyStatic.out.dev}/include deps/openssl-OpenSSL_${legacyOpenSSLVersion}/include
110    ln -s ${opensslLegacyStatic.bin}/bin deps/openssl-OpenSSL_${legacyOpenSSLVersion}/apps
111
112    mkdir -p deps/openssl-OpenSSL_${modernOpenSSLVersion}/
113    cp ${opensslStatic.out}/lib/libssl.a \
114      ${opensslStatic.out}/lib/libcrypto.a \
115      deps/openssl-OpenSSL_${modernOpenSSLVersion}/
116    ln -s ${opensslStatic.out.dev}/include deps/openssl-OpenSSL_${modernOpenSSLVersion}/include
117    ln -s ${opensslStatic.bin}/bin deps/openssl-OpenSSL_${modernOpenSSLVersion}/apps
118
119    mkdir -p deps/zlib-${zlibVersion}/
120    cp ${zlibStatic.out}/lib/libz.a deps/zlib-${zlibVersion}/
121  '';
122
123  propagatedBuildInputs = [ tls-parser ];
124
125  nativeBuildInputs = [ invoke ];
126
127  buildPhase = ''
128    invoke build.nassl
129    invoke package.wheel
130  '';
131
132  doCheck = true;
133
134  pythonImportsCheck = [ "nassl" ];
135
136  checkInputs = [ pytestCheckHook ];
137
138  disabledTests = [
139    "Online"
140  ];
141
142  meta = with lib; {
143    homepage = "https://github.com/nabla-c0d3/nassl";
144    description = "Low-level OpenSSL wrapper for Python 3.7+";
145    platforms = with platforms; linux ++ darwin;
146    license = licenses.agpl3Only;
147    maintainers = with maintainers; [ veehaitch ];
148  };
149}