pyrox.dev
1{
2 lib,
3 asn1crypto,
4 azure-identity,
5 azure-keyvault-keys,
6 boto3,
7 botocore,
8 buildPythonPackage,
9 cryptography,
10 ed25519,
11 fetchFromGitHub,
12 google-cloud-kms,
13 hatchling,
14 pynacl,
15 pyspx,
16 pytestCheckHook,
17 pythonOlder,
18}:
19
20buildPythonPackage rec {
21 pname = "securesystemslib";
22 version = "1.3.0";
23 pyproject = true;
24
25 disabled = pythonOlder "3.8";
26
27 src = fetchFromGitHub {
28 owner = "secure-systems-lab";
29 repo = "securesystemslib";
30 tag = "v${version}";
31 hash = "sha256-XONgT0qE6SHgHULCnjI9JvqKN1SAnr/Xw/nfeGUwYjs=";
32 };
33
34 build-system = [ hatchling ];
35
36 optional-dependencies = {
37 PySPX = [ pyspx ];
38 awskms = [
39 boto3
40 botocore
41 cryptography
42 ];
43 azurekms = [
44 azure-identity
45 azure-keyvault-keys
46 cryptography
47 ];
48 crypto = [ cryptography ];
49 gcpkms = [
50 cryptography
51 google-cloud-kms
52 ];
53 hsm = [
54 asn1crypto
55 cryptography
56 # pykcs11
57 ];
58 pynacl = [ pynacl ];
59 # Circular dependency
60 # sigstore = [
61 # sigstore
62 # ];
63 };
64
65 nativeCheckInputs = [
66 ed25519
67 pytestCheckHook
68 ] ++ lib.flatten (builtins.attrValues optional-dependencies);
69
70 pythonImportsCheck = [ "securesystemslib" ];
71
72 disabledTestPaths = [
73 # pykcs11 is not available
74 "tests/test_hsm_signer.py"
75 # Ignore vendorized tests
76 "securesystemslib/_vendor/"
77 ];
78
79 meta = with lib; {
80 description = "Cryptographic and general-purpose routines";
81 homepage = "https://github.com/secure-systems-lab/securesystemslib";
82 changelog = "https://github.com/secure-systems-lab/securesystemslib/blob/${src.tag}/CHANGELOG.md";
83 license = licenses.mit;
84 maintainers = with maintainers; [ fab ];
85 };
86}