pkgs/development/python-modules/nassl/default.nix at 20.09 · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / python-modules / nassl / default.nix
at 20.09 3.3 kB view raw
  1{ lib
  2, fetchFromGitHub
  3, fetchurl
  4, buildPythonPackage
  5, pkgsStatic
  6, openssl
  7, invoke
  8, pytest
  9, tls-parser
 10, cacert
 11}:
 12
 13let
 14  zlibStatic = pkgsStatic.zlib;
 15  nasslOpensslArgs = {
 16    static = true;
 17    enableSSL2 = true;
 18  };
 19  nasslOpensslFlagsCommon = [
 20    "zlib"
 21    "no-zlib-dynamic"
 22    "no-shared"
 23    "--with-zlib-lib=${zlibStatic.out}/lib"
 24    "--with-zlib-include=${zlibStatic.out.dev}/include"
 25    "enable-rc5"
 26    "enable-md2"
 27    "enable-gost"
 28    "enable-cast"
 29    "enable-idea"
 30    "enable-ripemd"
 31    "enable-mdc2"
 32    "-fPIC"
 33  ];
 34  opensslStatic = (openssl.override nasslOpensslArgs).overrideAttrs (
 35    oldAttrs: rec {
 36      name = "openssl-${version}";
 37      version = "1.1.1";
 38      src = fetchurl {
 39        url = "https://www.openssl.org/source/${name}.tar.gz";
 40        sha256 = "0gbab2fjgms1kx5xjvqx8bxhr98k4r8l2fa8vw7kvh491xd8fdi8";
 41      };
 42      configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon ++ [
 43        "enable-weak-ssl-ciphers"
 44        "enable-tls1_3"
 45        "no-async"
 46      ];
 47      patches = [ ./nix-ssl-cert-file.patch ];
 48      buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ];
 49    }
 50  );
 51  opensslLegacyStatic = (openssl.override nasslOpensslArgs).overrideAttrs (
 52    oldAttrs: rec {
 53      name = "openssl-${version}";
 54      version = "1.0.2e";
 55      src = fetchurl {
 56        url = "https://www.openssl.org/source/${name}.tar.gz";
 57        sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72";
 58      };
 59      configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon;
 60      patches = [ ];
 61      buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ];
 62      # openssl_1_0_2 needs `withDocs = false`
 63      outputs = lib.remove "doc" oldAttrs.outputs;
 64    }
 65  );
 66in
 67buildPythonPackage rec {
 68  pname = "nassl";
 69  version = "3.0.0";
 70
 71  src = fetchFromGitHub {
 72    owner = "nabla-c0d3";
 73    repo = pname;
 74    rev = version;
 75    sha256 = "1dhgkpldadq9hg5isb6mrab7z80sy5bvzad2fb54pihnknfwhp8z";
 76  };
 77
 78  postPatch = ''
 79    mkdir -p deps/openssl-OpenSSL_1_0_2e/
 80    cp ${opensslLegacyStatic.out}/lib/libssl.a \
 81      ${opensslLegacyStatic.out}/lib/libcrypto.a \
 82      deps/openssl-OpenSSL_1_0_2e/
 83    ln -s ${opensslLegacyStatic.out.dev}/include deps/openssl-OpenSSL_1_0_2e/include
 84    ln -s ${opensslLegacyStatic.bin}/bin deps/openssl-OpenSSL_1_0_2e/apps
 85
 86    mkdir -p deps/openssl-OpenSSL_1_1_1/
 87    cp ${opensslStatic.out}/lib/libssl.a \
 88      ${opensslStatic.out}/lib/libcrypto.a \
 89      deps/openssl-OpenSSL_1_1_1/
 90    ln -s ${opensslStatic.out.dev}/include deps/openssl-OpenSSL_1_1_1/include
 91    ln -s ${opensslStatic.bin}/bin deps/openssl-OpenSSL_1_1_1/apps
 92
 93    mkdir -p deps/zlib-1.2.11/
 94    cp ${zlibStatic.out}/lib/libz.a deps/zlib-1.2.11/
 95  '';
 96
 97  propagatedBuildInputs = [ tls-parser ];
 98
 99  nativeBuildInputs = [ invoke ];
100
101  buildPhase = ''
102    invoke build.nassl
103    invoke package.wheel
104  '';
105
106  checkInputs = [ pytest ];
107
108  checkPhase = ''
109    # Skip online tests
110    pytest -k 'not Online'
111  '';
112
113  meta = with lib; {
114    homepage = "https://github.com/nabla-c0d3/nassl";
115    description = "Low-level OpenSSL wrapper for Python 3.7+";
116    platforms = with platforms; linux ++ darwin;
117    license = licenses.agpl3;
118    maintainers = with maintainers; [ veehaitch ];
119  };
120}