pkgs/development/python-modules/pyopenssl/default.nix at 20.09 · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / python-modules / pyopenssl / default.nix
at 20.09 3.3 kB view raw
  1{ stdenv
  2, buildPythonPackage
  3, fetchPypi
  4, openssl
  5, cryptography
  6, pyasn1
  7, idna
  8, pytest
  9, pretend
 10, flaky
 11, glibcLocales
 12, six
 13, fetchpatch
 14}:
 15
 16with stdenv.lib;
 17
 18
 19let
 20  # https://github.com/pyca/pyopenssl/issues/791
 21  # These tests, we disable in the case that libressl is passed in as openssl.
 22  failingLibresslTests = [
 23    "test_op_no_compression"
 24    "test_npn_advertise_error"
 25    "test_npn_select_error"
 26    "test_npn_client_fail"
 27    "test_npn_success"
 28    "test_use_certificate_chain_file_unicode"
 29    "test_use_certificate_chain_file_bytes"
 30    "test_add_extra_chain_cert"
 31    "test_set_session_id_fail"
 32    "test_verify_with_revoked"
 33    "test_set_notAfter"
 34    "test_set_notBefore"
 35  ];
 36
 37  # these tests are extremely tightly wed to the exact output of the openssl cli tool,
 38  # including exact punctuation.
 39  failingOpenSSL_1_1Tests = [
 40    "test_dump_certificate"
 41    "test_dump_privatekey_text"
 42    "test_dump_certificate_request"
 43    "test_export_text"
 44  ];
 45
 46  disabledTests = [
 47    # https://github.com/pyca/pyopenssl/issues/692
 48    # These tests, we disable always.
 49    "test_set_default_verify_paths"
 50    "test_fallback_default_verify_paths"
 51    # https://github.com/pyca/pyopenssl/issues/768
 52    "test_wantWriteError"
 53  ] ++ (
 54    optionals (hasPrefix "libressl" openssl.meta.name) failingLibresslTests
 55  ) ++ (
 56    optionals (versionAtLeast (getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests
 57  );
 58
 59  # Compose the final string expression, including the "-k" and the single quotes.
 60  testExpression = optionalString (disabledTests != [])
 61    "-k 'not ${concatStringsSep " and not " disabledTests}'";
 62
 63in
 64
 65
 66buildPythonPackage rec {
 67  pname = "pyOpenSSL";
 68  version = "19.1.0";
 69
 70  src = fetchPypi {
 71    inherit pname version;
 72    sha256 = "9a24494b2602aaf402be5c9e30a0b82d4a5c67528fe8fb475e3f3bc00dd69507";
 73  };
 74
 75  outputs = [ "out" "dev" ];
 76
 77  checkPhase = ''
 78    runHook preCheck
 79    export LANG="en_US.UTF-8"
 80    py.test tests ${testExpression}
 81    runHook postCheck
 82  '';
 83
 84  patches = [
 85    # 4 patches for 2020 bug
 86    # https://github.com/pyca/pyopenssl/pull/828
 87    (fetchpatch {
 88      url = "https://github.com/pyca/pyopenssl/commit/0d2fd1a24b30077ead6960bd63b4a9893a57c101.patch";
 89      sha256 = "1c27g53qrwxddyx04sxf8yvj7xgbaabla7mc1cgbfd426rncbqf3";
 90    })
 91    (fetchpatch {
 92      url = "https://github.com/pyca/pyopenssl/commit/d08a742573c3205348a4eec9a65abaf6c16110c4.patch";
 93      sha256 = "18xn8s1wpycz575ivrbsbs0qd2q48z8pdzsjzh8i60xba3f8yj2f";
 94    })
 95    (fetchpatch {
 96      url = "https://github.com/pyca/pyopenssl/commit/60b9e10e6da7ccafaf722def630285f54510ed12.patch";
 97      sha256 = "0aw8qvy8m0bhgp39lmbcrpprpg4bhpssm327hyrk476wwgajk01j";
 98    })
 99    (fetchpatch {
100      url = "https://github.com/pyca/pyopenssl/commit/7a37cc23fcbe43abe785cd4badd14bdc7acfb175.patch";
101      sha256 = "1c7zb568rs71rsl16p6dq7aixwlkgzfnba4vzmfvbmy3zsnaslq2";
102    })
103  ];
104
105  # Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1
106  # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
107  doCheck = !stdenv.isDarwin;
108
109  nativeBuildInputs = [ openssl ];
110  propagatedBuildInputs = [ cryptography pyasn1 idna six ];
111
112  checkInputs = [ pytest pretend flaky glibcLocales ];
113}