pkgs/development/python-modules/cryptography/default.nix at 21.05 · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / python-modules / cryptography / default.nix
at 21.05 103 lines 2.6 kB view raw
  1{ lib, stdenv
  2, buildPythonPackage
  3, fetchPypi
  4, fetchpatch
  5, rustPlatform
  6, setuptools-rust
  7, openssl
  8, cryptography_vectors
  9, darwin
 10, packaging
 11, six
 12, pythonOlder
 13, isPyPy
 14, cffi
 15, pytest
 16, pytest-subtests
 17, pretend
 18, libiconv
 19, iso8601
 20, pytz
 21, hypothesis
 22}:
 23
 24buildPythonPackage rec {
 25  pname = "cryptography";
 26  version = "3.4.7"; # Also update the hash in vectors.nix
 27
 28  src = fetchPypi {
 29    inherit pname version;
 30    sha256 = "04x7bhjkglxpllad10821vxddlmxdkd3gjvp35iljmnj2s0xw41x";
 31  };
 32
 33  cargoDeps = rustPlatform.fetchCargoTarball {
 34    inherit src;
 35    sourceRoot = "${pname}-${version}/${cargoRoot}";
 36    name = "${pname}-${version}";
 37    sha256 = "1m6smky4nahwlp4hn6yzibrcxlbsw4nx162dsq48vlw8h1lgjl62";
 38  };
 39
 40  cargoRoot = "src/rust";
 41
 42  outputs = [ "out" "dev" ];
 43
 44  nativeBuildInputs = lib.optionals (!isPyPy) [
 45    cffi
 46  ] ++ [
 47    rustPlatform.cargoSetupHook
 48    setuptools-rust
 49  ] ++ (with rustPlatform; [ rust.cargo rust.rustc ]);
 50
 51  buildInputs = [ openssl ]
 52             ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security libiconv ];
 53  propagatedBuildInputs = [
 54    packaging
 55    six
 56  ] ++ lib.optionals (!isPyPy) [
 57    cffi
 58  ];
 59
 60  checkInputs = [
 61    cryptography_vectors
 62    hypothesis
 63    iso8601
 64    pretend
 65    pytest
 66    pytest-subtests
 67    pytz
 68  ];
 69
 70  pytestFlags = lib.concatStringsSep " " ([
 71    "--disable-pytest-warnings"
 72  ] ++
 73    lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [
 74      # aarch64-darwin forbids W+X memory, but this tests depends on it:
 75      # * https://cffi.readthedocs.io/en/latest/using.html#callbacks
 76      "--ignore=tests/hazmat/backends/test_openssl_memleak.py"
 77    ]
 78  );
 79
 80  checkPhase = ''
 81    py.test ${pytestFlags} tests
 82  '';
 83
 84  # IOKit's dependencies are inconsistent between OSX versions, so this is the best we
 85  # can do until nix 1.11's release
 86  __impureHostDeps = [ "/usr/lib" ];
 87
 88  meta = with lib; {
 89    description = "A package which provides cryptographic recipes and primitives";
 90    longDescription = ''
 91      Cryptography includes both high level recipes and low level interfaces to
 92      common cryptographic algorithms such as symmetric ciphers, message
 93      digests, and key derivation functions.
 94      Our goal is for it to be your "cryptographic standard library". It
 95      supports Python 2.7, Python 3.5+, and PyPy 5.4+.
 96    '';
 97    homepage = "https://github.com/pyca/cryptography";
 98    changelog = "https://cryptography.io/en/latest/changelog/#v"
 99      + replaceStrings [ "." ] [ "-" ] version;
100    license = with licenses; [ asl20 bsd3 psfl ];
101    maintainers = with maintainers; [ primeos ];
102  };
103}