pkgs/development/python-modules/pyopenssl/default.nix at 21.05 · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / python-modules / pyopenssl / default.nix
at 21.05 93 lines 2.5 kB view raw
 1{ lib
 2, stdenv
 3, buildPythonPackage
 4, fetchPypi
 5, openssl
 6, cryptography
 7, pyasn1
 8, idna
 9, pytest
10, pretend
11, flaky
12, glibcLocales
13, six
14, fetchpatch
15}:
16
17let
18  # https://github.com/pyca/pyopenssl/issues/791
19  # These tests, we disable in the case that libressl is passed in as openssl.
20  failingLibresslTests = [
21    "test_op_no_compression"
22    "test_npn_advertise_error"
23    "test_npn_select_error"
24    "test_npn_client_fail"
25    "test_npn_success"
26    "test_use_certificate_chain_file_unicode"
27    "test_use_certificate_chain_file_bytes"
28    "test_add_extra_chain_cert"
29    "test_set_session_id_fail"
30    "test_verify_with_revoked"
31    "test_set_notAfter"
32    "test_set_notBefore"
33  ];
34
35  # these tests are extremely tightly wed to the exact output of the openssl cli tool,
36  # including exact punctuation.
37  failingOpenSSL_1_1Tests = [
38    "test_dump_certificate"
39    "test_dump_privatekey_text"
40    "test_dump_certificate_request"
41    "test_export_text"
42  ];
43
44  disabledTests = [
45    # https://github.com/pyca/pyopenssl/issues/692
46    # These tests, we disable always.
47    "test_set_default_verify_paths"
48    "test_fallback_default_verify_paths"
49    # https://github.com/pyca/pyopenssl/issues/768
50    "test_wantWriteError"
51  ] ++ (
52    lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) failingLibresslTests
53  ) ++ (
54    lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests
55  ) ++ (
56    # https://github.com/pyca/pyopenssl/issues/974
57    lib.optionals stdenv.is32bit [ "test_verify_with_time" ]
58  );
59
60  # Compose the final string expression, including the "-k" and the single quotes.
61  testExpression = lib.optionalString (disabledTests != [])
62    "-k 'not ${lib.concatStringsSep " and not " disabledTests}'";
63
64in
65
66buildPythonPackage rec {
67  pname = "pyopenssl";
68  version = "20.0.1";
69
70  src = fetchPypi {
71    pname = "pyOpenSSL";
72    inherit version;
73    sha256 = "4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51";
74  };
75
76  outputs = [ "out" "dev" ];
77
78  checkPhase = ''
79    runHook preCheck
80    export LANG="en_US.UTF-8"
81    py.test tests ${testExpression}
82    runHook postCheck
83  '';
84
85  # Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1
86  # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
87  doCheck = !stdenv.isDarwin;
88
89  nativeBuildInputs = [ openssl ];
90  propagatedBuildInputs = [ cryptography pyasn1 idna six ];
91
92  checkInputs = [ pytest pretend flaky glibcLocales ];
93}