pkgs/development/python-modules/cryptography/default.nix at 23.05 · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / python-modules / cryptography / default.nix
at 23.05 115 lines 2.8 kB view raw
  1{ lib
  2, stdenv
  3, callPackage
  4, buildPythonPackage
  5, fetchPypi
  6, rustPlatform
  7, cargo
  8, rustc
  9, setuptools-rust
 10, openssl
 11, Security
 12, packaging
 13, six
 14, isPyPy
 15, cffi
 16, pkg-config
 17, pytestCheckHook
 18, pytest-subtests
 19, pythonOlder
 20, pretend
 21, libiconv
 22, libxcrypt
 23, iso8601
 24, py
 25, pytz
 26, hypothesis
 27}:
 28
 29let
 30  cryptography-vectors = callPackage ./vectors.nix { };
 31in
 32buildPythonPackage rec {
 33  pname = "cryptography";
 34  version = "40.0.1"; # Also update the hash in vectors.nix
 35  format = "setuptools";
 36  disabled = pythonOlder "3.6";
 37
 38  src = fetchPypi {
 39    inherit pname version;
 40    hash = "sha256-KAPy+LHpX2FEGZJsfm9V2CivxhTKXtYVQ4d65mjMNHI=";
 41  };
 42
 43  cargoDeps = rustPlatform.fetchCargoTarball {
 44    inherit src;
 45    sourceRoot = "${pname}-${version}/${cargoRoot}";
 46    name = "${pname}-${version}";
 47    hash = "sha256-gFfDTc2QWBWHBCycVH1dYlCsWQMVcRZfOBIau+njtDU=";
 48  };
 49
 50  postPatch = ''
 51    substituteInPlace pyproject.toml \
 52      --replace "--benchmark-disable" ""
 53  '';
 54
 55  cargoRoot = "src/rust";
 56
 57  nativeBuildInputs = lib.optionals (!isPyPy) [
 58    cffi
 59    pkg-config
 60  ] ++ [
 61    rustPlatform.cargoSetupHook
 62    setuptools-rust
 63    cargo
 64    rustc
 65  ];
 66
 67  buildInputs = [ openssl ]
 68    ++ lib.optionals stdenv.isDarwin [ Security libiconv ]
 69    ++ lib.optionals (pythonOlder "3.9") [ libxcrypt ];
 70
 71  propagatedBuildInputs = lib.optionals (!isPyPy) [
 72    cffi
 73  ];
 74
 75  nativeCheckInputs = [
 76    cryptography-vectors
 77    # "hypothesis" indirectly depends on cryptography to build its documentation
 78    (hypothesis.override { enableDocumentation = false; })
 79    iso8601
 80    pretend
 81    py
 82    pytestCheckHook
 83    pytest-subtests
 84    pytz
 85  ];
 86
 87  pytestFlagsArray = [
 88    "--disable-pytest-warnings"
 89  ];
 90
 91  disabledTestPaths = [
 92    # save compute time by not running benchmarks
 93    "tests/bench"
 94  ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [
 95    # aarch64-darwin forbids W+X memory, but this tests depends on it:
 96    # * https://cffi.readthedocs.io/en/latest/using.html#callbacks
 97    "tests/hazmat/backends/test_openssl_memleak.py"
 98  ];
 99
100  meta = with lib; {
101    description = "A package which provides cryptographic recipes and primitives";
102    longDescription = ''
103      Cryptography includes both high level recipes and low level interfaces to
104      common cryptographic algorithms such as symmetric ciphers, message
105      digests, and key derivation functions.
106      Our goal is for it to be your "cryptographic standard library". It
107      supports Python 2.7, Python 3.5+, and PyPy 5.4+.
108    '';
109    homepage = "https://github.com/pyca/cryptography";
110    changelog = "https://cryptography.io/en/latest/changelog/#v"
111      + replaceStrings [ "." ] [ "-" ] version;
112    license = with licenses; [ asl20 bsd3 psfl ];
113    maintainers = with maintainers; [ SuperSandro2000 ];
114  };
115}