tjh.dev
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
1{ lib
2, stdenv
3, buildPythonPackage
4, fetchPypi
5, isPy3k
6, cryptography
7, futures ? null
8, pyopenssl
9, service-identity
10, pytestCheckHook
11, idna
12}:
13
14buildPythonPackage rec {
15 pname = "trustme";
16 version = "0.9.0";
17
18 src = fetchPypi {
19 inherit pname version;
20 sha256 = "sha256-XgeyPXDO7WTzuzauS5q8UjVMFsmNRasDe+4rX7/+WGw=";
21 };
22
23 checkInputs = [
24 service-identity
25 pytestCheckHook
26 ] ++ lib.optionals (!stdenv.isDarwin || !stdenv.isAarch64) [
27 pyopenssl
28 ];
29
30 propagatedBuildInputs = [
31 cryptography
32 idna
33 ] ++ lib.optionals (!isPy3k) [
34 futures
35 ];
36
37 # aarch64-darwin forbids W+X memory, but this tests depends on it:
38 # * https://github.com/pyca/pyopenssl/issues/873
39 disabledTests = lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [
40 "test_pyopenssl_end_to_end"
41 ];
42
43 postPatch = lib.optionalString (stdenv.isDarwin && stdenv.isAarch64) ''
44 substituteInPlace "tests/test_trustme.py" \
45 --replace "import OpenSSL.SSL" ""
46 '';
47
48 # Some of the tests use localhost networking.
49 __darwinAllowLocalNetworking = true;
50
51 pythonImportsCheck = [ "trustme" ];
52
53 meta = with lib; {
54 description = "High quality TLS certs while you wait, for the discerning tester";
55 homepage = "https://github.com/python-trio/trustme";
56 license = with licenses; [ mit asl20 ];
57 maintainers = with maintainers; [ catern ];
58 };
59}