tjh.dev
1{
2 lib,
3 asn1crypto,
4 azure-identity,
5 azure-keyvault-keys,
6 boto3,
7 botocore,
8 buildPythonPackage,
9 cryptography,
10 ed25519,
11 fetchFromGitHub,
12 google-cloud-kms,
13 hatchling,
14 pynacl,
15 pyspx,
16 pytestCheckHook,
17 pythonOlder,
18}:
19
20buildPythonPackage rec {
21 pname = "securesystemslib";
22 version = "0.31.0";
23 pyproject = true;
24
25 disabled = pythonOlder "3.8";
26
27 src = fetchFromGitHub {
28 owner = "secure-systems-lab";
29 repo = "securesystemslib";
30 rev = "refs/tags/v${version}";
31 hash = "sha256-REi38rIVZmWawFGcrPl9QzSthW4jHZDr/0ug7kJRz3Y=";
32 };
33
34 postPatch = ''
35 substituteInPlace pyproject.toml \
36 --replace-fail "hatchling==1.18.0" "hatchling"
37 '';
38
39 nativeBuildInputs = [ hatchling ];
40
41 passthru.optional-dependencies = {
42 PySPX = [ pyspx ];
43 awskms = [
44 boto3
45 botocore
46 cryptography
47 ];
48 azurekms = [
49 azure-identity
50 azure-keyvault-keys
51 cryptography
52 ];
53 crypto = [ cryptography ];
54 gcpkms = [
55 cryptography
56 google-cloud-kms
57 ];
58 hsm = [
59 asn1crypto
60 cryptography
61 # pykcs11
62 ];
63 pynacl = [ pynacl ];
64 # Circular dependency
65 # sigstore = [
66 # sigstore
67 # ];
68 };
69
70 nativeCheckInputs = [
71 ed25519
72 pytestCheckHook
73 ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies);
74
75 pythonImportsCheck = [ "securesystemslib" ];
76
77 disabledTestPaths = [
78 # pykcs11 is not available
79 "tests/test_hsm_signer.py"
80 # Ignore vendorized tests
81 "securesystemslib/_vendor/"
82 ];
83
84 meta = with lib; {
85 description = "Cryptographic and general-purpose routines";
86 homepage = "https://github.com/secure-systems-lab/securesystemslib";
87 changelog = "https://github.com/secure-systems-lab/securesystemslib/blob/v${version}/CHANGELOG.md";
88 license = licenses.mit;
89 maintainers = with maintainers; [ fab ];
90 };
91}