tjh.dev
1{
2 lib,
3 appdirs,
4 buildPythonPackage,
5 cryptography,
6 fetchFromGitHub,
7 flit-core,
8 id,
9 importlib-resources,
10 pretend,
11 pydantic,
12 pyjwt,
13 pyopenssl,
14 pytestCheckHook,
15 pythonOlder,
16 requests,
17 rich,
18 securesystemslib,
19 sigstore-protobuf-specs,
20 sigstore-rekor-types,
21 tuf,
22}:
23
24buildPythonPackage rec {
25 pname = "sigstore-python";
26 version = "2.1.5";
27 pyproject = true;
28
29 disabled = pythonOlder "3.8";
30
31 src = fetchFromGitHub {
32 owner = "sigstore";
33 repo = "sigstore-python";
34 rev = "refs/tags/v${version}";
35 hash = "sha256-lqmrM4r1yPVCcvWNC9CKYMyryuIyliI2Y+TAYgAwA1Y=";
36 };
37
38 build-system = [ flit-core ];
39
40 dependencies = [
41 appdirs
42 cryptography
43 id
44 importlib-resources
45 pydantic
46 pyjwt
47 pyopenssl
48 requests
49 rich
50 securesystemslib
51 sigstore-protobuf-specs
52 sigstore-rekor-types
53 tuf
54 ];
55
56 nativeCheckInputs = [
57 pretend
58 pytestCheckHook
59 ];
60
61 preCheck = ''
62 export HOME=$(mktemp -d)
63 '';
64
65 pythonImportsCheck = [ "sigstore" ];
66
67 disabledTests = [
68 # Tests require network access
69 "test_fail_init_url"
70 "test_get_identity_token_bad_code"
71 "test_identity_proof_claim_lookup"
72 "test_init_url"
73 "test_production"
74 "test_sct_verify_keyring"
75 "test_sign_rekor_entry_consistent"
76 "test_verification_materials_retrieves_rekor_entry"
77 "test_verifier"
78 ];
79
80 meta = with lib; {
81 description = "Codesigning tool for Python packages";
82 homepage = "https://github.com/sigstore/sigstore-python";
83 changelog = "https://github.com/sigstore/sigstore-python/blob/${version}/CHANGELOG.md";
84 license = licenses.asl20;
85 maintainers = [ ];
86 mainProgram = "sigstore";
87 };
88}