pkgs/development/python-modules/tpm2-pytss/default.nix at github-to-sqlite-beautifulsoup4 · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / python-modules / tpm2-pytss / default.nix
at github-to-sqlite-beautifulsoup4 2.8 kB view raw
  1{ lib
  2, buildPythonPackage
  3, fetchPypi
  4, fetchpatch
  5, pythonOlder
  6, asn1crypto
  7, cffi
  8, cryptography
  9, pkgconfig # see nativeBuildInputs
 10, pkg-config # see nativeBuildInputs
 11, pycparser
 12, pytestCheckHook
 13, python
 14, pyyaml
 15, setuptools-scm
 16, tpm2-tss
 17, tpm2-tools
 18, swtpm
 19}:
 20
 21buildPythonPackage rec {
 22  pname = "tpm2-pytss";
 23  version = "2.1.0";
 24  format = "setuptools";
 25
 26  disabled = pythonOlder "3.7";
 27
 28  src = fetchPypi {
 29    inherit pname version;
 30    hash = "sha256-W1tLFFb9wa7vPSw5cL6qB4yPfyZIyXppvPYMWi+VyJc=";
 31  };
 32
 33  patches = [
 34    # This patches the call to the C preprocessor not to include types
 35    # pycparser does not handle.
 36    # `hardeningDisable = [ "fortify" ]` would have the same effect but
 37    # would also disable hardening from generated FFI objects.
 38    #
 39    # backport of https://github.com/tpm2-software/tpm2-pytss/pull/523
 40    (fetchpatch {
 41      url = "https://github.com/baloo/tpm2-pytss/commit/099c069f28cfcd0a3019adebfeafa976f9395221.patch";
 42      sha256 = "sha256-wU2WfLYFDmkhGzYornZ386tB3zb3GYfGOTc+/QOFb1o=";
 43    })
 44
 45    # Lookup tcti via getinfo not system's ld_library_path
 46    # https://github.com/tpm2-software/tpm2-pytss/pull/525
 47    (fetchpatch {
 48      url = "https://github.com/tpm2-software/tpm2-pytss/commit/97289a08ddf44f7bdccdd122d6055c69e12dc584.patch";
 49      sha256 = "sha256-VFq3Hv4I8U8ifP/aSjyu0BiW/4jfPlRDKqRcqUGw6UQ=";
 50    })
 51
 52    (fetchpatch {
 53      name = "test-new-cryptography.patch";
 54      url = "https://github.com/tpm2-software/tpm2-pytss/commit/e4006e6066c015d9ed55befa9b98247fbdcafd7d.diff";
 55      sha256 = "sha256-Wxe9u7Cvv2vKMGTcK3X8W1Mq/nCt70zrzWUKA+83Sas=";
 56    })
 57
 58    # Fix hardcoded `fapi-config.json` configuration path
 59    ./fapi-config.patch
 60  ];
 61
 62  postPatch = ''
 63    sed -i "s#@TPM2_TSS@#${tpm2-tss.out}#" src/tpm2_pytss/FAPI.py
 64  '';
 65
 66  # Hardening has to be disabled
 67  # due to pycparsing handling it poorly.
 68  # See https://github.com/NixOS/nixpkgs/issues/252023
 69  # for more details.
 70  hardeningDisable = [
 71    "fortify"
 72  ];
 73
 74  nativeBuildInputs = [
 75    cffi
 76    pkgconfig # this is the Python module
 77    pkg-config # this is the actual pkg-config tool
 78    setuptools-scm
 79  ];
 80
 81  buildInputs = [
 82    tpm2-tss
 83  ];
 84
 85  propagatedBuildInputs = [
 86    cffi
 87    asn1crypto
 88    cryptography
 89    pyyaml
 90  ];
 91
 92  doCheck = true;
 93
 94  nativeCheckInputs = [
 95    pytestCheckHook
 96    tpm2-tools
 97    swtpm
 98  ];
 99
100  pythonImportsCheck = [
101    "tpm2_pytss"
102  ];
103
104  meta = with lib; {
105    homepage = "https://github.com/tpm2-software/tpm2-pytss";
106    changelog = "https://github.com/tpm2-software/tpm2-pytss/blob/${version}/CHANGELOG.md";
107    description = "TPM2 TSS Python bindings for Enhanced System API (ESYS)";
108    license = licenses.bsd2;
109    maintainers = with maintainers; [ baloo ];
110  };
111}