pkgs/development/python-modules/tpm2-pytss/default.nix at haskell-updates

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / python-modules / tpm2-pytss / default.nix
at haskell-updates 112 lines 3.1 kB view raw
wrap content
  1{
  2  lib,
  3  stdenv,
  4  replaceVars,
  5  buildPythonPackage,
  6  fetchPypi,
  7  fetchpatch,
  8  fetchpatch2,
  9  pythonOlder,
 10  asn1crypto,
 11  cffi,
 12  cryptography,
 13  pkgconfig, # see nativeBuildInputs
 14  pkg-config, # see nativeBuildInputs
 15  pytestCheckHook,
 16  pyyaml,
 17  setuptools-scm,
 18  tpm2-tss,
 19  tpm2-tools,
 20  swtpm,
 21}:
 22
 23let
 24  isCross = (stdenv.buildPlatform != stdenv.hostPlatform);
 25in
 26buildPythonPackage rec {
 27  pname = "tpm2-pytss";
 28  version = "2.3.0";
 29  format = "setuptools";
 30
 31  disabled = pythonOlder "3.7";
 32
 33  src = fetchPypi {
 34    inherit pname version;
 35    hash = "sha256-IAcRKTeWVvXzw7wW02RhJnKxR9gRkftOufn/n77khBA=";
 36  };
 37
 38  patches = [
 39    # libtpms (underneath swtpm) bumped the TPM revision
 40    # https://github.com/tpm2-software/tpm2-pytss/pull/593
 41    (fetchpatch {
 42      url = "https://github.com/tpm2-software/tpm2-pytss/pull/593.patch";
 43      hash = "sha256-CNJnSIvUQ0Yvy0o7GdVfFZ7kHJd2hBt5Zv1lqgOeoks=";
 44    })
 45    # support cryptography >= 45.0.0
 46    # https://github.com/tpm2-software/tpm2-pytss/pull/643
 47    (fetchpatch {
 48      url = "https://github.com/tpm2-software/tpm2-pytss/commit/6ab4c74e6fb3da7cd38e97c1f8e92532312f8439.patch";
 49      hash = "sha256-01Qe4qpD2IINc5Z120iVdPitiLBwdr8KNBjLFnGgE7E=";
 50    })
 51    # Properly restore environment variables upon exit from
 52    # FAPIConfig context. Accepted into upstream, not yet released.
 53    (fetchpatch2 {
 54      url = "https://github.com/tpm2-software/tpm2-pytss/commit/afdee627d0639eb05711a2191f2f76e460793da9.patch?full_index=1";
 55      hash = "sha256-Y6drcBg4gnbSvnCGw69b42Q/QfLI3u56BGRUEkpdB0M=";
 56    })
 57  ]
 58  ++ lib.optionals isCross [
 59    # pytss will regenerate files from headers of tpm2-tss.
 60    # Those headers are fed through a compiler via pycparser. pycparser expects `cpp`
 61    # to be in the path.
 62    # This is put in the path via stdenv when not cross-compiling, but this is absent
 63    # when cross-compiling is turned on.
 64    # This patch changes the call to pycparser.preprocess_file to provide the name
 65    # of the cross-compiling cpp
 66    (replaceVars ./cross.patch {
 67      crossPrefix = stdenv.hostPlatform.config;
 68    })
 69  ];
 70
 71  # Hardening has to be disabled
 72  # due to pycparsing handling it poorly.
 73  # See https://github.com/NixOS/nixpkgs/issues/252023
 74  # for more details.
 75  hardeningDisable = [ "fortify" ];
 76
 77  nativeBuildInputs = [
 78    cffi
 79    pkgconfig # this is the Python module
 80    pkg-config # this is the actual pkg-config tool
 81    setuptools-scm
 82  ];
 83
 84  buildInputs = [ tpm2-tss ];
 85
 86  propagatedBuildInputs = [
 87    cffi
 88    asn1crypto
 89    cryptography
 90    pyyaml
 91  ];
 92
 93  nativeCheckInputs = [
 94    pytestCheckHook
 95    tpm2-tools
 96    swtpm
 97  ];
 98
 99  preCheck = ''
100    export TSS2_FAPICONF=${tpm2-tss.out}/etc/tpm2-tss/fapi-config-test.json
101  '';
102
103  pythonImportsCheck = [ "tpm2_pytss" ];
104
105  meta = with lib; {
106    homepage = "https://github.com/tpm2-software/tpm2-pytss";
107    changelog = "https://github.com/tpm2-software/tpm2-pytss/blob/${version}/CHANGELOG.md";
108    description = "TPM2 TSS Python bindings for Enhanced System API (ESYS)";
109    license = licenses.bsd2;
110    maintainers = with maintainers; [ baloo ];
111  };
112}