tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1{
2 lib,
3 boto3,
4 buildPythonPackage,
5 cryptography,
6 docutils,
7 fetchFromGitHub,
8 fetchpatch,
9 pytestCheckHook,
10 pyyaml,
11 setuptools,
12}:
13
14buildPythonPackage rec {
15 pname = "credstash";
16 version = "1.17.1";
17 pyproject = true;
18
19 src = fetchFromGitHub {
20 owner = "fugue";
21 repo = "credstash";
22 tag = "v${version}";
23 hash = "sha256-a6OzffGt5piHgi0AWEXJED0R/+8RETh/9hYJi/lUVu0=";
24 };
25
26 patches = [
27 # setup_requires -> tests_requires for pytest
28 (fetchpatch {
29 url = "https://github.com/fugue/credstash/commit/9c02ee43ed6e37596cafbca2fe80c532ec19d2d8.patch";
30 hash = "sha256-dlybrpfLK+PqwWWhH9iXgXHYysZGmcZAFGWNOwsG0xA=";
31 })
32 ];
33 # The install phase puts an executable and a copy of the library it imports in
34 # bin/credstash and bin/credstash.py, despite the fact that the library is also
35 # installed to lib/python<version>/site-packages/credstash.py.
36 # If we apply wrapPythonPrograms to bin/credstash.py then the executable will try
37 # to import the credstash module from the resulting shell script. Removing this
38 # file ensures that Python imports the module from site-packages library.
39 postInstall = "rm $out/bin/credstash.py";
40
41 build-system = [ setuptools ];
42
43 dependencies = [
44 boto3
45 cryptography
46 docutils
47 pyyaml
48 ];
49
50 nativeBuildInputs = [ pytestCheckHook ];
51
52 disabledTestPaths = [
53 # Tests require a region
54 "integration_tests/test_credstash_lib.py"
55 "tests/key_service_test.py"
56 ];
57
58 meta = {
59 description = "Utility for managing secrets in the cloud using AWS KMS and DynamoDB";
60 homepage = "https://github.com/LuminalOSS/credstash";
61 changelog = "https://github.com/fugue/credstash/releases/tag/v${version}";
62 license = lib.licenses.asl20;
63 maintainers = [ ];
64 mainProgram = "credstash";
65 };
66}