tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / development / python-modules / tpm2-pytss / default.nix
at python-updates 122 lines 3.6 kB view raw
1{ 2 lib, 3 stdenv, 4 replaceVars, 5 buildPythonPackage, 6 fetchPypi, 7 fetchpatch, 8 fetchpatch2, 9 asn1crypto, 10 cffi, 11 cryptography, 12 pkgconfig, # see nativeBuildInputs 13 pkg-config, # see nativeBuildInputs 14 pytestCheckHook, 15 pyyaml, 16 setuptools-scm, 17 tpm2-tss, 18 tpm2-tools, 19 swtpm, 20}: 21 22let 23 isCross = (stdenv.buildPlatform != stdenv.hostPlatform); 24in 25buildPythonPackage rec { 26 pname = "tpm2-pytss"; 27 version = "2.3.0"; 28 format = "setuptools"; 29 30 src = fetchPypi { 31 inherit pname version; 32 hash = "sha256-IAcRKTeWVvXzw7wW02RhJnKxR9gRkftOufn/n77khBA="; 33 }; 34 35 patches = [ 36 # libtpms (underneath swtpm) bumped the TPM revision 37 # https://github.com/tpm2-software/tpm2-pytss/pull/593 38 (fetchpatch { 39 url = "https://github.com/tpm2-software/tpm2-pytss/pull/593.patch"; 40 hash = "sha256-CNJnSIvUQ0Yvy0o7GdVfFZ7kHJd2hBt5Zv1lqgOeoks="; 41 }) 42 # support cryptography >= 45.0.0 43 # https://github.com/tpm2-software/tpm2-pytss/pull/643 44 (fetchpatch { 45 url = "https://github.com/tpm2-software/tpm2-pytss/commit/6ab4c74e6fb3da7cd38e97c1f8e92532312f8439.patch"; 46 hash = "sha256-01Qe4qpD2IINc5Z120iVdPitiLBwdr8KNBjLFnGgE7E="; 47 }) 48 # Properly restore environment variables upon exit from 49 # FAPIConfig context. Accepted into upstream, not yet released. 50 (fetchpatch2 { 51 url = "https://github.com/tpm2-software/tpm2-pytss/commit/afdee627d0639eb05711a2191f2f76e460793da9.patch?full_index=1"; 52 hash = "sha256-Y6drcBg4gnbSvnCGw69b42Q/QfLI3u56BGRUEkpdB0M="; 53 }) 54 # Fix build with gcc15 by using c99 for preprocessing 55 # The first patch is needed to apply the second; it doesn't affect us 56 (fetchpatch { 57 url = "https://github.com/tpm2-software/tpm2-pytss/commit/55d28b259f1a68f60c937ea8be7815685d32757f.patch"; 58 hash = "sha256-sGxUyQ2W2Jl9ROSt1w0E0dVTgFPAmYWlNgcpHcTVv90="; 59 }) 60 (fetchpatch { 61 url = "https://github.com/tpm2-software/tpm2-pytss/commit/61d00b4dcca131b3f03f674ceabf4260bdbd6a61.patch"; 62 hash = "sha256-0dwfyW0Fi5FkzYnaMOb2ua9O6eyCnMgJqT09tTT56vY="; 63 }) 64 ] 65 ++ lib.optionals isCross [ 66 # pytss will regenerate files from headers of tpm2-tss. 67 # Those headers are fed through a compiler via pycparser. pycparser expects `cpp` 68 # to be in the path. 69 # This is put in the path via stdenv when not cross-compiling, but this is absent 70 # when cross-compiling is turned on. 71 # This patch changes the call to pycparser.preprocess_file to provide the name 72 # of the cross-compiling cpp 73 (replaceVars ./cross.patch { 74 crossPrefix = stdenv.hostPlatform.config; 75 }) 76 ]; 77 78 # Hardening has to be disabled 79 # due to pycparsing handling it poorly. 80 # See https://github.com/NixOS/nixpkgs/issues/252023 81 # for more details. 82 hardeningDisable = [ "fortify" ]; 83 84 nativeBuildInputs = [ 85 cffi 86 pkgconfig # this is the Python module 87 pkg-config # this is the actual pkg-config tool 88 setuptools-scm 89 ]; 90 91 buildInputs = [ tpm2-tss ]; 92 93 propagatedBuildInputs = [ 94 cffi 95 asn1crypto 96 cryptography 97 pyyaml 98 ]; 99 100 nativeCheckInputs = [ 101 pytestCheckHook 102 tpm2-tools 103 swtpm 104 ]; 105 106 preCheck = '' 107 export TSS2_FAPICONF=${tpm2-tss.out}/etc/tpm2-tss/fapi-config-test.json 108 ''; 109 110 pythonImportsCheck = [ "tpm2_pytss" ]; 111 112 meta = { 113 homepage = "https://github.com/tpm2-software/tpm2-pytss"; 114 changelog = "https://github.com/tpm2-software/tpm2-pytss/blob/${version}/CHANGELOG.md"; 115 description = "TPM2 TSS Python bindings for Enhanced System API (ESYS)"; 116 license = lib.licenses.bsd2; 117 maintainers = with lib.maintainers; [ 118 baloo 119 scottstephens 120 ]; 121 }; 122}