tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / development / python-modules / tpm2-pytss / default.nix
at r-updates 123 lines 3.8 kB view raw
1{ 2 lib, 3 stdenv, 4 replaceVars, 5 buildPythonPackage, 6 fetchPypi, 7 fetchpatch, 8 fetchpatch2, 9 asn1crypto, 10 cffi, 11 cryptography, 12 pkgconfig, # see nativeBuildInputs 13 pkg-config, # see nativeBuildInputs 14 pytestCheckHook, 15 pyyaml, 16 setuptools-scm, 17 tpm2-tss, 18 tpm2-tools, 19 swtpm, 20}: 21 22let 23 isCross = (stdenv.buildPlatform != stdenv.hostPlatform); 24in 25buildPythonPackage rec { 26 pname = "tpm2-pytss"; 27 version = "2.3.0"; 28 format = "setuptools"; 29 30 src = fetchPypi { 31 inherit pname version; 32 hash = "sha256-IAcRKTeWVvXzw7wW02RhJnKxR9gRkftOufn/n77khBA="; 33 }; 34 35 patches = [ 36 # libtpms (underneath swtpm) bumped the TPM revision 37 # https://github.com/tpm2-software/tpm2-pytss/pull/593 38 (fetchpatch { 39 url = "https://github.com/tpm2-software/tpm2-pytss/pull/593.patch"; 40 hash = "sha256-CNJnSIvUQ0Yvy0o7GdVfFZ7kHJd2hBt5Zv1lqgOeoks="; 41 }) 42 # support cryptography >= 45.0.0 43 # https://github.com/tpm2-software/tpm2-pytss/pull/643 44 (fetchpatch { 45 url = "https://github.com/tpm2-software/tpm2-pytss/commit/6ab4c74e6fb3da7cd38e97c1f8e92532312f8439.patch"; 46 hash = "sha256-01Qe4qpD2IINc5Z120iVdPitiLBwdr8KNBjLFnGgE7E="; 47 }) 48 # Properly restore environment variables upon exit from 49 # FAPIConfig context. Accepted into upstream, not yet released. 50 (fetchpatch2 { 51 url = "https://github.com/tpm2-software/tpm2-pytss/commit/afdee627d0639eb05711a2191f2f76e460793da9.patch?full_index=1"; 52 hash = "sha256-Y6drcBg4gnbSvnCGw69b42Q/QfLI3u56BGRUEkpdB0M="; 53 }) 54 # Fix build with gcc15 by using c99 for preprocessing 55 # The first patch is needed to apply the second; it doesn't affect us 56 (fetchpatch { 57 url = "https://github.com/tpm2-software/tpm2-pytss/commit/55d28b259f1a68f60c937ea8be7815685d32757f.patch"; 58 hash = "sha256-sGxUyQ2W2Jl9ROSt1w0E0dVTgFPAmYWlNgcpHcTVv90="; 59 }) 60 (fetchpatch { 61 url = "https://github.com/tpm2-software/tpm2-pytss/commit/61d00b4dcca131b3f03f674ceabf4260bdbd6a61.patch"; 62 hash = "sha256-0dwfyW0Fi5FkzYnaMOb2ua9O6eyCnMgJqT09tTT56vY="; 63 }) 64 ] 65 ++ lib.optionals isCross [ 66 # pytss will regenerate files from headers of tpm2-tss. 67 # Those headers are fed through a compiler via pycparser. pycparser expects `cpp` 68 # to be in the path. 69 # This is put in the path via stdenv when not cross-compiling, but this is absent 70 # when cross-compiling is turned on. 71 # This patch changes the call to pycparser.preprocess_file to provide the name 72 # of the cross-compiling cpp 73 # NOTE: This patch could be dropped after next release. 3.0.0-rc0 already have proper `$CC -E` invocation 74 (replaceVars ./cross.patch { 75 crossPrefix = stdenv.hostPlatform.config; 76 }) 77 ]; 78 79 # Hardening has to be disabled 80 # due to pycparsing handling it poorly. 81 # See https://github.com/NixOS/nixpkgs/issues/252023 82 # for more details. 83 hardeningDisable = [ "fortify" ]; 84 85 nativeBuildInputs = [ 86 cffi 87 pkgconfig # this is the Python module 88 pkg-config # this is the actual pkg-config tool 89 setuptools-scm 90 ]; 91 92 buildInputs = [ tpm2-tss ]; 93 94 propagatedBuildInputs = [ 95 cffi 96 asn1crypto 97 cryptography 98 pyyaml 99 ]; 100 101 nativeCheckInputs = [ 102 pytestCheckHook 103 tpm2-tools 104 swtpm 105 ]; 106 107 preCheck = '' 108 export TSS2_FAPICONF=${tpm2-tss.out}/etc/tpm2-tss/fapi-config-test.json 109 ''; 110 111 pythonImportsCheck = [ "tpm2_pytss" ]; 112 113 meta = { 114 homepage = "https://github.com/tpm2-software/tpm2-pytss"; 115 changelog = "https://github.com/tpm2-software/tpm2-pytss/blob/${version}/CHANGELOG.md"; 116 description = "TPM2 TSS Python bindings for Enhanced System API (ESYS)"; 117 license = lib.licenses.bsd2; 118 maintainers = with lib.maintainers; [ 119 baloo 120 scottstephens 121 ]; 122 }; 123}