pkgs/development/python-modules/cryptography/default.nix at release-19.03

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / python-modules / cryptography / default.nix
at release-19.03 90 lines 2.6 kB view raw
wrap content
 1{ stdenv
 2, buildPythonPackage
 3, fetchPypi
 4, fetchpatch
 5, openssl
 6, cryptography_vectors
 7, darwin
 8, asn1crypto
 9, packaging
10, six
11, pythonOlder
12, enum34
13, ipaddress
14, isPyPy
15, cffi
16, pytest
17, pretend
18, iso8601
19, pytz
20, hypothesis
21}:
22
23buildPythonPackage rec {
24  # also bump cryptography_vectors
25  pname = "cryptography";
26  version = "2.5";
27
28  src = fetchPypi {
29    inherit pname version;
30    sha256 = "00c4d7gvsymlaw0r13zrm32dcnarmpayjyrh65yymlmr6mrbcij9";
31  };
32
33  outputs = [ "out" "dev" ];
34
35  buildInputs = [ openssl cryptography_vectors ]
36             ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
37  propagatedBuildInputs = [
38    asn1crypto
39    packaging
40    six
41  ] ++ stdenv.lib.optional (pythonOlder "3.4") enum34
42  ++ stdenv.lib.optional (pythonOlder "3.3") ipaddress
43  ++ stdenv.lib.optional (!isPyPy) cffi;
44
45  checkInputs = [
46    pytest
47    pretend
48    iso8601
49    pytz
50    hypothesis
51  ];
52
53  # remove when https://github.com/pyca/cryptography/issues/4998 is fixed
54  checkPhase = ''
55    py.test --disable-pytest-warnings tests -k 'not load_ecdsa_no_named_curve'
56  '';
57
58  # The test assumes that if we're on Sierra or higher, that we use `getentropy`, but for binary
59  # compatibility with pre-Sierra for binary caches, we hide that symbol so the library doesn't
60  # use it. This boils down to them checking compatibility with `getentropy` in two different places,
61  # so let's neuter the second test.
62  postPatch = ''
63    substituteInPlace ./tests/hazmat/backends/test_openssl.py --replace '"16.0"' '"99.0"'
64  '';
65
66  patches = [
67    (fetchpatch {
68      url = "https://github.com/pyca/cryptography/commit/e575e3d482f976c4a1f3203d63ea0f5007a49a2a.patch";
69      sha256 = "0vg9prqsizd6gzh5j7lscsfxzxlhz7pacvzhgqmj1vhdhjwbblcp";
70    })
71  ];
72
73  # IOKit's dependencies are inconsistent between OSX versions, so this is the best we
74  # can do until nix 1.11's release
75  __impureHostDeps = [ "/usr/lib" ];
76
77  meta = with stdenv.lib; {
78    description = "A package which provides cryptographic recipes and primitives";
79    longDescription = ''
80      Cryptography includes both high level recipes and low level interfaces to
81      common cryptographic algorithms such as symmetric ciphers, message
82      digests, and key derivation functions.
83      Our goal is for it to be your "cryptographic standard library". It
84      supports Python 2.7, Python 3.4+, and PyPy 5.3+.
85    '';
86    homepage = https://github.com/pyca/cryptography;
87    license = with licenses; [ asl20 bsd3 psfl ];
88    maintainers = with maintainers; [ primeos ];
89  };
90}