1{ stdenv
2, buildPythonPackage
3, fetchPypi
4, fetchpatch
5, openssl
6, cryptography_vectors
7, darwin
8, asn1crypto
9, packaging
10, six
11, pythonOlder
12, enum34
13, ipaddress
14, isPyPy
15, cffi
16, pytest
17, pretend
18, iso8601
19, pytz
20, hypothesis
21}:
22
23buildPythonPackage rec {
24 # also bump cryptography_vectors
25 pname = "cryptography";
26 version = "2.5";
27
28 src = fetchPypi {
29 inherit pname version;
30 sha256 = "00c4d7gvsymlaw0r13zrm32dcnarmpayjyrh65yymlmr6mrbcij9";
31 };
32
33 outputs = [ "out" "dev" ];
34
35 buildInputs = [ openssl cryptography_vectors ]
36 ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
37 propagatedBuildInputs = [
38 asn1crypto
39 packaging
40 six
41 ] ++ stdenv.lib.optional (pythonOlder "3.4") enum34
42 ++ stdenv.lib.optional (pythonOlder "3.3") ipaddress
43 ++ stdenv.lib.optional (!isPyPy) cffi;
44
45 checkInputs = [
46 pytest
47 pretend
48 iso8601
49 pytz
50 hypothesis
51 ];
52
53 # remove when https://github.com/pyca/cryptography/issues/4998 is fixed
54 checkPhase = ''
55 py.test --disable-pytest-warnings tests -k 'not load_ecdsa_no_named_curve'
56 '';
57
58 # The test assumes that if we're on Sierra or higher, that we use `getentropy`, but for binary
59 # compatibility with pre-Sierra for binary caches, we hide that symbol so the library doesn't
60 # use it. This boils down to them checking compatibility with `getentropy` in two different places,
61 # so let's neuter the second test.
62 postPatch = ''
63 substituteInPlace ./tests/hazmat/backends/test_openssl.py --replace '"16.0"' '"99.0"'
64 '';
65
66 patches = [
67 (fetchpatch {
68 url = "https://github.com/pyca/cryptography/commit/e575e3d482f976c4a1f3203d63ea0f5007a49a2a.patch";
69 sha256 = "0vg9prqsizd6gzh5j7lscsfxzxlhz7pacvzhgqmj1vhdhjwbblcp";
70 })
71 ];
72
73 # IOKit's dependencies are inconsistent between OSX versions, so this is the best we
74 # can do until nix 1.11's release
75 __impureHostDeps = [ "/usr/lib" ];
76
77 meta = with stdenv.lib; {
78 description = "A package which provides cryptographic recipes and primitives";
79 longDescription = ''
80 Cryptography includes both high level recipes and low level interfaces to
81 common cryptographic algorithms such as symmetric ciphers, message
82 digests, and key derivation functions.
83 Our goal is for it to be your "cryptographic standard library". It
84 supports Python 2.7, Python 3.4+, and PyPy 5.3+.
85 '';
86 homepage = https://github.com/pyca/cryptography;
87 license = with licenses; [ asl20 bsd3 psfl ];
88 maintainers = with maintainers; [ primeos ];
89 };
90}