pkgs/development/python-modules/pyopenssl/default.nix at release-19.03

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / python-modules / pyopenssl / default.nix
at release-19.03 97 lines 2.8 kB view raw
wrap content
 1{ stdenv
 2, buildPythonPackage
 3, fetchPypi
 4, openssl
 5, cryptography
 6, pyasn1
 7, idna
 8, pytest
 9, pretend
10, flaky
11, glibcLocales
12, fetchpatch
13}:
14
15with stdenv.lib;
16
17
18let
19  # https://github.com/pyca/pyopenssl/issues/791
20  # These tests, we disable in the case that libressl is passed in as openssl.
21  failingLibresslTests = [
22    "test_op_no_compression"
23    "test_npn_advertise_error"
24    "test_npn_select_error"
25    "test_npn_client_fail"
26    "test_npn_success"
27    "test_use_certificate_chain_file_unicode"
28    "test_use_certificate_chain_file_bytes"
29    "test_add_extra_chain_cert"
30    "test_set_session_id_fail"
31    "test_verify_with_revoked"
32    "test_set_notAfter"
33    "test_set_notBefore"
34  ];
35
36  disabledTests = [
37    # https://github.com/pyca/pyopenssl/issues/692
38    # These tests, we disable always.
39    "test_set_default_verify_paths"
40    "test_fallback_default_verify_paths"
41  ] ++ (optionals (hasPrefix "libressl" openssl.meta.name) failingLibresslTests);
42
43  # Compose the final string expression, including the "-k" and the single quotes.
44  testExpression = optionalString (disabledTests != [])
45    "-k 'not ${concatStringsSep " and not " disabledTests}'";
46
47in
48
49
50buildPythonPackage rec {
51  pname = "pyOpenSSL";
52  version = "19.0.0";
53
54  src = fetchPypi {
55    inherit pname version;
56    sha256 = "aeca66338f6de19d1aa46ed634c3b9ae519a64b458f8468aec688e7e3c20f200";
57  };
58
59  outputs = [ "out" "dev" ];
60
61  checkPhase = ''
62    runHook preCheck
63    export LANG="en_US.UTF-8"
64    py.test tests ${testExpression}
65    runHook postCheck
66  '';
67
68  patches = [
69    # 4 patches for 2020 bug
70    # https://github.com/pyca/pyopenssl/pull/828
71    (fetchpatch {
72      url = https://github.com/pyca/pyopenssl/commit/0d2fd1a24b30077ead6960bd63b4a9893a57c101.patch;
73      sha256 = "1c27g53qrwxddyx04sxf8yvj7xgbaabla7mc1cgbfd426rncbqf3";
74    })
75    (fetchpatch {
76      url = https://github.com/pyca/pyopenssl/commit/d08a742573c3205348a4eec9a65abaf6c16110c4.patch;
77      sha256 = "18xn8s1wpycz575ivrbsbs0qd2q48z8pdzsjzh8i60xba3f8yj2f";
78    })
79    (fetchpatch {
80      url = https://github.com/pyca/pyopenssl/commit/60b9e10e6da7ccafaf722def630285f54510ed12.patch;
81      sha256 = "0aw8qvy8m0bhgp39lmbcrpprpg4bhpssm327hyrk476wwgajk01j";
82    })
83    (fetchpatch {
84      url = https://github.com/pyca/pyopenssl/commit/7a37cc23fcbe43abe785cd4badd14bdc7acfb175.patch;
85      sha256 = "1c7zb568rs71rsl16p6dq7aixwlkgzfnba4vzmfvbmy3zsnaslq2";
86    })
87  ];
88
89  # Seems to fail unpredictably on Darwin. See http://hydra.nixos.org/build/49877419/nixlog/1
90  # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
91  doCheck = !stdenv.isDarwin;
92
93  nativeBuildInputs = [ openssl ];
94  propagatedBuildInputs = [ cryptography pyasn1 idna ];
95
96  checkInputs = [ pytest pretend flaky glibcLocales ];
97}