Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
at release-19.03 97 lines 2.8 kB view raw
1{ stdenv 2, buildPythonPackage 3, fetchPypi 4, openssl 5, cryptography 6, pyasn1 7, idna 8, pytest 9, pretend 10, flaky 11, glibcLocales 12, fetchpatch 13}: 14 15with stdenv.lib; 16 17 18let 19 # https://github.com/pyca/pyopenssl/issues/791 20 # These tests, we disable in the case that libressl is passed in as openssl. 21 failingLibresslTests = [ 22 "test_op_no_compression" 23 "test_npn_advertise_error" 24 "test_npn_select_error" 25 "test_npn_client_fail" 26 "test_npn_success" 27 "test_use_certificate_chain_file_unicode" 28 "test_use_certificate_chain_file_bytes" 29 "test_add_extra_chain_cert" 30 "test_set_session_id_fail" 31 "test_verify_with_revoked" 32 "test_set_notAfter" 33 "test_set_notBefore" 34 ]; 35 36 disabledTests = [ 37 # https://github.com/pyca/pyopenssl/issues/692 38 # These tests, we disable always. 39 "test_set_default_verify_paths" 40 "test_fallback_default_verify_paths" 41 ] ++ (optionals (hasPrefix "libressl" openssl.meta.name) failingLibresslTests); 42 43 # Compose the final string expression, including the "-k" and the single quotes. 44 testExpression = optionalString (disabledTests != []) 45 "-k 'not ${concatStringsSep " and not " disabledTests}'"; 46 47in 48 49 50buildPythonPackage rec { 51 pname = "pyOpenSSL"; 52 version = "19.0.0"; 53 54 src = fetchPypi { 55 inherit pname version; 56 sha256 = "aeca66338f6de19d1aa46ed634c3b9ae519a64b458f8468aec688e7e3c20f200"; 57 }; 58 59 outputs = [ "out" "dev" ]; 60 61 checkPhase = '' 62 runHook preCheck 63 export LANG="en_US.UTF-8" 64 py.test tests ${testExpression} 65 runHook postCheck 66 ''; 67 68 patches = [ 69 # 4 patches for 2020 bug 70 # https://github.com/pyca/pyopenssl/pull/828 71 (fetchpatch { 72 url = https://github.com/pyca/pyopenssl/commit/0d2fd1a24b30077ead6960bd63b4a9893a57c101.patch; 73 sha256 = "1c27g53qrwxddyx04sxf8yvj7xgbaabla7mc1cgbfd426rncbqf3"; 74 }) 75 (fetchpatch { 76 url = https://github.com/pyca/pyopenssl/commit/d08a742573c3205348a4eec9a65abaf6c16110c4.patch; 77 sha256 = "18xn8s1wpycz575ivrbsbs0qd2q48z8pdzsjzh8i60xba3f8yj2f"; 78 }) 79 (fetchpatch { 80 url = https://github.com/pyca/pyopenssl/commit/60b9e10e6da7ccafaf722def630285f54510ed12.patch; 81 sha256 = "0aw8qvy8m0bhgp39lmbcrpprpg4bhpssm327hyrk476wwgajk01j"; 82 }) 83 (fetchpatch { 84 url = https://github.com/pyca/pyopenssl/commit/7a37cc23fcbe43abe785cd4badd14bdc7acfb175.patch; 85 sha256 = "1c7zb568rs71rsl16p6dq7aixwlkgzfnba4vzmfvbmy3zsnaslq2"; 86 }) 87 ]; 88 89 # Seems to fail unpredictably on Darwin. See http://hydra.nixos.org/build/49877419/nixlog/1 90 # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail. 91 doCheck = !stdenv.isDarwin; 92 93 nativeBuildInputs = [ openssl ]; 94 propagatedBuildInputs = [ cryptography pyasn1 idna ]; 95 96 checkInputs = [ pytest pretend flaky glibcLocales ]; 97}