nixpkgs/pkgs/development/python-modules/pyopenssl/default.nix
2020-01-05 15:01:42 +01:00

114 lines
3.2 KiB
Nix

{ stdenv
, buildPythonPackage
, fetchPypi
, openssl
, cryptography
, pyasn1
, idna
, pytest
, pretend
, flaky
, glibcLocales
, six
, fetchpatch
}:
with stdenv.lib;
let
# https://github.com/pyca/pyopenssl/issues/791
# These tests, we disable in the case that libressl is passed in as openssl.
failingLibresslTests = [
"test_op_no_compression"
"test_npn_advertise_error"
"test_npn_select_error"
"test_npn_client_fail"
"test_npn_success"
"test_use_certificate_chain_file_unicode"
"test_use_certificate_chain_file_bytes"
"test_add_extra_chain_cert"
"test_set_session_id_fail"
"test_verify_with_revoked"
"test_set_notAfter"
"test_set_notBefore"
];
# these tests are extremely tightly wed to the exact output of the openssl cli tool,
# including exact punctuation.
failingOpenSSL_1_1Tests = [
"test_dump_certificate"
"test_dump_privatekey_text"
"test_dump_certificate_request"
"test_export_text"
];
disabledTests = [
# https://github.com/pyca/pyopenssl/issues/692
# These tests, we disable always.
"test_set_default_verify_paths"
"test_fallback_default_verify_paths"
# https://github.com/pyca/pyopenssl/issues/768
"test_wantWriteError"
] ++ (
optionals (hasPrefix "libressl" openssl.meta.name) failingLibresslTests
) ++ (
optionals (versionAtLeast (getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests
);
# Compose the final string expression, including the "-k" and the single quotes.
testExpression = optionalString (disabledTests != [])
"-k 'not ${concatStringsSep " and not " disabledTests}'";
in
buildPythonPackage rec {
pname = "pyOpenSSL";
version = "19.1.0";
src = fetchPypi {
inherit pname version;
sha256 = "9a24494b2602aaf402be5c9e30a0b82d4a5c67528fe8fb475e3f3bc00dd69507";
};
outputs = [ "out" "dev" ];
checkPhase = ''
runHook preCheck
export LANG="en_US.UTF-8"
py.test tests ${testExpression}
runHook postCheck
'';
patches = [
# 4 patches for 2020 bug
# https://github.com/pyca/pyopenssl/pull/828
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/0d2fd1a24b30077ead6960bd63b4a9893a57c101.patch;
sha256 = "1c27g53qrwxddyx04sxf8yvj7xgbaabla7mc1cgbfd426rncbqf3";
})
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/d08a742573c3205348a4eec9a65abaf6c16110c4.patch;
sha256 = "18xn8s1wpycz575ivrbsbs0qd2q48z8pdzsjzh8i60xba3f8yj2f";
})
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/60b9e10e6da7ccafaf722def630285f54510ed12.patch;
sha256 = "0aw8qvy8m0bhgp39lmbcrpprpg4bhpssm327hyrk476wwgajk01j";
})
(fetchpatch {
url = https://github.com/pyca/pyopenssl/commit/7a37cc23fcbe43abe785cd4badd14bdc7acfb175.patch;
sha256 = "1c7zb568rs71rsl16p6dq7aixwlkgzfnba4vzmfvbmy3zsnaslq2";
})
];
# Seems to fail unpredictably on Darwin. See http://hydra.nixos.org/build/49877419/nixlog/1
# for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
doCheck = !stdenv.isDarwin;
nativeBuildInputs = [ openssl ];
propagatedBuildInputs = [ cryptography pyasn1 idna six ];
checkInputs = [ pytest pretend flaky glibcLocales ];
}