nixpkgs/pkgs/development/python-modules/credstash/default.nix

39 lines
1.4 KiB
Nix
Raw Normal View History

{ lib, buildPythonPackage, fetchPypi, cryptography, boto3, pyyaml, docutils, pytest, fetchpatch }:
2017-09-14 01:30:40 +00:00
buildPythonPackage rec {
pname = "credstash";
2020-06-06 06:47:02 +00:00
version = "1.17.1";
2017-09-14 01:30:40 +00:00
src = fetchPypi {
inherit pname version;
2020-06-06 06:47:02 +00:00
sha256 = "6c04e8734ef556ab459018da142dd0b244093ef176b3be5583e582e9a797a120";
2017-09-14 01:30:40 +00:00
};
2020-08-31 15:18:27 +00:00
patches = [
(fetchpatch {
url = "https://github.com/fugue/credstash/commit/9c02ee43ed6e37596cafbca2fe80c532ec19d2d8.patch";
sha256 = "dlybrpfLK+PqwWWhH9iXgXHYysZGmcZAFGWNOwsG0xA=";
})
];
credstash: add standalone Python application (#51807) credstash was only available as a library. Provide it as a standalone application as well. In order for this to work, I needed to remove the copy of the library that's placed in $out/bin and marked executable during the install phase. Other than the patched shebang and executable bit, it's identical to the library that's installed to $out/lib/python3.7/site-packages. Before the postFixup has run `wrapPythonPrograms`, $out/bin contains two Python files -- credstash and credstash.py -- where bin/credstash is the executable you'd expect a user to invoke from the command-line and bin/credstash.py contains the credstash module, which bin/credstash imports. After `wrapPythonPrograms` has run, bin/credstash is a shell wrapper around the bin/.credstash-wrapped python entrypoint, and bin/credstash.py is shell wrapper around bin/.credstash.py-wrapped. Invoking bin/credstash execs bin/.credstash-wrapped, and that python script attempts to import the credstash module from bin/credstash.py, the shell wrapper, rather than either bin/.credstash.py-wrapped or lib/python3.7/site-packages/credstash.py. This leads to an error: $ credstash get mykey Traceback (most recent call last): File "/nix/store/hk6yma716w6141lcdh509d6qyyi7zm0i-python3.7-credstash-1.15.0/bin/.credstash-wrapped", line 8, in <module> from credstash import main File "/nix/store/hk6yma716w6141lcdh509d6qyyi7zm0i-python3.7-credstash-1.15.0/bin/credstash.py", line 2 export PATH='/nix/store/6lm4gi5iv8fbf1b1mm6g3gfnnv63f1gn-python3-3.7.1/bin:/nix/store/hk6yma716w6141lcdh509d6qyyi7zm0i-python3.7-credstash-1.15.0/bin:/nix/store/2n13gf1zdr39ir5dynxlkqndxgy36g08-python3.7-setuptools-40.4.3/bin:/nix/store/mhnqwpa4y1l81zi4cwx989i8h8z9g67l-python3.7-jmespath-0.9.0/bin:/nix/store/qc6q3a2nv4211wyh7q319v6zzd3ab6pc-python3.7-docutils-0.14/bin'${PATH:+':'}$PATH ^ SyntaxError: invalid syntax If we try using `dontWrapPythonPrograms` to resolve this, runtime dependency lookups fail: $ credstash get mykey Traceback (most recent call last): File "/run/current-system/sw/bin/credstash", line 7, in <module> from credstash import main File "/nix/store/8rmldlvlv1z1xl7w02dy7f5qhkzdrg8z-python3.7-credstash-1.15.0/bin/credstash.py", line 26, in <module> import boto3 ModuleNotFoundError: No module named 'boto3' I was able to resolve things by simply removing bin/credstash.py before the postFixup phase has a chance to wrap any executables. Now the executable imports the library correctly: (shell wrapper) bin/credstash │ (python executable) └─> bin/.credstash-wrapped │ (python library) └─> lib/python3.7/site-packages/credstash.py
2018-12-11 09:49:27 +00:00
# The install phase puts an executable and a copy of the library it imports in
# bin/credstash and bin/credstash.py, despite the fact that the library is also
# installed to lib/python<version>/site-packages/credstash.py.
# If we apply wrapPythonPrograms to bin/credstash.py then the executable will try
# to import the credstash module from the resulting shell script. Removing this
# file ensures that Python imports the module from site-packages library.
postInstall = "rm $out/bin/credstash.py";
nativeBuildInputs = [ pytest ];
2017-09-14 01:30:40 +00:00
propagatedBuildInputs = [ cryptography boto3 pyyaml docutils ];
# No tests in archive
doCheck = false;
meta = with lib; {
2017-09-14 01:30:40 +00:00
description = "A utility for managing secrets in the cloud using AWS KMS and DynamoDB";
homepage = "https://github.com/LuminalOSS/credstash";
2017-09-14 01:30:40 +00:00
license = licenses.asl20;
};
}