nixpkgs/pkgs/development/python-modules/nassl/default.nix
2022-03-16 15:10:30 +01:00

171 lines
4.6 KiB
Nix

{ lib
, fetchFromGitHub
, fetchurl
, buildPythonPackage
, pkgsStatic
, openssl_1_1
, openssl_1_0_2
, invoke
, tls-parser
, cacert
, pytestCheckHook
, pythonAtLeast
, pythonOlder
}:
let
zlibStatic = (pkgsStatic.zlib.override {
splitStaticOutput = false;
}).overrideAttrs (oldAttrs: {
NIX_CFLAGS_COMPILE = "${oldAttrs.NIX_CFLAGS_COMPILE} -fPIC";
});
nasslOpensslArgs = {
static = true;
enableSSL2 = true;
};
nasslOpensslFlagsCommon = [
"zlib"
"no-zlib-dynamic"
"no-shared"
"--with-zlib-lib=${zlibStatic.out}/lib"
"--with-zlib-include=${zlibStatic.out.dev}/include"
"enable-rc5"
"enable-md2"
"enable-gost"
"enable-cast"
"enable-idea"
"enable-ripemd"
"enable-mdc2"
"-fPIC"
];
opensslStatic = (openssl_1_1.override nasslOpensslArgs).overrideAttrs (
oldAttrs: rec {
name = "openssl-${version}";
version = "1.1.1h";
src = fetchurl {
url = "https://www.openssl.org/source/${name}.tar.gz";
sha256 = "1ncmcnh5bmxkwrvm0m1q4kdcjjfpwvlyjspjhibkxc6p9dvsi72w";
};
configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon ++ [
"enable-weak-ssl-ciphers"
"enable-tls1_3"
"no-async"
];
patches = builtins.filter
(
p: (builtins.baseNameOf (toString p)) != "macos-yosemite-compat.patch"
)
oldAttrs.patches;
buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ];
meta = oldAttrs.meta // {
knownVulnerabilities = [
"CVE-2020-1971"
"CVE-2021-23840"
"CVE-2021-23841"
"CVE-2021-3449"
"CVE-2021-3450"
"CVE-2021-3711"
"CVE-2021-3712"
];
};
}
);
opensslLegacyStatic = (openssl_1_0_2.override nasslOpensslArgs).overrideAttrs (
oldAttrs: rec {
name = "openssl-${version}";
version = "1.0.2e";
src = fetchurl {
url = "https://www.openssl.org/source/${name}.tar.gz";
sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72";
};
configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon;
patches = builtins.filter
(
p: (builtins.baseNameOf (toString p)) == "darwin64-arm64.patch"
)
oldAttrs.patches;
buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ];
# openssl_1_0_2 needs `withDocs = false`
outputs = lib.remove "doc" oldAttrs.outputs;
}
);
in
buildPythonPackage rec {
pname = "nassl";
version = "4.0.2";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "nabla-c0d3";
repo = pname;
rev = version;
hash = "sha256-lLyHXLmBVvT+LgsKBU8DcUXd0qaLSrwvXxFnIB9CHcU=";
};
postPatch =
let
legacyOpenSSLVersion = lib.replaceStrings [ "." ] [ "_" ] opensslLegacyStatic.version;
modernOpenSSLVersion = lib.replaceStrings [ "." ] [ "_" ] opensslStatic.version;
zlibVersion = zlibStatic.version;
in
''
mkdir -p deps/openssl-OpenSSL_${legacyOpenSSLVersion}/
cp ${opensslLegacyStatic.out}/lib/libssl.a \
${opensslLegacyStatic.out}/lib/libcrypto.a \
deps/openssl-OpenSSL_${legacyOpenSSLVersion}/
ln -s ${opensslLegacyStatic.out.dev}/include deps/openssl-OpenSSL_${legacyOpenSSLVersion}/include
ln -s ${opensslLegacyStatic.bin}/bin deps/openssl-OpenSSL_${legacyOpenSSLVersion}/apps
mkdir -p deps/openssl-OpenSSL_${modernOpenSSLVersion}/
cp ${opensslStatic.out}/lib/libssl.a \
${opensslStatic.out}/lib/libcrypto.a \
deps/openssl-OpenSSL_${modernOpenSSLVersion}/
ln -s ${opensslStatic.out.dev}/include deps/openssl-OpenSSL_${modernOpenSSLVersion}/include
ln -s ${opensslStatic.bin}/bin deps/openssl-OpenSSL_${modernOpenSSLVersion}/apps
mkdir -p deps/zlib-${zlibVersion}/
cp ${zlibStatic.out}/lib/libz.a deps/zlib-${zlibVersion}/
'';
nativeBuildInputs = [
invoke
];
propagatedBuildInputs = [
tls-parser
];
checkInputs = [
pytestCheckHook
];
buildPhase = ''
invoke build.nassl
invoke package.wheel
'';
doCheck = true;
pythonImportsCheck = [
"nassl"
];
disabledTests = [
"Online"
] ++ lib.optionals (pythonAtLeast "3.10") [
"test_write_bad"
"test_client_authentication_no_certificate_supplied"
"test_client_authentication_succeeds"
];
meta = with lib; {
description = "Low-level OpenSSL wrapper for Python";
homepage = "https://github.com/nabla-c0d3/nassl";
license = licenses.agpl3Only;
maintainers = with maintainers; [ veehaitch ];
platforms = with platforms; linux ++ darwin;
};
}