nixpkgs/pkgs/development/python-modules/cryptography/default.nix
Michael Weiss 44b7d77591
python3Packages.cryptography: 3.2.1 -> 3.3.1
Backward incompatible changes:
- Support for Python 3.5 has been removed due to low usage and
  maintenance burden.
- The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte)
  initialization vectors. This change is to conform with an upcoming
  OpenSSL release that will no longer support sizes outside this window.
- When deserializing asymmetric keys we now raise ValueError rather than
  UnsupportedAlgorithm when an unsupported cipher is used. This change
  is to conform with an upcoming OpenSSL release that will no longer
  distinguish between error types.
- We no longer allow loading of finite field Diffie-Hellman parameters
  of less than 512 bits in length. This change is to conform with an
  upcoming OpenSSL release that no longer supports smaller sizes. These
  keys were already wildly insecure and should not have been used in any
  application outside of testing.
2020-12-10 13:40:57 +01:00

82 lines
1.9 KiB
Nix

{ stdenv
, buildPythonPackage
, fetchPypi
, fetchpatch
, isPy27
, ipaddress
, openssl
, cryptography_vectors
, darwin
, packaging
, six
, pythonOlder
, isPyPy
, cffi
, pytest
, pretend
, iso8601
, pytz
, hypothesis
, enum34
}:
buildPythonPackage rec {
pname = "cryptography";
version = "3.3.1"; # Also update the hash in vectors.nix
src = fetchPypi {
inherit pname version;
sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
};
outputs = [ "out" "dev" ];
nativeBuildInputs = stdenv.lib.optionals (!isPyPy) [
cffi
];
buildInputs = [ openssl ]
++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
propagatedBuildInputs = [
packaging
six
] ++ stdenv.lib.optionals (!isPyPy) [
cffi
] ++ stdenv.lib.optionals isPy27 [
ipaddress enum34
];
checkInputs = [
cryptography_vectors
hypothesis
iso8601
pretend
pytest
pytz
];
checkPhase = ''
py.test --disable-pytest-warnings tests
'';
# IOKit's dependencies are inconsistent between OSX versions, so this is the best we
# can do until nix 1.11's release
__impureHostDeps = [ "/usr/lib" ];
meta = with stdenv.lib; {
description = "A package which provides cryptographic recipes and primitives";
longDescription = ''
Cryptography includes both high level recipes and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message
digests, and key derivation functions.
Our goal is for it to be your "cryptographic standard library". It
supports Python 2.7, Python 3.5+, and PyPy 5.4+.
'';
homepage = "https://github.com/pyca/cryptography";
changelog = "https://cryptography.io/en/latest/changelog/#v"
+ replaceStrings [ "." ] [ "-" ] version;
license = with licenses; [ asl20 bsd3 psfl ];
maintainers = with maintainers; [ primeos ];
};
}