sslyze: drop
This commit is contained in:
parent
6fa52289b4
commit
35e93564ad
|
@ -1,170 +0,0 @@
|
|||
{ lib
|
||||
, fetchFromGitHub
|
||||
, fetchurl
|
||||
, buildPythonPackage
|
||||
, pkgsStatic
|
||||
, openssl_1_1
|
||||
, openssl_1_0_2
|
||||
, invoke
|
||||
, tls-parser
|
||||
, cacert
|
||||
, pytestCheckHook
|
||||
, pythonAtLeast
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
let
|
||||
zlibStatic = (pkgsStatic.zlib.override {
|
||||
splitStaticOutput = false;
|
||||
}).overrideAttrs (oldAttrs: {
|
||||
NIX_CFLAGS_COMPILE = "${oldAttrs.NIX_CFLAGS_COMPILE} -fPIC";
|
||||
});
|
||||
nasslOpensslArgs = {
|
||||
static = true;
|
||||
enableSSL2 = true;
|
||||
};
|
||||
nasslOpensslFlagsCommon = [
|
||||
"zlib"
|
||||
"no-zlib-dynamic"
|
||||
"no-shared"
|
||||
"--with-zlib-lib=${zlibStatic.out}/lib"
|
||||
"--with-zlib-include=${zlibStatic.out.dev}/include"
|
||||
"enable-rc5"
|
||||
"enable-md2"
|
||||
"enable-gost"
|
||||
"enable-cast"
|
||||
"enable-idea"
|
||||
"enable-ripemd"
|
||||
"enable-mdc2"
|
||||
"-fPIC"
|
||||
];
|
||||
opensslStatic = (openssl_1_1.override nasslOpensslArgs).overrideAttrs (
|
||||
oldAttrs: rec {
|
||||
name = "openssl-${version}";
|
||||
version = "1.1.1h";
|
||||
src = fetchurl {
|
||||
url = "https://www.openssl.org/source/${name}.tar.gz";
|
||||
sha256 = "1ncmcnh5bmxkwrvm0m1q4kdcjjfpwvlyjspjhibkxc6p9dvsi72w";
|
||||
};
|
||||
configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon ++ [
|
||||
"enable-weak-ssl-ciphers"
|
||||
"enable-tls1_3"
|
||||
"no-async"
|
||||
];
|
||||
patches = builtins.filter
|
||||
(
|
||||
p: (builtins.baseNameOf (toString p)) != "macos-yosemite-compat.patch"
|
||||
)
|
||||
oldAttrs.patches;
|
||||
buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ];
|
||||
meta = oldAttrs.meta // {
|
||||
knownVulnerabilities = [
|
||||
"CVE-2020-1971"
|
||||
"CVE-2021-23840"
|
||||
"CVE-2021-23841"
|
||||
"CVE-2021-3449"
|
||||
"CVE-2021-3450"
|
||||
"CVE-2021-3711"
|
||||
"CVE-2021-3712"
|
||||
];
|
||||
};
|
||||
}
|
||||
);
|
||||
opensslLegacyStatic = (openssl_1_0_2.override nasslOpensslArgs).overrideAttrs (
|
||||
oldAttrs: rec {
|
||||
name = "openssl-${version}";
|
||||
version = "1.0.2e";
|
||||
src = fetchurl {
|
||||
url = "https://www.openssl.org/source/${name}.tar.gz";
|
||||
sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72";
|
||||
};
|
||||
configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon;
|
||||
patches = builtins.filter
|
||||
(
|
||||
p: (builtins.baseNameOf (toString p)) == "darwin64-arm64.patch"
|
||||
)
|
||||
oldAttrs.patches;
|
||||
buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ];
|
||||
# openssl_1_0_2 needs `withDocs = false`
|
||||
outputs = lib.remove "doc" oldAttrs.outputs;
|
||||
}
|
||||
);
|
||||
in
|
||||
buildPythonPackage rec {
|
||||
pname = "nassl";
|
||||
version = "4.0.2";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nabla-c0d3";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-lLyHXLmBVvT+LgsKBU8DcUXd0qaLSrwvXxFnIB9CHcU=";
|
||||
};
|
||||
|
||||
postPatch =
|
||||
let
|
||||
legacyOpenSSLVersion = lib.replaceStrings [ "." ] [ "_" ] opensslLegacyStatic.version;
|
||||
modernOpenSSLVersion = lib.replaceStrings [ "." ] [ "_" ] opensslStatic.version;
|
||||
zlibVersion = zlibStatic.version;
|
||||
in
|
||||
''
|
||||
mkdir -p deps/openssl-OpenSSL_${legacyOpenSSLVersion}/
|
||||
cp ${opensslLegacyStatic.out}/lib/libssl.a \
|
||||
${opensslLegacyStatic.out}/lib/libcrypto.a \
|
||||
deps/openssl-OpenSSL_${legacyOpenSSLVersion}/
|
||||
ln -s ${opensslLegacyStatic.out.dev}/include deps/openssl-OpenSSL_${legacyOpenSSLVersion}/include
|
||||
ln -s ${opensslLegacyStatic.bin}/bin deps/openssl-OpenSSL_${legacyOpenSSLVersion}/apps
|
||||
|
||||
mkdir -p deps/openssl-OpenSSL_${modernOpenSSLVersion}/
|
||||
cp ${opensslStatic.out}/lib/libssl.a \
|
||||
${opensslStatic.out}/lib/libcrypto.a \
|
||||
deps/openssl-OpenSSL_${modernOpenSSLVersion}/
|
||||
ln -s ${opensslStatic.out.dev}/include deps/openssl-OpenSSL_${modernOpenSSLVersion}/include
|
||||
ln -s ${opensslStatic.bin}/bin deps/openssl-OpenSSL_${modernOpenSSLVersion}/apps
|
||||
|
||||
mkdir -p deps/zlib-${zlibVersion}/
|
||||
cp ${zlibStatic.out}/lib/libz.a deps/zlib-${zlibVersion}/
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
invoke
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
tls-parser
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
buildPhase = ''
|
||||
invoke build.nassl
|
||||
invoke package.wheel
|
||||
'';
|
||||
|
||||
doCheck = true;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"nassl"
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
"Online"
|
||||
] ++ lib.optionals (pythonAtLeast "3.10") [
|
||||
"test_write_bad"
|
||||
"test_client_authentication_no_certificate_supplied"
|
||||
"test_client_authentication_succeeds"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Low-level OpenSSL wrapper for Python";
|
||||
homepage = "https://github.com/nabla-c0d3/nassl";
|
||||
license = licenses.agpl3Only;
|
||||
maintainers = with maintainers; [ veehaitch ];
|
||||
platforms = with platforms; linux ++ darwin;
|
||||
};
|
||||
}
|
|
@ -1,113 +0,0 @@
|
|||
{ lib
|
||||
, fetchFromGitHub
|
||||
, buildPythonPackage
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
# deps
|
||||
, cryptography
|
||||
, nassl
|
||||
, pydantic
|
||||
, tls-parser
|
||||
# check deps
|
||||
, faker
|
||||
, openssl_1_0_2
|
||||
, openssl_1_1
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "sslyze";
|
||||
version = "5.0.3";
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nabla-c0d3";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-d465WJIDsgNAPe8KW5v2KDSgzMH7OPLSiFfFH9n+jiA=";
|
||||
};
|
||||
|
||||
patchPhase = ''
|
||||
substituteInPlace setup.py \
|
||||
--replace "cryptography>=2.6,<36.0.0" "cryptography>=2.6"
|
||||
'';
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
faker
|
||||
];
|
||||
|
||||
# Most of the tests are online; hence, applicable tests are listed
|
||||
# explicitly here
|
||||
pytestFlagsArray = [
|
||||
"tests/cli_tests/test_console_output.py"
|
||||
"tests/cli_tests/test_server_string_parser.py"
|
||||
"tests/json_tests/test_json_output.py"
|
||||
"tests/plugins_tests/certificate_info/test_certificate_algorithms.py"
|
||||
"tests/plugins_tests/certificate_info/test_certificate_utils.py"
|
||||
"tests/plugins_tests/certificate_info/test_symantec.py"
|
||||
"tests/plugins_tests/certificate_info/test_trust_store_repository.py"
|
||||
"tests/plugins_tests/openssl_cipher_suites/test_cipher_suites.py"
|
||||
"tests/plugins_tests/test_early_data_plugin.py"
|
||||
"tests/plugins_tests/test_http_headers_plugin.py"
|
||||
"tests/plugins_tests/test_robot_plugin.py"
|
||||
"tests/plugins_tests/test_scan_commands.py"
|
||||
"tests/plugins_tests/test_session_renegotiation_plugin.py"
|
||||
"tests/scanner_tests/test_jobs_worker_thread.py"
|
||||
"tests/scanner_tests/test_mass_scanner.py"
|
||||
"tests/scanner_tests/test_models.py"
|
||||
"tests/scanner_tests/test_scanner.py"
|
||||
"tests/server_connectivity_tests/test_client_authentication.py"
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
# TestEllipticCurvesPluginWithOnlineServer
|
||||
"test_supported_curves"
|
||||
# TestRobotPluginPlugin
|
||||
"test_robot_attack_good"
|
||||
# TestHttpHeadersPlugin
|
||||
"test_all_headers_disabled"
|
||||
"test_expect_ct_enabled"
|
||||
"test_hsts_enabled"
|
||||
# TestSessionRenegotiationPlugin
|
||||
"test_renegotiation_good"
|
||||
# TestCertificateAlgorithms
|
||||
"test_ecdsa_certificate"
|
||||
"test_invalid_certificate_bad_name"
|
||||
# TestEarlyDataPlugin
|
||||
"test_early_data_enabled"
|
||||
# TestTrustStoresRepository
|
||||
"test_update_default"
|
||||
# TestClientAuthentication
|
||||
"test_optional_client_authentication"
|
||||
];
|
||||
|
||||
# Some tests require OpenSSL
|
||||
preCheck = ''
|
||||
pushd $TMPDIR/$sourceRoot/tests/openssl_server/
|
||||
|
||||
rm openssl-1-1-1-linux64
|
||||
ln -s ${openssl_1_1.bin}/bin/openssl openssl-1-1-1-linux64
|
||||
|
||||
rm openssl-1-0-0e-linux64
|
||||
ln -s ${openssl_1_0_2.bin}/bin/openssl openssl-1-0-0e-linux64
|
||||
|
||||
popd
|
||||
'';
|
||||
|
||||
pythonImportsCheck = [ "sslyze" ];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
cryptography
|
||||
nassl
|
||||
pydantic
|
||||
tls-parser
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/nabla-c0d3/sslyze";
|
||||
description = "Fast and powerful SSL/TLS scanning library";
|
||||
platforms = platforms.linux ++ platforms.darwin;
|
||||
license = licenses.agpl3Only;
|
||||
maintainers = with maintainers; [ veehaitch ];
|
||||
};
|
||||
}
|
|
@ -37,7 +37,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
markupsafe
|
||||
pysocks
|
||||
six
|
||||
sslyze
|
||||
sqlalchemy
|
||||
tld
|
||||
yaswfp
|
||||
|
|
|
@ -29228,8 +29228,6 @@ with pkgs;
|
|||
python = python3;
|
||||
};
|
||||
|
||||
sslyze = with python3Packages; toPythonApplication sslyze;
|
||||
|
||||
ssr = callPackage ../applications/audio/soundscape-renderer {
|
||||
autoreconfHook = buildPackages.autoreconfHook269;
|
||||
};
|
||||
|
|
|
@ -5438,8 +5438,6 @@ in {
|
|||
|
||||
napari-svg = callPackage ../development/python-modules/napari-svg { };
|
||||
|
||||
nassl = callPackage ../development/python-modules/nassl { };
|
||||
|
||||
nats-py = callPackage ../development/python-modules/nats-py { };
|
||||
|
||||
nats-python = callPackage ../development/python-modules/nats-python { };
|
||||
|
@ -9660,8 +9658,6 @@ in {
|
|||
|
||||
sslib = callPackage ../development/python-modules/sslib { };
|
||||
|
||||
sslyze = callPackage ../development/python-modules/sslyze { };
|
||||
|
||||
stack-data = callPackage ../development/python-modules/stack-data { };
|
||||
|
||||
stanza = callPackage ../development/python-modules/stanza { };
|
||||
|
|
Loading…
Reference in a new issue