diff --git a/pkgs/development/python-modules/nassl/default.nix b/pkgs/development/python-modules/nassl/default.nix deleted file mode 100644 index 3e159dfe7ce..00000000000 --- a/pkgs/development/python-modules/nassl/default.nix +++ /dev/null @@ -1,170 +0,0 @@ -{ lib -, fetchFromGitHub -, fetchurl -, buildPythonPackage -, pkgsStatic -, openssl_1_1 -, openssl_1_0_2 -, invoke -, tls-parser -, cacert -, pytestCheckHook -, pythonAtLeast -, pythonOlder -}: - -let - zlibStatic = (pkgsStatic.zlib.override { - splitStaticOutput = false; - }).overrideAttrs (oldAttrs: { - NIX_CFLAGS_COMPILE = "${oldAttrs.NIX_CFLAGS_COMPILE} -fPIC"; - }); - nasslOpensslArgs = { - static = true; - enableSSL2 = true; - }; - nasslOpensslFlagsCommon = [ - "zlib" - "no-zlib-dynamic" - "no-shared" - "--with-zlib-lib=${zlibStatic.out}/lib" - "--with-zlib-include=${zlibStatic.out.dev}/include" - "enable-rc5" - "enable-md2" - "enable-gost" - "enable-cast" - "enable-idea" - "enable-ripemd" - "enable-mdc2" - "-fPIC" - ]; - opensslStatic = (openssl_1_1.override nasslOpensslArgs).overrideAttrs ( - oldAttrs: rec { - name = "openssl-${version}"; - version = "1.1.1h"; - src = fetchurl { - url = "https://www.openssl.org/source/${name}.tar.gz"; - sha256 = "1ncmcnh5bmxkwrvm0m1q4kdcjjfpwvlyjspjhibkxc6p9dvsi72w"; - }; - configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon ++ [ - "enable-weak-ssl-ciphers" - "enable-tls1_3" - "no-async" - ]; - patches = builtins.filter - ( - p: (builtins.baseNameOf (toString p)) != "macos-yosemite-compat.patch" - ) - oldAttrs.patches; - buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ]; - meta = oldAttrs.meta // { - knownVulnerabilities = [ - "CVE-2020-1971" - "CVE-2021-23840" - "CVE-2021-23841" - "CVE-2021-3449" - "CVE-2021-3450" - "CVE-2021-3711" - "CVE-2021-3712" - ]; - }; - } - ); - opensslLegacyStatic = (openssl_1_0_2.override nasslOpensslArgs).overrideAttrs ( - oldAttrs: rec { - name = "openssl-${version}"; - version = "1.0.2e"; - src = fetchurl { - url = "https://www.openssl.org/source/${name}.tar.gz"; - sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72"; - }; - configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon; - patches = builtins.filter - ( - p: (builtins.baseNameOf (toString p)) == "darwin64-arm64.patch" - ) - oldAttrs.patches; - buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ]; - # openssl_1_0_2 needs `withDocs = false` - outputs = lib.remove "doc" oldAttrs.outputs; - } - ); -in -buildPythonPackage rec { - pname = "nassl"; - version = "4.0.2"; - format = "setuptools"; - - disabled = pythonOlder "3.7"; - - src = fetchFromGitHub { - owner = "nabla-c0d3"; - repo = pname; - rev = version; - hash = "sha256-lLyHXLmBVvT+LgsKBU8DcUXd0qaLSrwvXxFnIB9CHcU="; - }; - - postPatch = - let - legacyOpenSSLVersion = lib.replaceStrings [ "." ] [ "_" ] opensslLegacyStatic.version; - modernOpenSSLVersion = lib.replaceStrings [ "." ] [ "_" ] opensslStatic.version; - zlibVersion = zlibStatic.version; - in - '' - mkdir -p deps/openssl-OpenSSL_${legacyOpenSSLVersion}/ - cp ${opensslLegacyStatic.out}/lib/libssl.a \ - ${opensslLegacyStatic.out}/lib/libcrypto.a \ - deps/openssl-OpenSSL_${legacyOpenSSLVersion}/ - ln -s ${opensslLegacyStatic.out.dev}/include deps/openssl-OpenSSL_${legacyOpenSSLVersion}/include - ln -s ${opensslLegacyStatic.bin}/bin deps/openssl-OpenSSL_${legacyOpenSSLVersion}/apps - - mkdir -p deps/openssl-OpenSSL_${modernOpenSSLVersion}/ - cp ${opensslStatic.out}/lib/libssl.a \ - ${opensslStatic.out}/lib/libcrypto.a \ - deps/openssl-OpenSSL_${modernOpenSSLVersion}/ - ln -s ${opensslStatic.out.dev}/include deps/openssl-OpenSSL_${modernOpenSSLVersion}/include - ln -s ${opensslStatic.bin}/bin deps/openssl-OpenSSL_${modernOpenSSLVersion}/apps - - mkdir -p deps/zlib-${zlibVersion}/ - cp ${zlibStatic.out}/lib/libz.a deps/zlib-${zlibVersion}/ - ''; - - nativeBuildInputs = [ - invoke - ]; - - propagatedBuildInputs = [ - tls-parser - ]; - - checkInputs = [ - pytestCheckHook - ]; - - buildPhase = '' - invoke build.nassl - invoke package.wheel - ''; - - doCheck = true; - - pythonImportsCheck = [ - "nassl" - ]; - - disabledTests = [ - "Online" - ] ++ lib.optionals (pythonAtLeast "3.10") [ - "test_write_bad" - "test_client_authentication_no_certificate_supplied" - "test_client_authentication_succeeds" - ]; - - meta = with lib; { - description = "Low-level OpenSSL wrapper for Python"; - homepage = "https://github.com/nabla-c0d3/nassl"; - license = licenses.agpl3Only; - maintainers = with maintainers; [ veehaitch ]; - platforms = with platforms; linux ++ darwin; - }; -} diff --git a/pkgs/development/python-modules/sslyze/default.nix b/pkgs/development/python-modules/sslyze/default.nix deleted file mode 100644 index bc3e2c238c9..00000000000 --- a/pkgs/development/python-modules/sslyze/default.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ lib -, fetchFromGitHub -, buildPythonPackage -, pytestCheckHook -, pythonOlder - # deps -, cryptography -, nassl -, pydantic -, tls-parser - # check deps -, faker -, openssl_1_0_2 -, openssl_1_1 -}: - -buildPythonPackage rec { - pname = "sslyze"; - version = "5.0.3"; - disabled = pythonOlder "3.7"; - - src = fetchFromGitHub { - owner = "nabla-c0d3"; - repo = pname; - rev = version; - hash = "sha256-d465WJIDsgNAPe8KW5v2KDSgzMH7OPLSiFfFH9n+jiA="; - }; - - patchPhase = '' - substituteInPlace setup.py \ - --replace "cryptography>=2.6,<36.0.0" "cryptography>=2.6" - ''; - - checkInputs = [ - pytestCheckHook - faker - ]; - - # Most of the tests are online; hence, applicable tests are listed - # explicitly here - pytestFlagsArray = [ - "tests/cli_tests/test_console_output.py" - "tests/cli_tests/test_server_string_parser.py" - "tests/json_tests/test_json_output.py" - "tests/plugins_tests/certificate_info/test_certificate_algorithms.py" - "tests/plugins_tests/certificate_info/test_certificate_utils.py" - "tests/plugins_tests/certificate_info/test_symantec.py" - "tests/plugins_tests/certificate_info/test_trust_store_repository.py" - "tests/plugins_tests/openssl_cipher_suites/test_cipher_suites.py" - "tests/plugins_tests/test_early_data_plugin.py" - "tests/plugins_tests/test_http_headers_plugin.py" - "tests/plugins_tests/test_robot_plugin.py" - "tests/plugins_tests/test_scan_commands.py" - "tests/plugins_tests/test_session_renegotiation_plugin.py" - "tests/scanner_tests/test_jobs_worker_thread.py" - "tests/scanner_tests/test_mass_scanner.py" - "tests/scanner_tests/test_models.py" - "tests/scanner_tests/test_scanner.py" - "tests/server_connectivity_tests/test_client_authentication.py" - ]; - - disabledTests = [ - # TestEllipticCurvesPluginWithOnlineServer - "test_supported_curves" - # TestRobotPluginPlugin - "test_robot_attack_good" - # TestHttpHeadersPlugin - "test_all_headers_disabled" - "test_expect_ct_enabled" - "test_hsts_enabled" - # TestSessionRenegotiationPlugin - "test_renegotiation_good" - # TestCertificateAlgorithms - "test_ecdsa_certificate" - "test_invalid_certificate_bad_name" - # TestEarlyDataPlugin - "test_early_data_enabled" - # TestTrustStoresRepository - "test_update_default" - # TestClientAuthentication - "test_optional_client_authentication" - ]; - - # Some tests require OpenSSL - preCheck = '' - pushd $TMPDIR/$sourceRoot/tests/openssl_server/ - - rm openssl-1-1-1-linux64 - ln -s ${openssl_1_1.bin}/bin/openssl openssl-1-1-1-linux64 - - rm openssl-1-0-0e-linux64 - ln -s ${openssl_1_0_2.bin}/bin/openssl openssl-1-0-0e-linux64 - - popd - ''; - - pythonImportsCheck = [ "sslyze" ]; - - propagatedBuildInputs = [ - cryptography - nassl - pydantic - tls-parser - ]; - - meta = with lib; { - homepage = "https://github.com/nabla-c0d3/sslyze"; - description = "Fast and powerful SSL/TLS scanning library"; - platforms = platforms.linux ++ platforms.darwin; - license = licenses.agpl3Only; - maintainers = with maintainers; [ veehaitch ]; - }; -} diff --git a/pkgs/tools/security/wapiti/default.nix b/pkgs/tools/security/wapiti/default.nix index 6bd5382ce88..4fb28559483 100644 --- a/pkgs/tools/security/wapiti/default.nix +++ b/pkgs/tools/security/wapiti/default.nix @@ -37,7 +37,6 @@ python3.pkgs.buildPythonApplication rec { markupsafe pysocks six - sslyze sqlalchemy tld yaswfp diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d72dcc8d756..daea7f2a186 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29228,8 +29228,6 @@ with pkgs; python = python3; }; - sslyze = with python3Packages; toPythonApplication sslyze; - ssr = callPackage ../applications/audio/soundscape-renderer { autoreconfHook = buildPackages.autoreconfHook269; }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 36fe14cb0b5..a1a394fc884 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -5438,8 +5438,6 @@ in { napari-svg = callPackage ../development/python-modules/napari-svg { }; - nassl = callPackage ../development/python-modules/nassl { }; - nats-py = callPackage ../development/python-modules/nats-py { }; nats-python = callPackage ../development/python-modules/nats-python { }; @@ -9660,8 +9658,6 @@ in { sslib = callPackage ../development/python-modules/sslib { }; - sslyze = callPackage ../development/python-modules/sslyze { }; - stack-data = callPackage ../development/python-modules/stack-data { }; stanza = callPackage ../development/python-modules/stanza { };