nixpkgs/pkgs/development/python-modules/pyopenssl/default.nix
Theodore Ni dc05d07a6a
python310Packages.pyopenssl: unbreak on aarch64-darwin
This also reenables tests on Darwin. If the tests end up being flaky
again, let's disable them individually (if we can't fix them).
2022-12-02 08:14:39 -08:00

89 lines
2.5 KiB
Nix

{ lib
, stdenv
, buildPythonPackage
, fetchPypi
, fetchpatch
, openssl
, cryptography
, pytestCheckHook
, pretend
, flaky
}:
buildPythonPackage rec {
pname = "pyopenssl";
version = "22.1.0";
outputs = [ "out" "dev" ];
src = fetchPypi {
pname = "pyOpenSSL";
inherit version;
sha256 = "sha256-eoO3snLdWVIi1nL1zimqAw8fuDdjDvIp9i5y45XOiWg=";
};
patches = [
(fetchpatch {
name = "fix-flaky-darwin-handshake-tests.patch";
url = "https://github.com/pyca/pyopenssl/commit/8a75898356806784caf742e8277ef03de830ce11.patch";
hash = "sha256-UVsZ8Nq1jUTZhOUAilRgdtqMYp4AN7qvWHqc6RleqRI=";
})
];
postPatch = ''
# remove cryptography pin
sed "/cryptography/ s/,<[0-9]*//g" setup.py
'';
nativeBuildInputs = [ openssl ];
propagatedBuildInputs = [ cryptography ];
checkInputs = [ pytestCheckHook pretend flaky ];
preCheck = ''
export LANG="en_US.UTF-8"
'';
disabledTests = [
# https://github.com/pyca/pyopenssl/issues/692
# These tests, we disable always.
"test_set_default_verify_paths"
"test_fallback_default_verify_paths"
# https://github.com/pyca/pyopenssl/issues/768
"test_wantWriteError"
# https://github.com/pyca/pyopenssl/issues/1043
"test_alpn_call_failure"
] ++ lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) [
# https://github.com/pyca/pyopenssl/issues/791
# These tests, we disable in the case that libressl is passed in as openssl.
"test_op_no_compression"
"test_npn_advertise_error"
"test_npn_select_error"
"test_npn_client_fail"
"test_npn_success"
"test_use_certificate_chain_file_unicode"
"test_use_certificate_chain_file_bytes"
"test_add_extra_chain_cert"
"test_set_session_id_fail"
"test_verify_with_revoked"
"test_set_notAfter"
"test_set_notBefore"
] ++ lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") [
# these tests are extremely tightly wed to the exact output of the openssl cli tool, including exact punctuation.
"test_dump_certificate"
"test_dump_privatekey_text"
"test_dump_certificate_request"
"test_export_text"
] ++ lib.optionals stdenv.is32bit [
# https://github.com/pyca/pyopenssl/issues/974
"test_verify_with_time"
];
meta = with lib; {
description = "Python wrapper around the OpenSSL library";
homepage = "https://github.com/pyca/pyopenssl";
license = licenses.asl20;
maintainers = with maintainers; [ SuperSandro2000 ];
};
}