pkgs/development/python-modules/pyopenssl/default.nix

   1 { lib
   2 , stdenv
   3 , buildPythonPackage
   4 , fetchPypi
   5 , openssl
   6 , cryptography
   7 , pyasn1
   8 , idna
   9 , pytest
  10 , pretend
  11 , flaky
  12 , glibcLocales
  13 , six
  14 , fetchpatch
  15 }:
  16
  17 let
  18   # https://github.com/pyca/pyopenssl/issues/791
  19   # These tests, we disable in the case that libressl is passed in as openssl.
  20   failingLibresslTests = [
  21     "test_op_no_compression"
  22     "test_npn_advertise_error"
  23     "test_npn_select_error"
  24     "test_npn_client_fail"
  25     "test_npn_success"
  26     "test_use_certificate_chain_file_unicode"
  27     "test_use_certificate_chain_file_bytes"
  28     "test_add_extra_chain_cert"
  29     "test_set_session_id_fail"
  30     "test_verify_with_revoked"
  31     "test_set_notAfter"
  32     "test_set_notBefore"
  33   ];
  34
  35   # these tests are extremely tightly wed to the exact output of the openssl cli tool,
  36   # including exact punctuation.
  37   failingOpenSSL_1_1Tests = [
  38     "test_dump_certificate"
  39     "test_dump_privatekey_text"
  40     "test_dump_certificate_request"
  41     "test_export_text"
  42   ];
  43
  44   disabledTests = [
  45     # https://github.com/pyca/pyopenssl/issues/692
  46     # These tests, we disable always.
  47     "test_set_default_verify_paths"
  48     "test_fallback_default_verify_paths"
  49     # https://github.com/pyca/pyopenssl/issues/768
  50     "test_wantWriteError"
  51   ] ++ (
  52     lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) failingLibresslTests
  53   ) ++ (
  54     lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests
  55   ) ++ (
  56     # https://github.com/pyca/pyopenssl/issues/974
  57     lib.optionals stdenv.is32bit [ "test_verify_with_time" ]
  58   );
  59
  60   # Compose the final string expression, including the "-k" and the single quotes.
  61   testExpression = lib.optionalString (disabledTests != [])
  62     "-k 'not ${lib.concatStringsSep " and not " disabledTests}'";
  63
  64 in
  65
  66 buildPythonPackage rec {
  67   pname = "pyopenssl";
  68   version = "20.0.1";
  69
  70   src = fetchPypi {
  71     pname = "pyOpenSSL";
  72     inherit version;
  73     sha256 = "4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51";
  74   };
  75
  76   outputs = [ "out" "dev" ];
  77
  78   checkPhase = ''
  79     runHook preCheck
  80     export LANG="en_US.UTF-8"
  81     py.test tests ${testExpression}
  82     runHook postCheck
  83   '';
  84
  85   # Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1
  86   # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
  87   doCheck = !stdenv.isDarwin;
  88
  89   nativeBuildInputs = [ openssl ];
  90   propagatedBuildInputs = [ cryptography pyasn1 idna six ];
  91
  92   checkInputs = [ pytest pretend flaky glibcLocales ];
  93 }