| blob | 908ecff8c177d24902ce22527050f65d8f7ccbf5 |
1 { lib
2 , fetchFromGitHub
3 , fetchurl
4 , buildPythonPackage
5 , pkgsStatic
6 , openssl
7 , invoke
8 , tls-parser
9 , cacert
10 , pytestCheckHook
11 }:
13 let
14 zlibStatic = pkgsStatic.zlib.override {
15 splitStaticOutput = false;
16 };
17 nasslOpensslArgs = {
18 static = true;
19 enableSSL2 = true;
20 };
21 nasslOpensslFlagsCommon = [
22 "zlib"
23 "no-zlib-dynamic"
24 "no-shared"
25 "--with-zlib-lib=${zlibStatic.out}/lib"
26 "--with-zlib-include=${zlibStatic.out.dev}/include"
27 "enable-rc5"
28 "enable-md2"
29 "enable-gost"
30 "enable-cast"
31 "enable-idea"
32 "enable-ripemd"
33 "enable-mdc2"
34 "-fPIC"
35 ];
36 opensslStatic = (openssl.override nasslOpensslArgs).overrideAttrs (
37 oldAttrs: rec {
38 name = "openssl-${version}";
39 version = "1.1.1h";
40 src = fetchurl {
41 url = "https://www.openssl.org/source/${name}.tar.gz";
42 sha256 = "1ncmcnh5bmxkwrvm0m1q4kdcjjfpwvlyjspjhibkxc6p9dvsi72w";
43 };
44 configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon ++ [
45 "enable-weak-ssl-ciphers"
46 "enable-tls1_3"
47 "no-async"
48 ];
49 buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ];
50 }
51 );
52 opensslLegacyStatic = (openssl.override nasslOpensslArgs).overrideAttrs (
53 oldAttrs: rec {
54 name = "openssl-${version}";
55 version = "1.0.2e";
56 src = fetchurl {
57 url = "https://www.openssl.org/source/${name}.tar.gz";
58 sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72";
59 };
60 configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon;
61 patches = [ ];
62 buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ];
63 # openssl_1_0_2 needs `withDocs = false`
64 outputs = lib.remove "doc" oldAttrs.outputs;
65 }
66 );
67 in
68 buildPythonPackage rec {
69 pname = "nassl";
70 version = "3.1.0";
72 src = fetchFromGitHub {
73 owner = "nabla-c0d3";
74 repo = pname;
75 rev = version;
76 sha256 = "1x1v0fpb6gcc2r0k2rsy0mc3v25s3qbva78apvi46n08c2l309ci";
77 };
79 postPatch = let
80 legacyOpenSSLVersion = lib.replaceStrings ["."] ["_"] opensslLegacyStatic.version;
81 modernOpenSSLVersion = lib.replaceStrings ["."] ["_"] opensslStatic.version;
82 zlibVersion = zlibStatic.version;
83 in ''
84 mkdir -p deps/openssl-OpenSSL_${legacyOpenSSLVersion}/
85 cp ${opensslLegacyStatic.out}/lib/libssl.a \
86 ${opensslLegacyStatic.out}/lib/libcrypto.a \
87 deps/openssl-OpenSSL_${legacyOpenSSLVersion}/
88 ln -s ${opensslLegacyStatic.out.dev}/include deps/openssl-OpenSSL_${legacyOpenSSLVersion}/include
89 ln -s ${opensslLegacyStatic.bin}/bin deps/openssl-OpenSSL_${legacyOpenSSLVersion}/apps
91 mkdir -p deps/openssl-OpenSSL_${modernOpenSSLVersion}/
92 cp ${opensslStatic.out}/lib/libssl.a \
93 ${opensslStatic.out}/lib/libcrypto.a \
94 deps/openssl-OpenSSL_${modernOpenSSLVersion}/
95 ln -s ${opensslStatic.out.dev}/include deps/openssl-OpenSSL_${modernOpenSSLVersion}/include
96 ln -s ${opensslStatic.bin}/bin deps/openssl-OpenSSL_${modernOpenSSLVersion}/apps
98 mkdir -p deps/zlib-${zlibVersion}/
99 cp ${zlibStatic.out}/lib/libz.a deps/zlib-${zlibVersion}/
100 '';
102 propagatedBuildInputs = [ tls-parser ];
104 nativeBuildInputs = [ invoke ];
106 buildPhase = ''
107 invoke build.nassl
108 invoke package.wheel
109 '';
111 checkInputs = [ pytestCheckHook ];
113 checkPhase = ''
114 # Skip online tests
115 pytest -k 'not Online'
116 '';
118 meta = with lib; {
119 homepage = "https://github.com/nabla-c0d3/nassl";
120 description = "Low-level OpenSSL wrapper for Python 3.7+";
121 platforms = with platforms; linux ++ darwin;
122 license = licenses.agpl3;
123 maintainers = with maintainers; [ veehaitch ];
124 };
125 }