1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
{ lib
, stdenv
, buildPythonPackage
, callPackage
, cargo
, certifi
, cffi
, cryptography-vectors ? (callPackage ./vectors.nix { })
, fetchPypi
, fetchpatch2
, isPyPy
, libiconv
, libxcrypt
, openssl
, pkg-config
, pretend
, pytest-xdist
, pytestCheckHook
, pythonOlder
, rustc
, rustPlatform
, Security
, setuptoolsRustBuildHook
}:
buildPythonPackage rec {
pname = "cryptography";
version = "42.0.2"; # Also update the hash in vectors.nix
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-4OxSujx/G32BPNUmSaWz7x/A1DMhncjJOCfFfqts+Ig=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
sourceRoot = "${pname}-${version}/${cargoRoot}";
name = "${pname}-${version}";
hash = "sha256-jw/FC5rQO77h6omtBp0Nc2oitkVbNElbkBUduyprTIc=";
};
patches = [
(fetchpatch2 {
# skip overflowing tests on 32 bit; https://github.com/pyca/cryptography/pull/10366
url = "https://github.com/pyca/cryptography/commit/d741901dddd731895346636c0d3556c6fa51fbe6.patch";
hash = "sha256-eC+MZg5O8Ia5CbjRE4y+JhaFs3Q5c62QtPHr3x9T+zw=";
})
];
postPatch = ''
substituteInPlace pyproject.toml \
--replace-fail "--benchmark-disable" ""
'';
cargoRoot = "src/rust";
nativeBuildInputs = [
rustPlatform.cargoSetupHook
setuptoolsRustBuildHook
cargo
rustc
pkg-config
] ++ lib.optionals (!isPyPy) [
cffi
];
buildInputs = [
openssl
] ++ lib.optionals stdenv.isDarwin [
Security
libiconv
] ++ lib.optionals (pythonOlder "3.9") [
libxcrypt
];
propagatedBuildInputs = lib.optionals (!isPyPy) [
cffi
];
nativeCheckInputs = [
certifi
cryptography-vectors
pretend
pytestCheckHook
pytest-xdist
];
pytestFlagsArray = [
"--disable-pytest-warnings"
];
disabledTestPaths = [
# save compute time by not running benchmarks
"tests/bench"
] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [
# aarch64-darwin forbids W+X memory, but this tests depends on it:
# * https://cffi.readthedocs.io/en/latest/using.html#callbacks
"tests/hazmat/backends/test_openssl_memleak.py"
];
meta = with lib; {
description = "A package which provides cryptographic recipes and primitives";
longDescription = ''
Cryptography includes both high level recipes and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message
digests, and key derivation functions.
'';
homepage = "https://github.com/pyca/cryptography";
changelog = "https://cryptography.io/en/latest/changelog/#v"
+ replaceStrings [ "." ] [ "-" ] version;
license = with licenses; [ asl20 bsd3 psfl ];
maintainers = with maintainers; [ SuperSandro2000 ];
};
}
|