diff --git a/nixos/openssl-111k.nix b/nixos/openssl-111k.nix index cc4b98e4d3bad20477fba3127ff5f6f593458385..4bc5934fdc1c4270eb6bed0329bd29ec2d43121e 100644 --- a/nixos/openssl-111k.nix +++ b/nixos/openssl-111k.nix @@ -12,7 +12,14 @@ self: super: rec { python2 = super.python2.override (old: { packageOverrides = python-self: python-super: { - pyopenssl = python-super.callPackage ./pkgs/pyopenssl.nix { }; + pyopenssl = python-super.pyopenssl.overridePythonAttrs (old: { + version = "20.0.1"; + src = python-super.fetchPypi { + pname = "pyOpenSSL"; + version = "20.0.1"; + sha256 = "0labcbh2g0jhgisd79wx9kixmi6fip28096d1xb05fj3jmsiq8sc"; + }; + }); cryptography = python-super.cryptography.overridePythonAttrs (old: { version = "3.2.1"; src = python-super.fetchPypi { @@ -35,7 +42,14 @@ self: super: rec { python3 = super.python3.override (old: { packageOverrides = python-self: python-super: { - pyopenssl = python-super.callPackage ./pkgs/pyopenssl.nix { }; + pyopenssl = python-super.pyopenssl.overridePythonAttrs (old: { + version = "20.0.1"; + src = python-super.fetchPypi { + pname = "pyOpenSSL"; + version = "20.0.1"; + sha256 = "0labcbh2g0jhgisd79wx9kixmi6fip28096d1xb05fj3jmsiq8sc"; + }; + }); cryptography = python-super.cryptography.overridePythonAttrs (old: { version = "3.2.1"; src = python-super.fetchPypi { diff --git a/nixos/pkgs/pyopenssl.nix b/nixos/pkgs/pyopenssl.nix deleted file mode 100644 index db8dd0c025ac0a75186d9148e088bbcf8c20119b..0000000000000000000000000000000000000000 --- a/nixos/pkgs/pyopenssl.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ stdenv -, buildPythonPackage -, fetchPypi -, openssl -, cryptography -, pyasn1 -, idna -, pytest -, pretend -, flaky -, glibcLocales -}: - -with stdenv.lib; - - -let - # https://github.com/pyca/pyopenssl/issues/791 - # These tests, we disable in the case that libressl is passed in as openssl. - failingLibresslTests = [ - "test_op_no_compression" - "test_npn_advertise_error" - "test_npn_select_error" - "test_npn_client_fail" - "test_npn_success" - "test_use_certificate_chain_file_unicode" - "test_use_certificate_chain_file_bytes" - "test_add_extra_chain_cert" - "test_set_session_id_fail" - "test_verify_with_revoked" - "test_set_notAfter" - "test_set_notBefore" - ]; - - # these tests are extremely tightly wed to the exact output of the openssl cli tool, - # including exact punctuation. - failingOpenSSL_1_1Tests = [ - "test_dump_certificate" - "test_dump_privatekey_text" - "test_dump_certificate_request" - "test_export_text" - ]; - - disabledTests = [ - # https://github.com/pyca/pyopenssl/issues/692 - # These tests, we disable always. - "test_set_default_verify_paths" - "test_fallback_default_verify_paths" - # https://github.com/pyca/pyopenssl/issues/768 - "test_wantWriteError" - ] ++ ( - optionals (hasPrefix "libressl" openssl.meta.name) failingLibresslTests - ) ++ ( - optionals (versionAtLeast (getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests - ); - - # Compose the final string expression, including the "-k" and the single quotes. - testExpression = optionalString (disabledTests != []) - "-k 'not ${concatStringsSep " and not " disabledTests}'"; - -in - - -buildPythonPackage rec { - pname = "pyOpenSSL"; - version = "20.0.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "0labcbh2g0jhgisd79wx9kixmi6fip28096d1xb05fj3jmsiq8sc"; - }; - - outputs = [ "out" "dev" ]; - - checkPhase = '' - runHook preCheck - export LANG="en_US.UTF-8" - py.test tests ${testExpression} - runHook postCheck - ''; - - # Seems to fail unpredictably on Darwin. See http://hydra.nixos.org/build/49877419/nixlog/1 - # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail. - doCheck = !stdenv.isDarwin; - - nativeBuildInputs = [ openssl ]; - propagatedBuildInputs = [ cryptography pyasn1 idna ]; - - checkInputs = [ pytest pretend flaky glibcLocales ]; -}