diff options
Diffstat (limited to 'gnu/packages/python-crypto.scm')
| -rw-r--r-- | gnu/packages/python-crypto.scm | 295 |
1 files changed, 117 insertions, 178 deletions
diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm index 602768ae85..9cf5914337 100644 --- a/gnu/packages/python-crypto.scm +++ b/gnu/packages/python-crypto.scm @@ -24,7 +24,7 @@ ;;; Copyright © 2020 Alexandros Theodotou <alex@zrythm.org> ;;; Copyright © 2020 Justus Winter <justus@sequoia-pgp.org> ;;; Copyright © 2020, 2021 Vinicius Monego <monego@posteo.net> -;;; Copyright © 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com> +;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com> ;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be> ;;; Copyright © 2022 Antero Mejr <antero@mailbox.org> ;;; @@ -60,6 +60,7 @@ #:use-module (gnu packages libffi) #:use-module (gnu packages multiprecision) #:use-module (gnu packages password-utils) + #:use-module (gnu packages pkg-config) #:use-module (gnu packages protobuf) #:use-module (gnu packages python) #:use-module (gnu packages python-build) @@ -465,17 +466,17 @@ for example, for recording or replaying web content.") is used by the Requests library to verify HTTPS requests.") (license license:asl2.0))) -(define-public python-cryptography-vectors-next +(define-public python-cryptography-vectors (package (name "python-cryptography-vectors") - (version "37.0.4") + (version "40.0.1") (source (origin (method url-fetch) (uri (pypi-uri "cryptography_vectors" version)) (sha256 (base32 - "1a1yi37ygw0jp72q280cmxd3qn9y9vmcch2bcnjkg2g2202l0qas")))) + "0hd0ppss5xg0kzf36q8cdaxh1xw8ry4k7jkianlf832xbdmp0q44")))) (build-system python-build-system) (home-page "https://github.com/pyca/cryptography") (synopsis "Test vectors for the cryptography package") @@ -484,179 +485,127 @@ is used by the Requests library to verify HTTPS requests.") ;; Distributed under either BSD-3 or ASL2.0 (license (list license:bsd-3 license:asl2.0)))) -(define-public python-cryptography-vectors - (package - (inherit python-cryptography-vectors-next) - (version "3.4.8") - (source (origin - (method url-fetch) - (uri (pypi-uri "cryptography_vectors" version)) - (sha256 - (base32 "1wl0ynh3lzhc6q59g8mybvijmnp195x7fjxlb3h3sgcraw14312c")))))) - -(define-public python-cryptography-next +(define-public python-cryptography (package (name "python-cryptography") - (version "37.0.4") + (version "40.0.1") (source (origin (method url-fetch) (uri (pypi-uri "cryptography" version)) (sha256 (base32 - "10haq7sn8mrdlhcfs791rczknnxm0wpww0lkpjzcqx141ryc3yb3")))) - (build-system python-build-system) + "0wilrilfcyl78caxcpna2k3aya6qamppwv4j35262pz9n7wg40r8")))) + (build-system pyproject-build-system) (arguments (list - #:imported-modules (append %cargo-build-system-modules - %python-build-system-modules) - #:modules `(((guix build cargo-build-system) #:prefix cargo:) - ,@%python-build-system-modules - (srfi srfi-1) - (ice-9 match)) - #:phases - #~(modify-phases (@ (guix build python-build-system) %standard-phases) - (add-after 'unpack 'adjust-pyo3-requirement - (lambda _ - ;; The package depends on 0.15.2, which is not on crates.io(!?). - ;; Downgrade to 0.15.1... - (substitute* "src/rust/Cargo.toml" - (("pyo3 = \\{ version = \"0\\.15\\.2\"") - "pyo3 = { version = \"0.15.1\"")))) - (add-before 'build 'configure-cargo - (lambda* (#:key inputs #:allow-other-keys) - ;; Hide irrelevant inputs from cargo-build-system so it does - ;; not try to unpack sanity-check.py, etc. - (let ((cargo-inputs (filter (match-lambda - ((name . path) - (or (string-prefix? "rust-" name) - (string=? "gcc" name)))) - inputs))) - (with-directory-excursion "src/rust" - ((assoc-ref cargo:%standard-phases 'unpack-rust-crates) - #:inputs cargo-inputs - #:vendor-dir "guix-vendor") - ((assoc-ref cargo:%standard-phases 'configure) - #:inputs cargo-inputs) - ((assoc-ref cargo:%standard-phases 'patch-cargo-checksums) - #:vendor-dir "guix-vendor")) - (rename-file "src/rust/.cargo" ".cargo")))) - (replace 'check - (lambda* (#:key tests? #:allow-other-keys) - (when tests? - (invoke "pytest" "-vv" "tests"))))))) - (inputs - (list openssl - ;; TODO: Most of these inputs are transitive dependencies of - ;; the Rust requirements (see src/rust/cargo.toml). Surely - ;; there is a better way than manually listing everything..? - rust-aliasable-0.1 - rust-asn1-0.8 - rust-asn1-derive-0.8 - rust-autocfg-1 - rust-base64-0.13 - rust-bitflags-1 - rust-cfg-if-0.1 - rust-cfg-if-1 - rust-chrono-0.4 - rust-cloudabi-0.1 - rust-lazy-static-1 - rust-libc-0.2 - rust-indoc-0.3 - rust-indoc-impl-0.3 - rust-inflector-0.11 - rust-instant-0.1 - rust-lock-api-0.4 - rust-num-integer-0.1 - rust-num-traits-0.2 - rust-once-cell-1 - rust-ouroboros-0.15 - rust-ouroboros-macro-0.15 - rust-parking-lot-0.11 - rust-parking-lot-core-0.8 - rust-paste-0.1 - rust-paste-impl-0.1 - rust-pem-1 - rust-proc-macro-error-1 - rust-proc-macro-error-attr-1 - rust-proc-macro-hack-0.5 - rust-proc-macro2-1 - rust-pyo3-0.15 - rust-pyo3-build-config-0.15 - rust-pyo3-macros-0.15 - rust-pyo3-macros-backend-0.15 - rust-quote-1 - rust-redox-syscall-0.2 - rust-scopeguard-1 - rust-smallvec-1 - rust-stable-deref-trait-1 - rust-syn-1 - rust-unicode-xid-0.2 - rust-unindent-0.1 - rust-version-check-0.9 - rust-winapi-0.3)) - (propagated-inputs - (list python-asn1crypto python-cffi python-six python-idna - python-iso8601)) + #:phases #~(modify-phases %standard-phases + (add-after 'unpack 'disable-rust-extension-build + (lambda _ + ;; The Rust extension is built separately as + ;; 'python-cryptography-rust', so there's no need + ;; to build it here. + (substitute* "pyproject.toml" + ((".*setuptools-rust.*") "")) + (delete-file "setup.py"))) + (add-before 'check 'symlink-rust-library + (lambda* (#:key inputs outputs #:allow-other-keys) + (symlink (search-input-file + inputs "lib/libcryptography_rust.so") + (string-append (site-packages inputs outputs) + "/cryptography/hazmat/bindings/" + "_rust.abi3.so"))))))) + (native-inputs - (list python-cryptography-vectors-next + (list python-cryptography-vectors python-hypothesis + python-iso8601 python-pretend - python-pytz - python-pytest + python-pytest-7.1 ;for subtests python-pytest-benchmark - python-pytest-subtests - python-setuptools-rust - rust - `(,rust "cargo"))) + python-pytest-subtests)) + (inputs (list python-cryptography-rust)) + (propagated-inputs (list python-cffi)) (home-page "https://github.com/pyca/cryptography") (synopsis "Cryptographic recipes and primitives for Python") (description - "cryptography is a package which provides cryptographic recipes and -primitives to Python developers. It aims to be the “cryptographic standard -library” for Python. The package includes both high level recipes, and low -level interfaces to common cryptographic algorithms such as symmetric ciphers, -message digests and key derivation functions.") + "@code{cryptography} is a package which provides cryptographic recipes +and primitives to Python developers. It aims to be the “cryptographic +standard library” for Python. The package includes both high level recipes, +and low level interfaces to common cryptographic algorithms such as symmetric +ciphers, message digests and key derivation functions.") ;; Distributed under either BSD-3 or ASL2.0 (license (list license:bsd-3 license:asl2.0)))) -(define-public python-cryptography +;;; This is the Rust component of the python-cryptography library, extracted +;;; as a separate package to ease the Rust build. +(define-public python-cryptography-rust (package - (inherit python-cryptography-next) - (version "3.4.8") - (source (origin - (method url-fetch) - (uri (pypi-uri "cryptography" version)) - (sha256 - (base32 "072awar70cwfd2hnx0pvp1dkc7gw45mbm3wcyddvxz5frva5xk4l")))) + (inherit python-cryptography) + (name "python-cryptography-rust") + (build-system cargo-build-system) (arguments - (list #:phases - #~(modify-phases %standard-phases - (add-after 'unpack 'set-no-rust - (lambda _ - (setenv "CRYPTOGRAPHY_DONT_BUILD_RUST" "1")))))) - (inputs (list openssl-1.1)) - (native-inputs - (list python-cryptography-vectors - python-hypothesis - python-pretend - python-pytz - python-pytest - python-setuptools-rust)))) + (list + #:modules '((guix build cargo-build-system) + (guix build utils) + (srfi srfi-1) + (ice-9 match)) + ;; XXX: Building the test objects appear to fail due to a missing link + ;; directive to Python's shared library (e.g.: "ld: + ;; cryptography_rust.c950d742-cgu.11:(.text._ZN3...+0x57): undefined + ;; reference to `PyLong_FromLong'"). + #:tests? #f + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'chdir + (lambda _ + (chdir "src/rust"))) + (replace 'unpack-rust-crates + ;; This is to avoid the non-crate source from being erroneously + ;; unpacked by this phase, causing an error. + (lambda* (#:key inputs #:allow-other-keys #:rest args) + (apply (assoc-ref %standard-phases 'unpack-rust-crates) + (append args + (list #:inputs (alist-delete "source" inputs)))))) + (replace 'configure + (lambda* (#:key inputs #:allow-other-keys #:rest args) + (apply (assoc-ref %standard-phases 'configure) + (append args + (list #:inputs (alist-delete "source" inputs)))))) + (add-after 'install 'install-shared-library + (lambda _ + (install-file "target/release/libcryptography_rust.so" + (string-append #$output "/lib"))))) + #:cargo-inputs + `(("rust-asn1-0.13" ,rust-asn1-0.13) + ("rust-chrono-0.4" ,rust-chrono-0.4) + ("rust-foreign-types-shared-0.1" ,rust-foreign-types-shared-0.1) + ("rust-once-cell-1" ,rust-once-cell-1) + ("rust-openssl-0.10" ,rust-openssl-0.10) + ("rust-openssl-sys-0.9" ,rust-openssl-sys-0.9) + ("rust-ouroboros-0.15" ,rust-ouroboros-0.15) + ("rust-pem-1" ,rust-pem-1) + ("rust-pyo3-0.15" ,rust-pyo3-0.15)) + #:cargo-development-inputs + `(("rust-cc" ,rust-cc-1)))) + (native-inputs (list pkg-config python python-cffi)) + ;; XXX: Adding rust-openssl-sys-0.9 is needed because #:cargo-inputs + ;; doesn't honor propagated-inputs. + (inputs (list python rust-openssl-sys-0.9)) + (propagated-inputs '()) + (synopsis "Core implementation of the Cryptography Python library"))) -;; This is the last version which is compatable with python-cryptography < 35. (define-public python-pyopenssl (package (name "python-pyopenssl") - (version "21.0.0") + (version "23.1.1") (source (origin (method url-fetch) (uri (pypi-uri "pyOpenSSL" version)) (sha256 (base32 - "1cqcc20fwl521z3fxsc1c98gbnhb14q55vrvjfp6bn6h8rg8qbay")) - (patches (search-patches "python2-pyopenssl-openssl-compat.patch")))) + "1dxhip610zw1j2bz35g1w1h7vh374g0bnzn4nsqj65n6pswrh544")))) (build-system python-build-system) (arguments (list @@ -668,7 +617,7 @@ message digests and key derivation functions.") ;; PyOpenSSL runs tests against a certificate with a fixed ;; expiry time. To ensure successful builds in the future, ;; set the time to roughly the release date. - (invoke "faketime" "2022-02-01" "py.test" "-v" "-k" + (invoke "faketime" "2023-03-25" "pytest" "-vv" "-k" (string-append ;; This test tries to look up certificates from ;; the compiled-in default path in OpenSSL, which @@ -680,17 +629,13 @@ message digests and key derivation functions.") ;; Fails on i686-linux and possibly other 32-bit platforms ;; https://github.com/pyca/pyopenssl/issues/974 "and not test_verify_with_time")))))))) - (propagated-inputs - (list python-cryptography python-six)) - (inputs - (list openssl)) - (native-inputs - (list libfaketime python-flaky python-pretend python-pytest)) + (propagated-inputs (list python-cryptography)) + (inputs (list openssl)) + (native-inputs (list libfaketime python-flaky python-pretend python-pytest)) (home-page "https://github.com/pyca/pyopenssl") (synopsis "Python wrapper module around the OpenSSL library") - (description - "PyOpenSSL is a high-level wrapper around a subset of the OpenSSL -library.") + (description "PyOpenSSL is a high-level wrapper around a subset of the +OpenSSL library.") (license license:asl2.0))) (define-public python-ed25519 @@ -1232,18 +1177,17 @@ derivation function.") (define-public python-service-identity (package (name "python-service-identity") - (version "18.1.0") - (source - (origin - (method url-fetch) - (uri (pypi-uri "service_identity" version)) - (sha256 - (base32 - "0b9f5qiqjy8ralzgwjgkhx82h6h8sa7532psmb8mkd65md5aan08")))) - (build-system python-build-system) - (propagated-inputs - (list python-attrs python-pyasn1 python-pyasn1-modules - python-pyopenssl)) + (version "21.1.0") + (source (origin + (method url-fetch) + (uri (pypi-uri "service-identity" version)) + (sha256 + (base32 + "0d4x84crbz0a17d8gi90z6zlxwm9pslc65rx0cdw2797ra360v3f")))) + (build-system pyproject-build-system) + (native-inputs (list python-idna python-pytest)) + (propagated-inputs (list python-attrs python-cryptography python-pyasn1 + python-pyasn1-modules python-six)) (home-page "https://service-identity.readthedocs.io/") (synopsis "Service identity verification for PyOpenSSL") (description @@ -1444,21 +1388,14 @@ items and collections, editing items, locking and unlocking collections (define-public python-trustme (package (name "python-trustme") - (version "0.6.0") + (version "0.9.0") (source (origin (method url-fetch) (uri (pypi-uri "trustme" version)) (sha256 - (base32 "0v3vr5z6apnfmklf07m45kv5kaqvm6hxrkaqywch57bjd2siiywx")))) - (build-system python-build-system) - (arguments - `(#:phases - (modify-phases %standard-phases - (replace 'check - (lambda* (#:key inputs outputs #:allow-other-keys) - (add-installed-pythonpath inputs outputs) - (invoke "pytest" "-vv")))))) + (base32 "0v2qzszmyazfgc1snicdr4b4qdajpjd4pbinpgrn9vfff0yv41sy")))) + (build-system pyproject-build-system) (native-inputs (list python-more-itertools python-pyopenssl @@ -1467,7 +1404,9 @@ items and collections, editing items, locking and unlocking collections python-service-identity python-zipp)) (propagated-inputs - (list python-cryptography)) + (list python-cryptography + python-idna + python-ipaddress)) (home-page "https://github.com/python-trio/trustme") (synopsis "Fake a certificate authority for tests") (description |