forked from mirrors/nixpkgs
44b7d77591
Backward incompatible changes: - Support for Python 3.5 has been removed due to low usage and maintenance burden. - The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. - When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. - We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing.
82 lines
1.9 KiB
Nix
82 lines
1.9 KiB
Nix
{ stdenv
|
|
, buildPythonPackage
|
|
, fetchPypi
|
|
, fetchpatch
|
|
, isPy27
|
|
, ipaddress
|
|
, openssl
|
|
, cryptography_vectors
|
|
, darwin
|
|
, packaging
|
|
, six
|
|
, pythonOlder
|
|
, isPyPy
|
|
, cffi
|
|
, pytest
|
|
, pretend
|
|
, iso8601
|
|
, pytz
|
|
, hypothesis
|
|
, enum34
|
|
}:
|
|
|
|
buildPythonPackage rec {
|
|
pname = "cryptography";
|
|
version = "3.3.1"; # Also update the hash in vectors.nix
|
|
|
|
src = fetchPypi {
|
|
inherit pname version;
|
|
sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
|
|
};
|
|
|
|
outputs = [ "out" "dev" ];
|
|
|
|
nativeBuildInputs = stdenv.lib.optionals (!isPyPy) [
|
|
cffi
|
|
];
|
|
|
|
buildInputs = [ openssl ]
|
|
++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
|
|
propagatedBuildInputs = [
|
|
packaging
|
|
six
|
|
] ++ stdenv.lib.optionals (!isPyPy) [
|
|
cffi
|
|
] ++ stdenv.lib.optionals isPy27 [
|
|
ipaddress enum34
|
|
];
|
|
|
|
checkInputs = [
|
|
cryptography_vectors
|
|
hypothesis
|
|
iso8601
|
|
pretend
|
|
pytest
|
|
pytz
|
|
];
|
|
|
|
checkPhase = ''
|
|
py.test --disable-pytest-warnings tests
|
|
'';
|
|
|
|
# IOKit's dependencies are inconsistent between OSX versions, so this is the best we
|
|
# can do until nix 1.11's release
|
|
__impureHostDeps = [ "/usr/lib" ];
|
|
|
|
meta = with stdenv.lib; {
|
|
description = "A package which provides cryptographic recipes and primitives";
|
|
longDescription = ''
|
|
Cryptography includes both high level recipes and low level interfaces to
|
|
common cryptographic algorithms such as symmetric ciphers, message
|
|
digests, and key derivation functions.
|
|
Our goal is for it to be your "cryptographic standard library". It
|
|
supports Python 2.7, Python 3.5+, and PyPy 5.4+.
|
|
'';
|
|
homepage = "https://github.com/pyca/cryptography";
|
|
changelog = "https://cryptography.io/en/latest/changelog/#v"
|
|
+ replaceStrings [ "." ] [ "-" ] version;
|
|
license = with licenses; [ asl20 bsd3 psfl ];
|
|
maintainers = with maintainers; [ primeos ];
|
|
};
|
|
}
|