gnu: python-cryptography: Update to 40.0.1 [fixes CVE-2023-23931].
* gnu/packages/python-crypto.scm (python-cryptography-vectors): Delete variable. (python-cryptography-vectors-next): Rename to... (python-cryptography-vectors): ... this. Update to 40.0.1. (python-cryptography): Delete variable. (python-cryptography-next): Rename to... (python-cryptography): ... this. Update to 40.0.1. [build-system]: Use pyproject-build-system. [arguments]: Remove #:imported-modules and #:modules arguments. Remove check phase override. Remove adjust-pyo3-requirement and configure-cargo phases. Add disable-rust-extension-build and symlink-rust-library phases. [native-inputs]: Replace python-cryptography-vectors-next with python-cryptography-vectors. Add python-iso8601. Remove python-pytz. Replace python-pytest with python-pytest-7.1. Remove rust, rust:cargo and python-setuptools-rust. [inputs]: Remove all inputs. Add python-cryptography-rust. [propagated-inputs]: Remove python-asn1crypto, python-six, python-idna and python-iso8601. [description]: Start description with @code to avoid a lint warning.master
parent
5cb19ebeac
commit
5ec5e560ad
|
@ -525,17 +525,17 @@ for example, for recording or replaying web content.")
|
||||||
is used by the Requests library to verify HTTPS requests.")
|
is used by the Requests library to verify HTTPS requests.")
|
||||||
(license license:asl2.0)))
|
(license license:asl2.0)))
|
||||||
|
|
||||||
(define-public python-cryptography-vectors-next
|
(define-public python-cryptography-vectors
|
||||||
(package
|
(package
|
||||||
(name "python-cryptography-vectors")
|
(name "python-cryptography-vectors")
|
||||||
(version "37.0.4")
|
(version "40.0.1")
|
||||||
(source
|
(source
|
||||||
(origin
|
(origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (pypi-uri "cryptography_vectors" version))
|
(uri (pypi-uri "cryptography_vectors" version))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"1a1yi37ygw0jp72q280cmxd3qn9y9vmcch2bcnjkg2g2202l0qas"))))
|
"0hd0ppss5xg0kzf36q8cdaxh1xw8ry4k7jkianlf832xbdmp0q44"))))
|
||||||
(build-system python-build-system)
|
(build-system python-build-system)
|
||||||
(home-page "https://github.com/pyca/cryptography")
|
(home-page "https://github.com/pyca/cryptography")
|
||||||
(synopsis "Test vectors for the cryptography package")
|
(synopsis "Test vectors for the cryptography package")
|
||||||
|
@ -544,165 +544,57 @@ is used by the Requests library to verify HTTPS requests.")
|
||||||
;; Distributed under either BSD-3 or ASL2.0
|
;; Distributed under either BSD-3 or ASL2.0
|
||||||
(license (list license:bsd-3 license:asl2.0))))
|
(license (list license:bsd-3 license:asl2.0))))
|
||||||
|
|
||||||
(define-public python-cryptography-vectors
|
(define-public python-cryptography
|
||||||
(package
|
|
||||||
(inherit python-cryptography-vectors-next)
|
|
||||||
(version "3.4.8")
|
|
||||||
(source (origin
|
|
||||||
(method url-fetch)
|
|
||||||
(uri (pypi-uri "cryptography_vectors" version))
|
|
||||||
(sha256
|
|
||||||
(base32 "1wl0ynh3lzhc6q59g8mybvijmnp195x7fjxlb3h3sgcraw14312c"))))))
|
|
||||||
|
|
||||||
(define-public python-cryptography-next
|
|
||||||
(package
|
(package
|
||||||
(name "python-cryptography")
|
(name "python-cryptography")
|
||||||
(version "37.0.4")
|
(version "40.0.1")
|
||||||
(source
|
(source
|
||||||
(origin
|
(origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (pypi-uri "cryptography" version))
|
(uri (pypi-uri "cryptography" version))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"10haq7sn8mrdlhcfs791rczknnxm0wpww0lkpjzcqx141ryc3yb3"))))
|
"0wilrilfcyl78caxcpna2k3aya6qamppwv4j35262pz9n7wg40r8"))))
|
||||||
(build-system python-build-system)
|
(build-system pyproject-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
(list
|
(list
|
||||||
#:imported-modules (append %cargo-build-system-modules
|
#:phases #~(modify-phases %standard-phases
|
||||||
%python-build-system-modules)
|
(add-after 'unpack 'disable-rust-extension-build
|
||||||
#:modules `(((guix build cargo-build-system) #:prefix cargo:)
|
(lambda _
|
||||||
,@%python-build-system-modules
|
;; The Rust extension is built separately as
|
||||||
(srfi srfi-1)
|
;; 'python-cryptography-rust', so there's no need
|
||||||
(ice-9 match))
|
;; to build it here.
|
||||||
#:phases
|
(substitute* "pyproject.toml"
|
||||||
#~(modify-phases (@ (guix build python-build-system) %standard-phases)
|
((".*setuptools-rust.*") ""))
|
||||||
(add-after 'unpack 'adjust-pyo3-requirement
|
(delete-file "setup.py")))
|
||||||
(lambda _
|
(add-before 'check 'symlink-rust-library
|
||||||
;; The package depends on 0.15.2, which is not on crates.io(!?).
|
(lambda* (#:key inputs outputs #:allow-other-keys)
|
||||||
;; Downgrade to 0.15.1...
|
(symlink (search-input-file
|
||||||
(substitute* "src/rust/Cargo.toml"
|
inputs "lib/libcryptography_rust.so")
|
||||||
(("pyo3 = \\{ version = \"0\\.15\\.2\"")
|
(string-append (site-packages inputs outputs)
|
||||||
"pyo3 = { version = \"0.15.1\""))))
|
"/cryptography/hazmat/bindings/"
|
||||||
(add-before 'build 'configure-cargo
|
"_rust.abi3.so")))))))
|
||||||
(lambda* (#:key inputs #:allow-other-keys)
|
|
||||||
;; Hide irrelevant inputs from cargo-build-system so it does
|
|
||||||
;; not try to unpack sanity-check.py, etc.
|
|
||||||
(let ((cargo-inputs (filter (match-lambda
|
|
||||||
((name . path)
|
|
||||||
(or (string-prefix? "rust-" name)
|
|
||||||
(string=? "gcc" name))))
|
|
||||||
inputs)))
|
|
||||||
(with-directory-excursion "src/rust"
|
|
||||||
((assoc-ref cargo:%standard-phases 'unpack-rust-crates)
|
|
||||||
#:inputs cargo-inputs
|
|
||||||
#:vendor-dir "guix-vendor")
|
|
||||||
((assoc-ref cargo:%standard-phases 'configure)
|
|
||||||
#:inputs cargo-inputs)
|
|
||||||
((assoc-ref cargo:%standard-phases 'patch-cargo-checksums)
|
|
||||||
#:vendor-dir "guix-vendor"))
|
|
||||||
(rename-file "src/rust/.cargo" ".cargo"))))
|
|
||||||
(replace 'check
|
|
||||||
(lambda* (#:key tests? #:allow-other-keys)
|
|
||||||
(when tests?
|
|
||||||
(invoke "pytest" "-vv" "tests")))))))
|
|
||||||
(inputs
|
|
||||||
(list openssl
|
|
||||||
;; TODO: Most of these inputs are transitive dependencies of
|
|
||||||
;; the Rust requirements (see src/rust/cargo.toml). Surely
|
|
||||||
;; there is a better way than manually listing everything..?
|
|
||||||
rust-aliasable-0.1
|
|
||||||
rust-asn1-0.8
|
|
||||||
rust-asn1-derive-0.8
|
|
||||||
rust-autocfg-1
|
|
||||||
rust-base64-0.13
|
|
||||||
rust-bitflags-1
|
|
||||||
rust-cfg-if-0.1
|
|
||||||
rust-cfg-if-1
|
|
||||||
rust-chrono-0.4
|
|
||||||
rust-cloudabi-0.1
|
|
||||||
rust-lazy-static-1
|
|
||||||
rust-libc-0.2
|
|
||||||
rust-indoc-0.3
|
|
||||||
rust-indoc-impl-0.3
|
|
||||||
rust-inflector-0.11
|
|
||||||
rust-instant-0.1
|
|
||||||
rust-lock-api-0.4
|
|
||||||
rust-num-integer-0.1
|
|
||||||
rust-num-traits-0.2
|
|
||||||
rust-once-cell-1
|
|
||||||
rust-ouroboros-0.15
|
|
||||||
rust-ouroboros-macro-0.15
|
|
||||||
rust-parking-lot-0.11
|
|
||||||
rust-parking-lot-core-0.8
|
|
||||||
rust-paste-0.1
|
|
||||||
rust-paste-impl-0.1
|
|
||||||
rust-pem-1
|
|
||||||
rust-proc-macro-error-1
|
|
||||||
rust-proc-macro-error-attr-1
|
|
||||||
rust-proc-macro-hack-0.5
|
|
||||||
rust-proc-macro2-1
|
|
||||||
rust-pyo3-0.15
|
|
||||||
rust-pyo3-build-config-0.15
|
|
||||||
rust-pyo3-macros-0.15
|
|
||||||
rust-pyo3-macros-backend-0.15
|
|
||||||
rust-quote-1
|
|
||||||
rust-redox-syscall-0.2
|
|
||||||
rust-scopeguard-1
|
|
||||||
rust-smallvec-1
|
|
||||||
rust-stable-deref-trait-1
|
|
||||||
rust-syn-1
|
|
||||||
rust-unicode-xid-0.2
|
|
||||||
rust-unindent-0.1
|
|
||||||
rust-version-check-0.9
|
|
||||||
rust-winapi-0.3))
|
|
||||||
(propagated-inputs
|
|
||||||
(list python-asn1crypto python-cffi python-six python-idna
|
|
||||||
python-iso8601))
|
|
||||||
(native-inputs
|
|
||||||
(list python-cryptography-vectors-next
|
|
||||||
python-hypothesis
|
|
||||||
python-pretend
|
|
||||||
python-pytz
|
|
||||||
python-pytest
|
|
||||||
python-pytest-benchmark
|
|
||||||
python-pytest-subtests
|
|
||||||
python-setuptools-rust
|
|
||||||
rust
|
|
||||||
`(,rust "cargo")))
|
|
||||||
(home-page "https://github.com/pyca/cryptography")
|
|
||||||
(synopsis "Cryptographic recipes and primitives for Python")
|
|
||||||
(description
|
|
||||||
"cryptography is a package which provides cryptographic recipes and
|
|
||||||
primitives to Python developers. It aims to be the “cryptographic standard
|
|
||||||
library” for Python. The package includes both high level recipes, and low
|
|
||||||
level interfaces to common cryptographic algorithms such as symmetric ciphers,
|
|
||||||
message digests and key derivation functions.")
|
|
||||||
;; Distributed under either BSD-3 or ASL2.0
|
|
||||||
(license (list license:bsd-3 license:asl2.0))))
|
|
||||||
|
|
||||||
(define-public python-cryptography
|
|
||||||
(package
|
|
||||||
(inherit python-cryptography-next)
|
|
||||||
(version "3.4.8")
|
|
||||||
(source (origin
|
|
||||||
(method url-fetch)
|
|
||||||
(uri (pypi-uri "cryptography" version))
|
|
||||||
(sha256
|
|
||||||
(base32 "072awar70cwfd2hnx0pvp1dkc7gw45mbm3wcyddvxz5frva5xk4l"))))
|
|
||||||
(arguments
|
|
||||||
(list #:phases
|
|
||||||
#~(modify-phases %standard-phases
|
|
||||||
(add-after 'unpack 'set-no-rust
|
|
||||||
(lambda _
|
|
||||||
(setenv "CRYPTOGRAPHY_DONT_BUILD_RUST" "1"))))))
|
|
||||||
(inputs (list openssl-1.1))
|
|
||||||
(native-inputs
|
(native-inputs
|
||||||
(list python-cryptography-vectors
|
(list python-cryptography-vectors
|
||||||
python-hypothesis
|
python-hypothesis
|
||||||
|
python-iso8601
|
||||||
python-pretend
|
python-pretend
|
||||||
python-pytz
|
python-pytest-7.1 ;for subtests
|
||||||
python-pytest
|
python-pytest-benchmark
|
||||||
python-setuptools-rust))))
|
python-pytest-subtests))
|
||||||
|
(inputs (list python-cryptography-rust))
|
||||||
|
(propagated-inputs (list python-cffi))
|
||||||
|
(home-page "https://github.com/pyca/cryptography")
|
||||||
|
(synopsis "Cryptographic recipes and primitives for Python")
|
||||||
|
(description
|
||||||
|
"@code{cryptography} is a package which provides cryptographic recipes
|
||||||
|
and primitives to Python developers. It aims to be the “cryptographic
|
||||||
|
standard library” for Python. The package includes both high level recipes,
|
||||||
|
and low level interfaces to common cryptographic algorithms such as symmetric
|
||||||
|
ciphers, message digests and key derivation functions.")
|
||||||
|
;; Distributed under either BSD-3 or ASL2.0
|
||||||
|
(license (list license:bsd-3 license:asl2.0))))
|
||||||
|
|
||||||
;;; This is the Rust component of the python-cryptography library, extracted
|
;;; This is the Rust component of the python-cryptography library, extracted
|
||||||
;;; as a separate package to ease the Rust build.
|
;;; as a separate package to ease the Rust build.
|
||||||
|
|
Reference in New Issue