diff options
author | Marius Bakke <marius@gnu.org> | 2022-02-13 15:14:04 +0100 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2022-02-13 15:15:58 +0100 |
commit | 6f22596b1c440caca31fb2ba3c250bb7476ad794 (patch) | |
tree | bc4c0cb3068e120e0e62f81623a39a2aab9e3908 /gnu | |
parent | d94de62f1c692674558ee6907c45a0682abbea75 (diff) | |
download | guix-6f22596b1c440caca31fb2ba3c250bb7476ad794.tar.gz guix-6f22596b1c440caca31fb2ba3c250bb7476ad794.zip |
gnu: python-pyopenssl: Update to 22.0.0.
* gnu/packages/python-crypto.scm (python-pyopenssl): Update to 22.0.0.
[arguments]: Respect TESTS? in check phase and rewrite in gexp style.
(python2-pyopenssl): Update to 21.0.0.
[source](patches): New field.
* gnu/packages/patches/python2-pyopenssl-openssl-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/python2-pyopenssl-openssl-compat.patch | 51 | ||||
-rw-r--r-- | gnu/packages/python-crypto.scm | 60 |
3 files changed, 88 insertions, 24 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 1b08b40b9c..5780cb9034 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1721,6 +1721,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-piexif-fix-tests-with-pillow-7.2.patch \ %D%/packages/patches/python-pyfakefs-remove-bad-test.patch \ %D%/packages/patches/python-pyflakes-test-location.patch \ + %D%/packages/patches/python2-pyopenssl-openssl-compat.patch \ %D%/packages/patches/python-flint-includes.patch \ %D%/packages/patches/python-libxml2-utf8.patch \ %D%/packages/patches/python-magic-python-bytecode.patch \ diff --git a/gnu/packages/patches/python2-pyopenssl-openssl-compat.patch b/gnu/packages/patches/python2-pyopenssl-openssl-compat.patch new file mode 100644 index 0000000000..a185f4172d --- /dev/null +++ b/gnu/packages/patches/python2-pyopenssl-openssl-compat.patch @@ -0,0 +1,51 @@ +Adjust for OpenSSL 1.1.1: + + https://github.com/pyca/pyopenssl/issues/1043 + +Taken from upstream: + + https://github.com/pyca/pyopenssl/commit/cc5c00ae5fd3c19d07fff79b5c4a08f5e58697ad + +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 59f21cec..fcdee047 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -1421,6 +1421,12 @@ def set_alpn_protos(self, protos): + This list should be a Python list of bytestrings representing the + protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``. + """ ++ # Different versions of OpenSSL are inconsistent about how they handle empty ++ # proto lists (see #1043), so we avoid the problem entirely by rejecting them ++ # ourselves. ++ if not protos: ++ raise ValueError("at least one protocol must be specified") ++ + # Take the list of protocols and join them together, prefixing them + # with their lengths. + protostr = b"".join( +@@ -2449,6 +2455,12 @@ def set_alpn_protos(self, protos): + This list should be a Python list of bytestrings representing the + protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``. + """ ++ # Different versions of OpenSSL are inconsistent about how they handle empty ++ # proto lists (see #1043), so we avoid the problem entirely by rejecting them ++ # ourselves. ++ if not protos: ++ raise ValueError("at least one protocol must be specified") ++ + # Take the list of protocols and join them together, prefixing them + # with their lengths. + protostr = b"".join( +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index ffc505d8..ca363b45 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -1928,7 +1928,7 @@ def test_alpn_call_failure(self): + protocols list. Ensure that we produce a user-visible error. + """ + context = Context(SSLv23_METHOD) +- with pytest.raises(Error): ++ with pytest.raises(ValueError): + context.set_alpn_protos([]) + + def test_alpn_set_on_connection(self): diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm index d92d113929..103a0c7eae 100644 --- a/gnu/packages/python-crypto.scm +++ b/gnu/packages/python-crypto.scm @@ -663,37 +663,37 @@ message digests and key derivation functions.") (define-public python-pyopenssl (package (name "python-pyopenssl") - (version "20.0.1") + (version "22.0.0") (source (origin (method url-fetch) (uri (pypi-uri "pyOpenSSL" version)) (sha256 (base32 - "0labcbh2g0jhgisd79wx9kixmi6fip28096d1xb05fj3jmsiq8sc")))) + "1gzihw09sqi71lwx97c69hab7w4rbnl6hhfrl6za3i5a4la1n2v6")))) (build-system python-build-system) (arguments - '(#:phases - (modify-phases %standard-phases - (delete 'check) - (add-after 'install 'check - (lambda* (#:key inputs outputs #:allow-other-keys) - (add-installed-pythonpath inputs outputs) - ;; PyOpenSSL runs tests against a certificate with a fixed - ;; expiry time. To ensure successful builds in the future, - ;; set the time to roughly the release date. - (invoke "faketime" "2021-05-01" "py.test" "-v" "-k" - (string-append - ;; This test tries to look up certificates from - ;; the compiled-in default path in OpenSSL, which - ;; does not exist in the build environment. - "not test_fallback_default_verify_paths " - ;; This test attempts to make a connection to - ;; an external web service. - "and not test_set_default_verify_paths " - ;; Fails on i686-linux and possibly other 32-bit platforms - ;; https://github.com/pyca/pyopenssl/issues/974 - "and not test_verify_with_time"))))))) + (list + #:phases + #~(modify-phases %standard-phases + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (when tests? + ;; PyOpenSSL runs tests against a certificate with a fixed + ;; expiry time. To ensure successful builds in the future, + ;; set the time to roughly the release date. + (invoke "faketime" "2022-02-01" "py.test" "-v" "-k" + (string-append + ;; This test tries to look up certificates from + ;; the compiled-in default path in OpenSSL, which + ;; does not exist in the build environment. + "not test_fallback_default_verify_paths " + ;; This test attempts to make a connection to + ;; an external web service. + "and not test_set_default_verify_paths " + ;; Fails on i686-linux and possibly other 32-bit platforms + ;; https://github.com/pyca/pyopenssl/issues/974 + "and not test_verify_with_time")))))))) (propagated-inputs (list python-cryptography python-six)) (inputs @@ -705,10 +705,22 @@ message digests and key derivation functions.") (description "PyOpenSSL is a high-level wrapper around a subset of the OpenSSL library.") + (properties `((python2-variant . ,(delay python2-pyopenssl)))) (license license:asl2.0))) (define-public python2-pyopenssl - (package-with-python2 python-pyopenssl)) + (let ((base (package-with-python2 (strip-python2-variant python-pyopenssl)))) + (package + (inherit base) + (version "21.0.0") + (source + (origin + (method url-fetch) + (uri (pypi-uri "pyOpenSSL" version)) + (patches (search-patches "python2-pyopenssl-openssl-compat.patch")) + (sha256 + (base32 + "1cqcc20fwl521z3fxsc1c98gbnhb14q55vrvjfp6bn6h8rg8qbay"))))))) (define-public python-ed25519 (package |