Merge branch 'master' into core-updates.

Conflicts:
	gnu/local.mk
	gnu/packages/build-tools.scm
	gnu/packages/certs.scm
	gnu/packages/check.scm
	gnu/packages/compression.scm
	gnu/packages/cups.scm
	gnu/packages/fontutils.scm
	gnu/packages/gnuzilla.scm
	gnu/packages/guile.scm
	gnu/packages/ibus.scm
	gnu/packages/image-processing.scm
	gnu/packages/linux.scm
	gnu/packages/music.scm
	gnu/packages/nss.scm
	gnu/packages/pdf.scm
	gnu/packages/python-xyz.scm
	gnu/packages/qt.scm
	gnu/packages/ruby.scm
	gnu/packages/shells.scm
	gnu/packages/tex.scm
	gnu/packages/video.scm
	gnu/packages/vulkan.scm
	gnu/packages/web.scm
	gnu/packages/webkit.scm
	gnu/packages/wm.scm

1 files changed, 117 insertions, 178 deletions

diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index 602768ae85..9cf5914337 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -24,7 +24,7 @@
 ;;; Copyright © 2020 Alexandros Theodotou <alex@zrythm.org>
 ;;; Copyright © 2020 Justus Winter <justus@sequoia-pgp.org>
 ;;; Copyright © 2020, 2021 Vinicius Monego <monego@posteo.net>
-;;; Copyright © 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
 ;;; Copyright © 2022 Antero Mejr <antero@mailbox.org>
 ;;;
@@ -60,6 +60,7 @@
   #:use-module (gnu packages libffi)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages password-utils)
+  #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages protobuf)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-build)
@@ -465,17 +466,17 @@ for example, for recording or replaying web content.")
 is used by the Requests library to verify HTTPS requests.")
     (license license:asl2.0)))
 
-(define-public python-cryptography-vectors-next
+(define-public python-cryptography-vectors
   (package
     (name "python-cryptography-vectors")
-    (version "37.0.4")
+    (version "40.0.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "cryptography_vectors" version))
        (sha256
         (base32
-         "1a1yi37ygw0jp72q280cmxd3qn9y9vmcch2bcnjkg2g2202l0qas"))))
+         "0hd0ppss5xg0kzf36q8cdaxh1xw8ry4k7jkianlf832xbdmp0q44"))))
     (build-system python-build-system)
     (home-page "https://github.com/pyca/cryptography")
     (synopsis "Test vectors for the cryptography package")
@@ -484,179 +485,127 @@ is used by the Requests library to verify HTTPS requests.")
     ;; Distributed under either BSD-3 or ASL2.0
     (license (list license:bsd-3 license:asl2.0))))
 
-(define-public python-cryptography-vectors
-  (package
-    (inherit python-cryptography-vectors-next)
-    (version "3.4.8")
-    (source (origin
-              (method url-fetch)
-              (uri (pypi-uri "cryptography_vectors" version))
-              (sha256
-               (base32 "1wl0ynh3lzhc6q59g8mybvijmnp195x7fjxlb3h3sgcraw14312c"))))))
-
-(define-public python-cryptography-next
+(define-public python-cryptography
   (package
     (name "python-cryptography")
-    (version "37.0.4")
+    (version "40.0.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "cryptography" version))
        (sha256
         (base32
-         "10haq7sn8mrdlhcfs791rczknnxm0wpww0lkpjzcqx141ryc3yb3"))))
-    (build-system python-build-system)
+         "0wilrilfcyl78caxcpna2k3aya6qamppwv4j35262pz9n7wg40r8"))))
+    (build-system pyproject-build-system)
     (arguments
      (list
-      #:imported-modules (append %cargo-build-system-modules
-                                 %python-build-system-modules)
-      #:modules `(((guix build cargo-build-system) #:prefix cargo:)
-                  ,@%python-build-system-modules
-                  (srfi srfi-1)
-                  (ice-9 match))
-      #:phases
-      #~(modify-phases (@ (guix build python-build-system) %standard-phases)
-          (add-after 'unpack 'adjust-pyo3-requirement
-            (lambda _
-              ;; The package depends on 0.15.2, which is not on crates.io(!?).
-              ;; Downgrade to 0.15.1...
-              (substitute* "src/rust/Cargo.toml"
-                (("pyo3 = \\{ version = \"0\\.15\\.2\"")
-                 "pyo3 = { version = \"0.15.1\""))))
-          (add-before 'build 'configure-cargo
-            (lambda* (#:key inputs #:allow-other-keys)
-              ;; Hide irrelevant inputs from cargo-build-system so it does
-              ;; not try to unpack sanity-check.py, etc.
-              (let ((cargo-inputs (filter (match-lambda
-                                            ((name . path)
-                                             (or (string-prefix? "rust-" name)
-                                                 (string=? "gcc" name))))
-                                          inputs)))
-                (with-directory-excursion "src/rust"
-                  ((assoc-ref cargo:%standard-phases 'unpack-rust-crates)
-                   #:inputs cargo-inputs
-                   #:vendor-dir "guix-vendor")
-                  ((assoc-ref cargo:%standard-phases 'configure)
-                   #:inputs cargo-inputs)
-                  ((assoc-ref cargo:%standard-phases 'patch-cargo-checksums)
-                   #:vendor-dir "guix-vendor"))
-                (rename-file "src/rust/.cargo" ".cargo"))))
-          (replace 'check
-            (lambda* (#:key tests? #:allow-other-keys)
-              (when tests?
-                (invoke "pytest" "-vv" "tests")))))))
-    (inputs
-     (list openssl
-           ;; TODO: Most of these inputs are transitive dependencies of
-           ;; the Rust requirements (see src/rust/cargo.toml).  Surely
-           ;; there is a better way than manually listing everything..?
-           rust-aliasable-0.1
-           rust-asn1-0.8
-           rust-asn1-derive-0.8
-           rust-autocfg-1
-           rust-base64-0.13
-           rust-bitflags-1
-           rust-cfg-if-0.1
-           rust-cfg-if-1
-           rust-chrono-0.4
-           rust-cloudabi-0.1
-           rust-lazy-static-1
-           rust-libc-0.2
-           rust-indoc-0.3
-           rust-indoc-impl-0.3
-           rust-inflector-0.11
-           rust-instant-0.1
-           rust-lock-api-0.4
-           rust-num-integer-0.1
-           rust-num-traits-0.2
-           rust-once-cell-1
-           rust-ouroboros-0.15
-           rust-ouroboros-macro-0.15
-           rust-parking-lot-0.11
-           rust-parking-lot-core-0.8
-           rust-paste-0.1
-           rust-paste-impl-0.1
-           rust-pem-1
-           rust-proc-macro-error-1
-           rust-proc-macro-error-attr-1
-           rust-proc-macro-hack-0.5
-           rust-proc-macro2-1
-           rust-pyo3-0.15
-           rust-pyo3-build-config-0.15
-           rust-pyo3-macros-0.15
-           rust-pyo3-macros-backend-0.15
-           rust-quote-1
-           rust-redox-syscall-0.2
-           rust-scopeguard-1
-           rust-smallvec-1
-           rust-stable-deref-trait-1
-           rust-syn-1
-           rust-unicode-xid-0.2
-           rust-unindent-0.1
-           rust-version-check-0.9
-           rust-winapi-0.3))
-    (propagated-inputs
-     (list python-asn1crypto python-cffi python-six python-idna
-           python-iso8601))
+      #:phases #~(modify-phases %standard-phases
+                   (add-after 'unpack 'disable-rust-extension-build
+                     (lambda _
+                       ;; The Rust extension is built separately as
+                       ;; 'python-cryptography-rust', so there's no need
+                       ;; to build it here.
+                       (substitute* "pyproject.toml"
+                         ((".*setuptools-rust.*") ""))
+                       (delete-file "setup.py")))
+                   (add-before 'check 'symlink-rust-library
+                     (lambda* (#:key inputs outputs #:allow-other-keys)
+                       (symlink (search-input-file
+                                 inputs "lib/libcryptography_rust.so")
+                                (string-append (site-packages inputs outputs)
+                                               "/cryptography/hazmat/bindings/"
+                                               "_rust.abi3.so")))))))
+
     (native-inputs
-     (list python-cryptography-vectors-next
+     (list python-cryptography-vectors
            python-hypothesis
+           python-iso8601
            python-pretend
-           python-pytz
-           python-pytest
+           python-pytest-7.1            ;for subtests
            python-pytest-benchmark
-           python-pytest-subtests
-           python-setuptools-rust
-           rust
-           `(,rust "cargo")))
+           python-pytest-subtests))
+    (inputs (list python-cryptography-rust))
+    (propagated-inputs (list python-cffi))
     (home-page "https://github.com/pyca/cryptography")
     (synopsis "Cryptographic recipes and primitives for Python")
     (description
-      "cryptography is a package which provides cryptographic recipes and
-primitives to Python developers.  It aims to be the “cryptographic standard
-library” for Python.  The package includes both high level recipes, and low
-level interfaces to common cryptographic algorithms such as symmetric ciphers,
-message digests and key derivation functions.")
+     "@code{cryptography} is a package which provides cryptographic recipes
+and primitives to Python developers.  It aims to be the “cryptographic
+standard library” for Python.  The package includes both high level recipes,
+and low level interfaces to common cryptographic algorithms such as symmetric
+ciphers, message digests and key derivation functions.")
     ;; Distributed under either BSD-3 or ASL2.0
     (license (list license:bsd-3 license:asl2.0))))
 
-(define-public python-cryptography
+;;; This is the Rust component of the python-cryptography library, extracted
+;;; as a separate package to ease the Rust build.
+(define-public python-cryptography-rust
   (package
-    (inherit python-cryptography-next)
-    (version "3.4.8")
-    (source (origin
-              (method url-fetch)
-              (uri (pypi-uri "cryptography" version))
-              (sha256
-               (base32 "072awar70cwfd2hnx0pvp1dkc7gw45mbm3wcyddvxz5frva5xk4l"))))
+    (inherit python-cryptography)
+    (name "python-cryptography-rust")
+    (build-system cargo-build-system)
     (arguments
-     (list #:phases
-           #~(modify-phases %standard-phases
-               (add-after 'unpack 'set-no-rust
-                 (lambda _
-                   (setenv "CRYPTOGRAPHY_DONT_BUILD_RUST" "1"))))))
-    (inputs (list openssl-1.1))
-    (native-inputs
-     (list python-cryptography-vectors
-           python-hypothesis
-           python-pretend
-           python-pytz
-           python-pytest
-           python-setuptools-rust))))
+     (list
+      #:modules '((guix build cargo-build-system)
+                  (guix build utils)
+                  (srfi srfi-1)
+                  (ice-9 match))
+      ;; XXX: Building the test objects appear to fail due to a missing link
+      ;; directive to Python's shared library (e.g.: "ld:
+      ;; cryptography_rust.c950d742-cgu.11:(.text._ZN3...+0x57): undefined
+      ;; reference to `PyLong_FromLong'").
+      #:tests? #f
+      #:phases
+      #~(modify-phases %standard-phases
+          (add-after 'unpack 'chdir
+            (lambda _
+              (chdir "src/rust")))
+          (replace 'unpack-rust-crates
+            ;; This is to avoid the non-crate source from being erroneously
+            ;; unpacked by this phase, causing an error.
+            (lambda* (#:key inputs #:allow-other-keys #:rest args)
+              (apply (assoc-ref %standard-phases 'unpack-rust-crates)
+                     (append args
+                             (list #:inputs (alist-delete "source" inputs))))))
+          (replace 'configure
+            (lambda* (#:key inputs #:allow-other-keys #:rest args)
+              (apply (assoc-ref %standard-phases 'configure)
+                     (append args
+                             (list #:inputs (alist-delete "source" inputs))))))
+          (add-after 'install 'install-shared-library
+            (lambda _
+              (install-file "target/release/libcryptography_rust.so"
+                            (string-append #$output "/lib")))))
+      #:cargo-inputs
+      `(("rust-asn1-0.13" ,rust-asn1-0.13)
+        ("rust-chrono-0.4" ,rust-chrono-0.4)
+        ("rust-foreign-types-shared-0.1" ,rust-foreign-types-shared-0.1)
+        ("rust-once-cell-1" ,rust-once-cell-1)
+        ("rust-openssl-0.10" ,rust-openssl-0.10)
+        ("rust-openssl-sys-0.9" ,rust-openssl-sys-0.9)
+        ("rust-ouroboros-0.15" ,rust-ouroboros-0.15)
+        ("rust-pem-1" ,rust-pem-1)
+        ("rust-pyo3-0.15" ,rust-pyo3-0.15))
+      #:cargo-development-inputs
+      `(("rust-cc" ,rust-cc-1))))
+    (native-inputs (list pkg-config python python-cffi))
+    ;; XXX: Adding rust-openssl-sys-0.9 is needed because #:cargo-inputs
+    ;; doesn't honor propagated-inputs.
+    (inputs (list python rust-openssl-sys-0.9))
+    (propagated-inputs '())
+    (synopsis "Core implementation of the Cryptography Python library")))
 
-;; This is the last version which is compatable with python-cryptography < 35.
 (define-public python-pyopenssl
   (package
     (name "python-pyopenssl")
-    (version "21.0.0")
+    (version "23.1.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pyOpenSSL" version))
        (sha256
         (base32
-         "1cqcc20fwl521z3fxsc1c98gbnhb14q55vrvjfp6bn6h8rg8qbay"))
-       (patches (search-patches "python2-pyopenssl-openssl-compat.patch"))))
+         "1dxhip610zw1j2bz35g1w1h7vh374g0bnzn4nsqj65n6pswrh544"))))
     (build-system python-build-system)
     (arguments
      (list
@@ -668,7 +617,7 @@ message digests and key derivation functions.")
                 ;; PyOpenSSL runs tests against a certificate with a fixed
                 ;; expiry time.  To ensure successful builds in the future,
                 ;; set the time to roughly the release date.
-                (invoke "faketime" "2022-02-01" "py.test" "-v" "-k"
+                (invoke "faketime" "2023-03-25" "pytest" "-vv" "-k"
                         (string-append
                          ;; This test tries to look up certificates from
                          ;; the compiled-in default path in OpenSSL, which
@@ -680,17 +629,13 @@ message digests and key derivation functions.")
                          ;; Fails on i686-linux and possibly other 32-bit platforms
                          ;; https://github.com/pyca/pyopenssl/issues/974
                          "and not test_verify_with_time"))))))))
-    (propagated-inputs
-     (list python-cryptography python-six))
-    (inputs
-     (list openssl))
-    (native-inputs
-     (list libfaketime python-flaky python-pretend python-pytest))
+    (propagated-inputs (list python-cryptography))
+    (inputs (list openssl))
+    (native-inputs (list libfaketime python-flaky python-pretend python-pytest))
     (home-page "https://github.com/pyca/pyopenssl")
     (synopsis "Python wrapper module around the OpenSSL library")
-    (description
-      "PyOpenSSL is a high-level wrapper around a subset of the OpenSSL
-library.")
+    (description "PyOpenSSL is a high-level wrapper around a subset of the
+OpenSSL library.")
     (license license:asl2.0)))
 
 (define-public python-ed25519
@@ -1232,18 +1177,17 @@ derivation function.")
 (define-public python-service-identity
   (package
     (name "python-service-identity")
-    (version "18.1.0")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (pypi-uri "service_identity" version))
-       (sha256
-        (base32
-         "0b9f5qiqjy8ralzgwjgkhx82h6h8sa7532psmb8mkd65md5aan08"))))
-    (build-system python-build-system)
-    (propagated-inputs
-     (list python-attrs python-pyasn1 python-pyasn1-modules
-           python-pyopenssl))
+    (version "21.1.0")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "service-identity" version))
+              (sha256
+               (base32
+                "0d4x84crbz0a17d8gi90z6zlxwm9pslc65rx0cdw2797ra360v3f"))))
+    (build-system pyproject-build-system)
+    (native-inputs (list python-idna python-pytest))
+    (propagated-inputs (list python-attrs python-cryptography python-pyasn1
+                             python-pyasn1-modules python-six))
     (home-page "https://service-identity.readthedocs.io/")
     (synopsis "Service identity verification for PyOpenSSL")
     (description
@@ -1444,21 +1388,14 @@ items and collections, editing items, locking and unlocking collections
 (define-public python-trustme
   (package
     (name "python-trustme")
-    (version "0.6.0")
+    (version "0.9.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "trustme" version))
        (sha256
-        (base32 "0v3vr5z6apnfmklf07m45kv5kaqvm6hxrkaqywch57bjd2siiywx"))))
-    (build-system python-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (replace 'check
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (add-installed-pythonpath inputs outputs)
-             (invoke "pytest" "-vv"))))))
+        (base32 "0v2qzszmyazfgc1snicdr4b4qdajpjd4pbinpgrn9vfff0yv41sy"))))
+    (build-system pyproject-build-system)
     (native-inputs
      (list python-more-itertools
            python-pyopenssl
@@ -1467,7 +1404,9 @@ items and collections, editing items, locking and unlocking collections
            python-service-identity
            python-zipp))
     (propagated-inputs
-     (list python-cryptography))
+     (list python-cryptography
+           python-idna
+           python-ipaddress))
     (home-page "https://github.com/python-trio/trustme")
     (synopsis "Fake a certificate authority for tests")
     (description