From f204e8028ae5412f4fac3190fbd19dc93c90c0cf Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 11 Apr 2023 08:57:03 -0400 Subject: gnu: python-cryptography: Update to 40.0.1 [fixes CVE-2023-23931]. * gnu/packages/python-crypto.scm (python-cryptography-vectors): Delete variable. (python-cryptography-vectors-next): Rename to... (python-cryptography-vectors): ... this. Update to 40.0.1. (python-cryptography): Delete variable. (python-cryptography-next): Rename to... (python-cryptography): ... this. Update to 40.0.1. [build-system]: Use pyproject-build-system. [arguments]: Remove #:imported-modules and #:modules arguments. Remove check phase override. Remove adjust-pyo3-requirement and configure-cargo phases. Add disable-rust-extension-build and symlink-rust-library phases. [native-inputs]: Replace python-cryptography-vectors-next with python-cryptography-vectors. Add python-iso8601. Remove python-pytz. Replace python-pytest with python-pytest-7.1. Remove rust, rust:cargo and python-setuptools-rust. [inputs]: Remove all inputs. Add python-cryptography-rust. [propagated-inputs]: Remove python-asn1crypto, python-six, python-idna and python-iso8601. [description]: Start description with @code to avoid a lint warning. --- gnu/packages/python-crypto.scm | 178 ++++++++--------------------------------- 1 file changed, 35 insertions(+), 143 deletions(-) diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm index 3a3993b532..a9355d134f 100644 --- a/gnu/packages/python-crypto.scm +++ b/gnu/packages/python-crypto.scm @@ -525,17 +525,17 @@ for example, for recording or replaying web content.") is used by the Requests library to verify HTTPS requests.") (license license:asl2.0))) -(define-public python-cryptography-vectors-next +(define-public python-cryptography-vectors (package (name "python-cryptography-vectors") - (version "37.0.4") + (version "40.0.1") (source (origin (method url-fetch) (uri (pypi-uri "cryptography_vectors" version)) (sha256 (base32 - "1a1yi37ygw0jp72q280cmxd3qn9y9vmcch2bcnjkg2g2202l0qas")))) + "0hd0ppss5xg0kzf36q8cdaxh1xw8ry4k7jkianlf832xbdmp0q44")))) (build-system python-build-system) (home-page "https://github.com/pyca/cryptography") (synopsis "Test vectors for the cryptography package") @@ -544,166 +544,58 @@ is used by the Requests library to verify HTTPS requests.") ;; Distributed under either BSD-3 or ASL2.0 (license (list license:bsd-3 license:asl2.0)))) -(define-public python-cryptography-vectors - (package - (inherit python-cryptography-vectors-next) - (version "3.4.8") - (source (origin - (method url-fetch) - (uri (pypi-uri "cryptography_vectors" version)) - (sha256 - (base32 "1wl0ynh3lzhc6q59g8mybvijmnp195x7fjxlb3h3sgcraw14312c")))))) - -(define-public python-cryptography-next +(define-public python-cryptography (package (name "python-cryptography") - (version "37.0.4") + (version "40.0.1") (source (origin (method url-fetch) (uri (pypi-uri "cryptography" version)) (sha256 (base32 - "10haq7sn8mrdlhcfs791rczknnxm0wpww0lkpjzcqx141ryc3yb3")))) - (build-system python-build-system) + "0wilrilfcyl78caxcpna2k3aya6qamppwv4j35262pz9n7wg40r8")))) + (build-system pyproject-build-system) (arguments (list - #:imported-modules (append %cargo-build-system-modules - %python-build-system-modules) - #:modules `(((guix build cargo-build-system) #:prefix cargo:) - ,@%python-build-system-modules - (srfi srfi-1) - (ice-9 match)) - #:phases - #~(modify-phases (@ (guix build python-build-system) %standard-phases) - (add-after 'unpack 'adjust-pyo3-requirement - (lambda _ - ;; The package depends on 0.15.2, which is not on crates.io(!?). - ;; Downgrade to 0.15.1... - (substitute* "src/rust/Cargo.toml" - (("pyo3 = \\{ version = \"0\\.15\\.2\"") - "pyo3 = { version = \"0.15.1\"")))) - (add-before 'build 'configure-cargo - (lambda* (#:key inputs #:allow-other-keys) - ;; Hide irrelevant inputs from cargo-build-system so it does - ;; not try to unpack sanity-check.py, etc. - (let ((cargo-inputs (filter (match-lambda - ((name . path) - (or (string-prefix? "rust-" name) - (string=? "gcc" name)))) - inputs))) - (with-directory-excursion "src/rust" - ((assoc-ref cargo:%standard-phases 'unpack-rust-crates) - #:inputs cargo-inputs - #:vendor-dir "guix-vendor") - ((assoc-ref cargo:%standard-phases 'configure) - #:inputs cargo-inputs) - ((assoc-ref cargo:%standard-phases 'patch-cargo-checksums) - #:vendor-dir "guix-vendor")) - (rename-file "src/rust/.cargo" ".cargo")))) - (replace 'check - (lambda* (#:key tests? #:allow-other-keys) - (when tests? - (invoke "pytest" "-vv" "tests"))))))) - (inputs - (list openssl - ;; TODO: Most of these inputs are transitive dependencies of - ;; the Rust requirements (see src/rust/cargo.toml). Surely - ;; there is a better way than manually listing everything..? - rust-aliasable-0.1 - rust-asn1-0.8 - rust-asn1-derive-0.8 - rust-autocfg-1 - rust-base64-0.13 - rust-bitflags-1 - rust-cfg-if-0.1 - rust-cfg-if-1 - rust-chrono-0.4 - rust-cloudabi-0.1 - rust-lazy-static-1 - rust-libc-0.2 - rust-indoc-0.3 - rust-indoc-impl-0.3 - rust-inflector-0.11 - rust-instant-0.1 - rust-lock-api-0.4 - rust-num-integer-0.1 - rust-num-traits-0.2 - rust-once-cell-1 - rust-ouroboros-0.15 - rust-ouroboros-macro-0.15 - rust-parking-lot-0.11 - rust-parking-lot-core-0.8 - rust-paste-0.1 - rust-paste-impl-0.1 - rust-pem-1 - rust-proc-macro-error-1 - rust-proc-macro-error-attr-1 - rust-proc-macro-hack-0.5 - rust-proc-macro2-1 - rust-pyo3-0.15 - rust-pyo3-build-config-0.15 - rust-pyo3-macros-0.15 - rust-pyo3-macros-backend-0.15 - rust-quote-1 - rust-redox-syscall-0.2 - rust-scopeguard-1 - rust-smallvec-1 - rust-stable-deref-trait-1 - rust-syn-1 - rust-unicode-xid-0.2 - rust-unindent-0.1 - rust-version-check-0.9 - rust-winapi-0.3)) - (propagated-inputs - (list python-asn1crypto python-cffi python-six python-idna - python-iso8601)) + #:phases #~(modify-phases %standard-phases + (add-after 'unpack 'disable-rust-extension-build + (lambda _ + ;; The Rust extension is built separately as + ;; 'python-cryptography-rust', so there's no need + ;; to build it here. + (substitute* "pyproject.toml" + ((".*setuptools-rust.*") "")) + (delete-file "setup.py"))) + (add-before 'check 'symlink-rust-library + (lambda* (#:key inputs outputs #:allow-other-keys) + (symlink (search-input-file + inputs "lib/libcryptography_rust.so") + (string-append (site-packages inputs outputs) + "/cryptography/hazmat/bindings/" + "_rust.abi3.so"))))))) + (native-inputs - (list python-cryptography-vectors-next + (list python-cryptography-vectors python-hypothesis + python-iso8601 python-pretend - python-pytz - python-pytest + python-pytest-7.1 ;for subtests python-pytest-benchmark - python-pytest-subtests - python-setuptools-rust - rust - `(,rust "cargo"))) + python-pytest-subtests)) + (inputs (list python-cryptography-rust)) + (propagated-inputs (list python-cffi)) (home-page "https://github.com/pyca/cryptography") (synopsis "Cryptographic recipes and primitives for Python") (description - "cryptography is a package which provides cryptographic recipes and -primitives to Python developers. It aims to be the “cryptographic standard -library” for Python. The package includes both high level recipes, and low -level interfaces to common cryptographic algorithms such as symmetric ciphers, -message digests and key derivation functions.") + "@code{cryptography} is a package which provides cryptographic recipes +and primitives to Python developers. It aims to be the “cryptographic +standard library” for Python. The package includes both high level recipes, +and low level interfaces to common cryptographic algorithms such as symmetric +ciphers, message digests and key derivation functions.") ;; Distributed under either BSD-3 or ASL2.0 (license (list license:bsd-3 license:asl2.0)))) -(define-public python-cryptography - (package - (inherit python-cryptography-next) - (version "3.4.8") - (source (origin - (method url-fetch) - (uri (pypi-uri "cryptography" version)) - (sha256 - (base32 "072awar70cwfd2hnx0pvp1dkc7gw45mbm3wcyddvxz5frva5xk4l")))) - (arguments - (list #:phases - #~(modify-phases %standard-phases - (add-after 'unpack 'set-no-rust - (lambda _ - (setenv "CRYPTOGRAPHY_DONT_BUILD_RUST" "1")))))) - (inputs (list openssl-1.1)) - (native-inputs - (list python-cryptography-vectors - python-hypothesis - python-pretend - python-pytz - python-pytest - python-setuptools-rust)))) - ;;; This is the Rust component of the python-cryptography library, extracted ;;; as a separate package to ease the Rust build. (define-public python-cryptography-rust -- cgit 1.4.1