gnu: python-pyopenssl: Update to 22.0.0.

* gnu/packages/python-crypto.scm (python-pyopenssl): Update to 22.0.0.
[arguments]: Respect TESTS? in check phase and rewrite in gexp style.
(python2-pyopenssl): Update to 21.0.0.
[source](patches): New field.
* gnu/packages/patches/python2-pyopenssl-openssl-compat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
This commit is contained in:
Marius Bakke 2022-02-13 15:14:04 +01:00
parent d94de62f1c
commit 6f22596b1c
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
3 changed files with 88 additions and 24 deletions

View file

@ -1721,6 +1721,7 @@ dist_patch_DATA = \
%D%/packages/patches/python-piexif-fix-tests-with-pillow-7.2.patch \
%D%/packages/patches/python-pyfakefs-remove-bad-test.patch \
%D%/packages/patches/python-pyflakes-test-location.patch \
%D%/packages/patches/python2-pyopenssl-openssl-compat.patch \
%D%/packages/patches/python-flint-includes.patch \
%D%/packages/patches/python-libxml2-utf8.patch \
%D%/packages/patches/python-magic-python-bytecode.patch \

View file

@ -0,0 +1,51 @@
Adjust for OpenSSL 1.1.1:
https://github.com/pyca/pyopenssl/issues/1043
Taken from upstream:
https://github.com/pyca/pyopenssl/commit/cc5c00ae5fd3c19d07fff79b5c4a08f5e58697ad
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 59f21cec..fcdee047 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1421,6 +1421,12 @@ def set_alpn_protos(self, protos):
This list should be a Python list of bytestrings representing the
protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
"""
+ # Different versions of OpenSSL are inconsistent about how they handle empty
+ # proto lists (see #1043), so we avoid the problem entirely by rejecting them
+ # ourselves.
+ if not protos:
+ raise ValueError("at least one protocol must be specified")
+
# Take the list of protocols and join them together, prefixing them
# with their lengths.
protostr = b"".join(
@@ -2449,6 +2455,12 @@ def set_alpn_protos(self, protos):
This list should be a Python list of bytestrings representing the
protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
"""
+ # Different versions of OpenSSL are inconsistent about how they handle empty
+ # proto lists (see #1043), so we avoid the problem entirely by rejecting them
+ # ourselves.
+ if not protos:
+ raise ValueError("at least one protocol must be specified")
+
# Take the list of protocols and join them together, prefixing them
# with their lengths.
protostr = b"".join(
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index ffc505d8..ca363b45 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -1928,7 +1928,7 @@ def test_alpn_call_failure(self):
protocols list. Ensure that we produce a user-visible error.
"""
context = Context(SSLv23_METHOD)
- with pytest.raises(Error):
+ with pytest.raises(ValueError):
context.set_alpn_protos([])
def test_alpn_set_on_connection(self):

View file

@ -663,26 +663,26 @@ (define-public python2-cryptography
(define-public python-pyopenssl
(package
(name "python-pyopenssl")
(version "20.0.1")
(version "22.0.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "pyOpenSSL" version))
(sha256
(base32
"0labcbh2g0jhgisd79wx9kixmi6fip28096d1xb05fj3jmsiq8sc"))))
"1gzihw09sqi71lwx97c69hab7w4rbnl6hhfrl6za3i5a4la1n2v6"))))
(build-system python-build-system)
(arguments
'(#:phases
(modify-phases %standard-phases
(delete 'check)
(add-after 'install 'check
(lambda* (#:key inputs outputs #:allow-other-keys)
(add-installed-pythonpath inputs outputs)
(list
#:phases
#~(modify-phases %standard-phases
(replace 'check
(lambda* (#:key tests? #:allow-other-keys)
(when tests?
;; PyOpenSSL runs tests against a certificate with a fixed
;; expiry time. To ensure successful builds in the future,
;; set the time to roughly the release date.
(invoke "faketime" "2021-05-01" "py.test" "-v" "-k"
(invoke "faketime" "2022-02-01" "py.test" "-v" "-k"
(string-append
;; This test tries to look up certificates from
;; the compiled-in default path in OpenSSL, which
@ -693,7 +693,7 @@ (define-public python-pyopenssl
"and not test_set_default_verify_paths "
;; Fails on i686-linux and possibly other 32-bit platforms
;; https://github.com/pyca/pyopenssl/issues/974
"and not test_verify_with_time")))))))
"and not test_verify_with_time"))))))))
(propagated-inputs
(list python-cryptography python-six))
(inputs
@ -705,10 +705,22 @@ (define-public python-pyopenssl
(description
"PyOpenSSL is a high-level wrapper around a subset of the OpenSSL
library.")
(properties `((python2-variant . ,(delay python2-pyopenssl))))
(license license:asl2.0)))
(define-public python2-pyopenssl
(package-with-python2 python-pyopenssl))
(let ((base (package-with-python2 (strip-python2-variant python-pyopenssl))))
(package
(inherit base)
(version "21.0.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "pyOpenSSL" version))
(patches (search-patches "python2-pyopenssl-openssl-compat.patch"))
(sha256
(base32
"1cqcc20fwl521z3fxsc1c98gbnhb14q55vrvjfp6bn6h8rg8qbay")))))))
(define-public python-ed25519
(package