gnu: python-pyopenssl: Update to 22.0.0.

* gnu/packages/python-crypto.scm (python-pyopenssl): Update to 22.0.0. [arguments]: Respect TESTS? in check phase and rewrite in gexp style. (python2-pyopenssl): Update to 21.0.0. [source](patches): New field. * gnu/packages/patches/python2-pyopenssl-openssl-compat.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
2024-11-07 15:36:20 -05:00 · 2022-02-13 15:14:04 +01:00 · 2022-02-13 15:14:04 +01:00 · 6f22596b1c
commit 6f22596b1c
parent d94de62f1c
3 changed files with 88 additions and 24 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1721,6 +1721,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/python-piexif-fix-tests-with-pillow-7.2.patch	\
  %D%/packages/patches/python-pyfakefs-remove-bad-test.patch	\
  %D%/packages/patches/python-pyflakes-test-location.patch	\
+  %D%/packages/patches/python2-pyopenssl-openssl-compat.patch	\
  %D%/packages/patches/python-flint-includes.patch		\
  %D%/packages/patches/python-libxml2-utf8.patch		\
  %D%/packages/patches/python-magic-python-bytecode.patch	\
--- a/gnu/packages/patches/python2-pyopenssl-openssl-compat.patch
+++ b/gnu/packages/patches/python2-pyopenssl-openssl-compat.patch
@ -0,0 +1,51 @@
+Adjust for OpenSSL 1.1.1:
+
+  https://github.com/pyca/pyopenssl/issues/1043
+
+Taken from upstream:
+
+  https://github.com/pyca/pyopenssl/commit/cc5c00ae5fd3c19d07fff79b5c4a08f5e58697ad
+
+diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
+index 59f21cec..fcdee047 100644
+--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
+@@ -1421,6 +1421,12 @@ def set_alpn_protos(self, protos):
+             This list should be a Python list of bytestrings representing the
+             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
+         """
+        # Different versions of OpenSSL are inconsistent about how they handle empty
+        # proto lists (see #1043), so we avoid the problem entirely by rejecting them
+        # ourselves.
+        if not protos:
+            raise ValueError("at least one protocol must be specified")
+
+         # Take the list of protocols and join them together, prefixing them
+         # with their lengths.
+         protostr = b"".join(
+@@ -2449,6 +2455,12 @@ def set_alpn_protos(self, protos):
+             This list should be a Python list of bytestrings representing the
+             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
+         """
+        # Different versions of OpenSSL are inconsistent about how they handle empty
+        # proto lists (see #1043), so we avoid the problem entirely by rejecting them
+        # ourselves.
+        if not protos:
+            raise ValueError("at least one protocol must be specified")
+
+         # Take the list of protocols and join them together, prefixing them
+         # with their lengths.
+         protostr = b"".join(
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index ffc505d8..ca363b45 100644
+--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
+@@ -1928,7 +1928,7 @@ def test_alpn_call_failure(self):
+         protocols list. Ensure that we produce a user-visible error.
+         """
+         context = Context(SSLv23_METHOD)
+-        with pytest.raises(Error):
+        with pytest.raises(ValueError):
+             context.set_alpn_protos([])
+ 
+     def test_alpn_set_on_connection(self):
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@ -663,37 +663,37 @@ (define-public python2-cryptography
 (define-public python-pyopenssl
  (package
    (name "python-pyopenssl")
-    (version "20.0.1")
+    (version "22.0.0")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri "pyOpenSSL" version))
       (sha256
        (base32
-         "0labcbh2g0jhgisd79wx9kixmi6fip28096d1xb05fj3jmsiq8sc"))))
+         "1gzihw09sqi71lwx97c69hab7w4rbnl6hhfrl6za3i5a4la1n2v6"))))
    (build-system python-build-system)
    (arguments
-     '(#:phases
-       (modify-phases %standard-phases
-         (delete 'check)
-         (add-after 'install 'check
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (add-installed-pythonpath inputs outputs)
-             ;; PyOpenSSL runs tests against a certificate with a fixed
-             ;; expiry time.  To ensure successful builds in the future,
-             ;; set the time to roughly the release date.
-             (invoke "faketime" "2021-05-01" "py.test" "-v" "-k"
-                     (string-append
-                      ;; This test tries to look up certificates from
-                      ;; the compiled-in default path in OpenSSL, which
-                      ;; does not exist in the build environment.
-                      "not test_fallback_default_verify_paths "
-                      ;; This test attempts to make a connection to
-                      ;; an external web service.
-                      "and not test_set_default_verify_paths "
-                      ;; Fails on i686-linux and possibly other 32-bit platforms
-                      ;; https://github.com/pyca/pyopenssl/issues/974
-                      "and not test_verify_with_time")))))))
+     (list
+      #:phases
+      #~(modify-phases %standard-phases
+          (replace 'check
+            (lambda* (#:key tests? #:allow-other-keys)
+              (when tests?
+                ;; PyOpenSSL runs tests against a certificate with a fixed
+                ;; expiry time.  To ensure successful builds in the future,
+                ;; set the time to roughly the release date.
+                (invoke "faketime" "2022-02-01" "py.test" "-v" "-k"
+                        (string-append
+                         ;; This test tries to look up certificates from
+                         ;; the compiled-in default path in OpenSSL, which
+                         ;; does not exist in the build environment.
+                         "not test_fallback_default_verify_paths "
+                         ;; This test attempts to make a connection to
+                         ;; an external web service.
+                         "and not test_set_default_verify_paths "
+                         ;; Fails on i686-linux and possibly other 32-bit platforms
+                         ;; https://github.com/pyca/pyopenssl/issues/974
+                         "and not test_verify_with_time"))))))))
    (propagated-inputs
     (list python-cryptography python-six))
    (inputs
@ -705,10 +705,22 @@ (define-public python-pyopenssl
    (description
      "PyOpenSSL is a high-level wrapper around a subset of the OpenSSL
 library.")
+    (properties `((python2-variant . ,(delay python2-pyopenssl))))
    (license license:asl2.0)))

 (define-public python2-pyopenssl
-  (package-with-python2 python-pyopenssl))
+  (let ((base (package-with-python2 (strip-python2-variant python-pyopenssl))))
+    (package
+      (inherit base)
+      (version "21.0.0")
+      (source
+       (origin
+         (method url-fetch)
+         (uri (pypi-uri "pyOpenSSL" version))
+         (patches (search-patches "python2-pyopenssl-openssl-compat.patch"))
+         (sha256
+          (base32
+           "1cqcc20fwl521z3fxsc1c98gbnhb14q55vrvjfp6bn6h8rg8qbay")))))))

 (define-public python-ed25519
  (package