{ lib, stdenv, substituteAll, buildEnv, fetchgit, fetchFromGitHub, python3Packages, gmp }:
# pure-python-otr (potr) requires an older version of pycrypto, which is
# not compatible with pycryptodome. Therefore, the latest patched version
# of pycrypto will be fetched from the Debian project.
pycrypto = python3Packages.buildPythonPackage rec {
pname = "pycrypto";
version = "2.6.1-13.1";
src = fetchgit {
url = "";
rev = "debian/${version}";
sha256 = "1mahqmlgilgk0rn5hfkhza7kscfm7agdakkb6rqnif9g0qp3s52f";
postPatch = ''
for p in debian/patches/*.patch; do
patch -p1 < "$p"
buildInputs = [ gmp ];
# Tests are relying on old Python 2 modules.
doCheck = false;
preConfigure = ''
sed -i 's,/usr/include,/no-such-dir,' configure
sed -i "s!,'/usr/include/'!!"
potr = python3Packages.potr.overridePythonAttrs (oldAttrs: {
propagatedBuildInputs = [ pycrypto ];
in stdenv.mkDerivation rec {
pname = "weechat-otr";
version = "1.9.2";
src = fetchFromGitHub {
repo = pname;
owner = "mmb";
rev = "v${version}";
sha256 = "1lngv98y6883vk8z2628cl4d5y8jxy39w8245gjdvshl8g18k5s2";
patches = [
(substituteAll {
src = ./libpath.patch;
env = "${buildEnv {
name = "weechat-otr-env";
paths = [ potr pycrypto ];
passthru.scripts = [ "" ];
installPhase = ''
mkdir -p $out/share
cp $out/share/
meta = with lib; {
homepage = "";
license = licenses.gpl3;
maintainers = with maintainers; [ oxzi ];
description = "WeeChat script for Off-the-Record messaging";
knownVulnerabilities = [
"There is no upstream release since 2018-03."
"Utilizes deprecated and vulnerable pycrypto library with Debian patches from 2020-04."