sslyze: drop

2 years ago · 35e93564ad
parent 6fa52289b4
commit 35e93564ad
5 changed files with 0 additions and 290 deletions
--- a/pkgs/development/python-modules/nassl/default.nix
+++ b/pkgs/development/python-modules/nassl/default.nix
@ -1,170 +0,0 @@
-{ lib
-, fetchFromGitHub
-, fetchurl
-, buildPythonPackage
-, pkgsStatic
-, openssl_1_1
-, openssl_1_0_2
-, invoke
-, tls-parser
-, cacert
-, pytestCheckHook
-, pythonAtLeast
-, pythonOlder
-}:
-
-let
-  zlibStatic = (pkgsStatic.zlib.override {
-    splitStaticOutput = false;
-  }).overrideAttrs (oldAttrs: {
-    NIX_CFLAGS_COMPILE = "${oldAttrs.NIX_CFLAGS_COMPILE} -fPIC";
-  });
-  nasslOpensslArgs = {
-    static = true;
-    enableSSL2 = true;
-  };
-  nasslOpensslFlagsCommon = [
-    "zlib"
-    "no-zlib-dynamic"
-    "no-shared"
-    "--with-zlib-lib=${zlibStatic.out}/lib"
-    "--with-zlib-include=${zlibStatic.out.dev}/include"
-    "enable-rc5"
-    "enable-md2"
-    "enable-gost"
-    "enable-cast"
-    "enable-idea"
-    "enable-ripemd"
-    "enable-mdc2"
-    "-fPIC"
-  ];
-  opensslStatic = (openssl_1_1.override nasslOpensslArgs).overrideAttrs (
-    oldAttrs: rec {
-      name = "openssl-${version}";
-      version = "1.1.1h";
-      src = fetchurl {
-        url = "https://www.openssl.org/source/${name}.tar.gz";
-        sha256 = "1ncmcnh5bmxkwrvm0m1q4kdcjjfpwvlyjspjhibkxc6p9dvsi72w";
-      };
-      configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon ++ [
-        "enable-weak-ssl-ciphers"
-        "enable-tls1_3"
-        "no-async"
-      ];
-      patches = builtins.filter
-        (
-          p: (builtins.baseNameOf (toString p)) != "macos-yosemite-compat.patch"
-        )
-        oldAttrs.patches;
-      buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ];
-      meta = oldAttrs.meta // {
-        knownVulnerabilities = [
-          "CVE-2020-1971"
-          "CVE-2021-23840"
-          "CVE-2021-23841"
-          "CVE-2021-3449"
-          "CVE-2021-3450"
-          "CVE-2021-3711"
-          "CVE-2021-3712"
-        ];
-      };
-    }
-  );
-  opensslLegacyStatic = (openssl_1_0_2.override nasslOpensslArgs).overrideAttrs (
-    oldAttrs: rec {
-      name = "openssl-${version}";
-      version = "1.0.2e";
-      src = fetchurl {
-        url = "https://www.openssl.org/source/${name}.tar.gz";
-        sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72";
-      };
-      configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon;
-      patches = builtins.filter
-        (
-          p: (builtins.baseNameOf (toString p)) == "darwin64-arm64.patch"
-        )
-        oldAttrs.patches;
-      buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ];
-      # openssl_1_0_2 needs `withDocs = false`
-      outputs = lib.remove "doc" oldAttrs.outputs;
-    }
-  );
-in
-buildPythonPackage rec {
-  pname = "nassl";
-  version = "4.0.2";
-  format = "setuptools";
-
-  disabled = pythonOlder "3.7";
-
-  src = fetchFromGitHub {
-    owner = "nabla-c0d3";
-    repo = pname;
-    rev = version;
-    hash = "sha256-lLyHXLmBVvT+LgsKBU8DcUXd0qaLSrwvXxFnIB9CHcU=";
-  };
-
-  postPatch =
-    let
-      legacyOpenSSLVersion = lib.replaceStrings [ "." ] [ "_" ] opensslLegacyStatic.version;
-      modernOpenSSLVersion = lib.replaceStrings [ "." ] [ "_" ] opensslStatic.version;
-      zlibVersion = zlibStatic.version;
-    in
-    ''
-      mkdir -p deps/openssl-OpenSSL_${legacyOpenSSLVersion}/
-      cp ${opensslLegacyStatic.out}/lib/libssl.a \
-        ${opensslLegacyStatic.out}/lib/libcrypto.a \
-        deps/openssl-OpenSSL_${legacyOpenSSLVersion}/
-      ln -s ${opensslLegacyStatic.out.dev}/include deps/openssl-OpenSSL_${legacyOpenSSLVersion}/include
-      ln -s ${opensslLegacyStatic.bin}/bin deps/openssl-OpenSSL_${legacyOpenSSLVersion}/apps
-
-      mkdir -p deps/openssl-OpenSSL_${modernOpenSSLVersion}/
-      cp ${opensslStatic.out}/lib/libssl.a \
-        ${opensslStatic.out}/lib/libcrypto.a \
-        deps/openssl-OpenSSL_${modernOpenSSLVersion}/
-      ln -s ${opensslStatic.out.dev}/include deps/openssl-OpenSSL_${modernOpenSSLVersion}/include
-      ln -s ${opensslStatic.bin}/bin deps/openssl-OpenSSL_${modernOpenSSLVersion}/apps
-
-      mkdir -p deps/zlib-${zlibVersion}/
-      cp ${zlibStatic.out}/lib/libz.a deps/zlib-${zlibVersion}/
-    '';
-
-  nativeBuildInputs = [
-    invoke
-  ];
-
-  propagatedBuildInputs = [
-    tls-parser
-  ];
-
-  checkInputs = [
-    pytestCheckHook
-  ];
-
-  buildPhase = ''
-    invoke build.nassl
-    invoke package.wheel
-  '';
-
-  doCheck = true;
-
-  pythonImportsCheck = [
-    "nassl"
-  ];
-
-  disabledTests = [
-    "Online"
-  ] ++ lib.optionals (pythonAtLeast "3.10") [
-    "test_write_bad"
-    "test_client_authentication_no_certificate_supplied"
-    "test_client_authentication_succeeds"
-  ];
-
-  meta = with lib; {
-    description = "Low-level OpenSSL wrapper for Python";
-    homepage = "https://github.com/nabla-c0d3/nassl";
-    license = licenses.agpl3Only;
-    maintainers = with maintainers; [ veehaitch ];
-    platforms = with platforms; linux ++ darwin;
-  };
-}
--- a/pkgs/development/python-modules/sslyze/default.nix
+++ b/pkgs/development/python-modules/sslyze/default.nix
@ -1,113 +0,0 @@
-{ lib
-, fetchFromGitHub
-, buildPythonPackage
-, pytestCheckHook
-, pythonOlder
-  # deps
-, cryptography
-, nassl
-, pydantic
-, tls-parser
-  # check deps
-, faker
-, openssl_1_0_2
-, openssl_1_1
-}:
-
-buildPythonPackage rec {
-  pname = "sslyze";
-  version = "5.0.3";
-  disabled = pythonOlder "3.7";
-
-  src = fetchFromGitHub {
-    owner = "nabla-c0d3";
-    repo = pname;
-    rev = version;
-    hash = "sha256-d465WJIDsgNAPe8KW5v2KDSgzMH7OPLSiFfFH9n+jiA=";
-  };
-
-  patchPhase = ''
-    substituteInPlace setup.py \
-      --replace "cryptography>=2.6,<36.0.0" "cryptography>=2.6"
-  '';
-
-  checkInputs = [
-    pytestCheckHook
-    faker
-  ];
-
-  # Most of the tests are online; hence, applicable tests are listed
-  # explicitly here
-  pytestFlagsArray = [
-    "tests/cli_tests/test_console_output.py"
-    "tests/cli_tests/test_server_string_parser.py"
-    "tests/json_tests/test_json_output.py"
-    "tests/plugins_tests/certificate_info/test_certificate_algorithms.py"
-    "tests/plugins_tests/certificate_info/test_certificate_utils.py"
-    "tests/plugins_tests/certificate_info/test_symantec.py"
-    "tests/plugins_tests/certificate_info/test_trust_store_repository.py"
-    "tests/plugins_tests/openssl_cipher_suites/test_cipher_suites.py"
-    "tests/plugins_tests/test_early_data_plugin.py"
-    "tests/plugins_tests/test_http_headers_plugin.py"
-    "tests/plugins_tests/test_robot_plugin.py"
-    "tests/plugins_tests/test_scan_commands.py"
-    "tests/plugins_tests/test_session_renegotiation_plugin.py"
-    "tests/scanner_tests/test_jobs_worker_thread.py"
-    "tests/scanner_tests/test_mass_scanner.py"
-    "tests/scanner_tests/test_models.py"
-    "tests/scanner_tests/test_scanner.py"
-    "tests/server_connectivity_tests/test_client_authentication.py"
-  ];
-
-  disabledTests = [
-    # TestEllipticCurvesPluginWithOnlineServer
-    "test_supported_curves"
-    # TestRobotPluginPlugin
-    "test_robot_attack_good"
-    # TestHttpHeadersPlugin
-    "test_all_headers_disabled"
-    "test_expect_ct_enabled"
-    "test_hsts_enabled"
-    # TestSessionRenegotiationPlugin
-    "test_renegotiation_good"
-    # TestCertificateAlgorithms
-    "test_ecdsa_certificate"
-    "test_invalid_certificate_bad_name"
-    # TestEarlyDataPlugin
-    "test_early_data_enabled"
-    # TestTrustStoresRepository
-    "test_update_default"
-    # TestClientAuthentication
-    "test_optional_client_authentication"
-  ];
-
-  # Some tests require OpenSSL
-  preCheck = ''
-    pushd $TMPDIR/$sourceRoot/tests/openssl_server/
-
-    rm openssl-1-1-1-linux64
-    ln -s ${openssl_1_1.bin}/bin/openssl openssl-1-1-1-linux64
-
-    rm openssl-1-0-0e-linux64
-    ln -s ${openssl_1_0_2.bin}/bin/openssl openssl-1-0-0e-linux64
-
-    popd
-  '';
-
-  pythonImportsCheck = [ "sslyze" ];
-
-  propagatedBuildInputs = [
-    cryptography
-    nassl
-    pydantic
-    tls-parser
-  ];
-
-  meta = with lib; {
-    homepage = "https://github.com/nabla-c0d3/sslyze";
-    description = "Fast and powerful SSL/TLS scanning library";
-    platforms = platforms.linux ++ platforms.darwin;
-    license = licenses.agpl3Only;
-    maintainers = with maintainers; [ veehaitch ];
-  };
-}
--- a/pkgs/tools/security/wapiti/default.nix
+++ b/pkgs/tools/security/wapiti/default.nix
@ -37,7 +37,6 @@ python3.pkgs.buildPythonApplication rec {
    markupsafe
    pysocks
    six
-    sslyze
    sqlalchemy
    tld
    yaswfp
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -29228,8 +29228,6 @@ with pkgs;
    python = python3;
  };

-  sslyze = with python3Packages; toPythonApplication sslyze;
-
  ssr = callPackage ../applications/audio/soundscape-renderer {
    autoreconfHook = buildPackages.autoreconfHook269;
  };
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@ -5438,8 +5438,6 @@ in {

  napari-svg = callPackage ../development/python-modules/napari-svg { };

-  nassl = callPackage ../development/python-modules/nassl { };
-
  nats-py = callPackage ../development/python-modules/nats-py { };

  nats-python = callPackage ../development/python-modules/nats-python { };
@ -9660,8 +9658,6 @@ in {

  sslib = callPackage ../development/python-modules/sslib { };

-  sslyze = callPackage ../development/python-modules/sslyze { };
-
  stack-data = callPackage ../development/python-modules/stack-data { };

  stanza = callPackage ../development/python-modules/stanza { };