parent
6fa52289b4
commit
35e93564ad
@ -1,170 +0,0 @@ |
||||
{ lib |
||||
, fetchFromGitHub |
||||
, fetchurl |
||||
, buildPythonPackage |
||||
, pkgsStatic |
||||
, openssl_1_1 |
||||
, openssl_1_0_2 |
||||
, invoke |
||||
, tls-parser |
||||
, cacert |
||||
, pytestCheckHook |
||||
, pythonAtLeast |
||||
, pythonOlder |
||||
}: |
||||
|
||||
let |
||||
zlibStatic = (pkgsStatic.zlib.override { |
||||
splitStaticOutput = false; |
||||
}).overrideAttrs (oldAttrs: { |
||||
NIX_CFLAGS_COMPILE = "${oldAttrs.NIX_CFLAGS_COMPILE} -fPIC"; |
||||
}); |
||||
nasslOpensslArgs = { |
||||
static = true; |
||||
enableSSL2 = true; |
||||
}; |
||||
nasslOpensslFlagsCommon = [ |
||||
"zlib" |
||||
"no-zlib-dynamic" |
||||
"no-shared" |
||||
"--with-zlib-lib=${zlibStatic.out}/lib" |
||||
"--with-zlib-include=${zlibStatic.out.dev}/include" |
||||
"enable-rc5" |
||||
"enable-md2" |
||||
"enable-gost" |
||||
"enable-cast" |
||||
"enable-idea" |
||||
"enable-ripemd" |
||||
"enable-mdc2" |
||||
"-fPIC" |
||||
]; |
||||
opensslStatic = (openssl_1_1.override nasslOpensslArgs).overrideAttrs ( |
||||
oldAttrs: rec { |
||||
name = "openssl-${version}"; |
||||
version = "1.1.1h"; |
||||
src = fetchurl { |
||||
url = "https://www.openssl.org/source/${name}.tar.gz"; |
||||
sha256 = "1ncmcnh5bmxkwrvm0m1q4kdcjjfpwvlyjspjhibkxc6p9dvsi72w"; |
||||
}; |
||||
configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon ++ [ |
||||
"enable-weak-ssl-ciphers" |
||||
"enable-tls1_3" |
||||
"no-async" |
||||
]; |
||||
patches = builtins.filter |
||||
( |
||||
p: (builtins.baseNameOf (toString p)) != "macos-yosemite-compat.patch" |
||||
) |
||||
oldAttrs.patches; |
||||
buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ]; |
||||
meta = oldAttrs.meta // { |
||||
knownVulnerabilities = [ |
||||
"CVE-2020-1971" |
||||
"CVE-2021-23840" |
||||
"CVE-2021-23841" |
||||
"CVE-2021-3449" |
||||
"CVE-2021-3450" |
||||
"CVE-2021-3711" |
||||
"CVE-2021-3712" |
||||
]; |
||||
}; |
||||
} |
||||
); |
||||
opensslLegacyStatic = (openssl_1_0_2.override nasslOpensslArgs).overrideAttrs ( |
||||
oldAttrs: rec { |
||||
name = "openssl-${version}"; |
||||
version = "1.0.2e"; |
||||
src = fetchurl { |
||||
url = "https://www.openssl.org/source/${name}.tar.gz"; |
||||
sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72"; |
||||
}; |
||||
configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon; |
||||
patches = builtins.filter |
||||
( |
||||
p: (builtins.baseNameOf (toString p)) == "darwin64-arm64.patch" |
||||
) |
||||
oldAttrs.patches; |
||||
buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ]; |
||||
# openssl_1_0_2 needs `withDocs = false` |
||||
outputs = lib.remove "doc" oldAttrs.outputs; |
||||
} |
||||
); |
||||
in |
||||
buildPythonPackage rec { |
||||
pname = "nassl"; |
||||
version = "4.0.2"; |
||||
format = "setuptools"; |
||||
|
||||
disabled = pythonOlder "3.7"; |
||||
|
||||
src = fetchFromGitHub { |
||||
owner = "nabla-c0d3"; |
||||
repo = pname; |
||||
rev = version; |
||||
hash = "sha256-lLyHXLmBVvT+LgsKBU8DcUXd0qaLSrwvXxFnIB9CHcU="; |
||||
}; |
||||
|
||||
postPatch = |
||||
let |
||||
legacyOpenSSLVersion = lib.replaceStrings [ "." ] [ "_" ] opensslLegacyStatic.version; |
||||
modernOpenSSLVersion = lib.replaceStrings [ "." ] [ "_" ] opensslStatic.version; |
||||
zlibVersion = zlibStatic.version; |
||||
in |
||||
'' |
||||
mkdir -p deps/openssl-OpenSSL_${legacyOpenSSLVersion}/ |
||||
cp ${opensslLegacyStatic.out}/lib/libssl.a \ |
||||
${opensslLegacyStatic.out}/lib/libcrypto.a \ |
||||
deps/openssl-OpenSSL_${legacyOpenSSLVersion}/ |
||||
ln -s ${opensslLegacyStatic.out.dev}/include deps/openssl-OpenSSL_${legacyOpenSSLVersion}/include |
||||
ln -s ${opensslLegacyStatic.bin}/bin deps/openssl-OpenSSL_${legacyOpenSSLVersion}/apps |
||||
|
||||
mkdir -p deps/openssl-OpenSSL_${modernOpenSSLVersion}/ |
||||
cp ${opensslStatic.out}/lib/libssl.a \ |
||||
${opensslStatic.out}/lib/libcrypto.a \ |
||||
deps/openssl-OpenSSL_${modernOpenSSLVersion}/ |
||||
ln -s ${opensslStatic.out.dev}/include deps/openssl-OpenSSL_${modernOpenSSLVersion}/include |
||||
ln -s ${opensslStatic.bin}/bin deps/openssl-OpenSSL_${modernOpenSSLVersion}/apps |
||||
|
||||
mkdir -p deps/zlib-${zlibVersion}/ |
||||
cp ${zlibStatic.out}/lib/libz.a deps/zlib-${zlibVersion}/ |
||||
''; |
||||
|
||||
nativeBuildInputs = [ |
||||
invoke |
||||
]; |
||||
|
||||
propagatedBuildInputs = [ |
||||
tls-parser |
||||
]; |
||||
|
||||
checkInputs = [ |
||||
pytestCheckHook |
||||
]; |
||||
|
||||
buildPhase = '' |
||||
invoke build.nassl |
||||
invoke package.wheel |
||||
''; |
||||
|
||||
doCheck = true; |
||||
|
||||
pythonImportsCheck = [ |
||||
"nassl" |
||||
]; |
||||
|
||||
disabledTests = [ |
||||
"Online" |
||||
] ++ lib.optionals (pythonAtLeast "3.10") [ |
||||
"test_write_bad" |
||||
"test_client_authentication_no_certificate_supplied" |
||||
"test_client_authentication_succeeds" |
||||
]; |
||||
|
||||
meta = with lib; { |
||||
description = "Low-level OpenSSL wrapper for Python"; |
||||
homepage = "https://github.com/nabla-c0d3/nassl"; |
||||
license = licenses.agpl3Only; |
||||
maintainers = with maintainers; [ veehaitch ]; |
||||
platforms = with platforms; linux ++ darwin; |
||||
}; |
||||
} |
@ -1,113 +0,0 @@ |
||||
{ lib |
||||
, fetchFromGitHub |
||||
, buildPythonPackage |
||||
, pytestCheckHook |
||||
, pythonOlder |
||||
# deps |
||||
, cryptography |
||||
, nassl |
||||
, pydantic |
||||
, tls-parser |
||||
# check deps |
||||
, faker |
||||
, openssl_1_0_2 |
||||
, openssl_1_1 |
||||
}: |
||||
|
||||
buildPythonPackage rec { |
||||
pname = "sslyze"; |
||||
version = "5.0.3"; |
||||
disabled = pythonOlder "3.7"; |
||||
|
||||
src = fetchFromGitHub { |
||||
owner = "nabla-c0d3"; |
||||
repo = pname; |
||||
rev = version; |
||||
hash = "sha256-d465WJIDsgNAPe8KW5v2KDSgzMH7OPLSiFfFH9n+jiA="; |
||||
}; |
||||
|
||||
patchPhase = '' |
||||
substituteInPlace setup.py \ |
||||
--replace "cryptography>=2.6,<36.0.0" "cryptography>=2.6" |
||||
''; |
||||
|
||||
checkInputs = [ |
||||
pytestCheckHook |
||||
faker |
||||
]; |
||||
|
||||
# Most of the tests are online; hence, applicable tests are listed |
||||
# explicitly here |
||||
pytestFlagsArray = [ |
||||
"tests/cli_tests/test_console_output.py" |
||||
"tests/cli_tests/test_server_string_parser.py" |
||||
"tests/json_tests/test_json_output.py" |
||||
"tests/plugins_tests/certificate_info/test_certificate_algorithms.py" |
||||
"tests/plugins_tests/certificate_info/test_certificate_utils.py" |
||||
"tests/plugins_tests/certificate_info/test_symantec.py" |
||||
"tests/plugins_tests/certificate_info/test_trust_store_repository.py" |
||||
"tests/plugins_tests/openssl_cipher_suites/test_cipher_suites.py" |
||||
"tests/plugins_tests/test_early_data_plugin.py" |
||||
"tests/plugins_tests/test_http_headers_plugin.py" |
||||
"tests/plugins_tests/test_robot_plugin.py" |
||||
"tests/plugins_tests/test_scan_commands.py" |
||||
"tests/plugins_tests/test_session_renegotiation_plugin.py" |
||||
"tests/scanner_tests/test_jobs_worker_thread.py" |
||||
"tests/scanner_tests/test_mass_scanner.py" |
||||
"tests/scanner_tests/test_models.py" |
||||
"tests/scanner_tests/test_scanner.py" |
||||
"tests/server_connectivity_tests/test_client_authentication.py" |
||||
]; |
||||
|
||||
disabledTests = [ |
||||
# TestEllipticCurvesPluginWithOnlineServer |
||||
"test_supported_curves" |
||||
# TestRobotPluginPlugin |
||||
"test_robot_attack_good" |
||||
# TestHttpHeadersPlugin |
||||
"test_all_headers_disabled" |
||||
"test_expect_ct_enabled" |
||||
"test_hsts_enabled" |
||||
# TestSessionRenegotiationPlugin |
||||
"test_renegotiation_good" |
||||
# TestCertificateAlgorithms |
||||
"test_ecdsa_certificate" |
||||
"test_invalid_certificate_bad_name" |
||||
# TestEarlyDataPlugin |
||||
"test_early_data_enabled" |
||||
# TestTrustStoresRepository |
||||
"test_update_default" |
||||
# TestClientAuthentication |
||||
"test_optional_client_authentication" |
||||
]; |
||||
|
||||
# Some tests require OpenSSL |
||||
preCheck = '' |
||||
pushd $TMPDIR/$sourceRoot/tests/openssl_server/ |
||||
|
||||
rm openssl-1-1-1-linux64 |
||||
ln -s ${openssl_1_1.bin}/bin/openssl openssl-1-1-1-linux64 |
||||
|
||||
rm openssl-1-0-0e-linux64 |
||||
ln -s ${openssl_1_0_2.bin}/bin/openssl openssl-1-0-0e-linux64 |
||||
|
||||
popd |
||||
''; |
||||
|
||||
pythonImportsCheck = [ "sslyze" ]; |
||||
|
||||
propagatedBuildInputs = [ |
||||
cryptography |
||||
nassl |
||||
pydantic |
||||
tls-parser |
||||
]; |
||||
|
||||
meta = with lib; { |
||||
homepage = "https://github.com/nabla-c0d3/sslyze"; |
||||
description = "Fast and powerful SSL/TLS scanning library"; |
||||
platforms = platforms.linux ++ platforms.darwin; |
||||
license = licenses.agpl3Only; |
||||
maintainers = with maintainers; [ veehaitch ]; |
||||
}; |
||||
} |
Loading…
Reference in new issue