From 06c08984ae03b3f37c3cee2e47ad6ec98e4fb34d Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Fri, 11 Jan 2019 11:16:36 +0100
Subject: [PATCH 1/3] pythonPackages.pysaml2: 3.0.2 -> 4.6.5

Also run tests and hardcode path to xmlsec1.
---
 .../python-modules/pysaml2/default.nix        | 66 +++++++------------
 .../pysaml2/hardcode-xmlsec1-path.patch       | 39 +++++++++++
 pkgs/top-level/python-packages.nix            |  4 +-
 3 files changed, 65 insertions(+), 44 deletions(-)
 create mode 100644 pkgs/development/python-modules/pysaml2/hardcode-xmlsec1-path.patch

diff --git a/pkgs/development/python-modules/pysaml2/default.nix b/pkgs/development/python-modules/pysaml2/default.nix
index 1e9ce18afb9..04d0d1c34a5 100644
--- a/pkgs/development/python-modules/pysaml2/default.nix
+++ b/pkgs/development/python-modules/pysaml2/default.nix
@@ -1,62 +1,42 @@
 { stdenv
 , buildPythonPackage
-, fetchPypi
-, fetchpatch
-, repoze_who
-, paste
-, cryptography
-, pycrypto
-, pyopenssl
-, ipaddress
-, six
-, cffi
-, idna
-, enum34
-, pytz
-, setuptools
-, zope_interface
-, dateutil
-, requests
-, pyasn1
-, webob
-, decorator
-, pycparser
-, defusedxml
-, Mako
-, pytest
-, memcached
-, pymongo
-, mongodict
-, pkgs
+, fetchFromGitHub
+, substituteAll
+, xmlsec
+, cryptography, defusedxml, future, pyopenssl, dateutil, pytz, requests, six
+, mock, pyasn1, pymongo, pytest, responses
 }:
 
 buildPythonPackage rec {
   pname = "pysaml2";
-  version = "3.0.2";
+  version = "4.6.5";
 
-  src = fetchPypi {
-    inherit pname version;
-    sha256 = "0y2iw1dddcvi13xjh3l52z1mvnrbc41ik9k4nn7lwj8x5kimnk9n";
+  # No tests in PyPI tarball
+  src = fetchFromGitHub {
+    owner = "IdentityPython";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0xlbr52vzx1j9sg65jhqv01vp4a49afjy03lc2zb0ggx0xxzngvb";
   };
 
   patches = [
-    (fetchpatch {
-      name = "CVE-2016-10127.patch";
-      url = "https://sources.debian.net/data/main/p/python-pysaml2/3.0.0-5/debian/patches/fix-xxe-in-xml-parsing.patch";
-      sha256 = "184lkwdayjqiahzsn4yp15parqpmphjsb1z7zwd636jvarxqgs2q";
+    (substituteAll {
+      src = ./hardcode-xmlsec1-path.patch;
+      inherit xmlsec;
     })
   ];
 
-  propagatedBuildInputs = [ repoze_who paste cryptography pycrypto pyopenssl ipaddress six cffi idna enum34 pytz setuptools zope_interface dateutil requests pyasn1 webob decorator pycparser defusedxml ];
-  buildInputs = [ Mako pytest memcached pymongo mongodict pkgs.xmlsec ];
+  propagatedBuildInputs = [ cryptography defusedxml future pyopenssl dateutil pytz requests six ];
 
-  preConfigure = ''
-    sed -i 's/pymongo==3.0.1/pymongo/' setup.py
+  checkInputs = [ mock pyasn1 pymongo pytest responses ];
+
+  # Disabled tests try to access the network
+  checkPhase = ''
+    py.test -k "not test_load_extern_incommon \
+            and not test_load_remote_encoding \
+            and not test_load_external"
   '';
 
-  # 16 failed, 427 passed, 17 error in 88.85 seconds
-  doCheck = false;
-
   meta = with stdenv.lib; {
     homepage = "https://github.com/rohe/pysaml2";
     description = "Python implementation of SAML Version 2 Standard";
diff --git a/pkgs/development/python-modules/pysaml2/hardcode-xmlsec1-path.patch b/pkgs/development/python-modules/pysaml2/hardcode-xmlsec1-path.patch
new file mode 100644
index 00000000000..d984c55a8a7
--- /dev/null
+++ b/pkgs/development/python-modules/pysaml2/hardcode-xmlsec1-path.patch
@@ -0,0 +1,39 @@
+diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
+index 59fe2dee..0c24fbcc 100644
+--- a/src/saml2/sigver.py
++++ b/src/saml2/sigver.py
+@@ -165,33 +165,7 @@ def get_xmlsec_binary(paths=None):
+     :return: full name of the xmlsec1 binary found. If no binaries are
+         found then an exception is raised.
+     """
+-    if os.name == 'posix':
+-        bin_name = ['xmlsec1']
+-    elif os.name == 'nt':
+-        bin_name = ['xmlsec.exe', 'xmlsec1.exe']
+-    else:  # Default !?
+-        bin_name = ['xmlsec1']
+-
+-    if paths:
+-        for bname in bin_name:
+-            for path in paths:
+-                fil = os.path.join(path, bname)
+-                try:
+-                    if os.lstat(fil):
+-                        return fil
+-                except OSError:
+-                    pass
+-
+-    for path in os.environ['PATH'].split(os.pathsep):
+-        for bname in bin_name:
+-            fil = os.path.join(path, bname)
+-            try:
+-                if os.lstat(fil):
+-                    return fil
+-            except OSError:
+-                pass
+-
+-    raise SigverError('Cannot find {binary}'.format(binary=bin_name))
++    return '@xmlsec@/bin/xmlsec1'
+ 
+ 
+ def _get_xmlsec_cryptobackend(path=None, search_paths=None):
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 77ee88cc3fc..4d6c3ca4622 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -3528,7 +3528,9 @@ in {
 
   pysam = callPackage ../development/python-modules/pysam { };
 
-  pysaml2 = callPackage ../development/python-modules/pysaml2 { };
+  pysaml2 = callPackage ../development/python-modules/pysaml2 {
+    inherit (pkgs) xmlsec;
+  };
 
   python-pushover = callPackage ../development/python-modules/pushover {};
 

From bc561526d119d6faf6edf0582a78474580713910 Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Fri, 11 Jan 2019 10:33:07 +0100
Subject: [PATCH 2/3] matrix-synapse: 0.34.0.1 -> 0.34.1.1

Also correctly run tests.
---
 pkgs/servers/matrix-synapse/default.nix | 28 ++++++-------------------
 1 file changed, 6 insertions(+), 22 deletions(-)

diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix
index 85794d2b6ee..e9d6ab235a8 100644
--- a/pkgs/servers/matrix-synapse/default.nix
+++ b/pkgs/servers/matrix-synapse/default.nix
@@ -5,20 +5,6 @@
 with python2.pkgs;
 
 let
-  matrix-angular-sdk = buildPythonPackage rec {
-    pname = "matrix-angular-sdk";
-    version = "0.6.8";
-
-    src = fetchPypi {
-      inherit pname version;
-      sha256 = "0gmx4y5kqqphnq3m7xk2vpzb0w2a4palicw7wfdr1q2schl9fhz2";
-    };
-
-    # no checks from Pypi but as this is abandonware, there will be no
-    # new version anyway
-    doCheck = false;
-  };
-
   matrix-synapse-ldap3 = buildPythonPackage rec {
     pname = "matrix-synapse-ldap3";
     version = "0.1.3";
@@ -37,11 +23,11 @@ let
 
 in buildPythonApplication rec {
   pname = "matrix-synapse";
-  version = "0.34.0.1";
+  version = "0.34.1.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "00mj8gb8yx43frzni7xqxr52xix0vizydbmcnhjb6mnr5w6jafb7";
+    sha256 = "13jmbcabll3gk0b6yqwfwpc7aymqhpv6iririzskhm4pgbjcp3yk";
   };
 
   patches = [
@@ -58,7 +44,6 @@ in buildPythonApplication rec {
     jinja2
     jsonschema
     lxml
-    matrix-angular-sdk
     matrix-synapse-ldap3
     msgpack-python
     netaddr
@@ -88,12 +73,11 @@ in buildPythonApplication rec {
     unpaddedbase64
   ] ++ lib.optional enableSystemd systemd;
 
-  # tests fail under py3 for now, but version 0.34.0 will use py3 by default
-  # https://github.com/matrix-org/synapse/issues/4036
-  doCheck = true;
-  checkPhase = "python -m twisted.trial test";
+  checkInputs = [ mock ];
 
-  checkInputs = [ mock setuptoolsTrial ];
+  checkPhase = ''
+    PYTHONPATH=".:$PYTHONPATH" trial tests
+  '';
 
   meta = with stdenv.lib; {
     homepage = https://matrix.org;

From b720ecb9ee5a2d56d9b416bc78736b0c1a65bb16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?=
 <robert.schuetz@stud.uni-heidelberg.de>
Date: Fri, 11 Jan 2019 15:59:03 +0100
Subject: [PATCH 3/3] matrix-synapse: use python3

---
 pkgs/servers/matrix-synapse/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix
index e9d6ab235a8..ee52b838aea 100644
--- a/pkgs/servers/matrix-synapse/default.nix
+++ b/pkgs/servers/matrix-synapse/default.nix
@@ -1,8 +1,8 @@
-{ lib, stdenv, python2
+{ lib, stdenv, python3
 , enableSystemd ? true
 }:
 
-with python2.pkgs;
+with python3.pkgs;
 
 let
   matrix-synapse-ldap3 = buildPythonPackage rec {