From 343f689854200a2e40b9701623cc47af661633d4 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Thu, 21 May 2020 12:25:12 +0200 Subject: [PATCH 1/3] pythonPackage.tls-parser: init at 1.2.2 --- .../python-modules/tls-parser/default.nix | 29 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 31 insertions(+) create mode 100644 pkgs/development/python-modules/tls-parser/default.nix diff --git a/pkgs/development/python-modules/tls-parser/default.nix b/pkgs/development/python-modules/tls-parser/default.nix new file mode 100644 index 00000000000..5b6bfe6a0e2 --- /dev/null +++ b/pkgs/development/python-modules/tls-parser/default.nix @@ -0,0 +1,29 @@ +{ lib +, isPy27 +, fetchFromGitHub +, buildPythonPackage +, pytestCheckHook +}: + +buildPythonPackage rec { + pname = "tls-parser"; + version = "1.2.2"; + disabled = isPy27; + + src = fetchFromGitHub { + owner = "nabla-c0d3"; + repo = "tls_parser"; + rev = version; + sha256 = "12qj3vg02r5a51w6gbgb1gcxicqc10lbbsdi57jkkfvbqiindbd0"; + }; + + checkInputs = [ pytestCheckHook ]; + + meta = with lib; { + homepage = "https://github.com/nabla-c0d3/tls_parser"; + description = "Small library to parse TLS records"; + platforms = with platforms; linux ++ darwin; + license = licenses.mit; + maintainers = with maintainers; [ veehaitch ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 331f7292b93..e91be307fd3 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1583,6 +1583,8 @@ in { tesserocr = callPackage ../development/python-modules/tesserocr { }; + tls-parser = callPackage ../development/python-modules/tls-parser { }; + trueskill = callPackage ../development/python-modules/trueskill { }; trustme = callPackage ../development/python-modules/trustme {}; From 9a243a6cd2e2b7545add8d258e9e3bbd6832a0cc Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Thu, 21 May 2020 12:27:42 +0200 Subject: [PATCH 2/3] python3Package.nassl: init at 3.0.0 --- .../python-modules/nassl/default.nix | 120 ++++++++++++++++++ .../nassl/nix-ssl-cert-file.patch | 14 ++ pkgs/top-level/python-packages.nix | 2 + 3 files changed, 136 insertions(+) create mode 100644 pkgs/development/python-modules/nassl/default.nix create mode 100644 pkgs/development/python-modules/nassl/nix-ssl-cert-file.patch diff --git a/pkgs/development/python-modules/nassl/default.nix b/pkgs/development/python-modules/nassl/default.nix new file mode 100644 index 00000000000..08cfb66408d --- /dev/null +++ b/pkgs/development/python-modules/nassl/default.nix @@ -0,0 +1,120 @@ +{ lib +, fetchFromGitHub +, fetchurl +, buildPythonPackage +, pkgsStatic +, openssl +, invoke +, pytest +, tls-parser +, cacert +}: + +let + zlibStatic = pkgsStatic.zlib; + nasslOpensslArgs = { + static = true; + enableSSL2 = true; + }; + nasslOpensslFlagsCommon = [ + "zlib" + "no-zlib-dynamic" + "no-shared" + "--with-zlib-lib=${zlibStatic.out}/lib" + "--with-zlib-include=${zlibStatic.out.dev}/include" + "enable-rc5" + "enable-md2" + "enable-gost" + "enable-cast" + "enable-idea" + "enable-ripemd" + "enable-mdc2" + "-fPIC" + ]; + opensslStatic = (openssl.override nasslOpensslArgs).overrideAttrs ( + oldAttrs: rec { + name = "openssl-${version}"; + version = "1.1.1"; + src = fetchurl { + url = "https://www.openssl.org/source/${name}.tar.gz"; + sha256 = "0gbab2fjgms1kx5xjvqx8bxhr98k4r8l2fa8vw7kvh491xd8fdi8"; + }; + configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon ++ [ + "enable-weak-ssl-ciphers" + "enable-tls1_3" + "no-async" + ]; + patches = [ ./nix-ssl-cert-file.patch ]; + buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ]; + } + ); + opensslLegacyStatic = (openssl.override nasslOpensslArgs).overrideAttrs ( + oldAttrs: rec { + name = "openssl-${version}"; + version = "1.0.2e"; + src = fetchurl { + url = "https://www.openssl.org/source/${name}.tar.gz"; + sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72"; + }; + configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon; + patches = [ ]; + buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ]; + # openssl_1_0_2 needs `withDocs = false` + outputs = lib.remove "doc" oldAttrs.outputs; + } + ); +in +buildPythonPackage rec { + pname = "nassl"; + version = "3.0.0"; + + src = fetchFromGitHub { + owner = "nabla-c0d3"; + repo = pname; + rev = version; + sha256 = "1dhgkpldadq9hg5isb6mrab7z80sy5bvzad2fb54pihnknfwhp8z"; + }; + + postPatch = '' + mkdir -p deps/openssl-OpenSSL_1_0_2e/ + cp ${opensslLegacyStatic.out}/lib/libssl.a \ + ${opensslLegacyStatic.out}/lib/libcrypto.a \ + deps/openssl-OpenSSL_1_0_2e/ + ln -s ${opensslLegacyStatic.out.dev}/include deps/openssl-OpenSSL_1_0_2e/include + ln -s ${opensslLegacyStatic.bin}/bin deps/openssl-OpenSSL_1_0_2e/apps + + mkdir -p deps/openssl-OpenSSL_1_1_1/ + cp ${opensslStatic.out}/lib/libssl.a \ + ${opensslStatic.out}/lib/libcrypto.a \ + deps/openssl-OpenSSL_1_1_1/ + ln -s ${opensslStatic.out.dev}/include deps/openssl-OpenSSL_1_1_1/include + ln -s ${opensslStatic.bin}/bin deps/openssl-OpenSSL_1_1_1/apps + + mkdir -p deps/zlib-1.2.11/ + cp ${zlibStatic.out}/lib/libz.a deps/zlib-1.2.11/ + ''; + + propagatedBuildInputs = [ tls-parser ]; + + nativeBuildInputs = [ invoke ]; + + buildPhase = '' + invoke build.nassl + invoke package.wheel + ''; + + checkInputs = [ pytest ]; + + checkPhase = '' + # Skip online tests + pytest -k 'not Online' + ''; + + meta = with lib; { + homepage = "https://github.com/nabla-c0d3/nassl"; + description = "Low-level OpenSSL wrapper for Python 3.7+"; + platforms = with platforms; linux ++ darwin; + license = licenses.agpl3; + maintainers = with maintainers; [ veehaitch ]; + }; +} diff --git a/pkgs/development/python-modules/nassl/nix-ssl-cert-file.patch b/pkgs/development/python-modules/nassl/nix-ssl-cert-file.patch new file mode 100644 index 00000000000..893fb3eb664 --- /dev/null +++ b/pkgs/development/python-modules/nassl/nix-ssl-cert-file.patch @@ -0,0 +1,14 @@ +diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c +--- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200 ++++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200 +@@ -97,7 +97,9 @@ + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = getenv(X509_get_default_cert_file_env()); ++ file = getenv("NIX_SSL_CERT_FILE"); ++ if (!file) ++ file = getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file(ctx, file, + X509_FILETYPE_PEM) != 0); diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e91be307fd3..161ad54f275 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -969,6 +969,8 @@ in { nanomsg-python = callPackage ../development/python-modules/nanomsg-python { inherit (pkgs) nanomsg; }; + nassl = callPackage ../development/python-modules/nassl { }; + nbsmoke = callPackage ../development/python-modules/nbsmoke { }; nbsphinx = callPackage ../development/python-modules/nbsphinx { }; From 9ec1297d8a54786138065850687cfd4dc5cb020f Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Thu, 21 May 2020 12:33:16 +0200 Subject: [PATCH 3/3] python3Package.sslyze: init at 3.0.7 --- .../python-modules/sslyze/default.nix | 52 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + pkgs/top-level/python-packages.nix | 2 + 3 files changed, 56 insertions(+) create mode 100644 pkgs/development/python-modules/sslyze/default.nix diff --git a/pkgs/development/python-modules/sslyze/default.nix b/pkgs/development/python-modules/sslyze/default.nix new file mode 100644 index 00000000000..78824515a45 --- /dev/null +++ b/pkgs/development/python-modules/sslyze/default.nix @@ -0,0 +1,52 @@ +{ lib +, fetchFromGitHub +, pytest +, buildPythonPackage +, nassl +, cryptography +, typing-extensions +, faker +}: + +buildPythonPackage rec { + pname = "sslyze"; + version = "3.0.7"; + + src = fetchFromGitHub { + owner = "nabla-c0d3"; + repo = pname; + rev = version; + sha256 = "1ahwldsh3xvagin09dy5q73bdw5k4siqy2qqgxwj4wdyd7pjb4p9"; + }; + + patchPhase = '' + substituteInPlace setup.py \ + --replace "cryptography>=2.6,<=2.9" "cryptography>=2.6,<=3" + ''; + + checkInputs = [ pytest ]; + + checkPhase = '' + # Most of the tests are online; hence, applicable tests are listed + # explicitly here + pytest \ + tests/test_main.py \ + tests/test_scanner.py \ + tests/cli_tests/test_console_output.py \ + tests/cli_tests/test_json_output.py \ + tests/cli_tests/test_server_string_parser.py \ + tests/plugins_tests/test_scan_commands.py \ + tests/plugins_tests/certificate_info/test_certificate_utils.py \ + -k "not (TestScanner and test_client_certificate_missing)" + ''; + + propagatedBuildInputs = [ nassl cryptography typing-extensions faker ]; + + meta = with lib; { + homepage = "https://github.com/nabla-c0d3/sslyze"; + description = "Fast and powerful SSL/TLS scanning library"; + platforms = platforms.linux ++ platforms.darwin; + license = licenses.agpl3; + maintainers = with maintainers; [ veehaitch ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0a0bb8018ef..40f296dc98f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22253,6 +22253,8 @@ in git = gitMinimal; }; + sslyze = with python3Packages; toPythonApplication sslyze; + ssr = callPackage ../applications/audio/soundscape-renderer {}; ssrc = callPackage ../applications/audio/ssrc { }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 161ad54f275..be1fc772bac 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1555,6 +1555,8 @@ in { sslib = callPackage ../development/python-modules/sslib { }; + sslyze = callPackage ../development/python-modules/sslyze { }; + statistics = callPackage ../development/python-modules/statistics { }; stm32loader = callPackage ../development/python-modules/stm32loader { };