From f52ff8fdb57df1c2d5c9d5a387434916b03fbe17 Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Tue, 28 Jun 2022 00:08:27 +0200
Subject: [PATCH] fix python packages on nixos-22.05

Fixes:
- joinmarket
- pyln-proto
---
 pkgs/python-packages/default.nix              | 19 ++--
 pkgs/python-packages/jmclient/default.nix     |  2 +
 .../specific-versions/pyopenssl.nix           | 92 +++++++++++++++++++
 .../specific-versions/recommonmark.nix        | 12 ---
 .../specific-versions/tubes.nix               | 29 ------
 .../specific-versions/werkzeug.nix            | 68 ++++++++++++++
 6 files changed, 172 insertions(+), 50 deletions(-)
 create mode 100644 pkgs/python-packages/specific-versions/pyopenssl.nix
 delete mode 100644 pkgs/python-packages/specific-versions/recommonmark.nix
 delete mode 100644 pkgs/python-packages/specific-versions/tubes.nix
 create mode 100644 pkgs/python-packages/specific-versions/werkzeug.nix

diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix
index 1479ee1..cd2c593 100644
--- a/pkgs/python-packages/default.nix
+++ b/pkgs/python-packages/default.nix
@@ -26,6 +26,12 @@ in {
   pyln-bolt7 = clightningPkg ./pyln-bolt7;
   pylightning = clightningPkg ./pylightning;
 
+  # Don't mark `klein` as broken.
+  # `klein` is fixed by using werkzeug 2.1.0 (see below)
+  klein = super.klein.overrideAttrs (old: {
+    meta = builtins.removeAttrs old.meta [ "broken" ];
+  });
+
   ## Specific versions of packages that already exist in nixpkgs
 
   # cryptography 3.3.2, required by joinmarketdaemon
@@ -34,17 +40,12 @@ in {
     cryptography_vectors = callPackage ./specific-versions/cryptography/vectors.nix {};
   };
 
-  # cryptography 36.0.0, required by pyln-proto.
-  cryptography = callPackage "${unstable}/pkgs/development/python-modules/cryptography" {
-    Security = self.darwin.apple_sdk.frameworks.Security;
-  };
-
   # autobahn 20.12.3, required by joinmarketclient
   autobahn = callPackage ./specific-versions/autobahn.nix {};
 
-  # tubes 0.2.0, required by jmclient (via pkg `klein`)
-  tubes = callPackage ./specific-versions/tubes.nix {};
+  # werkzeug 2.1.0, required by jmclient (via pkg `klein`)
+  werkzeug = callPackage ./specific-versions/werkzeug.nix {};
 
-  # recommonmark 0.7.1, required by pyln-client
-  recommonmark = callPackage ./specific-versions/recommonmark.nix { inherit (super) recommonmark; };
+  # pyopenssl 20.0.1, required by joinmarketdaemon
+  pyopenssl = callPackage ./specific-versions/pyopenssl.nix {};
 }
diff --git a/pkgs/python-packages/jmclient/default.nix b/pkgs/python-packages/jmclient/default.nix
index dde369b..2044691 100644
--- a/pkgs/python-packages/jmclient/default.nix
+++ b/pkgs/python-packages/jmclient/default.nix
@@ -13,6 +13,8 @@ buildPythonPackage rec {
   patchPhase = ''
     substituteInPlace setup.py \
       --replace "'klein==20.6.0'" "'klein==21.8.0'"
+    substituteInPlace setup.py \
+      --replace "'pyjwt==2.1.0'" "'pyjwt==2.3.0'"
   '';
 
   meta = with lib; {
diff --git a/pkgs/python-packages/specific-versions/pyopenssl.nix b/pkgs/python-packages/specific-versions/pyopenssl.nix
new file mode 100644
index 0000000..6887310
--- /dev/null
+++ b/pkgs/python-packages/specific-versions/pyopenssl.nix
@@ -0,0 +1,92 @@
+{ lib
+, stdenv
+, buildPythonPackage
+, fetchPypi
+, openssl
+, cryptography
+, pyasn1
+, idna
+, pytest
+, pretend
+, flaky
+, glibcLocales
+, six
+}:
+
+let
+  # https://github.com/pyca/pyopenssl/issues/791
+  # These tests, we disable in the case that libressl is passed in as openssl.
+  failingLibresslTests = [
+    "test_op_no_compression"
+    "test_npn_advertise_error"
+    "test_npn_select_error"
+    "test_npn_client_fail"
+    "test_npn_success"
+    "test_use_certificate_chain_file_unicode"
+    "test_use_certificate_chain_file_bytes"
+    "test_add_extra_chain_cert"
+    "test_set_session_id_fail"
+    "test_verify_with_revoked"
+    "test_set_notAfter"
+    "test_set_notBefore"
+  ];
+
+  # these tests are extremely tightly wed to the exact output of the openssl cli tool,
+  # including exact punctuation.
+  failingOpenSSL_1_1Tests = [
+    "test_dump_certificate"
+    "test_dump_privatekey_text"
+    "test_dump_certificate_request"
+    "test_export_text"
+  ];
+
+  disabledTests = [
+    # https://github.com/pyca/pyopenssl/issues/692
+    # These tests, we disable always.
+    "test_set_default_verify_paths"
+    "test_fallback_default_verify_paths"
+    # https://github.com/pyca/pyopenssl/issues/768
+    "test_wantWriteError"
+  ] ++ (
+    lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) failingLibresslTests
+  ) ++ (
+    lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests
+  ) ++ (
+    # https://github.com/pyca/pyopenssl/issues/974
+    lib.optionals stdenv.is32bit [ "test_verify_with_time" ]
+  );
+
+  # Compose the final string expression, including the "-k" and the single quotes.
+  testExpression = lib.optionalString (disabledTests != [])
+    "-k 'not ${lib.concatStringsSep " and not " disabledTests}'";
+
+in
+
+buildPythonPackage rec {
+  pname = "pyopenssl";
+  version = "20.0.1";
+
+  src = fetchPypi {
+    pname = "pyOpenSSL";
+    inherit version;
+    sha256 = "4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51";
+  };
+
+  outputs = [ "out" "dev" ];
+
+  checkPhase = ''
+    runHook preCheck
+    export LANG="en_US.UTF-8"
+    py.test tests ${testExpression}
+    runHook postCheck
+  '';
+
+  # Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1
+  # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
+  doCheck = !stdenv.isDarwin;
+
+  nativeBuildInputs = [ openssl ];
+  propagatedBuildInputs = [ cryptography pyasn1 idna six ];
+
+  checkInputs = [ pytest pretend flaky glibcLocales ];
+}
diff --git a/pkgs/python-packages/specific-versions/recommonmark.nix b/pkgs/python-packages/specific-versions/recommonmark.nix
deleted file mode 100644
index 1fba1c1..0000000
--- a/pkgs/python-packages/specific-versions/recommonmark.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ recommonmark, fetchFromGitHub }:
-
-recommonmark.overridePythonAttrs (old: rec {
-  version = "0.7.1";
-
-  src = fetchFromGitHub {
-    owner = "rtfd";
-    repo = old.pname;
-    rev = version;
-    sha256 = "0kwm4smxbgq0c0ybkxfvlgrfb3gq9amdw94141jyykk9mmz38379";
-  };
-})
diff --git a/pkgs/python-packages/specific-versions/tubes.nix b/pkgs/python-packages/specific-versions/tubes.nix
deleted file mode 100644
index 0dbfe22..0000000
--- a/pkgs/python-packages/specific-versions/tubes.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ lib, buildPythonPackage, fetchPypi, python
-, characteristic, six, twisted
-}:
-
-buildPythonPackage rec {
-  pname = "tubes";
-  version = "0.2.0";
-
-  src = fetchPypi {
-    pname = "Tubes";
-    inherit version;
-    sha256 = "0sg1gg2002h1xsgxigznr1zk1skwmhss72dzk6iysb9k9kdgymcd";
-  };
-
-  propagatedBuildInputs = [ characteristic six twisted ];
-
-  checkPhase = ''
-    ${python.interpreter} -m twisted.trial -j $NIX_BUILD_CORES tubes
-  '';
-
-  pythonImportsCheck = [ "tubes" ];
-
-  meta = with lib; {
-    description = "a data-processing and flow-control engine for event-driven programs";
-    homepage    = "https://github.com/twisted/tubes";
-    license     = licenses.mit;
-    maintainers = with maintainers; [ exarkun ];
-  };
-}
diff --git a/pkgs/python-packages/specific-versions/werkzeug.nix b/pkgs/python-packages/specific-versions/werkzeug.nix
new file mode 100644
index 0000000..f961d03
--- /dev/null
+++ b/pkgs/python-packages/specific-versions/werkzeug.nix
@@ -0,0 +1,68 @@
+{ lib
+, stdenv
+, buildPythonPackage
+, pythonOlder
+, fetchPypi
+, watchdog
+, dataclasses
+, ephemeral-port-reserve
+, pytest-timeout
+, pytest-xprocess
+, pytestCheckHook
+}:
+
+buildPythonPackage rec {
+  pname = "werkzeug";
+  version = "2.1.0";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
+
+  src = fetchPypi {
+    pname = "Werkzeug";
+    inherit version;
+    sha256 = "sha256-m1VGaj6Z4TsfBoamYRfTm9qFqZIWbgp5rt/PNYYyj3o=";
+  };
+
+  propagatedBuildInputs = lib.optionals (!stdenv.isDarwin) [
+    # watchdog requires macos-sdk 10.13+
+    watchdog
+  ] ++ lib.optionals (pythonOlder "3.7") [
+    dataclasses
+  ];
+
+  checkInputs = [
+    ephemeral-port-reserve
+    pytest-timeout
+    pytest-xprocess
+    pytestCheckHook
+  ];
+
+  disabledTests = lib.optionals stdenv.isDarwin [
+    "test_get_machine_id"
+  ];
+
+  disabledTestPaths = [
+    # ConnectionRefusedError: [Errno 111] Connection refused
+    "tests/test_serving.py"
+  ];
+
+  pytestFlagsArray = [
+    # don't run tests that are marked with filterwarnings, they fail with
+    # warnings._OptionError: unknown warning category: 'pytest.PytestUnraisableExceptionWarning'
+    "-m 'not filterwarnings'"
+  ];
+
+  meta = with lib; {
+    homepage = "https://palletsprojects.com/p/werkzeug/";
+    description = "The comprehensive WSGI web application library";
+    longDescription = ''
+      Werkzeug is a comprehensive WSGI web application library. It
+      began as a simple collection of various utilities for WSGI
+      applications and has become one of the most advanced WSGI
+      utility libraries.
+    '';
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ ];
+  };
+}