pyrox.dev
1{
2 lib,
3 boto3,
4 buildPythonPackage,
5 cryptography,
6 docutils,
7 fetchFromGitHub,
8 fetchpatch,
9 pytestCheckHook,
10 pythonOlder,
11 pyyaml,
12 setuptools,
13}:
14
15buildPythonPackage rec {
16 pname = "credstash";
17 version = "1.17.1";
18 pyproject = true;
19
20 disabled = pythonOlder "3.7";
21
22 src = fetchFromGitHub {
23 owner = "fugue";
24 repo = "credstash";
25 tag = "v${version}";
26 hash = "sha256-a6OzffGt5piHgi0AWEXJED0R/+8RETh/9hYJi/lUVu0=";
27 };
28
29 patches = [
30 # setup_requires -> tests_requires for pytest
31 (fetchpatch {
32 url = "https://github.com/fugue/credstash/commit/9c02ee43ed6e37596cafbca2fe80c532ec19d2d8.patch";
33 hash = "sha256-dlybrpfLK+PqwWWhH9iXgXHYysZGmcZAFGWNOwsG0xA=";
34 })
35 ];
36 # The install phase puts an executable and a copy of the library it imports in
37 # bin/credstash and bin/credstash.py, despite the fact that the library is also
38 # installed to lib/python<version>/site-packages/credstash.py.
39 # If we apply wrapPythonPrograms to bin/credstash.py then the executable will try
40 # to import the credstash module from the resulting shell script. Removing this
41 # file ensures that Python imports the module from site-packages library.
42 postInstall = "rm $out/bin/credstash.py";
43
44 build-system = [ setuptools ];
45
46 dependencies = [
47 boto3
48 cryptography
49 docutils
50 pyyaml
51 ];
52
53 nativeBuildInputs = [ pytestCheckHook ];
54
55 disabledTestPaths = [
56 # Tests require a region
57 "integration_tests/test_credstash_lib.py"
58 "tests/key_service_test.py"
59 ];
60
61 meta = with lib; {
62 description = "Utility for managing secrets in the cloud using AWS KMS and DynamoDB";
63 homepage = "https://github.com/LuminalOSS/credstash";
64 changelog = "https://github.com/fugue/credstash/releases/tag/v${version}";
65 license = licenses.asl20;
66 maintainers = [ ];
67 mainProgram = "credstash";
68 };
69}