diff --git a/gnu/local.mk b/gnu/local.mk index a06f359435..89d1e83b4b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -815,6 +815,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-configobj-setuptools.patch \ %D%/packages/patches/python-paste-remove-website-test.patch \ %D%/packages/patches/python-paste-remove-timing-test.patch \ + %D%/packages/patches/python-pyopenssl-skip-network-test.patch \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/qemu-CVE-2016-8576.patch \ %D%/packages/patches/qemu-CVE-2016-8577.patch \ diff --git a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch new file mode 100644 index 0000000000..a24eaf69a0 --- /dev/null +++ b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch @@ -0,0 +1,50 @@ +This test tries connecting to an external server which is not supported +in the build environment. See discussion at: + +https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00650.html + +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index ee849fd..60048b8 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -1180,40 +1180,6 @@ class ContextTests(TestCase, _LoopbackMixin): + TypeError, context.load_verify_locations, None, None, None + ) + +- @pytest.mark.skipif( +- platform == "win32", +- reason="set_default_verify_paths appears not to work on Windows. " +- "See LP#404343 and LP#404344." +- ) +- def test_set_default_verify_paths(self): +- """ +- :py:obj:`Context.set_default_verify_paths` causes the +- platform-specific CA certificate locations to be used for +- verification purposes. +- """ +- # Testing this requires a server with a certificate signed by one +- # of the CAs in the platform CA location. Getting one of those +- # costs money. Fortunately (or unfortunately, depending on your +- # perspective), it's easy to think of a public server on the +- # internet which has such a certificate. Connecting to the network +- # in a unit test is bad, but it's the only way I can think of to +- # really test this. -exarkun +- +- # Arg, verisign.com doesn't speak anything newer than TLS 1.0 +- context = Context(SSLv23_METHOD) +- context.set_default_verify_paths() +- context.set_verify( +- VERIFY_PEER, +- lambda conn, cert, errno, depth, preverify_ok: preverify_ok) +- +- client = socket() +- client.connect(("encrypted.google.com", 443)) +- clientSSL = Connection(context, client) +- clientSSL.set_connect_state() +- clientSSL.do_handshake() +- clientSSL.send(b"GET / HTTP/1.0\r\n\r\n") +- self.assertTrue(clientSSL.recv(1024)) +- + def test_set_default_verify_paths_signature(self): + """ + :py:obj:`Context.set_default_verify_paths` takes no arguments and diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index fece7cdb75..dce46cec34 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -6672,11 +6672,18 @@ message digests and key derivation functions.") (uri (pypi-uri "pyOpenSSL" version)) (sha256 (base32 - "0vji4yrfshs15xpczbhzhasnjrwcarsqg87n98ixnyafnyxs6ybp")))) + "0vji4yrfshs15xpczbhzhasnjrwcarsqg87n98ixnyafnyxs6ybp")) + (patches + (search-patches "python-pyopenssl-skip-network-test.patch")))) (build-system python-build-system) (arguments - ;; FIXME: Some tests fail with "NameError: name 'long' is not defined". - '(#:tests? #f)) + '(#:phases + (modify-phases %standard-phases + (delete 'check) + (add-after 'install 'check + (lambda* (#:key inputs outputs #:allow-other-keys) + (add-installed-pythonpath inputs outputs) + (zero? (system* "py.test" "-v"))))))) (propagated-inputs `(("python-cryptography" ,python-cryptography) ("python-six" ,python-six)))