Merge branch 'master' into staging

2025-10-02 02:15:12 +00:00 · 2020-11-15 23:45:34 +01:00 · 2020-11-15 23:45:34 +01:00 · 4e5e05d409
commit 4e5e05d409
parent 2c400ae942 e1fa3ea9fe
102 changed files with 54372 additions and 32619 deletions
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@ -994,26 +994,34 @@ protocol (Javascript Object Signing and Encryption).")
 (define-public python-pycryptodome
  (package
    (name "python-pycryptodome")
-    (version "3.7.3")
+    (version "3.9.9")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri "pycryptodome" version))
       (sha256
        (base32
-         "0dh6ky5ngxayyn5f6n7gdamjl49g3khz6pdx9sdnag1zwi8248hs"))))
+         "1i4m74f88qj9ci8rpyzrbk2slmsdj5ipmwdkq6qk24byalm203li"))))
    (build-system python-build-system)
    (home-page "https://www.pycryptodome.org")
-    (synopsis "Cryptographic library for Python")
-    (description "This package provides a cryptographic library for Python.
+    (synopsis "Low-level cryptographic Python library")
+    (description
+     "PyCryptodome is a self-contained Python package of low-level
+cryptographic primitives.  It's not a wrapper to a separate C library like
+OpenSSL.  To the largest possible extent, algorithms are implemented in pure
+Python.  Only the pieces that are extremely critical to performance (e.g.,
+block ciphers) are implemented as C extensions.

-It brings the following enhancements with respect to the last official version
-of PyCrypto:
+You are expected to have a solid understanding of cryptography and security
+engineering to successfully use these primitives.  You must also be able to
+recognize that some are obsolete (e.g., TDES) or even insecure (RC4).
+
+It provides many enhancements over the last release of PyCrypto (2.6.1):

@itemize
@item Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)
@item Accelerated AES on Intel platforms via AES-NI
-@item First class support for PyPy
+@item First-class support for PyPy
@item Elliptic curves cryptography (NIST P-256 curve only)
@item Better and more compact API (nonce and iv attributes for ciphers,
 automatic generation of random nonces and IVs, simplified CTR cipher mode, and
@ -1027,13 +1035,63 @@ more)
@item Random numbers get sourced directly from the OS (and not from a CSPRNG
 in userspace)
@item Cleaner RSA and DSA key generation (largely based on FIPS 186-4)
-@item Major clean ups and simplification of the code base
-@end itemize\n")
-    (license license:bsd-2)))
+@item Major clean-ups and simplification of the code base
+@end itemize
+
+This package provides drop-in compatibility with PyCrypto.  It is one of two
+PyCryptodome variants, the other being python-pycryptodomex.")
+    (license (list license:bsd-2
+                   license:public-domain)))) ; code inherited from PyCrypto

 (define-public python2-pycryptodome
  (package-with-python2 python-pycryptodome))

+(define-public python-pycryptodomex
+  (package (inherit python-pycryptodome)
+    (name "python-pycryptodomex")
+    (version (package-version python-pycryptodome))
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pycryptodomex" version))
+       (sha256
+        (base32 "0lbx4qk3xmwqiidhmkj8qa7bh2lf8bwzg0xjpsh2w5zqjrc7qnvv"))))
+    (description
+     "PyCryptodome is a self-contained Python package of low-level
+cryptographic primitives.  It's not a wrapper to a separate C library like
+OpenSSL.  To the largest possible extent, algorithms are implemented in pure
+Python.  Only the pieces that are extremely critical to performance (e.g.,
+block ciphers) are implemented as C extensions.
+
+You are expected to have a solid understanding of cryptography and security
+engineering to successfully use these primitives.  You must also be able to
+recognize that some are obsolete (e.g., TDES) or even insecure (RC4).
+
+It provides many enhancements over the last release of PyCrypto (2.6.1):
+
+@itemize
+@item Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)
+@item Accelerated AES on Intel platforms via AES-NI
+@item First-class support for PyPy
+@item Elliptic curves cryptography (NIST P-256 curve only)
+@item Better and more compact API (nonce and iv attributes for ciphers,
+automatic generation of random nonces and IVs, simplified CTR cipher mode, and
+more)
+@item SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms
+@item Salsa20 and ChaCha20 stream ciphers
+@item scrypt and HKDF
+@item Deterministic (EC)DSA
+@item Password-protected PKCS#8 key containers
+@item Shamir’s Secret Sharing scheme
+@item Random numbers get sourced directly from the OS (and not from a CSPRNG
+in userspace)
+@item Cleaner RSA and DSA key generation (largely based on FIPS 186-4)
+@item Major clean-ups and simplification of the code base
+@end itemize
+
+PyCryptodomex is the stand-alone version of PyCryptodome that no longer
+provides drop-in compatibility with PyCrypto.")))
+
 (define-public python-m2crypto
  (package
    (name "python-m2crypto")
@ -1069,7 +1127,7 @@ through the Engine interface.")
 (define-public python-pykeepass
  (package
    (name "python-pykeepass")
-    (version "3.2.0")
+    (version "3.2.1")
    (source
     (origin
       (method git-fetch)
@ -1079,7 +1137,7 @@ through the Engine interface.")
             (commit version)))
       (file-name (git-file-name name version))
       (sha256
-        (base32 "1wxbfpy7467mlnfsvmh685fhfnq4fki9y7yc9cylp30r5n3hisaj"))))
+        (base32 "1symxf4ahylynihnp9z4z3lh2vy65ipvg8s4hjrnn936hcaaxghk"))))
    (build-system python-build-system)
    (arguments
     `(#:phases
@ -1103,7 +1161,7 @@ through the Engine interface.")
       ("python-dateutil" ,python-dateutil)
       ("python-future" ,python-future)
       ("python-lxml" ,python-lxml)
-       ("python-pycryptodome" ,python-pycryptodome)))
+       ("python-pycryptodomex" ,python-pycryptodomex)))
    (home-page "https://github.com/libkeepass/pykeepass")
    (synopsis "Python library to interact with keepass databases")
    (description