Skip to content

Commit

Permalink
python-paramiko: Add patch for ECDSA private keys.
Browse files Browse the repository at this point in the history 
This patch should be backwards-incompatible and is also submitted
upstream as paramiko/paramiko#218.

The main reason for this patch is that we need it for NixOS/nixops#124
in order to cope with NixOS/nixops@a2718b6, which makes ECDSA private
key the default for new deployments.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
  • Loading branch information
@aszlig
aszlig committed Oct 2, 2013
1 parent a5f8f6a commit 58fdf34
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions pkgs/top-level/python-packages.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3988,6 +3988,14 @@ pythonPackages = modules // import ./python-packages-generated.nix {
md5 = "4187f77b1a5a313c899993930e30c321";
};

patches = pkgs.lib.singleton (fetchurl {
# See https://github.com/paramiko/paramiko/pull/218
name = "ecdsa-private-keys.patch";
url = "https://github.com/aszlig/paramiko/compare/"
+ "c73764a947...ad33bb186f.diff";
sha256 = "1f1dxnd2di7jh3knn4qfipa46f6f9rqdzmc1lncwb3sbd772r8fx";
});

propagatedBuildInputs = [ pycrypto ecdsa ];

checkPhase = "python test.py";
Expand Down

2 comments on commit 58fdf34

@domenkozar
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm very much against such patches. We shouldn't allow ourselves to end up customizing NixOS for everyone on personal needs.

Major reason being that NixOS then can never expect how the package really works and we might introduce new security holes.

Nix allows anyone to customize each derivation quite easily and I think that's our major advantage.

@aszlig
Copy link
Member Author

@aszlig aszlig commented on 58fdf34 Oct 2, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added it to the NixOps branch in the first place, but moved it to nixpkgs because I thought it was of a more generic use, especially if you're having NixOps deployments already. But you're right, this probably is only useful for people actually using ECDSA private keys, whereas in our case we currently use it for host keys by default, so going to move this back to NixOps.

Please sign in to comment.