python3Packages.matrix-nio: permit insecure Olm during check phase

Olm has a known vulnerability (NixOS#334638) but is only an optional dependency of nio, so in theory nio should by default be unaffected. nio’s tests, however, cover its full suite of extra features, so Olm is still evaluated as a dependency of the check phase. Since the check phase doesn’t process user data or access the network this vulnerability isn’t relevant and can be ignored, allowing nio to evaluate and ultimately be run without Olm.
AndrewKvalheim · Aug 23, 2024 · 2b520d6 · 2b520d6
1 parent cc76f5a
commit 2b520d6
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/pkgs/development/python-modules/matrix-nio/default.nix b/pkgs/development/python-modules/matrix-nio/default.nix
@@ -40,6 +40,13 @@
   zulip,
 }:
 
+let
+  permitInsecureOlm = map (pythonPackage:
+    pythonPackage.override (lib.optionalAttrs (pythonPackage.pname == "python-olm") (
+      let olm = lib.findFirst (p: p.pname == "olm") null pythonPackage.buildInputs;
+      in { olm = olm.overrideAttrs (lib.addMetaAttrs { knownVulnerabilities = [ ]; }); }
+    )));
+in
 buildPythonPackage rec {
   pname = "matrix-nio";
   version = "0.24.0";
@@ -83,7 +90,7 @@ buildPythonPackage rec {
     pytest-aiohttp
     pytest-benchmark
     pytestCheckHook
-  ] ++ passthru.optional-dependencies.e2e;
+  ] ++ permitInsecureOlm passthru.optional-dependencies.e2e;
 
   pytestFlagsArray = [ "--benchmark-disable" ];