From 2b520d6fef8a2b2d1ef87989ebc1504053ed2038 Mon Sep 17 00:00:00 2001 From: Andrew Kvalheim Date: Thu, 22 Aug 2024 20:21:32 -0700 Subject: [PATCH] python3Packages.matrix-nio: permit insecure Olm during check phase MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Olm has a known vulnerability (#334638) but is only an optional dependency of nio, so in theory nio should by default be unaffected. nio’s tests, however, cover its full suite of extra features, so Olm is still evaluated as a dependency of the check phase. Since the check phase doesn’t process user data or access the network this vulnerability isn’t relevant and can be ignored, allowing nio to evaluate and ultimately be run without Olm. --- pkgs/development/python-modules/matrix-nio/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/matrix-nio/default.nix b/pkgs/development/python-modules/matrix-nio/default.nix index ce9aded24b3b987..e990467d33b65b7 100644 --- a/pkgs/development/python-modules/matrix-nio/default.nix +++ b/pkgs/development/python-modules/matrix-nio/default.nix @@ -40,6 +40,13 @@ zulip, }: +let + permitInsecureOlm = map (pythonPackage: + pythonPackage.override (lib.optionalAttrs (pythonPackage.pname == "python-olm") ( + let olm = lib.findFirst (p: p.pname == "olm") null pythonPackage.buildInputs; + in { olm = olm.overrideAttrs (lib.addMetaAttrs { knownVulnerabilities = [ ]; }); } + ))); +in buildPythonPackage rec { pname = "matrix-nio"; version = "0.24.0"; @@ -83,7 +90,7 @@ buildPythonPackage rec { pytest-aiohttp pytest-benchmark pytestCheckHook - ] ++ passthru.optional-dependencies.e2e; + ] ++ permitInsecureOlm passthru.optional-dependencies.e2e; pytestFlagsArray = [ "--benchmark-disable" ];