From 9a3501b67053e1811321aad4489dc17b14ae103f Mon Sep 17 00:00:00 2001 From: Andrew Kvalheim Date: Thu, 22 Aug 2024 20:21:32 -0700 Subject: [PATCH] python3Packages.matrix-nio: permit insecure Olm during check phase MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Olm has a known vulnerability (#334638) but is only an optional dependency of nio, so in theory nio should by default be unaffected. nio’s tests, however, cover its full suite of extra features, so Olm is still evaluated as a dependency of the check phase. Since the check phase doesn’t process user data or access the network this vulnerability isn’t relevant and can be ignored, allowing nio to evaluate and ultimately be run without Olm. --- .../python-modules/matrix-nio/default.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/matrix-nio/default.nix b/pkgs/development/python-modules/matrix-nio/default.nix index ce9aded24b3b9..5d80c571efe4b 100644 --- a/pkgs/development/python-modules/matrix-nio/default.nix +++ b/pkgs/development/python-modules/matrix-nio/default.nix @@ -40,6 +40,21 @@ zulip, }: +let + permitInsecureOlm = map ( + pythonPackage: + pythonPackage.override ( + lib.optionalAttrs (pythonPackage.pname == "python-olm") ( + let + olm = lib.findFirst (p: p.pname == "olm") null pythonPackage.buildInputs; + in + { + olm = olm.overrideAttrs (lib.addMetaAttrs { knownVulnerabilities = [ ]; }); + } + ) + ) + ); +in buildPythonPackage rec { pname = "matrix-nio"; version = "0.24.0"; @@ -83,7 +98,7 @@ buildPythonPackage rec { pytest-aiohttp pytest-benchmark pytestCheckHook - ] ++ passthru.optional-dependencies.e2e; + ] ++ permitInsecureOlm passthru.optional-dependencies.e2e; pytestFlagsArray = [ "--benchmark-disable" ];