Python Packages depend on old versions in nixpkgs

polygon · May 13, 2021, 8:33pm

I’ve been going through some failed Python builds in the current Zero Hydra Failures and have found a couple packages that have the issue of having dependencies limited to an older release and nixpkgs containing a newer version.

For example, twilio depends on "PyJWT == 1.7.1" according to setup.py. However, pyjwt in Nixpkgs is currently at version 2.1.0 which makes the version check fail. Looking upstream, the change for this does not seem trivial, so just patching upstream is out of the question:

https://github.com/twilio/twilio-python/issues/556

I also just tried to bump the dependency version but as expected, this produced a ton of unit test failures.

I am wondering what the correct course of action is for the fix. Can I make pyjwt come from an older nixpkgs commit that still contained 1.7.1?

r-burns · May 14, 2021, 3:23am

It looks like home-assistant also needs to be pinned to PyJWT 1.x so you may be able to reuse this expression:

github.com

NixOS/nixpkgs/blob/2f48585f3f720810b9f1b3bed3a83b944cb79344/pkgs/servers/home-assistant/default.nix#L40-L51

    
      
          # Pinned due to API changes in pyjwt>=2.0
          (self: super: {
            pyjwt = super.pyjwt.overridePythonAttrs (oldAttrs: rec {
              version = "1.7.1";
              src = oldAttrs.src.override {
                sha256 = "15hflax5qkw1v6nssk1r0wkj83jgghskcmn875m3wgvpzdvajncd";
              };
              disabledTests = [
                "test_ec_verify_should_return_false_if_signature_invalid"
              ];
            });
          })