From 9e37aaffb633b77bc1b75241a1f0eee9be01b78e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <nix@dotlambda.de>
Date: Mon, 19 Feb 2024 09:54:02 -0800
Subject: [PATCH] nitrokey-app2: pin cryptography

---
 pkgs/tools/security/nitrokey-app2/default.nix | 40 ++++++++++++++-----
 pkgs/top-level/all-packages.nix               |  2 +-
 2 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/pkgs/tools/security/nitrokey-app2/default.nix b/pkgs/tools/security/nitrokey-app2/default.nix
index d56e882cb09e..6f392f5d7f53 100644
--- a/pkgs/tools/security/nitrokey-app2/default.nix
+++ b/pkgs/tools/security/nitrokey-app2/default.nix
@@ -1,20 +1,38 @@
 { lib
-, buildPythonApplication
+, python3
+, fetchPypi
+, rustPlatform
 , fetchFromGitHub
-, pythonOlder
-, pyside6
-, poetry-core
-, pynitrokey
-, pyudev
-, qt-material
 }:
 
-buildPythonApplication rec {
+let
+  python = python3.override {
+    packageOverrides = self: super: {
+      # https://github.com/nxp-mcuxpresso/spsdk/issues/64
+      cryptography = super.cryptography.overridePythonAttrs (old: rec {
+        version = "41.0.7";
+        src = fetchPypi {
+          inherit (old) pname;
+          inherit version;
+          hash = "sha256-E/k86b6oAWwlOzSvxr1qdZk+XEBnLtVAWpyDLw1KALw=";
+        };
+        cargoDeps = rustPlatform.fetchCargoTarball {
+          inherit src;
+          sourceRoot = "${old.pname}-${version}/${old.cargoRoot}";
+          name = "${old.pname}-${version}";
+          hash = "sha256-VeZhKisCPDRvmSjGNwCgJJeVj65BZ0Ge+yvXbZw86Rw=";
+        };
+        patches = [ ];
+        doCheck = false; # would require overriding cryptography-vectors
+      });
+    };
+  };
+in python.pkgs.buildPythonApplication rec {
   pname = "nitrokey-app2";
   version = "2.1.5";
   pyproject = true;
 
-  disabled = pythonOlder "3.9";
+  disabled = python.pythonOlder "3.9";
 
   src = fetchFromGitHub {
     owner = "Nitrokey";
@@ -31,11 +49,11 @@ buildPythonApplication rec {
     substituteInPlace pyproject.toml --replace 'pynitrokey = "' 'pynitrokey = ">='
   '';
 
-  nativeBuildInputs = [
+  nativeBuildInputs = with python.pkgs; [
     poetry-core
   ];
 
-  propagatedBuildInputs = [
+  propagatedBuildInputs = with python.pkgs; [
     pynitrokey
     pyudev
     pyside6
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 7c2da058acd2..ef3901552059 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -41481,7 +41481,7 @@ with pkgs;
 
   nitrokey-app = libsForQt5.callPackage ../tools/security/nitrokey-app { };
 
-  nitrokey-app2 = python3Packages.callPackage ../tools/security/nitrokey-app2 { };
+  nitrokey-app2 = callPackage ../tools/security/nitrokey-app2 { };
 
   fpm2 = callPackage ../tools/security/fpm2 { };