HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: tzdata: Update to 2020a.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
aa2441c2 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019 Ludovic Courtès <ludo@gnu.org>
05f6e601 3;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ea22aa1f 7;;; Copyright © 2015, 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
2850d877 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
47956fa0 9;;; Copyright © 2016, 2017, 2018 ng0 <ng0@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e8df8800 12;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
a92c6b1a 13;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
7543f865 16;;;
233e7676 17;;; This file is part of GNU Guix.
7543f865 18;;;
233e7676 19;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 20;;; under the terms of the GNU General Public License as published by
21;;; the Free Software Foundation; either version 3 of the License, or (at
22;;; your option) any later version.
23;;;
233e7676 24;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 25;;; WITHOUT ANY WARRANTY; without even the implied warranty of
26;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27;;; GNU General Public License for more details.
28;;;
29;;; You should have received a copy of the GNU General Public License
233e7676 30;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 31
a7fd7b68 32(define-module (gnu packages tls)
e9aa8d0c 33 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 34 #:use-module (guix packages)
35 #:use-module (guix download)
ea22aa1f 36 #:use-module (guix git-download)
29a7c98a 37 #:use-module (guix utils)
7543f865 38 #:use-module (guix build-system gnu)
ea22aa1f 39 #:use-module (guix build-system go)
cc2b77df 40 #:use-module (guix build-system perl)
7890e3ba 41 #:use-module (guix build-system python)
88522738 42 #:use-module (guix build-system cmake)
e8b3a158 43 #:use-module (guix build-system trivial)
f61e0e79 44 #:use-module (gnu packages compression)
013ce67b 45 #:use-module (gnu packages)
e8b3a158 46 #:use-module (gnu packages bash)
ac257f12 47 #:use-module (gnu packages check)
e8b3a158 48 #:use-module (gnu packages curl)
5b9aa107 49 #:use-module (gnu packages dns)
e8b3a158 50 #:use-module (gnu packages gawk)
1ffa7090 51 #:use-module (gnu packages guile)
0581c273 52 #:use-module (gnu packages libbsd)
27e86bed 53 #:use-module (gnu packages libffi)
866f469e 54 #:use-module (gnu packages libidn)
5d4c90ae 55 #:use-module (gnu packages linux)
7890e3ba 56 #:use-module (gnu packages ncurses)
27e86bed 57 #:use-module (gnu packages nettle)
1ffa7090 58 #:use-module (gnu packages perl)
27e86bed 59 #:use-module (gnu packages pkg-config)
7890e3ba 60 #:use-module (gnu packages python)
cc6f4912 61 #:use-module (gnu packages python-crypto)
1b2f753d 62 #:use-module (gnu packages python-web)
44d10b1f 63 #:use-module (gnu packages python-xyz)
9d0c291e 64 #:use-module (gnu packages sphinx)
a31f4d35 65 #:use-module (gnu packages texinfo)
33dc54b0 66 #:use-module (gnu packages time)
079f013b
LC		 67 #:use-module (gnu packages base)
68 #:use-module (srfi srfi-1))
7543f865
LC		 69
70(define-public libtasn1
71 (package
72 (name "libtasn1")
d7342997 73 (version "4.14")
7543f865
LC		 74 (source
75 (origin
76 (method url-fetch)
77 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
78 version ".tar.gz"))
79 (sha256
80 (base32
d7342997 81 "025sqnlzji78ss2fi78dajc0v0h5fi02wp39hws41sn8qnjlnq4y"))))
7543f865 82 (build-system gnu-build-system)
d9f84612
MB		 83 (arguments
84 `(#:configure-flags '("--disable-static")))
3ea110b7 85 (native-inputs `(("perl" ,perl)))
6fd52309 86 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 87 (synopsis "ASN.1 library")
7543f865 88 (description
79c311b8
LC		 89 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
90for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 91networking, allowing for formal validation of data according to some
92specifications.")
e9aa8d0c 93 (license license:lgpl2.0+)))
7543f865 94
375cef6c
HG		 95(define-public asn1c
96 (package
97 (name "asn1c")
ff7da7e0 98 (version "0.9.28")
375cef6c
HG		 99 (source (origin
100 (method url-fetch)
101 (uri (string-append "https://lionet.info/soft/asn1c-"
102 version ".tar.gz"))
103 (sha256
104 (base32
ff7da7e0 105 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 106 (build-system gnu-build-system)
107 (native-inputs
108 `(("perl" ,perl)))
109 (home-page "https://lionet.info/asn1c")
110 (synopsis "ASN.1 to C compiler")
111 (description "The ASN.1 to C compiler takes ASN.1 module
112files and generates C++ compatible C source code. That code can be
113used to serialize the native C structures into compact and unambiguous
114BER/XER/PER-based data files, and deserialize the files back.
115
116Various ASN.1 based formats are widely used in the industry, such as to encode
117the X.509 certificates employed in the HTTPS handshake, to exchange control
118data between mobile phones and cellular networks, to car-to-car communication
119in intelligent transportation networks.")
120 (license license:bsd-2)))
121
27e86bed
AE		 122(define-public p11-kit
123 (package
124 (name "p11-kit")
8c98ef7d 125 (version "0.23.20")
27e86bed
AE		 126 (source
127 (origin
128 (method url-fetch)
e6ad9bda 129 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
eae94df6 130 "download/" version "/p11-kit-" version ".tar.xz"))
27e86bed
AE		 131 (sha256
132 (base32
8c98ef7d 133 "0131maw666ha4d6iyj13fkz18c4pnb3lw2xwv5kvkmnzqcj61n0l"))))
27e86bed
AE		 134 (build-system gnu-build-system)
135 (native-inputs
136 `(("pkg-config" ,pkg-config)))
137 (inputs
138 `(("libffi" ,libffi)
139 ("libtasn1" ,libtasn1)))
140 (arguments
d5c472a2
MB		 141 `(#:configure-flags '("--without-trust-paths")
142 #:phases (modify-phases %standard-phases
143 (add-before 'check 'prepare-tests
144 (lambda _
145 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
146 ;; and looks for .cache and other directories (only).
147 ;; For simplicity just drop it since it is irrelevant
148 ;; in the build container.
149 (substitute* "Makefile"
150 (("test-runtime\\$\\(EXEEXT\\)") ""))
151 #t)))))
4631e6c9 152 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 153 (synopsis "PKCS#11 library")
154 (description
155 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
156provides a standard configuration setup for installing PKCS#11 modules
157in such a way that they are discoverable. It also solves problems with
158coordinating the use of PKCS#11 by different components or libraries
159living in the same process.")
e9aa8d0c 160 (license license:bsd-3)))
27e86bed 161
7543f865
LC		 162(define-public gnutls
163 (package
164 (name "gnutls")
bffe4305 165 (version "3.6.9")
d7d408d5
LC		 166 (source (origin
167 (method url-fetch)
168 (uri
169 ;; Note: Releases are no longer on ftp.gnu.org since the
170 ;; schism (after version 3.1.5).
d93627e4 171 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 172 (version-major+minor version)
d93627e4 173 "/gnutls-" version ".tar.xz"))
06f5bc4e 174 (patches (search-patches "gnutls-skip-trust-store-test.patch"))
d7d408d5
LC		 175 (sha256
176 (base32
bffe4305 177 "1jqz5s3lv8sa53348cfi9nr5pw5l55n8m40b8msdvv0pb2jzqca3"))))
7543f865 178 (build-system gnu-build-system)
b94ae0b8 179 (arguments
76b21274
LF		 180 `(; Ensure we don't keep a reference to this buggy software.
181 #:disallowed-references (,net-tools)
182 #:configure-flags
a0700787 183 (list
aa7c7f21
MW		 184 ;; GnuTLS doesn't consult any environment variables to specify
185 ;; the location of the system-wide trust store. Instead it has a
186 ;; configure-time option. Unless specified, its configure script
187 ;; attempts to auto-detect the location by looking for common
8f65585b 188 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 189 ;; chroot build environment. If not found, then no default trust
190 ;; store is used, so each program has to provide its own
191 ;; fallback, and users have to configure each program
192 ;; independently. This seems suboptimal.
866f469e
MW		 193 "--with-default-trust-store-dir=/etc/ssl/certs"
194
7892edc2
MB		 195 ;; Tell the build system that we want Guile bindings installed to
196 ;; the output instead of Guiles own module directory.
197 (string-append "--with-guile-site-dir="
198 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
199 (string-append "--with-guile-site-ccache-dir="
200 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
201 (string-append "--with-guile-extension-dir="
202 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
203
866f469e
MW		 204 ;; FIXME: Temporarily disable p11-kit support since it is not
205 ;; working on mips64el.
606c6380
LC		 206 "--without-p11-kit")
207
208 #:phases (modify-phases %standard-phases
209 (add-after
210 'install 'move-doc
211 (lambda* (#:key outputs #:allow-other-keys)
212 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
213 (let* ((out (assoc-ref outputs "out"))
214 (doc (assoc-ref outputs "doc"))
9cdce047 215 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 216 (oldman (string-append out "/share/man/man3")))
217 (mkdir-p mandir)
218 (copy-recursively oldman mandir)
219 (delete-file-recursively oldman)
220 #t))))))
221 (outputs '("out" ;4.4 MiB
222 "debug"
223 "doc")) ;4.1 MiB of man pages
a1db0975 224 (native-inputs
c06d8ba5 225 `(("net-tools" ,net-tools)
5d4c90ae 226 ("pkg-config" ,pkg-config)
d2fcfd3d 227 ("which" ,which)))
7543f865 228 (inputs
a0700787 229 `(("guile" ,guile-2.2)))
7543f865 230 (propagated-inputs
d2fcfd3d 231 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 232 `(("libtasn1" ,libtasn1)
55e61c4d 233 ("libidn2" ,libidn2)
866f469e 234 ("nettle" ,nettle)
f61e0e79 235 ("zlib" ,zlib)))
c19700c3 236 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 237 (synopsis "Transport layer security library")
7543f865 238 (description
a22dc0c4 239 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 240and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 241protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
242required structures.")
63e8bb12
LC		 243 (license license:lgpl2.1+)
244 (properties '((ftp-server . "ftp.gnutls.org")
245 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 246
a0700787
LC		 247(define-public gnutls/guile-2.0
248 ;; GnuTLS for Guile 2.0.
079f013b 249 (package
58ea4d40 250 (inherit gnutls)
a0700787
LC		 251 (name "guile2.0-gnutls")
252 (inputs `(("guile" ,guile-2.0)
58ea4d40 253 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 254
5b9aa107 255(define-public gnutls/dane
256 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
257 ;; Authentication of Named Entities. This is required for GNS functionality
258 ;; by GNUnet and gnURL. This is done in an extra package definition
259 ;; to have the choice between GnuTLS with Dane and without Dane.
260 (package
261 (inherit gnutls)
262 (name "gnutls-dane")
263 (inputs `(("unbound" ,unbound)
264 ,@(package-inputs gnutls)))))
265
d630d781
LC		 266(define gnutls-3.6.10
267 ;; This is for 'guile3.0-gnutls', below. Version 3.6.10 is the first to
268 ;; introduce Guile 2.9/3.0 support.
269 (package
270 (inherit gnutls)
271 (version "3.6.10")
272 (source (origin
273 (inherit (package-source gnutls))
274 (uri (string-append "mirror://gnupg/gnutls/v"
275 (version-major+minor version)
276 "/gnutls-" version ".tar.xz"))
277 (sha256
278 (base32
e8df8800
MB		 279 "14r2h73yfj66cm14k9mnb3kgzq5a7qjg5b31m53bf19vcxkwmwxi"))))
280 (native-inputs
281 `(,@(package-native-inputs gnutls)
282
283 ;; Datefudge is used to fuzz time for tests, and its presence
284 ;; enables a test that uses 'setsid' from util-linux.
285 ("datefudge" ,datefudge)
286 ("util-linux" ,util-linux)))))
d630d781
LC		 287
288(define-public guile3.0-gnutls
289 (package
290 (inherit gnutls-3.6.10)
291 (name "guile3.0-gnutls")
292 (arguments
293 (substitute-keyword-arguments (package-arguments gnutls-3.6.10)
294 ((#:phases phases '%standard-phases)
295 `(modify-phases ,phases
296 (add-before 'build 'leave-guile-stdout-open
297 (lambda _
298 ;; Work around <https://bugs.gnu.org/38348>.
299 (substitute* "guile/Makefile"
300 (("out=-") "out=/dev/null"))
301 #t))))))
302 (inputs `(("guile" ,guile-next)
303 ,@(alist-delete "guile"
304 (package-inputs gnutls-3.6.10))))))
305
cc2b77df
AE		 306(define-public openssl
307 (package
308 (name "openssl")
d9bbfe04 309 (version "1.1.1c")
c6d24c09 310 (replacement openssl-1.1.1e)
cc2b77df 311 (source (origin
4cff124b 312 (method url-fetch)
bdf0b6fc
MB		 313 (uri (list (string-append "https://www.openssl.org/source/openssl-"
314 version ".tar.gz")
315 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 316 "openssl-" version ".tar.gz")
4cff124b
LC		 317 (string-append "ftp://ftp.openssl.org/source/old/"
318 (string-trim-right version char-set:letter)
c7f5c3ea 319 "/openssl-" version ".tar.gz")))
4cff124b
LC		 320 (sha256
321 (base32
d9bbfe04 322 "142c7zdlz06hjrrvinb9f276czc78bnkyhd9xma621qmmmwk1yzn"))
e74f153a 323 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
cc2b77df 324 (build-system gnu-build-system)
8c78aeb7 325 (outputs '("out"
e74f153a
MB		 326 "doc" ;6.8 MiB of man3 pages and full HTML documentation
327 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 328 (native-inputs `(("perl" ,perl)))
329 (arguments
d03781c3
LC		 330 `(#:disallowed-references (,perl)
331 #:parallel-build? #f
cc2b77df
AE		 332 #:parallel-tests? #f
333 #:test-target "test"
8c9ec203
LF		 334
335 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
336 ;; so we explicitly disallow it here.
337 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 338 #:phases
b6cb1358 339 (modify-phases %standard-phases
e74f153a
MB		 340 (replace 'configure
341 (lambda* (#:key outputs #:allow-other-keys)
342 (let* ((out (assoc-ref outputs "out"))
343 (lib (string-append out "/lib")))
344 ;; It's not a shebang so patch-source-shebangs misses it.
345 (substitute* "config"
346 (("/usr/bin/env")
347 (string-append (assoc-ref %build-inputs "coreutils")
348 "/bin/env")))
349 (invoke "./config"
350 "shared" ;build shared libraries
351 "--libdir=lib"
4fb254a3 352
e74f153a
MB		 353 ;; The default for this catch-all directory is
354 ;; PREFIX/ssl. Change that to something more
355 ;; conventional.
356 (string-append "--openssldir=" out
357 "/share/openssl-" ,version)
4fb254a3 358
e74f153a
MB		 359 (string-append "--prefix=" out)
360 (string-append "-Wl,-rpath," lib)))))
8c78aeb7
LC		 361 (add-after 'install 'move-static-libraries
362 (lambda* (#:key outputs #:allow-other-keys)
363 ;; Move static libraries to the "static" output.
364 (let* ((out (assoc-ref outputs "out"))
365 (lib (string-append out "/lib"))
366 (static (assoc-ref outputs "static"))
367 (slib (string-append static "/lib")))
8c78aeb7
LC		 368 (for-each (lambda (file)
369 (install-file file slib)
370 (delete-file file))
371 (find-files lib "\\.a$"))
372 #t)))
e74f153a 373 (add-after 'install 'move-extra-documentation
a909b576 374 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 375 ;; Move man3 pages and full HTML documentation to "doc".
376 (let* ((out (assoc-ref outputs "out"))
377 (man3 (string-append out "/share/man/man3"))
378 (html (string-append out "/share/doc/openssl"))
379 (doc (assoc-ref outputs "doc"))
380 (man-target (string-append doc "/share/man/man3"))
381 (html-target (string-append doc "/share/doc/openssl")))
382 (copy-recursively man3 man-target)
383 (delete-file-recursively man3)
384 (copy-recursively html html-target)
385 (delete-file-recursively html)
386 #t)))
784d6e91
LC		 387 (add-after
388 'install 'remove-miscellany
389 (lambda* (#:key outputs #:allow-other-keys)
390 ;; The 'misc' directory contains random undocumented shell and Perl
391 ;; scripts. Remove them to avoid retaining a reference on Perl.
392 (let ((out (assoc-ref outputs "out")))
393 (delete-file-recursively (string-append out "/share/openssl-"
394 ,version "/misc"))
395 #t))))))
cc2b77df 396 (native-search-paths
cc2b77df
AE		 397 (list (search-path-specification
398 (variable "SSL_CERT_DIR")
5d7a47cc 399 (separator #f) ;single entry
cc2b77df
AE		 400 (files '("etc/ssl/certs")))
401 (search-path-specification
402 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 403 (file-type 'regular)
404 (separator #f) ;single entry
cc2b77df
AE		 405 (files '("etc/ssl/certs/ca-certificates.crt")))))
406 (synopsis "SSL/TLS implementation")
407 (description
e881752c 408 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 409 (license license:openssl)
4631e6c9 410 (home-page "https://www.openssl.org/")))
cc2b77df 411
c6d24c09 412(define openssl-1.1.1e
2e76ddd6
MB		 413 (package
414 (inherit openssl)
c6d24c09 415 (version "1.1.1e")
9ff87bb9 416 (source (origin
763899f0 417 (method url-fetch)
77576be4
MB		 418 (uri (list (string-append "https://www.openssl.org/source/openssl-"
419 version ".tar.gz")
420 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 421 "openssl-" version ".tar.gz")
763899f0
LF		 422 (string-append "ftp://ftp.openssl.org/source/old/"
423 (string-trim-right version char-set:letter)
c7f5c3ea 424 "/openssl-" version ".tar.gz")))
9ff87bb9
LC		 425 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
426 (sha256
427 (base32
c6d24c09 428 "1gnwlri1dphr5wdzmg9vlhkh6aq2yqgpfkpmffzwjlfb26n62kv9"))))))
9ff87bb9 429
e74f153a 430(define-public openssl-1.0
763899f0
LF		 431 (package
432 (inherit openssl)
433 (name "openssl")
b0b79542 434 (version "1.0.2u")
763899f0 435 (source (origin
e74f153a
MB		 436 (method url-fetch)
437 (uri (list (string-append "https://www.openssl.org/source/openssl-"
438 version ".tar.gz")
439 (string-append "ftp://ftp.openssl.org/source/"
440 "openssl-" version ".tar.gz")
441 (string-append "ftp://ftp.openssl.org/source/old/"
442 (string-trim-right version char-set:letter)
443 "/openssl-" version ".tar.gz")))
763899f0
LF		 444 (sha256
445 (base32
b0b79542 446 "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
e74f153a
MB		 447 (patches (search-patches "openssl-runpath.patch"
448 "openssl-c-rehash-in.patch"))))
763899f0 449 (outputs '("out"
e74f153a
MB		 450 "doc" ;1.5MiB of man3 pages
451 "static")) ;6MiB of .a files
763899f0
LF		 452 (arguments
453 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 454 ;; Parallel build is not supported in 1.0.x.
455 ((#:parallel-build? _ #f) #f)
763899f0
LF		 456 ((#:phases phases)
457 `(modify-phases ,phases
e74f153a
MB		 458 (add-before 'patch-source-shebangs 'patch-tests
459 (lambda* (#:key inputs native-inputs #:allow-other-keys)
460 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
461 (substitute* (find-files "test" ".*")
462 (("/bin/sh")
463 (string-append bash "/bin/sh"))
464 (("/bin/rm")
465 "rm"))
466 #t)))
467 (add-before 'configure 'patch-Makefile.org
763899f0 468 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 469 ;; The default MANDIR is some unusual place. Fix that.
470 (let ((out (assoc-ref outputs "out")))
471 (patch-makefile-SHELL "Makefile.org")
472 (substitute* "Makefile.org"
473 (("^MANDIR[[:blank:]]*=.*$")
474 (string-append "MANDIR = " out "/share/man\n")))
475 #t)))
476 (replace 'configure
477 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
478 (lambda* (#:key outputs #:allow-other-keys)
479 (let ((out (assoc-ref outputs "out")))
480 (invoke "./config"
481 "shared" ;build shared libraries
482 "--libdir=lib"
fc184fe2 483
e74f153a
MB		 484 ;; The default for this catch-all directory is
485 ;; PREFIX/ssl. Change that to something more
486 ;; conventional.
487 (string-append "--openssldir=" out
488 "/share/openssl-" ,version)
fc184fe2 489
e74f153a
MB		 490 (string-append "--prefix=" out)))))
491 (delete 'move-extra-documentation)
492 (add-after 'install 'move-man3-pages
493 (lambda* (#:key outputs #:allow-other-keys)
494 ;; Move section 3 man pages to "doc".
495 (let* ((out (assoc-ref outputs "out"))
496 (man3 (string-append out "/share/man/man3"))
497 (doc (assoc-ref outputs "doc"))
498 (target (string-append doc "/share/man/man3")))
499 (mkdir-p target)
500 (for-each (lambda (file)
501 (rename-file file
502 (string-append target "/"
503 (basename file))))
504 (find-files man3))
505 (delete-file-recursively man3)
506 #t)))
fc184fe2
MB		 507 ;; XXX: Duplicate this phase to make sure 'version' evaluates
508 ;; in the current scope and not the inherited one.
509 (replace 'remove-miscellany
510 (lambda* (#:key outputs #:allow-other-keys)
511 ;; The 'misc' directory contains random undocumented shell and Perl
512 ;; scripts. Remove them to avoid retaining a reference on Perl.
513 (let ((out (assoc-ref outputs "out")))
514 (delete-file-recursively (string-append out "/share/openssl-"
515 ,version "/misc"))
763899f0
LF		 516 #t)))))))))
517
cb6a802c
AE		 518(define-public libressl
519 (package
520 (name "libressl")
0250672b 521 (version "3.0.2")
644e5f17
TGR		 522 (source (origin
523 (method url-fetch)
524 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 525 "libressl-" version ".tar.gz"))
644e5f17
TGR		 526 (sha256
527 (base32
0250672b 528 "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz"))))
cb6a802c 529 (build-system gnu-build-system)
a2d64899
LC		 530 (arguments
531 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
532 ;; and libc would return ENOSYS, which is not properly handled.
533 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 534 '(#:configure-flags '("ac_cv_func_getentropy=no"
535 ;; Provide a TLS-enabled netcat.
536 "--enable-nc")))
cb6a802c 537 (native-search-paths
cb6a802c
AE		 538 (list (search-path-specification
539 (variable "SSL_CERT_DIR")
04cfe91e 540 (separator #f) ;single entry
cb6a802c
AE		 541 (files '("etc/ssl/certs")))
542 (search-path-specification
543 (variable "SSL_CERT_FILE")
04cfe91e 544 (separator #f) ;single entry
cb6a802c 545 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 546 (home-page "https://www.libressl.org/")
cb6a802c 547 (synopsis "SSL/TLS implementation")
df08f385
LF		 548 (description "LibreSSL is a version of the TLS/crypto stack, forked from
549OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
550and applying best practice development processes. This package also includes a
551netcat implementation that supports TLS.")
cb6a802c
AE		 552 ;; Files taken from OpenSSL keep their license, others are under various
553 ;; non-copyleft licenses.
554 (license (list license:openssl
555 (license:non-copyleft
556 "file://COPYING"
557 "See COPYING in the distribution.")))))
558
6cefd53d 559(define-public python-acme
7890e3ba 560 (package
6cefd53d 561 (name "python-acme")
686d4259 562 ;; Remember to update the hash of certbot when updating python-acme.
7cfcc38f 563 (version "1.3.0")
7890e3ba 564 (source (origin
9495cf9a 565 (method url-fetch)
f349d36e 566 (uri (pypi-uri "acme" version))
881006b6
MB		 567 (sha256
568 (base32
7cfcc38f 569 "03fjmg0fgfy7xfn3i8rzn9i0i4amajmijkash84qb8mlphgrxpn0"))))
7890e3ba
LF		 570 (build-system python-build-system)
571 (arguments
6cefd53d 572 `(#:phases
9bee9d87 573 (modify-phases %standard-phases
1fc8476d
MB		 574 (add-after 'build 'build-documentation
575 (lambda _
d4bd2453 576 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 577 (add-after 'install 'install-documentation
50a7963a
LF		 578 (lambda* (#:key outputs #:allow-other-keys)
579 (let* ((out (assoc-ref outputs "out"))
580 (man (string-append out "/share/man/man1"))
581 (info (string-append out "/info")))
1fc8476d
MB		 582 (install-file "docs/_build/texinfo/acme-python.info" info)
583 (install-file "docs/_build/man/acme-python.1" man)
584 #t))))))
50a7963a 585 ;; TODO: Add optional inputs for testing.
7890e3ba 586 (native-inputs
4ae65558 587 `(("python-mock" ,python-mock)
b494bbe4 588 ("python-pytest" ,python-pytest)
50a7963a
LF		 589 ;; For documentation
590 ("python-sphinx" ,python-sphinx)
591 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
592 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 593 ("texinfo" ,texinfo)))
7890e3ba 594 (propagated-inputs
92572184
LF		 595 `(("python-josepy" ,python-josepy)
596 ("python-six" ,python-six)
6cefd53d 597 ("python-requests" ,python-requests)
b494bbe4 598 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 599 ("python-pytz" ,python-pytz)
600 ("python-pyrfc3339" ,python-pyrfc3339)
601 ("python-pyasn1" ,python-pyasn1)
602 ("python-cryptography" ,python-cryptography)
603 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 604 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 605 (synopsis "ACME protocol implementation in Python")
606 (description "ACME protocol implementation in Python")
607 (license license:asl2.0)))
608
9495cf9a 609(define-public certbot
9fd0838b 610 (package
9495cf9a 611 (name "certbot")
686d4259
LF		 612 ;; Certbot and python-acme are developed in the same repository, and their
613 ;; versions should remain synchronized.
614 (version (package-version python-acme))
9fd0838b
DT		 615 (source (origin
616 (method url-fetch)
b380463b 617 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 618 (sha256
619 (base32
7cfcc38f 620 "1n5i0k6kwmd6wvivshfl3k4djwcpwx390c39xmr2hhrgpk5r285w"))))
9fd0838b
DT		 621 (build-system python-build-system)
622 (arguments
fed1898d 623 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 624 ((#:phases phases)
625 `(modify-phases ,phases
1fc8476d 626 (replace 'install-documentation
f26d6e4e
LF		 627 (lambda* (#:key outputs #:allow-other-keys)
628 (let* ((out (assoc-ref outputs "out"))
629 (man1 (string-append out "/share/man/man1"))
630 (man7 (string-append out "/share/man/man7"))
631 (info (string-append out "/info")))
1fc8476d
MB		 632 (install-file "docs/_build/texinfo/Certbot.info" info)
633 (install-file "docs/_build/man/certbot.1" man1)
634 (install-file "docs/_build/man/certbot.7" man7)
635 #t))))))))
f9263d9a 636 ;; TODO: Add optional inputs for testing.
9fd0838b 637 (native-inputs
d05c14df
TGR		 638 `(("python-mock" ,python-mock)
639 ("python-pytest" ,python-pytest)
f9263d9a 640 ;; For documentation
fed1898d
LF		 641 ("python-sphinx" ,python-sphinx)
642 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
643 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
644 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 645 ("texinfo" ,texinfo)))
9fd0838b 646 (propagated-inputs
fed1898d 647 `(("python-acme" ,python-acme)
d05c14df 648 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 649 ("python-zope-interface" ,python-zope-interface)
650 ("python-pyrfc3339" ,python-pyrfc3339)
651 ("python-pyopenssl" ,python-pyopenssl)
652 ("python-configobj" ,python-configobj)
653 ("python-configargparse" ,python-configargparse)
b977d900 654 ("python-distro" ,python-distro)
fed1898d
LF		 655 ("python-zope-component" ,python-zope-component)
656 ("python-parsedatetime" ,python-parsedatetime)
657 ("python-six" ,python-six)
658 ("python-psutil" ,python-psutil)
659 ("python-requests" ,python-requests)
660 ("python-pytz" ,python-pytz)))
d8a1be63 661 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 662 (description "Certbot automatically receives and installs X.509 certificates
663to enable Transport Layer Security (TLS) on servers. It interoperates with the
664Let’s Encrypt certificate authority (CA), which issues browser-trusted
665certificates for free.")
24778368 666 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 667 (license license:asl2.0)))
668
9495cf9a
LF		 669(define-public letsencrypt
670 (package (inherit certbot)
56ab55d1
LF		 671 (name "letsencrypt")
672 (properties `((superseded . ,certbot)))))
9495cf9a 673
cc2b77df
AE		 674(define-public perl-net-ssleay
675 (package
676 (name "perl-net-ssleay")
966e4bea 677 (version "1.88")
cc2b77df
AE		 678 (source (origin
679 (method url-fetch)
c50f15d6 680 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 681 "Net-SSLeay-" version ".tar.gz"))
682 (sha256
683 (base32
966e4bea 684 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 685 (build-system perl-build-system)
686 (inputs `(("openssl" ,openssl)))
687 (arguments
1084ec08
MW		 688 `(#:phases
689 (modify-phases %standard-phases
1084ec08
MW		 690 (add-before
691 'configure 'set-ssl-prefix
692 (lambda* (#:key inputs #:allow-other-keys)
693 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
694 #t)))))
cc2b77df
AE		 695 (synopsis "Perl extension for using OpenSSL")
696 (description
697 "This module offers some high level convenience functions for accessing
698web pages on SSL servers (for symmetry, the same API is offered for accessing
699http servers, too), an sslcat() function for writing your own clients, and
700finally access to the SSL api of the SSLeay/OpenSSL package so you can write
701servers or clients for more complicated applications.")
2f3108ad 702 (license license:perl-license)
9aba9b12 703 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 704
705(define-public perl-crypt-openssl-rsa
706 (package
707 (name "perl-crypt-openssl-rsa")
a9994b27 708 (version "0.31")
4532c0c0
DM		 709 (source
710 (origin
711 (method url-fetch)
712 (uri (string-append
683b8d47 713 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 714 version
715 ".tar.gz"))
716 (sha256
717 (base32
a9994b27 718 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 719 (build-system perl-build-system)
683b8d47
TGR		 720 (native-inputs
721 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 722 (inputs
723 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
724 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
725 ("openssl" ,openssl)))
726 (arguments perl-crypt-arguments)
727 (home-page
9aba9b12 728 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 729 (synopsis
730 "RSA encoding and decoding, using the openSSL libraries")
731 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
732OpenSSL libraries).")
2f3108ad 733 (license license:perl-license)))
adff71ca
DM		 734
735(define perl-crypt-arguments
736 `(#:phases (modify-phases %standard-phases
737 (add-before 'configure 'patch-Makefile.PL
738 (lambda* (#:key inputs #:allow-other-keys)
739 (substitute* "Makefile.PL"
740 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
741 (assoc-ref inputs "openssl")
742 "/lib -lcrypto'],")))
743 #t)))))
744
745(define-public perl-crypt-openssl-bignum
746 (package
747 (name "perl-crypt-openssl-bignum")
7e8aac18 748 (version "0.09")
adff71ca
DM		 749 (source
750 (origin
751 (method url-fetch)
752 (uri (string-append
753 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
754 version
755 ".tar.gz"))
756 (sha256
757 (base32
7e8aac18 758 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 759 (build-system perl-build-system)
760 (inputs `(("openssl" ,openssl)))
761 (arguments perl-crypt-arguments)
762 (home-page
9aba9b12 763 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 764 (synopsis
765 "OpenSSL's multiprecision integer arithmetic in Perl")
766 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
767arithmetic in Perl.")
768 ;; At your option either gpl1+ or the Artistic License
2f3108ad 769 (license license:perl-license)))
cccb4d26 770
c80590f6
TGR		 771(define-public perl-crypt-openssl-guess
772 (package
773 (name "perl-crypt-openssl-guess")
774 (version "0.11")
775 (source
776 (origin
777 (method url-fetch)
778 (uri (string-append
779 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
780 version ".tar.gz"))
781 (sha256
782 (base32
783 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
784 (build-system perl-build-system)
9aba9b12 785 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 786 (synopsis "Guess the OpenSSL include path")
787 (description
788 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
789correct OpenSSL include path. It is intended for use in your
790@file{Makefile.PL}.")
791 (license license:perl-license)))
792
cccb4d26
DM		 793(define-public perl-crypt-openssl-random
794 (package
795 (name "perl-crypt-openssl-random")
fa2d19cc 796 (version "0.15")
cccb4d26
DM		 797 (source
798 (origin
799 (method url-fetch)
800 (uri (string-append
801 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
802 version
803 ".tar.gz"))
804 (sha256
fa2d19cc 805 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 806 (build-system perl-build-system)
b30c23c4
TGR		 807 (native-inputs
808 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
809 (inputs
810 `(("openssl" ,openssl)))
cccb4d26
DM		 811 (arguments perl-crypt-arguments)
812 (home-page
9aba9b12 813 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 814 (synopsis
815 "OpenSSL/LibreSSL pseudo-random number generator access")
816 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
817number generator")
2f3108ad 818 (license license:perl-license)))
0581c273
LF		 819
820(define-public acme-client
821 (package
822 (name "acme-client")
4a6b2a21 823 (version "0.1.16")
0581c273
LF		 824 (source (origin
825 (method url-fetch)
826 (uri (string-append "https://kristaps.bsd.lv/" name "/"
827 "snapshots/" name "-portable-"
828 version ".tgz"))
829 (sha256
830 (base32
4a6b2a21 831 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 832 (build-system gnu-build-system)
833 (arguments
834 '(#:tests? #f ; no test suite
835 #:make-flags
836 (list "CC=gcc"
837 (string-append "PREFIX=" (assoc-ref %outputs "out")))
838 #:phases
839 (modify-phases %standard-phases
7c1a7bf4
LF		 840 (add-after 'unpack 'patch-paths
841 (lambda* (#:key inputs #:allow-other-keys)
842 (let ((pem (string-append (assoc-ref inputs "libressl")
843 "/etc/ssl/cert.pem")))
844 (substitute* "http.c"
845 (("/etc/ssl/cert.pem") pem))
846 #t)))
0581c273 847 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 848 (native-inputs
849 `(("pkg-config" ,pkg-config)))
0581c273
LF		 850 (inputs
851 `(("libbsd" ,libbsd)
852 ("libressl" ,libressl)))
853 (synopsis "Let's Encrypt client by the OpenBSD project")
854 (description "acme-client is a Let's Encrypt client implemented in C. It
855uses a modular design, and attempts to secure itself by dropping privileges and
856operating in a chroot where possible. acme-client is developed on OpenBSD and
857then ported to the GNU / Linux environment.")
858 (home-page "https://kristaps.bsd.lv/acme-client/")
859 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
860 ;; and 'jsmn.c' are distributed under the Expat license.
861 (license (list license:isc license:expat))))
88522738 862
863;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
864;; variant exists in addition to the "-apache" one.
865(define-public mbedtls-apache
866 (package
867 (name "mbedtls-apache")
1b01c103 868 (version "2.16.5")
88522738 869 (source
870 (origin
871 (method url-fetch)
872 ;; XXX: The download links on the website are script redirection links
873 ;; which effectively lead to the format listed in the uri here.
874 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
875 version "-apache.tgz"))
876 (sha256
877 (base32
1b01c103 878 "0kdhwy241xsk4isbadqx6z80m8sf76da5sbmqv8qy11yr37cdd35"))))
88522738 879 (build-system cmake-build-system)
a64d9d56
RW		 880 (arguments
881 `(#:configure-flags
92ebd8ed
MB		 882 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
883 "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")))
88522738 884 (native-inputs
38a9bf80
TGR		 885 `(("perl" ,perl)
886 ("python" ,python)))
88522738 887 (synopsis "Small TLS library")
888 (description
889 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
890for developers to include cryptographic and SSL/TLS capabilities in their
891(embedded) products, facilitating this functionality with a minimal
892coding footprint.")
893 (home-page "https://tls.mbed.org")
894 (license license:asl2.0)))
587d1752 895
8e87aa04
TGR		 896;; The Hiawatha Web server requires some specific features to be enabled.
897(define-public mbedtls-for-hiawatha
898 (hidden-package
899 (package
900 (inherit mbedtls-apache)
901 (arguments
902 (substitute-keyword-arguments
903 `(#:phases
904 (modify-phases %standard-phases
905 (add-after 'configure 'configure-extra-features
906 (lambda _
907 (for-each (lambda (feature)
908 (invoke "scripts/config.pl" "set" feature))
909 (list "MBEDTLS_THREADING_C"
910 "MBEDTLS_THREADING_PTHREAD"))
911 #t)))
912 ,@(package-arguments mbedtls-apache)))))))
913
e8b3a158
CL		 914(define-public dehydrated
915 (package
916 (name "dehydrated")
2359e235 917 (version "0.6.5")
e8b3a158 918 (source (origin
2850d877 919 (method url-fetch)
e8b3a158 920 (uri (string-append
bb5ab9bf 921 "https://github.com/dehydrated-io/dehydrated/releases/download/"
2850d877 922 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 923 (sha256
924 (base32
2359e235 925 "0dgskgbdd95p13jx6s13p77y15wngb5cm6p4305cf2s54w0bvahh"))))
e8b3a158
CL		 926 (build-system trivial-build-system)
927 (arguments
c150d637
TGR		 928 `(#:modules ((guix build utils)
929 (srfi srfi-26))
e8b3a158
CL		 930 #:builder
931 (begin
c150d637
TGR		 932 (use-modules (guix build utils)
933 (srfi srfi-26))
e8b3a158 934 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 935 (tar (assoc-ref %build-inputs "tar"))
936 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 937 (out (assoc-ref %outputs "out"))
938 (bin (string-append out "/bin"))
c150d637
TGR		 939 (doc (string-append out "/share/doc/" ,name "-" ,version))
940 (man (string-append out "/share/man"))
e8b3a158 941 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 942
943 (setenv "PATH" (string-append gz "/bin"))
944 (invoke (string-append tar "/bin/tar") "xvf" source)
945 (chdir (string-append ,name "-" ,version))
946
c150d637
TGR		 947 (copy-recursively "docs" doc)
948 (install-file "LICENSE" doc)
949
950 (mkdir-p man)
951 (rename-file (string-append doc "/man")
952 (string-append man "/man1"))
953 (for-each (cut invoke "gzip" "-9" <>)
954 (find-files man ".*"))
955
2850d877 956 (install-file "dehydrated" bin)
e8b3a158 957 (with-directory-excursion bin
e8b3a158
CL		 958 (patch-shebang "dehydrated" (list bash))
959
c150d637 960 ;; Do not try to write to the store.
e8b3a158
CL		 961 (substitute* "dehydrated"
962 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
963
964 (setenv "PATH" bash)
965 (wrap-program "dehydrated"
966 `("PATH" ":" prefix
967 ,(map (lambda (dir)
968 (string-append dir "/bin"))
969 (map (lambda (input)
970 (assoc-ref %build-inputs input))
971 '("coreutils"
972 "curl"
973 "diffutils"
974 "gawk"
975 "grep"
976 "openssl"
977 "sed"))))))
978 #t))))
979 (inputs
980 `(("bash" ,bash)
981 ("coreutils" ,coreutils)
982 ("curl" ,curl)
983 ("diffutils" ,diffutils)
984 ("gawk" ,gawk)
985 ("grep" ,grep)
986 ("openssl" ,openssl)
987 ("sed" ,sed)))
2850d877
EF		 988 (native-inputs
989 `(("gzip" ,gzip)
990 ("tar" ,tar)))
e8b3a158
CL		 991 (home-page "https://dehydrated.io/")
992 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
993 (description "Dehydrated is a client for signing certificates with an
994ACME-server (currently only provided by Let's Encrypt) implemented as a
995relatively simple Bash script.")
996 (license license:expat)))
ea22aa1f
LF		 997
998(define-public go-github-com-certifi-gocertifi
a9546f8b
LF		 999 (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec")
1000 (revision "1"))
ea22aa1f
LF		 1001 (package
1002 (name "go-github-com-certifi-gocertifi")
1003 (version (git-version "2018.01.18" revision commit))
1004 (source (origin
1005 (method git-fetch)
1006 (uri (git-reference
1007 (url "https://github.com/certifi/gocertifi")
1008 (commit commit)))
1009 (file-name (git-file-name name version))
1010 (sha256
1011 (base32
a9546f8b 1012 "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj"))))
ea22aa1f
LF		 1013 (build-system go-build-system)
1014 (arguments
1015 '(#:import-path "github.com/certifi/gocertifi"))
1016 (synopsis "X.509 TLS root certificate bundle for Go")
1017 (description "This package is a Go language X.509 TLS root certificate bundle,
1018derived from Mozilla's collection.")
1019 (home-page "https://certifi.io")
1020 (license license:mpl2.0))))
jackhill's copy of GNU Guix: https://guix.gnu.org/