HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: alsa-lib: Fix the indentation.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
ac83dc82 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
74e2c0e0 3;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2021 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ad67d208 7;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>
db388401 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
3c986a7d 9;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e8df8800 12;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
db201657 13;;; Copyright © 2017–2019, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
bdcdd550 16;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
a9bcc647 17;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
5cf6f6fe 18;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
7543f865 19;;;
233e7676 20;;; This file is part of GNU Guix.
7543f865 21;;;
233e7676 22;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 23;;; under the terms of the GNU General Public License as published by
24;;; the Free Software Foundation; either version 3 of the License, or (at
25;;; your option) any later version.
26;;;
233e7676 27;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 28;;; WITHOUT ANY WARRANTY; without even the implied warranty of
29;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30;;; GNU General Public License for more details.
31;;;
32;;; You should have received a copy of the GNU General Public License
233e7676 33;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 34
a7fd7b68 35(define-module (gnu packages tls)
e9aa8d0c 36 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 37 #:use-module (guix packages)
38 #:use-module (guix download)
ea22aa1f 39 #:use-module (guix git-download)
29a7c98a 40 #:use-module (guix utils)
7543f865 41 #:use-module (guix build-system gnu)
ea22aa1f 42 #:use-module (guix build-system go)
cc2b77df 43 #:use-module (guix build-system perl)
7890e3ba 44 #:use-module (guix build-system python)
88522738 45 #:use-module (guix build-system cmake)
e8b3a158 46 #:use-module (guix build-system trivial)
f61e0e79 47 #:use-module (gnu packages compression)
013ce67b 48 #:use-module (gnu packages)
e8b3a158 49 #:use-module (gnu packages bash)
ac257f12 50 #:use-module (gnu packages check)
e8b3a158 51 #:use-module (gnu packages curl)
5b9aa107 52 #:use-module (gnu packages dns)
e8b3a158 53 #:use-module (gnu packages gawk)
1ffa7090 54 #:use-module (gnu packages guile)
a9bcc647 55 #:use-module (gnu packages hurd)
0581c273 56 #:use-module (gnu packages libbsd)
27e86bed 57 #:use-module (gnu packages libffi)
866f469e 58 #:use-module (gnu packages libidn)
5d4c90ae 59 #:use-module (gnu packages linux)
7890e3ba 60 #:use-module (gnu packages ncurses)
27e86bed 61 #:use-module (gnu packages nettle)
e7ab9c33 62 #:use-module (gnu packages networking)
1ffa7090 63 #:use-module (gnu packages perl)
27e86bed 64 #:use-module (gnu packages pkg-config)
7890e3ba 65 #:use-module (gnu packages python)
cc6f4912 66 #:use-module (gnu packages python-crypto)
1b2f753d 67 #:use-module (gnu packages python-web)
44d10b1f 68 #:use-module (gnu packages python-xyz)
9d0c291e 69 #:use-module (gnu packages sphinx)
a31f4d35 70 #:use-module (gnu packages texinfo)
33dc54b0 71 #:use-module (gnu packages time)
079f013b
LC		 72 #:use-module (gnu packages base)
73 #:use-module (srfi srfi-1))
7543f865
LC		 74
75(define-public libtasn1
76 (package
77 (name "libtasn1")
3a22f04a 78 (version "4.16.0")
7543f865
LC		 79 (source
80 (origin
81 (method url-fetch)
82 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
83 version ".tar.gz"))
84 (sha256
85 (base32
3a22f04a 86 "179jskl7dmfp1rd2khkzmlibzgki4wi6hvmmwfv7q49r728b03qf"))))
7543f865 87 (build-system gnu-build-system)
d9f84612
MB		 88 (arguments
89 `(#:configure-flags '("--disable-static")))
3ea110b7 90 (native-inputs `(("perl" ,perl)))
6fd52309 91 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 92 (synopsis "ASN.1 library")
7543f865 93 (description
79c311b8
LC		 94 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
95for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 96networking, allowing for formal validation of data according to some
97specifications.")
e9aa8d0c 98 (license license:lgpl2.0+)))
7543f865 99
375cef6c
HG		 100(define-public asn1c
101 (package
102 (name "asn1c")
ff7da7e0 103 (version "0.9.28")
375cef6c
HG		 104 (source (origin
105 (method url-fetch)
106 (uri (string-append "https://lionet.info/soft/asn1c-"
107 version ".tar.gz"))
108 (sha256
109 (base32
ff7da7e0 110 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 111 (build-system gnu-build-system)
112 (native-inputs
113 `(("perl" ,perl)))
114 (home-page "https://lionet.info/asn1c")
115 (synopsis "ASN.1 to C compiler")
116 (description "The ASN.1 to C compiler takes ASN.1 module
117files and generates C++ compatible C source code. That code can be
118used to serialize the native C structures into compact and unambiguous
119BER/XER/PER-based data files, and deserialize the files back.
120
121Various ASN.1 based formats are widely used in the industry, such as to encode
122the X.509 certificates employed in the HTTPS handshake, to exchange control
123data between mobile phones and cellular networks, to car-to-car communication
124in intelligent transportation networks.")
125 (license license:bsd-2)))
126
27e86bed
AE		 127(define-public p11-kit
128 (package
129 (name "p11-kit")
c84c0dbc 130 (version "0.23.22")
27e86bed
AE		 131 (source
132 (origin
133 (method url-fetch)
e6ad9bda 134 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
eae94df6 135 "download/" version "/p11-kit-" version ".tar.xz"))
27e86bed 136 (sha256
9ed46007 137 (base32 "1dn6br4v033d3gp2max9lsr3y4q0nj6iyr1yq3kzi8ym7lal13wa"))))
27e86bed
AE		 138 (build-system gnu-build-system)
139 (native-inputs
140 `(("pkg-config" ,pkg-config)))
141 (inputs
142 `(("libffi" ,libffi)
143 ("libtasn1" ,libtasn1)))
144 (arguments
d5c472a2
MB		 145 `(#:configure-flags '("--without-trust-paths")
146 #:phases (modify-phases %standard-phases
147 (add-before 'check 'prepare-tests
148 (lambda _
149 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
150 ;; and looks for .cache and other directories (only).
151 ;; For simplicity just drop it since it is irrelevant
152 ;; in the build container.
153 (substitute* "Makefile"
154 (("test-runtime\\$\\(EXEEXT\\)") ""))
155 #t)))))
4631e6c9 156 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 157 (synopsis "PKCS#11 library")
158 (description
159 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
160provides a standard configuration setup for installing PKCS#11 modules
161in such a way that they are discoverable. It also solves problems with
162coordinating the use of PKCS#11 by different components or libraries
163living in the same process.")
e9aa8d0c 164 (license license:bsd-3)))
27e86bed 165
7543f865
LC		 166(define-public gnutls
167 (package
168 (name "gnutls")
0e54d63d 169 (version "3.6.15")
d7d408d5 170 (source (origin
51a365c1 171 (method url-fetch)
d7d408d5
LC		 172 ;; Note: Releases are no longer on ftp.gnu.org since the
173 ;; schism (after version 3.1.5).
51a365c1
LC		 174 (uri (string-append "mirror://gnupg/gnutls/v"
175 (version-major+minor version)
176 "/gnutls-" version ".tar.xz"))
177 (patches (search-patches "gnutls-skip-trust-store-test.patch"
e12210dc
LF		 178 "gnutls-cross.patch"
179 "gnutls-CVE-2021-20231.patch"
180 "gnutls-CVE-2021-20232.patch"))
51a365c1
LC		 181 (sha256
182 (base32
183 "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
7543f865 184 (build-system gnu-build-system)
b94ae0b8 185 (arguments
525a351e
MO		 186 `(#:tests? ,(not (or (%current-target-system)
187 (hurd-target?)))
e7ab9c33
LC		 188 ;; Ensure we don't keep a reference to the tools used for testing.
189 #:disallowed-references ,(if (hurd-target?)
190 '()
191 (list net-tools iproute socat))
76b21274 192 #:configure-flags
28a13226 193 (cons*
aa7c7f21
MW		 194 ;; GnuTLS doesn't consult any environment variables to specify
195 ;; the location of the system-wide trust store. Instead it has a
196 ;; configure-time option. Unless specified, its configure script
197 ;; attempts to auto-detect the location by looking for common
8f65585b 198 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 199 ;; chroot build environment. If not found, then no default trust
200 ;; store is used, so each program has to provide its own
201 ;; fallback, and users have to configure each program
202 ;; independently. This seems suboptimal.
866f469e
MW		 203 "--with-default-trust-store-dir=/etc/ssl/certs"
204
7892edc2
MB		 205 ;; Tell the build system that we want Guile bindings installed to
206 ;; the output instead of Guiles own module directory.
207 (string-append "--with-guile-site-dir="
208 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
209 (string-append "--with-guile-site-ccache-dir="
210 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
211 (string-append "--with-guile-extension-dir="
212 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
213
28a13226
CB		 214 (let ((system ,(or (%current-target-system)
215 (%current-system))))
216 (if (string-prefix? "mips64el" system)
217 (list
218 ;; FIXME: Temporarily disable p11-kit support since it is
219 ;; not working on mips64el.
220 "--without-p11-kit")
221 '())))
606c6380
LC		 222
223 #:phases (modify-phases %standard-phases
5cf6f6fe
MC		 224 ;; fastopen.sh fails to connect to the server in the builder
225 ;; environment (see:
226 ;; https://gitlab.com/gnutls/gnutls/-/issues/1095).
227 (add-after 'unpack 'disable-failing-tests
228 (lambda _
0b40d1a3
LC		 229 (substitute* "tests/fastopen.sh"
230 (("^unset RETCODE")
231 "exit 77\n")) ;skip
5cf6f6fe
MC		 232 #t))
233 (add-after 'install 'move-doc
606c6380
LC		 234 (lambda* (#:key outputs #:allow-other-keys)
235 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
236 (let* ((out (assoc-ref outputs "out"))
237 (doc (assoc-ref outputs "doc"))
9cdce047 238 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 239 (oldman (string-append out "/share/man/man3")))
240 (mkdir-p mandir)
241 (copy-recursively oldman mandir)
242 (delete-file-recursively oldman)
243 #t))))))
244 (outputs '("out" ;4.4 MiB
245 "debug"
246 "doc")) ;4.1 MiB of man pages
a1db0975 247 (native-inputs
51a365c1
LC		 248 `(,@(if (%current-target-system) ;for cross-build
249 `(("guile" ,guile-3.0)) ;to create .go files
250 '())
251 ,@(if (hurd-target?)
e7ab9c33
LC		 252 '()
253 `(("net-tools" ,net-tools)
254 ("iproute" ,iproute) ;for 'ss'
255 ("socat" ,socat))) ;several tests rely on it
5d4c90ae 256 ("pkg-config" ,pkg-config)
5cf6f6fe 257 ("texinfo" ,texinfo)
ac83dc82 258 ("which" ,which)
01f07072
MC		 259 ,@(if (hurd-target?)
260 '()
2d49f175 261 `(("datefudge" ,datefudge))) ;tests rely on 'datefudge'
971c8bb0 262 ("util-linux" ,util-linux))) ;one test needs 'setsid'
7543f865 263 (inputs
8a594487 264 `(("guile" ,guile-3.0)))
7543f865 265 (propagated-inputs
d2fcfd3d 266 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 267 `(("libtasn1" ,libtasn1)
55e61c4d 268 ("libidn2" ,libidn2)
866f469e 269 ("nettle" ,nettle)
8a594487
CB		 270 ("zlib" ,zlib)
271 ,@(let ((system (or (%current-target-system)
272 (%current-system))))
273 (if (string-prefix? "mips64el" system)
274 '()
275 `(("p11-kit" ,p11-kit))))))
c19700c3 276 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 277 (synopsis "Transport layer security library")
7543f865 278 (description
a22dc0c4 279 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 280and DTLS protocols. It is provided in the form of a C library to support the
b30407b8 281protocols, as well as to parse and write X.509, PKCS #12, OpenPGP and other
a22dc0c4 282required structures.")
63e8bb12
LC		 283 (license license:lgpl2.1+)
284 (properties '((ftp-server . "ftp.gnutls.org")
285 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 286
a270af31
LF		 287(define-public gnutls/guile-2.0
288 ;; GnuTLS for Guile 2.0.
289 (package/inherit gnutls
a0700787
LC		 290 (name "guile2.0-gnutls")
291 (inputs `(("guile" ,guile-2.0)
58ea4d40 292 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 293
5b9aa107 294(define-public gnutls/dane
295 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
296 ;; Authentication of Named Entities. This is required for GNS functionality
297 ;; by GNUnet and gnURL. This is done in an extra package definition
298 ;; to have the choice between GnuTLS with Dane and without Dane.
a270af31 299 (package/inherit gnutls
5b9aa107 300 (name "gnutls-dane")
301 (inputs `(("unbound" ,unbound)
302 ,@(package-inputs gnutls)))))
303
67a3c8ed 304(define-public guile2.2-gnutls
74e2c0e0 305 (package/inherit gnutls
67a3c8ed
MB		 306 (name "guile2.2-gnutls")
307 (inputs `(("guile" ,guile-2.2)
d630d781 308 ,@(alist-delete "guile"
5f9f034e 309 (package-inputs gnutls))))))
d630d781 310
4e6c9f56
LC		 311(define-public guile3.0-gnutls
312 (deprecated-package "guile3.0-gnutls" gnutls))
67a3c8ed 313
cc2b77df
AE		 314(define-public openssl
315 (package
316 (name "openssl")
0cb4032f 317 (version "1.1.1j")
cc2b77df 318 (source (origin
4cff124b 319 (method url-fetch)
bdf0b6fc
MB		 320 (uri (list (string-append "https://www.openssl.org/source/openssl-"
321 version ".tar.gz")
322 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 323 "openssl-" version ".tar.gz")
4cff124b
LC		 324 (string-append "ftp://ftp.openssl.org/source/old/"
325 (string-trim-right version char-set:letter)
c7f5c3ea 326 "/openssl-" version ".tar.gz")))
c4868e38 327 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
4cff124b
LC		 328 (sha256
329 (base32
0cb4032f 330 "1gw17520vh13izy1xf5q0a2fqgcayymjjj5bk0dlkxndfnszrwma"))))
cc2b77df 331 (build-system gnu-build-system)
8c78aeb7 332 (outputs '("out"
e74f153a
MB		 333 "doc" ;6.8 MiB of man3 pages and full HTML documentation
334 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 335 (native-inputs `(("perl" ,perl)))
336 (arguments
88b52527 337 `(#:parallel-tests? #f
cc2b77df 338 #:test-target "test"
8c9ec203
LF		 339
340 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
341 ;; so we explicitly disallow it here.
342 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 343 #:phases
b6cb1358 344 (modify-phases %standard-phases
d4dbcb81
EF		 345 ,@(if (%current-target-system)
346 '((add-before
347 'configure 'set-cross-compile
348 (lambda* (#:key target outputs #:allow-other-keys)
349 (setenv "CROSS_COMPILE" (string-append target "-"))
350 (setenv "CONFIGURE_TARGET_ARCH"
351 (cond
352 ((string-prefix? "i586" target)
353 "hurd-x86")
354 ((string-prefix? "i686" target)
355 "linux-x86")
356 ((string-prefix? "x86_64" target)
357 "linux-x86_64")
358 ((string-prefix? "mips64el" target)
359 "linux-mips64")
360 ((string-prefix? "arm" target)
361 "linux-armv4")
362 ((string-prefix? "aarch64" target)
c8535c25
EF		 363 "linux-aarch64")
364 ((string-prefix? "powerpc64le" target)
365 "linux-ppc64le")
366 ((string-prefix? "powerpc64" target)
367 "linux-ppc64")
368 ((string-prefix? "powerpc" target)
369 "linux-ppc")))
d4dbcb81
EF		 370 #t)))
371 '())
e74f153a
MB		 372 (replace 'configure
373 (lambda* (#:key outputs #:allow-other-keys)
374 (let* ((out (assoc-ref outputs "out"))
375 (lib (string-append out "/lib")))
376 ;; It's not a shebang so patch-source-shebangs misses it.
377 (substitute* "config"
378 (("/usr/bin/env")
379 (string-append (assoc-ref %build-inputs "coreutils")
380 "/bin/env")))
bdcdd550 381 (invoke ,@(if (%current-target-system)
d4dbcb81
EF		 382 '("./Configure")
383 '("./config"))
e74f153a
MB		 384 "shared" ;build shared libraries
385 "--libdir=lib"
4fb254a3 386
e74f153a
MB		 387 ;; The default for this catch-all directory is
388 ;; PREFIX/ssl. Change that to something more
389 ;; conventional.
390 (string-append "--openssldir=" out
b082ea94
LF		 391 "/share/openssl-"
392 ,(package-version this-package))
4fb254a3 393
e74f153a 394 (string-append "--prefix=" out)
bdcdd550 395 (string-append "-Wl,-rpath," lib)
d4dbcb81
EF		 396 ,@(if (%current-target-system)
397 '((getenv "CONFIGURE_TARGET_ARCH"))
398 '())))))
8c78aeb7
LC		 399 (add-after 'install 'move-static-libraries
400 (lambda* (#:key outputs #:allow-other-keys)
401 ;; Move static libraries to the "static" output.
402 (let* ((out (assoc-ref outputs "out"))
403 (lib (string-append out "/lib"))
404 (static (assoc-ref outputs "static"))
405 (slib (string-append static "/lib")))
8c78aeb7
LC		 406 (for-each (lambda (file)
407 (install-file file slib)
408 (delete-file file))
409 (find-files lib "\\.a$"))
410 #t)))
e74f153a 411 (add-after 'install 'move-extra-documentation
a909b576 412 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 413 ;; Move man3 pages and full HTML documentation to "doc".
414 (let* ((out (assoc-ref outputs "out"))
415 (man3 (string-append out "/share/man/man3"))
416 (html (string-append out "/share/doc/openssl"))
417 (doc (assoc-ref outputs "doc"))
418 (man-target (string-append doc "/share/man/man3"))
419 (html-target (string-append doc "/share/doc/openssl")))
420 (copy-recursively man3 man-target)
421 (delete-file-recursively man3)
422 (copy-recursively html html-target)
423 (delete-file-recursively html)
424 #t)))
784d6e91
LC		 425 (add-after
426 'install 'remove-miscellany
427 (lambda* (#:key outputs #:allow-other-keys)
428 ;; The 'misc' directory contains random undocumented shell and Perl
429 ;; scripts. Remove them to avoid retaining a reference on Perl.
430 (let ((out (assoc-ref outputs "out")))
431 (delete-file-recursively (string-append out "/share/openssl-"
b082ea94
LF		 432 ,(package-version this-package)
433 "/misc"))
784d6e91 434 #t))))))
cc2b77df 435 (native-search-paths
cc2b77df
AE		 436 (list (search-path-specification
437 (variable "SSL_CERT_DIR")
5d7a47cc 438 (separator #f) ;single entry
cc2b77df
AE		 439 (files '("etc/ssl/certs")))
440 (search-path-specification
441 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 442 (file-type 'regular)
443 (separator #f) ;single entry
cc2b77df
AE		 444 (files '("etc/ssl/certs/ca-certificates.crt")))))
445 (synopsis "SSL/TLS implementation")
446 (description
e881752c 447 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 448 (license license:openssl)
4631e6c9 449 (home-page "https://www.openssl.org/")))
cc2b77df 450
e74f153a 451(define-public openssl-1.0
763899f0
LF		 452 (package
453 (inherit openssl)
454 (name "openssl")
b0b79542 455 (version "1.0.2u")
763899f0 456 (source (origin
e74f153a
MB		 457 (method url-fetch)
458 (uri (list (string-append "https://www.openssl.org/source/openssl-"
459 version ".tar.gz")
460 (string-append "ftp://ftp.openssl.org/source/"
461 "openssl-" version ".tar.gz")
462 (string-append "ftp://ftp.openssl.org/source/old/"
463 (string-trim-right version char-set:letter)
464 "/openssl-" version ".tar.gz")))
763899f0
LF		 465 (sha256
466 (base32
b0b79542 467 "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
e74f153a
MB		 468 (patches (search-patches "openssl-runpath.patch"
469 "openssl-c-rehash-in.patch"))))
763899f0 470 (outputs '("out"
e74f153a
MB		 471 "doc" ;1.5MiB of man3 pages
472 "static")) ;6MiB of .a files
763899f0
LF		 473 (arguments
474 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 475 ;; Parallel build is not supported in 1.0.x.
476 ((#:parallel-build? _ #f) #f)
763899f0
LF		 477 ((#:phases phases)
478 `(modify-phases ,phases
e74f153a
MB		 479 (add-before 'patch-source-shebangs 'patch-tests
480 (lambda* (#:key inputs native-inputs #:allow-other-keys)
481 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
482 (substitute* (find-files "test" ".*")
483 (("/bin/sh")
484 (string-append bash "/bin/sh"))
485 (("/bin/rm")
486 "rm"))
487 #t)))
488 (add-before 'configure 'patch-Makefile.org
763899f0 489 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 490 ;; The default MANDIR is some unusual place. Fix that.
491 (let ((out (assoc-ref outputs "out")))
492 (patch-makefile-SHELL "Makefile.org")
493 (substitute* "Makefile.org"
494 (("^MANDIR[[:blank:]]*=.*$")
495 (string-append "MANDIR = " out "/share/man\n")))
496 #t)))
bdcdd550
MO		 497 (replace 'configure
498 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
499 (lambda* (#:key outputs #:allow-other-keys)
500 (let ((out (assoc-ref outputs "out")))
501 (invoke ,@(if (%current-target-system)
502 '("./Configure")
503 '("./config"))
504 "shared" ;build shared libraries
505 "--libdir=lib"
fc184fe2 506
bdcdd550
MO		 507 ;; The default for this catch-all directory is
508 ;; PREFIX/ssl. Change that to something more
509 ;; conventional.
510 (string-append "--openssldir=" out
511 "/share/openssl-" ,version)
fc184fe2 512
bdcdd550
MO		 513 (string-append "--prefix=" out)
514 ,@(if (%current-target-system)
515 '((getenv "CONFIGURE_TARGET_ARCH"))
516 '())))))
e74f153a
MB		 517 (delete 'move-extra-documentation)
518 (add-after 'install 'move-man3-pages
519 (lambda* (#:key outputs #:allow-other-keys)
520 ;; Move section 3 man pages to "doc".
521 (let* ((out (assoc-ref outputs "out"))
522 (man3 (string-append out "/share/man/man3"))
523 (doc (assoc-ref outputs "doc"))
524 (target (string-append doc "/share/man/man3")))
525 (mkdir-p target)
526 (for-each (lambda (file)
527 (rename-file file
528 (string-append target "/"
529 (basename file))))
530 (find-files man3))
531 (delete-file-recursively man3)
532 #t)))
fc184fe2
MB		 533 ;; XXX: Duplicate this phase to make sure 'version' evaluates
534 ;; in the current scope and not the inherited one.
535 (replace 'remove-miscellany
536 (lambda* (#:key outputs #:allow-other-keys)
537 ;; The 'misc' directory contains random undocumented shell and Perl
538 ;; scripts. Remove them to avoid retaining a reference on Perl.
539 (let ((out (assoc-ref outputs "out")))
540 (delete-file-recursively (string-append out "/share/openssl-"
541 ,version "/misc"))
763899f0
LF		 542 #t)))))))))
543
cb6a802c
AE		 544(define-public libressl
545 (package
546 (name "libressl")
db201657 547 (version "3.1.5")
644e5f17
TGR		 548 (source (origin
549 (method url-fetch)
550 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 551 "libressl-" version ".tar.gz"))
644e5f17
TGR		 552 (sha256
553 (base32
db201657 554 "1504a1sf43frw43j14pij0q1f48rm5q86ggrlxxhw708qp7ds4rc"))))
cb6a802c 555 (build-system gnu-build-system)
a2d64899 556 (arguments
db201657
TGR		 557 ;; Do as if 'getentropy' were missing: Linux kernels before 3.17 lack its
558 ;; underlying 'getrandom' system call and ENOSYS isn't properly handled.
a2d64899 559 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 560 '(#:configure-flags '("ac_cv_func_getentropy=no"
561 ;; Provide a TLS-enabled netcat.
562 "--enable-nc")))
cb6a802c 563 (native-search-paths
cb6a802c
AE		 564 (list (search-path-specification
565 (variable "SSL_CERT_DIR")
04cfe91e 566 (separator #f) ;single entry
cb6a802c
AE		 567 (files '("etc/ssl/certs")))
568 (search-path-specification
569 (variable "SSL_CERT_FILE")
04cfe91e 570 (separator #f) ;single entry
cb6a802c 571 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 572 (home-page "https://www.libressl.org/")
cb6a802c 573 (synopsis "SSL/TLS implementation")
df08f385
LF		 574 (description "LibreSSL is a version of the TLS/crypto stack, forked from
575OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
576and applying best practice development processes. This package also includes a
577netcat implementation that supports TLS.")
cb6a802c
AE		 578 ;; Files taken from OpenSSL keep their license, others are under various
579 ;; non-copyleft licenses.
580 (license (list license:openssl
581 (license:non-copyleft
582 "file://COPYING"
583 "See COPYING in the distribution.")))))
584
6cefd53d 585(define-public python-acme
7890e3ba 586 (package
6cefd53d 587 (name "python-acme")
686d4259 588 ;; Remember to update the hash of certbot when updating python-acme.
069399ee 589 (version "1.15.0")
7890e3ba 590 (source (origin
9495cf9a 591 (method url-fetch)
f349d36e 592 (uri (pypi-uri "acme" version))
881006b6
MB		 593 (sha256
594 (base32
069399ee 595 "0kgf1d3gl7dg1rz3q4093kf8g0p2d0m40c7qmn96ihz2224wa307"))))
7890e3ba
LF		 596 (build-system python-build-system)
597 (arguments
6cefd53d 598 `(#:phases
9bee9d87 599 (modify-phases %standard-phases
1fc8476d
MB		 600 (add-after 'build 'build-documentation
601 (lambda _
d4bd2453 602 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 603 (add-after 'install 'install-documentation
50a7963a
LF		 604 (lambda* (#:key outputs #:allow-other-keys)
605 (let* ((out (assoc-ref outputs "out"))
606 (man (string-append out "/share/man/man1"))
607 (info (string-append out "/info")))
1fc8476d
MB		 608 (install-file "docs/_build/texinfo/acme-python.info" info)
609 (install-file "docs/_build/man/acme-python.1" man)
610 #t))))))
7890e3ba 611 (native-inputs
c3a75373 612 `(("python-pytest" ,python-pytest)
50a7963a
LF		 613 ;; For documentation
614 ("python-sphinx" ,python-sphinx)
615 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
616 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 617 ("texinfo" ,texinfo)))
7890e3ba 618 (propagated-inputs
92572184 619 `(("python-josepy" ,python-josepy)
6cefd53d 620 ("python-requests" ,python-requests)
b494bbe4 621 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 622 ("python-pytz" ,python-pytz)
623 ("python-pyrfc3339" ,python-pyrfc3339)
624 ("python-pyasn1" ,python-pyasn1)
625 ("python-cryptography" ,python-cryptography)
626 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 627 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 628 (synopsis "ACME protocol implementation in Python")
629 (description "ACME protocol implementation in Python")
630 (license license:asl2.0)))
631
9495cf9a 632(define-public certbot
9fd0838b 633 (package
9495cf9a 634 (name "certbot")
686d4259
LF		 635 ;; Certbot and python-acme are developed in the same repository, and their
636 ;; versions should remain synchronized.
637 (version (package-version python-acme))
9fd0838b
DT		 638 (source (origin
639 (method url-fetch)
b380463b 640 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 641 (sha256
642 (base32
069399ee 643 "1qcznszgqdgx1nhk4vdi896gknvx8rg4w8iw15lwqg6byhiyazyv"))))
9fd0838b
DT		 644 (build-system python-build-system)
645 (arguments
fed1898d 646 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 647 ((#:phases phases)
648 `(modify-phases ,phases
1fc8476d 649 (replace 'install-documentation
f26d6e4e
LF		 650 (lambda* (#:key outputs #:allow-other-keys)
651 (let* ((out (assoc-ref outputs "out"))
652 (man1 (string-append out "/share/man/man1"))
653 (man7 (string-append out "/share/man/man7"))
654 (info (string-append out "/info")))
1fc8476d
MB		 655 (install-file "docs/_build/texinfo/Certbot.info" info)
656 (install-file "docs/_build/man/certbot.1" man1)
657 (install-file "docs/_build/man/certbot.7" man7)
658 #t))))))))
9fd0838b 659 (native-inputs
d05c14df
TGR		 660 `(("python-mock" ,python-mock)
661 ("python-pytest" ,python-pytest)
f9263d9a 662 ;; For documentation
fed1898d
LF		 663 ("python-sphinx" ,python-sphinx)
664 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
665 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
666 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 667 ("texinfo" ,texinfo)))
9fd0838b 668 (propagated-inputs
fed1898d 669 `(("python-acme" ,python-acme)
d05c14df 670 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 671 ("python-zope-interface" ,python-zope-interface)
672 ("python-pyrfc3339" ,python-pyrfc3339)
673 ("python-pyopenssl" ,python-pyopenssl)
674 ("python-configobj" ,python-configobj)
675 ("python-configargparse" ,python-configargparse)
b977d900 676 ("python-distro" ,python-distro)
fed1898d
LF		 677 ("python-zope-component" ,python-zope-component)
678 ("python-parsedatetime" ,python-parsedatetime)
fed1898d
LF		 679 ("python-psutil" ,python-psutil)
680 ("python-requests" ,python-requests)
681 ("python-pytz" ,python-pytz)))
d8a1be63 682 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 683 (description "Certbot automatically receives and installs X.509 certificates
684to enable Transport Layer Security (TLS) on servers. It interoperates with the
685Let’s Encrypt certificate authority (CA), which issues browser-trusted
686certificates for free.")
24778368 687 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 688 (license license:asl2.0)))
689
9495cf9a
LF		 690(define-public letsencrypt
691 (package (inherit certbot)
56ab55d1
LF		 692 (name "letsencrypt")
693 (properties `((superseded . ,certbot)))))
9495cf9a 694
cc2b77df
AE		 695(define-public perl-net-ssleay
696 (package
697 (name "perl-net-ssleay")
966e4bea 698 (version "1.88")
cc2b77df
AE		 699 (source (origin
700 (method url-fetch)
c50f15d6 701 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 702 "Net-SSLeay-" version ".tar.gz"))
703 (sha256
704 (base32
966e4bea 705 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 706 (build-system perl-build-system)
707 (inputs `(("openssl" ,openssl)))
708 (arguments
1084ec08
MW		 709 `(#:phases
710 (modify-phases %standard-phases
1084ec08
MW		 711 (add-before
712 'configure 'set-ssl-prefix
713 (lambda* (#:key inputs #:allow-other-keys)
714 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
715 #t)))))
cc2b77df
AE		 716 (synopsis "Perl extension for using OpenSSL")
717 (description
718 "This module offers some high level convenience functions for accessing
719web pages on SSL servers (for symmetry, the same API is offered for accessing
720http servers, too), an sslcat() function for writing your own clients, and
721finally access to the SSL api of the SSLeay/OpenSSL package so you can write
722servers or clients for more complicated applications.")
2f3108ad 723 (license license:perl-license)
9aba9b12 724 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 725
726(define-public perl-crypt-openssl-rsa
727 (package
728 (name "perl-crypt-openssl-rsa")
a9994b27 729 (version "0.31")
4532c0c0
DM		 730 (source
731 (origin
732 (method url-fetch)
733 (uri (string-append
683b8d47 734 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 735 version
736 ".tar.gz"))
737 (sha256
738 (base32
a9994b27 739 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 740 (build-system perl-build-system)
683b8d47
TGR		 741 (native-inputs
742 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 743 (inputs
744 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
745 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
746 ("openssl" ,openssl)))
747 (arguments perl-crypt-arguments)
748 (home-page
9aba9b12 749 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 750 (synopsis
751 "RSA encoding and decoding, using the openSSL libraries")
752 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
753OpenSSL libraries).")
2f3108ad 754 (license license:perl-license)))
adff71ca
DM		 755
756(define perl-crypt-arguments
757 `(#:phases (modify-phases %standard-phases
758 (add-before 'configure 'patch-Makefile.PL
759 (lambda* (#:key inputs #:allow-other-keys)
760 (substitute* "Makefile.PL"
761 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
762 (assoc-ref inputs "openssl")
763 "/lib -lcrypto'],")))
764 #t)))))
765
766(define-public perl-crypt-openssl-bignum
767 (package
768 (name "perl-crypt-openssl-bignum")
7e8aac18 769 (version "0.09")
adff71ca
DM		 770 (source
771 (origin
772 (method url-fetch)
773 (uri (string-append
774 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
775 version
776 ".tar.gz"))
777 (sha256
778 (base32
7e8aac18 779 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 780 (build-system perl-build-system)
781 (inputs `(("openssl" ,openssl)))
782 (arguments perl-crypt-arguments)
783 (home-page
9aba9b12 784 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 785 (synopsis
786 "OpenSSL's multiprecision integer arithmetic in Perl")
787 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
788arithmetic in Perl.")
789 ;; At your option either gpl1+ or the Artistic License
2f3108ad 790 (license license:perl-license)))
cccb4d26 791
c80590f6
TGR		 792(define-public perl-crypt-openssl-guess
793 (package
794 (name "perl-crypt-openssl-guess")
795 (version "0.11")
796 (source
797 (origin
798 (method url-fetch)
799 (uri (string-append
800 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
801 version ".tar.gz"))
802 (sha256
803 (base32
804 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
805 (build-system perl-build-system)
9aba9b12 806 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 807 (synopsis "Guess the OpenSSL include path")
808 (description
809 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
810correct OpenSSL include path. It is intended for use in your
811@file{Makefile.PL}.")
812 (license license:perl-license)))
813
cccb4d26
DM		 814(define-public perl-crypt-openssl-random
815 (package
816 (name "perl-crypt-openssl-random")
fa2d19cc 817 (version "0.15")
cccb4d26
DM		 818 (source
819 (origin
820 (method url-fetch)
821 (uri (string-append
822 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
823 version
824 ".tar.gz"))
825 (sha256
fa2d19cc 826 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 827 (build-system perl-build-system)
b30c23c4
TGR		 828 (native-inputs
829 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
830 (inputs
831 `(("openssl" ,openssl)))
cccb4d26
DM		 832 (arguments perl-crypt-arguments)
833 (home-page
9aba9b12 834 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 835 (synopsis
836 "OpenSSL/LibreSSL pseudo-random number generator access")
837 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
838number generator")
2f3108ad 839 (license license:perl-license)))
0581c273
LF		 840
841(define-public acme-client
842 (package
843 (name "acme-client")
4a6b2a21 844 (version "0.1.16")
0581c273
LF		 845 (source (origin
846 (method url-fetch)
847 (uri (string-append "https://kristaps.bsd.lv/" name "/"
848 "snapshots/" name "-portable-"
849 version ".tgz"))
850 (sha256
851 (base32
4a6b2a21 852 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 853 (build-system gnu-build-system)
854 (arguments
855 '(#:tests? #f ; no test suite
856 #:make-flags
857 (list "CC=gcc"
858 (string-append "PREFIX=" (assoc-ref %outputs "out")))
859 #:phases
860 (modify-phases %standard-phases
7c1a7bf4
LF		 861 (add-after 'unpack 'patch-paths
862 (lambda* (#:key inputs #:allow-other-keys)
863 (let ((pem (string-append (assoc-ref inputs "libressl")
864 "/etc/ssl/cert.pem")))
865 (substitute* "http.c"
866 (("/etc/ssl/cert.pem") pem))
867 #t)))
0581c273 868 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 869 (native-inputs
870 `(("pkg-config" ,pkg-config)))
0581c273
LF		 871 (inputs
872 `(("libbsd" ,libbsd)
873 ("libressl" ,libressl)))
874 (synopsis "Let's Encrypt client by the OpenBSD project")
875 (description "acme-client is a Let's Encrypt client implemented in C. It
876uses a modular design, and attempts to secure itself by dropping privileges and
877operating in a chroot where possible. acme-client is developed on OpenBSD and
878then ported to the GNU / Linux environment.")
879 (home-page "https://kristaps.bsd.lv/acme-client/")
880 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
881 ;; and 'jsmn.c' are distributed under the Expat license.
882 (license (list license:isc license:expat))))
88522738 883
884;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
885;; variant exists in addition to the "-apache" one.
886(define-public mbedtls-apache
887 (package
888 (name "mbedtls-apache")
5cdb25c6
TGR		 889 ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
890 ;; when updating.
927ecd4e 891 (version "2.23.0")
88522738 892 (source
893 (origin
927ecd4e
TGR		 894 (method git-fetch)
895 (uri (git-reference
896 (url "https://github.com/ARMmbed/mbedtls")
897 (commit (string-append "mbedtls-" version))))
88522738 898 (sha256
927ecd4e
TGR		 899 (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62"))
900 (file-name (git-file-name name version))))
88522738 901 (build-system cmake-build-system)
a64d9d56
RW		 902 (arguments
903 `(#:configure-flags
92ebd8ed 904 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
927ecd4e
TGR		 905 "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
906 #:phases
907 (modify-phases %standard-phases
908 (add-after 'unpack 'make-source-writable
909 (lambda _
910 (for-each make-file-writable (find-files "."))
927ecd4e 911 #t)))))
88522738 912 (native-inputs
38a9bf80
TGR		 913 `(("perl" ,perl)
914 ("python" ,python)))
88522738 915 (synopsis "Small TLS library")
916 (description
917 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
918for developers to include cryptographic and SSL/TLS capabilities in their
919(embedded) products, facilitating this functionality with a minimal
920coding footprint.")
921 (home-page "https://tls.mbed.org")
922 (license license:asl2.0)))
587d1752 923
8e87aa04
TGR		 924;; The Hiawatha Web server requires some specific features to be enabled.
925(define-public mbedtls-for-hiawatha
926 (hidden-package
927 (package
928 (inherit mbedtls-apache)
929 (arguments
5cdb25c6
TGR		 930 (substitute-keyword-arguments (package-arguments mbedtls-apache)
931 ((#:phases phases)
932 `(modify-phases ,phases
933 (add-before 'configure 'configure-extra-features
934 (lambda _
935 (for-each (lambda (feature)
936 (invoke "scripts/config.pl" "set" feature))
937 (list "MBEDTLS_THREADING_C"
938 "MBEDTLS_THREADING_PTHREAD"))
939 ;; XXX The above enables code that breaks with -Werror…
940 (substitute* "CMakeLists.txt"
941 ((" -Wformat-signedness") ""))
942 #t)))))))))
8e87aa04 943
e8b3a158
CL		 944(define-public dehydrated
945 (package
946 (name "dehydrated")
69b98261 947 (version "0.7.0")
e8b3a158 948 (source (origin
2850d877 949 (method url-fetch)
e8b3a158 950 (uri (string-append
bb5ab9bf 951 "https://github.com/dehydrated-io/dehydrated/releases/download/"
2850d877 952 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 953 (sha256
954 (base32
69b98261 955 "1yf4kldyd5y13r6qxrkcbbk74ykngq7jzy0351vb2r3ywp114pqw"))))
e8b3a158
CL		 956 (build-system trivial-build-system)
957 (arguments
c150d637
TGR		 958 `(#:modules ((guix build utils)
959 (srfi srfi-26))
e8b3a158
CL		 960 #:builder
961 (begin
c150d637
TGR		 962 (use-modules (guix build utils)
963 (srfi srfi-26))
e8b3a158 964 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 965 (tar (assoc-ref %build-inputs "tar"))
966 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 967 (out (assoc-ref %outputs "out"))
968 (bin (string-append out "/bin"))
c150d637
TGR		 969 (doc (string-append out "/share/doc/" ,name "-" ,version))
970 (man (string-append out "/share/man"))
e8b3a158 971 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 972
973 (setenv "PATH" (string-append gz "/bin"))
974 (invoke (string-append tar "/bin/tar") "xvf" source)
975 (chdir (string-append ,name "-" ,version))
976
c150d637
TGR		 977 (copy-recursively "docs" doc)
978 (install-file "LICENSE" doc)
979
980 (mkdir-p man)
981 (rename-file (string-append doc "/man")
982 (string-append man "/man1"))
983 (for-each (cut invoke "gzip" "-9" <>)
984 (find-files man ".*"))
985
2850d877 986 (install-file "dehydrated" bin)
e8b3a158 987 (with-directory-excursion bin
e8b3a158
CL		 988 (patch-shebang "dehydrated" (list bash))
989
c150d637 990 ;; Do not try to write to the store.
e8b3a158
CL		 991 (substitute* "dehydrated"
992 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
993
994 (setenv "PATH" bash)
995 (wrap-program "dehydrated"
996 `("PATH" ":" prefix
997 ,(map (lambda (dir)
998 (string-append dir "/bin"))
999 (map (lambda (input)
1000 (assoc-ref %build-inputs input))
1001 '("coreutils"
1002 "curl"
1003 "diffutils"
1004 "gawk"
1005 "grep"
1006 "openssl"
1007 "sed"))))))
1008 #t))))
1009 (inputs
1010 `(("bash" ,bash)
1011 ("coreutils" ,coreutils)
1012 ("curl" ,curl)
1013 ("diffutils" ,diffutils)
1014 ("gawk" ,gawk)
1015 ("grep" ,grep)
1016 ("openssl" ,openssl)
1017 ("sed" ,sed)))
2850d877
EF		 1018 (native-inputs
1019 `(("gzip" ,gzip)
1020 ("tar" ,tar)))
e8b3a158
CL		 1021 (home-page "https://dehydrated.io/")
1022 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
1023 (description "Dehydrated is a client for signing certificates with an
1024ACME-server (currently only provided by Let's Encrypt) implemented as a
1025relatively simple Bash script.")
1026 (license license:expat)))
ea22aa1f
LF		 1027
1028(define-public go-github-com-certifi-gocertifi
db388401
LF		 1029 (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec")
1030 (revision "1"))
1031 (package
1032 (name "go-github-com-certifi-gocertifi")
1033 (version (git-version "2018.01.18" revision commit))
1034 (source (origin
1035 (method git-fetch)
1036 (uri (git-reference
1037 (url "https://github.com/certifi/gocertifi")
1038 (commit commit)))
1039 (file-name (git-file-name name version))
1040 (sha256
1041 (base32
1042 "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj"))))
1043 (build-system go-build-system)
1044 (arguments
1045 '(#:import-path "github.com/certifi/gocertifi"))
1046 (synopsis "X.509 TLS root certificate bundle for Go")
1047 (description "This package is a Go language X.509 TLS root certificate bundle,
ea22aa1f 1048derived from Mozilla's collection.")
db388401
LF		 1049 (home-page "https://certifi.io")
1050 (license license:mpl2.0))))
1b518888
GH		 1051
1052(define-public s2n
1053 (package
1054 (name "s2n")
1055 (version "1.0.0")
1056 (source (origin
1057 (method git-fetch)
1058 (uri (git-reference
1059 (url (string-append "https://github.com/awslabs/" name))
1060 (commit (string-append "v" version))))
1061 (file-name (git-file-name name version))
1062 (sha256
1063 (base32
1064 "1q6kmgwb8jxmc4ijzk9pkqzz8lsbfsv9hyzqvy944w7306zx1r5h"))))
1065 (build-system cmake-build-system)
1066 (arguments
1067 '(#:tests? #f ; tests fail to build for static library
1068 #:configure-flags
1069 '("-DBUILD_TESTING=OFF"
1070 "-DBUILD_SHARED_LIBS=ON")))
1071 (propagated-inputs
1072 `(("openssl" ,openssl)
1073 ("openssl:static" ,openssl "static")))
1074 (synopsis "SSL/TLS implementation")
1075 (description "This library provides a C99 implementation of SSL/TLS.")
1076 (home-page "https://github.com/awslabs/s2n")
1077 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/