HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: gnutls: Enable more testing.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
ac83dc82 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
05f6e601 3;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ea22aa1f 7;;; Copyright © 2015, 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
db388401 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
3c986a7d 9;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e8df8800 12;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
a92c6b1a 13;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
bdcdd550 16;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
a9bcc647 17;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
5cf6f6fe 18;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
7543f865 19;;;
233e7676 20;;; This file is part of GNU Guix.
7543f865 21;;;
233e7676 22;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 23;;; under the terms of the GNU General Public License as published by
24;;; the Free Software Foundation; either version 3 of the License, or (at
25;;; your option) any later version.
26;;;
233e7676 27;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 28;;; WITHOUT ANY WARRANTY; without even the implied warranty of
29;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30;;; GNU General Public License for more details.
31;;;
32;;; You should have received a copy of the GNU General Public License
233e7676 33;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 34
a7fd7b68 35(define-module (gnu packages tls)
e9aa8d0c 36 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 37 #:use-module (guix packages)
38 #:use-module (guix download)
ea22aa1f 39 #:use-module (guix git-download)
29a7c98a 40 #:use-module (guix utils)
7543f865 41 #:use-module (guix build-system gnu)
ea22aa1f 42 #:use-module (guix build-system go)
cc2b77df 43 #:use-module (guix build-system perl)
7890e3ba 44 #:use-module (guix build-system python)
88522738 45 #:use-module (guix build-system cmake)
e8b3a158 46 #:use-module (guix build-system trivial)
f61e0e79 47 #:use-module (gnu packages compression)
013ce67b 48 #:use-module (gnu packages)
5cf6f6fe 49 #:use-module (gnu packages autotools)
e8b3a158 50 #:use-module (gnu packages bash)
ac257f12 51 #:use-module (gnu packages check)
e8b3a158 52 #:use-module (gnu packages curl)
5b9aa107 53 #:use-module (gnu packages dns)
e8b3a158 54 #:use-module (gnu packages gawk)
5cf6f6fe 55 #:use-module (gnu packages gettext)
1ffa7090 56 #:use-module (gnu packages guile)
a9bcc647 57 #:use-module (gnu packages hurd)
0581c273 58 #:use-module (gnu packages libbsd)
27e86bed 59 #:use-module (gnu packages libffi)
866f469e 60 #:use-module (gnu packages libidn)
5d4c90ae 61 #:use-module (gnu packages linux)
7890e3ba 62 #:use-module (gnu packages ncurses)
27e86bed 63 #:use-module (gnu packages nettle)
e7ab9c33 64 #:use-module (gnu packages networking)
1ffa7090 65 #:use-module (gnu packages perl)
27e86bed 66 #:use-module (gnu packages pkg-config)
7890e3ba 67 #:use-module (gnu packages python)
cc6f4912 68 #:use-module (gnu packages python-crypto)
1b2f753d 69 #:use-module (gnu packages python-web)
44d10b1f 70 #:use-module (gnu packages python-xyz)
9d0c291e 71 #:use-module (gnu packages sphinx)
a31f4d35 72 #:use-module (gnu packages texinfo)
33dc54b0 73 #:use-module (gnu packages time)
079f013b
LC		 74 #:use-module (gnu packages base)
75 #:use-module (srfi srfi-1))
7543f865
LC		 76
77(define-public libtasn1
78 (package
79 (name "libtasn1")
3a22f04a 80 (version "4.16.0")
7543f865
LC		 81 (source
82 (origin
83 (method url-fetch)
84 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
85 version ".tar.gz"))
86 (sha256
87 (base32
3a22f04a 88 "179jskl7dmfp1rd2khkzmlibzgki4wi6hvmmwfv7q49r728b03qf"))))
7543f865 89 (build-system gnu-build-system)
d9f84612
MB		 90 (arguments
91 `(#:configure-flags '("--disable-static")))
3ea110b7 92 (native-inputs `(("perl" ,perl)))
6fd52309 93 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 94 (synopsis "ASN.1 library")
7543f865 95 (description
79c311b8
LC		 96 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
97for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 98networking, allowing for formal validation of data according to some
99specifications.")
e9aa8d0c 100 (license license:lgpl2.0+)))
7543f865 101
375cef6c
HG		 102(define-public asn1c
103 (package
104 (name "asn1c")
ff7da7e0 105 (version "0.9.28")
375cef6c
HG		 106 (source (origin
107 (method url-fetch)
108 (uri (string-append "https://lionet.info/soft/asn1c-"
109 version ".tar.gz"))
110 (sha256
111 (base32
ff7da7e0 112 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 113 (build-system gnu-build-system)
114 (native-inputs
115 `(("perl" ,perl)))
116 (home-page "https://lionet.info/asn1c")
117 (synopsis "ASN.1 to C compiler")
118 (description "The ASN.1 to C compiler takes ASN.1 module
119files and generates C++ compatible C source code. That code can be
120used to serialize the native C structures into compact and unambiguous
121BER/XER/PER-based data files, and deserialize the files back.
122
123Various ASN.1 based formats are widely used in the industry, such as to encode
124the X.509 certificates employed in the HTTPS handshake, to exchange control
125data between mobile phones and cellular networks, to car-to-car communication
126in intelligent transportation networks.")
127 (license license:bsd-2)))
128
27e86bed
AE		 129(define-public p11-kit
130 (package
131 (name "p11-kit")
149d9181 132 (version "0.23.21")
27e86bed
AE		 133 (source
134 (origin
135 (method url-fetch)
e6ad9bda 136 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
eae94df6 137 "download/" version "/p11-kit-" version ".tar.xz"))
27e86bed 138 (sha256
149d9181 139 (base32 "09q6n63qmqcdw6v0fwmhdmsqrcndnp5m9jvby1kxi82wy29s9fpi"))))
27e86bed
AE		 140 (build-system gnu-build-system)
141 (native-inputs
142 `(("pkg-config" ,pkg-config)))
143 (inputs
144 `(("libffi" ,libffi)
145 ("libtasn1" ,libtasn1)))
146 (arguments
d5c472a2
MB		 147 `(#:configure-flags '("--without-trust-paths")
148 #:phases (modify-phases %standard-phases
149 (add-before 'check 'prepare-tests
150 (lambda _
151 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
152 ;; and looks for .cache and other directories (only).
153 ;; For simplicity just drop it since it is irrelevant
154 ;; in the build container.
155 (substitute* "Makefile"
156 (("test-runtime\\$\\(EXEEXT\\)") ""))
157 #t)))))
4631e6c9 158 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 159 (synopsis "PKCS#11 library")
160 (description
161 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
162provides a standard configuration setup for installing PKCS#11 modules
163in such a way that they are discoverable. It also solves problems with
164coordinating the use of PKCS#11 by different components or libraries
165living in the same process.")
e9aa8d0c 166 (license license:bsd-3)))
27e86bed 167
7543f865
LC		 168(define-public gnutls
169 (package
170 (name "gnutls")
0e54d63d 171 (version "3.6.15")
d7d408d5
LC		 172 (source (origin
173 (method url-fetch)
174 (uri
175 ;; Note: Releases are no longer on ftp.gnu.org since the
176 ;; schism (after version 3.1.5).
d93627e4 177 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 178 (version-major+minor version)
d93627e4 179 "/gnutls-" version ".tar.xz"))
06f5bc4e 180 (patches (search-patches "gnutls-skip-trust-store-test.patch"))
d7d408d5
LC		 181 (sha256
182 (base32
0e54d63d 183 "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
7543f865 184 (build-system gnu-build-system)
b94ae0b8 185 (arguments
9015ed66 186 `(#:tests? ,(not (hurd-target?))
e7ab9c33
LC		 187
188 ;; Ensure we don't keep a reference to the tools used for testing.
189 #:disallowed-references ,(if (hurd-target?)
190 '()
191 (list net-tools iproute socat))
76b21274 192 #:configure-flags
a0700787 193 (list
aa7c7f21
MW		 194 ;; GnuTLS doesn't consult any environment variables to specify
195 ;; the location of the system-wide trust store. Instead it has a
196 ;; configure-time option. Unless specified, its configure script
197 ;; attempts to auto-detect the location by looking for common
8f65585b 198 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 199 ;; chroot build environment. If not found, then no default trust
200 ;; store is used, so each program has to provide its own
201 ;; fallback, and users have to configure each program
202 ;; independently. This seems suboptimal.
866f469e
MW		 203 "--with-default-trust-store-dir=/etc/ssl/certs"
204
7892edc2
MB		 205 ;; Tell the build system that we want Guile bindings installed to
206 ;; the output instead of Guiles own module directory.
207 (string-append "--with-guile-site-dir="
208 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
209 (string-append "--with-guile-site-ccache-dir="
210 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
211 (string-append "--with-guile-extension-dir="
212 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
213
866f469e
MW		 214 ;; FIXME: Temporarily disable p11-kit support since it is not
215 ;; working on mips64el.
606c6380
LC		 216 "--without-p11-kit")
217
218 #:phases (modify-phases %standard-phases
5cf6f6fe
MC		 219 ;; fastopen.sh fails to connect to the server in the builder
220 ;; environment (see:
221 ;; https://gitlab.com/gnutls/gnutls/-/issues/1095).
222 (add-after 'unpack 'disable-failing-tests
223 (lambda _
224 (delete-file "configure")
225 (substitute* "tests/Makefile.am"
226 (("fastopen.sh") ""))
227 #t))
228 (add-after 'install 'move-doc
606c6380
LC		 229 (lambda* (#:key outputs #:allow-other-keys)
230 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
231 (let* ((out (assoc-ref outputs "out"))
232 (doc (assoc-ref outputs "doc"))
9cdce047 233 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 234 (oldman (string-append out "/share/man/man3")))
235 (mkdir-p mandir)
236 (copy-recursively oldman mandir)
237 (delete-file-recursively oldman)
238 #t))))))
239 (outputs '("out" ;4.4 MiB
240 "debug"
241 "doc")) ;4.1 MiB of man pages
a1db0975 242 (native-inputs
e7ab9c33
LC		 243 `(,@(if (hurd-target?)
244 '()
245 `(("net-tools" ,net-tools)
246 ("iproute" ,iproute) ;for 'ss'
247 ("socat" ,socat))) ;several tests rely on it
5cf6f6fe
MC		 248 ("autoconf" ,autoconf)
249 ("automake" ,automake)
250 ("gettext" ,gettext-minimal)
251 ("libtool" ,libtool)
e7ab9c33 252
5d4c90ae 253 ("pkg-config" ,pkg-config)
5cf6f6fe 254 ("texinfo" ,texinfo)
ac83dc82 255 ("which" ,which)
2d49f175
JN		 256 ,@(if (hurd-target?) '()
257 `(("datefudge" ,datefudge))) ;tests rely on 'datefudge'
971c8bb0 258 ("util-linux" ,util-linux))) ;one test needs 'setsid'
7543f865 259 (inputs
67a3c8ed 260 `(("guile" ,guile-3.0)))
7543f865 261 (propagated-inputs
d2fcfd3d 262 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 263 `(("libtasn1" ,libtasn1)
55e61c4d 264 ("libidn2" ,libidn2)
866f469e 265 ("nettle" ,nettle)
f61e0e79 266 ("zlib" ,zlib)))
c19700c3 267 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 268 (synopsis "Transport layer security library")
7543f865 269 (description
a22dc0c4 270 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 271and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 272protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
273required structures.")
63e8bb12
LC		 274 (license license:lgpl2.1+)
275 (properties '((ftp-server . "ftp.gnutls.org")
276 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 277
a270af31
LF		 278(define-public gnutls/guile-2.0
279 ;; GnuTLS for Guile 2.0.
280 (package/inherit gnutls
a0700787
LC		 281 (name "guile2.0-gnutls")
282 (inputs `(("guile" ,guile-2.0)
58ea4d40 283 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 284
5b9aa107 285(define-public gnutls/dane
286 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
287 ;; Authentication of Named Entities. This is required for GNS functionality
288 ;; by GNUnet and gnURL. This is done in an extra package definition
289 ;; to have the choice between GnuTLS with Dane and without Dane.
a270af31 290 (package/inherit gnutls
5b9aa107 291 (name "gnutls-dane")
292 (inputs `(("unbound" ,unbound)
293 ,@(package-inputs gnutls)))))
294
67a3c8ed 295(define-public guile2.2-gnutls
d630d781 296 (package
5f9f034e 297 (inherit gnutls)
67a3c8ed
MB		 298 (name "guile2.2-gnutls")
299 (inputs `(("guile" ,guile-2.2)
d630d781 300 ,@(alist-delete "guile"
5f9f034e 301 (package-inputs gnutls))))))
d630d781 302
4e6c9f56
LC		 303(define-public guile3.0-gnutls
304 (deprecated-package "guile3.0-gnutls" gnutls))
67a3c8ed 305
cc2b77df
AE		 306(define-public openssl
307 (package
308 (name "openssl")
95ac5cd6 309 (version "1.1.1f")
0b9a1177 310 (replacement openssl-1.1.1g)
cc2b77df 311 (source (origin
4cff124b 312 (method url-fetch)
bdf0b6fc
MB		 313 (uri (list (string-append "https://www.openssl.org/source/openssl-"
314 version ".tar.gz")
315 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 316 "openssl-" version ".tar.gz")
4cff124b
LC		 317 (string-append "ftp://ftp.openssl.org/source/old/"
318 (string-trim-right version char-set:letter)
c7f5c3ea 319 "/openssl-" version ".tar.gz")))
4cff124b
LC		 320 (sha256
321 (base32
95ac5cd6
MB		 322 "0d9zv9srjqivs8nn099fpbjv1wyhfcb8lzy491dpmfngdvz6nv0q"))
323 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
cc2b77df 324 (build-system gnu-build-system)
8c78aeb7 325 (outputs '("out"
e74f153a
MB		 326 "doc" ;6.8 MiB of man3 pages and full HTML documentation
327 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 328 (native-inputs `(("perl" ,perl)))
329 (arguments
88b52527 330 `(#:parallel-tests? #f
cc2b77df 331 #:test-target "test"
8c9ec203
LF		 332
333 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
334 ;; so we explicitly disallow it here.
335 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 336 #:phases
b6cb1358 337 (modify-phases %standard-phases
bdcdd550
MO		 338 ,@(if (%current-target-system)
339 '((add-before
340 'configure 'set-cross-compile
341 (lambda* (#:key target outputs #:allow-other-keys)
342 (setenv "CROSS_COMPILE" (string-append target "-"))
343 (setenv "CONFIGURE_TARGET_ARCH"
344 (cond
a58f3708
JN		 345 ((string-prefix? "i586" target)
346 "hurd-x86")
bdcdd550
MO		 347 ((string-prefix? "i686" target)
348 "linux-x86")
349 ((string-prefix? "x86_64" target)
350 "linux-x86_64")
351 ((string-prefix? "arm" target)
352 "linux-armv4")
353 ((string-prefix? "aarch64" target)
354 "linux-aarch64")))
355 #t)))
356 '())
e74f153a
MB		 357 (replace 'configure
358 (lambda* (#:key outputs #:allow-other-keys)
359 (let* ((out (assoc-ref outputs "out"))
360 (lib (string-append out "/lib")))
361 ;; It's not a shebang so patch-source-shebangs misses it.
362 (substitute* "config"
363 (("/usr/bin/env")
364 (string-append (assoc-ref %build-inputs "coreutils")
365 "/bin/env")))
bdcdd550
MO		 366 (invoke ,@(if (%current-target-system)
367 '("./Configure")
368 '("./config"))
e74f153a
MB		 369 "shared" ;build shared libraries
370 "--libdir=lib"
4fb254a3 371
e74f153a
MB		 372 ;; The default for this catch-all directory is
373 ;; PREFIX/ssl. Change that to something more
374 ;; conventional.
375 (string-append "--openssldir=" out
376 "/share/openssl-" ,version)
4fb254a3 377
e74f153a 378 (string-append "--prefix=" out)
bdcdd550
MO		 379 (string-append "-Wl,-rpath," lib)
380 ,@(if (%current-target-system)
381 '((getenv "CONFIGURE_TARGET_ARCH"))
382 '())))))
8c78aeb7
LC		 383 (add-after 'install 'move-static-libraries
384 (lambda* (#:key outputs #:allow-other-keys)
385 ;; Move static libraries to the "static" output.
386 (let* ((out (assoc-ref outputs "out"))
387 (lib (string-append out "/lib"))
388 (static (assoc-ref outputs "static"))
389 (slib (string-append static "/lib")))
8c78aeb7
LC		 390 (for-each (lambda (file)
391 (install-file file slib)
392 (delete-file file))
393 (find-files lib "\\.a$"))
394 #t)))
e74f153a 395 (add-after 'install 'move-extra-documentation
a909b576 396 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 397 ;; Move man3 pages and full HTML documentation to "doc".
398 (let* ((out (assoc-ref outputs "out"))
399 (man3 (string-append out "/share/man/man3"))
400 (html (string-append out "/share/doc/openssl"))
401 (doc (assoc-ref outputs "doc"))
402 (man-target (string-append doc "/share/man/man3"))
403 (html-target (string-append doc "/share/doc/openssl")))
404 (copy-recursively man3 man-target)
405 (delete-file-recursively man3)
406 (copy-recursively html html-target)
407 (delete-file-recursively html)
408 #t)))
784d6e91
LC		 409 (add-after
410 'install 'remove-miscellany
411 (lambda* (#:key outputs #:allow-other-keys)
412 ;; The 'misc' directory contains random undocumented shell and Perl
413 ;; scripts. Remove them to avoid retaining a reference on Perl.
414 (let ((out (assoc-ref outputs "out")))
415 (delete-file-recursively (string-append out "/share/openssl-"
416 ,version "/misc"))
417 #t))))))
cc2b77df 418 (native-search-paths
cc2b77df
AE		 419 (list (search-path-specification
420 (variable "SSL_CERT_DIR")
5d7a47cc 421 (separator #f) ;single entry
cc2b77df
AE		 422 (files '("etc/ssl/certs")))
423 (search-path-specification
424 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 425 (file-type 'regular)
426 (separator #f) ;single entry
cc2b77df
AE		 427 (files '("etc/ssl/certs/ca-certificates.crt")))))
428 (synopsis "SSL/TLS implementation")
429 (description
e881752c 430 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 431 (license license:openssl)
4631e6c9 432 (home-page "https://www.openssl.org/")))
cc2b77df 433
0b9a1177 434(define openssl-1.1.1g
2e76ddd6
MB		 435 (package
436 (inherit openssl)
0b9a1177 437 (version "1.1.1g")
9ff87bb9 438 (source (origin
763899f0 439 (method url-fetch)
77576be4
MB		 440 (uri (list (string-append "https://www.openssl.org/source/openssl-"
441 version ".tar.gz")
442 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 443 "openssl-" version ".tar.gz")
763899f0
LF		 444 (string-append "ftp://ftp.openssl.org/source/old/"
445 (string-trim-right version char-set:letter)
c7f5c3ea 446 "/openssl-" version ".tar.gz")))
9ff87bb9
LC		 447 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
448 (sha256
449 (base32
0b9a1177 450 "0ikdcc038i7jk8h7asq5xcn8b1xc2rrbc88yfm4hqbz3y5s4gc6x"))))))
9ff87bb9 451
e74f153a 452(define-public openssl-1.0
763899f0
LF		 453 (package
454 (inherit openssl)
455 (name "openssl")
b0b79542 456 (version "1.0.2u")
763899f0 457 (source (origin
e74f153a
MB		 458 (method url-fetch)
459 (uri (list (string-append "https://www.openssl.org/source/openssl-"
460 version ".tar.gz")
461 (string-append "ftp://ftp.openssl.org/source/"
462 "openssl-" version ".tar.gz")
463 (string-append "ftp://ftp.openssl.org/source/old/"
464 (string-trim-right version char-set:letter)
465 "/openssl-" version ".tar.gz")))
763899f0
LF		 466 (sha256
467 (base32
b0b79542 468 "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
e74f153a
MB		 469 (patches (search-patches "openssl-runpath.patch"
470 "openssl-c-rehash-in.patch"))))
763899f0 471 (outputs '("out"
e74f153a
MB		 472 "doc" ;1.5MiB of man3 pages
473 "static")) ;6MiB of .a files
763899f0
LF		 474 (arguments
475 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 476 ;; Parallel build is not supported in 1.0.x.
477 ((#:parallel-build? _ #f) #f)
763899f0
LF		 478 ((#:phases phases)
479 `(modify-phases ,phases
e74f153a
MB		 480 (add-before 'patch-source-shebangs 'patch-tests
481 (lambda* (#:key inputs native-inputs #:allow-other-keys)
482 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
483 (substitute* (find-files "test" ".*")
484 (("/bin/sh")
485 (string-append bash "/bin/sh"))
486 (("/bin/rm")
487 "rm"))
488 #t)))
489 (add-before 'configure 'patch-Makefile.org
763899f0 490 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 491 ;; The default MANDIR is some unusual place. Fix that.
492 (let ((out (assoc-ref outputs "out")))
493 (patch-makefile-SHELL "Makefile.org")
494 (substitute* "Makefile.org"
495 (("^MANDIR[[:blank:]]*=.*$")
496 (string-append "MANDIR = " out "/share/man\n")))
497 #t)))
bdcdd550
MO		 498 (replace 'configure
499 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
500 (lambda* (#:key outputs #:allow-other-keys)
501 (let ((out (assoc-ref outputs "out")))
502 (invoke ,@(if (%current-target-system)
503 '("./Configure")
504 '("./config"))
505 "shared" ;build shared libraries
506 "--libdir=lib"
fc184fe2 507
bdcdd550
MO		 508 ;; The default for this catch-all directory is
509 ;; PREFIX/ssl. Change that to something more
510 ;; conventional.
511 (string-append "--openssldir=" out
512 "/share/openssl-" ,version)
fc184fe2 513
bdcdd550
MO		 514 (string-append "--prefix=" out)
515 ,@(if (%current-target-system)
516 '((getenv "CONFIGURE_TARGET_ARCH"))
517 '())))))
e74f153a
MB		 518 (delete 'move-extra-documentation)
519 (add-after 'install 'move-man3-pages
520 (lambda* (#:key outputs #:allow-other-keys)
521 ;; Move section 3 man pages to "doc".
522 (let* ((out (assoc-ref outputs "out"))
523 (man3 (string-append out "/share/man/man3"))
524 (doc (assoc-ref outputs "doc"))
525 (target (string-append doc "/share/man/man3")))
526 (mkdir-p target)
527 (for-each (lambda (file)
528 (rename-file file
529 (string-append target "/"
530 (basename file))))
531 (find-files man3))
532 (delete-file-recursively man3)
533 #t)))
fc184fe2
MB		 534 ;; XXX: Duplicate this phase to make sure 'version' evaluates
535 ;; in the current scope and not the inherited one.
536 (replace 'remove-miscellany
537 (lambda* (#:key outputs #:allow-other-keys)
538 ;; The 'misc' directory contains random undocumented shell and Perl
539 ;; scripts. Remove them to avoid retaining a reference on Perl.
540 (let ((out (assoc-ref outputs "out")))
541 (delete-file-recursively (string-append out "/share/openssl-"
542 ,version "/misc"))
763899f0
LF		 543 #t)))))))))
544
cb6a802c
AE		 545(define-public libressl
546 (package
547 (name "libressl")
0250672b 548 (version "3.0.2")
644e5f17
TGR		 549 (source (origin
550 (method url-fetch)
551 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 552 "libressl-" version ".tar.gz"))
644e5f17
TGR		 553 (sha256
554 (base32
0250672b 555 "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz"))))
cb6a802c 556 (build-system gnu-build-system)
a2d64899
LC		 557 (arguments
558 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
559 ;; and libc would return ENOSYS, which is not properly handled.
560 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 561 '(#:configure-flags '("ac_cv_func_getentropy=no"
562 ;; Provide a TLS-enabled netcat.
563 "--enable-nc")))
cb6a802c 564 (native-search-paths
cb6a802c
AE		 565 (list (search-path-specification
566 (variable "SSL_CERT_DIR")
04cfe91e 567 (separator #f) ;single entry
cb6a802c
AE		 568 (files '("etc/ssl/certs")))
569 (search-path-specification
570 (variable "SSL_CERT_FILE")
04cfe91e 571 (separator #f) ;single entry
cb6a802c 572 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 573 (home-page "https://www.libressl.org/")
cb6a802c 574 (synopsis "SSL/TLS implementation")
df08f385
LF		 575 (description "LibreSSL is a version of the TLS/crypto stack, forked from
576OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
577and applying best practice development processes. This package also includes a
578netcat implementation that supports TLS.")
cb6a802c
AE		 579 ;; Files taken from OpenSSL keep their license, others are under various
580 ;; non-copyleft licenses.
581 (license (list license:openssl
582 (license:non-copyleft
583 "file://COPYING"
584 "See COPYING in the distribution.")))))
585
6cefd53d 586(define-public python-acme
7890e3ba 587 (package
6cefd53d 588 (name "python-acme")
686d4259 589 ;; Remember to update the hash of certbot when updating python-acme.
7cfcc38f 590 (version "1.3.0")
7890e3ba 591 (source (origin
9495cf9a 592 (method url-fetch)
f349d36e 593 (uri (pypi-uri "acme" version))
881006b6
MB		 594 (sha256
595 (base32
7cfcc38f 596 "03fjmg0fgfy7xfn3i8rzn9i0i4amajmijkash84qb8mlphgrxpn0"))))
7890e3ba
LF		 597 (build-system python-build-system)
598 (arguments
6cefd53d 599 `(#:phases
9bee9d87 600 (modify-phases %standard-phases
1fc8476d
MB		 601 (add-after 'build 'build-documentation
602 (lambda _
d4bd2453 603 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 604 (add-after 'install 'install-documentation
50a7963a
LF		 605 (lambda* (#:key outputs #:allow-other-keys)
606 (let* ((out (assoc-ref outputs "out"))
607 (man (string-append out "/share/man/man1"))
608 (info (string-append out "/info")))
1fc8476d
MB		 609 (install-file "docs/_build/texinfo/acme-python.info" info)
610 (install-file "docs/_build/man/acme-python.1" man)
611 #t))))))
50a7963a 612 ;; TODO: Add optional inputs for testing.
7890e3ba 613 (native-inputs
4ae65558 614 `(("python-mock" ,python-mock)
b494bbe4 615 ("python-pytest" ,python-pytest)
50a7963a
LF		 616 ;; For documentation
617 ("python-sphinx" ,python-sphinx)
618 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
619 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 620 ("texinfo" ,texinfo)))
7890e3ba 621 (propagated-inputs
92572184
LF		 622 `(("python-josepy" ,python-josepy)
623 ("python-six" ,python-six)
6cefd53d 624 ("python-requests" ,python-requests)
b494bbe4 625 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 626 ("python-pytz" ,python-pytz)
627 ("python-pyrfc3339" ,python-pyrfc3339)
628 ("python-pyasn1" ,python-pyasn1)
629 ("python-cryptography" ,python-cryptography)
630 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 631 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 632 (synopsis "ACME protocol implementation in Python")
633 (description "ACME protocol implementation in Python")
634 (license license:asl2.0)))
635
9495cf9a 636(define-public certbot
9fd0838b 637 (package
9495cf9a 638 (name "certbot")
686d4259
LF		 639 ;; Certbot and python-acme are developed in the same repository, and their
640 ;; versions should remain synchronized.
641 (version (package-version python-acme))
9fd0838b
DT		 642 (source (origin
643 (method url-fetch)
b380463b 644 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 645 (sha256
646 (base32
7cfcc38f 647 "1n5i0k6kwmd6wvivshfl3k4djwcpwx390c39xmr2hhrgpk5r285w"))))
9fd0838b
DT		 648 (build-system python-build-system)
649 (arguments
fed1898d 650 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 651 ((#:phases phases)
652 `(modify-phases ,phases
1fc8476d 653 (replace 'install-documentation
f26d6e4e
LF		 654 (lambda* (#:key outputs #:allow-other-keys)
655 (let* ((out (assoc-ref outputs "out"))
656 (man1 (string-append out "/share/man/man1"))
657 (man7 (string-append out "/share/man/man7"))
658 (info (string-append out "/info")))
1fc8476d
MB		 659 (install-file "docs/_build/texinfo/Certbot.info" info)
660 (install-file "docs/_build/man/certbot.1" man1)
661 (install-file "docs/_build/man/certbot.7" man7)
662 #t))))))))
f9263d9a 663 ;; TODO: Add optional inputs for testing.
9fd0838b 664 (native-inputs
d05c14df
TGR		 665 `(("python-mock" ,python-mock)
666 ("python-pytest" ,python-pytest)
f9263d9a 667 ;; For documentation
fed1898d
LF		 668 ("python-sphinx" ,python-sphinx)
669 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
670 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
671 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 672 ("texinfo" ,texinfo)))
9fd0838b 673 (propagated-inputs
fed1898d 674 `(("python-acme" ,python-acme)
d05c14df 675 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 676 ("python-zope-interface" ,python-zope-interface)
677 ("python-pyrfc3339" ,python-pyrfc3339)
678 ("python-pyopenssl" ,python-pyopenssl)
679 ("python-configobj" ,python-configobj)
680 ("python-configargparse" ,python-configargparse)
b977d900 681 ("python-distro" ,python-distro)
fed1898d
LF		 682 ("python-zope-component" ,python-zope-component)
683 ("python-parsedatetime" ,python-parsedatetime)
684 ("python-six" ,python-six)
685 ("python-psutil" ,python-psutil)
686 ("python-requests" ,python-requests)
687 ("python-pytz" ,python-pytz)))
d8a1be63 688 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 689 (description "Certbot automatically receives and installs X.509 certificates
690to enable Transport Layer Security (TLS) on servers. It interoperates with the
691Let’s Encrypt certificate authority (CA), which issues browser-trusted
692certificates for free.")
24778368 693 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 694 (license license:asl2.0)))
695
9495cf9a
LF		 696(define-public letsencrypt
697 (package (inherit certbot)
56ab55d1
LF		 698 (name "letsencrypt")
699 (properties `((superseded . ,certbot)))))
9495cf9a 700
cc2b77df
AE		 701(define-public perl-net-ssleay
702 (package
703 (name "perl-net-ssleay")
966e4bea 704 (version "1.88")
cc2b77df
AE		 705 (source (origin
706 (method url-fetch)
c50f15d6 707 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 708 "Net-SSLeay-" version ".tar.gz"))
709 (sha256
710 (base32
966e4bea 711 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 712 (build-system perl-build-system)
713 (inputs `(("openssl" ,openssl)))
714 (arguments
1084ec08
MW		 715 `(#:phases
716 (modify-phases %standard-phases
1084ec08
MW		 717 (add-before
718 'configure 'set-ssl-prefix
719 (lambda* (#:key inputs #:allow-other-keys)
720 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
721 #t)))))
cc2b77df
AE		 722 (synopsis "Perl extension for using OpenSSL")
723 (description
724 "This module offers some high level convenience functions for accessing
725web pages on SSL servers (for symmetry, the same API is offered for accessing
726http servers, too), an sslcat() function for writing your own clients, and
727finally access to the SSL api of the SSLeay/OpenSSL package so you can write
728servers or clients for more complicated applications.")
2f3108ad 729 (license license:perl-license)
9aba9b12 730 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 731
732(define-public perl-crypt-openssl-rsa
733 (package
734 (name "perl-crypt-openssl-rsa")
a9994b27 735 (version "0.31")
4532c0c0
DM		 736 (source
737 (origin
738 (method url-fetch)
739 (uri (string-append
683b8d47 740 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 741 version
742 ".tar.gz"))
743 (sha256
744 (base32
a9994b27 745 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 746 (build-system perl-build-system)
683b8d47
TGR		 747 (native-inputs
748 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 749 (inputs
750 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
751 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
752 ("openssl" ,openssl)))
753 (arguments perl-crypt-arguments)
754 (home-page
9aba9b12 755 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 756 (synopsis
757 "RSA encoding and decoding, using the openSSL libraries")
758 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
759OpenSSL libraries).")
2f3108ad 760 (license license:perl-license)))
adff71ca
DM		 761
762(define perl-crypt-arguments
763 `(#:phases (modify-phases %standard-phases
764 (add-before 'configure 'patch-Makefile.PL
765 (lambda* (#:key inputs #:allow-other-keys)
766 (substitute* "Makefile.PL"
767 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
768 (assoc-ref inputs "openssl")
769 "/lib -lcrypto'],")))
770 #t)))))
771
772(define-public perl-crypt-openssl-bignum
773 (package
774 (name "perl-crypt-openssl-bignum")
7e8aac18 775 (version "0.09")
adff71ca
DM		 776 (source
777 (origin
778 (method url-fetch)
779 (uri (string-append
780 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
781 version
782 ".tar.gz"))
783 (sha256
784 (base32
7e8aac18 785 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 786 (build-system perl-build-system)
787 (inputs `(("openssl" ,openssl)))
788 (arguments perl-crypt-arguments)
789 (home-page
9aba9b12 790 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 791 (synopsis
792 "OpenSSL's multiprecision integer arithmetic in Perl")
793 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
794arithmetic in Perl.")
795 ;; At your option either gpl1+ or the Artistic License
2f3108ad 796 (license license:perl-license)))
cccb4d26 797
c80590f6
TGR		 798(define-public perl-crypt-openssl-guess
799 (package
800 (name "perl-crypt-openssl-guess")
801 (version "0.11")
802 (source
803 (origin
804 (method url-fetch)
805 (uri (string-append
806 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
807 version ".tar.gz"))
808 (sha256
809 (base32
810 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
811 (build-system perl-build-system)
9aba9b12 812 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 813 (synopsis "Guess the OpenSSL include path")
814 (description
815 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
816correct OpenSSL include path. It is intended for use in your
817@file{Makefile.PL}.")
818 (license license:perl-license)))
819
cccb4d26
DM		 820(define-public perl-crypt-openssl-random
821 (package
822 (name "perl-crypt-openssl-random")
fa2d19cc 823 (version "0.15")
cccb4d26
DM		 824 (source
825 (origin
826 (method url-fetch)
827 (uri (string-append
828 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
829 version
830 ".tar.gz"))
831 (sha256
fa2d19cc 832 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 833 (build-system perl-build-system)
b30c23c4
TGR		 834 (native-inputs
835 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
836 (inputs
837 `(("openssl" ,openssl)))
cccb4d26
DM		 838 (arguments perl-crypt-arguments)
839 (home-page
9aba9b12 840 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 841 (synopsis
842 "OpenSSL/LibreSSL pseudo-random number generator access")
843 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
844number generator")
2f3108ad 845 (license license:perl-license)))
0581c273
LF		 846
847(define-public acme-client
848 (package
849 (name "acme-client")
4a6b2a21 850 (version "0.1.16")
0581c273
LF		 851 (source (origin
852 (method url-fetch)
853 (uri (string-append "https://kristaps.bsd.lv/" name "/"
854 "snapshots/" name "-portable-"
855 version ".tgz"))
856 (sha256
857 (base32
4a6b2a21 858 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 859 (build-system gnu-build-system)
860 (arguments
861 '(#:tests? #f ; no test suite
862 #:make-flags
863 (list "CC=gcc"
864 (string-append "PREFIX=" (assoc-ref %outputs "out")))
865 #:phases
866 (modify-phases %standard-phases
7c1a7bf4
LF		 867 (add-after 'unpack 'patch-paths
868 (lambda* (#:key inputs #:allow-other-keys)
869 (let ((pem (string-append (assoc-ref inputs "libressl")
870 "/etc/ssl/cert.pem")))
871 (substitute* "http.c"
872 (("/etc/ssl/cert.pem") pem))
873 #t)))
0581c273 874 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 875 (native-inputs
876 `(("pkg-config" ,pkg-config)))
0581c273
LF		 877 (inputs
878 `(("libbsd" ,libbsd)
879 ("libressl" ,libressl)))
880 (synopsis "Let's Encrypt client by the OpenBSD project")
881 (description "acme-client is a Let's Encrypt client implemented in C. It
882uses a modular design, and attempts to secure itself by dropping privileges and
883operating in a chroot where possible. acme-client is developed on OpenBSD and
884then ported to the GNU / Linux environment.")
885 (home-page "https://kristaps.bsd.lv/acme-client/")
886 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
887 ;; and 'jsmn.c' are distributed under the Expat license.
888 (license (list license:isc license:expat))))
88522738 889
890;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
891;; variant exists in addition to the "-apache" one.
892(define-public mbedtls-apache
893 (package
894 (name "mbedtls-apache")
5cdb25c6
TGR		 895 ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
896 ;; when updating.
927ecd4e 897 (version "2.23.0")
88522738 898 (source
899 (origin
927ecd4e
TGR		 900 (method git-fetch)
901 (uri (git-reference
902 (url "https://github.com/ARMmbed/mbedtls")
903 (commit (string-append "mbedtls-" version))))
88522738 904 (sha256
927ecd4e
TGR		 905 (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62"))
906 (file-name (git-file-name name version))))
88522738 907 (build-system cmake-build-system)
a64d9d56
RW		 908 (arguments
909 `(#:configure-flags
92ebd8ed 910 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
927ecd4e
TGR		 911 "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
912 #:phases
913 (modify-phases %standard-phases
914 (add-after 'unpack 'make-source-writable
915 (lambda _
916 (for-each make-file-writable (find-files "."))
927ecd4e 917 #t)))))
88522738 918 (native-inputs
38a9bf80
TGR		 919 `(("perl" ,perl)
920 ("python" ,python)))
88522738 921 (synopsis "Small TLS library")
922 (description
923 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
924for developers to include cryptographic and SSL/TLS capabilities in their
925(embedded) products, facilitating this functionality with a minimal
926coding footprint.")
927 (home-page "https://tls.mbed.org")
928 (license license:asl2.0)))
587d1752 929
8e87aa04
TGR		 930;; The Hiawatha Web server requires some specific features to be enabled.
931(define-public mbedtls-for-hiawatha
932 (hidden-package
933 (package
934 (inherit mbedtls-apache)
935 (arguments
5cdb25c6
TGR		 936 (substitute-keyword-arguments (package-arguments mbedtls-apache)
937 ((#:phases phases)
938 `(modify-phases ,phases
939 (add-before 'configure 'configure-extra-features
940 (lambda _
941 (for-each (lambda (feature)
942 (invoke "scripts/config.pl" "set" feature))
943 (list "MBEDTLS_THREADING_C"
944 "MBEDTLS_THREADING_PTHREAD"))
945 ;; XXX The above enables code that breaks with -Werror…
946 (substitute* "CMakeLists.txt"
947 ((" -Wformat-signedness") ""))
948 #t)))))))))
8e87aa04 949
e8b3a158
CL		 950(define-public dehydrated
951 (package
952 (name "dehydrated")
2359e235 953 (version "0.6.5")
e8b3a158 954 (source (origin
2850d877 955 (method url-fetch)
e8b3a158 956 (uri (string-append
bb5ab9bf 957 "https://github.com/dehydrated-io/dehydrated/releases/download/"
2850d877 958 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 959 (sha256
960 (base32
2359e235 961 "0dgskgbdd95p13jx6s13p77y15wngb5cm6p4305cf2s54w0bvahh"))))
e8b3a158
CL		 962 (build-system trivial-build-system)
963 (arguments
c150d637
TGR		 964 `(#:modules ((guix build utils)
965 (srfi srfi-26))
e8b3a158
CL		 966 #:builder
967 (begin
c150d637
TGR		 968 (use-modules (guix build utils)
969 (srfi srfi-26))
e8b3a158 970 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 971 (tar (assoc-ref %build-inputs "tar"))
972 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 973 (out (assoc-ref %outputs "out"))
974 (bin (string-append out "/bin"))
c150d637
TGR		 975 (doc (string-append out "/share/doc/" ,name "-" ,version))
976 (man (string-append out "/share/man"))
e8b3a158 977 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 978
979 (setenv "PATH" (string-append gz "/bin"))
980 (invoke (string-append tar "/bin/tar") "xvf" source)
981 (chdir (string-append ,name "-" ,version))
982
c150d637
TGR		 983 (copy-recursively "docs" doc)
984 (install-file "LICENSE" doc)
985
986 (mkdir-p man)
987 (rename-file (string-append doc "/man")
988 (string-append man "/man1"))
989 (for-each (cut invoke "gzip" "-9" <>)
990 (find-files man ".*"))
991
2850d877 992 (install-file "dehydrated" bin)
e8b3a158 993 (with-directory-excursion bin
e8b3a158
CL		 994 (patch-shebang "dehydrated" (list bash))
995
c150d637 996 ;; Do not try to write to the store.
e8b3a158
CL		 997 (substitute* "dehydrated"
998 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
999
1000 (setenv "PATH" bash)
1001 (wrap-program "dehydrated"
1002 `("PATH" ":" prefix
1003 ,(map (lambda (dir)
1004 (string-append dir "/bin"))
1005 (map (lambda (input)
1006 (assoc-ref %build-inputs input))
1007 '("coreutils"
1008 "curl"
1009 "diffutils"
1010 "gawk"
1011 "grep"
1012 "openssl"
1013 "sed"))))))
1014 #t))))
1015 (inputs
1016 `(("bash" ,bash)
1017 ("coreutils" ,coreutils)
1018 ("curl" ,curl)
1019 ("diffutils" ,diffutils)
1020 ("gawk" ,gawk)
1021 ("grep" ,grep)
1022 ("openssl" ,openssl)
1023 ("sed" ,sed)))
2850d877
EF		 1024 (native-inputs
1025 `(("gzip" ,gzip)
1026 ("tar" ,tar)))
e8b3a158
CL		 1027 (home-page "https://dehydrated.io/")
1028 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
1029 (description "Dehydrated is a client for signing certificates with an
1030ACME-server (currently only provided by Let's Encrypt) implemented as a
1031relatively simple Bash script.")
1032 (license license:expat)))
ea22aa1f
LF		 1033
1034(define-public go-github-com-certifi-gocertifi
db388401
LF		 1035 (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec")
1036 (revision "1"))
1037 (package
1038 (name "go-github-com-certifi-gocertifi")
1039 (version (git-version "2018.01.18" revision commit))
1040 (source (origin
1041 (method git-fetch)
1042 (uri (git-reference
1043 (url "https://github.com/certifi/gocertifi")
1044 (commit commit)))
1045 (file-name (git-file-name name version))
1046 (sha256
1047 (base32
1048 "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj"))))
1049 (build-system go-build-system)
1050 (arguments
1051 '(#:import-path "github.com/certifi/gocertifi"))
1052 (synopsis "X.509 TLS root certificate bundle for Go")
1053 (description "This package is a Go language X.509 TLS root certificate bundle,
ea22aa1f 1054derived from Mozilla's collection.")
db388401
LF		 1055 (home-page "https://certifi.io")
1056 (license license:mpl2.0))))
jackhill's copy of GNU Guix: https://guix.gnu.org/