HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: hidapi: Fix 'license'.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
5 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
6 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
7 ;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
8 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
9 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
10 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
11 ;;;
12 ;;; This file is part of GNU Guix.
13 ;;;
14 ;;; GNU Guix is free software; you can redistribute it and/or modify it
15 ;;; under the terms of the GNU General Public License as published by
16 ;;; the Free Software Foundation; either version 3 of the License, or (at
17 ;;; your option) any later version.
18 ;;;
19 ;;; GNU Guix is distributed in the hope that it will be useful, but
20 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
21 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 ;;; GNU General Public License for more details.
23 ;;;
24 ;;; You should have received a copy of the GNU General Public License
25 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
26
27 (define-module (gnu packages tls)
28 #:use-module ((guix licenses) #:prefix license:)
29 #:use-module (guix packages)
30 #:use-module (guix download)
31 #:use-module (guix utils)
32 #:use-module (guix build-system gnu)
33 #:use-module (guix build-system perl)
34 #:use-module (guix build-system python)
35 #:use-module (gnu packages compression)
36 #:use-module (gnu packages)
37 #:use-module (gnu packages guile)
38 #:use-module (gnu packages libbsd)
39 #:use-module (gnu packages libffi)
40 #:use-module (gnu packages libidn)
41 #:use-module (gnu packages linux)
42 #:use-module (gnu packages ncurses)
43 #:use-module (gnu packages nettle)
44 #:use-module (gnu packages perl)
45 #:use-module (gnu packages pkg-config)
46 #:use-module (gnu packages python)
47 #:use-module (gnu packages texinfo)
48 #:use-module (gnu packages base))
49
50 (define-public libtasn1
51 (package
52 (name "libtasn1")
53 (version "4.8")
54 (source
55 (origin
56 (method url-fetch)
57 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
58 version ".tar.gz"))
59 (sha256
60 (base32
61 "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))
62 (build-system gnu-build-system)
63 (native-inputs `(("perl" ,perl)))
64 (home-page "http://www.gnu.org/software/libtasn1/")
65 (synopsis "ASN.1 library")
66 (description
67 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
68 for transmitting machine-neutral encodings of data objects in computer
69 networking, allowing for formal validation of data according to some
70 specifications.")
71 (license license:lgpl2.0+)))
72
73 (define-public asn1c
74 (package
75 (name "asn1c")
76 (version "0.9.27")
77 (source (origin
78 (method url-fetch)
79 (uri (string-append "https://lionet.info/soft/asn1c-"
80 version ".tar.gz"))
81 (sha256
82 (base32
83 "17nvn2kzvlryasr9dzqg6gs27b9lvqpval0k31pb64bjqbhn8pq2"))))
84 (build-system gnu-build-system)
85 (native-inputs
86 `(("perl" ,perl)))
87 (home-page "https://lionet.info/asn1c")
88 (synopsis "ASN.1 to C compiler")
89 (description "The ASN.1 to C compiler takes ASN.1 module
90 files and generates C++ compatible C source code. That code can be
91 used to serialize the native C structures into compact and unambiguous
92 BER/XER/PER-based data files, and deserialize the files back.
93
94 Various ASN.1 based formats are widely used in the industry, such as to encode
95 the X.509 certificates employed in the HTTPS handshake, to exchange control
96 data between mobile phones and cellular networks, to car-to-car communication
97 in intelligent transportation networks.")
98 (license license:bsd-2)))
99
100 (define-public p11-kit
101 (package
102 (name "p11-kit")
103 (version "0.23.1")
104 (source
105 (origin
106 (method url-fetch)
107 (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-"
108 version ".tar.gz"))
109 (sha256
110 (base32
111 "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
112 (modules '((guix build utils))) ; for substitute*
113 (snippet
114 '(begin
115 ;; Drop one test that fails, also when trying to compile manually.
116 ;; Reported upstream at
117 ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
118 (substitute* "Makefile.in"
119 (("test-module\\$\\(EXEEXT\\) ") ""))))))
120 (build-system gnu-build-system)
121 (native-inputs
122 `(("pkg-config" ,pkg-config)))
123 (inputs
124 `(("libffi" ,libffi)
125 ("libtasn1" ,libtasn1)))
126 (arguments
127 `(#:configure-flags '("--without-trust-paths")))
128 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
129 (synopsis "PKCS#11 library")
130 (description
131 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
132 provides a standard configuration setup for installing PKCS#11 modules
133 in such a way that they are discoverable. It also solves problems with
134 coordinating the use of PKCS#11 by different components or libraries
135 living in the same process.")
136 (license license:bsd-3)))
137
138 (define-public gnutls
139 (package
140 (name "gnutls")
141 (replacement gnutls-3.5.4)
142 (version "3.5.2")
143 (source (origin
144 (method url-fetch)
145 (uri
146 ;; Note: Releases are no longer on ftp.gnu.org since the
147 ;; schism (after version 3.1.5).
148 (string-append "mirror://gnupg/gnutls/v"
149 (version-major+minor version)
150 "/gnutls-" version ".tar.xz"))
151 (sha256
152 (base32
153 "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b"))))
154 (build-system gnu-build-system)
155 (arguments
156 '(#:configure-flags
157 (list (string-append "--with-guile-site-dir="
158 (assoc-ref %outputs "out")
159 "/share/guile/site/2.0")
160 ;; GnuTLS doesn't consult any environment variables to specify
161 ;; the location of the system-wide trust store. Instead it has a
162 ;; configure-time option. Unless specified, its configure script
163 ;; attempts to auto-detect the location by looking for common
164 ;; places in the file system, none of which are present in our
165 ;; chroot build environment. If not found, then no default trust
166 ;; store is used, so each program has to provide its own
167 ;; fallback, and users have to configure each program
168 ;; independently. This seems suboptimal.
169 "--with-default-trust-store-dir=/etc/ssl/certs"
170
171 ;; FIXME: Temporarily disable p11-kit support since it is not
172 ;; working on mips64el.
173 "--without-p11-kit")
174
175 #:phases (modify-phases %standard-phases
176 (add-after
177 'install 'move-doc
178 (lambda* (#:key outputs #:allow-other-keys)
179 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
180 (let* ((out (assoc-ref outputs "out"))
181 (doc (assoc-ref outputs "doc"))
182 (mandir (string-append doc "/share/man/man3"))
183 (oldman (string-append out "/share/man/man3")))
184 (mkdir-p mandir)
185 (copy-recursively oldman mandir)
186 (delete-file-recursively oldman)
187 #t))))))
188 (outputs '("out" ;4.4 MiB
189 "debug"
190 "doc")) ;4.1 MiB of man pages
191 (native-inputs
192 `(("net-tools" ,net-tools)
193 ("pkg-config" ,pkg-config)
194 ("which" ,which)))
195 (inputs
196 `(("guile" ,guile-2.0)
197 ("perl" ,perl)))
198 (propagated-inputs
199 ;; These are all in the 'Requires.private' field of gnutls.pc.
200 `(("libtasn1" ,libtasn1)
201 ("libidn" ,libidn)
202 ("nettle" ,nettle)
203 ("zlib" ,zlib)))
204 (home-page "https://www.gnu.org/software/gnutls/")
205 (synopsis "Transport layer security library")
206 (description
207 "GnuTLS is a secure communications library implementing the SSL, TLS
208 and DTLS protocols. It is provided in the form of a C library to support the
209 protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
210 required structures.")
211 (license license:lgpl2.1+)
212 (properties '((ftp-server . "ftp.gnutls.org")
213 (ftp-directory . "/gcrypt/gnutls")))))
214
215 (define gnutls-3.5.4
216 (package
217 (inherit gnutls)
218 (source
219 (let ((version "3.5.4"))
220 (origin
221 (method url-fetch)
222 (uri (string-append "mirror://gnupg/gnutls/v"
223 (version-major+minor version)
224 "/gnutls-" version ".tar.xz"))
225 (sha256
226 (base32
227 "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))))
228
229 (define-public openssl
230 (package
231 (name "openssl")
232 (replacement openssl-1.0.2j)
233 (version "1.0.2h")
234 (source (origin
235 (method url-fetch)
236 (uri (list (string-append "ftp://ftp.openssl.org/source/"
237 name "-" version ".tar.gz")
238 (string-append "ftp://ftp.openssl.org/source/old/"
239 (string-trim-right version char-set:letter)
240 "/" name "-" version ".tar.gz")))
241 (sha256
242 (base32
243 "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
244 (patches (search-patches "openssl-runpath.patch"
245 "openssl-c-rehash-in.patch"
246 "openssl-CVE-2016-2177.patch"
247 "openssl-CVE-2016-2178.patch"))))
248 (build-system gnu-build-system)
249 (outputs '("out"
250 "doc" ;1.5MiB of man3 pages
251 "static")) ;6MiB of .a files
252 (native-inputs `(("perl" ,perl)))
253 (arguments
254 `(#:disallowed-references (,perl)
255 #:parallel-build? #f
256 #:parallel-tests? #f
257 #:test-target "test"
258
259 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
260 ;; so we explicitly disallow it here.
261 #:disallowed-references ,(list (canonical-package perl))
262 #:phases
263 (modify-phases %standard-phases
264 (add-before
265 'configure 'patch-Makefile.org
266 (lambda* (#:key outputs #:allow-other-keys)
267 ;; The default MANDIR is some unusual place. Fix that.
268 (let ((out (assoc-ref outputs "out")))
269 (patch-makefile-SHELL "Makefile.org")
270 (substitute* "Makefile.org"
271 (("^MANDIR[[:blank:]]*=.*$")
272 (string-append "MANDIR = " out "/share/man\n")))
273 #t)))
274 (replace
275 'configure
276 (lambda* (#:key outputs #:allow-other-keys)
277 (let ((out (assoc-ref outputs "out")))
278 (zero?
279 (system* "./config"
280 "shared" ;build shared libraries
281 "--libdir=lib"
282
283 ;; The default for this catch-all directory is
284 ;; PREFIX/ssl. Change that to something more
285 ;; conventional.
286 (string-append "--openssldir=" out
287 "/share/openssl-" ,version)
288
289 (string-append "--prefix=" out)
290
291 ;; XXX FIXME: Work around a code generation bug in GCC
292 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
293 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
294 ,@(if (and (not (%current-target-system))
295 (string-prefix? "armhf" (%current-system)))
296 '("-mfpu=vfpv3")
297 '()))))))
298 (add-after
299 'install 'make-libraries-writable
300 (lambda* (#:key outputs #:allow-other-keys)
301 ;; Make libraries writable so that 'strip' does its job.
302 (let ((out (assoc-ref outputs "out")))
303 (for-each (lambda (file)
304 (chmod file #o644))
305 (find-files (string-append out "/lib")
306 "\\.so"))
307 #t)))
308 (add-after 'install 'move-static-libraries
309 (lambda* (#:key outputs #:allow-other-keys)
310 ;; Move static libraries to the "static" output.
311 (let* ((out (assoc-ref outputs "out"))
312 (lib (string-append out "/lib"))
313 (static (assoc-ref outputs "static"))
314 (slib (string-append static "/lib")))
315 (mkdir-p slib)
316 (for-each (lambda (file)
317 (install-file file slib)
318 (delete-file file))
319 (find-files lib "\\.a$"))
320 #t)))
321 (add-after 'install 'move-man3-pages
322 (lambda* (#:key outputs #:allow-other-keys)
323 ;; Move section 3 man pages to "doc".
324 (let* ((out (assoc-ref outputs "out"))
325 (man3 (string-append out "/share/man/man3"))
326 (doc (assoc-ref outputs "doc"))
327 (target (string-append doc "/share/man/man3")))
328 (mkdir-p target)
329 (for-each (lambda (file)
330 (rename-file file
331 (string-append target "/"
332 (basename file))))
333 (find-files man3))
334 #t)))
335 (add-before
336 'patch-source-shebangs 'patch-tests
337 (lambda* (#:key inputs native-inputs #:allow-other-keys)
338 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
339 (substitute* (find-files "test" ".*")
340 (("/bin/sh")
341 (string-append bash "/bin/bash"))
342 (("/bin/rm")
343 "rm"))
344 #t)))
345 (add-after
346 'install 'remove-miscellany
347 (lambda* (#:key outputs #:allow-other-keys)
348 ;; The 'misc' directory contains random undocumented shell and Perl
349 ;; scripts. Remove them to avoid retaining a reference on Perl.
350 (let ((out (assoc-ref outputs "out")))
351 (delete-file-recursively (string-append out "/share/openssl-"
352 ,version "/misc"))
353 #t))))))
354 (native-search-paths
355 ;; FIXME: These two variables must designate a single file or directory
356 ;; and are not actually "search paths." In practice it works OK in user
357 ;; profiles because there's always just one item that matches the
358 ;; specification.
359 (list (search-path-specification
360 (variable "SSL_CERT_DIR")
361 (files '("etc/ssl/certs")))
362 (search-path-specification
363 (variable "SSL_CERT_FILE")
364 (files '("etc/ssl/certs/ca-certificates.crt")))))
365 (synopsis "SSL/TLS implementation")
366 (description
367 "OpenSSL is an implementation of SSL/TLS.")
368 (license license:openssl)
369 (home-page "http://www.openssl.org/")))
370
371 (define openssl-1.0.2j
372 (package
373 (inherit openssl)
374 (name "openssl")
375 (version "1.0.2j")
376 (source (origin
377 (method url-fetch)
378 (uri (list (string-append "ftp://ftp.openssl.org/source/"
379 name "-" version ".tar.gz")
380 (string-append "ftp://ftp.openssl.org/source/old/"
381 (string-trim-right version char-set:letter)
382 "/" name "-" version ".tar.gz")))
383 (sha256
384 (base32
385 "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7"))
386 (patches (search-patches "openssl-runpath.patch"
387 "openssl-c-rehash-in.patch"))))))
388
389 (define-public openssl-next
390 (package
391 (inherit openssl)
392 (name "openssl")
393 (replacement #f)
394 (version "1.1.0b")
395 (source (origin
396 (method url-fetch)
397 (uri (list (string-append "ftp://ftp.openssl.org/source/"
398 name "-" version ".tar.gz")
399 (string-append "ftp://ftp.openssl.org/source/old/"
400 (string-trim-right version char-set:letter)
401 "/" name "-" version ".tar.gz")))
402 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
403 (sha256
404 (base32
405 "1xznrqvb1dbngv2k2nb6da6fdw00c01sy2i36yjdxr4vpxrf0pd4"))))
406 (outputs '("out"
407 "doc" ;1.3MiB of man3 pages
408 "static")) ; 5.5MiB of .a files
409 (arguments
410 (substitute-keyword-arguments (package-arguments openssl)
411 ((#:phases phases)
412 `(modify-phases ,phases
413 (delete 'patch-tests) ; These two phases are not needed by
414 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
415
416 (add-after 'configure 'patch-runpath
417 (lambda* (#:key outputs #:allow-other-keys)
418 (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
419 (substitute* "Makefile.shared"
420 (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}")
421 (string-append "$${SHAREDCMD} $${SHAREDFLAGS}"
422 " -Wl,-rpath," lib)))
423 #t)))))))))
424
425 (define-public libressl
426 (package
427 (name "libressl")
428 (version "2.5.0")
429 (source
430 (origin
431 (method url-fetch)
432 (uri (string-append
433 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
434 version ".tar.gz"))
435 (sha256
436 (base32
437 "1bkfvapi4z826slycmicvs7hwgk4l82gd8w6nqvznldbammvyll6"))))
438 (build-system gnu-build-system)
439 (native-search-paths
440 ;; FIXME: These two variables must designate a single file or directory
441 ;; and are not actually "search paths." In practice it works OK in
442 ;; user profiles because there's always just one item that matches the
443 ;; specification.
444 (list (search-path-specification
445 (variable "SSL_CERT_DIR")
446 (files '("etc/ssl/certs")))
447 (search-path-specification
448 (variable "SSL_CERT_FILE")
449 (files '("etc/ssl/certs/ca-certificates.crt")))))
450 (home-page "http://www.libressl.org/")
451 (synopsis "SSL/TLS implementation")
452 (description "LibreSSL is a version of the TLS/crypto stack forked
453 from OpenSSL in 2014, with the goals of modernizing the codebase, improving
454 security, and applying best practice development processes.")
455 ;; Files taken from OpenSSL keep their license, others are under various
456 ;; non-copyleft licenses.
457 (license (list license:openssl
458 (license:non-copyleft
459 "file://COPYING"
460 "See COPYING in the distribution.")))))
461
462 (define-public python-acme
463 (package
464 (name "python-acme")
465 (version "0.9.3")
466 (source (origin
467 (method url-fetch)
468 (uri (pypi-uri "acme" version))
469 (sha256
470 (base32
471 "16a02bb0apnk1bm68bcabdmmwd6rnvnjzanrmcb46bpbapwz3vx6"))))
472 (build-system python-build-system)
473 (arguments
474 `(#:phases
475 (modify-phases %standard-phases
476 (add-before 'install 'disable-egg-compression
477 (lambda _
478 ;; Do not compress the egg.
479 ;; See <http://bugs.gnu.org/20765>.
480 (let ((port (open-file "setup.cfg" "a")))
481 (display "\n[easy_install]\nzip_ok = 0\n"
482 port)
483 (close-port port)
484 #t)))
485 (add-after 'install 'docs
486 (lambda* (#:key outputs #:allow-other-keys)
487 (let* ((out (assoc-ref outputs "out"))
488 (man (string-append out "/share/man/man1"))
489 (info (string-append out "/info")))
490 (and (zero? (system* "make" "-C" "docs" "man" "info"))
491 (install-file "docs/_build/texinfo/acme-python.info" info)
492 (install-file "docs/_build/man/acme-python.1" man)
493 #t)))))))
494 ;; TODO: Add optional inputs for testing.
495 (native-inputs
496 `(("python-mock" ,python-mock)
497 ;; For documentation
498 ("python-sphinx" ,python-sphinx)
499 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
500 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
501 ("python-setuptools" ,python-setuptools)
502 ("texinfo" ,texinfo)))
503 (propagated-inputs
504 `(("python-ndg-httpsclient" ,python-ndg-httpsclient)
505 ("python-werkzeug" ,python-werkzeug)
506 ("python-six" ,python-six)
507 ("python-requests" ,python-requests)
508 ("python-pytz" ,python-pytz)
509 ("python-pyrfc3339" ,python-pyrfc3339)
510 ("python-pyasn1" ,python-pyasn1)
511 ("python-cryptography" ,python-cryptography)
512 ("python-pyopenssl" ,python-pyopenssl)))
513 (home-page "https://github.com/letsencrypt/letsencrypt")
514 (synopsis "ACME protocol implementation in Python")
515 (description "ACME protocol implementation in Python")
516 (license license:asl2.0)))
517
518 (define-public python2-acme
519 (package-with-python2 python-acme))
520
521 (define-public certbot
522 (package
523 (name "certbot")
524 (version "0.9.3")
525 (source (origin
526 (method url-fetch)
527 (uri (pypi-uri name version))
528 (sha256
529 (base32
530 "1c7k4lfq5j78d1rvrwrb9082ngwibz92cwkf4kazaa9b76w9q538"))))
531 (build-system python-build-system)
532 (arguments
533 `(#:python ,python-2
534 #:phases
535 (modify-phases %standard-phases
536 (add-after 'build 'docs
537 (lambda* (#:key outputs #:allow-other-keys)
538 (let* ((out (assoc-ref outputs "out"))
539 (man1 (string-append out "/share/man/man1"))
540 (man7 (string-append out "/share/man/man7"))
541 (info (string-append out "/info")))
542 (and
543 (zero? (system* "make" "-C" "docs" "man" "info"))
544 (install-file "docs/_build/texinfo/Certbot.info" info)
545 (install-file "docs/_build/man/certbot.1" man1)
546 (install-file "docs/_build/man/certbot.7" man7)
547 #t)))))))
548 ;; TODO: Add optional inputs for testing.
549 (native-inputs
550 `(("python2-nose" ,python2-nose)
551 ("python2-mock" ,python2-mock)
552 ;; For documentation
553 ("python2-sphinx" ,python2-sphinx)
554 ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
555 ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
556 ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
557 ("texinfo" ,texinfo)))
558 (propagated-inputs
559 `(("python2-acme" ,python2-acme)
560 ("python2-zope-interface" ,python2-zope-interface)
561 ("python2-pythondialog" ,python2-pythondialog)
562 ("python2-pyrfc3339" ,python2-pyrfc3339)
563 ("python2-pyopenssl" ,python2-pyopenssl)
564 ("python2-configobj" ,python2-configobj)
565 ("python2-configargparse" ,python2-configargparse)
566 ("python2-zope-component" ,python2-zope-component)
567 ("python2-parsedatetime" ,python2-parsedatetime)
568 ("python2-six" ,python2-six)
569 ("python2-psutil" ,python2-psutil)
570 ("python2-requests" ,python2-requests)
571 ("python2-pytz" ,python2-pytz)))
572 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
573 (description "Tool to automatically receive and install X.509 certificates
574 to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which
575 will be issuing browser-trusted certificates for free.")
576 (home-page "https://certbot.eff.org/")
577 (license license:asl2.0)))
578
579 (define-public letsencrypt
580 (package (inherit certbot)
581 (name "letsencrypt")
582 (properties `((superseded . ,certbot)))))
583
584 (define-public perl-net-ssleay
585 (package
586 (name "perl-net-ssleay")
587 (version "1.68")
588 (source (origin
589 (method url-fetch)
590 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
591 "Net-SSLeay-" version ".tar.gz"))
592 (sha256
593 (base32
594 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
595 (build-system perl-build-system)
596 (native-inputs
597 `(("patch" ,patch)
598 ("patch/disable-ede-test"
599 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
600 (inputs `(("openssl" ,openssl)))
601 (arguments
602 `(#:phases
603 (modify-phases %standard-phases
604 (add-after
605 'unpack 'apply-patch
606 (lambda* (#:key inputs #:allow-other-keys)
607 ;; XXX We apply this patch here instead of in the 'origin' because
608 ;; this package's build system fails badly when the source file
609 ;; times are zeroed.
610 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
611 (zero? (system* "patch" "--force" "-p1" "-i"
612 (assoc-ref inputs "patch/disable-ede-test")))))
613 (add-before
614 'configure 'set-ssl-prefix
615 (lambda* (#:key inputs #:allow-other-keys)
616 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
617 #t)))))
618 (synopsis "Perl extension for using OpenSSL")
619 (description
620 "This module offers some high level convenience functions for accessing
621 web pages on SSL servers (for symmetry, the same API is offered for accessing
622 http servers, too), an sslcat() function for writing your own clients, and
623 finally access to the SSL api of the SSLeay/OpenSSL package so you can write
624 servers or clients for more complicated applications.")
625 (license (package-license perl))
626 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
627
628 (define-public perl-crypt-openssl-rsa
629 (package
630 (name "perl-crypt-openssl-rsa")
631 (version "0.28")
632 (source
633 (origin
634 (method url-fetch)
635 (uri (string-append
636 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
637 version
638 ".tar.gz"))
639 (sha256
640 (base32
641 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
642 (build-system perl-build-system)
643 (inputs
644 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
645 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
646 ("openssl" ,openssl)))
647 (arguments perl-crypt-arguments)
648 (home-page
649 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
650 (synopsis
651 "RSA encoding and decoding, using the openSSL libraries")
652 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
653 OpenSSL libraries).")
654 (license (package-license perl))))
655
656 (define perl-crypt-arguments
657 `(#:phases (modify-phases %standard-phases
658 (add-before 'configure 'patch-Makefile.PL
659 (lambda* (#:key inputs #:allow-other-keys)
660 (substitute* "Makefile.PL"
661 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
662 (assoc-ref inputs "openssl")
663 "/lib -lcrypto'],")))
664 #t)))))
665
666 (define-public perl-crypt-openssl-bignum
667 (package
668 (name "perl-crypt-openssl-bignum")
669 (version "0.06")
670 (source
671 (origin
672 (method url-fetch)
673 (uri (string-append
674 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
675 version
676 ".tar.gz"))
677 (sha256
678 (base32
679 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
680 (build-system perl-build-system)
681 (inputs `(("openssl" ,openssl)))
682 (arguments perl-crypt-arguments)
683 (home-page
684 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
685 (synopsis
686 "OpenSSL's multiprecision integer arithmetic in Perl")
687 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
688 arithmetic in Perl.")
689 ;; At your option either gpl1+ or the Artistic License
690 (license (package-license perl))))
691
692 (define-public perl-crypt-openssl-random
693 (package
694 (name "perl-crypt-openssl-random")
695 (version "0.11")
696 (source
697 (origin
698 (method url-fetch)
699 (uri (string-append
700 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
701 version
702 ".tar.gz"))
703 (sha256
704 (base32
705 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
706 (build-system perl-build-system)
707 (inputs `(("openssl" ,openssl)))
708 (arguments perl-crypt-arguments)
709 (home-page
710 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
711 (synopsis
712 "OpenSSL/LibreSSL pseudo-random number generator access")
713 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
714 number generator")
715 (license (package-license perl))))
716
717 (define-public acme-client
718 (package
719 (name "acme-client")
720 (version "0.1.14")
721 (source (origin
722 (method url-fetch)
723 (uri (string-append "https://kristaps.bsd.lv/" name "/"
724 "snapshots/" name "-portable-"
725 version ".tgz"))
726 (sha256
727 (base32
728 "1qq4xk41pn65m3v7nnvkmxg96pr06vz6hzdrm0vcmlp3clzpbahl"))))
729 (build-system gnu-build-system)
730 (arguments
731 '(#:tests? #f ; no test suite
732 #:make-flags
733 (list "CC=gcc"
734 (string-append "PREFIX=" (assoc-ref %outputs "out")))
735 #:phases
736 (modify-phases %standard-phases
737 (delete 'configure)))) ; no './configure' script
738 (inputs
739 `(("libbsd" ,libbsd)
740 ("libressl" ,libressl)))
741 (synopsis "Let's Encrypt client by the OpenBSD project")
742 (description "acme-client is a Let's Encrypt client implemented in C. It
743 uses a modular design, and attempts to secure itself by dropping privileges and
744 operating in a chroot where possible. acme-client is developed on OpenBSD and
745 then ported to the GNU / Linux environment.")
746 (home-page "https://kristaps.bsd.lv/acme-client/")
747 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
748 ;; and 'jsmn.c' are distributed under the Expat license.
749 (license (list license:isc license:expat))))
jackhill's copy of GNU Guix: https://guix.gnu.org/