HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: guile-sqlite3: Use the correct Guile version.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
ac83dc82 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
05f6e601 3;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ea22aa1f 7;;; Copyright © 2015, 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
2850d877 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
47956fa0 9;;; Copyright © 2016, 2017, 2018 ng0 <ng0@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e8df8800 12;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
a92c6b1a 13;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
bdcdd550 16;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
7543f865 17;;;
233e7676 18;;; This file is part of GNU Guix.
7543f865 19;;;
233e7676 20;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 21;;; under the terms of the GNU General Public License as published by
22;;; the Free Software Foundation; either version 3 of the License, or (at
23;;; your option) any later version.
24;;;
233e7676 25;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 26;;; WITHOUT ANY WARRANTY; without even the implied warranty of
27;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28;;; GNU General Public License for more details.
29;;;
30;;; You should have received a copy of the GNU General Public License
233e7676 31;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 32
a7fd7b68 33(define-module (gnu packages tls)
e9aa8d0c 34 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 35 #:use-module (guix packages)
36 #:use-module (guix download)
ea22aa1f 37 #:use-module (guix git-download)
29a7c98a 38 #:use-module (guix utils)
7543f865 39 #:use-module (guix build-system gnu)
ea22aa1f 40 #:use-module (guix build-system go)
cc2b77df 41 #:use-module (guix build-system perl)
7890e3ba 42 #:use-module (guix build-system python)
88522738 43 #:use-module (guix build-system cmake)
e8b3a158 44 #:use-module (guix build-system trivial)
f61e0e79 45 #:use-module (gnu packages compression)
013ce67b 46 #:use-module (gnu packages)
e8b3a158 47 #:use-module (gnu packages bash)
ac257f12 48 #:use-module (gnu packages check)
e8b3a158 49 #:use-module (gnu packages curl)
5b9aa107 50 #:use-module (gnu packages dns)
e8b3a158 51 #:use-module (gnu packages gawk)
1ffa7090 52 #:use-module (gnu packages guile)
0581c273 53 #:use-module (gnu packages libbsd)
27e86bed 54 #:use-module (gnu packages libffi)
866f469e 55 #:use-module (gnu packages libidn)
5d4c90ae 56 #:use-module (gnu packages linux)
7890e3ba 57 #:use-module (gnu packages ncurses)
27e86bed 58 #:use-module (gnu packages nettle)
1ffa7090 59 #:use-module (gnu packages perl)
27e86bed 60 #:use-module (gnu packages pkg-config)
7890e3ba 61 #:use-module (gnu packages python)
cc6f4912 62 #:use-module (gnu packages python-crypto)
1b2f753d 63 #:use-module (gnu packages python-web)
44d10b1f 64 #:use-module (gnu packages python-xyz)
9d0c291e 65 #:use-module (gnu packages sphinx)
a31f4d35 66 #:use-module (gnu packages texinfo)
33dc54b0 67 #:use-module (gnu packages time)
079f013b
LC		 68 #:use-module (gnu packages base)
69 #:use-module (srfi srfi-1))
7543f865
LC		 70
71(define-public libtasn1
72 (package
73 (name "libtasn1")
3a22f04a 74 (version "4.16.0")
7543f865
LC		 75 (source
76 (origin
77 (method url-fetch)
78 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
79 version ".tar.gz"))
80 (sha256
81 (base32
3a22f04a 82 "179jskl7dmfp1rd2khkzmlibzgki4wi6hvmmwfv7q49r728b03qf"))))
7543f865 83 (build-system gnu-build-system)
d9f84612
MB		 84 (arguments
85 `(#:configure-flags '("--disable-static")))
3ea110b7 86 (native-inputs `(("perl" ,perl)))
6fd52309 87 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 88 (synopsis "ASN.1 library")
7543f865 89 (description
79c311b8
LC		 90 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
91for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 92networking, allowing for formal validation of data according to some
93specifications.")
e9aa8d0c 94 (license license:lgpl2.0+)))
7543f865 95
375cef6c
HG		 96(define-public asn1c
97 (package
98 (name "asn1c")
ff7da7e0 99 (version "0.9.28")
375cef6c
HG		 100 (source (origin
101 (method url-fetch)
102 (uri (string-append "https://lionet.info/soft/asn1c-"
103 version ".tar.gz"))
104 (sha256
105 (base32
ff7da7e0 106 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 107 (build-system gnu-build-system)
108 (native-inputs
109 `(("perl" ,perl)))
110 (home-page "https://lionet.info/asn1c")
111 (synopsis "ASN.1 to C compiler")
112 (description "The ASN.1 to C compiler takes ASN.1 module
113files and generates C++ compatible C source code. That code can be
114used to serialize the native C structures into compact and unambiguous
115BER/XER/PER-based data files, and deserialize the files back.
116
117Various ASN.1 based formats are widely used in the industry, such as to encode
118the X.509 certificates employed in the HTTPS handshake, to exchange control
119data between mobile phones and cellular networks, to car-to-car communication
120in intelligent transportation networks.")
121 (license license:bsd-2)))
122
27e86bed
AE		 123(define-public p11-kit
124 (package
125 (name "p11-kit")
8c98ef7d 126 (version "0.23.20")
27e86bed
AE		 127 (source
128 (origin
129 (method url-fetch)
e6ad9bda 130 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
eae94df6 131 "download/" version "/p11-kit-" version ".tar.xz"))
27e86bed
AE		 132 (sha256
133 (base32
8c98ef7d 134 "0131maw666ha4d6iyj13fkz18c4pnb3lw2xwv5kvkmnzqcj61n0l"))))
27e86bed
AE		 135 (build-system gnu-build-system)
136 (native-inputs
137 `(("pkg-config" ,pkg-config)))
138 (inputs
139 `(("libffi" ,libffi)
140 ("libtasn1" ,libtasn1)))
141 (arguments
d5c472a2
MB		 142 `(#:configure-flags '("--without-trust-paths")
143 #:phases (modify-phases %standard-phases
144 (add-before 'check 'prepare-tests
145 (lambda _
146 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
147 ;; and looks for .cache and other directories (only).
148 ;; For simplicity just drop it since it is irrelevant
149 ;; in the build container.
150 (substitute* "Makefile"
151 (("test-runtime\\$\\(EXEEXT\\)") ""))
152 #t)))))
4631e6c9 153 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 154 (synopsis "PKCS#11 library")
155 (description
156 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
157provides a standard configuration setup for installing PKCS#11 modules
158in such a way that they are discoverable. It also solves problems with
159coordinating the use of PKCS#11 by different components or libraries
160living in the same process.")
e9aa8d0c 161 (license license:bsd-3)))
27e86bed 162
7543f865
LC		 163(define-public gnutls
164 (package
165 (name "gnutls")
584d08c5 166 (version "3.6.12")
d7d408d5
LC		 167 (source (origin
168 (method url-fetch)
169 (uri
170 ;; Note: Releases are no longer on ftp.gnu.org since the
171 ;; schism (after version 3.1.5).
d93627e4 172 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 173 (version-major+minor version)
d93627e4 174 "/gnutls-" version ".tar.xz"))
06f5bc4e 175 (patches (search-patches "gnutls-skip-trust-store-test.patch"))
d7d408d5
LC		 176 (sha256
177 (base32
584d08c5 178 "0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z"))))
7543f865 179 (build-system gnu-build-system)
b94ae0b8 180 (arguments
76b21274
LF		 181 `(; Ensure we don't keep a reference to this buggy software.
182 #:disallowed-references (,net-tools)
183 #:configure-flags
a0700787 184 (list
aa7c7f21
MW		 185 ;; GnuTLS doesn't consult any environment variables to specify
186 ;; the location of the system-wide trust store. Instead it has a
187 ;; configure-time option. Unless specified, its configure script
188 ;; attempts to auto-detect the location by looking for common
8f65585b 189 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 190 ;; chroot build environment. If not found, then no default trust
191 ;; store is used, so each program has to provide its own
192 ;; fallback, and users have to configure each program
193 ;; independently. This seems suboptimal.
866f469e
MW		 194 "--with-default-trust-store-dir=/etc/ssl/certs"
195
7892edc2
MB		 196 ;; Tell the build system that we want Guile bindings installed to
197 ;; the output instead of Guiles own module directory.
198 (string-append "--with-guile-site-dir="
199 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
200 (string-append "--with-guile-site-ccache-dir="
201 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
202 (string-append "--with-guile-extension-dir="
203 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
204
866f469e
MW		 205 ;; FIXME: Temporarily disable p11-kit support since it is not
206 ;; working on mips64el.
606c6380
LC		 207 "--without-p11-kit")
208
209 #:phases (modify-phases %standard-phases
210 (add-after
211 'install 'move-doc
212 (lambda* (#:key outputs #:allow-other-keys)
213 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
214 (let* ((out (assoc-ref outputs "out"))
215 (doc (assoc-ref outputs "doc"))
9cdce047 216 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 217 (oldman (string-append out "/share/man/man3")))
218 (mkdir-p mandir)
219 (copy-recursively oldman mandir)
220 (delete-file-recursively oldman)
221 #t))))))
222 (outputs '("out" ;4.4 MiB
223 "debug"
224 "doc")) ;4.1 MiB of man pages
a1db0975 225 (native-inputs
c06d8ba5 226 `(("net-tools" ,net-tools)
5d4c90ae 227 ("pkg-config" ,pkg-config)
ac83dc82 228 ("which" ,which)
971c8bb0
LC		 229 ("datefudge" ,datefudge) ;tests rely on 'datefudge'
230 ("util-linux" ,util-linux))) ;one test needs 'setsid'
7543f865 231 (inputs
67a3c8ed 232 `(("guile" ,guile-3.0)))
7543f865 233 (propagated-inputs
d2fcfd3d 234 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 235 `(("libtasn1" ,libtasn1)
55e61c4d 236 ("libidn2" ,libidn2)
866f469e 237 ("nettle" ,nettle)
f61e0e79 238 ("zlib" ,zlib)))
c19700c3 239 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 240 (synopsis "Transport layer security library")
7543f865 241 (description
a22dc0c4 242 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 243and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 244protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
245required structures.")
63e8bb12
LC		 246 (license license:lgpl2.1+)
247 (properties '((ftp-server . "ftp.gnutls.org")
248 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 249
a0700787
LC		 250(define-public gnutls/guile-2.0
251 ;; GnuTLS for Guile 2.0.
079f013b 252 (package
58ea4d40 253 (inherit gnutls)
a0700787
LC		 254 (name "guile2.0-gnutls")
255 (inputs `(("guile" ,guile-2.0)
58ea4d40 256 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 257
5b9aa107 258(define-public gnutls/dane
259 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
260 ;; Authentication of Named Entities. This is required for GNS functionality
261 ;; by GNUnet and gnURL. This is done in an extra package definition
262 ;; to have the choice between GnuTLS with Dane and without Dane.
263 (package
264 (inherit gnutls)
265 (name "gnutls-dane")
266 (inputs `(("unbound" ,unbound)
267 ,@(package-inputs gnutls)))))
268
67a3c8ed 269(define-public guile2.2-gnutls
d630d781 270 (package
5f9f034e 271 (inherit gnutls)
67a3c8ed
MB		 272 (name "guile2.2-gnutls")
273 (inputs `(("guile" ,guile-2.2)
d630d781 274 ,@(alist-delete "guile"
5f9f034e 275 (package-inputs gnutls))))))
d630d781 276
67a3c8ed
MB		 277(define-public guile3.0-gnutls gnutls)
278
cc2b77df
AE		 279(define-public openssl
280 (package
281 (name "openssl")
e554eba0 282 (version "1.1.1d")
cc2b77df 283 (source (origin
4cff124b 284 (method url-fetch)
bdf0b6fc
MB		 285 (uri (list (string-append "https://www.openssl.org/source/openssl-"
286 version ".tar.gz")
287 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 288 "openssl-" version ".tar.gz")
4cff124b
LC		 289 (string-append "ftp://ftp.openssl.org/source/old/"
290 (string-trim-right version char-set:letter)
c7f5c3ea 291 "/openssl-" version ".tar.gz")))
4cff124b
LC		 292 (sha256
293 (base32
e554eba0 294 "1whinyw402z3b9xlb3qaxv4b9sk4w1bgh9k0y8df1z4x3yy92fhy"))
e74f153a 295 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
cc2b77df 296 (build-system gnu-build-system)
8c78aeb7 297 (outputs '("out"
e74f153a
MB		 298 "doc" ;6.8 MiB of man3 pages and full HTML documentation
299 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 300 (native-inputs `(("perl" ,perl)))
301 (arguments
88b52527 302 `(#:parallel-tests? #f
cc2b77df 303 #:test-target "test"
8c9ec203
LF		 304
305 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
306 ;; so we explicitly disallow it here.
307 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 308 #:phases
b6cb1358 309 (modify-phases %standard-phases
bdcdd550
MO		 310 ,@(if (%current-target-system)
311 '((add-before
312 'configure 'set-cross-compile
313 (lambda* (#:key target outputs #:allow-other-keys)
314 (setenv "CROSS_COMPILE" (string-append target "-"))
315 (setenv "CONFIGURE_TARGET_ARCH"
316 (cond
317 ((string-prefix? "i686" target)
318 "linux-x86")
319 ((string-prefix? "x86_64" target)
320 "linux-x86_64")
321 ((string-prefix? "arm" target)
322 "linux-armv4")
323 ((string-prefix? "aarch64" target)
324 "linux-aarch64")))
325 #t)))
326 '())
e74f153a
MB		 327 (replace 'configure
328 (lambda* (#:key outputs #:allow-other-keys)
329 (let* ((out (assoc-ref outputs "out"))
330 (lib (string-append out "/lib")))
331 ;; It's not a shebang so patch-source-shebangs misses it.
332 (substitute* "config"
333 (("/usr/bin/env")
334 (string-append (assoc-ref %build-inputs "coreutils")
335 "/bin/env")))
bdcdd550
MO		 336 (invoke ,@(if (%current-target-system)
337 '("./Configure")
338 '("./config"))
e74f153a
MB		 339 "shared" ;build shared libraries
340 "--libdir=lib"
4fb254a3 341
e74f153a
MB		 342 ;; The default for this catch-all directory is
343 ;; PREFIX/ssl. Change that to something more
344 ;; conventional.
345 (string-append "--openssldir=" out
346 "/share/openssl-" ,version)
4fb254a3 347
e74f153a 348 (string-append "--prefix=" out)
bdcdd550
MO		 349 (string-append "-Wl,-rpath," lib)
350 ,@(if (%current-target-system)
351 '((getenv "CONFIGURE_TARGET_ARCH"))
352 '())))))
8c78aeb7
LC		 353 (add-after 'install 'move-static-libraries
354 (lambda* (#:key outputs #:allow-other-keys)
355 ;; Move static libraries to the "static" output.
356 (let* ((out (assoc-ref outputs "out"))
357 (lib (string-append out "/lib"))
358 (static (assoc-ref outputs "static"))
359 (slib (string-append static "/lib")))
8c78aeb7
LC		 360 (for-each (lambda (file)
361 (install-file file slib)
362 (delete-file file))
363 (find-files lib "\\.a$"))
364 #t)))
e74f153a 365 (add-after 'install 'move-extra-documentation
a909b576 366 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 367 ;; Move man3 pages and full HTML documentation to "doc".
368 (let* ((out (assoc-ref outputs "out"))
369 (man3 (string-append out "/share/man/man3"))
370 (html (string-append out "/share/doc/openssl"))
371 (doc (assoc-ref outputs "doc"))
372 (man-target (string-append doc "/share/man/man3"))
373 (html-target (string-append doc "/share/doc/openssl")))
374 (copy-recursively man3 man-target)
375 (delete-file-recursively man3)
376 (copy-recursively html html-target)
377 (delete-file-recursively html)
378 #t)))
784d6e91
LC		 379 (add-after
380 'install 'remove-miscellany
381 (lambda* (#:key outputs #:allow-other-keys)
382 ;; The 'misc' directory contains random undocumented shell and Perl
383 ;; scripts. Remove them to avoid retaining a reference on Perl.
384 (let ((out (assoc-ref outputs "out")))
385 (delete-file-recursively (string-append out "/share/openssl-"
386 ,version "/misc"))
387 #t))))))
cc2b77df 388 (native-search-paths
cc2b77df
AE		 389 (list (search-path-specification
390 (variable "SSL_CERT_DIR")
5d7a47cc 391 (separator #f) ;single entry
cc2b77df
AE		 392 (files '("etc/ssl/certs")))
393 (search-path-specification
394 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 395 (file-type 'regular)
396 (separator #f) ;single entry
cc2b77df
AE		 397 (files '("etc/ssl/certs/ca-certificates.crt")))))
398 (synopsis "SSL/TLS implementation")
399 (description
e881752c 400 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 401 (license license:openssl)
4631e6c9 402 (home-page "https://www.openssl.org/")))
cc2b77df 403
e74f153a 404(define-public openssl-1.0
763899f0
LF		 405 (package
406 (inherit openssl)
407 (name "openssl")
b0b79542 408 (version "1.0.2u")
763899f0 409 (source (origin
e74f153a
MB		 410 (method url-fetch)
411 (uri (list (string-append "https://www.openssl.org/source/openssl-"
412 version ".tar.gz")
413 (string-append "ftp://ftp.openssl.org/source/"
414 "openssl-" version ".tar.gz")
415 (string-append "ftp://ftp.openssl.org/source/old/"
416 (string-trim-right version char-set:letter)
417 "/openssl-" version ".tar.gz")))
763899f0
LF		 418 (sha256
419 (base32
b0b79542 420 "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
e74f153a
MB		 421 (patches (search-patches "openssl-runpath.patch"
422 "openssl-c-rehash-in.patch"))))
763899f0 423 (outputs '("out"
e74f153a
MB		 424 "doc" ;1.5MiB of man3 pages
425 "static")) ;6MiB of .a files
763899f0
LF		 426 (arguments
427 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 428 ;; Parallel build is not supported in 1.0.x.
429 ((#:parallel-build? _ #f) #f)
763899f0
LF		 430 ((#:phases phases)
431 `(modify-phases ,phases
e74f153a
MB		 432 (add-before 'patch-source-shebangs 'patch-tests
433 (lambda* (#:key inputs native-inputs #:allow-other-keys)
434 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
435 (substitute* (find-files "test" ".*")
436 (("/bin/sh")
437 (string-append bash "/bin/sh"))
438 (("/bin/rm")
439 "rm"))
440 #t)))
441 (add-before 'configure 'patch-Makefile.org
763899f0 442 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 443 ;; The default MANDIR is some unusual place. Fix that.
444 (let ((out (assoc-ref outputs "out")))
445 (patch-makefile-SHELL "Makefile.org")
446 (substitute* "Makefile.org"
447 (("^MANDIR[[:blank:]]*=.*$")
448 (string-append "MANDIR = " out "/share/man\n")))
449 #t)))
bdcdd550
MO		 450 (replace 'configure
451 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
452 (lambda* (#:key outputs #:allow-other-keys)
453 (let ((out (assoc-ref outputs "out")))
454 (invoke ,@(if (%current-target-system)
455 '("./Configure")
456 '("./config"))
457 "shared" ;build shared libraries
458 "--libdir=lib"
fc184fe2 459
bdcdd550
MO		 460 ;; The default for this catch-all directory is
461 ;; PREFIX/ssl. Change that to something more
462 ;; conventional.
463 (string-append "--openssldir=" out
464 "/share/openssl-" ,version)
fc184fe2 465
bdcdd550
MO		 466 (string-append "--prefix=" out)
467 ,@(if (%current-target-system)
468 '((getenv "CONFIGURE_TARGET_ARCH"))
469 '())))))
e74f153a
MB		 470 (delete 'move-extra-documentation)
471 (add-after 'install 'move-man3-pages
472 (lambda* (#:key outputs #:allow-other-keys)
473 ;; Move section 3 man pages to "doc".
474 (let* ((out (assoc-ref outputs "out"))
475 (man3 (string-append out "/share/man/man3"))
476 (doc (assoc-ref outputs "doc"))
477 (target (string-append doc "/share/man/man3")))
478 (mkdir-p target)
479 (for-each (lambda (file)
480 (rename-file file
481 (string-append target "/"
482 (basename file))))
483 (find-files man3))
484 (delete-file-recursively man3)
485 #t)))
fc184fe2
MB		 486 ;; XXX: Duplicate this phase to make sure 'version' evaluates
487 ;; in the current scope and not the inherited one.
488 (replace 'remove-miscellany
489 (lambda* (#:key outputs #:allow-other-keys)
490 ;; The 'misc' directory contains random undocumented shell and Perl
491 ;; scripts. Remove them to avoid retaining a reference on Perl.
492 (let ((out (assoc-ref outputs "out")))
493 (delete-file-recursively (string-append out "/share/openssl-"
494 ,version "/misc"))
763899f0
LF		 495 #t)))))))))
496
cb6a802c
AE		 497(define-public libressl
498 (package
499 (name "libressl")
0250672b 500 (version "3.0.2")
644e5f17
TGR		 501 (source (origin
502 (method url-fetch)
503 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 504 "libressl-" version ".tar.gz"))
644e5f17
TGR		 505 (sha256
506 (base32
0250672b 507 "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz"))))
cb6a802c 508 (build-system gnu-build-system)
a2d64899
LC		 509 (arguments
510 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
511 ;; and libc would return ENOSYS, which is not properly handled.
512 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 513 '(#:configure-flags '("ac_cv_func_getentropy=no"
514 ;; Provide a TLS-enabled netcat.
515 "--enable-nc")))
cb6a802c 516 (native-search-paths
cb6a802c
AE		 517 (list (search-path-specification
518 (variable "SSL_CERT_DIR")
04cfe91e 519 (separator #f) ;single entry
cb6a802c
AE		 520 (files '("etc/ssl/certs")))
521 (search-path-specification
522 (variable "SSL_CERT_FILE")
04cfe91e 523 (separator #f) ;single entry
cb6a802c 524 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 525 (home-page "https://www.libressl.org/")
cb6a802c 526 (synopsis "SSL/TLS implementation")
df08f385
LF		 527 (description "LibreSSL is a version of the TLS/crypto stack, forked from
528OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
529and applying best practice development processes. This package also includes a
530netcat implementation that supports TLS.")
cb6a802c
AE		 531 ;; Files taken from OpenSSL keep their license, others are under various
532 ;; non-copyleft licenses.
533 (license (list license:openssl
534 (license:non-copyleft
535 "file://COPYING"
536 "See COPYING in the distribution.")))))
537
6cefd53d 538(define-public python-acme
7890e3ba 539 (package
6cefd53d 540 (name "python-acme")
686d4259 541 ;; Remember to update the hash of certbot when updating python-acme.
7cfcc38f 542 (version "1.3.0")
7890e3ba 543 (source (origin
9495cf9a 544 (method url-fetch)
f349d36e 545 (uri (pypi-uri "acme" version))
881006b6
MB		 546 (sha256
547 (base32
7cfcc38f 548 "03fjmg0fgfy7xfn3i8rzn9i0i4amajmijkash84qb8mlphgrxpn0"))))
7890e3ba
LF		 549 (build-system python-build-system)
550 (arguments
6cefd53d 551 `(#:phases
9bee9d87 552 (modify-phases %standard-phases
1fc8476d
MB		 553 (add-after 'build 'build-documentation
554 (lambda _
d4bd2453 555 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 556 (add-after 'install 'install-documentation
50a7963a
LF		 557 (lambda* (#:key outputs #:allow-other-keys)
558 (let* ((out (assoc-ref outputs "out"))
559 (man (string-append out "/share/man/man1"))
560 (info (string-append out "/info")))
1fc8476d
MB		 561 (install-file "docs/_build/texinfo/acme-python.info" info)
562 (install-file "docs/_build/man/acme-python.1" man)
563 #t))))))
50a7963a 564 ;; TODO: Add optional inputs for testing.
7890e3ba 565 (native-inputs
4ae65558 566 `(("python-mock" ,python-mock)
b494bbe4 567 ("python-pytest" ,python-pytest)
50a7963a
LF		 568 ;; For documentation
569 ("python-sphinx" ,python-sphinx)
570 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
571 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 572 ("texinfo" ,texinfo)))
7890e3ba 573 (propagated-inputs
92572184
LF		 574 `(("python-josepy" ,python-josepy)
575 ("python-six" ,python-six)
6cefd53d 576 ("python-requests" ,python-requests)
b494bbe4 577 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 578 ("python-pytz" ,python-pytz)
579 ("python-pyrfc3339" ,python-pyrfc3339)
580 ("python-pyasn1" ,python-pyasn1)
581 ("python-cryptography" ,python-cryptography)
582 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 583 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 584 (synopsis "ACME protocol implementation in Python")
585 (description "ACME protocol implementation in Python")
586 (license license:asl2.0)))
587
9495cf9a 588(define-public certbot
9fd0838b 589 (package
9495cf9a 590 (name "certbot")
686d4259
LF		 591 ;; Certbot and python-acme are developed in the same repository, and their
592 ;; versions should remain synchronized.
593 (version (package-version python-acme))
9fd0838b
DT		 594 (source (origin
595 (method url-fetch)
b380463b 596 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 597 (sha256
598 (base32
7cfcc38f 599 "1n5i0k6kwmd6wvivshfl3k4djwcpwx390c39xmr2hhrgpk5r285w"))))
9fd0838b
DT		 600 (build-system python-build-system)
601 (arguments
fed1898d 602 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 603 ((#:phases phases)
604 `(modify-phases ,phases
1fc8476d 605 (replace 'install-documentation
f26d6e4e
LF		 606 (lambda* (#:key outputs #:allow-other-keys)
607 (let* ((out (assoc-ref outputs "out"))
608 (man1 (string-append out "/share/man/man1"))
609 (man7 (string-append out "/share/man/man7"))
610 (info (string-append out "/info")))
1fc8476d
MB		 611 (install-file "docs/_build/texinfo/Certbot.info" info)
612 (install-file "docs/_build/man/certbot.1" man1)
613 (install-file "docs/_build/man/certbot.7" man7)
614 #t))))))))
f9263d9a 615 ;; TODO: Add optional inputs for testing.
9fd0838b 616 (native-inputs
d05c14df
TGR		 617 `(("python-mock" ,python-mock)
618 ("python-pytest" ,python-pytest)
f9263d9a 619 ;; For documentation
fed1898d
LF		 620 ("python-sphinx" ,python-sphinx)
621 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
622 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
623 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 624 ("texinfo" ,texinfo)))
9fd0838b 625 (propagated-inputs
fed1898d 626 `(("python-acme" ,python-acme)
d05c14df 627 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 628 ("python-zope-interface" ,python-zope-interface)
629 ("python-pyrfc3339" ,python-pyrfc3339)
630 ("python-pyopenssl" ,python-pyopenssl)
631 ("python-configobj" ,python-configobj)
632 ("python-configargparse" ,python-configargparse)
b977d900 633 ("python-distro" ,python-distro)
fed1898d
LF		 634 ("python-zope-component" ,python-zope-component)
635 ("python-parsedatetime" ,python-parsedatetime)
636 ("python-six" ,python-six)
637 ("python-psutil" ,python-psutil)
638 ("python-requests" ,python-requests)
639 ("python-pytz" ,python-pytz)))
d8a1be63 640 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 641 (description "Certbot automatically receives and installs X.509 certificates
642to enable Transport Layer Security (TLS) on servers. It interoperates with the
643Let’s Encrypt certificate authority (CA), which issues browser-trusted
644certificates for free.")
24778368 645 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 646 (license license:asl2.0)))
647
9495cf9a
LF		 648(define-public letsencrypt
649 (package (inherit certbot)
56ab55d1
LF		 650 (name "letsencrypt")
651 (properties `((superseded . ,certbot)))))
9495cf9a 652
cc2b77df
AE		 653(define-public perl-net-ssleay
654 (package
655 (name "perl-net-ssleay")
966e4bea 656 (version "1.88")
cc2b77df
AE		 657 (source (origin
658 (method url-fetch)
c50f15d6 659 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 660 "Net-SSLeay-" version ".tar.gz"))
661 (sha256
662 (base32
966e4bea 663 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 664 (build-system perl-build-system)
665 (inputs `(("openssl" ,openssl)))
666 (arguments
1084ec08
MW		 667 `(#:phases
668 (modify-phases %standard-phases
1084ec08
MW		 669 (add-before
670 'configure 'set-ssl-prefix
671 (lambda* (#:key inputs #:allow-other-keys)
672 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
673 #t)))))
cc2b77df
AE		 674 (synopsis "Perl extension for using OpenSSL")
675 (description
676 "This module offers some high level convenience functions for accessing
677web pages on SSL servers (for symmetry, the same API is offered for accessing
678http servers, too), an sslcat() function for writing your own clients, and
679finally access to the SSL api of the SSLeay/OpenSSL package so you can write
680servers or clients for more complicated applications.")
2f3108ad 681 (license license:perl-license)
9aba9b12 682 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 683
684(define-public perl-crypt-openssl-rsa
685 (package
686 (name "perl-crypt-openssl-rsa")
a9994b27 687 (version "0.31")
4532c0c0
DM		 688 (source
689 (origin
690 (method url-fetch)
691 (uri (string-append
683b8d47 692 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 693 version
694 ".tar.gz"))
695 (sha256
696 (base32
a9994b27 697 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 698 (build-system perl-build-system)
683b8d47
TGR		 699 (native-inputs
700 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 701 (inputs
702 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
703 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
704 ("openssl" ,openssl)))
705 (arguments perl-crypt-arguments)
706 (home-page
9aba9b12 707 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 708 (synopsis
709 "RSA encoding and decoding, using the openSSL libraries")
710 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
711OpenSSL libraries).")
2f3108ad 712 (license license:perl-license)))
adff71ca
DM		 713
714(define perl-crypt-arguments
715 `(#:phases (modify-phases %standard-phases
716 (add-before 'configure 'patch-Makefile.PL
717 (lambda* (#:key inputs #:allow-other-keys)
718 (substitute* "Makefile.PL"
719 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
720 (assoc-ref inputs "openssl")
721 "/lib -lcrypto'],")))
722 #t)))))
723
724(define-public perl-crypt-openssl-bignum
725 (package
726 (name "perl-crypt-openssl-bignum")
7e8aac18 727 (version "0.09")
adff71ca
DM		 728 (source
729 (origin
730 (method url-fetch)
731 (uri (string-append
732 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
733 version
734 ".tar.gz"))
735 (sha256
736 (base32
7e8aac18 737 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 738 (build-system perl-build-system)
739 (inputs `(("openssl" ,openssl)))
740 (arguments perl-crypt-arguments)
741 (home-page
9aba9b12 742 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 743 (synopsis
744 "OpenSSL's multiprecision integer arithmetic in Perl")
745 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
746arithmetic in Perl.")
747 ;; At your option either gpl1+ or the Artistic License
2f3108ad 748 (license license:perl-license)))
cccb4d26 749
c80590f6
TGR		 750(define-public perl-crypt-openssl-guess
751 (package
752 (name "perl-crypt-openssl-guess")
753 (version "0.11")
754 (source
755 (origin
756 (method url-fetch)
757 (uri (string-append
758 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
759 version ".tar.gz"))
760 (sha256
761 (base32
762 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
763 (build-system perl-build-system)
9aba9b12 764 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 765 (synopsis "Guess the OpenSSL include path")
766 (description
767 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
768correct OpenSSL include path. It is intended for use in your
769@file{Makefile.PL}.")
770 (license license:perl-license)))
771
cccb4d26
DM		 772(define-public perl-crypt-openssl-random
773 (package
774 (name "perl-crypt-openssl-random")
fa2d19cc 775 (version "0.15")
cccb4d26
DM		 776 (source
777 (origin
778 (method url-fetch)
779 (uri (string-append
780 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
781 version
782 ".tar.gz"))
783 (sha256
fa2d19cc 784 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 785 (build-system perl-build-system)
b30c23c4
TGR		 786 (native-inputs
787 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
788 (inputs
789 `(("openssl" ,openssl)))
cccb4d26
DM		 790 (arguments perl-crypt-arguments)
791 (home-page
9aba9b12 792 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 793 (synopsis
794 "OpenSSL/LibreSSL pseudo-random number generator access")
795 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
796number generator")
2f3108ad 797 (license license:perl-license)))
0581c273
LF		 798
799(define-public acme-client
800 (package
801 (name "acme-client")
4a6b2a21 802 (version "0.1.16")
0581c273
LF		 803 (source (origin
804 (method url-fetch)
805 (uri (string-append "https://kristaps.bsd.lv/" name "/"
806 "snapshots/" name "-portable-"
807 version ".tgz"))
808 (sha256
809 (base32
4a6b2a21 810 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 811 (build-system gnu-build-system)
812 (arguments
813 '(#:tests? #f ; no test suite
814 #:make-flags
815 (list "CC=gcc"
816 (string-append "PREFIX=" (assoc-ref %outputs "out")))
817 #:phases
818 (modify-phases %standard-phases
7c1a7bf4
LF		 819 (add-after 'unpack 'patch-paths
820 (lambda* (#:key inputs #:allow-other-keys)
821 (let ((pem (string-append (assoc-ref inputs "libressl")
822 "/etc/ssl/cert.pem")))
823 (substitute* "http.c"
824 (("/etc/ssl/cert.pem") pem))
825 #t)))
0581c273 826 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 827 (native-inputs
828 `(("pkg-config" ,pkg-config)))
0581c273
LF		 829 (inputs
830 `(("libbsd" ,libbsd)
831 ("libressl" ,libressl)))
832 (synopsis "Let's Encrypt client by the OpenBSD project")
833 (description "acme-client is a Let's Encrypt client implemented in C. It
834uses a modular design, and attempts to secure itself by dropping privileges and
835operating in a chroot where possible. acme-client is developed on OpenBSD and
836then ported to the GNU / Linux environment.")
837 (home-page "https://kristaps.bsd.lv/acme-client/")
838 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
839 ;; and 'jsmn.c' are distributed under the Expat license.
840 (license (list license:isc license:expat))))
88522738 841
842;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
843;; variant exists in addition to the "-apache" one.
844(define-public mbedtls-apache
845 (package
846 (name "mbedtls-apache")
1b01c103 847 (version "2.16.5")
88522738 848 (source
849 (origin
850 (method url-fetch)
851 ;; XXX: The download links on the website are script redirection links
852 ;; which effectively lead to the format listed in the uri here.
853 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
854 version "-apache.tgz"))
855 (sha256
856 (base32
1b01c103 857 "0kdhwy241xsk4isbadqx6z80m8sf76da5sbmqv8qy11yr37cdd35"))))
88522738 858 (build-system cmake-build-system)
a64d9d56
RW		 859 (arguments
860 `(#:configure-flags
92ebd8ed
MB		 861 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
862 "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")))
88522738 863 (native-inputs
38a9bf80
TGR		 864 `(("perl" ,perl)
865 ("python" ,python)))
88522738 866 (synopsis "Small TLS library")
867 (description
868 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
869for developers to include cryptographic and SSL/TLS capabilities in their
870(embedded) products, facilitating this functionality with a minimal
871coding footprint.")
872 (home-page "https://tls.mbed.org")
873 (license license:asl2.0)))
587d1752 874
8e87aa04
TGR		 875;; The Hiawatha Web server requires some specific features to be enabled.
876(define-public mbedtls-for-hiawatha
877 (hidden-package
878 (package
879 (inherit mbedtls-apache)
880 (arguments
881 (substitute-keyword-arguments
882 `(#:phases
883 (modify-phases %standard-phases
884 (add-after 'configure 'configure-extra-features
885 (lambda _
886 (for-each (lambda (feature)
887 (invoke "scripts/config.pl" "set" feature))
888 (list "MBEDTLS_THREADING_C"
889 "MBEDTLS_THREADING_PTHREAD"))
890 #t)))
891 ,@(package-arguments mbedtls-apache)))))))
892
e8b3a158
CL		 893(define-public dehydrated
894 (package
895 (name "dehydrated")
2359e235 896 (version "0.6.5")
e8b3a158 897 (source (origin
2850d877 898 (method url-fetch)
e8b3a158 899 (uri (string-append
bb5ab9bf 900 "https://github.com/dehydrated-io/dehydrated/releases/download/"
2850d877 901 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 902 (sha256
903 (base32
2359e235 904 "0dgskgbdd95p13jx6s13p77y15wngb5cm6p4305cf2s54w0bvahh"))))
e8b3a158
CL		 905 (build-system trivial-build-system)
906 (arguments
c150d637
TGR		 907 `(#:modules ((guix build utils)
908 (srfi srfi-26))
e8b3a158
CL		 909 #:builder
910 (begin
c150d637
TGR		 911 (use-modules (guix build utils)
912 (srfi srfi-26))
e8b3a158 913 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 914 (tar (assoc-ref %build-inputs "tar"))
915 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 916 (out (assoc-ref %outputs "out"))
917 (bin (string-append out "/bin"))
c150d637
TGR		 918 (doc (string-append out "/share/doc/" ,name "-" ,version))
919 (man (string-append out "/share/man"))
e8b3a158 920 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 921
922 (setenv "PATH" (string-append gz "/bin"))
923 (invoke (string-append tar "/bin/tar") "xvf" source)
924 (chdir (string-append ,name "-" ,version))
925
c150d637
TGR		 926 (copy-recursively "docs" doc)
927 (install-file "LICENSE" doc)
928
929 (mkdir-p man)
930 (rename-file (string-append doc "/man")
931 (string-append man "/man1"))
932 (for-each (cut invoke "gzip" "-9" <>)
933 (find-files man ".*"))
934
2850d877 935 (install-file "dehydrated" bin)
e8b3a158 936 (with-directory-excursion bin
e8b3a158
CL		 937 (patch-shebang "dehydrated" (list bash))
938
c150d637 939 ;; Do not try to write to the store.
e8b3a158
CL		 940 (substitute* "dehydrated"
941 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
942
943 (setenv "PATH" bash)
944 (wrap-program "dehydrated"
945 `("PATH" ":" prefix
946 ,(map (lambda (dir)
947 (string-append dir "/bin"))
948 (map (lambda (input)
949 (assoc-ref %build-inputs input))
950 '("coreutils"
951 "curl"
952 "diffutils"
953 "gawk"
954 "grep"
955 "openssl"
956 "sed"))))))
957 #t))))
958 (inputs
959 `(("bash" ,bash)
960 ("coreutils" ,coreutils)
961 ("curl" ,curl)
962 ("diffutils" ,diffutils)
963 ("gawk" ,gawk)
964 ("grep" ,grep)
965 ("openssl" ,openssl)
966 ("sed" ,sed)))
2850d877
EF		 967 (native-inputs
968 `(("gzip" ,gzip)
969 ("tar" ,tar)))
e8b3a158
CL		 970 (home-page "https://dehydrated.io/")
971 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
972 (description "Dehydrated is a client for signing certificates with an
973ACME-server (currently only provided by Let's Encrypt) implemented as a
974relatively simple Bash script.")
975 (license license:expat)))
ea22aa1f
LF		 976
977(define-public go-github-com-certifi-gocertifi
a9546f8b
LF		 978 (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec")
979 (revision "1"))
ea22aa1f
LF		 980 (package
981 (name "go-github-com-certifi-gocertifi")
982 (version (git-version "2018.01.18" revision commit))
983 (source (origin
984 (method git-fetch)
985 (uri (git-reference
986 (url "https://github.com/certifi/gocertifi")
987 (commit commit)))
988 (file-name (git-file-name name version))
989 (sha256
990 (base32
a9546f8b 991 "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj"))))
ea22aa1f
LF		 992 (build-system go-build-system)
993 (arguments
994 '(#:import-path "github.com/certifi/gocertifi"))
995 (synopsis "X.509 TLS root certificate bundle for Go")
996 (description "This package is a Go language X.509 TLS root certificate bundle,
997derived from Mozilla's collection.")
998 (home-page "https://certifi.io")
999 (license license:mpl2.0))))
jackhill's copy of GNU Guix: https://guix.gnu.org/