HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: OpenSSL: Remove duplicate #:disallowed-references.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
aa2441c2 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019 Ludovic Courtès <ludo@gnu.org>
05f6e601 3;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ea22aa1f 7;;; Copyright © 2015, 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
2850d877 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
47956fa0 9;;; Copyright © 2016, 2017, 2018 ng0 <ng0@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e74f153a 12;;; Copyright © 2017, 2018, 2019 Marius Bakke <mbakke@fastmail.com>
a92c6b1a 13;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
bdcdd550 16;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
7543f865 17;;;
233e7676 18;;; This file is part of GNU Guix.
7543f865 19;;;
233e7676 20;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 21;;; under the terms of the GNU General Public License as published by
22;;; the Free Software Foundation; either version 3 of the License, or (at
23;;; your option) any later version.
24;;;
233e7676 25;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 26;;; WITHOUT ANY WARRANTY; without even the implied warranty of
27;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28;;; GNU General Public License for more details.
29;;;
30;;; You should have received a copy of the GNU General Public License
233e7676 31;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 32
a7fd7b68 33(define-module (gnu packages tls)
e9aa8d0c 34 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 35 #:use-module (guix packages)
36 #:use-module (guix download)
ea22aa1f 37 #:use-module (guix git-download)
29a7c98a 38 #:use-module (guix utils)
7543f865 39 #:use-module (guix build-system gnu)
ea22aa1f 40 #:use-module (guix build-system go)
cc2b77df 41 #:use-module (guix build-system perl)
7890e3ba 42 #:use-module (guix build-system python)
88522738 43 #:use-module (guix build-system cmake)
e8b3a158 44 #:use-module (guix build-system trivial)
f61e0e79 45 #:use-module (gnu packages compression)
013ce67b 46 #:use-module (gnu packages)
e8b3a158 47 #:use-module (gnu packages bash)
ac257f12 48 #:use-module (gnu packages check)
e8b3a158 49 #:use-module (gnu packages curl)
5b9aa107 50 #:use-module (gnu packages dns)
e8b3a158 51 #:use-module (gnu packages gawk)
1ffa7090 52 #:use-module (gnu packages guile)
0581c273 53 #:use-module (gnu packages libbsd)
27e86bed 54 #:use-module (gnu packages libffi)
866f469e 55 #:use-module (gnu packages libidn)
5d4c90ae 56 #:use-module (gnu packages linux)
7890e3ba 57 #:use-module (gnu packages ncurses)
27e86bed 58 #:use-module (gnu packages nettle)
1ffa7090 59 #:use-module (gnu packages perl)
27e86bed 60 #:use-module (gnu packages pkg-config)
7890e3ba 61 #:use-module (gnu packages python)
cc6f4912 62 #:use-module (gnu packages python-crypto)
1b2f753d 63 #:use-module (gnu packages python-web)
44d10b1f 64 #:use-module (gnu packages python-xyz)
9d0c291e 65 #:use-module (gnu packages sphinx)
a31f4d35 66 #:use-module (gnu packages texinfo)
33dc54b0 67 #:use-module (gnu packages time)
079f013b
LC		 68 #:use-module (gnu packages base)
69 #:use-module (srfi srfi-1))
7543f865
LC		 70
71(define-public libtasn1
72 (package
73 (name "libtasn1")
3efc744f 74 (version "4.15.0")
7543f865
LC		 75 (source
76 (origin
77 (method url-fetch)
78 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
79 version ".tar.gz"))
80 (sha256
81 (base32
3efc744f 82 "17kkh89zfnwszw657fj13y2gamzay33lsrfazgm4sc7mx2gm0xyx"))))
7543f865 83 (build-system gnu-build-system)
d9f84612
MB		 84 (arguments
85 `(#:configure-flags '("--disable-static")))
3ea110b7 86 (native-inputs `(("perl" ,perl)))
6fd52309 87 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 88 (synopsis "ASN.1 library")
7543f865 89 (description
79c311b8
LC		 90 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
91for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 92networking, allowing for formal validation of data according to some
93specifications.")
e9aa8d0c 94 (license license:lgpl2.0+)))
7543f865 95
375cef6c
HG		 96(define-public asn1c
97 (package
98 (name "asn1c")
ff7da7e0 99 (version "0.9.28")
375cef6c
HG		 100 (source (origin
101 (method url-fetch)
102 (uri (string-append "https://lionet.info/soft/asn1c-"
103 version ".tar.gz"))
104 (sha256
105 (base32
ff7da7e0 106 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 107 (build-system gnu-build-system)
108 (native-inputs
109 `(("perl" ,perl)))
110 (home-page "https://lionet.info/asn1c")
111 (synopsis "ASN.1 to C compiler")
112 (description "The ASN.1 to C compiler takes ASN.1 module
113files and generates C++ compatible C source code. That code can be
114used to serialize the native C structures into compact and unambiguous
115BER/XER/PER-based data files, and deserialize the files back.
116
117Various ASN.1 based formats are widely used in the industry, such as to encode
118the X.509 certificates employed in the HTTPS handshake, to exchange control
119data between mobile phones and cellular networks, to car-to-car communication
120in intelligent transportation networks.")
121 (license license:bsd-2)))
122
27e86bed
AE		 123(define-public p11-kit
124 (package
125 (name "p11-kit")
93832080 126 (version "0.23.18.1")
27e86bed
AE		 127 (source
128 (origin
129 (method url-fetch)
e6ad9bda
MB		 130 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
131 "download/" version "/p11-kit-" version ".tar.gz"))
27e86bed
AE		 132 (sha256
133 (base32
93832080 134 "0vrwab1082f7l5sbzpb28nrs3q4d2q7wzbi8c977rpah026bvhrl"))))
27e86bed
AE		 135 (build-system gnu-build-system)
136 (native-inputs
137 `(("pkg-config" ,pkg-config)))
138 (inputs
139 `(("libffi" ,libffi)
140 ("libtasn1" ,libtasn1)))
141 (arguments
d5c472a2
MB		 142 `(#:configure-flags '("--without-trust-paths")
143 #:phases (modify-phases %standard-phases
144 (add-before 'check 'prepare-tests
145 (lambda _
146 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
147 ;; and looks for .cache and other directories (only).
148 ;; For simplicity just drop it since it is irrelevant
149 ;; in the build container.
150 (substitute* "Makefile"
151 (("test-runtime\\$\\(EXEEXT\\)") ""))
152 #t)))))
4631e6c9 153 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 154 (synopsis "PKCS#11 library")
155 (description
156 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
157provides a standard configuration setup for installing PKCS#11 modules
158in such a way that they are discoverable. It also solves problems with
159coordinating the use of PKCS#11 by different components or libraries
160living in the same process.")
e9aa8d0c 161 (license license:bsd-3)))
27e86bed 162
7543f865
LC		 163(define-public gnutls
164 (package
165 (name "gnutls")
355ab32e 166 (version "3.6.11.1")
d7d408d5
LC		 167 (source (origin
168 (method url-fetch)
169 (uri
170 ;; Note: Releases are no longer on ftp.gnu.org since the
171 ;; schism (after version 3.1.5).
d93627e4 172 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 173 (version-major+minor version)
d93627e4 174 "/gnutls-" version ".tar.xz"))
06f5bc4e 175 (patches (search-patches "gnutls-skip-trust-store-test.patch"))
d7d408d5
LC		 176 (sha256
177 (base32
355ab32e 178 "1y1wadpsrj5ai603xv5bgssl9v0pb1si2hg14zqdnmcsvgri5fpv"))))
7543f865 179 (build-system gnu-build-system)
b94ae0b8 180 (arguments
76b21274
LF		 181 `(; Ensure we don't keep a reference to this buggy software.
182 #:disallowed-references (,net-tools)
183 #:configure-flags
a0700787 184 (list
aa7c7f21
MW		 185 ;; GnuTLS doesn't consult any environment variables to specify
186 ;; the location of the system-wide trust store. Instead it has a
187 ;; configure-time option. Unless specified, its configure script
188 ;; attempts to auto-detect the location by looking for common
8f65585b 189 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 190 ;; chroot build environment. If not found, then no default trust
191 ;; store is used, so each program has to provide its own
192 ;; fallback, and users have to configure each program
193 ;; independently. This seems suboptimal.
866f469e
MW		 194 "--with-default-trust-store-dir=/etc/ssl/certs"
195
7892edc2
MB		 196 ;; Tell the build system that we want Guile bindings installed to
197 ;; the output instead of Guiles own module directory.
198 (string-append "--with-guile-site-dir="
199 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
200 (string-append "--with-guile-site-ccache-dir="
201 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
202 (string-append "--with-guile-extension-dir="
203 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
204
866f469e
MW		 205 ;; FIXME: Temporarily disable p11-kit support since it is not
206 ;; working on mips64el.
606c6380
LC		 207 "--without-p11-kit")
208
209 #:phases (modify-phases %standard-phases
210 (add-after
211 'install 'move-doc
212 (lambda* (#:key outputs #:allow-other-keys)
213 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
214 (let* ((out (assoc-ref outputs "out"))
215 (doc (assoc-ref outputs "doc"))
9cdce047 216 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 217 (oldman (string-append out "/share/man/man3")))
218 (mkdir-p mandir)
219 (copy-recursively oldman mandir)
220 (delete-file-recursively oldman)
221 #t))))))
222 (outputs '("out" ;4.4 MiB
223 "debug"
224 "doc")) ;4.1 MiB of man pages
a1db0975 225 (native-inputs
c06d8ba5 226 `(("net-tools" ,net-tools)
5d4c90ae 227 ("pkg-config" ,pkg-config)
d2fcfd3d 228 ("which" ,which)))
7543f865 229 (inputs
a0700787 230 `(("guile" ,guile-2.2)))
7543f865 231 (propagated-inputs
d2fcfd3d 232 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 233 `(("libtasn1" ,libtasn1)
55e61c4d 234 ("libidn2" ,libidn2)
866f469e 235 ("nettle" ,nettle)
f61e0e79 236 ("zlib" ,zlib)))
c19700c3 237 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 238 (synopsis "Transport layer security library")
7543f865 239 (description
a22dc0c4 240 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 241and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 242protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
243required structures.")
63e8bb12
LC		 244 (license license:lgpl2.1+)
245 (properties '((ftp-server . "ftp.gnutls.org")
246 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 247
a0700787
LC		 248(define-public gnutls/guile-2.0
249 ;; GnuTLS for Guile 2.0.
079f013b 250 (package
58ea4d40 251 (inherit gnutls)
a0700787
LC		 252 (name "guile2.0-gnutls")
253 (inputs `(("guile" ,guile-2.0)
58ea4d40 254 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 255
5b9aa107 256(define-public gnutls/dane
257 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
258 ;; Authentication of Named Entities. This is required for GNS functionality
259 ;; by GNUnet and gnURL. This is done in an extra package definition
260 ;; to have the choice between GnuTLS with Dane and without Dane.
261 (package
262 (inherit gnutls)
263 (name "gnutls-dane")
264 (inputs `(("unbound" ,unbound)
265 ,@(package-inputs gnutls)))))
266
d630d781
LC		 267(define gnutls-3.6.10
268 ;; This is for 'guile3.0-gnutls', below. Version 3.6.10 is the first to
269 ;; introduce Guile 2.9/3.0 support.
270 (package
271 (inherit gnutls)
272 (version "3.6.10")
273 (source (origin
274 (inherit (package-source gnutls))
275 (uri (string-append "mirror://gnupg/gnutls/v"
276 (version-major+minor version)
277 "/gnutls-" version ".tar.xz"))
278 (sha256
279 (base32
280 "14r2h73yfj66cm14k9mnb3kgzq5a7qjg5b31m53bf19vcxkwmwxi"))))))
281
282(define-public guile3.0-gnutls
283 (package
284 (inherit gnutls-3.6.10)
285 (name "guile3.0-gnutls")
286 (arguments
287 (substitute-keyword-arguments (package-arguments gnutls-3.6.10)
288 ((#:phases phases '%standard-phases)
289 `(modify-phases ,phases
290 (add-before 'build 'leave-guile-stdout-open
291 (lambda _
292 ;; Work around <https://bugs.gnu.org/38348>.
293 (substitute* "guile/Makefile"
294 (("out=-") "out=/dev/null"))
295 #t))))))
296 (inputs `(("guile" ,guile-next)
297 ,@(alist-delete "guile"
298 (package-inputs gnutls-3.6.10))))))
299
cc2b77df
AE		 300(define-public openssl
301 (package
302 (name "openssl")
e554eba0 303 (version "1.1.1d")
cc2b77df 304 (source (origin
4cff124b 305 (method url-fetch)
bdf0b6fc
MB		 306 (uri (list (string-append "https://www.openssl.org/source/openssl-"
307 version ".tar.gz")
308 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 309 "openssl-" version ".tar.gz")
4cff124b
LC		 310 (string-append "ftp://ftp.openssl.org/source/old/"
311 (string-trim-right version char-set:letter)
c7f5c3ea 312 "/openssl-" version ".tar.gz")))
4cff124b
LC		 313 (sha256
314 (base32
e554eba0 315 "1whinyw402z3b9xlb3qaxv4b9sk4w1bgh9k0y8df1z4x3yy92fhy"))
e74f153a 316 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
cc2b77df 317 (build-system gnu-build-system)
8c78aeb7 318 (outputs '("out"
e74f153a
MB		 319 "doc" ;6.8 MiB of man3 pages and full HTML documentation
320 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 321 (native-inputs `(("perl" ,perl)))
322 (arguments
391ee9c3 323 `(#:parallel-build? #f
cc2b77df
AE		 324 #:parallel-tests? #f
325 #:test-target "test"
8c9ec203
LF		 326
327 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
328 ;; so we explicitly disallow it here.
329 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 330 #:phases
b6cb1358 331 (modify-phases %standard-phases
bdcdd550
MO		 332 ,@(if (%current-target-system)
333 '((add-before
334 'configure 'set-cross-compile
335 (lambda* (#:key target outputs #:allow-other-keys)
336 (setenv "CROSS_COMPILE" (string-append target "-"))
337 (setenv "CONFIGURE_TARGET_ARCH"
338 (cond
339 ((string-prefix? "i686" target)
340 "linux-x86")
341 ((string-prefix? "x86_64" target)
342 "linux-x86_64")
343 ((string-prefix? "arm" target)
344 "linux-armv4")
345 ((string-prefix? "aarch64" target)
346 "linux-aarch64")))
347 #t)))
348 '())
e74f153a
MB		 349 (replace 'configure
350 (lambda* (#:key outputs #:allow-other-keys)
351 (let* ((out (assoc-ref outputs "out"))
352 (lib (string-append out "/lib")))
353 ;; It's not a shebang so patch-source-shebangs misses it.
354 (substitute* "config"
355 (("/usr/bin/env")
356 (string-append (assoc-ref %build-inputs "coreutils")
357 "/bin/env")))
bdcdd550
MO		 358 (invoke ,@(if (%current-target-system)
359 '("./Configure")
360 '("./config"))
e74f153a
MB		 361 "shared" ;build shared libraries
362 "--libdir=lib"
4fb254a3 363
e74f153a
MB		 364 ;; The default for this catch-all directory is
365 ;; PREFIX/ssl. Change that to something more
366 ;; conventional.
367 (string-append "--openssldir=" out
368 "/share/openssl-" ,version)
4fb254a3 369
e74f153a 370 (string-append "--prefix=" out)
bdcdd550
MO		 371 (string-append "-Wl,-rpath," lib)
372 ,@(if (%current-target-system)
373 '((getenv "CONFIGURE_TARGET_ARCH"))
374 '())))))
8c78aeb7
LC		 375 (add-after 'install 'move-static-libraries
376 (lambda* (#:key outputs #:allow-other-keys)
377 ;; Move static libraries to the "static" output.
378 (let* ((out (assoc-ref outputs "out"))
379 (lib (string-append out "/lib"))
380 (static (assoc-ref outputs "static"))
381 (slib (string-append static "/lib")))
8c78aeb7
LC		 382 (for-each (lambda (file)
383 (install-file file slib)
384 (delete-file file))
385 (find-files lib "\\.a$"))
386 #t)))
e74f153a 387 (add-after 'install 'move-extra-documentation
a909b576 388 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 389 ;; Move man3 pages and full HTML documentation to "doc".
390 (let* ((out (assoc-ref outputs "out"))
391 (man3 (string-append out "/share/man/man3"))
392 (html (string-append out "/share/doc/openssl"))
393 (doc (assoc-ref outputs "doc"))
394 (man-target (string-append doc "/share/man/man3"))
395 (html-target (string-append doc "/share/doc/openssl")))
396 (copy-recursively man3 man-target)
397 (delete-file-recursively man3)
398 (copy-recursively html html-target)
399 (delete-file-recursively html)
400 #t)))
784d6e91
LC		 401 (add-after
402 'install 'remove-miscellany
403 (lambda* (#:key outputs #:allow-other-keys)
404 ;; The 'misc' directory contains random undocumented shell and Perl
405 ;; scripts. Remove them to avoid retaining a reference on Perl.
406 (let ((out (assoc-ref outputs "out")))
407 (delete-file-recursively (string-append out "/share/openssl-"
408 ,version "/misc"))
409 #t))))))
cc2b77df 410 (native-search-paths
cc2b77df
AE		 411 (list (search-path-specification
412 (variable "SSL_CERT_DIR")
5d7a47cc 413 (separator #f) ;single entry
cc2b77df
AE		 414 (files '("etc/ssl/certs")))
415 (search-path-specification
416 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 417 (file-type 'regular)
418 (separator #f) ;single entry
cc2b77df
AE		 419 (files '("etc/ssl/certs/ca-certificates.crt")))))
420 (synopsis "SSL/TLS implementation")
421 (description
e881752c 422 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 423 (license license:openssl)
4631e6c9 424 (home-page "https://www.openssl.org/")))
cc2b77df 425
e74f153a 426(define-public openssl-1.0
763899f0
LF		 427 (package
428 (inherit openssl)
429 (name "openssl")
8fc24f30 430 (version "1.0.2t")
763899f0 431 (source (origin
e74f153a
MB		 432 (method url-fetch)
433 (uri (list (string-append "https://www.openssl.org/source/openssl-"
434 version ".tar.gz")
435 (string-append "ftp://ftp.openssl.org/source/"
436 "openssl-" version ".tar.gz")
437 (string-append "ftp://ftp.openssl.org/source/old/"
438 (string-trim-right version char-set:letter)
439 "/openssl-" version ".tar.gz")))
763899f0
LF		 440 (sha256
441 (base32
8fc24f30 442 "1g67ra0ph7gpz6fgvv1i96d792jmd6ymci5kk53vbikszr74djql"))
e74f153a
MB		 443 (patches (search-patches "openssl-runpath.patch"
444 "openssl-c-rehash-in.patch"))))
763899f0 445 (outputs '("out"
e74f153a
MB		 446 "doc" ;1.5MiB of man3 pages
447 "static")) ;6MiB of .a files
763899f0
LF		 448 (arguments
449 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 450 ;; Parallel build is not supported in 1.0.x.
451 ((#:parallel-build? _ #f) #f)
763899f0
LF		 452 ((#:phases phases)
453 `(modify-phases ,phases
e74f153a
MB		 454 (add-before 'patch-source-shebangs 'patch-tests
455 (lambda* (#:key inputs native-inputs #:allow-other-keys)
456 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
457 (substitute* (find-files "test" ".*")
458 (("/bin/sh")
459 (string-append bash "/bin/sh"))
460 (("/bin/rm")
461 "rm"))
462 #t)))
463 (add-before 'configure 'patch-Makefile.org
763899f0 464 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 465 ;; The default MANDIR is some unusual place. Fix that.
466 (let ((out (assoc-ref outputs "out")))
467 (patch-makefile-SHELL "Makefile.org")
468 (substitute* "Makefile.org"
469 (("^MANDIR[[:blank:]]*=.*$")
470 (string-append "MANDIR = " out "/share/man\n")))
471 #t)))
bdcdd550
MO		 472 (replace 'configure
473 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
474 (lambda* (#:key outputs #:allow-other-keys)
475 (let ((out (assoc-ref outputs "out")))
476 (invoke ,@(if (%current-target-system)
477 '("./Configure")
478 '("./config"))
479 "shared" ;build shared libraries
480 "--libdir=lib"
fc184fe2 481
bdcdd550
MO		 482 ;; The default for this catch-all directory is
483 ;; PREFIX/ssl. Change that to something more
484 ;; conventional.
485 (string-append "--openssldir=" out
486 "/share/openssl-" ,version)
fc184fe2 487
bdcdd550
MO		 488 (string-append "--prefix=" out)
489 ,@(if (%current-target-system)
490 '((getenv "CONFIGURE_TARGET_ARCH"))
491 '())))))
e74f153a
MB		 492 (delete 'move-extra-documentation)
493 (add-after 'install 'move-man3-pages
494 (lambda* (#:key outputs #:allow-other-keys)
495 ;; Move section 3 man pages to "doc".
496 (let* ((out (assoc-ref outputs "out"))
497 (man3 (string-append out "/share/man/man3"))
498 (doc (assoc-ref outputs "doc"))
499 (target (string-append doc "/share/man/man3")))
500 (mkdir-p target)
501 (for-each (lambda (file)
502 (rename-file file
503 (string-append target "/"
504 (basename file))))
505 (find-files man3))
506 (delete-file-recursively man3)
507 #t)))
fc184fe2
MB		 508 ;; XXX: Duplicate this phase to make sure 'version' evaluates
509 ;; in the current scope and not the inherited one.
510 (replace 'remove-miscellany
511 (lambda* (#:key outputs #:allow-other-keys)
512 ;; The 'misc' directory contains random undocumented shell and Perl
513 ;; scripts. Remove them to avoid retaining a reference on Perl.
514 (let ((out (assoc-ref outputs "out")))
515 (delete-file-recursively (string-append out "/share/openssl-"
516 ,version "/misc"))
763899f0
LF		 517 #t)))))))))
518
cb6a802c
AE		 519(define-public libressl
520 (package
521 (name "libressl")
0effadca 522 (version "2.7.4")
644e5f17
TGR		 523 (source (origin
524 (method url-fetch)
525 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 526 "libressl-" version ".tar.gz"))
644e5f17
TGR		 527 (sha256
528 (base32
0effadca 529 "19kxa5i97q7p6rrps9qm0nd8zqhdjvzx02j72400c73cl2nryfhy"))))
cb6a802c 530 (build-system gnu-build-system)
a2d64899
LC		 531 (arguments
532 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
533 ;; and libc would return ENOSYS, which is not properly handled.
534 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 535 '(#:configure-flags '("ac_cv_func_getentropy=no"
536 ;; Provide a TLS-enabled netcat.
537 "--enable-nc")))
cb6a802c 538 (native-search-paths
cb6a802c
AE		 539 (list (search-path-specification
540 (variable "SSL_CERT_DIR")
04cfe91e 541 (separator #f) ;single entry
cb6a802c
AE		 542 (files '("etc/ssl/certs")))
543 (search-path-specification
544 (variable "SSL_CERT_FILE")
04cfe91e 545 (separator #f) ;single entry
cb6a802c 546 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 547 (home-page "https://www.libressl.org/")
cb6a802c 548 (synopsis "SSL/TLS implementation")
df08f385
LF		 549 (description "LibreSSL is a version of the TLS/crypto stack, forked from
550OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
551and applying best practice development processes. This package also includes a
552netcat implementation that supports TLS.")
cb6a802c
AE		 553 ;; Files taken from OpenSSL keep their license, others are under various
554 ;; non-copyleft licenses.
555 (license (list license:openssl
556 (license:non-copyleft
557 "file://COPYING"
558 "See COPYING in the distribution.")))))
559
6cefd53d 560(define-public python-acme
7890e3ba 561 (package
6cefd53d 562 (name "python-acme")
686d4259 563 ;; Remember to update the hash of certbot when updating python-acme.
9e6794a7 564 (version "1.0.0")
7890e3ba 565 (source (origin
9495cf9a 566 (method url-fetch)
f349d36e 567 (uri (pypi-uri "acme" version))
881006b6
MB		 568 (sha256
569 (base32
9e6794a7 570 "1hl62dnh8zsipa5azzpy5kwgjgb5vflinhna1fsn7rcchhpz223a"))))
7890e3ba
LF		 571 (build-system python-build-system)
572 (arguments
6cefd53d 573 `(#:phases
9bee9d87 574 (modify-phases %standard-phases
1fc8476d
MB		 575 (add-after 'build 'build-documentation
576 (lambda _
d4bd2453 577 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 578 (add-after 'install 'install-documentation
50a7963a
LF		 579 (lambda* (#:key outputs #:allow-other-keys)
580 (let* ((out (assoc-ref outputs "out"))
581 (man (string-append out "/share/man/man1"))
582 (info (string-append out "/info")))
1fc8476d
MB		 583 (install-file "docs/_build/texinfo/acme-python.info" info)
584 (install-file "docs/_build/man/acme-python.1" man)
585 #t))))))
50a7963a 586 ;; TODO: Add optional inputs for testing.
7890e3ba 587 (native-inputs
4ae65558 588 `(("python-mock" ,python-mock)
b494bbe4 589 ("python-pytest" ,python-pytest)
50a7963a
LF		 590 ;; For documentation
591 ("python-sphinx" ,python-sphinx)
592 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
593 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 594 ("texinfo" ,texinfo)))
7890e3ba 595 (propagated-inputs
92572184
LF		 596 `(("python-josepy" ,python-josepy)
597 ("python-six" ,python-six)
6cefd53d 598 ("python-requests" ,python-requests)
b494bbe4 599 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 600 ("python-pytz" ,python-pytz)
601 ("python-pyrfc3339" ,python-pyrfc3339)
602 ("python-pyasn1" ,python-pyasn1)
603 ("python-cryptography" ,python-cryptography)
604 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 605 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 606 (synopsis "ACME protocol implementation in Python")
607 (description "ACME protocol implementation in Python")
608 (license license:asl2.0)))
609
9495cf9a 610(define-public certbot
9fd0838b 611 (package
9495cf9a 612 (name "certbot")
686d4259
LF		 613 ;; Certbot and python-acme are developed in the same repository, and their
614 ;; versions should remain synchronized.
615 (version (package-version python-acme))
9fd0838b
DT		 616 (source (origin
617 (method url-fetch)
b380463b 618 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 619 (sha256
620 (base32
c08dc8d5 621 "0aih7sir5byy8ah9lrgzwcaga7hjw98qj8bb1pxzzzqrvcqjvf46"))))
9fd0838b
DT		 622 (build-system python-build-system)
623 (arguments
fed1898d 624 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 625 ((#:phases phases)
626 `(modify-phases ,phases
1fc8476d 627 (replace 'install-documentation
f26d6e4e
LF		 628 (lambda* (#:key outputs #:allow-other-keys)
629 (let* ((out (assoc-ref outputs "out"))
630 (man1 (string-append out "/share/man/man1"))
631 (man7 (string-append out "/share/man/man7"))
632 (info (string-append out "/info")))
1fc8476d
MB		 633 (install-file "docs/_build/texinfo/Certbot.info" info)
634 (install-file "docs/_build/man/certbot.1" man1)
635 (install-file "docs/_build/man/certbot.7" man7)
636 #t))))))))
f9263d9a 637 ;; TODO: Add optional inputs for testing.
9fd0838b 638 (native-inputs
d05c14df
TGR		 639 `(("python-mock" ,python-mock)
640 ("python-pytest" ,python-pytest)
f9263d9a 641 ;; For documentation
fed1898d
LF		 642 ("python-sphinx" ,python-sphinx)
643 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
644 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
645 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 646 ("texinfo" ,texinfo)))
9fd0838b 647 (propagated-inputs
fed1898d 648 `(("python-acme" ,python-acme)
d05c14df 649 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 650 ("python-zope-interface" ,python-zope-interface)
651 ("python-pyrfc3339" ,python-pyrfc3339)
652 ("python-pyopenssl" ,python-pyopenssl)
653 ("python-configobj" ,python-configobj)
654 ("python-configargparse" ,python-configargparse)
b977d900 655 ("python-distro" ,python-distro)
fed1898d
LF		 656 ("python-zope-component" ,python-zope-component)
657 ("python-parsedatetime" ,python-parsedatetime)
658 ("python-six" ,python-six)
659 ("python-psutil" ,python-psutil)
660 ("python-requests" ,python-requests)
661 ("python-pytz" ,python-pytz)))
d8a1be63 662 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 663 (description "Certbot automatically receives and installs X.509 certificates
664to enable Transport Layer Security (TLS) on servers. It interoperates with the
665Let’s Encrypt certificate authority (CA), which issues browser-trusted
666certificates for free.")
24778368 667 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 668 (license license:asl2.0)))
669
9495cf9a
LF		 670(define-public letsencrypt
671 (package (inherit certbot)
56ab55d1
LF		 672 (name "letsencrypt")
673 (properties `((superseded . ,certbot)))))
9495cf9a 674
cc2b77df
AE		 675(define-public perl-net-ssleay
676 (package
677 (name "perl-net-ssleay")
966e4bea 678 (version "1.88")
cc2b77df
AE		 679 (source (origin
680 (method url-fetch)
c50f15d6 681 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 682 "Net-SSLeay-" version ".tar.gz"))
683 (sha256
684 (base32
966e4bea 685 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 686 (build-system perl-build-system)
687 (inputs `(("openssl" ,openssl)))
688 (arguments
1084ec08
MW		 689 `(#:phases
690 (modify-phases %standard-phases
1084ec08
MW		 691 (add-before
692 'configure 'set-ssl-prefix
693 (lambda* (#:key inputs #:allow-other-keys)
694 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
695 #t)))))
cc2b77df
AE		 696 (synopsis "Perl extension for using OpenSSL")
697 (description
698 "This module offers some high level convenience functions for accessing
699web pages on SSL servers (for symmetry, the same API is offered for accessing
700http servers, too), an sslcat() function for writing your own clients, and
701finally access to the SSL api of the SSLeay/OpenSSL package so you can write
702servers or clients for more complicated applications.")
2f3108ad 703 (license license:perl-license)
9aba9b12 704 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 705
706(define-public perl-crypt-openssl-rsa
707 (package
708 (name "perl-crypt-openssl-rsa")
a9994b27 709 (version "0.31")
4532c0c0
DM		 710 (source
711 (origin
712 (method url-fetch)
713 (uri (string-append
683b8d47 714 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 715 version
716 ".tar.gz"))
717 (sha256
718 (base32
a9994b27 719 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 720 (build-system perl-build-system)
683b8d47
TGR		 721 (native-inputs
722 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 723 (inputs
724 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
725 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
726 ("openssl" ,openssl)))
727 (arguments perl-crypt-arguments)
728 (home-page
9aba9b12 729 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 730 (synopsis
731 "RSA encoding and decoding, using the openSSL libraries")
732 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
733OpenSSL libraries).")
2f3108ad 734 (license license:perl-license)))
adff71ca
DM		 735
736(define perl-crypt-arguments
737 `(#:phases (modify-phases %standard-phases
738 (add-before 'configure 'patch-Makefile.PL
739 (lambda* (#:key inputs #:allow-other-keys)
740 (substitute* "Makefile.PL"
741 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
742 (assoc-ref inputs "openssl")
743 "/lib -lcrypto'],")))
744 #t)))))
745
746(define-public perl-crypt-openssl-bignum
747 (package
748 (name "perl-crypt-openssl-bignum")
7e8aac18 749 (version "0.09")
adff71ca
DM		 750 (source
751 (origin
752 (method url-fetch)
753 (uri (string-append
754 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
755 version
756 ".tar.gz"))
757 (sha256
758 (base32
7e8aac18 759 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 760 (build-system perl-build-system)
761 (inputs `(("openssl" ,openssl)))
762 (arguments perl-crypt-arguments)
763 (home-page
9aba9b12 764 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 765 (synopsis
766 "OpenSSL's multiprecision integer arithmetic in Perl")
767 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
768arithmetic in Perl.")
769 ;; At your option either gpl1+ or the Artistic License
2f3108ad 770 (license license:perl-license)))
cccb4d26 771
c80590f6
TGR		 772(define-public perl-crypt-openssl-guess
773 (package
774 (name "perl-crypt-openssl-guess")
775 (version "0.11")
776 (source
777 (origin
778 (method url-fetch)
779 (uri (string-append
780 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
781 version ".tar.gz"))
782 (sha256
783 (base32
784 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
785 (build-system perl-build-system)
9aba9b12 786 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 787 (synopsis "Guess the OpenSSL include path")
788 (description
789 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
790correct OpenSSL include path. It is intended for use in your
791@file{Makefile.PL}.")
792 (license license:perl-license)))
793
cccb4d26
DM		 794(define-public perl-crypt-openssl-random
795 (package
796 (name "perl-crypt-openssl-random")
fa2d19cc 797 (version "0.15")
cccb4d26
DM		 798 (source
799 (origin
800 (method url-fetch)
801 (uri (string-append
802 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
803 version
804 ".tar.gz"))
805 (sha256
fa2d19cc 806 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 807 (build-system perl-build-system)
b30c23c4
TGR		 808 (native-inputs
809 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
810 (inputs
811 `(("openssl" ,openssl)))
cccb4d26
DM		 812 (arguments perl-crypt-arguments)
813 (home-page
9aba9b12 814 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 815 (synopsis
816 "OpenSSL/LibreSSL pseudo-random number generator access")
817 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
818number generator")
2f3108ad 819 (license license:perl-license)))
0581c273
LF		 820
821(define-public acme-client
822 (package
823 (name "acme-client")
4a6b2a21 824 (version "0.1.16")
0581c273
LF		 825 (source (origin
826 (method url-fetch)
827 (uri (string-append "https://kristaps.bsd.lv/" name "/"
828 "snapshots/" name "-portable-"
829 version ".tgz"))
830 (sha256
831 (base32
4a6b2a21 832 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 833 (build-system gnu-build-system)
834 (arguments
835 '(#:tests? #f ; no test suite
836 #:make-flags
837 (list "CC=gcc"
838 (string-append "PREFIX=" (assoc-ref %outputs "out")))
839 #:phases
840 (modify-phases %standard-phases
7c1a7bf4
LF		 841 (add-after 'unpack 'patch-paths
842 (lambda* (#:key inputs #:allow-other-keys)
843 (let ((pem (string-append (assoc-ref inputs "libressl")
844 "/etc/ssl/cert.pem")))
845 (substitute* "http.c"
846 (("/etc/ssl/cert.pem") pem))
847 #t)))
0581c273 848 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 849 (native-inputs
850 `(("pkg-config" ,pkg-config)))
0581c273
LF		 851 (inputs
852 `(("libbsd" ,libbsd)
853 ("libressl" ,libressl)))
854 (synopsis "Let's Encrypt client by the OpenBSD project")
855 (description "acme-client is a Let's Encrypt client implemented in C. It
856uses a modular design, and attempts to secure itself by dropping privileges and
857operating in a chroot where possible. acme-client is developed on OpenBSD and
858then ported to the GNU / Linux environment.")
859 (home-page "https://kristaps.bsd.lv/acme-client/")
860 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
861 ;; and 'jsmn.c' are distributed under the Expat license.
862 (license (list license:isc license:expat))))
88522738 863
864;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
865;; variant exists in addition to the "-apache" one.
866(define-public mbedtls-apache
867 (package
868 (name "mbedtls-apache")
add80637 869 (version "2.16.3")
88522738 870 (source
871 (origin
872 (method url-fetch)
873 ;; XXX: The download links on the website are script redirection links
874 ;; which effectively lead to the format listed in the uri here.
875 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
876 version "-apache.tgz"))
877 (sha256
878 (base32
add80637 879 "0qd65lnr63vmx2gxla6lcmm5gawlnaj4wy4h4vmdc3h9h9nyw6zc"))))
88522738 880 (build-system cmake-build-system)
a64d9d56
RW		 881 (arguments
882 `(#:configure-flags
883 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON")))
88522738 884 (native-inputs
38a9bf80
TGR		 885 `(("perl" ,perl)
886 ("python" ,python)))
88522738 887 (synopsis "Small TLS library")
888 (description
889 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
890for developers to include cryptographic and SSL/TLS capabilities in their
891(embedded) products, facilitating this functionality with a minimal
892coding footprint.")
893 (home-page "https://tls.mbed.org")
894 (license license:asl2.0)))
587d1752 895
8e87aa04
TGR		 896;; The Hiawatha Web server requires some specific features to be enabled.
897(define-public mbedtls-for-hiawatha
898 (hidden-package
899 (package
900 (inherit mbedtls-apache)
901 (arguments
902 (substitute-keyword-arguments
903 `(#:phases
904 (modify-phases %standard-phases
905 (add-after 'configure 'configure-extra-features
906 (lambda _
907 (for-each (lambda (feature)
908 (invoke "scripts/config.pl" "set" feature))
909 (list "MBEDTLS_THREADING_C"
910 "MBEDTLS_THREADING_PTHREAD"))
911 #t)))
912 ,@(package-arguments mbedtls-apache)))))))
913
e8b3a158
CL		 914(define-public dehydrated
915 (package
916 (name "dehydrated")
2359e235 917 (version "0.6.5")
e8b3a158 918 (source (origin
2850d877 919 (method url-fetch)
e8b3a158 920 (uri (string-append
2850d877
EF		 921 "https://github.com/lukas2511/dehydrated/releases/download/"
922 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 923 (sha256
924 (base32
2359e235 925 "0dgskgbdd95p13jx6s13p77y15wngb5cm6p4305cf2s54w0bvahh"))))
e8b3a158
CL		 926 (build-system trivial-build-system)
927 (arguments
928 `(#:modules ((guix build utils))
929 #:builder
930 (begin
931 (use-modules (guix build utils))
932 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 933 (tar (assoc-ref %build-inputs "tar"))
934 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 935 (out (assoc-ref %outputs "out"))
936 (bin (string-append out "/bin"))
2850d877 937 (doc (string-append out "/share/doc/"))
e8b3a158 938 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 939
940 (setenv "PATH" (string-append gz "/bin"))
941 (invoke (string-append tar "/bin/tar") "xvf" source)
942 (chdir (string-append ,name "-" ,version))
943
944 (install-file "dehydrated" bin)
945 (install-file "LICENSE" (string-append doc ,name "-" ,version))
e8b3a158 946 (with-directory-excursion bin
e8b3a158
CL		 947 (patch-shebang "dehydrated" (list bash))
948
949 ;; Do not try to write in the store.
950 (substitute* "dehydrated"
951 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
952
953 (setenv "PATH" bash)
954 (wrap-program "dehydrated"
955 `("PATH" ":" prefix
956 ,(map (lambda (dir)
957 (string-append dir "/bin"))
958 (map (lambda (input)
959 (assoc-ref %build-inputs input))
960 '("coreutils"
961 "curl"
962 "diffutils"
963 "gawk"
964 "grep"
965 "openssl"
966 "sed"))))))
967 #t))))
968 (inputs
969 `(("bash" ,bash)
970 ("coreutils" ,coreutils)
971 ("curl" ,curl)
972 ("diffutils" ,diffutils)
973 ("gawk" ,gawk)
974 ("grep" ,grep)
975 ("openssl" ,openssl)
976 ("sed" ,sed)))
2850d877
EF		 977 (native-inputs
978 `(("gzip" ,gzip)
979 ("tar" ,tar)))
e8b3a158
CL		 980 (home-page "https://dehydrated.io/")
981 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
982 (description "Dehydrated is a client for signing certificates with an
983ACME-server (currently only provided by Let's Encrypt) implemented as a
984relatively simple Bash script.")
985 (license license:expat)))
ea22aa1f
LF		 986
987(define-public go-github-com-certifi-gocertifi
988 (let ((commit "d2eda712971317d7dd278bc2a52acda7e945f97e")
989 (revision "0"))
990 (package
991 (name "go-github-com-certifi-gocertifi")
992 (version (git-version "2018.01.18" revision commit))
993 (source (origin
994 (method git-fetch)
995 (uri (git-reference
996 (url "https://github.com/certifi/gocertifi")
997 (commit commit)))
998 (file-name (git-file-name name version))
999 (sha256
1000 (base32
1001 "0f3v26xps7gadw4qfmh1kxbpgp0cgqdd61a257xnnvnd7ll6k8dh"))))
1002 (build-system go-build-system)
1003 (arguments
1004 '(#:import-path "github.com/certifi/gocertifi"))
1005 (synopsis "X.509 TLS root certificate bundle for Go")
1006 (description "This package is a Go language X.509 TLS root certificate bundle,
1007derived from Mozilla's collection.")
1008 (home-page "https://certifi.io")
1009 (license license:mpl2.0))))
jackhill's copy of GNU Guix: https://guix.gnu.org/