Commit | Line | Data |
---|---|---|
233e7676 | 1 | ;;; GNU Guix --- Functional package management for GNU |
3c0f7910 | 2 | ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> |
05f6e601 | 3 | ;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org> |
29a7c98a | 4 | ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> |
cc2b77df | 5 | ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> |
9fd0838b | 6 | ;;; Copyright © 2015 David Thompson <davet@gnu.org> |
2a5b5bfd | 7 | ;;; Copyright © 2015, 2016, 2017, 2018 Leo Famulari <leo@famulari.name> |
2ed12d3f | 8 | ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> |
0741932b | 9 | ;;; Copyright © 2016, 2017, 2018 Nils Gillmann <ng0@n0.is> |
375cef6c | 10 | ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> |
ee33f9a7 | 11 | ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> |
d5c472a2 | 12 | ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com> |
a92c6b1a | 13 | ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr> |
fbf5ca3c | 14 | ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> |
e8b3a158 | 15 | ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> |
7543f865 | 16 | ;;; |
233e7676 | 17 | ;;; This file is part of GNU Guix. |
7543f865 | 18 | ;;; |
233e7676 | 19 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
7543f865 LC |
20 | ;;; under the terms of the GNU General Public License as published by |
21 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
22 | ;;; your option) any later version. | |
23 | ;;; | |
233e7676 | 24 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
7543f865 LC |
25 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
26 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
27 | ;;; GNU General Public License for more details. | |
28 | ;;; | |
29 | ;;; You should have received a copy of the GNU General Public License | |
233e7676 | 30 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
7543f865 | 31 | |
a7fd7b68 | 32 | (define-module (gnu packages tls) |
e9aa8d0c | 33 | #:use-module ((guix licenses) #:prefix license:) |
7543f865 LC |
34 | #:use-module (guix packages) |
35 | #:use-module (guix download) | |
29a7c98a | 36 | #:use-module (guix utils) |
7543f865 | 37 | #:use-module (guix build-system gnu) |
cc2b77df | 38 | #:use-module (guix build-system perl) |
7890e3ba | 39 | #:use-module (guix build-system python) |
88522738 | 40 | #:use-module (guix build-system cmake) |
587d1752 | 41 | #:use-module (guix build-system haskell) |
e8b3a158 | 42 | #:use-module (guix build-system trivial) |
f61e0e79 | 43 | #:use-module (gnu packages compression) |
013ce67b | 44 | #:use-module (gnu packages) |
e8b3a158 | 45 | #:use-module (gnu packages bash) |
ac257f12 | 46 | #:use-module (gnu packages check) |
e8b3a158 | 47 | #:use-module (gnu packages curl) |
5b9aa107 | 48 | #:use-module (gnu packages dns) |
e8b3a158 | 49 | #:use-module (gnu packages gawk) |
1ffa7090 | 50 | #:use-module (gnu packages guile) |
587d1752 RW |
51 | #:use-module (gnu packages haskell) |
52 | #:use-module (gnu packages haskell-check) | |
53 | #:use-module (gnu packages haskell-crypto) | |
0581c273 | 54 | #:use-module (gnu packages libbsd) |
27e86bed | 55 | #:use-module (gnu packages libffi) |
866f469e | 56 | #:use-module (gnu packages libidn) |
5d4c90ae | 57 | #:use-module (gnu packages linux) |
7890e3ba | 58 | #:use-module (gnu packages ncurses) |
27e86bed | 59 | #:use-module (gnu packages nettle) |
1ffa7090 | 60 | #:use-module (gnu packages perl) |
27e86bed | 61 | #:use-module (gnu packages pkg-config) |
7890e3ba | 62 | #:use-module (gnu packages python) |
cc6f4912 | 63 | #:use-module (gnu packages python-crypto) |
1b2f753d | 64 | #:use-module (gnu packages python-web) |
44d10b1f | 65 | #:use-module (gnu packages python-xyz) |
a31f4d35 | 66 | #:use-module (gnu packages texinfo) |
33dc54b0 | 67 | #:use-module (gnu packages time) |
079f013b LC |
68 | #:use-module (gnu packages base) |
69 | #:use-module (srfi srfi-1)) | |
7543f865 LC |
70 | |
71 | (define-public libtasn1 | |
72 | (package | |
73 | (name "libtasn1") | |
2a5b5bfd | 74 | (version "4.13") |
7543f865 LC |
75 | (source |
76 | (origin | |
77 | (method url-fetch) | |
78 | (uri (string-append "mirror://gnu/libtasn1/libtasn1-" | |
79 | version ".tar.gz")) | |
80 | (sha256 | |
81 | (base32 | |
2a5b5bfd | 82 | "1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky")))) |
7543f865 | 83 | (build-system gnu-build-system) |
d9f84612 MB |
84 | (arguments |
85 | `(#:configure-flags '("--disable-static"))) | |
3ea110b7 | 86 | (native-inputs `(("perl" ,perl))) |
6fd52309 | 87 | (home-page "https://www.gnu.org/software/libtasn1/") |
f50d2669 | 88 | (synopsis "ASN.1 library") |
7543f865 | 89 | (description |
79c311b8 LC |
90 | "GNU libtasn1 is a library implementing the ASN.1 notation. It is used |
91 | for transmitting machine-neutral encodings of data objects in computer | |
a22dc0c4 LC |
92 | networking, allowing for formal validation of data according to some |
93 | specifications.") | |
e9aa8d0c | 94 | (license license:lgpl2.0+))) |
7543f865 | 95 | |
375cef6c HG |
96 | (define-public asn1c |
97 | (package | |
98 | (name "asn1c") | |
ff7da7e0 | 99 | (version "0.9.28") |
375cef6c HG |
100 | (source (origin |
101 | (method url-fetch) | |
102 | (uri (string-append "https://lionet.info/soft/asn1c-" | |
103 | version ".tar.gz")) | |
104 | (sha256 | |
105 | (base32 | |
ff7da7e0 | 106 | "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0")))) |
375cef6c HG |
107 | (build-system gnu-build-system) |
108 | (native-inputs | |
109 | `(("perl" ,perl))) | |
110 | (home-page "https://lionet.info/asn1c") | |
111 | (synopsis "ASN.1 to C compiler") | |
112 | (description "The ASN.1 to C compiler takes ASN.1 module | |
113 | files and generates C++ compatible C source code. That code can be | |
114 | used to serialize the native C structures into compact and unambiguous | |
115 | BER/XER/PER-based data files, and deserialize the files back. | |
116 | ||
117 | Various ASN.1 based formats are widely used in the industry, such as to encode | |
118 | the X.509 certificates employed in the HTTPS handshake, to exchange control | |
119 | data between mobile phones and cellular networks, to car-to-car communication | |
120 | in intelligent transportation networks.") | |
121 | (license license:bsd-2))) | |
122 | ||
27e86bed AE |
123 | (define-public p11-kit |
124 | (package | |
125 | (name "p11-kit") | |
39855bfe | 126 | (version "0.23.15") |
27e86bed AE |
127 | (source |
128 | (origin | |
129 | (method url-fetch) | |
e6ad9bda MB |
130 | (uri (string-append "https://github.com/p11-glue/p11-kit/releases/" |
131 | "download/" version "/p11-kit-" version ".tar.gz")) | |
39855bfe | 132 | (patches (search-patches "p11-kit-jks-timestamps.patch")) |
27e86bed AE |
133 | (sha256 |
134 | (base32 | |
39855bfe | 135 | "166pwj00cffv4qq4dvx0k53zka0b0r1fa0whc49007vsqyh3khgp")))) |
27e86bed AE |
136 | (build-system gnu-build-system) |
137 | (native-inputs | |
138 | `(("pkg-config" ,pkg-config))) | |
139 | (inputs | |
140 | `(("libffi" ,libffi) | |
141 | ("libtasn1" ,libtasn1))) | |
142 | (arguments | |
d5c472a2 MB |
143 | `(#:configure-flags '("--without-trust-paths") |
144 | #:phases (modify-phases %standard-phases | |
145 | (add-before 'check 'prepare-tests | |
146 | (lambda _ | |
147 | ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up | |
148 | ;; and looks for .cache and other directories (only). | |
149 | ;; For simplicity just drop it since it is irrelevant | |
150 | ;; in the build container. | |
151 | (substitute* "Makefile" | |
152 | (("test-runtime\\$\\(EXEEXT\\)") "")) | |
153 | #t))))) | |
4631e6c9 | 154 | (home-page "https://p11-glue.freedesktop.org/p11-kit.html") |
27e86bed AE |
155 | (synopsis "PKCS#11 library") |
156 | (description | |
157 | "p11-kit provides a way to load and enumerate PKCS#11 modules. It | |
158 | provides a standard configuration setup for installing PKCS#11 modules | |
159 | in such a way that they are discoverable. It also solves problems with | |
160 | coordinating the use of PKCS#11 by different components or libraries | |
161 | living in the same process.") | |
e9aa8d0c | 162 | (license license:bsd-3))) |
27e86bed | 163 | |
7543f865 LC |
164 | (define-public gnutls |
165 | (package | |
166 | (name "gnutls") | |
06f5bc4e | 167 | (version "3.6.5") |
d7d408d5 LC |
168 | (source (origin |
169 | (method url-fetch) | |
170 | (uri | |
171 | ;; Note: Releases are no longer on ftp.gnu.org since the | |
172 | ;; schism (after version 3.1.5). | |
d93627e4 | 173 | (string-append "mirror://gnupg/gnutls/v" |
29a7c98a | 174 | (version-major+minor version) |
d93627e4 | 175 | "/gnutls-" version ".tar.xz")) |
06f5bc4e | 176 | (patches (search-patches "gnutls-skip-trust-store-test.patch")) |
d7d408d5 LC |
177 | (sha256 |
178 | (base32 | |
06f5bc4e MB |
179 | "0ddvg97dyrh8dkffv1mdc0knxx5my3qdbzv97s4a6jggmk9wwgh7")) |
180 | (modules '((guix build utils))) | |
181 | (snippet | |
182 | '(begin | |
183 | ;; XXX: The generated configure script in GnuTLS 3.6.5 | |
184 | ;; apparently does not know about Guile 2.2. | |
185 | (substitute* "configure" | |
186 | (("guile_versions_to_search=\"2\\.0 1\\.8\"") | |
187 | "guile_versions_to_search=\"2.2 2.0 1.8\"")) | |
188 | #t)))) | |
7543f865 | 189 | (build-system gnu-build-system) |
b94ae0b8 | 190 | (arguments |
76b21274 LF |
191 | `(; Ensure we don't keep a reference to this buggy software. |
192 | #:disallowed-references (,net-tools) | |
193 | #:configure-flags | |
a0700787 | 194 | (list |
aa7c7f21 MW |
195 | ;; GnuTLS doesn't consult any environment variables to specify |
196 | ;; the location of the system-wide trust store. Instead it has a | |
197 | ;; configure-time option. Unless specified, its configure script | |
198 | ;; attempts to auto-detect the location by looking for common | |
8f65585b | 199 | ;; places in the file system, none of which are present in our |
aa7c7f21 MW |
200 | ;; chroot build environment. If not found, then no default trust |
201 | ;; store is used, so each program has to provide its own | |
202 | ;; fallback, and users have to configure each program | |
203 | ;; independently. This seems suboptimal. | |
866f469e MW |
204 | "--with-default-trust-store-dir=/etc/ssl/certs" |
205 | ||
206 | ;; FIXME: Temporarily disable p11-kit support since it is not | |
207 | ;; working on mips64el. | |
606c6380 LC |
208 | "--without-p11-kit") |
209 | ||
210 | #:phases (modify-phases %standard-phases | |
211 | (add-after | |
212 | 'install 'move-doc | |
213 | (lambda* (#:key outputs #:allow-other-keys) | |
214 | ;; Copy the 4.1 MiB of section 3 man pages to "doc". | |
215 | (let* ((out (assoc-ref outputs "out")) | |
216 | (doc (assoc-ref outputs "doc")) | |
9cdce047 | 217 | (mandir (string-append doc "/share/man/man3")) |
606c6380 LC |
218 | (oldman (string-append out "/share/man/man3"))) |
219 | (mkdir-p mandir) | |
220 | (copy-recursively oldman mandir) | |
221 | (delete-file-recursively oldman) | |
222 | #t)))))) | |
223 | (outputs '("out" ;4.4 MiB | |
224 | "debug" | |
225 | "doc")) ;4.1 MiB of man pages | |
a1db0975 | 226 | (native-inputs |
c06d8ba5 | 227 | `(("net-tools" ,net-tools) |
5d4c90ae | 228 | ("pkg-config" ,pkg-config) |
d2fcfd3d | 229 | ("which" ,which))) |
7543f865 | 230 | (inputs |
a0700787 | 231 | `(("guile" ,guile-2.2))) |
7543f865 | 232 | (propagated-inputs |
d2fcfd3d | 233 | ;; These are all in the 'Requires.private' field of gnutls.pc. |
7543f865 | 234 | `(("libtasn1" ,libtasn1) |
55e61c4d | 235 | ("libidn2" ,libidn2) |
866f469e | 236 | ("nettle" ,nettle) |
f61e0e79 | 237 | ("zlib" ,zlib))) |
c19700c3 | 238 | (home-page "https://www.gnu.org/software/gnutls/") |
f50d2669 | 239 | (synopsis "Transport layer security library") |
7543f865 | 240 | (description |
a22dc0c4 | 241 | "GnuTLS is a secure communications library implementing the SSL, TLS |
79c311b8 | 242 | and DTLS protocols. It is provided in the form of a C library to support the |
a22dc0c4 LC |
243 | protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other |
244 | required structures.") | |
63e8bb12 LC |
245 | (license license:lgpl2.1+) |
246 | (properties '((ftp-server . "ftp.gnutls.org") | |
247 | (ftp-directory . "/gcrypt/gnutls"))))) | |
cc2b77df | 248 | |
079f013b | 249 | (define-public gnutls/guile-2.2 |
a0700787 LC |
250 | (deprecated-package "guile2.2-gnutls" gnutls)) |
251 | ||
252 | (define-public gnutls/guile-2.0 | |
253 | ;; GnuTLS for Guile 2.0. | |
079f013b | 254 | (package |
58ea4d40 | 255 | (inherit gnutls) |
a0700787 LC |
256 | (name "guile2.0-gnutls") |
257 | (inputs `(("guile" ,guile-2.0) | |
58ea4d40 | 258 | ,@(alist-delete "guile" (package-inputs gnutls)))))) |
079f013b | 259 | |
5b9aa107 | 260 | (define-public gnutls/dane |
261 | ;; GnuTLS with build libgnutls-dane, implementing DNS-based | |
262 | ;; Authentication of Named Entities. This is required for GNS functionality | |
263 | ;; by GNUnet and gnURL. This is done in an extra package definition | |
264 | ;; to have the choice between GnuTLS with Dane and without Dane. | |
265 | (package | |
266 | (inherit gnutls) | |
267 | (name "gnutls-dane") | |
268 | (inputs `(("unbound" ,unbound) | |
269 | ,@(package-inputs gnutls))))) | |
270 | ||
cc2b77df AE |
271 | (define-public openssl |
272 | (package | |
273 | (name "openssl") | |
a92c6b1a | 274 | (replacement openssl/fixed) |
01710194 | 275 | (version "1.0.2p") |
cc2b77df | 276 | (source (origin |
4cff124b | 277 | (method url-fetch) |
bdf0b6fc MB |
278 | (uri (list (string-append "https://www.openssl.org/source/openssl-" |
279 | version ".tar.gz") | |
280 | (string-append "ftp://ftp.openssl.org/source/" | |
c7f5c3ea | 281 | "openssl-" version ".tar.gz") |
4cff124b LC |
282 | (string-append "ftp://ftp.openssl.org/source/old/" |
283 | (string-trim-right version char-set:letter) | |
c7f5c3ea | 284 | "/openssl-" version ".tar.gz"))) |
4cff124b LC |
285 | (sha256 |
286 | (base32 | |
01710194 | 287 | "003xh9f898i56344vpvpxxxzmikivxig4xwlm7vbi7m8n43qxaah")) |
fc1adab1 | 288 | (patches (search-patches "openssl-runpath.patch" |
1d8de185 | 289 | "openssl-c-rehash-in.patch")))) |
cc2b77df | 290 | (build-system gnu-build-system) |
8c78aeb7 | 291 | (outputs '("out" |
a909b576 | 292 | "doc" ;1.5MiB of man3 pages |
8c78aeb7 | 293 | "static")) ;6MiB of .a files |
cc2b77df AE |
294 | (native-inputs `(("perl" ,perl))) |
295 | (arguments | |
d03781c3 LC |
296 | `(#:disallowed-references (,perl) |
297 | #:parallel-build? #f | |
cc2b77df AE |
298 | #:parallel-tests? #f |
299 | #:test-target "test" | |
8c9ec203 LF |
300 | |
301 | ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure, | |
302 | ;; so we explicitly disallow it here. | |
303 | #:disallowed-references ,(list (canonical-package perl)) | |
cc2b77df | 304 | #:phases |
b6cb1358 | 305 | (modify-phases %standard-phases |
4fb254a3 | 306 | (add-before |
86c8f1da | 307 | 'configure 'patch-Makefile.org |
4fb254a3 LC |
308 | (lambda* (#:key outputs #:allow-other-keys) |
309 | ;; The default MANDIR is some unusual place. Fix that. | |
310 | (let ((out (assoc-ref outputs "out"))) | |
86c8f1da | 311 | (patch-makefile-SHELL "Makefile.org") |
4fb254a3 LC |
312 | (substitute* "Makefile.org" |
313 | (("^MANDIR[[:blank:]]*=.*$") | |
314 | (string-append "MANDIR = " out "/share/man\n"))) | |
315 | #t))) | |
b6cb1358 LC |
316 | (replace |
317 | 'configure | |
318 | (lambda* (#:key outputs #:allow-other-keys) | |
319 | (let ((out (assoc-ref outputs "out"))) | |
0d98cb9a | 320 | (invoke "./config" |
5011d3f4 SB |
321 | "shared" ;build shared libraries |
322 | "--libdir=lib" | |
4fb254a3 | 323 | |
5011d3f4 SB |
324 | ;; The default for this catch-all directory is |
325 | ;; PREFIX/ssl. Change that to something more | |
326 | ;; conventional. | |
327 | (string-append "--openssldir=" out | |
328 | "/share/openssl-" ,version) | |
4fb254a3 | 329 | |
18784d8f | 330 | (string-append "--prefix=" out))))) |
fe8199a8 LC |
331 | (add-after |
332 | 'install 'make-libraries-writable | |
333 | (lambda* (#:key outputs #:allow-other-keys) | |
334 | ;; Make libraries writable so that 'strip' does its job. | |
335 | (let ((out (assoc-ref outputs "out"))) | |
336 | (for-each (lambda (file) | |
337 | (chmod file #o644)) | |
338 | (find-files (string-append out "/lib") | |
339 | "\\.so")) | |
340 | #t))) | |
8c78aeb7 LC |
341 | (add-after 'install 'move-static-libraries |
342 | (lambda* (#:key outputs #:allow-other-keys) | |
343 | ;; Move static libraries to the "static" output. | |
344 | (let* ((out (assoc-ref outputs "out")) | |
345 | (lib (string-append out "/lib")) | |
346 | (static (assoc-ref outputs "static")) | |
347 | (slib (string-append static "/lib"))) | |
8c78aeb7 LC |
348 | (for-each (lambda (file) |
349 | (install-file file slib) | |
350 | (delete-file file)) | |
351 | (find-files lib "\\.a$")) | |
352 | #t))) | |
a909b576 LC |
353 | (add-after 'install 'move-man3-pages |
354 | (lambda* (#:key outputs #:allow-other-keys) | |
355 | ;; Move section 3 man pages to "doc". | |
356 | (let* ((out (assoc-ref outputs "out")) | |
357 | (man3 (string-append out "/share/man/man3")) | |
358 | (doc (assoc-ref outputs "doc")) | |
359 | (target (string-append doc "/share/man/man3"))) | |
360 | (mkdir-p target) | |
361 | (for-each (lambda (file) | |
362 | (rename-file file | |
363 | (string-append target "/" | |
364 | (basename file)))) | |
365 | (find-files man3)) | |
5c838ec9 | 366 | (delete-file-recursively man3) |
a909b576 | 367 | #t))) |
b6cb1358 LC |
368 | (add-before |
369 | 'patch-source-shebangs 'patch-tests | |
370 | (lambda* (#:key inputs native-inputs #:allow-other-keys) | |
371 | (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) | |
372 | (substitute* (find-files "test" ".*") | |
373 | (("/bin/sh") | |
08a78c2f | 374 | (string-append bash "/bin/sh")) |
b6cb1358 | 375 | (("/bin/rm") |
86c8f1da MW |
376 | "rm")) |
377 | #t))) | |
784d6e91 LC |
378 | (add-after |
379 | 'install 'remove-miscellany | |
380 | (lambda* (#:key outputs #:allow-other-keys) | |
381 | ;; The 'misc' directory contains random undocumented shell and Perl | |
382 | ;; scripts. Remove them to avoid retaining a reference on Perl. | |
383 | (let ((out (assoc-ref outputs "out"))) | |
384 | (delete-file-recursively (string-append out "/share/openssl-" | |
385 | ,version "/misc")) | |
386 | #t)))))) | |
cc2b77df | 387 | (native-search-paths |
cc2b77df AE |
388 | (list (search-path-specification |
389 | (variable "SSL_CERT_DIR") | |
5d7a47cc | 390 | (separator #f) ;single entry |
cc2b77df AE |
391 | (files '("etc/ssl/certs"))) |
392 | (search-path-specification | |
393 | (variable "SSL_CERT_FILE") | |
5d7a47cc MB |
394 | (file-type 'regular) |
395 | (separator #f) ;single entry | |
cc2b77df AE |
396 | (files '("etc/ssl/certs/ca-certificates.crt"))))) |
397 | (synopsis "SSL/TLS implementation") | |
398 | (description | |
e881752c | 399 | "OpenSSL is an implementation of SSL/TLS.") |
e9aa8d0c | 400 | (license license:openssl) |
4631e6c9 | 401 | (home-page "https://www.openssl.org/"))) |
cc2b77df | 402 | |
a92c6b1a TGR |
403 | (define-public openssl/fixed |
404 | (hidden-package | |
405 | (package | |
406 | (inherit openssl) | |
407 | (source (origin | |
408 | (inherit (package-source openssl)) | |
409 | (patches (append (origin-patches (package-source openssl)) | |
410 | (search-patches "openssl-CVE-2019-1559.patch")))))))) | |
411 | ||
763899f0 LF |
412 | (define-public openssl-next |
413 | (package | |
a215c938 | 414 | (inherit openssl) |
763899f0 | 415 | (name "openssl") |
28337566 | 416 | (version "1.1.1b") |
763899f0 LF |
417 | (source (origin |
418 | (method url-fetch) | |
77576be4 MB |
419 | (uri (list (string-append "https://www.openssl.org/source/openssl-" |
420 | version ".tar.gz") | |
421 | (string-append "ftp://ftp.openssl.org/source/" | |
c7f5c3ea | 422 | "openssl-" version ".tar.gz") |
763899f0 LF |
423 | (string-append "ftp://ftp.openssl.org/source/old/" |
424 | (string-trim-right version char-set:letter) | |
c7f5c3ea | 425 | "/openssl-" version ".tar.gz"))) |
9e9e5d5a | 426 | (patches (search-patches "openssl-1.1-c-rehash-in.patch")) |
763899f0 LF |
427 | (sha256 |
428 | (base32 | |
28337566 | 429 | "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw")))) |
763899f0 | 430 | (outputs '("out" |
6ec43b0d | 431 | "doc" ; 6.8 MiB of man3 pages and full HTML documentation |
9e9e5d5a | 432 | "static")) ; 6.4 MiB of .a files |
763899f0 LF |
433 | (arguments |
434 | (substitute-keyword-arguments (package-arguments openssl) | |
435 | ((#:phases phases) | |
436 | `(modify-phases ,phases | |
437 | (delete 'patch-tests) ; These two phases are not needed by | |
6ec43b0d | 438 | (delete 'patch-Makefile.org) ; OpenSSL 1.1. |
763899f0 | 439 | |
fc184fe2 MB |
440 | ;; Override configure phase since -rpath is now a configure option. |
441 | (replace 'configure | |
763899f0 | 442 | (lambda* (#:key outputs #:allow-other-keys) |
fc184fe2 MB |
443 | (let* ((out (assoc-ref outputs "out")) |
444 | (lib (string-append out "/lib"))) | |
9e9e5d5a LF |
445 | ;; It's not a shebang so patch-source-shebangs misses it. |
446 | (substitute* "config" | |
447 | (("/usr/bin/env") | |
448 | (string-append (assoc-ref %build-inputs "coreutils") | |
449 | "/bin/env"))) | |
0d98cb9a | 450 | (invoke "./config" |
5011d3f4 SB |
451 | "shared" ;build shared libraries |
452 | "--libdir=lib" | |
fc184fe2 | 453 | |
5011d3f4 SB |
454 | ;; The default for this catch-all directory is |
455 | ;; PREFIX/ssl. Change that to something more | |
456 | ;; conventional. | |
457 | (string-append "--openssldir=" out | |
458 | "/share/openssl-" ,version) | |
fc184fe2 | 459 | |
5011d3f4 | 460 | (string-append "--prefix=" out) |
799de468 | 461 | (string-append "-Wl,-rpath," lib))))) |
fc184fe2 | 462 | |
9e9e5d5a LF |
463 | (delete 'move-man3-pages) |
464 | (add-after 'install 'move-extra-documentation | |
465 | (lambda* (#:key outputs #:allow-other-keys) | |
466 | ;; Move man3 pages and full HTML documentation to "doc". | |
467 | (let* ((out (assoc-ref outputs "out")) | |
468 | (man3 (string-append out "/share/man/man3")) | |
469 | (html (string-append out "/share/doc/openssl")) | |
470 | (doc (assoc-ref outputs "doc")) | |
471 | (man-target (string-append doc "/share/man/man3")) | |
472 | (html-target (string-append doc "/share/doc/openssl"))) | |
473 | (copy-recursively man3 man-target) | |
474 | (delete-file-recursively man3) | |
475 | (copy-recursively html html-target) | |
476 | (delete-file-recursively html) | |
477 | #t))) | |
fc184fe2 MB |
478 | ;; XXX: Duplicate this phase to make sure 'version' evaluates |
479 | ;; in the current scope and not the inherited one. | |
480 | (replace 'remove-miscellany | |
481 | (lambda* (#:key outputs #:allow-other-keys) | |
482 | ;; The 'misc' directory contains random undocumented shell and Perl | |
483 | ;; scripts. Remove them to avoid retaining a reference on Perl. | |
484 | (let ((out (assoc-ref outputs "out"))) | |
485 | (delete-file-recursively (string-append out "/share/openssl-" | |
486 | ,version "/misc")) | |
763899f0 LF |
487 | #t))))))))) |
488 | ||
cb6a802c AE |
489 | (define-public libressl |
490 | (package | |
491 | (name "libressl") | |
0effadca | 492 | (version "2.7.4") |
644e5f17 TGR |
493 | (source (origin |
494 | (method url-fetch) | |
495 | (uri (string-append "mirror://openbsd/LibreSSL/" | |
496 | name "-" version ".tar.gz")) | |
497 | (sha256 | |
498 | (base32 | |
0effadca | 499 | "19kxa5i97q7p6rrps9qm0nd8zqhdjvzx02j72400c73cl2nryfhy")))) |
cb6a802c | 500 | (build-system gnu-build-system) |
a2d64899 LC |
501 | (arguments |
502 | ;; Do as if 'getentropy' was missing since older Linux kernels lack it | |
503 | ;; and libc would return ENOSYS, which is not properly handled. | |
504 | ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>. | |
df08f385 LF |
505 | '(#:configure-flags '("ac_cv_func_getentropy=no" |
506 | ;; Provide a TLS-enabled netcat. | |
507 | "--enable-nc"))) | |
cb6a802c AE |
508 | (native-search-paths |
509 | ;; FIXME: These two variables must designate a single file or directory | |
510 | ;; and are not actually "search paths." In practice it works OK in | |
511 | ;; user profiles because there's always just one item that matches the | |
512 | ;; specification. | |
513 | (list (search-path-specification | |
514 | (variable "SSL_CERT_DIR") | |
515 | (files '("etc/ssl/certs"))) | |
516 | (search-path-specification | |
517 | (variable "SSL_CERT_FILE") | |
518 | (files '("etc/ssl/certs/ca-certificates.crt"))))) | |
2ed12d3f | 519 | (home-page "https://www.libressl.org/") |
cb6a802c | 520 | (synopsis "SSL/TLS implementation") |
df08f385 LF |
521 | (description "LibreSSL is a version of the TLS/crypto stack, forked from |
522 | OpenSSL in 2014 with the goals of modernizing the codebase, improving security, | |
523 | and applying best practice development processes. This package also includes a | |
524 | netcat implementation that supports TLS.") | |
cb6a802c AE |
525 | ;; Files taken from OpenSSL keep their license, others are under various |
526 | ;; non-copyleft licenses. | |
527 | (license (list license:openssl | |
528 | (license:non-copyleft | |
529 | "file://COPYING" | |
530 | "See COPYING in the distribution."))))) | |
531 | ||
6cefd53d | 532 | (define-public python-acme |
7890e3ba | 533 | (package |
6cefd53d | 534 | (name "python-acme") |
686d4259 | 535 | ;; Remember to update the hash of certbot when updating python-acme. |
ed362d16 | 536 | (version "0.31.0") |
7890e3ba | 537 | (source (origin |
9495cf9a | 538 | (method url-fetch) |
f349d36e | 539 | (uri (pypi-uri "acme" version)) |
881006b6 MB |
540 | (sha256 |
541 | (base32 | |
ed362d16 | 542 | "1gxjv09c695lj8swspa390nch117i60qkrgy135383vfk00jsp3y")))) |
7890e3ba LF |
543 | (build-system python-build-system) |
544 | (arguments | |
6cefd53d | 545 | `(#:phases |
9bee9d87 | 546 | (modify-phases %standard-phases |
1fc8476d MB |
547 | (add-after 'build 'build-documentation |
548 | (lambda _ | |
d4bd2453 | 549 | (invoke "make" "-C" "docs" "man" "info"))) |
1fc8476d | 550 | (add-after 'install 'install-documentation |
50a7963a LF |
551 | (lambda* (#:key outputs #:allow-other-keys) |
552 | (let* ((out (assoc-ref outputs "out")) | |
553 | (man (string-append out "/share/man/man1")) | |
554 | (info (string-append out "/info"))) | |
1fc8476d MB |
555 | (install-file "docs/_build/texinfo/acme-python.info" info) |
556 | (install-file "docs/_build/man/acme-python.1" man) | |
557 | #t)))))) | |
50a7963a | 558 | ;; TODO: Add optional inputs for testing. |
7890e3ba | 559 | (native-inputs |
4ae65558 | 560 | `(("python-mock" ,python-mock) |
b494bbe4 | 561 | ("python-pytest" ,python-pytest) |
50a7963a LF |
562 | ;; For documentation |
563 | ("python-sphinx" ,python-sphinx) | |
564 | ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput) | |
565 | ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme) | |
50a7963a | 566 | ("texinfo" ,texinfo))) |
7890e3ba | 567 | (propagated-inputs |
92572184 LF |
568 | `(("python-josepy" ,python-josepy) |
569 | ("python-six" ,python-six) | |
6cefd53d | 570 | ("python-requests" ,python-requests) |
b494bbe4 | 571 | ("python-requests-toolbelt" ,python-requests-toolbelt) |
6cefd53d LF |
572 | ("python-pytz" ,python-pytz) |
573 | ("python-pyrfc3339" ,python-pyrfc3339) | |
574 | ("python-pyasn1" ,python-pyasn1) | |
575 | ("python-cryptography" ,python-cryptography) | |
576 | ("python-pyopenssl" ,python-pyopenssl))) | |
4631e6c9 | 577 | (home-page "https://github.com/certbot/certbot") |
7890e3ba LF |
578 | (synopsis "ACME protocol implementation in Python") |
579 | (description "ACME protocol implementation in Python") | |
580 | (license license:asl2.0))) | |
581 | ||
9495cf9a | 582 | (define-public certbot |
9fd0838b | 583 | (package |
9495cf9a | 584 | (name "certbot") |
686d4259 LF |
585 | ;; Certbot and python-acme are developed in the same repository, and their |
586 | ;; versions should remain synchronized. | |
587 | (version (package-version python-acme)) | |
9fd0838b DT |
588 | (source (origin |
589 | (method url-fetch) | |
f349d36e | 590 | (uri (pypi-uri name version)) |
9fd0838b DT |
591 | (sha256 |
592 | (base32 | |
ed362d16 | 593 | "0wq4jgyzli684h154w26xplp0fzyks2vlrnmhafhyb0h1bw9cc8c")))) |
9fd0838b DT |
594 | (build-system python-build-system) |
595 | (arguments | |
fed1898d | 596 | `(,@(substitute-keyword-arguments (package-arguments python-acme) |
f26d6e4e LF |
597 | ((#:phases phases) |
598 | `(modify-phases ,phases | |
1fc8476d | 599 | (replace 'install-documentation |
f26d6e4e LF |
600 | (lambda* (#:key outputs #:allow-other-keys) |
601 | (let* ((out (assoc-ref outputs "out")) | |
602 | (man1 (string-append out "/share/man/man1")) | |
603 | (man7 (string-append out "/share/man/man7")) | |
604 | (info (string-append out "/info"))) | |
1fc8476d MB |
605 | (install-file "docs/_build/texinfo/Certbot.info" info) |
606 | (install-file "docs/_build/man/certbot.1" man1) | |
607 | (install-file "docs/_build/man/certbot.7" man7) | |
608 | #t)))))))) | |
f9263d9a | 609 | ;; TODO: Add optional inputs for testing. |
9fd0838b | 610 | (native-inputs |
fed1898d | 611 | `(("python-nose" ,python-nose) |
4ae65558 | 612 | ("python-mock" ,python-mock) |
f9263d9a | 613 | ;; For documentation |
fed1898d LF |
614 | ("python-sphinx" ,python-sphinx) |
615 | ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme) | |
616 | ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface) | |
617 | ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput) | |
f9263d9a | 618 | ("texinfo" ,texinfo))) |
9fd0838b | 619 | (propagated-inputs |
fed1898d LF |
620 | `(("python-acme" ,python-acme) |
621 | ("python-zope-interface" ,python-zope-interface) | |
622 | ("python-pyrfc3339" ,python-pyrfc3339) | |
623 | ("python-pyopenssl" ,python-pyopenssl) | |
624 | ("python-configobj" ,python-configobj) | |
625 | ("python-configargparse" ,python-configargparse) | |
626 | ("python-zope-component" ,python-zope-component) | |
627 | ("python-parsedatetime" ,python-parsedatetime) | |
628 | ("python-six" ,python-six) | |
629 | ("python-psutil" ,python-psutil) | |
630 | ("python-requests" ,python-requests) | |
631 | ("python-pytz" ,python-pytz))) | |
d8a1be63 | 632 | (synopsis "Let's Encrypt client by the Electronic Frontier Foundation") |
80968df0 TGR |
633 | (description "Certbot automatically receives and installs X.509 certificates |
634 | to enable Transport Layer Security (TLS) on servers. It interoperates with the | |
635 | Let’s Encrypt certificate authority (CA), which issues browser-trusted | |
636 | certificates for free.") | |
24778368 | 637 | (home-page "https://certbot.eff.org/") |
9fd0838b DT |
638 | (license license:asl2.0))) |
639 | ||
9495cf9a LF |
640 | (define-public letsencrypt |
641 | (package (inherit certbot) | |
56ab55d1 LF |
642 | (name "letsencrypt") |
643 | (properties `((superseded . ,certbot))))) | |
9495cf9a | 644 | |
cc2b77df AE |
645 | (define-public perl-net-ssleay |
646 | (package | |
647 | (name "perl-net-ssleay") | |
fe15613c | 648 | (version "1.85") |
cc2b77df AE |
649 | (source (origin |
650 | (method url-fetch) | |
651 | (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/" | |
652 | "Net-SSLeay-" version ".tar.gz")) | |
653 | (sha256 | |
654 | (base32 | |
fe15613c | 655 | "1j5h4ycm8538397l204d2d5fkm9595aj174pj7bkpbhwzfwqi0cx")))) |
cc2b77df AE |
656 | (build-system perl-build-system) |
657 | (inputs `(("openssl" ,openssl))) | |
658 | (arguments | |
1084ec08 MW |
659 | `(#:phases |
660 | (modify-phases %standard-phases | |
1084ec08 MW |
661 | (add-before |
662 | 'configure 'set-ssl-prefix | |
663 | (lambda* (#:key inputs #:allow-other-keys) | |
664 | (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl")) | |
665 | #t))))) | |
cc2b77df AE |
666 | (synopsis "Perl extension for using OpenSSL") |
667 | (description | |
668 | "This module offers some high level convenience functions for accessing | |
669 | web pages on SSL servers (for symmetry, the same API is offered for accessing | |
670 | http servers, too), an sslcat() function for writing your own clients, and | |
671 | finally access to the SSL api of the SSLeay/OpenSSL package so you can write | |
672 | servers or clients for more complicated applications.") | |
2f3108ad | 673 | (license license:perl-license) |
9aba9b12 | 674 | (home-page "https://metacpan.org/release/Net-SSLeay"))) |
4532c0c0 DM |
675 | |
676 | (define-public perl-crypt-openssl-rsa | |
677 | (package | |
678 | (name "perl-crypt-openssl-rsa") | |
a9994b27 | 679 | (version "0.31") |
4532c0c0 DM |
680 | (source |
681 | (origin | |
682 | (method url-fetch) | |
683 | (uri (string-append | |
683b8d47 | 684 | "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-" |
4532c0c0 DM |
685 | version |
686 | ".tar.gz")) | |
687 | (sha256 | |
688 | (base32 | |
a9994b27 | 689 | "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1")))) |
4532c0c0 | 690 | (build-system perl-build-system) |
683b8d47 TGR |
691 | (native-inputs |
692 | `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess))) | |
4532c0c0 DM |
693 | (inputs |
694 | `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum) | |
695 | ("perl-crypt-openssl-random" ,perl-crypt-openssl-random) | |
696 | ("openssl" ,openssl))) | |
697 | (arguments perl-crypt-arguments) | |
698 | (home-page | |
9aba9b12 | 699 | "https://metacpan.org/release/Crypt-OpenSSL-RSA") |
4532c0c0 DM |
700 | (synopsis |
701 | "RSA encoding and decoding, using the openSSL libraries") | |
702 | (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the | |
703 | OpenSSL libraries).") | |
2f3108ad | 704 | (license license:perl-license))) |
adff71ca DM |
705 | |
706 | (define perl-crypt-arguments | |
707 | `(#:phases (modify-phases %standard-phases | |
708 | (add-before 'configure 'patch-Makefile.PL | |
709 | (lambda* (#:key inputs #:allow-other-keys) | |
710 | (substitute* "Makefile.PL" | |
711 | (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L" | |
712 | (assoc-ref inputs "openssl") | |
713 | "/lib -lcrypto'],"))) | |
714 | #t))))) | |
715 | ||
716 | (define-public perl-crypt-openssl-bignum | |
717 | (package | |
718 | (name "perl-crypt-openssl-bignum") | |
7e8aac18 | 719 | (version "0.09") |
adff71ca DM |
720 | (source |
721 | (origin | |
722 | (method url-fetch) | |
723 | (uri (string-append | |
724 | "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-" | |
725 | version | |
726 | ".tar.gz")) | |
727 | (sha256 | |
728 | (base32 | |
7e8aac18 | 729 | "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3")))) |
adff71ca DM |
730 | (build-system perl-build-system) |
731 | (inputs `(("openssl" ,openssl))) | |
732 | (arguments perl-crypt-arguments) | |
733 | (home-page | |
9aba9b12 | 734 | "https://metacpan.org/release/Crypt-OpenSSL-Bignum") |
adff71ca DM |
735 | (synopsis |
736 | "OpenSSL's multiprecision integer arithmetic in Perl") | |
737 | (description "Crypt::OpenSSL::Bignum provides multiprecision integer | |
738 | arithmetic in Perl.") | |
739 | ;; At your option either gpl1+ or the Artistic License | |
2f3108ad | 740 | (license license:perl-license))) |
cccb4d26 | 741 | |
c80590f6 TGR |
742 | (define-public perl-crypt-openssl-guess |
743 | (package | |
744 | (name "perl-crypt-openssl-guess") | |
745 | (version "0.11") | |
746 | (source | |
747 | (origin | |
748 | (method url-fetch) | |
749 | (uri (string-append | |
750 | "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-" | |
751 | version ".tar.gz")) | |
752 | (sha256 | |
753 | (base32 | |
754 | "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa")))) | |
755 | (build-system perl-build-system) | |
9aba9b12 | 756 | (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess") |
c80590f6 TGR |
757 | (synopsis "Guess the OpenSSL include path") |
758 | (description | |
759 | "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the | |
760 | correct OpenSSL include path. It is intended for use in your | |
761 | @file{Makefile.PL}.") | |
762 | (license license:perl-license))) | |
763 | ||
cccb4d26 DM |
764 | (define-public perl-crypt-openssl-random |
765 | (package | |
766 | (name "perl-crypt-openssl-random") | |
b30c23c4 | 767 | (version "0.13") |
cccb4d26 DM |
768 | (source |
769 | (origin | |
770 | (method url-fetch) | |
771 | (uri (string-append | |
772 | "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-" | |
773 | version | |
774 | ".tar.gz")) | |
775 | (sha256 | |
776 | (base32 | |
b30c23c4 | 777 | "0vmvrb3shrzjzri3qn524dzdasbq8zhhbpc1vmq8sx68n4jhizb0")))) |
cccb4d26 | 778 | (build-system perl-build-system) |
b30c23c4 TGR |
779 | (native-inputs |
780 | `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess))) | |
781 | (inputs | |
782 | `(("openssl" ,openssl))) | |
cccb4d26 DM |
783 | (arguments perl-crypt-arguments) |
784 | (home-page | |
9aba9b12 | 785 | "https://metacpan.org/release/Crypt-OpenSSL-Random") |
cccb4d26 DM |
786 | (synopsis |
787 | "OpenSSL/LibreSSL pseudo-random number generator access") | |
788 | (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random | |
789 | number generator") | |
2f3108ad | 790 | (license license:perl-license))) |
0581c273 LF |
791 | |
792 | (define-public acme-client | |
793 | (package | |
794 | (name "acme-client") | |
4a6b2a21 | 795 | (version "0.1.16") |
0581c273 LF |
796 | (source (origin |
797 | (method url-fetch) | |
798 | (uri (string-append "https://kristaps.bsd.lv/" name "/" | |
799 | "snapshots/" name "-portable-" | |
800 | version ".tgz")) | |
801 | (sha256 | |
802 | (base32 | |
4a6b2a21 | 803 | "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9")))) |
0581c273 LF |
804 | (build-system gnu-build-system) |
805 | (arguments | |
806 | '(#:tests? #f ; no test suite | |
807 | #:make-flags | |
808 | (list "CC=gcc" | |
809 | (string-append "PREFIX=" (assoc-ref %outputs "out"))) | |
810 | #:phases | |
811 | (modify-phases %standard-phases | |
7c1a7bf4 LF |
812 | (add-after 'unpack 'patch-paths |
813 | (lambda* (#:key inputs #:allow-other-keys) | |
814 | (let ((pem (string-append (assoc-ref inputs "libressl") | |
815 | "/etc/ssl/cert.pem"))) | |
816 | (substitute* "http.c" | |
817 | (("/etc/ssl/cert.pem") pem)) | |
818 | #t))) | |
0581c273 | 819 | (delete 'configure)))) ; no './configure' script |
4b569a4f LF |
820 | (native-inputs |
821 | `(("pkg-config" ,pkg-config))) | |
0581c273 LF |
822 | (inputs |
823 | `(("libbsd" ,libbsd) | |
824 | ("libressl" ,libressl))) | |
825 | (synopsis "Let's Encrypt client by the OpenBSD project") | |
826 | (description "acme-client is a Let's Encrypt client implemented in C. It | |
827 | uses a modular design, and attempts to secure itself by dropping privileges and | |
828 | operating in a chroot where possible. acme-client is developed on OpenBSD and | |
829 | then ported to the GNU / Linux environment.") | |
830 | (home-page "https://kristaps.bsd.lv/acme-client/") | |
831 | ;; acme-client is distributed under the ISC license, but the files 'jsmn.h' | |
832 | ;; and 'jsmn.c' are distributed under the Expat license. | |
833 | (license (list license:isc license:expat)))) | |
88522738 | 834 | |
835 | ;; The "-apache" variant is the upstreamed prefered variant. A "-gpl" | |
836 | ;; variant exists in addition to the "-apache" one. | |
837 | (define-public mbedtls-apache | |
838 | (package | |
839 | (name "mbedtls-apache") | |
5a7899fd | 840 | (version "2.16.0") |
88522738 | 841 | (source |
842 | (origin | |
843 | (method url-fetch) | |
844 | ;; XXX: The download links on the website are script redirection links | |
845 | ;; which effectively lead to the format listed in the uri here. | |
846 | (uri (string-append "https://tls.mbed.org/download/mbedtls-" | |
847 | version "-apache.tgz")) | |
848 | (sha256 | |
849 | (base32 | |
5a7899fd | 850 | "1qlscr0m97favkqmrlj90rlgw40h8lcypxz0snvr1iwkj1pbbnp3")))) |
88522738 | 851 | (build-system cmake-build-system) |
a64d9d56 RW |
852 | (arguments |
853 | `(#:configure-flags | |
854 | (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"))) | |
88522738 | 855 | (native-inputs |
38a9bf80 TGR |
856 | `(("perl" ,perl) |
857 | ("python" ,python))) | |
88522738 | 858 | (synopsis "Small TLS library") |
859 | (description | |
860 | "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy | |
861 | for developers to include cryptographic and SSL/TLS capabilities in their | |
862 | (embedded) products, facilitating this functionality with a minimal | |
863 | coding footprint.") | |
864 | (home-page "https://tls.mbed.org") | |
865 | (license license:asl2.0))) | |
587d1752 | 866 | |
8e87aa04 TGR |
867 | ;; The Hiawatha Web server requires some specific features to be enabled. |
868 | (define-public mbedtls-for-hiawatha | |
869 | (hidden-package | |
870 | (package | |
871 | (inherit mbedtls-apache) | |
872 | (arguments | |
873 | (substitute-keyword-arguments | |
874 | `(#:phases | |
875 | (modify-phases %standard-phases | |
876 | (add-after 'configure 'configure-extra-features | |
877 | (lambda _ | |
878 | (for-each (lambda (feature) | |
879 | (invoke "scripts/config.pl" "set" feature)) | |
880 | (list "MBEDTLS_THREADING_C" | |
881 | "MBEDTLS_THREADING_PTHREAD")) | |
882 | #t))) | |
883 | ,@(package-arguments mbedtls-apache))))))) | |
884 | ||
587d1752 RW |
885 | (define-public ghc-tls |
886 | (package | |
887 | (name "ghc-tls") | |
66c5de39 | 888 | (version "1.4.1") |
587d1752 RW |
889 | (source (origin |
890 | (method url-fetch) | |
891 | (uri (string-append "https://hackage.haskell.org/package/" | |
892 | "tls/tls-" version ".tar.gz")) | |
893 | (sha256 | |
894 | (base32 | |
66c5de39 | 895 | "1y083724mym28n6xfaz7pcc7zqxdhjpaxpbvzxfbs25qq2px3smv")))) |
587d1752 RW |
896 | (build-system haskell-build-system) |
897 | (inputs | |
f54f0475 | 898 | `(("ghc-cereal" ,ghc-cereal) |
587d1752 RW |
899 | ("ghc-data-default-class" ,ghc-data-default-class) |
900 | ("ghc-memory" ,ghc-memory) | |
901 | ("ghc-cryptonite" ,ghc-cryptonite) | |
902 | ("ghc-asn1-types" ,ghc-asn1-types) | |
903 | ("ghc-asn1-encoding" ,ghc-asn1-encoding) | |
904 | ("ghc-x509" ,ghc-x509) | |
905 | ("ghc-x509-store" ,ghc-x509-store) | |
906 | ("ghc-x509-validation" ,ghc-x509-validation) | |
907 | ("ghc-async" ,ghc-async) | |
908 | ("ghc-network" ,ghc-network) | |
909 | ("ghc-hourglass" ,ghc-hourglass))) | |
910 | (native-inputs | |
911 | `(("ghc-tasty" ,ghc-tasty) | |
912 | ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck) | |
913 | ("ghc-quickcheck" ,ghc-quickcheck))) | |
914 | (home-page "https://github.com/vincenthz/hs-tls") | |
915 | (synopsis | |
916 | "TLS/SSL protocol native implementation (Server and Client)") | |
917 | (description | |
918 | "Native Haskell TLS and SSL protocol implementation for server and client. | |
919 | This provides a high-level implementation of a sensitive security protocol, | |
920 | eliminating a common set of security issues through the use of the advanced | |
921 | type system, high level constructions and common Haskell features. Currently | |
922 | implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol, and support RSA and | |
923 | Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges, and many | |
924 | extensions.") | |
925 | (license license:bsd-3))) | |
e8b3a158 CL |
926 | |
927 | (define-public dehydrated | |
928 | (package | |
929 | (name "dehydrated") | |
930 | (version "0.6.2") | |
931 | (source (origin | |
932 | (method url-fetch/tarbomb) | |
933 | (uri (string-append | |
934 | "https://github.com/lukas2511/dehydrated/archive/v" | |
935 | version ".tar.gz")) | |
936 | (sha256 | |
937 | (base32 | |
938 | "03p80yj6bnzjc6dkp5hb9wpplmlrla8n5src71cnzw4rj53q8cqn")) | |
939 | (file-name (string-append name "-" version ".tar.gz")))) | |
940 | (build-system trivial-build-system) | |
941 | (arguments | |
942 | `(#:modules ((guix build utils)) | |
943 | #:builder | |
944 | (begin | |
945 | (use-modules (guix build utils)) | |
946 | (let* ((source (assoc-ref %build-inputs "source")) | |
947 | (out (assoc-ref %outputs "out")) | |
948 | (bin (string-append out "/bin")) | |
949 | (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin"))) | |
950 | (mkdir-p bin) | |
951 | (with-directory-excursion bin | |
952 | (copy-file | |
953 | (in-vicinity source (string-append "/dehydrated-" ,version | |
954 | "/dehydrated")) | |
955 | (in-vicinity bin "dehydrated")) | |
956 | (patch-shebang "dehydrated" (list bash)) | |
957 | ||
958 | ;; Do not try to write in the store. | |
959 | (substitute* "dehydrated" | |
960 | (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated")) | |
961 | ||
962 | (setenv "PATH" bash) | |
963 | (wrap-program "dehydrated" | |
964 | `("PATH" ":" prefix | |
965 | ,(map (lambda (dir) | |
966 | (string-append dir "/bin")) | |
967 | (map (lambda (input) | |
968 | (assoc-ref %build-inputs input)) | |
969 | '("coreutils" | |
970 | "curl" | |
971 | "diffutils" | |
972 | "gawk" | |
973 | "grep" | |
974 | "openssl" | |
975 | "sed")))))) | |
976 | #t)))) | |
977 | (inputs | |
978 | `(("bash" ,bash) | |
979 | ("coreutils" ,coreutils) | |
980 | ("curl" ,curl) | |
981 | ("diffutils" ,diffutils) | |
982 | ("gawk" ,gawk) | |
983 | ("grep" ,grep) | |
984 | ("openssl" ,openssl) | |
985 | ("sed" ,sed))) | |
986 | (home-page "https://dehydrated.io/") | |
987 | (synopsis "Let's Encrypt/ACME client implemented as a shell script") | |
988 | (description "Dehydrated is a client for signing certificates with an | |
989 | ACME-server (currently only provided by Let's Encrypt) implemented as a | |
990 | relatively simple Bash script.") | |
991 | (license license:expat))) |