HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: libtasn1: Remove obsolete patch.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
3c0f7910 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
80cc3a0a 3;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
df0625ab 7;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
2ed12d3f 8;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
88522738 9;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
7543f865 11;;;
233e7676 12;;; This file is part of GNU Guix.
7543f865 13;;;
233e7676 14;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 15;;; under the terms of the GNU General Public License as published by
16;;; the Free Software Foundation; either version 3 of the License, or (at
17;;; your option) any later version.
18;;;
233e7676 19;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 20;;; WITHOUT ANY WARRANTY; without even the implied warranty of
21;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22;;; GNU General Public License for more details.
23;;;
24;;; You should have received a copy of the GNU General Public License
233e7676 25;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 26
a7fd7b68 27(define-module (gnu packages tls)
e9aa8d0c 28 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 29 #:use-module (guix packages)
30 #:use-module (guix download)
29a7c98a 31 #:use-module (guix utils)
7543f865 32 #:use-module (guix build-system gnu)
cc2b77df 33 #:use-module (guix build-system perl)
7890e3ba 34 #:use-module (guix build-system python)
88522738 35 #:use-module (guix build-system cmake)
f61e0e79 36 #:use-module (gnu packages compression)
013ce67b 37 #:use-module (gnu packages)
1ffa7090 38 #:use-module (gnu packages guile)
0581c273 39 #:use-module (gnu packages libbsd)
27e86bed 40 #:use-module (gnu packages libffi)
866f469e 41 #:use-module (gnu packages libidn)
5d4c90ae 42 #:use-module (gnu packages linux)
7890e3ba 43 #:use-module (gnu packages ncurses)
27e86bed 44 #:use-module (gnu packages nettle)
1ffa7090 45 #:use-module (gnu packages perl)
27e86bed 46 #:use-module (gnu packages pkg-config)
7890e3ba 47 #:use-module (gnu packages python)
a31f4d35 48 #:use-module (gnu packages texinfo)
079f013b
LC		 49 #:use-module (gnu packages base)
50 #:use-module (srfi srfi-1))
7543f865
LC		 51
52(define-public libtasn1
53 (package
54 (name "libtasn1")
6a09628c 55 (version "4.11")
7543f865
LC		 56 (source
57 (origin
58 (method url-fetch)
59 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
60 version ".tar.gz"))
61 (sha256
62 (base32
6a09628c 63 "0h929bdq6w699y1mdkdajp5a6da8whgg3ba5p4j8x1wy36rlcjll"))))
7543f865 64 (build-system gnu-build-system)
3ea110b7 65 (native-inputs `(("perl" ,perl)))
6fd52309 66 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 67 (synopsis "ASN.1 library")
7543f865 68 (description
79c311b8
LC		 69 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
70for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 71networking, allowing for formal validation of data according to some
72specifications.")
e9aa8d0c 73 (license license:lgpl2.0+)))
7543f865 74
375cef6c
HG		 75(define-public asn1c
76 (package
77 (name "asn1c")
ff7da7e0 78 (version "0.9.28")
375cef6c
HG		 79 (source (origin
80 (method url-fetch)
81 (uri (string-append "https://lionet.info/soft/asn1c-"
82 version ".tar.gz"))
83 (sha256
84 (base32
ff7da7e0 85 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 86 (build-system gnu-build-system)
87 (native-inputs
88 `(("perl" ,perl)))
89 (home-page "https://lionet.info/asn1c")
90 (synopsis "ASN.1 to C compiler")
91 (description "The ASN.1 to C compiler takes ASN.1 module
92files and generates C++ compatible C source code. That code can be
93used to serialize the native C structures into compact and unambiguous
94BER/XER/PER-based data files, and deserialize the files back.
95
96Various ASN.1 based formats are widely used in the industry, such as to encode
97the X.509 certificates employed in the HTTPS handshake, to exchange control
98data between mobile phones and cellular networks, to car-to-car communication
99in intelligent transportation networks.")
100 (license license:bsd-2)))
101
27e86bed
AE		 102(define-public p11-kit
103 (package
104 (name "p11-kit")
2b11b9ab 105 (version "0.23.2")
27e86bed
AE		 106 (source
107 (origin
108 (method url-fetch)
5cc3096c 109 (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-"
27e86bed
AE		 110 version ".tar.gz"))
111 (sha256
112 (base32
2b11b9ab 113 "1w7szm190phlkg7qx05ychlj2dbvkgkhx9gw6dx4d5rw62l6wwms"))
27e86bed
AE		 114 (modules '((guix build utils))) ; for substitute*
115 (snippet
116 '(begin
117 ;; Drop one test that fails, also when trying to compile manually.
118 ;; Reported upstream at
119 ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
120 (substitute* "Makefile.in"
121 (("test-module\\$\\(EXEEXT\\) ") ""))))))
122 (build-system gnu-build-system)
123 (native-inputs
124 `(("pkg-config" ,pkg-config)))
125 (inputs
126 `(("libffi" ,libffi)
127 ("libtasn1" ,libtasn1)))
128 (arguments
129 `(#:configure-flags '("--without-trust-paths")))
130 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
131 (synopsis "PKCS#11 library")
132 (description
133 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
134provides a standard configuration setup for installing PKCS#11 modules
135in such a way that they are discoverable. It also solves problems with
136coordinating the use of PKCS#11 by different components or libraries
137living in the same process.")
e9aa8d0c 138 (license license:bsd-3)))
27e86bed 139
7543f865
LC		 140(define-public gnutls
141 (package
142 (name "gnutls")
fb203578 143 (version "3.5.10")
d7d408d5
LC		 144 (source (origin
145 (method url-fetch)
146 (uri
147 ;; Note: Releases are no longer on ftp.gnu.org since the
148 ;; schism (after version 3.1.5).
d93627e4 149 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 150 (version-major+minor version)
d93627e4 151 "/gnutls-" version ".tar.xz"))
d7d408d5
LC		 152 (sha256
153 (base32
fb203578 154 "17apwvdkkazh5w8z8mbanpj2yj8s2002qwy46wz4v3akpa33wi5g"))))
7543f865 155 (build-system gnu-build-system)
b94ae0b8
AK		 156 (arguments
157 '(#:configure-flags
a0700787 158 (list
aa7c7f21
MW		 159 ;; GnuTLS doesn't consult any environment variables to specify
160 ;; the location of the system-wide trust store. Instead it has a
161 ;; configure-time option. Unless specified, its configure script
162 ;; attempts to auto-detect the location by looking for common
8f65585b 163 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 164 ;; chroot build environment. If not found, then no default trust
165 ;; store is used, so each program has to provide its own
166 ;; fallback, and users have to configure each program
167 ;; independently. This seems suboptimal.
866f469e
MW		 168 "--with-default-trust-store-dir=/etc/ssl/certs"
169
170 ;; FIXME: Temporarily disable p11-kit support since it is not
171 ;; working on mips64el.
606c6380
LC		 172 "--without-p11-kit")
173
174 #:phases (modify-phases %standard-phases
175 (add-after
176 'install 'move-doc
177 (lambda* (#:key outputs #:allow-other-keys)
178 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
179 (let* ((out (assoc-ref outputs "out"))
180 (doc (assoc-ref outputs "doc"))
9cdce047 181 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 182 (oldman (string-append out "/share/man/man3")))
183 (mkdir-p mandir)
184 (copy-recursively oldman mandir)
185 (delete-file-recursively oldman)
186 #t))))))
187 (outputs '("out" ;4.4 MiB
188 "debug"
189 "doc")) ;4.1 MiB of man pages
a1db0975 190 (native-inputs
5d4c90ae
LF		 191 `(("net-tools" ,net-tools)
192 ("pkg-config" ,pkg-config)
d2fcfd3d 193 ("which" ,which)))
7543f865 194 (inputs
a0700787 195 `(("guile" ,guile-2.2)))
7543f865 196 (propagated-inputs
d2fcfd3d 197 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 198 `(("libtasn1" ,libtasn1)
55e61c4d 199 ("libidn2" ,libidn2)
866f469e 200 ("nettle" ,nettle)
f61e0e79 201 ("zlib" ,zlib)))
c19700c3 202 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 203 (synopsis "Transport layer security library")
7543f865 204 (description
a22dc0c4 205 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 206and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 207protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
208required structures.")
63e8bb12
LC		 209 (license license:lgpl2.1+)
210 (properties '((ftp-server . "ftp.gnutls.org")
211 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 212
079f013b 213(define-public gnutls/guile-2.2
a0700787
LC		 214 (deprecated-package "guile2.2-gnutls" gnutls))
215
216(define-public gnutls/guile-2.0
217 ;; GnuTLS for Guile 2.0.
079f013b 218 (package
58ea4d40 219 (inherit gnutls)
a0700787
LC		 220 (name "guile2.0-gnutls")
221 (inputs `(("guile" ,guile-2.0)
58ea4d40 222 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 223
cc2b77df
AE		 224(define-public openssl
225 (package
226 (name "openssl")
811e1028 227 (version "1.0.2l")
cc2b77df 228 (source (origin
4cff124b
LC		 229 (method url-fetch)
230 (uri (list (string-append "ftp://ftp.openssl.org/source/"
231 name "-" version ".tar.gz")
232 (string-append "ftp://ftp.openssl.org/source/old/"
233 (string-trim-right version char-set:letter)
234 "/" name "-" version ".tar.gz")))
235 (sha256
236 (base32
811e1028 237 "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"))
fc1adab1 238 (patches (search-patches "openssl-runpath.patch"
1d8de185 239 "openssl-c-rehash-in.patch"))))
cc2b77df 240 (build-system gnu-build-system)
8c78aeb7 241 (outputs '("out"
a909b576 242 "doc" ;1.5MiB of man3 pages
8c78aeb7 243 "static")) ;6MiB of .a files
cc2b77df
AE		 244 (native-inputs `(("perl" ,perl)))
245 (arguments
d03781c3
LC		 246 `(#:disallowed-references (,perl)
247 #:parallel-build? #f
cc2b77df
AE		 248 #:parallel-tests? #f
249 #:test-target "test"
8c9ec203
LF		 250
251 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
252 ;; so we explicitly disallow it here.
253 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 254 #:phases
b6cb1358 255 (modify-phases %standard-phases
4fb254a3 256 (add-before
86c8f1da 257 'configure 'patch-Makefile.org
4fb254a3
LC		 258 (lambda* (#:key outputs #:allow-other-keys)
259 ;; The default MANDIR is some unusual place. Fix that.
260 (let ((out (assoc-ref outputs "out")))
86c8f1da 261 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 262 (substitute* "Makefile.org"
263 (("^MANDIR[[:blank:]]*=.*$")
264 (string-append "MANDIR = " out "/share/man\n")))
265 #t)))
b6cb1358
LC		 266 (replace
267 'configure
268 (lambda* (#:key outputs #:allow-other-keys)
269 (let ((out (assoc-ref outputs "out")))
270 (zero?
271 (system* "./config"
272 "shared" ;build shared libraries
273 "--libdir=lib"
4fb254a3
LC		 274
275 ;; The default for this catch-all directory is
276 ;; PREFIX/ssl. Change that to something more
277 ;; conventional.
278 (string-append "--openssldir=" out
279 "/share/openssl-" ,version)
280
b6cb1358
LC		 281 (string-append "--prefix=" out)
282
283 ;; XXX FIXME: Work around a code generation bug in GCC
284 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
285 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
286 ,@(if (and (not (%current-target-system))
287 (string-prefix? "armhf" (%current-system)))
288 '("-mfpu=vfpv3")
289 '()))))))
fe8199a8
LC		 290 (add-after
291 'install 'make-libraries-writable
292 (lambda* (#:key outputs #:allow-other-keys)
293 ;; Make libraries writable so that 'strip' does its job.
294 (let ((out (assoc-ref outputs "out")))
295 (for-each (lambda (file)
296 (chmod file #o644))
297 (find-files (string-append out "/lib")
298 "\\.so"))
299 #t)))
8c78aeb7
LC		 300 (add-after 'install 'move-static-libraries
301 (lambda* (#:key outputs #:allow-other-keys)
302 ;; Move static libraries to the "static" output.
303 (let* ((out (assoc-ref outputs "out"))
304 (lib (string-append out "/lib"))
305 (static (assoc-ref outputs "static"))
306 (slib (string-append static "/lib")))
8c78aeb7
LC		 307 (for-each (lambda (file)
308 (install-file file slib)
309 (delete-file file))
310 (find-files lib "\\.a$"))
311 #t)))
a909b576
LC		 312 (add-after 'install 'move-man3-pages
313 (lambda* (#:key outputs #:allow-other-keys)
314 ;; Move section 3 man pages to "doc".
315 (let* ((out (assoc-ref outputs "out"))
316 (man3 (string-append out "/share/man/man3"))
317 (doc (assoc-ref outputs "doc"))
318 (target (string-append doc "/share/man/man3")))
319 (mkdir-p target)
320 (for-each (lambda (file)
321 (rename-file file
322 (string-append target "/"
323 (basename file))))
324 (find-files man3))
5c838ec9 325 (delete-file-recursively man3)
a909b576 326 #t)))
b6cb1358
LC		 327 (add-before
328 'patch-source-shebangs 'patch-tests
329 (lambda* (#:key inputs native-inputs #:allow-other-keys)
330 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
331 (substitute* (find-files "test" ".*")
332 (("/bin/sh")
08a78c2f 333 (string-append bash "/bin/sh"))
b6cb1358 334 (("/bin/rm")
86c8f1da
MW		 335 "rm"))
336 #t)))
784d6e91
LC		 337 (add-after
338 'install 'remove-miscellany
339 (lambda* (#:key outputs #:allow-other-keys)
340 ;; The 'misc' directory contains random undocumented shell and Perl
341 ;; scripts. Remove them to avoid retaining a reference on Perl.
342 (let ((out (assoc-ref outputs "out")))
343 (delete-file-recursively (string-append out "/share/openssl-"
344 ,version "/misc"))
345 #t))))))
cc2b77df
AE		 346 (native-search-paths
347 ;; FIXME: These two variables must designate a single file or directory
348 ;; and are not actually "search paths." In practice it works OK in user
349 ;; profiles because there's always just one item that matches the
350 ;; specification.
351 (list (search-path-specification
352 (variable "SSL_CERT_DIR")
353 (files '("etc/ssl/certs")))
354 (search-path-specification
355 (variable "SSL_CERT_FILE")
356 (files '("etc/ssl/certs/ca-certificates.crt")))))
357 (synopsis "SSL/TLS implementation")
358 (description
e881752c 359 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 360 (license license:openssl)
cc2b77df
AE		 361 (home-page "http://www.openssl.org/")))
362
763899f0
LF		 363(define-public openssl-next
364 (package
365 (inherit openssl)
366 (name "openssl")
fc3a0416 367 (version "1.1.0f")
763899f0
LF		 368 (source (origin
369 (method url-fetch)
370 (uri (list (string-append "ftp://ftp.openssl.org/source/"
371 name "-" version ".tar.gz")
372 (string-append "ftp://ftp.openssl.org/source/old/"
373 (string-trim-right version char-set:letter)
374 "/" name "-" version ".tar.gz")))
375 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
376 (sha256
377 (base32
fc3a0416 378 "0r97n4n552ns571diz54qsgarihrxvbn7kvyv8wjyfs9ybrldxqj"))))
763899f0
LF		 379 (outputs '("out"
380 "doc" ;1.3MiB of man3 pages
381 "static")) ; 5.5MiB of .a files
382 (arguments
383 (substitute-keyword-arguments (package-arguments openssl)
384 ((#:phases phases)
385 `(modify-phases ,phases
386 (delete 'patch-tests) ; These two phases are not needed by
387 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
388
fc184fe2
MB		 389 ;; Override configure phase since -rpath is now a configure option.
390 (replace 'configure
763899f0 391 (lambda* (#:key outputs #:allow-other-keys)
fc184fe2
MB		 392 (let* ((out (assoc-ref outputs "out"))
393 (lib (string-append out "/lib")))
394 (zero?
395 (system* "./config"
396 "shared" ;build shared libraries
397 "--libdir=lib"
398
399 ;; The default for this catch-all directory is
400 ;; PREFIX/ssl. Change that to something more
401 ;; conventional.
402 (string-append "--openssldir=" out
403 "/share/openssl-" ,version)
404
405 (string-append "--prefix=" out)
406 (string-append "-Wl,-rpath," lib)
407
408 ;; XXX FIXME: Work around a code generation bug in GCC
409 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
410 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
411 ,@(if (and (not (%current-target-system))
412 (string-prefix? "armhf" (%current-system)))
413 '("-mfpu=vfpv3")
414 '()))))))
415
416 ;; XXX: Duplicate this phase to make sure 'version' evaluates
417 ;; in the current scope and not the inherited one.
418 (replace 'remove-miscellany
419 (lambda* (#:key outputs #:allow-other-keys)
420 ;; The 'misc' directory contains random undocumented shell and Perl
421 ;; scripts. Remove them to avoid retaining a reference on Perl.
422 (let ((out (assoc-ref outputs "out")))
423 (delete-file-recursively (string-append out "/share/openssl-"
424 ,version "/misc"))
763899f0
LF		 425 #t)))))))))
426
cb6a802c
AE		 427(define-public libressl
428 (package
429 (name "libressl")
2ed12d3f 430 (version "2.5.4")
cb6a802c
AE		 431 (source
432 (origin
433 (method url-fetch)
434 (uri (string-append
435 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
436 version ".tar.gz"))
1a957c21
LF		 437 (sha256
438 (base32
2ed12d3f 439 "1ykf6dqlbafafhbdfmcj19pjj1z6wmsq0rmyqga1i0xv5x95nyhh"))))
cb6a802c 440 (build-system gnu-build-system)
a2d64899
LC		 441 (arguments
442 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
443 ;; and libc would return ENOSYS, which is not properly handled.
444 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
445 '(#:configure-flags '("ac_cv_func_getentropy=no")))
cb6a802c
AE		 446 (native-search-paths
447 ;; FIXME: These two variables must designate a single file or directory
448 ;; and are not actually "search paths." In practice it works OK in
449 ;; user profiles because there's always just one item that matches the
450 ;; specification.
451 (list (search-path-specification
452 (variable "SSL_CERT_DIR")
453 (files '("etc/ssl/certs")))
454 (search-path-specification
455 (variable "SSL_CERT_FILE")
456 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 457 (home-page "https://www.libressl.org/")
cb6a802c
AE		 458 (synopsis "SSL/TLS implementation")
459 (description "LibreSSL is a version of the TLS/crypto stack forked
460from OpenSSL in 2014, with the goals of modernizing the codebase, improving
461security, and applying best practice development processes.")
462 ;; Files taken from OpenSSL keep their license, others are under various
463 ;; non-copyleft licenses.
464 (license (list license:openssl
465 (license:non-copyleft
466 "file://COPYING"
467 "See COPYING in the distribution.")))))
468
6cefd53d 469(define-public python-acme
7890e3ba 470 (package
6cefd53d 471 (name "python-acme")
686d4259 472 ;; Remember to update the hash of certbot when updating python-acme.
44a0591b 473 (version "0.14.1")
7890e3ba 474 (source (origin
9495cf9a 475 (method url-fetch)
f349d36e 476 (uri (pypi-uri "acme" version))
7890e3ba 477 (sha256
df0625ab 478 (base32
44a0591b 479 "0asmkfkzbswnkrvbj5m01xgy4f6g1fjbj2nir1hhrn3ipcdrsv8f"))))
7890e3ba
LF		 480 (build-system python-build-system)
481 (arguments
6cefd53d 482 `(#:phases
9bee9d87 483 (modify-phases %standard-phases
f0e9fda6
LF		 484 (add-after 'unpack 'patch-dependency
485 ;; This module is part of the Python standard library, so we don't
486 ;; need to use an external package.
487 ;; https://github.com/certbot/certbot/pull/2249
488 (lambda _
489 (substitute* "setup.py"
490 (("'argparse',") ""))
491 #t))
1fc8476d
MB		 492 (add-after 'build 'build-documentation
493 (lambda _
494 (zero? (system* "make" "-C" "docs" "man" "info"))))
495 (add-after 'install 'install-documentation
50a7963a
LF		 496 (lambda* (#:key outputs #:allow-other-keys)
497 (let* ((out (assoc-ref outputs "out"))
498 (man (string-append out "/share/man/man1"))
499 (info (string-append out "/info")))
1fc8476d
MB		 500 (install-file "docs/_build/texinfo/acme-python.info" info)
501 (install-file "docs/_build/man/acme-python.1" man)
502 #t))))))
50a7963a 503 ;; TODO: Add optional inputs for testing.
7890e3ba 504 (native-inputs
6cefd53d 505 `(("python-mock" ,python-mock)
50a7963a
LF		 506 ;; For documentation
507 ("python-sphinx" ,python-sphinx)
508 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
509 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 510 ("texinfo" ,texinfo)))
7890e3ba 511 (propagated-inputs
57fe07db 512 `(("python-six" ,python-six)
6cefd53d
LF		 513 ("python-requests" ,python-requests)
514 ("python-pytz" ,python-pytz)
515 ("python-pyrfc3339" ,python-pyrfc3339)
516 ("python-pyasn1" ,python-pyasn1)
517 ("python-cryptography" ,python-cryptography)
518 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 519 (home-page "https://github.com/letsencrypt/letsencrypt")
520 (synopsis "ACME protocol implementation in Python")
521 (description "ACME protocol implementation in Python")
522 (license license:asl2.0)))
523
6cefd53d
LF		 524(define-public python2-acme
525 (package-with-python2 python-acme))
526
9495cf9a 527(define-public certbot
9fd0838b 528 (package
9495cf9a 529 (name "certbot")
686d4259
LF		 530 ;; Certbot and python-acme are developed in the same repository, and their
531 ;; versions should remain synchronized.
532 (version (package-version python-acme))
9fd0838b
DT		 533 (source (origin
534 (method url-fetch)
f349d36e 535 (uri (pypi-uri name version))
9fd0838b
DT		 536 (sha256
537 (base32
44a0591b 538 "0rdby57hw35qdrbl7kigscphnz4kqb608bqzrcb73nb99092i6si"))))
9fd0838b
DT		 539 (build-system python-build-system)
540 (arguments
f9263d9a 541 `(#:python ,python-2
f26d6e4e
LF		 542 ,@(substitute-keyword-arguments (package-arguments python-acme)
543 ((#:phases phases)
544 `(modify-phases ,phases
1fc8476d 545 (replace 'install-documentation
f26d6e4e
LF		 546 (lambda* (#:key outputs #:allow-other-keys)
547 (let* ((out (assoc-ref outputs "out"))
548 (man1 (string-append out "/share/man/man1"))
549 (man7 (string-append out "/share/man/man7"))
550 (info (string-append out "/info")))
1fc8476d
MB		 551 (install-file "docs/_build/texinfo/Certbot.info" info)
552 (install-file "docs/_build/man/certbot.1" man1)
553 (install-file "docs/_build/man/certbot.7" man7)
554 #t))))))))
f9263d9a 555 ;; TODO: Add optional inputs for testing.
9fd0838b
DT		 556 (native-inputs
557 `(("python2-nose" ,python2-nose)
f9263d9a
LF		 558 ("python2-mock" ,python2-mock)
559 ;; For documentation
560 ("python2-sphinx" ,python2-sphinx)
561 ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
562 ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
563 ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
564 ("texinfo" ,texinfo)))
9fd0838b 565 (propagated-inputs
6cefd53d 566 `(("python2-acme" ,python2-acme)
9fd0838b 567 ("python2-zope-interface" ,python2-zope-interface)
9fd0838b
DT		 568 ("python2-pyrfc3339" ,python2-pyrfc3339)
569 ("python2-pyopenssl" ,python2-pyopenssl)
570 ("python2-configobj" ,python2-configobj)
571 ("python2-configargparse" ,python2-configargparse)
572 ("python2-zope-component" ,python2-zope-component)
573 ("python2-parsedatetime" ,python2-parsedatetime)
574 ("python2-six" ,python2-six)
575 ("python2-psutil" ,python2-psutil)
576 ("python2-requests" ,python2-requests)
577 ("python2-pytz" ,python2-pytz)))
d8a1be63 578 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 579 (description "Certbot automatically receives and installs X.509 certificates
580to enable Transport Layer Security (TLS) on servers. It interoperates with the
581Let’s Encrypt certificate authority (CA), which issues browser-trusted
582certificates for free.")
24778368 583 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 584 (license license:asl2.0)))
585
9495cf9a
LF		 586(define-public letsencrypt
587 (package (inherit certbot)
56ab55d1
LF		 588 (name "letsencrypt")
589 (properties `((superseded . ,certbot)))))
9495cf9a 590
cc2b77df
AE		 591(define-public perl-net-ssleay
592 (package
593 (name "perl-net-ssleay")
594 (version "1.68")
595 (source (origin
596 (method url-fetch)
597 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
598 "Net-SSLeay-" version ".tar.gz"))
599 (sha256
600 (base32
1084ec08 601 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
cc2b77df 602 (build-system perl-build-system)
1084ec08
MW		 603 (native-inputs
604 `(("patch" ,patch)
605 ("patch/disable-ede-test"
606 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
cc2b77df
AE		 607 (inputs `(("openssl" ,openssl)))
608 (arguments
1084ec08
MW		 609 `(#:phases
610 (modify-phases %standard-phases
611 (add-after
612 'unpack 'apply-patch
613 (lambda* (#:key inputs #:allow-other-keys)
614 ;; XXX We apply this patch here instead of in the 'origin' because
615 ;; this package's build system fails badly when the source file
616 ;; times are zeroed.
617 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
618 (zero? (system* "patch" "--force" "-p1" "-i"
619 (assoc-ref inputs "patch/disable-ede-test")))))
620 (add-before
621 'configure 'set-ssl-prefix
622 (lambda* (#:key inputs #:allow-other-keys)
623 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
624 #t)))))
cc2b77df
AE		 625 (synopsis "Perl extension for using OpenSSL")
626 (description
627 "This module offers some high level convenience functions for accessing
628web pages on SSL servers (for symmetry, the same API is offered for accessing
629http servers, too), an sslcat() function for writing your own clients, and
630finally access to the SSL api of the SSLeay/OpenSSL package so you can write
631servers or clients for more complicated applications.")
2f3108ad 632 (license license:perl-license)
cc2b77df 633 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 634
635(define-public perl-crypt-openssl-rsa
636 (package
637 (name "perl-crypt-openssl-rsa")
638 (version "0.28")
639 (source
640 (origin
641 (method url-fetch)
642 (uri (string-append
643 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
644 version
645 ".tar.gz"))
646 (sha256
647 (base32
648 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
649 (build-system perl-build-system)
650 (inputs
651 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
652 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
653 ("openssl" ,openssl)))
654 (arguments perl-crypt-arguments)
655 (home-page
656 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
657 (synopsis
658 "RSA encoding and decoding, using the openSSL libraries")
659 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
660OpenSSL libraries).")
2f3108ad 661 (license license:perl-license)))
adff71ca
DM		 662
663(define perl-crypt-arguments
664 `(#:phases (modify-phases %standard-phases
665 (add-before 'configure 'patch-Makefile.PL
666 (lambda* (#:key inputs #:allow-other-keys)
667 (substitute* "Makefile.PL"
668 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
669 (assoc-ref inputs "openssl")
670 "/lib -lcrypto'],")))
671 #t)))))
672
673(define-public perl-crypt-openssl-bignum
674 (package
675 (name "perl-crypt-openssl-bignum")
676 (version "0.06")
677 (source
678 (origin
679 (method url-fetch)
680 (uri (string-append
681 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
682 version
683 ".tar.gz"))
684 (sha256
685 (base32
686 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
687 (build-system perl-build-system)
688 (inputs `(("openssl" ,openssl)))
689 (arguments perl-crypt-arguments)
690 (home-page
691 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
692 (synopsis
693 "OpenSSL's multiprecision integer arithmetic in Perl")
694 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
695arithmetic in Perl.")
696 ;; At your option either gpl1+ or the Artistic License
2f3108ad 697 (license license:perl-license)))
cccb4d26
DM		 698
699(define-public perl-crypt-openssl-random
700 (package
701 (name "perl-crypt-openssl-random")
702 (version "0.11")
703 (source
704 (origin
705 (method url-fetch)
706 (uri (string-append
707 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
708 version
709 ".tar.gz"))
710 (sha256
711 (base32
712 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
713 (build-system perl-build-system)
714 (inputs `(("openssl" ,openssl)))
715 (arguments perl-crypt-arguments)
716 (home-page
717 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
718 (synopsis
719 "OpenSSL/LibreSSL pseudo-random number generator access")
720 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
721number generator")
2f3108ad 722 (license license:perl-license)))
0581c273
LF		 723
724(define-public acme-client
725 (package
726 (name "acme-client")
4a6b2a21 727 (version "0.1.16")
0581c273
LF		 728 (source (origin
729 (method url-fetch)
730 (uri (string-append "https://kristaps.bsd.lv/" name "/"
731 "snapshots/" name "-portable-"
732 version ".tgz"))
733 (sha256
734 (base32
4a6b2a21 735 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 736 (build-system gnu-build-system)
737 (arguments
738 '(#:tests? #f ; no test suite
739 #:make-flags
740 (list "CC=gcc"
741 (string-append "PREFIX=" (assoc-ref %outputs "out")))
742 #:phases
743 (modify-phases %standard-phases
7c1a7bf4
LF		 744 (add-after 'unpack 'patch-paths
745 (lambda* (#:key inputs #:allow-other-keys)
746 (let ((pem (string-append (assoc-ref inputs "libressl")
747 "/etc/ssl/cert.pem")))
748 (substitute* "http.c"
749 (("/etc/ssl/cert.pem") pem))
750 #t)))
0581c273 751 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 752 (native-inputs
753 `(("pkg-config" ,pkg-config)))
0581c273
LF		 754 (inputs
755 `(("libbsd" ,libbsd)
756 ("libressl" ,libressl)))
757 (synopsis "Let's Encrypt client by the OpenBSD project")
758 (description "acme-client is a Let's Encrypt client implemented in C. It
759uses a modular design, and attempts to secure itself by dropping privileges and
760operating in a chroot where possible. acme-client is developed on OpenBSD and
761then ported to the GNU / Linux environment.")
762 (home-page "https://kristaps.bsd.lv/acme-client/")
763 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
764 ;; and 'jsmn.c' are distributed under the Expat license.
765 (license (list license:isc license:expat))))
88522738 766
767;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
768;; variant exists in addition to the "-apache" one.
769(define-public mbedtls-apache
770 (package
771 (name "mbedtls-apache")
16ab9824 772 (version "2.4.2")
88522738 773 (source
774 (origin
775 (method url-fetch)
776 ;; XXX: The download links on the website are script redirection links
777 ;; which effectively lead to the format listed in the uri here.
778 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
779 version "-apache.tgz"))
780 (sha256
781 (base32
16ab9824 782 "065hn5zibzflivabdh9p41dknda7wicl2zhc936dmakqfjprip8p"))))
88522738 783 (build-system cmake-build-system)
784 (native-inputs
785 `(("perl" ,perl)))
786 (synopsis "Small TLS library")
787 (description
788 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
789for developers to include cryptographic and SSL/TLS capabilities in their
790(embedded) products, facilitating this functionality with a minimal
791coding footprint.")
792 (home-page "https://tls.mbed.org")
793 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/