HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: Add python-mock-2.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
3c0f7910 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
80cc3a0a 3;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
df0625ab 7;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
2ed12d3f 8;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
88522738 9;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
88e2511e 11;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
7543f865 12;;;
233e7676 13;;; This file is part of GNU Guix.
7543f865 14;;;
233e7676 15;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 16;;; under the terms of the GNU General Public License as published by
17;;; the Free Software Foundation; either version 3 of the License, or (at
18;;; your option) any later version.
19;;;
233e7676 20;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 21;;; WITHOUT ANY WARRANTY; without even the implied warranty of
22;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23;;; GNU General Public License for more details.
24;;;
25;;; You should have received a copy of the GNU General Public License
233e7676 26;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 27
a7fd7b68 28(define-module (gnu packages tls)
e9aa8d0c 29 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 30 #:use-module (guix packages)
31 #:use-module (guix download)
29a7c98a 32 #:use-module (guix utils)
7543f865 33 #:use-module (guix build-system gnu)
cc2b77df 34 #:use-module (guix build-system perl)
7890e3ba 35 #:use-module (guix build-system python)
88522738 36 #:use-module (guix build-system cmake)
f61e0e79 37 #:use-module (gnu packages compression)
013ce67b 38 #:use-module (gnu packages)
1ffa7090 39 #:use-module (gnu packages guile)
0581c273 40 #:use-module (gnu packages libbsd)
27e86bed 41 #:use-module (gnu packages libffi)
866f469e 42 #:use-module (gnu packages libidn)
5d4c90ae 43 #:use-module (gnu packages linux)
7890e3ba 44 #:use-module (gnu packages ncurses)
27e86bed 45 #:use-module (gnu packages nettle)
1ffa7090 46 #:use-module (gnu packages perl)
27e86bed 47 #:use-module (gnu packages pkg-config)
7890e3ba 48 #:use-module (gnu packages python)
a31f4d35 49 #:use-module (gnu packages texinfo)
079f013b
LC		 50 #:use-module (gnu packages base)
51 #:use-module (srfi srfi-1))
7543f865
LC		 52
53(define-public libtasn1
54 (package
55 (name "libtasn1")
ff51a87c 56 (replacement libtasn1/fixed)
3853bf25 57 (version "4.10")
7543f865
LC		 58 (source
59 (origin
60 (method url-fetch)
61 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
62 version ".tar.gz"))
63 (sha256
64 (base32
3853bf25 65 "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8"))))
7543f865 66 (build-system gnu-build-system)
3ea110b7 67 (native-inputs `(("perl" ,perl)))
6fd52309 68 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 69 (synopsis "ASN.1 library")
7543f865 70 (description
79c311b8
LC		 71 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
72for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 73networking, allowing for formal validation of data according to some
74specifications.")
e9aa8d0c 75 (license license:lgpl2.0+)))
7543f865 76
ff51a87c
LF		 77(define libtasn1/fixed
78 (package
79 (inherit libtasn1)
80 (source
81 (origin
82 (inherit (package-source libtasn1))
83 (patches
84 (search-patches "libtasn1-CVE-2017-6891.patch"))))))
85
375cef6c
HG		 86(define-public asn1c
87 (package
88 (name "asn1c")
ff7da7e0 89 (version "0.9.28")
375cef6c
HG		 90 (source (origin
91 (method url-fetch)
92 (uri (string-append "https://lionet.info/soft/asn1c-"
93 version ".tar.gz"))
94 (sha256
95 (base32
ff7da7e0 96 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 97 (build-system gnu-build-system)
98 (native-inputs
99 `(("perl" ,perl)))
100 (home-page "https://lionet.info/asn1c")
101 (synopsis "ASN.1 to C compiler")
102 (description "The ASN.1 to C compiler takes ASN.1 module
103files and generates C++ compatible C source code. That code can be
104used to serialize the native C structures into compact and unambiguous
105BER/XER/PER-based data files, and deserialize the files back.
106
107Various ASN.1 based formats are widely used in the industry, such as to encode
108the X.509 certificates employed in the HTTPS handshake, to exchange control
109data between mobile phones and cellular networks, to car-to-car communication
110in intelligent transportation networks.")
111 (license license:bsd-2)))
112
27e86bed
AE		 113(define-public p11-kit
114 (package
115 (name "p11-kit")
e6ad9bda 116 (version "0.23.7")
27e86bed
AE		 117 (source
118 (origin
119 (method url-fetch)
e6ad9bda
MB		 120 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
121 "download/" version "/p11-kit-" version ".tar.gz"))
27e86bed
AE		 122 (sha256
123 (base32
e6ad9bda 124 "0hdy4h8byvcvd4av504xqfqyd1h6xy914j034mq3c6v4ya37r3lq"))))
27e86bed
AE		 125 (build-system gnu-build-system)
126 (native-inputs
127 `(("pkg-config" ,pkg-config)))
128 (inputs
129 `(("libffi" ,libffi)
130 ("libtasn1" ,libtasn1)))
131 (arguments
132 `(#:configure-flags '("--without-trust-paths")))
133 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
134 (synopsis "PKCS#11 library")
135 (description
136 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
137provides a standard configuration setup for installing PKCS#11 modules
138in such a way that they are discoverable. It also solves problems with
139coordinating the use of PKCS#11 by different components or libraries
140living in the same process.")
e9aa8d0c 141 (license license:bsd-3)))
27e86bed 142
7543f865
LC		 143(define-public gnutls
144 (package
145 (name "gnutls")
88e2511e 146 (replacement gnutls-3.5.13)
0b866506 147 (version "3.5.9")
d7d408d5
LC		 148 (source (origin
149 (method url-fetch)
150 (uri
151 ;; Note: Releases are no longer on ftp.gnu.org since the
152 ;; schism (after version 3.1.5).
d93627e4 153 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 154 (version-major+minor version)
d93627e4 155 "/gnutls-" version ".tar.xz"))
d7d408d5
LC		 156 (sha256
157 (base32
0b866506 158 "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2"))))
7543f865 159 (build-system gnu-build-system)
b94ae0b8
AK		 160 (arguments
161 '(#:configure-flags
162 (list (string-append "--with-guile-site-dir="
163 (assoc-ref %outputs "out")
aa7c7f21
MW		 164 "/share/guile/site/2.0")
165 ;; GnuTLS doesn't consult any environment variables to specify
166 ;; the location of the system-wide trust store. Instead it has a
167 ;; configure-time option. Unless specified, its configure script
168 ;; attempts to auto-detect the location by looking for common
8f65585b 169 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 170 ;; chroot build environment. If not found, then no default trust
171 ;; store is used, so each program has to provide its own
172 ;; fallback, and users have to configure each program
173 ;; independently. This seems suboptimal.
866f469e
MW		 174 "--with-default-trust-store-dir=/etc/ssl/certs"
175
176 ;; FIXME: Temporarily disable p11-kit support since it is not
177 ;; working on mips64el.
606c6380
LC		 178 "--without-p11-kit")
179
180 #:phases (modify-phases %standard-phases
181 (add-after
182 'install 'move-doc
183 (lambda* (#:key outputs #:allow-other-keys)
184 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
185 (let* ((out (assoc-ref outputs "out"))
186 (doc (assoc-ref outputs "doc"))
9cdce047 187 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 188 (oldman (string-append out "/share/man/man3")))
189 (mkdir-p mandir)
190 (copy-recursively oldman mandir)
191 (delete-file-recursively oldman)
192 #t))))))
193 (outputs '("out" ;4.4 MiB
194 "debug"
195 "doc")) ;4.1 MiB of man pages
a1db0975 196 (native-inputs
5d4c90ae
LF		 197 `(("net-tools" ,net-tools)
198 ("pkg-config" ,pkg-config)
d2fcfd3d 199 ("which" ,which)))
7543f865 200 (inputs
59e0bd71 201 `(("guile" ,guile-2.0)))
7543f865 202 (propagated-inputs
d2fcfd3d 203 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 204 `(("libtasn1" ,libtasn1)
55e61c4d 205 ("libidn2" ,libidn2)
866f469e 206 ("nettle" ,nettle)
f61e0e79 207 ("zlib" ,zlib)))
c19700c3 208 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 209 (synopsis "Transport layer security library")
7543f865 210 (description
a22dc0c4 211 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 212and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 213protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
214required structures.")
63e8bb12
LC		 215 (license license:lgpl2.1+)
216 (properties '((ftp-server . "ftp.gnutls.org")
217 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 218
88e2511e
MB		 219(define gnutls-3.5.13 ;GNUTLS-SA-2017-{3,4}
220 (package
221 (inherit gnutls)
222 ;; We use 'D' instead of '13' here to keep the store file name at
223 ;; the same length. See <https://bugs.gnu.org/27308>.
224 (version "3.5.D")
225 (replacement #f)
226 (source (origin
227 (method url-fetch)
228 (uri
229 (string-append "mirror://gnupg/gnutls/v"
230 (version-major+minor version)
231 "/gnutls-3.5.13.tar.xz"))
232 (patches
233 (search-patches "gnutls-skip-trust-store-test.patch"
234 "gnutls-skip-pkgconfig-test.patch"))
235 (sha256
236 (base32
237 "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))))
238
079f013b
LC		 239(define-public gnutls/guile-2.2
240 ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5.
241 (package
58ea4d40 242 (inherit gnutls)
88e2511e
MB		 243 (replacement #f)
244 (source (package-source gnutls-3.5.13))
079f013b
LC		 245 (name "guile2.2-gnutls")
246 (arguments
247 ;; Remove '--with-guile-site-dir=…/2.0'.
58ea4d40 248 (substitute-keyword-arguments (package-arguments gnutls)
079f013b
LC		 249 ((#:configure-flags flags)
250 `(cdr ,flags))))
f6396d86 251 (inputs `(("guile" ,guile-2.2)
58ea4d40 252 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 253
cc2b77df
AE		 254(define-public openssl
255 (package
256 (name "openssl")
4c145d21 257 (version "1.0.2k")
cc2b77df 258 (source (origin
4cff124b
LC		 259 (method url-fetch)
260 (uri (list (string-append "ftp://ftp.openssl.org/source/"
261 name "-" version ".tar.gz")
262 (string-append "ftp://ftp.openssl.org/source/old/"
263 (string-trim-right version char-set:letter)
264 "/" name "-" version ".tar.gz")))
265 (sha256
266 (base32
4c145d21 267 "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
fc1adab1 268 (patches (search-patches "openssl-runpath.patch"
1d8de185 269 "openssl-c-rehash-in.patch"))))
cc2b77df 270 (build-system gnu-build-system)
8c78aeb7 271 (outputs '("out"
a909b576 272 "doc" ;1.5MiB of man3 pages
8c78aeb7 273 "static")) ;6MiB of .a files
cc2b77df
AE		 274 (native-inputs `(("perl" ,perl)))
275 (arguments
d03781c3
LC		 276 `(#:disallowed-references (,perl)
277 #:parallel-build? #f
cc2b77df
AE		 278 #:parallel-tests? #f
279 #:test-target "test"
8c9ec203
LF		 280
281 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
282 ;; so we explicitly disallow it here.
283 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 284 #:phases
b6cb1358 285 (modify-phases %standard-phases
4fb254a3 286 (add-before
86c8f1da 287 'configure 'patch-Makefile.org
4fb254a3
LC		 288 (lambda* (#:key outputs #:allow-other-keys)
289 ;; The default MANDIR is some unusual place. Fix that.
290 (let ((out (assoc-ref outputs "out")))
86c8f1da 291 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 292 (substitute* "Makefile.org"
293 (("^MANDIR[[:blank:]]*=.*$")
294 (string-append "MANDIR = " out "/share/man\n")))
295 #t)))
b6cb1358
LC		 296 (replace
297 'configure
298 (lambda* (#:key outputs #:allow-other-keys)
299 (let ((out (assoc-ref outputs "out")))
300 (zero?
301 (system* "./config"
302 "shared" ;build shared libraries
303 "--libdir=lib"
4fb254a3
LC		 304
305 ;; The default for this catch-all directory is
306 ;; PREFIX/ssl. Change that to something more
307 ;; conventional.
308 (string-append "--openssldir=" out
309 "/share/openssl-" ,version)
310
b6cb1358
LC		 311 (string-append "--prefix=" out)
312
313 ;; XXX FIXME: Work around a code generation bug in GCC
314 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
315 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
316 ,@(if (and (not (%current-target-system))
317 (string-prefix? "armhf" (%current-system)))
318 '("-mfpu=vfpv3")
319 '()))))))
fe8199a8
LC		 320 (add-after
321 'install 'make-libraries-writable
322 (lambda* (#:key outputs #:allow-other-keys)
323 ;; Make libraries writable so that 'strip' does its job.
324 (let ((out (assoc-ref outputs "out")))
325 (for-each (lambda (file)
326 (chmod file #o644))
327 (find-files (string-append out "/lib")
328 "\\.so"))
329 #t)))
8c78aeb7
LC		 330 (add-after 'install 'move-static-libraries
331 (lambda* (#:key outputs #:allow-other-keys)
332 ;; Move static libraries to the "static" output.
333 (let* ((out (assoc-ref outputs "out"))
334 (lib (string-append out "/lib"))
335 (static (assoc-ref outputs "static"))
336 (slib (string-append static "/lib")))
8c78aeb7
LC		 337 (for-each (lambda (file)
338 (install-file file slib)
339 (delete-file file))
340 (find-files lib "\\.a$"))
341 #t)))
a909b576
LC		 342 (add-after 'install 'move-man3-pages
343 (lambda* (#:key outputs #:allow-other-keys)
344 ;; Move section 3 man pages to "doc".
345 (let* ((out (assoc-ref outputs "out"))
346 (man3 (string-append out "/share/man/man3"))
347 (doc (assoc-ref outputs "doc"))
348 (target (string-append doc "/share/man/man3")))
349 (mkdir-p target)
350 (for-each (lambda (file)
351 (rename-file file
352 (string-append target "/"
353 (basename file))))
354 (find-files man3))
5c838ec9 355 (delete-file-recursively man3)
a909b576 356 #t)))
b6cb1358
LC		 357 (add-before
358 'patch-source-shebangs 'patch-tests
359 (lambda* (#:key inputs native-inputs #:allow-other-keys)
360 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
361 (substitute* (find-files "test" ".*")
362 (("/bin/sh")
08a78c2f 363 (string-append bash "/bin/sh"))
b6cb1358 364 (("/bin/rm")
86c8f1da
MW		 365 "rm"))
366 #t)))
784d6e91
LC		 367 (add-after
368 'install 'remove-miscellany
369 (lambda* (#:key outputs #:allow-other-keys)
370 ;; The 'misc' directory contains random undocumented shell and Perl
371 ;; scripts. Remove them to avoid retaining a reference on Perl.
372 (let ((out (assoc-ref outputs "out")))
373 (delete-file-recursively (string-append out "/share/openssl-"
374 ,version "/misc"))
375 #t))))))
cc2b77df
AE		 376 (native-search-paths
377 ;; FIXME: These two variables must designate a single file or directory
378 ;; and are not actually "search paths." In practice it works OK in user
379 ;; profiles because there's always just one item that matches the
380 ;; specification.
381 (list (search-path-specification
382 (variable "SSL_CERT_DIR")
383 (files '("etc/ssl/certs")))
384 (search-path-specification
385 (variable "SSL_CERT_FILE")
386 (files '("etc/ssl/certs/ca-certificates.crt")))))
387 (synopsis "SSL/TLS implementation")
388 (description
e881752c 389 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 390 (license license:openssl)
cc2b77df
AE		 391 (home-page "http://www.openssl.org/")))
392
763899f0
LF		 393(define-public openssl-next
394 (package
395 (inherit openssl)
396 (name "openssl")
fc3a0416 397 (version "1.1.0f")
763899f0
LF		 398 (source (origin
399 (method url-fetch)
400 (uri (list (string-append "ftp://ftp.openssl.org/source/"
401 name "-" version ".tar.gz")
402 (string-append "ftp://ftp.openssl.org/source/old/"
403 (string-trim-right version char-set:letter)
404 "/" name "-" version ".tar.gz")))
405 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
406 (sha256
407 (base32
fc3a0416 408 "0r97n4n552ns571diz54qsgarihrxvbn7kvyv8wjyfs9ybrldxqj"))))
763899f0
LF		 409 (outputs '("out"
410 "doc" ;1.3MiB of man3 pages
411 "static")) ; 5.5MiB of .a files
412 (arguments
413 (substitute-keyword-arguments (package-arguments openssl)
414 ((#:phases phases)
415 `(modify-phases ,phases
416 (delete 'patch-tests) ; These two phases are not needed by
417 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
418
fc184fe2
MB		 419 ;; Override configure phase since -rpath is now a configure option.
420 (replace 'configure
763899f0 421 (lambda* (#:key outputs #:allow-other-keys)
fc184fe2
MB		 422 (let* ((out (assoc-ref outputs "out"))
423 (lib (string-append out "/lib")))
424 (zero?
425 (system* "./config"
426 "shared" ;build shared libraries
427 "--libdir=lib"
428
429 ;; The default for this catch-all directory is
430 ;; PREFIX/ssl. Change that to something more
431 ;; conventional.
432 (string-append "--openssldir=" out
433 "/share/openssl-" ,version)
434
435 (string-append "--prefix=" out)
436 (string-append "-Wl,-rpath," lib)
437
438 ;; XXX FIXME: Work around a code generation bug in GCC
439 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
440 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
441 ,@(if (and (not (%current-target-system))
442 (string-prefix? "armhf" (%current-system)))
443 '("-mfpu=vfpv3")
444 '()))))))
445
446 ;; XXX: Duplicate this phase to make sure 'version' evaluates
447 ;; in the current scope and not the inherited one.
448 (replace 'remove-miscellany
449 (lambda* (#:key outputs #:allow-other-keys)
450 ;; The 'misc' directory contains random undocumented shell and Perl
451 ;; scripts. Remove them to avoid retaining a reference on Perl.
452 (let ((out (assoc-ref outputs "out")))
453 (delete-file-recursively (string-append out "/share/openssl-"
454 ,version "/misc"))
763899f0
LF		 455 #t)))))))))
456
cb6a802c
AE		 457(define-public libressl
458 (package
459 (name "libressl")
2ed12d3f 460 (version "2.5.4")
cb6a802c
AE		 461 (source
462 (origin
463 (method url-fetch)
464 (uri (string-append
465 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
466 version ".tar.gz"))
1a957c21
LF		 467 (sha256
468 (base32
2ed12d3f 469 "1ykf6dqlbafafhbdfmcj19pjj1z6wmsq0rmyqga1i0xv5x95nyhh"))))
cb6a802c 470 (build-system gnu-build-system)
a2d64899
LC		 471 (arguments
472 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
473 ;; and libc would return ENOSYS, which is not properly handled.
474 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
475 '(#:configure-flags '("ac_cv_func_getentropy=no")))
cb6a802c
AE		 476 (native-search-paths
477 ;; FIXME: These two variables must designate a single file or directory
478 ;; and are not actually "search paths." In practice it works OK in
479 ;; user profiles because there's always just one item that matches the
480 ;; specification.
481 (list (search-path-specification
482 (variable "SSL_CERT_DIR")
483 (files '("etc/ssl/certs")))
484 (search-path-specification
485 (variable "SSL_CERT_FILE")
486 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 487 (home-page "https://www.libressl.org/")
cb6a802c
AE		 488 (synopsis "SSL/TLS implementation")
489 (description "LibreSSL is a version of the TLS/crypto stack forked
490from OpenSSL in 2014, with the goals of modernizing the codebase, improving
491security, and applying best practice development processes.")
492 ;; Files taken from OpenSSL keep their license, others are under various
493 ;; non-copyleft licenses.
494 (license (list license:openssl
495 (license:non-copyleft
496 "file://COPYING"
497 "See COPYING in the distribution.")))))
498
6cefd53d 499(define-public python-acme
7890e3ba 500 (package
6cefd53d 501 (name "python-acme")
686d4259 502 ;; Remember to update the hash of certbot when updating python-acme.
61759370 503 (version "0.15.0")
7890e3ba 504 (source (origin
9495cf9a 505 (method url-fetch)
f349d36e 506 (uri (pypi-uri "acme" version))
7890e3ba 507 (sha256
df0625ab 508 (base32
61759370 509 "11zwgj663vr575pbqw74ia10wxaw16i8rnkcivsrbsx148rxdbcz"))))
7890e3ba
LF		 510 (build-system python-build-system)
511 (arguments
6cefd53d 512 `(#:phases
9bee9d87 513 (modify-phases %standard-phases
1fc8476d
MB		 514 (add-after 'build 'build-documentation
515 (lambda _
516 (zero? (system* "make" "-C" "docs" "man" "info"))))
517 (add-after 'install 'install-documentation
50a7963a
LF		 518 (lambda* (#:key outputs #:allow-other-keys)
519 (let* ((out (assoc-ref outputs "out"))
520 (man (string-append out "/share/man/man1"))
521 (info (string-append out "/info")))
1fc8476d
MB		 522 (install-file "docs/_build/texinfo/acme-python.info" info)
523 (install-file "docs/_build/man/acme-python.1" man)
524 #t))))))
50a7963a 525 ;; TODO: Add optional inputs for testing.
7890e3ba 526 (native-inputs
6cefd53d 527 `(("python-mock" ,python-mock)
50a7963a
LF		 528 ;; For documentation
529 ("python-sphinx" ,python-sphinx)
530 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
531 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 532 ("texinfo" ,texinfo)))
7890e3ba 533 (propagated-inputs
57fe07db 534 `(("python-six" ,python-six)
6cefd53d
LF		 535 ("python-requests" ,python-requests)
536 ("python-pytz" ,python-pytz)
537 ("python-pyrfc3339" ,python-pyrfc3339)
538 ("python-pyasn1" ,python-pyasn1)
539 ("python-cryptography" ,python-cryptography)
540 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 541 (home-page "https://github.com/letsencrypt/letsencrypt")
542 (synopsis "ACME protocol implementation in Python")
543 (description "ACME protocol implementation in Python")
544 (license license:asl2.0)))
545
6cefd53d
LF		 546(define-public python2-acme
547 (package-with-python2 python-acme))
548
9495cf9a 549(define-public certbot
9fd0838b 550 (package
9495cf9a 551 (name "certbot")
686d4259
LF		 552 ;; Certbot and python-acme are developed in the same repository, and their
553 ;; versions should remain synchronized.
554 (version (package-version python-acme))
9fd0838b
DT		 555 (source (origin
556 (method url-fetch)
f349d36e 557 (uri (pypi-uri name version))
9fd0838b
DT		 558 (sha256
559 (base32
61759370 560 "1srvmjxz75dbafx7xfg1w3n9h3srr9p2ljnfsih9dwwd5cxh9i5q"))))
9fd0838b
DT		 561 (build-system python-build-system)
562 (arguments
f9263d9a 563 `(#:python ,python-2
f26d6e4e
LF		 564 ,@(substitute-keyword-arguments (package-arguments python-acme)
565 ((#:phases phases)
566 `(modify-phases ,phases
1fc8476d 567 (replace 'install-documentation
f26d6e4e
LF		 568 (lambda* (#:key outputs #:allow-other-keys)
569 (let* ((out (assoc-ref outputs "out"))
570 (man1 (string-append out "/share/man/man1"))
571 (man7 (string-append out "/share/man/man7"))
572 (info (string-append out "/info")))
1fc8476d
MB		 573 (install-file "docs/_build/texinfo/Certbot.info" info)
574 (install-file "docs/_build/man/certbot.1" man1)
575 (install-file "docs/_build/man/certbot.7" man7)
576 #t))))))))
f9263d9a 577 ;; TODO: Add optional inputs for testing.
9fd0838b
DT		 578 (native-inputs
579 `(("python2-nose" ,python2-nose)
f9263d9a
LF		 580 ("python2-mock" ,python2-mock)
581 ;; For documentation
582 ("python2-sphinx" ,python2-sphinx)
583 ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
584 ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
585 ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
586 ("texinfo" ,texinfo)))
9fd0838b 587 (propagated-inputs
6cefd53d 588 `(("python2-acme" ,python2-acme)
9fd0838b 589 ("python2-zope-interface" ,python2-zope-interface)
9fd0838b
DT		 590 ("python2-pyrfc3339" ,python2-pyrfc3339)
591 ("python2-pyopenssl" ,python2-pyopenssl)
592 ("python2-configobj" ,python2-configobj)
593 ("python2-configargparse" ,python2-configargparse)
594 ("python2-zope-component" ,python2-zope-component)
595 ("python2-parsedatetime" ,python2-parsedatetime)
596 ("python2-six" ,python2-six)
597 ("python2-psutil" ,python2-psutil)
598 ("python2-requests" ,python2-requests)
599 ("python2-pytz" ,python2-pytz)))
d8a1be63 600 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 601 (description "Certbot automatically receives and installs X.509 certificates
602to enable Transport Layer Security (TLS) on servers. It interoperates with the
603Let’s Encrypt certificate authority (CA), which issues browser-trusted
604certificates for free.")
24778368 605 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 606 (license license:asl2.0)))
607
9495cf9a
LF		 608(define-public letsencrypt
609 (package (inherit certbot)
56ab55d1
LF		 610 (name "letsencrypt")
611 (properties `((superseded . ,certbot)))))
9495cf9a 612
cc2b77df
AE		 613(define-public perl-net-ssleay
614 (package
615 (name "perl-net-ssleay")
616 (version "1.68")
617 (source (origin
618 (method url-fetch)
619 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
620 "Net-SSLeay-" version ".tar.gz"))
621 (sha256
622 (base32
1084ec08 623 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
cc2b77df 624 (build-system perl-build-system)
1084ec08
MW		 625 (native-inputs
626 `(("patch" ,patch)
627 ("patch/disable-ede-test"
628 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
cc2b77df
AE		 629 (inputs `(("openssl" ,openssl)))
630 (arguments
1084ec08
MW		 631 `(#:phases
632 (modify-phases %standard-phases
633 (add-after
634 'unpack 'apply-patch
635 (lambda* (#:key inputs #:allow-other-keys)
636 ;; XXX We apply this patch here instead of in the 'origin' because
637 ;; this package's build system fails badly when the source file
638 ;; times are zeroed.
639 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
640 (zero? (system* "patch" "--force" "-p1" "-i"
641 (assoc-ref inputs "patch/disable-ede-test")))))
642 (add-before
643 'configure 'set-ssl-prefix
644 (lambda* (#:key inputs #:allow-other-keys)
645 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
646 #t)))))
cc2b77df
AE		 647 (synopsis "Perl extension for using OpenSSL")
648 (description
649 "This module offers some high level convenience functions for accessing
650web pages on SSL servers (for symmetry, the same API is offered for accessing
651http servers, too), an sslcat() function for writing your own clients, and
652finally access to the SSL api of the SSLeay/OpenSSL package so you can write
653servers or clients for more complicated applications.")
2f3108ad 654 (license license:perl-license)
cc2b77df 655 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 656
657(define-public perl-crypt-openssl-rsa
658 (package
659 (name "perl-crypt-openssl-rsa")
660 (version "0.28")
661 (source
662 (origin
663 (method url-fetch)
664 (uri (string-append
665 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
666 version
667 ".tar.gz"))
668 (sha256
669 (base32
670 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
671 (build-system perl-build-system)
672 (inputs
673 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
674 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
675 ("openssl" ,openssl)))
676 (arguments perl-crypt-arguments)
677 (home-page
678 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
679 (synopsis
680 "RSA encoding and decoding, using the openSSL libraries")
681 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
682OpenSSL libraries).")
2f3108ad 683 (license license:perl-license)))
adff71ca
DM		 684
685(define perl-crypt-arguments
686 `(#:phases (modify-phases %standard-phases
687 (add-before 'configure 'patch-Makefile.PL
688 (lambda* (#:key inputs #:allow-other-keys)
689 (substitute* "Makefile.PL"
690 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
691 (assoc-ref inputs "openssl")
692 "/lib -lcrypto'],")))
693 #t)))))
694
695(define-public perl-crypt-openssl-bignum
696 (package
697 (name "perl-crypt-openssl-bignum")
698 (version "0.06")
699 (source
700 (origin
701 (method url-fetch)
702 (uri (string-append
703 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
704 version
705 ".tar.gz"))
706 (sha256
707 (base32
708 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
709 (build-system perl-build-system)
710 (inputs `(("openssl" ,openssl)))
711 (arguments perl-crypt-arguments)
712 (home-page
713 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
714 (synopsis
715 "OpenSSL's multiprecision integer arithmetic in Perl")
716 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
717arithmetic in Perl.")
718 ;; At your option either gpl1+ or the Artistic License
2f3108ad 719 (license license:perl-license)))
cccb4d26
DM		 720
721(define-public perl-crypt-openssl-random
722 (package
723 (name "perl-crypt-openssl-random")
724 (version "0.11")
725 (source
726 (origin
727 (method url-fetch)
728 (uri (string-append
729 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
730 version
731 ".tar.gz"))
732 (sha256
733 (base32
734 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
735 (build-system perl-build-system)
736 (inputs `(("openssl" ,openssl)))
737 (arguments perl-crypt-arguments)
738 (home-page
739 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
740 (synopsis
741 "OpenSSL/LibreSSL pseudo-random number generator access")
742 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
743number generator")
2f3108ad 744 (license license:perl-license)))
0581c273
LF		 745
746(define-public acme-client
747 (package
748 (name "acme-client")
4a6b2a21 749 (version "0.1.16")
0581c273
LF		 750 (source (origin
751 (method url-fetch)
752 (uri (string-append "https://kristaps.bsd.lv/" name "/"
753 "snapshots/" name "-portable-"
754 version ".tgz"))
755 (sha256
756 (base32
4a6b2a21 757 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 758 (build-system gnu-build-system)
759 (arguments
760 '(#:tests? #f ; no test suite
761 #:make-flags
762 (list "CC=gcc"
763 (string-append "PREFIX=" (assoc-ref %outputs "out")))
764 #:phases
765 (modify-phases %standard-phases
7c1a7bf4
LF		 766 (add-after 'unpack 'patch-paths
767 (lambda* (#:key inputs #:allow-other-keys)
768 (let ((pem (string-append (assoc-ref inputs "libressl")
769 "/etc/ssl/cert.pem")))
770 (substitute* "http.c"
771 (("/etc/ssl/cert.pem") pem))
772 #t)))
0581c273 773 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 774 (native-inputs
775 `(("pkg-config" ,pkg-config)))
0581c273
LF		 776 (inputs
777 `(("libbsd" ,libbsd)
778 ("libressl" ,libressl)))
779 (synopsis "Let's Encrypt client by the OpenBSD project")
780 (description "acme-client is a Let's Encrypt client implemented in C. It
781uses a modular design, and attempts to secure itself by dropping privileges and
782operating in a chroot where possible. acme-client is developed on OpenBSD and
783then ported to the GNU / Linux environment.")
784 (home-page "https://kristaps.bsd.lv/acme-client/")
785 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
786 ;; and 'jsmn.c' are distributed under the Expat license.
787 (license (list license:isc license:expat))))
88522738 788
789;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
790;; variant exists in addition to the "-apache" one.
791(define-public mbedtls-apache
792 (package
793 (name "mbedtls-apache")
16ab9824 794 (version "2.4.2")
88522738 795 (source
796 (origin
797 (method url-fetch)
798 ;; XXX: The download links on the website are script redirection links
799 ;; which effectively lead to the format listed in the uri here.
800 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
801 version "-apache.tgz"))
802 (sha256
803 (base32
16ab9824 804 "065hn5zibzflivabdh9p41dknda7wicl2zhc936dmakqfjprip8p"))))
88522738 805 (build-system cmake-build-system)
806 (native-inputs
807 `(("perl" ,perl)))
808 (synopsis "Small TLS library")
809 (description
810 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
811for developers to include cryptographic and SSL/TLS capabilities in their
812(embedded) products, facilitating this functionality with a minimal
813coding footprint.")
814 (home-page "https://tls.mbed.org")
815 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/