HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: doxygen: Build with flex@2.6.1.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
3c0f7910 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
e3df6938 3;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
df0625ab 7;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
2ed12d3f 8;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
5b9aa107 9;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
88e2511e 12;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
7543f865 13;;;
233e7676 14;;; This file is part of GNU Guix.
7543f865 15;;;
233e7676 16;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 17;;; under the terms of the GNU General Public License as published by
18;;; the Free Software Foundation; either version 3 of the License, or (at
19;;; your option) any later version.
20;;;
233e7676 21;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 22;;; WITHOUT ANY WARRANTY; without even the implied warranty of
23;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24;;; GNU General Public License for more details.
25;;;
26;;; You should have received a copy of the GNU General Public License
233e7676 27;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 28
a7fd7b68 29(define-module (gnu packages tls)
e9aa8d0c 30 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 31 #:use-module (guix packages)
32 #:use-module (guix download)
29a7c98a 33 #:use-module (guix utils)
7543f865 34 #:use-module (guix build-system gnu)
cc2b77df 35 #:use-module (guix build-system perl)
7890e3ba 36 #:use-module (guix build-system python)
88522738 37 #:use-module (guix build-system cmake)
f61e0e79 38 #:use-module (gnu packages compression)
013ce67b 39 #:use-module (gnu packages)
5b9aa107 40 #:use-module (gnu packages dns)
1ffa7090 41 #:use-module (gnu packages guile)
0581c273 42 #:use-module (gnu packages libbsd)
27e86bed 43 #:use-module (gnu packages libffi)
866f469e 44 #:use-module (gnu packages libidn)
5d4c90ae 45 #:use-module (gnu packages linux)
7890e3ba 46 #:use-module (gnu packages ncurses)
27e86bed 47 #:use-module (gnu packages nettle)
1ffa7090 48 #:use-module (gnu packages perl)
27e86bed 49 #:use-module (gnu packages pkg-config)
7890e3ba 50 #:use-module (gnu packages python)
a31f4d35 51 #:use-module (gnu packages texinfo)
079f013b
LC		 52 #:use-module (gnu packages base)
53 #:use-module (srfi srfi-1))
7543f865
LC		 54
55(define-public libtasn1
56 (package
57 (name "libtasn1")
ee33f9a7 58 (version "4.12")
7543f865
LC		 59 (source
60 (origin
61 (method url-fetch)
62 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
63 version ".tar.gz"))
64 (sha256
65 (base32
3651c471
EF		 66 "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))
67 (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))
7543f865 68 (build-system gnu-build-system)
3ea110b7 69 (native-inputs `(("perl" ,perl)))
6fd52309 70 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 71 (synopsis "ASN.1 library")
7543f865 72 (description
79c311b8
LC		 73 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
74for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 75networking, allowing for formal validation of data according to some
76specifications.")
e9aa8d0c 77 (license license:lgpl2.0+)))
7543f865 78
375cef6c
HG		 79(define-public asn1c
80 (package
81 (name "asn1c")
ff7da7e0 82 (version "0.9.28")
375cef6c
HG		 83 (source (origin
84 (method url-fetch)
85 (uri (string-append "https://lionet.info/soft/asn1c-"
86 version ".tar.gz"))
87 (sha256
88 (base32
ff7da7e0 89 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 90 (build-system gnu-build-system)
91 (native-inputs
92 `(("perl" ,perl)))
93 (home-page "https://lionet.info/asn1c")
94 (synopsis "ASN.1 to C compiler")
95 (description "The ASN.1 to C compiler takes ASN.1 module
96files and generates C++ compatible C source code. That code can be
97used to serialize the native C structures into compact and unambiguous
98BER/XER/PER-based data files, and deserialize the files back.
99
100Various ASN.1 based formats are widely used in the industry, such as to encode
101the X.509 certificates employed in the HTTPS handshake, to exchange control
102data between mobile phones and cellular networks, to car-to-car communication
103in intelligent transportation networks.")
104 (license license:bsd-2)))
105
27e86bed
AE		 106(define-public p11-kit
107 (package
108 (name "p11-kit")
2a6e049a 109 (version "0.23.9")
27e86bed
AE		 110 (source
111 (origin
112 (method url-fetch)
e6ad9bda
MB		 113 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
114 "download/" version "/p11-kit-" version ".tar.gz"))
27e86bed
AE		 115 (sha256
116 (base32
2a6e049a 117 "0qyvnkb5hfi94wv3bn67y20hcbbvynvjwxpk7k9sh1si6ff69hg1"))))
27e86bed
AE		 118 (build-system gnu-build-system)
119 (native-inputs
120 `(("pkg-config" ,pkg-config)))
121 (inputs
122 `(("libffi" ,libffi)
123 ("libtasn1" ,libtasn1)))
124 (arguments
125 `(#:configure-flags '("--without-trust-paths")))
126 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
127 (synopsis "PKCS#11 library")
128 (description
129 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
130provides a standard configuration setup for installing PKCS#11 modules
131in such a way that they are discoverable. It also solves problems with
132coordinating the use of PKCS#11 by different components or libraries
133living in the same process.")
e9aa8d0c 134 (license license:bsd-3)))
27e86bed 135
7543f865
LC		 136(define-public gnutls
137 (package
138 (name "gnutls")
5bace4c8 139 (version "3.5.13")
d7d408d5
LC		 140 (source (origin
141 (method url-fetch)
142 (uri
143 ;; Note: Releases are no longer on ftp.gnu.org since the
144 ;; schism (after version 3.1.5).
d93627e4 145 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 146 (version-major+minor version)
d93627e4 147 "/gnutls-" version ".tar.xz"))
5bace4c8
MB		 148 (patches
149 (search-patches "gnutls-skip-trust-store-test.patch"
150 "gnutls-skip-pkgconfig-test.patch"))
d7d408d5
LC		 151 (sha256
152 (base32
5bace4c8 153 "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))
7543f865 154 (build-system gnu-build-system)
b94ae0b8 155 (arguments
c06d8ba5 156 '(#:configure-flags
a0700787 157 (list
aa7c7f21
MW		 158 ;; GnuTLS doesn't consult any environment variables to specify
159 ;; the location of the system-wide trust store. Instead it has a
160 ;; configure-time option. Unless specified, its configure script
161 ;; attempts to auto-detect the location by looking for common
8f65585b 162 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 163 ;; chroot build environment. If not found, then no default trust
164 ;; store is used, so each program has to provide its own
165 ;; fallback, and users have to configure each program
166 ;; independently. This seems suboptimal.
866f469e
MW		 167 "--with-default-trust-store-dir=/etc/ssl/certs"
168
169 ;; FIXME: Temporarily disable p11-kit support since it is not
170 ;; working on mips64el.
606c6380
LC		 171 "--without-p11-kit")
172
173 #:phases (modify-phases %standard-phases
174 (add-after
175 'install 'move-doc
176 (lambda* (#:key outputs #:allow-other-keys)
177 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
178 (let* ((out (assoc-ref outputs "out"))
179 (doc (assoc-ref outputs "doc"))
9cdce047 180 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 181 (oldman (string-append out "/share/man/man3")))
182 (mkdir-p mandir)
183 (copy-recursively oldman mandir)
184 (delete-file-recursively oldman)
185 #t))))))
186 (outputs '("out" ;4.4 MiB
187 "debug"
188 "doc")) ;4.1 MiB of man pages
a1db0975 189 (native-inputs
c06d8ba5 190 `(("net-tools" ,net-tools)
5d4c90ae 191 ("pkg-config" ,pkg-config)
d2fcfd3d 192 ("which" ,which)))
7543f865 193 (inputs
a0700787 194 `(("guile" ,guile-2.2)))
7543f865 195 (propagated-inputs
d2fcfd3d 196 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 197 `(("libtasn1" ,libtasn1)
55e61c4d 198 ("libidn2" ,libidn2)
866f469e 199 ("nettle" ,nettle)
f61e0e79 200 ("zlib" ,zlib)))
c19700c3 201 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 202 (synopsis "Transport layer security library")
7543f865 203 (description
a22dc0c4 204 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 205and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 206protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
207required structures.")
63e8bb12
LC		 208 (license license:lgpl2.1+)
209 (properties '((ftp-server . "ftp.gnutls.org")
210 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 211
079f013b 212(define-public gnutls/guile-2.2
a0700787
LC		 213 (deprecated-package "guile2.2-gnutls" gnutls))
214
215(define-public gnutls/guile-2.0
216 ;; GnuTLS for Guile 2.0.
079f013b 217 (package
58ea4d40 218 (inherit gnutls)
a0700787
LC		 219 (name "guile2.0-gnutls")
220 (inputs `(("guile" ,guile-2.0)
58ea4d40 221 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 222
5b9aa107 223(define-public gnutls/dane
224 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
225 ;; Authentication of Named Entities. This is required for GNS functionality
226 ;; by GNUnet and gnURL. This is done in an extra package definition
227 ;; to have the choice between GnuTLS with Dane and without Dane.
228 (package
229 (inherit gnutls)
230 (name "gnutls-dane")
231 (inputs `(("unbound" ,unbound)
232 ,@(package-inputs gnutls)))))
233
cc2b77df
AE		 234(define-public openssl
235 (package
236 (name "openssl")
bdf0b6fc 237 (version "1.0.2m")
cc2b77df 238 (source (origin
4cff124b 239 (method url-fetch)
bdf0b6fc
MB		 240 (uri (list (string-append "https://www.openssl.org/source/openssl-"
241 version ".tar.gz")
242 (string-append "ftp://ftp.openssl.org/source/"
4cff124b
LC		 243 name "-" version ".tar.gz")
244 (string-append "ftp://ftp.openssl.org/source/old/"
245 (string-trim-right version char-set:letter)
246 "/" name "-" version ".tar.gz")))
247 (sha256
248 (base32
bdf0b6fc 249 "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc"))
8a9b08b5
ST		 250 (snippet
251 '(begin
252 ;; Remove ELF files. 'substitute*' can't read them.
253 (delete-file "test/ssltest_old")
254 (delete-file "test/v3ext")
255 (delete-file "test/x509aux")
256 #t))
fc1adab1 257 (patches (search-patches "openssl-runpath.patch"
1d8de185 258 "openssl-c-rehash-in.patch"))))
cc2b77df 259 (build-system gnu-build-system)
8c78aeb7 260 (outputs '("out"
a909b576 261 "doc" ;1.5MiB of man3 pages
8c78aeb7 262 "static")) ;6MiB of .a files
cc2b77df
AE		 263 (native-inputs `(("perl" ,perl)))
264 (arguments
d03781c3
LC		 265 `(#:disallowed-references (,perl)
266 #:parallel-build? #f
cc2b77df
AE		 267 #:parallel-tests? #f
268 #:test-target "test"
8c9ec203
LF		 269
270 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
271 ;; so we explicitly disallow it here.
272 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 273 #:phases
b6cb1358 274 (modify-phases %standard-phases
4fb254a3 275 (add-before
86c8f1da 276 'configure 'patch-Makefile.org
4fb254a3
LC		 277 (lambda* (#:key outputs #:allow-other-keys)
278 ;; The default MANDIR is some unusual place. Fix that.
279 (let ((out (assoc-ref outputs "out")))
86c8f1da 280 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 281 (substitute* "Makefile.org"
282 (("^MANDIR[[:blank:]]*=.*$")
283 (string-append "MANDIR = " out "/share/man\n")))
284 #t)))
b6cb1358
LC		 285 (replace
286 'configure
287 (lambda* (#:key outputs #:allow-other-keys)
288 (let ((out (assoc-ref outputs "out")))
289 (zero?
290 (system* "./config"
291 "shared" ;build shared libraries
292 "--libdir=lib"
4fb254a3
LC		 293
294 ;; The default for this catch-all directory is
295 ;; PREFIX/ssl. Change that to something more
296 ;; conventional.
297 (string-append "--openssldir=" out
298 "/share/openssl-" ,version)
299
b6cb1358
LC		 300 (string-append "--prefix=" out)
301
302 ;; XXX FIXME: Work around a code generation bug in GCC
303 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
304 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
305 ,@(if (and (not (%current-target-system))
306 (string-prefix? "armhf" (%current-system)))
307 '("-mfpu=vfpv3")
308 '()))))))
fe8199a8
LC		 309 (add-after
310 'install 'make-libraries-writable
311 (lambda* (#:key outputs #:allow-other-keys)
312 ;; Make libraries writable so that 'strip' does its job.
313 (let ((out (assoc-ref outputs "out")))
314 (for-each (lambda (file)
315 (chmod file #o644))
316 (find-files (string-append out "/lib")
317 "\\.so"))
318 #t)))
8c78aeb7
LC		 319 (add-after 'install 'move-static-libraries
320 (lambda* (#:key outputs #:allow-other-keys)
321 ;; Move static libraries to the "static" output.
322 (let* ((out (assoc-ref outputs "out"))
323 (lib (string-append out "/lib"))
324 (static (assoc-ref outputs "static"))
325 (slib (string-append static "/lib")))
8c78aeb7
LC		 326 (for-each (lambda (file)
327 (install-file file slib)
328 (delete-file file))
329 (find-files lib "\\.a$"))
330 #t)))
a909b576
LC		 331 (add-after 'install 'move-man3-pages
332 (lambda* (#:key outputs #:allow-other-keys)
333 ;; Move section 3 man pages to "doc".
334 (let* ((out (assoc-ref outputs "out"))
335 (man3 (string-append out "/share/man/man3"))
336 (doc (assoc-ref outputs "doc"))
337 (target (string-append doc "/share/man/man3")))
338 (mkdir-p target)
339 (for-each (lambda (file)
340 (rename-file file
341 (string-append target "/"
342 (basename file))))
343 (find-files man3))
5c838ec9 344 (delete-file-recursively man3)
a909b576 345 #t)))
b6cb1358
LC		 346 (add-before
347 'patch-source-shebangs 'patch-tests
348 (lambda* (#:key inputs native-inputs #:allow-other-keys)
349 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
350 (substitute* (find-files "test" ".*")
351 (("/bin/sh")
08a78c2f 352 (string-append bash "/bin/sh"))
b6cb1358 353 (("/bin/rm")
86c8f1da
MW		 354 "rm"))
355 #t)))
784d6e91
LC		 356 (add-after
357 'install 'remove-miscellany
358 (lambda* (#:key outputs #:allow-other-keys)
359 ;; The 'misc' directory contains random undocumented shell and Perl
360 ;; scripts. Remove them to avoid retaining a reference on Perl.
361 (let ((out (assoc-ref outputs "out")))
362 (delete-file-recursively (string-append out "/share/openssl-"
363 ,version "/misc"))
364 #t))))))
cc2b77df 365 (native-search-paths
cc2b77df
AE		 366 (list (search-path-specification
367 (variable "SSL_CERT_DIR")
5d7a47cc 368 (separator #f) ;single entry
cc2b77df
AE		 369 (files '("etc/ssl/certs")))
370 (search-path-specification
371 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 372 (file-type 'regular)
373 (separator #f) ;single entry
cc2b77df
AE		 374 (files '("etc/ssl/certs/ca-certificates.crt")))))
375 (synopsis "SSL/TLS implementation")
376 (description
e881752c 377 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 378 (license license:openssl)
cc2b77df
AE		 379 (home-page "http://www.openssl.org/")))
380
763899f0
LF		 381(define-public openssl-next
382 (package
383 (inherit openssl)
384 (name "openssl")
77576be4 385 (version "1.1.0g")
763899f0
LF		 386 (source (origin
387 (method url-fetch)
77576be4
MB		 388 (uri (list (string-append "https://www.openssl.org/source/openssl-"
389 version ".tar.gz")
390 (string-append "ftp://ftp.openssl.org/source/"
763899f0
LF		 391 name "-" version ".tar.gz")
392 (string-append "ftp://ftp.openssl.org/source/old/"
393 (string-trim-right version char-set:letter)
394 "/" name "-" version ".tar.gz")))
395 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
396 (sha256
397 (base32
77576be4 398 "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy"))))
763899f0
LF		 399 (outputs '("out"
400 "doc" ;1.3MiB of man3 pages
401 "static")) ; 5.5MiB of .a files
402 (arguments
403 (substitute-keyword-arguments (package-arguments openssl)
404 ((#:phases phases)
405 `(modify-phases ,phases
406 (delete 'patch-tests) ; These two phases are not needed by
407 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
408
fc184fe2
MB		 409 ;; Override configure phase since -rpath is now a configure option.
410 (replace 'configure
763899f0 411 (lambda* (#:key outputs #:allow-other-keys)
fc184fe2
MB		 412 (let* ((out (assoc-ref outputs "out"))
413 (lib (string-append out "/lib")))
414 (zero?
415 (system* "./config"
416 "shared" ;build shared libraries
417 "--libdir=lib"
418
419 ;; The default for this catch-all directory is
420 ;; PREFIX/ssl. Change that to something more
421 ;; conventional.
422 (string-append "--openssldir=" out
423 "/share/openssl-" ,version)
424
425 (string-append "--prefix=" out)
426 (string-append "-Wl,-rpath," lib)
427
428 ;; XXX FIXME: Work around a code generation bug in GCC
429 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
430 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
431 ,@(if (and (not (%current-target-system))
432 (string-prefix? "armhf" (%current-system)))
433 '("-mfpu=vfpv3")
434 '()))))))
435
436 ;; XXX: Duplicate this phase to make sure 'version' evaluates
437 ;; in the current scope and not the inherited one.
438 (replace 'remove-miscellany
439 (lambda* (#:key outputs #:allow-other-keys)
440 ;; The 'misc' directory contains random undocumented shell and Perl
441 ;; scripts. Remove them to avoid retaining a reference on Perl.
442 (let ((out (assoc-ref outputs "out")))
443 (delete-file-recursively (string-append out "/share/openssl-"
444 ,version "/misc"))
763899f0
LF		 445 #t)))))))))
446
cb6a802c
AE		 447(define-public libressl
448 (package
449 (name "libressl")
1d919d32 450 (version "2.5.5")
644e5f17
TGR		 451 (source (origin
452 (method url-fetch)
453 (uri (string-append "mirror://openbsd/LibreSSL/"
454 name "-" version ".tar.gz"))
455 (sha256
456 (base32
457 "1i77viqy1afvbr392npk9v54k9zhr9zq2vhv6pliza22b0ymwzz5"))))
cb6a802c 458 (build-system gnu-build-system)
a2d64899
LC		 459 (arguments
460 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
461 ;; and libc would return ENOSYS, which is not properly handled.
462 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 463 '(#:configure-flags '("ac_cv_func_getentropy=no"
464 ;; Provide a TLS-enabled netcat.
465 "--enable-nc")))
cb6a802c
AE		 466 (native-search-paths
467 ;; FIXME: These two variables must designate a single file or directory
468 ;; and are not actually "search paths." In practice it works OK in
469 ;; user profiles because there's always just one item that matches the
470 ;; specification.
471 (list (search-path-specification
472 (variable "SSL_CERT_DIR")
473 (files '("etc/ssl/certs")))
474 (search-path-specification
475 (variable "SSL_CERT_FILE")
476 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 477 (home-page "https://www.libressl.org/")
cb6a802c 478 (synopsis "SSL/TLS implementation")
df08f385
LF		 479 (description "LibreSSL is a version of the TLS/crypto stack, forked from
480OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
481and applying best practice development processes. This package also includes a
482netcat implementation that supports TLS.")
cb6a802c
AE		 483 ;; Files taken from OpenSSL keep their license, others are under various
484 ;; non-copyleft licenses.
485 (license (list license:openssl
486 (license:non-copyleft
487 "file://COPYING"
488 "See COPYING in the distribution.")))))
489
6cefd53d 490(define-public python-acme
7890e3ba 491 (package
6cefd53d 492 (name "python-acme")
686d4259 493 ;; Remember to update the hash of certbot when updating python-acme.
eb93f1c9 494 (version "0.19.0")
7890e3ba 495 (source (origin
9495cf9a 496 (method url-fetch)
f349d36e 497 (uri (pypi-uri "acme" version))
881006b6
MB		 498 (sha256
499 (base32
eb93f1c9 500 "08p8w50zciqlhgn3ab0wbbvi1zyg3x37r1gywq0z1allsij3v8hz"))))
7890e3ba
LF		 501 (build-system python-build-system)
502 (arguments
6cefd53d 503 `(#:phases
9bee9d87 504 (modify-phases %standard-phases
1fc8476d
MB		 505 (add-after 'build 'build-documentation
506 (lambda _
507 (zero? (system* "make" "-C" "docs" "man" "info"))))
508 (add-after 'install 'install-documentation
50a7963a
LF		 509 (lambda* (#:key outputs #:allow-other-keys)
510 (let* ((out (assoc-ref outputs "out"))
511 (man (string-append out "/share/man/man1"))
512 (info (string-append out "/info")))
1fc8476d
MB		 513 (install-file "docs/_build/texinfo/acme-python.info" info)
514 (install-file "docs/_build/man/acme-python.1" man)
515 #t))))))
50a7963a 516 ;; TODO: Add optional inputs for testing.
7890e3ba 517 (native-inputs
4ae65558 518 `(("python-mock" ,python-mock)
50a7963a
LF		 519 ;; For documentation
520 ("python-sphinx" ,python-sphinx)
521 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
522 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 523 ("texinfo" ,texinfo)))
7890e3ba 524 (propagated-inputs
57fe07db 525 `(("python-six" ,python-six)
6cefd53d
LF		 526 ("python-requests" ,python-requests)
527 ("python-pytz" ,python-pytz)
528 ("python-pyrfc3339" ,python-pyrfc3339)
529 ("python-pyasn1" ,python-pyasn1)
530 ("python-cryptography" ,python-cryptography)
531 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 532 (home-page "https://github.com/letsencrypt/letsencrypt")
533 (synopsis "ACME protocol implementation in Python")
534 (description "ACME protocol implementation in Python")
535 (license license:asl2.0)))
536
9495cf9a 537(define-public certbot
9fd0838b 538 (package
9495cf9a 539 (name "certbot")
686d4259
LF		 540 ;; Certbot and python-acme are developed in the same repository, and their
541 ;; versions should remain synchronized.
542 (version (package-version python-acme))
9fd0838b
DT		 543 (source (origin
544 (method url-fetch)
f349d36e 545 (uri (pypi-uri name version))
9fd0838b
DT		 546 (sha256
547 (base32
eb93f1c9 548 "0lwxqz3r0fg3dy06fgba1dfs7n6ribc25z0rh5rqbl7mvy8hf8x7"))))
9fd0838b
DT		 549 (build-system python-build-system)
550 (arguments
fed1898d 551 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 552 ((#:phases phases)
553 `(modify-phases ,phases
1fc8476d 554 (replace 'install-documentation
f26d6e4e
LF		 555 (lambda* (#:key outputs #:allow-other-keys)
556 (let* ((out (assoc-ref outputs "out"))
557 (man1 (string-append out "/share/man/man1"))
558 (man7 (string-append out "/share/man/man7"))
559 (info (string-append out "/info")))
1fc8476d
MB		 560 (install-file "docs/_build/texinfo/Certbot.info" info)
561 (install-file "docs/_build/man/certbot.1" man1)
562 (install-file "docs/_build/man/certbot.7" man7)
563 #t))))))))
f9263d9a 564 ;; TODO: Add optional inputs for testing.
9fd0838b 565 (native-inputs
fed1898d 566 `(("python-nose" ,python-nose)
4ae65558 567 ("python-mock" ,python-mock)
f9263d9a 568 ;; For documentation
fed1898d
LF		 569 ("python-sphinx" ,python-sphinx)
570 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
571 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
572 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 573 ("texinfo" ,texinfo)))
9fd0838b 574 (propagated-inputs
fed1898d
LF		 575 `(("python-acme" ,python-acme)
576 ("python-zope-interface" ,python-zope-interface)
577 ("python-pyrfc3339" ,python-pyrfc3339)
578 ("python-pyopenssl" ,python-pyopenssl)
579 ("python-configobj" ,python-configobj)
580 ("python-configargparse" ,python-configargparse)
581 ("python-zope-component" ,python-zope-component)
582 ("python-parsedatetime" ,python-parsedatetime)
583 ("python-six" ,python-six)
584 ("python-psutil" ,python-psutil)
585 ("python-requests" ,python-requests)
586 ("python-pytz" ,python-pytz)))
d8a1be63 587 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 588 (description "Certbot automatically receives and installs X.509 certificates
589to enable Transport Layer Security (TLS) on servers. It interoperates with the
590Let’s Encrypt certificate authority (CA), which issues browser-trusted
591certificates for free.")
24778368 592 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 593 (license license:asl2.0)))
594
9495cf9a
LF		 595(define-public letsencrypt
596 (package (inherit certbot)
56ab55d1
LF		 597 (name "letsencrypt")
598 (properties `((superseded . ,certbot)))))
9495cf9a 599
cc2b77df
AE		 600(define-public perl-net-ssleay
601 (package
602 (name "perl-net-ssleay")
76cb9060 603 (version "1.81")
cc2b77df
AE		 604 (source (origin
605 (method url-fetch)
606 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
607 "Net-SSLeay-" version ".tar.gz"))
608 (sha256
609 (base32
76cb9060 610 "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0"))))
cc2b77df
AE		 611 (build-system perl-build-system)
612 (inputs `(("openssl" ,openssl)))
613 (arguments
1084ec08
MW		 614 `(#:phases
615 (modify-phases %standard-phases
1084ec08
MW		 616 (add-before
617 'configure 'set-ssl-prefix
618 (lambda* (#:key inputs #:allow-other-keys)
619 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
620 #t)))))
cc2b77df
AE		 621 (synopsis "Perl extension for using OpenSSL")
622 (description
623 "This module offers some high level convenience functions for accessing
624web pages on SSL servers (for symmetry, the same API is offered for accessing
625http servers, too), an sslcat() function for writing your own clients, and
626finally access to the SSL api of the SSLeay/OpenSSL package so you can write
627servers or clients for more complicated applications.")
2f3108ad 628 (license license:perl-license)
cc2b77df 629 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 630
631(define-public perl-crypt-openssl-rsa
632 (package
633 (name "perl-crypt-openssl-rsa")
634 (version "0.28")
635 (source
636 (origin
637 (method url-fetch)
638 (uri (string-append
639 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
640 version
641 ".tar.gz"))
642 (sha256
643 (base32
644 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
645 (build-system perl-build-system)
646 (inputs
647 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
648 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
649 ("openssl" ,openssl)))
650 (arguments perl-crypt-arguments)
651 (home-page
652 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
653 (synopsis
654 "RSA encoding and decoding, using the openSSL libraries")
655 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
656OpenSSL libraries).")
2f3108ad 657 (license license:perl-license)))
adff71ca
DM		 658
659(define perl-crypt-arguments
660 `(#:phases (modify-phases %standard-phases
661 (add-before 'configure 'patch-Makefile.PL
662 (lambda* (#:key inputs #:allow-other-keys)
663 (substitute* "Makefile.PL"
664 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
665 (assoc-ref inputs "openssl")
666 "/lib -lcrypto'],")))
667 #t)))))
668
669(define-public perl-crypt-openssl-bignum
670 (package
671 (name "perl-crypt-openssl-bignum")
94793c1d 672 (version "0.08")
adff71ca
DM		 673 (source
674 (origin
675 (method url-fetch)
676 (uri (string-append
677 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
678 version
679 ".tar.gz"))
680 (sha256
681 (base32
94793c1d 682 "0gamn4dff1bz77nswacy1dlpn9fkwahzw7yvvik4nbwwy2s63hc8"))))
adff71ca
DM		 683 (build-system perl-build-system)
684 (inputs `(("openssl" ,openssl)))
685 (arguments perl-crypt-arguments)
686 (home-page
687 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
688 (synopsis
689 "OpenSSL's multiprecision integer arithmetic in Perl")
690 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
691arithmetic in Perl.")
692 ;; At your option either gpl1+ or the Artistic License
2f3108ad 693 (license license:perl-license)))
cccb4d26
DM		 694
695(define-public perl-crypt-openssl-random
696 (package
697 (name "perl-crypt-openssl-random")
698 (version "0.11")
699 (source
700 (origin
701 (method url-fetch)
702 (uri (string-append
703 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
704 version
705 ".tar.gz"))
706 (sha256
707 (base32
708 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
709 (build-system perl-build-system)
710 (inputs `(("openssl" ,openssl)))
711 (arguments perl-crypt-arguments)
712 (home-page
713 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
714 (synopsis
715 "OpenSSL/LibreSSL pseudo-random number generator access")
716 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
717number generator")
2f3108ad 718 (license license:perl-license)))
0581c273
LF		 719
720(define-public acme-client
721 (package
722 (name "acme-client")
4a6b2a21 723 (version "0.1.16")
0581c273
LF		 724 (source (origin
725 (method url-fetch)
726 (uri (string-append "https://kristaps.bsd.lv/" name "/"
727 "snapshots/" name "-portable-"
728 version ".tgz"))
729 (sha256
730 (base32
4a6b2a21 731 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 732 (build-system gnu-build-system)
733 (arguments
734 '(#:tests? #f ; no test suite
735 #:make-flags
736 (list "CC=gcc"
737 (string-append "PREFIX=" (assoc-ref %outputs "out")))
738 #:phases
739 (modify-phases %standard-phases
7c1a7bf4
LF		 740 (add-after 'unpack 'patch-paths
741 (lambda* (#:key inputs #:allow-other-keys)
742 (let ((pem (string-append (assoc-ref inputs "libressl")
743 "/etc/ssl/cert.pem")))
744 (substitute* "http.c"
745 (("/etc/ssl/cert.pem") pem))
746 #t)))
0581c273 747 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 748 (native-inputs
749 `(("pkg-config" ,pkg-config)))
0581c273
LF		 750 (inputs
751 `(("libbsd" ,libbsd)
752 ("libressl" ,libressl)))
753 (synopsis "Let's Encrypt client by the OpenBSD project")
754 (description "acme-client is a Let's Encrypt client implemented in C. It
755uses a modular design, and attempts to secure itself by dropping privileges and
756operating in a chroot where possible. acme-client is developed on OpenBSD and
757then ported to the GNU / Linux environment.")
758 (home-page "https://kristaps.bsd.lv/acme-client/")
759 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
760 ;; and 'jsmn.c' are distributed under the Expat license.
761 (license (list license:isc license:expat))))
88522738 762
763;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
764;; variant exists in addition to the "-apache" one.
765(define-public mbedtls-apache
766 (package
767 (name "mbedtls-apache")
97497465 768 (version "2.6.0")
88522738 769 (source
770 (origin
771 (method url-fetch)
772 ;; XXX: The download links on the website are script redirection links
773 ;; which effectively lead to the format listed in the uri here.
774 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
775 version "-apache.tgz"))
776 (sha256
777 (base32
97497465 778 "11wnj34rfqxjggmdgf042i49lr6civgbqwv2p7p8bn6k2919vg4r"))))
88522738 779 (build-system cmake-build-system)
780 (native-inputs
781 `(("perl" ,perl)))
782 (synopsis "Small TLS library")
783 (description
784 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
785for developers to include cryptographic and SSL/TLS capabilities in their
786(embedded) products, facilitating this functionality with a minimal
787coding footprint.")
788 (home-page "https://tls.mbed.org")
789 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/