HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
build: assert-no-store-file-names: Ignore ChangeLog.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
caeadfdd 2;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
80cc3a0a 3;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
12433a21 7;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
3ea110b7 8;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
679b535b 9;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
7543f865 11;;;
233e7676 12;;; This file is part of GNU Guix.
7543f865 13;;;
233e7676 14;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 15;;; under the terms of the GNU General Public License as published by
16;;; the Free Software Foundation; either version 3 of the License, or (at
17;;; your option) any later version.
18;;;
233e7676 19;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 20;;; WITHOUT ANY WARRANTY; without even the implied warranty of
21;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22;;; GNU General Public License for more details.
23;;;
24;;; You should have received a copy of the GNU General Public License
233e7676 25;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 26
a7fd7b68 27(define-module (gnu packages tls)
e9aa8d0c 28 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 29 #:use-module (guix packages)
30 #:use-module (guix download)
29a7c98a 31 #:use-module (guix utils)
7543f865 32 #:use-module (guix build-system gnu)
cc2b77df 33 #:use-module (guix build-system perl)
7890e3ba 34 #:use-module (guix build-system python)
f61e0e79 35 #:use-module (gnu packages compression)
013ce67b 36 #:use-module (gnu packages)
1ffa7090 37 #:use-module (gnu packages guile)
0581c273 38 #:use-module (gnu packages libbsd)
27e86bed 39 #:use-module (gnu packages libffi)
866f469e 40 #:use-module (gnu packages libidn)
5d4c90ae 41 #:use-module (gnu packages linux)
7890e3ba 42 #:use-module (gnu packages ncurses)
27e86bed 43 #:use-module (gnu packages nettle)
1ffa7090 44 #:use-module (gnu packages perl)
27e86bed 45 #:use-module (gnu packages pkg-config)
7890e3ba 46 #:use-module (gnu packages python)
a31f4d35 47 #:use-module (gnu packages texinfo)
ce0614dd 48 #:use-module (gnu packages base))
7543f865
LC		 49
50(define-public libtasn1
51 (package
52 (name "libtasn1")
12433a21 53 (version "4.9")
7543f865
LC		 54 (source
55 (origin
56 (method url-fetch)
57 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
58 version ".tar.gz"))
59 (sha256
60 (base32
12433a21 61 "0869cp6jx7cajgv6cnddsh3vc7bimmdkdjn80y1jpb4iss7plvsg"))))
7543f865 62 (build-system gnu-build-system)
3ea110b7 63 (native-inputs `(("perl" ,perl)))
7543f865 64 (home-page "http://www.gnu.org/software/libtasn1/")
f50d2669 65 (synopsis "ASN.1 library")
7543f865 66 (description
79c311b8
LC		 67 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
68for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 69networking, allowing for formal validation of data according to some
70specifications.")
e9aa8d0c 71 (license license:lgpl2.0+)))
7543f865 72
375cef6c
HG		 73(define-public asn1c
74 (package
75 (name "asn1c")
76 (version "0.9.27")
77 (source (origin
78 (method url-fetch)
79 (uri (string-append "https://lionet.info/soft/asn1c-"
80 version ".tar.gz"))
81 (sha256
82 (base32
83 "17nvn2kzvlryasr9dzqg6gs27b9lvqpval0k31pb64bjqbhn8pq2"))))
84 (build-system gnu-build-system)
85 (native-inputs
86 `(("perl" ,perl)))
87 (home-page "https://lionet.info/asn1c")
88 (synopsis "ASN.1 to C compiler")
89 (description "The ASN.1 to C compiler takes ASN.1 module
90files and generates C++ compatible C source code. That code can be
91used to serialize the native C structures into compact and unambiguous
92BER/XER/PER-based data files, and deserialize the files back.
93
94Various ASN.1 based formats are widely used in the industry, such as to encode
95the X.509 certificates employed in the HTTPS handshake, to exchange control
96data between mobile phones and cellular networks, to car-to-car communication
97in intelligent transportation networks.")
98 (license license:bsd-2)))
99
27e86bed
AE		 100(define-public p11-kit
101 (package
102 (name "p11-kit")
2b11b9ab 103 (version "0.23.2")
27e86bed
AE		 104 (source
105 (origin
106 (method url-fetch)
5cc3096c 107 (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-"
27e86bed
AE		 108 version ".tar.gz"))
109 (sha256
110 (base32
2b11b9ab 111 "1w7szm190phlkg7qx05ychlj2dbvkgkhx9gw6dx4d5rw62l6wwms"))
27e86bed
AE		 112 (modules '((guix build utils))) ; for substitute*
113 (snippet
114 '(begin
115 ;; Drop one test that fails, also when trying to compile manually.
116 ;; Reported upstream at
117 ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
118 (substitute* "Makefile.in"
119 (("test-module\\$\\(EXEEXT\\) ") ""))))))
120 (build-system gnu-build-system)
121 (native-inputs
122 `(("pkg-config" ,pkg-config)))
123 (inputs
124 `(("libffi" ,libffi)
125 ("libtasn1" ,libtasn1)))
126 (arguments
127 `(#:configure-flags '("--without-trust-paths")))
128 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
129 (synopsis "PKCS#11 library")
130 (description
131 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
132provides a standard configuration setup for installing PKCS#11 modules
133in such a way that they are discoverable. It also solves problems with
134coordinating the use of PKCS#11 by different components or libraries
135living in the same process.")
e9aa8d0c 136 (license license:bsd-3)))
27e86bed 137
7543f865
LC		 138(define-public gnutls
139 (package
140 (name "gnutls")
ce0b822e 141 (version "3.5.4")
d7d408d5
LC		 142 (source (origin
143 (method url-fetch)
144 (uri
145 ;; Note: Releases are no longer on ftp.gnu.org since the
146 ;; schism (after version 3.1.5).
d93627e4 147 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 148 (version-major+minor version)
d93627e4 149 "/gnutls-" version ".tar.xz"))
d7d408d5
LC		 150 (sha256
151 (base32
ce0b822e 152 "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))
7543f865 153 (build-system gnu-build-system)
b94ae0b8
AK		 154 (arguments
155 '(#:configure-flags
156 (list (string-append "--with-guile-site-dir="
157 (assoc-ref %outputs "out")
aa7c7f21
MW		 158 "/share/guile/site/2.0")
159 ;; GnuTLS doesn't consult any environment variables to specify
160 ;; the location of the system-wide trust store. Instead it has a
161 ;; configure-time option. Unless specified, its configure script
162 ;; attempts to auto-detect the location by looking for common
8f65585b 163 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 164 ;; chroot build environment. If not found, then no default trust
165 ;; store is used, so each program has to provide its own
166 ;; fallback, and users have to configure each program
167 ;; independently. This seems suboptimal.
866f469e
MW		 168 "--with-default-trust-store-dir=/etc/ssl/certs"
169
170 ;; FIXME: Temporarily disable p11-kit support since it is not
171 ;; working on mips64el.
606c6380
LC		 172 "--without-p11-kit")
173
174 #:phases (modify-phases %standard-phases
175 (add-after
176 'install 'move-doc
177 (lambda* (#:key outputs #:allow-other-keys)
178 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
179 (let* ((out (assoc-ref outputs "out"))
180 (doc (assoc-ref outputs "doc"))
9cdce047 181 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 182 (oldman (string-append out "/share/man/man3")))
183 (mkdir-p mandir)
184 (copy-recursively oldman mandir)
185 (delete-file-recursively oldman)
186 #t))))))
187 (outputs '("out" ;4.4 MiB
188 "debug"
189 "doc")) ;4.1 MiB of man pages
a1db0975 190 (native-inputs
5d4c90ae
LF		 191 `(("net-tools" ,net-tools)
192 ("pkg-config" ,pkg-config)
d2fcfd3d 193 ("which" ,which)))
7543f865
LC		 194 (inputs
195 `(("guile" ,guile-2.0)
0cb9b456 196 ("perl" ,perl)))
7543f865 197 (propagated-inputs
d2fcfd3d 198 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 199 `(("libtasn1" ,libtasn1)
866f469e
MW		 200 ("libidn" ,libidn)
201 ("nettle" ,nettle)
f61e0e79 202 ("zlib" ,zlib)))
c19700c3 203 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 204 (synopsis "Transport layer security library")
7543f865 205 (description
a22dc0c4 206 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 207and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 208protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
209required structures.")
63e8bb12
LC		 210 (license license:lgpl2.1+)
211 (properties '((ftp-server . "ftp.gnutls.org")
212 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df
AE		 213
214(define-public openssl
215 (package
216 (name "openssl")
1d8de185 217 (version "1.0.2j")
cc2b77df 218 (source (origin
4cff124b
LC		 219 (method url-fetch)
220 (uri (list (string-append "ftp://ftp.openssl.org/source/"
221 name "-" version ".tar.gz")
222 (string-append "ftp://ftp.openssl.org/source/old/"
223 (string-trim-right version char-set:letter)
224 "/" name "-" version ".tar.gz")))
225 (sha256
226 (base32
1d8de185 227 "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7"))
fc1adab1 228 (patches (search-patches "openssl-runpath.patch"
1d8de185 229 "openssl-c-rehash-in.patch"))))
cc2b77df 230 (build-system gnu-build-system)
8c78aeb7 231 (outputs '("out"
a909b576 232 "doc" ;1.5MiB of man3 pages
8c78aeb7 233 "static")) ;6MiB of .a files
cc2b77df
AE		 234 (native-inputs `(("perl" ,perl)))
235 (arguments
d03781c3
LC		 236 `(#:disallowed-references (,perl)
237 #:parallel-build? #f
cc2b77df
AE		 238 #:parallel-tests? #f
239 #:test-target "test"
8c9ec203
LF		 240
241 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
242 ;; so we explicitly disallow it here.
243 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 244 #:phases
b6cb1358 245 (modify-phases %standard-phases
4fb254a3 246 (add-before
86c8f1da 247 'configure 'patch-Makefile.org
4fb254a3
LC		 248 (lambda* (#:key outputs #:allow-other-keys)
249 ;; The default MANDIR is some unusual place. Fix that.
250 (let ((out (assoc-ref outputs "out")))
86c8f1da 251 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 252 (substitute* "Makefile.org"
253 (("^MANDIR[[:blank:]]*=.*$")
254 (string-append "MANDIR = " out "/share/man\n")))
255 #t)))
b6cb1358
LC		 256 (replace
257 'configure
258 (lambda* (#:key outputs #:allow-other-keys)
259 (let ((out (assoc-ref outputs "out")))
260 (zero?
261 (system* "./config"
262 "shared" ;build shared libraries
263 "--libdir=lib"
4fb254a3
LC		 264
265 ;; The default for this catch-all directory is
266 ;; PREFIX/ssl. Change that to something more
267 ;; conventional.
268 (string-append "--openssldir=" out
269 "/share/openssl-" ,version)
270
b6cb1358
LC		 271 (string-append "--prefix=" out)
272
273 ;; XXX FIXME: Work around a code generation bug in GCC
274 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
275 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
276 ,@(if (and (not (%current-target-system))
277 (string-prefix? "armhf" (%current-system)))
278 '("-mfpu=vfpv3")
279 '()))))))
fe8199a8
LC		 280 (add-after
281 'install 'make-libraries-writable
282 (lambda* (#:key outputs #:allow-other-keys)
283 ;; Make libraries writable so that 'strip' does its job.
284 (let ((out (assoc-ref outputs "out")))
285 (for-each (lambda (file)
286 (chmod file #o644))
287 (find-files (string-append out "/lib")
288 "\\.so"))
289 #t)))
8c78aeb7
LC		 290 (add-after 'install 'move-static-libraries
291 (lambda* (#:key outputs #:allow-other-keys)
292 ;; Move static libraries to the "static" output.
293 (let* ((out (assoc-ref outputs "out"))
294 (lib (string-append out "/lib"))
295 (static (assoc-ref outputs "static"))
296 (slib (string-append static "/lib")))
297 (mkdir-p slib)
298 (for-each (lambda (file)
299 (install-file file slib)
300 (delete-file file))
301 (find-files lib "\\.a$"))
302 #t)))
a909b576
LC		 303 (add-after 'install 'move-man3-pages
304 (lambda* (#:key outputs #:allow-other-keys)
305 ;; Move section 3 man pages to "doc".
306 (let* ((out (assoc-ref outputs "out"))
307 (man3 (string-append out "/share/man/man3"))
308 (doc (assoc-ref outputs "doc"))
309 (target (string-append doc "/share/man/man3")))
310 (mkdir-p target)
311 (for-each (lambda (file)
312 (rename-file file
313 (string-append target "/"
314 (basename file))))
315 (find-files man3))
5c838ec9 316 (delete-file-recursively man3)
a909b576 317 #t)))
b6cb1358
LC		 318 (add-before
319 'patch-source-shebangs 'patch-tests
320 (lambda* (#:key inputs native-inputs #:allow-other-keys)
321 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
322 (substitute* (find-files "test" ".*")
323 (("/bin/sh")
324 (string-append bash "/bin/bash"))
325 (("/bin/rm")
86c8f1da
MW		 326 "rm"))
327 #t)))
784d6e91
LC		 328 (add-after
329 'install 'remove-miscellany
330 (lambda* (#:key outputs #:allow-other-keys)
331 ;; The 'misc' directory contains random undocumented shell and Perl
332 ;; scripts. Remove them to avoid retaining a reference on Perl.
333 (let ((out (assoc-ref outputs "out")))
334 (delete-file-recursively (string-append out "/share/openssl-"
335 ,version "/misc"))
336 #t))))))
cc2b77df
AE		 337 (native-search-paths
338 ;; FIXME: These two variables must designate a single file or directory
339 ;; and are not actually "search paths." In practice it works OK in user
340 ;; profiles because there's always just one item that matches the
341 ;; specification.
342 (list (search-path-specification
343 (variable "SSL_CERT_DIR")
344 (files '("etc/ssl/certs")))
345 (search-path-specification
346 (variable "SSL_CERT_FILE")
347 (files '("etc/ssl/certs/ca-certificates.crt")))))
348 (synopsis "SSL/TLS implementation")
349 (description
e881752c 350 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 351 (license license:openssl)
cc2b77df
AE		 352 (home-page "http://www.openssl.org/")))
353
763899f0
LF		 354(define-public openssl-next
355 (package
356 (inherit openssl)
357 (name "openssl")
fc184fe2 358 (version "1.1.0c")
763899f0
LF		 359 (source (origin
360 (method url-fetch)
361 (uri (list (string-append "ftp://ftp.openssl.org/source/"
362 name "-" version ".tar.gz")
363 (string-append "ftp://ftp.openssl.org/source/old/"
364 (string-trim-right version char-set:letter)
365 "/" name "-" version ".tar.gz")))
366 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
367 (sha256
368 (base32
fc184fe2 369 "1xfn5ydl14myd9wgxm4nxy5a42cpp1g12ijf3g9m4mz0l90n8hzw"))))
763899f0
LF		 370 (outputs '("out"
371 "doc" ;1.3MiB of man3 pages
372 "static")) ; 5.5MiB of .a files
373 (arguments
374 (substitute-keyword-arguments (package-arguments openssl)
375 ((#:phases phases)
376 `(modify-phases ,phases
377 (delete 'patch-tests) ; These two phases are not needed by
378 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
379
fc184fe2
MB		 380 ;; Override configure phase since -rpath is now a configure option.
381 (replace 'configure
763899f0 382 (lambda* (#:key outputs #:allow-other-keys)
fc184fe2
MB		 383 (let* ((out (assoc-ref outputs "out"))
384 (lib (string-append out "/lib")))
385 (zero?
386 (system* "./config"
387 "shared" ;build shared libraries
388 "--libdir=lib"
389
390 ;; The default for this catch-all directory is
391 ;; PREFIX/ssl. Change that to something more
392 ;; conventional.
393 (string-append "--openssldir=" out
394 "/share/openssl-" ,version)
395
396 (string-append "--prefix=" out)
397 (string-append "-Wl,-rpath," lib)
398
399 ;; XXX FIXME: Work around a code generation bug in GCC
400 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
401 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
402 ,@(if (and (not (%current-target-system))
403 (string-prefix? "armhf" (%current-system)))
404 '("-mfpu=vfpv3")
405 '()))))))
406
407 ;; XXX: Duplicate this phase to make sure 'version' evaluates
408 ;; in the current scope and not the inherited one.
409 (replace 'remove-miscellany
410 (lambda* (#:key outputs #:allow-other-keys)
411 ;; The 'misc' directory contains random undocumented shell and Perl
412 ;; scripts. Remove them to avoid retaining a reference on Perl.
413 (let ((out (assoc-ref outputs "out")))
414 (delete-file-recursively (string-append out "/share/openssl-"
415 ,version "/misc"))
763899f0
LF		 416 #t)))))))))
417
cb6a802c
AE		 418(define-public libressl
419 (package
420 (name "libressl")
a7c9b062 421 (version "2.5.0")
cb6a802c
AE		 422 (source
423 (origin
424 (method url-fetch)
425 (uri (string-append
426 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
427 version ".tar.gz"))
1a957c21
LF		 428 (sha256
429 (base32
a7c9b062 430 "1bkfvapi4z826slycmicvs7hwgk4l82gd8w6nqvznldbammvyll6"))))
cb6a802c
AE		 431 (build-system gnu-build-system)
432 (native-search-paths
433 ;; FIXME: These two variables must designate a single file or directory
434 ;; and are not actually "search paths." In practice it works OK in
435 ;; user profiles because there's always just one item that matches the
436 ;; specification.
437 (list (search-path-specification
438 (variable "SSL_CERT_DIR")
439 (files '("etc/ssl/certs")))
440 (search-path-specification
441 (variable "SSL_CERT_FILE")
442 (files '("etc/ssl/certs/ca-certificates.crt")))))
443 (home-page "http://www.libressl.org/")
444 (synopsis "SSL/TLS implementation")
445 (description "LibreSSL is a version of the TLS/crypto stack forked
446from OpenSSL in 2014, with the goals of modernizing the codebase, improving
447security, and applying best practice development processes.")
448 ;; Files taken from OpenSSL keep their license, others are under various
449 ;; non-copyleft licenses.
450 (license (list license:openssl
451 (license:non-copyleft
452 "file://COPYING"
453 "See COPYING in the distribution.")))))
454
6cefd53d 455(define-public python-acme
7890e3ba 456 (package
6cefd53d 457 (name "python-acme")
f349d36e 458 (version "0.9.3")
7890e3ba 459 (source (origin
9495cf9a 460 (method url-fetch)
f349d36e 461 (uri (pypi-uri "acme" version))
7890e3ba
LF		 462 (sha256
463 (base32
f349d36e 464 "16a02bb0apnk1bm68bcabdmmwd6rnvnjzanrmcb46bpbapwz3vx6"))))
7890e3ba
LF		 465 (build-system python-build-system)
466 (arguments
6cefd53d 467 `(#:phases
9bee9d87 468 (modify-phases %standard-phases
50a7963a
LF		 469 (add-after 'install 'docs
470 (lambda* (#:key outputs #:allow-other-keys)
471 (let* ((out (assoc-ref outputs "out"))
472 (man (string-append out "/share/man/man1"))
473 (info (string-append out "/info")))
474 (and (zero? (system* "make" "-C" "docs" "man" "info"))
475 (install-file "docs/_build/texinfo/acme-python.info" info)
476 (install-file "docs/_build/man/acme-python.1" man)
477 #t)))))))
478 ;; TODO: Add optional inputs for testing.
7890e3ba 479 (native-inputs
6cefd53d 480 `(("python-mock" ,python-mock)
50a7963a
LF		 481 ;; For documentation
482 ("python-sphinx" ,python-sphinx)
483 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
484 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 485 ("texinfo" ,texinfo)))
7890e3ba 486 (propagated-inputs
6cefd53d
LF		 487 `(("python-ndg-httpsclient" ,python-ndg-httpsclient)
488 ("python-werkzeug" ,python-werkzeug)
489 ("python-six" ,python-six)
490 ("python-requests" ,python-requests)
491 ("python-pytz" ,python-pytz)
492 ("python-pyrfc3339" ,python-pyrfc3339)
493 ("python-pyasn1" ,python-pyasn1)
494 ("python-cryptography" ,python-cryptography)
495 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 496 (home-page "https://github.com/letsencrypt/letsencrypt")
497 (synopsis "ACME protocol implementation in Python")
498 (description "ACME protocol implementation in Python")
499 (license license:asl2.0)))
500
6cefd53d
LF		 501(define-public python2-acme
502 (package-with-python2 python-acme))
503
9495cf9a 504(define-public certbot
9fd0838b 505 (package
9495cf9a 506 (name "certbot")
f349d36e 507 (version "0.9.3")
9fd0838b
DT		 508 (source (origin
509 (method url-fetch)
f349d36e 510 (uri (pypi-uri name version))
9fd0838b
DT		 511 (sha256
512 (base32
f349d36e 513 "1c7k4lfq5j78d1rvrwrb9082ngwibz92cwkf4kazaa9b76w9q538"))))
9fd0838b
DT		 514 (build-system python-build-system)
515 (arguments
f9263d9a
LF		 516 `(#:python ,python-2
517 #:phases
518 (modify-phases %standard-phases
234d0b69 519 (add-after 'build 'docs
f9263d9a
LF		 520 (lambda* (#:key outputs #:allow-other-keys)
521 (let* ((out (assoc-ref outputs "out"))
522 (man1 (string-append out "/share/man/man1"))
523 (man7 (string-append out "/share/man/man7"))
524 (info (string-append out "/info")))
f9263d9a
LF		 525 (and
526 (zero? (system* "make" "-C" "docs" "man" "info"))
9495cf9a
LF		 527 (install-file "docs/_build/texinfo/Certbot.info" info)
528 (install-file "docs/_build/man/certbot.1" man1)
529 (install-file "docs/_build/man/certbot.7" man7)
f9263d9a
LF		 530 #t)))))))
531 ;; TODO: Add optional inputs for testing.
9fd0838b
DT		 532 (native-inputs
533 `(("python2-nose" ,python2-nose)
f9263d9a
LF		 534 ("python2-mock" ,python2-mock)
535 ;; For documentation
536 ("python2-sphinx" ,python2-sphinx)
537 ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
538 ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
539 ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
540 ("texinfo" ,texinfo)))
9fd0838b 541 (propagated-inputs
6cefd53d 542 `(("python2-acme" ,python2-acme)
9fd0838b
DT		 543 ("python2-zope-interface" ,python2-zope-interface)
544 ("python2-pythondialog" ,python2-pythondialog)
545 ("python2-pyrfc3339" ,python2-pyrfc3339)
546 ("python2-pyopenssl" ,python2-pyopenssl)
547 ("python2-configobj" ,python2-configobj)
548 ("python2-configargparse" ,python2-configargparse)
549 ("python2-zope-component" ,python2-zope-component)
550 ("python2-parsedatetime" ,python2-parsedatetime)
551 ("python2-six" ,python2-six)
552 ("python2-psutil" ,python2-psutil)
553 ("python2-requests" ,python2-requests)
554 ("python2-pytz" ,python2-pytz)))
d8a1be63 555 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
9fd0838b
DT		 556 (description "Tool to automatically receive and install X.509 certificates
557to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which
558will be issuing browser-trusted certificates for free.")
24778368 559 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 560 (license license:asl2.0)))
561
9495cf9a
LF		 562(define-public letsencrypt
563 (package (inherit certbot)
56ab55d1
LF		 564 (name "letsencrypt")
565 (properties `((superseded . ,certbot)))))
9495cf9a 566
cc2b77df
AE		 567(define-public perl-net-ssleay
568 (package
569 (name "perl-net-ssleay")
570 (version "1.68")
571 (source (origin
572 (method url-fetch)
573 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
574 "Net-SSLeay-" version ".tar.gz"))
575 (sha256
576 (base32
1084ec08 577 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
cc2b77df 578 (build-system perl-build-system)
1084ec08
MW		 579 (native-inputs
580 `(("patch" ,patch)
581 ("patch/disable-ede-test"
582 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
cc2b77df
AE		 583 (inputs `(("openssl" ,openssl)))
584 (arguments
1084ec08
MW		 585 `(#:phases
586 (modify-phases %standard-phases
587 (add-after
588 'unpack 'apply-patch
589 (lambda* (#:key inputs #:allow-other-keys)
590 ;; XXX We apply this patch here instead of in the 'origin' because
591 ;; this package's build system fails badly when the source file
592 ;; times are zeroed.
593 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
594 (zero? (system* "patch" "--force" "-p1" "-i"
595 (assoc-ref inputs "patch/disable-ede-test")))))
596 (add-before
597 'configure 'set-ssl-prefix
598 (lambda* (#:key inputs #:allow-other-keys)
599 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
600 #t)))))
cc2b77df
AE		 601 (synopsis "Perl extension for using OpenSSL")
602 (description
603 "This module offers some high level convenience functions for accessing
604web pages on SSL servers (for symmetry, the same API is offered for accessing
605http servers, too), an sslcat() function for writing your own clients, and
606finally access to the SSL api of the SSLeay/OpenSSL package so you can write
607servers or clients for more complicated applications.")
608 (license (package-license perl))
609 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 610
611(define-public perl-crypt-openssl-rsa
612 (package
613 (name "perl-crypt-openssl-rsa")
614 (version "0.28")
615 (source
616 (origin
617 (method url-fetch)
618 (uri (string-append
619 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
620 version
621 ".tar.gz"))
622 (sha256
623 (base32
624 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
625 (build-system perl-build-system)
626 (inputs
627 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
628 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
629 ("openssl" ,openssl)))
630 (arguments perl-crypt-arguments)
631 (home-page
632 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
633 (synopsis
634 "RSA encoding and decoding, using the openSSL libraries")
635 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
636OpenSSL libraries).")
637 (license (package-license perl))))
adff71ca
DM		 638
639(define perl-crypt-arguments
640 `(#:phases (modify-phases %standard-phases
641 (add-before 'configure 'patch-Makefile.PL
642 (lambda* (#:key inputs #:allow-other-keys)
643 (substitute* "Makefile.PL"
644 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
645 (assoc-ref inputs "openssl")
646 "/lib -lcrypto'],")))
647 #t)))))
648
649(define-public perl-crypt-openssl-bignum
650 (package
651 (name "perl-crypt-openssl-bignum")
652 (version "0.06")
653 (source
654 (origin
655 (method url-fetch)
656 (uri (string-append
657 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
658 version
659 ".tar.gz"))
660 (sha256
661 (base32
662 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
663 (build-system perl-build-system)
664 (inputs `(("openssl" ,openssl)))
665 (arguments perl-crypt-arguments)
666 (home-page
667 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
668 (synopsis
669 "OpenSSL's multiprecision integer arithmetic in Perl")
670 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
671arithmetic in Perl.")
672 ;; At your option either gpl1+ or the Artistic License
673 (license (package-license perl))))
cccb4d26
DM		 674
675(define-public perl-crypt-openssl-random
676 (package
677 (name "perl-crypt-openssl-random")
678 (version "0.11")
679 (source
680 (origin
681 (method url-fetch)
682 (uri (string-append
683 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
684 version
685 ".tar.gz"))
686 (sha256
687 (base32
688 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
689 (build-system perl-build-system)
690 (inputs `(("openssl" ,openssl)))
691 (arguments perl-crypt-arguments)
692 (home-page
693 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
694 (synopsis
695 "OpenSSL/LibreSSL pseudo-random number generator access")
696 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
697number generator")
698 (license (package-license perl))))
0581c273
LF		 699
700(define-public acme-client
701 (package
702 (name "acme-client")
4b569a4f 703 (version "0.1.15")
0581c273
LF		 704 (source (origin
705 (method url-fetch)
706 (uri (string-append "https://kristaps.bsd.lv/" name "/"
707 "snapshots/" name "-portable-"
708 version ".tgz"))
709 (sha256
710 (base32
4b569a4f 711 "07p723391whrswl4rir0l1k03l457sjscnj0cfaxr8mfnkx4y3wi"))))
0581c273
LF		 712 (build-system gnu-build-system)
713 (arguments
714 '(#:tests? #f ; no test suite
715 #:make-flags
716 (list "CC=gcc"
717 (string-append "PREFIX=" (assoc-ref %outputs "out")))
718 #:phases
719 (modify-phases %standard-phases
720 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 721 (native-inputs
722 `(("pkg-config" ,pkg-config)))
0581c273
LF		 723 (inputs
724 `(("libbsd" ,libbsd)
725 ("libressl" ,libressl)))
726 (synopsis "Let's Encrypt client by the OpenBSD project")
727 (description "acme-client is a Let's Encrypt client implemented in C. It
728uses a modular design, and attempts to secure itself by dropping privileges and
729operating in a chroot where possible. acme-client is developed on OpenBSD and
730then ported to the GNU / Linux environment.")
731 (home-page "https://kristaps.bsd.lv/acme-client/")
732 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
733 ;; and 'jsmn.c' are distributed under the Expat license.
734 (license (list license:isc license:expat))))
jackhill's copy of GNU Guix: https://guix.gnu.org/