Commit | Line | Data |
---|---|---|
cf053a4f AE |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr> | |
3 | ;;; | |
4 | ;;; This file is part of GNU Guix. | |
5 | ;;; | |
6 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
7 | ;;; under the terms of the GNU General Public License as published by | |
8 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
9 | ;;; your option) any later version. | |
10 | ;;; | |
11 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
12 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | ;;; GNU General Public License for more details. | |
15 | ;;; | |
16 | ;;; You should have received a copy of the GNU General Public License | |
17 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
18 | ||
19 | (define-module (gnu packages certs) | |
20 | #:use-module ((guix licenses) #:prefix license:) | |
21 | #:use-module (guix packages) | |
22 | #:use-module (guix download) | |
6e6e2414 | 23 | #:use-module (guix build-system gnu) |
cf053a4f AE |
24 | #:use-module (guix build-system trivial) |
25 | #:use-module (gnu packages) | |
6e6e2414 AE |
26 | #:use-module (gnu packages gnuzilla) |
27 | #:use-module (gnu packages openssl) | |
cf053a4f AE |
28 | #:use-module (gnu packages python)) |
29 | ||
30 | (define certdata2pem | |
31 | (package | |
32 | (name "certdata2pem") | |
33 | (version "2013") | |
34 | (source | |
35 | (origin | |
36 | (method url-fetch) | |
37 | (uri | |
38 | "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/plain/certdata2pem.py?id=053dde8a2f5901e97028a58bf54e7d0ef8095a54") | |
39 | (sha256 | |
40 | (base32 | |
41 | "0zscrm41gnsf14zvlkxhy00h3dmgidyz645ldpda3y3vabnwv8dx")))) | |
42 | (build-system trivial-build-system) | |
43 | (inputs | |
44 | `(("python" ,python-2))) | |
45 | (arguments | |
46 | `(#:modules ((guix build utils)) | |
47 | #:builder | |
48 | (begin | |
49 | (use-modules (guix build utils)) | |
50 | (let ((bin (string-append %output "/bin"))) | |
51 | (copy-file (assoc-ref %build-inputs "source") "certdata2pem.py") | |
52 | (chmod "certdata2pem.py" #o555) | |
53 | (substitute* "certdata2pem.py" | |
54 | (("/usr/bin/python") | |
55 | (string-append (assoc-ref %build-inputs "python") | |
56 | "/bin/python")) | |
57 | ;; Use the file extension .pem instead of .crt. | |
58 | (("crt") "pem")) | |
59 | (mkdir-p bin) | |
60 | (copy-file "certdata2pem.py" | |
61 | (string-append bin "/certdata2pem.py")))))) | |
62 | (synopsis "Python script to extract .pem data from certificate collection") | |
63 | (description | |
64 | "certdata2pem.py is a Python script to transform X.509 certificate | |
65 | \"source code\" as contained, for example, in the Mozilla sources, into | |
66 | .pem formatted certificates.") | |
67 | (license license:gpl2+) | |
68 | (home-page "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/"))) | |
6e6e2414 AE |
69 | |
70 | (define-public nss-certs | |
71 | (package (inherit nss) ; to reuse the source, version and some metadata | |
72 | (name "nss-certs") | |
73 | (build-system gnu-build-system) | |
74 | (outputs '("out")) | |
75 | (native-inputs | |
76 | `(("certdata2pem" ,certdata2pem) | |
77 | ("openssl" ,openssl))) | |
78 | (inputs '()) | |
79 | (propagated-inputs '()) | |
80 | (arguments | |
81 | `(#:modules ((guix build gnu-build-system) | |
82 | (guix build utils) | |
83 | (srfi srfi-26)) | |
84 | #:imported-modules ((guix build gnu-build-system) | |
85 | (guix build utils)) | |
86 | #:phases | |
87 | (alist-cons-after | |
88 | 'unpack 'install | |
89 | (lambda _ | |
90 | (let ((certsdir (string-append %output "/etc/ssl/certs/"))) | |
91 | (mkdir-p certsdir) | |
92 | (with-directory-excursion "nss/lib/ckfw/builtins/" | |
93 | ;; extract single certificates from blob | |
94 | (system* "certdata2pem.py" "certdata.txt") | |
95 | ;; copy the .pem files into the output | |
96 | (for-each | |
97 | (lambda (file) | |
98 | (copy-file file (string-append certsdir file))) | |
99 | ;; FIXME: Some of the file names are UTF8 (?) and cause an | |
100 | ;; error message such as | |
101 | ;; find-files: | |
102 | ;; ./EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??:2.8.76.175.115.66.28.142.116.2.pem: | |
103 | ;; No such file or directory | |
104 | (find-files "." ".*\\.pem"))) | |
105 | (with-directory-excursion certsdir | |
106 | ;; create symbolic links for and by openssl | |
107 | ;; Strangely, the call (system* "c_rehash" certsdir) | |
108 | ;; from inside the build dir fails with | |
109 | ;; "Usage error; try -help." | |
110 | ;; This looks like a bug in openssl-1.0.2, but we can also | |
111 | ;; switch into the target directory. | |
112 | (system* "c_rehash" ".")))) | |
113 | (map (cut assq <> %standard-phases) | |
114 | '(set-paths unpack))))) | |
115 | (synopsis "CA certificates from Mozilla") | |
116 | (description | |
117 | "This package provides certificates for Certification Authorities (CA) | |
118 | taken from the NSS package and thus ultimately from the Mozilla project."))) |