[jackhill/guix/guix.git] / gnu / packages / certs.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages certs)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system trivial)
  #:use-module (gnu packages)
  #:use-module (gnu packages gnuzilla)
  #:use-module (gnu packages openssl)
  #:use-module (gnu packages python))

(define certdata2pem
  (package
    (name "certdata2pem")
    (version "2013")
    (source
    (origin
      (method url-fetch)
        (uri
          "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/plain/certdata2pem.py?id=053dde8a2f5901e97028a58bf54e7d0ef8095a54")
        (sha256
          (base32
            "0zscrm41gnsf14zvlkxhy00h3dmgidyz645ldpda3y3vabnwv8dx"))))
   (build-system trivial-build-system)
   (inputs
     `(("python" ,python-2)))
   (arguments
    `(#:modules ((guix build utils))
      #:builder
        (begin
          (use-modules (guix build utils))
          (let ((bin (string-append %output "/bin")))
            (copy-file (assoc-ref %build-inputs "source") "certdata2pem.py")
            (chmod "certdata2pem.py" #o555)
            (substitute* "certdata2pem.py"
              (("/usr/bin/python")
               (string-append (assoc-ref %build-inputs "python")
                              "/bin/python"))
              ;; Use the file extension .pem instead of .crt.
              (("crt") "pem"))
            (mkdir-p bin)
            (copy-file "certdata2pem.py"
                       (string-append bin "/certdata2pem.py"))))))
   (synopsis "Python script to extract .pem data from certificate collection")
   (description
    "certdata2pem.py is a Python script to transform X.509 certificate
\"source code\" as contained, for example, in the Mozilla sources, into
.pem formatted certificates.")
   (license license:gpl2+)
   (home-page "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/")))

(define-public nss-certs
  (package (inherit nss) ; to reuse the source, version and some metadata
    (name "nss-certs")
    (build-system gnu-build-system)
    (outputs '("out"))
    (native-inputs
     `(("certdata2pem" ,certdata2pem)
       ("openssl" ,openssl)))
    (inputs '())
    (propagated-inputs '())
    (arguments
     `(#:modules ((guix build gnu-build-system)
                  (guix build utils)
                  (srfi srfi-26))
       #:imported-modules ((guix build gnu-build-system)
                           (guix build utils))
       #:phases
         (alist-cons-after
           'unpack 'install
           (lambda _
             (let ((certsdir (string-append %output "/etc/ssl/certs/")))
               (mkdir-p certsdir)
               (with-directory-excursion "nss/lib/ckfw/builtins/"
                 ;; extract single certificates from blob
                 (system* "certdata2pem.py" "certdata.txt")
                 ;; copy the .pem files into the output
                 (for-each
                   (lambda (file)
                     (copy-file file (string-append certsdir file)))
                   ;; FIXME: Some of the file names are UTF8 (?) and cause an
                   ;; error message such as 
                   ;; find-files:
                   ;; ./EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??:2.8.76.175.115.66.28.142.116.2.pem:
                   ;; No such file or directory
                   (find-files "." ".*\\.pem")))
                 (with-directory-excursion certsdir
                   ;; create symbolic links for and by openssl
                   ;; Strangely, the call (system* "c_rehash" certsdir)
                   ;; from inside the build dir fails with
                   ;; "Usage error; try -help."
                   ;; This looks like a bug in openssl-1.0.2, but we can also
                   ;; switch into the target directory.
                   (system* "c_rehash" "."))))
           (map (cut assq <> %standard-phases)
                '(set-paths unpack)))))
    (synopsis "CA certificates from Mozilla")
    (description
      "This package provides certificates for Certification Authorities (CA)
taken from the NSS package and thus ultimately from the Mozilla project.")))
Commit	Line	Data
cf053a4f AE	1	;;; GNU Guix --- Functional package management for GNU
	2	;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
	3	;;;
	4	;;; This file is part of GNU Guix.
	5	;;;
	6	;;; GNU Guix is free software; you can redistribute it and/or modify it
	7	;;; under the terms of the GNU General Public License as published by
	8	;;; the Free Software Foundation; either version 3 of the License, or (at
	9	;;; your option) any later version.
	10	;;;
	11	;;; GNU Guix is distributed in the hope that it will be useful, but
	12	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	13	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	;;; GNU General Public License for more details.
	15	;;;
	16	;;; You should have received a copy of the GNU General Public License
	17	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	18
	19	(define-module (gnu packages certs)
	20	#:use-module ((guix licenses) #:prefix license:)
	21	#:use-module (guix packages)
	22	#:use-module (guix download)
6e6e2414	23	#:use-module (guix build-system gnu)
cf053a4f AE	24	#:use-module (guix build-system trivial)
cf053a4f AE	25	#:use-module (gnu packages)
6e6e2414 AE	26	#:use-module (gnu packages gnuzilla)
6e6e2414 AE	27	#:use-module (gnu packages openssl)
cf053a4f AE	28	#:use-module (gnu packages python))
	29
	30	(define certdata2pem
	31	(package
	32	(name "certdata2pem")
	33	(version "2013")
	34	(source
	35	(origin
	36	(method url-fetch)
	37	(uri
	38	"http://pkgs.fedoraproject.org/cgit/ca-certificates.git/plain/certdata2pem.py?id=053dde8a2f5901e97028a58bf54e7d0ef8095a54")
	39	(sha256
	40	(base32
	41	"0zscrm41gnsf14zvlkxhy00h3dmgidyz645ldpda3y3vabnwv8dx"))))
	42	(build-system trivial-build-system)
	43	(inputs
	44	`(("python" ,python-2)))
	45	(arguments
	46	`(#:modules ((guix build utils))
	47	#:builder
	48	(begin
	49	(use-modules (guix build utils))
	50	(let ((bin (string-append %output "/bin")))
	51	(copy-file (assoc-ref %build-inputs "source") "certdata2pem.py")
	52	(chmod "certdata2pem.py" #o555)
	53	(substitute* "certdata2pem.py"
	54	(("/usr/bin/python")
	55	(string-append (assoc-ref %build-inputs "python")
	56	"/bin/python"))
	57	;; Use the file extension .pem instead of .crt.
	58	(("crt") "pem"))
	59	(mkdir-p bin)
	60	(copy-file "certdata2pem.py"
	61	(string-append bin "/certdata2pem.py"))))))
	62	(synopsis "Python script to extract .pem data from certificate collection")
	63	(description
	64	"certdata2pem.py is a Python script to transform X.509 certificate
	65	\"source code\" as contained, for example, in the Mozilla sources, into
	66	.pem formatted certificates.")
	67	(license license:gpl2+)
	68	(home-page "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/")))
6e6e2414 AE	69
	70	(define-public nss-certs
	71	(package (inherit nss) ; to reuse the source, version and some metadata
	72	(name "nss-certs")
	73	(build-system gnu-build-system)
	74	(outputs '("out"))
	75	(native-inputs
	76	`(("certdata2pem" ,certdata2pem)
	77	("openssl" ,openssl)))
	78	(inputs '())
	79	(propagated-inputs '())
	80	(arguments
	81	`(#:modules ((guix build gnu-build-system)
	82	(guix build utils)
	83	(srfi srfi-26))
	84	#:imported-modules ((guix build gnu-build-system)
	85	(guix build utils))
	86	#:phases
	87	(alist-cons-after
	88	'unpack 'install
	89	(lambda _
	90	(let ((certsdir (string-append %output "/etc/ssl/certs/")))
	91	(mkdir-p certsdir)
	92	(with-directory-excursion "nss/lib/ckfw/builtins/"
	93	;; extract single certificates from blob
	94	(system* "certdata2pem.py" "certdata.txt")
	95	;; copy the .pem files into the output
	96	(for-each
	97	(lambda (file)
	98	(copy-file file (string-append certsdir file)))
	99	;; FIXME: Some of the file names are UTF8 (?) and cause an
	100	;; error message such as
	101	;; find-files:
	102	;; ./EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??:2.8.76.175.115.66.28.142.116.2.pem:
	103	;; No such file or directory
	104	(find-files "." ".*\\.pem")))
	105	(with-directory-excursion certsdir
	106	;; create symbolic links for and by openssl
	107	;; Strangely, the call (system* "c_rehash" certsdir)
	108	;; from inside the build dir fails with
	109	;; "Usage error; try -help."
	110	;; This looks like a bug in openssl-1.0.2, but we can also
	111	;; switch into the target directory.
	112	(system* "c_rehash" "."))))
	113	(map (cut assq <> %standard-phases)
	114	'(set-paths unpack)))))
	115	(synopsis "CA certificates from Mozilla")
	116	(description
	117	"This package provides certificates for Certification Authorities (CA)
	118	taken from the NSS package and thus ultimately from the Mozilla project.")))