[jackhill/guix/guix.git] / gnu / packages / kerberos.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages kerberos)
  #:use-module (gnu packages)
  #:use-module (gnu packages bison)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages libidn)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages databases)
  #:use-module (gnu packages readline)
  #:use-module (gnu packages tls)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix utils)
  #:use-module (guix build-system gnu))

(define-public mit-krb5
  (package
    (name "mit-krb5")
    (version "1.14.4")
    (source (origin
              (method url-fetch)
              (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
                                  (version-major+minor version)
                                  "/krb5-" version ".tar.gz"))
              (sha256
               (base32
                "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("bison" ,bison)
       ("perl" ,perl)))
    (arguments
     `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
       ;; needed by 'authgss_prot.so'."
       #:parallel-build? #f

       ;; Likewise with tests.
       #:parallel-tests? #f

       ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
       ;; while running the tests in 'src/tests'.
       #:tests? ,(string=? (%current-system) "x86_64-linux")

       #:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'enter-source-directory
           (lambda _
             (chdir "src")
             #t))
         (add-before 'check 'pre-check
           (lambda* (#:key inputs #:allow-other-keys)
             (let ((perl (assoc-ref inputs "perl")))
               (substitute* "plugins/kdb/db2/libdb2/test/run.test"
                 (("/bin/cat") (string-append perl "/bin/perl"))
                 (("D/bin/sh") (string-append "D" (which "sh")))
                 (("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))

             ;; avoid service names since /etc/services is unavailable
             (substitute* "tests/resolve/Makefile"
               (("-p telnet") "-p 23"))
             #t)))))
    (synopsis "MIT Kerberos 5")
    (description
     "Massachusetts Institute of Technology implementation of Kerberos.
Kerberos is a network authentication protocol designed to provide strong
authentication for client/server applications by using secret-key
cryptography.")
    (license (license:non-copyleft "file://NOTICE"
                                   "See NOTICE in the distribution."))
    (home-page "http://web.mit.edu/kerberos/")
    (properties '((cpe-name . "kerberos")))))

(define-public shishi
  (package
    (name "shishi")
    (version "1.0.2")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "mirror://gnu/shishi/shishi-"
                          version ".tar.gz"))
      (sha256
       (base32
        "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d"))))
    (build-system gnu-build-system)
    (native-inputs `(("pkg-config" ,pkg-config)))
    (inputs
     `(("gnutls" ,gnutls)
       ("libidn" ,libidn)
       ("linux-pam" ,linux-pam-1.2)
       ("zlib" ,zlib)
       ;; libgcrypt 1.6 fails because of the following test:
       ;;  #include <gcrypt.h>
       ;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
       ;;    will fail on startup if we don't have 1.4.4 or later, so
       ;;    test for it early. */
       ;; #if !defined GCRY_MODULE_ID_USER
       ;; error too old libgcrypt
       ;; #endif
       ("libgcrypt" ,libgcrypt-1.5)
       ("libtasn1" ,libtasn1)))
    (home-page "https://www.gnu.org/software/shishi/")
    (synopsis "Implementation of the Kerberos 5 network security system")
    (description
     "GNU Shishi is a free implementation of the Kerberos 5 network security
system.  It is used to allow non-secure network nodes to communicate in a
secure manner through client-server mutual authentication via tickets.")
    (license license:gpl3+)))

(define-public heimdal
  (package
    (name "heimdal")
    (version "1.5.3")
    (source (origin
              (method url-fetch)
              (uri (string-append "http://www.h5l.org/dist/src/heimdal-"
                                  version ".tar.gz"))
              (sha256
               (base32
                "19gypf9vzfrs2bw231qljfl4cqc1riyg0ai0xmm1nd1wngnpphma"))
              (patches (search-patches "heimdal-CVE-2017-6594.patch"
                                       "heimdal-CVE-2017-11103.patch"))
              (modules '((guix build utils)))
              (snippet
               '(substitute* "configure"
                  (("User=.*$") "User=Guix\n")
                  (("Date=.*$") "Date=2017\n")))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags (list
                          ;; Work around a linker error.
                          "CFLAGS=-pthread"

                          ;; Avoid 7 MiB of .a files.
                          "--disable-static"

                          ;; Do not build libedit.
                          (string-append
                           "--with-readline-lib="
                           (assoc-ref %build-inputs "readline") "/lib")
                          (string-append
                           "--with-readline-include="
                           (assoc-ref %build-inputs "readline") "/include"))

       #:phases (modify-phases %standard-phases
                  (add-before 'check 'skip-tests
                    (lambda _
                      ;; The test simply runs 'ftp --version && ftp --help'
                      ;; but that fails in the chroot because 'ftp' tries to
                      ;; do a service lookup before printing the help/version.
                      (substitute* "appl/ftp/ftp/Makefile.in"
                        (("^CHECK_LOCAL =.*")
                         "CHECK_LOCAL = no-check-local\n"))
                      #t)))))
    (native-inputs `(("e2fsprogs" ,e2fsprogs)))   ;for 'compile_et'
    (inputs `(("readline" ,readline)
              ("bdb" ,bdb)
              ("e2fsprogs" ,e2fsprogs)))          ;for libcom_err
    (home-page "http://www.h5l.org/")
    (synopsis "Kerberos 5 network authentication")
    (description
     "Heimdal is an implementation of Kerberos 5 network authentication
service.")
    (license license:bsd-3)))
Commit	Line	Data
233e7676	1	;;; GNU Guix --- Functional package management for GNU
079fca3b	2	;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
89e34644	3	;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
6f8ede1a	4	;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
a007d699	5	;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
89e34644	6	;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
67fee545	7	;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org>
9dc6f288	8	;;;
233e7676	9	;;; This file is part of GNU Guix.
9dc6f288	10	;;;
233e7676	11	;;; GNU Guix is free software; you can redistribute it and/or modify it
9dc6f288 AE	12	;;; under the terms of the GNU General Public License as published by
	13	;;; the Free Software Foundation; either version 3 of the License, or (at
	14	;;; your option) any later version.
	15	;;;
233e7676	16	;;; GNU Guix is distributed in the hope that it will be useful, but
9dc6f288 AE	17	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	18	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	;;; GNU General Public License for more details.
	20	;;;
	21	;;; You should have received a copy of the GNU General Public License
233e7676	22	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
9dc6f288	23
89e34644	24	(define-module (gnu packages kerberos)
59a43334	25	#:use-module (gnu packages)
1ffa7090 LC	26	#:use-module (gnu packages bison)
1ffa7090 LC	27	#:use-module (gnu packages perl)
89e34644 LC	28	#:use-module (gnu packages gnupg)
	29	#:use-module (gnu packages libidn)
	30	#:use-module (gnu packages linux)
	31	#:use-module (gnu packages pkg-config)
	32	#:use-module (gnu packages compression)
67fee545 LC	33	#:use-module (gnu packages databases)
67fee545 LC	34	#:use-module (gnu packages readline)
89e34644 LC	35	#:use-module (gnu packages tls)
89e34644 LC	36	#:use-module ((guix licenses) #:prefix license:)
9dc6f288 AE	37	#:use-module (guix packages)
9dc6f288 AE	38	#:use-module (guix download)
4d53c29e	39	#:use-module (guix utils)
9dc6f288 AE	40	#:use-module (guix build-system gnu))
	41
	42	(define-public mit-krb5
	43	(package
df8a09c7	44	(name "mit-krb5")
58ea4d40	45	(version "1.14.4")
df8a09c7 LC	46	(source (origin
df8a09c7 LC	47	(method url-fetch)
16114c34	48	(uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
4d53c29e	49	(version-major+minor version)
16114c34 MW	50	"/krb5-" version ".tar.gz"))
	51	(sha256
	52	(base32
58ea4d40	53	"158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3"))))
df8a09c7 LC	54	(build-system gnu-build-system)
df8a09c7 LC	55	(native-inputs
9715df7f	56	`(("bison" ,bison)
16114c34	57	("perl" ,perl)))
df8a09c7	58	(arguments
a083b5cb LC	59	`(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
	60	;; needed by 'authgss_prot.so'."
	61	#:parallel-build? #f
	62
	63	;; Likewise with tests.
	64	#:parallel-tests? #f
	65
d2375c43 LC	66	;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
	67	;; while running the tests in 'src/tests'.
	68	#:tests? ,(string=? (%current-system) "x86_64-linux")
d9ecec9b	69
a083b5cb	70	#:phases
4d53c29e	71	(modify-phases %standard-phases
16114c34	72	(add-after 'unpack 'enter-source-directory
4d53c29e MW	73	(lambda _
	74	(chdir "src")
	75	#t))
4d53c29e MW	76	(add-before 'check 'pre-check
	77	(lambda* (#:key inputs #:allow-other-keys)
	78	(let ((perl (assoc-ref inputs "perl")))
	79	(substitute* "plugins/kdb/db2/libdb2/test/run.test"
	80	(("/bin/cat") (string-append perl "/bin/perl"))
58ea4d40	81	(("D/bin/sh") (string-append "D" (which "sh")))
4d53c29e MW	82	(("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))
	83
	84	;; avoid service names since /etc/services is unavailable
df8a09c7 LC	85	(substitute* "tests/resolve/Makefile"
df8a09c7 LC	86	(("-p telnet") "-p 23"))
4d53c29e	87	#t)))))
df8a09c7 LC	88	(synopsis "MIT Kerberos 5")
	89	(description
	90	"Massachusetts Institute of Technology implementation of Kerberos.
9dc6f288	91	Kerberos is a network authentication protocol designed to provide strong
e881752c AK	92	authentication for client/server applications by using secret-key
e881752c AK	93	cryptography.")
89e34644 LC	94	(license (license:non-copyleft "file://NOTICE"
89e34644 LC	95	"See NOTICE in the distribution."))
5e578674 TGR	96	(home-page "http://web.mit.edu/kerberos/")
5e578674 TGR	97	(properties '((cpe-name . "kerberos")))))
89e34644 LC	98
	99	(define-public shishi
	100	(package
	101	(name "shishi")
	102	(version "1.0.2")
	103	(source
	104	(origin
	105	(method url-fetch)
	106	(uri (string-append "mirror://gnu/shishi/shishi-"
	107	version ".tar.gz"))
	108	(sha256
	109	(base32
	110	"032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d"))))
	111	(build-system gnu-build-system)
	112	(native-inputs `(("pkg-config" ,pkg-config)))
	113	(inputs
	114	`(("gnutls" ,gnutls)
	115	("libidn" ,libidn)
	116	("linux-pam" ,linux-pam-1.2)
	117	("zlib" ,zlib)
	118	;; libgcrypt 1.6 fails because of the following test:
	119	;; #include <gcrypt.h>
	120	;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
	121	;; will fail on startup if we don't have 1.4.4 or later, so
	122	;; test for it early. */
	123	;; #if !defined GCRY_MODULE_ID_USER
	124	;; error too old libgcrypt
	125	;; #endif
	126	("libgcrypt" ,libgcrypt-1.5)
	127	("libtasn1" ,libtasn1)))
6fd52309	128	(home-page "https://www.gnu.org/software/shishi/")
89e34644 LC	129	(synopsis "Implementation of the Kerberos 5 network security system")
	130	(description
	131	"GNU Shishi is a free implementation of the Kerberos 5 network security
	132	system. It is used to allow non-secure network nodes to communicate in a
	133	secure manner through client-server mutual authentication via tickets.")
	134	(license license:gpl3+)))
67fee545 LC	135
	136	(define-public heimdal
	137	(package
	138	(name "heimdal")
	139	(version "1.5.3")
	140	(source (origin
	141	(method url-fetch)
	142	(uri (string-append "http://www.h5l.org/dist/src/heimdal-"
	143	version ".tar.gz"))
	144	(sha256
	145	(base32
	146	"19gypf9vzfrs2bw231qljfl4cqc1riyg0ai0xmm1nd1wngnpphma"))
81c35029 AV	147	(patches (search-patches "heimdal-CVE-2017-6594.patch"
81c35029 AV	148	"heimdal-CVE-2017-11103.patch"))
67fee545 LC	149	(modules '((guix build utils)))
	150	(snippet
	151	'(substitute* "configure"
	152	(("User=.*$") "User=Guix\n")
	153	(("Date=.*$") "Date=2017\n")))))
	154	(build-system gnu-build-system)
	155	(arguments
	156	'(#:configure-flags (list
	157	;; Work around a linker error.
	158	"CFLAGS=-pthread"
	159
	160	;; Avoid 7 MiB of .a files.
	161	"--disable-static"
	162
	163	;; Do not build libedit.
	164	(string-append
	165	"--with-readline-lib="
	166	(assoc-ref %build-inputs "readline") "/lib")
	167	(string-append
	168	"--with-readline-include="
	169	(assoc-ref %build-inputs "readline") "/include"))
	170
	171	#:phases (modify-phases %standard-phases
	172	(add-before 'check 'skip-tests
	173	(lambda _
	174	;; The test simply runs 'ftp --version && ftp --help'
	175	;; but that fails in the chroot because 'ftp' tries to
	176	;; do a service lookup before printing the help/version.
	177	(substitute* "appl/ftp/ftp/Makefile.in"
	178	(("^CHECK_LOCAL =.*")
	179	"CHECK_LOCAL = no-check-local\n"))
	180	#t)))))
	181	(native-inputs `(("e2fsprogs" ,e2fsprogs))) ;for 'compile_et'
	182	(inputs `(("readline" ,readline)
	183	("bdb" ,bdb)
	184	("e2fsprogs" ,e2fsprogs))) ;for libcom_err
	185	(home-page "http://www.h5l.org/")
	186	(synopsis "Kerberos 5 network authentication")
	187	(description
	188	"Heimdal is an implementation of Kerberos 5 network authentication
	189	service.")
	190	(license license:bsd-3)))