HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
doc: "filesystem" -> "file system"
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
caeadfdd 2;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
80cc3a0a 3;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
7890e3ba 7;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
3ea110b7 8;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
679b535b 9;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
7543f865 11;;;
233e7676 12;;; This file is part of GNU Guix.
7543f865 13;;;
233e7676 14;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 15;;; under the terms of the GNU General Public License as published by
16;;; the Free Software Foundation; either version 3 of the License, or (at
17;;; your option) any later version.
18;;;
233e7676 19;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 20;;; WITHOUT ANY WARRANTY; without even the implied warranty of
21;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22;;; GNU General Public License for more details.
23;;;
24;;; You should have received a copy of the GNU General Public License
233e7676 25;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 26
a7fd7b68 27(define-module (gnu packages tls)
e9aa8d0c 28 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 29 #:use-module (guix packages)
30 #:use-module (guix download)
29a7c98a 31 #:use-module (guix utils)
7543f865 32 #:use-module (guix build-system gnu)
cc2b77df 33 #:use-module (guix build-system perl)
7890e3ba 34 #:use-module (guix build-system python)
f61e0e79 35 #:use-module (gnu packages compression)
013ce67b 36 #:use-module (gnu packages)
1ffa7090 37 #:use-module (gnu packages guile)
0581c273 38 #:use-module (gnu packages libbsd)
27e86bed 39 #:use-module (gnu packages libffi)
866f469e 40 #:use-module (gnu packages libidn)
5d4c90ae 41 #:use-module (gnu packages linux)
7890e3ba 42 #:use-module (gnu packages ncurses)
27e86bed 43 #:use-module (gnu packages nettle)
1ffa7090 44 #:use-module (gnu packages perl)
27e86bed 45 #:use-module (gnu packages pkg-config)
7890e3ba 46 #:use-module (gnu packages python)
a31f4d35 47 #:use-module (gnu packages texinfo)
ce0614dd 48 #:use-module (gnu packages base))
7543f865
LC		 49
50(define-public libtasn1
51 (package
52 (name "libtasn1")
dffded62 53 (version "4.8")
7543f865
LC		 54 (source
55 (origin
56 (method url-fetch)
57 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
58 version ".tar.gz"))
59 (sha256
60 (base32
dffded62 61 "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))
7543f865 62 (build-system gnu-build-system)
3ea110b7 63 (native-inputs `(("perl" ,perl)))
7543f865 64 (home-page "http://www.gnu.org/software/libtasn1/")
f50d2669 65 (synopsis "ASN.1 library")
7543f865 66 (description
79c311b8
LC		 67 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
68for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 69networking, allowing for formal validation of data according to some
70specifications.")
e9aa8d0c 71 (license license:lgpl2.0+)))
7543f865 72
375cef6c
HG		 73(define-public asn1c
74 (package
75 (name "asn1c")
76 (version "0.9.27")
77 (source (origin
78 (method url-fetch)
79 (uri (string-append "https://lionet.info/soft/asn1c-"
80 version ".tar.gz"))
81 (sha256
82 (base32
83 "17nvn2kzvlryasr9dzqg6gs27b9lvqpval0k31pb64bjqbhn8pq2"))))
84 (build-system gnu-build-system)
85 (native-inputs
86 `(("perl" ,perl)))
87 (home-page "https://lionet.info/asn1c")
88 (synopsis "ASN.1 to C compiler")
89 (description "The ASN.1 to C compiler takes ASN.1 module
90files and generates C++ compatible C source code. That code can be
91used to serialize the native C structures into compact and unambiguous
92BER/XER/PER-based data files, and deserialize the files back.
93
94Various ASN.1 based formats are widely used in the industry, such as to encode
95the X.509 certificates employed in the HTTPS handshake, to exchange control
96data between mobile phones and cellular networks, to car-to-car communication
97in intelligent transportation networks.")
98 (license license:bsd-2)))
99
27e86bed
AE		 100(define-public p11-kit
101 (package
102 (name "p11-kit")
14fe9488 103 (version "0.23.1")
27e86bed
AE		 104 (source
105 (origin
106 (method url-fetch)
5cc3096c 107 (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-"
27e86bed
AE		 108 version ".tar.gz"))
109 (sha256
110 (base32
14fe9488 111 "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
27e86bed
AE		 112 (modules '((guix build utils))) ; for substitute*
113 (snippet
114 '(begin
115 ;; Drop one test that fails, also when trying to compile manually.
116 ;; Reported upstream at
117 ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
118 (substitute* "Makefile.in"
119 (("test-module\\$\\(EXEEXT\\) ") ""))))))
120 (build-system gnu-build-system)
121 (native-inputs
122 `(("pkg-config" ,pkg-config)))
123 (inputs
124 `(("libffi" ,libffi)
125 ("libtasn1" ,libtasn1)))
126 (arguments
127 `(#:configure-flags '("--without-trust-paths")))
128 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
129 (synopsis "PKCS#11 library")
130 (description
131 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
132provides a standard configuration setup for installing PKCS#11 modules
133in such a way that they are discoverable. It also solves problems with
134coordinating the use of PKCS#11 by different components or libraries
135living in the same process.")
e9aa8d0c 136 (license license:bsd-3)))
27e86bed 137
7543f865
LC		 138(define-public gnutls
139 (package
140 (name "gnutls")
974e2b29 141 (replacement gnutls-3.5.4)
5d4c90ae 142 (version "3.5.2")
d7d408d5
LC		 143 (source (origin
144 (method url-fetch)
145 (uri
146 ;; Note: Releases are no longer on ftp.gnu.org since the
147 ;; schism (after version 3.1.5).
d93627e4 148 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 149 (version-major+minor version)
d93627e4 150 "/gnutls-" version ".tar.xz"))
d7d408d5
LC		 151 (sha256
152 (base32
5d4c90ae 153 "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b"))))
7543f865 154 (build-system gnu-build-system)
b94ae0b8
AK		 155 (arguments
156 '(#:configure-flags
157 (list (string-append "--with-guile-site-dir="
158 (assoc-ref %outputs "out")
aa7c7f21
MW		 159 "/share/guile/site/2.0")
160 ;; GnuTLS doesn't consult any environment variables to specify
161 ;; the location of the system-wide trust store. Instead it has a
162 ;; configure-time option. Unless specified, its configure script
163 ;; attempts to auto-detect the location by looking for common
8f65585b 164 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 165 ;; chroot build environment. If not found, then no default trust
166 ;; store is used, so each program has to provide its own
167 ;; fallback, and users have to configure each program
168 ;; independently. This seems suboptimal.
866f469e
MW		 169 "--with-default-trust-store-dir=/etc/ssl/certs"
170
171 ;; FIXME: Temporarily disable p11-kit support since it is not
172 ;; working on mips64el.
606c6380
LC		 173 "--without-p11-kit")
174
175 #:phases (modify-phases %standard-phases
176 (add-after
177 'install 'move-doc
178 (lambda* (#:key outputs #:allow-other-keys)
179 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
180 (let* ((out (assoc-ref outputs "out"))
181 (doc (assoc-ref outputs "doc"))
9cdce047 182 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 183 (oldman (string-append out "/share/man/man3")))
184 (mkdir-p mandir)
185 (copy-recursively oldman mandir)
186 (delete-file-recursively oldman)
187 #t))))))
188 (outputs '("out" ;4.4 MiB
189 "debug"
190 "doc")) ;4.1 MiB of man pages
a1db0975 191 (native-inputs
5d4c90ae
LF		 192 `(("net-tools" ,net-tools)
193 ("pkg-config" ,pkg-config)
d2fcfd3d 194 ("which" ,which)))
7543f865
LC		 195 (inputs
196 `(("guile" ,guile-2.0)
0cb9b456 197 ("perl" ,perl)))
7543f865 198 (propagated-inputs
d2fcfd3d 199 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 200 `(("libtasn1" ,libtasn1)
866f469e
MW		 201 ("libidn" ,libidn)
202 ("nettle" ,nettle)
f61e0e79 203 ("zlib" ,zlib)))
c19700c3 204 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 205 (synopsis "Transport layer security library")
7543f865 206 (description
a22dc0c4 207 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 208and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 209protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
210required structures.")
63e8bb12
LC		 211 (license license:lgpl2.1+)
212 (properties '((ftp-server . "ftp.gnutls.org")
213 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 214
974e2b29
LF		 215(define gnutls-3.5.4
216 (package
217 (inherit gnutls)
218 (source
219 (let ((version "3.5.4"))
220 (origin
221 (method url-fetch)
222 (uri (string-append "mirror://gnupg/gnutls/v"
223 (version-major+minor version)
224 "/gnutls-" version ".tar.xz"))
225 (sha256
226 (base32
227 "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))))
228
cc2b77df
AE		 229(define-public openssl
230 (package
231 (name "openssl")
1d30d554 232 (version "1.0.2h")
cc2b77df 233 (source (origin
4cff124b
LC		 234 (method url-fetch)
235 (uri (list (string-append "ftp://ftp.openssl.org/source/"
236 name "-" version ".tar.gz")
237 (string-append "ftp://ftp.openssl.org/source/old/"
238 (string-trim-right version char-set:letter)
239 "/" name "-" version ".tar.gz")))
240 (sha256
241 (base32
1d30d554 242 "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
fc1adab1 243 (patches (search-patches "openssl-runpath.patch"
c0eeccbc
LC		 244 "openssl-c-rehash-in.patch"
245 "openssl-CVE-2016-2177.patch"
246 "openssl-CVE-2016-2178.patch"))))
cc2b77df 247 (build-system gnu-build-system)
8c78aeb7 248 (outputs '("out"
a909b576 249 "doc" ;1.5MiB of man3 pages
8c78aeb7 250 "static")) ;6MiB of .a files
cc2b77df
AE		 251 (native-inputs `(("perl" ,perl)))
252 (arguments
d03781c3
LC		 253 `(#:disallowed-references (,perl)
254 #:parallel-build? #f
cc2b77df
AE		 255 #:parallel-tests? #f
256 #:test-target "test"
8c9ec203
LF		 257
258 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
259 ;; so we explicitly disallow it here.
260 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 261 #:phases
b6cb1358 262 (modify-phases %standard-phases
4fb254a3 263 (add-before
86c8f1da 264 'configure 'patch-Makefile.org
4fb254a3
LC		 265 (lambda* (#:key outputs #:allow-other-keys)
266 ;; The default MANDIR is some unusual place. Fix that.
267 (let ((out (assoc-ref outputs "out")))
86c8f1da 268 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 269 (substitute* "Makefile.org"
270 (("^MANDIR[[:blank:]]*=.*$")
271 (string-append "MANDIR = " out "/share/man\n")))
272 #t)))
b6cb1358
LC		 273 (replace
274 'configure
275 (lambda* (#:key outputs #:allow-other-keys)
276 (let ((out (assoc-ref outputs "out")))
277 (zero?
278 (system* "./config"
279 "shared" ;build shared libraries
280 "--libdir=lib"
4fb254a3
LC		 281
282 ;; The default for this catch-all directory is
283 ;; PREFIX/ssl. Change that to something more
284 ;; conventional.
285 (string-append "--openssldir=" out
286 "/share/openssl-" ,version)
287
b6cb1358
LC		 288 (string-append "--prefix=" out)
289
290 ;; XXX FIXME: Work around a code generation bug in GCC
291 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
292 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
293 ,@(if (and (not (%current-target-system))
294 (string-prefix? "armhf" (%current-system)))
295 '("-mfpu=vfpv3")
296 '()))))))
fe8199a8
LC		 297 (add-after
298 'install 'make-libraries-writable
299 (lambda* (#:key outputs #:allow-other-keys)
300 ;; Make libraries writable so that 'strip' does its job.
301 (let ((out (assoc-ref outputs "out")))
302 (for-each (lambda (file)
303 (chmod file #o644))
304 (find-files (string-append out "/lib")
305 "\\.so"))
306 #t)))
8c78aeb7
LC		 307 (add-after 'install 'move-static-libraries
308 (lambda* (#:key outputs #:allow-other-keys)
309 ;; Move static libraries to the "static" output.
310 (let* ((out (assoc-ref outputs "out"))
311 (lib (string-append out "/lib"))
312 (static (assoc-ref outputs "static"))
313 (slib (string-append static "/lib")))
314 (mkdir-p slib)
315 (for-each (lambda (file)
316 (install-file file slib)
317 (delete-file file))
318 (find-files lib "\\.a$"))
319 #t)))
a909b576
LC		 320 (add-after 'install 'move-man3-pages
321 (lambda* (#:key outputs #:allow-other-keys)
322 ;; Move section 3 man pages to "doc".
323 (let* ((out (assoc-ref outputs "out"))
324 (man3 (string-append out "/share/man/man3"))
325 (doc (assoc-ref outputs "doc"))
326 (target (string-append doc "/share/man/man3")))
327 (mkdir-p target)
328 (for-each (lambda (file)
329 (rename-file file
330 (string-append target "/"
331 (basename file))))
332 (find-files man3))
333 #t)))
b6cb1358
LC		 334 (add-before
335 'patch-source-shebangs 'patch-tests
336 (lambda* (#:key inputs native-inputs #:allow-other-keys)
337 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
338 (substitute* (find-files "test" ".*")
339 (("/bin/sh")
340 (string-append bash "/bin/bash"))
341 (("/bin/rm")
86c8f1da
MW		 342 "rm"))
343 #t)))
784d6e91
LC		 344 (add-after
345 'install 'remove-miscellany
346 (lambda* (#:key outputs #:allow-other-keys)
347 ;; The 'misc' directory contains random undocumented shell and Perl
348 ;; scripts. Remove them to avoid retaining a reference on Perl.
349 (let ((out (assoc-ref outputs "out")))
350 (delete-file-recursively (string-append out "/share/openssl-"
351 ,version "/misc"))
352 #t))))))
cc2b77df
AE		 353 (native-search-paths
354 ;; FIXME: These two variables must designate a single file or directory
355 ;; and are not actually "search paths." In practice it works OK in user
356 ;; profiles because there's always just one item that matches the
357 ;; specification.
358 (list (search-path-specification
359 (variable "SSL_CERT_DIR")
360 (files '("etc/ssl/certs")))
361 (search-path-specification
362 (variable "SSL_CERT_FILE")
363 (files '("etc/ssl/certs/ca-certificates.crt")))))
364 (synopsis "SSL/TLS implementation")
365 (description
e881752c 366 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 367 (license license:openssl)
cc2b77df
AE		 368 (home-page "http://www.openssl.org/")))
369
763899f0
LF		 370(define-public openssl-next
371 (package
372 (inherit openssl)
373 (name "openssl")
374 (version "1.1.0")
375 (source (origin
376 (method url-fetch)
377 (uri (list (string-append "ftp://ftp.openssl.org/source/"
378 name "-" version ".tar.gz")
379 (string-append "ftp://ftp.openssl.org/source/old/"
380 (string-trim-right version char-set:letter)
381 "/" name "-" version ".tar.gz")))
382 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
383 (sha256
384 (base32
385 "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm"))))
386 (outputs '("out"
387 "doc" ;1.3MiB of man3 pages
388 "static")) ; 5.5MiB of .a files
389 (arguments
390 (substitute-keyword-arguments (package-arguments openssl)
391 ((#:phases phases)
392 `(modify-phases ,phases
393 (delete 'patch-tests) ; These two phases are not needed by
394 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
395
396 (add-after 'configure 'patch-runpath
397 (lambda* (#:key outputs #:allow-other-keys)
398 (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
399 (substitute* "Makefile.shared"
400 (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}")
401 (string-append "$${SHAREDCMD} $${SHAREDFLAGS}"
402 " -Wl,-rpath," lib)))
403 #t)))))))))
404
cb6a802c
AE		 405(define-public libressl
406 (package
407 (name "libressl")
deb6482e 408 (version "2.4.2")
cb6a802c
AE		 409 (source
410 (origin
411 (method url-fetch)
412 (uri (string-append
413 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
414 version ".tar.gz"))
1a957c21
LF		 415 (sha256
416 (base32
deb6482e 417 "1qyrcyzrrn6r9cqvm66ib72qyr65q4hrdyiq1vb24a6nwmwdg1sz"))))
cb6a802c
AE		 418 (build-system gnu-build-system)
419 (native-search-paths
420 ;; FIXME: These two variables must designate a single file or directory
421 ;; and are not actually "search paths." In practice it works OK in
422 ;; user profiles because there's always just one item that matches the
423 ;; specification.
424 (list (search-path-specification
425 (variable "SSL_CERT_DIR")
426 (files '("etc/ssl/certs")))
427 (search-path-specification
428 (variable "SSL_CERT_FILE")
429 (files '("etc/ssl/certs/ca-certificates.crt")))))
430 (home-page "http://www.libressl.org/")
431 (synopsis "SSL/TLS implementation")
432 (description "LibreSSL is a version of the TLS/crypto stack forked
433from OpenSSL in 2014, with the goals of modernizing the codebase, improving
434security, and applying best practice development processes.")
435 ;; Files taken from OpenSSL keep their license, others are under various
436 ;; non-copyleft licenses.
437 (license (list license:openssl
438 (license:non-copyleft
439 "file://COPYING"
440 "See COPYING in the distribution.")))))
441
6cefd53d 442(define-public python-acme
7890e3ba 443 (package
6cefd53d 444 (name "python-acme")
65924b10 445 (version "0.8.1")
7890e3ba 446 (source (origin
9495cf9a
LF		 447 (method url-fetch)
448 (uri (string-append
449 "https://pypi.python.org/packages/"
65924b10 450 "f5/7a/11a99b5d1d1c692f6eed27cfab69e6ba4d2f0c2a461d2607e6a930ff2c68/"
9495cf9a 451 "acme-" version ".tar.gz"))
7890e3ba
LF		 452 (sha256
453 (base32
65924b10 454 "17vx2miczpd8ww4xizmc0nca2c7jf04wnhfnswx2bxhb537lmsnk"))))
7890e3ba
LF		 455 (build-system python-build-system)
456 (arguments
6cefd53d 457 `(#:phases
9bee9d87
LF		 458 (modify-phases %standard-phases
459 (add-before 'install 'disable-egg-compression
460 (lambda _
461 ;; Do not compress the egg.
462 ;; See <http://bugs.gnu.org/20765>.
463 (let ((port (open-file "setup.cfg" "a")))
464 (display "\n[easy_install]\nzip_ok = 0\n"
465 port)
466 (close-port port)
50a7963a
LF		 467 #t)))
468 (add-after 'install 'docs
469 (lambda* (#:key outputs #:allow-other-keys)
470 (let* ((out (assoc-ref outputs "out"))
471 (man (string-append out "/share/man/man1"))
472 (info (string-append out "/info")))
473 (and (zero? (system* "make" "-C" "docs" "man" "info"))
474 (install-file "docs/_build/texinfo/acme-python.info" info)
475 (install-file "docs/_build/man/acme-python.1" man)
476 #t)))))))
477 ;; TODO: Add optional inputs for testing.
7890e3ba 478 (native-inputs
6cefd53d 479 `(("python-mock" ,python-mock)
50a7963a
LF		 480 ;; For documentation
481 ("python-sphinx" ,python-sphinx)
482 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
483 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
484 ("python-setuptools" ,python-setuptools)
485 ("texinfo" ,texinfo)))
7890e3ba 486 (propagated-inputs
6cefd53d
LF		 487 `(("python-ndg-httpsclient" ,python-ndg-httpsclient)
488 ("python-werkzeug" ,python-werkzeug)
489 ("python-six" ,python-six)
490 ("python-requests" ,python-requests)
491 ("python-pytz" ,python-pytz)
492 ("python-pyrfc3339" ,python-pyrfc3339)
493 ("python-pyasn1" ,python-pyasn1)
494 ("python-cryptography" ,python-cryptography)
495 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 496 (home-page "https://github.com/letsencrypt/letsencrypt")
497 (synopsis "ACME protocol implementation in Python")
498 (description "ACME protocol implementation in Python")
499 (license license:asl2.0)))
500
6cefd53d
LF		 501(define-public python2-acme
502 (package-with-python2 python-acme))
503
9495cf9a 504(define-public certbot
9fd0838b 505 (package
9495cf9a 506 (name "certbot")
65924b10 507 (version "0.8.1")
9fd0838b
DT		 508 (source (origin
509 (method url-fetch)
9495cf9a
LF		 510 (uri (string-append
511 "https://pypi.python.org/packages/"
65924b10 512 "a2/3b/4756e6a0ceb14e084042a2a65c615d68d25621c6fd446d0fc10d14c4ce7d/"
9495cf9a 513 name "-" version ".tar.gz"))
9fd0838b
DT		 514 (sha256
515 (base32
65924b10 516 "0w972cf2mk74aji5d8dylg3jw6wczg01gb4asf3ndv8c64yxza3c"))))
9fd0838b
DT		 517 (build-system python-build-system)
518 (arguments
f9263d9a
LF		 519 `(#:python ,python-2
520 #:phases
521 (modify-phases %standard-phases
234d0b69 522 (add-after 'build 'docs
f9263d9a
LF		 523 (lambda* (#:key outputs #:allow-other-keys)
524 (let* ((out (assoc-ref outputs "out"))
525 (man1 (string-append out "/share/man/man1"))
526 (man7 (string-append out "/share/man/man7"))
527 (info (string-append out "/info")))
f9263d9a
LF		 528 (and
529 (zero? (system* "make" "-C" "docs" "man" "info"))
9495cf9a
LF		 530 (install-file "docs/_build/texinfo/Certbot.info" info)
531 (install-file "docs/_build/man/certbot.1" man1)
532 (install-file "docs/_build/man/certbot.7" man7)
f9263d9a
LF		 533 #t)))))))
534 ;; TODO: Add optional inputs for testing.
9fd0838b
DT		 535 (native-inputs
536 `(("python2-nose" ,python2-nose)
f9263d9a
LF		 537 ("python2-mock" ,python2-mock)
538 ;; For documentation
539 ("python2-sphinx" ,python2-sphinx)
540 ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
541 ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
542 ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
543 ("texinfo" ,texinfo)))
9fd0838b 544 (propagated-inputs
6cefd53d 545 `(("python2-acme" ,python2-acme)
9fd0838b
DT		 546 ("python2-zope-interface" ,python2-zope-interface)
547 ("python2-pythondialog" ,python2-pythondialog)
548 ("python2-pyrfc3339" ,python2-pyrfc3339)
549 ("python2-pyopenssl" ,python2-pyopenssl)
550 ("python2-configobj" ,python2-configobj)
551 ("python2-configargparse" ,python2-configargparse)
552 ("python2-zope-component" ,python2-zope-component)
553 ("python2-parsedatetime" ,python2-parsedatetime)
554 ("python2-six" ,python2-six)
555 ("python2-psutil" ,python2-psutil)
556 ("python2-requests" ,python2-requests)
557 ("python2-pytz" ,python2-pytz)))
d8a1be63 558 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
9fd0838b
DT		 559 (description "Tool to automatically receive and install X.509 certificates
560to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which
561will be issuing browser-trusted certificates for free.")
24778368 562 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 563 (license license:asl2.0)))
564
9495cf9a
LF		 565(define-public letsencrypt
566 (package (inherit certbot)
56ab55d1
LF		 567 (name "letsencrypt")
568 (properties `((superseded . ,certbot)))))
9495cf9a 569
cc2b77df
AE		 570(define-public perl-net-ssleay
571 (package
572 (name "perl-net-ssleay")
573 (version "1.68")
574 (source (origin
575 (method url-fetch)
576 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
577 "Net-SSLeay-" version ".tar.gz"))
578 (sha256
579 (base32
1084ec08 580 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
cc2b77df 581 (build-system perl-build-system)
1084ec08
MW		 582 (native-inputs
583 `(("patch" ,patch)
584 ("patch/disable-ede-test"
585 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
cc2b77df
AE		 586 (inputs `(("openssl" ,openssl)))
587 (arguments
1084ec08
MW		 588 `(#:phases
589 (modify-phases %standard-phases
590 (add-after
591 'unpack 'apply-patch
592 (lambda* (#:key inputs #:allow-other-keys)
593 ;; XXX We apply this patch here instead of in the 'origin' because
594 ;; this package's build system fails badly when the source file
595 ;; times are zeroed.
596 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
597 (zero? (system* "patch" "--force" "-p1" "-i"
598 (assoc-ref inputs "patch/disable-ede-test")))))
599 (add-before
600 'configure 'set-ssl-prefix
601 (lambda* (#:key inputs #:allow-other-keys)
602 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
603 #t)))))
cc2b77df
AE		 604 (synopsis "Perl extension for using OpenSSL")
605 (description
606 "This module offers some high level convenience functions for accessing
607web pages on SSL servers (for symmetry, the same API is offered for accessing
608http servers, too), an sslcat() function for writing your own clients, and
609finally access to the SSL api of the SSLeay/OpenSSL package so you can write
610servers or clients for more complicated applications.")
611 (license (package-license perl))
612 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 613
614(define-public perl-crypt-openssl-rsa
615 (package
616 (name "perl-crypt-openssl-rsa")
617 (version "0.28")
618 (source
619 (origin
620 (method url-fetch)
621 (uri (string-append
622 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
623 version
624 ".tar.gz"))
625 (sha256
626 (base32
627 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
628 (build-system perl-build-system)
629 (inputs
630 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
631 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
632 ("openssl" ,openssl)))
633 (arguments perl-crypt-arguments)
634 (home-page
635 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
636 (synopsis
637 "RSA encoding and decoding, using the openSSL libraries")
638 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
639OpenSSL libraries).")
640 (license (package-license perl))))
adff71ca
DM		 641
642(define perl-crypt-arguments
643 `(#:phases (modify-phases %standard-phases
644 (add-before 'configure 'patch-Makefile.PL
645 (lambda* (#:key inputs #:allow-other-keys)
646 (substitute* "Makefile.PL"
647 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
648 (assoc-ref inputs "openssl")
649 "/lib -lcrypto'],")))
650 #t)))))
651
652(define-public perl-crypt-openssl-bignum
653 (package
654 (name "perl-crypt-openssl-bignum")
655 (version "0.06")
656 (source
657 (origin
658 (method url-fetch)
659 (uri (string-append
660 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
661 version
662 ".tar.gz"))
663 (sha256
664 (base32
665 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
666 (build-system perl-build-system)
667 (inputs `(("openssl" ,openssl)))
668 (arguments perl-crypt-arguments)
669 (home-page
670 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
671 (synopsis
672 "OpenSSL's multiprecision integer arithmetic in Perl")
673 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
674arithmetic in Perl.")
675 ;; At your option either gpl1+ or the Artistic License
676 (license (package-license perl))))
cccb4d26
DM		 677
678(define-public perl-crypt-openssl-random
679 (package
680 (name "perl-crypt-openssl-random")
681 (version "0.11")
682 (source
683 (origin
684 (method url-fetch)
685 (uri (string-append
686 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
687 version
688 ".tar.gz"))
689 (sha256
690 (base32
691 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
692 (build-system perl-build-system)
693 (inputs `(("openssl" ,openssl)))
694 (arguments perl-crypt-arguments)
695 (home-page
696 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
697 (synopsis
698 "OpenSSL/LibreSSL pseudo-random number generator access")
699 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
700number generator")
701 (license (package-license perl))))
0581c273
LF		 702
703(define-public acme-client
704 (package
705 (name "acme-client")
706 (version "0.1.11")
707 (source (origin
708 (method url-fetch)
709 (uri (string-append "https://kristaps.bsd.lv/" name "/"
710 "snapshots/" name "-portable-"
711 version ".tgz"))
712 (sha256
713 (base32
714 "09pipyfk448gxqr7ci56gsq5la8wlydv7wwn9wk0zgjxmlh7h6fb"))))
715 (build-system gnu-build-system)
716 (arguments
717 '(#:tests? #f ; no test suite
718 #:make-flags
719 (list "CC=gcc"
720 (string-append "PREFIX=" (assoc-ref %outputs "out")))
721 #:phases
722 (modify-phases %standard-phases
723 (delete 'configure)))) ; no './configure' script
724 (inputs
725 `(("libbsd" ,libbsd)
726 ("libressl" ,libressl)))
727 (synopsis "Let's Encrypt client by the OpenBSD project")
728 (description "acme-client is a Let's Encrypt client implemented in C. It
729uses a modular design, and attempts to secure itself by dropping privileges and
730operating in a chroot where possible. acme-client is developed on OpenBSD and
731then ported to the GNU / Linux environment.")
732 (home-page "https://kristaps.bsd.lv/acme-client/")
733 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
734 ;; and 'jsmn.c' are distributed under the Expat license.
735 (license (list license:isc license:expat))))
jackhill's copy of GNU Guix: https://guix.gnu.org/