Commit | Line | Data |
---|---|---|
233e7676 | 1 | ;;; GNU Guix --- Functional package management for GNU |
ce0614dd | 2 | ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> |
d585f244 | 3 | ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> |
29a7c98a | 4 | ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> |
cc2b77df | 5 | ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> |
7543f865 | 6 | ;;; |
233e7676 | 7 | ;;; This file is part of GNU Guix. |
7543f865 | 8 | ;;; |
233e7676 | 9 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
7543f865 LC |
10 | ;;; under the terms of the GNU General Public License as published by |
11 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
12 | ;;; your option) any later version. | |
13 | ;;; | |
233e7676 | 14 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
7543f865 LC |
15 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | ;;; GNU General Public License for more details. | |
18 | ;;; | |
19 | ;;; You should have received a copy of the GNU General Public License | |
233e7676 | 20 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
7543f865 | 21 | |
a7fd7b68 | 22 | (define-module (gnu packages tls) |
cc2b77df AE |
23 | #:use-module ((guix licenses) |
24 | #:select (lgpl2.0+ lgpl2.1+ bsd-3 openssl)) | |
7543f865 LC |
25 | #:use-module (guix packages) |
26 | #:use-module (guix download) | |
29a7c98a | 27 | #:use-module (guix utils) |
7543f865 | 28 | #:use-module (guix build-system gnu) |
cc2b77df | 29 | #:use-module (guix build-system perl) |
f61e0e79 | 30 | #:use-module (gnu packages compression) |
013ce67b | 31 | #:use-module (gnu packages) |
1ffa7090 | 32 | #:use-module (gnu packages guile) |
27e86bed | 33 | #:use-module (gnu packages libffi) |
866f469e | 34 | #:use-module (gnu packages libidn) |
27e86bed | 35 | #:use-module (gnu packages nettle) |
1ffa7090 | 36 | #:use-module (gnu packages perl) |
27e86bed | 37 | #:use-module (gnu packages pkg-config) |
a31f4d35 | 38 | #:use-module (gnu packages texinfo) |
ce0614dd | 39 | #:use-module (gnu packages base)) |
7543f865 LC |
40 | |
41 | (define-public libtasn1 | |
42 | (package | |
43 | (name "libtasn1") | |
b8949a2f | 44 | (version "4.5") |
7543f865 LC |
45 | (source |
46 | (origin | |
47 | (method url-fetch) | |
48 | (uri (string-append "mirror://gnu/libtasn1/libtasn1-" | |
49 | version ".tar.gz")) | |
50 | (sha256 | |
51 | (base32 | |
b8949a2f | 52 | "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9")))) |
7543f865 | 53 | (build-system gnu-build-system) |
a31f4d35 LC |
54 | (native-inputs `(("perl" ,perl) |
55 | ||
56 | ;; XXX: For some reason, libtasn1.info wants to be | |
57 | ;; rebuilt, so we must provide 'makeinfo'. | |
58 | ("texinfo" ,texinfo))) | |
7543f865 | 59 | (home-page "http://www.gnu.org/software/libtasn1/") |
f50d2669 | 60 | (synopsis "ASN.1 library") |
7543f865 | 61 | (description |
79c311b8 LC |
62 | "GNU libtasn1 is a library implementing the ASN.1 notation. It is used |
63 | for transmitting machine-neutral encodings of data objects in computer | |
a22dc0c4 LC |
64 | networking, allowing for formal validation of data according to some |
65 | specifications.") | |
4a44e743 | 66 | (license lgpl2.0+))) |
7543f865 | 67 | |
27e86bed AE |
68 | (define-public p11-kit |
69 | (package | |
70 | (name "p11-kit") | |
14fe9488 | 71 | (version "0.23.1") |
27e86bed AE |
72 | (source |
73 | (origin | |
74 | (method url-fetch) | |
75 | (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-" | |
76 | version ".tar.gz")) | |
77 | (sha256 | |
78 | (base32 | |
14fe9488 | 79 | "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5")) |
27e86bed AE |
80 | (modules '((guix build utils))) ; for substitute* |
81 | (snippet | |
82 | '(begin | |
83 | ;; Drop one test that fails, also when trying to compile manually. | |
84 | ;; Reported upstream at | |
85 | ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027 | |
86 | (substitute* "Makefile.in" | |
87 | (("test-module\\$\\(EXEEXT\\) ") "")))))) | |
88 | (build-system gnu-build-system) | |
89 | (native-inputs | |
90 | `(("pkg-config" ,pkg-config))) | |
91 | (inputs | |
92 | `(("libffi" ,libffi) | |
93 | ("libtasn1" ,libtasn1))) | |
94 | (arguments | |
95 | `(#:configure-flags '("--without-trust-paths"))) | |
96 | (home-page "http://p11-glue.freedesktop.org/p11-kit.html") | |
97 | (synopsis "PKCS#11 library") | |
98 | (description | |
99 | "p11-kit provides a way to load and enumerate PKCS#11 modules. It | |
100 | provides a standard configuration setup for installing PKCS#11 modules | |
101 | in such a way that they are discoverable. It also solves problems with | |
102 | coordinating the use of PKCS#11 by different components or libraries | |
103 | living in the same process.") | |
104 | (license bsd-3))) | |
105 | ||
7543f865 LC |
106 | (define-public gnutls |
107 | (package | |
108 | (name "gnutls") | |
936715c9 | 109 | (version "3.4.1") |
d7d408d5 LC |
110 | (source (origin |
111 | (method url-fetch) | |
112 | (uri | |
113 | ;; Note: Releases are no longer on ftp.gnu.org since the | |
114 | ;; schism (after version 3.1.5). | |
d93627e4 | 115 | (string-append "mirror://gnupg/gnutls/v" |
29a7c98a | 116 | (version-major+minor version) |
d93627e4 | 117 | "/gnutls-" version ".tar.xz")) |
d7d408d5 LC |
118 | (sha256 |
119 | (base32 | |
936715c9 | 120 | "0bmih0zyiplr4v8798w0v9g3215zmganq18n8935cizkxj5zbdg9")))) |
7543f865 | 121 | (build-system gnu-build-system) |
b94ae0b8 AK |
122 | (arguments |
123 | '(#:configure-flags | |
124 | (list (string-append "--with-guile-site-dir=" | |
125 | (assoc-ref %outputs "out") | |
aa7c7f21 MW |
126 | "/share/guile/site/2.0") |
127 | ;; GnuTLS doesn't consult any environment variables to specify | |
128 | ;; the location of the system-wide trust store. Instead it has a | |
129 | ;; configure-time option. Unless specified, its configure script | |
130 | ;; attempts to auto-detect the location by looking for common | |
131 | ;; places in the filesystem, none of which are present in our | |
132 | ;; chroot build environment. If not found, then no default trust | |
133 | ;; store is used, so each program has to provide its own | |
134 | ;; fallback, and users have to configure each program | |
135 | ;; independently. This seems suboptimal. | |
866f469e MW |
136 | "--with-default-trust-store-dir=/etc/ssl/certs" |
137 | ||
138 | ;; FIXME: Temporarily disable p11-kit support since it is not | |
139 | ;; working on mips64el. | |
606c6380 LC |
140 | "--without-p11-kit") |
141 | ||
142 | #:phases (modify-phases %standard-phases | |
143 | (add-after | |
144 | 'install 'move-doc | |
145 | (lambda* (#:key outputs #:allow-other-keys) | |
146 | ;; Copy the 4.1 MiB of section 3 man pages to "doc". | |
147 | (let* ((out (assoc-ref outputs "out")) | |
148 | (doc (assoc-ref outputs "doc")) | |
149 | (mandir (string-append doc "/share/man")) | |
150 | (oldman (string-append out "/share/man/man3"))) | |
151 | (mkdir-p mandir) | |
152 | (copy-recursively oldman mandir) | |
153 | (delete-file-recursively oldman) | |
154 | #t)))))) | |
155 | (outputs '("out" ;4.4 MiB | |
156 | "debug" | |
157 | "doc")) ;4.1 MiB of man pages | |
a1db0975 | 158 | (native-inputs |
d2fcfd3d SB |
159 | `(("pkg-config" ,pkg-config) |
160 | ("which" ,which))) | |
7543f865 LC |
161 | (inputs |
162 | `(("guile" ,guile-2.0) | |
0cb9b456 | 163 | ("perl" ,perl))) |
7543f865 | 164 | (propagated-inputs |
d2fcfd3d | 165 | ;; These are all in the 'Requires.private' field of gnutls.pc. |
7543f865 | 166 | `(("libtasn1" ,libtasn1) |
866f469e MW |
167 | ("libidn" ,libidn) |
168 | ("nettle" ,nettle) | |
f61e0e79 | 169 | ("zlib" ,zlib))) |
7543f865 | 170 | (home-page "http://www.gnu.org/software/gnutls/") |
f50d2669 | 171 | (synopsis "Transport layer security library") |
7543f865 | 172 | (description |
a22dc0c4 | 173 | "GnuTLS is a secure communications library implementing the SSL, TLS |
79c311b8 | 174 | and DTLS protocols. It is provided in the form of a C library to support the |
a22dc0c4 LC |
175 | protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other |
176 | required structures.") | |
4a44e743 | 177 | (license lgpl2.1+))) |
cc2b77df AE |
178 | |
179 | (define-public openssl | |
180 | (package | |
181 | (name "openssl") | |
182 | (version "1.0.2c") | |
183 | (source (origin | |
184 | (method url-fetch) | |
185 | (uri (string-append "ftp://ftp.openssl.org/source/openssl-" version | |
186 | ".tar.gz")) | |
187 | (sha256 | |
188 | (base32 | |
189 | "10vasdg52qiyqvgbp14n9z7ghglmhzvag9qpiz2nfqssycvvlf00")) | |
190 | (patches (list (search-patch "openssl-runpath.patch"))))) | |
191 | (build-system gnu-build-system) | |
192 | (native-inputs `(("perl" ,perl))) | |
193 | (arguments | |
194 | '(#:parallel-build? #f | |
195 | #:parallel-tests? #f | |
196 | #:test-target "test" | |
197 | #:phases | |
198 | (alist-replace | |
199 | 'configure | |
200 | (lambda* (#:key outputs #:allow-other-keys) | |
201 | (let ((out (assoc-ref outputs "out"))) | |
202 | (zero? | |
203 | (system* "./config" | |
204 | "shared" ; build shared libraries | |
205 | "--libdir=lib" | |
206 | (string-append "--prefix=" out))))) | |
207 | (alist-cons-before | |
208 | 'patch-source-shebangs 'patch-tests | |
209 | (lambda* (#:key inputs native-inputs #:allow-other-keys) | |
210 | (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) | |
211 | (substitute* (find-files "test" ".*") | |
212 | (("/bin/sh") | |
213 | (string-append bash "/bin/bash")) | |
214 | (("/bin/rm") | |
215 | "rm")))) | |
216 | %standard-phases)))) | |
217 | (native-search-paths | |
218 | ;; FIXME: These two variables must designate a single file or directory | |
219 | ;; and are not actually "search paths." In practice it works OK in user | |
220 | ;; profiles because there's always just one item that matches the | |
221 | ;; specification. | |
222 | (list (search-path-specification | |
223 | (variable "SSL_CERT_DIR") | |
224 | (files '("etc/ssl/certs"))) | |
225 | (search-path-specification | |
226 | (variable "SSL_CERT_FILE") | |
227 | (files '("etc/ssl/certs/ca-certificates.crt"))))) | |
228 | (synopsis "SSL/TLS implementation") | |
229 | (description | |
230 | "OpenSSL is an implementation of SSL/TLS") | |
231 | (license openssl) | |
232 | (home-page "http://www.openssl.org/"))) | |
233 | ||
234 | (define-public perl-net-ssleay | |
235 | (package | |
236 | (name "perl-net-ssleay") | |
237 | (version "1.68") | |
238 | (source (origin | |
239 | (method url-fetch) | |
240 | (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/" | |
241 | "Net-SSLeay-" version ".tar.gz")) | |
242 | (sha256 | |
243 | (base32 | |
244 | "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p")) | |
245 | (patches | |
246 | ;; XXX Try removing this patch for perl-net-ssleay > 1.68 | |
247 | (list (search-patch "perl-net-ssleay-disable-ede-test.patch"))))) | |
248 | (build-system perl-build-system) | |
249 | (inputs `(("openssl" ,openssl))) | |
250 | (arguments | |
251 | `(#:phases (alist-cons-before | |
252 | 'configure 'set-ssl-prefix | |
253 | (lambda* (#:key inputs #:allow-other-keys) | |
254 | (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))) | |
255 | %standard-phases))) | |
256 | (synopsis "Perl extension for using OpenSSL") | |
257 | (description | |
258 | "This module offers some high level convenience functions for accessing | |
259 | web pages on SSL servers (for symmetry, the same API is offered for accessing | |
260 | http servers, too), an sslcat() function for writing your own clients, and | |
261 | finally access to the SSL api of the SSLeay/OpenSSL package so you can write | |
262 | servers or clients for more complicated applications.") | |
263 | (license (package-license perl)) | |
264 | (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/"))) |