[jackhill/guix/guix.git] / gnu / packages / tls.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages tls)
  #:use-module ((guix licenses)
                #:select (lgpl2.0+ lgpl2.1+ bsd-3 openssl))
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix utils)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system perl)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages)
  #:use-module (gnu packages guile)
  #:use-module (gnu packages libffi)
  #:use-module (gnu packages libidn)
  #:use-module (gnu packages nettle)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages base))

(define-public libtasn1
  (package
    (name "libtasn1")
    (version "4.5")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
                          version ".tar.gz"))
      (sha256
       (base32
        "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9"))))
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)

                     ;; XXX: For some reason, libtasn1.info wants to be
                     ;; rebuilt, so we must provide 'makeinfo'.
                     ("texinfo" ,texinfo)))
    (home-page "http://www.gnu.org/software/libtasn1/")
    (synopsis "ASN.1 library")
    (description
     "GNU libtasn1 is a library implementing the ASN.1 notation.  It is used
for transmitting machine-neutral encodings of data objects in computer
networking, allowing for formal validation of data according to some
specifications.")
    (license lgpl2.0+)))

(define-public p11-kit
  (package
    (name "p11-kit")
    (version "0.23.1")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-"
                          version ".tar.gz"))
      (sha256
       (base32
        "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
      (modules '((guix build utils))) ; for substitute*
      (snippet
        '(begin
           ;; Drop one test that fails, also when trying to compile manually.
           ;; Reported upstream at
           ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
           (substitute* "Makefile.in"
             (("test-module\\$\\(EXEEXT\\) ") ""))))))
    (build-system gnu-build-system)
    (native-inputs
     `(("pkg-config" ,pkg-config)))
    (inputs
     `(("libffi" ,libffi)
       ("libtasn1" ,libtasn1)))
    (arguments
     `(#:configure-flags '("--without-trust-paths")))
    (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
    (synopsis "PKCS#11 library")
    (description
     "p11-kit provides a way to load and enumerate PKCS#11 modules.  It
provides a standard configuration setup for installing PKCS#11 modules
in such a way that they are discoverable.  It also solves problems with
coordinating the use of PKCS#11 by different components or libraries
living in the same process.")
    (license bsd-3)))

(define-public gnutls
  (package
    (name "gnutls")
    (version "3.4.1")
    (source (origin
             (method url-fetch)
             (uri
              ;; Note: Releases are no longer on ftp.gnu.org since the
              ;; schism (after version 3.1.5).
              (string-append "mirror://gnupg/gnutls/v"
                             (version-major+minor version)
                             "/gnutls-" version ".tar.xz"))
             (sha256
              (base32
               "0bmih0zyiplr4v8798w0v9g3215zmganq18n8935cizkxj5zbdg9"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags
       (list (string-append "--with-guile-site-dir="
                            (assoc-ref %outputs "out")
                            "/share/guile/site/2.0")
             ;; GnuTLS doesn't consult any environment variables to specify
             ;; the location of the system-wide trust store.  Instead it has a
             ;; configure-time option.  Unless specified, its configure script
             ;; attempts to auto-detect the location by looking for common
             ;; places in the filesystem, none of which are present in our
             ;; chroot build environment.  If not found, then no default trust
             ;; store is used, so each program has to provide its own
             ;; fallback, and users have to configure each program
             ;; independently.  This seems suboptimal.
             "--with-default-trust-store-dir=/etc/ssl/certs"

             ;; FIXME: Temporarily disable p11-kit support since it is not
             ;; working on mips64el.
             "--without-p11-kit")

       #:phases (modify-phases %standard-phases
                  (add-after
                   'install 'move-doc
                   (lambda* (#:key outputs #:allow-other-keys)
                     ;; Copy the 4.1 MiB of section 3 man pages to "doc".
                     (let* ((out    (assoc-ref outputs "out"))
                            (doc    (assoc-ref outputs "doc"))
                            (mandir (string-append doc "/share/man"))
                            (oldman (string-append out "/share/man/man3")))
                       (mkdir-p mandir)
                       (copy-recursively oldman mandir)
                       (delete-file-recursively oldman)
                       #t))))))
    (outputs '("out"                              ;4.4 MiB
               "debug"
               "doc"))                            ;4.1 MiB of man pages
    (native-inputs
     `(("pkg-config" ,pkg-config)
       ("which" ,which)))
    (inputs
     `(("guile" ,guile-2.0)
       ("perl" ,perl)))
    (propagated-inputs
     ;; These are all in the 'Requires.private' field of gnutls.pc.
     `(("libtasn1" ,libtasn1)
       ("libidn" ,libidn)
       ("nettle" ,nettle)
       ("zlib" ,zlib)))
    (home-page "http://www.gnu.org/software/gnutls/")
    (synopsis "Transport layer security library")
    (description
     "GnuTLS is a secure communications library implementing the SSL, TLS
and DTLS protocols.  It is provided in the form of a C library to support the
protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
required structures.")
    (license lgpl2.1+)))

(define-public openssl
  (package
   (name "openssl")
   (version "1.0.2c")
   (source (origin
            (method url-fetch)
            (uri (string-append "ftp://ftp.openssl.org/source/openssl-" version
                                ".tar.gz"))
            (sha256
             (base32
              "10vasdg52qiyqvgbp14n9z7ghglmhzvag9qpiz2nfqssycvvlf00"))
            (patches (list (search-patch "openssl-runpath.patch")))))
   (build-system gnu-build-system)
   (native-inputs `(("perl" ,perl)))
   (arguments
    '(#:parallel-build? #f
      #:parallel-tests? #f
      #:test-target "test"
      #:phases
      (alist-replace
       'configure
       (lambda* (#:key outputs #:allow-other-keys)
         (let ((out (assoc-ref outputs "out")))
           (zero?
            (system* "./config"
                     "shared"                   ; build shared libraries
                     "--libdir=lib"
                     (string-append "--prefix=" out)))))
       (alist-cons-before
        'patch-source-shebangs 'patch-tests
        (lambda* (#:key inputs native-inputs #:allow-other-keys)
          (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
            (substitute* (find-files "test" ".*")
              (("/bin/sh")
               (string-append bash "/bin/bash"))
              (("/bin/rm")
               "rm"))))
        %standard-phases))))
   (native-search-paths
    ;; FIXME: These two variables must designate a single file or directory
    ;; and are not actually "search paths."  In practice it works OK in user
    ;; profiles because there's always just one item that matches the
    ;; specification.
    (list (search-path-specification
           (variable "SSL_CERT_DIR")
           (files '("etc/ssl/certs")))
          (search-path-specification
           (variable "SSL_CERT_FILE")
           (files '("etc/ssl/certs/ca-certificates.crt")))))
   (synopsis "SSL/TLS implementation")
   (description
    "OpenSSL is an implementation of SSL/TLS")
   (license openssl)
   (home-page "http://www.openssl.org/")))

(define-public perl-net-ssleay
  (package
    (name "perl-net-ssleay")
    (version "1.68")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
                                  "Net-SSLeay-" version ".tar.gz"))
              (sha256
               (base32
                "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))
              (patches
               ;; XXX Try removing this patch for perl-net-ssleay > 1.68
               (list (search-patch "perl-net-ssleay-disable-ede-test.patch")))))
    (build-system perl-build-system)
    (inputs `(("openssl" ,openssl)))
    (arguments
     `(#:phases (alist-cons-before
                 'configure 'set-ssl-prefix
                 (lambda* (#:key inputs #:allow-other-keys)
                   (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl")))
                 %standard-phases)))
    (synopsis "Perl extension for using OpenSSL")
    (description
     "This module offers some high level convenience functions for accessing
web pages on SSL servers (for symmetry, the same API is offered for accessing
http servers, too), an sslcat() function for writing your own clients, and
finally access to the SSL api of the SSLeay/OpenSSL package so you can write
servers or clients for more complicated applications.")
    (license (package-license perl))
    (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
Commit	Line	Data
233e7676	1	;;; GNU Guix --- Functional package management for GNU
ce0614dd	2	;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
d585f244	3	;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
29a7c98a	4	;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df	5	;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
7543f865	6	;;;
233e7676	7	;;; This file is part of GNU Guix.
7543f865	8	;;;
233e7676	9	;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865 LC	10	;;; under the terms of the GNU General Public License as published by
	11	;;; the Free Software Foundation; either version 3 of the License, or (at
	12	;;; your option) any later version.
	13	;;;
233e7676	14	;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865 LC	15	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	16	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	;;; GNU General Public License for more details.
	18	;;;
	19	;;; You should have received a copy of the GNU General Public License
233e7676	20	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865	21
a7fd7b68	22	(define-module (gnu packages tls)
cc2b77df AE	23	#:use-module ((guix licenses)
cc2b77df AE	24	#:select (lgpl2.0+ lgpl2.1+ bsd-3 openssl))
7543f865 LC	25	#:use-module (guix packages)
7543f865 LC	26	#:use-module (guix download)
29a7c98a	27	#:use-module (guix utils)
7543f865	28	#:use-module (guix build-system gnu)
cc2b77df	29	#:use-module (guix build-system perl)
f61e0e79	30	#:use-module (gnu packages compression)
013ce67b	31	#:use-module (gnu packages)
1ffa7090	32	#:use-module (gnu packages guile)
27e86bed	33	#:use-module (gnu packages libffi)
866f469e	34	#:use-module (gnu packages libidn)
27e86bed	35	#:use-module (gnu packages nettle)
1ffa7090	36	#:use-module (gnu packages perl)
27e86bed	37	#:use-module (gnu packages pkg-config)
a31f4d35	38	#:use-module (gnu packages texinfo)
ce0614dd	39	#:use-module (gnu packages base))
7543f865 LC	40
	41	(define-public libtasn1
	42	(package
	43	(name "libtasn1")
b8949a2f	44	(version "4.5")
7543f865 LC	45	(source
	46	(origin
	47	(method url-fetch)
	48	(uri (string-append "mirror://gnu/libtasn1/libtasn1-"
	49	version ".tar.gz"))
	50	(sha256
	51	(base32
b8949a2f	52	"1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9"))))
7543f865	53	(build-system gnu-build-system)
a31f4d35 LC	54	(native-inputs `(("perl" ,perl)
	55
	56	;; XXX: For some reason, libtasn1.info wants to be
	57	;; rebuilt, so we must provide 'makeinfo'.
	58	("texinfo" ,texinfo)))
7543f865	59	(home-page "http://www.gnu.org/software/libtasn1/")
f50d2669	60	(synopsis "ASN.1 library")
7543f865	61	(description
79c311b8 LC	62	"GNU libtasn1 is a library implementing the ASN.1 notation. It is used
79c311b8 LC	63	for transmitting machine-neutral encodings of data objects in computer
a22dc0c4 LC	64	networking, allowing for formal validation of data according to some
a22dc0c4 LC	65	specifications.")
4a44e743	66	(license lgpl2.0+)))
7543f865	67
27e86bed AE	68	(define-public p11-kit
	69	(package
	70	(name "p11-kit")
14fe9488	71	(version "0.23.1")
27e86bed AE	72	(source
	73	(origin
	74	(method url-fetch)
	75	(uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-"
	76	version ".tar.gz"))
	77	(sha256
	78	(base32
14fe9488	79	"1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
27e86bed AE	80	(modules '((guix build utils))) ; for substitute*
	81	(snippet
	82	'(begin
	83	;; Drop one test that fails, also when trying to compile manually.
	84	;; Reported upstream at
	85	;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
	86	(substitute* "Makefile.in"
	87	(("test-module\\$\\(EXEEXT\\) ") ""))))))
	88	(build-system gnu-build-system)
	89	(native-inputs
	90	`(("pkg-config" ,pkg-config)))
	91	(inputs
	92	`(("libffi" ,libffi)
	93	("libtasn1" ,libtasn1)))
	94	(arguments
	95	`(#:configure-flags '("--without-trust-paths")))
	96	(home-page "http://p11-glue.freedesktop.org/p11-kit.html")
	97	(synopsis "PKCS#11 library")
	98	(description
	99	"p11-kit provides a way to load and enumerate PKCS#11 modules. It
	100	provides a standard configuration setup for installing PKCS#11 modules
	101	in such a way that they are discoverable. It also solves problems with
	102	coordinating the use of PKCS#11 by different components or libraries
	103	living in the same process.")
	104	(license bsd-3)))
	105
7543f865 LC	106	(define-public gnutls
	107	(package
	108	(name "gnutls")
936715c9	109	(version "3.4.1")
d7d408d5 LC	110	(source (origin
	111	(method url-fetch)
	112	(uri
	113	;; Note: Releases are no longer on ftp.gnu.org since the
	114	;; schism (after version 3.1.5).
d93627e4	115	(string-append "mirror://gnupg/gnutls/v"
29a7c98a	116	(version-major+minor version)
d93627e4	117	"/gnutls-" version ".tar.xz"))
d7d408d5 LC	118	(sha256
d7d408d5 LC	119	(base32
936715c9	120	"0bmih0zyiplr4v8798w0v9g3215zmganq18n8935cizkxj5zbdg9"))))
7543f865	121	(build-system gnu-build-system)
b94ae0b8 AK	122	(arguments
	123	'(#:configure-flags
	124	(list (string-append "--with-guile-site-dir="
	125	(assoc-ref %outputs "out")
aa7c7f21 MW	126	"/share/guile/site/2.0")
	127	;; GnuTLS doesn't consult any environment variables to specify
	128	;; the location of the system-wide trust store. Instead it has a
	129	;; configure-time option. Unless specified, its configure script
	130	;; attempts to auto-detect the location by looking for common
	131	;; places in the filesystem, none of which are present in our
	132	;; chroot build environment. If not found, then no default trust
	133	;; store is used, so each program has to provide its own
	134	;; fallback, and users have to configure each program
	135	;; independently. This seems suboptimal.
866f469e MW	136	"--with-default-trust-store-dir=/etc/ssl/certs"
	137
	138	;; FIXME: Temporarily disable p11-kit support since it is not
	139	;; working on mips64el.
606c6380 LC	140	"--without-p11-kit")
	141
	142	#:phases (modify-phases %standard-phases
	143	(add-after
	144	'install 'move-doc
	145	(lambda* (#:key outputs #:allow-other-keys)
	146	;; Copy the 4.1 MiB of section 3 man pages to "doc".
	147	(let* ((out (assoc-ref outputs "out"))
	148	(doc (assoc-ref outputs "doc"))
	149	(mandir (string-append doc "/share/man"))
	150	(oldman (string-append out "/share/man/man3")))
	151	(mkdir-p mandir)
	152	(copy-recursively oldman mandir)
	153	(delete-file-recursively oldman)
	154	#t))))))
	155	(outputs '("out" ;4.4 MiB
	156	"debug"
	157	"doc")) ;4.1 MiB of man pages
a1db0975	158	(native-inputs
d2fcfd3d SB	159	`(("pkg-config" ,pkg-config)
d2fcfd3d SB	160	("which" ,which)))
7543f865 LC	161	(inputs
7543f865 LC	162	`(("guile" ,guile-2.0)
0cb9b456	163	("perl" ,perl)))
7543f865	164	(propagated-inputs
d2fcfd3d	165	;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865	166	`(("libtasn1" ,libtasn1)
866f469e MW	167	("libidn" ,libidn)
866f469e MW	168	("nettle" ,nettle)
f61e0e79	169	("zlib" ,zlib)))
7543f865	170	(home-page "http://www.gnu.org/software/gnutls/")
f50d2669	171	(synopsis "Transport layer security library")
7543f865	172	(description
a22dc0c4	173	"GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8	174	and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4 LC	175	protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
a22dc0c4 LC	176	required structures.")
4a44e743	177	(license lgpl2.1+)))
cc2b77df AE	178
	179	(define-public openssl
	180	(package
	181	(name "openssl")
	182	(version "1.0.2c")
	183	(source (origin
	184	(method url-fetch)
	185	(uri (string-append "ftp://ftp.openssl.org/source/openssl-" version
	186	".tar.gz"))
	187	(sha256
	188	(base32
	189	"10vasdg52qiyqvgbp14n9z7ghglmhzvag9qpiz2nfqssycvvlf00"))
	190	(patches (list (search-patch "openssl-runpath.patch")))))
	191	(build-system gnu-build-system)
	192	(native-inputs `(("perl" ,perl)))
	193	(arguments
	194	'(#:parallel-build? #f
	195	#:parallel-tests? #f
	196	#:test-target "test"
	197	#:phases
	198	(alist-replace
	199	'configure
	200	(lambda* (#:key outputs #:allow-other-keys)
	201	(let ((out (assoc-ref outputs "out")))
	202	(zero?
	203	(system* "./config"
	204	"shared" ; build shared libraries
	205	"--libdir=lib"
	206	(string-append "--prefix=" out)))))
	207	(alist-cons-before
	208	'patch-source-shebangs 'patch-tests
	209	(lambda* (#:key inputs native-inputs #:allow-other-keys)
	210	(let ((bash (assoc-ref (or native-inputs inputs) "bash")))
	211	(substitute* (find-files "test" ".*")
	212	(("/bin/sh")
	213	(string-append bash "/bin/bash"))
	214	(("/bin/rm")
	215	"rm"))))
	216	%standard-phases))))
	217	(native-search-paths
	218	;; FIXME: These two variables must designate a single file or directory
	219	;; and are not actually "search paths." In practice it works OK in user
	220	;; profiles because there's always just one item that matches the
	221	;; specification.
	222	(list (search-path-specification
	223	(variable "SSL_CERT_DIR")
	224	(files '("etc/ssl/certs")))
	225	(search-path-specification
	226	(variable "SSL_CERT_FILE")
	227	(files '("etc/ssl/certs/ca-certificates.crt")))))
	228	(synopsis "SSL/TLS implementation")
	229	(description
	230	"OpenSSL is an implementation of SSL/TLS")
	231	(license openssl)
	232	(home-page "http://www.openssl.org/")))
	233
	234	(define-public perl-net-ssleay
	235	(package
	236	(name "perl-net-ssleay")
	237	(version "1.68")
	238	(source (origin
	239	(method url-fetch)
	240	(uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
	241	"Net-SSLeay-" version ".tar.gz"))
242	(sha256
243	(base32
244	"1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))
245	(patches
246	;; XXX Try removing this patch for perl-net-ssleay > 1.68
247	(list (search-patch "perl-net-ssleay-disable-ede-test.patch")))))
248	(build-system perl-build-system)
249	(inputs `(("openssl" ,openssl)))
250	(arguments
251	`(#:phases (alist-cons-before
252	'configure 'set-ssl-prefix
253	(lambda* (#:key inputs #:allow-other-keys)
254	(setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl")))
255	%standard-phases)))
256	(synopsis "Perl extension for using OpenSSL")
257	(description
258	"This module offers some high level convenience functions for accessing
259	web pages on SSL servers (for symmetry, the same API is offered for accessing
260	http servers, too), an sslcat() function for writing your own clients, and
261	finally access to the SSL api of the SSLeay/OpenSSL package so you can write
262	servers or clients for more complicated applications.")
263	(license (package-license perl))
264	(home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))