Commit | Line | Data |
---|---|---|
233e7676 | 1 | ;;; GNU Guix --- Functional package management for GNU |
caeadfdd | 2 | ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> |
80cc3a0a | 3 | ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> |
29a7c98a | 4 | ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> |
cc2b77df | 5 | ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> |
9fd0838b | 6 | ;;; Copyright © 2015 David Thompson <davet@gnu.org> |
7890e3ba | 7 | ;;; Copyright © 2015 Leo Famulari <leo@famulari.name> |
3ea110b7 | 8 | ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> |
679b535b | 9 | ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is> |
7543f865 | 10 | ;;; |
233e7676 | 11 | ;;; This file is part of GNU Guix. |
7543f865 | 12 | ;;; |
233e7676 | 13 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
7543f865 LC |
14 | ;;; under the terms of the GNU General Public License as published by |
15 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
16 | ;;; your option) any later version. | |
17 | ;;; | |
233e7676 | 18 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
7543f865 LC |
19 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
20 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | ;;; GNU General Public License for more details. | |
22 | ;;; | |
23 | ;;; You should have received a copy of the GNU General Public License | |
233e7676 | 24 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
7543f865 | 25 | |
a7fd7b68 | 26 | (define-module (gnu packages tls) |
e9aa8d0c | 27 | #:use-module ((guix licenses) #:prefix license:) |
7543f865 LC |
28 | #:use-module (guix packages) |
29 | #:use-module (guix download) | |
29a7c98a | 30 | #:use-module (guix utils) |
7543f865 | 31 | #:use-module (guix build-system gnu) |
cc2b77df | 32 | #:use-module (guix build-system perl) |
7890e3ba | 33 | #:use-module (guix build-system python) |
f61e0e79 | 34 | #:use-module (gnu packages compression) |
013ce67b | 35 | #:use-module (gnu packages) |
1ffa7090 | 36 | #:use-module (gnu packages guile) |
27e86bed | 37 | #:use-module (gnu packages libffi) |
866f469e | 38 | #:use-module (gnu packages libidn) |
5d4c90ae | 39 | #:use-module (gnu packages linux) |
7890e3ba | 40 | #:use-module (gnu packages ncurses) |
27e86bed | 41 | #:use-module (gnu packages nettle) |
1ffa7090 | 42 | #:use-module (gnu packages perl) |
27e86bed | 43 | #:use-module (gnu packages pkg-config) |
7890e3ba | 44 | #:use-module (gnu packages python) |
a31f4d35 | 45 | #:use-module (gnu packages texinfo) |
ce0614dd | 46 | #:use-module (gnu packages base)) |
7543f865 LC |
47 | |
48 | (define-public libtasn1 | |
49 | (package | |
50 | (name "libtasn1") | |
dffded62 | 51 | (version "4.8") |
7543f865 LC |
52 | (source |
53 | (origin | |
54 | (method url-fetch) | |
55 | (uri (string-append "mirror://gnu/libtasn1/libtasn1-" | |
56 | version ".tar.gz")) | |
57 | (sha256 | |
58 | (base32 | |
dffded62 | 59 | "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s")))) |
7543f865 | 60 | (build-system gnu-build-system) |
3ea110b7 | 61 | (native-inputs `(("perl" ,perl))) |
7543f865 | 62 | (home-page "http://www.gnu.org/software/libtasn1/") |
f50d2669 | 63 | (synopsis "ASN.1 library") |
7543f865 | 64 | (description |
79c311b8 LC |
65 | "GNU libtasn1 is a library implementing the ASN.1 notation. It is used |
66 | for transmitting machine-neutral encodings of data objects in computer | |
a22dc0c4 LC |
67 | networking, allowing for formal validation of data according to some |
68 | specifications.") | |
e9aa8d0c | 69 | (license license:lgpl2.0+))) |
7543f865 | 70 | |
27e86bed AE |
71 | (define-public p11-kit |
72 | (package | |
73 | (name "p11-kit") | |
14fe9488 | 74 | (version "0.23.1") |
27e86bed AE |
75 | (source |
76 | (origin | |
77 | (method url-fetch) | |
5cc3096c | 78 | (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-" |
27e86bed AE |
79 | version ".tar.gz")) |
80 | (sha256 | |
81 | (base32 | |
14fe9488 | 82 | "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5")) |
27e86bed AE |
83 | (modules '((guix build utils))) ; for substitute* |
84 | (snippet | |
85 | '(begin | |
86 | ;; Drop one test that fails, also when trying to compile manually. | |
87 | ;; Reported upstream at | |
88 | ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027 | |
89 | (substitute* "Makefile.in" | |
90 | (("test-module\\$\\(EXEEXT\\) ") "")))))) | |
91 | (build-system gnu-build-system) | |
92 | (native-inputs | |
93 | `(("pkg-config" ,pkg-config))) | |
94 | (inputs | |
95 | `(("libffi" ,libffi) | |
96 | ("libtasn1" ,libtasn1))) | |
97 | (arguments | |
98 | `(#:configure-flags '("--without-trust-paths"))) | |
99 | (home-page "http://p11-glue.freedesktop.org/p11-kit.html") | |
100 | (synopsis "PKCS#11 library") | |
101 | (description | |
102 | "p11-kit provides a way to load and enumerate PKCS#11 modules. It | |
103 | provides a standard configuration setup for installing PKCS#11 modules | |
104 | in such a way that they are discoverable. It also solves problems with | |
105 | coordinating the use of PKCS#11 by different components or libraries | |
106 | living in the same process.") | |
e9aa8d0c | 107 | (license license:bsd-3))) |
27e86bed | 108 | |
7543f865 LC |
109 | (define-public gnutls |
110 | (package | |
111 | (name "gnutls") | |
5d4c90ae | 112 | (version "3.5.2") |
d7d408d5 LC |
113 | (source (origin |
114 | (method url-fetch) | |
115 | (uri | |
116 | ;; Note: Releases are no longer on ftp.gnu.org since the | |
117 | ;; schism (after version 3.1.5). | |
d93627e4 | 118 | (string-append "mirror://gnupg/gnutls/v" |
29a7c98a | 119 | (version-major+minor version) |
d93627e4 | 120 | "/gnutls-" version ".tar.xz")) |
d7d408d5 LC |
121 | (sha256 |
122 | (base32 | |
5d4c90ae | 123 | "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b")))) |
7543f865 | 124 | (build-system gnu-build-system) |
b94ae0b8 AK |
125 | (arguments |
126 | '(#:configure-flags | |
127 | (list (string-append "--with-guile-site-dir=" | |
128 | (assoc-ref %outputs "out") | |
aa7c7f21 MW |
129 | "/share/guile/site/2.0") |
130 | ;; GnuTLS doesn't consult any environment variables to specify | |
131 | ;; the location of the system-wide trust store. Instead it has a | |
132 | ;; configure-time option. Unless specified, its configure script | |
133 | ;; attempts to auto-detect the location by looking for common | |
134 | ;; places in the filesystem, none of which are present in our | |
135 | ;; chroot build environment. If not found, then no default trust | |
136 | ;; store is used, so each program has to provide its own | |
137 | ;; fallback, and users have to configure each program | |
138 | ;; independently. This seems suboptimal. | |
866f469e MW |
139 | "--with-default-trust-store-dir=/etc/ssl/certs" |
140 | ||
141 | ;; FIXME: Temporarily disable p11-kit support since it is not | |
142 | ;; working on mips64el. | |
606c6380 LC |
143 | "--without-p11-kit") |
144 | ||
145 | #:phases (modify-phases %standard-phases | |
146 | (add-after | |
147 | 'install 'move-doc | |
148 | (lambda* (#:key outputs #:allow-other-keys) | |
149 | ;; Copy the 4.1 MiB of section 3 man pages to "doc". | |
150 | (let* ((out (assoc-ref outputs "out")) | |
151 | (doc (assoc-ref outputs "doc")) | |
9cdce047 | 152 | (mandir (string-append doc "/share/man/man3")) |
606c6380 LC |
153 | (oldman (string-append out "/share/man/man3"))) |
154 | (mkdir-p mandir) | |
155 | (copy-recursively oldman mandir) | |
156 | (delete-file-recursively oldman) | |
157 | #t)))))) | |
158 | (outputs '("out" ;4.4 MiB | |
159 | "debug" | |
160 | "doc")) ;4.1 MiB of man pages | |
a1db0975 | 161 | (native-inputs |
5d4c90ae LF |
162 | `(("net-tools" ,net-tools) |
163 | ("pkg-config" ,pkg-config) | |
d2fcfd3d | 164 | ("which" ,which))) |
7543f865 LC |
165 | (inputs |
166 | `(("guile" ,guile-2.0) | |
0cb9b456 | 167 | ("perl" ,perl))) |
7543f865 | 168 | (propagated-inputs |
d2fcfd3d | 169 | ;; These are all in the 'Requires.private' field of gnutls.pc. |
7543f865 | 170 | `(("libtasn1" ,libtasn1) |
866f469e MW |
171 | ("libidn" ,libidn) |
172 | ("nettle" ,nettle) | |
f61e0e79 | 173 | ("zlib" ,zlib))) |
c19700c3 | 174 | (home-page "https://www.gnu.org/software/gnutls/") |
f50d2669 | 175 | (synopsis "Transport layer security library") |
7543f865 | 176 | (description |
a22dc0c4 | 177 | "GnuTLS is a secure communications library implementing the SSL, TLS |
79c311b8 | 178 | and DTLS protocols. It is provided in the form of a C library to support the |
a22dc0c4 LC |
179 | protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other |
180 | required structures.") | |
63e8bb12 LC |
181 | (license license:lgpl2.1+) |
182 | (properties '((ftp-server . "ftp.gnutls.org") | |
183 | (ftp-directory . "/gcrypt/gnutls"))))) | |
cc2b77df AE |
184 | |
185 | (define-public openssl | |
186 | (package | |
187 | (name "openssl") | |
1d30d554 | 188 | (version "1.0.2h") |
cc2b77df | 189 | (source (origin |
4cff124b LC |
190 | (method url-fetch) |
191 | (uri (list (string-append "ftp://ftp.openssl.org/source/" | |
192 | name "-" version ".tar.gz") | |
193 | (string-append "ftp://ftp.openssl.org/source/old/" | |
194 | (string-trim-right version char-set:letter) | |
195 | "/" name "-" version ".tar.gz"))) | |
196 | (sha256 | |
197 | (base32 | |
1d30d554 | 198 | "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) |
fc1adab1 | 199 | (patches (search-patches "openssl-runpath.patch" |
c0eeccbc LC |
200 | "openssl-c-rehash-in.patch" |
201 | "openssl-CVE-2016-2177.patch" | |
202 | "openssl-CVE-2016-2178.patch")))) | |
cc2b77df | 203 | (build-system gnu-build-system) |
8c78aeb7 | 204 | (outputs '("out" |
a909b576 | 205 | "doc" ;1.5MiB of man3 pages |
8c78aeb7 | 206 | "static")) ;6MiB of .a files |
cc2b77df AE |
207 | (native-inputs `(("perl" ,perl))) |
208 | (arguments | |
d03781c3 LC |
209 | `(#:disallowed-references (,perl) |
210 | #:parallel-build? #f | |
cc2b77df AE |
211 | #:parallel-tests? #f |
212 | #:test-target "test" | |
8c9ec203 LF |
213 | |
214 | ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure, | |
215 | ;; so we explicitly disallow it here. | |
216 | #:disallowed-references ,(list (canonical-package perl)) | |
cc2b77df | 217 | #:phases |
b6cb1358 | 218 | (modify-phases %standard-phases |
4fb254a3 | 219 | (add-before |
86c8f1da | 220 | 'configure 'patch-Makefile.org |
4fb254a3 LC |
221 | (lambda* (#:key outputs #:allow-other-keys) |
222 | ;; The default MANDIR is some unusual place. Fix that. | |
223 | (let ((out (assoc-ref outputs "out"))) | |
86c8f1da | 224 | (patch-makefile-SHELL "Makefile.org") |
4fb254a3 LC |
225 | (substitute* "Makefile.org" |
226 | (("^MANDIR[[:blank:]]*=.*$") | |
227 | (string-append "MANDIR = " out "/share/man\n"))) | |
228 | #t))) | |
b6cb1358 LC |
229 | (replace |
230 | 'configure | |
231 | (lambda* (#:key outputs #:allow-other-keys) | |
232 | (let ((out (assoc-ref outputs "out"))) | |
233 | (zero? | |
234 | (system* "./config" | |
235 | "shared" ;build shared libraries | |
236 | "--libdir=lib" | |
4fb254a3 LC |
237 | |
238 | ;; The default for this catch-all directory is | |
239 | ;; PREFIX/ssl. Change that to something more | |
240 | ;; conventional. | |
241 | (string-append "--openssldir=" out | |
242 | "/share/openssl-" ,version) | |
243 | ||
b6cb1358 LC |
244 | (string-append "--prefix=" out) |
245 | ||
246 | ;; XXX FIXME: Work around a code generation bug in GCC | |
247 | ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: | |
248 | ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917> | |
249 | ,@(if (and (not (%current-target-system)) | |
250 | (string-prefix? "armhf" (%current-system))) | |
251 | '("-mfpu=vfpv3") | |
252 | '())))))) | |
fe8199a8 LC |
253 | (add-after |
254 | 'install 'make-libraries-writable | |
255 | (lambda* (#:key outputs #:allow-other-keys) | |
256 | ;; Make libraries writable so that 'strip' does its job. | |
257 | (let ((out (assoc-ref outputs "out"))) | |
258 | (for-each (lambda (file) | |
259 | (chmod file #o644)) | |
260 | (find-files (string-append out "/lib") | |
261 | "\\.so")) | |
262 | #t))) | |
8c78aeb7 LC |
263 | (add-after 'install 'move-static-libraries |
264 | (lambda* (#:key outputs #:allow-other-keys) | |
265 | ;; Move static libraries to the "static" output. | |
266 | (let* ((out (assoc-ref outputs "out")) | |
267 | (lib (string-append out "/lib")) | |
268 | (static (assoc-ref outputs "static")) | |
269 | (slib (string-append static "/lib"))) | |
270 | (mkdir-p slib) | |
271 | (for-each (lambda (file) | |
272 | (install-file file slib) | |
273 | (delete-file file)) | |
274 | (find-files lib "\\.a$")) | |
275 | #t))) | |
a909b576 LC |
276 | (add-after 'install 'move-man3-pages |
277 | (lambda* (#:key outputs #:allow-other-keys) | |
278 | ;; Move section 3 man pages to "doc". | |
279 | (let* ((out (assoc-ref outputs "out")) | |
280 | (man3 (string-append out "/share/man/man3")) | |
281 | (doc (assoc-ref outputs "doc")) | |
282 | (target (string-append doc "/share/man/man3"))) | |
283 | (mkdir-p target) | |
284 | (for-each (lambda (file) | |
285 | (rename-file file | |
286 | (string-append target "/" | |
287 | (basename file)))) | |
288 | (find-files man3)) | |
289 | #t))) | |
b6cb1358 LC |
290 | (add-before |
291 | 'patch-source-shebangs 'patch-tests | |
292 | (lambda* (#:key inputs native-inputs #:allow-other-keys) | |
293 | (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) | |
294 | (substitute* (find-files "test" ".*") | |
295 | (("/bin/sh") | |
296 | (string-append bash "/bin/bash")) | |
297 | (("/bin/rm") | |
86c8f1da MW |
298 | "rm")) |
299 | #t))) | |
784d6e91 LC |
300 | (add-after |
301 | 'install 'remove-miscellany | |
302 | (lambda* (#:key outputs #:allow-other-keys) | |
303 | ;; The 'misc' directory contains random undocumented shell and Perl | |
304 | ;; scripts. Remove them to avoid retaining a reference on Perl. | |
305 | (let ((out (assoc-ref outputs "out"))) | |
306 | (delete-file-recursively (string-append out "/share/openssl-" | |
307 | ,version "/misc")) | |
308 | #t)))))) | |
cc2b77df AE |
309 | (native-search-paths |
310 | ;; FIXME: These two variables must designate a single file or directory | |
311 | ;; and are not actually "search paths." In practice it works OK in user | |
312 | ;; profiles because there's always just one item that matches the | |
313 | ;; specification. | |
314 | (list (search-path-specification | |
315 | (variable "SSL_CERT_DIR") | |
316 | (files '("etc/ssl/certs"))) | |
317 | (search-path-specification | |
318 | (variable "SSL_CERT_FILE") | |
319 | (files '("etc/ssl/certs/ca-certificates.crt"))))) | |
320 | (synopsis "SSL/TLS implementation") | |
321 | (description | |
e881752c | 322 | "OpenSSL is an implementation of SSL/TLS.") |
e9aa8d0c | 323 | (license license:openssl) |
cc2b77df AE |
324 | (home-page "http://www.openssl.org/"))) |
325 | ||
763899f0 LF |
326 | (define-public openssl-next |
327 | (package | |
328 | (inherit openssl) | |
329 | (name "openssl") | |
330 | (version "1.1.0") | |
331 | (source (origin | |
332 | (method url-fetch) | |
333 | (uri (list (string-append "ftp://ftp.openssl.org/source/" | |
334 | name "-" version ".tar.gz") | |
335 | (string-append "ftp://ftp.openssl.org/source/old/" | |
336 | (string-trim-right version char-set:letter) | |
337 | "/" name "-" version ".tar.gz"))) | |
338 | (patches (search-patches "openssl-1.1.0-c-rehash-in.patch")) | |
339 | (sha256 | |
340 | (base32 | |
341 | "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm")))) | |
342 | (outputs '("out" | |
343 | "doc" ;1.3MiB of man3 pages | |
344 | "static")) ; 5.5MiB of .a files | |
345 | (arguments | |
346 | (substitute-keyword-arguments (package-arguments openssl) | |
347 | ((#:phases phases) | |
348 | `(modify-phases ,phases | |
349 | (delete 'patch-tests) ; These two phases are not needed by | |
350 | (delete 'patch-Makefile.org) ; OpenSSL 1.1.0. | |
351 | ||
352 | (add-after 'configure 'patch-runpath | |
353 | (lambda* (#:key outputs #:allow-other-keys) | |
354 | (let ((lib (string-append (assoc-ref outputs "out") "/lib"))) | |
355 | (substitute* "Makefile.shared" | |
356 | (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}") | |
357 | (string-append "$${SHAREDCMD} $${SHAREDFLAGS}" | |
358 | " -Wl,-rpath," lib))) | |
359 | #t))))))))) | |
360 | ||
cb6a802c AE |
361 | (define-public libressl |
362 | (package | |
363 | (name "libressl") | |
deb6482e | 364 | (version "2.4.2") |
cb6a802c AE |
365 | (source |
366 | (origin | |
367 | (method url-fetch) | |
368 | (uri (string-append | |
369 | "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-" | |
370 | version ".tar.gz")) | |
1a957c21 LF |
371 | (sha256 |
372 | (base32 | |
deb6482e | 373 | "1qyrcyzrrn6r9cqvm66ib72qyr65q4hrdyiq1vb24a6nwmwdg1sz")))) |
cb6a802c AE |
374 | (build-system gnu-build-system) |
375 | (native-search-paths | |
376 | ;; FIXME: These two variables must designate a single file or directory | |
377 | ;; and are not actually "search paths." In practice it works OK in | |
378 | ;; user profiles because there's always just one item that matches the | |
379 | ;; specification. | |
380 | (list (search-path-specification | |
381 | (variable "SSL_CERT_DIR") | |
382 | (files '("etc/ssl/certs"))) | |
383 | (search-path-specification | |
384 | (variable "SSL_CERT_FILE") | |
385 | (files '("etc/ssl/certs/ca-certificates.crt"))))) | |
386 | (home-page "http://www.libressl.org/") | |
387 | (synopsis "SSL/TLS implementation") | |
388 | (description "LibreSSL is a version of the TLS/crypto stack forked | |
389 | from OpenSSL in 2014, with the goals of modernizing the codebase, improving | |
390 | security, and applying best practice development processes.") | |
391 | ;; Files taken from OpenSSL keep their license, others are under various | |
392 | ;; non-copyleft licenses. | |
393 | (license (list license:openssl | |
394 | (license:non-copyleft | |
395 | "file://COPYING" | |
396 | "See COPYING in the distribution."))))) | |
397 | ||
6cefd53d | 398 | (define-public python-acme |
7890e3ba | 399 | (package |
6cefd53d | 400 | (name "python-acme") |
65924b10 | 401 | (version "0.8.1") |
7890e3ba | 402 | (source (origin |
9495cf9a LF |
403 | (method url-fetch) |
404 | (uri (string-append | |
405 | "https://pypi.python.org/packages/" | |
65924b10 | 406 | "f5/7a/11a99b5d1d1c692f6eed27cfab69e6ba4d2f0c2a461d2607e6a930ff2c68/" |
9495cf9a | 407 | "acme-" version ".tar.gz")) |
7890e3ba LF |
408 | (sha256 |
409 | (base32 | |
65924b10 | 410 | "17vx2miczpd8ww4xizmc0nca2c7jf04wnhfnswx2bxhb537lmsnk")))) |
7890e3ba LF |
411 | (build-system python-build-system) |
412 | (arguments | |
6cefd53d | 413 | `(#:phases |
9bee9d87 LF |
414 | (modify-phases %standard-phases |
415 | (add-before 'install 'disable-egg-compression | |
416 | (lambda _ | |
417 | ;; Do not compress the egg. | |
418 | ;; See <http://bugs.gnu.org/20765>. | |
419 | (let ((port (open-file "setup.cfg" "a"))) | |
420 | (display "\n[easy_install]\nzip_ok = 0\n" | |
421 | port) | |
422 | (close-port port) | |
50a7963a LF |
423 | #t))) |
424 | (add-after 'install 'docs | |
425 | (lambda* (#:key outputs #:allow-other-keys) | |
426 | (let* ((out (assoc-ref outputs "out")) | |
427 | (man (string-append out "/share/man/man1")) | |
428 | (info (string-append out "/info"))) | |
429 | (and (zero? (system* "make" "-C" "docs" "man" "info")) | |
430 | (install-file "docs/_build/texinfo/acme-python.info" info) | |
431 | (install-file "docs/_build/man/acme-python.1" man) | |
432 | #t))))))) | |
433 | ;; TODO: Add optional inputs for testing. | |
7890e3ba | 434 | (native-inputs |
6cefd53d | 435 | `(("python-mock" ,python-mock) |
50a7963a LF |
436 | ;; For documentation |
437 | ("python-sphinx" ,python-sphinx) | |
438 | ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput) | |
439 | ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme) | |
440 | ("python-setuptools" ,python-setuptools) | |
441 | ("texinfo" ,texinfo))) | |
7890e3ba | 442 | (propagated-inputs |
6cefd53d LF |
443 | `(("python-ndg-httpsclient" ,python-ndg-httpsclient) |
444 | ("python-werkzeug" ,python-werkzeug) | |
445 | ("python-six" ,python-six) | |
446 | ("python-requests" ,python-requests) | |
447 | ("python-pytz" ,python-pytz) | |
448 | ("python-pyrfc3339" ,python-pyrfc3339) | |
449 | ("python-pyasn1" ,python-pyasn1) | |
450 | ("python-cryptography" ,python-cryptography) | |
451 | ("python-pyopenssl" ,python-pyopenssl))) | |
7890e3ba LF |
452 | (home-page "https://github.com/letsencrypt/letsencrypt") |
453 | (synopsis "ACME protocol implementation in Python") | |
454 | (description "ACME protocol implementation in Python") | |
455 | (license license:asl2.0))) | |
456 | ||
6cefd53d LF |
457 | (define-public python2-acme |
458 | (package-with-python2 python-acme)) | |
459 | ||
9495cf9a | 460 | (define-public certbot |
9fd0838b | 461 | (package |
9495cf9a | 462 | (name "certbot") |
65924b10 | 463 | (version "0.8.1") |
9fd0838b DT |
464 | (source (origin |
465 | (method url-fetch) | |
9495cf9a LF |
466 | (uri (string-append |
467 | "https://pypi.python.org/packages/" | |
65924b10 | 468 | "a2/3b/4756e6a0ceb14e084042a2a65c615d68d25621c6fd446d0fc10d14c4ce7d/" |
9495cf9a | 469 | name "-" version ".tar.gz")) |
9fd0838b DT |
470 | (sha256 |
471 | (base32 | |
65924b10 | 472 | "0w972cf2mk74aji5d8dylg3jw6wczg01gb4asf3ndv8c64yxza3c")))) |
9fd0838b DT |
473 | (build-system python-build-system) |
474 | (arguments | |
f9263d9a LF |
475 | `(#:python ,python-2 |
476 | #:phases | |
477 | (modify-phases %standard-phases | |
234d0b69 | 478 | (add-after 'build 'docs |
f9263d9a LF |
479 | (lambda* (#:key outputs #:allow-other-keys) |
480 | (let* ((out (assoc-ref outputs "out")) | |
481 | (man1 (string-append out "/share/man/man1")) | |
482 | (man7 (string-append out "/share/man/man7")) | |
483 | (info (string-append out "/info"))) | |
f9263d9a LF |
484 | (and |
485 | (zero? (system* "make" "-C" "docs" "man" "info")) | |
9495cf9a LF |
486 | (install-file "docs/_build/texinfo/Certbot.info" info) |
487 | (install-file "docs/_build/man/certbot.1" man1) | |
488 | (install-file "docs/_build/man/certbot.7" man7) | |
f9263d9a LF |
489 | #t))))))) |
490 | ;; TODO: Add optional inputs for testing. | |
9fd0838b DT |
491 | (native-inputs |
492 | `(("python2-nose" ,python2-nose) | |
f9263d9a LF |
493 | ("python2-mock" ,python2-mock) |
494 | ;; For documentation | |
495 | ("python2-sphinx" ,python2-sphinx) | |
496 | ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme) | |
497 | ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface) | |
498 | ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput) | |
499 | ("texinfo" ,texinfo))) | |
9fd0838b | 500 | (propagated-inputs |
6cefd53d | 501 | `(("python2-acme" ,python2-acme) |
9fd0838b DT |
502 | ("python2-zope-interface" ,python2-zope-interface) |
503 | ("python2-pythondialog" ,python2-pythondialog) | |
504 | ("python2-pyrfc3339" ,python2-pyrfc3339) | |
505 | ("python2-pyopenssl" ,python2-pyopenssl) | |
506 | ("python2-configobj" ,python2-configobj) | |
507 | ("python2-configargparse" ,python2-configargparse) | |
508 | ("python2-zope-component" ,python2-zope-component) | |
509 | ("python2-parsedatetime" ,python2-parsedatetime) | |
510 | ("python2-six" ,python2-six) | |
511 | ("python2-psutil" ,python2-psutil) | |
512 | ("python2-requests" ,python2-requests) | |
513 | ("python2-pytz" ,python2-pytz))) | |
514 | (synopsis "Let's Encrypt client") | |
515 | (description "Tool to automatically receive and install X.509 certificates | |
516 | to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which | |
517 | will be issuing browser-trusted certificates for free.") | |
24778368 | 518 | (home-page "https://certbot.eff.org/") |
9fd0838b DT |
519 | (license license:asl2.0))) |
520 | ||
9495cf9a LF |
521 | (define-public letsencrypt |
522 | (package (inherit certbot) | |
523 | (name "letsencrypt"))) | |
524 | ||
cc2b77df AE |
525 | (define-public perl-net-ssleay |
526 | (package | |
527 | (name "perl-net-ssleay") | |
528 | (version "1.68") | |
529 | (source (origin | |
530 | (method url-fetch) | |
531 | (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/" | |
532 | "Net-SSLeay-" version ".tar.gz")) | |
533 | (sha256 | |
534 | (base32 | |
1084ec08 | 535 | "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p")))) |
cc2b77df | 536 | (build-system perl-build-system) |
1084ec08 MW |
537 | (native-inputs |
538 | `(("patch" ,patch) | |
539 | ("patch/disable-ede-test" | |
540 | ,(search-patch "perl-net-ssleay-disable-ede-test.patch")))) | |
cc2b77df AE |
541 | (inputs `(("openssl" ,openssl))) |
542 | (arguments | |
1084ec08 MW |
543 | `(#:phases |
544 | (modify-phases %standard-phases | |
545 | (add-after | |
546 | 'unpack 'apply-patch | |
547 | (lambda* (#:key inputs #:allow-other-keys) | |
548 | ;; XXX We apply this patch here instead of in the 'origin' because | |
549 | ;; this package's build system fails badly when the source file | |
550 | ;; times are zeroed. | |
551 | ;; XXX Try removing this patch for perl-net-ssleay > 1.68 | |
552 | (zero? (system* "patch" "--force" "-p1" "-i" | |
553 | (assoc-ref inputs "patch/disable-ede-test"))))) | |
554 | (add-before | |
555 | 'configure 'set-ssl-prefix | |
556 | (lambda* (#:key inputs #:allow-other-keys) | |
557 | (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl")) | |
558 | #t))))) | |
cc2b77df AE |
559 | (synopsis "Perl extension for using OpenSSL") |
560 | (description | |
561 | "This module offers some high level convenience functions for accessing | |
562 | web pages on SSL servers (for symmetry, the same API is offered for accessing | |
563 | http servers, too), an sslcat() function for writing your own clients, and | |
564 | finally access to the SSL api of the SSLeay/OpenSSL package so you can write | |
565 | servers or clients for more complicated applications.") | |
566 | (license (package-license perl)) | |
567 | (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/"))) | |
4532c0c0 DM |
568 | |
569 | (define-public perl-crypt-openssl-rsa | |
570 | (package | |
571 | (name "perl-crypt-openssl-rsa") | |
572 | (version "0.28") | |
573 | (source | |
574 | (origin | |
575 | (method url-fetch) | |
576 | (uri (string-append | |
577 | "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-" | |
578 | version | |
579 | ".tar.gz")) | |
580 | (sha256 | |
581 | (base32 | |
582 | "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk")))) | |
583 | (build-system perl-build-system) | |
584 | (inputs | |
585 | `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum) | |
586 | ("perl-crypt-openssl-random" ,perl-crypt-openssl-random) | |
587 | ("openssl" ,openssl))) | |
588 | (arguments perl-crypt-arguments) | |
589 | (home-page | |
590 | "http://search.cpan.org/dist/Crypt-OpenSSL-RSA") | |
591 | (synopsis | |
592 | "RSA encoding and decoding, using the openSSL libraries") | |
593 | (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the | |
594 | OpenSSL libraries).") | |
595 | (license (package-license perl)))) | |
adff71ca DM |
596 | |
597 | (define perl-crypt-arguments | |
598 | `(#:phases (modify-phases %standard-phases | |
599 | (add-before 'configure 'patch-Makefile.PL | |
600 | (lambda* (#:key inputs #:allow-other-keys) | |
601 | (substitute* "Makefile.PL" | |
602 | (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L" | |
603 | (assoc-ref inputs "openssl") | |
604 | "/lib -lcrypto'],"))) | |
605 | #t))))) | |
606 | ||
607 | (define-public perl-crypt-openssl-bignum | |
608 | (package | |
609 | (name "perl-crypt-openssl-bignum") | |
610 | (version "0.06") | |
611 | (source | |
612 | (origin | |
613 | (method url-fetch) | |
614 | (uri (string-append | |
615 | "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-" | |
616 | version | |
617 | ".tar.gz")) | |
618 | (sha256 | |
619 | (base32 | |
620 | "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67")))) | |
621 | (build-system perl-build-system) | |
622 | (inputs `(("openssl" ,openssl))) | |
623 | (arguments perl-crypt-arguments) | |
624 | (home-page | |
625 | "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum") | |
626 | (synopsis | |
627 | "OpenSSL's multiprecision integer arithmetic in Perl") | |
628 | (description "Crypt::OpenSSL::Bignum provides multiprecision integer | |
629 | arithmetic in Perl.") | |
630 | ;; At your option either gpl1+ or the Artistic License | |
631 | (license (package-license perl)))) | |
cccb4d26 DM |
632 | |
633 | (define-public perl-crypt-openssl-random | |
634 | (package | |
635 | (name "perl-crypt-openssl-random") | |
636 | (version "0.11") | |
637 | (source | |
638 | (origin | |
639 | (method url-fetch) | |
640 | (uri (string-append | |
641 | "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-" | |
642 | version | |
643 | ".tar.gz")) | |
644 | (sha256 | |
645 | (base32 | |
646 | "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v")))) | |
647 | (build-system perl-build-system) | |
648 | (inputs `(("openssl" ,openssl))) | |
649 | (arguments perl-crypt-arguments) | |
650 | (home-page | |
651 | "http://search.cpan.org/dist/Crypt-OpenSSL-Random") | |
652 | (synopsis | |
653 | "OpenSSL/LibreSSL pseudo-random number generator access") | |
654 | (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random | |
655 | number generator") | |
656 | (license (package-license perl)))) |