HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: paredit: Rename to 'emacs-paredit'.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
caeadfdd 2;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
80cc3a0a 3;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
7890e3ba 7;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
3ea110b7 8;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
679b535b 9;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
7543f865 10;;;
233e7676 11;;; This file is part of GNU Guix.
7543f865 12;;;
233e7676 13;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 14;;; under the terms of the GNU General Public License as published by
15;;; the Free Software Foundation; either version 3 of the License, or (at
16;;; your option) any later version.
17;;;
233e7676 18;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 19;;; WITHOUT ANY WARRANTY; without even the implied warranty of
20;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21;;; GNU General Public License for more details.
22;;;
23;;; You should have received a copy of the GNU General Public License
233e7676 24;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 25
a7fd7b68 26(define-module (gnu packages tls)
e9aa8d0c 27 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 28 #:use-module (guix packages)
29 #:use-module (guix download)
29a7c98a 30 #:use-module (guix utils)
7543f865 31 #:use-module (guix build-system gnu)
cc2b77df 32 #:use-module (guix build-system perl)
7890e3ba 33 #:use-module (guix build-system python)
f61e0e79 34 #:use-module (gnu packages compression)
013ce67b 35 #:use-module (gnu packages)
1ffa7090 36 #:use-module (gnu packages guile)
27e86bed 37 #:use-module (gnu packages libffi)
866f469e 38 #:use-module (gnu packages libidn)
5d4c90ae 39 #:use-module (gnu packages linux)
7890e3ba 40 #:use-module (gnu packages ncurses)
27e86bed 41 #:use-module (gnu packages nettle)
1ffa7090 42 #:use-module (gnu packages perl)
27e86bed 43 #:use-module (gnu packages pkg-config)
7890e3ba 44 #:use-module (gnu packages python)
a31f4d35 45 #:use-module (gnu packages texinfo)
ce0614dd 46 #:use-module (gnu packages base))
7543f865
LC		 47
48(define-public libtasn1
49 (package
50 (name "libtasn1")
dffded62 51 (version "4.8")
7543f865
LC		 52 (source
53 (origin
54 (method url-fetch)
55 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
56 version ".tar.gz"))
57 (sha256
58 (base32
dffded62 59 "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))
7543f865 60 (build-system gnu-build-system)
3ea110b7 61 (native-inputs `(("perl" ,perl)))
7543f865 62 (home-page "http://www.gnu.org/software/libtasn1/")
f50d2669 63 (synopsis "ASN.1 library")
7543f865 64 (description
79c311b8
LC		 65 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
66for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 67networking, allowing for formal validation of data according to some
68specifications.")
e9aa8d0c 69 (license license:lgpl2.0+)))
7543f865 70
27e86bed
AE		 71(define-public p11-kit
72 (package
73 (name "p11-kit")
14fe9488 74 (version "0.23.1")
27e86bed
AE		 75 (source
76 (origin
77 (method url-fetch)
5cc3096c 78 (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-"
27e86bed
AE		 79 version ".tar.gz"))
80 (sha256
81 (base32
14fe9488 82 "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
27e86bed
AE		 83 (modules '((guix build utils))) ; for substitute*
84 (snippet
85 '(begin
86 ;; Drop one test that fails, also when trying to compile manually.
87 ;; Reported upstream at
88 ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
89 (substitute* "Makefile.in"
90 (("test-module\\$\\(EXEEXT\\) ") ""))))))
91 (build-system gnu-build-system)
92 (native-inputs
93 `(("pkg-config" ,pkg-config)))
94 (inputs
95 `(("libffi" ,libffi)
96 ("libtasn1" ,libtasn1)))
97 (arguments
98 `(#:configure-flags '("--without-trust-paths")))
99 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
100 (synopsis "PKCS#11 library")
101 (description
102 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
103provides a standard configuration setup for installing PKCS#11 modules
104in such a way that they are discoverable. It also solves problems with
105coordinating the use of PKCS#11 by different components or libraries
106living in the same process.")
e9aa8d0c 107 (license license:bsd-3)))
27e86bed 108
7543f865
LC		 109(define-public gnutls
110 (package
111 (name "gnutls")
5d4c90ae 112 (version "3.5.2")
d7d408d5
LC		 113 (source (origin
114 (method url-fetch)
115 (uri
116 ;; Note: Releases are no longer on ftp.gnu.org since the
117 ;; schism (after version 3.1.5).
d93627e4 118 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 119 (version-major+minor version)
d93627e4 120 "/gnutls-" version ".tar.xz"))
d7d408d5
LC		 121 (sha256
122 (base32
5d4c90ae 123 "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b"))))
7543f865 124 (build-system gnu-build-system)
b94ae0b8
AK		 125 (arguments
126 '(#:configure-flags
127 (list (string-append "--with-guile-site-dir="
128 (assoc-ref %outputs "out")
aa7c7f21
MW		 129 "/share/guile/site/2.0")
130 ;; GnuTLS doesn't consult any environment variables to specify
131 ;; the location of the system-wide trust store. Instead it has a
132 ;; configure-time option. Unless specified, its configure script
133 ;; attempts to auto-detect the location by looking for common
134 ;; places in the filesystem, none of which are present in our
135 ;; chroot build environment. If not found, then no default trust
136 ;; store is used, so each program has to provide its own
137 ;; fallback, and users have to configure each program
138 ;; independently. This seems suboptimal.
866f469e
MW		 139 "--with-default-trust-store-dir=/etc/ssl/certs"
140
141 ;; FIXME: Temporarily disable p11-kit support since it is not
142 ;; working on mips64el.
606c6380
LC		 143 "--without-p11-kit")
144
145 #:phases (modify-phases %standard-phases
146 (add-after
147 'install 'move-doc
148 (lambda* (#:key outputs #:allow-other-keys)
149 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
150 (let* ((out (assoc-ref outputs "out"))
151 (doc (assoc-ref outputs "doc"))
9cdce047 152 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 153 (oldman (string-append out "/share/man/man3")))
154 (mkdir-p mandir)
155 (copy-recursively oldman mandir)
156 (delete-file-recursively oldman)
157 #t))))))
158 (outputs '("out" ;4.4 MiB
159 "debug"
160 "doc")) ;4.1 MiB of man pages
a1db0975 161 (native-inputs
5d4c90ae
LF		 162 `(("net-tools" ,net-tools)
163 ("pkg-config" ,pkg-config)
d2fcfd3d 164 ("which" ,which)))
7543f865
LC		 165 (inputs
166 `(("guile" ,guile-2.0)
0cb9b456 167 ("perl" ,perl)))
7543f865 168 (propagated-inputs
d2fcfd3d 169 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 170 `(("libtasn1" ,libtasn1)
866f469e
MW		 171 ("libidn" ,libidn)
172 ("nettle" ,nettle)
f61e0e79 173 ("zlib" ,zlib)))
c19700c3 174 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 175 (synopsis "Transport layer security library")
7543f865 176 (description
a22dc0c4 177 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 178and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 179protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
180required structures.")
63e8bb12
LC		 181 (license license:lgpl2.1+)
182 (properties '((ftp-server . "ftp.gnutls.org")
183 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df
AE		 184
185(define-public openssl
186 (package
187 (name "openssl")
1d30d554 188 (version "1.0.2h")
cc2b77df 189 (source (origin
4cff124b
LC		 190 (method url-fetch)
191 (uri (list (string-append "ftp://ftp.openssl.org/source/"
192 name "-" version ".tar.gz")
193 (string-append "ftp://ftp.openssl.org/source/old/"
194 (string-trim-right version char-set:letter)
195 "/" name "-" version ".tar.gz")))
196 (sha256
197 (base32
1d30d554 198 "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
fc1adab1 199 (patches (search-patches "openssl-runpath.patch"
c0eeccbc
LC		 200 "openssl-c-rehash-in.patch"
201 "openssl-CVE-2016-2177.patch"
202 "openssl-CVE-2016-2178.patch"))))
cc2b77df 203 (build-system gnu-build-system)
8c78aeb7 204 (outputs '("out"
a909b576 205 "doc" ;1.5MiB of man3 pages
8c78aeb7 206 "static")) ;6MiB of .a files
cc2b77df
AE		 207 (native-inputs `(("perl" ,perl)))
208 (arguments
d03781c3
LC		 209 `(#:disallowed-references (,perl)
210 #:parallel-build? #f
cc2b77df
AE		 211 #:parallel-tests? #f
212 #:test-target "test"
8c9ec203
LF		 213
214 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
215 ;; so we explicitly disallow it here.
216 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 217 #:phases
b6cb1358 218 (modify-phases %standard-phases
4fb254a3 219 (add-before
86c8f1da 220 'configure 'patch-Makefile.org
4fb254a3
LC		 221 (lambda* (#:key outputs #:allow-other-keys)
222 ;; The default MANDIR is some unusual place. Fix that.
223 (let ((out (assoc-ref outputs "out")))
86c8f1da 224 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 225 (substitute* "Makefile.org"
226 (("^MANDIR[[:blank:]]*=.*$")
227 (string-append "MANDIR = " out "/share/man\n")))
228 #t)))
b6cb1358
LC		 229 (replace
230 'configure
231 (lambda* (#:key outputs #:allow-other-keys)
232 (let ((out (assoc-ref outputs "out")))
233 (zero?
234 (system* "./config"
235 "shared" ;build shared libraries
236 "--libdir=lib"
4fb254a3
LC		 237
238 ;; The default for this catch-all directory is
239 ;; PREFIX/ssl. Change that to something more
240 ;; conventional.
241 (string-append "--openssldir=" out
242 "/share/openssl-" ,version)
243
b6cb1358
LC		 244 (string-append "--prefix=" out)
245
246 ;; XXX FIXME: Work around a code generation bug in GCC
247 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
248 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
249 ,@(if (and (not (%current-target-system))
250 (string-prefix? "armhf" (%current-system)))
251 '("-mfpu=vfpv3")
252 '()))))))
fe8199a8
LC		 253 (add-after
254 'install 'make-libraries-writable
255 (lambda* (#:key outputs #:allow-other-keys)
256 ;; Make libraries writable so that 'strip' does its job.
257 (let ((out (assoc-ref outputs "out")))
258 (for-each (lambda (file)
259 (chmod file #o644))
260 (find-files (string-append out "/lib")
261 "\\.so"))
262 #t)))
8c78aeb7
LC		 263 (add-after 'install 'move-static-libraries
264 (lambda* (#:key outputs #:allow-other-keys)
265 ;; Move static libraries to the "static" output.
266 (let* ((out (assoc-ref outputs "out"))
267 (lib (string-append out "/lib"))
268 (static (assoc-ref outputs "static"))
269 (slib (string-append static "/lib")))
270 (mkdir-p slib)
271 (for-each (lambda (file)
272 (install-file file slib)
273 (delete-file file))
274 (find-files lib "\\.a$"))
275 #t)))
a909b576
LC		 276 (add-after 'install 'move-man3-pages
277 (lambda* (#:key outputs #:allow-other-keys)
278 ;; Move section 3 man pages to "doc".
279 (let* ((out (assoc-ref outputs "out"))
280 (man3 (string-append out "/share/man/man3"))
281 (doc (assoc-ref outputs "doc"))
282 (target (string-append doc "/share/man/man3")))
283 (mkdir-p target)
284 (for-each (lambda (file)
285 (rename-file file
286 (string-append target "/"
287 (basename file))))
288 (find-files man3))
289 #t)))
b6cb1358
LC		 290 (add-before
291 'patch-source-shebangs 'patch-tests
292 (lambda* (#:key inputs native-inputs #:allow-other-keys)
293 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
294 (substitute* (find-files "test" ".*")
295 (("/bin/sh")
296 (string-append bash "/bin/bash"))
297 (("/bin/rm")
86c8f1da
MW		 298 "rm"))
299 #t)))
784d6e91
LC		 300 (add-after
301 'install 'remove-miscellany
302 (lambda* (#:key outputs #:allow-other-keys)
303 ;; The 'misc' directory contains random undocumented shell and Perl
304 ;; scripts. Remove them to avoid retaining a reference on Perl.
305 (let ((out (assoc-ref outputs "out")))
306 (delete-file-recursively (string-append out "/share/openssl-"
307 ,version "/misc"))
308 #t))))))
cc2b77df
AE		 309 (native-search-paths
310 ;; FIXME: These two variables must designate a single file or directory
311 ;; and are not actually "search paths." In practice it works OK in user
312 ;; profiles because there's always just one item that matches the
313 ;; specification.
314 (list (search-path-specification
315 (variable "SSL_CERT_DIR")
316 (files '("etc/ssl/certs")))
317 (search-path-specification
318 (variable "SSL_CERT_FILE")
319 (files '("etc/ssl/certs/ca-certificates.crt")))))
320 (synopsis "SSL/TLS implementation")
321 (description
e881752c 322 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 323 (license license:openssl)
cc2b77df
AE		 324 (home-page "http://www.openssl.org/")))
325
763899f0
LF		 326(define-public openssl-next
327 (package
328 (inherit openssl)
329 (name "openssl")
330 (version "1.1.0")
331 (source (origin
332 (method url-fetch)
333 (uri (list (string-append "ftp://ftp.openssl.org/source/"
334 name "-" version ".tar.gz")
335 (string-append "ftp://ftp.openssl.org/source/old/"
336 (string-trim-right version char-set:letter)
337 "/" name "-" version ".tar.gz")))
338 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
339 (sha256
340 (base32
341 "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm"))))
342 (outputs '("out"
343 "doc" ;1.3MiB of man3 pages
344 "static")) ; 5.5MiB of .a files
345 (arguments
346 (substitute-keyword-arguments (package-arguments openssl)
347 ((#:phases phases)
348 `(modify-phases ,phases
349 (delete 'patch-tests) ; These two phases are not needed by
350 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
351
352 (add-after 'configure 'patch-runpath
353 (lambda* (#:key outputs #:allow-other-keys)
354 (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
355 (substitute* "Makefile.shared"
356 (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}")
357 (string-append "$${SHAREDCMD} $${SHAREDFLAGS}"
358 " -Wl,-rpath," lib)))
359 #t)))))))))
360
cb6a802c
AE		 361(define-public libressl
362 (package
363 (name "libressl")
deb6482e 364 (version "2.4.2")
cb6a802c
AE		 365 (source
366 (origin
367 (method url-fetch)
368 (uri (string-append
369 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
370 version ".tar.gz"))
1a957c21
LF		 371 (sha256
372 (base32
deb6482e 373 "1qyrcyzrrn6r9cqvm66ib72qyr65q4hrdyiq1vb24a6nwmwdg1sz"))))
cb6a802c
AE		 374 (build-system gnu-build-system)
375 (native-search-paths
376 ;; FIXME: These two variables must designate a single file or directory
377 ;; and are not actually "search paths." In practice it works OK in
378 ;; user profiles because there's always just one item that matches the
379 ;; specification.
380 (list (search-path-specification
381 (variable "SSL_CERT_DIR")
382 (files '("etc/ssl/certs")))
383 (search-path-specification
384 (variable "SSL_CERT_FILE")
385 (files '("etc/ssl/certs/ca-certificates.crt")))))
386 (home-page "http://www.libressl.org/")
387 (synopsis "SSL/TLS implementation")
388 (description "LibreSSL is a version of the TLS/crypto stack forked
389from OpenSSL in 2014, with the goals of modernizing the codebase, improving
390security, and applying best practice development processes.")
391 ;; Files taken from OpenSSL keep their license, others are under various
392 ;; non-copyleft licenses.
393 (license (list license:openssl
394 (license:non-copyleft
395 "file://COPYING"
396 "See COPYING in the distribution.")))))
397
6cefd53d 398(define-public python-acme
7890e3ba 399 (package
6cefd53d 400 (name "python-acme")
65924b10 401 (version "0.8.1")
7890e3ba 402 (source (origin
9495cf9a
LF		 403 (method url-fetch)
404 (uri (string-append
405 "https://pypi.python.org/packages/"
65924b10 406 "f5/7a/11a99b5d1d1c692f6eed27cfab69e6ba4d2f0c2a461d2607e6a930ff2c68/"
9495cf9a 407 "acme-" version ".tar.gz"))
7890e3ba
LF		 408 (sha256
409 (base32
65924b10 410 "17vx2miczpd8ww4xizmc0nca2c7jf04wnhfnswx2bxhb537lmsnk"))))
7890e3ba
LF		 411 (build-system python-build-system)
412 (arguments
6cefd53d 413 `(#:phases
9bee9d87
LF		 414 (modify-phases %standard-phases
415 (add-before 'install 'disable-egg-compression
416 (lambda _
417 ;; Do not compress the egg.
418 ;; See <http://bugs.gnu.org/20765>.
419 (let ((port (open-file "setup.cfg" "a")))
420 (display "\n[easy_install]\nzip_ok = 0\n"
421 port)
422 (close-port port)
50a7963a
LF		 423 #t)))
424 (add-after 'install 'docs
425 (lambda* (#:key outputs #:allow-other-keys)
426 (let* ((out (assoc-ref outputs "out"))
427 (man (string-append out "/share/man/man1"))
428 (info (string-append out "/info")))
429 (and (zero? (system* "make" "-C" "docs" "man" "info"))
430 (install-file "docs/_build/texinfo/acme-python.info" info)
431 (install-file "docs/_build/man/acme-python.1" man)
432 #t)))))))
433 ;; TODO: Add optional inputs for testing.
7890e3ba 434 (native-inputs
6cefd53d 435 `(("python-mock" ,python-mock)
50a7963a
LF		 436 ;; For documentation
437 ("python-sphinx" ,python-sphinx)
438 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
439 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
440 ("python-setuptools" ,python-setuptools)
441 ("texinfo" ,texinfo)))
7890e3ba 442 (propagated-inputs
6cefd53d
LF		 443 `(("python-ndg-httpsclient" ,python-ndg-httpsclient)
444 ("python-werkzeug" ,python-werkzeug)
445 ("python-six" ,python-six)
446 ("python-requests" ,python-requests)
447 ("python-pytz" ,python-pytz)
448 ("python-pyrfc3339" ,python-pyrfc3339)
449 ("python-pyasn1" ,python-pyasn1)
450 ("python-cryptography" ,python-cryptography)
451 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 452 (home-page "https://github.com/letsencrypt/letsencrypt")
453 (synopsis "ACME protocol implementation in Python")
454 (description "ACME protocol implementation in Python")
455 (license license:asl2.0)))
456
6cefd53d
LF		 457(define-public python2-acme
458 (package-with-python2 python-acme))
459
9495cf9a 460(define-public certbot
9fd0838b 461 (package
9495cf9a 462 (name "certbot")
65924b10 463 (version "0.8.1")
9fd0838b
DT		 464 (source (origin
465 (method url-fetch)
9495cf9a
LF		 466 (uri (string-append
467 "https://pypi.python.org/packages/"
65924b10 468 "a2/3b/4756e6a0ceb14e084042a2a65c615d68d25621c6fd446d0fc10d14c4ce7d/"
9495cf9a 469 name "-" version ".tar.gz"))
9fd0838b
DT		 470 (sha256
471 (base32
65924b10 472 "0w972cf2mk74aji5d8dylg3jw6wczg01gb4asf3ndv8c64yxza3c"))))
9fd0838b
DT		 473 (build-system python-build-system)
474 (arguments
f9263d9a
LF		 475 `(#:python ,python-2
476 #:phases
477 (modify-phases %standard-phases
234d0b69 478 (add-after 'build 'docs
f9263d9a
LF		 479 (lambda* (#:key outputs #:allow-other-keys)
480 (let* ((out (assoc-ref outputs "out"))
481 (man1 (string-append out "/share/man/man1"))
482 (man7 (string-append out "/share/man/man7"))
483 (info (string-append out "/info")))
f9263d9a
LF		 484 (and
485 (zero? (system* "make" "-C" "docs" "man" "info"))
9495cf9a
LF		 486 (install-file "docs/_build/texinfo/Certbot.info" info)
487 (install-file "docs/_build/man/certbot.1" man1)
488 (install-file "docs/_build/man/certbot.7" man7)
f9263d9a
LF		 489 #t)))))))
490 ;; TODO: Add optional inputs for testing.
9fd0838b
DT		 491 (native-inputs
492 `(("python2-nose" ,python2-nose)
f9263d9a
LF		 493 ("python2-mock" ,python2-mock)
494 ;; For documentation
495 ("python2-sphinx" ,python2-sphinx)
496 ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
497 ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
498 ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
499 ("texinfo" ,texinfo)))
9fd0838b 500 (propagated-inputs
6cefd53d 501 `(("python2-acme" ,python2-acme)
9fd0838b
DT		 502 ("python2-zope-interface" ,python2-zope-interface)
503 ("python2-pythondialog" ,python2-pythondialog)
504 ("python2-pyrfc3339" ,python2-pyrfc3339)
505 ("python2-pyopenssl" ,python2-pyopenssl)
506 ("python2-configobj" ,python2-configobj)
507 ("python2-configargparse" ,python2-configargparse)
508 ("python2-zope-component" ,python2-zope-component)
509 ("python2-parsedatetime" ,python2-parsedatetime)
510 ("python2-six" ,python2-six)
511 ("python2-psutil" ,python2-psutil)
512 ("python2-requests" ,python2-requests)
513 ("python2-pytz" ,python2-pytz)))
514 (synopsis "Let's Encrypt client")
515 (description "Tool to automatically receive and install X.509 certificates
516to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which
517will be issuing browser-trusted certificates for free.")
24778368 518 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 519 (license license:asl2.0)))
520
9495cf9a
LF		 521(define-public letsencrypt
522 (package (inherit certbot)
523 (name "letsencrypt")))
524
cc2b77df
AE		 525(define-public perl-net-ssleay
526 (package
527 (name "perl-net-ssleay")
528 (version "1.68")
529 (source (origin
530 (method url-fetch)
531 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
532 "Net-SSLeay-" version ".tar.gz"))
533 (sha256
534 (base32
1084ec08 535 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
cc2b77df 536 (build-system perl-build-system)
1084ec08
MW		 537 (native-inputs
538 `(("patch" ,patch)
539 ("patch/disable-ede-test"
540 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
cc2b77df
AE		 541 (inputs `(("openssl" ,openssl)))
542 (arguments
1084ec08
MW		 543 `(#:phases
544 (modify-phases %standard-phases
545 (add-after
546 'unpack 'apply-patch
547 (lambda* (#:key inputs #:allow-other-keys)
548 ;; XXX We apply this patch here instead of in the 'origin' because
549 ;; this package's build system fails badly when the source file
550 ;; times are zeroed.
551 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
552 (zero? (system* "patch" "--force" "-p1" "-i"
553 (assoc-ref inputs "patch/disable-ede-test")))))
554 (add-before
555 'configure 'set-ssl-prefix
556 (lambda* (#:key inputs #:allow-other-keys)
557 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
558 #t)))))
cc2b77df
AE		 559 (synopsis "Perl extension for using OpenSSL")
560 (description
561 "This module offers some high level convenience functions for accessing
562web pages on SSL servers (for symmetry, the same API is offered for accessing
563http servers, too), an sslcat() function for writing your own clients, and
564finally access to the SSL api of the SSLeay/OpenSSL package so you can write
565servers or clients for more complicated applications.")
566 (license (package-license perl))
567 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 568
569(define-public perl-crypt-openssl-rsa
570 (package
571 (name "perl-crypt-openssl-rsa")
572 (version "0.28")
573 (source
574 (origin
575 (method url-fetch)
576 (uri (string-append
577 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
578 version
579 ".tar.gz"))
580 (sha256
581 (base32
582 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
583 (build-system perl-build-system)
584 (inputs
585 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
586 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
587 ("openssl" ,openssl)))
588 (arguments perl-crypt-arguments)
589 (home-page
590 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
591 (synopsis
592 "RSA encoding and decoding, using the openSSL libraries")
593 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
594OpenSSL libraries).")
595 (license (package-license perl))))
adff71ca
DM		 596
597(define perl-crypt-arguments
598 `(#:phases (modify-phases %standard-phases
599 (add-before 'configure 'patch-Makefile.PL
600 (lambda* (#:key inputs #:allow-other-keys)
601 (substitute* "Makefile.PL"
602 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
603 (assoc-ref inputs "openssl")
604 "/lib -lcrypto'],")))
605 #t)))))
606
607(define-public perl-crypt-openssl-bignum
608 (package
609 (name "perl-crypt-openssl-bignum")
610 (version "0.06")
611 (source
612 (origin
613 (method url-fetch)
614 (uri (string-append
615 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
616 version
617 ".tar.gz"))
618 (sha256
619 (base32
620 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
621 (build-system perl-build-system)
622 (inputs `(("openssl" ,openssl)))
623 (arguments perl-crypt-arguments)
624 (home-page
625 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
626 (synopsis
627 "OpenSSL's multiprecision integer arithmetic in Perl")
628 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
629arithmetic in Perl.")
630 ;; At your option either gpl1+ or the Artistic License
631 (license (package-license perl))))
cccb4d26
DM		 632
633(define-public perl-crypt-openssl-random
634 (package
635 (name "perl-crypt-openssl-random")
636 (version "0.11")
637 (source
638 (origin
639 (method url-fetch)
640 (uri (string-append
641 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
642 version
643 ".tar.gz"))
644 (sha256
645 (base32
646 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
647 (build-system perl-build-system)
648 (inputs `(("openssl" ,openssl)))
649 (arguments perl-crypt-arguments)
650 (home-page
651 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
652 (synopsis
653 "OpenSSL/LibreSSL pseudo-random number generator access")
654 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
655number generator")
656 (license (package-license perl))))
jackhill's copy of GNU Guix: https://guix.gnu.org/