HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: gnutls: Leave #:disallowed-references empty for GNU/Hurd.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
ac83dc82 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
05f6e601 3;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ea22aa1f 7;;; Copyright © 2015, 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
db388401 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
3c986a7d 9;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e8df8800 12;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
a92c6b1a 13;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
bdcdd550 16;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
a9bcc647 17;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
7543f865 18;;;
233e7676 19;;; This file is part of GNU Guix.
7543f865 20;;;
233e7676 21;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 22;;; under the terms of the GNU General Public License as published by
23;;; the Free Software Foundation; either version 3 of the License, or (at
24;;; your option) any later version.
25;;;
233e7676 26;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 27;;; WITHOUT ANY WARRANTY; without even the implied warranty of
28;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29;;; GNU General Public License for more details.
30;;;
31;;; You should have received a copy of the GNU General Public License
233e7676 32;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 33
a7fd7b68 34(define-module (gnu packages tls)
e9aa8d0c 35 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 36 #:use-module (guix packages)
37 #:use-module (guix download)
ea22aa1f 38 #:use-module (guix git-download)
29a7c98a 39 #:use-module (guix utils)
7543f865 40 #:use-module (guix build-system gnu)
ea22aa1f 41 #:use-module (guix build-system go)
cc2b77df 42 #:use-module (guix build-system perl)
7890e3ba 43 #:use-module (guix build-system python)
88522738 44 #:use-module (guix build-system cmake)
e8b3a158 45 #:use-module (guix build-system trivial)
f61e0e79 46 #:use-module (gnu packages compression)
013ce67b 47 #:use-module (gnu packages)
e8b3a158 48 #:use-module (gnu packages bash)
ac257f12 49 #:use-module (gnu packages check)
e8b3a158 50 #:use-module (gnu packages curl)
5b9aa107 51 #:use-module (gnu packages dns)
e8b3a158 52 #:use-module (gnu packages gawk)
1ffa7090 53 #:use-module (gnu packages guile)
a9bcc647 54 #:use-module (gnu packages hurd)
0581c273 55 #:use-module (gnu packages libbsd)
27e86bed 56 #:use-module (gnu packages libffi)
866f469e 57 #:use-module (gnu packages libidn)
5d4c90ae 58 #:use-module (gnu packages linux)
7890e3ba 59 #:use-module (gnu packages ncurses)
27e86bed 60 #:use-module (gnu packages nettle)
1ffa7090 61 #:use-module (gnu packages perl)
27e86bed 62 #:use-module (gnu packages pkg-config)
7890e3ba 63 #:use-module (gnu packages python)
cc6f4912 64 #:use-module (gnu packages python-crypto)
1b2f753d 65 #:use-module (gnu packages python-web)
44d10b1f 66 #:use-module (gnu packages python-xyz)
9d0c291e 67 #:use-module (gnu packages sphinx)
a31f4d35 68 #:use-module (gnu packages texinfo)
33dc54b0 69 #:use-module (gnu packages time)
079f013b
LC		 70 #:use-module (gnu packages base)
71 #:use-module (srfi srfi-1))
7543f865
LC		 72
73(define-public libtasn1
74 (package
75 (name "libtasn1")
3a22f04a 76 (version "4.16.0")
7543f865
LC		 77 (source
78 (origin
79 (method url-fetch)
80 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
81 version ".tar.gz"))
82 (sha256
83 (base32
3a22f04a 84 "179jskl7dmfp1rd2khkzmlibzgki4wi6hvmmwfv7q49r728b03qf"))))
7543f865 85 (build-system gnu-build-system)
d9f84612
MB		 86 (arguments
87 `(#:configure-flags '("--disable-static")))
3ea110b7 88 (native-inputs `(("perl" ,perl)))
6fd52309 89 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 90 (synopsis "ASN.1 library")
7543f865 91 (description
79c311b8
LC		 92 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
93for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 94networking, allowing for formal validation of data according to some
95specifications.")
e9aa8d0c 96 (license license:lgpl2.0+)))
7543f865 97
375cef6c
HG		 98(define-public asn1c
99 (package
100 (name "asn1c")
ff7da7e0 101 (version "0.9.28")
375cef6c
HG		 102 (source (origin
103 (method url-fetch)
104 (uri (string-append "https://lionet.info/soft/asn1c-"
105 version ".tar.gz"))
106 (sha256
107 (base32
ff7da7e0 108 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 109 (build-system gnu-build-system)
110 (native-inputs
111 `(("perl" ,perl)))
112 (home-page "https://lionet.info/asn1c")
113 (synopsis "ASN.1 to C compiler")
114 (description "The ASN.1 to C compiler takes ASN.1 module
115files and generates C++ compatible C source code. That code can be
116used to serialize the native C structures into compact and unambiguous
117BER/XER/PER-based data files, and deserialize the files back.
118
119Various ASN.1 based formats are widely used in the industry, such as to encode
120the X.509 certificates employed in the HTTPS handshake, to exchange control
121data between mobile phones and cellular networks, to car-to-car communication
122in intelligent transportation networks.")
123 (license license:bsd-2)))
124
27e86bed
AE		 125(define-public p11-kit
126 (package
127 (name "p11-kit")
8c98ef7d 128 (version "0.23.20")
27e86bed
AE		 129 (source
130 (origin
131 (method url-fetch)
e6ad9bda 132 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
eae94df6 133 "download/" version "/p11-kit-" version ".tar.xz"))
27e86bed
AE		 134 (sha256
135 (base32
8c98ef7d 136 "0131maw666ha4d6iyj13fkz18c4pnb3lw2xwv5kvkmnzqcj61n0l"))))
27e86bed
AE		 137 (build-system gnu-build-system)
138 (native-inputs
139 `(("pkg-config" ,pkg-config)))
140 (inputs
141 `(("libffi" ,libffi)
142 ("libtasn1" ,libtasn1)))
143 (arguments
d5c472a2
MB		 144 `(#:configure-flags '("--without-trust-paths")
145 #:phases (modify-phases %standard-phases
146 (add-before 'check 'prepare-tests
147 (lambda _
148 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
149 ;; and looks for .cache and other directories (only).
150 ;; For simplicity just drop it since it is irrelevant
151 ;; in the build container.
152 (substitute* "Makefile"
153 (("test-runtime\\$\\(EXEEXT\\)") ""))
154 #t)))))
4631e6c9 155 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 156 (synopsis "PKCS#11 library")
157 (description
158 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
159provides a standard configuration setup for installing PKCS#11 modules
160in such a way that they are discoverable. It also solves problems with
161coordinating the use of PKCS#11 by different components or libraries
162living in the same process.")
e9aa8d0c 163 (license license:bsd-3)))
27e86bed 164
7543f865
LC		 165(define-public gnutls
166 (package
167 (name "gnutls")
5c5bd76f 168 ;; XXX Unversion openconnect's "gnutls" input when ungrafting.
8951b949 169 (replacement gnutls-3.6.14)
584d08c5 170 (version "3.6.12")
d7d408d5
LC		 171 (source (origin
172 (method url-fetch)
173 (uri
174 ;; Note: Releases are no longer on ftp.gnu.org since the
175 ;; schism (after version 3.1.5).
d93627e4 176 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 177 (version-major+minor version)
d93627e4 178 "/gnutls-" version ".tar.xz"))
06f5bc4e 179 (patches (search-patches "gnutls-skip-trust-store-test.patch"))
d7d408d5
LC		 180 (sha256
181 (base32
584d08c5 182 "0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z"))))
7543f865 183 (build-system gnu-build-system)
b94ae0b8 184 (arguments
2d49f175
JN		 185 `(,@(if (hurd-target?) '(#:tests? #f) '())
186 ; Ensure we don't keep a reference to this buggy software.
9ee8b41f 187 #:disallowed-references ,(if (hurd-target?) '() (list net-tools))
76b21274 188 #:configure-flags
a0700787 189 (list
aa7c7f21
MW		 190 ;; GnuTLS doesn't consult any environment variables to specify
191 ;; the location of the system-wide trust store. Instead it has a
192 ;; configure-time option. Unless specified, its configure script
193 ;; attempts to auto-detect the location by looking for common
8f65585b 194 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 195 ;; chroot build environment. If not found, then no default trust
196 ;; store is used, so each program has to provide its own
197 ;; fallback, and users have to configure each program
198 ;; independently. This seems suboptimal.
866f469e
MW		 199 "--with-default-trust-store-dir=/etc/ssl/certs"
200
7892edc2
MB		 201 ;; Tell the build system that we want Guile bindings installed to
202 ;; the output instead of Guiles own module directory.
203 (string-append "--with-guile-site-dir="
204 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
205 (string-append "--with-guile-site-ccache-dir="
206 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
207 (string-append "--with-guile-extension-dir="
208 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
209
866f469e
MW		 210 ;; FIXME: Temporarily disable p11-kit support since it is not
211 ;; working on mips64el.
606c6380
LC		 212 "--without-p11-kit")
213
214 #:phases (modify-phases %standard-phases
215 (add-after
216 'install 'move-doc
217 (lambda* (#:key outputs #:allow-other-keys)
218 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
219 (let* ((out (assoc-ref outputs "out"))
220 (doc (assoc-ref outputs "doc"))
9cdce047 221 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 222 (oldman (string-append out "/share/man/man3")))
223 (mkdir-p mandir)
224 (copy-recursively oldman mandir)
225 (delete-file-recursively oldman)
226 #t))))))
227 (outputs '("out" ;4.4 MiB
228 "debug"
229 "doc")) ;4.1 MiB of man pages
a1db0975 230 (native-inputs
a9bcc647
JN		 231 `(,@(if (hurd-target?) '()
232 `(("net-tools" ,net-tools)))
5d4c90ae 233 ("pkg-config" ,pkg-config)
ac83dc82 234 ("which" ,which)
2d49f175
JN		 235 ,@(if (hurd-target?) '()
236 `(("datefudge" ,datefudge))) ;tests rely on 'datefudge'
971c8bb0 237 ("util-linux" ,util-linux))) ;one test needs 'setsid'
7543f865 238 (inputs
67a3c8ed 239 `(("guile" ,guile-3.0)))
7543f865 240 (propagated-inputs
d2fcfd3d 241 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 242 `(("libtasn1" ,libtasn1)
55e61c4d 243 ("libidn2" ,libidn2)
866f469e 244 ("nettle" ,nettle)
f61e0e79 245 ("zlib" ,zlib)))
c19700c3 246 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 247 (synopsis "Transport layer security library")
7543f865 248 (description
a22dc0c4 249 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 250and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 251protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
252required structures.")
63e8bb12
LC		 253 (license license:lgpl2.1+)
254 (properties '((ftp-server . "ftp.gnutls.org")
255 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 256
8951b949 257(define-public gnutls-3.6.14
079f013b 258 (package
58ea4d40 259 (inherit gnutls)
8951b949 260 (version "3.6.14")
a270af31
LF		 261 (source (origin
262 (method url-fetch)
263 (uri (string-append "mirror://gnupg/gnutls/v"
264 (version-major+minor version)
8951b949 265 "/gnutls-" version ".tar.xz"))
7eee37cd
JN		 266 (patches (search-patches "gnutls-skip-trust-store-test.patch"
267 "gnutls-cross.patch"))
a270af31
LF		 268 (sha256
269 (base32
8951b949 270 "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n"))))
7eee37cd
JN		 271 (native-inputs
272 `(,@(if (%current-target-system) ;for cross-build
273 `(("guile" ,guile-3.0)) ;to create .go files
274 '())
275 ,@(package-native-inputs gnutls)))))
a270af31
LF		 276
277(define-public gnutls/guile-2.0
278 ;; GnuTLS for Guile 2.0.
279 (package/inherit gnutls
a0700787
LC		 280 (name "guile2.0-gnutls")
281 (inputs `(("guile" ,guile-2.0)
58ea4d40 282 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 283
5b9aa107 284(define-public gnutls/dane
285 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
286 ;; Authentication of Named Entities. This is required for GNS functionality
287 ;; by GNUnet and gnURL. This is done in an extra package definition
288 ;; to have the choice between GnuTLS with Dane and without Dane.
a270af31 289 (package/inherit gnutls
5b9aa107 290 (name "gnutls-dane")
291 (inputs `(("unbound" ,unbound)
292 ,@(package-inputs gnutls)))))
293
67a3c8ed 294(define-public guile2.2-gnutls
d630d781 295 (package
5f9f034e 296 (inherit gnutls)
67a3c8ed
MB		 297 (name "guile2.2-gnutls")
298 (inputs `(("guile" ,guile-2.2)
d630d781 299 ,@(alist-delete "guile"
5f9f034e 300 (package-inputs gnutls))))))
d630d781 301
4e6c9f56
LC		 302(define-public guile3.0-gnutls
303 (deprecated-package "guile3.0-gnutls" gnutls))
67a3c8ed 304
cc2b77df
AE		 305(define-public openssl
306 (package
307 (name "openssl")
95ac5cd6 308 (version "1.1.1f")
0b9a1177 309 (replacement openssl-1.1.1g)
cc2b77df 310 (source (origin
4cff124b 311 (method url-fetch)
bdf0b6fc
MB		 312 (uri (list (string-append "https://www.openssl.org/source/openssl-"
313 version ".tar.gz")
314 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 315 "openssl-" version ".tar.gz")
4cff124b
LC		 316 (string-append "ftp://ftp.openssl.org/source/old/"
317 (string-trim-right version char-set:letter)
c7f5c3ea 318 "/openssl-" version ".tar.gz")))
4cff124b
LC		 319 (sha256
320 (base32
95ac5cd6
MB		 321 "0d9zv9srjqivs8nn099fpbjv1wyhfcb8lzy491dpmfngdvz6nv0q"))
322 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
cc2b77df 323 (build-system gnu-build-system)
8c78aeb7 324 (outputs '("out"
e74f153a
MB		 325 "doc" ;6.8 MiB of man3 pages and full HTML documentation
326 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 327 (native-inputs `(("perl" ,perl)))
328 (arguments
88b52527 329 `(#:parallel-tests? #f
cc2b77df 330 #:test-target "test"
8c9ec203
LF		 331
332 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
333 ;; so we explicitly disallow it here.
334 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 335 #:phases
b6cb1358 336 (modify-phases %standard-phases
bdcdd550
MO		 337 ,@(if (%current-target-system)
338 '((add-before
339 'configure 'set-cross-compile
340 (lambda* (#:key target outputs #:allow-other-keys)
341 (setenv "CROSS_COMPILE" (string-append target "-"))
342 (setenv "CONFIGURE_TARGET_ARCH"
343 (cond
a58f3708
JN		 344 ((string-prefix? "i586" target)
345 "hurd-x86")
bdcdd550
MO		 346 ((string-prefix? "i686" target)
347 "linux-x86")
348 ((string-prefix? "x86_64" target)
349 "linux-x86_64")
350 ((string-prefix? "arm" target)
351 "linux-armv4")
352 ((string-prefix? "aarch64" target)
353 "linux-aarch64")))
354 #t)))
355 '())
e74f153a
MB		 356 (replace 'configure
357 (lambda* (#:key outputs #:allow-other-keys)
358 (let* ((out (assoc-ref outputs "out"))
359 (lib (string-append out "/lib")))
360 ;; It's not a shebang so patch-source-shebangs misses it.
361 (substitute* "config"
362 (("/usr/bin/env")
363 (string-append (assoc-ref %build-inputs "coreutils")
364 "/bin/env")))
bdcdd550
MO		 365 (invoke ,@(if (%current-target-system)
366 '("./Configure")
367 '("./config"))
e74f153a
MB		 368 "shared" ;build shared libraries
369 "--libdir=lib"
4fb254a3 370
e74f153a
MB		 371 ;; The default for this catch-all directory is
372 ;; PREFIX/ssl. Change that to something more
373 ;; conventional.
374 (string-append "--openssldir=" out
375 "/share/openssl-" ,version)
4fb254a3 376
e74f153a 377 (string-append "--prefix=" out)
bdcdd550
MO		 378 (string-append "-Wl,-rpath," lib)
379 ,@(if (%current-target-system)
380 '((getenv "CONFIGURE_TARGET_ARCH"))
381 '())))))
8c78aeb7
LC		 382 (add-after 'install 'move-static-libraries
383 (lambda* (#:key outputs #:allow-other-keys)
384 ;; Move static libraries to the "static" output.
385 (let* ((out (assoc-ref outputs "out"))
386 (lib (string-append out "/lib"))
387 (static (assoc-ref outputs "static"))
388 (slib (string-append static "/lib")))
8c78aeb7
LC		 389 (for-each (lambda (file)
390 (install-file file slib)
391 (delete-file file))
392 (find-files lib "\\.a$"))
393 #t)))
e74f153a 394 (add-after 'install 'move-extra-documentation
a909b576 395 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 396 ;; Move man3 pages and full HTML documentation to "doc".
397 (let* ((out (assoc-ref outputs "out"))
398 (man3 (string-append out "/share/man/man3"))
399 (html (string-append out "/share/doc/openssl"))
400 (doc (assoc-ref outputs "doc"))
401 (man-target (string-append doc "/share/man/man3"))
402 (html-target (string-append doc "/share/doc/openssl")))
403 (copy-recursively man3 man-target)
404 (delete-file-recursively man3)
405 (copy-recursively html html-target)
406 (delete-file-recursively html)
407 #t)))
784d6e91
LC		 408 (add-after
409 'install 'remove-miscellany
410 (lambda* (#:key outputs #:allow-other-keys)
411 ;; The 'misc' directory contains random undocumented shell and Perl
412 ;; scripts. Remove them to avoid retaining a reference on Perl.
413 (let ((out (assoc-ref outputs "out")))
414 (delete-file-recursively (string-append out "/share/openssl-"
415 ,version "/misc"))
416 #t))))))
cc2b77df 417 (native-search-paths
cc2b77df
AE		 418 (list (search-path-specification
419 (variable "SSL_CERT_DIR")
5d7a47cc 420 (separator #f) ;single entry
cc2b77df
AE		 421 (files '("etc/ssl/certs")))
422 (search-path-specification
423 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 424 (file-type 'regular)
425 (separator #f) ;single entry
cc2b77df
AE		 426 (files '("etc/ssl/certs/ca-certificates.crt")))))
427 (synopsis "SSL/TLS implementation")
428 (description
e881752c 429 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 430 (license license:openssl)
4631e6c9 431 (home-page "https://www.openssl.org/")))
cc2b77df 432
0b9a1177 433(define openssl-1.1.1g
2e76ddd6
MB		 434 (package
435 (inherit openssl)
0b9a1177 436 (version "1.1.1g")
9ff87bb9 437 (source (origin
763899f0 438 (method url-fetch)
77576be4
MB		 439 (uri (list (string-append "https://www.openssl.org/source/openssl-"
440 version ".tar.gz")
441 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 442 "openssl-" version ".tar.gz")
763899f0
LF		 443 (string-append "ftp://ftp.openssl.org/source/old/"
444 (string-trim-right version char-set:letter)
c7f5c3ea 445 "/openssl-" version ".tar.gz")))
9ff87bb9
LC		 446 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
447 (sha256
448 (base32
0b9a1177 449 "0ikdcc038i7jk8h7asq5xcn8b1xc2rrbc88yfm4hqbz3y5s4gc6x"))))))
9ff87bb9 450
e74f153a 451(define-public openssl-1.0
763899f0
LF		 452 (package
453 (inherit openssl)
454 (name "openssl")
b0b79542 455 (version "1.0.2u")
763899f0 456 (source (origin
e74f153a
MB		 457 (method url-fetch)
458 (uri (list (string-append "https://www.openssl.org/source/openssl-"
459 version ".tar.gz")
460 (string-append "ftp://ftp.openssl.org/source/"
461 "openssl-" version ".tar.gz")
462 (string-append "ftp://ftp.openssl.org/source/old/"
463 (string-trim-right version char-set:letter)
464 "/openssl-" version ".tar.gz")))
763899f0
LF		 465 (sha256
466 (base32
b0b79542 467 "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
e74f153a
MB		 468 (patches (search-patches "openssl-runpath.patch"
469 "openssl-c-rehash-in.patch"))))
763899f0 470 (outputs '("out"
e74f153a
MB		 471 "doc" ;1.5MiB of man3 pages
472 "static")) ;6MiB of .a files
763899f0
LF		 473 (arguments
474 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 475 ;; Parallel build is not supported in 1.0.x.
476 ((#:parallel-build? _ #f) #f)
763899f0
LF		 477 ((#:phases phases)
478 `(modify-phases ,phases
e74f153a
MB		 479 (add-before 'patch-source-shebangs 'patch-tests
480 (lambda* (#:key inputs native-inputs #:allow-other-keys)
481 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
482 (substitute* (find-files "test" ".*")
483 (("/bin/sh")
484 (string-append bash "/bin/sh"))
485 (("/bin/rm")
486 "rm"))
487 #t)))
488 (add-before 'configure 'patch-Makefile.org
763899f0 489 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 490 ;; The default MANDIR is some unusual place. Fix that.
491 (let ((out (assoc-ref outputs "out")))
492 (patch-makefile-SHELL "Makefile.org")
493 (substitute* "Makefile.org"
494 (("^MANDIR[[:blank:]]*=.*$")
495 (string-append "MANDIR = " out "/share/man\n")))
496 #t)))
bdcdd550
MO		 497 (replace 'configure
498 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
499 (lambda* (#:key outputs #:allow-other-keys)
500 (let ((out (assoc-ref outputs "out")))
501 (invoke ,@(if (%current-target-system)
502 '("./Configure")
503 '("./config"))
504 "shared" ;build shared libraries
505 "--libdir=lib"
fc184fe2 506
bdcdd550
MO		 507 ;; The default for this catch-all directory is
508 ;; PREFIX/ssl. Change that to something more
509 ;; conventional.
510 (string-append "--openssldir=" out
511 "/share/openssl-" ,version)
fc184fe2 512
bdcdd550
MO		 513 (string-append "--prefix=" out)
514 ,@(if (%current-target-system)
515 '((getenv "CONFIGURE_TARGET_ARCH"))
516 '())))))
e74f153a
MB		 517 (delete 'move-extra-documentation)
518 (add-after 'install 'move-man3-pages
519 (lambda* (#:key outputs #:allow-other-keys)
520 ;; Move section 3 man pages to "doc".
521 (let* ((out (assoc-ref outputs "out"))
522 (man3 (string-append out "/share/man/man3"))
523 (doc (assoc-ref outputs "doc"))
524 (target (string-append doc "/share/man/man3")))
525 (mkdir-p target)
526 (for-each (lambda (file)
527 (rename-file file
528 (string-append target "/"
529 (basename file))))
530 (find-files man3))
531 (delete-file-recursively man3)
532 #t)))
fc184fe2
MB		 533 ;; XXX: Duplicate this phase to make sure 'version' evaluates
534 ;; in the current scope and not the inherited one.
535 (replace 'remove-miscellany
536 (lambda* (#:key outputs #:allow-other-keys)
537 ;; The 'misc' directory contains random undocumented shell and Perl
538 ;; scripts. Remove them to avoid retaining a reference on Perl.
539 (let ((out (assoc-ref outputs "out")))
540 (delete-file-recursively (string-append out "/share/openssl-"
541 ,version "/misc"))
763899f0
LF		 542 #t)))))))))
543
cb6a802c
AE		 544(define-public libressl
545 (package
546 (name "libressl")
0250672b 547 (version "3.0.2")
644e5f17
TGR		 548 (source (origin
549 (method url-fetch)
550 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 551 "libressl-" version ".tar.gz"))
644e5f17
TGR		 552 (sha256
553 (base32
0250672b 554 "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz"))))
cb6a802c 555 (build-system gnu-build-system)
a2d64899
LC		 556 (arguments
557 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
558 ;; and libc would return ENOSYS, which is not properly handled.
559 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 560 '(#:configure-flags '("ac_cv_func_getentropy=no"
561 ;; Provide a TLS-enabled netcat.
562 "--enable-nc")))
cb6a802c 563 (native-search-paths
cb6a802c
AE		 564 (list (search-path-specification
565 (variable "SSL_CERT_DIR")
04cfe91e 566 (separator #f) ;single entry
cb6a802c
AE		 567 (files '("etc/ssl/certs")))
568 (search-path-specification
569 (variable "SSL_CERT_FILE")
04cfe91e 570 (separator #f) ;single entry
cb6a802c 571 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 572 (home-page "https://www.libressl.org/")
cb6a802c 573 (synopsis "SSL/TLS implementation")
df08f385
LF		 574 (description "LibreSSL is a version of the TLS/crypto stack, forked from
575OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
576and applying best practice development processes. This package also includes a
577netcat implementation that supports TLS.")
cb6a802c
AE		 578 ;; Files taken from OpenSSL keep their license, others are under various
579 ;; non-copyleft licenses.
580 (license (list license:openssl
581 (license:non-copyleft
582 "file://COPYING"
583 "See COPYING in the distribution.")))))
584
6cefd53d 585(define-public python-acme
7890e3ba 586 (package
6cefd53d 587 (name "python-acme")
686d4259 588 ;; Remember to update the hash of certbot when updating python-acme.
7cfcc38f 589 (version "1.3.0")
7890e3ba 590 (source (origin
9495cf9a 591 (method url-fetch)
f349d36e 592 (uri (pypi-uri "acme" version))
881006b6
MB		 593 (sha256
594 (base32
7cfcc38f 595 "03fjmg0fgfy7xfn3i8rzn9i0i4amajmijkash84qb8mlphgrxpn0"))))
7890e3ba
LF		 596 (build-system python-build-system)
597 (arguments
6cefd53d 598 `(#:phases
9bee9d87 599 (modify-phases %standard-phases
1fc8476d
MB		 600 (add-after 'build 'build-documentation
601 (lambda _
d4bd2453 602 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 603 (add-after 'install 'install-documentation
50a7963a
LF		 604 (lambda* (#:key outputs #:allow-other-keys)
605 (let* ((out (assoc-ref outputs "out"))
606 (man (string-append out "/share/man/man1"))
607 (info (string-append out "/info")))
1fc8476d
MB		 608 (install-file "docs/_build/texinfo/acme-python.info" info)
609 (install-file "docs/_build/man/acme-python.1" man)
610 #t))))))
50a7963a 611 ;; TODO: Add optional inputs for testing.
7890e3ba 612 (native-inputs
4ae65558 613 `(("python-mock" ,python-mock)
b494bbe4 614 ("python-pytest" ,python-pytest)
50a7963a
LF		 615 ;; For documentation
616 ("python-sphinx" ,python-sphinx)
617 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
618 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 619 ("texinfo" ,texinfo)))
7890e3ba 620 (propagated-inputs
92572184
LF		 621 `(("python-josepy" ,python-josepy)
622 ("python-six" ,python-six)
6cefd53d 623 ("python-requests" ,python-requests)
b494bbe4 624 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 625 ("python-pytz" ,python-pytz)
626 ("python-pyrfc3339" ,python-pyrfc3339)
627 ("python-pyasn1" ,python-pyasn1)
628 ("python-cryptography" ,python-cryptography)
629 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 630 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 631 (synopsis "ACME protocol implementation in Python")
632 (description "ACME protocol implementation in Python")
633 (license license:asl2.0)))
634
9495cf9a 635(define-public certbot
9fd0838b 636 (package
9495cf9a 637 (name "certbot")
686d4259
LF		 638 ;; Certbot and python-acme are developed in the same repository, and their
639 ;; versions should remain synchronized.
640 (version (package-version python-acme))
9fd0838b
DT		 641 (source (origin
642 (method url-fetch)
b380463b 643 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 644 (sha256
645 (base32
7cfcc38f 646 "1n5i0k6kwmd6wvivshfl3k4djwcpwx390c39xmr2hhrgpk5r285w"))))
9fd0838b
DT		 647 (build-system python-build-system)
648 (arguments
fed1898d 649 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 650 ((#:phases phases)
651 `(modify-phases ,phases
1fc8476d 652 (replace 'install-documentation
f26d6e4e
LF		 653 (lambda* (#:key outputs #:allow-other-keys)
654 (let* ((out (assoc-ref outputs "out"))
655 (man1 (string-append out "/share/man/man1"))
656 (man7 (string-append out "/share/man/man7"))
657 (info (string-append out "/info")))
1fc8476d
MB		 658 (install-file "docs/_build/texinfo/Certbot.info" info)
659 (install-file "docs/_build/man/certbot.1" man1)
660 (install-file "docs/_build/man/certbot.7" man7)
661 #t))))))))
f9263d9a 662 ;; TODO: Add optional inputs for testing.
9fd0838b 663 (native-inputs
d05c14df
TGR		 664 `(("python-mock" ,python-mock)
665 ("python-pytest" ,python-pytest)
f9263d9a 666 ;; For documentation
fed1898d
LF		 667 ("python-sphinx" ,python-sphinx)
668 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
669 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
670 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 671 ("texinfo" ,texinfo)))
9fd0838b 672 (propagated-inputs
fed1898d 673 `(("python-acme" ,python-acme)
d05c14df 674 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 675 ("python-zope-interface" ,python-zope-interface)
676 ("python-pyrfc3339" ,python-pyrfc3339)
677 ("python-pyopenssl" ,python-pyopenssl)
678 ("python-configobj" ,python-configobj)
679 ("python-configargparse" ,python-configargparse)
b977d900 680 ("python-distro" ,python-distro)
fed1898d
LF		 681 ("python-zope-component" ,python-zope-component)
682 ("python-parsedatetime" ,python-parsedatetime)
683 ("python-six" ,python-six)
684 ("python-psutil" ,python-psutil)
685 ("python-requests" ,python-requests)
686 ("python-pytz" ,python-pytz)))
d8a1be63 687 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 688 (description "Certbot automatically receives and installs X.509 certificates
689to enable Transport Layer Security (TLS) on servers. It interoperates with the
690Let’s Encrypt certificate authority (CA), which issues browser-trusted
691certificates for free.")
24778368 692 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 693 (license license:asl2.0)))
694
9495cf9a
LF		 695(define-public letsencrypt
696 (package (inherit certbot)
56ab55d1
LF		 697 (name "letsencrypt")
698 (properties `((superseded . ,certbot)))))
9495cf9a 699
cc2b77df
AE		 700(define-public perl-net-ssleay
701 (package
702 (name "perl-net-ssleay")
966e4bea 703 (version "1.88")
cc2b77df
AE		 704 (source (origin
705 (method url-fetch)
c50f15d6 706 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 707 "Net-SSLeay-" version ".tar.gz"))
708 (sha256
709 (base32
966e4bea 710 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 711 (build-system perl-build-system)
712 (inputs `(("openssl" ,openssl)))
713 (arguments
1084ec08
MW		 714 `(#:phases
715 (modify-phases %standard-phases
1084ec08
MW		 716 (add-before
717 'configure 'set-ssl-prefix
718 (lambda* (#:key inputs #:allow-other-keys)
719 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
720 #t)))))
cc2b77df
AE		 721 (synopsis "Perl extension for using OpenSSL")
722 (description
723 "This module offers some high level convenience functions for accessing
724web pages on SSL servers (for symmetry, the same API is offered for accessing
725http servers, too), an sslcat() function for writing your own clients, and
726finally access to the SSL api of the SSLeay/OpenSSL package so you can write
727servers or clients for more complicated applications.")
2f3108ad 728 (license license:perl-license)
9aba9b12 729 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 730
731(define-public perl-crypt-openssl-rsa
732 (package
733 (name "perl-crypt-openssl-rsa")
a9994b27 734 (version "0.31")
4532c0c0
DM		 735 (source
736 (origin
737 (method url-fetch)
738 (uri (string-append
683b8d47 739 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 740 version
741 ".tar.gz"))
742 (sha256
743 (base32
a9994b27 744 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 745 (build-system perl-build-system)
683b8d47
TGR		 746 (native-inputs
747 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 748 (inputs
749 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
750 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
751 ("openssl" ,openssl)))
752 (arguments perl-crypt-arguments)
753 (home-page
9aba9b12 754 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 755 (synopsis
756 "RSA encoding and decoding, using the openSSL libraries")
757 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
758OpenSSL libraries).")
2f3108ad 759 (license license:perl-license)))
adff71ca
DM		 760
761(define perl-crypt-arguments
762 `(#:phases (modify-phases %standard-phases
763 (add-before 'configure 'patch-Makefile.PL
764 (lambda* (#:key inputs #:allow-other-keys)
765 (substitute* "Makefile.PL"
766 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
767 (assoc-ref inputs "openssl")
768 "/lib -lcrypto'],")))
769 #t)))))
770
771(define-public perl-crypt-openssl-bignum
772 (package
773 (name "perl-crypt-openssl-bignum")
7e8aac18 774 (version "0.09")
adff71ca
DM		 775 (source
776 (origin
777 (method url-fetch)
778 (uri (string-append
779 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
780 version
781 ".tar.gz"))
782 (sha256
783 (base32
7e8aac18 784 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 785 (build-system perl-build-system)
786 (inputs `(("openssl" ,openssl)))
787 (arguments perl-crypt-arguments)
788 (home-page
9aba9b12 789 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 790 (synopsis
791 "OpenSSL's multiprecision integer arithmetic in Perl")
792 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
793arithmetic in Perl.")
794 ;; At your option either gpl1+ or the Artistic License
2f3108ad 795 (license license:perl-license)))
cccb4d26 796
c80590f6
TGR		 797(define-public perl-crypt-openssl-guess
798 (package
799 (name "perl-crypt-openssl-guess")
800 (version "0.11")
801 (source
802 (origin
803 (method url-fetch)
804 (uri (string-append
805 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
806 version ".tar.gz"))
807 (sha256
808 (base32
809 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
810 (build-system perl-build-system)
9aba9b12 811 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 812 (synopsis "Guess the OpenSSL include path")
813 (description
814 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
815correct OpenSSL include path. It is intended for use in your
816@file{Makefile.PL}.")
817 (license license:perl-license)))
818
cccb4d26
DM		 819(define-public perl-crypt-openssl-random
820 (package
821 (name "perl-crypt-openssl-random")
fa2d19cc 822 (version "0.15")
cccb4d26
DM		 823 (source
824 (origin
825 (method url-fetch)
826 (uri (string-append
827 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
828 version
829 ".tar.gz"))
830 (sha256
fa2d19cc 831 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 832 (build-system perl-build-system)
b30c23c4
TGR		 833 (native-inputs
834 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
835 (inputs
836 `(("openssl" ,openssl)))
cccb4d26
DM		 837 (arguments perl-crypt-arguments)
838 (home-page
9aba9b12 839 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 840 (synopsis
841 "OpenSSL/LibreSSL pseudo-random number generator access")
842 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
843number generator")
2f3108ad 844 (license license:perl-license)))
0581c273
LF		 845
846(define-public acme-client
847 (package
848 (name "acme-client")
4a6b2a21 849 (version "0.1.16")
0581c273
LF		 850 (source (origin
851 (method url-fetch)
852 (uri (string-append "https://kristaps.bsd.lv/" name "/"
853 "snapshots/" name "-portable-"
854 version ".tgz"))
855 (sha256
856 (base32
4a6b2a21 857 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 858 (build-system gnu-build-system)
859 (arguments
860 '(#:tests? #f ; no test suite
861 #:make-flags
862 (list "CC=gcc"
863 (string-append "PREFIX=" (assoc-ref %outputs "out")))
864 #:phases
865 (modify-phases %standard-phases
7c1a7bf4
LF		 866 (add-after 'unpack 'patch-paths
867 (lambda* (#:key inputs #:allow-other-keys)
868 (let ((pem (string-append (assoc-ref inputs "libressl")
869 "/etc/ssl/cert.pem")))
870 (substitute* "http.c"
871 (("/etc/ssl/cert.pem") pem))
872 #t)))
0581c273 873 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 874 (native-inputs
875 `(("pkg-config" ,pkg-config)))
0581c273
LF		 876 (inputs
877 `(("libbsd" ,libbsd)
878 ("libressl" ,libressl)))
879 (synopsis "Let's Encrypt client by the OpenBSD project")
880 (description "acme-client is a Let's Encrypt client implemented in C. It
881uses a modular design, and attempts to secure itself by dropping privileges and
882operating in a chroot where possible. acme-client is developed on OpenBSD and
883then ported to the GNU / Linux environment.")
884 (home-page "https://kristaps.bsd.lv/acme-client/")
885 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
886 ;; and 'jsmn.c' are distributed under the Expat license.
887 (license (list license:isc license:expat))))
88522738 888
889;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
890;; variant exists in addition to the "-apache" one.
891(define-public mbedtls-apache
892 (package
893 (name "mbedtls-apache")
f7bdc0e9 894 (version "2.16.6")
88522738 895 (source
896 (origin
897 (method url-fetch)
898 ;; XXX: The download links on the website are script redirection links
899 ;; which effectively lead to the format listed in the uri here.
900 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
901 version "-apache.tgz"))
902 (sha256
903 (base32
f7bdc0e9 904 "0w0p51vx0cc6fyqfdn59669q6n4187vi64fw5ha302hrlqimwib6"))))
88522738 905 (build-system cmake-build-system)
a64d9d56
RW		 906 (arguments
907 `(#:configure-flags
92ebd8ed
MB		 908 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
909 "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")))
88522738 910 (native-inputs
38a9bf80
TGR		 911 `(("perl" ,perl)
912 ("python" ,python)))
88522738 913 (synopsis "Small TLS library")
914 (description
915 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
916for developers to include cryptographic and SSL/TLS capabilities in their
917(embedded) products, facilitating this functionality with a minimal
918coding footprint.")
919 (home-page "https://tls.mbed.org")
920 (license license:asl2.0)))
587d1752 921
8e87aa04
TGR		 922;; The Hiawatha Web server requires some specific features to be enabled.
923(define-public mbedtls-for-hiawatha
924 (hidden-package
925 (package
926 (inherit mbedtls-apache)
927 (arguments
928 (substitute-keyword-arguments
929 `(#:phases
930 (modify-phases %standard-phases
931 (add-after 'configure 'configure-extra-features
932 (lambda _
933 (for-each (lambda (feature)
934 (invoke "scripts/config.pl" "set" feature))
935 (list "MBEDTLS_THREADING_C"
936 "MBEDTLS_THREADING_PTHREAD"))
937 #t)))
938 ,@(package-arguments mbedtls-apache)))))))
939
e8b3a158
CL		 940(define-public dehydrated
941 (package
942 (name "dehydrated")
2359e235 943 (version "0.6.5")
e8b3a158 944 (source (origin
2850d877 945 (method url-fetch)
e8b3a158 946 (uri (string-append
bb5ab9bf 947 "https://github.com/dehydrated-io/dehydrated/releases/download/"
2850d877 948 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 949 (sha256
950 (base32
2359e235 951 "0dgskgbdd95p13jx6s13p77y15wngb5cm6p4305cf2s54w0bvahh"))))
e8b3a158
CL		 952 (build-system trivial-build-system)
953 (arguments
c150d637
TGR		 954 `(#:modules ((guix build utils)
955 (srfi srfi-26))
e8b3a158
CL		 956 #:builder
957 (begin
c150d637
TGR		 958 (use-modules (guix build utils)
959 (srfi srfi-26))
e8b3a158 960 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 961 (tar (assoc-ref %build-inputs "tar"))
962 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 963 (out (assoc-ref %outputs "out"))
964 (bin (string-append out "/bin"))
c150d637
TGR		 965 (doc (string-append out "/share/doc/" ,name "-" ,version))
966 (man (string-append out "/share/man"))
e8b3a158 967 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 968
969 (setenv "PATH" (string-append gz "/bin"))
970 (invoke (string-append tar "/bin/tar") "xvf" source)
971 (chdir (string-append ,name "-" ,version))
972
c150d637
TGR		 973 (copy-recursively "docs" doc)
974 (install-file "LICENSE" doc)
975
976 (mkdir-p man)
977 (rename-file (string-append doc "/man")
978 (string-append man "/man1"))
979 (for-each (cut invoke "gzip" "-9" <>)
980 (find-files man ".*"))
981
2850d877 982 (install-file "dehydrated" bin)
e8b3a158 983 (with-directory-excursion bin
e8b3a158
CL		 984 (patch-shebang "dehydrated" (list bash))
985
c150d637 986 ;; Do not try to write to the store.
e8b3a158
CL		 987 (substitute* "dehydrated"
988 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
989
990 (setenv "PATH" bash)
991 (wrap-program "dehydrated"
992 `("PATH" ":" prefix
993 ,(map (lambda (dir)
994 (string-append dir "/bin"))
995 (map (lambda (input)
996 (assoc-ref %build-inputs input))
997 '("coreutils"
998 "curl"
999 "diffutils"
1000 "gawk"
1001 "grep"
1002 "openssl"
1003 "sed"))))))
1004 #t))))
1005 (inputs
1006 `(("bash" ,bash)
1007 ("coreutils" ,coreutils)
1008 ("curl" ,curl)
1009 ("diffutils" ,diffutils)
1010 ("gawk" ,gawk)
1011 ("grep" ,grep)
1012 ("openssl" ,openssl)
1013 ("sed" ,sed)))
2850d877
EF		 1014 (native-inputs
1015 `(("gzip" ,gzip)
1016 ("tar" ,tar)))
e8b3a158
CL		 1017 (home-page "https://dehydrated.io/")
1018 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
1019 (description "Dehydrated is a client for signing certificates with an
1020ACME-server (currently only provided by Let's Encrypt) implemented as a
1021relatively simple Bash script.")
1022 (license license:expat)))
ea22aa1f
LF		 1023
1024(define-public go-github-com-certifi-gocertifi
db388401
LF		 1025 (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec")
1026 (revision "1"))
1027 (package
1028 (name "go-github-com-certifi-gocertifi")
1029 (version (git-version "2018.01.18" revision commit))
1030 (source (origin
1031 (method git-fetch)
1032 (uri (git-reference
1033 (url "https://github.com/certifi/gocertifi")
1034 (commit commit)))
1035 (file-name (git-file-name name version))
1036 (sha256
1037 (base32
1038 "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj"))))
1039 (build-system go-build-system)
1040 (arguments
1041 '(#:import-path "github.com/certifi/gocertifi"))
1042 (synopsis "X.509 TLS root certificate bundle for Go")
1043 (description "This package is a Go language X.509 TLS root certificate bundle,
ea22aa1f 1044derived from Mozilla's collection.")
db388401
LF		 1045 (home-page "https://certifi.io")
1046 (license license:mpl2.0))))
jackhill's copy of GNU Guix: https://guix.gnu.org/