[jackhill/guix/guix.git] / gnu / packages / tls.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages tls)
  #:use-module ((guix licenses) #:select (lgpl2.0+ lgpl2.1+ bsd-3))
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix utils)
  #:use-module (guix build-system gnu)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages)
  #:use-module (gnu packages guile)
  #:use-module (gnu packages libffi)
  #:use-module (gnu packages libidn)
  #:use-module (gnu packages nettle)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages base))

(define-public libtasn1
  (package
    (name "libtasn1")
    (version "4.5")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
                          version ".tar.gz"))
      (sha256
       (base32
        "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9"))))
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)

                     ;; XXX: For some reason, libtasn1.info wants to be
                     ;; rebuilt, so we must provide 'makeinfo'.
                     ("texinfo" ,texinfo)))
    (home-page "http://www.gnu.org/software/libtasn1/")
    (synopsis "ASN.1 library")
    (description
     "GNU libtasn1 is a library implementing the ASN.1 notation.  It is used
for transmitting machine-neutral encodings of data objects in computer
networking, allowing for formal validation of data according to some
specifications.")
    (license lgpl2.0+)))

(define-public p11-kit
  (package
    (name "p11-kit")
    (version "0.23.1")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-"
                          version ".tar.gz"))
      (sha256
       (base32
        "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
      (modules '((guix build utils))) ; for substitute*
      (snippet
        '(begin
           ;; Drop one test that fails, also when trying to compile manually.
           ;; Reported upstream at
           ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
           (substitute* "Makefile.in"
             (("test-module\\$\\(EXEEXT\\) ") ""))))))
    (build-system gnu-build-system)
    (native-inputs
     `(("pkg-config" ,pkg-config)))
    (inputs
     `(("libffi" ,libffi)
       ("libtasn1" ,libtasn1)))
    (arguments
     `(#:configure-flags '("--without-trust-paths")))
    (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
    (synopsis "PKCS#11 library")
    (description
     "p11-kit provides a way to load and enumerate PKCS#11 modules.  It
provides a standard configuration setup for installing PKCS#11 modules
in such a way that they are discoverable.  It also solves problems with
coordinating the use of PKCS#11 by different components or libraries
living in the same process.")
    (license bsd-3)))

(define-public gnutls
  (package
    (name "gnutls")
    (version "3.4.1")
    (source (origin
             (method url-fetch)
             (uri
              ;; Note: Releases are no longer on ftp.gnu.org since the
              ;; schism (after version 3.1.5).
              (string-append "mirror://gnupg/gnutls/v"
                             (version-major+minor version)
                             "/gnutls-" version ".tar.xz"))
             (sha256
              (base32
               "0bmih0zyiplr4v8798w0v9g3215zmganq18n8935cizkxj5zbdg9"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags
       (list (string-append "--with-guile-site-dir="
                            (assoc-ref %outputs "out")
                            "/share/guile/site/2.0")
             ;; GnuTLS doesn't consult any environment variables to specify
             ;; the location of the system-wide trust store.  Instead it has a
             ;; configure-time option.  Unless specified, its configure script
             ;; attempts to auto-detect the location by looking for common
             ;; places in the filesystem, none of which are present in our
             ;; chroot build environment.  If not found, then no default trust
             ;; store is used, so each program has to provide its own
             ;; fallback, and users have to configure each program
             ;; independently.  This seems suboptimal.
             "--with-default-trust-store-dir=/etc/ssl/certs"

             ;; FIXME: Temporarily disable p11-kit support since it is not
             ;; working on mips64el.
             "--without-p11-kit")

       #:phases (modify-phases %standard-phases
                  (add-after
                   'install 'move-doc
                   (lambda* (#:key outputs #:allow-other-keys)
                     ;; Copy the 4.1 MiB of section 3 man pages to "doc".
                     (let* ((out    (assoc-ref outputs "out"))
                            (doc    (assoc-ref outputs "doc"))
                            (mandir (string-append doc "/share/man"))
                            (oldman (string-append out "/share/man/man3")))
                       (mkdir-p mandir)
                       (copy-recursively oldman mandir)
                       (delete-file-recursively oldman)
                       #t))))))
    (outputs '("out"                              ;4.4 MiB
               "debug"
               "doc"))                            ;4.1 MiB of man pages
    (native-inputs
     `(("pkg-config" ,pkg-config)
       ("which" ,which)))
    (inputs
     `(("guile" ,guile-2.0)
       ("perl" ,perl)))
    (propagated-inputs
     ;; These are all in the 'Requires.private' field of gnutls.pc.
     `(("libtasn1" ,libtasn1)
       ("libidn" ,libidn)
       ("nettle" ,nettle)
       ("zlib" ,zlib)))
    (home-page "http://www.gnu.org/software/gnutls/")
    (synopsis "Transport layer security library")
    (description
     "GnuTLS is a secure communications library implementing the SSL, TLS
and DTLS protocols.  It is provided in the form of a C library to support the
protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
required structures.")
    (license lgpl2.1+)))
Commit	Line	Data
233e7676	1	;;; GNU Guix --- Functional package management for GNU
ce0614dd	2	;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
d585f244	3	;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
29a7c98a	4	;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
e8419d6c	5	;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
7543f865	6	;;;
233e7676	7	;;; This file is part of GNU Guix.
7543f865	8	;;;
233e7676	9	;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865 LC	10	;;; under the terms of the GNU General Public License as published by
	11	;;; the Free Software Foundation; either version 3 of the License, or (at
	12	;;; your option) any later version.
	13	;;;
233e7676	14	;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865 LC	15	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	16	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	;;; GNU General Public License for more details.
	18	;;;
	19	;;; You should have received a copy of the GNU General Public License
233e7676	20	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865	21
a7fd7b68	22	(define-module (gnu packages tls)
f61e0e79	23	#:use-module ((guix licenses) #:select (lgpl2.0+ lgpl2.1+ bsd-3))
7543f865 LC	24	#:use-module (guix packages)
7543f865 LC	25	#:use-module (guix download)
29a7c98a	26	#:use-module (guix utils)
7543f865	27	#:use-module (guix build-system gnu)
f61e0e79	28	#:use-module (gnu packages compression)
013ce67b	29	#:use-module (gnu packages)
1ffa7090	30	#:use-module (gnu packages guile)
27e86bed	31	#:use-module (gnu packages libffi)
866f469e	32	#:use-module (gnu packages libidn)
27e86bed	33	#:use-module (gnu packages nettle)
1ffa7090	34	#:use-module (gnu packages perl)
27e86bed	35	#:use-module (gnu packages pkg-config)
a31f4d35	36	#:use-module (gnu packages texinfo)
ce0614dd	37	#:use-module (gnu packages base))
7543f865 LC	38
	39	(define-public libtasn1
	40	(package
	41	(name "libtasn1")
b8949a2f	42	(version "4.5")
7543f865 LC	43	(source
	44	(origin
	45	(method url-fetch)
	46	(uri (string-append "mirror://gnu/libtasn1/libtasn1-"
	47	version ".tar.gz"))
	48	(sha256
	49	(base32
b8949a2f	50	"1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9"))))
7543f865	51	(build-system gnu-build-system)
a31f4d35 LC	52	(native-inputs `(("perl" ,perl)
	53
	54	;; XXX: For some reason, libtasn1.info wants to be
	55	;; rebuilt, so we must provide 'makeinfo'.
	56	("texinfo" ,texinfo)))
7543f865	57	(home-page "http://www.gnu.org/software/libtasn1/")
f50d2669	58	(synopsis "ASN.1 library")
7543f865	59	(description
79c311b8 LC	60	"GNU libtasn1 is a library implementing the ASN.1 notation. It is used
79c311b8 LC	61	for transmitting machine-neutral encodings of data objects in computer
a22dc0c4 LC	62	networking, allowing for formal validation of data according to some
a22dc0c4 LC	63	specifications.")
4a44e743	64	(license lgpl2.0+)))
7543f865	65
27e86bed AE	66	(define-public p11-kit
	67	(package
	68	(name "p11-kit")
14fe9488	69	(version "0.23.1")
27e86bed AE	70	(source
	71	(origin
	72	(method url-fetch)
	73	(uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-"
	74	version ".tar.gz"))
	75	(sha256
	76	(base32
14fe9488	77	"1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
27e86bed AE	78	(modules '((guix build utils))) ; for substitute*
	79	(snippet
	80	'(begin
	81	;; Drop one test that fails, also when trying to compile manually.
	82	;; Reported upstream at
	83	;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
	84	(substitute* "Makefile.in"
	85	(("test-module\\$\\(EXEEXT\\) ") ""))))))
	86	(build-system gnu-build-system)
	87	(native-inputs
	88	`(("pkg-config" ,pkg-config)))
	89	(inputs
	90	`(("libffi" ,libffi)
	91	("libtasn1" ,libtasn1)))
	92	(arguments
	93	`(#:configure-flags '("--without-trust-paths")))
	94	(home-page "http://p11-glue.freedesktop.org/p11-kit.html")
	95	(synopsis "PKCS#11 library")
	96	(description
	97	"p11-kit provides a way to load and enumerate PKCS#11 modules. It
	98	provides a standard configuration setup for installing PKCS#11 modules
	99	in such a way that they are discoverable. It also solves problems with
	100	coordinating the use of PKCS#11 by different components or libraries
	101	living in the same process.")
	102	(license bsd-3)))
	103
7543f865 LC	104	(define-public gnutls
	105	(package
	106	(name "gnutls")
936715c9	107	(version "3.4.1")
d7d408d5 LC	108	(source (origin
	109	(method url-fetch)
	110	(uri
	111	;; Note: Releases are no longer on ftp.gnu.org since the
	112	;; schism (after version 3.1.5).
d93627e4	113	(string-append "mirror://gnupg/gnutls/v"
29a7c98a	114	(version-major+minor version)
d93627e4	115	"/gnutls-" version ".tar.xz"))
d7d408d5 LC	116	(sha256
d7d408d5 LC	117	(base32
936715c9	118	"0bmih0zyiplr4v8798w0v9g3215zmganq18n8935cizkxj5zbdg9"))))
7543f865	119	(build-system gnu-build-system)
b94ae0b8 AK	120	(arguments
	121	'(#:configure-flags
	122	(list (string-append "--with-guile-site-dir="
	123	(assoc-ref %outputs "out")
aa7c7f21 MW	124	"/share/guile/site/2.0")
	125	;; GnuTLS doesn't consult any environment variables to specify
	126	;; the location of the system-wide trust store. Instead it has a
	127	;; configure-time option. Unless specified, its configure script
	128	;; attempts to auto-detect the location by looking for common
	129	;; places in the filesystem, none of which are present in our
	130	;; chroot build environment. If not found, then no default trust
	131	;; store is used, so each program has to provide its own
	132	;; fallback, and users have to configure each program
	133	;; independently. This seems suboptimal.
866f469e MW	134	"--with-default-trust-store-dir=/etc/ssl/certs"
	135
	136	;; FIXME: Temporarily disable p11-kit support since it is not
	137	;; working on mips64el.
606c6380 LC	138	"--without-p11-kit")
	139
	140	#:phases (modify-phases %standard-phases
	141	(add-after
	142	'install 'move-doc
	143	(lambda* (#:key outputs #:allow-other-keys)
	144	;; Copy the 4.1 MiB of section 3 man pages to "doc".
	145	(let* ((out (assoc-ref outputs "out"))
	146	(doc (assoc-ref outputs "doc"))
	147	(mandir (string-append doc "/share/man"))
	148	(oldman (string-append out "/share/man/man3")))
	149	(mkdir-p mandir)
	150	(copy-recursively oldman mandir)
	151	(delete-file-recursively oldman)
	152	#t))))))
	153	(outputs '("out" ;4.4 MiB
	154	"debug"
	155	"doc")) ;4.1 MiB of man pages
a1db0975	156	(native-inputs
d2fcfd3d SB	157	`(("pkg-config" ,pkg-config)
d2fcfd3d SB	158	("which" ,which)))
7543f865 LC	159	(inputs
7543f865 LC	160	`(("guile" ,guile-2.0)
0cb9b456	161	("perl" ,perl)))
7543f865	162	(propagated-inputs
d2fcfd3d	163	;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865	164	`(("libtasn1" ,libtasn1)
866f469e MW	165	("libidn" ,libidn)
866f469e MW	166	("nettle" ,nettle)
f61e0e79	167	("zlib" ,zlib)))
7543f865	168	(home-page "http://www.gnu.org/software/gnutls/")
f50d2669	169	(synopsis "Transport layer security library")
7543f865	170	(description
a22dc0c4	171	"GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8	172	and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4 LC	173	protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
a22dc0c4 LC	174	required structures.")
4a44e743	175	(license lgpl2.1+)))