HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: openntpd: Update to 6.1p1.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
3c0f7910 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
80cc3a0a 3;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
df0625ab 7;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
2ed12d3f 8;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
88522738 9;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
88e2511e 11;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
7543f865 12;;;
233e7676 13;;; This file is part of GNU Guix.
7543f865 14;;;
233e7676 15;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 16;;; under the terms of the GNU General Public License as published by
17;;; the Free Software Foundation; either version 3 of the License, or (at
18;;; your option) any later version.
19;;;
233e7676 20;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 21;;; WITHOUT ANY WARRANTY; without even the implied warranty of
22;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23;;; GNU General Public License for more details.
24;;;
25;;; You should have received a copy of the GNU General Public License
233e7676 26;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 27
a7fd7b68 28(define-module (gnu packages tls)
e9aa8d0c 29 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 30 #:use-module (guix packages)
31 #:use-module (guix download)
29a7c98a 32 #:use-module (guix utils)
7543f865 33 #:use-module (guix build-system gnu)
cc2b77df 34 #:use-module (guix build-system perl)
7890e3ba 35 #:use-module (guix build-system python)
88522738 36 #:use-module (guix build-system cmake)
f61e0e79 37 #:use-module (gnu packages compression)
013ce67b 38 #:use-module (gnu packages)
1ffa7090 39 #:use-module (gnu packages guile)
0581c273 40 #:use-module (gnu packages libbsd)
27e86bed 41 #:use-module (gnu packages libffi)
866f469e 42 #:use-module (gnu packages libidn)
5d4c90ae 43 #:use-module (gnu packages linux)
7890e3ba 44 #:use-module (gnu packages ncurses)
27e86bed 45 #:use-module (gnu packages nettle)
1ffa7090 46 #:use-module (gnu packages perl)
27e86bed 47 #:use-module (gnu packages pkg-config)
7890e3ba 48 #:use-module (gnu packages python)
a31f4d35 49 #:use-module (gnu packages texinfo)
079f013b
LC		 50 #:use-module (gnu packages base)
51 #:use-module (srfi srfi-1))
7543f865
LC		 52
53(define-public libtasn1
54 (package
55 (name "libtasn1")
ff51a87c 56 (replacement libtasn1/fixed)
3853bf25 57 (version "4.10")
7543f865
LC		 58 (source
59 (origin
60 (method url-fetch)
61 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
62 version ".tar.gz"))
63 (sha256
64 (base32
3853bf25 65 "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8"))))
7543f865 66 (build-system gnu-build-system)
3ea110b7 67 (native-inputs `(("perl" ,perl)))
6fd52309 68 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 69 (synopsis "ASN.1 library")
7543f865 70 (description
79c311b8
LC		 71 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
72for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 73networking, allowing for formal validation of data according to some
74specifications.")
e9aa8d0c 75 (license license:lgpl2.0+)))
7543f865 76
ff51a87c
LF		 77(define libtasn1/fixed
78 (package
79 (inherit libtasn1)
80 (source
81 (origin
82 (inherit (package-source libtasn1))
83 (patches
84 (search-patches "libtasn1-CVE-2017-6891.patch"))))))
85
375cef6c
HG		 86(define-public asn1c
87 (package
88 (name "asn1c")
ff7da7e0 89 (version "0.9.28")
375cef6c
HG		 90 (source (origin
91 (method url-fetch)
92 (uri (string-append "https://lionet.info/soft/asn1c-"
93 version ".tar.gz"))
94 (sha256
95 (base32
ff7da7e0 96 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 97 (build-system gnu-build-system)
98 (native-inputs
99 `(("perl" ,perl)))
100 (home-page "https://lionet.info/asn1c")
101 (synopsis "ASN.1 to C compiler")
102 (description "The ASN.1 to C compiler takes ASN.1 module
103files and generates C++ compatible C source code. That code can be
104used to serialize the native C structures into compact and unambiguous
105BER/XER/PER-based data files, and deserialize the files back.
106
107Various ASN.1 based formats are widely used in the industry, such as to encode
108the X.509 certificates employed in the HTTPS handshake, to exchange control
109data between mobile phones and cellular networks, to car-to-car communication
110in intelligent transportation networks.")
111 (license license:bsd-2)))
112
27e86bed
AE		 113(define-public p11-kit
114 (package
115 (name "p11-kit")
e6ad9bda 116 (version "0.23.7")
27e86bed
AE		 117 (source
118 (origin
119 (method url-fetch)
e6ad9bda
MB		 120 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
121 "download/" version "/p11-kit-" version ".tar.gz"))
27e86bed
AE		 122 (sha256
123 (base32
e6ad9bda 124 "0hdy4h8byvcvd4av504xqfqyd1h6xy914j034mq3c6v4ya37r3lq"))))
27e86bed
AE		 125 (build-system gnu-build-system)
126 (native-inputs
127 `(("pkg-config" ,pkg-config)))
128 (inputs
129 `(("libffi" ,libffi)
130 ("libtasn1" ,libtasn1)))
131 (arguments
132 `(#:configure-flags '("--without-trust-paths")))
133 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
134 (synopsis "PKCS#11 library")
135 (description
136 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
137provides a standard configuration setup for installing PKCS#11 modules
138in such a way that they are discoverable. It also solves problems with
139coordinating the use of PKCS#11 by different components or libraries
140living in the same process.")
e9aa8d0c 141 (license license:bsd-3)))
27e86bed 142
7543f865
LC		 143(define-public gnutls
144 (package
145 (name "gnutls")
88e2511e 146 (replacement gnutls-3.5.13)
0b866506 147 (version "3.5.9")
d7d408d5
LC		 148 (source (origin
149 (method url-fetch)
150 (uri
151 ;; Note: Releases are no longer on ftp.gnu.org since the
152 ;; schism (after version 3.1.5).
d93627e4 153 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 154 (version-major+minor version)
d93627e4 155 "/gnutls-" version ".tar.xz"))
d7d408d5
LC		 156 (sha256
157 (base32
0b866506 158 "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2"))))
7543f865 159 (build-system gnu-build-system)
b94ae0b8
AK		 160 (arguments
161 '(#:configure-flags
162 (list (string-append "--with-guile-site-dir="
163 (assoc-ref %outputs "out")
aa7c7f21
MW		 164 "/share/guile/site/2.0")
165 ;; GnuTLS doesn't consult any environment variables to specify
166 ;; the location of the system-wide trust store. Instead it has a
167 ;; configure-time option. Unless specified, its configure script
168 ;; attempts to auto-detect the location by looking for common
8f65585b 169 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 170 ;; chroot build environment. If not found, then no default trust
171 ;; store is used, so each program has to provide its own
172 ;; fallback, and users have to configure each program
173 ;; independently. This seems suboptimal.
866f469e
MW		 174 "--with-default-trust-store-dir=/etc/ssl/certs"
175
176 ;; FIXME: Temporarily disable p11-kit support since it is not
177 ;; working on mips64el.
606c6380
LC		 178 "--without-p11-kit")
179
180 #:phases (modify-phases %standard-phases
181 (add-after
182 'install 'move-doc
183 (lambda* (#:key outputs #:allow-other-keys)
184 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
185 (let* ((out (assoc-ref outputs "out"))
186 (doc (assoc-ref outputs "doc"))
9cdce047 187 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 188 (oldman (string-append out "/share/man/man3")))
189 (mkdir-p mandir)
190 (copy-recursively oldman mandir)
191 (delete-file-recursively oldman)
192 #t))))))
193 (outputs '("out" ;4.4 MiB
194 "debug"
195 "doc")) ;4.1 MiB of man pages
a1db0975 196 (native-inputs
5d4c90ae
LF		 197 `(("net-tools" ,net-tools)
198 ("pkg-config" ,pkg-config)
d2fcfd3d 199 ("which" ,which)))
7543f865 200 (inputs
59e0bd71 201 `(("guile" ,guile-2.0)))
7543f865 202 (propagated-inputs
d2fcfd3d 203 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 204 `(("libtasn1" ,libtasn1)
55e61c4d 205 ("libidn2" ,libidn2)
866f469e 206 ("nettle" ,nettle)
f61e0e79 207 ("zlib" ,zlib)))
c19700c3 208 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 209 (synopsis "Transport layer security library")
7543f865 210 (description
a22dc0c4 211 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 212and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 213protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
214required structures.")
63e8bb12
LC		 215 (license license:lgpl2.1+)
216 (properties '((ftp-server . "ftp.gnutls.org")
217 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 218
88e2511e
MB		 219(define gnutls-3.5.13 ;GNUTLS-SA-2017-{3,4}
220 (package
221 (inherit gnutls)
222 ;; We use 'D' instead of '13' here to keep the store file name at
223 ;; the same length. See <https://bugs.gnu.org/27308>.
224 (version "3.5.D")
88e2511e
MB		 225 (source (origin
226 (method url-fetch)
227 (uri
228 (string-append "mirror://gnupg/gnutls/v"
229 (version-major+minor version)
230 "/gnutls-3.5.13.tar.xz"))
231 (patches
232 (search-patches "gnutls-skip-trust-store-test.patch"
233 "gnutls-skip-pkgconfig-test.patch"))
234 (sha256
235 (base32
236 "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))))
237
079f013b
LC		 238(define-public gnutls/guile-2.2
239 ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5.
240 (package
58ea4d40 241 (inherit gnutls)
88e2511e 242 (source (package-source gnutls-3.5.13))
079f013b
LC		 243 (name "guile2.2-gnutls")
244 (arguments
245 ;; Remove '--with-guile-site-dir=…/2.0'.
58ea4d40 246 (substitute-keyword-arguments (package-arguments gnutls)
079f013b
LC		 247 ((#:configure-flags flags)
248 `(cdr ,flags))))
f6396d86 249 (inputs `(("guile" ,guile-2.2)
58ea4d40 250 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 251
cc2b77df
AE		 252(define-public openssl
253 (package
254 (name "openssl")
4c145d21 255 (version "1.0.2k")
cc2b77df 256 (source (origin
4cff124b
LC		 257 (method url-fetch)
258 (uri (list (string-append "ftp://ftp.openssl.org/source/"
259 name "-" version ".tar.gz")
260 (string-append "ftp://ftp.openssl.org/source/old/"
261 (string-trim-right version char-set:letter)
262 "/" name "-" version ".tar.gz")))
263 (sha256
264 (base32
4c145d21 265 "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
fc1adab1 266 (patches (search-patches "openssl-runpath.patch"
1d8de185 267 "openssl-c-rehash-in.patch"))))
cc2b77df 268 (build-system gnu-build-system)
8c78aeb7 269 (outputs '("out"
a909b576 270 "doc" ;1.5MiB of man3 pages
8c78aeb7 271 "static")) ;6MiB of .a files
cc2b77df
AE		 272 (native-inputs `(("perl" ,perl)))
273 (arguments
d03781c3
LC		 274 `(#:disallowed-references (,perl)
275 #:parallel-build? #f
cc2b77df
AE		 276 #:parallel-tests? #f
277 #:test-target "test"
8c9ec203
LF		 278
279 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
280 ;; so we explicitly disallow it here.
281 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 282 #:phases
b6cb1358 283 (modify-phases %standard-phases
4fb254a3 284 (add-before
86c8f1da 285 'configure 'patch-Makefile.org
4fb254a3
LC		 286 (lambda* (#:key outputs #:allow-other-keys)
287 ;; The default MANDIR is some unusual place. Fix that.
288 (let ((out (assoc-ref outputs "out")))
86c8f1da 289 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 290 (substitute* "Makefile.org"
291 (("^MANDIR[[:blank:]]*=.*$")
292 (string-append "MANDIR = " out "/share/man\n")))
293 #t)))
b6cb1358
LC		 294 (replace
295 'configure
296 (lambda* (#:key outputs #:allow-other-keys)
297 (let ((out (assoc-ref outputs "out")))
298 (zero?
299 (system* "./config"
300 "shared" ;build shared libraries
301 "--libdir=lib"
4fb254a3
LC		 302
303 ;; The default for this catch-all directory is
304 ;; PREFIX/ssl. Change that to something more
305 ;; conventional.
306 (string-append "--openssldir=" out
307 "/share/openssl-" ,version)
308
b6cb1358
LC		 309 (string-append "--prefix=" out)
310
311 ;; XXX FIXME: Work around a code generation bug in GCC
312 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
313 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
314 ,@(if (and (not (%current-target-system))
315 (string-prefix? "armhf" (%current-system)))
316 '("-mfpu=vfpv3")
317 '()))))))
fe8199a8
LC		 318 (add-after
319 'install 'make-libraries-writable
320 (lambda* (#:key outputs #:allow-other-keys)
321 ;; Make libraries writable so that 'strip' does its job.
322 (let ((out (assoc-ref outputs "out")))
323 (for-each (lambda (file)
324 (chmod file #o644))
325 (find-files (string-append out "/lib")
326 "\\.so"))
327 #t)))
8c78aeb7
LC		 328 (add-after 'install 'move-static-libraries
329 (lambda* (#:key outputs #:allow-other-keys)
330 ;; Move static libraries to the "static" output.
331 (let* ((out (assoc-ref outputs "out"))
332 (lib (string-append out "/lib"))
333 (static (assoc-ref outputs "static"))
334 (slib (string-append static "/lib")))
8c78aeb7
LC		 335 (for-each (lambda (file)
336 (install-file file slib)
337 (delete-file file))
338 (find-files lib "\\.a$"))
339 #t)))
a909b576
LC		 340 (add-after 'install 'move-man3-pages
341 (lambda* (#:key outputs #:allow-other-keys)
342 ;; Move section 3 man pages to "doc".
343 (let* ((out (assoc-ref outputs "out"))
344 (man3 (string-append out "/share/man/man3"))
345 (doc (assoc-ref outputs "doc"))
346 (target (string-append doc "/share/man/man3")))
347 (mkdir-p target)
348 (for-each (lambda (file)
349 (rename-file file
350 (string-append target "/"
351 (basename file))))
352 (find-files man3))
5c838ec9 353 (delete-file-recursively man3)
a909b576 354 #t)))
b6cb1358
LC		 355 (add-before
356 'patch-source-shebangs 'patch-tests
357 (lambda* (#:key inputs native-inputs #:allow-other-keys)
358 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
359 (substitute* (find-files "test" ".*")
360 (("/bin/sh")
08a78c2f 361 (string-append bash "/bin/sh"))
b6cb1358 362 (("/bin/rm")
86c8f1da
MW		 363 "rm"))
364 #t)))
784d6e91
LC		 365 (add-after
366 'install 'remove-miscellany
367 (lambda* (#:key outputs #:allow-other-keys)
368 ;; The 'misc' directory contains random undocumented shell and Perl
369 ;; scripts. Remove them to avoid retaining a reference on Perl.
370 (let ((out (assoc-ref outputs "out")))
371 (delete-file-recursively (string-append out "/share/openssl-"
372 ,version "/misc"))
373 #t))))))
cc2b77df
AE		 374 (native-search-paths
375 ;; FIXME: These two variables must designate a single file or directory
376 ;; and are not actually "search paths." In practice it works OK in user
377 ;; profiles because there's always just one item that matches the
378 ;; specification.
379 (list (search-path-specification
380 (variable "SSL_CERT_DIR")
381 (files '("etc/ssl/certs")))
382 (search-path-specification
383 (variable "SSL_CERT_FILE")
384 (files '("etc/ssl/certs/ca-certificates.crt")))))
385 (synopsis "SSL/TLS implementation")
386 (description
e881752c 387 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 388 (license license:openssl)
cc2b77df
AE		 389 (home-page "http://www.openssl.org/")))
390
763899f0
LF		 391(define-public openssl-next
392 (package
393 (inherit openssl)
394 (name "openssl")
fc3a0416 395 (version "1.1.0f")
763899f0
LF		 396 (source (origin
397 (method url-fetch)
398 (uri (list (string-append "ftp://ftp.openssl.org/source/"
399 name "-" version ".tar.gz")
400 (string-append "ftp://ftp.openssl.org/source/old/"
401 (string-trim-right version char-set:letter)
402 "/" name "-" version ".tar.gz")))
403 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
404 (sha256
405 (base32
fc3a0416 406 "0r97n4n552ns571diz54qsgarihrxvbn7kvyv8wjyfs9ybrldxqj"))))
763899f0
LF		 407 (outputs '("out"
408 "doc" ;1.3MiB of man3 pages
409 "static")) ; 5.5MiB of .a files
410 (arguments
411 (substitute-keyword-arguments (package-arguments openssl)
412 ((#:phases phases)
413 `(modify-phases ,phases
414 (delete 'patch-tests) ; These two phases are not needed by
415 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
416
fc184fe2
MB		 417 ;; Override configure phase since -rpath is now a configure option.
418 (replace 'configure
763899f0 419 (lambda* (#:key outputs #:allow-other-keys)
fc184fe2
MB		 420 (let* ((out (assoc-ref outputs "out"))
421 (lib (string-append out "/lib")))
422 (zero?
423 (system* "./config"
424 "shared" ;build shared libraries
425 "--libdir=lib"
426
427 ;; The default for this catch-all directory is
428 ;; PREFIX/ssl. Change that to something more
429 ;; conventional.
430 (string-append "--openssldir=" out
431 "/share/openssl-" ,version)
432
433 (string-append "--prefix=" out)
434 (string-append "-Wl,-rpath," lib)
435
436 ;; XXX FIXME: Work around a code generation bug in GCC
437 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
438 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
439 ,@(if (and (not (%current-target-system))
440 (string-prefix? "armhf" (%current-system)))
441 '("-mfpu=vfpv3")
442 '()))))))
443
444 ;; XXX: Duplicate this phase to make sure 'version' evaluates
445 ;; in the current scope and not the inherited one.
446 (replace 'remove-miscellany
447 (lambda* (#:key outputs #:allow-other-keys)
448 ;; The 'misc' directory contains random undocumented shell and Perl
449 ;; scripts. Remove them to avoid retaining a reference on Perl.
450 (let ((out (assoc-ref outputs "out")))
451 (delete-file-recursively (string-append out "/share/openssl-"
452 ,version "/misc"))
763899f0
LF		 453 #t)))))))))
454
cb6a802c
AE		 455(define-public libressl
456 (package
457 (name "libressl")
1d919d32 458 (version "2.5.5")
cb6a802c
AE		 459 (source
460 (origin
461 (method url-fetch)
462 (uri (string-append
1d919d32 463 "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
cb6a802c 464 version ".tar.gz"))
1a957c21
LF		 465 (sha256
466 (base32
1d919d32 467 "1i77viqy1afvbr392npk9v54k9zhr9zq2vhv6pliza22b0ymwzz5"))))
cb6a802c 468 (build-system gnu-build-system)
a2d64899
LC		 469 (arguments
470 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
471 ;; and libc would return ENOSYS, which is not properly handled.
472 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 473 '(#:configure-flags '("ac_cv_func_getentropy=no"
474 ;; Provide a TLS-enabled netcat.
475 "--enable-nc")))
cb6a802c
AE		 476 (native-search-paths
477 ;; FIXME: These two variables must designate a single file or directory
478 ;; and are not actually "search paths." In practice it works OK in
479 ;; user profiles because there's always just one item that matches the
480 ;; specification.
481 (list (search-path-specification
482 (variable "SSL_CERT_DIR")
483 (files '("etc/ssl/certs")))
484 (search-path-specification
485 (variable "SSL_CERT_FILE")
486 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 487 (home-page "https://www.libressl.org/")
cb6a802c 488 (synopsis "SSL/TLS implementation")
df08f385
LF		 489 (description "LibreSSL is a version of the TLS/crypto stack, forked from
490OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
491and applying best practice development processes. This package also includes a
492netcat implementation that supports TLS.")
cb6a802c
AE		 493 ;; Files taken from OpenSSL keep their license, others are under various
494 ;; non-copyleft licenses.
495 (license (list license:openssl
496 (license:non-copyleft
497 "file://COPYING"
498 "See COPYING in the distribution.")))))
499
6cefd53d 500(define-public python-acme
7890e3ba 501 (package
6cefd53d 502 (name "python-acme")
686d4259 503 ;; Remember to update the hash of certbot when updating python-acme.
a08a9b8c 504 (version "0.16.0")
7890e3ba 505 (source (origin
9495cf9a 506 (method url-fetch)
f349d36e 507 (uri (pypi-uri "acme" version))
7890e3ba 508 (sha256
df0625ab 509 (base32
a08a9b8c 510 "1kg9bnwywsr18hgvqyhxqqi90l2qa7449f41q3fdq2y59h9nk2sk"))))
7890e3ba
LF		 511 (build-system python-build-system)
512 (arguments
6cefd53d 513 `(#:phases
9bee9d87 514 (modify-phases %standard-phases
1fc8476d
MB		 515 (add-after 'build 'build-documentation
516 (lambda _
517 (zero? (system* "make" "-C" "docs" "man" "info"))))
518 (add-after 'install 'install-documentation
50a7963a
LF		 519 (lambda* (#:key outputs #:allow-other-keys)
520 (let* ((out (assoc-ref outputs "out"))
521 (man (string-append out "/share/man/man1"))
522 (info (string-append out "/info")))
1fc8476d
MB		 523 (install-file "docs/_build/texinfo/acme-python.info" info)
524 (install-file "docs/_build/man/acme-python.1" man)
525 #t))))))
50a7963a 526 ;; TODO: Add optional inputs for testing.
7890e3ba 527 (native-inputs
fed1898d 528 `(("python-mock" ,python-mock-2)
50a7963a
LF		 529 ;; For documentation
530 ("python-sphinx" ,python-sphinx)
531 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
532 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 533 ("texinfo" ,texinfo)))
7890e3ba 534 (propagated-inputs
57fe07db 535 `(("python-six" ,python-six)
6cefd53d
LF		 536 ("python-requests" ,python-requests)
537 ("python-pytz" ,python-pytz)
538 ("python-pyrfc3339" ,python-pyrfc3339)
539 ("python-pyasn1" ,python-pyasn1)
540 ("python-cryptography" ,python-cryptography)
541 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 542 (home-page "https://github.com/letsencrypt/letsencrypt")
543 (synopsis "ACME protocol implementation in Python")
544 (description "ACME protocol implementation in Python")
545 (license license:asl2.0)))
546
6cefd53d
LF		 547(define-public python2-acme
548 (package-with-python2 python-acme))
549
9495cf9a 550(define-public certbot
9fd0838b 551 (package
9495cf9a 552 (name "certbot")
686d4259
LF		 553 ;; Certbot and python-acme are developed in the same repository, and their
554 ;; versions should remain synchronized.
555 (version (package-version python-acme))
9fd0838b
DT		 556 (source (origin
557 (method url-fetch)
f349d36e 558 (uri (pypi-uri name version))
9fd0838b
DT		 559 (sha256
560 (base32
a08a9b8c 561 "11p1vsps5rbpha3k5jnmf9i6rcp6299h9b34wdh21cq6dgyh2n3r"))))
9fd0838b
DT		 562 (build-system python-build-system)
563 (arguments
fed1898d 564 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 565 ((#:phases phases)
566 `(modify-phases ,phases
1fc8476d 567 (replace 'install-documentation
f26d6e4e
LF		 568 (lambda* (#:key outputs #:allow-other-keys)
569 (let* ((out (assoc-ref outputs "out"))
570 (man1 (string-append out "/share/man/man1"))
571 (man7 (string-append out "/share/man/man7"))
572 (info (string-append out "/info")))
1fc8476d
MB		 573 (install-file "docs/_build/texinfo/Certbot.info" info)
574 (install-file "docs/_build/man/certbot.1" man1)
575 (install-file "docs/_build/man/certbot.7" man7)
576 #t))))))))
f9263d9a 577 ;; TODO: Add optional inputs for testing.
9fd0838b 578 (native-inputs
fed1898d
LF		 579 `(("python-nose" ,python-nose)
580 ("python-mock" ,python-mock-2)
f9263d9a 581 ;; For documentation
fed1898d
LF		 582 ("python-sphinx" ,python-sphinx)
583 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
584 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
585 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 586 ("texinfo" ,texinfo)))
9fd0838b 587 (propagated-inputs
fed1898d
LF		 588 `(("python-acme" ,python-acme)
589 ("python-zope-interface" ,python-zope-interface)
590 ("python-pyrfc3339" ,python-pyrfc3339)
591 ("python-pyopenssl" ,python-pyopenssl)
592 ("python-configobj" ,python-configobj)
593 ("python-configargparse" ,python-configargparse)
594 ("python-zope-component" ,python-zope-component)
595 ("python-parsedatetime" ,python-parsedatetime)
596 ("python-six" ,python-six)
597 ("python-psutil" ,python-psutil)
598 ("python-requests" ,python-requests)
599 ("python-pytz" ,python-pytz)))
d8a1be63 600 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 601 (description "Certbot automatically receives and installs X.509 certificates
602to enable Transport Layer Security (TLS) on servers. It interoperates with the
603Let’s Encrypt certificate authority (CA), which issues browser-trusted
604certificates for free.")
24778368 605 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 606 (license license:asl2.0)))
607
9495cf9a
LF		 608(define-public letsencrypt
609 (package (inherit certbot)
56ab55d1
LF		 610 (name "letsencrypt")
611 (properties `((superseded . ,certbot)))))
9495cf9a 612
cc2b77df
AE		 613(define-public perl-net-ssleay
614 (package
615 (name "perl-net-ssleay")
616 (version "1.68")
617 (source (origin
618 (method url-fetch)
619 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
620 "Net-SSLeay-" version ".tar.gz"))
621 (sha256
622 (base32
1084ec08 623 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
cc2b77df 624 (build-system perl-build-system)
1084ec08
MW		 625 (native-inputs
626 `(("patch" ,patch)
627 ("patch/disable-ede-test"
628 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
cc2b77df
AE		 629 (inputs `(("openssl" ,openssl)))
630 (arguments
1084ec08
MW		 631 `(#:phases
632 (modify-phases %standard-phases
633 (add-after
634 'unpack 'apply-patch
635 (lambda* (#:key inputs #:allow-other-keys)
636 ;; XXX We apply this patch here instead of in the 'origin' because
637 ;; this package's build system fails badly when the source file
638 ;; times are zeroed.
639 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
640 (zero? (system* "patch" "--force" "-p1" "-i"
641 (assoc-ref inputs "patch/disable-ede-test")))))
642 (add-before
643 'configure 'set-ssl-prefix
644 (lambda* (#:key inputs #:allow-other-keys)
645 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
646 #t)))))
cc2b77df
AE		 647 (synopsis "Perl extension for using OpenSSL")
648 (description
649 "This module offers some high level convenience functions for accessing
650web pages on SSL servers (for symmetry, the same API is offered for accessing
651http servers, too), an sslcat() function for writing your own clients, and
652finally access to the SSL api of the SSLeay/OpenSSL package so you can write
653servers or clients for more complicated applications.")
2f3108ad 654 (license license:perl-license)
cc2b77df 655 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 656
657(define-public perl-crypt-openssl-rsa
658 (package
659 (name "perl-crypt-openssl-rsa")
660 (version "0.28")
661 (source
662 (origin
663 (method url-fetch)
664 (uri (string-append
665 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
666 version
667 ".tar.gz"))
668 (sha256
669 (base32
670 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
671 (build-system perl-build-system)
672 (inputs
673 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
674 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
675 ("openssl" ,openssl)))
676 (arguments perl-crypt-arguments)
677 (home-page
678 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
679 (synopsis
680 "RSA encoding and decoding, using the openSSL libraries")
681 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
682OpenSSL libraries).")
2f3108ad 683 (license license:perl-license)))
adff71ca
DM		 684
685(define perl-crypt-arguments
686 `(#:phases (modify-phases %standard-phases
687 (add-before 'configure 'patch-Makefile.PL
688 (lambda* (#:key inputs #:allow-other-keys)
689 (substitute* "Makefile.PL"
690 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
691 (assoc-ref inputs "openssl")
692 "/lib -lcrypto'],")))
693 #t)))))
694
695(define-public perl-crypt-openssl-bignum
696 (package
697 (name "perl-crypt-openssl-bignum")
698 (version "0.06")
699 (source
700 (origin
701 (method url-fetch)
702 (uri (string-append
703 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
704 version
705 ".tar.gz"))
706 (sha256
707 (base32
708 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
709 (build-system perl-build-system)
710 (inputs `(("openssl" ,openssl)))
711 (arguments perl-crypt-arguments)
712 (home-page
713 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
714 (synopsis
715 "OpenSSL's multiprecision integer arithmetic in Perl")
716 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
717arithmetic in Perl.")
718 ;; At your option either gpl1+ or the Artistic License
2f3108ad 719 (license license:perl-license)))
cccb4d26
DM		 720
721(define-public perl-crypt-openssl-random
722 (package
723 (name "perl-crypt-openssl-random")
724 (version "0.11")
725 (source
726 (origin
727 (method url-fetch)
728 (uri (string-append
729 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
730 version
731 ".tar.gz"))
732 (sha256
733 (base32
734 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
735 (build-system perl-build-system)
736 (inputs `(("openssl" ,openssl)))
737 (arguments perl-crypt-arguments)
738 (home-page
739 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
740 (synopsis
741 "OpenSSL/LibreSSL pseudo-random number generator access")
742 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
743number generator")
2f3108ad 744 (license license:perl-license)))
0581c273
LF		 745
746(define-public acme-client
747 (package
748 (name "acme-client")
4a6b2a21 749 (version "0.1.16")
0581c273
LF		 750 (source (origin
751 (method url-fetch)
752 (uri (string-append "https://kristaps.bsd.lv/" name "/"
753 "snapshots/" name "-portable-"
754 version ".tgz"))
755 (sha256
756 (base32
4a6b2a21 757 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 758 (build-system gnu-build-system)
759 (arguments
760 '(#:tests? #f ; no test suite
761 #:make-flags
762 (list "CC=gcc"
763 (string-append "PREFIX=" (assoc-ref %outputs "out")))
764 #:phases
765 (modify-phases %standard-phases
7c1a7bf4
LF		 766 (add-after 'unpack 'patch-paths
767 (lambda* (#:key inputs #:allow-other-keys)
768 (let ((pem (string-append (assoc-ref inputs "libressl")
769 "/etc/ssl/cert.pem")))
770 (substitute* "http.c"
771 (("/etc/ssl/cert.pem") pem))
772 #t)))
0581c273 773 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 774 (native-inputs
775 `(("pkg-config" ,pkg-config)))
0581c273
LF		 776 (inputs
777 `(("libbsd" ,libbsd)
778 ("libressl" ,libressl)))
779 (synopsis "Let's Encrypt client by the OpenBSD project")
780 (description "acme-client is a Let's Encrypt client implemented in C. It
781uses a modular design, and attempts to secure itself by dropping privileges and
782operating in a chroot where possible. acme-client is developed on OpenBSD and
783then ported to the GNU / Linux environment.")
784 (home-page "https://kristaps.bsd.lv/acme-client/")
785 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
786 ;; and 'jsmn.c' are distributed under the Expat license.
787 (license (list license:isc license:expat))))
88522738 788
789;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
790;; variant exists in addition to the "-apache" one.
791(define-public mbedtls-apache
792 (package
793 (name "mbedtls-apache")
d9f80671 794 (version "2.5.1")
88522738 795 (source
796 (origin
797 (method url-fetch)
798 ;; XXX: The download links on the website are script redirection links
799 ;; which effectively lead to the format listed in the uri here.
800 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
801 version "-apache.tgz"))
802 (sha256
803 (base32
d9f80671 804 "1yc1rj0izjihj9hbzvskpa4gjzqf4dm2i84nmmm2s9j1i66fp6jm"))))
88522738 805 (build-system cmake-build-system)
806 (native-inputs
807 `(("perl" ,perl)))
808 (synopsis "Small TLS library")
809 (description
810 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
811for developers to include cryptographic and SSL/TLS capabilities in their
812(embedded) products, facilitating this functionality with a minimal
813coding footprint.")
814 (home-page "https://tls.mbed.org")
815 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/