HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: sqlite: Update to 3.19.2.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
3c0f7910 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
80cc3a0a 3;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
df0625ab 7;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
2ed12d3f 8;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
88522738 9;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
7543f865 11;;;
233e7676 12;;; This file is part of GNU Guix.
7543f865 13;;;
233e7676 14;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 15;;; under the terms of the GNU General Public License as published by
16;;; the Free Software Foundation; either version 3 of the License, or (at
17;;; your option) any later version.
18;;;
233e7676 19;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 20;;; WITHOUT ANY WARRANTY; without even the implied warranty of
21;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22;;; GNU General Public License for more details.
23;;;
24;;; You should have received a copy of the GNU General Public License
233e7676 25;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 26
a7fd7b68 27(define-module (gnu packages tls)
e9aa8d0c 28 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 29 #:use-module (guix packages)
30 #:use-module (guix download)
29a7c98a 31 #:use-module (guix utils)
7543f865 32 #:use-module (guix build-system gnu)
cc2b77df 33 #:use-module (guix build-system perl)
7890e3ba 34 #:use-module (guix build-system python)
88522738 35 #:use-module (guix build-system cmake)
f61e0e79 36 #:use-module (gnu packages compression)
013ce67b 37 #:use-module (gnu packages)
1ffa7090 38 #:use-module (gnu packages guile)
0581c273 39 #:use-module (gnu packages libbsd)
27e86bed 40 #:use-module (gnu packages libffi)
866f469e 41 #:use-module (gnu packages libidn)
5d4c90ae 42 #:use-module (gnu packages linux)
7890e3ba 43 #:use-module (gnu packages ncurses)
27e86bed 44 #:use-module (gnu packages nettle)
1ffa7090 45 #:use-module (gnu packages perl)
27e86bed 46 #:use-module (gnu packages pkg-config)
7890e3ba 47 #:use-module (gnu packages python)
a31f4d35 48 #:use-module (gnu packages texinfo)
079f013b
LC		 49 #:use-module (gnu packages base)
50 #:use-module (srfi srfi-1))
7543f865
LC		 51
52(define-public libtasn1
53 (package
54 (name "libtasn1")
3853bf25 55 (version "4.10")
7543f865
LC		 56 (source
57 (origin
58 (method url-fetch)
59 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
60 version ".tar.gz"))
59664931 61 (patches (search-patches "libtasn1-CVE-2017-6891.patch"))
7543f865
LC		 62 (sha256
63 (base32
3853bf25 64 "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8"))))
7543f865 65 (build-system gnu-build-system)
3ea110b7 66 (native-inputs `(("perl" ,perl)))
6fd52309 67 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 68 (synopsis "ASN.1 library")
7543f865 69 (description
79c311b8
LC		 70 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
71for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 72networking, allowing for formal validation of data according to some
73specifications.")
e9aa8d0c 74 (license license:lgpl2.0+)))
7543f865 75
375cef6c
HG		 76(define-public asn1c
77 (package
78 (name "asn1c")
ff7da7e0 79 (version "0.9.28")
375cef6c
HG		 80 (source (origin
81 (method url-fetch)
82 (uri (string-append "https://lionet.info/soft/asn1c-"
83 version ".tar.gz"))
84 (sha256
85 (base32
ff7da7e0 86 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 87 (build-system gnu-build-system)
88 (native-inputs
89 `(("perl" ,perl)))
90 (home-page "https://lionet.info/asn1c")
91 (synopsis "ASN.1 to C compiler")
92 (description "The ASN.1 to C compiler takes ASN.1 module
93files and generates C++ compatible C source code. That code can be
94used to serialize the native C structures into compact and unambiguous
95BER/XER/PER-based data files, and deserialize the files back.
96
97Various ASN.1 based formats are widely used in the industry, such as to encode
98the X.509 certificates employed in the HTTPS handshake, to exchange control
99data between mobile phones and cellular networks, to car-to-car communication
100in intelligent transportation networks.")
101 (license license:bsd-2)))
102
27e86bed
AE		 103(define-public p11-kit
104 (package
105 (name "p11-kit")
2b11b9ab 106 (version "0.23.2")
27e86bed
AE		 107 (source
108 (origin
109 (method url-fetch)
5cc3096c 110 (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-"
27e86bed
AE		 111 version ".tar.gz"))
112 (sha256
113 (base32
2b11b9ab 114 "1w7szm190phlkg7qx05ychlj2dbvkgkhx9gw6dx4d5rw62l6wwms"))
27e86bed
AE		 115 (modules '((guix build utils))) ; for substitute*
116 (snippet
117 '(begin
118 ;; Drop one test that fails, also when trying to compile manually.
119 ;; Reported upstream at
120 ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
121 (substitute* "Makefile.in"
122 (("test-module\\$\\(EXEEXT\\) ") ""))))))
123 (build-system gnu-build-system)
124 (native-inputs
125 `(("pkg-config" ,pkg-config)))
126 (inputs
127 `(("libffi" ,libffi)
128 ("libtasn1" ,libtasn1)))
129 (arguments
130 `(#:configure-flags '("--without-trust-paths")))
131 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
132 (synopsis "PKCS#11 library")
133 (description
134 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
135provides a standard configuration setup for installing PKCS#11 modules
136in such a way that they are discoverable. It also solves problems with
137coordinating the use of PKCS#11 by different components or libraries
138living in the same process.")
e9aa8d0c 139 (license license:bsd-3)))
27e86bed 140
7543f865
LC		 141(define-public gnutls
142 (package
143 (name "gnutls")
fb203578 144 (version "3.5.10")
d7d408d5
LC		 145 (source (origin
146 (method url-fetch)
147 (uri
148 ;; Note: Releases are no longer on ftp.gnu.org since the
149 ;; schism (after version 3.1.5).
d93627e4 150 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 151 (version-major+minor version)
d93627e4 152 "/gnutls-" version ".tar.xz"))
d7d408d5
LC		 153 (sha256
154 (base32
fb203578 155 "17apwvdkkazh5w8z8mbanpj2yj8s2002qwy46wz4v3akpa33wi5g"))))
7543f865 156 (build-system gnu-build-system)
b94ae0b8
AK		 157 (arguments
158 '(#:configure-flags
a0700787 159 (list
aa7c7f21
MW		 160 ;; GnuTLS doesn't consult any environment variables to specify
161 ;; the location of the system-wide trust store. Instead it has a
162 ;; configure-time option. Unless specified, its configure script
163 ;; attempts to auto-detect the location by looking for common
8f65585b 164 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 165 ;; chroot build environment. If not found, then no default trust
166 ;; store is used, so each program has to provide its own
167 ;; fallback, and users have to configure each program
168 ;; independently. This seems suboptimal.
866f469e
MW		 169 "--with-default-trust-store-dir=/etc/ssl/certs"
170
171 ;; FIXME: Temporarily disable p11-kit support since it is not
172 ;; working on mips64el.
606c6380
LC		 173 "--without-p11-kit")
174
175 #:phases (modify-phases %standard-phases
176 (add-after
177 'install 'move-doc
178 (lambda* (#:key outputs #:allow-other-keys)
179 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
180 (let* ((out (assoc-ref outputs "out"))
181 (doc (assoc-ref outputs "doc"))
9cdce047 182 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 183 (oldman (string-append out "/share/man/man3")))
184 (mkdir-p mandir)
185 (copy-recursively oldman mandir)
186 (delete-file-recursively oldman)
187 #t))))))
188 (outputs '("out" ;4.4 MiB
189 "debug"
190 "doc")) ;4.1 MiB of man pages
a1db0975 191 (native-inputs
5d4c90ae
LF		 192 `(("net-tools" ,net-tools)
193 ("pkg-config" ,pkg-config)
d2fcfd3d 194 ("which" ,which)))
7543f865 195 (inputs
a0700787 196 `(("guile" ,guile-2.2)))
7543f865 197 (propagated-inputs
d2fcfd3d 198 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 199 `(("libtasn1" ,libtasn1)
55e61c4d 200 ("libidn2" ,libidn2)
866f469e 201 ("nettle" ,nettle)
f61e0e79 202 ("zlib" ,zlib)))
c19700c3 203 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 204 (synopsis "Transport layer security library")
7543f865 205 (description
a22dc0c4 206 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 207and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 208protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
209required structures.")
63e8bb12
LC		 210 (license license:lgpl2.1+)
211 (properties '((ftp-server . "ftp.gnutls.org")
212 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 213
079f013b 214(define-public gnutls/guile-2.2
a0700787
LC		 215 (deprecated-package "guile2.2-gnutls" gnutls))
216
217(define-public gnutls/guile-2.0
218 ;; GnuTLS for Guile 2.0.
079f013b 219 (package
58ea4d40 220 (inherit gnutls)
a0700787
LC		 221 (name "guile2.0-gnutls")
222 (inputs `(("guile" ,guile-2.0)
58ea4d40 223 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 224
cc2b77df
AE		 225(define-public openssl
226 (package
227 (name "openssl")
4c145d21 228 (version "1.0.2k")
cc2b77df 229 (source (origin
4cff124b
LC		 230 (method url-fetch)
231 (uri (list (string-append "ftp://ftp.openssl.org/source/"
232 name "-" version ".tar.gz")
233 (string-append "ftp://ftp.openssl.org/source/old/"
234 (string-trim-right version char-set:letter)
235 "/" name "-" version ".tar.gz")))
236 (sha256
237 (base32
4c145d21 238 "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
fc1adab1 239 (patches (search-patches "openssl-runpath.patch"
1d8de185 240 "openssl-c-rehash-in.patch"))))
cc2b77df 241 (build-system gnu-build-system)
8c78aeb7 242 (outputs '("out"
a909b576 243 "doc" ;1.5MiB of man3 pages
8c78aeb7 244 "static")) ;6MiB of .a files
cc2b77df
AE		 245 (native-inputs `(("perl" ,perl)))
246 (arguments
d03781c3
LC		 247 `(#:disallowed-references (,perl)
248 #:parallel-build? #f
cc2b77df
AE		 249 #:parallel-tests? #f
250 #:test-target "test"
8c9ec203
LF		 251
252 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
253 ;; so we explicitly disallow it here.
254 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 255 #:phases
b6cb1358 256 (modify-phases %standard-phases
4fb254a3 257 (add-before
86c8f1da 258 'configure 'patch-Makefile.org
4fb254a3
LC		 259 (lambda* (#:key outputs #:allow-other-keys)
260 ;; The default MANDIR is some unusual place. Fix that.
261 (let ((out (assoc-ref outputs "out")))
86c8f1da 262 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 263 (substitute* "Makefile.org"
264 (("^MANDIR[[:blank:]]*=.*$")
265 (string-append "MANDIR = " out "/share/man\n")))
266 #t)))
b6cb1358
LC		 267 (replace
268 'configure
269 (lambda* (#:key outputs #:allow-other-keys)
270 (let ((out (assoc-ref outputs "out")))
271 (zero?
272 (system* "./config"
273 "shared" ;build shared libraries
274 "--libdir=lib"
4fb254a3
LC		 275
276 ;; The default for this catch-all directory is
277 ;; PREFIX/ssl. Change that to something more
278 ;; conventional.
279 (string-append "--openssldir=" out
280 "/share/openssl-" ,version)
281
b6cb1358
LC		 282 (string-append "--prefix=" out)
283
284 ;; XXX FIXME: Work around a code generation bug in GCC
285 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
286 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
287 ,@(if (and (not (%current-target-system))
288 (string-prefix? "armhf" (%current-system)))
289 '("-mfpu=vfpv3")
290 '()))))))
fe8199a8
LC		 291 (add-after
292 'install 'make-libraries-writable
293 (lambda* (#:key outputs #:allow-other-keys)
294 ;; Make libraries writable so that 'strip' does its job.
295 (let ((out (assoc-ref outputs "out")))
296 (for-each (lambda (file)
297 (chmod file #o644))
298 (find-files (string-append out "/lib")
299 "\\.so"))
300 #t)))
8c78aeb7
LC		 301 (add-after 'install 'move-static-libraries
302 (lambda* (#:key outputs #:allow-other-keys)
303 ;; Move static libraries to the "static" output.
304 (let* ((out (assoc-ref outputs "out"))
305 (lib (string-append out "/lib"))
306 (static (assoc-ref outputs "static"))
307 (slib (string-append static "/lib")))
8c78aeb7
LC		 308 (for-each (lambda (file)
309 (install-file file slib)
310 (delete-file file))
311 (find-files lib "\\.a$"))
312 #t)))
a909b576
LC		 313 (add-after 'install 'move-man3-pages
314 (lambda* (#:key outputs #:allow-other-keys)
315 ;; Move section 3 man pages to "doc".
316 (let* ((out (assoc-ref outputs "out"))
317 (man3 (string-append out "/share/man/man3"))
318 (doc (assoc-ref outputs "doc"))
319 (target (string-append doc "/share/man/man3")))
320 (mkdir-p target)
321 (for-each (lambda (file)
322 (rename-file file
323 (string-append target "/"
324 (basename file))))
325 (find-files man3))
5c838ec9 326 (delete-file-recursively man3)
a909b576 327 #t)))
b6cb1358
LC		 328 (add-before
329 'patch-source-shebangs 'patch-tests
330 (lambda* (#:key inputs native-inputs #:allow-other-keys)
331 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
332 (substitute* (find-files "test" ".*")
333 (("/bin/sh")
08a78c2f 334 (string-append bash "/bin/sh"))
b6cb1358 335 (("/bin/rm")
86c8f1da
MW		 336 "rm"))
337 #t)))
784d6e91
LC		 338 (add-after
339 'install 'remove-miscellany
340 (lambda* (#:key outputs #:allow-other-keys)
341 ;; The 'misc' directory contains random undocumented shell and Perl
342 ;; scripts. Remove them to avoid retaining a reference on Perl.
343 (let ((out (assoc-ref outputs "out")))
344 (delete-file-recursively (string-append out "/share/openssl-"
345 ,version "/misc"))
346 #t))))))
cc2b77df
AE		 347 (native-search-paths
348 ;; FIXME: These two variables must designate a single file or directory
349 ;; and are not actually "search paths." In practice it works OK in user
350 ;; profiles because there's always just one item that matches the
351 ;; specification.
352 (list (search-path-specification
353 (variable "SSL_CERT_DIR")
354 (files '("etc/ssl/certs")))
355 (search-path-specification
356 (variable "SSL_CERT_FILE")
357 (files '("etc/ssl/certs/ca-certificates.crt")))))
358 (synopsis "SSL/TLS implementation")
359 (description
e881752c 360 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 361 (license license:openssl)
cc2b77df
AE		 362 (home-page "http://www.openssl.org/")))
363
763899f0
LF		 364(define-public openssl-next
365 (package
366 (inherit openssl)
367 (name "openssl")
c85016ad 368 (version "1.1.0e")
763899f0
LF		 369 (source (origin
370 (method url-fetch)
371 (uri (list (string-append "ftp://ftp.openssl.org/source/"
372 name "-" version ".tar.gz")
373 (string-append "ftp://ftp.openssl.org/source/old/"
374 (string-trim-right version char-set:letter)
375 "/" name "-" version ".tar.gz")))
376 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
377 (sha256
378 (base32
c85016ad 379 "0k47sdd9gs6yxfv6ldlgpld2lyzrkcv9kz4cf88ck04xjwc8dgjp"))))
763899f0
LF		 380 (outputs '("out"
381 "doc" ;1.3MiB of man3 pages
382 "static")) ; 5.5MiB of .a files
383 (arguments
384 (substitute-keyword-arguments (package-arguments openssl)
385 ((#:phases phases)
386 `(modify-phases ,phases
387 (delete 'patch-tests) ; These two phases are not needed by
388 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
389
fc184fe2
MB		 390 ;; Override configure phase since -rpath is now a configure option.
391 (replace 'configure
763899f0 392 (lambda* (#:key outputs #:allow-other-keys)
fc184fe2
MB		 393 (let* ((out (assoc-ref outputs "out"))
394 (lib (string-append out "/lib")))
395 (zero?
396 (system* "./config"
397 "shared" ;build shared libraries
398 "--libdir=lib"
399
400 ;; The default for this catch-all directory is
401 ;; PREFIX/ssl. Change that to something more
402 ;; conventional.
403 (string-append "--openssldir=" out
404 "/share/openssl-" ,version)
405
406 (string-append "--prefix=" out)
407 (string-append "-Wl,-rpath," lib)
408
409 ;; XXX FIXME: Work around a code generation bug in GCC
410 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
411 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
412 ,@(if (and (not (%current-target-system))
413 (string-prefix? "armhf" (%current-system)))
414 '("-mfpu=vfpv3")
415 '()))))))
416
417 ;; XXX: Duplicate this phase to make sure 'version' evaluates
418 ;; in the current scope and not the inherited one.
419 (replace 'remove-miscellany
420 (lambda* (#:key outputs #:allow-other-keys)
421 ;; The 'misc' directory contains random undocumented shell and Perl
422 ;; scripts. Remove them to avoid retaining a reference on Perl.
423 (let ((out (assoc-ref outputs "out")))
424 (delete-file-recursively (string-append out "/share/openssl-"
425 ,version "/misc"))
763899f0
LF		 426 #t)))))))))
427
cb6a802c
AE		 428(define-public libressl
429 (package
430 (name "libressl")
2ed12d3f 431 (version "2.5.4")
cb6a802c
AE		 432 (source
433 (origin
434 (method url-fetch)
435 (uri (string-append
436 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
437 version ".tar.gz"))
1a957c21
LF		 438 (sha256
439 (base32
2ed12d3f 440 "1ykf6dqlbafafhbdfmcj19pjj1z6wmsq0rmyqga1i0xv5x95nyhh"))))
cb6a802c 441 (build-system gnu-build-system)
a2d64899
LC		 442 (arguments
443 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
444 ;; and libc would return ENOSYS, which is not properly handled.
445 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
446 '(#:configure-flags '("ac_cv_func_getentropy=no")))
cb6a802c
AE		 447 (native-search-paths
448 ;; FIXME: These two variables must designate a single file or directory
449 ;; and are not actually "search paths." In practice it works OK in
450 ;; user profiles because there's always just one item that matches the
451 ;; specification.
452 (list (search-path-specification
453 (variable "SSL_CERT_DIR")
454 (files '("etc/ssl/certs")))
455 (search-path-specification
456 (variable "SSL_CERT_FILE")
457 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 458 (home-page "https://www.libressl.org/")
cb6a802c
AE		 459 (synopsis "SSL/TLS implementation")
460 (description "LibreSSL is a version of the TLS/crypto stack forked
461from OpenSSL in 2014, with the goals of modernizing the codebase, improving
462security, and applying best practice development processes.")
463 ;; Files taken from OpenSSL keep their license, others are under various
464 ;; non-copyleft licenses.
465 (license (list license:openssl
466 (license:non-copyleft
467 "file://COPYING"
468 "See COPYING in the distribution.")))))
469
6cefd53d 470(define-public python-acme
7890e3ba 471 (package
6cefd53d 472 (name "python-acme")
686d4259 473 ;; Remember to update the hash of certbot when updating python-acme.
44a0591b 474 (version "0.14.1")
7890e3ba 475 (source (origin
9495cf9a 476 (method url-fetch)
f349d36e 477 (uri (pypi-uri "acme" version))
7890e3ba 478 (sha256
df0625ab 479 (base32
44a0591b 480 "0asmkfkzbswnkrvbj5m01xgy4f6g1fjbj2nir1hhrn3ipcdrsv8f"))))
7890e3ba
LF		 481 (build-system python-build-system)
482 (arguments
6cefd53d 483 `(#:phases
9bee9d87 484 (modify-phases %standard-phases
f0e9fda6
LF		 485 (add-after 'unpack 'patch-dependency
486 ;; This module is part of the Python standard library, so we don't
487 ;; need to use an external package.
488 ;; https://github.com/certbot/certbot/pull/2249
489 (lambda _
490 (substitute* "setup.py"
491 (("'argparse',") ""))
492 #t))
1fc8476d
MB		 493 (add-after 'build 'build-documentation
494 (lambda _
495 (zero? (system* "make" "-C" "docs" "man" "info"))))
496 (add-after 'install 'install-documentation
50a7963a
LF		 497 (lambda* (#:key outputs #:allow-other-keys)
498 (let* ((out (assoc-ref outputs "out"))
499 (man (string-append out "/share/man/man1"))
500 (info (string-append out "/info")))
1fc8476d
MB		 501 (install-file "docs/_build/texinfo/acme-python.info" info)
502 (install-file "docs/_build/man/acme-python.1" man)
503 #t))))))
50a7963a 504 ;; TODO: Add optional inputs for testing.
7890e3ba 505 (native-inputs
6cefd53d 506 `(("python-mock" ,python-mock)
50a7963a
LF		 507 ;; For documentation
508 ("python-sphinx" ,python-sphinx)
509 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
510 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 511 ("texinfo" ,texinfo)))
7890e3ba 512 (propagated-inputs
57fe07db 513 `(("python-six" ,python-six)
6cefd53d
LF		 514 ("python-requests" ,python-requests)
515 ("python-pytz" ,python-pytz)
516 ("python-pyrfc3339" ,python-pyrfc3339)
517 ("python-pyasn1" ,python-pyasn1)
518 ("python-cryptography" ,python-cryptography)
519 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 520 (home-page "https://github.com/letsencrypt/letsencrypt")
521 (synopsis "ACME protocol implementation in Python")
522 (description "ACME protocol implementation in Python")
523 (license license:asl2.0)))
524
6cefd53d
LF		 525(define-public python2-acme
526 (package-with-python2 python-acme))
527
9495cf9a 528(define-public certbot
9fd0838b 529 (package
9495cf9a 530 (name "certbot")
686d4259
LF		 531 ;; Certbot and python-acme are developed in the same repository, and their
532 ;; versions should remain synchronized.
533 (version (package-version python-acme))
9fd0838b
DT		 534 (source (origin
535 (method url-fetch)
f349d36e 536 (uri (pypi-uri name version))
9fd0838b
DT		 537 (sha256
538 (base32
44a0591b 539 "0rdby57hw35qdrbl7kigscphnz4kqb608bqzrcb73nb99092i6si"))))
9fd0838b
DT		 540 (build-system python-build-system)
541 (arguments
f9263d9a 542 `(#:python ,python-2
f26d6e4e
LF		 543 ,@(substitute-keyword-arguments (package-arguments python-acme)
544 ((#:phases phases)
545 `(modify-phases ,phases
1fc8476d 546 (replace 'install-documentation
f26d6e4e
LF		 547 (lambda* (#:key outputs #:allow-other-keys)
548 (let* ((out (assoc-ref outputs "out"))
549 (man1 (string-append out "/share/man/man1"))
550 (man7 (string-append out "/share/man/man7"))
551 (info (string-append out "/info")))
1fc8476d
MB		 552 (install-file "docs/_build/texinfo/Certbot.info" info)
553 (install-file "docs/_build/man/certbot.1" man1)
554 (install-file "docs/_build/man/certbot.7" man7)
555 #t))))))))
f9263d9a 556 ;; TODO: Add optional inputs for testing.
9fd0838b
DT		 557 (native-inputs
558 `(("python2-nose" ,python2-nose)
f9263d9a
LF		 559 ("python2-mock" ,python2-mock)
560 ;; For documentation
561 ("python2-sphinx" ,python2-sphinx)
562 ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
563 ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
564 ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
565 ("texinfo" ,texinfo)))
9fd0838b 566 (propagated-inputs
6cefd53d 567 `(("python2-acme" ,python2-acme)
9fd0838b 568 ("python2-zope-interface" ,python2-zope-interface)
9fd0838b
DT		 569 ("python2-pyrfc3339" ,python2-pyrfc3339)
570 ("python2-pyopenssl" ,python2-pyopenssl)
571 ("python2-configobj" ,python2-configobj)
572 ("python2-configargparse" ,python2-configargparse)
573 ("python2-zope-component" ,python2-zope-component)
574 ("python2-parsedatetime" ,python2-parsedatetime)
575 ("python2-six" ,python2-six)
576 ("python2-psutil" ,python2-psutil)
577 ("python2-requests" ,python2-requests)
578 ("python2-pytz" ,python2-pytz)))
d8a1be63 579 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 580 (description "Certbot automatically receives and installs X.509 certificates
581to enable Transport Layer Security (TLS) on servers. It interoperates with the
582Let’s Encrypt certificate authority (CA), which issues browser-trusted
583certificates for free.")
24778368 584 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 585 (license license:asl2.0)))
586
9495cf9a
LF		 587(define-public letsencrypt
588 (package (inherit certbot)
56ab55d1
LF		 589 (name "letsencrypt")
590 (properties `((superseded . ,certbot)))))
9495cf9a 591
cc2b77df
AE		 592(define-public perl-net-ssleay
593 (package
594 (name "perl-net-ssleay")
595 (version "1.68")
596 (source (origin
597 (method url-fetch)
598 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
599 "Net-SSLeay-" version ".tar.gz"))
600 (sha256
601 (base32
1084ec08 602 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
cc2b77df 603 (build-system perl-build-system)
1084ec08
MW		 604 (native-inputs
605 `(("patch" ,patch)
606 ("patch/disable-ede-test"
607 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
cc2b77df
AE		 608 (inputs `(("openssl" ,openssl)))
609 (arguments
1084ec08
MW		 610 `(#:phases
611 (modify-phases %standard-phases
612 (add-after
613 'unpack 'apply-patch
614 (lambda* (#:key inputs #:allow-other-keys)
615 ;; XXX We apply this patch here instead of in the 'origin' because
616 ;; this package's build system fails badly when the source file
617 ;; times are zeroed.
618 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
619 (zero? (system* "patch" "--force" "-p1" "-i"
620 (assoc-ref inputs "patch/disable-ede-test")))))
621 (add-before
622 'configure 'set-ssl-prefix
623 (lambda* (#:key inputs #:allow-other-keys)
624 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
625 #t)))))
cc2b77df
AE		 626 (synopsis "Perl extension for using OpenSSL")
627 (description
628 "This module offers some high level convenience functions for accessing
629web pages on SSL servers (for symmetry, the same API is offered for accessing
630http servers, too), an sslcat() function for writing your own clients, and
631finally access to the SSL api of the SSLeay/OpenSSL package so you can write
632servers or clients for more complicated applications.")
2f3108ad 633 (license license:perl-license)
cc2b77df 634 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 635
636(define-public perl-crypt-openssl-rsa
637 (package
638 (name "perl-crypt-openssl-rsa")
639 (version "0.28")
640 (source
641 (origin
642 (method url-fetch)
643 (uri (string-append
644 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
645 version
646 ".tar.gz"))
647 (sha256
648 (base32
649 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
650 (build-system perl-build-system)
651 (inputs
652 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
653 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
654 ("openssl" ,openssl)))
655 (arguments perl-crypt-arguments)
656 (home-page
657 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
658 (synopsis
659 "RSA encoding and decoding, using the openSSL libraries")
660 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
661OpenSSL libraries).")
2f3108ad 662 (license license:perl-license)))
adff71ca
DM		 663
664(define perl-crypt-arguments
665 `(#:phases (modify-phases %standard-phases
666 (add-before 'configure 'patch-Makefile.PL
667 (lambda* (#:key inputs #:allow-other-keys)
668 (substitute* "Makefile.PL"
669 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
670 (assoc-ref inputs "openssl")
671 "/lib -lcrypto'],")))
672 #t)))))
673
674(define-public perl-crypt-openssl-bignum
675 (package
676 (name "perl-crypt-openssl-bignum")
677 (version "0.06")
678 (source
679 (origin
680 (method url-fetch)
681 (uri (string-append
682 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
683 version
684 ".tar.gz"))
685 (sha256
686 (base32
687 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
688 (build-system perl-build-system)
689 (inputs `(("openssl" ,openssl)))
690 (arguments perl-crypt-arguments)
691 (home-page
692 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
693 (synopsis
694 "OpenSSL's multiprecision integer arithmetic in Perl")
695 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
696arithmetic in Perl.")
697 ;; At your option either gpl1+ or the Artistic License
2f3108ad 698 (license license:perl-license)))
cccb4d26
DM		 699
700(define-public perl-crypt-openssl-random
701 (package
702 (name "perl-crypt-openssl-random")
703 (version "0.11")
704 (source
705 (origin
706 (method url-fetch)
707 (uri (string-append
708 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
709 version
710 ".tar.gz"))
711 (sha256
712 (base32
713 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
714 (build-system perl-build-system)
715 (inputs `(("openssl" ,openssl)))
716 (arguments perl-crypt-arguments)
717 (home-page
718 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
719 (synopsis
720 "OpenSSL/LibreSSL pseudo-random number generator access")
721 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
722number generator")
2f3108ad 723 (license license:perl-license)))
0581c273
LF		 724
725(define-public acme-client
726 (package
727 (name "acme-client")
4a6b2a21 728 (version "0.1.16")
0581c273
LF		 729 (source (origin
730 (method url-fetch)
731 (uri (string-append "https://kristaps.bsd.lv/" name "/"
732 "snapshots/" name "-portable-"
733 version ".tgz"))
734 (sha256
735 (base32
4a6b2a21 736 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 737 (build-system gnu-build-system)
738 (arguments
739 '(#:tests? #f ; no test suite
740 #:make-flags
741 (list "CC=gcc"
742 (string-append "PREFIX=" (assoc-ref %outputs "out")))
743 #:phases
744 (modify-phases %standard-phases
7c1a7bf4
LF		 745 (add-after 'unpack 'patch-paths
746 (lambda* (#:key inputs #:allow-other-keys)
747 (let ((pem (string-append (assoc-ref inputs "libressl")
748 "/etc/ssl/cert.pem")))
749 (substitute* "http.c"
750 (("/etc/ssl/cert.pem") pem))
751 #t)))
0581c273 752 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 753 (native-inputs
754 `(("pkg-config" ,pkg-config)))
0581c273
LF		 755 (inputs
756 `(("libbsd" ,libbsd)
757 ("libressl" ,libressl)))
758 (synopsis "Let's Encrypt client by the OpenBSD project")
759 (description "acme-client is a Let's Encrypt client implemented in C. It
760uses a modular design, and attempts to secure itself by dropping privileges and
761operating in a chroot where possible. acme-client is developed on OpenBSD and
762then ported to the GNU / Linux environment.")
763 (home-page "https://kristaps.bsd.lv/acme-client/")
764 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
765 ;; and 'jsmn.c' are distributed under the Expat license.
766 (license (list license:isc license:expat))))
88522738 767
768;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
769;; variant exists in addition to the "-apache" one.
770(define-public mbedtls-apache
771 (package
772 (name "mbedtls-apache")
16ab9824 773 (version "2.4.2")
88522738 774 (source
775 (origin
776 (method url-fetch)
777 ;; XXX: The download links on the website are script redirection links
778 ;; which effectively lead to the format listed in the uri here.
779 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
780 version "-apache.tgz"))
781 (sha256
782 (base32
16ab9824 783 "065hn5zibzflivabdh9p41dknda7wicl2zhc936dmakqfjprip8p"))))
88522738 784 (build-system cmake-build-system)
785 (native-inputs
786 `(("perl" ,perl)))
787 (synopsis "Small TLS library")
788 (description
789 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
790for developers to include cryptographic and SSL/TLS capabilities in their
791(embedded) products, facilitating this functionality with a minimal
792coding footprint.")
793 (home-page "https://tls.mbed.org")
794 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/