Commit | Line | Data |
---|---|---|
233e7676 | 1 | ;;; GNU Guix --- Functional package management for GNU |
ce0614dd | 2 | ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> |
d585f244 | 3 | ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> |
29a7c98a | 4 | ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> |
cc2b77df | 5 | ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> |
7543f865 | 6 | ;;; |
233e7676 | 7 | ;;; This file is part of GNU Guix. |
7543f865 | 8 | ;;; |
233e7676 | 9 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
7543f865 LC |
10 | ;;; under the terms of the GNU General Public License as published by |
11 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
12 | ;;; your option) any later version. | |
13 | ;;; | |
233e7676 | 14 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
7543f865 LC |
15 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | ;;; GNU General Public License for more details. | |
18 | ;;; | |
19 | ;;; You should have received a copy of the GNU General Public License | |
233e7676 | 20 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
7543f865 | 21 | |
a7fd7b68 | 22 | (define-module (gnu packages tls) |
e9aa8d0c | 23 | #:use-module ((guix licenses) #:prefix license:) |
7543f865 LC |
24 | #:use-module (guix packages) |
25 | #:use-module (guix download) | |
29a7c98a | 26 | #:use-module (guix utils) |
7543f865 | 27 | #:use-module (guix build-system gnu) |
cc2b77df | 28 | #:use-module (guix build-system perl) |
f61e0e79 | 29 | #:use-module (gnu packages compression) |
013ce67b | 30 | #:use-module (gnu packages) |
1ffa7090 | 31 | #:use-module (gnu packages guile) |
27e86bed | 32 | #:use-module (gnu packages libffi) |
866f469e | 33 | #:use-module (gnu packages libidn) |
27e86bed | 34 | #:use-module (gnu packages nettle) |
1ffa7090 | 35 | #:use-module (gnu packages perl) |
27e86bed | 36 | #:use-module (gnu packages pkg-config) |
a31f4d35 | 37 | #:use-module (gnu packages texinfo) |
ce0614dd | 38 | #:use-module (gnu packages base)) |
7543f865 LC |
39 | |
40 | (define-public libtasn1 | |
41 | (package | |
42 | (name "libtasn1") | |
b8949a2f | 43 | (version "4.5") |
7543f865 LC |
44 | (source |
45 | (origin | |
46 | (method url-fetch) | |
47 | (uri (string-append "mirror://gnu/libtasn1/libtasn1-" | |
48 | version ".tar.gz")) | |
49 | (sha256 | |
50 | (base32 | |
b8949a2f | 51 | "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9")))) |
7543f865 | 52 | (build-system gnu-build-system) |
a31f4d35 LC |
53 | (native-inputs `(("perl" ,perl) |
54 | ||
55 | ;; XXX: For some reason, libtasn1.info wants to be | |
56 | ;; rebuilt, so we must provide 'makeinfo'. | |
57 | ("texinfo" ,texinfo))) | |
7543f865 | 58 | (home-page "http://www.gnu.org/software/libtasn1/") |
f50d2669 | 59 | (synopsis "ASN.1 library") |
7543f865 | 60 | (description |
79c311b8 LC |
61 | "GNU libtasn1 is a library implementing the ASN.1 notation. It is used |
62 | for transmitting machine-neutral encodings of data objects in computer | |
a22dc0c4 LC |
63 | networking, allowing for formal validation of data according to some |
64 | specifications.") | |
e9aa8d0c | 65 | (license license:lgpl2.0+))) |
7543f865 | 66 | |
27e86bed AE |
67 | (define-public p11-kit |
68 | (package | |
69 | (name "p11-kit") | |
14fe9488 | 70 | (version "0.23.1") |
27e86bed AE |
71 | (source |
72 | (origin | |
73 | (method url-fetch) | |
74 | (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-" | |
75 | version ".tar.gz")) | |
76 | (sha256 | |
77 | (base32 | |
14fe9488 | 78 | "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5")) |
27e86bed AE |
79 | (modules '((guix build utils))) ; for substitute* |
80 | (snippet | |
81 | '(begin | |
82 | ;; Drop one test that fails, also when trying to compile manually. | |
83 | ;; Reported upstream at | |
84 | ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027 | |
85 | (substitute* "Makefile.in" | |
86 | (("test-module\\$\\(EXEEXT\\) ") "")))))) | |
87 | (build-system gnu-build-system) | |
88 | (native-inputs | |
89 | `(("pkg-config" ,pkg-config))) | |
90 | (inputs | |
91 | `(("libffi" ,libffi) | |
92 | ("libtasn1" ,libtasn1))) | |
93 | (arguments | |
94 | `(#:configure-flags '("--without-trust-paths"))) | |
95 | (home-page "http://p11-glue.freedesktop.org/p11-kit.html") | |
96 | (synopsis "PKCS#11 library") | |
97 | (description | |
98 | "p11-kit provides a way to load and enumerate PKCS#11 modules. It | |
99 | provides a standard configuration setup for installing PKCS#11 modules | |
100 | in such a way that they are discoverable. It also solves problems with | |
101 | coordinating the use of PKCS#11 by different components or libraries | |
102 | living in the same process.") | |
e9aa8d0c | 103 | (license license:bsd-3))) |
27e86bed | 104 | |
7543f865 LC |
105 | (define-public gnutls |
106 | (package | |
107 | (name "gnutls") | |
936715c9 | 108 | (version "3.4.1") |
d7d408d5 LC |
109 | (source (origin |
110 | (method url-fetch) | |
111 | (uri | |
112 | ;; Note: Releases are no longer on ftp.gnu.org since the | |
113 | ;; schism (after version 3.1.5). | |
d93627e4 | 114 | (string-append "mirror://gnupg/gnutls/v" |
29a7c98a | 115 | (version-major+minor version) |
d93627e4 | 116 | "/gnutls-" version ".tar.xz")) |
d7d408d5 LC |
117 | (sha256 |
118 | (base32 | |
936715c9 | 119 | "0bmih0zyiplr4v8798w0v9g3215zmganq18n8935cizkxj5zbdg9")))) |
7543f865 | 120 | (build-system gnu-build-system) |
b94ae0b8 AK |
121 | (arguments |
122 | '(#:configure-flags | |
123 | (list (string-append "--with-guile-site-dir=" | |
124 | (assoc-ref %outputs "out") | |
aa7c7f21 MW |
125 | "/share/guile/site/2.0") |
126 | ;; GnuTLS doesn't consult any environment variables to specify | |
127 | ;; the location of the system-wide trust store. Instead it has a | |
128 | ;; configure-time option. Unless specified, its configure script | |
129 | ;; attempts to auto-detect the location by looking for common | |
130 | ;; places in the filesystem, none of which are present in our | |
131 | ;; chroot build environment. If not found, then no default trust | |
132 | ;; store is used, so each program has to provide its own | |
133 | ;; fallback, and users have to configure each program | |
134 | ;; independently. This seems suboptimal. | |
866f469e MW |
135 | "--with-default-trust-store-dir=/etc/ssl/certs" |
136 | ||
137 | ;; FIXME: Temporarily disable p11-kit support since it is not | |
138 | ;; working on mips64el. | |
606c6380 LC |
139 | "--without-p11-kit") |
140 | ||
141 | #:phases (modify-phases %standard-phases | |
142 | (add-after | |
143 | 'install 'move-doc | |
144 | (lambda* (#:key outputs #:allow-other-keys) | |
145 | ;; Copy the 4.1 MiB of section 3 man pages to "doc". | |
146 | (let* ((out (assoc-ref outputs "out")) | |
147 | (doc (assoc-ref outputs "doc")) | |
148 | (mandir (string-append doc "/share/man")) | |
149 | (oldman (string-append out "/share/man/man3"))) | |
150 | (mkdir-p mandir) | |
151 | (copy-recursively oldman mandir) | |
152 | (delete-file-recursively oldman) | |
153 | #t)))))) | |
154 | (outputs '("out" ;4.4 MiB | |
155 | "debug" | |
156 | "doc")) ;4.1 MiB of man pages | |
a1db0975 | 157 | (native-inputs |
d2fcfd3d SB |
158 | `(("pkg-config" ,pkg-config) |
159 | ("which" ,which))) | |
7543f865 LC |
160 | (inputs |
161 | `(("guile" ,guile-2.0) | |
0cb9b456 | 162 | ("perl" ,perl))) |
7543f865 | 163 | (propagated-inputs |
d2fcfd3d | 164 | ;; These are all in the 'Requires.private' field of gnutls.pc. |
7543f865 | 165 | `(("libtasn1" ,libtasn1) |
866f469e MW |
166 | ("libidn" ,libidn) |
167 | ("nettle" ,nettle) | |
f61e0e79 | 168 | ("zlib" ,zlib))) |
7543f865 | 169 | (home-page "http://www.gnu.org/software/gnutls/") |
f50d2669 | 170 | (synopsis "Transport layer security library") |
7543f865 | 171 | (description |
a22dc0c4 | 172 | "GnuTLS is a secure communications library implementing the SSL, TLS |
79c311b8 | 173 | and DTLS protocols. It is provided in the form of a C library to support the |
a22dc0c4 LC |
174 | protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other |
175 | required structures.") | |
e9aa8d0c | 176 | (license license:lgpl2.1+))) |
cc2b77df AE |
177 | |
178 | (define-public openssl | |
179 | (package | |
180 | (name "openssl") | |
1f4335ae | 181 | (version "1.0.2d") |
cc2b77df AE |
182 | (source (origin |
183 | (method url-fetch) | |
184 | (uri (string-append "ftp://ftp.openssl.org/source/openssl-" version | |
185 | ".tar.gz")) | |
186 | (sha256 | |
187 | (base32 | |
1f4335ae | 188 | "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737")) |
cc2b77df AE |
189 | (patches (list (search-patch "openssl-runpath.patch"))))) |
190 | (build-system gnu-build-system) | |
191 | (native-inputs `(("perl" ,perl))) | |
192 | (arguments | |
193 | '(#:parallel-build? #f | |
194 | #:parallel-tests? #f | |
195 | #:test-target "test" | |
196 | #:phases | |
197 | (alist-replace | |
198 | 'configure | |
199 | (lambda* (#:key outputs #:allow-other-keys) | |
200 | (let ((out (assoc-ref outputs "out"))) | |
201 | (zero? | |
202 | (system* "./config" | |
203 | "shared" ; build shared libraries | |
204 | "--libdir=lib" | |
205 | (string-append "--prefix=" out))))) | |
206 | (alist-cons-before | |
207 | 'patch-source-shebangs 'patch-tests | |
208 | (lambda* (#:key inputs native-inputs #:allow-other-keys) | |
209 | (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) | |
210 | (substitute* (find-files "test" ".*") | |
211 | (("/bin/sh") | |
212 | (string-append bash "/bin/bash")) | |
213 | (("/bin/rm") | |
214 | "rm")))) | |
215 | %standard-phases)))) | |
216 | (native-search-paths | |
217 | ;; FIXME: These two variables must designate a single file or directory | |
218 | ;; and are not actually "search paths." In practice it works OK in user | |
219 | ;; profiles because there's always just one item that matches the | |
220 | ;; specification. | |
221 | (list (search-path-specification | |
222 | (variable "SSL_CERT_DIR") | |
223 | (files '("etc/ssl/certs"))) | |
224 | (search-path-specification | |
225 | (variable "SSL_CERT_FILE") | |
226 | (files '("etc/ssl/certs/ca-certificates.crt"))))) | |
227 | (synopsis "SSL/TLS implementation") | |
228 | (description | |
229 | "OpenSSL is an implementation of SSL/TLS") | |
e9aa8d0c | 230 | (license license:openssl) |
cc2b77df AE |
231 | (home-page "http://www.openssl.org/"))) |
232 | ||
cb6a802c AE |
233 | (define-public libressl |
234 | (package | |
235 | (name "libressl") | |
236 | (version "2.2.0") | |
237 | (source | |
238 | (origin | |
239 | (method url-fetch) | |
240 | (uri (string-append | |
241 | "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-" | |
242 | version ".tar.gz")) | |
243 | (sha256 (base32 | |
244 | "0h1haqb4y39p1zihwvnr1ib0zfq5bcqfnbj5jm9l4j2xibrxi44n")))) | |
245 | (build-system gnu-build-system) | |
246 | (native-search-paths | |
247 | ;; FIXME: These two variables must designate a single file or directory | |
248 | ;; and are not actually "search paths." In practice it works OK in | |
249 | ;; user profiles because there's always just one item that matches the | |
250 | ;; specification. | |
251 | (list (search-path-specification | |
252 | (variable "SSL_CERT_DIR") | |
253 | (files '("etc/ssl/certs"))) | |
254 | (search-path-specification | |
255 | (variable "SSL_CERT_FILE") | |
256 | (files '("etc/ssl/certs/ca-certificates.crt"))))) | |
257 | (home-page "http://www.libressl.org/") | |
258 | (synopsis "SSL/TLS implementation") | |
259 | (description "LibreSSL is a version of the TLS/crypto stack forked | |
260 | from OpenSSL in 2014, with the goals of modernizing the codebase, improving | |
261 | security, and applying best practice development processes.") | |
262 | ;; Files taken from OpenSSL keep their license, others are under various | |
263 | ;; non-copyleft licenses. | |
264 | (license (list license:openssl | |
265 | (license:non-copyleft | |
266 | "file://COPYING" | |
267 | "See COPYING in the distribution."))))) | |
268 | ||
cc2b77df AE |
269 | (define-public perl-net-ssleay |
270 | (package | |
271 | (name "perl-net-ssleay") | |
272 | (version "1.68") | |
273 | (source (origin | |
274 | (method url-fetch) | |
275 | (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/" | |
276 | "Net-SSLeay-" version ".tar.gz")) | |
277 | (sha256 | |
278 | (base32 | |
279 | "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p")) | |
280 | (patches | |
281 | ;; XXX Try removing this patch for perl-net-ssleay > 1.68 | |
282 | (list (search-patch "perl-net-ssleay-disable-ede-test.patch"))))) | |
283 | (build-system perl-build-system) | |
284 | (inputs `(("openssl" ,openssl))) | |
285 | (arguments | |
286 | `(#:phases (alist-cons-before | |
287 | 'configure 'set-ssl-prefix | |
288 | (lambda* (#:key inputs #:allow-other-keys) | |
289 | (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))) | |
290 | %standard-phases))) | |
291 | (synopsis "Perl extension for using OpenSSL") | |
292 | (description | |
293 | "This module offers some high level convenience functions for accessing | |
294 | web pages on SSL servers (for symmetry, the same API is offered for accessing | |
295 | http servers, too), an sslcat() function for writing your own clients, and | |
296 | finally access to the SSL api of the SSLeay/OpenSSL package so you can write | |
297 | servers or clients for more complicated applications.") | |
298 | (license (package-license perl)) | |
299 | (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/"))) |