HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: openssl: Remove graft for 1.0.2m.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
3c0f7910 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
e3df6938 3;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
df0625ab 7;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
2ed12d3f 8;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
5b9aa107 9;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
88e2511e 12;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
7543f865 13;;;
233e7676 14;;; This file is part of GNU Guix.
7543f865 15;;;
233e7676 16;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 17;;; under the terms of the GNU General Public License as published by
18;;; the Free Software Foundation; either version 3 of the License, or (at
19;;; your option) any later version.
20;;;
233e7676 21;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 22;;; WITHOUT ANY WARRANTY; without even the implied warranty of
23;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24;;; GNU General Public License for more details.
25;;;
26;;; You should have received a copy of the GNU General Public License
233e7676 27;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 28
a7fd7b68 29(define-module (gnu packages tls)
e9aa8d0c 30 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 31 #:use-module (guix packages)
32 #:use-module (guix download)
29a7c98a 33 #:use-module (guix utils)
7543f865 34 #:use-module (guix build-system gnu)
cc2b77df 35 #:use-module (guix build-system perl)
7890e3ba 36 #:use-module (guix build-system python)
88522738 37 #:use-module (guix build-system cmake)
f61e0e79 38 #:use-module (gnu packages compression)
013ce67b 39 #:use-module (gnu packages)
5b9aa107 40 #:use-module (gnu packages dns)
1ffa7090 41 #:use-module (gnu packages guile)
0581c273 42 #:use-module (gnu packages libbsd)
27e86bed 43 #:use-module (gnu packages libffi)
866f469e 44 #:use-module (gnu packages libidn)
5d4c90ae 45 #:use-module (gnu packages linux)
7890e3ba 46 #:use-module (gnu packages ncurses)
27e86bed 47 #:use-module (gnu packages nettle)
1ffa7090 48 #:use-module (gnu packages perl)
27e86bed 49 #:use-module (gnu packages pkg-config)
7890e3ba 50 #:use-module (gnu packages python)
a31f4d35 51 #:use-module (gnu packages texinfo)
079f013b
LC		 52 #:use-module (gnu packages base)
53 #:use-module (srfi srfi-1))
7543f865
LC		 54
55(define-public libtasn1
56 (package
57 (name "libtasn1")
ee33f9a7 58 (version "4.12")
7543f865
LC		 59 (source
60 (origin
61 (method url-fetch)
62 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
63 version ".tar.gz"))
64 (sha256
65 (base32
3651c471
EF		 66 "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))
67 (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))
7543f865 68 (build-system gnu-build-system)
3ea110b7 69 (native-inputs `(("perl" ,perl)))
6fd52309 70 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 71 (synopsis "ASN.1 library")
7543f865 72 (description
79c311b8
LC		 73 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
74for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 75networking, allowing for formal validation of data according to some
76specifications.")
e9aa8d0c 77 (license license:lgpl2.0+)))
7543f865 78
375cef6c
HG		 79(define-public asn1c
80 (package
81 (name "asn1c")
ff7da7e0 82 (version "0.9.28")
375cef6c
HG		 83 (source (origin
84 (method url-fetch)
85 (uri (string-append "https://lionet.info/soft/asn1c-"
86 version ".tar.gz"))
87 (sha256
88 (base32
ff7da7e0 89 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 90 (build-system gnu-build-system)
91 (native-inputs
92 `(("perl" ,perl)))
93 (home-page "https://lionet.info/asn1c")
94 (synopsis "ASN.1 to C compiler")
95 (description "The ASN.1 to C compiler takes ASN.1 module
96files and generates C++ compatible C source code. That code can be
97used to serialize the native C structures into compact and unambiguous
98BER/XER/PER-based data files, and deserialize the files back.
99
100Various ASN.1 based formats are widely used in the industry, such as to encode
101the X.509 certificates employed in the HTTPS handshake, to exchange control
102data between mobile phones and cellular networks, to car-to-car communication
103in intelligent transportation networks.")
104 (license license:bsd-2)))
105
27e86bed
AE		 106(define-public p11-kit
107 (package
108 (name "p11-kit")
2a6e049a 109 (version "0.23.9")
27e86bed
AE		 110 (source
111 (origin
112 (method url-fetch)
e6ad9bda
MB		 113 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
114 "download/" version "/p11-kit-" version ".tar.gz"))
27e86bed
AE		 115 (sha256
116 (base32
2a6e049a 117 "0qyvnkb5hfi94wv3bn67y20hcbbvynvjwxpk7k9sh1si6ff69hg1"))))
27e86bed
AE		 118 (build-system gnu-build-system)
119 (native-inputs
120 `(("pkg-config" ,pkg-config)))
121 (inputs
122 `(("libffi" ,libffi)
123 ("libtasn1" ,libtasn1)))
124 (arguments
125 `(#:configure-flags '("--without-trust-paths")))
126 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
127 (synopsis "PKCS#11 library")
128 (description
129 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
130provides a standard configuration setup for installing PKCS#11 modules
131in such a way that they are discoverable. It also solves problems with
132coordinating the use of PKCS#11 by different components or libraries
133living in the same process.")
e9aa8d0c 134 (license license:bsd-3)))
27e86bed 135
f96dbf6b
LF		 136
137;; TODO Add net-tools-for-tests to #:disallowed-references when we can afford
138;; rebuild GnuTLS (i.e. core-updates).
7543f865
LC		 139(define-public gnutls
140 (package
141 (name "gnutls")
5bace4c8 142 (version "3.5.13")
d7d408d5
LC		 143 (source (origin
144 (method url-fetch)
145 (uri
146 ;; Note: Releases are no longer on ftp.gnu.org since the
147 ;; schism (after version 3.1.5).
d93627e4 148 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 149 (version-major+minor version)
d93627e4 150 "/gnutls-" version ".tar.xz"))
5bace4c8
MB		 151 (patches
152 (search-patches "gnutls-skip-trust-store-test.patch"
153 "gnutls-skip-pkgconfig-test.patch"))
d7d408d5
LC		 154 (sha256
155 (base32
5bace4c8 156 "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))
7543f865 157 (build-system gnu-build-system)
b94ae0b8
AK		 158 (arguments
159 '(#:configure-flags
a0700787 160 (list
aa7c7f21
MW		 161 ;; GnuTLS doesn't consult any environment variables to specify
162 ;; the location of the system-wide trust store. Instead it has a
163 ;; configure-time option. Unless specified, its configure script
164 ;; attempts to auto-detect the location by looking for common
8f65585b 165 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 166 ;; chroot build environment. If not found, then no default trust
167 ;; store is used, so each program has to provide its own
168 ;; fallback, and users have to configure each program
169 ;; independently. This seems suboptimal.
866f469e
MW		 170 "--with-default-trust-store-dir=/etc/ssl/certs"
171
172 ;; FIXME: Temporarily disable p11-kit support since it is not
173 ;; working on mips64el.
606c6380
LC		 174 "--without-p11-kit")
175
176 #:phases (modify-phases %standard-phases
177 (add-after
178 'install 'move-doc
179 (lambda* (#:key outputs #:allow-other-keys)
180 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
181 (let* ((out (assoc-ref outputs "out"))
182 (doc (assoc-ref outputs "doc"))
9cdce047 183 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 184 (oldman (string-append out "/share/man/man3")))
185 (mkdir-p mandir)
186 (copy-recursively oldman mandir)
187 (delete-file-recursively oldman)
188 #t))))))
189 (outputs '("out" ;4.4 MiB
190 "debug"
191 "doc")) ;4.1 MiB of man pages
a1db0975 192 (native-inputs
f96dbf6b 193 `(("net-tools" ,net-tools-for-tests)
5d4c90ae 194 ("pkg-config" ,pkg-config)
d2fcfd3d 195 ("which" ,which)))
7543f865 196 (inputs
a0700787 197 `(("guile" ,guile-2.2)))
7543f865 198 (propagated-inputs
d2fcfd3d 199 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 200 `(("libtasn1" ,libtasn1)
55e61c4d 201 ("libidn2" ,libidn2)
866f469e 202 ("nettle" ,nettle)
f61e0e79 203 ("zlib" ,zlib)))
c19700c3 204 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 205 (synopsis "Transport layer security library")
7543f865 206 (description
a22dc0c4 207 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 208and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 209protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
210required structures.")
63e8bb12
LC		 211 (license license:lgpl2.1+)
212 (properties '((ftp-server . "ftp.gnutls.org")
213 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 214
079f013b 215(define-public gnutls/guile-2.2
a0700787
LC		 216 (deprecated-package "guile2.2-gnutls" gnutls))
217
218(define-public gnutls/guile-2.0
219 ;; GnuTLS for Guile 2.0.
079f013b 220 (package
58ea4d40 221 (inherit gnutls)
a0700787
LC		 222 (name "guile2.0-gnutls")
223 (inputs `(("guile" ,guile-2.0)
58ea4d40 224 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 225
5b9aa107 226(define-public gnutls/dane
227 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
228 ;; Authentication of Named Entities. This is required for GNS functionality
229 ;; by GNUnet and gnURL. This is done in an extra package definition
230 ;; to have the choice between GnuTLS with Dane and without Dane.
231 (package
232 (inherit gnutls)
233 (name "gnutls-dane")
234 (inputs `(("unbound" ,unbound)
235 ,@(package-inputs gnutls)))))
236
cc2b77df
AE		 237(define-public openssl
238 (package
239 (name "openssl")
bdf0b6fc 240 (version "1.0.2m")
cc2b77df 241 (source (origin
4cff124b 242 (method url-fetch)
bdf0b6fc
MB		 243 (uri (list (string-append "https://www.openssl.org/source/openssl-"
244 version ".tar.gz")
245 (string-append "ftp://ftp.openssl.org/source/"
4cff124b
LC		 246 name "-" version ".tar.gz")
247 (string-append "ftp://ftp.openssl.org/source/old/"
248 (string-trim-right version char-set:letter)
249 "/" name "-" version ".tar.gz")))
250 (sha256
251 (base32
bdf0b6fc 252 "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc"))
8a9b08b5
ST		 253 (snippet
254 '(begin
255 ;; Remove ELF files. 'substitute*' can't read them.
256 (delete-file "test/ssltest_old")
257 (delete-file "test/v3ext")
258 (delete-file "test/x509aux")
259 #t))
fc1adab1 260 (patches (search-patches "openssl-runpath.patch"
1d8de185 261 "openssl-c-rehash-in.patch"))))
cc2b77df 262 (build-system gnu-build-system)
8c78aeb7 263 (outputs '("out"
a909b576 264 "doc" ;1.5MiB of man3 pages
8c78aeb7 265 "static")) ;6MiB of .a files
cc2b77df
AE		 266 (native-inputs `(("perl" ,perl)))
267 (arguments
d03781c3
LC		 268 `(#:disallowed-references (,perl)
269 #:parallel-build? #f
cc2b77df
AE		 270 #:parallel-tests? #f
271 #:test-target "test"
8c9ec203
LF		 272
273 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
274 ;; so we explicitly disallow it here.
275 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 276 #:phases
b6cb1358 277 (modify-phases %standard-phases
4fb254a3 278 (add-before
86c8f1da 279 'configure 'patch-Makefile.org
4fb254a3
LC		 280 (lambda* (#:key outputs #:allow-other-keys)
281 ;; The default MANDIR is some unusual place. Fix that.
282 (let ((out (assoc-ref outputs "out")))
86c8f1da 283 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 284 (substitute* "Makefile.org"
285 (("^MANDIR[[:blank:]]*=.*$")
286 (string-append "MANDIR = " out "/share/man\n")))
287 #t)))
b6cb1358
LC		 288 (replace
289 'configure
290 (lambda* (#:key outputs #:allow-other-keys)
291 (let ((out (assoc-ref outputs "out")))
292 (zero?
293 (system* "./config"
294 "shared" ;build shared libraries
295 "--libdir=lib"
4fb254a3
LC		 296
297 ;; The default for this catch-all directory is
298 ;; PREFIX/ssl. Change that to something more
299 ;; conventional.
300 (string-append "--openssldir=" out
301 "/share/openssl-" ,version)
302
b6cb1358
LC		 303 (string-append "--prefix=" out)
304
305 ;; XXX FIXME: Work around a code generation bug in GCC
306 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
307 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
308 ,@(if (and (not (%current-target-system))
309 (string-prefix? "armhf" (%current-system)))
310 '("-mfpu=vfpv3")
311 '()))))))
fe8199a8
LC		 312 (add-after
313 'install 'make-libraries-writable
314 (lambda* (#:key outputs #:allow-other-keys)
315 ;; Make libraries writable so that 'strip' does its job.
316 (let ((out (assoc-ref outputs "out")))
317 (for-each (lambda (file)
318 (chmod file #o644))
319 (find-files (string-append out "/lib")
320 "\\.so"))
321 #t)))
8c78aeb7
LC		 322 (add-after 'install 'move-static-libraries
323 (lambda* (#:key outputs #:allow-other-keys)
324 ;; Move static libraries to the "static" output.
325 (let* ((out (assoc-ref outputs "out"))
326 (lib (string-append out "/lib"))
327 (static (assoc-ref outputs "static"))
328 (slib (string-append static "/lib")))
8c78aeb7
LC		 329 (for-each (lambda (file)
330 (install-file file slib)
331 (delete-file file))
332 (find-files lib "\\.a$"))
333 #t)))
a909b576
LC		 334 (add-after 'install 'move-man3-pages
335 (lambda* (#:key outputs #:allow-other-keys)
336 ;; Move section 3 man pages to "doc".
337 (let* ((out (assoc-ref outputs "out"))
338 (man3 (string-append out "/share/man/man3"))
339 (doc (assoc-ref outputs "doc"))
340 (target (string-append doc "/share/man/man3")))
341 (mkdir-p target)
342 (for-each (lambda (file)
343 (rename-file file
344 (string-append target "/"
345 (basename file))))
346 (find-files man3))
5c838ec9 347 (delete-file-recursively man3)
a909b576 348 #t)))
b6cb1358
LC		 349 (add-before
350 'patch-source-shebangs 'patch-tests
351 (lambda* (#:key inputs native-inputs #:allow-other-keys)
352 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
353 (substitute* (find-files "test" ".*")
354 (("/bin/sh")
08a78c2f 355 (string-append bash "/bin/sh"))
b6cb1358 356 (("/bin/rm")
86c8f1da
MW		 357 "rm"))
358 #t)))
784d6e91
LC		 359 (add-after
360 'install 'remove-miscellany
361 (lambda* (#:key outputs #:allow-other-keys)
362 ;; The 'misc' directory contains random undocumented shell and Perl
363 ;; scripts. Remove them to avoid retaining a reference on Perl.
364 (let ((out (assoc-ref outputs "out")))
365 (delete-file-recursively (string-append out "/share/openssl-"
366 ,version "/misc"))
367 #t))))))
cc2b77df
AE		 368 (native-search-paths
369 ;; FIXME: These two variables must designate a single file or directory
370 ;; and are not actually "search paths." In practice it works OK in user
371 ;; profiles because there's always just one item that matches the
372 ;; specification.
373 (list (search-path-specification
374 (variable "SSL_CERT_DIR")
375 (files '("etc/ssl/certs")))
376 (search-path-specification
377 (variable "SSL_CERT_FILE")
378 (files '("etc/ssl/certs/ca-certificates.crt")))))
379 (synopsis "SSL/TLS implementation")
380 (description
e881752c 381 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 382 (license license:openssl)
cc2b77df
AE		 383 (home-page "http://www.openssl.org/")))
384
763899f0
LF		 385(define-public openssl-next
386 (package
387 (inherit openssl)
388 (name "openssl")
77576be4 389 (version "1.1.0g")
763899f0
LF		 390 (source (origin
391 (method url-fetch)
77576be4
MB		 392 (uri (list (string-append "https://www.openssl.org/source/openssl-"
393 version ".tar.gz")
394 (string-append "ftp://ftp.openssl.org/source/"
763899f0
LF		 395 name "-" version ".tar.gz")
396 (string-append "ftp://ftp.openssl.org/source/old/"
397 (string-trim-right version char-set:letter)
398 "/" name "-" version ".tar.gz")))
399 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
400 (sha256
401 (base32
77576be4 402 "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy"))))
763899f0
LF		 403 (outputs '("out"
404 "doc" ;1.3MiB of man3 pages
405 "static")) ; 5.5MiB of .a files
406 (arguments
407 (substitute-keyword-arguments (package-arguments openssl)
408 ((#:phases phases)
409 `(modify-phases ,phases
410 (delete 'patch-tests) ; These two phases are not needed by
411 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
412
fc184fe2
MB		 413 ;; Override configure phase since -rpath is now a configure option.
414 (replace 'configure
763899f0 415 (lambda* (#:key outputs #:allow-other-keys)
fc184fe2
MB		 416 (let* ((out (assoc-ref outputs "out"))
417 (lib (string-append out "/lib")))
418 (zero?
419 (system* "./config"
420 "shared" ;build shared libraries
421 "--libdir=lib"
422
423 ;; The default for this catch-all directory is
424 ;; PREFIX/ssl. Change that to something more
425 ;; conventional.
426 (string-append "--openssldir=" out
427 "/share/openssl-" ,version)
428
429 (string-append "--prefix=" out)
430 (string-append "-Wl,-rpath," lib)
431
432 ;; XXX FIXME: Work around a code generation bug in GCC
433 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
434 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
435 ,@(if (and (not (%current-target-system))
436 (string-prefix? "armhf" (%current-system)))
437 '("-mfpu=vfpv3")
438 '()))))))
439
440 ;; XXX: Duplicate this phase to make sure 'version' evaluates
441 ;; in the current scope and not the inherited one.
442 (replace 'remove-miscellany
443 (lambda* (#:key outputs #:allow-other-keys)
444 ;; The 'misc' directory contains random undocumented shell and Perl
445 ;; scripts. Remove them to avoid retaining a reference on Perl.
446 (let ((out (assoc-ref outputs "out")))
447 (delete-file-recursively (string-append out "/share/openssl-"
448 ,version "/misc"))
763899f0
LF		 449 #t)))))))))
450
cb6a802c
AE		 451(define-public libressl
452 (package
453 (name "libressl")
1d919d32 454 (version "2.5.5")
644e5f17
TGR		 455 (source (origin
456 (method url-fetch)
457 (uri (string-append "mirror://openbsd/LibreSSL/"
458 name "-" version ".tar.gz"))
459 (sha256
460 (base32
461 "1i77viqy1afvbr392npk9v54k9zhr9zq2vhv6pliza22b0ymwzz5"))))
cb6a802c 462 (build-system gnu-build-system)
a2d64899
LC		 463 (arguments
464 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
465 ;; and libc would return ENOSYS, which is not properly handled.
466 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 467 '(#:configure-flags '("ac_cv_func_getentropy=no"
468 ;; Provide a TLS-enabled netcat.
469 "--enable-nc")))
cb6a802c
AE		 470 (native-search-paths
471 ;; FIXME: These two variables must designate a single file or directory
472 ;; and are not actually "search paths." In practice it works OK in
473 ;; user profiles because there's always just one item that matches the
474 ;; specification.
475 (list (search-path-specification
476 (variable "SSL_CERT_DIR")
477 (files '("etc/ssl/certs")))
478 (search-path-specification
479 (variable "SSL_CERT_FILE")
480 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 481 (home-page "https://www.libressl.org/")
cb6a802c 482 (synopsis "SSL/TLS implementation")
df08f385
LF		 483 (description "LibreSSL is a version of the TLS/crypto stack, forked from
484OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
485and applying best practice development processes. This package also includes a
486netcat implementation that supports TLS.")
cb6a802c
AE		 487 ;; Files taken from OpenSSL keep their license, others are under various
488 ;; non-copyleft licenses.
489 (license (list license:openssl
490 (license:non-copyleft
491 "file://COPYING"
492 "See COPYING in the distribution.")))))
493
6cefd53d 494(define-public python-acme
7890e3ba 495 (package
6cefd53d 496 (name "python-acme")
686d4259 497 ;; Remember to update the hash of certbot when updating python-acme.
eb93f1c9 498 (version "0.19.0")
7890e3ba 499 (source (origin
9495cf9a 500 (method url-fetch)
f349d36e 501 (uri (pypi-uri "acme" version))
881006b6
MB		 502 (sha256
503 (base32
eb93f1c9 504 "08p8w50zciqlhgn3ab0wbbvi1zyg3x37r1gywq0z1allsij3v8hz"))))
7890e3ba
LF		 505 (build-system python-build-system)
506 (arguments
6cefd53d 507 `(#:phases
9bee9d87 508 (modify-phases %standard-phases
1fc8476d
MB		 509 (add-after 'build 'build-documentation
510 (lambda _
511 (zero? (system* "make" "-C" "docs" "man" "info"))))
512 (add-after 'install 'install-documentation
50a7963a
LF		 513 (lambda* (#:key outputs #:allow-other-keys)
514 (let* ((out (assoc-ref outputs "out"))
515 (man (string-append out "/share/man/man1"))
516 (info (string-append out "/info")))
1fc8476d
MB		 517 (install-file "docs/_build/texinfo/acme-python.info" info)
518 (install-file "docs/_build/man/acme-python.1" man)
519 #t))))))
50a7963a 520 ;; TODO: Add optional inputs for testing.
7890e3ba 521 (native-inputs
4ae65558 522 `(("python-mock" ,python-mock)
50a7963a
LF		 523 ;; For documentation
524 ("python-sphinx" ,python-sphinx)
525 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
526 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 527 ("texinfo" ,texinfo)))
7890e3ba 528 (propagated-inputs
57fe07db 529 `(("python-six" ,python-six)
6cefd53d
LF		 530 ("python-requests" ,python-requests)
531 ("python-pytz" ,python-pytz)
532 ("python-pyrfc3339" ,python-pyrfc3339)
533 ("python-pyasn1" ,python-pyasn1)
534 ("python-cryptography" ,python-cryptography)
535 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 536 (home-page "https://github.com/letsencrypt/letsencrypt")
537 (synopsis "ACME protocol implementation in Python")
538 (description "ACME protocol implementation in Python")
539 (license license:asl2.0)))
540
9495cf9a 541(define-public certbot
9fd0838b 542 (package
9495cf9a 543 (name "certbot")
686d4259
LF		 544 ;; Certbot and python-acme are developed in the same repository, and their
545 ;; versions should remain synchronized.
546 (version (package-version python-acme))
9fd0838b
DT		 547 (source (origin
548 (method url-fetch)
f349d36e 549 (uri (pypi-uri name version))
9fd0838b
DT		 550 (sha256
551 (base32
eb93f1c9 552 "0lwxqz3r0fg3dy06fgba1dfs7n6ribc25z0rh5rqbl7mvy8hf8x7"))))
9fd0838b
DT		 553 (build-system python-build-system)
554 (arguments
fed1898d 555 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 556 ((#:phases phases)
557 `(modify-phases ,phases
1fc8476d 558 (replace 'install-documentation
f26d6e4e
LF		 559 (lambda* (#:key outputs #:allow-other-keys)
560 (let* ((out (assoc-ref outputs "out"))
561 (man1 (string-append out "/share/man/man1"))
562 (man7 (string-append out "/share/man/man7"))
563 (info (string-append out "/info")))
1fc8476d
MB		 564 (install-file "docs/_build/texinfo/Certbot.info" info)
565 (install-file "docs/_build/man/certbot.1" man1)
566 (install-file "docs/_build/man/certbot.7" man7)
567 #t))))))))
f9263d9a 568 ;; TODO: Add optional inputs for testing.
9fd0838b 569 (native-inputs
fed1898d 570 `(("python-nose" ,python-nose)
4ae65558 571 ("python-mock" ,python-mock)
f9263d9a 572 ;; For documentation
fed1898d
LF		 573 ("python-sphinx" ,python-sphinx)
574 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
575 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
576 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 577 ("texinfo" ,texinfo)))
9fd0838b 578 (propagated-inputs
fed1898d
LF		 579 `(("python-acme" ,python-acme)
580 ("python-zope-interface" ,python-zope-interface)
581 ("python-pyrfc3339" ,python-pyrfc3339)
582 ("python-pyopenssl" ,python-pyopenssl)
583 ("python-configobj" ,python-configobj)
584 ("python-configargparse" ,python-configargparse)
585 ("python-zope-component" ,python-zope-component)
586 ("python-parsedatetime" ,python-parsedatetime)
587 ("python-six" ,python-six)
588 ("python-psutil" ,python-psutil)
589 ("python-requests" ,python-requests)
590 ("python-pytz" ,python-pytz)))
d8a1be63 591 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 592 (description "Certbot automatically receives and installs X.509 certificates
593to enable Transport Layer Security (TLS) on servers. It interoperates with the
594Let’s Encrypt certificate authority (CA), which issues browser-trusted
595certificates for free.")
24778368 596 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 597 (license license:asl2.0)))
598
9495cf9a
LF		 599(define-public letsencrypt
600 (package (inherit certbot)
56ab55d1
LF		 601 (name "letsencrypt")
602 (properties `((superseded . ,certbot)))))
9495cf9a 603
cc2b77df
AE		 604(define-public perl-net-ssleay
605 (package
606 (name "perl-net-ssleay")
76cb9060 607 (version "1.81")
cc2b77df
AE		 608 (source (origin
609 (method url-fetch)
610 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
611 "Net-SSLeay-" version ".tar.gz"))
612 (sha256
613 (base32
76cb9060 614 "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0"))))
cc2b77df
AE		 615 (build-system perl-build-system)
616 (inputs `(("openssl" ,openssl)))
617 (arguments
1084ec08
MW		 618 `(#:phases
619 (modify-phases %standard-phases
1084ec08
MW		 620 (add-before
621 'configure 'set-ssl-prefix
622 (lambda* (#:key inputs #:allow-other-keys)
623 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
624 #t)))))
cc2b77df
AE		 625 (synopsis "Perl extension for using OpenSSL")
626 (description
627 "This module offers some high level convenience functions for accessing
628web pages on SSL servers (for symmetry, the same API is offered for accessing
629http servers, too), an sslcat() function for writing your own clients, and
630finally access to the SSL api of the SSLeay/OpenSSL package so you can write
631servers or clients for more complicated applications.")
2f3108ad 632 (license license:perl-license)
cc2b77df 633 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 634
635(define-public perl-crypt-openssl-rsa
636 (package
637 (name "perl-crypt-openssl-rsa")
638 (version "0.28")
639 (source
640 (origin
641 (method url-fetch)
642 (uri (string-append
643 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
644 version
645 ".tar.gz"))
646 (sha256
647 (base32
648 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
649 (build-system perl-build-system)
650 (inputs
651 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
652 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
653 ("openssl" ,openssl)))
654 (arguments perl-crypt-arguments)
655 (home-page
656 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
657 (synopsis
658 "RSA encoding and decoding, using the openSSL libraries")
659 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
660OpenSSL libraries).")
2f3108ad 661 (license license:perl-license)))
adff71ca
DM		 662
663(define perl-crypt-arguments
664 `(#:phases (modify-phases %standard-phases
665 (add-before 'configure 'patch-Makefile.PL
666 (lambda* (#:key inputs #:allow-other-keys)
667 (substitute* "Makefile.PL"
668 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
669 (assoc-ref inputs "openssl")
670 "/lib -lcrypto'],")))
671 #t)))))
672
673(define-public perl-crypt-openssl-bignum
674 (package
675 (name "perl-crypt-openssl-bignum")
94793c1d 676 (version "0.08")
adff71ca
DM		 677 (source
678 (origin
679 (method url-fetch)
680 (uri (string-append
681 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
682 version
683 ".tar.gz"))
684 (sha256
685 (base32
94793c1d 686 "0gamn4dff1bz77nswacy1dlpn9fkwahzw7yvvik4nbwwy2s63hc8"))))
adff71ca
DM		 687 (build-system perl-build-system)
688 (inputs `(("openssl" ,openssl)))
689 (arguments perl-crypt-arguments)
690 (home-page
691 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
692 (synopsis
693 "OpenSSL's multiprecision integer arithmetic in Perl")
694 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
695arithmetic in Perl.")
696 ;; At your option either gpl1+ or the Artistic License
2f3108ad 697 (license license:perl-license)))
cccb4d26
DM		 698
699(define-public perl-crypt-openssl-random
700 (package
701 (name "perl-crypt-openssl-random")
702 (version "0.11")
703 (source
704 (origin
705 (method url-fetch)
706 (uri (string-append
707 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
708 version
709 ".tar.gz"))
710 (sha256
711 (base32
712 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
713 (build-system perl-build-system)
714 (inputs `(("openssl" ,openssl)))
715 (arguments perl-crypt-arguments)
716 (home-page
717 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
718 (synopsis
719 "OpenSSL/LibreSSL pseudo-random number generator access")
720 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
721number generator")
2f3108ad 722 (license license:perl-license)))
0581c273
LF		 723
724(define-public acme-client
725 (package
726 (name "acme-client")
4a6b2a21 727 (version "0.1.16")
0581c273
LF		 728 (source (origin
729 (method url-fetch)
730 (uri (string-append "https://kristaps.bsd.lv/" name "/"
731 "snapshots/" name "-portable-"
732 version ".tgz"))
733 (sha256
734 (base32
4a6b2a21 735 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 736 (build-system gnu-build-system)
737 (arguments
738 '(#:tests? #f ; no test suite
739 #:make-flags
740 (list "CC=gcc"
741 (string-append "PREFIX=" (assoc-ref %outputs "out")))
742 #:phases
743 (modify-phases %standard-phases
7c1a7bf4
LF		 744 (add-after 'unpack 'patch-paths
745 (lambda* (#:key inputs #:allow-other-keys)
746 (let ((pem (string-append (assoc-ref inputs "libressl")
747 "/etc/ssl/cert.pem")))
748 (substitute* "http.c"
749 (("/etc/ssl/cert.pem") pem))
750 #t)))
0581c273 751 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 752 (native-inputs
753 `(("pkg-config" ,pkg-config)))
0581c273
LF		 754 (inputs
755 `(("libbsd" ,libbsd)
756 ("libressl" ,libressl)))
757 (synopsis "Let's Encrypt client by the OpenBSD project")
758 (description "acme-client is a Let's Encrypt client implemented in C. It
759uses a modular design, and attempts to secure itself by dropping privileges and
760operating in a chroot where possible. acme-client is developed on OpenBSD and
761then ported to the GNU / Linux environment.")
762 (home-page "https://kristaps.bsd.lv/acme-client/")
763 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
764 ;; and 'jsmn.c' are distributed under the Expat license.
765 (license (list license:isc license:expat))))
88522738 766
767;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
768;; variant exists in addition to the "-apache" one.
769(define-public mbedtls-apache
770 (package
771 (name "mbedtls-apache")
97497465 772 (version "2.6.0")
88522738 773 (source
774 (origin
775 (method url-fetch)
776 ;; XXX: The download links on the website are script redirection links
777 ;; which effectively lead to the format listed in the uri here.
778 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
779 version "-apache.tgz"))
780 (sha256
781 (base32
97497465 782 "11wnj34rfqxjggmdgf042i49lr6civgbqwv2p7p8bn6k2919vg4r"))))
88522738 783 (build-system cmake-build-system)
784 (native-inputs
785 `(("perl" ,perl)))
786 (synopsis "Small TLS library")
787 (description
788 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
789for developers to include cryptographic and SSL/TLS capabilities in their
790(embedded) products, facilitating this functionality with a minimal
791coding footprint.")
792 (home-page "https://tls.mbed.org")
793 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/