HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: obby: Omit static library.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
ac83dc82 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
05f6e601 3;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ad67d208 7;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>
db388401 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
3c986a7d 9;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e8df8800 12;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
a92c6b1a 13;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
bdcdd550 16;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
a9bcc647 17;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
7543f865 18;;;
233e7676 19;;; This file is part of GNU Guix.
7543f865 20;;;
233e7676 21;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 22;;; under the terms of the GNU General Public License as published by
23;;; the Free Software Foundation; either version 3 of the License, or (at
24;;; your option) any later version.
25;;;
233e7676 26;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 27;;; WITHOUT ANY WARRANTY; without even the implied warranty of
28;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29;;; GNU General Public License for more details.
30;;;
31;;; You should have received a copy of the GNU General Public License
233e7676 32;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 33
a7fd7b68 34(define-module (gnu packages tls)
e9aa8d0c 35 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 36 #:use-module (guix packages)
37 #:use-module (guix download)
ea22aa1f 38 #:use-module (guix git-download)
29a7c98a 39 #:use-module (guix utils)
7543f865 40 #:use-module (guix build-system gnu)
ea22aa1f 41 #:use-module (guix build-system go)
cc2b77df 42 #:use-module (guix build-system perl)
7890e3ba 43 #:use-module (guix build-system python)
88522738 44 #:use-module (guix build-system cmake)
e8b3a158 45 #:use-module (guix build-system trivial)
f61e0e79 46 #:use-module (gnu packages compression)
013ce67b 47 #:use-module (gnu packages)
e8b3a158 48 #:use-module (gnu packages bash)
ac257f12 49 #:use-module (gnu packages check)
e8b3a158 50 #:use-module (gnu packages curl)
5b9aa107 51 #:use-module (gnu packages dns)
e8b3a158 52 #:use-module (gnu packages gawk)
1ffa7090 53 #:use-module (gnu packages guile)
a9bcc647 54 #:use-module (gnu packages hurd)
0581c273 55 #:use-module (gnu packages libbsd)
27e86bed 56 #:use-module (gnu packages libffi)
866f469e 57 #:use-module (gnu packages libidn)
5d4c90ae 58 #:use-module (gnu packages linux)
7890e3ba 59 #:use-module (gnu packages ncurses)
27e86bed 60 #:use-module (gnu packages nettle)
1ffa7090 61 #:use-module (gnu packages perl)
27e86bed 62 #:use-module (gnu packages pkg-config)
7890e3ba 63 #:use-module (gnu packages python)
cc6f4912 64 #:use-module (gnu packages python-crypto)
1b2f753d 65 #:use-module (gnu packages python-web)
44d10b1f 66 #:use-module (gnu packages python-xyz)
9d0c291e 67 #:use-module (gnu packages sphinx)
a31f4d35 68 #:use-module (gnu packages texinfo)
33dc54b0 69 #:use-module (gnu packages time)
079f013b
LC		 70 #:use-module (gnu packages base)
71 #:use-module (srfi srfi-1))
7543f865
LC		 72
73(define-public libtasn1
74 (package
75 (name "libtasn1")
3a22f04a 76 (version "4.16.0")
7543f865
LC		 77 (source
78 (origin
79 (method url-fetch)
80 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
81 version ".tar.gz"))
82 (sha256
83 (base32
3a22f04a 84 "179jskl7dmfp1rd2khkzmlibzgki4wi6hvmmwfv7q49r728b03qf"))))
7543f865 85 (build-system gnu-build-system)
d9f84612
MB		 86 (arguments
87 `(#:configure-flags '("--disable-static")))
3ea110b7 88 (native-inputs `(("perl" ,perl)))
6fd52309 89 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 90 (synopsis "ASN.1 library")
7543f865 91 (description
79c311b8
LC		 92 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
93for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 94networking, allowing for formal validation of data according to some
95specifications.")
e9aa8d0c 96 (license license:lgpl2.0+)))
7543f865 97
375cef6c
HG		 98(define-public asn1c
99 (package
100 (name "asn1c")
ff7da7e0 101 (version "0.9.28")
375cef6c
HG		 102 (source (origin
103 (method url-fetch)
104 (uri (string-append "https://lionet.info/soft/asn1c-"
105 version ".tar.gz"))
106 (sha256
107 (base32
ff7da7e0 108 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 109 (build-system gnu-build-system)
110 (native-inputs
111 `(("perl" ,perl)))
112 (home-page "https://lionet.info/asn1c")
113 (synopsis "ASN.1 to C compiler")
114 (description "The ASN.1 to C compiler takes ASN.1 module
115files and generates C++ compatible C source code. That code can be
116used to serialize the native C structures into compact and unambiguous
117BER/XER/PER-based data files, and deserialize the files back.
118
119Various ASN.1 based formats are widely used in the industry, such as to encode
120the X.509 certificates employed in the HTTPS handshake, to exchange control
121data between mobile phones and cellular networks, to car-to-car communication
122in intelligent transportation networks.")
123 (license license:bsd-2)))
124
27e86bed
AE		 125(define-public p11-kit
126 (package
127 (name "p11-kit")
c84c0dbc 128 (version "0.23.22")
27e86bed
AE		 129 (source
130 (origin
131 (method url-fetch)
e6ad9bda 132 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
eae94df6 133 "download/" version "/p11-kit-" version ".tar.xz"))
27e86bed 134 (sha256
9ed46007 135 (base32 "1dn6br4v033d3gp2max9lsr3y4q0nj6iyr1yq3kzi8ym7lal13wa"))))
27e86bed
AE		 136 (build-system gnu-build-system)
137 (native-inputs
138 `(("pkg-config" ,pkg-config)))
139 (inputs
140 `(("libffi" ,libffi)
141 ("libtasn1" ,libtasn1)))
142 (arguments
d5c472a2
MB		 143 `(#:configure-flags '("--without-trust-paths")
144 #:phases (modify-phases %standard-phases
145 (add-before 'check 'prepare-tests
146 (lambda _
147 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
148 ;; and looks for .cache and other directories (only).
149 ;; For simplicity just drop it since it is irrelevant
150 ;; in the build container.
151 (substitute* "Makefile"
152 (("test-runtime\\$\\(EXEEXT\\)") ""))
153 #t)))))
4631e6c9 154 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 155 (synopsis "PKCS#11 library")
156 (description
157 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
158provides a standard configuration setup for installing PKCS#11 modules
159in such a way that they are discoverable. It also solves problems with
160coordinating the use of PKCS#11 by different components or libraries
161living in the same process.")
e9aa8d0c 162 (license license:bsd-3)))
27e86bed 163
7543f865
LC		 164(define-public gnutls
165 (package
166 (name "gnutls")
5c5bd76f 167 ;; XXX Unversion openconnect's "gnutls" input when ungrafting.
c5df560f 168 (replacement gnutls/fixed)
584d08c5 169 (version "3.6.12")
d7d408d5
LC		 170 (source (origin
171 (method url-fetch)
172 (uri
173 ;; Note: Releases are no longer on ftp.gnu.org since the
174 ;; schism (after version 3.1.5).
d93627e4 175 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 176 (version-major+minor version)
d93627e4 177 "/gnutls-" version ".tar.xz"))
06f5bc4e 178 (patches (search-patches "gnutls-skip-trust-store-test.patch"))
d7d408d5
LC		 179 (sha256
180 (base32
584d08c5 181 "0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z"))))
7543f865 182 (build-system gnu-build-system)
b94ae0b8 183 (arguments
525a351e
MO		 184 `(#:tests? ,(not (or (%current-target-system)
185 (hurd-target?)))
9015ed66 186 ;; Ensure we don't keep a reference to net-tools.
9ee8b41f 187 #:disallowed-references ,(if (hurd-target?) '() (list net-tools))
76b21274 188 #:configure-flags
a0700787 189 (list
aa7c7f21
MW		 190 ;; GnuTLS doesn't consult any environment variables to specify
191 ;; the location of the system-wide trust store. Instead it has a
192 ;; configure-time option. Unless specified, its configure script
193 ;; attempts to auto-detect the location by looking for common
8f65585b 194 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 195 ;; chroot build environment. If not found, then no default trust
196 ;; store is used, so each program has to provide its own
197 ;; fallback, and users have to configure each program
198 ;; independently. This seems suboptimal.
866f469e
MW		 199 "--with-default-trust-store-dir=/etc/ssl/certs"
200
7892edc2
MB		 201 ;; Tell the build system that we want Guile bindings installed to
202 ;; the output instead of Guiles own module directory.
203 (string-append "--with-guile-site-dir="
204 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
205 (string-append "--with-guile-site-ccache-dir="
206 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
207 (string-append "--with-guile-extension-dir="
208 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
209
866f469e
MW		 210 ;; FIXME: Temporarily disable p11-kit support since it is not
211 ;; working on mips64el.
606c6380
LC		 212 "--without-p11-kit")
213
214 #:phases (modify-phases %standard-phases
215 (add-after
216 'install 'move-doc
217 (lambda* (#:key outputs #:allow-other-keys)
218 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
219 (let* ((out (assoc-ref outputs "out"))
220 (doc (assoc-ref outputs "doc"))
9cdce047 221 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 222 (oldman (string-append out "/share/man/man3")))
223 (mkdir-p mandir)
224 (copy-recursively oldman mandir)
225 (delete-file-recursively oldman)
226 #t))))))
227 (outputs '("out" ;4.4 MiB
228 "debug"
229 "doc")) ;4.1 MiB of man pages
a1db0975 230 (native-inputs
a9bcc647
JN		 231 `(,@(if (hurd-target?) '()
232 `(("net-tools" ,net-tools)))
5d4c90ae 233 ("pkg-config" ,pkg-config)
ac83dc82 234 ("which" ,which)
2d49f175
JN		 235 ,@(if (hurd-target?) '()
236 `(("datefudge" ,datefudge))) ;tests rely on 'datefudge'
971c8bb0 237 ("util-linux" ,util-linux))) ;one test needs 'setsid'
7543f865 238 (inputs
67a3c8ed 239 `(("guile" ,guile-3.0)))
7543f865 240 (propagated-inputs
d2fcfd3d 241 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 242 `(("libtasn1" ,libtasn1)
55e61c4d 243 ("libidn2" ,libidn2)
866f469e 244 ("nettle" ,nettle)
f61e0e79 245 ("zlib" ,zlib)))
c19700c3 246 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 247 (synopsis "Transport layer security library")
7543f865 248 (description
a22dc0c4 249 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 250and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 251protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
252required structures.")
63e8bb12
LC		 253 (license license:lgpl2.1+)
254 (properties '((ftp-server . "ftp.gnutls.org")
255 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 256
c5df560f
MB		 257;; Replacement package to fix multiple security vulnerabilities.
258(define-public gnutls/fixed
079f013b 259 (package
58ea4d40 260 (inherit gnutls)
c5df560f 261 (version "3.6.15")
a270af31
LF		 262 (source (origin
263 (method url-fetch)
264 (uri (string-append "mirror://gnupg/gnutls/v"
265 (version-major+minor version)
8951b949 266 "/gnutls-" version ".tar.xz"))
7eee37cd
JN		 267 (patches (search-patches "gnutls-skip-trust-store-test.patch"
268 "gnutls-cross.patch"))
a270af31
LF		 269 (sha256
270 (base32
c5df560f 271 "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
7eee37cd
JN		 272 (native-inputs
273 `(,@(if (%current-target-system) ;for cross-build
274 `(("guile" ,guile-3.0)) ;to create .go files
275 '())
276 ,@(package-native-inputs gnutls)))))
a270af31
LF		 277
278(define-public gnutls/guile-2.0
279 ;; GnuTLS for Guile 2.0.
280 (package/inherit gnutls
a0700787
LC		 281 (name "guile2.0-gnutls")
282 (inputs `(("guile" ,guile-2.0)
58ea4d40 283 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 284
5b9aa107 285(define-public gnutls/dane
286 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
287 ;; Authentication of Named Entities. This is required for GNS functionality
288 ;; by GNUnet and gnURL. This is done in an extra package definition
289 ;; to have the choice between GnuTLS with Dane and without Dane.
7177411c 290 (package/inherit gnutls/fixed
5b9aa107 291 (name "gnutls-dane")
292 (inputs `(("unbound" ,unbound)
293 ,@(package-inputs gnutls)))))
294
67a3c8ed 295(define-public guile2.2-gnutls
d630d781 296 (package
5f9f034e 297 (inherit gnutls)
67a3c8ed
MB		 298 (name "guile2.2-gnutls")
299 (inputs `(("guile" ,guile-2.2)
d630d781 300 ,@(alist-delete "guile"
5f9f034e 301 (package-inputs gnutls))))))
d630d781 302
4e6c9f56
LC		 303(define-public guile3.0-gnutls
304 (deprecated-package "guile3.0-gnutls" gnutls))
67a3c8ed 305
cc2b77df
AE		 306(define-public openssl
307 (package
308 (name "openssl")
95ac5cd6 309 (version "1.1.1f")
02b21f35 310 (replacement openssl-1.1.1i)
cc2b77df 311 (source (origin
4cff124b 312 (method url-fetch)
bdf0b6fc
MB		 313 (uri (list (string-append "https://www.openssl.org/source/openssl-"
314 version ".tar.gz")
315 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 316 "openssl-" version ".tar.gz")
4cff124b
LC		 317 (string-append "ftp://ftp.openssl.org/source/old/"
318 (string-trim-right version char-set:letter)
c7f5c3ea 319 "/openssl-" version ".tar.gz")))
4cff124b
LC		 320 (sha256
321 (base32
95ac5cd6
MB		 322 "0d9zv9srjqivs8nn099fpbjv1wyhfcb8lzy491dpmfngdvz6nv0q"))
323 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
cc2b77df 324 (build-system gnu-build-system)
8c78aeb7 325 (outputs '("out"
e74f153a
MB		 326 "doc" ;6.8 MiB of man3 pages and full HTML documentation
327 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 328 (native-inputs `(("perl" ,perl)))
329 (arguments
88b52527 330 `(#:parallel-tests? #f
cc2b77df 331 #:test-target "test"
8c9ec203
LF		 332
333 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
334 ;; so we explicitly disallow it here.
335 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 336 #:phases
b6cb1358 337 (modify-phases %standard-phases
d4dbcb81
EF		 338 ,@(if (%current-target-system)
339 '((add-before
340 'configure 'set-cross-compile
341 (lambda* (#:key target outputs #:allow-other-keys)
342 (setenv "CROSS_COMPILE" (string-append target "-"))
343 (setenv "CONFIGURE_TARGET_ARCH"
344 (cond
345 ((string-prefix? "i586" target)
346 "hurd-x86")
347 ((string-prefix? "i686" target)
348 "linux-x86")
349 ((string-prefix? "x86_64" target)
350 "linux-x86_64")
351 ((string-prefix? "mips64el" target)
352 "linux-mips64")
353 ((string-prefix? "arm" target)
354 "linux-armv4")
355 ((string-prefix? "aarch64" target)
c8535c25
EF		 356 "linux-aarch64")
357 ((string-prefix? "powerpc64le" target)
358 "linux-ppc64le")
359 ((string-prefix? "powerpc64" target)
360 "linux-ppc64")
361 ((string-prefix? "powerpc" target)
362 "linux-ppc")))
d4dbcb81
EF		 363 #t)))
364 '())
e74f153a
MB		 365 (replace 'configure
366 (lambda* (#:key outputs #:allow-other-keys)
367 (let* ((out (assoc-ref outputs "out"))
368 (lib (string-append out "/lib")))
369 ;; It's not a shebang so patch-source-shebangs misses it.
370 (substitute* "config"
371 (("/usr/bin/env")
372 (string-append (assoc-ref %build-inputs "coreutils")
373 "/bin/env")))
bdcdd550 374 (invoke ,@(if (%current-target-system)
d4dbcb81
EF		 375 '("./Configure")
376 '("./config"))
e74f153a
MB		 377 "shared" ;build shared libraries
378 "--libdir=lib"
4fb254a3 379
e74f153a
MB		 380 ;; The default for this catch-all directory is
381 ;; PREFIX/ssl. Change that to something more
382 ;; conventional.
383 (string-append "--openssldir=" out
384 "/share/openssl-" ,version)
4fb254a3 385
e74f153a 386 (string-append "--prefix=" out)
bdcdd550 387 (string-append "-Wl,-rpath," lib)
d4dbcb81
EF		 388 ,@(if (%current-target-system)
389 '((getenv "CONFIGURE_TARGET_ARCH"))
390 '())))))
8c78aeb7
LC		 391 (add-after 'install 'move-static-libraries
392 (lambda* (#:key outputs #:allow-other-keys)
393 ;; Move static libraries to the "static" output.
394 (let* ((out (assoc-ref outputs "out"))
395 (lib (string-append out "/lib"))
396 (static (assoc-ref outputs "static"))
397 (slib (string-append static "/lib")))
8c78aeb7
LC		 398 (for-each (lambda (file)
399 (install-file file slib)
400 (delete-file file))
401 (find-files lib "\\.a$"))
402 #t)))
e74f153a 403 (add-after 'install 'move-extra-documentation
a909b576 404 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 405 ;; Move man3 pages and full HTML documentation to "doc".
406 (let* ((out (assoc-ref outputs "out"))
407 (man3 (string-append out "/share/man/man3"))
408 (html (string-append out "/share/doc/openssl"))
409 (doc (assoc-ref outputs "doc"))
410 (man-target (string-append doc "/share/man/man3"))
411 (html-target (string-append doc "/share/doc/openssl")))
412 (copy-recursively man3 man-target)
413 (delete-file-recursively man3)
414 (copy-recursively html html-target)
415 (delete-file-recursively html)
416 #t)))
784d6e91
LC		 417 (add-after
418 'install 'remove-miscellany
419 (lambda* (#:key outputs #:allow-other-keys)
420 ;; The 'misc' directory contains random undocumented shell and Perl
421 ;; scripts. Remove them to avoid retaining a reference on Perl.
422 (let ((out (assoc-ref outputs "out")))
423 (delete-file-recursively (string-append out "/share/openssl-"
424 ,version "/misc"))
425 #t))))))
cc2b77df 426 (native-search-paths
cc2b77df
AE		 427 (list (search-path-specification
428 (variable "SSL_CERT_DIR")
5d7a47cc 429 (separator #f) ;single entry
cc2b77df
AE		 430 (files '("etc/ssl/certs")))
431 (search-path-specification
432 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 433 (file-type 'regular)
434 (separator #f) ;single entry
cc2b77df
AE		 435 (files '("etc/ssl/certs/ca-certificates.crt")))))
436 (synopsis "SSL/TLS implementation")
437 (description
e881752c 438 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 439 (license license:openssl)
4631e6c9 440 (home-page "https://www.openssl.org/")))
cc2b77df 441
02b21f35 442(define openssl-1.1.1i
2e76ddd6
MB		 443 (package
444 (inherit openssl)
02b21f35 445 (version "1.1.1i")
9ff87bb9 446 (source (origin
763899f0 447 (method url-fetch)
77576be4
MB		 448 (uri (list (string-append "https://www.openssl.org/source/openssl-"
449 version ".tar.gz")
450 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 451 "openssl-" version ".tar.gz")
763899f0
LF		 452 (string-append "ftp://ftp.openssl.org/source/old/"
453 (string-trim-right version char-set:letter)
c7f5c3ea 454 "/openssl-" version ".tar.gz")))
9ff87bb9
LC		 455 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
456 (sha256
457 (base32
02b21f35 458 "0hjj1phcwkz69lx1lrvr9grhpl4y529mwqycqc1hdla1zqsnmgp8"))))))
9ff87bb9 459
e74f153a 460(define-public openssl-1.0
763899f0
LF		 461 (package
462 (inherit openssl)
463 (name "openssl")
b0b79542 464 (version "1.0.2u")
763899f0 465 (source (origin
e74f153a
MB		 466 (method url-fetch)
467 (uri (list (string-append "https://www.openssl.org/source/openssl-"
468 version ".tar.gz")
469 (string-append "ftp://ftp.openssl.org/source/"
470 "openssl-" version ".tar.gz")
471 (string-append "ftp://ftp.openssl.org/source/old/"
472 (string-trim-right version char-set:letter)
473 "/openssl-" version ".tar.gz")))
763899f0
LF		 474 (sha256
475 (base32
b0b79542 476 "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
e74f153a
MB		 477 (patches (search-patches "openssl-runpath.patch"
478 "openssl-c-rehash-in.patch"))))
763899f0 479 (outputs '("out"
e74f153a
MB		 480 "doc" ;1.5MiB of man3 pages
481 "static")) ;6MiB of .a files
763899f0
LF		 482 (arguments
483 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 484 ;; Parallel build is not supported in 1.0.x.
485 ((#:parallel-build? _ #f) #f)
763899f0
LF		 486 ((#:phases phases)
487 `(modify-phases ,phases
e74f153a
MB		 488 (add-before 'patch-source-shebangs 'patch-tests
489 (lambda* (#:key inputs native-inputs #:allow-other-keys)
490 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
491 (substitute* (find-files "test" ".*")
492 (("/bin/sh")
493 (string-append bash "/bin/sh"))
494 (("/bin/rm")
495 "rm"))
496 #t)))
497 (add-before 'configure 'patch-Makefile.org
763899f0 498 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 499 ;; The default MANDIR is some unusual place. Fix that.
500 (let ((out (assoc-ref outputs "out")))
501 (patch-makefile-SHELL "Makefile.org")
502 (substitute* "Makefile.org"
503 (("^MANDIR[[:blank:]]*=.*$")
504 (string-append "MANDIR = " out "/share/man\n")))
505 #t)))
bdcdd550
MO		 506 (replace 'configure
507 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
508 (lambda* (#:key outputs #:allow-other-keys)
509 (let ((out (assoc-ref outputs "out")))
510 (invoke ,@(if (%current-target-system)
511 '("./Configure")
512 '("./config"))
513 "shared" ;build shared libraries
514 "--libdir=lib"
fc184fe2 515
bdcdd550
MO		 516 ;; The default for this catch-all directory is
517 ;; PREFIX/ssl. Change that to something more
518 ;; conventional.
519 (string-append "--openssldir=" out
520 "/share/openssl-" ,version)
fc184fe2 521
bdcdd550
MO		 522 (string-append "--prefix=" out)
523 ,@(if (%current-target-system)
524 '((getenv "CONFIGURE_TARGET_ARCH"))
525 '())))))
e74f153a
MB		 526 (delete 'move-extra-documentation)
527 (add-after 'install 'move-man3-pages
528 (lambda* (#:key outputs #:allow-other-keys)
529 ;; Move section 3 man pages to "doc".
530 (let* ((out (assoc-ref outputs "out"))
531 (man3 (string-append out "/share/man/man3"))
532 (doc (assoc-ref outputs "doc"))
533 (target (string-append doc "/share/man/man3")))
534 (mkdir-p target)
535 (for-each (lambda (file)
536 (rename-file file
537 (string-append target "/"
538 (basename file))))
539 (find-files man3))
540 (delete-file-recursively man3)
541 #t)))
fc184fe2
MB		 542 ;; XXX: Duplicate this phase to make sure 'version' evaluates
543 ;; in the current scope and not the inherited one.
544 (replace 'remove-miscellany
545 (lambda* (#:key outputs #:allow-other-keys)
546 ;; The 'misc' directory contains random undocumented shell and Perl
547 ;; scripts. Remove them to avoid retaining a reference on Perl.
548 (let ((out (assoc-ref outputs "out")))
549 (delete-file-recursively (string-append out "/share/openssl-"
550 ,version "/misc"))
763899f0
LF		 551 #t)))))))))
552
cb6a802c
AE		 553(define-public libressl
554 (package
555 (name "libressl")
1aa37552 556 (version "3.1.4")
644e5f17
TGR		 557 (source (origin
558 (method url-fetch)
559 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 560 "libressl-" version ".tar.gz"))
644e5f17
TGR		 561 (sha256
562 (base32
1aa37552 563 "1dnbbnr43jashxivnafmh9gnn57c7ayva788ba03z633k6f18k21"))))
cb6a802c 564 (build-system gnu-build-system)
a2d64899
LC		 565 (arguments
566 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
567 ;; and libc would return ENOSYS, which is not properly handled.
568 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 569 '(#:configure-flags '("ac_cv_func_getentropy=no"
570 ;; Provide a TLS-enabled netcat.
571 "--enable-nc")))
cb6a802c 572 (native-search-paths
cb6a802c
AE		 573 (list (search-path-specification
574 (variable "SSL_CERT_DIR")
04cfe91e 575 (separator #f) ;single entry
cb6a802c
AE		 576 (files '("etc/ssl/certs")))
577 (search-path-specification
578 (variable "SSL_CERT_FILE")
04cfe91e 579 (separator #f) ;single entry
cb6a802c 580 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 581 (home-page "https://www.libressl.org/")
cb6a802c 582 (synopsis "SSL/TLS implementation")
df08f385
LF		 583 (description "LibreSSL is a version of the TLS/crypto stack, forked from
584OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
585and applying best practice development processes. This package also includes a
586netcat implementation that supports TLS.")
cb6a802c
AE		 587 ;; Files taken from OpenSSL keep their license, others are under various
588 ;; non-copyleft licenses.
589 (license (list license:openssl
590 (license:non-copyleft
591 "file://COPYING"
592 "See COPYING in the distribution.")))))
593
6cefd53d 594(define-public python-acme
7890e3ba 595 (package
6cefd53d 596 (name "python-acme")
686d4259 597 ;; Remember to update the hash of certbot when updating python-acme.
a83866e4 598 (version "1.10.1")
7890e3ba 599 (source (origin
9495cf9a 600 (method url-fetch)
f349d36e 601 (uri (pypi-uri "acme" version))
881006b6
MB		 602 (sha256
603 (base32
a83866e4 604 "1n1g29f3qzy77xn06dss9nc92wndgm8phgjrvx740sy9xnd5bfzw"))))
7890e3ba
LF		 605 (build-system python-build-system)
606 (arguments
6cefd53d 607 `(#:phases
9bee9d87 608 (modify-phases %standard-phases
1fc8476d
MB		 609 (add-after 'build 'build-documentation
610 (lambda _
d4bd2453 611 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 612 (add-after 'install 'install-documentation
50a7963a
LF		 613 (lambda* (#:key outputs #:allow-other-keys)
614 (let* ((out (assoc-ref outputs "out"))
615 (man (string-append out "/share/man/man1"))
616 (info (string-append out "/info")))
1fc8476d
MB		 617 (install-file "docs/_build/texinfo/acme-python.info" info)
618 (install-file "docs/_build/man/acme-python.1" man)
619 #t))))))
50a7963a 620 ;; TODO: Add optional inputs for testing.
7890e3ba 621 (native-inputs
4ae65558 622 `(("python-mock" ,python-mock)
b494bbe4 623 ("python-pytest" ,python-pytest)
50a7963a
LF		 624 ;; For documentation
625 ("python-sphinx" ,python-sphinx)
626 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
627 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 628 ("texinfo" ,texinfo)))
7890e3ba 629 (propagated-inputs
92572184
LF		 630 `(("python-josepy" ,python-josepy)
631 ("python-six" ,python-six)
6cefd53d 632 ("python-requests" ,python-requests)
b494bbe4 633 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 634 ("python-pytz" ,python-pytz)
635 ("python-pyrfc3339" ,python-pyrfc3339)
636 ("python-pyasn1" ,python-pyasn1)
637 ("python-cryptography" ,python-cryptography)
638 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 639 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 640 (synopsis "ACME protocol implementation in Python")
641 (description "ACME protocol implementation in Python")
642 (license license:asl2.0)))
643
9495cf9a 644(define-public certbot
9fd0838b 645 (package
9495cf9a 646 (name "certbot")
686d4259
LF		 647 ;; Certbot and python-acme are developed in the same repository, and their
648 ;; versions should remain synchronized.
649 (version (package-version python-acme))
9fd0838b
DT		 650 (source (origin
651 (method url-fetch)
b380463b 652 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 653 (sha256
654 (base32
a83866e4 655 "1dww9m1a2p3a9vpxs5j29f8cdkqywqb4j70z3cnkpl7017yf77hd"))))
9fd0838b
DT		 656 (build-system python-build-system)
657 (arguments
fed1898d 658 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 659 ((#:phases phases)
660 `(modify-phases ,phases
1fc8476d 661 (replace 'install-documentation
f26d6e4e
LF		 662 (lambda* (#:key outputs #:allow-other-keys)
663 (let* ((out (assoc-ref outputs "out"))
664 (man1 (string-append out "/share/man/man1"))
665 (man7 (string-append out "/share/man/man7"))
666 (info (string-append out "/info")))
1fc8476d
MB		 667 (install-file "docs/_build/texinfo/Certbot.info" info)
668 (install-file "docs/_build/man/certbot.1" man1)
669 (install-file "docs/_build/man/certbot.7" man7)
670 #t))))))))
f9263d9a 671 ;; TODO: Add optional inputs for testing.
9fd0838b 672 (native-inputs
d05c14df
TGR		 673 `(("python-mock" ,python-mock)
674 ("python-pytest" ,python-pytest)
f9263d9a 675 ;; For documentation
fed1898d
LF		 676 ("python-sphinx" ,python-sphinx)
677 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
678 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
679 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 680 ("texinfo" ,texinfo)))
9fd0838b 681 (propagated-inputs
fed1898d 682 `(("python-acme" ,python-acme)
d05c14df 683 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 684 ("python-zope-interface" ,python-zope-interface)
685 ("python-pyrfc3339" ,python-pyrfc3339)
686 ("python-pyopenssl" ,python-pyopenssl)
687 ("python-configobj" ,python-configobj)
688 ("python-configargparse" ,python-configargparse)
b977d900 689 ("python-distro" ,python-distro)
fed1898d
LF		 690 ("python-zope-component" ,python-zope-component)
691 ("python-parsedatetime" ,python-parsedatetime)
692 ("python-six" ,python-six)
693 ("python-psutil" ,python-psutil)
694 ("python-requests" ,python-requests)
695 ("python-pytz" ,python-pytz)))
d8a1be63 696 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 697 (description "Certbot automatically receives and installs X.509 certificates
698to enable Transport Layer Security (TLS) on servers. It interoperates with the
699Let’s Encrypt certificate authority (CA), which issues browser-trusted
700certificates for free.")
24778368 701 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 702 (license license:asl2.0)))
703
9495cf9a
LF		 704(define-public letsencrypt
705 (package (inherit certbot)
56ab55d1
LF		 706 (name "letsencrypt")
707 (properties `((superseded . ,certbot)))))
9495cf9a 708
cc2b77df
AE		 709(define-public perl-net-ssleay
710 (package
711 (name "perl-net-ssleay")
966e4bea 712 (version "1.88")
cc2b77df
AE		 713 (source (origin
714 (method url-fetch)
c50f15d6 715 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 716 "Net-SSLeay-" version ".tar.gz"))
717 (sha256
718 (base32
966e4bea 719 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 720 (build-system perl-build-system)
721 (inputs `(("openssl" ,openssl)))
722 (arguments
1084ec08
MW		 723 `(#:phases
724 (modify-phases %standard-phases
1084ec08
MW		 725 (add-before
726 'configure 'set-ssl-prefix
727 (lambda* (#:key inputs #:allow-other-keys)
728 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
729 #t)))))
cc2b77df
AE		 730 (synopsis "Perl extension for using OpenSSL")
731 (description
732 "This module offers some high level convenience functions for accessing
733web pages on SSL servers (for symmetry, the same API is offered for accessing
734http servers, too), an sslcat() function for writing your own clients, and
735finally access to the SSL api of the SSLeay/OpenSSL package so you can write
736servers or clients for more complicated applications.")
2f3108ad 737 (license license:perl-license)
9aba9b12 738 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 739
740(define-public perl-crypt-openssl-rsa
741 (package
742 (name "perl-crypt-openssl-rsa")
a9994b27 743 (version "0.31")
4532c0c0
DM		 744 (source
745 (origin
746 (method url-fetch)
747 (uri (string-append
683b8d47 748 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 749 version
750 ".tar.gz"))
751 (sha256
752 (base32
a9994b27 753 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 754 (build-system perl-build-system)
683b8d47
TGR		 755 (native-inputs
756 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 757 (inputs
758 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
759 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
760 ("openssl" ,openssl)))
761 (arguments perl-crypt-arguments)
762 (home-page
9aba9b12 763 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 764 (synopsis
765 "RSA encoding and decoding, using the openSSL libraries")
766 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
767OpenSSL libraries).")
2f3108ad 768 (license license:perl-license)))
adff71ca
DM		 769
770(define perl-crypt-arguments
771 `(#:phases (modify-phases %standard-phases
772 (add-before 'configure 'patch-Makefile.PL
773 (lambda* (#:key inputs #:allow-other-keys)
774 (substitute* "Makefile.PL"
775 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
776 (assoc-ref inputs "openssl")
777 "/lib -lcrypto'],")))
778 #t)))))
779
780(define-public perl-crypt-openssl-bignum
781 (package
782 (name "perl-crypt-openssl-bignum")
7e8aac18 783 (version "0.09")
adff71ca
DM		 784 (source
785 (origin
786 (method url-fetch)
787 (uri (string-append
788 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
789 version
790 ".tar.gz"))
791 (sha256
792 (base32
7e8aac18 793 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 794 (build-system perl-build-system)
795 (inputs `(("openssl" ,openssl)))
796 (arguments perl-crypt-arguments)
797 (home-page
9aba9b12 798 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 799 (synopsis
800 "OpenSSL's multiprecision integer arithmetic in Perl")
801 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
802arithmetic in Perl.")
803 ;; At your option either gpl1+ or the Artistic License
2f3108ad 804 (license license:perl-license)))
cccb4d26 805
c80590f6
TGR		 806(define-public perl-crypt-openssl-guess
807 (package
808 (name "perl-crypt-openssl-guess")
809 (version "0.11")
810 (source
811 (origin
812 (method url-fetch)
813 (uri (string-append
814 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
815 version ".tar.gz"))
816 (sha256
817 (base32
818 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
819 (build-system perl-build-system)
9aba9b12 820 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 821 (synopsis "Guess the OpenSSL include path")
822 (description
823 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
824correct OpenSSL include path. It is intended for use in your
825@file{Makefile.PL}.")
826 (license license:perl-license)))
827
cccb4d26
DM		 828(define-public perl-crypt-openssl-random
829 (package
830 (name "perl-crypt-openssl-random")
fa2d19cc 831 (version "0.15")
cccb4d26
DM		 832 (source
833 (origin
834 (method url-fetch)
835 (uri (string-append
836 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
837 version
838 ".tar.gz"))
839 (sha256
fa2d19cc 840 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 841 (build-system perl-build-system)
b30c23c4
TGR		 842 (native-inputs
843 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
844 (inputs
845 `(("openssl" ,openssl)))
cccb4d26
DM		 846 (arguments perl-crypt-arguments)
847 (home-page
9aba9b12 848 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 849 (synopsis
850 "OpenSSL/LibreSSL pseudo-random number generator access")
851 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
852number generator")
2f3108ad 853 (license license:perl-license)))
0581c273
LF		 854
855(define-public acme-client
856 (package
857 (name "acme-client")
4a6b2a21 858 (version "0.1.16")
0581c273
LF		 859 (source (origin
860 (method url-fetch)
861 (uri (string-append "https://kristaps.bsd.lv/" name "/"
862 "snapshots/" name "-portable-"
863 version ".tgz"))
864 (sha256
865 (base32
4a6b2a21 866 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 867 (build-system gnu-build-system)
868 (arguments
869 '(#:tests? #f ; no test suite
870 #:make-flags
871 (list "CC=gcc"
872 (string-append "PREFIX=" (assoc-ref %outputs "out")))
873 #:phases
874 (modify-phases %standard-phases
7c1a7bf4
LF		 875 (add-after 'unpack 'patch-paths
876 (lambda* (#:key inputs #:allow-other-keys)
877 (let ((pem (string-append (assoc-ref inputs "libressl")
878 "/etc/ssl/cert.pem")))
879 (substitute* "http.c"
880 (("/etc/ssl/cert.pem") pem))
881 #t)))
0581c273 882 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 883 (native-inputs
884 `(("pkg-config" ,pkg-config)))
0581c273
LF		 885 (inputs
886 `(("libbsd" ,libbsd)
887 ("libressl" ,libressl)))
888 (synopsis "Let's Encrypt client by the OpenBSD project")
889 (description "acme-client is a Let's Encrypt client implemented in C. It
890uses a modular design, and attempts to secure itself by dropping privileges and
891operating in a chroot where possible. acme-client is developed on OpenBSD and
892then ported to the GNU / Linux environment.")
893 (home-page "https://kristaps.bsd.lv/acme-client/")
894 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
895 ;; and 'jsmn.c' are distributed under the Expat license.
896 (license (list license:isc license:expat))))
88522738 897
898;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
899;; variant exists in addition to the "-apache" one.
900(define-public mbedtls-apache
901 (package
902 (name "mbedtls-apache")
5cdb25c6
TGR		 903 ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
904 ;; when updating.
927ecd4e 905 (version "2.23.0")
88522738 906 (source
907 (origin
927ecd4e
TGR		 908 (method git-fetch)
909 (uri (git-reference
910 (url "https://github.com/ARMmbed/mbedtls")
911 (commit (string-append "mbedtls-" version))))
88522738 912 (sha256
927ecd4e
TGR		 913 (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62"))
914 (file-name (git-file-name name version))))
88522738 915 (build-system cmake-build-system)
a64d9d56
RW		 916 (arguments
917 `(#:configure-flags
92ebd8ed 918 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
927ecd4e
TGR		 919 "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
920 #:phases
921 (modify-phases %standard-phases
922 (add-after 'unpack 'make-source-writable
923 (lambda _
924 (for-each make-file-writable (find-files "."))
927ecd4e 925 #t)))))
88522738 926 (native-inputs
38a9bf80
TGR		 927 `(("perl" ,perl)
928 ("python" ,python)))
88522738 929 (synopsis "Small TLS library")
930 (description
931 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
932for developers to include cryptographic and SSL/TLS capabilities in their
933(embedded) products, facilitating this functionality with a minimal
934coding footprint.")
935 (home-page "https://tls.mbed.org")
936 (license license:asl2.0)))
587d1752 937
8e87aa04
TGR		 938;; The Hiawatha Web server requires some specific features to be enabled.
939(define-public mbedtls-for-hiawatha
940 (hidden-package
941 (package
942 (inherit mbedtls-apache)
943 (arguments
5cdb25c6
TGR		 944 (substitute-keyword-arguments (package-arguments mbedtls-apache)
945 ((#:phases phases)
946 `(modify-phases ,phases
947 (add-before 'configure 'configure-extra-features
948 (lambda _
949 (for-each (lambda (feature)
950 (invoke "scripts/config.pl" "set" feature))
951 (list "MBEDTLS_THREADING_C"
952 "MBEDTLS_THREADING_PTHREAD"))
953 ;; XXX The above enables code that breaks with -Werror…
954 (substitute* "CMakeLists.txt"
955 ((" -Wformat-signedness") ""))
956 #t)))))))))
8e87aa04 957
e8b3a158
CL		 958(define-public dehydrated
959 (package
960 (name "dehydrated")
69b98261 961 (version "0.7.0")
e8b3a158 962 (source (origin
2850d877 963 (method url-fetch)
e8b3a158 964 (uri (string-append
bb5ab9bf 965 "https://github.com/dehydrated-io/dehydrated/releases/download/"
2850d877 966 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 967 (sha256
968 (base32
69b98261 969 "1yf4kldyd5y13r6qxrkcbbk74ykngq7jzy0351vb2r3ywp114pqw"))))
e8b3a158
CL		 970 (build-system trivial-build-system)
971 (arguments
c150d637
TGR		 972 `(#:modules ((guix build utils)
973 (srfi srfi-26))
e8b3a158
CL		 974 #:builder
975 (begin
c150d637
TGR		 976 (use-modules (guix build utils)
977 (srfi srfi-26))
e8b3a158 978 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 979 (tar (assoc-ref %build-inputs "tar"))
980 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 981 (out (assoc-ref %outputs "out"))
982 (bin (string-append out "/bin"))
c150d637
TGR		 983 (doc (string-append out "/share/doc/" ,name "-" ,version))
984 (man (string-append out "/share/man"))
e8b3a158 985 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 986
987 (setenv "PATH" (string-append gz "/bin"))
988 (invoke (string-append tar "/bin/tar") "xvf" source)
989 (chdir (string-append ,name "-" ,version))
990
c150d637
TGR		 991 (copy-recursively "docs" doc)
992 (install-file "LICENSE" doc)
993
994 (mkdir-p man)
995 (rename-file (string-append doc "/man")
996 (string-append man "/man1"))
997 (for-each (cut invoke "gzip" "-9" <>)
998 (find-files man ".*"))
999
2850d877 1000 (install-file "dehydrated" bin)
e8b3a158 1001 (with-directory-excursion bin
e8b3a158
CL		 1002 (patch-shebang "dehydrated" (list bash))
1003
c150d637 1004 ;; Do not try to write to the store.
e8b3a158
CL		 1005 (substitute* "dehydrated"
1006 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
1007
1008 (setenv "PATH" bash)
1009 (wrap-program "dehydrated"
1010 `("PATH" ":" prefix
1011 ,(map (lambda (dir)
1012 (string-append dir "/bin"))
1013 (map (lambda (input)
1014 (assoc-ref %build-inputs input))
1015 '("coreutils"
1016 "curl"
1017 "diffutils"
1018 "gawk"
1019 "grep"
1020 "openssl"
1021 "sed"))))))
1022 #t))))
1023 (inputs
1024 `(("bash" ,bash)
1025 ("coreutils" ,coreutils)
1026 ("curl" ,curl)
1027 ("diffutils" ,diffutils)
1028 ("gawk" ,gawk)
1029 ("grep" ,grep)
1030 ("openssl" ,openssl)
1031 ("sed" ,sed)))
2850d877
EF		 1032 (native-inputs
1033 `(("gzip" ,gzip)
1034 ("tar" ,tar)))
e8b3a158
CL		 1035 (home-page "https://dehydrated.io/")
1036 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
1037 (description "Dehydrated is a client for signing certificates with an
1038ACME-server (currently only provided by Let's Encrypt) implemented as a
1039relatively simple Bash script.")
1040 (license license:expat)))
ea22aa1f
LF		 1041
1042(define-public go-github-com-certifi-gocertifi
db388401
LF		 1043 (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec")
1044 (revision "1"))
1045 (package
1046 (name "go-github-com-certifi-gocertifi")
1047 (version (git-version "2018.01.18" revision commit))
1048 (source (origin
1049 (method git-fetch)
1050 (uri (git-reference
1051 (url "https://github.com/certifi/gocertifi")
1052 (commit commit)))
1053 (file-name (git-file-name name version))
1054 (sha256
1055 (base32
1056 "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj"))))
1057 (build-system go-build-system)
1058 (arguments
1059 '(#:import-path "github.com/certifi/gocertifi"))
1060 (synopsis "X.509 TLS root certificate bundle for Go")
1061 (description "This package is a Go language X.509 TLS root certificate bundle,
ea22aa1f 1062derived from Mozilla's collection.")
db388401
LF		 1063 (home-page "https://certifi.io")
1064 (license license:mpl2.0))))
jackhill's copy of GNU Guix: https://guix.gnu.org/