HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: tcsh: Use modify-phases.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
3c0f7910 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
80cc3a0a 3;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
12433a21 7;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
df0625ab 8;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
3ea110b7 9;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
679b535b 10;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
375cef6c 11;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
7543f865 12;;;
233e7676 13;;; This file is part of GNU Guix.
7543f865 14;;;
233e7676 15;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 16;;; under the terms of the GNU General Public License as published by
17;;; the Free Software Foundation; either version 3 of the License, or (at
18;;; your option) any later version.
19;;;
233e7676 20;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 21;;; WITHOUT ANY WARRANTY; without even the implied warranty of
22;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23;;; GNU General Public License for more details.
24;;;
25;;; You should have received a copy of the GNU General Public License
233e7676 26;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 27
a7fd7b68 28(define-module (gnu packages tls)
e9aa8d0c 29 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 30 #:use-module (guix packages)
31 #:use-module (guix download)
29a7c98a 32 #:use-module (guix utils)
7543f865 33 #:use-module (guix build-system gnu)
cc2b77df 34 #:use-module (guix build-system perl)
7890e3ba 35 #:use-module (guix build-system python)
f61e0e79 36 #:use-module (gnu packages compression)
013ce67b 37 #:use-module (gnu packages)
1ffa7090 38 #:use-module (gnu packages guile)
0581c273 39 #:use-module (gnu packages libbsd)
27e86bed 40 #:use-module (gnu packages libffi)
866f469e 41 #:use-module (gnu packages libidn)
5d4c90ae 42 #:use-module (gnu packages linux)
7890e3ba 43 #:use-module (gnu packages ncurses)
27e86bed 44 #:use-module (gnu packages nettle)
1ffa7090 45 #:use-module (gnu packages perl)
27e86bed 46 #:use-module (gnu packages pkg-config)
7890e3ba 47 #:use-module (gnu packages python)
a31f4d35 48 #:use-module (gnu packages texinfo)
079f013b
LC		 49 #:use-module (gnu packages base)
50 #:use-module (srfi srfi-1))
7543f865
LC		 51
52(define-public libtasn1
53 (package
54 (name "libtasn1")
3853bf25 55 (version "4.10")
7543f865
LC		 56 (source
57 (origin
58 (method url-fetch)
59 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
60 version ".tar.gz"))
61 (sha256
62 (base32
3853bf25 63 "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8"))))
7543f865 64 (build-system gnu-build-system)
3ea110b7 65 (native-inputs `(("perl" ,perl)))
7543f865 66 (home-page "http://www.gnu.org/software/libtasn1/")
f50d2669 67 (synopsis "ASN.1 library")
7543f865 68 (description
79c311b8
LC		 69 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
70for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 71networking, allowing for formal validation of data according to some
72specifications.")
e9aa8d0c 73 (license license:lgpl2.0+)))
7543f865 74
375cef6c
HG		 75(define-public asn1c
76 (package
77 (name "asn1c")
78 (version "0.9.27")
79 (source (origin
80 (method url-fetch)
81 (uri (string-append "https://lionet.info/soft/asn1c-"
82 version ".tar.gz"))
83 (sha256
84 (base32
85 "17nvn2kzvlryasr9dzqg6gs27b9lvqpval0k31pb64bjqbhn8pq2"))))
86 (build-system gnu-build-system)
87 (native-inputs
88 `(("perl" ,perl)))
89 (home-page "https://lionet.info/asn1c")
90 (synopsis "ASN.1 to C compiler")
91 (description "The ASN.1 to C compiler takes ASN.1 module
92files and generates C++ compatible C source code. That code can be
93used to serialize the native C structures into compact and unambiguous
94BER/XER/PER-based data files, and deserialize the files back.
95
96Various ASN.1 based formats are widely used in the industry, such as to encode
97the X.509 certificates employed in the HTTPS handshake, to exchange control
98data between mobile phones and cellular networks, to car-to-car communication
99in intelligent transportation networks.")
100 (license license:bsd-2)))
101
27e86bed
AE		 102(define-public p11-kit
103 (package
104 (name "p11-kit")
2b11b9ab 105 (version "0.23.2")
27e86bed
AE		 106 (source
107 (origin
108 (method url-fetch)
5cc3096c 109 (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-"
27e86bed
AE		 110 version ".tar.gz"))
111 (sha256
112 (base32
2b11b9ab 113 "1w7szm190phlkg7qx05ychlj2dbvkgkhx9gw6dx4d5rw62l6wwms"))
27e86bed
AE		 114 (modules '((guix build utils))) ; for substitute*
115 (snippet
116 '(begin
117 ;; Drop one test that fails, also when trying to compile manually.
118 ;; Reported upstream at
119 ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
120 (substitute* "Makefile.in"
121 (("test-module\\$\\(EXEEXT\\) ") ""))))))
122 (build-system gnu-build-system)
123 (native-inputs
124 `(("pkg-config" ,pkg-config)))
125 (inputs
126 `(("libffi" ,libffi)
127 ("libtasn1" ,libtasn1)))
128 (arguments
129 `(#:configure-flags '("--without-trust-paths")))
130 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
131 (synopsis "PKCS#11 library")
132 (description
133 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
134provides a standard configuration setup for installing PKCS#11 modules
135in such a way that they are discoverable. It also solves problems with
136coordinating the use of PKCS#11 by different components or libraries
137living in the same process.")
e9aa8d0c 138 (license license:bsd-3)))
27e86bed 139
7543f865
LC		 140(define-public gnutls
141 (package
142 (name "gnutls")
0b866506 143 (version "3.5.9")
d7d408d5
LC		 144 (source (origin
145 (method url-fetch)
146 (uri
147 ;; Note: Releases are no longer on ftp.gnu.org since the
148 ;; schism (after version 3.1.5).
d93627e4 149 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 150 (version-major+minor version)
d93627e4 151 "/gnutls-" version ".tar.xz"))
d7d408d5
LC		 152 (sha256
153 (base32
0b866506 154 "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2"))))
7543f865 155 (build-system gnu-build-system)
b94ae0b8
AK		 156 (arguments
157 '(#:configure-flags
158 (list (string-append "--with-guile-site-dir="
159 (assoc-ref %outputs "out")
aa7c7f21
MW		 160 "/share/guile/site/2.0")
161 ;; GnuTLS doesn't consult any environment variables to specify
162 ;; the location of the system-wide trust store. Instead it has a
163 ;; configure-time option. Unless specified, its configure script
164 ;; attempts to auto-detect the location by looking for common
8f65585b 165 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 166 ;; chroot build environment. If not found, then no default trust
167 ;; store is used, so each program has to provide its own
168 ;; fallback, and users have to configure each program
169 ;; independently. This seems suboptimal.
866f469e
MW		 170 "--with-default-trust-store-dir=/etc/ssl/certs"
171
172 ;; FIXME: Temporarily disable p11-kit support since it is not
173 ;; working on mips64el.
606c6380
LC		 174 "--without-p11-kit")
175
176 #:phases (modify-phases %standard-phases
177 (add-after
178 'install 'move-doc
179 (lambda* (#:key outputs #:allow-other-keys)
180 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
181 (let* ((out (assoc-ref outputs "out"))
182 (doc (assoc-ref outputs "doc"))
9cdce047 183 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 184 (oldman (string-append out "/share/man/man3")))
185 (mkdir-p mandir)
186 (copy-recursively oldman mandir)
187 (delete-file-recursively oldman)
188 #t))))))
189 (outputs '("out" ;4.4 MiB
190 "debug"
191 "doc")) ;4.1 MiB of man pages
a1db0975 192 (native-inputs
5d4c90ae
LF		 193 `(("net-tools" ,net-tools)
194 ("pkg-config" ,pkg-config)
d2fcfd3d 195 ("which" ,which)))
7543f865 196 (inputs
59e0bd71 197 `(("guile" ,guile-2.0)))
7543f865 198 (propagated-inputs
d2fcfd3d 199 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 200 `(("libtasn1" ,libtasn1)
866f469e
MW		 201 ("libidn" ,libidn)
202 ("nettle" ,nettle)
f61e0e79 203 ("zlib" ,zlib)))
c19700c3 204 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 205 (synopsis "Transport layer security library")
7543f865 206 (description
a22dc0c4 207 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 208and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 209protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
210required structures.")
63e8bb12
LC		 211 (license license:lgpl2.1+)
212 (properties '((ftp-server . "ftp.gnutls.org")
213 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 214
079f013b
LC		 215(define-public gnutls/guile-2.2
216 ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5.
217 (package
58ea4d40 218 (inherit gnutls)
079f013b
LC		 219 (name "guile2.2-gnutls")
220 (arguments
221 ;; Remove '--with-guile-site-dir=…/2.0'.
58ea4d40 222 (substitute-keyword-arguments (package-arguments gnutls)
079f013b
LC		 223 ((#:configure-flags flags)
224 `(cdr ,flags))))
225 (inputs `(("guile" ,guile-next)
58ea4d40 226 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 227
cc2b77df
AE		 228(define-public openssl
229 (package
230 (name "openssl")
4c145d21 231 (version "1.0.2k")
cc2b77df 232 (source (origin
4cff124b
LC		 233 (method url-fetch)
234 (uri (list (string-append "ftp://ftp.openssl.org/source/"
235 name "-" version ".tar.gz")
236 (string-append "ftp://ftp.openssl.org/source/old/"
237 (string-trim-right version char-set:letter)
238 "/" name "-" version ".tar.gz")))
239 (sha256
240 (base32
4c145d21 241 "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
fc1adab1 242 (patches (search-patches "openssl-runpath.patch"
1d8de185 243 "openssl-c-rehash-in.patch"))))
cc2b77df 244 (build-system gnu-build-system)
8c78aeb7 245 (outputs '("out"
a909b576 246 "doc" ;1.5MiB of man3 pages
8c78aeb7 247 "static")) ;6MiB of .a files
cc2b77df
AE		 248 (native-inputs `(("perl" ,perl)))
249 (arguments
d03781c3
LC		 250 `(#:disallowed-references (,perl)
251 #:parallel-build? #f
cc2b77df
AE		 252 #:parallel-tests? #f
253 #:test-target "test"
8c9ec203
LF		 254
255 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
256 ;; so we explicitly disallow it here.
257 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 258 #:phases
b6cb1358 259 (modify-phases %standard-phases
4fb254a3 260 (add-before
86c8f1da 261 'configure 'patch-Makefile.org
4fb254a3
LC		 262 (lambda* (#:key outputs #:allow-other-keys)
263 ;; The default MANDIR is some unusual place. Fix that.
264 (let ((out (assoc-ref outputs "out")))
86c8f1da 265 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 266 (substitute* "Makefile.org"
267 (("^MANDIR[[:blank:]]*=.*$")
268 (string-append "MANDIR = " out "/share/man\n")))
269 #t)))
b6cb1358
LC		 270 (replace
271 'configure
272 (lambda* (#:key outputs #:allow-other-keys)
273 (let ((out (assoc-ref outputs "out")))
274 (zero?
275 (system* "./config"
276 "shared" ;build shared libraries
277 "--libdir=lib"
4fb254a3
LC		 278
279 ;; The default for this catch-all directory is
280 ;; PREFIX/ssl. Change that to something more
281 ;; conventional.
282 (string-append "--openssldir=" out
283 "/share/openssl-" ,version)
284
b6cb1358
LC		 285 (string-append "--prefix=" out)
286
287 ;; XXX FIXME: Work around a code generation bug in GCC
288 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
289 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
290 ,@(if (and (not (%current-target-system))
291 (string-prefix? "armhf" (%current-system)))
292 '("-mfpu=vfpv3")
293 '()))))))
fe8199a8
LC		 294 (add-after
295 'install 'make-libraries-writable
296 (lambda* (#:key outputs #:allow-other-keys)
297 ;; Make libraries writable so that 'strip' does its job.
298 (let ((out (assoc-ref outputs "out")))
299 (for-each (lambda (file)
300 (chmod file #o644))
301 (find-files (string-append out "/lib")
302 "\\.so"))
303 #t)))
8c78aeb7
LC		 304 (add-after 'install 'move-static-libraries
305 (lambda* (#:key outputs #:allow-other-keys)
306 ;; Move static libraries to the "static" output.
307 (let* ((out (assoc-ref outputs "out"))
308 (lib (string-append out "/lib"))
309 (static (assoc-ref outputs "static"))
310 (slib (string-append static "/lib")))
8c78aeb7
LC		 311 (for-each (lambda (file)
312 (install-file file slib)
313 (delete-file file))
314 (find-files lib "\\.a$"))
315 #t)))
a909b576
LC		 316 (add-after 'install 'move-man3-pages
317 (lambda* (#:key outputs #:allow-other-keys)
318 ;; Move section 3 man pages to "doc".
319 (let* ((out (assoc-ref outputs "out"))
320 (man3 (string-append out "/share/man/man3"))
321 (doc (assoc-ref outputs "doc"))
322 (target (string-append doc "/share/man/man3")))
323 (mkdir-p target)
324 (for-each (lambda (file)
325 (rename-file file
326 (string-append target "/"
327 (basename file))))
328 (find-files man3))
5c838ec9 329 (delete-file-recursively man3)
a909b576 330 #t)))
b6cb1358
LC		 331 (add-before
332 'patch-source-shebangs 'patch-tests
333 (lambda* (#:key inputs native-inputs #:allow-other-keys)
334 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
335 (substitute* (find-files "test" ".*")
336 (("/bin/sh")
08a78c2f 337 (string-append bash "/bin/sh"))
b6cb1358 338 (("/bin/rm")
86c8f1da
MW		 339 "rm"))
340 #t)))
784d6e91
LC		 341 (add-after
342 'install 'remove-miscellany
343 (lambda* (#:key outputs #:allow-other-keys)
344 ;; The 'misc' directory contains random undocumented shell and Perl
345 ;; scripts. Remove them to avoid retaining a reference on Perl.
346 (let ((out (assoc-ref outputs "out")))
347 (delete-file-recursively (string-append out "/share/openssl-"
348 ,version "/misc"))
349 #t))))))
cc2b77df
AE		 350 (native-search-paths
351 ;; FIXME: These two variables must designate a single file or directory
352 ;; and are not actually "search paths." In practice it works OK in user
353 ;; profiles because there's always just one item that matches the
354 ;; specification.
355 (list (search-path-specification
356 (variable "SSL_CERT_DIR")
357 (files '("etc/ssl/certs")))
358 (search-path-specification
359 (variable "SSL_CERT_FILE")
360 (files '("etc/ssl/certs/ca-certificates.crt")))))
361 (synopsis "SSL/TLS implementation")
362 (description
e881752c 363 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 364 (license license:openssl)
cc2b77df
AE		 365 (home-page "http://www.openssl.org/")))
366
763899f0
LF		 367(define-public openssl-next
368 (package
369 (inherit openssl)
370 (name "openssl")
c85016ad 371 (version "1.1.0e")
763899f0
LF		 372 (source (origin
373 (method url-fetch)
374 (uri (list (string-append "ftp://ftp.openssl.org/source/"
375 name "-" version ".tar.gz")
376 (string-append "ftp://ftp.openssl.org/source/old/"
377 (string-trim-right version char-set:letter)
378 "/" name "-" version ".tar.gz")))
379 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
380 (sha256
381 (base32
c85016ad 382 "0k47sdd9gs6yxfv6ldlgpld2lyzrkcv9kz4cf88ck04xjwc8dgjp"))))
763899f0
LF		 383 (outputs '("out"
384 "doc" ;1.3MiB of man3 pages
385 "static")) ; 5.5MiB of .a files
386 (arguments
387 (substitute-keyword-arguments (package-arguments openssl)
388 ((#:phases phases)
389 `(modify-phases ,phases
390 (delete 'patch-tests) ; These two phases are not needed by
391 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
392
fc184fe2
MB		 393 ;; Override configure phase since -rpath is now a configure option.
394 (replace 'configure
763899f0 395 (lambda* (#:key outputs #:allow-other-keys)
fc184fe2
MB		 396 (let* ((out (assoc-ref outputs "out"))
397 (lib (string-append out "/lib")))
398 (zero?
399 (system* "./config"
400 "shared" ;build shared libraries
401 "--libdir=lib"
402
403 ;; The default for this catch-all directory is
404 ;; PREFIX/ssl. Change that to something more
405 ;; conventional.
406 (string-append "--openssldir=" out
407 "/share/openssl-" ,version)
408
409 (string-append "--prefix=" out)
410 (string-append "-Wl,-rpath," lib)
411
412 ;; XXX FIXME: Work around a code generation bug in GCC
413 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
414 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
415 ,@(if (and (not (%current-target-system))
416 (string-prefix? "armhf" (%current-system)))
417 '("-mfpu=vfpv3")
418 '()))))))
419
420 ;; XXX: Duplicate this phase to make sure 'version' evaluates
421 ;; in the current scope and not the inherited one.
422 (replace 'remove-miscellany
423 (lambda* (#:key outputs #:allow-other-keys)
424 ;; The 'misc' directory contains random undocumented shell and Perl
425 ;; scripts. Remove them to avoid retaining a reference on Perl.
426 (let ((out (assoc-ref outputs "out")))
427 (delete-file-recursively (string-append out "/share/openssl-"
428 ,version "/misc"))
763899f0
LF		 429 #t)))))))))
430
cb6a802c
AE		 431(define-public libressl
432 (package
433 (name "libressl")
a7c9b062 434 (version "2.5.0")
cb6a802c
AE		 435 (source
436 (origin
437 (method url-fetch)
438 (uri (string-append
439 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
440 version ".tar.gz"))
1a957c21
LF		 441 (sha256
442 (base32
a7c9b062 443 "1bkfvapi4z826slycmicvs7hwgk4l82gd8w6nqvznldbammvyll6"))))
cb6a802c
AE		 444 (build-system gnu-build-system)
445 (native-search-paths
446 ;; FIXME: These two variables must designate a single file or directory
447 ;; and are not actually "search paths." In practice it works OK in
448 ;; user profiles because there's always just one item that matches the
449 ;; specification.
450 (list (search-path-specification
451 (variable "SSL_CERT_DIR")
452 (files '("etc/ssl/certs")))
453 (search-path-specification
454 (variable "SSL_CERT_FILE")
455 (files '("etc/ssl/certs/ca-certificates.crt")))))
456 (home-page "http://www.libressl.org/")
457 (synopsis "SSL/TLS implementation")
458 (description "LibreSSL is a version of the TLS/crypto stack forked
459from OpenSSL in 2014, with the goals of modernizing the codebase, improving
460security, and applying best practice development processes.")
461 ;; Files taken from OpenSSL keep their license, others are under various
462 ;; non-copyleft licenses.
463 (license (list license:openssl
464 (license:non-copyleft
465 "file://COPYING"
466 "See COPYING in the distribution.")))))
467
6cefd53d 468(define-public python-acme
7890e3ba 469 (package
6cefd53d 470 (name "python-acme")
686d4259
LF		 471 ;; Remember to update the hash of certbot when updating python-acme.
472 (version "0.11.1")
7890e3ba 473 (source (origin
9495cf9a 474 (method url-fetch)
f349d36e 475 (uri (pypi-uri "acme" version))
7890e3ba 476 (sha256
df0625ab 477 (base32
686d4259 478 "0kk95iqxygrg0cd66kq8kbyalg2x5pz9hn1175cgwgf1vy72adfv"))))
7890e3ba
LF		 479 (build-system python-build-system)
480 (arguments
6cefd53d 481 `(#:phases
9bee9d87 482 (modify-phases %standard-phases
50a7963a
LF		 483 (add-after 'install 'docs
484 (lambda* (#:key outputs #:allow-other-keys)
485 (let* ((out (assoc-ref outputs "out"))
486 (man (string-append out "/share/man/man1"))
487 (info (string-append out "/info")))
488 (and (zero? (system* "make" "-C" "docs" "man" "info"))
489 (install-file "docs/_build/texinfo/acme-python.info" info)
490 (install-file "docs/_build/man/acme-python.1" man)
491 #t)))))))
492 ;; TODO: Add optional inputs for testing.
7890e3ba 493 (native-inputs
6cefd53d 494 `(("python-mock" ,python-mock)
50a7963a
LF		 495 ;; For documentation
496 ("python-sphinx" ,python-sphinx)
497 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
498 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 499 ("texinfo" ,texinfo)))
7890e3ba 500 (propagated-inputs
6cefd53d
LF		 501 `(("python-ndg-httpsclient" ,python-ndg-httpsclient)
502 ("python-werkzeug" ,python-werkzeug)
503 ("python-six" ,python-six)
504 ("python-requests" ,python-requests)
505 ("python-pytz" ,python-pytz)
506 ("python-pyrfc3339" ,python-pyrfc3339)
507 ("python-pyasn1" ,python-pyasn1)
508 ("python-cryptography" ,python-cryptography)
509 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 510 (home-page "https://github.com/letsencrypt/letsencrypt")
511 (synopsis "ACME protocol implementation in Python")
512 (description "ACME protocol implementation in Python")
513 (license license:asl2.0)))
514
6cefd53d
LF		 515(define-public python2-acme
516 (package-with-python2 python-acme))
517
9495cf9a 518(define-public certbot
9fd0838b 519 (package
9495cf9a 520 (name "certbot")
686d4259
LF		 521 ;; Certbot and python-acme are developed in the same repository, and their
522 ;; versions should remain synchronized.
523 (version (package-version python-acme))
9fd0838b
DT		 524 (source (origin
525 (method url-fetch)
f349d36e 526 (uri (pypi-uri name version))
9fd0838b
DT		 527 (sha256
528 (base32
686d4259 529 "1wis5kgqcsrs60kkcmbrbx8z9yasmwa6lg9ir5im232hdm4285vc"))))
9fd0838b
DT		 530 (build-system python-build-system)
531 (arguments
f9263d9a
LF		 532 `(#:python ,python-2
533 #:phases
534 (modify-phases %standard-phases
234d0b69 535 (add-after 'build 'docs
f9263d9a
LF		 536 (lambda* (#:key outputs #:allow-other-keys)
537 (let* ((out (assoc-ref outputs "out"))
538 (man1 (string-append out "/share/man/man1"))
539 (man7 (string-append out "/share/man/man7"))
540 (info (string-append out "/info")))
f9263d9a
LF		 541 (and
542 (zero? (system* "make" "-C" "docs" "man" "info"))
9495cf9a
LF		 543 (install-file "docs/_build/texinfo/Certbot.info" info)
544 (install-file "docs/_build/man/certbot.1" man1)
545 (install-file "docs/_build/man/certbot.7" man7)
f9263d9a
LF		 546 #t)))))))
547 ;; TODO: Add optional inputs for testing.
9fd0838b
DT		 548 (native-inputs
549 `(("python2-nose" ,python2-nose)
f9263d9a
LF		 550 ("python2-mock" ,python2-mock)
551 ;; For documentation
552 ("python2-sphinx" ,python2-sphinx)
553 ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
554 ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
555 ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
556 ("texinfo" ,texinfo)))
9fd0838b 557 (propagated-inputs
6cefd53d 558 `(("python2-acme" ,python2-acme)
9fd0838b
DT		 559 ("python2-zope-interface" ,python2-zope-interface)
560 ("python2-pythondialog" ,python2-pythondialog)
561 ("python2-pyrfc3339" ,python2-pyrfc3339)
562 ("python2-pyopenssl" ,python2-pyopenssl)
563 ("python2-configobj" ,python2-configobj)
564 ("python2-configargparse" ,python2-configargparse)
565 ("python2-zope-component" ,python2-zope-component)
566 ("python2-parsedatetime" ,python2-parsedatetime)
567 ("python2-six" ,python2-six)
568 ("python2-psutil" ,python2-psutil)
569 ("python2-requests" ,python2-requests)
570 ("python2-pytz" ,python2-pytz)))
d8a1be63 571 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 572 (description "Certbot automatically receives and installs X.509 certificates
573to enable Transport Layer Security (TLS) on servers. It interoperates with the
574Let’s Encrypt certificate authority (CA), which issues browser-trusted
575certificates for free.")
24778368 576 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 577 (license license:asl2.0)))
578
9495cf9a
LF		 579(define-public letsencrypt
580 (package (inherit certbot)
56ab55d1
LF		 581 (name "letsencrypt")
582 (properties `((superseded . ,certbot)))))
9495cf9a 583
cc2b77df
AE		 584(define-public perl-net-ssleay
585 (package
586 (name "perl-net-ssleay")
587 (version "1.68")
588 (source (origin
589 (method url-fetch)
590 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
591 "Net-SSLeay-" version ".tar.gz"))
592 (sha256
593 (base32
1084ec08 594 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
cc2b77df 595 (build-system perl-build-system)
1084ec08
MW		 596 (native-inputs
597 `(("patch" ,patch)
598 ("patch/disable-ede-test"
599 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
cc2b77df
AE		 600 (inputs `(("openssl" ,openssl)))
601 (arguments
1084ec08
MW		 602 `(#:phases
603 (modify-phases %standard-phases
604 (add-after
605 'unpack 'apply-patch
606 (lambda* (#:key inputs #:allow-other-keys)
607 ;; XXX We apply this patch here instead of in the 'origin' because
608 ;; this package's build system fails badly when the source file
609 ;; times are zeroed.
610 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
611 (zero? (system* "patch" "--force" "-p1" "-i"
612 (assoc-ref inputs "patch/disable-ede-test")))))
613 (add-before
614 'configure 'set-ssl-prefix
615 (lambda* (#:key inputs #:allow-other-keys)
616 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
617 #t)))))
cc2b77df
AE		 618 (synopsis "Perl extension for using OpenSSL")
619 (description
620 "This module offers some high level convenience functions for accessing
621web pages on SSL servers (for symmetry, the same API is offered for accessing
622http servers, too), an sslcat() function for writing your own clients, and
623finally access to the SSL api of the SSLeay/OpenSSL package so you can write
624servers or clients for more complicated applications.")
625 (license (package-license perl))
626 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 627
628(define-public perl-crypt-openssl-rsa
629 (package
630 (name "perl-crypt-openssl-rsa")
631 (version "0.28")
632 (source
633 (origin
634 (method url-fetch)
635 (uri (string-append
636 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
637 version
638 ".tar.gz"))
639 (sha256
640 (base32
641 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
642 (build-system perl-build-system)
643 (inputs
644 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
645 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
646 ("openssl" ,openssl)))
647 (arguments perl-crypt-arguments)
648 (home-page
649 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
650 (synopsis
651 "RSA encoding and decoding, using the openSSL libraries")
652 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
653OpenSSL libraries).")
654 (license (package-license perl))))
adff71ca
DM		 655
656(define perl-crypt-arguments
657 `(#:phases (modify-phases %standard-phases
658 (add-before 'configure 'patch-Makefile.PL
659 (lambda* (#:key inputs #:allow-other-keys)
660 (substitute* "Makefile.PL"
661 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
662 (assoc-ref inputs "openssl")
663 "/lib -lcrypto'],")))
664 #t)))))
665
666(define-public perl-crypt-openssl-bignum
667 (package
668 (name "perl-crypt-openssl-bignum")
669 (version "0.06")
670 (source
671 (origin
672 (method url-fetch)
673 (uri (string-append
674 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
675 version
676 ".tar.gz"))
677 (sha256
678 (base32
679 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
680 (build-system perl-build-system)
681 (inputs `(("openssl" ,openssl)))
682 (arguments perl-crypt-arguments)
683 (home-page
684 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
685 (synopsis
686 "OpenSSL's multiprecision integer arithmetic in Perl")
687 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
688arithmetic in Perl.")
689 ;; At your option either gpl1+ or the Artistic License
690 (license (package-license perl))))
cccb4d26
DM		 691
692(define-public perl-crypt-openssl-random
693 (package
694 (name "perl-crypt-openssl-random")
695 (version "0.11")
696 (source
697 (origin
698 (method url-fetch)
699 (uri (string-append
700 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
701 version
702 ".tar.gz"))
703 (sha256
704 (base32
705 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
706 (build-system perl-build-system)
707 (inputs `(("openssl" ,openssl)))
708 (arguments perl-crypt-arguments)
709 (home-page
710 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
711 (synopsis
712 "OpenSSL/LibreSSL pseudo-random number generator access")
713 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
714number generator")
715 (license (package-license perl))))
0581c273
LF		 716
717(define-public acme-client
718 (package
719 (name "acme-client")
4a6b2a21 720 (version "0.1.16")
0581c273
LF		 721 (source (origin
722 (method url-fetch)
723 (uri (string-append "https://kristaps.bsd.lv/" name "/"
724 "snapshots/" name "-portable-"
725 version ".tgz"))
726 (sha256
727 (base32
4a6b2a21 728 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 729 (build-system gnu-build-system)
730 (arguments
731 '(#:tests? #f ; no test suite
732 #:make-flags
733 (list "CC=gcc"
734 (string-append "PREFIX=" (assoc-ref %outputs "out")))
735 #:phases
736 (modify-phases %standard-phases
7c1a7bf4
LF		 737 (add-after 'unpack 'patch-paths
738 (lambda* (#:key inputs #:allow-other-keys)
739 (let ((pem (string-append (assoc-ref inputs "libressl")
740 "/etc/ssl/cert.pem")))
741 (substitute* "http.c"
742 (("/etc/ssl/cert.pem") pem))
743 #t)))
0581c273 744 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 745 (native-inputs
746 `(("pkg-config" ,pkg-config)))
0581c273
LF		 747 (inputs
748 `(("libbsd" ,libbsd)
749 ("libressl" ,libressl)))
750 (synopsis "Let's Encrypt client by the OpenBSD project")
751 (description "acme-client is a Let's Encrypt client implemented in C. It
752uses a modular design, and attempts to secure itself by dropping privileges and
753operating in a chroot where possible. acme-client is developed on OpenBSD and
754then ported to the GNU / Linux environment.")
755 (home-page "https://kristaps.bsd.lv/acme-client/")
756 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
757 ;; and 'jsmn.c' are distributed under the Expat license.
758 (license (list license:isc license:expat))))
jackhill's copy of GNU Guix: https://guix.gnu.org/