HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: mergerfs: Update to 2.32.4.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
ac83dc82 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
05f6e601 3;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ad67d208 7;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>
db388401 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
3c986a7d 9;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e8df8800 12;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
db201657 13;;; Copyright © 2017–2019, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
bdcdd550 16;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
a9bcc647 17;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
7543f865 18;;;
233e7676 19;;; This file is part of GNU Guix.
7543f865 20;;;
233e7676 21;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 22;;; under the terms of the GNU General Public License as published by
23;;; the Free Software Foundation; either version 3 of the License, or (at
24;;; your option) any later version.
25;;;
233e7676 26;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 27;;; WITHOUT ANY WARRANTY; without even the implied warranty of
28;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29;;; GNU General Public License for more details.
30;;;
31;;; You should have received a copy of the GNU General Public License
233e7676 32;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 33
a7fd7b68 34(define-module (gnu packages tls)
e9aa8d0c 35 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 36 #:use-module (guix packages)
37 #:use-module (guix download)
ea22aa1f 38 #:use-module (guix git-download)
29a7c98a 39 #:use-module (guix utils)
7543f865 40 #:use-module (guix build-system gnu)
ea22aa1f 41 #:use-module (guix build-system go)
cc2b77df 42 #:use-module (guix build-system perl)
7890e3ba 43 #:use-module (guix build-system python)
88522738 44 #:use-module (guix build-system cmake)
e8b3a158 45 #:use-module (guix build-system trivial)
f61e0e79 46 #:use-module (gnu packages compression)
013ce67b 47 #:use-module (gnu packages)
e8b3a158 48 #:use-module (gnu packages bash)
ac257f12 49 #:use-module (gnu packages check)
e8b3a158 50 #:use-module (gnu packages curl)
5b9aa107 51 #:use-module (gnu packages dns)
e8b3a158 52 #:use-module (gnu packages gawk)
1ffa7090 53 #:use-module (gnu packages guile)
a9bcc647 54 #:use-module (gnu packages hurd)
0581c273 55 #:use-module (gnu packages libbsd)
27e86bed 56 #:use-module (gnu packages libffi)
866f469e 57 #:use-module (gnu packages libidn)
5d4c90ae 58 #:use-module (gnu packages linux)
7890e3ba 59 #:use-module (gnu packages ncurses)
27e86bed 60 #:use-module (gnu packages nettle)
1ffa7090 61 #:use-module (gnu packages perl)
27e86bed 62 #:use-module (gnu packages pkg-config)
7890e3ba 63 #:use-module (gnu packages python)
cc6f4912 64 #:use-module (gnu packages python-crypto)
1b2f753d 65 #:use-module (gnu packages python-web)
44d10b1f 66 #:use-module (gnu packages python-xyz)
9d0c291e 67 #:use-module (gnu packages sphinx)
a31f4d35 68 #:use-module (gnu packages texinfo)
33dc54b0 69 #:use-module (gnu packages time)
079f013b
LC		 70 #:use-module (gnu packages base)
71 #:use-module (srfi srfi-1))
7543f865
LC		 72
73(define-public libtasn1
74 (package
75 (name "libtasn1")
3a22f04a 76 (version "4.16.0")
7543f865
LC		 77 (source
78 (origin
79 (method url-fetch)
80 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
81 version ".tar.gz"))
82 (sha256
83 (base32
3a22f04a 84 "179jskl7dmfp1rd2khkzmlibzgki4wi6hvmmwfv7q49r728b03qf"))))
7543f865 85 (build-system gnu-build-system)
d9f84612
MB		 86 (arguments
87 `(#:configure-flags '("--disable-static")))
3ea110b7 88 (native-inputs `(("perl" ,perl)))
6fd52309 89 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 90 (synopsis "ASN.1 library")
7543f865 91 (description
79c311b8
LC		 92 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
93for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 94networking, allowing for formal validation of data according to some
95specifications.")
e9aa8d0c 96 (license license:lgpl2.0+)))
7543f865 97
375cef6c
HG		 98(define-public asn1c
99 (package
100 (name "asn1c")
ff7da7e0 101 (version "0.9.28")
375cef6c
HG		 102 (source (origin
103 (method url-fetch)
104 (uri (string-append "https://lionet.info/soft/asn1c-"
105 version ".tar.gz"))
106 (sha256
107 (base32
ff7da7e0 108 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 109 (build-system gnu-build-system)
110 (native-inputs
111 `(("perl" ,perl)))
112 (home-page "https://lionet.info/asn1c")
113 (synopsis "ASN.1 to C compiler")
114 (description "The ASN.1 to C compiler takes ASN.1 module
115files and generates C++ compatible C source code. That code can be
116used to serialize the native C structures into compact and unambiguous
117BER/XER/PER-based data files, and deserialize the files back.
118
119Various ASN.1 based formats are widely used in the industry, such as to encode
120the X.509 certificates employed in the HTTPS handshake, to exchange control
121data between mobile phones and cellular networks, to car-to-car communication
122in intelligent transportation networks.")
123 (license license:bsd-2)))
124
27e86bed
AE		 125(define-public p11-kit
126 (package
127 (name "p11-kit")
c84c0dbc 128 (version "0.23.22")
27e86bed
AE		 129 (source
130 (origin
131 (method url-fetch)
e6ad9bda 132 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
eae94df6 133 "download/" version "/p11-kit-" version ".tar.xz"))
27e86bed 134 (sha256
9ed46007 135 (base32 "1dn6br4v033d3gp2max9lsr3y4q0nj6iyr1yq3kzi8ym7lal13wa"))))
27e86bed
AE		 136 (build-system gnu-build-system)
137 (native-inputs
138 `(("pkg-config" ,pkg-config)))
139 (inputs
140 `(("libffi" ,libffi)
141 ("libtasn1" ,libtasn1)))
142 (arguments
d5c472a2
MB		 143 `(#:configure-flags '("--without-trust-paths")
144 #:phases (modify-phases %standard-phases
145 (add-before 'check 'prepare-tests
146 (lambda _
147 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
148 ;; and looks for .cache and other directories (only).
149 ;; For simplicity just drop it since it is irrelevant
150 ;; in the build container.
151 (substitute* "Makefile"
152 (("test-runtime\\$\\(EXEEXT\\)") ""))
153 #t)))))
4631e6c9 154 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 155 (synopsis "PKCS#11 library")
156 (description
157 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
158provides a standard configuration setup for installing PKCS#11 modules
159in such a way that they are discoverable. It also solves problems with
160coordinating the use of PKCS#11 by different components or libraries
161living in the same process.")
e9aa8d0c 162 (license license:bsd-3)))
27e86bed 163
7543f865
LC		 164(define-public gnutls
165 (package
166 (name "gnutls")
51a365c1 167 (version "3.6.15")
d7d408d5 168 (source (origin
51a365c1 169 (method url-fetch)
d7d408d5
LC		 170 ;; Note: Releases are no longer on ftp.gnu.org since the
171 ;; schism (after version 3.1.5).
51a365c1
LC		 172 (uri (string-append "mirror://gnupg/gnutls/v"
173 (version-major+minor version)
174 "/gnutls-" version ".tar.xz"))
175 (patches (search-patches "gnutls-skip-trust-store-test.patch"
176 "gnutls-cross.patch"))
177 (sha256
178 (base32
179 "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
7543f865 180 (build-system gnu-build-system)
b94ae0b8 181 (arguments
525a351e
MO		 182 `(#:tests? ,(not (or (%current-target-system)
183 (hurd-target?)))
9015ed66 184 ;; Ensure we don't keep a reference to net-tools.
9ee8b41f 185 #:disallowed-references ,(if (hurd-target?) '() (list net-tools))
76b21274 186 #:configure-flags
a0700787 187 (list
aa7c7f21
MW		 188 ;; GnuTLS doesn't consult any environment variables to specify
189 ;; the location of the system-wide trust store. Instead it has a
190 ;; configure-time option. Unless specified, its configure script
191 ;; attempts to auto-detect the location by looking for common
8f65585b 192 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 193 ;; chroot build environment. If not found, then no default trust
194 ;; store is used, so each program has to provide its own
195 ;; fallback, and users have to configure each program
196 ;; independently. This seems suboptimal.
866f469e
MW		 197 "--with-default-trust-store-dir=/etc/ssl/certs"
198
7892edc2
MB		 199 ;; Tell the build system that we want Guile bindings installed to
200 ;; the output instead of Guiles own module directory.
201 (string-append "--with-guile-site-dir="
202 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
203 (string-append "--with-guile-site-ccache-dir="
204 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
205 (string-append "--with-guile-extension-dir="
206 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
207
866f469e
MW		 208 ;; FIXME: Temporarily disable p11-kit support since it is not
209 ;; working on mips64el.
606c6380
LC		 210 "--without-p11-kit")
211
212 #:phases (modify-phases %standard-phases
213 (add-after
214 'install 'move-doc
215 (lambda* (#:key outputs #:allow-other-keys)
216 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
217 (let* ((out (assoc-ref outputs "out"))
218 (doc (assoc-ref outputs "doc"))
9cdce047 219 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 220 (oldman (string-append out "/share/man/man3")))
221 (mkdir-p mandir)
222 (copy-recursively oldman mandir)
223 (delete-file-recursively oldman)
224 #t))))))
225 (outputs '("out" ;4.4 MiB
226 "debug"
227 "doc")) ;4.1 MiB of man pages
a1db0975 228 (native-inputs
51a365c1
LC		 229 `(,@(if (%current-target-system) ;for cross-build
230 `(("guile" ,guile-3.0)) ;to create .go files
231 '())
232 ,@(if (hurd-target?)
233 '()
a9bcc647 234 `(("net-tools" ,net-tools)))
5d4c90ae 235 ("pkg-config" ,pkg-config)
ac83dc82 236 ("which" ,which)
2d49f175
JN		 237 ,@(if (hurd-target?) '()
238 `(("datefudge" ,datefudge))) ;tests rely on 'datefudge'
971c8bb0 239 ("util-linux" ,util-linux))) ;one test needs 'setsid'
7543f865 240 (inputs
67a3c8ed 241 `(("guile" ,guile-3.0)))
7543f865 242 (propagated-inputs
d2fcfd3d 243 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 244 `(("libtasn1" ,libtasn1)
55e61c4d 245 ("libidn2" ,libidn2)
866f469e 246 ("nettle" ,nettle)
f61e0e79 247 ("zlib" ,zlib)))
c19700c3 248 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 249 (synopsis "Transport layer security library")
7543f865 250 (description
a22dc0c4 251 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 252and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 253protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
254required structures.")
63e8bb12
LC		 255 (license license:lgpl2.1+)
256 (properties '((ftp-server . "ftp.gnutls.org")
257 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 258
a270af31
LF		 259(define-public gnutls/guile-2.0
260 ;; GnuTLS for Guile 2.0.
261 (package/inherit gnutls
a0700787
LC		 262 (name "guile2.0-gnutls")
263 (inputs `(("guile" ,guile-2.0)
58ea4d40 264 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 265
5b9aa107 266(define-public gnutls/dane
267 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
268 ;; Authentication of Named Entities. This is required for GNS functionality
269 ;; by GNUnet and gnURL. This is done in an extra package definition
270 ;; to have the choice between GnuTLS with Dane and without Dane.
51a365c1 271 (package/inherit gnutls
5b9aa107 272 (name "gnutls-dane")
273 (inputs `(("unbound" ,unbound)
274 ,@(package-inputs gnutls)))))
275
67a3c8ed 276(define-public guile2.2-gnutls
d630d781 277 (package
5f9f034e 278 (inherit gnutls)
67a3c8ed
MB		 279 (name "guile2.2-gnutls")
280 (inputs `(("guile" ,guile-2.2)
d630d781 281 ,@(alist-delete "guile"
5f9f034e 282 (package-inputs gnutls))))))
d630d781 283
4e6c9f56
LC		 284(define-public guile3.0-gnutls
285 (deprecated-package "guile3.0-gnutls" gnutls))
67a3c8ed 286
cc2b77df
AE		 287(define-public openssl
288 (package
289 (name "openssl")
6d9b23cb 290 (version "1.1.1i")
cc2b77df 291 (source (origin
4cff124b 292 (method url-fetch)
bdf0b6fc
MB		 293 (uri (list (string-append "https://www.openssl.org/source/openssl-"
294 version ".tar.gz")
295 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 296 "openssl-" version ".tar.gz")
4cff124b
LC		 297 (string-append "ftp://ftp.openssl.org/source/old/"
298 (string-trim-right version char-set:letter)
c7f5c3ea 299 "/openssl-" version ".tar.gz")))
c4868e38 300 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
4cff124b
LC		 301 (sha256
302 (base32
6d9b23cb 303 "0hjj1phcwkz69lx1lrvr9grhpl4y529mwqycqc1hdla1zqsnmgp8"))))
4a8b529c 304 (replacement openssl/fixed)
cc2b77df 305 (build-system gnu-build-system)
8c78aeb7 306 (outputs '("out"
e74f153a
MB		 307 "doc" ;6.8 MiB of man3 pages and full HTML documentation
308 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 309 (native-inputs `(("perl" ,perl)))
310 (arguments
88b52527 311 `(#:parallel-tests? #f
cc2b77df 312 #:test-target "test"
8c9ec203
LF		 313
314 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
315 ;; so we explicitly disallow it here.
316 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 317 #:phases
b6cb1358 318 (modify-phases %standard-phases
d4dbcb81
EF		 319 ,@(if (%current-target-system)
320 '((add-before
321 'configure 'set-cross-compile
322 (lambda* (#:key target outputs #:allow-other-keys)
323 (setenv "CROSS_COMPILE" (string-append target "-"))
324 (setenv "CONFIGURE_TARGET_ARCH"
325 (cond
326 ((string-prefix? "i586" target)
327 "hurd-x86")
328 ((string-prefix? "i686" target)
329 "linux-x86")
330 ((string-prefix? "x86_64" target)
331 "linux-x86_64")
332 ((string-prefix? "mips64el" target)
333 "linux-mips64")
334 ((string-prefix? "arm" target)
335 "linux-armv4")
336 ((string-prefix? "aarch64" target)
c8535c25
EF		 337 "linux-aarch64")
338 ((string-prefix? "powerpc64le" target)
339 "linux-ppc64le")
340 ((string-prefix? "powerpc64" target)
341 "linux-ppc64")
342 ((string-prefix? "powerpc" target)
343 "linux-ppc")))
d4dbcb81
EF		 344 #t)))
345 '())
e74f153a
MB		 346 (replace 'configure
347 (lambda* (#:key outputs #:allow-other-keys)
348 (let* ((out (assoc-ref outputs "out"))
349 (lib (string-append out "/lib")))
350 ;; It's not a shebang so patch-source-shebangs misses it.
351 (substitute* "config"
352 (("/usr/bin/env")
353 (string-append (assoc-ref %build-inputs "coreutils")
354 "/bin/env")))
bdcdd550 355 (invoke ,@(if (%current-target-system)
d4dbcb81
EF		 356 '("./Configure")
357 '("./config"))
e74f153a
MB		 358 "shared" ;build shared libraries
359 "--libdir=lib"
4fb254a3 360
e74f153a
MB		 361 ;; The default for this catch-all directory is
362 ;; PREFIX/ssl. Change that to something more
363 ;; conventional.
364 (string-append "--openssldir=" out
365 "/share/openssl-" ,version)
4fb254a3 366
e74f153a 367 (string-append "--prefix=" out)
bdcdd550 368 (string-append "-Wl,-rpath," lib)
d4dbcb81
EF		 369 ,@(if (%current-target-system)
370 '((getenv "CONFIGURE_TARGET_ARCH"))
371 '())))))
8c78aeb7
LC		 372 (add-after 'install 'move-static-libraries
373 (lambda* (#:key outputs #:allow-other-keys)
374 ;; Move static libraries to the "static" output.
375 (let* ((out (assoc-ref outputs "out"))
376 (lib (string-append out "/lib"))
377 (static (assoc-ref outputs "static"))
378 (slib (string-append static "/lib")))
8c78aeb7
LC		 379 (for-each (lambda (file)
380 (install-file file slib)
381 (delete-file file))
382 (find-files lib "\\.a$"))
383 #t)))
e74f153a 384 (add-after 'install 'move-extra-documentation
a909b576 385 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 386 ;; Move man3 pages and full HTML documentation to "doc".
387 (let* ((out (assoc-ref outputs "out"))
388 (man3 (string-append out "/share/man/man3"))
389 (html (string-append out "/share/doc/openssl"))
390 (doc (assoc-ref outputs "doc"))
391 (man-target (string-append doc "/share/man/man3"))
392 (html-target (string-append doc "/share/doc/openssl")))
393 (copy-recursively man3 man-target)
394 (delete-file-recursively man3)
395 (copy-recursively html html-target)
396 (delete-file-recursively html)
397 #t)))
784d6e91
LC		 398 (add-after
399 'install 'remove-miscellany
400 (lambda* (#:key outputs #:allow-other-keys)
401 ;; The 'misc' directory contains random undocumented shell and Perl
402 ;; scripts. Remove them to avoid retaining a reference on Perl.
403 (let ((out (assoc-ref outputs "out")))
404 (delete-file-recursively (string-append out "/share/openssl-"
405 ,version "/misc"))
406 #t))))))
cc2b77df 407 (native-search-paths
cc2b77df
AE		 408 (list (search-path-specification
409 (variable "SSL_CERT_DIR")
5d7a47cc 410 (separator #f) ;single entry
cc2b77df
AE		 411 (files '("etc/ssl/certs")))
412 (search-path-specification
413 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 414 (file-type 'regular)
415 (separator #f) ;single entry
cc2b77df
AE		 416 (files '("etc/ssl/certs/ca-certificates.crt")))))
417 (synopsis "SSL/TLS implementation")
418 (description
e881752c 419 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 420 (license license:openssl)
4631e6c9 421 (home-page "https://www.openssl.org/")))
cc2b77df 422
4a8b529c
LLB		 423(define-public openssl/fixed
424 (package
425 (inherit openssl)
426 (version "1.1.1j")
427 (source (origin
428 (method url-fetch)
429 (uri (list (string-append "https://www.openssl.org/source/openssl-"
430 version ".tar.gz")
431 (string-append "ftp://ftp.openssl.org/source/"
432 "openssl-" version ".tar.gz")
433 (string-append "ftp://ftp.openssl.org/source/old/"
434 (string-trim-right version char-set:letter)
435 "/openssl-" version ".tar.gz")))
436 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
437 (sha256
438 (base32
a39faf1a
LF		 439 "1gw17520vh13izy1xf5q0a2fqgcayymjjj5bk0dlkxndfnszrwma"))))
440 (arguments
441 `(#:parallel-tests? #f
442 #:test-target "test"
443
444 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
445 ;; so we explicitly disallow it here.
446 #:disallowed-references ,(list (canonical-package perl))
447 #:phases
448 (modify-phases %standard-phases
449 ,@(if (%current-target-system)
450 '((add-before
451 'configure 'set-cross-compile
452 (lambda* (#:key target outputs #:allow-other-keys)
453 (setenv "CROSS_COMPILE" (string-append target "-"))
454 (setenv "CONFIGURE_TARGET_ARCH"
455 (cond
456 ((string-prefix? "i586" target)
457 "hurd-x86")
458 ((string-prefix? "i686" target)
459 "linux-x86")
460 ((string-prefix? "x86_64" target)
461 "linux-x86_64")
462 ((string-prefix? "mips64el" target)
463 "linux-mips64")
464 ((string-prefix? "arm" target)
465 "linux-armv4")
466 ((string-prefix? "aarch64" target)
467 "linux-aarch64")
468 ((string-prefix? "powerpc64le" target)
469 "linux-ppc64le")
470 ((string-prefix? "powerpc64" target)
471 "linux-ppc64")
472 ((string-prefix? "powerpc" target)
473 "linux-ppc")))
474 #t)))
475 '())
476 (replace 'configure
477 (lambda* (#:key outputs #:allow-other-keys)
478 (let* ((out (assoc-ref outputs "out"))
479 (lib (string-append out "/lib")))
480 ;; It's not a shebang so patch-source-shebangs misses it.
481 (substitute* "config"
482 (("/usr/bin/env")
483 (string-append (assoc-ref %build-inputs "coreutils")
484 "/bin/env")))
485 (invoke ,@(if (%current-target-system)
486 '("./Configure")
487 '("./config"))
488 "shared" ;build shared libraries
489 "--libdir=lib"
490
491 ;; The default for this catch-all directory is
492 ;; PREFIX/ssl. Change that to something more
493 ;; conventional.
494 (string-append "--openssldir=" out
495 "/share/openssl-" ,version)
496
497 (string-append "--prefix=" out)
498 (string-append "-Wl,-rpath," lib)
499 ,@(if (%current-target-system)
500 '((getenv "CONFIGURE_TARGET_ARCH"))
501 '())))))
502 (add-after 'install 'move-static-libraries
503 (lambda* (#:key outputs #:allow-other-keys)
504 ;; Move static libraries to the "static" output.
505 (let* ((out (assoc-ref outputs "out"))
506 (lib (string-append out "/lib"))
507 (static (assoc-ref outputs "static"))
508 (slib (string-append static "/lib")))
509 (for-each (lambda (file)
510 (install-file file slib)
511 (delete-file file))
512 (find-files lib "\\.a$"))
513 #t)))
514 (add-after 'install 'move-extra-documentation
515 (lambda* (#:key outputs #:allow-other-keys)
516 ;; Move man3 pages and full HTML documentation to "doc".
517 (let* ((out (assoc-ref outputs "out"))
518 (man3 (string-append out "/share/man/man3"))
519 (html (string-append out "/share/doc/openssl"))
520 (doc (assoc-ref outputs "doc"))
521 (man-target (string-append doc "/share/man/man3"))
522 (html-target (string-append doc "/share/doc/openssl")))
523 (copy-recursively man3 man-target)
524 (delete-file-recursively man3)
525 (copy-recursively html html-target)
526 (delete-file-recursively html)
527 #t)))
528 (add-after
529 'install 'remove-miscellany
530 (lambda* (#:key outputs #:allow-other-keys)
531 ;; The 'misc' directory contains random undocumented shell and Perl
532 ;; scripts. Remove them to avoid retaining a reference on Perl.
533 (let ((out (assoc-ref outputs "out")))
534 (delete-file-recursively (string-append out "/share/openssl-"
535 ,version "/misc"))
536 #t))))))))
4a8b529c 537
e74f153a 538(define-public openssl-1.0
763899f0
LF		 539 (package
540 (inherit openssl)
541 (name "openssl")
b0b79542 542 (version "1.0.2u")
763899f0 543 (source (origin
e74f153a
MB		 544 (method url-fetch)
545 (uri (list (string-append "https://www.openssl.org/source/openssl-"
546 version ".tar.gz")
547 (string-append "ftp://ftp.openssl.org/source/"
548 "openssl-" version ".tar.gz")
549 (string-append "ftp://ftp.openssl.org/source/old/"
550 (string-trim-right version char-set:letter)
551 "/openssl-" version ".tar.gz")))
763899f0
LF		 552 (sha256
553 (base32
b0b79542 554 "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
e74f153a
MB		 555 (patches (search-patches "openssl-runpath.patch"
556 "openssl-c-rehash-in.patch"))))
763899f0 557 (outputs '("out"
e74f153a
MB		 558 "doc" ;1.5MiB of man3 pages
559 "static")) ;6MiB of .a files
763899f0
LF		 560 (arguments
561 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 562 ;; Parallel build is not supported in 1.0.x.
563 ((#:parallel-build? _ #f) #f)
763899f0
LF		 564 ((#:phases phases)
565 `(modify-phases ,phases
e74f153a
MB		 566 (add-before 'patch-source-shebangs 'patch-tests
567 (lambda* (#:key inputs native-inputs #:allow-other-keys)
568 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
569 (substitute* (find-files "test" ".*")
570 (("/bin/sh")
571 (string-append bash "/bin/sh"))
572 (("/bin/rm")
573 "rm"))
574 #t)))
575 (add-before 'configure 'patch-Makefile.org
763899f0 576 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 577 ;; The default MANDIR is some unusual place. Fix that.
578 (let ((out (assoc-ref outputs "out")))
579 (patch-makefile-SHELL "Makefile.org")
580 (substitute* "Makefile.org"
581 (("^MANDIR[[:blank:]]*=.*$")
582 (string-append "MANDIR = " out "/share/man\n")))
583 #t)))
bdcdd550
MO		 584 (replace 'configure
585 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
586 (lambda* (#:key outputs #:allow-other-keys)
587 (let ((out (assoc-ref outputs "out")))
588 (invoke ,@(if (%current-target-system)
589 '("./Configure")
590 '("./config"))
591 "shared" ;build shared libraries
592 "--libdir=lib"
fc184fe2 593
bdcdd550
MO		 594 ;; The default for this catch-all directory is
595 ;; PREFIX/ssl. Change that to something more
596 ;; conventional.
597 (string-append "--openssldir=" out
598 "/share/openssl-" ,version)
fc184fe2 599
bdcdd550
MO		 600 (string-append "--prefix=" out)
601 ,@(if (%current-target-system)
602 '((getenv "CONFIGURE_TARGET_ARCH"))
603 '())))))
e74f153a
MB		 604 (delete 'move-extra-documentation)
605 (add-after 'install 'move-man3-pages
606 (lambda* (#:key outputs #:allow-other-keys)
607 ;; Move section 3 man pages to "doc".
608 (let* ((out (assoc-ref outputs "out"))
609 (man3 (string-append out "/share/man/man3"))
610 (doc (assoc-ref outputs "doc"))
611 (target (string-append doc "/share/man/man3")))
612 (mkdir-p target)
613 (for-each (lambda (file)
614 (rename-file file
615 (string-append target "/"
616 (basename file))))
617 (find-files man3))
618 (delete-file-recursively man3)
619 #t)))
fc184fe2
MB		 620 ;; XXX: Duplicate this phase to make sure 'version' evaluates
621 ;; in the current scope and not the inherited one.
622 (replace 'remove-miscellany
623 (lambda* (#:key outputs #:allow-other-keys)
624 ;; The 'misc' directory contains random undocumented shell and Perl
625 ;; scripts. Remove them to avoid retaining a reference on Perl.
626 (let ((out (assoc-ref outputs "out")))
627 (delete-file-recursively (string-append out "/share/openssl-"
628 ,version "/misc"))
763899f0
LF		 629 #t)))))))))
630
cb6a802c
AE		 631(define-public libressl
632 (package
633 (name "libressl")
db201657 634 (version "3.1.5")
644e5f17
TGR		 635 (source (origin
636 (method url-fetch)
637 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 638 "libressl-" version ".tar.gz"))
644e5f17
TGR		 639 (sha256
640 (base32
db201657 641 "1504a1sf43frw43j14pij0q1f48rm5q86ggrlxxhw708qp7ds4rc"))))
cb6a802c 642 (build-system gnu-build-system)
a2d64899 643 (arguments
db201657
TGR		 644 ;; Do as if 'getentropy' were missing: Linux kernels before 3.17 lack its
645 ;; underlying 'getrandom' system call and ENOSYS isn't properly handled.
a2d64899 646 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 647 '(#:configure-flags '("ac_cv_func_getentropy=no"
648 ;; Provide a TLS-enabled netcat.
649 "--enable-nc")))
cb6a802c 650 (native-search-paths
cb6a802c
AE		 651 (list (search-path-specification
652 (variable "SSL_CERT_DIR")
04cfe91e 653 (separator #f) ;single entry
cb6a802c
AE		 654 (files '("etc/ssl/certs")))
655 (search-path-specification
656 (variable "SSL_CERT_FILE")
04cfe91e 657 (separator #f) ;single entry
cb6a802c 658 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 659 (home-page "https://www.libressl.org/")
cb6a802c 660 (synopsis "SSL/TLS implementation")
df08f385
LF		 661 (description "LibreSSL is a version of the TLS/crypto stack, forked from
662OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
663and applying best practice development processes. This package also includes a
664netcat implementation that supports TLS.")
cb6a802c
AE		 665 ;; Files taken from OpenSSL keep their license, others are under various
666 ;; non-copyleft licenses.
667 (license (list license:openssl
668 (license:non-copyleft
669 "file://COPYING"
670 "See COPYING in the distribution.")))))
671
6cefd53d 672(define-public python-acme
7890e3ba 673 (package
6cefd53d 674 (name "python-acme")
686d4259 675 ;; Remember to update the hash of certbot when updating python-acme.
c3a75373 676 (version "1.13.0")
7890e3ba 677 (source (origin
9495cf9a 678 (method url-fetch)
f349d36e 679 (uri (pypi-uri "acme" version))
881006b6
MB		 680 (sha256
681 (base32
c3a75373 682 "1260a7bcgmha19drqzn6syz3cy61482b3w6lihgg1md6svgmfhkb"))))
7890e3ba
LF		 683 (build-system python-build-system)
684 (arguments
6cefd53d 685 `(#:phases
9bee9d87 686 (modify-phases %standard-phases
1fc8476d
MB		 687 (add-after 'build 'build-documentation
688 (lambda _
d4bd2453 689 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 690 (add-after 'install 'install-documentation
50a7963a
LF		 691 (lambda* (#:key outputs #:allow-other-keys)
692 (let* ((out (assoc-ref outputs "out"))
693 (man (string-append out "/share/man/man1"))
694 (info (string-append out "/info")))
1fc8476d
MB		 695 (install-file "docs/_build/texinfo/acme-python.info" info)
696 (install-file "docs/_build/man/acme-python.1" man)
697 #t))))))
7890e3ba 698 (native-inputs
c3a75373 699 `(("python-pytest" ,python-pytest)
50a7963a
LF		 700 ;; For documentation
701 ("python-sphinx" ,python-sphinx)
702 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
703 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 704 ("texinfo" ,texinfo)))
7890e3ba 705 (propagated-inputs
92572184 706 `(("python-josepy" ,python-josepy)
6cefd53d 707 ("python-requests" ,python-requests)
b494bbe4 708 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 709 ("python-pytz" ,python-pytz)
710 ("python-pyrfc3339" ,python-pyrfc3339)
711 ("python-pyasn1" ,python-pyasn1)
712 ("python-cryptography" ,python-cryptography)
713 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 714 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 715 (synopsis "ACME protocol implementation in Python")
716 (description "ACME protocol implementation in Python")
717 (license license:asl2.0)))
718
9495cf9a 719(define-public certbot
9fd0838b 720 (package
9495cf9a 721 (name "certbot")
686d4259
LF		 722 ;; Certbot and python-acme are developed in the same repository, and their
723 ;; versions should remain synchronized.
724 (version (package-version python-acme))
9fd0838b
DT		 725 (source (origin
726 (method url-fetch)
b380463b 727 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 728 (sha256
729 (base32
c3a75373 730 "0n7lwajmlypkqgsd2cv74j41f5ag381skjlzhjfpsrppgnsl3kv4"))))
9fd0838b
DT		 731 (build-system python-build-system)
732 (arguments
fed1898d 733 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 734 ((#:phases phases)
735 `(modify-phases ,phases
1fc8476d 736 (replace 'install-documentation
f26d6e4e
LF		 737 (lambda* (#:key outputs #:allow-other-keys)
738 (let* ((out (assoc-ref outputs "out"))
739 (man1 (string-append out "/share/man/man1"))
740 (man7 (string-append out "/share/man/man7"))
741 (info (string-append out "/info")))
1fc8476d
MB		 742 (install-file "docs/_build/texinfo/Certbot.info" info)
743 (install-file "docs/_build/man/certbot.1" man1)
744 (install-file "docs/_build/man/certbot.7" man7)
745 #t))))))))
9fd0838b 746 (native-inputs
d05c14df
TGR		 747 `(("python-mock" ,python-mock)
748 ("python-pytest" ,python-pytest)
f9263d9a 749 ;; For documentation
fed1898d
LF		 750 ("python-sphinx" ,python-sphinx)
751 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
752 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
753 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 754 ("texinfo" ,texinfo)))
9fd0838b 755 (propagated-inputs
fed1898d 756 `(("python-acme" ,python-acme)
d05c14df 757 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 758 ("python-zope-interface" ,python-zope-interface)
759 ("python-pyrfc3339" ,python-pyrfc3339)
760 ("python-pyopenssl" ,python-pyopenssl)
761 ("python-configobj" ,python-configobj)
762 ("python-configargparse" ,python-configargparse)
b977d900 763 ("python-distro" ,python-distro)
fed1898d
LF		 764 ("python-zope-component" ,python-zope-component)
765 ("python-parsedatetime" ,python-parsedatetime)
fed1898d
LF		 766 ("python-psutil" ,python-psutil)
767 ("python-requests" ,python-requests)
768 ("python-pytz" ,python-pytz)))
d8a1be63 769 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 770 (description "Certbot automatically receives and installs X.509 certificates
771to enable Transport Layer Security (TLS) on servers. It interoperates with the
772Let’s Encrypt certificate authority (CA), which issues browser-trusted
773certificates for free.")
24778368 774 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 775 (license license:asl2.0)))
776
9495cf9a
LF		 777(define-public letsencrypt
778 (package (inherit certbot)
56ab55d1
LF		 779 (name "letsencrypt")
780 (properties `((superseded . ,certbot)))))
9495cf9a 781
cc2b77df
AE		 782(define-public perl-net-ssleay
783 (package
784 (name "perl-net-ssleay")
966e4bea 785 (version "1.88")
cc2b77df
AE		 786 (source (origin
787 (method url-fetch)
c50f15d6 788 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 789 "Net-SSLeay-" version ".tar.gz"))
790 (sha256
791 (base32
966e4bea 792 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 793 (build-system perl-build-system)
794 (inputs `(("openssl" ,openssl)))
795 (arguments
1084ec08
MW		 796 `(#:phases
797 (modify-phases %standard-phases
1084ec08
MW		 798 (add-before
799 'configure 'set-ssl-prefix
800 (lambda* (#:key inputs #:allow-other-keys)
801 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
802 #t)))))
cc2b77df
AE		 803 (synopsis "Perl extension for using OpenSSL")
804 (description
805 "This module offers some high level convenience functions for accessing
806web pages on SSL servers (for symmetry, the same API is offered for accessing
807http servers, too), an sslcat() function for writing your own clients, and
808finally access to the SSL api of the SSLeay/OpenSSL package so you can write
809servers or clients for more complicated applications.")
2f3108ad 810 (license license:perl-license)
9aba9b12 811 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 812
813(define-public perl-crypt-openssl-rsa
814 (package
815 (name "perl-crypt-openssl-rsa")
a9994b27 816 (version "0.31")
4532c0c0
DM		 817 (source
818 (origin
819 (method url-fetch)
820 (uri (string-append
683b8d47 821 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 822 version
823 ".tar.gz"))
824 (sha256
825 (base32
a9994b27 826 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 827 (build-system perl-build-system)
683b8d47
TGR		 828 (native-inputs
829 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 830 (inputs
831 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
832 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
833 ("openssl" ,openssl)))
834 (arguments perl-crypt-arguments)
835 (home-page
9aba9b12 836 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 837 (synopsis
838 "RSA encoding and decoding, using the openSSL libraries")
839 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
840OpenSSL libraries).")
2f3108ad 841 (license license:perl-license)))
adff71ca
DM		 842
843(define perl-crypt-arguments
844 `(#:phases (modify-phases %standard-phases
845 (add-before 'configure 'patch-Makefile.PL
846 (lambda* (#:key inputs #:allow-other-keys)
847 (substitute* "Makefile.PL"
848 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
849 (assoc-ref inputs "openssl")
850 "/lib -lcrypto'],")))
851 #t)))))
852
853(define-public perl-crypt-openssl-bignum
854 (package
855 (name "perl-crypt-openssl-bignum")
7e8aac18 856 (version "0.09")
adff71ca
DM		 857 (source
858 (origin
859 (method url-fetch)
860 (uri (string-append
861 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
862 version
863 ".tar.gz"))
864 (sha256
865 (base32
7e8aac18 866 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 867 (build-system perl-build-system)
868 (inputs `(("openssl" ,openssl)))
869 (arguments perl-crypt-arguments)
870 (home-page
9aba9b12 871 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 872 (synopsis
873 "OpenSSL's multiprecision integer arithmetic in Perl")
874 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
875arithmetic in Perl.")
876 ;; At your option either gpl1+ or the Artistic License
2f3108ad 877 (license license:perl-license)))
cccb4d26 878
c80590f6
TGR		 879(define-public perl-crypt-openssl-guess
880 (package
881 (name "perl-crypt-openssl-guess")
882 (version "0.11")
883 (source
884 (origin
885 (method url-fetch)
886 (uri (string-append
887 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
888 version ".tar.gz"))
889 (sha256
890 (base32
891 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
892 (build-system perl-build-system)
9aba9b12 893 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 894 (synopsis "Guess the OpenSSL include path")
895 (description
896 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
897correct OpenSSL include path. It is intended for use in your
898@file{Makefile.PL}.")
899 (license license:perl-license)))
900
cccb4d26
DM		 901(define-public perl-crypt-openssl-random
902 (package
903 (name "perl-crypt-openssl-random")
fa2d19cc 904 (version "0.15")
cccb4d26
DM		 905 (source
906 (origin
907 (method url-fetch)
908 (uri (string-append
909 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
910 version
911 ".tar.gz"))
912 (sha256
fa2d19cc 913 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 914 (build-system perl-build-system)
b30c23c4
TGR		 915 (native-inputs
916 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
917 (inputs
918 `(("openssl" ,openssl)))
cccb4d26
DM		 919 (arguments perl-crypt-arguments)
920 (home-page
9aba9b12 921 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 922 (synopsis
923 "OpenSSL/LibreSSL pseudo-random number generator access")
924 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
925number generator")
2f3108ad 926 (license license:perl-license)))
0581c273
LF		 927
928(define-public acme-client
929 (package
930 (name "acme-client")
4a6b2a21 931 (version "0.1.16")
0581c273
LF		 932 (source (origin
933 (method url-fetch)
934 (uri (string-append "https://kristaps.bsd.lv/" name "/"
935 "snapshots/" name "-portable-"
936 version ".tgz"))
937 (sha256
938 (base32
4a6b2a21 939 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 940 (build-system gnu-build-system)
941 (arguments
942 '(#:tests? #f ; no test suite
943 #:make-flags
944 (list "CC=gcc"
945 (string-append "PREFIX=" (assoc-ref %outputs "out")))
946 #:phases
947 (modify-phases %standard-phases
7c1a7bf4
LF		 948 (add-after 'unpack 'patch-paths
949 (lambda* (#:key inputs #:allow-other-keys)
950 (let ((pem (string-append (assoc-ref inputs "libressl")
951 "/etc/ssl/cert.pem")))
952 (substitute* "http.c"
953 (("/etc/ssl/cert.pem") pem))
954 #t)))
0581c273 955 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 956 (native-inputs
957 `(("pkg-config" ,pkg-config)))
0581c273
LF		 958 (inputs
959 `(("libbsd" ,libbsd)
960 ("libressl" ,libressl)))
961 (synopsis "Let's Encrypt client by the OpenBSD project")
962 (description "acme-client is a Let's Encrypt client implemented in C. It
963uses a modular design, and attempts to secure itself by dropping privileges and
964operating in a chroot where possible. acme-client is developed on OpenBSD and
965then ported to the GNU / Linux environment.")
966 (home-page "https://kristaps.bsd.lv/acme-client/")
967 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
968 ;; and 'jsmn.c' are distributed under the Expat license.
969 (license (list license:isc license:expat))))
88522738 970
971;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
972;; variant exists in addition to the "-apache" one.
973(define-public mbedtls-apache
974 (package
975 (name "mbedtls-apache")
5cdb25c6
TGR		 976 ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
977 ;; when updating.
927ecd4e 978 (version "2.23.0")
88522738 979 (source
980 (origin
927ecd4e
TGR		 981 (method git-fetch)
982 (uri (git-reference
983 (url "https://github.com/ARMmbed/mbedtls")
984 (commit (string-append "mbedtls-" version))))
88522738 985 (sha256
927ecd4e
TGR		 986 (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62"))
987 (file-name (git-file-name name version))))
88522738 988 (build-system cmake-build-system)
a64d9d56
RW		 989 (arguments
990 `(#:configure-flags
92ebd8ed 991 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
927ecd4e
TGR		 992 "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
993 #:phases
994 (modify-phases %standard-phases
995 (add-after 'unpack 'make-source-writable
996 (lambda _
997 (for-each make-file-writable (find-files "."))
927ecd4e 998 #t)))))
88522738 999 (native-inputs
38a9bf80
TGR		 1000 `(("perl" ,perl)
1001 ("python" ,python)))
88522738 1002 (synopsis "Small TLS library")
1003 (description
1004 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
1005for developers to include cryptographic and SSL/TLS capabilities in their
1006(embedded) products, facilitating this functionality with a minimal
1007coding footprint.")
1008 (home-page "https://tls.mbed.org")
1009 (license license:asl2.0)))
587d1752 1010
8e87aa04
TGR		 1011;; The Hiawatha Web server requires some specific features to be enabled.
1012(define-public mbedtls-for-hiawatha
1013 (hidden-package
1014 (package
1015 (inherit mbedtls-apache)
1016 (arguments
5cdb25c6
TGR		 1017 (substitute-keyword-arguments (package-arguments mbedtls-apache)
1018 ((#:phases phases)
1019 `(modify-phases ,phases
1020 (add-before 'configure 'configure-extra-features
1021 (lambda _
1022 (for-each (lambda (feature)
1023 (invoke "scripts/config.pl" "set" feature))
1024 (list "MBEDTLS_THREADING_C"
1025 "MBEDTLS_THREADING_PTHREAD"))
1026 ;; XXX The above enables code that breaks with -Werror…
1027 (substitute* "CMakeLists.txt"
1028 ((" -Wformat-signedness") ""))
1029 #t)))))))))
8e87aa04 1030
e8b3a158
CL		 1031(define-public dehydrated
1032 (package
1033 (name "dehydrated")
69b98261 1034 (version "0.7.0")
e8b3a158 1035 (source (origin
2850d877 1036 (method url-fetch)
e8b3a158 1037 (uri (string-append
bb5ab9bf 1038 "https://github.com/dehydrated-io/dehydrated/releases/download/"
2850d877 1039 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 1040 (sha256
1041 (base32
69b98261 1042 "1yf4kldyd5y13r6qxrkcbbk74ykngq7jzy0351vb2r3ywp114pqw"))))
e8b3a158
CL		 1043 (build-system trivial-build-system)
1044 (arguments
c150d637
TGR		 1045 `(#:modules ((guix build utils)
1046 (srfi srfi-26))
e8b3a158
CL		 1047 #:builder
1048 (begin
c150d637
TGR		 1049 (use-modules (guix build utils)
1050 (srfi srfi-26))
e8b3a158 1051 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 1052 (tar (assoc-ref %build-inputs "tar"))
1053 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 1054 (out (assoc-ref %outputs "out"))
1055 (bin (string-append out "/bin"))
c150d637
TGR		 1056 (doc (string-append out "/share/doc/" ,name "-" ,version))
1057 (man (string-append out "/share/man"))
e8b3a158 1058 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 1059
1060 (setenv "PATH" (string-append gz "/bin"))
1061 (invoke (string-append tar "/bin/tar") "xvf" source)
1062 (chdir (string-append ,name "-" ,version))
1063
c150d637
TGR		 1064 (copy-recursively "docs" doc)
1065 (install-file "LICENSE" doc)
1066
1067 (mkdir-p man)
1068 (rename-file (string-append doc "/man")
1069 (string-append man "/man1"))
1070 (for-each (cut invoke "gzip" "-9" <>)
1071 (find-files man ".*"))
1072
2850d877 1073 (install-file "dehydrated" bin)
e8b3a158 1074 (with-directory-excursion bin
e8b3a158
CL		 1075 (patch-shebang "dehydrated" (list bash))
1076
c150d637 1077 ;; Do not try to write to the store.
e8b3a158
CL		 1078 (substitute* "dehydrated"
1079 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
1080
1081 (setenv "PATH" bash)
1082 (wrap-program "dehydrated"
1083 `("PATH" ":" prefix
1084 ,(map (lambda (dir)
1085 (string-append dir "/bin"))
1086 (map (lambda (input)
1087 (assoc-ref %build-inputs input))
1088 '("coreutils"
1089 "curl"
1090 "diffutils"
1091 "gawk"
1092 "grep"
1093 "openssl"
1094 "sed"))))))
1095 #t))))
1096 (inputs
1097 `(("bash" ,bash)
1098 ("coreutils" ,coreutils)
1099 ("curl" ,curl)
1100 ("diffutils" ,diffutils)
1101 ("gawk" ,gawk)
1102 ("grep" ,grep)
1103 ("openssl" ,openssl)
1104 ("sed" ,sed)))
2850d877
EF		 1105 (native-inputs
1106 `(("gzip" ,gzip)
1107 ("tar" ,tar)))
e8b3a158
CL		 1108 (home-page "https://dehydrated.io/")
1109 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
1110 (description "Dehydrated is a client for signing certificates with an
1111ACME-server (currently only provided by Let's Encrypt) implemented as a
1112relatively simple Bash script.")
1113 (license license:expat)))
ea22aa1f
LF		 1114
1115(define-public go-github-com-certifi-gocertifi
db388401
LF		 1116 (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec")
1117 (revision "1"))
1118 (package
1119 (name "go-github-com-certifi-gocertifi")
1120 (version (git-version "2018.01.18" revision commit))
1121 (source (origin
1122 (method git-fetch)
1123 (uri (git-reference
1124 (url "https://github.com/certifi/gocertifi")
1125 (commit commit)))
1126 (file-name (git-file-name name version))
1127 (sha256
1128 (base32
1129 "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj"))))
1130 (build-system go-build-system)
1131 (arguments
1132 '(#:import-path "github.com/certifi/gocertifi"))
1133 (synopsis "X.509 TLS root certificate bundle for Go")
1134 (description "This package is a Go language X.509 TLS root certificate bundle,
ea22aa1f 1135derived from Mozilla's collection.")
db388401
LF		 1136 (home-page "https://certifi.io")
1137 (license license:mpl2.0))))
1b518888
GH		 1138
1139(define-public s2n
1140 (package
1141 (name "s2n")
1142 (version "1.0.0")
1143 (source (origin
1144 (method git-fetch)
1145 (uri (git-reference
1146 (url (string-append "https://github.com/awslabs/" name))
1147 (commit (string-append "v" version))))
1148 (file-name (git-file-name name version))
1149 (sha256
1150 (base32
1151 "1q6kmgwb8jxmc4ijzk9pkqzz8lsbfsv9hyzqvy944w7306zx1r5h"))))
1152 (build-system cmake-build-system)
1153 (arguments
1154 '(#:tests? #f ; tests fail to build for static library
1155 #:configure-flags
1156 '("-DBUILD_TESTING=OFF"
1157 "-DBUILD_SHARED_LIBS=ON")))
1158 (propagated-inputs
1159 `(("openssl" ,openssl)
1160 ("openssl:static" ,openssl "static")))
1161 (synopsis "SSL/TLS implementation")
1162 (description "This library provides a C99 implementation of SSL/TLS.")
1163 (home-page "https://github.com/awslabs/s2n")
1164 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/