HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: perl: Actually produce a host perl when cross-compiling.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
ac83dc82 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
05f6e601 3;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ea22aa1f 7;;; Copyright © 2015, 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
2850d877 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
47956fa0 9;;; Copyright © 2016, 2017, 2018 ng0 <ng0@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e8df8800 12;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
a92c6b1a 13;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
bdcdd550 16;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
a9bcc647 17;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
7543f865 18;;;
233e7676 19;;; This file is part of GNU Guix.
7543f865 20;;;
233e7676 21;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 22;;; under the terms of the GNU General Public License as published by
23;;; the Free Software Foundation; either version 3 of the License, or (at
24;;; your option) any later version.
25;;;
233e7676 26;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 27;;; WITHOUT ANY WARRANTY; without even the implied warranty of
28;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29;;; GNU General Public License for more details.
30;;;
31;;; You should have received a copy of the GNU General Public License
233e7676 32;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 33
a7fd7b68 34(define-module (gnu packages tls)
e9aa8d0c 35 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 36 #:use-module (guix packages)
37 #:use-module (guix download)
ea22aa1f 38 #:use-module (guix git-download)
29a7c98a 39 #:use-module (guix utils)
7543f865 40 #:use-module (guix build-system gnu)
ea22aa1f 41 #:use-module (guix build-system go)
cc2b77df 42 #:use-module (guix build-system perl)
7890e3ba 43 #:use-module (guix build-system python)
88522738 44 #:use-module (guix build-system cmake)
e8b3a158 45 #:use-module (guix build-system trivial)
f61e0e79 46 #:use-module (gnu packages compression)
013ce67b 47 #:use-module (gnu packages)
e8b3a158 48 #:use-module (gnu packages bash)
ac257f12 49 #:use-module (gnu packages check)
e8b3a158 50 #:use-module (gnu packages curl)
5b9aa107 51 #:use-module (gnu packages dns)
e8b3a158 52 #:use-module (gnu packages gawk)
1ffa7090 53 #:use-module (gnu packages guile)
a9bcc647 54 #:use-module (gnu packages hurd)
0581c273 55 #:use-module (gnu packages libbsd)
27e86bed 56 #:use-module (gnu packages libffi)
866f469e 57 #:use-module (gnu packages libidn)
5d4c90ae 58 #:use-module (gnu packages linux)
7890e3ba 59 #:use-module (gnu packages ncurses)
27e86bed 60 #:use-module (gnu packages nettle)
1ffa7090 61 #:use-module (gnu packages perl)
27e86bed 62 #:use-module (gnu packages pkg-config)
7890e3ba 63 #:use-module (gnu packages python)
cc6f4912 64 #:use-module (gnu packages python-crypto)
1b2f753d 65 #:use-module (gnu packages python-web)
44d10b1f 66 #:use-module (gnu packages python-xyz)
9d0c291e 67 #:use-module (gnu packages sphinx)
a31f4d35 68 #:use-module (gnu packages texinfo)
33dc54b0 69 #:use-module (gnu packages time)
079f013b
LC		 70 #:use-module (gnu packages base)
71 #:use-module (srfi srfi-1))
7543f865
LC		 72
73(define-public libtasn1
74 (package
75 (name "libtasn1")
3a22f04a 76 (version "4.16.0")
7543f865
LC		 77 (source
78 (origin
79 (method url-fetch)
80 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
81 version ".tar.gz"))
82 (sha256
83 (base32
3a22f04a 84 "179jskl7dmfp1rd2khkzmlibzgki4wi6hvmmwfv7q49r728b03qf"))))
7543f865 85 (build-system gnu-build-system)
d9f84612
MB		 86 (arguments
87 `(#:configure-flags '("--disable-static")))
3ea110b7 88 (native-inputs `(("perl" ,perl)))
6fd52309 89 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 90 (synopsis "ASN.1 library")
7543f865 91 (description
79c311b8
LC		 92 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
93for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 94networking, allowing for formal validation of data according to some
95specifications.")
e9aa8d0c 96 (license license:lgpl2.0+)))
7543f865 97
375cef6c
HG		 98(define-public asn1c
99 (package
100 (name "asn1c")
ff7da7e0 101 (version "0.9.28")
375cef6c
HG		 102 (source (origin
103 (method url-fetch)
104 (uri (string-append "https://lionet.info/soft/asn1c-"
105 version ".tar.gz"))
106 (sha256
107 (base32
ff7da7e0 108 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 109 (build-system gnu-build-system)
110 (native-inputs
111 `(("perl" ,perl)))
112 (home-page "https://lionet.info/asn1c")
113 (synopsis "ASN.1 to C compiler")
114 (description "The ASN.1 to C compiler takes ASN.1 module
115files and generates C++ compatible C source code. That code can be
116used to serialize the native C structures into compact and unambiguous
117BER/XER/PER-based data files, and deserialize the files back.
118
119Various ASN.1 based formats are widely used in the industry, such as to encode
120the X.509 certificates employed in the HTTPS handshake, to exchange control
121data between mobile phones and cellular networks, to car-to-car communication
122in intelligent transportation networks.")
123 (license license:bsd-2)))
124
27e86bed
AE		 125(define-public p11-kit
126 (package
127 (name "p11-kit")
8c98ef7d 128 (version "0.23.20")
27e86bed
AE		 129 (source
130 (origin
131 (method url-fetch)
e6ad9bda 132 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
eae94df6 133 "download/" version "/p11-kit-" version ".tar.xz"))
27e86bed
AE		 134 (sha256
135 (base32
8c98ef7d 136 "0131maw666ha4d6iyj13fkz18c4pnb3lw2xwv5kvkmnzqcj61n0l"))))
27e86bed
AE		 137 (build-system gnu-build-system)
138 (native-inputs
139 `(("pkg-config" ,pkg-config)))
140 (inputs
141 `(("libffi" ,libffi)
142 ("libtasn1" ,libtasn1)))
143 (arguments
d5c472a2
MB		 144 `(#:configure-flags '("--without-trust-paths")
145 #:phases (modify-phases %standard-phases
146 (add-before 'check 'prepare-tests
147 (lambda _
148 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
149 ;; and looks for .cache and other directories (only).
150 ;; For simplicity just drop it since it is irrelevant
151 ;; in the build container.
152 (substitute* "Makefile"
153 (("test-runtime\\$\\(EXEEXT\\)") ""))
154 #t)))))
4631e6c9 155 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 156 (synopsis "PKCS#11 library")
157 (description
158 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
159provides a standard configuration setup for installing PKCS#11 modules
160in such a way that they are discoverable. It also solves problems with
161coordinating the use of PKCS#11 by different components or libraries
162living in the same process.")
e9aa8d0c 163 (license license:bsd-3)))
27e86bed 164
7543f865
LC		 165(define-public gnutls
166 (package
167 (name "gnutls")
a270af31 168 (replacement gnutls-3.6.13)
584d08c5 169 (version "3.6.12")
d7d408d5
LC		 170 (source (origin
171 (method url-fetch)
172 (uri
173 ;; Note: Releases are no longer on ftp.gnu.org since the
174 ;; schism (after version 3.1.5).
d93627e4 175 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 176 (version-major+minor version)
d93627e4 177 "/gnutls-" version ".tar.xz"))
06f5bc4e 178 (patches (search-patches "gnutls-skip-trust-store-test.patch"))
d7d408d5
LC		 179 (sha256
180 (base32
584d08c5 181 "0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z"))))
7543f865 182 (build-system gnu-build-system)
b94ae0b8 183 (arguments
76b21274
LF		 184 `(; Ensure we don't keep a reference to this buggy software.
185 #:disallowed-references (,net-tools)
186 #:configure-flags
a0700787 187 (list
aa7c7f21
MW		 188 ;; GnuTLS doesn't consult any environment variables to specify
189 ;; the location of the system-wide trust store. Instead it has a
190 ;; configure-time option. Unless specified, its configure script
191 ;; attempts to auto-detect the location by looking for common
8f65585b 192 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 193 ;; chroot build environment. If not found, then no default trust
194 ;; store is used, so each program has to provide its own
195 ;; fallback, and users have to configure each program
196 ;; independently. This seems suboptimal.
866f469e
MW		 197 "--with-default-trust-store-dir=/etc/ssl/certs"
198
7892edc2
MB		 199 ;; Tell the build system that we want Guile bindings installed to
200 ;; the output instead of Guiles own module directory.
201 (string-append "--with-guile-site-dir="
202 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
203 (string-append "--with-guile-site-ccache-dir="
204 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
205 (string-append "--with-guile-extension-dir="
206 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
207
866f469e
MW		 208 ;; FIXME: Temporarily disable p11-kit support since it is not
209 ;; working on mips64el.
606c6380
LC		 210 "--without-p11-kit")
211
212 #:phases (modify-phases %standard-phases
213 (add-after
214 'install 'move-doc
215 (lambda* (#:key outputs #:allow-other-keys)
216 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
217 (let* ((out (assoc-ref outputs "out"))
218 (doc (assoc-ref outputs "doc"))
9cdce047 219 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 220 (oldman (string-append out "/share/man/man3")))
221 (mkdir-p mandir)
222 (copy-recursively oldman mandir)
223 (delete-file-recursively oldman)
224 #t))))))
225 (outputs '("out" ;4.4 MiB
226 "debug"
227 "doc")) ;4.1 MiB of man pages
a1db0975 228 (native-inputs
a9bcc647
JN		 229 `(,@(if (hurd-target?) '()
230 `(("net-tools" ,net-tools)))
5d4c90ae 231 ("pkg-config" ,pkg-config)
ac83dc82 232 ("which" ,which)
971c8bb0
LC		 233 ("datefudge" ,datefudge) ;tests rely on 'datefudge'
234 ("util-linux" ,util-linux))) ;one test needs 'setsid'
7543f865 235 (inputs
67a3c8ed 236 `(("guile" ,guile-3.0)))
7543f865 237 (propagated-inputs
d2fcfd3d 238 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 239 `(("libtasn1" ,libtasn1)
55e61c4d 240 ("libidn2" ,libidn2)
866f469e 241 ("nettle" ,nettle)
f61e0e79 242 ("zlib" ,zlib)))
c19700c3 243 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 244 (synopsis "Transport layer security library")
7543f865 245 (description
a22dc0c4 246 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 247and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 248protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
249required structures.")
63e8bb12
LC		 250 (license license:lgpl2.1+)
251 (properties '((ftp-server . "ftp.gnutls.org")
252 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 253
a5ab71c7 254(define-public gnutls-3.6.13
079f013b 255 (package
58ea4d40 256 (inherit gnutls)
27783023 257 (version "3.6.13")
a270af31
LF		 258 (source (origin
259 (method url-fetch)
260 (uri (string-append "mirror://gnupg/gnutls/v"
261 (version-major+minor version)
262 "/gnutls-3.6.13.tar.xz"))
7eee37cd
JN		 263 (patches (search-patches "gnutls-skip-trust-store-test.patch"
264 "gnutls-cross.patch"))
a270af31
LF		 265 (sha256
266 (base32
7eee37cd
JN		 267 "0f1gnm0756qms5cpx6yn6xb8d3imc2gkqmygf12n9x6r8zs1s11j"))))
268 (native-inputs
269 `(,@(if (%current-target-system) ;for cross-build
270 `(("guile" ,guile-3.0)) ;to create .go files
271 '())
272 ,@(package-native-inputs gnutls)))))
a270af31
LF		 273
274(define-public gnutls/guile-2.0
275 ;; GnuTLS for Guile 2.0.
276 (package/inherit gnutls
a0700787
LC		 277 (name "guile2.0-gnutls")
278 (inputs `(("guile" ,guile-2.0)
58ea4d40 279 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 280
5b9aa107 281(define-public gnutls/dane
282 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
283 ;; Authentication of Named Entities. This is required for GNS functionality
284 ;; by GNUnet and gnURL. This is done in an extra package definition
285 ;; to have the choice between GnuTLS with Dane and without Dane.
a270af31 286 (package/inherit gnutls
5b9aa107 287 (name "gnutls-dane")
288 (inputs `(("unbound" ,unbound)
289 ,@(package-inputs gnutls)))))
290
67a3c8ed 291(define-public guile2.2-gnutls
d630d781 292 (package
5f9f034e 293 (inherit gnutls)
67a3c8ed
MB		 294 (name "guile2.2-gnutls")
295 (inputs `(("guile" ,guile-2.2)
d630d781 296 ,@(alist-delete "guile"
5f9f034e 297 (package-inputs gnutls))))))
d630d781 298
4e6c9f56
LC		 299(define-public guile3.0-gnutls
300 (deprecated-package "guile3.0-gnutls" gnutls))
67a3c8ed 301
cc2b77df
AE		 302(define-public openssl
303 (package
304 (name "openssl")
95ac5cd6 305 (version "1.1.1f")
cc2b77df 306 (source (origin
4cff124b 307 (method url-fetch)
bdf0b6fc
MB		 308 (uri (list (string-append "https://www.openssl.org/source/openssl-"
309 version ".tar.gz")
310 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 311 "openssl-" version ".tar.gz")
4cff124b
LC		 312 (string-append "ftp://ftp.openssl.org/source/old/"
313 (string-trim-right version char-set:letter)
c7f5c3ea 314 "/openssl-" version ".tar.gz")))
4cff124b
LC		 315 (sha256
316 (base32
95ac5cd6
MB		 317 "0d9zv9srjqivs8nn099fpbjv1wyhfcb8lzy491dpmfngdvz6nv0q"))
318 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
cc2b77df 319 (build-system gnu-build-system)
8c78aeb7 320 (outputs '("out"
e74f153a
MB		 321 "doc" ;6.8 MiB of man3 pages and full HTML documentation
322 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 323 (native-inputs `(("perl" ,perl)))
324 (arguments
88b52527 325 `(#:parallel-tests? #f
cc2b77df 326 #:test-target "test"
8c9ec203
LF		 327
328 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
329 ;; so we explicitly disallow it here.
330 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 331 #:phases
b6cb1358 332 (modify-phases %standard-phases
bdcdd550
MO		 333 ,@(if (%current-target-system)
334 '((add-before
335 'configure 'set-cross-compile
336 (lambda* (#:key target outputs #:allow-other-keys)
337 (setenv "CROSS_COMPILE" (string-append target "-"))
338 (setenv "CONFIGURE_TARGET_ARCH"
339 (cond
a58f3708
JN		 340 ((string-prefix? "i586" target)
341 "hurd-x86")
bdcdd550
MO		 342 ((string-prefix? "i686" target)
343 "linux-x86")
344 ((string-prefix? "x86_64" target)
345 "linux-x86_64")
346 ((string-prefix? "arm" target)
347 "linux-armv4")
348 ((string-prefix? "aarch64" target)
349 "linux-aarch64")))
350 #t)))
351 '())
e74f153a
MB		 352 (replace 'configure
353 (lambda* (#:key outputs #:allow-other-keys)
354 (let* ((out (assoc-ref outputs "out"))
355 (lib (string-append out "/lib")))
356 ;; It's not a shebang so patch-source-shebangs misses it.
357 (substitute* "config"
358 (("/usr/bin/env")
359 (string-append (assoc-ref %build-inputs "coreutils")
360 "/bin/env")))
bdcdd550
MO		 361 (invoke ,@(if (%current-target-system)
362 '("./Configure")
363 '("./config"))
e74f153a
MB		 364 "shared" ;build shared libraries
365 "--libdir=lib"
4fb254a3 366
e74f153a
MB		 367 ;; The default for this catch-all directory is
368 ;; PREFIX/ssl. Change that to something more
369 ;; conventional.
370 (string-append "--openssldir=" out
371 "/share/openssl-" ,version)
4fb254a3 372
e74f153a 373 (string-append "--prefix=" out)
bdcdd550
MO		 374 (string-append "-Wl,-rpath," lib)
375 ,@(if (%current-target-system)
376 '((getenv "CONFIGURE_TARGET_ARCH"))
377 '())))))
8c78aeb7
LC		 378 (add-after 'install 'move-static-libraries
379 (lambda* (#:key outputs #:allow-other-keys)
380 ;; Move static libraries to the "static" output.
381 (let* ((out (assoc-ref outputs "out"))
382 (lib (string-append out "/lib"))
383 (static (assoc-ref outputs "static"))
384 (slib (string-append static "/lib")))
8c78aeb7
LC		 385 (for-each (lambda (file)
386 (install-file file slib)
387 (delete-file file))
388 (find-files lib "\\.a$"))
389 #t)))
e74f153a 390 (add-after 'install 'move-extra-documentation
a909b576 391 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 392 ;; Move man3 pages and full HTML documentation to "doc".
393 (let* ((out (assoc-ref outputs "out"))
394 (man3 (string-append out "/share/man/man3"))
395 (html (string-append out "/share/doc/openssl"))
396 (doc (assoc-ref outputs "doc"))
397 (man-target (string-append doc "/share/man/man3"))
398 (html-target (string-append doc "/share/doc/openssl")))
399 (copy-recursively man3 man-target)
400 (delete-file-recursively man3)
401 (copy-recursively html html-target)
402 (delete-file-recursively html)
403 #t)))
784d6e91
LC		 404 (add-after
405 'install 'remove-miscellany
406 (lambda* (#:key outputs #:allow-other-keys)
407 ;; The 'misc' directory contains random undocumented shell and Perl
408 ;; scripts. Remove them to avoid retaining a reference on Perl.
409 (let ((out (assoc-ref outputs "out")))
410 (delete-file-recursively (string-append out "/share/openssl-"
411 ,version "/misc"))
412 #t))))))
cc2b77df 413 (native-search-paths
cc2b77df
AE		 414 (list (search-path-specification
415 (variable "SSL_CERT_DIR")
5d7a47cc 416 (separator #f) ;single entry
cc2b77df
AE		 417 (files '("etc/ssl/certs")))
418 (search-path-specification
419 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 420 (file-type 'regular)
421 (separator #f) ;single entry
cc2b77df
AE		 422 (files '("etc/ssl/certs/ca-certificates.crt")))))
423 (synopsis "SSL/TLS implementation")
424 (description
e881752c 425 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 426 (license license:openssl)
4631e6c9 427 (home-page "https://www.openssl.org/")))
cc2b77df 428
e74f153a 429(define-public openssl-1.0
763899f0
LF		 430 (package
431 (inherit openssl)
432 (name "openssl")
b0b79542 433 (version "1.0.2u")
763899f0 434 (source (origin
e74f153a
MB		 435 (method url-fetch)
436 (uri (list (string-append "https://www.openssl.org/source/openssl-"
437 version ".tar.gz")
438 (string-append "ftp://ftp.openssl.org/source/"
439 "openssl-" version ".tar.gz")
440 (string-append "ftp://ftp.openssl.org/source/old/"
441 (string-trim-right version char-set:letter)
442 "/openssl-" version ".tar.gz")))
763899f0
LF		 443 (sha256
444 (base32
b0b79542 445 "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
e74f153a
MB		 446 (patches (search-patches "openssl-runpath.patch"
447 "openssl-c-rehash-in.patch"))))
763899f0 448 (outputs '("out"
e74f153a
MB		 449 "doc" ;1.5MiB of man3 pages
450 "static")) ;6MiB of .a files
763899f0
LF		 451 (arguments
452 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 453 ;; Parallel build is not supported in 1.0.x.
454 ((#:parallel-build? _ #f) #f)
763899f0
LF		 455 ((#:phases phases)
456 `(modify-phases ,phases
e74f153a
MB		 457 (add-before 'patch-source-shebangs 'patch-tests
458 (lambda* (#:key inputs native-inputs #:allow-other-keys)
459 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
460 (substitute* (find-files "test" ".*")
461 (("/bin/sh")
462 (string-append bash "/bin/sh"))
463 (("/bin/rm")
464 "rm"))
465 #t)))
466 (add-before 'configure 'patch-Makefile.org
763899f0 467 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 468 ;; The default MANDIR is some unusual place. Fix that.
469 (let ((out (assoc-ref outputs "out")))
470 (patch-makefile-SHELL "Makefile.org")
471 (substitute* "Makefile.org"
472 (("^MANDIR[[:blank:]]*=.*$")
473 (string-append "MANDIR = " out "/share/man\n")))
474 #t)))
bdcdd550
MO		 475 (replace 'configure
476 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
477 (lambda* (#:key outputs #:allow-other-keys)
478 (let ((out (assoc-ref outputs "out")))
479 (invoke ,@(if (%current-target-system)
480 '("./Configure")
481 '("./config"))
482 "shared" ;build shared libraries
483 "--libdir=lib"
fc184fe2 484
bdcdd550
MO		 485 ;; The default for this catch-all directory is
486 ;; PREFIX/ssl. Change that to something more
487 ;; conventional.
488 (string-append "--openssldir=" out
489 "/share/openssl-" ,version)
fc184fe2 490
bdcdd550
MO		 491 (string-append "--prefix=" out)
492 ,@(if (%current-target-system)
493 '((getenv "CONFIGURE_TARGET_ARCH"))
494 '())))))
e74f153a
MB		 495 (delete 'move-extra-documentation)
496 (add-after 'install 'move-man3-pages
497 (lambda* (#:key outputs #:allow-other-keys)
498 ;; Move section 3 man pages to "doc".
499 (let* ((out (assoc-ref outputs "out"))
500 (man3 (string-append out "/share/man/man3"))
501 (doc (assoc-ref outputs "doc"))
502 (target (string-append doc "/share/man/man3")))
503 (mkdir-p target)
504 (for-each (lambda (file)
505 (rename-file file
506 (string-append target "/"
507 (basename file))))
508 (find-files man3))
509 (delete-file-recursively man3)
510 #t)))
fc184fe2
MB		 511 ;; XXX: Duplicate this phase to make sure 'version' evaluates
512 ;; in the current scope and not the inherited one.
513 (replace 'remove-miscellany
514 (lambda* (#:key outputs #:allow-other-keys)
515 ;; The 'misc' directory contains random undocumented shell and Perl
516 ;; scripts. Remove them to avoid retaining a reference on Perl.
517 (let ((out (assoc-ref outputs "out")))
518 (delete-file-recursively (string-append out "/share/openssl-"
519 ,version "/misc"))
763899f0
LF		 520 #t)))))))))
521
cb6a802c
AE		 522(define-public libressl
523 (package
524 (name "libressl")
0250672b 525 (version "3.0.2")
644e5f17
TGR		 526 (source (origin
527 (method url-fetch)
528 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 529 "libressl-" version ".tar.gz"))
644e5f17
TGR		 530 (sha256
531 (base32
0250672b 532 "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz"))))
cb6a802c 533 (build-system gnu-build-system)
a2d64899
LC		 534 (arguments
535 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
536 ;; and libc would return ENOSYS, which is not properly handled.
537 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 538 '(#:configure-flags '("ac_cv_func_getentropy=no"
539 ;; Provide a TLS-enabled netcat.
540 "--enable-nc")))
cb6a802c 541 (native-search-paths
cb6a802c
AE		 542 (list (search-path-specification
543 (variable "SSL_CERT_DIR")
04cfe91e 544 (separator #f) ;single entry
cb6a802c
AE		 545 (files '("etc/ssl/certs")))
546 (search-path-specification
547 (variable "SSL_CERT_FILE")
04cfe91e 548 (separator #f) ;single entry
cb6a802c 549 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 550 (home-page "https://www.libressl.org/")
cb6a802c 551 (synopsis "SSL/TLS implementation")
df08f385
LF		 552 (description "LibreSSL is a version of the TLS/crypto stack, forked from
553OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
554and applying best practice development processes. This package also includes a
555netcat implementation that supports TLS.")
cb6a802c
AE		 556 ;; Files taken from OpenSSL keep their license, others are under various
557 ;; non-copyleft licenses.
558 (license (list license:openssl
559 (license:non-copyleft
560 "file://COPYING"
561 "See COPYING in the distribution.")))))
562
6cefd53d 563(define-public python-acme
7890e3ba 564 (package
6cefd53d 565 (name "python-acme")
686d4259 566 ;; Remember to update the hash of certbot when updating python-acme.
7cfcc38f 567 (version "1.3.0")
7890e3ba 568 (source (origin
9495cf9a 569 (method url-fetch)
f349d36e 570 (uri (pypi-uri "acme" version))
881006b6
MB		 571 (sha256
572 (base32
7cfcc38f 573 "03fjmg0fgfy7xfn3i8rzn9i0i4amajmijkash84qb8mlphgrxpn0"))))
7890e3ba
LF		 574 (build-system python-build-system)
575 (arguments
6cefd53d 576 `(#:phases
9bee9d87 577 (modify-phases %standard-phases
1fc8476d
MB		 578 (add-after 'build 'build-documentation
579 (lambda _
d4bd2453 580 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 581 (add-after 'install 'install-documentation
50a7963a
LF		 582 (lambda* (#:key outputs #:allow-other-keys)
583 (let* ((out (assoc-ref outputs "out"))
584 (man (string-append out "/share/man/man1"))
585 (info (string-append out "/info")))
1fc8476d
MB		 586 (install-file "docs/_build/texinfo/acme-python.info" info)
587 (install-file "docs/_build/man/acme-python.1" man)
588 #t))))))
50a7963a 589 ;; TODO: Add optional inputs for testing.
7890e3ba 590 (native-inputs
4ae65558 591 `(("python-mock" ,python-mock)
b494bbe4 592 ("python-pytest" ,python-pytest)
50a7963a
LF		 593 ;; For documentation
594 ("python-sphinx" ,python-sphinx)
595 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
596 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 597 ("texinfo" ,texinfo)))
7890e3ba 598 (propagated-inputs
92572184
LF		 599 `(("python-josepy" ,python-josepy)
600 ("python-six" ,python-six)
6cefd53d 601 ("python-requests" ,python-requests)
b494bbe4 602 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 603 ("python-pytz" ,python-pytz)
604 ("python-pyrfc3339" ,python-pyrfc3339)
605 ("python-pyasn1" ,python-pyasn1)
606 ("python-cryptography" ,python-cryptography)
607 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 608 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 609 (synopsis "ACME protocol implementation in Python")
610 (description "ACME protocol implementation in Python")
611 (license license:asl2.0)))
612
9495cf9a 613(define-public certbot
9fd0838b 614 (package
9495cf9a 615 (name "certbot")
686d4259
LF		 616 ;; Certbot and python-acme are developed in the same repository, and their
617 ;; versions should remain synchronized.
618 (version (package-version python-acme))
9fd0838b
DT		 619 (source (origin
620 (method url-fetch)
b380463b 621 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 622 (sha256
623 (base32
7cfcc38f 624 "1n5i0k6kwmd6wvivshfl3k4djwcpwx390c39xmr2hhrgpk5r285w"))))
9fd0838b
DT		 625 (build-system python-build-system)
626 (arguments
fed1898d 627 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 628 ((#:phases phases)
629 `(modify-phases ,phases
1fc8476d 630 (replace 'install-documentation
f26d6e4e
LF		 631 (lambda* (#:key outputs #:allow-other-keys)
632 (let* ((out (assoc-ref outputs "out"))
633 (man1 (string-append out "/share/man/man1"))
634 (man7 (string-append out "/share/man/man7"))
635 (info (string-append out "/info")))
1fc8476d
MB		 636 (install-file "docs/_build/texinfo/Certbot.info" info)
637 (install-file "docs/_build/man/certbot.1" man1)
638 (install-file "docs/_build/man/certbot.7" man7)
639 #t))))))))
f9263d9a 640 ;; TODO: Add optional inputs for testing.
9fd0838b 641 (native-inputs
d05c14df
TGR		 642 `(("python-mock" ,python-mock)
643 ("python-pytest" ,python-pytest)
f9263d9a 644 ;; For documentation
fed1898d
LF		 645 ("python-sphinx" ,python-sphinx)
646 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
647 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
648 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 649 ("texinfo" ,texinfo)))
9fd0838b 650 (propagated-inputs
fed1898d 651 `(("python-acme" ,python-acme)
d05c14df 652 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 653 ("python-zope-interface" ,python-zope-interface)
654 ("python-pyrfc3339" ,python-pyrfc3339)
655 ("python-pyopenssl" ,python-pyopenssl)
656 ("python-configobj" ,python-configobj)
657 ("python-configargparse" ,python-configargparse)
b977d900 658 ("python-distro" ,python-distro)
fed1898d
LF		 659 ("python-zope-component" ,python-zope-component)
660 ("python-parsedatetime" ,python-parsedatetime)
661 ("python-six" ,python-six)
662 ("python-psutil" ,python-psutil)
663 ("python-requests" ,python-requests)
664 ("python-pytz" ,python-pytz)))
d8a1be63 665 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 666 (description "Certbot automatically receives and installs X.509 certificates
667to enable Transport Layer Security (TLS) on servers. It interoperates with the
668Let’s Encrypt certificate authority (CA), which issues browser-trusted
669certificates for free.")
24778368 670 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 671 (license license:asl2.0)))
672
9495cf9a
LF		 673(define-public letsencrypt
674 (package (inherit certbot)
56ab55d1
LF		 675 (name "letsencrypt")
676 (properties `((superseded . ,certbot)))))
9495cf9a 677
cc2b77df
AE		 678(define-public perl-net-ssleay
679 (package
680 (name "perl-net-ssleay")
966e4bea 681 (version "1.88")
cc2b77df
AE		 682 (source (origin
683 (method url-fetch)
c50f15d6 684 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 685 "Net-SSLeay-" version ".tar.gz"))
686 (sha256
687 (base32
966e4bea 688 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 689 (build-system perl-build-system)
690 (inputs `(("openssl" ,openssl)))
691 (arguments
1084ec08
MW		 692 `(#:phases
693 (modify-phases %standard-phases
1084ec08
MW		 694 (add-before
695 'configure 'set-ssl-prefix
696 (lambda* (#:key inputs #:allow-other-keys)
697 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
698 #t)))))
cc2b77df
AE		 699 (synopsis "Perl extension for using OpenSSL")
700 (description
701 "This module offers some high level convenience functions for accessing
702web pages on SSL servers (for symmetry, the same API is offered for accessing
703http servers, too), an sslcat() function for writing your own clients, and
704finally access to the SSL api of the SSLeay/OpenSSL package so you can write
705servers or clients for more complicated applications.")
2f3108ad 706 (license license:perl-license)
9aba9b12 707 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 708
709(define-public perl-crypt-openssl-rsa
710 (package
711 (name "perl-crypt-openssl-rsa")
a9994b27 712 (version "0.31")
4532c0c0
DM		 713 (source
714 (origin
715 (method url-fetch)
716 (uri (string-append
683b8d47 717 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 718 version
719 ".tar.gz"))
720 (sha256
721 (base32
a9994b27 722 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 723 (build-system perl-build-system)
683b8d47
TGR		 724 (native-inputs
725 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 726 (inputs
727 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
728 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
729 ("openssl" ,openssl)))
730 (arguments perl-crypt-arguments)
731 (home-page
9aba9b12 732 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 733 (synopsis
734 "RSA encoding and decoding, using the openSSL libraries")
735 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
736OpenSSL libraries).")
2f3108ad 737 (license license:perl-license)))
adff71ca
DM		 738
739(define perl-crypt-arguments
740 `(#:phases (modify-phases %standard-phases
741 (add-before 'configure 'patch-Makefile.PL
742 (lambda* (#:key inputs #:allow-other-keys)
743 (substitute* "Makefile.PL"
744 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
745 (assoc-ref inputs "openssl")
746 "/lib -lcrypto'],")))
747 #t)))))
748
749(define-public perl-crypt-openssl-bignum
750 (package
751 (name "perl-crypt-openssl-bignum")
7e8aac18 752 (version "0.09")
adff71ca
DM		 753 (source
754 (origin
755 (method url-fetch)
756 (uri (string-append
757 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
758 version
759 ".tar.gz"))
760 (sha256
761 (base32
7e8aac18 762 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 763 (build-system perl-build-system)
764 (inputs `(("openssl" ,openssl)))
765 (arguments perl-crypt-arguments)
766 (home-page
9aba9b12 767 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 768 (synopsis
769 "OpenSSL's multiprecision integer arithmetic in Perl")
770 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
771arithmetic in Perl.")
772 ;; At your option either gpl1+ or the Artistic License
2f3108ad 773 (license license:perl-license)))
cccb4d26 774
c80590f6
TGR		 775(define-public perl-crypt-openssl-guess
776 (package
777 (name "perl-crypt-openssl-guess")
778 (version "0.11")
779 (source
780 (origin
781 (method url-fetch)
782 (uri (string-append
783 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
784 version ".tar.gz"))
785 (sha256
786 (base32
787 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
788 (build-system perl-build-system)
9aba9b12 789 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 790 (synopsis "Guess the OpenSSL include path")
791 (description
792 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
793correct OpenSSL include path. It is intended for use in your
794@file{Makefile.PL}.")
795 (license license:perl-license)))
796
cccb4d26
DM		 797(define-public perl-crypt-openssl-random
798 (package
799 (name "perl-crypt-openssl-random")
fa2d19cc 800 (version "0.15")
cccb4d26
DM		 801 (source
802 (origin
803 (method url-fetch)
804 (uri (string-append
805 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
806 version
807 ".tar.gz"))
808 (sha256
fa2d19cc 809 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 810 (build-system perl-build-system)
b30c23c4
TGR		 811 (native-inputs
812 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
813 (inputs
814 `(("openssl" ,openssl)))
cccb4d26
DM		 815 (arguments perl-crypt-arguments)
816 (home-page
9aba9b12 817 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 818 (synopsis
819 "OpenSSL/LibreSSL pseudo-random number generator access")
820 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
821number generator")
2f3108ad 822 (license license:perl-license)))
0581c273
LF		 823
824(define-public acme-client
825 (package
826 (name "acme-client")
4a6b2a21 827 (version "0.1.16")
0581c273
LF		 828 (source (origin
829 (method url-fetch)
830 (uri (string-append "https://kristaps.bsd.lv/" name "/"
831 "snapshots/" name "-portable-"
832 version ".tgz"))
833 (sha256
834 (base32
4a6b2a21 835 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 836 (build-system gnu-build-system)
837 (arguments
838 '(#:tests? #f ; no test suite
839 #:make-flags
840 (list "CC=gcc"
841 (string-append "PREFIX=" (assoc-ref %outputs "out")))
842 #:phases
843 (modify-phases %standard-phases
7c1a7bf4
LF		 844 (add-after 'unpack 'patch-paths
845 (lambda* (#:key inputs #:allow-other-keys)
846 (let ((pem (string-append (assoc-ref inputs "libressl")
847 "/etc/ssl/cert.pem")))
848 (substitute* "http.c"
849 (("/etc/ssl/cert.pem") pem))
850 #t)))
0581c273 851 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 852 (native-inputs
853 `(("pkg-config" ,pkg-config)))
0581c273
LF		 854 (inputs
855 `(("libbsd" ,libbsd)
856 ("libressl" ,libressl)))
857 (synopsis "Let's Encrypt client by the OpenBSD project")
858 (description "acme-client is a Let's Encrypt client implemented in C. It
859uses a modular design, and attempts to secure itself by dropping privileges and
860operating in a chroot where possible. acme-client is developed on OpenBSD and
861then ported to the GNU / Linux environment.")
862 (home-page "https://kristaps.bsd.lv/acme-client/")
863 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
864 ;; and 'jsmn.c' are distributed under the Expat license.
865 (license (list license:isc license:expat))))
88522738 866
867;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
868;; variant exists in addition to the "-apache" one.
869(define-public mbedtls-apache
870 (package
871 (name "mbedtls-apache")
1b01c103 872 (version "2.16.5")
88522738 873 (source
874 (origin
875 (method url-fetch)
876 ;; XXX: The download links on the website are script redirection links
877 ;; which effectively lead to the format listed in the uri here.
878 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
879 version "-apache.tgz"))
880 (sha256
881 (base32
1b01c103 882 "0kdhwy241xsk4isbadqx6z80m8sf76da5sbmqv8qy11yr37cdd35"))))
88522738 883 (build-system cmake-build-system)
a64d9d56
RW		 884 (arguments
885 `(#:configure-flags
92ebd8ed
MB		 886 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
887 "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")))
88522738 888 (native-inputs
38a9bf80
TGR		 889 `(("perl" ,perl)
890 ("python" ,python)))
88522738 891 (synopsis "Small TLS library")
892 (description
893 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
894for developers to include cryptographic and SSL/TLS capabilities in their
895(embedded) products, facilitating this functionality with a minimal
896coding footprint.")
897 (home-page "https://tls.mbed.org")
898 (license license:asl2.0)))
587d1752 899
8e87aa04
TGR		 900;; The Hiawatha Web server requires some specific features to be enabled.
901(define-public mbedtls-for-hiawatha
902 (hidden-package
903 (package
904 (inherit mbedtls-apache)
905 (arguments
906 (substitute-keyword-arguments
907 `(#:phases
908 (modify-phases %standard-phases
909 (add-after 'configure 'configure-extra-features
910 (lambda _
911 (for-each (lambda (feature)
912 (invoke "scripts/config.pl" "set" feature))
913 (list "MBEDTLS_THREADING_C"
914 "MBEDTLS_THREADING_PTHREAD"))
915 #t)))
916 ,@(package-arguments mbedtls-apache)))))))
917
e8b3a158
CL		 918(define-public dehydrated
919 (package
920 (name "dehydrated")
2359e235 921 (version "0.6.5")
e8b3a158 922 (source (origin
2850d877 923 (method url-fetch)
e8b3a158 924 (uri (string-append
bb5ab9bf 925 "https://github.com/dehydrated-io/dehydrated/releases/download/"
2850d877 926 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 927 (sha256
928 (base32
2359e235 929 "0dgskgbdd95p13jx6s13p77y15wngb5cm6p4305cf2s54w0bvahh"))))
e8b3a158
CL		 930 (build-system trivial-build-system)
931 (arguments
c150d637
TGR		 932 `(#:modules ((guix build utils)
933 (srfi srfi-26))
e8b3a158
CL		 934 #:builder
935 (begin
c150d637
TGR		 936 (use-modules (guix build utils)
937 (srfi srfi-26))
e8b3a158 938 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 939 (tar (assoc-ref %build-inputs "tar"))
940 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 941 (out (assoc-ref %outputs "out"))
942 (bin (string-append out "/bin"))
c150d637
TGR		 943 (doc (string-append out "/share/doc/" ,name "-" ,version))
944 (man (string-append out "/share/man"))
e8b3a158 945 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 946
947 (setenv "PATH" (string-append gz "/bin"))
948 (invoke (string-append tar "/bin/tar") "xvf" source)
949 (chdir (string-append ,name "-" ,version))
950
c150d637
TGR		 951 (copy-recursively "docs" doc)
952 (install-file "LICENSE" doc)
953
954 (mkdir-p man)
955 (rename-file (string-append doc "/man")
956 (string-append man "/man1"))
957 (for-each (cut invoke "gzip" "-9" <>)
958 (find-files man ".*"))
959
2850d877 960 (install-file "dehydrated" bin)
e8b3a158 961 (with-directory-excursion bin
e8b3a158
CL		 962 (patch-shebang "dehydrated" (list bash))
963
c150d637 964 ;; Do not try to write to the store.
e8b3a158
CL		 965 (substitute* "dehydrated"
966 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
967
968 (setenv "PATH" bash)
969 (wrap-program "dehydrated"
970 `("PATH" ":" prefix
971 ,(map (lambda (dir)
972 (string-append dir "/bin"))
973 (map (lambda (input)
974 (assoc-ref %build-inputs input))
975 '("coreutils"
976 "curl"
977 "diffutils"
978 "gawk"
979 "grep"
980 "openssl"
981 "sed"))))))
982 #t))))
983 (inputs
984 `(("bash" ,bash)
985 ("coreutils" ,coreutils)
986 ("curl" ,curl)
987 ("diffutils" ,diffutils)
988 ("gawk" ,gawk)
989 ("grep" ,grep)
990 ("openssl" ,openssl)
991 ("sed" ,sed)))
2850d877
EF		 992 (native-inputs
993 `(("gzip" ,gzip)
994 ("tar" ,tar)))
e8b3a158
CL		 995 (home-page "https://dehydrated.io/")
996 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
997 (description "Dehydrated is a client for signing certificates with an
998ACME-server (currently only provided by Let's Encrypt) implemented as a
999relatively simple Bash script.")
1000 (license license:expat)))
ea22aa1f
LF		 1001
1002(define-public go-github-com-certifi-gocertifi
a9546f8b
LF		 1003 (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec")
1004 (revision "1"))
ea22aa1f
LF		 1005 (package
1006 (name "go-github-com-certifi-gocertifi")
1007 (version (git-version "2018.01.18" revision commit))
1008 (source (origin
1009 (method git-fetch)
1010 (uri (git-reference
1011 (url "https://github.com/certifi/gocertifi")
1012 (commit commit)))
1013 (file-name (git-file-name name version))
1014 (sha256
1015 (base32
a9546f8b 1016 "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj"))))
ea22aa1f
LF		 1017 (build-system go-build-system)
1018 (arguments
1019 '(#:import-path "github.com/certifi/gocertifi"))
1020 (synopsis "X.509 TLS root certificate bundle for Go")
1021 (description "This package is a Go language X.509 TLS root certificate bundle,
1022derived from Mozilla's collection.")
1023 (home-page "https://certifi.io")
1024 (license license:mpl2.0))))
jackhill's copy of GNU Guix: https://guix.gnu.org/