HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: cvs-fast-export: Update to 1.56.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
ac83dc82 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
74e2c0e0 3;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2021 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ad67d208 7;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>
db388401 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
3c986a7d 9;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e8df8800 12;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
db201657 13;;; Copyright © 2017–2019, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
bdcdd550 16;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
a9bcc647 17;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
7543f865 18;;;
233e7676 19;;; This file is part of GNU Guix.
7543f865 20;;;
233e7676 21;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 22;;; under the terms of the GNU General Public License as published by
23;;; the Free Software Foundation; either version 3 of the License, or (at
24;;; your option) any later version.
25;;;
233e7676 26;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 27;;; WITHOUT ANY WARRANTY; without even the implied warranty of
28;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29;;; GNU General Public License for more details.
30;;;
31;;; You should have received a copy of the GNU General Public License
233e7676 32;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 33
a7fd7b68 34(define-module (gnu packages tls)
e9aa8d0c 35 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 36 #:use-module (guix packages)
37 #:use-module (guix download)
ea22aa1f 38 #:use-module (guix git-download)
29a7c98a 39 #:use-module (guix utils)
7543f865 40 #:use-module (guix build-system gnu)
ea22aa1f 41 #:use-module (guix build-system go)
cc2b77df 42 #:use-module (guix build-system perl)
7890e3ba 43 #:use-module (guix build-system python)
88522738 44 #:use-module (guix build-system cmake)
e8b3a158 45 #:use-module (guix build-system trivial)
f61e0e79 46 #:use-module (gnu packages compression)
013ce67b 47 #:use-module (gnu packages)
e8b3a158 48 #:use-module (gnu packages bash)
ac257f12 49 #:use-module (gnu packages check)
e8b3a158 50 #:use-module (gnu packages curl)
5b9aa107 51 #:use-module (gnu packages dns)
e8b3a158 52 #:use-module (gnu packages gawk)
1ffa7090 53 #:use-module (gnu packages guile)
a9bcc647 54 #:use-module (gnu packages hurd)
0581c273 55 #:use-module (gnu packages libbsd)
27e86bed 56 #:use-module (gnu packages libffi)
866f469e 57 #:use-module (gnu packages libidn)
5d4c90ae 58 #:use-module (gnu packages linux)
7890e3ba 59 #:use-module (gnu packages ncurses)
27e86bed 60 #:use-module (gnu packages nettle)
1ffa7090 61 #:use-module (gnu packages perl)
27e86bed 62 #:use-module (gnu packages pkg-config)
7890e3ba 63 #:use-module (gnu packages python)
cc6f4912 64 #:use-module (gnu packages python-crypto)
1b2f753d 65 #:use-module (gnu packages python-web)
44d10b1f 66 #:use-module (gnu packages python-xyz)
9d0c291e 67 #:use-module (gnu packages sphinx)
a31f4d35 68 #:use-module (gnu packages texinfo)
33dc54b0 69 #:use-module (gnu packages time)
079f013b
LC		 70 #:use-module (gnu packages base)
71 #:use-module (srfi srfi-1))
7543f865
LC		 72
73(define-public libtasn1
74 (package
75 (name "libtasn1")
3a22f04a 76 (version "4.16.0")
7543f865
LC		 77 (source
78 (origin
79 (method url-fetch)
80 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
81 version ".tar.gz"))
82 (sha256
83 (base32
3a22f04a 84 "179jskl7dmfp1rd2khkzmlibzgki4wi6hvmmwfv7q49r728b03qf"))))
7543f865 85 (build-system gnu-build-system)
d9f84612
MB		 86 (arguments
87 `(#:configure-flags '("--disable-static")))
3ea110b7 88 (native-inputs `(("perl" ,perl)))
6fd52309 89 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 90 (synopsis "ASN.1 library")
7543f865 91 (description
79c311b8
LC		 92 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
93for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 94networking, allowing for formal validation of data according to some
95specifications.")
e9aa8d0c 96 (license license:lgpl2.0+)))
7543f865 97
375cef6c
HG		 98(define-public asn1c
99 (package
100 (name "asn1c")
ff7da7e0 101 (version "0.9.28")
375cef6c
HG		 102 (source (origin
103 (method url-fetch)
104 (uri (string-append "https://lionet.info/soft/asn1c-"
105 version ".tar.gz"))
106 (sha256
107 (base32
ff7da7e0 108 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 109 (build-system gnu-build-system)
110 (native-inputs
111 `(("perl" ,perl)))
112 (home-page "https://lionet.info/asn1c")
113 (synopsis "ASN.1 to C compiler")
114 (description "The ASN.1 to C compiler takes ASN.1 module
115files and generates C++ compatible C source code. That code can be
116used to serialize the native C structures into compact and unambiguous
117BER/XER/PER-based data files, and deserialize the files back.
118
119Various ASN.1 based formats are widely used in the industry, such as to encode
120the X.509 certificates employed in the HTTPS handshake, to exchange control
121data between mobile phones and cellular networks, to car-to-car communication
122in intelligent transportation networks.")
123 (license license:bsd-2)))
124
27e86bed
AE		 125(define-public p11-kit
126 (package
127 (name "p11-kit")
c84c0dbc 128 (version "0.23.22")
27e86bed
AE		 129 (source
130 (origin
131 (method url-fetch)
e6ad9bda 132 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
eae94df6 133 "download/" version "/p11-kit-" version ".tar.xz"))
27e86bed 134 (sha256
9ed46007 135 (base32 "1dn6br4v033d3gp2max9lsr3y4q0nj6iyr1yq3kzi8ym7lal13wa"))))
27e86bed
AE		 136 (build-system gnu-build-system)
137 (native-inputs
138 `(("pkg-config" ,pkg-config)))
139 (inputs
140 `(("libffi" ,libffi)
141 ("libtasn1" ,libtasn1)))
142 (arguments
d5c472a2
MB		 143 `(#:configure-flags '("--without-trust-paths")
144 #:phases (modify-phases %standard-phases
145 (add-before 'check 'prepare-tests
146 (lambda _
147 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
148 ;; and looks for .cache and other directories (only).
149 ;; For simplicity just drop it since it is irrelevant
150 ;; in the build container.
151 (substitute* "Makefile"
152 (("test-runtime\\$\\(EXEEXT\\)") ""))
153 #t)))))
4631e6c9 154 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 155 (synopsis "PKCS#11 library")
156 (description
157 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
158provides a standard configuration setup for installing PKCS#11 modules
159in such a way that they are discoverable. It also solves problems with
160coordinating the use of PKCS#11 by different components or libraries
161living in the same process.")
e9aa8d0c 162 (license license:bsd-3)))
27e86bed 163
7543f865
LC		 164(define-public gnutls
165 (package
166 (name "gnutls")
51a365c1 167 (version "3.6.15")
74e2c0e0 168 (replacement gnutls/fixed)
d7d408d5 169 (source (origin
51a365c1 170 (method url-fetch)
d7d408d5
LC		 171 ;; Note: Releases are no longer on ftp.gnu.org since the
172 ;; schism (after version 3.1.5).
51a365c1
LC		 173 (uri (string-append "mirror://gnupg/gnutls/v"
174 (version-major+minor version)
175 "/gnutls-" version ".tar.xz"))
176 (patches (search-patches "gnutls-skip-trust-store-test.patch"
177 "gnutls-cross.patch"))
178 (sha256
179 (base32
180 "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
7543f865 181 (build-system gnu-build-system)
b94ae0b8 182 (arguments
525a351e
MO		 183 `(#:tests? ,(not (or (%current-target-system)
184 (hurd-target?)))
9015ed66 185 ;; Ensure we don't keep a reference to net-tools.
9ee8b41f 186 #:disallowed-references ,(if (hurd-target?) '() (list net-tools))
76b21274 187 #:configure-flags
a0700787 188 (list
aa7c7f21
MW		 189 ;; GnuTLS doesn't consult any environment variables to specify
190 ;; the location of the system-wide trust store. Instead it has a
191 ;; configure-time option. Unless specified, its configure script
192 ;; attempts to auto-detect the location by looking for common
8f65585b 193 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 194 ;; chroot build environment. If not found, then no default trust
195 ;; store is used, so each program has to provide its own
196 ;; fallback, and users have to configure each program
197 ;; independently. This seems suboptimal.
866f469e
MW		 198 "--with-default-trust-store-dir=/etc/ssl/certs"
199
7892edc2
MB		 200 ;; Tell the build system that we want Guile bindings installed to
201 ;; the output instead of Guiles own module directory.
202 (string-append "--with-guile-site-dir="
203 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
204 (string-append "--with-guile-site-ccache-dir="
205 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
206 (string-append "--with-guile-extension-dir="
207 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
208
866f469e
MW		 209 ;; FIXME: Temporarily disable p11-kit support since it is not
210 ;; working on mips64el.
606c6380
LC		 211 "--without-p11-kit")
212
213 #:phases (modify-phases %standard-phases
214 (add-after
215 'install 'move-doc
216 (lambda* (#:key outputs #:allow-other-keys)
217 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
218 (let* ((out (assoc-ref outputs "out"))
219 (doc (assoc-ref outputs "doc"))
9cdce047 220 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 221 (oldman (string-append out "/share/man/man3")))
222 (mkdir-p mandir)
223 (copy-recursively oldman mandir)
224 (delete-file-recursively oldman)
225 #t))))))
226 (outputs '("out" ;4.4 MiB
227 "debug"
228 "doc")) ;4.1 MiB of man pages
a1db0975 229 (native-inputs
51a365c1
LC		 230 `(,@(if (%current-target-system) ;for cross-build
231 `(("guile" ,guile-3.0)) ;to create .go files
232 '())
233 ,@(if (hurd-target?)
234 '()
a9bcc647 235 `(("net-tools" ,net-tools)))
5d4c90ae 236 ("pkg-config" ,pkg-config)
ac83dc82 237 ("which" ,which)
2d49f175
JN		 238 ,@(if (hurd-target?) '()
239 `(("datefudge" ,datefudge))) ;tests rely on 'datefudge'
971c8bb0 240 ("util-linux" ,util-linux))) ;one test needs 'setsid'
7543f865 241 (inputs
67a3c8ed 242 `(("guile" ,guile-3.0)))
7543f865 243 (propagated-inputs
d2fcfd3d 244 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 245 `(("libtasn1" ,libtasn1)
55e61c4d 246 ("libidn2" ,libidn2)
866f469e 247 ("nettle" ,nettle)
f61e0e79 248 ("zlib" ,zlib)))
c19700c3 249 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 250 (synopsis "Transport layer security library")
7543f865 251 (description
a22dc0c4 252 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 253and DTLS protocols. It is provided in the form of a C library to support the
b30407b8 254protocols, as well as to parse and write X.509, PKCS #12, OpenPGP and other
a22dc0c4 255required structures.")
63e8bb12
LC		 256 (license license:lgpl2.1+)
257 (properties '((ftp-server . "ftp.gnutls.org")
258 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 259
74e2c0e0
MW		 260(define gnutls/fixed
261 (package
262 (inherit gnutls)
263 (source (origin
264 (inherit (package-source gnutls))
265 (patches (append (search-patches "gnutls-CVE-2021-20231.patch"
266 "gnutls-CVE-2021-20232.patch")
267 (origin-patches (package-source gnutls))))))))
268
a270af31
LF		 269(define-public gnutls/guile-2.0
270 ;; GnuTLS for Guile 2.0.
271 (package/inherit gnutls
a0700787
LC		 272 (name "guile2.0-gnutls")
273 (inputs `(("guile" ,guile-2.0)
58ea4d40 274 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 275
5b9aa107 276(define-public gnutls/dane
277 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
278 ;; Authentication of Named Entities. This is required for GNS functionality
279 ;; by GNUnet and gnURL. This is done in an extra package definition
280 ;; to have the choice between GnuTLS with Dane and without Dane.
51a365c1 281 (package/inherit gnutls
5b9aa107 282 (name "gnutls-dane")
283 (inputs `(("unbound" ,unbound)
284 ,@(package-inputs gnutls)))))
285
67a3c8ed 286(define-public guile2.2-gnutls
74e2c0e0 287 (package/inherit gnutls
67a3c8ed
MB		 288 (name "guile2.2-gnutls")
289 (inputs `(("guile" ,guile-2.2)
d630d781 290 ,@(alist-delete "guile"
5f9f034e 291 (package-inputs gnutls))))))
d630d781 292
4e6c9f56
LC		 293(define-public guile3.0-gnutls
294 (deprecated-package "guile3.0-gnutls" gnutls))
67a3c8ed 295
cc2b77df
AE		 296(define-public openssl
297 (package
298 (name "openssl")
b082ea94 299 (replacement openssl/fixed)
6d9b23cb 300 (version "1.1.1i")
cc2b77df 301 (source (origin
4cff124b 302 (method url-fetch)
bdf0b6fc
MB		 303 (uri (list (string-append "https://www.openssl.org/source/openssl-"
304 version ".tar.gz")
305 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 306 "openssl-" version ".tar.gz")
4cff124b
LC		 307 (string-append "ftp://ftp.openssl.org/source/old/"
308 (string-trim-right version char-set:letter)
c7f5c3ea 309 "/openssl-" version ".tar.gz")))
c4868e38 310 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
4cff124b
LC		 311 (sha256
312 (base32
6d9b23cb 313 "0hjj1phcwkz69lx1lrvr9grhpl4y529mwqycqc1hdla1zqsnmgp8"))))
cc2b77df 314 (build-system gnu-build-system)
8c78aeb7 315 (outputs '("out"
e74f153a
MB		 316 "doc" ;6.8 MiB of man3 pages and full HTML documentation
317 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 318 (native-inputs `(("perl" ,perl)))
319 (arguments
88b52527 320 `(#:parallel-tests? #f
cc2b77df 321 #:test-target "test"
8c9ec203
LF		 322
323 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
324 ;; so we explicitly disallow it here.
325 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 326 #:phases
b6cb1358 327 (modify-phases %standard-phases
d4dbcb81
EF		 328 ,@(if (%current-target-system)
329 '((add-before
330 'configure 'set-cross-compile
331 (lambda* (#:key target outputs #:allow-other-keys)
332 (setenv "CROSS_COMPILE" (string-append target "-"))
333 (setenv "CONFIGURE_TARGET_ARCH"
334 (cond
335 ((string-prefix? "i586" target)
336 "hurd-x86")
337 ((string-prefix? "i686" target)
338 "linux-x86")
339 ((string-prefix? "x86_64" target)
340 "linux-x86_64")
341 ((string-prefix? "mips64el" target)
342 "linux-mips64")
343 ((string-prefix? "arm" target)
344 "linux-armv4")
345 ((string-prefix? "aarch64" target)
c8535c25
EF		 346 "linux-aarch64")
347 ((string-prefix? "powerpc64le" target)
348 "linux-ppc64le")
349 ((string-prefix? "powerpc64" target)
350 "linux-ppc64")
351 ((string-prefix? "powerpc" target)
352 "linux-ppc")))
d4dbcb81
EF		 353 #t)))
354 '())
e74f153a
MB		 355 (replace 'configure
356 (lambda* (#:key outputs #:allow-other-keys)
357 (let* ((out (assoc-ref outputs "out"))
358 (lib (string-append out "/lib")))
359 ;; It's not a shebang so patch-source-shebangs misses it.
360 (substitute* "config"
361 (("/usr/bin/env")
362 (string-append (assoc-ref %build-inputs "coreutils")
363 "/bin/env")))
bdcdd550 364 (invoke ,@(if (%current-target-system)
d4dbcb81
EF		 365 '("./Configure")
366 '("./config"))
e74f153a
MB		 367 "shared" ;build shared libraries
368 "--libdir=lib"
4fb254a3 369
e74f153a
MB		 370 ;; The default for this catch-all directory is
371 ;; PREFIX/ssl. Change that to something more
372 ;; conventional.
373 (string-append "--openssldir=" out
b082ea94
LF		 374 "/share/openssl-"
375 ,(package-version this-package))
4fb254a3 376
e74f153a 377 (string-append "--prefix=" out)
bdcdd550 378 (string-append "-Wl,-rpath," lib)
d4dbcb81
EF		 379 ,@(if (%current-target-system)
380 '((getenv "CONFIGURE_TARGET_ARCH"))
381 '())))))
8c78aeb7
LC		 382 (add-after 'install 'move-static-libraries
383 (lambda* (#:key outputs #:allow-other-keys)
384 ;; Move static libraries to the "static" output.
385 (let* ((out (assoc-ref outputs "out"))
386 (lib (string-append out "/lib"))
387 (static (assoc-ref outputs "static"))
388 (slib (string-append static "/lib")))
8c78aeb7
LC		 389 (for-each (lambda (file)
390 (install-file file slib)
391 (delete-file file))
392 (find-files lib "\\.a$"))
393 #t)))
e74f153a 394 (add-after 'install 'move-extra-documentation
a909b576 395 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 396 ;; Move man3 pages and full HTML documentation to "doc".
397 (let* ((out (assoc-ref outputs "out"))
398 (man3 (string-append out "/share/man/man3"))
399 (html (string-append out "/share/doc/openssl"))
400 (doc (assoc-ref outputs "doc"))
401 (man-target (string-append doc "/share/man/man3"))
402 (html-target (string-append doc "/share/doc/openssl")))
403 (copy-recursively man3 man-target)
404 (delete-file-recursively man3)
405 (copy-recursively html html-target)
406 (delete-file-recursively html)
407 #t)))
784d6e91
LC		 408 (add-after
409 'install 'remove-miscellany
410 (lambda* (#:key outputs #:allow-other-keys)
411 ;; The 'misc' directory contains random undocumented shell and Perl
412 ;; scripts. Remove them to avoid retaining a reference on Perl.
413 (let ((out (assoc-ref outputs "out")))
414 (delete-file-recursively (string-append out "/share/openssl-"
b082ea94
LF		 415 ,(package-version this-package)
416 "/misc"))
784d6e91 417 #t))))))
cc2b77df 418 (native-search-paths
cc2b77df
AE		 419 (list (search-path-specification
420 (variable "SSL_CERT_DIR")
5d7a47cc 421 (separator #f) ;single entry
cc2b77df
AE		 422 (files '("etc/ssl/certs")))
423 (search-path-specification
424 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 425 (file-type 'regular)
426 (separator #f) ;single entry
cc2b77df
AE		 427 (files '("etc/ssl/certs/ca-certificates.crt")))))
428 (synopsis "SSL/TLS implementation")
429 (description
e881752c 430 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 431 (license license:openssl)
4631e6c9 432 (home-page "https://www.openssl.org/")))
cc2b77df 433
4a8b529c
LLB		 434(define-public openssl/fixed
435 (package
436 (inherit openssl)
10cbf042 437 (version "1.1.1k")
4a8b529c
LLB		 438 (source (origin
439 (method url-fetch)
440 (uri (list (string-append "https://www.openssl.org/source/openssl-"
441 version ".tar.gz")
442 (string-append "ftp://ftp.openssl.org/source/"
443 "openssl-" version ".tar.gz")
444 (string-append "ftp://ftp.openssl.org/source/old/"
445 (string-trim-right version char-set:letter)
446 "/openssl-" version ".tar.gz")))
447 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
448 (sha256
449 (base32
10cbf042 450 "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9"))))))
4a8b529c 451
e74f153a 452(define-public openssl-1.0
763899f0
LF		 453 (package
454 (inherit openssl)
455 (name "openssl")
b0b79542 456 (version "1.0.2u")
763899f0 457 (source (origin
e74f153a
MB		 458 (method url-fetch)
459 (uri (list (string-append "https://www.openssl.org/source/openssl-"
460 version ".tar.gz")
461 (string-append "ftp://ftp.openssl.org/source/"
462 "openssl-" version ".tar.gz")
463 (string-append "ftp://ftp.openssl.org/source/old/"
464 (string-trim-right version char-set:letter)
465 "/openssl-" version ".tar.gz")))
763899f0
LF		 466 (sha256
467 (base32
b0b79542 468 "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
e74f153a
MB		 469 (patches (search-patches "openssl-runpath.patch"
470 "openssl-c-rehash-in.patch"))))
763899f0 471 (outputs '("out"
e74f153a
MB		 472 "doc" ;1.5MiB of man3 pages
473 "static")) ;6MiB of .a files
763899f0
LF		 474 (arguments
475 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 476 ;; Parallel build is not supported in 1.0.x.
477 ((#:parallel-build? _ #f) #f)
763899f0
LF		 478 ((#:phases phases)
479 `(modify-phases ,phases
e74f153a
MB		 480 (add-before 'patch-source-shebangs 'patch-tests
481 (lambda* (#:key inputs native-inputs #:allow-other-keys)
482 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
483 (substitute* (find-files "test" ".*")
484 (("/bin/sh")
485 (string-append bash "/bin/sh"))
486 (("/bin/rm")
487 "rm"))
488 #t)))
489 (add-before 'configure 'patch-Makefile.org
763899f0 490 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 491 ;; The default MANDIR is some unusual place. Fix that.
492 (let ((out (assoc-ref outputs "out")))
493 (patch-makefile-SHELL "Makefile.org")
494 (substitute* "Makefile.org"
495 (("^MANDIR[[:blank:]]*=.*$")
496 (string-append "MANDIR = " out "/share/man\n")))
497 #t)))
bdcdd550
MO		 498 (replace 'configure
499 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
500 (lambda* (#:key outputs #:allow-other-keys)
501 (let ((out (assoc-ref outputs "out")))
502 (invoke ,@(if (%current-target-system)
503 '("./Configure")
504 '("./config"))
505 "shared" ;build shared libraries
506 "--libdir=lib"
fc184fe2 507
bdcdd550
MO		 508 ;; The default for this catch-all directory is
509 ;; PREFIX/ssl. Change that to something more
510 ;; conventional.
511 (string-append "--openssldir=" out
512 "/share/openssl-" ,version)
fc184fe2 513
bdcdd550
MO		 514 (string-append "--prefix=" out)
515 ,@(if (%current-target-system)
516 '((getenv "CONFIGURE_TARGET_ARCH"))
517 '())))))
e74f153a
MB		 518 (delete 'move-extra-documentation)
519 (add-after 'install 'move-man3-pages
520 (lambda* (#:key outputs #:allow-other-keys)
521 ;; Move section 3 man pages to "doc".
522 (let* ((out (assoc-ref outputs "out"))
523 (man3 (string-append out "/share/man/man3"))
524 (doc (assoc-ref outputs "doc"))
525 (target (string-append doc "/share/man/man3")))
526 (mkdir-p target)
527 (for-each (lambda (file)
528 (rename-file file
529 (string-append target "/"
530 (basename file))))
531 (find-files man3))
532 (delete-file-recursively man3)
533 #t)))
fc184fe2
MB		 534 ;; XXX: Duplicate this phase to make sure 'version' evaluates
535 ;; in the current scope and not the inherited one.
536 (replace 'remove-miscellany
537 (lambda* (#:key outputs #:allow-other-keys)
538 ;; The 'misc' directory contains random undocumented shell and Perl
539 ;; scripts. Remove them to avoid retaining a reference on Perl.
540 (let ((out (assoc-ref outputs "out")))
541 (delete-file-recursively (string-append out "/share/openssl-"
542 ,version "/misc"))
763899f0
LF		 543 #t)))))))))
544
cb6a802c
AE		 545(define-public libressl
546 (package
547 (name "libressl")
db201657 548 (version "3.1.5")
644e5f17
TGR		 549 (source (origin
550 (method url-fetch)
551 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 552 "libressl-" version ".tar.gz"))
644e5f17
TGR		 553 (sha256
554 (base32
db201657 555 "1504a1sf43frw43j14pij0q1f48rm5q86ggrlxxhw708qp7ds4rc"))))
cb6a802c 556 (build-system gnu-build-system)
a2d64899 557 (arguments
db201657
TGR		 558 ;; Do as if 'getentropy' were missing: Linux kernels before 3.17 lack its
559 ;; underlying 'getrandom' system call and ENOSYS isn't properly handled.
a2d64899 560 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 561 '(#:configure-flags '("ac_cv_func_getentropy=no"
562 ;; Provide a TLS-enabled netcat.
563 "--enable-nc")))
cb6a802c 564 (native-search-paths
cb6a802c
AE		 565 (list (search-path-specification
566 (variable "SSL_CERT_DIR")
04cfe91e 567 (separator #f) ;single entry
cb6a802c
AE		 568 (files '("etc/ssl/certs")))
569 (search-path-specification
570 (variable "SSL_CERT_FILE")
04cfe91e 571 (separator #f) ;single entry
cb6a802c 572 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 573 (home-page "https://www.libressl.org/")
cb6a802c 574 (synopsis "SSL/TLS implementation")
df08f385
LF		 575 (description "LibreSSL is a version of the TLS/crypto stack, forked from
576OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
577and applying best practice development processes. This package also includes a
578netcat implementation that supports TLS.")
cb6a802c
AE		 579 ;; Files taken from OpenSSL keep their license, others are under various
580 ;; non-copyleft licenses.
581 (license (list license:openssl
582 (license:non-copyleft
583 "file://COPYING"
584 "See COPYING in the distribution.")))))
585
6cefd53d 586(define-public python-acme
7890e3ba 587 (package
6cefd53d 588 (name "python-acme")
686d4259 589 ;; Remember to update the hash of certbot when updating python-acme.
587510d7 590 (version "1.14.0")
7890e3ba 591 (source (origin
9495cf9a 592 (method url-fetch)
f349d36e 593 (uri (pypi-uri "acme" version))
881006b6
MB		 594 (sha256
595 (base32
587510d7 596 "0d8wzac7qnsq1kzb67f2a8wi30i4r327y6jmraxqqqj30gxwrnk1"))))
7890e3ba
LF		 597 (build-system python-build-system)
598 (arguments
6cefd53d 599 `(#:phases
9bee9d87 600 (modify-phases %standard-phases
1fc8476d
MB		 601 (add-after 'build 'build-documentation
602 (lambda _
d4bd2453 603 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 604 (add-after 'install 'install-documentation
50a7963a
LF		 605 (lambda* (#:key outputs #:allow-other-keys)
606 (let* ((out (assoc-ref outputs "out"))
607 (man (string-append out "/share/man/man1"))
608 (info (string-append out "/info")))
1fc8476d
MB		 609 (install-file "docs/_build/texinfo/acme-python.info" info)
610 (install-file "docs/_build/man/acme-python.1" man)
611 #t))))))
7890e3ba 612 (native-inputs
c3a75373 613 `(("python-pytest" ,python-pytest)
50a7963a
LF		 614 ;; For documentation
615 ("python-sphinx" ,python-sphinx)
616 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
617 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 618 ("texinfo" ,texinfo)))
7890e3ba 619 (propagated-inputs
92572184 620 `(("python-josepy" ,python-josepy)
6cefd53d 621 ("python-requests" ,python-requests)
b494bbe4 622 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 623 ("python-pytz" ,python-pytz)
624 ("python-pyrfc3339" ,python-pyrfc3339)
625 ("python-pyasn1" ,python-pyasn1)
626 ("python-cryptography" ,python-cryptography)
627 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 628 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 629 (synopsis "ACME protocol implementation in Python")
630 (description "ACME protocol implementation in Python")
631 (license license:asl2.0)))
632
9495cf9a 633(define-public certbot
9fd0838b 634 (package
9495cf9a 635 (name "certbot")
686d4259
LF		 636 ;; Certbot and python-acme are developed in the same repository, and their
637 ;; versions should remain synchronized.
638 (version (package-version python-acme))
9fd0838b
DT		 639 (source (origin
640 (method url-fetch)
b380463b 641 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 642 (sha256
643 (base32
587510d7 644 "1ss1d1iw7cq8xzg1apydmzv2x5s0p4n74wlpmf7a7p5qdc6ak7lm"))))
9fd0838b
DT		 645 (build-system python-build-system)
646 (arguments
fed1898d 647 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 648 ((#:phases phases)
649 `(modify-phases ,phases
1fc8476d 650 (replace 'install-documentation
f26d6e4e
LF		 651 (lambda* (#:key outputs #:allow-other-keys)
652 (let* ((out (assoc-ref outputs "out"))
653 (man1 (string-append out "/share/man/man1"))
654 (man7 (string-append out "/share/man/man7"))
655 (info (string-append out "/info")))
1fc8476d
MB		 656 (install-file "docs/_build/texinfo/Certbot.info" info)
657 (install-file "docs/_build/man/certbot.1" man1)
658 (install-file "docs/_build/man/certbot.7" man7)
659 #t))))))))
9fd0838b 660 (native-inputs
d05c14df
TGR		 661 `(("python-mock" ,python-mock)
662 ("python-pytest" ,python-pytest)
f9263d9a 663 ;; For documentation
fed1898d
LF		 664 ("python-sphinx" ,python-sphinx)
665 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
666 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
667 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 668 ("texinfo" ,texinfo)))
9fd0838b 669 (propagated-inputs
fed1898d 670 `(("python-acme" ,python-acme)
d05c14df 671 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 672 ("python-zope-interface" ,python-zope-interface)
673 ("python-pyrfc3339" ,python-pyrfc3339)
674 ("python-pyopenssl" ,python-pyopenssl)
675 ("python-configobj" ,python-configobj)
676 ("python-configargparse" ,python-configargparse)
b977d900 677 ("python-distro" ,python-distro)
fed1898d
LF		 678 ("python-zope-component" ,python-zope-component)
679 ("python-parsedatetime" ,python-parsedatetime)
fed1898d
LF		 680 ("python-psutil" ,python-psutil)
681 ("python-requests" ,python-requests)
682 ("python-pytz" ,python-pytz)))
d8a1be63 683 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 684 (description "Certbot automatically receives and installs X.509 certificates
685to enable Transport Layer Security (TLS) on servers. It interoperates with the
686Let’s Encrypt certificate authority (CA), which issues browser-trusted
687certificates for free.")
24778368 688 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 689 (license license:asl2.0)))
690
9495cf9a
LF		 691(define-public letsencrypt
692 (package (inherit certbot)
56ab55d1
LF		 693 (name "letsencrypt")
694 (properties `((superseded . ,certbot)))))
9495cf9a 695
cc2b77df
AE		 696(define-public perl-net-ssleay
697 (package
698 (name "perl-net-ssleay")
966e4bea 699 (version "1.88")
cc2b77df
AE		 700 (source (origin
701 (method url-fetch)
c50f15d6 702 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 703 "Net-SSLeay-" version ".tar.gz"))
704 (sha256
705 (base32
966e4bea 706 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 707 (build-system perl-build-system)
708 (inputs `(("openssl" ,openssl)))
709 (arguments
1084ec08
MW		 710 `(#:phases
711 (modify-phases %standard-phases
1084ec08
MW		 712 (add-before
713 'configure 'set-ssl-prefix
714 (lambda* (#:key inputs #:allow-other-keys)
715 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
716 #t)))))
cc2b77df
AE		 717 (synopsis "Perl extension for using OpenSSL")
718 (description
719 "This module offers some high level convenience functions for accessing
720web pages on SSL servers (for symmetry, the same API is offered for accessing
721http servers, too), an sslcat() function for writing your own clients, and
722finally access to the SSL api of the SSLeay/OpenSSL package so you can write
723servers or clients for more complicated applications.")
2f3108ad 724 (license license:perl-license)
9aba9b12 725 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 726
727(define-public perl-crypt-openssl-rsa
728 (package
729 (name "perl-crypt-openssl-rsa")
a9994b27 730 (version "0.31")
4532c0c0
DM		 731 (source
732 (origin
733 (method url-fetch)
734 (uri (string-append
683b8d47 735 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 736 version
737 ".tar.gz"))
738 (sha256
739 (base32
a9994b27 740 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 741 (build-system perl-build-system)
683b8d47
TGR		 742 (native-inputs
743 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 744 (inputs
745 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
746 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
747 ("openssl" ,openssl)))
748 (arguments perl-crypt-arguments)
749 (home-page
9aba9b12 750 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 751 (synopsis
752 "RSA encoding and decoding, using the openSSL libraries")
753 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
754OpenSSL libraries).")
2f3108ad 755 (license license:perl-license)))
adff71ca
DM		 756
757(define perl-crypt-arguments
758 `(#:phases (modify-phases %standard-phases
759 (add-before 'configure 'patch-Makefile.PL
760 (lambda* (#:key inputs #:allow-other-keys)
761 (substitute* "Makefile.PL"
762 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
763 (assoc-ref inputs "openssl")
764 "/lib -lcrypto'],")))
765 #t)))))
766
767(define-public perl-crypt-openssl-bignum
768 (package
769 (name "perl-crypt-openssl-bignum")
7e8aac18 770 (version "0.09")
adff71ca
DM		 771 (source
772 (origin
773 (method url-fetch)
774 (uri (string-append
775 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
776 version
777 ".tar.gz"))
778 (sha256
779 (base32
7e8aac18 780 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 781 (build-system perl-build-system)
782 (inputs `(("openssl" ,openssl)))
783 (arguments perl-crypt-arguments)
784 (home-page
9aba9b12 785 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 786 (synopsis
787 "OpenSSL's multiprecision integer arithmetic in Perl")
788 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
789arithmetic in Perl.")
790 ;; At your option either gpl1+ or the Artistic License
2f3108ad 791 (license license:perl-license)))
cccb4d26 792
c80590f6
TGR		 793(define-public perl-crypt-openssl-guess
794 (package
795 (name "perl-crypt-openssl-guess")
796 (version "0.11")
797 (source
798 (origin
799 (method url-fetch)
800 (uri (string-append
801 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
802 version ".tar.gz"))
803 (sha256
804 (base32
805 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
806 (build-system perl-build-system)
9aba9b12 807 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 808 (synopsis "Guess the OpenSSL include path")
809 (description
810 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
811correct OpenSSL include path. It is intended for use in your
812@file{Makefile.PL}.")
813 (license license:perl-license)))
814
cccb4d26
DM		 815(define-public perl-crypt-openssl-random
816 (package
817 (name "perl-crypt-openssl-random")
fa2d19cc 818 (version "0.15")
cccb4d26
DM		 819 (source
820 (origin
821 (method url-fetch)
822 (uri (string-append
823 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
824 version
825 ".tar.gz"))
826 (sha256
fa2d19cc 827 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 828 (build-system perl-build-system)
b30c23c4
TGR		 829 (native-inputs
830 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
831 (inputs
832 `(("openssl" ,openssl)))
cccb4d26
DM		 833 (arguments perl-crypt-arguments)
834 (home-page
9aba9b12 835 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 836 (synopsis
837 "OpenSSL/LibreSSL pseudo-random number generator access")
838 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
839number generator")
2f3108ad 840 (license license:perl-license)))
0581c273
LF		 841
842(define-public acme-client
843 (package
844 (name "acme-client")
4a6b2a21 845 (version "0.1.16")
0581c273
LF		 846 (source (origin
847 (method url-fetch)
848 (uri (string-append "https://kristaps.bsd.lv/" name "/"
849 "snapshots/" name "-portable-"
850 version ".tgz"))
851 (sha256
852 (base32
4a6b2a21 853 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 854 (build-system gnu-build-system)
855 (arguments
856 '(#:tests? #f ; no test suite
857 #:make-flags
858 (list "CC=gcc"
859 (string-append "PREFIX=" (assoc-ref %outputs "out")))
860 #:phases
861 (modify-phases %standard-phases
7c1a7bf4
LF		 862 (add-after 'unpack 'patch-paths
863 (lambda* (#:key inputs #:allow-other-keys)
864 (let ((pem (string-append (assoc-ref inputs "libressl")
865 "/etc/ssl/cert.pem")))
866 (substitute* "http.c"
867 (("/etc/ssl/cert.pem") pem))
868 #t)))
0581c273 869 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 870 (native-inputs
871 `(("pkg-config" ,pkg-config)))
0581c273
LF		 872 (inputs
873 `(("libbsd" ,libbsd)
874 ("libressl" ,libressl)))
875 (synopsis "Let's Encrypt client by the OpenBSD project")
876 (description "acme-client is a Let's Encrypt client implemented in C. It
877uses a modular design, and attempts to secure itself by dropping privileges and
878operating in a chroot where possible. acme-client is developed on OpenBSD and
879then ported to the GNU / Linux environment.")
880 (home-page "https://kristaps.bsd.lv/acme-client/")
881 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
882 ;; and 'jsmn.c' are distributed under the Expat license.
883 (license (list license:isc license:expat))))
88522738 884
885;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
886;; variant exists in addition to the "-apache" one.
887(define-public mbedtls-apache
888 (package
889 (name "mbedtls-apache")
5cdb25c6
TGR		 890 ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
891 ;; when updating.
927ecd4e 892 (version "2.23.0")
88522738 893 (source
894 (origin
927ecd4e
TGR		 895 (method git-fetch)
896 (uri (git-reference
897 (url "https://github.com/ARMmbed/mbedtls")
898 (commit (string-append "mbedtls-" version))))
88522738 899 (sha256
927ecd4e
TGR		 900 (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62"))
901 (file-name (git-file-name name version))))
88522738 902 (build-system cmake-build-system)
a64d9d56
RW		 903 (arguments
904 `(#:configure-flags
92ebd8ed 905 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
927ecd4e
TGR		 906 "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
907 #:phases
908 (modify-phases %standard-phases
909 (add-after 'unpack 'make-source-writable
910 (lambda _
911 (for-each make-file-writable (find-files "."))
927ecd4e 912 #t)))))
88522738 913 (native-inputs
38a9bf80
TGR		 914 `(("perl" ,perl)
915 ("python" ,python)))
88522738 916 (synopsis "Small TLS library")
917 (description
918 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
919for developers to include cryptographic and SSL/TLS capabilities in their
920(embedded) products, facilitating this functionality with a minimal
921coding footprint.")
922 (home-page "https://tls.mbed.org")
923 (license license:asl2.0)))
587d1752 924
8e87aa04
TGR		 925;; The Hiawatha Web server requires some specific features to be enabled.
926(define-public mbedtls-for-hiawatha
927 (hidden-package
928 (package
929 (inherit mbedtls-apache)
930 (arguments
5cdb25c6
TGR		 931 (substitute-keyword-arguments (package-arguments mbedtls-apache)
932 ((#:phases phases)
933 `(modify-phases ,phases
934 (add-before 'configure 'configure-extra-features
935 (lambda _
936 (for-each (lambda (feature)
937 (invoke "scripts/config.pl" "set" feature))
938 (list "MBEDTLS_THREADING_C"
939 "MBEDTLS_THREADING_PTHREAD"))
940 ;; XXX The above enables code that breaks with -Werror…
941 (substitute* "CMakeLists.txt"
942 ((" -Wformat-signedness") ""))
943 #t)))))))))
8e87aa04 944
e8b3a158
CL		 945(define-public dehydrated
946 (package
947 (name "dehydrated")
69b98261 948 (version "0.7.0")
e8b3a158 949 (source (origin
2850d877 950 (method url-fetch)
e8b3a158 951 (uri (string-append
bb5ab9bf 952 "https://github.com/dehydrated-io/dehydrated/releases/download/"
2850d877 953 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 954 (sha256
955 (base32
69b98261 956 "1yf4kldyd5y13r6qxrkcbbk74ykngq7jzy0351vb2r3ywp114pqw"))))
e8b3a158
CL		 957 (build-system trivial-build-system)
958 (arguments
c150d637
TGR		 959 `(#:modules ((guix build utils)
960 (srfi srfi-26))
e8b3a158
CL		 961 #:builder
962 (begin
c150d637
TGR		 963 (use-modules (guix build utils)
964 (srfi srfi-26))
e8b3a158 965 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 966 (tar (assoc-ref %build-inputs "tar"))
967 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 968 (out (assoc-ref %outputs "out"))
969 (bin (string-append out "/bin"))
c150d637
TGR		 970 (doc (string-append out "/share/doc/" ,name "-" ,version))
971 (man (string-append out "/share/man"))
e8b3a158 972 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 973
974 (setenv "PATH" (string-append gz "/bin"))
975 (invoke (string-append tar "/bin/tar") "xvf" source)
976 (chdir (string-append ,name "-" ,version))
977
c150d637
TGR		 978 (copy-recursively "docs" doc)
979 (install-file "LICENSE" doc)
980
981 (mkdir-p man)
982 (rename-file (string-append doc "/man")
983 (string-append man "/man1"))
984 (for-each (cut invoke "gzip" "-9" <>)
985 (find-files man ".*"))
986
2850d877 987 (install-file "dehydrated" bin)
e8b3a158 988 (with-directory-excursion bin
e8b3a158
CL		 989 (patch-shebang "dehydrated" (list bash))
990
c150d637 991 ;; Do not try to write to the store.
e8b3a158
CL		 992 (substitute* "dehydrated"
993 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
994
995 (setenv "PATH" bash)
996 (wrap-program "dehydrated"
997 `("PATH" ":" prefix
998 ,(map (lambda (dir)
999 (string-append dir "/bin"))
1000 (map (lambda (input)
1001 (assoc-ref %build-inputs input))
1002 '("coreutils"
1003 "curl"
1004 "diffutils"
1005 "gawk"
1006 "grep"
1007 "openssl"
1008 "sed"))))))
1009 #t))))
1010 (inputs
1011 `(("bash" ,bash)
1012 ("coreutils" ,coreutils)
1013 ("curl" ,curl)
1014 ("diffutils" ,diffutils)
1015 ("gawk" ,gawk)
1016 ("grep" ,grep)
1017 ("openssl" ,openssl)
1018 ("sed" ,sed)))
2850d877
EF		 1019 (native-inputs
1020 `(("gzip" ,gzip)
1021 ("tar" ,tar)))
e8b3a158
CL		 1022 (home-page "https://dehydrated.io/")
1023 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
1024 (description "Dehydrated is a client for signing certificates with an
1025ACME-server (currently only provided by Let's Encrypt) implemented as a
1026relatively simple Bash script.")
1027 (license license:expat)))
ea22aa1f
LF		 1028
1029(define-public go-github-com-certifi-gocertifi
db388401
LF		 1030 (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec")
1031 (revision "1"))
1032 (package
1033 (name "go-github-com-certifi-gocertifi")
1034 (version (git-version "2018.01.18" revision commit))
1035 (source (origin
1036 (method git-fetch)
1037 (uri (git-reference
1038 (url "https://github.com/certifi/gocertifi")
1039 (commit commit)))
1040 (file-name (git-file-name name version))
1041 (sha256
1042 (base32
1043 "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj"))))
1044 (build-system go-build-system)
1045 (arguments
1046 '(#:import-path "github.com/certifi/gocertifi"))
1047 (synopsis "X.509 TLS root certificate bundle for Go")
1048 (description "This package is a Go language X.509 TLS root certificate bundle,
ea22aa1f 1049derived from Mozilla's collection.")
db388401
LF		 1050 (home-page "https://certifi.io")
1051 (license license:mpl2.0))))
1b518888
GH		 1052
1053(define-public s2n
1054 (package
1055 (name "s2n")
1056 (version "1.0.0")
1057 (source (origin
1058 (method git-fetch)
1059 (uri (git-reference
1060 (url (string-append "https://github.com/awslabs/" name))
1061 (commit (string-append "v" version))))
1062 (file-name (git-file-name name version))
1063 (sha256
1064 (base32
1065 "1q6kmgwb8jxmc4ijzk9pkqzz8lsbfsv9hyzqvy944w7306zx1r5h"))))
1066 (build-system cmake-build-system)
1067 (arguments
1068 '(#:tests? #f ; tests fail to build for static library
1069 #:configure-flags
1070 '("-DBUILD_TESTING=OFF"
1071 "-DBUILD_SHARED_LIBS=ON")))
1072 (propagated-inputs
1073 `(("openssl" ,openssl)
1074 ("openssl:static" ,openssl "static")))
1075 (synopsis "SSL/TLS implementation")
1076 (description "This library provides a C99 implementation of SSL/TLS.")
1077 (home-page "https://github.com/awslabs/s2n")
1078 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/