HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: windowmaker: Fix invocation of 'wmsetbg'.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
caeadfdd 2;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
80cc3a0a 3;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
12433a21 7;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
3ea110b7 8;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
679b535b 9;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
7543f865 11;;;
233e7676 12;;; This file is part of GNU Guix.
7543f865 13;;;
233e7676 14;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 15;;; under the terms of the GNU General Public License as published by
16;;; the Free Software Foundation; either version 3 of the License, or (at
17;;; your option) any later version.
18;;;
233e7676 19;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 20;;; WITHOUT ANY WARRANTY; without even the implied warranty of
21;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22;;; GNU General Public License for more details.
23;;;
24;;; You should have received a copy of the GNU General Public License
233e7676 25;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 26
a7fd7b68 27(define-module (gnu packages tls)
e9aa8d0c 28 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 29 #:use-module (guix packages)
30 #:use-module (guix download)
29a7c98a 31 #:use-module (guix utils)
7543f865 32 #:use-module (guix build-system gnu)
cc2b77df 33 #:use-module (guix build-system perl)
7890e3ba 34 #:use-module (guix build-system python)
f61e0e79 35 #:use-module (gnu packages compression)
013ce67b 36 #:use-module (gnu packages)
1ffa7090 37 #:use-module (gnu packages guile)
0581c273 38 #:use-module (gnu packages libbsd)
27e86bed 39 #:use-module (gnu packages libffi)
866f469e 40 #:use-module (gnu packages libidn)
5d4c90ae 41 #:use-module (gnu packages linux)
7890e3ba 42 #:use-module (gnu packages ncurses)
27e86bed 43 #:use-module (gnu packages nettle)
1ffa7090 44 #:use-module (gnu packages perl)
27e86bed 45 #:use-module (gnu packages pkg-config)
7890e3ba 46 #:use-module (gnu packages python)
a31f4d35 47 #:use-module (gnu packages texinfo)
ce0614dd 48 #:use-module (gnu packages base))
7543f865
LC		 49
50(define-public libtasn1
51 (package
52 (name "libtasn1")
12433a21 53 (version "4.9")
7543f865
LC		 54 (source
55 (origin
56 (method url-fetch)
57 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
58 version ".tar.gz"))
59 (sha256
60 (base32
12433a21 61 "0869cp6jx7cajgv6cnddsh3vc7bimmdkdjn80y1jpb4iss7plvsg"))))
7543f865 62 (build-system gnu-build-system)
3ea110b7 63 (native-inputs `(("perl" ,perl)))
7543f865 64 (home-page "http://www.gnu.org/software/libtasn1/")
f50d2669 65 (synopsis "ASN.1 library")
7543f865 66 (description
79c311b8
LC		 67 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
68for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 69networking, allowing for formal validation of data according to some
70specifications.")
e9aa8d0c 71 (license license:lgpl2.0+)))
7543f865 72
375cef6c
HG		 73(define-public asn1c
74 (package
75 (name "asn1c")
76 (version "0.9.27")
77 (source (origin
78 (method url-fetch)
79 (uri (string-append "https://lionet.info/soft/asn1c-"
80 version ".tar.gz"))
81 (sha256
82 (base32
83 "17nvn2kzvlryasr9dzqg6gs27b9lvqpval0k31pb64bjqbhn8pq2"))))
84 (build-system gnu-build-system)
85 (native-inputs
86 `(("perl" ,perl)))
87 (home-page "https://lionet.info/asn1c")
88 (synopsis "ASN.1 to C compiler")
89 (description "The ASN.1 to C compiler takes ASN.1 module
90files and generates C++ compatible C source code. That code can be
91used to serialize the native C structures into compact and unambiguous
92BER/XER/PER-based data files, and deserialize the files back.
93
94Various ASN.1 based formats are widely used in the industry, such as to encode
95the X.509 certificates employed in the HTTPS handshake, to exchange control
96data between mobile phones and cellular networks, to car-to-car communication
97in intelligent transportation networks.")
98 (license license:bsd-2)))
99
27e86bed
AE		 100(define-public p11-kit
101 (package
102 (name "p11-kit")
2b11b9ab 103 (version "0.23.2")
27e86bed
AE		 104 (source
105 (origin
106 (method url-fetch)
5cc3096c 107 (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-"
27e86bed
AE		 108 version ".tar.gz"))
109 (sha256
110 (base32
2b11b9ab 111 "1w7szm190phlkg7qx05ychlj2dbvkgkhx9gw6dx4d5rw62l6wwms"))
27e86bed
AE		 112 (modules '((guix build utils))) ; for substitute*
113 (snippet
114 '(begin
115 ;; Drop one test that fails, also when trying to compile manually.
116 ;; Reported upstream at
117 ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
118 (substitute* "Makefile.in"
119 (("test-module\\$\\(EXEEXT\\) ") ""))))))
120 (build-system gnu-build-system)
121 (native-inputs
122 `(("pkg-config" ,pkg-config)))
123 (inputs
124 `(("libffi" ,libffi)
125 ("libtasn1" ,libtasn1)))
126 (arguments
127 `(#:configure-flags '("--without-trust-paths")))
128 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
129 (synopsis "PKCS#11 library")
130 (description
131 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
132provides a standard configuration setup for installing PKCS#11 modules
133in such a way that they are discoverable. It also solves problems with
134coordinating the use of PKCS#11 by different components or libraries
135living in the same process.")
e9aa8d0c 136 (license license:bsd-3)))
27e86bed 137
7543f865
LC		 138(define-public gnutls
139 (package
140 (name "gnutls")
ce0b822e 141 (version "3.5.4")
d7d408d5
LC		 142 (source (origin
143 (method url-fetch)
144 (uri
145 ;; Note: Releases are no longer on ftp.gnu.org since the
146 ;; schism (after version 3.1.5).
d93627e4 147 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 148 (version-major+minor version)
d93627e4 149 "/gnutls-" version ".tar.xz"))
d7d408d5
LC		 150 (sha256
151 (base32
ce0b822e 152 "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))
7543f865 153 (build-system gnu-build-system)
b94ae0b8
AK		 154 (arguments
155 '(#:configure-flags
156 (list (string-append "--with-guile-site-dir="
157 (assoc-ref %outputs "out")
aa7c7f21
MW		 158 "/share/guile/site/2.0")
159 ;; GnuTLS doesn't consult any environment variables to specify
160 ;; the location of the system-wide trust store. Instead it has a
161 ;; configure-time option. Unless specified, its configure script
162 ;; attempts to auto-detect the location by looking for common
8f65585b 163 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 164 ;; chroot build environment. If not found, then no default trust
165 ;; store is used, so each program has to provide its own
166 ;; fallback, and users have to configure each program
167 ;; independently. This seems suboptimal.
866f469e
MW		 168 "--with-default-trust-store-dir=/etc/ssl/certs"
169
170 ;; FIXME: Temporarily disable p11-kit support since it is not
171 ;; working on mips64el.
606c6380
LC		 172 "--without-p11-kit")
173
174 #:phases (modify-phases %standard-phases
175 (add-after
176 'install 'move-doc
177 (lambda* (#:key outputs #:allow-other-keys)
178 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
179 (let* ((out (assoc-ref outputs "out"))
180 (doc (assoc-ref outputs "doc"))
9cdce047 181 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 182 (oldman (string-append out "/share/man/man3")))
183 (mkdir-p mandir)
184 (copy-recursively oldman mandir)
185 (delete-file-recursively oldman)
186 #t))))))
187 (outputs '("out" ;4.4 MiB
188 "debug"
189 "doc")) ;4.1 MiB of man pages
a1db0975 190 (native-inputs
5d4c90ae
LF		 191 `(("net-tools" ,net-tools)
192 ("pkg-config" ,pkg-config)
d2fcfd3d 193 ("which" ,which)))
7543f865
LC		 194 (inputs
195 `(("guile" ,guile-2.0)
0cb9b456 196 ("perl" ,perl)))
7543f865 197 (propagated-inputs
d2fcfd3d 198 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 199 `(("libtasn1" ,libtasn1)
866f469e
MW		 200 ("libidn" ,libidn)
201 ("nettle" ,nettle)
f61e0e79 202 ("zlib" ,zlib)))
c19700c3 203 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 204 (synopsis "Transport layer security library")
7543f865 205 (description
a22dc0c4 206 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 207and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 208protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
209required structures.")
63e8bb12
LC		 210 (license license:lgpl2.1+)
211 (properties '((ftp-server . "ftp.gnutls.org")
212 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df
AE		 213
214(define-public openssl
215 (package
216 (name "openssl")
1d8de185 217 (version "1.0.2j")
cc2b77df 218 (source (origin
4cff124b
LC		 219 (method url-fetch)
220 (uri (list (string-append "ftp://ftp.openssl.org/source/"
221 name "-" version ".tar.gz")
222 (string-append "ftp://ftp.openssl.org/source/old/"
223 (string-trim-right version char-set:letter)
224 "/" name "-" version ".tar.gz")))
225 (sha256
226 (base32
1d8de185 227 "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7"))
fc1adab1 228 (patches (search-patches "openssl-runpath.patch"
1d8de185 229 "openssl-c-rehash-in.patch"))))
cc2b77df 230 (build-system gnu-build-system)
8c78aeb7 231 (outputs '("out"
a909b576 232 "doc" ;1.5MiB of man3 pages
8c78aeb7 233 "static")) ;6MiB of .a files
cc2b77df
AE		 234 (native-inputs `(("perl" ,perl)))
235 (arguments
d03781c3
LC		 236 `(#:disallowed-references (,perl)
237 #:parallel-build? #f
cc2b77df
AE		 238 #:parallel-tests? #f
239 #:test-target "test"
8c9ec203
LF		 240
241 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
242 ;; so we explicitly disallow it here.
243 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 244 #:phases
b6cb1358 245 (modify-phases %standard-phases
4fb254a3 246 (add-before
86c8f1da 247 'configure 'patch-Makefile.org
4fb254a3
LC		 248 (lambda* (#:key outputs #:allow-other-keys)
249 ;; The default MANDIR is some unusual place. Fix that.
250 (let ((out (assoc-ref outputs "out")))
86c8f1da 251 (patch-makefile-SHELL "Makefile.org")
4fb254a3
LC		 252 (substitute* "Makefile.org"
253 (("^MANDIR[[:blank:]]*=.*$")
254 (string-append "MANDIR = " out "/share/man\n")))
255 #t)))
b6cb1358
LC		 256 (replace
257 'configure
258 (lambda* (#:key outputs #:allow-other-keys)
259 (let ((out (assoc-ref outputs "out")))
260 (zero?
261 (system* "./config"
262 "shared" ;build shared libraries
263 "--libdir=lib"
4fb254a3
LC		 264
265 ;; The default for this catch-all directory is
266 ;; PREFIX/ssl. Change that to something more
267 ;; conventional.
268 (string-append "--openssldir=" out
269 "/share/openssl-" ,version)
270
b6cb1358
LC		 271 (string-append "--prefix=" out)
272
273 ;; XXX FIXME: Work around a code generation bug in GCC
274 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
275 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
276 ,@(if (and (not (%current-target-system))
277 (string-prefix? "armhf" (%current-system)))
278 '("-mfpu=vfpv3")
279 '()))))))
fe8199a8
LC		 280 (add-after
281 'install 'make-libraries-writable
282 (lambda* (#:key outputs #:allow-other-keys)
283 ;; Make libraries writable so that 'strip' does its job.
284 (let ((out (assoc-ref outputs "out")))
285 (for-each (lambda (file)
286 (chmod file #o644))
287 (find-files (string-append out "/lib")
288 "\\.so"))
289 #t)))
8c78aeb7
LC		 290 (add-after 'install 'move-static-libraries
291 (lambda* (#:key outputs #:allow-other-keys)
292 ;; Move static libraries to the "static" output.
293 (let* ((out (assoc-ref outputs "out"))
294 (lib (string-append out "/lib"))
295 (static (assoc-ref outputs "static"))
296 (slib (string-append static "/lib")))
297 (mkdir-p slib)
298 (for-each (lambda (file)
299 (install-file file slib)
300 (delete-file file))
301 (find-files lib "\\.a$"))
302 #t)))
a909b576
LC		 303 (add-after 'install 'move-man3-pages
304 (lambda* (#:key outputs #:allow-other-keys)
305 ;; Move section 3 man pages to "doc".
306 (let* ((out (assoc-ref outputs "out"))
307 (man3 (string-append out "/share/man/man3"))
308 (doc (assoc-ref outputs "doc"))
309 (target (string-append doc "/share/man/man3")))
310 (mkdir-p target)
311 (for-each (lambda (file)
312 (rename-file file
313 (string-append target "/"
314 (basename file))))
315 (find-files man3))
5c838ec9 316 (delete-file-recursively man3)
a909b576 317 #t)))
b6cb1358
LC		 318 (add-before
319 'patch-source-shebangs 'patch-tests
320 (lambda* (#:key inputs native-inputs #:allow-other-keys)
321 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
322 (substitute* (find-files "test" ".*")
323 (("/bin/sh")
324 (string-append bash "/bin/bash"))
325 (("/bin/rm")
86c8f1da
MW		 326 "rm"))
327 #t)))
784d6e91
LC		 328 (add-after
329 'install 'remove-miscellany
330 (lambda* (#:key outputs #:allow-other-keys)
331 ;; The 'misc' directory contains random undocumented shell and Perl
332 ;; scripts. Remove them to avoid retaining a reference on Perl.
333 (let ((out (assoc-ref outputs "out")))
334 (delete-file-recursively (string-append out "/share/openssl-"
335 ,version "/misc"))
336 #t))))))
cc2b77df
AE		 337 (native-search-paths
338 ;; FIXME: These two variables must designate a single file or directory
339 ;; and are not actually "search paths." In practice it works OK in user
340 ;; profiles because there's always just one item that matches the
341 ;; specification.
342 (list (search-path-specification
343 (variable "SSL_CERT_DIR")
344 (files '("etc/ssl/certs")))
345 (search-path-specification
346 (variable "SSL_CERT_FILE")
347 (files '("etc/ssl/certs/ca-certificates.crt")))))
348 (synopsis "SSL/TLS implementation")
349 (description
e881752c 350 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 351 (license license:openssl)
cc2b77df
AE		 352 (home-page "http://www.openssl.org/")))
353
763899f0
LF		 354(define-public openssl-next
355 (package
356 (inherit openssl)
357 (name "openssl")
9ad09652 358 (version "1.1.0b")
763899f0
LF		 359 (source (origin
360 (method url-fetch)
361 (uri (list (string-append "ftp://ftp.openssl.org/source/"
362 name "-" version ".tar.gz")
363 (string-append "ftp://ftp.openssl.org/source/old/"
364 (string-trim-right version char-set:letter)
365 "/" name "-" version ".tar.gz")))
366 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
367 (sha256
368 (base32
9ad09652 369 "1xznrqvb1dbngv2k2nb6da6fdw00c01sy2i36yjdxr4vpxrf0pd4"))))
763899f0
LF		 370 (outputs '("out"
371 "doc" ;1.3MiB of man3 pages
372 "static")) ; 5.5MiB of .a files
373 (arguments
374 (substitute-keyword-arguments (package-arguments openssl)
375 ((#:phases phases)
376 `(modify-phases ,phases
377 (delete 'patch-tests) ; These two phases are not needed by
378 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
379
380 (add-after 'configure 'patch-runpath
381 (lambda* (#:key outputs #:allow-other-keys)
382 (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
383 (substitute* "Makefile.shared"
384 (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}")
385 (string-append "$${SHAREDCMD} $${SHAREDFLAGS}"
386 " -Wl,-rpath," lib)))
387 #t)))))))))
388
cb6a802c
AE		 389(define-public libressl
390 (package
391 (name "libressl")
a7c9b062 392 (version "2.5.0")
cb6a802c
AE		 393 (source
394 (origin
395 (method url-fetch)
396 (uri (string-append
397 "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
398 version ".tar.gz"))
1a957c21
LF		 399 (sha256
400 (base32
a7c9b062 401 "1bkfvapi4z826slycmicvs7hwgk4l82gd8w6nqvznldbammvyll6"))))
cb6a802c
AE		 402 (build-system gnu-build-system)
403 (native-search-paths
404 ;; FIXME: These two variables must designate a single file or directory
405 ;; and are not actually "search paths." In practice it works OK in
406 ;; user profiles because there's always just one item that matches the
407 ;; specification.
408 (list (search-path-specification
409 (variable "SSL_CERT_DIR")
410 (files '("etc/ssl/certs")))
411 (search-path-specification
412 (variable "SSL_CERT_FILE")
413 (files '("etc/ssl/certs/ca-certificates.crt")))))
414 (home-page "http://www.libressl.org/")
415 (synopsis "SSL/TLS implementation")
416 (description "LibreSSL is a version of the TLS/crypto stack forked
417from OpenSSL in 2014, with the goals of modernizing the codebase, improving
418security, and applying best practice development processes.")
419 ;; Files taken from OpenSSL keep their license, others are under various
420 ;; non-copyleft licenses.
421 (license (list license:openssl
422 (license:non-copyleft
423 "file://COPYING"
424 "See COPYING in the distribution.")))))
425
6cefd53d 426(define-public python-acme
7890e3ba 427 (package
6cefd53d 428 (name "python-acme")
f349d36e 429 (version "0.9.3")
7890e3ba 430 (source (origin
9495cf9a 431 (method url-fetch)
f349d36e 432 (uri (pypi-uri "acme" version))
7890e3ba
LF		 433 (sha256
434 (base32
f349d36e 435 "16a02bb0apnk1bm68bcabdmmwd6rnvnjzanrmcb46bpbapwz3vx6"))))
7890e3ba
LF		 436 (build-system python-build-system)
437 (arguments
6cefd53d 438 `(#:phases
9bee9d87 439 (modify-phases %standard-phases
50a7963a
LF		 440 (add-after 'install 'docs
441 (lambda* (#:key outputs #:allow-other-keys)
442 (let* ((out (assoc-ref outputs "out"))
443 (man (string-append out "/share/man/man1"))
444 (info (string-append out "/info")))
445 (and (zero? (system* "make" "-C" "docs" "man" "info"))
446 (install-file "docs/_build/texinfo/acme-python.info" info)
447 (install-file "docs/_build/man/acme-python.1" man)
448 #t)))))))
449 ;; TODO: Add optional inputs for testing.
7890e3ba 450 (native-inputs
6cefd53d 451 `(("python-mock" ,python-mock)
50a7963a
LF		 452 ;; For documentation
453 ("python-sphinx" ,python-sphinx)
454 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
455 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 456 ("texinfo" ,texinfo)))
7890e3ba 457 (propagated-inputs
6cefd53d
LF		 458 `(("python-ndg-httpsclient" ,python-ndg-httpsclient)
459 ("python-werkzeug" ,python-werkzeug)
460 ("python-six" ,python-six)
461 ("python-requests" ,python-requests)
462 ("python-pytz" ,python-pytz)
463 ("python-pyrfc3339" ,python-pyrfc3339)
464 ("python-pyasn1" ,python-pyasn1)
465 ("python-cryptography" ,python-cryptography)
466 ("python-pyopenssl" ,python-pyopenssl)))
7890e3ba
LF		 467 (home-page "https://github.com/letsencrypt/letsencrypt")
468 (synopsis "ACME protocol implementation in Python")
469 (description "ACME protocol implementation in Python")
470 (license license:asl2.0)))
471
6cefd53d
LF		 472(define-public python2-acme
473 (package-with-python2 python-acme))
474
9495cf9a 475(define-public certbot
9fd0838b 476 (package
9495cf9a 477 (name "certbot")
f349d36e 478 (version "0.9.3")
9fd0838b
DT		 479 (source (origin
480 (method url-fetch)
f349d36e 481 (uri (pypi-uri name version))
9fd0838b
DT		 482 (sha256
483 (base32
f349d36e 484 "1c7k4lfq5j78d1rvrwrb9082ngwibz92cwkf4kazaa9b76w9q538"))))
9fd0838b
DT		 485 (build-system python-build-system)
486 (arguments
f9263d9a
LF		 487 `(#:python ,python-2
488 #:phases
489 (modify-phases %standard-phases
234d0b69 490 (add-after 'build 'docs
f9263d9a
LF		 491 (lambda* (#:key outputs #:allow-other-keys)
492 (let* ((out (assoc-ref outputs "out"))
493 (man1 (string-append out "/share/man/man1"))
494 (man7 (string-append out "/share/man/man7"))
495 (info (string-append out "/info")))
f9263d9a
LF		 496 (and
497 (zero? (system* "make" "-C" "docs" "man" "info"))
9495cf9a
LF		 498 (install-file "docs/_build/texinfo/Certbot.info" info)
499 (install-file "docs/_build/man/certbot.1" man1)
500 (install-file "docs/_build/man/certbot.7" man7)
f9263d9a
LF		 501 #t)))))))
502 ;; TODO: Add optional inputs for testing.
9fd0838b
DT		 503 (native-inputs
504 `(("python2-nose" ,python2-nose)
f9263d9a
LF		 505 ("python2-mock" ,python2-mock)
506 ;; For documentation
507 ("python2-sphinx" ,python2-sphinx)
508 ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
509 ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
510 ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
511 ("texinfo" ,texinfo)))
9fd0838b 512 (propagated-inputs
6cefd53d 513 `(("python2-acme" ,python2-acme)
9fd0838b
DT		 514 ("python2-zope-interface" ,python2-zope-interface)
515 ("python2-pythondialog" ,python2-pythondialog)
516 ("python2-pyrfc3339" ,python2-pyrfc3339)
517 ("python2-pyopenssl" ,python2-pyopenssl)
518 ("python2-configobj" ,python2-configobj)
519 ("python2-configargparse" ,python2-configargparse)
520 ("python2-zope-component" ,python2-zope-component)
521 ("python2-parsedatetime" ,python2-parsedatetime)
522 ("python2-six" ,python2-six)
523 ("python2-psutil" ,python2-psutil)
524 ("python2-requests" ,python2-requests)
525 ("python2-pytz" ,python2-pytz)))
d8a1be63 526 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
9fd0838b
DT		 527 (description "Tool to automatically receive and install X.509 certificates
528to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which
529will be issuing browser-trusted certificates for free.")
24778368 530 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 531 (license license:asl2.0)))
532
9495cf9a
LF		 533(define-public letsencrypt
534 (package (inherit certbot)
56ab55d1
LF		 535 (name "letsencrypt")
536 (properties `((superseded . ,certbot)))))
9495cf9a 537
cc2b77df
AE		 538(define-public perl-net-ssleay
539 (package
540 (name "perl-net-ssleay")
541 (version "1.68")
542 (source (origin
543 (method url-fetch)
544 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
545 "Net-SSLeay-" version ".tar.gz"))
546 (sha256
547 (base32
1084ec08 548 "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p"))))
cc2b77df 549 (build-system perl-build-system)
1084ec08
MW		 550 (native-inputs
551 `(("patch" ,patch)
552 ("patch/disable-ede-test"
553 ,(search-patch "perl-net-ssleay-disable-ede-test.patch"))))
cc2b77df
AE		 554 (inputs `(("openssl" ,openssl)))
555 (arguments
1084ec08
MW		 556 `(#:phases
557 (modify-phases %standard-phases
558 (add-after
559 'unpack 'apply-patch
560 (lambda* (#:key inputs #:allow-other-keys)
561 ;; XXX We apply this patch here instead of in the 'origin' because
562 ;; this package's build system fails badly when the source file
563 ;; times are zeroed.
564 ;; XXX Try removing this patch for perl-net-ssleay > 1.68
565 (zero? (system* "patch" "--force" "-p1" "-i"
566 (assoc-ref inputs "patch/disable-ede-test")))))
567 (add-before
568 'configure 'set-ssl-prefix
569 (lambda* (#:key inputs #:allow-other-keys)
570 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
571 #t)))))
cc2b77df
AE		 572 (synopsis "Perl extension for using OpenSSL")
573 (description
574 "This module offers some high level convenience functions for accessing
575web pages on SSL servers (for symmetry, the same API is offered for accessing
576http servers, too), an sslcat() function for writing your own clients, and
577finally access to the SSL api of the SSLeay/OpenSSL package so you can write
578servers or clients for more complicated applications.")
579 (license (package-license perl))
580 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
4532c0c0
DM		 581
582(define-public perl-crypt-openssl-rsa
583 (package
584 (name "perl-crypt-openssl-rsa")
585 (version "0.28")
586 (source
587 (origin
588 (method url-fetch)
589 (uri (string-append
590 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
591 version
592 ".tar.gz"))
593 (sha256
594 (base32
595 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
596 (build-system perl-build-system)
597 (inputs
598 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
599 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
600 ("openssl" ,openssl)))
601 (arguments perl-crypt-arguments)
602 (home-page
603 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
604 (synopsis
605 "RSA encoding and decoding, using the openSSL libraries")
606 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
607OpenSSL libraries).")
608 (license (package-license perl))))
adff71ca
DM		 609
610(define perl-crypt-arguments
611 `(#:phases (modify-phases %standard-phases
612 (add-before 'configure 'patch-Makefile.PL
613 (lambda* (#:key inputs #:allow-other-keys)
614 (substitute* "Makefile.PL"
615 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
616 (assoc-ref inputs "openssl")
617 "/lib -lcrypto'],")))
618 #t)))))
619
620(define-public perl-crypt-openssl-bignum
621 (package
622 (name "perl-crypt-openssl-bignum")
623 (version "0.06")
624 (source
625 (origin
626 (method url-fetch)
627 (uri (string-append
628 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
629 version
630 ".tar.gz"))
631 (sha256
632 (base32
633 "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
634 (build-system perl-build-system)
635 (inputs `(("openssl" ,openssl)))
636 (arguments perl-crypt-arguments)
637 (home-page
638 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
639 (synopsis
640 "OpenSSL's multiprecision integer arithmetic in Perl")
641 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
642arithmetic in Perl.")
643 ;; At your option either gpl1+ or the Artistic License
644 (license (package-license perl))))
cccb4d26
DM		 645
646(define-public perl-crypt-openssl-random
647 (package
648 (name "perl-crypt-openssl-random")
649 (version "0.11")
650 (source
651 (origin
652 (method url-fetch)
653 (uri (string-append
654 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
655 version
656 ".tar.gz"))
657 (sha256
658 (base32
659 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
660 (build-system perl-build-system)
661 (inputs `(("openssl" ,openssl)))
662 (arguments perl-crypt-arguments)
663 (home-page
664 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
665 (synopsis
666 "OpenSSL/LibreSSL pseudo-random number generator access")
667 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
668number generator")
669 (license (package-license perl))))
0581c273
LF		 670
671(define-public acme-client
672 (package
673 (name "acme-client")
4b569a4f 674 (version "0.1.15")
0581c273
LF		 675 (source (origin
676 (method url-fetch)
677 (uri (string-append "https://kristaps.bsd.lv/" name "/"
678 "snapshots/" name "-portable-"
679 version ".tgz"))
680 (sha256
681 (base32
4b569a4f 682 "07p723391whrswl4rir0l1k03l457sjscnj0cfaxr8mfnkx4y3wi"))))
0581c273
LF		 683 (build-system gnu-build-system)
684 (arguments
685 '(#:tests? #f ; no test suite
686 #:make-flags
687 (list "CC=gcc"
688 (string-append "PREFIX=" (assoc-ref %outputs "out")))
689 #:phases
690 (modify-phases %standard-phases
691 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 692 (native-inputs
693 `(("pkg-config" ,pkg-config)))
0581c273
LF		 694 (inputs
695 `(("libbsd" ,libbsd)
696 ("libressl" ,libressl)))
697 (synopsis "Let's Encrypt client by the OpenBSD project")
698 (description "acme-client is a Let's Encrypt client implemented in C. It
699uses a modular design, and attempts to secure itself by dropping privileges and
700operating in a chroot where possible. acme-client is developed on OpenBSD and
701then ported to the GNU / Linux environment.")
702 (home-page "https://kristaps.bsd.lv/acme-client/")
703 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
704 ;; and 'jsmn.c' are distributed under the Expat license.
705 (license (list license:isc license:expat))))
jackhill's copy of GNU Guix: https://guix.gnu.org/