Commit | Line | Data |
---|---|---|
233e7676 | 1 | ;;; GNU Guix --- Functional package management for GNU |
ce0614dd | 2 | ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> |
d585f244 | 3 | ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> |
29a7c98a | 4 | ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> |
cc2b77df | 5 | ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> |
7543f865 | 6 | ;;; |
233e7676 | 7 | ;;; This file is part of GNU Guix. |
7543f865 | 8 | ;;; |
233e7676 | 9 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
7543f865 LC |
10 | ;;; under the terms of the GNU General Public License as published by |
11 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
12 | ;;; your option) any later version. | |
13 | ;;; | |
233e7676 | 14 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
7543f865 LC |
15 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | ;;; GNU General Public License for more details. | |
18 | ;;; | |
19 | ;;; You should have received a copy of the GNU General Public License | |
233e7676 | 20 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
7543f865 | 21 | |
a7fd7b68 | 22 | (define-module (gnu packages tls) |
e9aa8d0c | 23 | #:use-module ((guix licenses) #:prefix license:) |
7543f865 LC |
24 | #:use-module (guix packages) |
25 | #:use-module (guix download) | |
29a7c98a | 26 | #:use-module (guix utils) |
7543f865 | 27 | #:use-module (guix build-system gnu) |
cc2b77df | 28 | #:use-module (guix build-system perl) |
f61e0e79 | 29 | #:use-module (gnu packages compression) |
013ce67b | 30 | #:use-module (gnu packages) |
1ffa7090 | 31 | #:use-module (gnu packages guile) |
27e86bed | 32 | #:use-module (gnu packages libffi) |
866f469e | 33 | #:use-module (gnu packages libidn) |
27e86bed | 34 | #:use-module (gnu packages nettle) |
1ffa7090 | 35 | #:use-module (gnu packages perl) |
27e86bed | 36 | #:use-module (gnu packages pkg-config) |
a31f4d35 | 37 | #:use-module (gnu packages texinfo) |
ce0614dd | 38 | #:use-module (gnu packages base)) |
7543f865 LC |
39 | |
40 | (define-public libtasn1 | |
41 | (package | |
42 | (name "libtasn1") | |
b8949a2f | 43 | (version "4.5") |
7543f865 LC |
44 | (source |
45 | (origin | |
46 | (method url-fetch) | |
47 | (uri (string-append "mirror://gnu/libtasn1/libtasn1-" | |
48 | version ".tar.gz")) | |
49 | (sha256 | |
50 | (base32 | |
b8949a2f | 51 | "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9")))) |
7543f865 | 52 | (build-system gnu-build-system) |
a31f4d35 LC |
53 | (native-inputs `(("perl" ,perl) |
54 | ||
55 | ;; XXX: For some reason, libtasn1.info wants to be | |
56 | ;; rebuilt, so we must provide 'makeinfo'. | |
57 | ("texinfo" ,texinfo))) | |
7543f865 | 58 | (home-page "http://www.gnu.org/software/libtasn1/") |
f50d2669 | 59 | (synopsis "ASN.1 library") |
7543f865 | 60 | (description |
79c311b8 LC |
61 | "GNU libtasn1 is a library implementing the ASN.1 notation. It is used |
62 | for transmitting machine-neutral encodings of data objects in computer | |
a22dc0c4 LC |
63 | networking, allowing for formal validation of data according to some |
64 | specifications.") | |
e9aa8d0c | 65 | (license license:lgpl2.0+))) |
7543f865 | 66 | |
27e86bed AE |
67 | (define-public p11-kit |
68 | (package | |
69 | (name "p11-kit") | |
14fe9488 | 70 | (version "0.23.1") |
27e86bed AE |
71 | (source |
72 | (origin | |
73 | (method url-fetch) | |
74 | (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-" | |
75 | version ".tar.gz")) | |
76 | (sha256 | |
77 | (base32 | |
14fe9488 | 78 | "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5")) |
27e86bed AE |
79 | (modules '((guix build utils))) ; for substitute* |
80 | (snippet | |
81 | '(begin | |
82 | ;; Drop one test that fails, also when trying to compile manually. | |
83 | ;; Reported upstream at | |
84 | ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027 | |
85 | (substitute* "Makefile.in" | |
86 | (("test-module\\$\\(EXEEXT\\) ") "")))))) | |
87 | (build-system gnu-build-system) | |
88 | (native-inputs | |
89 | `(("pkg-config" ,pkg-config))) | |
90 | (inputs | |
91 | `(("libffi" ,libffi) | |
92 | ("libtasn1" ,libtasn1))) | |
93 | (arguments | |
94 | `(#:configure-flags '("--without-trust-paths"))) | |
95 | (home-page "http://p11-glue.freedesktop.org/p11-kit.html") | |
96 | (synopsis "PKCS#11 library") | |
97 | (description | |
98 | "p11-kit provides a way to load and enumerate PKCS#11 modules. It | |
99 | provides a standard configuration setup for installing PKCS#11 modules | |
100 | in such a way that they are discoverable. It also solves problems with | |
101 | coordinating the use of PKCS#11 by different components or libraries | |
102 | living in the same process.") | |
e9aa8d0c | 103 | (license license:bsd-3))) |
27e86bed | 104 | |
7543f865 LC |
105 | (define-public gnutls |
106 | (package | |
107 | (name "gnutls") | |
9cdce047 | 108 | (version "3.4.4.1") |
d7d408d5 LC |
109 | (source (origin |
110 | (method url-fetch) | |
111 | (uri | |
112 | ;; Note: Releases are no longer on ftp.gnu.org since the | |
113 | ;; schism (after version 3.1.5). | |
d93627e4 | 114 | (string-append "mirror://gnupg/gnutls/v" |
29a7c98a | 115 | (version-major+minor version) |
d93627e4 | 116 | "/gnutls-" version ".tar.xz")) |
d7d408d5 LC |
117 | (sha256 |
118 | (base32 | |
9cdce047 MW |
119 | "1xf354xafavqhi207ll1m1isd4l5b31lic2sz9lw0j0r0fcxfnsj")) |
120 | (patches (list (search-patch "gnutls-doc-fix.patch"))))) | |
7543f865 | 121 | (build-system gnu-build-system) |
b94ae0b8 AK |
122 | (arguments |
123 | '(#:configure-flags | |
124 | (list (string-append "--with-guile-site-dir=" | |
125 | (assoc-ref %outputs "out") | |
aa7c7f21 MW |
126 | "/share/guile/site/2.0") |
127 | ;; GnuTLS doesn't consult any environment variables to specify | |
128 | ;; the location of the system-wide trust store. Instead it has a | |
129 | ;; configure-time option. Unless specified, its configure script | |
130 | ;; attempts to auto-detect the location by looking for common | |
131 | ;; places in the filesystem, none of which are present in our | |
132 | ;; chroot build environment. If not found, then no default trust | |
133 | ;; store is used, so each program has to provide its own | |
134 | ;; fallback, and users have to configure each program | |
135 | ;; independently. This seems suboptimal. | |
866f469e MW |
136 | "--with-default-trust-store-dir=/etc/ssl/certs" |
137 | ||
138 | ;; FIXME: Temporarily disable p11-kit support since it is not | |
139 | ;; working on mips64el. | |
606c6380 LC |
140 | "--without-p11-kit") |
141 | ||
142 | #:phases (modify-phases %standard-phases | |
9cdce047 MW |
143 | (add-after |
144 | 'unpack 'delete-prebuilt-unfixed-info-file | |
145 | (lambda _ | |
146 | ;; XXX Delete the prebuilt info file, so that it will be | |
147 | ;; rebuilt with the fixes in gnutls-doc-fix.patch. | |
148 | (delete-file "doc/gnutls.info") | |
149 | #t)) | |
606c6380 LC |
150 | (add-after |
151 | 'install 'move-doc | |
152 | (lambda* (#:key outputs #:allow-other-keys) | |
153 | ;; Copy the 4.1 MiB of section 3 man pages to "doc". | |
154 | (let* ((out (assoc-ref outputs "out")) | |
155 | (doc (assoc-ref outputs "doc")) | |
9cdce047 | 156 | (mandir (string-append doc "/share/man/man3")) |
606c6380 LC |
157 | (oldman (string-append out "/share/man/man3"))) |
158 | (mkdir-p mandir) | |
159 | (copy-recursively oldman mandir) | |
160 | (delete-file-recursively oldman) | |
161 | #t)))))) | |
162 | (outputs '("out" ;4.4 MiB | |
163 | "debug" | |
164 | "doc")) ;4.1 MiB of man pages | |
a1db0975 | 165 | (native-inputs |
d2fcfd3d | 166 | `(("pkg-config" ,pkg-config) |
9cdce047 | 167 | ("texinfo" ,texinfo) ; XXX needed only to replace prebuilt, unfixed docs. |
d2fcfd3d | 168 | ("which" ,which))) |
7543f865 LC |
169 | (inputs |
170 | `(("guile" ,guile-2.0) | |
0cb9b456 | 171 | ("perl" ,perl))) |
7543f865 | 172 | (propagated-inputs |
d2fcfd3d | 173 | ;; These are all in the 'Requires.private' field of gnutls.pc. |
7543f865 | 174 | `(("libtasn1" ,libtasn1) |
866f469e MW |
175 | ("libidn" ,libidn) |
176 | ("nettle" ,nettle) | |
f61e0e79 | 177 | ("zlib" ,zlib))) |
7543f865 | 178 | (home-page "http://www.gnu.org/software/gnutls/") |
f50d2669 | 179 | (synopsis "Transport layer security library") |
7543f865 | 180 | (description |
a22dc0c4 | 181 | "GnuTLS is a secure communications library implementing the SSL, TLS |
79c311b8 | 182 | and DTLS protocols. It is provided in the form of a C library to support the |
a22dc0c4 LC |
183 | protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other |
184 | required structures.") | |
e9aa8d0c | 185 | (license license:lgpl2.1+))) |
cc2b77df AE |
186 | |
187 | (define-public openssl | |
188 | (package | |
189 | (name "openssl") | |
1f4335ae | 190 | (version "1.0.2d") |
cc2b77df AE |
191 | (source (origin |
192 | (method url-fetch) | |
193 | (uri (string-append "ftp://ftp.openssl.org/source/openssl-" version | |
194 | ".tar.gz")) | |
195 | (sha256 | |
196 | (base32 | |
1f4335ae | 197 | "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737")) |
cc2b77df AE |
198 | (patches (list (search-patch "openssl-runpath.patch"))))) |
199 | (build-system gnu-build-system) | |
200 | (native-inputs `(("perl" ,perl))) | |
201 | (arguments | |
e1202717 | 202 | `(#:parallel-build? #f |
cc2b77df AE |
203 | #:parallel-tests? #f |
204 | #:test-target "test" | |
205 | #:phases | |
b6cb1358 | 206 | (modify-phases %standard-phases |
4fb254a3 LC |
207 | (add-before |
208 | 'configure 'fix-man-dir | |
209 | (lambda* (#:key outputs #:allow-other-keys) | |
210 | ;; The default MANDIR is some unusual place. Fix that. | |
211 | (let ((out (assoc-ref outputs "out"))) | |
212 | (substitute* "Makefile.org" | |
213 | (("^MANDIR[[:blank:]]*=.*$") | |
214 | (string-append "MANDIR = " out "/share/man\n"))) | |
215 | #t))) | |
b6cb1358 LC |
216 | (replace |
217 | 'configure | |
218 | (lambda* (#:key outputs #:allow-other-keys) | |
219 | (let ((out (assoc-ref outputs "out"))) | |
220 | (zero? | |
221 | (system* "./config" | |
222 | "shared" ;build shared libraries | |
223 | "--libdir=lib" | |
4fb254a3 LC |
224 | |
225 | ;; The default for this catch-all directory is | |
226 | ;; PREFIX/ssl. Change that to something more | |
227 | ;; conventional. | |
228 | (string-append "--openssldir=" out | |
229 | "/share/openssl-" ,version) | |
230 | ||
b6cb1358 LC |
231 | (string-append "--prefix=" out) |
232 | ||
233 | ;; XXX FIXME: Work around a code generation bug in GCC | |
234 | ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: | |
235 | ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917> | |
236 | ,@(if (and (not (%current-target-system)) | |
237 | (string-prefix? "armhf" (%current-system))) | |
238 | '("-mfpu=vfpv3") | |
239 | '())))))) | |
fe8199a8 LC |
240 | (add-after |
241 | 'install 'make-libraries-writable | |
242 | (lambda* (#:key outputs #:allow-other-keys) | |
243 | ;; Make libraries writable so that 'strip' does its job. | |
244 | (let ((out (assoc-ref outputs "out"))) | |
245 | (for-each (lambda (file) | |
246 | (chmod file #o644)) | |
247 | (find-files (string-append out "/lib") | |
248 | "\\.so")) | |
249 | #t))) | |
b6cb1358 LC |
250 | (add-before |
251 | 'patch-source-shebangs 'patch-tests | |
252 | (lambda* (#:key inputs native-inputs #:allow-other-keys) | |
253 | (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) | |
254 | (substitute* (find-files "test" ".*") | |
255 | (("/bin/sh") | |
256 | (string-append bash "/bin/bash")) | |
257 | (("/bin/rm") | |
258 | "rm")))))))) | |
cc2b77df AE |
259 | (native-search-paths |
260 | ;; FIXME: These two variables must designate a single file or directory | |
261 | ;; and are not actually "search paths." In practice it works OK in user | |
262 | ;; profiles because there's always just one item that matches the | |
263 | ;; specification. | |
264 | (list (search-path-specification | |
265 | (variable "SSL_CERT_DIR") | |
266 | (files '("etc/ssl/certs"))) | |
267 | (search-path-specification | |
268 | (variable "SSL_CERT_FILE") | |
269 | (files '("etc/ssl/certs/ca-certificates.crt"))))) | |
270 | (synopsis "SSL/TLS implementation") | |
271 | (description | |
e881752c | 272 | "OpenSSL is an implementation of SSL/TLS.") |
e9aa8d0c | 273 | (license license:openssl) |
cc2b77df AE |
274 | (home-page "http://www.openssl.org/"))) |
275 | ||
cb6a802c AE |
276 | (define-public libressl |
277 | (package | |
278 | (name "libressl") | |
279 | (version "2.2.0") | |
280 | (source | |
281 | (origin | |
282 | (method url-fetch) | |
283 | (uri (string-append | |
284 | "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-" | |
285 | version ".tar.gz")) | |
286 | (sha256 (base32 | |
287 | "0h1haqb4y39p1zihwvnr1ib0zfq5bcqfnbj5jm9l4j2xibrxi44n")))) | |
288 | (build-system gnu-build-system) | |
289 | (native-search-paths | |
290 | ;; FIXME: These two variables must designate a single file or directory | |
291 | ;; and are not actually "search paths." In practice it works OK in | |
292 | ;; user profiles because there's always just one item that matches the | |
293 | ;; specification. | |
294 | (list (search-path-specification | |
295 | (variable "SSL_CERT_DIR") | |
296 | (files '("etc/ssl/certs"))) | |
297 | (search-path-specification | |
298 | (variable "SSL_CERT_FILE") | |
299 | (files '("etc/ssl/certs/ca-certificates.crt"))))) | |
300 | (home-page "http://www.libressl.org/") | |
301 | (synopsis "SSL/TLS implementation") | |
302 | (description "LibreSSL is a version of the TLS/crypto stack forked | |
303 | from OpenSSL in 2014, with the goals of modernizing the codebase, improving | |
304 | security, and applying best practice development processes.") | |
305 | ;; Files taken from OpenSSL keep their license, others are under various | |
306 | ;; non-copyleft licenses. | |
307 | (license (list license:openssl | |
308 | (license:non-copyleft | |
309 | "file://COPYING" | |
310 | "See COPYING in the distribution."))))) | |
311 | ||
cc2b77df AE |
312 | (define-public perl-net-ssleay |
313 | (package | |
314 | (name "perl-net-ssleay") | |
315 | (version "1.68") | |
316 | (source (origin | |
317 | (method url-fetch) | |
318 | (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/" | |
319 | "Net-SSLeay-" version ".tar.gz")) | |
320 | (sha256 | |
321 | (base32 | |
1084ec08 | 322 | "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p")))) |
cc2b77df | 323 | (build-system perl-build-system) |
1084ec08 MW |
324 | (native-inputs |
325 | `(("patch" ,patch) | |
326 | ("patch/disable-ede-test" | |
327 | ,(search-patch "perl-net-ssleay-disable-ede-test.patch")))) | |
cc2b77df AE |
328 | (inputs `(("openssl" ,openssl))) |
329 | (arguments | |
1084ec08 MW |
330 | `(#:phases |
331 | (modify-phases %standard-phases | |
332 | (add-after | |
333 | 'unpack 'apply-patch | |
334 | (lambda* (#:key inputs #:allow-other-keys) | |
335 | ;; XXX We apply this patch here instead of in the 'origin' because | |
336 | ;; this package's build system fails badly when the source file | |
337 | ;; times are zeroed. | |
338 | ;; XXX Try removing this patch for perl-net-ssleay > 1.68 | |
339 | (zero? (system* "patch" "--force" "-p1" "-i" | |
340 | (assoc-ref inputs "patch/disable-ede-test"))))) | |
341 | (add-before | |
342 | 'configure 'set-ssl-prefix | |
343 | (lambda* (#:key inputs #:allow-other-keys) | |
344 | (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl")) | |
345 | #t))))) | |
cc2b77df AE |
346 | (synopsis "Perl extension for using OpenSSL") |
347 | (description | |
348 | "This module offers some high level convenience functions for accessing | |
349 | web pages on SSL servers (for symmetry, the same API is offered for accessing | |
350 | http servers, too), an sslcat() function for writing your own clients, and | |
351 | finally access to the SSL api of the SSLeay/OpenSSL package so you can write | |
352 | servers or clients for more complicated applications.") | |
353 | (license (package-license perl)) | |
354 | (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/"))) |