HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: Add cxxopts.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
ac83dc82 2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
05f6e601 3;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
29a7c98a 4;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
cc2b77df 5;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
9fd0838b 6;;; Copyright © 2015 David Thompson <davet@gnu.org>
ea22aa1f 7;;; Copyright © 2015, 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
db388401 8;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
3c986a7d 9;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
375cef6c 10;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
ee33f9a7 11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
e8df8800 12;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
a92c6b1a 13;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
fbf5ca3c 14;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
e8b3a158 15;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
bdcdd550 16;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
a9bcc647 17;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
7543f865 18;;;
233e7676 19;;; This file is part of GNU Guix.
7543f865 20;;;
233e7676 21;;; GNU Guix is free software; you can redistribute it and/or modify it
7543f865
LC		 22;;; under the terms of the GNU General Public License as published by
23;;; the Free Software Foundation; either version 3 of the License, or (at
24;;; your option) any later version.
25;;;
233e7676 26;;; GNU Guix is distributed in the hope that it will be useful, but
7543f865
LC		 27;;; WITHOUT ANY WARRANTY; without even the implied warranty of
28;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29;;; GNU General Public License for more details.
30;;;
31;;; You should have received a copy of the GNU General Public License
233e7676 32;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
7543f865 33
a7fd7b68 34(define-module (gnu packages tls)
e9aa8d0c 35 #:use-module ((guix licenses) #:prefix license:)
7543f865
LC		 36 #:use-module (guix packages)
37 #:use-module (guix download)
ea22aa1f 38 #:use-module (guix git-download)
29a7c98a 39 #:use-module (guix utils)
7543f865 40 #:use-module (guix build-system gnu)
ea22aa1f 41 #:use-module (guix build-system go)
cc2b77df 42 #:use-module (guix build-system perl)
7890e3ba 43 #:use-module (guix build-system python)
88522738 44 #:use-module (guix build-system cmake)
e8b3a158 45 #:use-module (guix build-system trivial)
f61e0e79 46 #:use-module (gnu packages compression)
013ce67b 47 #:use-module (gnu packages)
e8b3a158 48 #:use-module (gnu packages bash)
ac257f12 49 #:use-module (gnu packages check)
e8b3a158 50 #:use-module (gnu packages curl)
5b9aa107 51 #:use-module (gnu packages dns)
e8b3a158 52 #:use-module (gnu packages gawk)
1ffa7090 53 #:use-module (gnu packages guile)
a9bcc647 54 #:use-module (gnu packages hurd)
0581c273 55 #:use-module (gnu packages libbsd)
27e86bed 56 #:use-module (gnu packages libffi)
866f469e 57 #:use-module (gnu packages libidn)
5d4c90ae 58 #:use-module (gnu packages linux)
7890e3ba 59 #:use-module (gnu packages ncurses)
27e86bed 60 #:use-module (gnu packages nettle)
1ffa7090 61 #:use-module (gnu packages perl)
27e86bed 62 #:use-module (gnu packages pkg-config)
7890e3ba 63 #:use-module (gnu packages python)
cc6f4912 64 #:use-module (gnu packages python-crypto)
1b2f753d 65 #:use-module (gnu packages python-web)
44d10b1f 66 #:use-module (gnu packages python-xyz)
9d0c291e 67 #:use-module (gnu packages sphinx)
a31f4d35 68 #:use-module (gnu packages texinfo)
33dc54b0 69 #:use-module (gnu packages time)
079f013b
LC		 70 #:use-module (gnu packages base)
71 #:use-module (srfi srfi-1))
7543f865
LC		 72
73(define-public libtasn1
74 (package
75 (name "libtasn1")
3a22f04a 76 (version "4.16.0")
7543f865
LC		 77 (source
78 (origin
79 (method url-fetch)
80 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
81 version ".tar.gz"))
82 (sha256
83 (base32
3a22f04a 84 "179jskl7dmfp1rd2khkzmlibzgki4wi6hvmmwfv7q49r728b03qf"))))
7543f865 85 (build-system gnu-build-system)
d9f84612
MB		 86 (arguments
87 `(#:configure-flags '("--disable-static")))
3ea110b7 88 (native-inputs `(("perl" ,perl)))
6fd52309 89 (home-page "https://www.gnu.org/software/libtasn1/")
f50d2669 90 (synopsis "ASN.1 library")
7543f865 91 (description
79c311b8
LC		 92 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
93for transmitting machine-neutral encodings of data objects in computer
a22dc0c4
LC		 94networking, allowing for formal validation of data according to some
95specifications.")
e9aa8d0c 96 (license license:lgpl2.0+)))
7543f865 97
375cef6c
HG		 98(define-public asn1c
99 (package
100 (name "asn1c")
ff7da7e0 101 (version "0.9.28")
375cef6c
HG		 102 (source (origin
103 (method url-fetch)
104 (uri (string-append "https://lionet.info/soft/asn1c-"
105 version ".tar.gz"))
106 (sha256
107 (base32
ff7da7e0 108 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
375cef6c
HG		 109 (build-system gnu-build-system)
110 (native-inputs
111 `(("perl" ,perl)))
112 (home-page "https://lionet.info/asn1c")
113 (synopsis "ASN.1 to C compiler")
114 (description "The ASN.1 to C compiler takes ASN.1 module
115files and generates C++ compatible C source code. That code can be
116used to serialize the native C structures into compact and unambiguous
117BER/XER/PER-based data files, and deserialize the files back.
118
119Various ASN.1 based formats are widely used in the industry, such as to encode
120the X.509 certificates employed in the HTTPS handshake, to exchange control
121data between mobile phones and cellular networks, to car-to-car communication
122in intelligent transportation networks.")
123 (license license:bsd-2)))
124
27e86bed
AE		 125(define-public p11-kit
126 (package
127 (name "p11-kit")
149d9181 128 (version "0.23.21")
27e86bed
AE		 129 (source
130 (origin
131 (method url-fetch)
e6ad9bda 132 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
eae94df6 133 "download/" version "/p11-kit-" version ".tar.xz"))
27e86bed 134 (sha256
149d9181 135 (base32 "09q6n63qmqcdw6v0fwmhdmsqrcndnp5m9jvby1kxi82wy29s9fpi"))))
27e86bed
AE		 136 (build-system gnu-build-system)
137 (native-inputs
138 `(("pkg-config" ,pkg-config)))
139 (inputs
140 `(("libffi" ,libffi)
141 ("libtasn1" ,libtasn1)))
142 (arguments
d5c472a2
MB		 143 `(#:configure-flags '("--without-trust-paths")
144 #:phases (modify-phases %standard-phases
145 (add-before 'check 'prepare-tests
146 (lambda _
147 ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
148 ;; and looks for .cache and other directories (only).
149 ;; For simplicity just drop it since it is irrelevant
150 ;; in the build container.
151 (substitute* "Makefile"
152 (("test-runtime\\$\\(EXEEXT\\)") ""))
153 #t)))))
4631e6c9 154 (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
27e86bed
AE		 155 (synopsis "PKCS#11 library")
156 (description
157 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
158provides a standard configuration setup for installing PKCS#11 modules
159in such a way that they are discoverable. It also solves problems with
160coordinating the use of PKCS#11 by different components or libraries
161living in the same process.")
e9aa8d0c 162 (license license:bsd-3)))
27e86bed 163
7543f865
LC		 164(define-public gnutls
165 (package
166 (name "gnutls")
5c5bd76f 167 ;; XXX Unversion openconnect's "gnutls" input when ungrafting.
8951b949 168 (replacement gnutls-3.6.14)
584d08c5 169 (version "3.6.12")
d7d408d5
LC		 170 (source (origin
171 (method url-fetch)
172 (uri
173 ;; Note: Releases are no longer on ftp.gnu.org since the
174 ;; schism (after version 3.1.5).
d93627e4 175 (string-append "mirror://gnupg/gnutls/v"
29a7c98a 176 (version-major+minor version)
d93627e4 177 "/gnutls-" version ".tar.xz"))
06f5bc4e 178 (patches (search-patches "gnutls-skip-trust-store-test.patch"))
d7d408d5
LC		 179 (sha256
180 (base32
584d08c5 181 "0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z"))))
7543f865 182 (build-system gnu-build-system)
b94ae0b8 183 (arguments
9015ed66
LC		 184 `(#:tests? ,(not (hurd-target?))
185 ;; Ensure we don't keep a reference to net-tools.
9ee8b41f 186 #:disallowed-references ,(if (hurd-target?) '() (list net-tools))
76b21274 187 #:configure-flags
a0700787 188 (list
aa7c7f21
MW		 189 ;; GnuTLS doesn't consult any environment variables to specify
190 ;; the location of the system-wide trust store. Instead it has a
191 ;; configure-time option. Unless specified, its configure script
192 ;; attempts to auto-detect the location by looking for common
8f65585b 193 ;; places in the file system, none of which are present in our
aa7c7f21
MW		 194 ;; chroot build environment. If not found, then no default trust
195 ;; store is used, so each program has to provide its own
196 ;; fallback, and users have to configure each program
197 ;; independently. This seems suboptimal.
866f469e
MW		 198 "--with-default-trust-store-dir=/etc/ssl/certs"
199
7892edc2
MB		 200 ;; Tell the build system that we want Guile bindings installed to
201 ;; the output instead of Guiles own module directory.
202 (string-append "--with-guile-site-dir="
203 "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)")
204 (string-append "--with-guile-site-ccache-dir="
205 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache")
206 (string-append "--with-guile-extension-dir="
207 "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
208
866f469e
MW		 209 ;; FIXME: Temporarily disable p11-kit support since it is not
210 ;; working on mips64el.
606c6380
LC		 211 "--without-p11-kit")
212
213 #:phases (modify-phases %standard-phases
214 (add-after
215 'install 'move-doc
216 (lambda* (#:key outputs #:allow-other-keys)
217 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
218 (let* ((out (assoc-ref outputs "out"))
219 (doc (assoc-ref outputs "doc"))
9cdce047 220 (mandir (string-append doc "/share/man/man3"))
606c6380
LC		 221 (oldman (string-append out "/share/man/man3")))
222 (mkdir-p mandir)
223 (copy-recursively oldman mandir)
224 (delete-file-recursively oldman)
225 #t))))))
226 (outputs '("out" ;4.4 MiB
227 "debug"
228 "doc")) ;4.1 MiB of man pages
a1db0975 229 (native-inputs
a9bcc647
JN		 230 `(,@(if (hurd-target?) '()
231 `(("net-tools" ,net-tools)))
5d4c90ae 232 ("pkg-config" ,pkg-config)
ac83dc82 233 ("which" ,which)
2d49f175
JN		 234 ,@(if (hurd-target?) '()
235 `(("datefudge" ,datefudge))) ;tests rely on 'datefudge'
971c8bb0 236 ("util-linux" ,util-linux))) ;one test needs 'setsid'
7543f865 237 (inputs
67a3c8ed 238 `(("guile" ,guile-3.0)))
7543f865 239 (propagated-inputs
d2fcfd3d 240 ;; These are all in the 'Requires.private' field of gnutls.pc.
7543f865 241 `(("libtasn1" ,libtasn1)
55e61c4d 242 ("libidn2" ,libidn2)
866f469e 243 ("nettle" ,nettle)
f61e0e79 244 ("zlib" ,zlib)))
c19700c3 245 (home-page "https://www.gnu.org/software/gnutls/")
f50d2669 246 (synopsis "Transport layer security library")
7543f865 247 (description
a22dc0c4 248 "GnuTLS is a secure communications library implementing the SSL, TLS
79c311b8 249and DTLS protocols. It is provided in the form of a C library to support the
a22dc0c4
LC		 250protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
251required structures.")
63e8bb12
LC		 252 (license license:lgpl2.1+)
253 (properties '((ftp-server . "ftp.gnutls.org")
254 (ftp-directory . "/gcrypt/gnutls")))))
cc2b77df 255
8951b949 256(define-public gnutls-3.6.14
079f013b 257 (package
58ea4d40 258 (inherit gnutls)
8951b949 259 (version "3.6.14")
a270af31
LF		 260 (source (origin
261 (method url-fetch)
262 (uri (string-append "mirror://gnupg/gnutls/v"
263 (version-major+minor version)
8951b949 264 "/gnutls-" version ".tar.xz"))
7eee37cd
JN		 265 (patches (search-patches "gnutls-skip-trust-store-test.patch"
266 "gnutls-cross.patch"))
a270af31
LF		 267 (sha256
268 (base32
8951b949 269 "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n"))))
7eee37cd
JN		 270 (native-inputs
271 `(,@(if (%current-target-system) ;for cross-build
272 `(("guile" ,guile-3.0)) ;to create .go files
273 '())
274 ,@(package-native-inputs gnutls)))))
a270af31
LF		 275
276(define-public gnutls/guile-2.0
277 ;; GnuTLS for Guile 2.0.
278 (package/inherit gnutls
a0700787
LC		 279 (name "guile2.0-gnutls")
280 (inputs `(("guile" ,guile-2.0)
58ea4d40 281 ,@(alist-delete "guile" (package-inputs gnutls))))))
079f013b 282
5b9aa107 283(define-public gnutls/dane
284 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
285 ;; Authentication of Named Entities. This is required for GNS functionality
286 ;; by GNUnet and gnURL. This is done in an extra package definition
287 ;; to have the choice between GnuTLS with Dane and without Dane.
a270af31 288 (package/inherit gnutls
5b9aa107 289 (name "gnutls-dane")
290 (inputs `(("unbound" ,unbound)
291 ,@(package-inputs gnutls)))))
292
67a3c8ed 293(define-public guile2.2-gnutls
d630d781 294 (package
5f9f034e 295 (inherit gnutls)
67a3c8ed
MB		 296 (name "guile2.2-gnutls")
297 (inputs `(("guile" ,guile-2.2)
d630d781 298 ,@(alist-delete "guile"
5f9f034e 299 (package-inputs gnutls))))))
d630d781 300
4e6c9f56
LC		 301(define-public guile3.0-gnutls
302 (deprecated-package "guile3.0-gnutls" gnutls))
67a3c8ed 303
cc2b77df
AE		 304(define-public openssl
305 (package
306 (name "openssl")
95ac5cd6 307 (version "1.1.1f")
0b9a1177 308 (replacement openssl-1.1.1g)
cc2b77df 309 (source (origin
4cff124b 310 (method url-fetch)
bdf0b6fc
MB		 311 (uri (list (string-append "https://www.openssl.org/source/openssl-"
312 version ".tar.gz")
313 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 314 "openssl-" version ".tar.gz")
4cff124b
LC		 315 (string-append "ftp://ftp.openssl.org/source/old/"
316 (string-trim-right version char-set:letter)
c7f5c3ea 317 "/openssl-" version ".tar.gz")))
4cff124b
LC		 318 (sha256
319 (base32
95ac5cd6
MB		 320 "0d9zv9srjqivs8nn099fpbjv1wyhfcb8lzy491dpmfngdvz6nv0q"))
321 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
cc2b77df 322 (build-system gnu-build-system)
8c78aeb7 323 (outputs '("out"
e74f153a
MB		 324 "doc" ;6.8 MiB of man3 pages and full HTML documentation
325 "static")) ;6.4 MiB of .a files
cc2b77df
AE		 326 (native-inputs `(("perl" ,perl)))
327 (arguments
88b52527 328 `(#:parallel-tests? #f
cc2b77df 329 #:test-target "test"
8c9ec203
LF		 330
331 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
332 ;; so we explicitly disallow it here.
333 #:disallowed-references ,(list (canonical-package perl))
cc2b77df 334 #:phases
b6cb1358 335 (modify-phases %standard-phases
bdcdd550
MO		 336 ,@(if (%current-target-system)
337 '((add-before
338 'configure 'set-cross-compile
339 (lambda* (#:key target outputs #:allow-other-keys)
340 (setenv "CROSS_COMPILE" (string-append target "-"))
341 (setenv "CONFIGURE_TARGET_ARCH"
342 (cond
a58f3708
JN		 343 ((string-prefix? "i586" target)
344 "hurd-x86")
bdcdd550
MO		 345 ((string-prefix? "i686" target)
346 "linux-x86")
347 ((string-prefix? "x86_64" target)
348 "linux-x86_64")
349 ((string-prefix? "arm" target)
350 "linux-armv4")
351 ((string-prefix? "aarch64" target)
352 "linux-aarch64")))
353 #t)))
354 '())
e74f153a
MB		 355 (replace 'configure
356 (lambda* (#:key outputs #:allow-other-keys)
357 (let* ((out (assoc-ref outputs "out"))
358 (lib (string-append out "/lib")))
359 ;; It's not a shebang so patch-source-shebangs misses it.
360 (substitute* "config"
361 (("/usr/bin/env")
362 (string-append (assoc-ref %build-inputs "coreutils")
363 "/bin/env")))
bdcdd550
MO		 364 (invoke ,@(if (%current-target-system)
365 '("./Configure")
366 '("./config"))
e74f153a
MB		 367 "shared" ;build shared libraries
368 "--libdir=lib"
4fb254a3 369
e74f153a
MB		 370 ;; The default for this catch-all directory is
371 ;; PREFIX/ssl. Change that to something more
372 ;; conventional.
373 (string-append "--openssldir=" out
374 "/share/openssl-" ,version)
4fb254a3 375
e74f153a 376 (string-append "--prefix=" out)
bdcdd550
MO		 377 (string-append "-Wl,-rpath," lib)
378 ,@(if (%current-target-system)
379 '((getenv "CONFIGURE_TARGET_ARCH"))
380 '())))))
8c78aeb7
LC		 381 (add-after 'install 'move-static-libraries
382 (lambda* (#:key outputs #:allow-other-keys)
383 ;; Move static libraries to the "static" output.
384 (let* ((out (assoc-ref outputs "out"))
385 (lib (string-append out "/lib"))
386 (static (assoc-ref outputs "static"))
387 (slib (string-append static "/lib")))
8c78aeb7
LC		 388 (for-each (lambda (file)
389 (install-file file slib)
390 (delete-file file))
391 (find-files lib "\\.a$"))
392 #t)))
e74f153a 393 (add-after 'install 'move-extra-documentation
a909b576 394 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 395 ;; Move man3 pages and full HTML documentation to "doc".
396 (let* ((out (assoc-ref outputs "out"))
397 (man3 (string-append out "/share/man/man3"))
398 (html (string-append out "/share/doc/openssl"))
399 (doc (assoc-ref outputs "doc"))
400 (man-target (string-append doc "/share/man/man3"))
401 (html-target (string-append doc "/share/doc/openssl")))
402 (copy-recursively man3 man-target)
403 (delete-file-recursively man3)
404 (copy-recursively html html-target)
405 (delete-file-recursively html)
406 #t)))
784d6e91
LC		 407 (add-after
408 'install 'remove-miscellany
409 (lambda* (#:key outputs #:allow-other-keys)
410 ;; The 'misc' directory contains random undocumented shell and Perl
411 ;; scripts. Remove them to avoid retaining a reference on Perl.
412 (let ((out (assoc-ref outputs "out")))
413 (delete-file-recursively (string-append out "/share/openssl-"
414 ,version "/misc"))
415 #t))))))
cc2b77df 416 (native-search-paths
cc2b77df
AE		 417 (list (search-path-specification
418 (variable "SSL_CERT_DIR")
5d7a47cc 419 (separator #f) ;single entry
cc2b77df
AE		 420 (files '("etc/ssl/certs")))
421 (search-path-specification
422 (variable "SSL_CERT_FILE")
5d7a47cc
MB		 423 (file-type 'regular)
424 (separator #f) ;single entry
cc2b77df
AE		 425 (files '("etc/ssl/certs/ca-certificates.crt")))))
426 (synopsis "SSL/TLS implementation")
427 (description
e881752c 428 "OpenSSL is an implementation of SSL/TLS.")
e9aa8d0c 429 (license license:openssl)
4631e6c9 430 (home-page "https://www.openssl.org/")))
cc2b77df 431
0b9a1177 432(define openssl-1.1.1g
2e76ddd6
MB		 433 (package
434 (inherit openssl)
0b9a1177 435 (version "1.1.1g")
9ff87bb9 436 (source (origin
763899f0 437 (method url-fetch)
77576be4
MB		 438 (uri (list (string-append "https://www.openssl.org/source/openssl-"
439 version ".tar.gz")
440 (string-append "ftp://ftp.openssl.org/source/"
c7f5c3ea 441 "openssl-" version ".tar.gz")
763899f0
LF		 442 (string-append "ftp://ftp.openssl.org/source/old/"
443 (string-trim-right version char-set:letter)
c7f5c3ea 444 "/openssl-" version ".tar.gz")))
9ff87bb9
LC		 445 (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
446 (sha256
447 (base32
0b9a1177 448 "0ikdcc038i7jk8h7asq5xcn8b1xc2rrbc88yfm4hqbz3y5s4gc6x"))))))
9ff87bb9 449
e74f153a 450(define-public openssl-1.0
763899f0
LF		 451 (package
452 (inherit openssl)
453 (name "openssl")
b0b79542 454 (version "1.0.2u")
763899f0 455 (source (origin
e74f153a
MB		 456 (method url-fetch)
457 (uri (list (string-append "https://www.openssl.org/source/openssl-"
458 version ".tar.gz")
459 (string-append "ftp://ftp.openssl.org/source/"
460 "openssl-" version ".tar.gz")
461 (string-append "ftp://ftp.openssl.org/source/old/"
462 (string-trim-right version char-set:letter)
463 "/openssl-" version ".tar.gz")))
763899f0
LF		 464 (sha256
465 (base32
b0b79542 466 "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
e74f153a
MB		 467 (patches (search-patches "openssl-runpath.patch"
468 "openssl-c-rehash-in.patch"))))
763899f0 469 (outputs '("out"
e74f153a
MB		 470 "doc" ;1.5MiB of man3 pages
471 "static")) ;6MiB of .a files
763899f0
LF		 472 (arguments
473 (substitute-keyword-arguments (package-arguments openssl)
8fc24f30
MB		 474 ;; Parallel build is not supported in 1.0.x.
475 ((#:parallel-build? _ #f) #f)
763899f0
LF		 476 ((#:phases phases)
477 `(modify-phases ,phases
e74f153a
MB		 478 (add-before 'patch-source-shebangs 'patch-tests
479 (lambda* (#:key inputs native-inputs #:allow-other-keys)
480 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
481 (substitute* (find-files "test" ".*")
482 (("/bin/sh")
483 (string-append bash "/bin/sh"))
484 (("/bin/rm")
485 "rm"))
486 #t)))
487 (add-before 'configure 'patch-Makefile.org
763899f0 488 (lambda* (#:key outputs #:allow-other-keys)
e74f153a
MB		 489 ;; The default MANDIR is some unusual place. Fix that.
490 (let ((out (assoc-ref outputs "out")))
491 (patch-makefile-SHELL "Makefile.org")
492 (substitute* "Makefile.org"
493 (("^MANDIR[[:blank:]]*=.*$")
494 (string-append "MANDIR = " out "/share/man\n")))
495 #t)))
bdcdd550
MO		 496 (replace 'configure
497 ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
498 (lambda* (#:key outputs #:allow-other-keys)
499 (let ((out (assoc-ref outputs "out")))
500 (invoke ,@(if (%current-target-system)
501 '("./Configure")
502 '("./config"))
503 "shared" ;build shared libraries
504 "--libdir=lib"
fc184fe2 505
bdcdd550
MO		 506 ;; The default for this catch-all directory is
507 ;; PREFIX/ssl. Change that to something more
508 ;; conventional.
509 (string-append "--openssldir=" out
510 "/share/openssl-" ,version)
fc184fe2 511
bdcdd550
MO		 512 (string-append "--prefix=" out)
513 ,@(if (%current-target-system)
514 '((getenv "CONFIGURE_TARGET_ARCH"))
515 '())))))
e74f153a
MB		 516 (delete 'move-extra-documentation)
517 (add-after 'install 'move-man3-pages
518 (lambda* (#:key outputs #:allow-other-keys)
519 ;; Move section 3 man pages to "doc".
520 (let* ((out (assoc-ref outputs "out"))
521 (man3 (string-append out "/share/man/man3"))
522 (doc (assoc-ref outputs "doc"))
523 (target (string-append doc "/share/man/man3")))
524 (mkdir-p target)
525 (for-each (lambda (file)
526 (rename-file file
527 (string-append target "/"
528 (basename file))))
529 (find-files man3))
530 (delete-file-recursively man3)
531 #t)))
fc184fe2
MB		 532 ;; XXX: Duplicate this phase to make sure 'version' evaluates
533 ;; in the current scope and not the inherited one.
534 (replace 'remove-miscellany
535 (lambda* (#:key outputs #:allow-other-keys)
536 ;; The 'misc' directory contains random undocumented shell and Perl
537 ;; scripts. Remove them to avoid retaining a reference on Perl.
538 (let ((out (assoc-ref outputs "out")))
539 (delete-file-recursively (string-append out "/share/openssl-"
540 ,version "/misc"))
763899f0
LF		 541 #t)))))))))
542
cb6a802c
AE		 543(define-public libressl
544 (package
545 (name "libressl")
0250672b 546 (version "3.0.2")
644e5f17
TGR		 547 (source (origin
548 (method url-fetch)
549 (uri (string-append "mirror://openbsd/LibreSSL/"
ce1178d5 550 "libressl-" version ".tar.gz"))
644e5f17
TGR		 551 (sha256
552 (base32
0250672b 553 "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz"))))
cb6a802c 554 (build-system gnu-build-system)
a2d64899
LC		 555 (arguments
556 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
557 ;; and libc would return ENOSYS, which is not properly handled.
558 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
df08f385
LF		 559 '(#:configure-flags '("ac_cv_func_getentropy=no"
560 ;; Provide a TLS-enabled netcat.
561 "--enable-nc")))
cb6a802c 562 (native-search-paths
cb6a802c
AE		 563 (list (search-path-specification
564 (variable "SSL_CERT_DIR")
04cfe91e 565 (separator #f) ;single entry
cb6a802c
AE		 566 (files '("etc/ssl/certs")))
567 (search-path-specification
568 (variable "SSL_CERT_FILE")
04cfe91e 569 (separator #f) ;single entry
cb6a802c 570 (files '("etc/ssl/certs/ca-certificates.crt")))))
2ed12d3f 571 (home-page "https://www.libressl.org/")
cb6a802c 572 (synopsis "SSL/TLS implementation")
df08f385
LF		 573 (description "LibreSSL is a version of the TLS/crypto stack, forked from
574OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
575and applying best practice development processes. This package also includes a
576netcat implementation that supports TLS.")
cb6a802c
AE		 577 ;; Files taken from OpenSSL keep their license, others are under various
578 ;; non-copyleft licenses.
579 (license (list license:openssl
580 (license:non-copyleft
581 "file://COPYING"
582 "See COPYING in the distribution.")))))
583
6cefd53d 584(define-public python-acme
7890e3ba 585 (package
6cefd53d 586 (name "python-acme")
686d4259 587 ;; Remember to update the hash of certbot when updating python-acme.
7cfcc38f 588 (version "1.3.0")
7890e3ba 589 (source (origin
9495cf9a 590 (method url-fetch)
f349d36e 591 (uri (pypi-uri "acme" version))
881006b6
MB		 592 (sha256
593 (base32
7cfcc38f 594 "03fjmg0fgfy7xfn3i8rzn9i0i4amajmijkash84qb8mlphgrxpn0"))))
7890e3ba
LF		 595 (build-system python-build-system)
596 (arguments
6cefd53d 597 `(#:phases
9bee9d87 598 (modify-phases %standard-phases
1fc8476d
MB		 599 (add-after 'build 'build-documentation
600 (lambda _
d4bd2453 601 (invoke "make" "-C" "docs" "man" "info")))
1fc8476d 602 (add-after 'install 'install-documentation
50a7963a
LF		 603 (lambda* (#:key outputs #:allow-other-keys)
604 (let* ((out (assoc-ref outputs "out"))
605 (man (string-append out "/share/man/man1"))
606 (info (string-append out "/info")))
1fc8476d
MB		 607 (install-file "docs/_build/texinfo/acme-python.info" info)
608 (install-file "docs/_build/man/acme-python.1" man)
609 #t))))))
50a7963a 610 ;; TODO: Add optional inputs for testing.
7890e3ba 611 (native-inputs
4ae65558 612 `(("python-mock" ,python-mock)
b494bbe4 613 ("python-pytest" ,python-pytest)
50a7963a
LF		 614 ;; For documentation
615 ("python-sphinx" ,python-sphinx)
616 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
617 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
50a7963a 618 ("texinfo" ,texinfo)))
7890e3ba 619 (propagated-inputs
92572184
LF		 620 `(("python-josepy" ,python-josepy)
621 ("python-six" ,python-six)
6cefd53d 622 ("python-requests" ,python-requests)
b494bbe4 623 ("python-requests-toolbelt" ,python-requests-toolbelt)
6cefd53d
LF		 624 ("python-pytz" ,python-pytz)
625 ("python-pyrfc3339" ,python-pyrfc3339)
626 ("python-pyasn1" ,python-pyasn1)
627 ("python-cryptography" ,python-cryptography)
628 ("python-pyopenssl" ,python-pyopenssl)))
4631e6c9 629 (home-page "https://github.com/certbot/certbot")
7890e3ba
LF		 630 (synopsis "ACME protocol implementation in Python")
631 (description "ACME protocol implementation in Python")
632 (license license:asl2.0)))
633
9495cf9a 634(define-public certbot
9fd0838b 635 (package
9495cf9a 636 (name "certbot")
686d4259
LF		 637 ;; Certbot and python-acme are developed in the same repository, and their
638 ;; versions should remain synchronized.
639 (version (package-version python-acme))
9fd0838b
DT		 640 (source (origin
641 (method url-fetch)
b380463b 642 (uri (pypi-uri "certbot" version))
9fd0838b
DT		 643 (sha256
644 (base32
7cfcc38f 645 "1n5i0k6kwmd6wvivshfl3k4djwcpwx390c39xmr2hhrgpk5r285w"))))
9fd0838b
DT		 646 (build-system python-build-system)
647 (arguments
fed1898d 648 `(,@(substitute-keyword-arguments (package-arguments python-acme)
f26d6e4e
LF		 649 ((#:phases phases)
650 `(modify-phases ,phases
1fc8476d 651 (replace 'install-documentation
f26d6e4e
LF		 652 (lambda* (#:key outputs #:allow-other-keys)
653 (let* ((out (assoc-ref outputs "out"))
654 (man1 (string-append out "/share/man/man1"))
655 (man7 (string-append out "/share/man/man7"))
656 (info (string-append out "/info")))
1fc8476d
MB		 657 (install-file "docs/_build/texinfo/Certbot.info" info)
658 (install-file "docs/_build/man/certbot.1" man1)
659 (install-file "docs/_build/man/certbot.7" man7)
660 #t))))))))
f9263d9a 661 ;; TODO: Add optional inputs for testing.
9fd0838b 662 (native-inputs
d05c14df
TGR		 663 `(("python-mock" ,python-mock)
664 ("python-pytest" ,python-pytest)
f9263d9a 665 ;; For documentation
fed1898d
LF		 666 ("python-sphinx" ,python-sphinx)
667 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
668 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
669 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
f9263d9a 670 ("texinfo" ,texinfo)))
9fd0838b 671 (propagated-inputs
fed1898d 672 `(("python-acme" ,python-acme)
d05c14df 673 ("python-cryptography" ,python-cryptography)
fed1898d
LF		 674 ("python-zope-interface" ,python-zope-interface)
675 ("python-pyrfc3339" ,python-pyrfc3339)
676 ("python-pyopenssl" ,python-pyopenssl)
677 ("python-configobj" ,python-configobj)
678 ("python-configargparse" ,python-configargparse)
b977d900 679 ("python-distro" ,python-distro)
fed1898d
LF		 680 ("python-zope-component" ,python-zope-component)
681 ("python-parsedatetime" ,python-parsedatetime)
682 ("python-six" ,python-six)
683 ("python-psutil" ,python-psutil)
684 ("python-requests" ,python-requests)
685 ("python-pytz" ,python-pytz)))
d8a1be63 686 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
80968df0
TGR		 687 (description "Certbot automatically receives and installs X.509 certificates
688to enable Transport Layer Security (TLS) on servers. It interoperates with the
689Let’s Encrypt certificate authority (CA), which issues browser-trusted
690certificates for free.")
24778368 691 (home-page "https://certbot.eff.org/")
9fd0838b
DT		 692 (license license:asl2.0)))
693
9495cf9a
LF		 694(define-public letsencrypt
695 (package (inherit certbot)
56ab55d1
LF		 696 (name "letsencrypt")
697 (properties `((superseded . ,certbot)))))
9495cf9a 698
cc2b77df
AE		 699(define-public perl-net-ssleay
700 (package
701 (name "perl-net-ssleay")
966e4bea 702 (version "1.88")
cc2b77df
AE		 703 (source (origin
704 (method url-fetch)
c50f15d6 705 (uri (string-append "mirror://cpan/authors/id/C/CH/CHRISN/"
cc2b77df
AE		 706 "Net-SSLeay-" version ".tar.gz"))
707 (sha256
708 (base32
966e4bea 709 "1pfgh4h3szcpvqlcimc60pjbk9zwls99x5863sva0wc47i4dl010"))))
cc2b77df
AE		 710 (build-system perl-build-system)
711 (inputs `(("openssl" ,openssl)))
712 (arguments
1084ec08
MW		 713 `(#:phases
714 (modify-phases %standard-phases
1084ec08
MW		 715 (add-before
716 'configure 'set-ssl-prefix
717 (lambda* (#:key inputs #:allow-other-keys)
718 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
719 #t)))))
cc2b77df
AE		 720 (synopsis "Perl extension for using OpenSSL")
721 (description
722 "This module offers some high level convenience functions for accessing
723web pages on SSL servers (for symmetry, the same API is offered for accessing
724http servers, too), an sslcat() function for writing your own clients, and
725finally access to the SSL api of the SSLeay/OpenSSL package so you can write
726servers or clients for more complicated applications.")
2f3108ad 727 (license license:perl-license)
9aba9b12 728 (home-page "https://metacpan.org/release/Net-SSLeay")))
4532c0c0
DM		 729
730(define-public perl-crypt-openssl-rsa
731 (package
732 (name "perl-crypt-openssl-rsa")
a9994b27 733 (version "0.31")
4532c0c0
DM		 734 (source
735 (origin
736 (method url-fetch)
737 (uri (string-append
683b8d47 738 "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
4532c0c0
DM		 739 version
740 ".tar.gz"))
741 (sha256
742 (base32
a9994b27 743 "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
4532c0c0 744 (build-system perl-build-system)
683b8d47
TGR		 745 (native-inputs
746 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
4532c0c0
DM		 747 (inputs
748 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
749 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
750 ("openssl" ,openssl)))
751 (arguments perl-crypt-arguments)
752 (home-page
9aba9b12 753 "https://metacpan.org/release/Crypt-OpenSSL-RSA")
4532c0c0
DM		 754 (synopsis
755 "RSA encoding and decoding, using the openSSL libraries")
756 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
757OpenSSL libraries).")
2f3108ad 758 (license license:perl-license)))
adff71ca
DM		 759
760(define perl-crypt-arguments
761 `(#:phases (modify-phases %standard-phases
762 (add-before 'configure 'patch-Makefile.PL
763 (lambda* (#:key inputs #:allow-other-keys)
764 (substitute* "Makefile.PL"
765 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
766 (assoc-ref inputs "openssl")
767 "/lib -lcrypto'],")))
768 #t)))))
769
770(define-public perl-crypt-openssl-bignum
771 (package
772 (name "perl-crypt-openssl-bignum")
7e8aac18 773 (version "0.09")
adff71ca
DM		 774 (source
775 (origin
776 (method url-fetch)
777 (uri (string-append
778 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
779 version
780 ".tar.gz"))
781 (sha256
782 (base32
7e8aac18 783 "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
adff71ca
DM		 784 (build-system perl-build-system)
785 (inputs `(("openssl" ,openssl)))
786 (arguments perl-crypt-arguments)
787 (home-page
9aba9b12 788 "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
adff71ca
DM		 789 (synopsis
790 "OpenSSL's multiprecision integer arithmetic in Perl")
791 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
792arithmetic in Perl.")
793 ;; At your option either gpl1+ or the Artistic License
2f3108ad 794 (license license:perl-license)))
cccb4d26 795
c80590f6
TGR		 796(define-public perl-crypt-openssl-guess
797 (package
798 (name "perl-crypt-openssl-guess")
799 (version "0.11")
800 (source
801 (origin
802 (method url-fetch)
803 (uri (string-append
804 "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
805 version ".tar.gz"))
806 (sha256
807 (base32
808 "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
809 (build-system perl-build-system)
9aba9b12 810 (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
c80590f6
TGR		 811 (synopsis "Guess the OpenSSL include path")
812 (description
813 "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
814correct OpenSSL include path. It is intended for use in your
815@file{Makefile.PL}.")
816 (license license:perl-license)))
817
cccb4d26
DM		 818(define-public perl-crypt-openssl-random
819 (package
820 (name "perl-crypt-openssl-random")
fa2d19cc 821 (version "0.15")
cccb4d26
DM		 822 (source
823 (origin
824 (method url-fetch)
825 (uri (string-append
826 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
827 version
828 ".tar.gz"))
829 (sha256
fa2d19cc 830 (base32 "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"))))
cccb4d26 831 (build-system perl-build-system)
b30c23c4
TGR		 832 (native-inputs
833 `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
834 (inputs
835 `(("openssl" ,openssl)))
cccb4d26
DM		 836 (arguments perl-crypt-arguments)
837 (home-page
9aba9b12 838 "https://metacpan.org/release/Crypt-OpenSSL-Random")
cccb4d26
DM		 839 (synopsis
840 "OpenSSL/LibreSSL pseudo-random number generator access")
841 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
842number generator")
2f3108ad 843 (license license:perl-license)))
0581c273
LF		 844
845(define-public acme-client
846 (package
847 (name "acme-client")
4a6b2a21 848 (version "0.1.16")
0581c273
LF		 849 (source (origin
850 (method url-fetch)
851 (uri (string-append "https://kristaps.bsd.lv/" name "/"
852 "snapshots/" name "-portable-"
853 version ".tgz"))
854 (sha256
855 (base32
4a6b2a21 856 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
0581c273
LF		 857 (build-system gnu-build-system)
858 (arguments
859 '(#:tests? #f ; no test suite
860 #:make-flags
861 (list "CC=gcc"
862 (string-append "PREFIX=" (assoc-ref %outputs "out")))
863 #:phases
864 (modify-phases %standard-phases
7c1a7bf4
LF		 865 (add-after 'unpack 'patch-paths
866 (lambda* (#:key inputs #:allow-other-keys)
867 (let ((pem (string-append (assoc-ref inputs "libressl")
868 "/etc/ssl/cert.pem")))
869 (substitute* "http.c"
870 (("/etc/ssl/cert.pem") pem))
871 #t)))
0581c273 872 (delete 'configure)))) ; no './configure' script
4b569a4f
LF		 873 (native-inputs
874 `(("pkg-config" ,pkg-config)))
0581c273
LF		 875 (inputs
876 `(("libbsd" ,libbsd)
877 ("libressl" ,libressl)))
878 (synopsis "Let's Encrypt client by the OpenBSD project")
879 (description "acme-client is a Let's Encrypt client implemented in C. It
880uses a modular design, and attempts to secure itself by dropping privileges and
881operating in a chroot where possible. acme-client is developed on OpenBSD and
882then ported to the GNU / Linux environment.")
883 (home-page "https://kristaps.bsd.lv/acme-client/")
884 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
885 ;; and 'jsmn.c' are distributed under the Expat license.
886 (license (list license:isc license:expat))))
88522738 887
888;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
889;; variant exists in addition to the "-apache" one.
890(define-public mbedtls-apache
891 (package
892 (name "mbedtls-apache")
5cdb25c6
TGR		 893 ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
894 ;; when updating.
927ecd4e 895 (version "2.23.0")
88522738 896 (source
897 (origin
927ecd4e
TGR		 898 (method git-fetch)
899 (uri (git-reference
900 (url "https://github.com/ARMmbed/mbedtls")
901 (commit (string-append "mbedtls-" version))))
88522738 902 (sha256
927ecd4e
TGR		 903 (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62"))
904 (file-name (git-file-name name version))))
88522738 905 (build-system cmake-build-system)
a64d9d56
RW		 906 (arguments
907 `(#:configure-flags
92ebd8ed 908 (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
927ecd4e
TGR		 909 "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
910 #:phases
911 (modify-phases %standard-phases
912 (add-after 'unpack 'make-source-writable
913 (lambda _
914 (for-each make-file-writable (find-files "."))
927ecd4e 915 #t)))))
88522738 916 (native-inputs
38a9bf80
TGR		 917 `(("perl" ,perl)
918 ("python" ,python)))
88522738 919 (synopsis "Small TLS library")
920 (description
921 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
922for developers to include cryptographic and SSL/TLS capabilities in their
923(embedded) products, facilitating this functionality with a minimal
924coding footprint.")
925 (home-page "https://tls.mbed.org")
926 (license license:asl2.0)))
587d1752 927
8e87aa04
TGR		 928;; The Hiawatha Web server requires some specific features to be enabled.
929(define-public mbedtls-for-hiawatha
930 (hidden-package
931 (package
932 (inherit mbedtls-apache)
933 (arguments
5cdb25c6
TGR		 934 (substitute-keyword-arguments (package-arguments mbedtls-apache)
935 ((#:phases phases)
936 `(modify-phases ,phases
937 (add-before 'configure 'configure-extra-features
938 (lambda _
939 (for-each (lambda (feature)
940 (invoke "scripts/config.pl" "set" feature))
941 (list "MBEDTLS_THREADING_C"
942 "MBEDTLS_THREADING_PTHREAD"))
943 ;; XXX The above enables code that breaks with -Werror…
944 (substitute* "CMakeLists.txt"
945 ((" -Wformat-signedness") ""))
946 #t)))))))))
8e87aa04 947
e8b3a158
CL		 948(define-public dehydrated
949 (package
950 (name "dehydrated")
2359e235 951 (version "0.6.5")
e8b3a158 952 (source (origin
2850d877 953 (method url-fetch)
e8b3a158 954 (uri (string-append
bb5ab9bf 955 "https://github.com/dehydrated-io/dehydrated/releases/download/"
2850d877 956 "v" version "/dehydrated-" version ".tar.gz"))
e8b3a158
CL		 957 (sha256
958 (base32
2359e235 959 "0dgskgbdd95p13jx6s13p77y15wngb5cm6p4305cf2s54w0bvahh"))))
e8b3a158
CL		 960 (build-system trivial-build-system)
961 (arguments
c150d637
TGR		 962 `(#:modules ((guix build utils)
963 (srfi srfi-26))
e8b3a158
CL		 964 #:builder
965 (begin
c150d637
TGR		 966 (use-modules (guix build utils)
967 (srfi srfi-26))
e8b3a158 968 (let* ((source (assoc-ref %build-inputs "source"))
2850d877
EF		 969 (tar (assoc-ref %build-inputs "tar"))
970 (gz (assoc-ref %build-inputs "gzip"))
e8b3a158
CL		 971 (out (assoc-ref %outputs "out"))
972 (bin (string-append out "/bin"))
c150d637
TGR		 973 (doc (string-append out "/share/doc/" ,name "-" ,version))
974 (man (string-append out "/share/man"))
e8b3a158 975 (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
2850d877
EF		 976
977 (setenv "PATH" (string-append gz "/bin"))
978 (invoke (string-append tar "/bin/tar") "xvf" source)
979 (chdir (string-append ,name "-" ,version))
980
c150d637
TGR		 981 (copy-recursively "docs" doc)
982 (install-file "LICENSE" doc)
983
984 (mkdir-p man)
985 (rename-file (string-append doc "/man")
986 (string-append man "/man1"))
987 (for-each (cut invoke "gzip" "-9" <>)
988 (find-files man ".*"))
989
2850d877 990 (install-file "dehydrated" bin)
e8b3a158 991 (with-directory-excursion bin
e8b3a158
CL		 992 (patch-shebang "dehydrated" (list bash))
993
c150d637 994 ;; Do not try to write to the store.
e8b3a158
CL		 995 (substitute* "dehydrated"
996 (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
997
998 (setenv "PATH" bash)
999 (wrap-program "dehydrated"
1000 `("PATH" ":" prefix
1001 ,(map (lambda (dir)
1002 (string-append dir "/bin"))
1003 (map (lambda (input)
1004 (assoc-ref %build-inputs input))
1005 '("coreutils"
1006 "curl"
1007 "diffutils"
1008 "gawk"
1009 "grep"
1010 "openssl"
1011 "sed"))))))
1012 #t))))
1013 (inputs
1014 `(("bash" ,bash)
1015 ("coreutils" ,coreutils)
1016 ("curl" ,curl)
1017 ("diffutils" ,diffutils)
1018 ("gawk" ,gawk)
1019 ("grep" ,grep)
1020 ("openssl" ,openssl)
1021 ("sed" ,sed)))
2850d877
EF		 1022 (native-inputs
1023 `(("gzip" ,gzip)
1024 ("tar" ,tar)))
e8b3a158
CL		 1025 (home-page "https://dehydrated.io/")
1026 (synopsis "Let's Encrypt/ACME client implemented as a shell script")
1027 (description "Dehydrated is a client for signing certificates with an
1028ACME-server (currently only provided by Let's Encrypt) implemented as a
1029relatively simple Bash script.")
1030 (license license:expat)))
ea22aa1f
LF		 1031
1032(define-public go-github-com-certifi-gocertifi
db388401
LF		 1033 (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec")
1034 (revision "1"))
1035 (package
1036 (name "go-github-com-certifi-gocertifi")
1037 (version (git-version "2018.01.18" revision commit))
1038 (source (origin
1039 (method git-fetch)
1040 (uri (git-reference
1041 (url "https://github.com/certifi/gocertifi")
1042 (commit commit)))
1043 (file-name (git-file-name name version))
1044 (sha256
1045 (base32
1046 "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj"))))
1047 (build-system go-build-system)
1048 (arguments
1049 '(#:import-path "github.com/certifi/gocertifi"))
1050 (synopsis "X.509 TLS root certificate bundle for Go")
1051 (description "This package is a Go language X.509 TLS root certificate bundle,
ea22aa1f 1052derived from Mozilla's collection.")
db388401
LF		 1053 (home-page "https://certifi.io")
1054 (license license:mpl2.0))))
jackhill's copy of GNU Guix: https://guix.gnu.org/