| 1 | ;;; GNU Guix --- Functional package management for GNU |
| 2 | ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> |
| 3 | ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> |
| 4 | ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> |
| 5 | ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> |
| 6 | ;;; |
| 7 | ;;; This file is part of GNU Guix. |
| 8 | ;;; |
| 9 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
| 10 | ;;; under the terms of the GNU General Public License as published by |
| 11 | ;;; the Free Software Foundation; either version 3 of the License, or (at |
| 12 | ;;; your option) any later version. |
| 13 | ;;; |
| 14 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
| 15 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
| 16 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 17 | ;;; GNU General Public License for more details. |
| 18 | ;;; |
| 19 | ;;; You should have received a copy of the GNU General Public License |
| 20 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
| 21 | |
| 22 | (define-module (gnu packages tls) |
| 23 | #:use-module ((guix licenses) #:prefix license:) |
| 24 | #:use-module (guix packages) |
| 25 | #:use-module (guix download) |
| 26 | #:use-module (guix utils) |
| 27 | #:use-module (guix build-system gnu) |
| 28 | #:use-module (guix build-system perl) |
| 29 | #:use-module (gnu packages compression) |
| 30 | #:use-module (gnu packages) |
| 31 | #:use-module (gnu packages guile) |
| 32 | #:use-module (gnu packages libffi) |
| 33 | #:use-module (gnu packages libidn) |
| 34 | #:use-module (gnu packages nettle) |
| 35 | #:use-module (gnu packages perl) |
| 36 | #:use-module (gnu packages pkg-config) |
| 37 | #:use-module (gnu packages texinfo) |
| 38 | #:use-module (gnu packages base)) |
| 39 | |
| 40 | (define-public libtasn1 |
| 41 | (package |
| 42 | (name "libtasn1") |
| 43 | (version "4.5") |
| 44 | (source |
| 45 | (origin |
| 46 | (method url-fetch) |
| 47 | (uri (string-append "mirror://gnu/libtasn1/libtasn1-" |
| 48 | version ".tar.gz")) |
| 49 | (sha256 |
| 50 | (base32 |
| 51 | "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9")))) |
| 52 | (build-system gnu-build-system) |
| 53 | (native-inputs `(("perl" ,perl) |
| 54 | |
| 55 | ;; XXX: For some reason, libtasn1.info wants to be |
| 56 | ;; rebuilt, so we must provide 'makeinfo'. |
| 57 | ("texinfo" ,texinfo))) |
| 58 | (home-page "http://www.gnu.org/software/libtasn1/") |
| 59 | (synopsis "ASN.1 library") |
| 60 | (description |
| 61 | "GNU libtasn1 is a library implementing the ASN.1 notation. It is used |
| 62 | for transmitting machine-neutral encodings of data objects in computer |
| 63 | networking, allowing for formal validation of data according to some |
| 64 | specifications.") |
| 65 | (license license:lgpl2.0+))) |
| 66 | |
| 67 | (define-public p11-kit |
| 68 | (package |
| 69 | (name "p11-kit") |
| 70 | (version "0.23.1") |
| 71 | (source |
| 72 | (origin |
| 73 | (method url-fetch) |
| 74 | (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-" |
| 75 | version ".tar.gz")) |
| 76 | (sha256 |
| 77 | (base32 |
| 78 | "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5")) |
| 79 | (modules '((guix build utils))) ; for substitute* |
| 80 | (snippet |
| 81 | '(begin |
| 82 | ;; Drop one test that fails, also when trying to compile manually. |
| 83 | ;; Reported upstream at |
| 84 | ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027 |
| 85 | (substitute* "Makefile.in" |
| 86 | (("test-module\\$\\(EXEEXT\\) ") "")))))) |
| 87 | (build-system gnu-build-system) |
| 88 | (native-inputs |
| 89 | `(("pkg-config" ,pkg-config))) |
| 90 | (inputs |
| 91 | `(("libffi" ,libffi) |
| 92 | ("libtasn1" ,libtasn1))) |
| 93 | (arguments |
| 94 | `(#:configure-flags '("--without-trust-paths"))) |
| 95 | (home-page "http://p11-glue.freedesktop.org/p11-kit.html") |
| 96 | (synopsis "PKCS#11 library") |
| 97 | (description |
| 98 | "p11-kit provides a way to load and enumerate PKCS#11 modules. It |
| 99 | provides a standard configuration setup for installing PKCS#11 modules |
| 100 | in such a way that they are discoverable. It also solves problems with |
| 101 | coordinating the use of PKCS#11 by different components or libraries |
| 102 | living in the same process.") |
| 103 | (license license:bsd-3))) |
| 104 | |
| 105 | (define-public gnutls |
| 106 | (package |
| 107 | (name "gnutls") |
| 108 | (version "3.4.1") |
| 109 | (source (origin |
| 110 | (method url-fetch) |
| 111 | (uri |
| 112 | ;; Note: Releases are no longer on ftp.gnu.org since the |
| 113 | ;; schism (after version 3.1.5). |
| 114 | (string-append "mirror://gnupg/gnutls/v" |
| 115 | (version-major+minor version) |
| 116 | "/gnutls-" version ".tar.xz")) |
| 117 | (sha256 |
| 118 | (base32 |
| 119 | "0bmih0zyiplr4v8798w0v9g3215zmganq18n8935cizkxj5zbdg9")))) |
| 120 | (build-system gnu-build-system) |
| 121 | (arguments |
| 122 | '(#:configure-flags |
| 123 | (list (string-append "--with-guile-site-dir=" |
| 124 | (assoc-ref %outputs "out") |
| 125 | "/share/guile/site/2.0") |
| 126 | ;; GnuTLS doesn't consult any environment variables to specify |
| 127 | ;; the location of the system-wide trust store. Instead it has a |
| 128 | ;; configure-time option. Unless specified, its configure script |
| 129 | ;; attempts to auto-detect the location by looking for common |
| 130 | ;; places in the filesystem, none of which are present in our |
| 131 | ;; chroot build environment. If not found, then no default trust |
| 132 | ;; store is used, so each program has to provide its own |
| 133 | ;; fallback, and users have to configure each program |
| 134 | ;; independently. This seems suboptimal. |
| 135 | "--with-default-trust-store-dir=/etc/ssl/certs" |
| 136 | |
| 137 | ;; FIXME: Temporarily disable p11-kit support since it is not |
| 138 | ;; working on mips64el. |
| 139 | "--without-p11-kit") |
| 140 | |
| 141 | #:phases (modify-phases %standard-phases |
| 142 | (add-after |
| 143 | 'install 'move-doc |
| 144 | (lambda* (#:key outputs #:allow-other-keys) |
| 145 | ;; Copy the 4.1 MiB of section 3 man pages to "doc". |
| 146 | (let* ((out (assoc-ref outputs "out")) |
| 147 | (doc (assoc-ref outputs "doc")) |
| 148 | (mandir (string-append doc "/share/man")) |
| 149 | (oldman (string-append out "/share/man/man3"))) |
| 150 | (mkdir-p mandir) |
| 151 | (copy-recursively oldman mandir) |
| 152 | (delete-file-recursively oldman) |
| 153 | #t)))))) |
| 154 | (outputs '("out" ;4.4 MiB |
| 155 | "debug" |
| 156 | "doc")) ;4.1 MiB of man pages |
| 157 | (native-inputs |
| 158 | `(("pkg-config" ,pkg-config) |
| 159 | ("which" ,which))) |
| 160 | (inputs |
| 161 | `(("guile" ,guile-2.0) |
| 162 | ("perl" ,perl))) |
| 163 | (propagated-inputs |
| 164 | ;; These are all in the 'Requires.private' field of gnutls.pc. |
| 165 | `(("libtasn1" ,libtasn1) |
| 166 | ("libidn" ,libidn) |
| 167 | ("nettle" ,nettle) |
| 168 | ("zlib" ,zlib))) |
| 169 | (home-page "http://www.gnu.org/software/gnutls/") |
| 170 | (synopsis "Transport layer security library") |
| 171 | (description |
| 172 | "GnuTLS is a secure communications library implementing the SSL, TLS |
| 173 | and DTLS protocols. It is provided in the form of a C library to support the |
| 174 | protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other |
| 175 | required structures.") |
| 176 | (license license:lgpl2.1+))) |
| 177 | |
| 178 | (define-public openssl |
| 179 | (package |
| 180 | (name "openssl") |
| 181 | (version "1.0.2d") |
| 182 | (source (origin |
| 183 | (method url-fetch) |
| 184 | (uri (string-append "ftp://ftp.openssl.org/source/openssl-" version |
| 185 | ".tar.gz")) |
| 186 | (sha256 |
| 187 | (base32 |
| 188 | "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737")) |
| 189 | (patches (list (search-patch "openssl-runpath.patch"))))) |
| 190 | (build-system gnu-build-system) |
| 191 | (native-inputs `(("perl" ,perl))) |
| 192 | (arguments |
| 193 | '(#:parallel-build? #f |
| 194 | #:parallel-tests? #f |
| 195 | #:test-target "test" |
| 196 | #:phases |
| 197 | (alist-replace |
| 198 | 'configure |
| 199 | (lambda* (#:key outputs #:allow-other-keys) |
| 200 | (let ((out (assoc-ref outputs "out"))) |
| 201 | (zero? |
| 202 | (system* "./config" |
| 203 | "shared" ; build shared libraries |
| 204 | "--libdir=lib" |
| 205 | (string-append "--prefix=" out))))) |
| 206 | (alist-cons-before |
| 207 | 'patch-source-shebangs 'patch-tests |
| 208 | (lambda* (#:key inputs native-inputs #:allow-other-keys) |
| 209 | (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) |
| 210 | (substitute* (find-files "test" ".*") |
| 211 | (("/bin/sh") |
| 212 | (string-append bash "/bin/bash")) |
| 213 | (("/bin/rm") |
| 214 | "rm")))) |
| 215 | %standard-phases)))) |
| 216 | (native-search-paths |
| 217 | ;; FIXME: These two variables must designate a single file or directory |
| 218 | ;; and are not actually "search paths." In practice it works OK in user |
| 219 | ;; profiles because there's always just one item that matches the |
| 220 | ;; specification. |
| 221 | (list (search-path-specification |
| 222 | (variable "SSL_CERT_DIR") |
| 223 | (files '("etc/ssl/certs"))) |
| 224 | (search-path-specification |
| 225 | (variable "SSL_CERT_FILE") |
| 226 | (files '("etc/ssl/certs/ca-certificates.crt"))))) |
| 227 | (synopsis "SSL/TLS implementation") |
| 228 | (description |
| 229 | "OpenSSL is an implementation of SSL/TLS") |
| 230 | (license license:openssl) |
| 231 | (home-page "http://www.openssl.org/"))) |
| 232 | |
| 233 | (define-public libressl |
| 234 | (package |
| 235 | (name "libressl") |
| 236 | (version "2.2.0") |
| 237 | (source |
| 238 | (origin |
| 239 | (method url-fetch) |
| 240 | (uri (string-append |
| 241 | "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-" |
| 242 | version ".tar.gz")) |
| 243 | (sha256 (base32 |
| 244 | "0h1haqb4y39p1zihwvnr1ib0zfq5bcqfnbj5jm9l4j2xibrxi44n")))) |
| 245 | (build-system gnu-build-system) |
| 246 | (native-search-paths |
| 247 | ;; FIXME: These two variables must designate a single file or directory |
| 248 | ;; and are not actually "search paths." In practice it works OK in |
| 249 | ;; user profiles because there's always just one item that matches the |
| 250 | ;; specification. |
| 251 | (list (search-path-specification |
| 252 | (variable "SSL_CERT_DIR") |
| 253 | (files '("etc/ssl/certs"))) |
| 254 | (search-path-specification |
| 255 | (variable "SSL_CERT_FILE") |
| 256 | (files '("etc/ssl/certs/ca-certificates.crt"))))) |
| 257 | (home-page "http://www.libressl.org/") |
| 258 | (synopsis "SSL/TLS implementation") |
| 259 | (description "LibreSSL is a version of the TLS/crypto stack forked |
| 260 | from OpenSSL in 2014, with the goals of modernizing the codebase, improving |
| 261 | security, and applying best practice development processes.") |
| 262 | ;; Files taken from OpenSSL keep their license, others are under various |
| 263 | ;; non-copyleft licenses. |
| 264 | (license (list license:openssl |
| 265 | (license:non-copyleft |
| 266 | "file://COPYING" |
| 267 | "See COPYING in the distribution."))))) |
| 268 | |
| 269 | (define-public perl-net-ssleay |
| 270 | (package |
| 271 | (name "perl-net-ssleay") |
| 272 | (version "1.68") |
| 273 | (source (origin |
| 274 | (method url-fetch) |
| 275 | (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/" |
| 276 | "Net-SSLeay-" version ".tar.gz")) |
| 277 | (sha256 |
| 278 | (base32 |
| 279 | "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p")) |
| 280 | (patches |
| 281 | ;; XXX Try removing this patch for perl-net-ssleay > 1.68 |
| 282 | (list (search-patch "perl-net-ssleay-disable-ede-test.patch"))))) |
| 283 | (build-system perl-build-system) |
| 284 | (inputs `(("openssl" ,openssl))) |
| 285 | (arguments |
| 286 | `(#:phases (alist-cons-before |
| 287 | 'configure 'set-ssl-prefix |
| 288 | (lambda* (#:key inputs #:allow-other-keys) |
| 289 | (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))) |
| 290 | %standard-phases))) |
| 291 | (synopsis "Perl extension for using OpenSSL") |
| 292 | (description |
| 293 | "This module offers some high level convenience functions for accessing |
| 294 | web pages on SSL servers (for symmetry, the same API is offered for accessing |
| 295 | http servers, too), an sslcat() function for writing your own clients, and |
| 296 | finally access to the SSL api of the SSLeay/OpenSSL package so you can write |
| 297 | servers or clients for more complicated applications.") |
| 298 | (license (package-license perl)) |
| 299 | (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/"))) |