1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
4 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
5 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
6 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
7 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
8 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
9 ;;; Copyright © 2016 Nils Gillmann <ng0@libertad.pw>
11 ;;; This file is part of GNU Guix.
13 ;;; GNU Guix is free software; you can redistribute it and/or modify it
14 ;;; under the terms of the GNU General Public License as published by
15 ;;; the Free Software Foundation; either version 3 of the License, or (at
16 ;;; your option) any later version.
18 ;;; GNU Guix is distributed in the hope that it will be useful, but
19 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
20 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 ;;; GNU General Public License for more details.
23 ;;; You should have received a copy of the GNU General Public License
24 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
26 (define-module (gnu packages gnupg)
27 #:use-module ((guix licenses) #:prefix license:)
28 #:use-module (gnu packages)
29 #:use-module (gnu packages adns)
30 #:use-module (gnu packages curl)
31 #:use-module (gnu packages openldap)
32 #:use-module (gnu packages perl)
33 #:use-module (gnu packages pth)
34 #:use-module (gnu packages python)
35 #:use-module (gnu packages qt)
36 #:use-module (gnu packages readline)
37 #:use-module (gnu packages compression)
38 #:use-module (gnu packages databases)
39 #:use-module (gnu packages gtk)
40 #:use-module (gnu packages glib)
41 #:use-module (gnu packages gnome)
42 #:use-module (gnu packages pkg-config)
43 #:use-module (gnu packages ncurses)
44 #:use-module (gnu packages tls)
45 #:use-module (guix packages)
46 #:use-module (guix download)
47 #:use-module (guix build-system gnu)
48 #:use-module (guix build-system python))
50 (define-public libgpg-error
57 (uri (string-append "mirror://gnupg/libgpg-error/libgpg-error-"
61 "0ywxwswizmkyciy480kzczxn6nhbgzf3z8my4nk43nvv67k4x87j"))))
62 (build-system gnu-build-system)
63 (home-page "https://gnupg.org")
64 (synopsis "Library of error values for GnuPG components")
66 "Libgpg-error is a small library that defines common error values
67 for all GnuPG components. Among these are GPG, GPGSM, GPGME,
68 GPG-Agent, libgcrypt, Libksba, DirMngr, Pinentry, SmartCard
69 Daemon and possibly more in the future.")
70 (license license:lgpl2.0+)
71 (properties '((ftp-server . "ftp.gnupg.org")
72 (ftp-directory . "/gcrypt/libgpg-error")))))
74 (define-public libgcrypt
80 (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
84 "14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh"))))
85 (build-system gnu-build-system)
87 `(("libgpg-error-host" ,libgpg-error)))
89 ;; Needed here for the 'gpg-error' program.
90 `(("libgpg-error-native" ,libgpg-error)))
92 ;; The '--with-gpg-error-prefix' argument is needed because otherwise
93 ;; 'configure' uses 'gpg-error-config' to determine the '-L' flag, and
94 ;; the 'gpg-error-config' it runs is the native one---i.e., the wrong one.
96 (list (string-append "--with-gpg-error-prefix="
97 (assoc-ref %build-inputs "libgpg-error-host")))))
98 (outputs '("out" "debug"))
99 (home-page "https://gnupg.org/")
100 (synopsis "Cryptographic function library")
102 "Libgcrypt is a general-purpose cryptographic library. It provides the
103 standard cryptographic building blocks such as symmetric ciphers, hash
104 algorithms, public key algorithms, large integer functions and random number
106 (license license:lgpl2.0+)
107 (properties '((ftp-server . "ftp.gnupg.org")
108 (ftp-directory . "/gcrypt/libgcrypt")))))
110 (define-public libgcrypt-1.5
111 (package (inherit libgcrypt)
116 (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
120 "0czvqxkzd5y872ipy6s010ifwdwv29sqbnqc4pf56sd486gqvy6m"))))))
122 (define-public libassuan
129 (uri (string-append "mirror://gnupg/libassuan/libassuan-"
133 "0w9bmasln4z8mn16s1is55a06w3nv8jbyal496z5jvr5vcxkm112"))))
134 (build-system gnu-build-system)
136 `(("libgpg-error" ,libgpg-error) ("pth" ,pth)))
137 (home-page "https://gnupg.org")
139 "IPC library used by GnuPG and related software")
141 "Libassuan is a small library implementing the so-called Assuan
142 protocol. This protocol is used for IPC between most newer
143 GnuPG components. Both, server and client side functions are
145 (license license:lgpl2.0+)
146 (properties '((ftp-server . "ftp.gnupg.org")
147 (ftp-directory . "/gcrypt/libassuan")))))
149 (define-public libksba
157 "mirror://gnupg/libksba/libksba-"
161 "0kxdb02z41cwm1xbwfwj9nbc0dzjhwyq8c475mlhhmpcxcy8ihpn"))))
162 (build-system gnu-build-system)
164 `(("libgpg-error" ,libgpg-error)))
166 `(("libgpg-error" ,libgpg-error)))
169 (list ,@(if (%current-target-system)
170 '("CC_FOR_BUILD=gcc")
172 (string-append "--with-gpg-error-prefix="
173 (assoc-ref %build-inputs "libgpg-error")))))
174 (home-page "https://www.gnupg.org")
175 (synopsis "CMS and X.509 access library")
177 "KSBA (pronounced Kasbah) is a library to make X.509 certificates
178 as well as the CMS easily accessible by other applications. Both
179 specifications are building blocks of S/MIME and TLS.")
180 (license license:gpl3+)
181 (properties '((ftp-server . "ftp.gnupg.org")
182 (ftp-directory . "/gcrypt/libksba")))))
192 "mirror://gnupg/npth/npth-"
196 "12n0nvhw4fzwp0k7gjv3rc6pdml0qiinbbfiz4ilg6pl5kdxvnvd"))))
197 (build-system gnu-build-system)
198 (home-page "https://www.gnupg.org")
199 (synopsis "Non-preemptive thread library")
201 "Npth is a library to provide the GNU Pth API and thus a non-preemptive
202 threads implementation.
204 In contrast to GNU Pth is is based on the system's standard threads
205 implementation. This allows the use of libraries which are not
206 compatible to GNU Pth.")
207 (license (list license:lgpl3+ license:gpl2+)))) ; dual license
215 (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
219 "0xcn46vcb5x5qx0bc803vpzhzhnn6wfhp7x71w9n1ahx4ak877ag"))))
220 (build-system gnu-build-system)
222 `(("pkg-config" ,pkg-config)))
228 ("libassuan" ,libassuan)
229 ("libgcrypt" ,libgcrypt)
230 ("libgpg-error" ,libgpg-error)
233 ("openldap" ,openldap)
234 ("readline" ,readline)
238 `(#:configure-flags '("--enable-gpg2-is-gpg")
240 (modify-phases %standard-phases
241 (add-before 'configure 'patch-config-files
243 (substitute* "tests/openpgp/defs.inc"
244 (("/bin/pwd") (which "pwd")))
246 (home-page "https://gnupg.org/")
247 (synopsis "GNU Privacy Guard")
249 "The GNU Privacy Guard is a complete implementation of the OpenPGP
250 standard. It is used to encrypt and sign data and communication. It
251 features powerful key management and the ability to access public key
252 servers. It includes several libraries: libassuan (IPC between GnuPG
253 components), libgpg-error (centralized GnuPG error values), and
254 libskba (working with X.509 certificates and CMS data).")
255 (license license:gpl3+)
256 (properties '((ftp-server . "ftp.gnupg.org")
257 (ftp-directory . "/gcrypt/gnupg")))))
259 (define-public gnupg-2.0
260 (package (inherit gnupg)
264 (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
268 "0wax4cy14hh0h7kg9hj0hjn9424b71z8lrrc5kbsasrn9xd7hag3"))))
274 ("libassuan" ,libassuan)
275 ("libgcrypt" ,libgcrypt)
276 ("libgpg-error" ,libgpg-error)
279 ("openldap" ,openldap)
281 ("readline" ,readline)))
284 (modify-phases %standard-phases
285 (add-before 'configure 'patch-config-files
287 (substitute* "tests/openpgp/Makefile.in"
288 (("/bin/sh") (which "bash")))
290 (add-after 'install 'rename-v2-commands
291 (lambda* (#:key outputs #:allow-other-keys)
292 ;; Upstream suggests removing the trailing '2' from command names:
293 ;; <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#58>.
294 (let ((out (assoc-ref outputs "out")))
295 (with-directory-excursion (string-append out "/bin")
296 (rename-file "gpgv2" "gpgv")
297 (rename-file "gpg2" "gpg")
299 ;; Keep the old name around to ease transition.
300 (symlink "gpgv" "gpgv2")
301 (symlink "gpg" "gpg2")
304 (define-public gnupg-1
305 (package (inherit gnupg)
309 (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
313 "1k7d6zi0zznqsmcjic0yrgfhqklqz3qgd3yac7wxsa7s6088p604"))))
319 ("readline" ,readline)
320 ("libgpg-error" ,libgpg-error)))
322 `(#:phases (alist-cons-after
323 'unpack 'patch-check-sh
325 (substitute* "checks/Makefile.in"
326 (("/bin/sh") (which "bash"))))
327 %standard-phases)))))
336 (uri (string-append "mirror://gnupg/gpgme/gpgme-" version
340 "17892sclz3yg45wbyqqrzzpq3l0icbnfl28f101b3062g8cy97dh"))))
341 (build-system gnu-build-system)
343 ;; Needs to be propagated because gpgme.h includes gpg-error.h.
344 `(("libgpg-error" ,libgpg-error)))
346 `(("gnupg" ,gnupg-2.0)
347 ("libassuan" ,libassuan)))
348 (arguments '(#:make-flags '("GPG=gpg2")))
349 (home-page "https://www.gnupg.org/related_software/gpgme/")
350 (synopsis "Library providing simplified access to GnuPG functionality")
352 "GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG
353 easier for applications. It provides a High-Level Crypto API for encryption,
354 decryption, signing, signature verification and key management. Currently
355 it uses GnuPG as its backend but the API isn't restricted to this engine.
357 Because the direct use of GnuPG from an application can be a complicated
358 programming task, it is suggested that all software should try to use GPGME
359 instead. This way bug fixes or improvements can be done at a central place
360 and every application benefits from this.")
361 (license license:lgpl2.1+)))
363 (define-public python-pygpgme
365 (name "python-pygpgme")
370 (uri (pypi-uri "pygpgme" version))
373 "1q82p3gs6lwq8j8dxk4pvrwk3jpww1zqcjrzznl9clh10z28gn2z"))
374 ;; Unfortunately, we have to disable some tests due to some gpg-agent
376 ;; https://bugs.launchpad.net/pygpgme/+bug/999949
377 (patches (search-patches "pygpgme-disable-problematic-tests.patch"))))
380 (modify-phases %standard-phases
381 (add-before 'build 'make-build
383 (zero? (system* "make" "build"))))
386 (zero? (system* "make" "check")))))))
387 (build-system python-build-system)
389 `(;; setuptools required for python-2 variant
390 ("python-setuptools" ,python-setuptools)
393 (home-page "https://launchpad.net/pygpgme")
394 (synopsis "Python module for working with OpenPGP messages")
396 "PyGPGME is a Python module that lets you sign, verify, encrypt and
397 decrypt messages using the OpenPGP format by making use of GPGME.")
398 (license license:lgpl2.1+)))
400 (define-public python2-pygpgme
401 (package-with-python2 python-pygpgme))
403 (define-public python-gnupg
405 (name "python-gnupg")
410 (uri (pypi-uri "python-gnupg" version))
413 "0nkbs9c8f30lra7ca39kg91x8cyxn0jb61vih4qky839gpbwwwiq"))))
414 (build-system python-build-system)
417 (modify-phases %standard-phases
419 (lambda* (#:key inputs #:allow-other-keys)
420 (substitute* "test_gnupg.py"
421 ;; Test keyrings are missing, so this test fails.
422 (("'test_scan_keys'") "True")
423 (("def test_scan_keys") "def disabled__scan_keys")
424 ;; Unsure why this test fails.
425 (("'test_search_keys'") "True")
426 (("def test_search_keys") "def disabled__search_keys"))
427 (setenv "GPGBINARY" "gpg")
428 (setenv "USERNAME" "guixbuilder")
429 ;; The doctests are extremely slow and sometimes time out,
430 ;; so we disable them.
431 (zero? (system* "python"
432 "test_gnupg.py" "--no-doctests")))))))
434 `(("gnupg" ,gnupg-1)))
435 (home-page "https://packages.python.org/python-gnupg/index.html")
436 (synopsis "Wrapper for the GNU Privacy Guard")
438 "This module allows easy access to GnuPG’s key management, encryption
439 and signature functionality from Python programs.")
440 (license license:bsd-3)))
442 (define-public python2-gnupg
443 (package-with-python2 python-gnupg))
452 "https://github.com/jaymzh/pius/releases/download/v"
453 version "/pius-" version ".tar.bz2"))
456 "0k94mlr7l12mplph7pdgjbampqha47d8mfjq69n4xm80qwbn1rq1"))))
457 (build-system python-build-system)
458 (inputs `(("perl" ,perl) ;for 'pius-party-worksheet'
459 ("gpg" ,gnupg-2.0))) ;2.1 fails to talk to gpg-agent 2.0
462 #:python ,python-2 ;uses the Python 2 'print' syntax
464 (modify-phases %standard-phases
466 'build 'set-gpg-file-name
467 (lambda* (#:key inputs outputs #:allow-other-keys)
468 (let* ((gpg (string-append (assoc-ref inputs "gpg")
470 (substitute* "libpius/constants.py"
471 (("/usr/bin/gpg2") gpg))))))))
472 (synopsis "Programs to simplify GnuPG key signing")
474 "Pius (PGP Individual UID Signer) helps attendees of PGP keysigning
475 parties. It is the main utility and makes it possible to quickly and easily
476 sign each UID on a set of PGP keys. It is designed to take the pain out of
477 the sign-all-the-keys part of PGP Keysigning Party while adding security
480 pius-keyring-mgr and pius-party-worksheet help organisers of
481 PGP keysigning parties.")
482 (license license:gpl2)
483 (home-page "https://www.phildev.net/pius/index.shtml")))
485 (define-public signing-party
487 (name "signing-party")
491 (uri (string-append "http://ftp.debian.org/debian/pool/main/s/signing-party/signing-party_"
492 version ".orig.tar.gz"))
494 "188gp0prbh8qs29lq3pbf0qibfd6jq4fk7i0pfrybl8aahvm84rx"))))
495 (build-system gnu-build-system)
496 (inputs `(("perl" ,perl)))
501 'unpack 'remove-spurious-links
502 (lambda _ (delete-file "keyanalyze/pgpring/depcomp"))
505 (lambda* (#:key outputs #:allow-other-keys)
506 (let ((out (assoc-ref outputs "out")))
507 (substitute* "keyanalyze/Makefile"
508 (("LDLIBS") (string-append "CC=" (which "gcc") "\nLDLIBS")))
509 (substitute* "keyanalyze/Makefile"
510 (("./configure") (string-append "./configure --prefix=" out)))
511 (substitute* "keyanalyze/pgpring/configure"
512 (("/bin/sh") (which "bash")))
513 (substitute* "gpgwrap/Makefile"
514 (("\\} clean") (string-append "} clean\ninstall:\n\tinstall -D bin/gpgwrap "
515 out "/bin/gpgwrap\n")))
516 (substitute* '("gpgsigs/Makefile" "keyanalyze/Makefile"
517 "keylookup/Makefile" "sig2dot/Makefile"
518 "springgraph/Makefile")
522 (lambda* (#:key outputs #:allow-other-keys #:rest args)
523 (let ((out (assoc-ref outputs "out"))
524 (install (assoc-ref %standard-phases 'install)))
528 (copy-file (string-append dir "/" file)
529 (string-append out "/bin/" file)))
530 '("caff" "caff" "caff" "gpgdir" "gpg-key2ps"
531 "gpglist" "gpg-mailkeys" "gpgparticipants")
532 '("caff" "pgp-clean" "pgp-fixkey" "gpgdir" "gpg-key2ps"
533 "gpglist" "gpg-mailkeys" "gpgparticipants"))
536 (copy-file (string-append dir "/" file)
537 (string-append out "/share/man/man1/" file)))
538 '("caff" "caff" "caff" "gpgdir"
539 "gpg-key2ps" "gpglist" "gpg-mailkeys"
540 "gpgparticipants" "gpgsigs" "gpgwrap/doc"
541 "keyanalyze" "keyanalyze/pgpring" "keyanalyze")
542 '("caff.1" "pgp-clean.1" "pgp-fixkey.1" "gpgdir.1"
543 "gpg-key2ps.1" "gpglist.1" "gpg-mailkeys.1"
544 "gpgparticipants.1" "gpgsigs.1" "gpgwrap.1"
545 "process_keys.1" "pgpring.1" "keyanalyze.1"))))
546 %standard-phases)))))
547 (synopsis "Collection of scripts for simplifying gnupg key signing")
549 "Signing-party is a collection for all kinds of PGP/GnuPG related things,
550 including tools for signing keys, keyring analysis, and party preparation.
552 * caff: CA - Fire and Forget signs and mails a key
554 * pgp-clean: removes all non-self signatures from key
556 * pgp-fixkey: removes broken packets from keys
558 * gpg-mailkeys: simply mail out a signed key to its owner
560 * gpg-key2ps: generate PostScript file with fingerprint paper strips
562 * gpgdir: recursive directory encryption tool
564 * gpglist: show who signed which of your UIDs
566 * gpgsigs: annotates list of GnuPG keys with already done signatures
568 * gpgparticipants: create list of party participants for the organiser
570 * gpgwrap: a passphrase wrapper
572 * keyanalyze: minimum signing distance (MSD) analysis on keyrings
574 * keylookup: ncurses wrapper around gpg --search
576 * sig2dot: converts a list of GnuPG signatures to a .dot file
578 * springgraph: creates a graph from a .dot file")
579 ;; gpl2+ for almost all programs, except for keyanalyze: gpl2
580 ;; and caff and gpgsigs: bsd-3, see
581 ;; http://packages.debian.org/changelogs/pool/main/s/signing-party/current/copyright
582 (license license:gpl2)
583 (home-page "https://pgp-tools.alioth.debian.org/")))
585 (define-public pinentry-tty
587 (name "pinentry-tty")
591 (uri (string-append "mirror://gnupg/pinentry/pinentry-"
595 "1cp7wjqr6nx31mdclr61s2h84ijqjl0ph99kgj4vyawpjj1j1633"))))
596 (build-system gnu-build-system)
598 `(#:configure-flags '("--enable-pinentry-tty")))
600 `(("ncurses" ,ncurses)
601 ("libassuan" ,libassuan)
602 ("libsecret" ,libsecret "out")))
604 `(("pkg-config" ,pkg-config)))
605 (home-page "https://gnupg.org/aegypten2/")
606 (synopsis "GnuPG's interface to passphrase input")
608 "Pinentry provides a console that allows users to enter a passphrase when
609 @code{gpg} or @code{gpg2} is run and needs it.")
610 (license license:gpl2+)))
612 (define-public pinentry-gtk2
614 (inherit pinentry-tty)
615 (name "pinentry-gtk2")
619 ,@(package-inputs pinentry-tty)))
621 "Pinentry provides a console and a GTK+ GUI that allows users to enter a
622 passphrase when @code{gpg} or @code{gpg2} is run and needs it.")))
624 (define-public pinentry-qt
626 (inherit pinentry-tty)
630 ,@(package-inputs pinentry-tty)))
632 "Pinentry provides a console and a Qt GUI that allows users to enter a
633 passphrase when @code{gpg} or @code{gpg2} is run and needs it.")))
635 (define-public pinentry
636 (package (inherit pinentry-gtk2)
639 (define-public paperkey
645 (uri (string-append "http://www.jabberwocky.com/"
646 "software/paperkey/paperkey-"
650 "1yybj8bj68v4lxwpn596b6ismh2fyixw5vlqqg26byrn4d9dfmsv"))))
651 (build-system gnu-build-system)
655 'check 'patch-check-scripts
657 (substitute* '("checks/roundtrip.sh"
658 "checks/roundtrip-raw.sh")
659 (("/bin/echo") "echo")))
661 (home-page "http://www.jabberwocky.com/software/paperkey/")
662 (synopsis "Backup OpenPGP keys to paper")
664 "Paperkey extracts the secret bytes from an OpenPGP (GnuPG, PGP, etc) key
665 for printing with paper and ink, which have amazingly long retention
666 qualities. To reconstruct a secret key, you re-enter those
667 bytes (whether by hand, OCR, QR code, or the like) and paperkey can use
668 them to transform your existing public key into a secret key.")
669 (license license:gpl2+)))