1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
4 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
5 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
6 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
7 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
8 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
10 ;;; This file is part of GNU Guix.
12 ;;; GNU Guix is free software; you can redistribute it and/or modify it
13 ;;; under the terms of the GNU General Public License as published by
14 ;;; the Free Software Foundation; either version 3 of the License, or (at
15 ;;; your option) any later version.
17 ;;; GNU Guix is distributed in the hope that it will be useful, but
18 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
19 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ;;; GNU General Public License for more details.
22 ;;; You should have received a copy of the GNU General Public License
23 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
25 (define-module (gnu packages gnupg)
26 #:use-module ((guix licenses) #:prefix license:)
27 #:use-module (gnu packages)
28 #:use-module (gnu packages adns)
29 #:use-module (gnu packages curl)
30 #:use-module (gnu packages openldap)
31 #:use-module (gnu packages perl)
32 #:use-module (gnu packages pth)
33 #:use-module (gnu packages python)
34 #:use-module (gnu packages readline)
35 #:use-module (gnu packages compression)
36 #:use-module (gnu packages databases)
37 #:use-module (gnu packages gtk)
38 #:use-module (gnu packages glib)
39 #:use-module (gnu packages gnome)
40 #:use-module (gnu packages pkg-config)
41 #:use-module (gnu packages ncurses)
42 #:use-module (gnu packages tls)
43 #:use-module (guix packages)
44 #:use-module (guix download)
45 #:use-module (guix build-system gnu)
46 #:use-module (guix build-system python))
48 (define-public libgpg-error
55 (uri (string-append "mirror://gnupg/libgpg-error/libgpg-error-"
59 "0kdq2cbnk84fr4jqcv689rlxpbyl6bda2cn6y3ll19v3mlydpnxp"))))
60 (build-system gnu-build-system)
61 (home-page "http://gnupg.org")
62 (synopsis "Library of error values for GnuPG components")
64 "Libgpg-error is a small library that defines common error values
65 for all GnuPG components. Among these are GPG, GPGSM, GPGME,
66 GPG-Agent, libgcrypt, Libksba, DirMngr, Pinentry, SmartCard
67 Daemon and possibly more in the future.")
68 (license license:lgpl2.0+)
69 (properties '((ftp-server . "ftp.gnupg.org")
70 (ftp-directory . "/gcrypt/libgpg-error")))))
72 (define-public libgcrypt
78 (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
82 "0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl"))))
83 (build-system gnu-build-system)
85 `(("libgpg-error-host" ,libgpg-error)))
87 ;; Needed here for the 'gpg-error' program.
88 `(("libgpg-error-native" ,libgpg-error)))
90 ;; The '--with-gpg-error-prefix' argument is needed because otherwise
91 ;; 'configure' uses 'gpg-error-config' to determine the '-L' flag, and
92 ;; the 'gpg-error-config' it runs is the native one---i.e., the wrong one.
94 (list (string-append "--with-gpg-error-prefix="
95 (assoc-ref %build-inputs "libgpg-error-host")))))
96 (outputs '("out" "debug"))
97 (home-page "http://gnupg.org/")
98 (synopsis "Cryptographic function library")
100 "Libgcrypt is a general-purpose cryptographic library. It provides the
101 standard cryptographic building blocks such as symmetric ciphers, hash
102 algorithms, public key algorithms, large integer functions and random number
104 (license license:lgpl2.0+)
105 (properties '((ftp-server . "ftp.gnupg.org")
106 (ftp-directory . "/gcrypt/libgcrypt")))))
108 (define-public libgcrypt-1.5
109 (package (inherit libgcrypt)
114 (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
118 "0czvqxkzd5y872ipy6s010ifwdwv29sqbnqc4pf56sd486gqvy6m"))))))
120 (define-public libassuan
127 (uri (string-append "mirror://gnupg/libassuan/libassuan-"
131 "086bbcdnvs48qq5g4iac7dpk76j0q3jrp16mchdvyx0b720xq1mv"))))
132 (build-system gnu-build-system)
134 `(("libgpg-error" ,libgpg-error) ("pth" ,pth)))
135 (home-page "http://gnupg.org")
137 "IPC library used by GnuPG and related software")
139 "Libassuan is a small library implementing the so-called Assuan
140 protocol. This protocol is used for IPC between most newer
141 GnuPG components. Both, server and client side functions are
143 (license license:lgpl2.0+)
144 (properties '((ftp-server . "ftp.gnupg.org")
145 (ftp-directory . "/gcrypt/libassuan")))))
147 (define-public libksba
155 "mirror://gnupg/libksba/libksba-"
159 "11kp3h9l3b8ikydkcdkwgx45r662zi30m26ra5llyhfh6kz5yzqc"))))
160 (build-system gnu-build-system)
162 `(("libgpg-error" ,libgpg-error)))
164 `(("libgpg-error" ,libgpg-error)))
167 (list ,@(if (%current-target-system)
168 '("CC_FOR_BUILD=gcc")
170 (string-append "--with-gpg-error-prefix="
171 (assoc-ref %build-inputs "libgpg-error")))))
172 (home-page "http://www.gnupg.org")
173 (synopsis "CMS and X.509 access library")
175 "KSBA (pronounced Kasbah) is a library to make X.509 certificates
176 as well as the CMS easily accessible by other applications. Both
177 specifications are building blocks of S/MIME and TLS.")
178 (license license:gpl3+)
179 (properties '((ftp-server . "ftp.gnupg.org")
180 (ftp-directory . "/gcrypt/libksba")))))
190 "mirror://gnupg/npth/npth-"
194 "12n0nvhw4fzwp0k7gjv3rc6pdml0qiinbbfiz4ilg6pl5kdxvnvd"))))
195 (build-system gnu-build-system)
196 (home-page "http://www.gnupg.org")
197 (synopsis "Non-preemptive thread library")
199 "Npth is a library to provide the GNU Pth API and thus a non-preemptive
200 threads implementation.
202 In contrast to GNU Pth is is based on the system's standard threads
203 implementation. This allows the use of libraries which are not
204 compatible to GNU Pth.")
205 (license (list license:lgpl3+ license:gpl2+)))) ; dual license
213 (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
217 "06mn2viiwsyq991arh5i5fhr9jyxq2bi0jkdj7ndfisxihngpc5p"))
218 (patches (search-patches
219 "gnupg-simple-query-ignore-status-messages.patch"))))
220 (build-system gnu-build-system)
222 `(("pkg-config" ,pkg-config)))
228 ("libassuan" ,libassuan)
229 ("libgcrypt" ,libgcrypt)
230 ("libgpg-error" ,libgpg-error)
233 ("openldap" ,openldap)
234 ("readline" ,readline)
240 'configure 'patch-config-files
242 (substitute* "tests/openpgp/defs.inc"
243 (("/bin/pwd") (which "pwd"))))
245 (home-page "http://gnupg.org/")
246 (synopsis "GNU Privacy Guard")
248 "The GNU Privacy Guard is a complete implementation of the OpenPGP
249 standard. It is used to encrypt and sign data and communication. It
250 features powerful key management and the ability to access public key
251 servers. It includes several libraries: libassuan (IPC between GnuPG
252 components), libgpg-error (centralized GnuPG error values), and
253 libskba (working with X.509 certificates and CMS data).")
254 (license license:gpl3+)
255 (properties '((ftp-server . "ftp.gnupg.org")
256 (ftp-directory . "/gcrypt/gnupg")))))
258 (define-public gnupg-2.0
259 (package (inherit gnupg)
263 (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
267 "0wax4cy14hh0h7kg9hj0hjn9424b71z8lrrc5kbsasrn9xd7hag3"))))
273 ("libassuan" ,libassuan)
274 ("libgcrypt" ,libgcrypt)
275 ("libgpg-error" ,libgpg-error)
278 ("openldap" ,openldap)
280 ("readline" ,readline)))
284 'configure 'patch-config-files
286 (substitute* "tests/openpgp/Makefile.in"
287 (("/bin/sh") (which "bash"))))
288 %standard-phases)))))
290 (define-public gnupg-1
291 (package (inherit gnupg)
295 (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
299 "1k7d6zi0zznqsmcjic0yrgfhqklqz3qgd3yac7wxsa7s6088p604"))))
305 ("readline" ,readline)
306 ("libgpg-error" ,libgpg-error)))
308 `(#:phases (alist-cons-after
309 'unpack 'patch-check-sh
311 (substitute* "checks/Makefile.in"
312 (("/bin/sh") (which "bash"))))
313 %standard-phases)))))
322 (uri (string-append "mirror://gnupg/gpgme/gpgme-" version
326 "17892sclz3yg45wbyqqrzzpq3l0icbnfl28f101b3062g8cy97dh"))))
327 (build-system gnu-build-system)
329 ;; Needs to be propagated because gpgme.h includes gpg-error.h.
330 `(("libgpg-error" ,libgpg-error)))
332 `(("gnupg" ,gnupg-2.0)
333 ("libassuan" ,libassuan)))
334 (arguments '(#:make-flags '("GPG=gpg2")))
335 (home-page "http://www.gnupg.org/related_software/gpgme/")
336 (synopsis "Library providing simplified access to GnuPG functionality")
338 "GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG
339 easier for applications. It provides a High-Level Crypto API for encryption,
340 decryption, signing, signature verification and key management. Currently
341 it uses GnuPG as its backend but the API isn't restricted to this engine.
343 Because the direct use of GnuPG from an application can be a complicated
344 programming task, it is suggested that all software should try to use GPGME
345 instead. This way bug fixes or improvements can be done at a central place
346 and every application benefits from this.")
347 (license license:lgpl2.1+)))
349 (define-public python-pygpgme
351 (name "python-pygpgme")
356 (uri (pypi-uri "pygpgme" version))
359 "1q82p3gs6lwq8j8dxk4pvrwk3jpww1zqcjrzznl9clh10z28gn2z"))
360 ;; Unfortunately, we have to disable some tests due to some gpg-agent
362 ;; https://bugs.launchpad.net/pygpgme/+bug/999949
363 (patches (search-patches "pygpgme-disable-problematic-tests.patch"))))
366 (modify-phases %standard-phases
367 (add-before 'build 'make-build
369 (zero? (system* "make" "build"))))
372 (zero? (system* "make" "check")))))))
373 (build-system python-build-system)
375 `(;; setuptools required for python-2 variant
376 ("python-setuptools" ,python-setuptools)
379 (home-page "https://launchpad.net/pygpgme")
380 (synopsis "Python module for working with OpenPGP messages")
382 "PyGPGME is a Python module that lets you sign, verify, encrypt and
383 decrypt messages using the OpenPGP format by making use of GPGME.")
384 (license license:lgpl2.1+)))
386 (define-public python2-pygpgme
387 (package-with-python2 python-pygpgme))
389 (define-public python-gnupg
391 (name "python-gnupg")
396 (uri (pypi-uri "python-gnupg" version))
399 "0nkbs9c8f30lra7ca39kg91x8cyxn0jb61vih4qky839gpbwwwiq"))))
400 (build-system python-build-system)
403 (modify-phases %standard-phases
405 (lambda* (#:key inputs #:allow-other-keys)
406 (substitute* "test_gnupg.py"
407 ;; Test keyrings are missing, so this test fails.
408 (("'test_scan_keys'") "True")
409 (("def test_scan_keys") "def disabled__scan_keys")
410 ;; Unsure why this test fails.
411 (("'test_search_keys'") "True")
412 (("def test_search_keys") "def disabled__search_keys"))
413 (setenv "GPGBINARY" "gpg")
414 (setenv "USERNAME" "guixbuilder")
415 ;; The doctests are extremely slow and sometimes time out,
416 ;; so we disable them.
417 (zero? (system* "python"
418 "test_gnupg.py" "--no-doctests")))))))
420 `(("gnupg" ,gnupg-1)))
421 (home-page "http://packages.python.org/python-gnupg/index.html")
422 (synopsis "Wrapper for the GNU Privacy Guard")
424 "This module allows easy access to GnuPG’s key management, encryption
425 and signature functionality from Python programs.")
426 (license license:bsd-3)))
428 (define-public python2-gnupg
429 (package-with-python2 python-gnupg))
438 "https://github.com/jaymzh/pius/releases/download/v"
439 version "/pius-" version ".tar.bz2"))
442 "0k94mlr7l12mplph7pdgjbampqha47d8mfjq69n4xm80qwbn1rq1"))))
443 (build-system python-build-system)
444 (inputs `(("perl" ,perl) ;for 'pius-party-worksheet'
445 ("gpg" ,gnupg-2.0))) ;2.1 fails to talk to gpg-agent 2.0
448 #:python ,python-2 ;uses the Python 2 'print' syntax
450 (modify-phases %standard-phases
452 'build 'set-gpg-file-name
453 (lambda* (#:key inputs outputs #:allow-other-keys)
454 (let* ((gpg (string-append (assoc-ref inputs "gpg")
456 (substitute* "libpius/constants.py"
457 (("/usr/bin/gpg2") gpg))))))))
458 (synopsis "Programs to simplify GnuPG key signing")
460 "Pius (PGP Individual UID Signer) helps attendees of PGP keysigning
461 parties. It is the main utility and makes it possible to quickly and easily
462 sign each UID on a set of PGP keys. It is designed to take the pain out of
463 the sign-all-the-keys part of PGP Keysigning Party while adding security
466 pius-keyring-mgr and pius-party-worksheet help organisers of
467 PGP keysigning parties.")
468 (license license:gpl2)
469 (home-page "http://www.phildev.net/pius/index.shtml")))
471 (define-public signing-party
473 (name "signing-party")
477 (uri (string-append "http://ftp.debian.org/debian/pool/main/s/signing-party/signing-party_"
478 version ".orig.tar.gz"))
480 "188gp0prbh8qs29lq3pbf0qibfd6jq4fk7i0pfrybl8aahvm84rx"))))
481 (build-system gnu-build-system)
482 (inputs `(("perl" ,perl)))
487 'unpack 'remove-spurious-links
488 (lambda _ (delete-file "keyanalyze/pgpring/depcomp"))
491 (lambda* (#:key outputs #:allow-other-keys)
492 (let ((out (assoc-ref outputs "out")))
493 (substitute* "keyanalyze/Makefile"
494 (("LDLIBS") (string-append "CC=" (which "gcc") "\nLDLIBS")))
495 (substitute* "keyanalyze/Makefile"
496 (("./configure") (string-append "./configure --prefix=" out)))
497 (substitute* "keyanalyze/pgpring/configure"
498 (("/bin/sh") (which "bash")))
499 (substitute* "gpgwrap/Makefile"
500 (("\\} clean") (string-append "} clean\ninstall:\n\tinstall -D bin/gpgwrap "
501 out "/bin/gpgwrap\n")))
502 (substitute* '("gpgsigs/Makefile" "keyanalyze/Makefile"
503 "keylookup/Makefile" "sig2dot/Makefile"
504 "springgraph/Makefile")
508 (lambda* (#:key outputs #:allow-other-keys #:rest args)
509 (let ((out (assoc-ref outputs "out"))
510 (install (assoc-ref %standard-phases 'install)))
514 (copy-file (string-append dir "/" file)
515 (string-append out "/bin/" file)))
516 '("caff" "caff" "caff" "gpgdir" "gpg-key2ps"
517 "gpglist" "gpg-mailkeys" "gpgparticipants")
518 '("caff" "pgp-clean" "pgp-fixkey" "gpgdir" "gpg-key2ps"
519 "gpglist" "gpg-mailkeys" "gpgparticipants"))
522 (copy-file (string-append dir "/" file)
523 (string-append out "/share/man/man1/" file)))
524 '("caff" "caff" "caff" "gpgdir"
525 "gpg-key2ps" "gpglist" "gpg-mailkeys"
526 "gpgparticipants" "gpgsigs" "gpgwrap/doc"
527 "keyanalyze" "keyanalyze/pgpring" "keyanalyze")
528 '("caff.1" "pgp-clean.1" "pgp-fixkey.1" "gpgdir.1"
529 "gpg-key2ps.1" "gpglist.1" "gpg-mailkeys.1"
530 "gpgparticipants.1" "gpgsigs.1" "gpgwrap.1"
531 "process_keys.1" "pgpring.1" "keyanalyze.1"))))
532 %standard-phases)))))
533 (synopsis "Collection of scripts for simplifying gnupg key signing")
535 "Signing-party is a collection for all kinds of PGP/GnuPG related things,
536 including tools for signing keys, keyring analysis, and party preparation.
538 * caff: CA - Fire and Forget signs and mails a key
540 * pgp-clean: removes all non-self signatures from key
542 * pgp-fixkey: removes broken packets from keys
544 * gpg-mailkeys: simply mail out a signed key to its owner
546 * gpg-key2ps: generate PostScript file with fingerprint paper strips
548 * gpgdir: recursive directory encryption tool
550 * gpglist: show who signed which of your UIDs
552 * gpgsigs: annotates list of GnuPG keys with already done signatures
554 * gpgparticipants: create list of party participants for the organiser
556 * gpgwrap: a passphrase wrapper
558 * keyanalyze: minimum signing distance (MSD) analysis on keyrings
560 * keylookup: ncurses wrapper around gpg --search
562 * sig2dot: converts a list of GnuPG signatures to a .dot file
564 * springgraph: creates a graph from a .dot file")
565 ;; gpl2+ for almost all programs, except for keyanalyze: gpl2
566 ;; and caff and gpgsigs: bsd-3, see
567 ;; http://packages.debian.org/changelogs/pool/main/s/signing-party/current/copyright
568 (license license:gpl2)
569 (home-page "http://pgp-tools.alioth.debian.org/")))
571 (define-public pinentry
577 (uri (string-append "mirror://gnupg/pinentry/pinentry-"
581 "0rhyw1vk28kgasjp22myf7m2q8kycw82d65pr9kgh93z17lj849a"))))
582 (build-system gnu-build-system)
584 `(("ncurses" ,ncurses)
585 ("libassuan" ,libassuan)
586 ("libsecret" ,libsecret "out")
590 `(("pkg-config" ,pkg-config)))
591 (home-page "http://gnupg.org/aegypten2/")
592 (synopsis "GnuPG's interface to passphrase input")
594 "Pinentry provides a console and a GTK+ GUI that allows users to
595 enter a passphrase when `gpg' or `gpg2' is run and needs it.")
596 (license license:gpl2+)))
598 (define-public paperkey
604 (uri (string-append "http://www.jabberwocky.com/"
605 "software/paperkey/paperkey-"
609 "1yybj8bj68v4lxwpn596b6ismh2fyixw5vlqqg26byrn4d9dfmsv"))))
610 (build-system gnu-build-system)
614 'check 'patch-check-scripts
616 (substitute* '("checks/roundtrip.sh"
617 "checks/roundtrip-raw.sh")
618 (("/bin/echo") "echo")))
620 (home-page "http://www.jabberwocky.com/software/paperkey/")
621 (synopsis "Backup OpenPGP keys to paper")
623 "Paperkey extracts the secret bytes from an OpenPGP (GnuPG, PGP, etc) key
624 for printing with paper and ink, which have amazingly long retention
625 qualities. To reconstruct a secret key, you re-enter those
626 bytes (whether by hand, OCR, QR code, or the like) and paperkey can use
627 them to transform your existing public key into a secret key.")
628 (license license:gpl2+)))