gnu/packages/kerberos.scm

   1 ;;; GNU Guix --- Functional package management for GNU
   2 ;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
   3 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
   4 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
   5 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
   6 ;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
   7 ;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org>
   8 ;;;
   9 ;;; This file is part of GNU Guix.
  10 ;;;
  11 ;;; GNU Guix is free software; you can redistribute it and/or modify it
  12 ;;; under the terms of the GNU General Public License as published by
  13 ;;; the Free Software Foundation; either version 3 of the License, or (at
  14 ;;; your option) any later version.
  15 ;;;
  16 ;;; GNU Guix is distributed in the hope that it will be useful, but
  17 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
  18 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19 ;;; GNU General Public License for more details.
  20 ;;;
  21 ;;; You should have received a copy of the GNU General Public License
  22 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
  23
  24 (define-module (gnu packages kerberos)
  25   #:use-module (gnu packages)
  26   #:use-module (gnu packages bison)
  27   #:use-module (gnu packages perl)
  28   #:use-module (gnu packages gnupg)
  29   #:use-module (gnu packages libidn)
  30   #:use-module (gnu packages linux)
  31   #:use-module (gnu packages pkg-config)
  32   #:use-module (gnu packages compression)
  33   #:use-module (gnu packages databases)
  34   #:use-module (gnu packages readline)
  35   #:use-module (gnu packages tls)
  36   #:use-module ((guix licenses) #:prefix license:)
  37   #:use-module (guix packages)
  38   #:use-module (guix download)
  39   #:use-module (guix utils)
  40   #:use-module (guix build-system gnu))
  41
  42 (define-public mit-krb5
  43   (package
  44     (name "mit-krb5")
  45     (version "1.14.4")
  46     (source (origin
  47               (method url-fetch)
  48               (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
  49                                   (version-major+minor version)
  50                                   "/krb5-" version ".tar.gz"))
  51               (sha256
  52                (base32
  53                 "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3"))))
  54     (build-system gnu-build-system)
  55     (native-inputs
  56      `(("bison" ,bison)
  57        ("perl" ,perl)))
  58     (arguments
  59      `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
  60        ;; needed by 'authgss_prot.so'."
  61        #:parallel-build? #f
  62
  63        ;; Likewise with tests.
  64        #:parallel-tests? #f
  65
  66        ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
  67        ;; while running the tests in 'src/tests'.
  68        #:tests? ,(string=? (%current-system) "x86_64-linux")
  69
  70        #:phases
  71        (modify-phases %standard-phases
  72          (add-after 'unpack 'enter-source-directory
  73            (lambda _
  74              (chdir "src")
  75              #t))
  76          (add-before 'check 'pre-check
  77            (lambda* (#:key inputs #:allow-other-keys)
  78              (let ((perl (assoc-ref inputs "perl")))
  79                (substitute* "plugins/kdb/db2/libdb2/test/run.test"
  80                  (("/bin/cat") (string-append perl "/bin/perl"))
  81                  (("D/bin/sh") (string-append "D" (which "sh")))
  82                  (("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))
  83
  84              ;; avoid service names since /etc/services is unavailable
  85              (substitute* "tests/resolve/Makefile"
  86                (("-p telnet") "-p 23"))
  87              #t)))))
  88     (synopsis "MIT Kerberos 5")
  89     (description
  90      "Massachusetts Institute of Technology implementation of Kerberos.
  91 Kerberos is a network authentication protocol designed to provide strong
  92 authentication for client/server applications by using secret-key
  93 cryptography.")
  94     (license (license:non-copyleft "file://NOTICE"
  95                                    "See NOTICE in the distribution."))
  96     (home-page "http://web.mit.edu/kerberos/")
  97     (properties '((cpe-name . "kerberos")))))
  98
  99 (define-public shishi
 100   (package
 101     (name "shishi")
 102     (version "1.0.2")
 103     (source
 104      (origin
 105       (method url-fetch)
 106       (uri (string-append "mirror://gnu/shishi/shishi-"
 107                           version ".tar.gz"))
 108       (sha256
 109        (base32
 110         "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d"))))
 111     (build-system gnu-build-system)
 112     (native-inputs `(("pkg-config" ,pkg-config)))
 113     (inputs
 114      `(("gnutls" ,gnutls)
 115        ("libidn" ,libidn)
 116        ("linux-pam" ,linux-pam-1.2)
 117        ("zlib" ,zlib)
 118        ;; libgcrypt 1.6 fails because of the following test:
 119        ;;  #include <gcrypt.h>
 120        ;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
 121        ;;    will fail on startup if we don't have 1.4.4 or later, so
 122        ;;    test for it early. */
 123        ;; #if !defined GCRY_MODULE_ID_USER
 124        ;; error too old libgcrypt
 125        ;; #endif
 126        ("libgcrypt" ,libgcrypt-1.5)
 127        ("libtasn1" ,libtasn1)))
 128     (home-page "https://www.gnu.org/software/shishi/")
 129     (synopsis "Implementation of the Kerberos 5 network security system")
 130     (description
 131      "GNU Shishi is a free implementation of the Kerberos 5 network security
 132 system.  It is used to allow non-secure network nodes to communicate in a
 133 secure manner through client-server mutual authentication via tickets.")
 134     (license license:gpl3+)))
 135
 136 (define-public heimdal
 137   (package
 138     (name "heimdal")
 139     (version "1.5.3")
 140     (source (origin
 141               (method url-fetch)
 142               (uri (string-append "http://www.h5l.org/dist/src/heimdal-"
 143                                   version ".tar.gz"))
 144               (sha256
 145                (base32
 146                 "19gypf9vzfrs2bw231qljfl4cqc1riyg0ai0xmm1nd1wngnpphma"))
 147               (patches (search-patches "heimdal-CVE-2017-6594.patch"
 148                                        "heimdal-CVE-2017-11103.patch"))
 149               (modules '((guix build utils)))
 150               (snippet
 151                '(substitute* "configure"
 152                   (("User=.*$") "User=Guix\n")
 153                   (("Date=.*$") "Date=2017\n")))))
 154     (build-system gnu-build-system)
 155     (arguments
 156      '(#:configure-flags (list
 157                           ;; Work around a linker error.
 158                           "CFLAGS=-pthread"
 159
 160                           ;; Avoid 7 MiB of .a files.
 161                           "--disable-static"
 162
 163                           ;; Do not build libedit.
 164                           (string-append
 165                            "--with-readline-lib="
 166                            (assoc-ref %build-inputs "readline") "/lib")
 167                           (string-append
 168                            "--with-readline-include="
 169                            (assoc-ref %build-inputs "readline") "/include"))
 170
 171        #:phases (modify-phases %standard-phases
 172                   (add-before 'check 'skip-tests
 173                     (lambda _
 174                       ;; The test simply runs 'ftp --version && ftp --help'
 175                       ;; but that fails in the chroot because 'ftp' tries to
 176                       ;; do a service lookup before printing the help/version.
 177                       (substitute* "appl/ftp/ftp/Makefile.in"
 178                         (("^CHECK_LOCAL =.*")
 179                          "CHECK_LOCAL = no-check-local\n"))
 180                       #t)))))
 181     (native-inputs `(("e2fsprogs" ,e2fsprogs)))   ;for 'compile_et'
 182     (inputs `(("readline" ,readline)
 183               ("bdb" ,bdb)
 184               ("e2fsprogs" ,e2fsprogs)))          ;for libcom_err
 185     (home-page "http://www.h5l.org/")
 186     (synopsis "Kerberos 5 network authentication")
 187     (description
 188      "Heimdal is an implementation of Kerberos 5 network authentication
 189 service.")
 190     (license license:bsd-3)))