1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
4 ;;; This file is part of GNU Guix.
6 ;;; GNU Guix is free software; you can redistribute it and/or modify it
7 ;;; under the terms of the GNU General Public License as published by
8 ;;; the Free Software Foundation; either version 3 of the License, or (at
9 ;;; your option) any later version.
11 ;;; GNU Guix is distributed in the hope that it will be useful, but
12 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
13 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 ;;; GNU General Public License for more details.
16 ;;; You should have received a copy of the GNU General Public License
17 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
19 (define-module (gnu packages certs)
20 #:use-module ((guix licenses) #:prefix license:)
21 #:use-module (guix packages)
22 #:use-module (guix download)
23 #:use-module (guix build-system gnu)
24 #:use-module (guix build-system trivial)
25 #:use-module (gnu packages)
26 #:use-module (gnu packages gnuzilla)
27 #:use-module (gnu packages openssl)
28 #:use-module (gnu packages python))
38 "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/plain/certdata2pem.py?id=053dde8a2f5901e97028a58bf54e7d0ef8095a54")
41 "0zscrm41gnsf14zvlkxhy00h3dmgidyz645ldpda3y3vabnwv8dx"))))
42 (build-system trivial-build-system)
44 `(("python" ,python-2)))
46 `(#:modules ((guix build utils))
49 (use-modules (guix build utils))
50 (let ((bin (string-append %output "/bin")))
51 (copy-file (assoc-ref %build-inputs "source") "certdata2pem.py")
52 (chmod "certdata2pem.py" #o555)
53 (substitute* "certdata2pem.py"
55 (string-append (assoc-ref %build-inputs "python")
57 ;; Use the file extension .pem instead of .crt.
60 (copy-file "certdata2pem.py"
61 (string-append bin "/certdata2pem.py"))))))
62 (synopsis "Python script to extract .pem data from certificate collection")
64 "certdata2pem.py is a Python script to transform X.509 certificate
65 \"source code\" as contained, for example, in the Mozilla sources, into
66 .pem formatted certificates.")
67 (license license:gpl2+)
68 (home-page "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/")))
70 (define-public nss-certs
71 (package (inherit nss) ; to reuse the source, version and some metadata
73 (build-system gnu-build-system)
76 `(("certdata2pem" ,certdata2pem)
77 ("openssl" ,openssl)))
79 (propagated-inputs '())
81 `(#:modules ((guix build gnu-build-system)
84 #:imported-modules ((guix build gnu-build-system)
90 (let ((certsdir (string-append %output "/etc/ssl/certs/")))
92 (with-directory-excursion "nss/lib/ckfw/builtins/"
93 ;; extract single certificates from blob
94 (system* "certdata2pem.py" "certdata.txt")
95 ;; copy the .pem files into the output
98 (copy-file file (string-append certsdir file)))
99 ;; FIXME: Some of the file names are UTF8 (?) and cause an
100 ;; error message such as
102 ;; ./EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??:2.8.76.175.115.66.28.142.116.2.pem:
103 ;; No such file or directory
104 (find-files "." ".*\\.pem")))
105 (with-directory-excursion certsdir
106 ;; create symbolic links for and by openssl
107 ;; Strangely, the call (system* "c_rehash" certsdir)
108 ;; from inside the build dir fails with
109 ;; "Usage error; try -help."
110 ;; This looks like a bug in openssl-1.0.2, but we can also
111 ;; switch into the target directory.
112 (system* "c_rehash" "."))))
113 (map (cut assq <> %standard-phases)
114 '(set-paths unpack)))))
115 (synopsis "CA certificates from Mozilla")
117 "This package provides certificates for Certification Authorities (CA)
118 taken from the NSS package and thus ultimately from the Mozilla project.")))