HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: Move testing packages from python.scm to check.scm.
[jackhill/guix/guix.git] / gnu / packages / tls.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
5 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
6 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
7 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
8 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
9 ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
10 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
11 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
12 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
13 ;;;
14 ;;; This file is part of GNU Guix.
15 ;;;
16 ;;; GNU Guix is free software; you can redistribute it and/or modify it
17 ;;; under the terms of the GNU General Public License as published by
18 ;;; the Free Software Foundation; either version 3 of the License, or (at
19 ;;; your option) any later version.
20 ;;;
21 ;;; GNU Guix is distributed in the hope that it will be useful, but
22 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
23 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 ;;; GNU General Public License for more details.
25 ;;;
26 ;;; You should have received a copy of the GNU General Public License
27 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
28
29 (define-module (gnu packages tls)
30 #:use-module ((guix licenses) #:prefix license:)
31 #:use-module (guix packages)
32 #:use-module (guix download)
33 #:use-module (guix utils)
34 #:use-module (guix build-system gnu)
35 #:use-module (guix build-system perl)
36 #:use-module (guix build-system python)
37 #:use-module (guix build-system cmake)
38 #:use-module (guix build-system haskell)
39 #:use-module (gnu packages compression)
40 #:use-module (gnu packages)
41 #:use-module (gnu packages check)
42 #:use-module (gnu packages dns)
43 #:use-module (gnu packages guile)
44 #:use-module (gnu packages haskell)
45 #:use-module (gnu packages haskell-check)
46 #:use-module (gnu packages haskell-crypto)
47 #:use-module (gnu packages libbsd)
48 #:use-module (gnu packages libffi)
49 #:use-module (gnu packages libidn)
50 #:use-module (gnu packages linux)
51 #:use-module (gnu packages ncurses)
52 #:use-module (gnu packages nettle)
53 #:use-module (gnu packages perl)
54 #:use-module (gnu packages pkg-config)
55 #:use-module (gnu packages python)
56 #:use-module (gnu packages python-crypto)
57 #:use-module (gnu packages python-web)
58 #:use-module (gnu packages texinfo)
59 #:use-module (gnu packages base)
60 #:use-module (srfi srfi-1))
61
62 (define-public libtasn1
63 (package
64 (name "libtasn1")
65 (version "4.12")
66 (replacement libtasn1/fixed)
67 (source
68 (origin
69 (method url-fetch)
70 (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
71 version ".tar.gz"))
72 (sha256
73 (base32
74 "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))))
75 (build-system gnu-build-system)
76 (native-inputs `(("perl" ,perl)))
77 (home-page "https://www.gnu.org/software/libtasn1/")
78 (synopsis "ASN.1 library")
79 (description
80 "GNU libtasn1 is a library implementing the ASN.1 notation. It is used
81 for transmitting machine-neutral encodings of data objects in computer
82 networking, allowing for formal validation of data according to some
83 specifications.")
84 (license license:lgpl2.0+)))
85
86 (define libtasn1/fixed
87 (package
88 (inherit libtasn1)
89 (source (origin
90 (inherit (package-source libtasn1))
91 (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))))
92
93 (define-public asn1c
94 (package
95 (name "asn1c")
96 (version "0.9.28")
97 (source (origin
98 (method url-fetch)
99 (uri (string-append "https://lionet.info/soft/asn1c-"
100 version ".tar.gz"))
101 (sha256
102 (base32
103 "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
104 (build-system gnu-build-system)
105 (native-inputs
106 `(("perl" ,perl)))
107 (home-page "https://lionet.info/asn1c")
108 (synopsis "ASN.1 to C compiler")
109 (description "The ASN.1 to C compiler takes ASN.1 module
110 files and generates C++ compatible C source code. That code can be
111 used to serialize the native C structures into compact and unambiguous
112 BER/XER/PER-based data files, and deserialize the files back.
113
114 Various ASN.1 based formats are widely used in the industry, such as to encode
115 the X.509 certificates employed in the HTTPS handshake, to exchange control
116 data between mobile phones and cellular networks, to car-to-car communication
117 in intelligent transportation networks.")
118 (license license:bsd-2)))
119
120 (define-public p11-kit
121 (package
122 (name "p11-kit")
123 (version "0.23.9")
124 (source
125 (origin
126 (method url-fetch)
127 (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
128 "download/" version "/p11-kit-" version ".tar.gz"))
129 (sha256
130 (base32
131 "0qyvnkb5hfi94wv3bn67y20hcbbvynvjwxpk7k9sh1si6ff69hg1"))))
132 (build-system gnu-build-system)
133 (native-inputs
134 `(("pkg-config" ,pkg-config)))
135 (inputs
136 `(("libffi" ,libffi)
137 ("libtasn1" ,libtasn1)))
138 (arguments
139 `(#:configure-flags '("--without-trust-paths")))
140 (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
141 (synopsis "PKCS#11 library")
142 (description
143 "p11-kit provides a way to load and enumerate PKCS#11 modules. It
144 provides a standard configuration setup for installing PKCS#11 modules
145 in such a way that they are discoverable. It also solves problems with
146 coordinating the use of PKCS#11 by different components or libraries
147 living in the same process.")
148 (license license:bsd-3)))
149
150
151 ;; TODO Add net-tools-for-tests to #:disallowed-references when we can afford
152 ;; rebuild GnuTLS (i.e. core-updates).
153 (define-public gnutls
154 (package
155 (name "gnutls")
156 (version "3.5.13")
157 (source (origin
158 (method url-fetch)
159 (uri
160 ;; Note: Releases are no longer on ftp.gnu.org since the
161 ;; schism (after version 3.1.5).
162 (string-append "mirror://gnupg/gnutls/v"
163 (version-major+minor version)
164 "/gnutls-" version ".tar.xz"))
165 (patches
166 (search-patches "gnutls-skip-trust-store-test.patch"
167 "gnutls-skip-pkgconfig-test.patch"))
168 (sha256
169 (base32
170 "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))
171 (build-system gnu-build-system)
172 (arguments
173 '(#:configure-flags
174 (list
175 ;; GnuTLS doesn't consult any environment variables to specify
176 ;; the location of the system-wide trust store. Instead it has a
177 ;; configure-time option. Unless specified, its configure script
178 ;; attempts to auto-detect the location by looking for common
179 ;; places in the file system, none of which are present in our
180 ;; chroot build environment. If not found, then no default trust
181 ;; store is used, so each program has to provide its own
182 ;; fallback, and users have to configure each program
183 ;; independently. This seems suboptimal.
184 "--with-default-trust-store-dir=/etc/ssl/certs"
185
186 ;; FIXME: Temporarily disable p11-kit support since it is not
187 ;; working on mips64el.
188 "--without-p11-kit")
189
190 #:phases (modify-phases %standard-phases
191 (add-after
192 'install 'move-doc
193 (lambda* (#:key outputs #:allow-other-keys)
194 ;; Copy the 4.1 MiB of section 3 man pages to "doc".
195 (let* ((out (assoc-ref outputs "out"))
196 (doc (assoc-ref outputs "doc"))
197 (mandir (string-append doc "/share/man/man3"))
198 (oldman (string-append out "/share/man/man3")))
199 (mkdir-p mandir)
200 (copy-recursively oldman mandir)
201 (delete-file-recursively oldman)
202 #t))))))
203 (outputs '("out" ;4.4 MiB
204 "debug"
205 "doc")) ;4.1 MiB of man pages
206 (native-inputs
207 `(("net-tools" ,net-tools-for-tests)
208 ("pkg-config" ,pkg-config)
209 ("which" ,which)))
210 (inputs
211 `(("guile" ,guile-2.2)))
212 (propagated-inputs
213 ;; These are all in the 'Requires.private' field of gnutls.pc.
214 `(("libtasn1" ,libtasn1)
215 ("libidn2" ,libidn2)
216 ("nettle" ,nettle)
217 ("zlib" ,zlib)))
218 (home-page "https://www.gnu.org/software/gnutls/")
219 (synopsis "Transport layer security library")
220 (description
221 "GnuTLS is a secure communications library implementing the SSL, TLS
222 and DTLS protocols. It is provided in the form of a C library to support the
223 protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
224 required structures.")
225 (license license:lgpl2.1+)
226 (properties '((ftp-server . "ftp.gnutls.org")
227 (ftp-directory . "/gcrypt/gnutls")))))
228
229 (define-public gnutls/guile-2.2
230 (deprecated-package "guile2.2-gnutls" gnutls))
231
232 (define-public gnutls/guile-2.0
233 ;; GnuTLS for Guile 2.0.
234 (package
235 (inherit gnutls)
236 (name "guile2.0-gnutls")
237 (inputs `(("guile" ,guile-2.0)
238 ,@(alist-delete "guile" (package-inputs gnutls))))))
239
240 (define-public gnutls/dane
241 ;; GnuTLS with build libgnutls-dane, implementing DNS-based
242 ;; Authentication of Named Entities. This is required for GNS functionality
243 ;; by GNUnet and gnURL. This is done in an extra package definition
244 ;; to have the choice between GnuTLS with Dane and without Dane.
245 (package
246 (inherit gnutls)
247 (name "gnutls-dane")
248 (inputs `(("unbound" ,unbound)
249 ,@(package-inputs gnutls)))))
250
251 (define-public openssl
252 (package
253 (name "openssl")
254 (version "1.0.2l")
255 (replacement openssl-1.0.2m)
256 (source (origin
257 (method url-fetch)
258 (uri (list (string-append "ftp://ftp.openssl.org/source/"
259 name "-" version ".tar.gz")
260 (string-append "ftp://ftp.openssl.org/source/old/"
261 (string-trim-right version char-set:letter)
262 "/" name "-" version ".tar.gz")))
263 (sha256
264 (base32
265 "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"))
266 (snippet
267 '(begin
268 ;; Remove ELF files. 'substitute*' can't read them.
269 (delete-file "test/ssltest_old")
270 (delete-file "test/v3ext")
271 (delete-file "test/x509aux")
272 #t))
273 (patches (search-patches "openssl-runpath.patch"
274 "openssl-c-rehash-in.patch"))))
275 (build-system gnu-build-system)
276 (outputs '("out"
277 "doc" ;1.5MiB of man3 pages
278 "static")) ;6MiB of .a files
279 (native-inputs `(("perl" ,perl)))
280 (arguments
281 `(#:disallowed-references (,perl)
282 #:parallel-build? #f
283 #:parallel-tests? #f
284 #:test-target "test"
285
286 ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
287 ;; so we explicitly disallow it here.
288 #:disallowed-references ,(list (canonical-package perl))
289 #:phases
290 (modify-phases %standard-phases
291 (add-before
292 'configure 'patch-Makefile.org
293 (lambda* (#:key outputs #:allow-other-keys)
294 ;; The default MANDIR is some unusual place. Fix that.
295 (let ((out (assoc-ref outputs "out")))
296 (patch-makefile-SHELL "Makefile.org")
297 (substitute* "Makefile.org"
298 (("^MANDIR[[:blank:]]*=.*$")
299 (string-append "MANDIR = " out "/share/man\n")))
300 #t)))
301 (replace
302 'configure
303 (lambda* (#:key outputs #:allow-other-keys)
304 (let ((out (assoc-ref outputs "out")))
305 (zero?
306 (system* "./config"
307 "shared" ;build shared libraries
308 "--libdir=lib"
309
310 ;; The default for this catch-all directory is
311 ;; PREFIX/ssl. Change that to something more
312 ;; conventional.
313 (string-append "--openssldir=" out
314 "/share/openssl-" ,version)
315
316 (string-append "--prefix=" out)
317
318 ;; XXX FIXME: Work around a code generation bug in GCC
319 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
320 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
321 ,@(if (and (not (%current-target-system))
322 (string-prefix? "armhf" (%current-system)))
323 '("-mfpu=vfpv3")
324 '()))))))
325 (add-after
326 'install 'make-libraries-writable
327 (lambda* (#:key outputs #:allow-other-keys)
328 ;; Make libraries writable so that 'strip' does its job.
329 (let ((out (assoc-ref outputs "out")))
330 (for-each (lambda (file)
331 (chmod file #o644))
332 (find-files (string-append out "/lib")
333 "\\.so"))
334 #t)))
335 (add-after 'install 'move-static-libraries
336 (lambda* (#:key outputs #:allow-other-keys)
337 ;; Move static libraries to the "static" output.
338 (let* ((out (assoc-ref outputs "out"))
339 (lib (string-append out "/lib"))
340 (static (assoc-ref outputs "static"))
341 (slib (string-append static "/lib")))
342 (for-each (lambda (file)
343 (install-file file slib)
344 (delete-file file))
345 (find-files lib "\\.a$"))
346 #t)))
347 (add-after 'install 'move-man3-pages
348 (lambda* (#:key outputs #:allow-other-keys)
349 ;; Move section 3 man pages to "doc".
350 (let* ((out (assoc-ref outputs "out"))
351 (man3 (string-append out "/share/man/man3"))
352 (doc (assoc-ref outputs "doc"))
353 (target (string-append doc "/share/man/man3")))
354 (mkdir-p target)
355 (for-each (lambda (file)
356 (rename-file file
357 (string-append target "/"
358 (basename file))))
359 (find-files man3))
360 (delete-file-recursively man3)
361 #t)))
362 (add-before
363 'patch-source-shebangs 'patch-tests
364 (lambda* (#:key inputs native-inputs #:allow-other-keys)
365 (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
366 (substitute* (find-files "test" ".*")
367 (("/bin/sh")
368 (string-append bash "/bin/sh"))
369 (("/bin/rm")
370 "rm"))
371 #t)))
372 (add-after
373 'install 'remove-miscellany
374 (lambda* (#:key outputs #:allow-other-keys)
375 ;; The 'misc' directory contains random undocumented shell and Perl
376 ;; scripts. Remove them to avoid retaining a reference on Perl.
377 (let ((out (assoc-ref outputs "out")))
378 (delete-file-recursively (string-append out "/share/openssl-"
379 ,version "/misc"))
380 #t))))))
381 (native-search-paths
382 ;; FIXME: These two variables must designate a single file or directory
383 ;; and are not actually "search paths." In practice it works OK in user
384 ;; profiles because there's always just one item that matches the
385 ;; specification.
386 (list (search-path-specification
387 (variable "SSL_CERT_DIR")
388 (files '("etc/ssl/certs")))
389 (search-path-specification
390 (variable "SSL_CERT_FILE")
391 (files '("etc/ssl/certs/ca-certificates.crt")))))
392 (synopsis "SSL/TLS implementation")
393 (description
394 "OpenSSL is an implementation of SSL/TLS.")
395 (license license:openssl)
396 (home-page "http://www.openssl.org/")))
397
398 ;; Fixes CVE-2017-3735 and CVE-2017-3736.
399 ;; See <https://www.openssl.org/news/cl102.txt>.
400 (define-public openssl-1.0.2m
401 (package
402 (inherit openssl)
403 (version "1.0.2m")
404 (source (origin
405 (inherit (package-source openssl))
406 (uri (list (string-append "https://www.openssl.org/source/openssl-"
407 version ".tar.gz")
408 (string-append "ftp://ftp.openssl.org/source/openssl-"
409 version ".tar.gz")
410 (string-append "ftp://ftp.openssl.org/source/old/"
411 (string-trim-right version char-set:letter)
412 "/openssl-" version ".tar.gz")))
413 (sha256
414 (base32
415 "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc"))))))
416
417 (define-public openssl-next
418 (package
419 (inherit openssl)
420 (name "openssl")
421 (version "1.1.0g")
422 (source (origin
423 (method url-fetch)
424 (uri (list (string-append "https://www.openssl.org/source/openssl-"
425 version ".tar.gz")
426 (string-append "ftp://ftp.openssl.org/source/"
427 name "-" version ".tar.gz")
428 (string-append "ftp://ftp.openssl.org/source/old/"
429 (string-trim-right version char-set:letter)
430 "/" name "-" version ".tar.gz")))
431 (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
432 (sha256
433 (base32
434 "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy"))))
435 (outputs '("out"
436 "doc" ;1.3MiB of man3 pages
437 "static")) ; 5.5MiB of .a files
438 (arguments
439 (substitute-keyword-arguments (package-arguments openssl)
440 ((#:phases phases)
441 `(modify-phases ,phases
442 (delete 'patch-tests) ; These two phases are not needed by
443 (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
444
445 ;; Override configure phase since -rpath is now a configure option.
446 (replace 'configure
447 (lambda* (#:key outputs #:allow-other-keys)
448 (let* ((out (assoc-ref outputs "out"))
449 (lib (string-append out "/lib")))
450 (zero?
451 (system* "./config"
452 "shared" ;build shared libraries
453 "--libdir=lib"
454
455 ;; The default for this catch-all directory is
456 ;; PREFIX/ssl. Change that to something more
457 ;; conventional.
458 (string-append "--openssldir=" out
459 "/share/openssl-" ,version)
460
461 (string-append "--prefix=" out)
462 (string-append "-Wl,-rpath," lib)
463
464 ;; XXX FIXME: Work around a code generation bug in GCC
465 ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
466 ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
467 ,@(if (and (not (%current-target-system))
468 (string-prefix? "armhf" (%current-system)))
469 '("-mfpu=vfpv3")
470 '()))))))
471
472 ;; XXX: Duplicate this phase to make sure 'version' evaluates
473 ;; in the current scope and not the inherited one.
474 (replace 'remove-miscellany
475 (lambda* (#:key outputs #:allow-other-keys)
476 ;; The 'misc' directory contains random undocumented shell and Perl
477 ;; scripts. Remove them to avoid retaining a reference on Perl.
478 (let ((out (assoc-ref outputs "out")))
479 (delete-file-recursively (string-append out "/share/openssl-"
480 ,version "/misc"))
481 #t)))))))))
482
483 (define-public libressl
484 (package
485 (name "libressl")
486 (version "2.5.5")
487 (source (origin
488 (method url-fetch)
489 (uri (string-append "mirror://openbsd/LibreSSL/"
490 name "-" version ".tar.gz"))
491 (sha256
492 (base32
493 "1i77viqy1afvbr392npk9v54k9zhr9zq2vhv6pliza22b0ymwzz5"))))
494 (build-system gnu-build-system)
495 (arguments
496 ;; Do as if 'getentropy' was missing since older Linux kernels lack it
497 ;; and libc would return ENOSYS, which is not properly handled.
498 ;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
499 '(#:configure-flags '("ac_cv_func_getentropy=no"
500 ;; Provide a TLS-enabled netcat.
501 "--enable-nc")))
502 (native-search-paths
503 ;; FIXME: These two variables must designate a single file or directory
504 ;; and are not actually "search paths." In practice it works OK in
505 ;; user profiles because there's always just one item that matches the
506 ;; specification.
507 (list (search-path-specification
508 (variable "SSL_CERT_DIR")
509 (files '("etc/ssl/certs")))
510 (search-path-specification
511 (variable "SSL_CERT_FILE")
512 (files '("etc/ssl/certs/ca-certificates.crt")))))
513 (home-page "https://www.libressl.org/")
514 (synopsis "SSL/TLS implementation")
515 (description "LibreSSL is a version of the TLS/crypto stack, forked from
516 OpenSSL in 2014 with the goals of modernizing the codebase, improving security,
517 and applying best practice development processes. This package also includes a
518 netcat implementation that supports TLS.")
519 ;; Files taken from OpenSSL keep their license, others are under various
520 ;; non-copyleft licenses.
521 (license (list license:openssl
522 (license:non-copyleft
523 "file://COPYING"
524 "See COPYING in the distribution.")))))
525
526 (define-public python-acme
527 (package
528 (name "python-acme")
529 ;; Remember to update the hash of certbot when updating python-acme.
530 (version "0.19.0")
531 (source (origin
532 (method url-fetch)
533 (uri (pypi-uri "acme" version))
534 (sha256
535 (base32
536 "08p8w50zciqlhgn3ab0wbbvi1zyg3x37r1gywq0z1allsij3v8hz"))))
537 (build-system python-build-system)
538 (arguments
539 `(#:phases
540 (modify-phases %standard-phases
541 (add-after 'build 'build-documentation
542 (lambda _
543 (zero? (system* "make" "-C" "docs" "man" "info"))))
544 (add-after 'install 'install-documentation
545 (lambda* (#:key outputs #:allow-other-keys)
546 (let* ((out (assoc-ref outputs "out"))
547 (man (string-append out "/share/man/man1"))
548 (info (string-append out "/info")))
549 (install-file "docs/_build/texinfo/acme-python.info" info)
550 (install-file "docs/_build/man/acme-python.1" man)
551 #t))))))
552 ;; TODO: Add optional inputs for testing.
553 (native-inputs
554 `(("python-mock" ,python-mock-2)
555 ;; For documentation
556 ("python-sphinx" ,python-sphinx)
557 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
558 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
559 ("texinfo" ,texinfo)))
560 (propagated-inputs
561 `(("python-six" ,python-six)
562 ("python-requests" ,python-requests)
563 ("python-pytz" ,python-pytz)
564 ("python-pyrfc3339" ,python-pyrfc3339)
565 ("python-pyasn1" ,python-pyasn1)
566 ("python-cryptography" ,python-cryptography)
567 ("python-pyopenssl" ,python-pyopenssl)))
568 (home-page "https://github.com/letsencrypt/letsencrypt")
569 (synopsis "ACME protocol implementation in Python")
570 (description "ACME protocol implementation in Python")
571 (license license:asl2.0)))
572
573 (define-public certbot
574 (package
575 (name "certbot")
576 ;; Certbot and python-acme are developed in the same repository, and their
577 ;; versions should remain synchronized.
578 (version (package-version python-acme))
579 (source (origin
580 (method url-fetch)
581 (uri (pypi-uri name version))
582 (sha256
583 (base32
584 "0lwxqz3r0fg3dy06fgba1dfs7n6ribc25z0rh5rqbl7mvy8hf8x7"))))
585 (build-system python-build-system)
586 (arguments
587 `(,@(substitute-keyword-arguments (package-arguments python-acme)
588 ((#:phases phases)
589 `(modify-phases ,phases
590 (replace 'install-documentation
591 (lambda* (#:key outputs #:allow-other-keys)
592 (let* ((out (assoc-ref outputs "out"))
593 (man1 (string-append out "/share/man/man1"))
594 (man7 (string-append out "/share/man/man7"))
595 (info (string-append out "/info")))
596 (install-file "docs/_build/texinfo/Certbot.info" info)
597 (install-file "docs/_build/man/certbot.1" man1)
598 (install-file "docs/_build/man/certbot.7" man7)
599 #t))))))))
600 ;; TODO: Add optional inputs for testing.
601 (native-inputs
602 `(("python-nose" ,python-nose)
603 ("python-mock" ,python-mock-2)
604 ;; For documentation
605 ("python-sphinx" ,python-sphinx)
606 ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
607 ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
608 ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
609 ("texinfo" ,texinfo)))
610 (propagated-inputs
611 `(("python-acme" ,python-acme)
612 ("python-zope-interface" ,python-zope-interface)
613 ("python-pyrfc3339" ,python-pyrfc3339)
614 ("python-pyopenssl" ,python-pyopenssl)
615 ("python-configobj" ,python-configobj)
616 ("python-configargparse" ,python-configargparse)
617 ("python-zope-component" ,python-zope-component)
618 ("python-parsedatetime" ,python-parsedatetime)
619 ("python-six" ,python-six)
620 ("python-psutil" ,python-psutil)
621 ("python-requests" ,python-requests)
622 ("python-pytz" ,python-pytz)))
623 (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
624 (description "Certbot automatically receives and installs X.509 certificates
625 to enable Transport Layer Security (TLS) on servers. It interoperates with the
626 Let’s Encrypt certificate authority (CA), which issues browser-trusted
627 certificates for free.")
628 (home-page "https://certbot.eff.org/")
629 (license license:asl2.0)))
630
631 (define-public letsencrypt
632 (package (inherit certbot)
633 (name "letsencrypt")
634 (properties `((superseded . ,certbot)))))
635
636 (define-public perl-net-ssleay
637 (package
638 (name "perl-net-ssleay")
639 (version "1.81")
640 (source (origin
641 (method url-fetch)
642 (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
643 "Net-SSLeay-" version ".tar.gz"))
644 (sha256
645 (base32
646 "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0"))))
647 (build-system perl-build-system)
648 (inputs `(("openssl" ,openssl)))
649 (arguments
650 `(#:phases
651 (modify-phases %standard-phases
652 (add-before
653 'configure 'set-ssl-prefix
654 (lambda* (#:key inputs #:allow-other-keys)
655 (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl"))
656 #t)))))
657 (synopsis "Perl extension for using OpenSSL")
658 (description
659 "This module offers some high level convenience functions for accessing
660 web pages on SSL servers (for symmetry, the same API is offered for accessing
661 http servers, too), an sslcat() function for writing your own clients, and
662 finally access to the SSL api of the SSLeay/OpenSSL package so you can write
663 servers or clients for more complicated applications.")
664 (license license:perl-license)
665 (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
666
667 (define-public perl-crypt-openssl-rsa
668 (package
669 (name "perl-crypt-openssl-rsa")
670 (version "0.28")
671 (source
672 (origin
673 (method url-fetch)
674 (uri (string-append
675 "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
676 version
677 ".tar.gz"))
678 (sha256
679 (base32
680 "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
681 (build-system perl-build-system)
682 (inputs
683 `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
684 ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
685 ("openssl" ,openssl)))
686 (arguments perl-crypt-arguments)
687 (home-page
688 "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
689 (synopsis
690 "RSA encoding and decoding, using the openSSL libraries")
691 (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
692 OpenSSL libraries).")
693 (license license:perl-license)))
694
695 (define perl-crypt-arguments
696 `(#:phases (modify-phases %standard-phases
697 (add-before 'configure 'patch-Makefile.PL
698 (lambda* (#:key inputs #:allow-other-keys)
699 (substitute* "Makefile.PL"
700 (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
701 (assoc-ref inputs "openssl")
702 "/lib -lcrypto'],")))
703 #t)))))
704
705 (define-public perl-crypt-openssl-bignum
706 (package
707 (name "perl-crypt-openssl-bignum")
708 (version "0.08")
709 (source
710 (origin
711 (method url-fetch)
712 (uri (string-append
713 "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
714 version
715 ".tar.gz"))
716 (sha256
717 (base32
718 "0gamn4dff1bz77nswacy1dlpn9fkwahzw7yvvik4nbwwy2s63hc8"))))
719 (build-system perl-build-system)
720 (inputs `(("openssl" ,openssl)))
721 (arguments perl-crypt-arguments)
722 (home-page
723 "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
724 (synopsis
725 "OpenSSL's multiprecision integer arithmetic in Perl")
726 (description "Crypt::OpenSSL::Bignum provides multiprecision integer
727 arithmetic in Perl.")
728 ;; At your option either gpl1+ or the Artistic License
729 (license license:perl-license)))
730
731 (define-public perl-crypt-openssl-random
732 (package
733 (name "perl-crypt-openssl-random")
734 (version "0.11")
735 (source
736 (origin
737 (method url-fetch)
738 (uri (string-append
739 "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
740 version
741 ".tar.gz"))
742 (sha256
743 (base32
744 "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
745 (build-system perl-build-system)
746 (inputs `(("openssl" ,openssl)))
747 (arguments perl-crypt-arguments)
748 (home-page
749 "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
750 (synopsis
751 "OpenSSL/LibreSSL pseudo-random number generator access")
752 (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
753 number generator")
754 (license license:perl-license)))
755
756 (define-public acme-client
757 (package
758 (name "acme-client")
759 (version "0.1.16")
760 (source (origin
761 (method url-fetch)
762 (uri (string-append "https://kristaps.bsd.lv/" name "/"
763 "snapshots/" name "-portable-"
764 version ".tgz"))
765 (sha256
766 (base32
767 "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
768 (build-system gnu-build-system)
769 (arguments
770 '(#:tests? #f ; no test suite
771 #:make-flags
772 (list "CC=gcc"
773 (string-append "PREFIX=" (assoc-ref %outputs "out")))
774 #:phases
775 (modify-phases %standard-phases
776 (add-after 'unpack 'patch-paths
777 (lambda* (#:key inputs #:allow-other-keys)
778 (let ((pem (string-append (assoc-ref inputs "libressl")
779 "/etc/ssl/cert.pem")))
780 (substitute* "http.c"
781 (("/etc/ssl/cert.pem") pem))
782 #t)))
783 (delete 'configure)))) ; no './configure' script
784 (native-inputs
785 `(("pkg-config" ,pkg-config)))
786 (inputs
787 `(("libbsd" ,libbsd)
788 ("libressl" ,libressl)))
789 (synopsis "Let's Encrypt client by the OpenBSD project")
790 (description "acme-client is a Let's Encrypt client implemented in C. It
791 uses a modular design, and attempts to secure itself by dropping privileges and
792 operating in a chroot where possible. acme-client is developed on OpenBSD and
793 then ported to the GNU / Linux environment.")
794 (home-page "https://kristaps.bsd.lv/acme-client/")
795 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
796 ;; and 'jsmn.c' are distributed under the Expat license.
797 (license (list license:isc license:expat))))
798
799 ;; The "-apache" variant is the upstreamed prefered variant. A "-gpl"
800 ;; variant exists in addition to the "-apache" one.
801 (define-public mbedtls-apache
802 (package
803 (name "mbedtls-apache")
804 (version "2.6.0")
805 (source
806 (origin
807 (method url-fetch)
808 ;; XXX: The download links on the website are script redirection links
809 ;; which effectively lead to the format listed in the uri here.
810 (uri (string-append "https://tls.mbed.org/download/mbedtls-"
811 version "-apache.tgz"))
812 (sha256
813 (base32
814 "11wnj34rfqxjggmdgf042i49lr6civgbqwv2p7p8bn6k2919vg4r"))))
815 (build-system cmake-build-system)
816 (native-inputs
817 `(("perl" ,perl)))
818 (synopsis "Small TLS library")
819 (description
820 "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
821 for developers to include cryptographic and SSL/TLS capabilities in their
822 (embedded) products, facilitating this functionality with a minimal
823 coding footprint.")
824 (home-page "https://tls.mbed.org")
825 (license license:asl2.0)))
826
827 (define-public ghc-tls
828 (package
829 (name "ghc-tls")
830 (version "1.3.8")
831 (source (origin
832 (method url-fetch)
833 (uri (string-append "https://hackage.haskell.org/package/"
834 "tls/tls-" version ".tar.gz"))
835 (sha256
836 (base32
837 "1rdidf18i781c0vdvy9yn79yh08hmcacf6fp3sgghyiy3h0wyh5l"))))
838 (build-system haskell-build-system)
839 (inputs
840 `(("ghc-mtl" ,ghc-mtl)
841 ("ghc-cereal" ,ghc-cereal)
842 ("ghc-data-default-class" ,ghc-data-default-class)
843 ("ghc-memory" ,ghc-memory)
844 ("ghc-cryptonite" ,ghc-cryptonite)
845 ("ghc-asn1-types" ,ghc-asn1-types)
846 ("ghc-asn1-encoding" ,ghc-asn1-encoding)
847 ("ghc-x509" ,ghc-x509)
848 ("ghc-x509-store" ,ghc-x509-store)
849 ("ghc-x509-validation" ,ghc-x509-validation)
850 ("ghc-async" ,ghc-async)
851 ("ghc-network" ,ghc-network)
852 ("ghc-hourglass" ,ghc-hourglass)))
853 (native-inputs
854 `(("ghc-tasty" ,ghc-tasty)
855 ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck)
856 ("ghc-quickcheck" ,ghc-quickcheck)))
857 (home-page "https://github.com/vincenthz/hs-tls")
858 (synopsis
859 "TLS/SSL protocol native implementation (Server and Client)")
860 (description
861 "Native Haskell TLS and SSL protocol implementation for server and client.
862 This provides a high-level implementation of a sensitive security protocol,
863 eliminating a common set of security issues through the use of the advanced
864 type system, high level constructions and common Haskell features. Currently
865 implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol, and support RSA and
866 Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges, and many
867 extensions.")
868 (license license:bsd-3)))
jackhill's copy of GNU Guix: https://guix.gnu.org/