1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
4 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
5 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
6 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
7 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
8 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
10 ;;; This file is part of GNU Guix.
12 ;;; GNU Guix is free software; you can redistribute it and/or modify it
13 ;;; under the terms of the GNU General Public License as published by
14 ;;; the Free Software Foundation; either version 3 of the License, or (at
15 ;;; your option) any later version.
17 ;;; GNU Guix is distributed in the hope that it will be useful, but
18 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
19 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ;;; GNU General Public License for more details.
22 ;;; You should have received a copy of the GNU General Public License
23 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
25 (define-module (gnu packages gnupg)
26 #:use-module ((guix licenses) #:prefix license:)
27 #:use-module (gnu packages)
28 #:use-module (gnu packages adns)
29 #:use-module (gnu packages curl)
30 #:use-module (gnu packages openldap)
31 #:use-module (gnu packages perl)
32 #:use-module (gnu packages pth)
33 #:use-module (gnu packages python)
34 #:use-module (gnu packages readline)
35 #:use-module (gnu packages compression)
36 #:use-module (gnu packages databases)
37 #:use-module (gnu packages gtk)
38 #:use-module (gnu packages glib)
39 #:use-module (gnu packages gnome)
40 #:use-module (gnu packages pkg-config)
41 #:use-module (gnu packages ncurses)
42 #:use-module (gnu packages tls)
43 #:use-module (guix packages)
44 #:use-module (guix download)
45 #:use-module (guix build-system gnu)
46 #:use-module (guix build-system python))
48 (define-public libgpg-error
55 (uri (string-append "mirror://gnupg/libgpg-error/libgpg-error-"
59 "0kdq2cbnk84fr4jqcv689rlxpbyl6bda2cn6y3ll19v3mlydpnxp"))))
60 (build-system gnu-build-system)
61 (home-page "http://gnupg.org")
62 (synopsis "Library of error values for GnuPG components")
64 "Libgpg-error is a small library that defines common error values
65 for all GnuPG components. Among these are GPG, GPGSM, GPGME,
66 GPG-Agent, libgcrypt, Libksba, DirMngr, Pinentry, SmartCard
67 Daemon and possibly more in the future.")
68 (license license:lgpl2.0+)))
70 (define-public libgcrypt
76 (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
80 "0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl"))))
81 (build-system gnu-build-system)
83 `(("libgpg-error-host" ,libgpg-error)))
85 ;; Needed here for the 'gpg-error' program.
86 `(("libgpg-error-native" ,libgpg-error)))
88 ;; The '--with-gpg-error-prefix' argument is needed because otherwise
89 ;; 'configure' uses 'gpg-error-config' to determine the '-L' flag, and
90 ;; the 'gpg-error-config' it runs is the native one---i.e., the wrong one.
92 (list (string-append "--with-gpg-error-prefix="
93 (assoc-ref %build-inputs "libgpg-error-host")))))
94 (outputs '("out" "debug"))
95 (home-page "http://gnupg.org/")
96 (synopsis "Cryptographic function library")
98 "Libgcrypt is a general-purpose cryptographic library. It provides the
99 standard cryptographic building blocks such as symmetric ciphers, hash
100 algorithms, public key algorithms, large integer functions and random number
102 (license license:lgpl2.0+)))
104 (define-public libgcrypt-1.5
105 (package (inherit libgcrypt)
110 (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
114 "0czvqxkzd5y872ipy6s010ifwdwv29sqbnqc4pf56sd486gqvy6m"))))))
116 (define-public libassuan
123 (uri (string-append "mirror://gnupg/libassuan/libassuan-"
127 "086bbcdnvs48qq5g4iac7dpk76j0q3jrp16mchdvyx0b720xq1mv"))))
128 (build-system gnu-build-system)
130 `(("libgpg-error" ,libgpg-error) ("pth" ,pth)))
131 (home-page "http://gnupg.org")
133 "IPC library used by GnuPG and related software")
135 "Libassuan is a small library implementing the so-called Assuan
136 protocol. This protocol is used for IPC between most newer
137 GnuPG components. Both, server and client side functions are
139 (license license:lgpl2.0+)))
141 (define-public libksba
149 "mirror://gnupg/libksba/libksba-"
153 "11kp3h9l3b8ikydkcdkwgx45r662zi30m26ra5llyhfh6kz5yzqc"))))
154 (build-system gnu-build-system)
156 `(("libgpg-error" ,libgpg-error)))
158 `(("libgpg-error" ,libgpg-error)))
161 (list ,@(if (%current-target-system)
162 '("CC_FOR_BUILD=gcc")
164 (string-append "--with-gpg-error-prefix="
165 (assoc-ref %build-inputs "libgpg-error")))))
166 (home-page "http://www.gnupg.org")
167 (synopsis "CMS and X.509 access library")
169 "KSBA (pronounced Kasbah) is a library to make X.509 certificates
170 as well as the CMS easily accessible by other applications. Both
171 specifications are building blocks of S/MIME and TLS.")
172 (license license:gpl3+)))
182 "mirror://gnupg/npth/npth-"
186 "12n0nvhw4fzwp0k7gjv3rc6pdml0qiinbbfiz4ilg6pl5kdxvnvd"))))
187 (build-system gnu-build-system)
188 (home-page "http://www.gnupg.org")
189 (synopsis "Non-preemptive thread library")
191 "Npth is a library to provide the GNU Pth API and thus a non-preemptive
192 threads implementation.
194 In contrast to GNU Pth is is based on the system's standard threads
195 implementation. This allows the use of libraries which are not
196 compatible to GNU Pth.")
197 (license (list license:lgpl3+ license:gpl2+)))) ; dual license
205 (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
209 "06mn2viiwsyq991arh5i5fhr9jyxq2bi0jkdj7ndfisxihngpc5p"))
210 (patches (search-patches
211 "gnupg-simple-query-ignore-status-messages.patch"))))
212 (build-system gnu-build-system)
214 `(("pkg-config" ,pkg-config)))
220 ("libassuan" ,libassuan)
221 ("libgcrypt" ,libgcrypt)
222 ("libgpg-error" ,libgpg-error)
225 ("openldap" ,openldap)
226 ("readline" ,readline)
232 'configure 'patch-config-files
234 (substitute* "tests/openpgp/defs.inc"
235 (("/bin/pwd") (which "pwd"))))
237 (home-page "http://gnupg.org/")
238 (synopsis "GNU Privacy Guard")
240 "The GNU Privacy Guard is a complete implementation of the OpenPGP
241 standard. It is used to encrypt and sign data and communication. It
242 features powerful key management and the ability to access public key
243 servers. It includes several libraries: libassuan (IPC between GnuPG
244 components), libgpg-error (centralized GnuPG error values), and
245 libskba (working with X.509 certificates and CMS data).")
246 (license license:gpl3+)))
248 (define-public gnupg-2.0
249 (package (inherit gnupg)
253 (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
257 "0wax4cy14hh0h7kg9hj0hjn9424b71z8lrrc5kbsasrn9xd7hag3"))))
263 ("libassuan" ,libassuan)
264 ("libgcrypt" ,libgcrypt)
265 ("libgpg-error" ,libgpg-error)
268 ("openldap" ,openldap)
270 ("readline" ,readline)))
274 'configure 'patch-config-files
276 (substitute* "tests/openpgp/Makefile.in"
277 (("/bin/sh") (which "bash"))))
278 %standard-phases)))))
280 (define-public gnupg-1
281 (package (inherit gnupg)
285 (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
289 "1k7d6zi0zznqsmcjic0yrgfhqklqz3qgd3yac7wxsa7s6088p604"))))
295 ("readline" ,readline)
296 ("libgpg-error" ,libgpg-error)))
298 `(#:phases (alist-cons-after
299 'unpack 'patch-check-sh
301 (substitute* "checks/Makefile.in"
302 (("/bin/sh") (which "bash"))))
303 %standard-phases)))))
312 (uri (string-append "mirror://gnupg/gpgme/gpgme-" version
316 "17892sclz3yg45wbyqqrzzpq3l0icbnfl28f101b3062g8cy97dh"))))
317 (build-system gnu-build-system)
319 ;; Needs to be propagated because gpgme.h includes gpg-error.h.
320 `(("libgpg-error" ,libgpg-error)))
322 `(("gnupg" ,gnupg-2.0)
323 ("libassuan" ,libassuan)))
324 (arguments '(#:make-flags '("GPG=gpg2")))
325 (home-page "http://www.gnupg.org/related_software/gpgme/")
326 (synopsis "Library providing simplified access to GnuPG functionality")
328 "GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG
329 easier for applications. It provides a High-Level Crypto API for encryption,
330 decryption, signing, signature verification and key management. Currently
331 it uses GnuPG as its backend but the API isn't restricted to this engine.
333 Because the direct use of GnuPG from an application can be a complicated
334 programming task, it is suggested that all software should try to use GPGME
335 instead. This way bug fixes or improvements can be done at a central place
336 and every application benefits from this.")
337 (license license:lgpl2.1+)))
339 (define-public python-pygpgme
341 (name "python-pygpgme")
346 (uri (pypi-uri "pygpgme" version))
349 "1q82p3gs6lwq8j8dxk4pvrwk3jpww1zqcjrzznl9clh10z28gn2z"))
350 ;; Unfortunately, we have to disable some tests due to some gpg-agent
352 ;; https://bugs.launchpad.net/pygpgme/+bug/999949
353 (patches (search-patches "pygpgme-disable-problematic-tests.patch"))))
356 (modify-phases %standard-phases
357 (add-before 'build 'make-build
359 (zero? (system* "make" "build"))))
362 (zero? (system* "make" "check")))))))
363 (build-system python-build-system)
365 `(;; setuptools required for python-2 variant
366 ("python-setuptools" ,python-setuptools)
369 (home-page "https://launchpad.net/pygpgme")
370 (synopsis "Python module for working with OpenPGP messages")
372 "PyGPGME is a Python module that lets you sign, verify, encrypt and
373 decrypt messages using the OpenPGP format by making use of GPGME.")
374 (license license:lgpl2.1+)))
376 (define-public python2-pygpgme
377 (package-with-python2 python-pygpgme))
379 (define-public python-gnupg
381 (name "python-gnupg")
386 (uri (pypi-uri "python-gnupg" version))
389 "0nkbs9c8f30lra7ca39kg91x8cyxn0jb61vih4qky839gpbwwwiq"))))
390 (build-system python-build-system)
393 (modify-phases %standard-phases
395 (lambda* (#:key inputs #:allow-other-keys)
396 (substitute* "test_gnupg.py"
397 ;; Test keyrings are missing, so this test fails.
398 (("'test_scan_keys'") "True")
399 (("def test_scan_keys") "def disabled__scan_keys")
400 ;; Unsure why this test fails.
401 (("'test_search_keys'") "True")
402 (("def test_search_keys") "def disabled__search_keys"))
403 (setenv "GPGBINARY" "gpg")
404 (setenv "USERNAME" "guixbuilder")
405 ;; The doctests are extremely slow and sometimes time out,
406 ;; so we disable them.
407 (zero? (system* "python"
408 "test_gnupg.py" "--no-doctests")))))))
410 `(("gnupg" ,gnupg-1)))
411 (home-page "http://packages.python.org/python-gnupg/index.html")
412 (synopsis "Wrapper for the GNU Privacy Guard")
414 "This module allows easy access to GnuPG’s key management, encryption
415 and signature functionality from Python programs.")
416 (license license:bsd-3)))
418 (define-public python2-gnupg
419 (package-with-python2 python-gnupg))
428 "https://github.com/jaymzh/pius/releases/download/v"
429 version "/pius-" version ".tar.bz2"))
432 "0k94mlr7l12mplph7pdgjbampqha47d8mfjq69n4xm80qwbn1rq1"))))
433 (build-system python-build-system)
434 (inputs `(("perl" ,perl) ;for 'pius-party-worksheet'
435 ("gpg" ,gnupg-2.0))) ;2.1 fails to talk to gpg-agent 2.0
438 #:python ,python-2 ;uses the Python 2 'print' syntax
440 (modify-phases %standard-phases
442 'build 'set-gpg-file-name
443 (lambda* (#:key inputs outputs #:allow-other-keys)
444 (let* ((gpg (string-append (assoc-ref inputs "gpg")
446 (substitute* "libpius/constants.py"
447 (("/usr/bin/gpg2") gpg))))))))
448 (synopsis "Programs to simplify GnuPG key signing")
450 "Pius (PGP Individual UID Signer) helps attendees of PGP keysigning
451 parties. It is the main utility and makes it possible to quickly and easily
452 sign each UID on a set of PGP keys. It is designed to take the pain out of
453 the sign-all-the-keys part of PGP Keysigning Party while adding security
456 pius-keyring-mgr and pius-party-worksheet help organisers of
457 PGP keysigning parties.")
458 (license license:gpl2)
459 (home-page "http://www.phildev.net/pius/index.shtml")))
461 (define-public signing-party
463 (name "signing-party")
467 (uri (string-append "http://ftp.debian.org/debian/pool/main/s/signing-party/signing-party_"
468 version ".orig.tar.gz"))
470 "188gp0prbh8qs29lq3pbf0qibfd6jq4fk7i0pfrybl8aahvm84rx"))))
471 (build-system gnu-build-system)
472 (inputs `(("perl" ,perl)))
477 'unpack 'remove-spurious-links
478 (lambda _ (delete-file "keyanalyze/pgpring/depcomp"))
481 (lambda* (#:key outputs #:allow-other-keys)
482 (let ((out (assoc-ref outputs "out")))
483 (substitute* "keyanalyze/Makefile"
484 (("LDLIBS") (string-append "CC=" (which "gcc") "\nLDLIBS")))
485 (substitute* "keyanalyze/Makefile"
486 (("./configure") (string-append "./configure --prefix=" out)))
487 (substitute* "keyanalyze/pgpring/configure"
488 (("/bin/sh") (which "bash")))
489 (substitute* "gpgwrap/Makefile"
490 (("\\} clean") (string-append "} clean\ninstall:\n\tinstall -D bin/gpgwrap "
491 out "/bin/gpgwrap\n")))
492 (substitute* '("gpgsigs/Makefile" "keyanalyze/Makefile"
493 "keylookup/Makefile" "sig2dot/Makefile"
494 "springgraph/Makefile")
498 (lambda* (#:key outputs #:allow-other-keys #:rest args)
499 (let ((out (assoc-ref outputs "out"))
500 (install (assoc-ref %standard-phases 'install)))
504 (copy-file (string-append dir "/" file)
505 (string-append out "/bin/" file)))
506 '("caff" "caff" "caff" "gpgdir" "gpg-key2ps"
507 "gpglist" "gpg-mailkeys" "gpgparticipants")
508 '("caff" "pgp-clean" "pgp-fixkey" "gpgdir" "gpg-key2ps"
509 "gpglist" "gpg-mailkeys" "gpgparticipants"))
512 (copy-file (string-append dir "/" file)
513 (string-append out "/share/man/man1/" file)))
514 '("caff" "caff" "caff" "gpgdir"
515 "gpg-key2ps" "gpglist" "gpg-mailkeys"
516 "gpgparticipants" "gpgsigs" "gpgwrap/doc"
517 "keyanalyze" "keyanalyze/pgpring" "keyanalyze")
518 '("caff.1" "pgp-clean.1" "pgp-fixkey.1" "gpgdir.1"
519 "gpg-key2ps.1" "gpglist.1" "gpg-mailkeys.1"
520 "gpgparticipants.1" "gpgsigs.1" "gpgwrap.1"
521 "process_keys.1" "pgpring.1" "keyanalyze.1"))))
522 %standard-phases)))))
523 (synopsis "Collection of scripts for simplifying gnupg key signing")
525 "Signing-party is a collection for all kinds of PGP/GnuPG related things,
526 including tools for signing keys, keyring analysis, and party preparation.
528 * caff: CA - Fire and Forget signs and mails a key
530 * pgp-clean: removes all non-self signatures from key
532 * pgp-fixkey: removes broken packets from keys
534 * gpg-mailkeys: simply mail out a signed key to its owner
536 * gpg-key2ps: generate PostScript file with fingerprint paper strips
538 * gpgdir: recursive directory encryption tool
540 * gpglist: show who signed which of your UIDs
542 * gpgsigs: annotates list of GnuPG keys with already done signatures
544 * gpgparticipants: create list of party participants for the organiser
546 * gpgwrap: a passphrase wrapper
548 * keyanalyze: minimum signing distance (MSD) analysis on keyrings
550 * keylookup: ncurses wrapper around gpg --search
552 * sig2dot: converts a list of GnuPG signatures to a .dot file
554 * springgraph: creates a graph from a .dot file")
555 ;; gpl2+ for almost all programs, except for keyanalyze: gpl2
556 ;; and caff and gpgsigs: bsd-3, see
557 ;; http://packages.debian.org/changelogs/pool/main/s/signing-party/current/copyright
558 (license license:gpl2)
559 (home-page "http://pgp-tools.alioth.debian.org/")))
561 (define-public pinentry
567 (uri (string-append "mirror://gnupg/pinentry/pinentry-"
571 "0rhyw1vk28kgasjp22myf7m2q8kycw82d65pr9kgh93z17lj849a"))))
572 (build-system gnu-build-system)
574 `(("ncurses" ,ncurses)
575 ("libassuan" ,libassuan)
576 ("libsecret" ,libsecret "out")
580 `(("pkg-config" ,pkg-config)))
581 (home-page "http://gnupg.org/aegypten2/")
582 (synopsis "GnuPG's interface to passphrase input")
584 "Pinentry provides a console and a GTK+ GUI that allows users to
585 enter a passphrase when `gpg' or `gpg2' is run and needs it.")
586 (license license:gpl2+)))
588 (define-public paperkey
594 (uri (string-append "http://www.jabberwocky.com/"
595 "software/paperkey/paperkey-"
599 "1yybj8bj68v4lxwpn596b6ismh2fyixw5vlqqg26byrn4d9dfmsv"))))
600 (build-system gnu-build-system)
604 'check 'patch-check-scripts
606 (substitute* '("checks/roundtrip.sh"
607 "checks/roundtrip-raw.sh")
608 (("/bin/echo") "echo")))
610 (home-page "http://www.jabberwocky.com/software/paperkey/")
611 (synopsis "Backup OpenPGP keys to paper")
613 "Paperkey extracts the secret bytes from an OpenPGP (GnuPG, PGP, etc) key
614 for printing with paper and ink, which have amazingly long retention
615 qualities. To reconstruct a secret key, you re-enter those
616 bytes (whether by hand, OCR, QR code, or the like) and paperkey can use
617 them to transform your existing public key into a secret key.")
618 (license license:gpl2+)))