;;; Copyright © 2015, 2017, 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
-;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017 ng0 <ng0@n0.is>
;;; Copyright © 2016, 2017, 2019 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
;;; Copyright © 2018 Nicolò Balzarotti <nicolo@nixo.xyz>
;;; Copyright © 2018 Tim Gesthuizen <tim.gesthuizen@yahoo.de>
;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz>
+;;; Copyright © 2019 Tanguy Le Carrour <tanguy@bioneland.org>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu packages libbsd)
#:use-module (gnu packages libffi)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages lsof)
#:use-module (gnu packages nettle)
#:use-module (gnu packages password-utils)
#:use-module (gnu packages perl)
(define-public libsodium
(package
(name "libsodium")
- (version "1.0.17")
+ (version "1.0.18")
(source (origin
(method url-fetch)
(uri (list (string-append
"releases/old/libsodium-" version ".tar.gz")))
(sha256
(base32
- "1cf2d9v1gylz1qcy2zappbf526qfmph6gd6fnn3w2b347vixmhqc"))))
+ "1h9ncvj23qbbni958knzsli8dvybcswcjbx0qjjgi922nf848l3g"))))
(build-system gnu-build-system)
(synopsis "Portable NaCl-based crypto library")
(description
(define-public signify
(package
(name "signify")
- (version "25")
+ (version "27")
(home-page "https://github.com/aperezdc/signify")
(source (origin
- (method git-fetch)
- (uri (git-reference (url home-page)
- (commit (string-append "v" version))))
- (file-name (git-file-name name version))
+ (method url-fetch)
+ (uri (string-append "https://github.com/aperezdc/signify/releases"
+ "/download/v" version "/signify-" version ".tar.xz"))
(sha256
(base32
- "0zg0rffxwj2a71s1bllhrn491xsmirg9sshpq8f3vl25lv4c2cnq"))))
+ "0ngjsqz95yb0knlw9zs02fnclif40s63r1mydgiv17ii3mds82df"))))
(build-system gnu-build-system)
;; TODO Build with libwaive (described in README.md), to implement something
;; like OpenBSD's pledge().
(copy-recursively (assoc-ref inputs "googletest-source")
"vendor/github.com/google/googletest")
#t))
+ (add-before 'configure 'patch-CMakeLists.txt
+ (lambda _
+ ;; Prevent CMake from adding libc on the system include path.
+ ;; Otherwise it will interfere with the libc used by GCC and
+ ;; ultimately cause #include_next errors.
+ (substitute* "CMakeLists.txt"
+ (("include_directories \\(SYSTEM \\$\\{Intl_INCLUDE_DIRS\\}\\)")
+ ""))
+ #t))
(add-before 'check 'make-unittests
(lambda _
(invoke "make" "unittests"))))))
(define-public tomb
(package
(name "tomb")
- (version "2.5")
+ (version "2.7")
(source (origin
(method url-fetch)
(uri (string-append "https://files.dyne.org/tomb/"
"Tomb-" version ".tar.gz"))
(sha256
(base32
- "12c6qldngaw520gvb02inzkhnxbl4k0dwmddrgnaf7xashy6j0wc"))))
+ "0x3al02796vx1cvy6y6h685c367qx70dwv471g0hmks2gr10f0cn"))
+ (patches (search-patches "tomb-fix-errors-on-open.patch"))))
(build-system gnu-build-system)
(native-inputs `(("sudo" ,sudo))) ;presence needed for 'check' phase
(inputs
("cryptsetup" ,cryptsetup)
("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4
("gettext" ,gettext-minimal) ;used at runtime
+ ("lsof" ,lsof)
("mlocate" ,mlocate)
("pinentry" ,pinentry)
("qrencode" ,qrencode)
("util-linux" ,util-linux)))
(arguments
`(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+ ;; The "sudo" input is needed only to satisfy dependency checks in the
+ ;; 'check' phase. The "sudo" used at runtime should come from the
+ ;; system's setuid-programs, so ensure no reference is kept.
+ #:disallowed-references (,sudo)
;; TODO: Build and install gtk and qt trays
#:phases
(modify-phases %standard-phases
- (delete 'configure) ;no configuration to be done
+ (delete 'configure) ;no configuration to be done
(add-after 'install 'i18n
(lambda* (#:key make-flags #:allow-other-keys)
(apply invoke "make" "-C" "extras/translations"
,@(map (lambda (program)
(or (and=> (which program) dirname)
(error "program not found:" program)))
- '("seq" "mkfs.ext4" "pinentry" "sudo"
- "gpg" "cryptsetup" "gettext"
+ '("seq" "mkfs.ext4" "pinentry"
+ "gpg" "cryptsetup" "gettext" "lsof"
"qrencode" "steghide" "findmnt")))))
#t)))
(delete 'check)
`(("openssl" ,openssl)))
(home-page "https://www.tarsnap.com/scrypt.html")
(synopsis "Memory-hard encryption tool based on scrypt")
- (description "This packages provides a simple password-based encryption
+ (description "This package provides a simple password-based encryption
utility as a demonstration of the @code{scrypt} key derivation function.
@code{Scrypt} is designed to be far more resistant against hardware brute-force
attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
(define-public perl-crypt-random-source
(package
(name "perl-crypt-random-source")
- (version "0.12")
+ (version "0.14")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
"Crypt-Random-Source-" version ".tar.gz"))
(sha256
- (base32
- "00mw5m52sbz9nqp3f6axyrgcrihqxn7k8gv0vi1kvm1j1nc9g29h"))))
+ (base32 "1rpdds3sy5l1fhngnkrsgwsmwd54wpicx3i9ds69blcskwkcwkpc"))))
(build-system perl-build-system)
(native-inputs
`(("perl-module-build-tiny" ,perl-module-build-tiny)
- ("perl-test-exception" ,perl-test-exception)))
+ ("perl-test-fatal" ,perl-test-fatal)))
(propagated-inputs
`(("perl-capture-tiny" ,perl-capture-tiny)
("perl-module-find" ,perl-module-find)
(define-public botan
(package
(name "botan")
- (version "2.7.0")
+ (version "2.12.1")
(source (origin
(method url-fetch)
(uri (string-append "https://botan.randombit.net/releases/"
- "Botan-" version ".tgz"))
+ "Botan-" version ".tar.xz"))
(sha256
(base32
- "142aqabwc266jxn8wrp0f1ffrmcvdxwvyh8frb38hx9iaqazjbg4"))))
+ "1ada3ga7b0z4m0vjmxlvfi4nsic2l8kjcy85jwss3z2i58a5y0vy"))))
(build-system gnu-build-system)
(arguments
'(#:phases
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref %outputs "out"))
(lib (string-append out "/lib")))
+ ;; Upstream tests and benchmarks with -O3.
+ (setenv "CXXFLAGS" "-O3")
(invoke "python" "./configure.py"
(string-append "--prefix=" out)
;; Otherwise, the `botan` executable cannot find
;; libbotan.
(string-append "--ldflags=-Wl,-rpath=" lib)
+
+ "--with-os-feature=getentropy"
"--with-rst2man"
+
;; Recommended by upstream
"--with-zlib" "--with-bzip2" "--with-sqlite3"))))
(replace 'check
(uri (git-reference
(url "https://github.com/vstakhov/hpenc")
(commit version)))
+ (file-name (git-file-name name version))
(sha256
(base32
"1fb5yi3d2k8kd4zm7liiqagpz610y168xrr1cvn7cbq314jm2my1"))))
quickly by using all your CPU cores and hardware acceleration.")
(home-page "https://github.com/vstakhov/hpenc")
(license license:bsd-3)))
+
+(define-public minisign
+ (package
+ (name "minisign")
+ (version "0.8")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append "https://github.com/jedisct1/minisign/releases/download/"
+ version "/minisign-" version ".tar.gz"))
+ (sha256
+ (base32
+ "10hhgwxf9rcdlr00shrkcyxndrc22dh5lj8k5z27xg3nc0jba3hk"))))
+ (build-system cmake-build-system)
+ (arguments
+ ; No test suite
+ `(#:tests? #f))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
+ (inputs
+ `(("libsodium" ,libsodium)))
+ (home-page "https://jedisct1.github.io/minisign")
+ (synopsis "Tool to sign files and verify signatures")
+ (description
+ "Minisign is a dead simple tool to sign files and verify signatures. It is
+portable, lightweight, and uses the highly secure Ed25519 public-key signature
+system. Signature written by minisign can be verified using OpenBSD's
+signify tool: public key files and signature files are compatible. However,
+minisign uses a slightly different format to store secret keys. Minisign
+signatures include trusted comments in addition to untrusted comments.
+Trusted comments are signed, thus verified, before being displayed.")
+ (license license:isc)))