;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu packages compression)
#:use-module (gnu packages)
#:use-module (gnu packages guile)
+ #:use-module (gnu packages libbsd)
#:use-module (gnu packages libffi)
#:use-module (gnu packages libidn)
#:use-module (gnu packages linux)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages texinfo)
- #:use-module (gnu packages base))
+ #:use-module (gnu packages base)
+ #:use-module (srfi srfi-1))
(define-public libtasn1
(package
(name "libtasn1")
- (version "4.8")
+ (version "4.10")
(source
(origin
(method url-fetch)
version ".tar.gz"))
(sha256
(base32
- "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))
+ "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(home-page "http://www.gnu.org/software/libtasn1/")
specifications.")
(license license:lgpl2.0+)))
+(define-public asn1c
+ (package
+ (name "asn1c")
+ (version "0.9.27")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://lionet.info/soft/asn1c-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "17nvn2kzvlryasr9dzqg6gs27b9lvqpval0k31pb64bjqbhn8pq2"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ `(("perl" ,perl)))
+ (home-page "https://lionet.info/asn1c")
+ (synopsis "ASN.1 to C compiler")
+ (description "The ASN.1 to C compiler takes ASN.1 module
+files and generates C++ compatible C source code. That code can be
+used to serialize the native C structures into compact and unambiguous
+BER/XER/PER-based data files, and deserialize the files back.
+
+Various ASN.1 based formats are widely used in the industry, such as to encode
+the X.509 certificates employed in the HTTPS handshake, to exchange control
+data between mobile phones and cellular networks, to car-to-car communication
+in intelligent transportation networks.")
+ (license license:bsd-2)))
+
(define-public p11-kit
(package
(name "p11-kit")
- (version "0.23.1")
+ (version "0.23.2")
(source
(origin
(method url-fetch)
version ".tar.gz"))
(sha256
(base32
- "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
+ "1w7szm190phlkg7qx05ychlj2dbvkgkhx9gw6dx4d5rw62l6wwms"))
(modules '((guix build utils))) ; for substitute*
(snippet
'(begin
(define-public gnutls
(package
(name "gnutls")
- (version "3.5.2")
+ (version "3.5.9")
(source (origin
(method url-fetch)
(uri
"/gnutls-" version ".tar.xz"))
(sha256
(base32
- "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b"))))
+ "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
;; the location of the system-wide trust store. Instead it has a
;; configure-time option. Unless specified, its configure script
;; attempts to auto-detect the location by looking for common
- ;; places in the filesystem, none of which are present in our
+ ;; places in the file system, none of which are present in our
;; chroot build environment. If not found, then no default trust
;; store is used, so each program has to provide its own
;; fallback, and users have to configure each program
("pkg-config" ,pkg-config)
("which" ,which)))
(inputs
- `(("guile" ,guile-2.0)
- ("perl" ,perl)))
+ `(("guile" ,guile-2.0)))
(propagated-inputs
;; These are all in the 'Requires.private' field of gnutls.pc.
`(("libtasn1" ,libtasn1)
(properties '((ftp-server . "ftp.gnutls.org")
(ftp-directory . "/gcrypt/gnutls")))))
+(define-public gnutls/guile-2.2
+ ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5.
+ (package
+ (inherit gnutls)
+ (name "guile2.2-gnutls")
+ (arguments
+ ;; Remove '--with-guile-site-dir=…/2.0'.
+ (substitute-keyword-arguments (package-arguments gnutls)
+ ((#:configure-flags flags)
+ `(cdr ,flags))))
+ (inputs `(("guile" ,guile-next)
+ ,@(alist-delete "guile" (package-inputs gnutls))))))
+
(define-public openssl
(package
(name "openssl")
- (version "1.0.2h")
+ (version "1.0.2k")
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
"/" name "-" version ".tar.gz")))
(sha256
(base32
- "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+ "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
(patches (search-patches "openssl-runpath.patch"
- "openssl-c-rehash-in.patch"
- "openssl-CVE-2016-2177.patch"
- "openssl-CVE-2016-2178.patch"))))
+ "openssl-c-rehash-in.patch"))))
(build-system gnu-build-system)
(outputs '("out"
"doc" ;1.5MiB of man3 pages
(lib (string-append out "/lib"))
(static (assoc-ref outputs "static"))
(slib (string-append static "/lib")))
- (mkdir-p slib)
(for-each (lambda (file)
(install-file file slib)
(delete-file file))
(string-append target "/"
(basename file))))
(find-files man3))
+ (delete-file-recursively man3)
#t)))
(add-before
'patch-source-shebangs 'patch-tests
(let ((bash (assoc-ref (or native-inputs inputs) "bash")))
(substitute* (find-files "test" ".*")
(("/bin/sh")
- (string-append bash "/bin/bash"))
+ (string-append bash "/bin/sh"))
(("/bin/rm")
"rm"))
#t)))
(license license:openssl)
(home-page "http://www.openssl.org/")))
+(define-public openssl-next
+ (package
+ (inherit openssl)
+ (name "openssl")
+ (version "1.1.0e")
+ (source (origin
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
+ (sha256
+ (base32
+ "0k47sdd9gs6yxfv6ldlgpld2lyzrkcv9kz4cf88ck04xjwc8dgjp"))))
+ (outputs '("out"
+ "doc" ;1.3MiB of man3 pages
+ "static")) ; 5.5MiB of .a files
+ (arguments
+ (substitute-keyword-arguments (package-arguments openssl)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (delete 'patch-tests) ; These two phases are not needed by
+ (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
+
+ ;; Override configure phase since -rpath is now a configure option.
+ (replace 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (lib (string-append out "/lib")))
+ (zero?
+ (system* "./config"
+ "shared" ;build shared libraries
+ "--libdir=lib"
+
+ ;; The default for this catch-all directory is
+ ;; PREFIX/ssl. Change that to something more
+ ;; conventional.
+ (string-append "--openssldir=" out
+ "/share/openssl-" ,version)
+
+ (string-append "--prefix=" out)
+ (string-append "-Wl,-rpath," lib)
+
+ ;; XXX FIXME: Work around a code generation bug in GCC
+ ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
+ ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
+ ,@(if (and (not (%current-target-system))
+ (string-prefix? "armhf" (%current-system)))
+ '("-mfpu=vfpv3")
+ '()))))))
+
+ ;; XXX: Duplicate this phase to make sure 'version' evaluates
+ ;; in the current scope and not the inherited one.
+ (replace 'remove-miscellany
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; The 'misc' directory contains random undocumented shell and Perl
+ ;; scripts. Remove them to avoid retaining a reference on Perl.
+ (let ((out (assoc-ref outputs "out")))
+ (delete-file-recursively (string-append out "/share/openssl-"
+ ,version "/misc"))
+ #t)))))))))
+
(define-public libressl
(package
(name "libressl")
- (version "2.3.6")
+ (version "2.5.0")
(source
(origin
(method url-fetch)
version ".tar.gz"))
(sha256
(base32
- "1yipsp1ici207nbminbf1knh252kzvqg036v0xpx0fw1wrwlg2im"))))
+ "1bkfvapi4z826slycmicvs7hwgk4l82gd8w6nqvznldbammvyll6"))))
(build-system gnu-build-system)
(native-search-paths
;; FIXME: These two variables must designate a single file or directory
(define-public python-acme
(package
(name "python-acme")
- (version "0.8.1")
+ ;; Remember to update the hash of certbot when updating python-acme.
+ (version "0.11.1")
(source (origin
(method url-fetch)
- (uri (string-append
- "https://pypi.python.org/packages/"
- "f5/7a/11a99b5d1d1c692f6eed27cfab69e6ba4d2f0c2a461d2607e6a930ff2c68/"
- "acme-" version ".tar.gz"))
+ (uri (pypi-uri "acme" version))
(sha256
- (base32
- "17vx2miczpd8ww4xizmc0nca2c7jf04wnhfnswx2bxhb537lmsnk"))))
+ (base32
+ "0kk95iqxygrg0cd66kq8kbyalg2x5pz9hn1175cgwgf1vy72adfv"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
- (add-before 'install 'disable-egg-compression
- (lambda _
- ;; Do not compress the egg.
- ;; See <http://bugs.gnu.org/20765>.
- (let ((port (open-file "setup.cfg" "a")))
- (display "\n[easy_install]\nzip_ok = 0\n"
- port)
- (close-port port)
- #t)))
(add-after 'install 'docs
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
("python-sphinx" ,python-sphinx)
("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
- ("python-setuptools" ,python-setuptools)
("texinfo" ,texinfo)))
(propagated-inputs
`(("python-ndg-httpsclient" ,python-ndg-httpsclient)
(define-public certbot
(package
(name "certbot")
- (version "0.8.1")
+ ;; Certbot and python-acme are developed in the same repository, and their
+ ;; versions should remain synchronized.
+ (version (package-version python-acme))
(source (origin
(method url-fetch)
- (uri (string-append
- "https://pypi.python.org/packages/"
- "a2/3b/4756e6a0ceb14e084042a2a65c615d68d25621c6fd446d0fc10d14c4ce7d/"
- name "-" version ".tar.gz"))
+ (uri (pypi-uri name version))
(sha256
(base32
- "0w972cf2mk74aji5d8dylg3jw6wczg01gb4asf3ndv8c64yxza3c"))))
+ "1wis5kgqcsrs60kkcmbrbx8z9yasmwa6lg9ir5im232hdm4285vc"))))
(build-system python-build-system)
(arguments
`(#:python ,python-2
("python2-psutil" ,python2-psutil)
("python2-requests" ,python2-requests)
("python2-pytz" ,python2-pytz)))
- (synopsis "Let's Encrypt client")
- (description "Tool to automatically receive and install X.509 certificates
-to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which
-will be issuing browser-trusted certificates for free.")
+ (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
+ (description "Certbot automatically receives and installs X.509 certificates
+to enable Transport Layer Security (TLS) on servers. It interoperates with the
+Let’s Encrypt certificate authority (CA), which issues browser-trusted
+certificates for free.")
(home-page "https://certbot.eff.org/")
(license license:asl2.0)))
(define-public letsencrypt
(package (inherit certbot)
- (name "letsencrypt")))
+ (name "letsencrypt")
+ (properties `((superseded . ,certbot)))))
(define-public perl-net-ssleay
(package
servers or clients for more complicated applications.")
(license (package-license perl))
(home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
+
+(define-public perl-crypt-openssl-rsa
+ (package
+ (name "perl-crypt-openssl-rsa")
+ (version "0.28")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
+ version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
+ (build-system perl-build-system)
+ (inputs
+ `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
+ ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
+ ("openssl" ,openssl)))
+ (arguments perl-crypt-arguments)
+ (home-page
+ "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
+ (synopsis
+ "RSA encoding and decoding, using the openSSL libraries")
+ (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
+OpenSSL libraries).")
+ (license (package-license perl))))
+
+(define perl-crypt-arguments
+ `(#:phases (modify-phases %standard-phases
+ (add-before 'configure 'patch-Makefile.PL
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "Makefile.PL"
+ (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
+ (assoc-ref inputs "openssl")
+ "/lib -lcrypto'],")))
+ #t)))))
+
+(define-public perl-crypt-openssl-bignum
+ (package
+ (name "perl-crypt-openssl-bignum")
+ (version "0.06")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
+ version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
+ (build-system perl-build-system)
+ (inputs `(("openssl" ,openssl)))
+ (arguments perl-crypt-arguments)
+ (home-page
+ "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
+ (synopsis
+ "OpenSSL's multiprecision integer arithmetic in Perl")
+ (description "Crypt::OpenSSL::Bignum provides multiprecision integer
+arithmetic in Perl.")
+ ;; At your option either gpl1+ or the Artistic License
+ (license (package-license perl))))
+
+(define-public perl-crypt-openssl-random
+ (package
+ (name "perl-crypt-openssl-random")
+ (version "0.11")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
+ version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
+ (build-system perl-build-system)
+ (inputs `(("openssl" ,openssl)))
+ (arguments perl-crypt-arguments)
+ (home-page
+ "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
+ (synopsis
+ "OpenSSL/LibreSSL pseudo-random number generator access")
+ (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
+number generator")
+ (license (package-license perl))))
+
+(define-public acme-client
+ (package
+ (name "acme-client")
+ (version "0.1.16")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://kristaps.bsd.lv/" name "/"
+ "snapshots/" name "-portable-"
+ version ".tgz"))
+ (sha256
+ (base32
+ "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:tests? #f ; no test suite
+ #:make-flags
+ (list "CC=gcc"
+ (string-append "PREFIX=" (assoc-ref %outputs "out")))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch-paths
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((pem (string-append (assoc-ref inputs "libressl")
+ "/etc/ssl/cert.pem")))
+ (substitute* "http.c"
+ (("/etc/ssl/cert.pem") pem))
+ #t)))
+ (delete 'configure)))) ; no './configure' script
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
+ (inputs
+ `(("libbsd" ,libbsd)
+ ("libressl" ,libressl)))
+ (synopsis "Let's Encrypt client by the OpenBSD project")
+ (description "acme-client is a Let's Encrypt client implemented in C. It
+uses a modular design, and attempts to secure itself by dropping privileges and
+operating in a chroot where possible. acme-client is developed on OpenBSD and
+then ported to the GNU / Linux environment.")
+ (home-page "https://kristaps.bsd.lv/acme-client/")
+ ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
+ ;; and 'jsmn.c' are distributed under the Expat license.
+ (license (list license:isc license:expat))))