;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2015, 2016, 2017, 2018 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2016, 2017, 2018 Nils Gillmann <ng0@n0.is>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (guix build-system python)
#:use-module (guix build-system cmake)
#:use-module (guix build-system haskell)
+ #:use-module (guix build-system trivial)
#:use-module (gnu packages compression)
#:use-module (gnu packages)
+ #:use-module (gnu packages bash)
#:use-module (gnu packages check)
+ #:use-module (gnu packages curl)
#:use-module (gnu packages dns)
+ #:use-module (gnu packages gawk)
#:use-module (gnu packages guile)
#:use-module (gnu packages haskell)
#:use-module (gnu packages haskell-check)
(base32
"1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky"))))
(build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags '("--disable-static")))
(native-inputs `(("perl" ,perl)))
(home-page "https://www.gnu.org/software/libtasn1/")
(synopsis "ASN.1 library")
(define-public p11-kit
(package
(name "p11-kit")
- (version "0.23.10")
+ (version "0.23.14")
(source
(origin
(method url-fetch)
"download/" version "/p11-kit-" version ".tar.gz"))
(sha256
(base32
- "0hxfwnyb5yllvlsh0cj6favcph36gm94b6df7zhl7xay48zjl8gr"))))
+ "0w0dkq9388grbbn4bv2p55vy1j51f7nd9hzlc9gz4fbm4dnzmf8w"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
`(("libffi" ,libffi)
("libtasn1" ,libtasn1)))
(arguments
- `(#:configure-flags '("--without-trust-paths")))
+ `(#:configure-flags '("--without-trust-paths")
+ #:phases (modify-phases %standard-phases
+ (add-before 'check 'prepare-tests
+ (lambda _
+ ;; "test-runtime" expects XDG_RUNTIME_DIR to be set up
+ ;; and looks for .cache and other directories (only).
+ ;; For simplicity just drop it since it is irrelevant
+ ;; in the build container.
+ (substitute* "Makefile"
+ (("test-runtime\\$\\(EXEEXT\\)") ""))
+ #t)))))
(home-page "https://p11-glue.freedesktop.org/p11-kit.html")
(synopsis "PKCS#11 library")
(description
(define-public openssl
(package
(name "openssl")
- (version "1.0.2n")
+ (version "1.0.2p")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
"/" name "-" version ".tar.gz")))
(sha256
(base32
- "1zm82pyq5a9jm10q6iv7d3dih3xwjds4x30fqph3k317byvsn2rp"))
- (snippet
- '(begin
- ;; Remove ELF files. 'substitute*' can't read them.
- (delete-file "test/ssltest_old")
- (delete-file "test/v3ext")
- (delete-file "test/x509aux")
- #t))
+ "003xh9f898i56344vpvpxxxzmikivxig4xwlm7vbi7m8n43qxaah"))
(patches (search-patches "openssl-runpath.patch"
"openssl-c-rehash-in.patch"))))
(build-system gnu-build-system)
'configure
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
- (apply invoke "./config"
- (list
+ (invoke "./config"
"shared" ;build shared libraries
"--libdir=lib"
(string-append "--openssldir=" out
"/share/openssl-" ,version)
- (string-append "--prefix=" out)
-
- ;; XXX FIXME: Work around a code generation bug in GCC
- ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
- ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
- ,@(if (and (not (%current-target-system))
- (string-prefix? "armhf" (%current-system)))
- '("-mfpu=vfpv3")
- '()))))))
+ (string-append "--prefix=" out)))))
(add-after
'install 'make-libraries-writable
(lambda* (#:key outputs #:allow-other-keys)
(package
(inherit openssl)
(name "openssl")
- (version "1.1.0g")
+ (version "1.1.1")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
- (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
+ (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
(sha256
(base32
- "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy"))))
+ "0gbab2fjgms1kx5xjvqx8bxhr98k4r8l2fa8vw7kvh491xd8fdi8"))))
(outputs '("out"
- "doc" ;1.3MiB of man3 pages
- "static")) ; 5.5MiB of .a files
+ "doc" ; 6.7 MiB of man3 pages and full HTML documentation
+ "static")) ; 6.4 MiB of .a files
(arguments
(substitute-keyword-arguments (package-arguments openssl)
((#:phases phases)
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(lib (string-append out "/lib")))
- (apply invoke "./config"
- (list
+ ;; It's not a shebang so patch-source-shebangs misses it.
+ (substitute* "config"
+ (("/usr/bin/env")
+ (string-append (assoc-ref %build-inputs "coreutils")
+ "/bin/env")))
+ (invoke "./config"
"shared" ;build shared libraries
"--libdir=lib"
,@(if (and (not (%current-target-system))
(string-prefix? "armhf" (%current-system)))
'("-mfpu=vfpv3")
- '()))))))
+ '())))))
+ (delete 'move-man3-pages)
+ (add-after 'install 'move-extra-documentation
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move man3 pages and full HTML documentation to "doc".
+ (let* ((out (assoc-ref outputs "out"))
+ (man3 (string-append out "/share/man/man3"))
+ (html (string-append out "/share/doc/openssl"))
+ (doc (assoc-ref outputs "doc"))
+ (man-target (string-append doc "/share/man/man3"))
+ (html-target (string-append doc "/share/doc/openssl")))
+ (copy-recursively man3 man-target)
+ (delete-file-recursively man3)
+ (copy-recursively html html-target)
+ (delete-file-recursively html)
+ #t)))
;; XXX: Duplicate this phase to make sure 'version' evaluates
;; in the current scope and not the inherited one.
(replace 'remove-miscellany
(define-public libressl
(package
(name "libressl")
- (version "2.6.4")
+ (version "2.7.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://openbsd/LibreSSL/"
name "-" version ".tar.gz"))
(sha256
(base32
- "07yi37a2ghsgj2b4w30q1s4d2inqnix7ika1m21y57p9z71212k3"))))
+ "19kxa5i97q7p6rrps9qm0nd8zqhdjvzx02j72400c73cl2nryfhy"))))
(build-system gnu-build-system)
(arguments
;; Do as if 'getentropy' was missing since older Linux kernels lack it
(package
(name "python-acme")
;; Remember to update the hash of certbot when updating python-acme.
- (version "0.22.0")
+ (version "0.27.1")
(source (origin
(method url-fetch)
(uri (pypi-uri "acme" version))
(sha256
(base32
- "1s2zamyb99zdyga3c75xxgnj0z2hixw8wv24v1l4p49fncnxab2a"))))
+ "142gynlfx7yv0sdba3gpdxlnhg9chhz7hpdxdrp630z17h1bk9ri"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'build 'build-documentation
(lambda _
- (zero? (system* "make" "-C" "docs" "man" "info"))))
+ (invoke "make" "-C" "docs" "man" "info")))
(add-after 'install 'install-documentation
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
;; TODO: Add optional inputs for testing.
(native-inputs
`(("python-mock" ,python-mock)
+ ("python-pytest" ,python-pytest)
;; For documentation
("python-sphinx" ,python-sphinx)
("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
`(("python-josepy" ,python-josepy)
("python-six" ,python-six)
("python-requests" ,python-requests)
+ ("python-requests-toolbelt" ,python-requests-toolbelt)
("python-pytz" ,python-pytz)
("python-pyrfc3339" ,python-pyrfc3339)
("python-pyasn1" ,python-pyasn1)
(uri (pypi-uri name version))
(sha256
(base32
- "1cyb3lhxrw7ghyhrl2wc95vqhdaxz6n4pai66c573gcly7c7sc7f"))))
+ "0anh3vjy9sif1bkp25nj76ii37xx8hh0igcx60ppag12xlabsw1m"))))
(build-system python-build-system)
(arguments
`(,@(substitute-keyword-arguments (package-arguments python-acme)
(define-public perl-net-ssleay
(package
(name "perl-net-ssleay")
- (version "1.82")
+ (version "1.85")
(source (origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
"Net-SSLeay-" version ".tar.gz"))
(sha256
(base32
- "1rf78z1macgmp6mwd7c2xq4yfw6wpf28hfwfz1d5wslqr4cwb5aq"))))
+ "1j5h4ycm8538397l204d2d5fkm9595aj174pj7bkpbhwzfwqi0cx"))))
(build-system perl-build-system)
(inputs `(("openssl" ,openssl)))
(arguments
finally access to the SSL api of the SSLeay/OpenSSL package so you can write
servers or clients for more complicated applications.")
(license license:perl-license)
- (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
+ (home-page "https://metacpan.org/release/Net-SSLeay")))
(define-public perl-crypt-openssl-rsa
(package
(name "perl-crypt-openssl-rsa")
- (version "0.28")
+ (version "0.30")
(source
(origin
(method url-fetch)
(uri (string-append
- "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
+ "mirror://cpan/authors/id/T/TO/TODDR/Crypt-OpenSSL-RSA-"
version
".tar.gz"))
(sha256
(base32
- "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
+ "1b19kaaw4wda8dy6kjiwqa2prpbs2dqcyjyj9zdh5wbs74qkbq93"))))
(build-system perl-build-system)
+ (native-inputs
+ `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
(inputs
`(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
("openssl" ,openssl)))
(arguments perl-crypt-arguments)
(home-page
- "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
+ "https://metacpan.org/release/Crypt-OpenSSL-RSA")
(synopsis
"RSA encoding and decoding, using the openSSL libraries")
(description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
(inputs `(("openssl" ,openssl)))
(arguments perl-crypt-arguments)
(home-page
- "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
+ "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
(synopsis
"OpenSSL's multiprecision integer arithmetic in Perl")
(description "Crypt::OpenSSL::Bignum provides multiprecision integer
;; At your option either gpl1+ or the Artistic License
(license license:perl-license)))
+(define-public perl-crypt-openssl-guess
+ (package
+ (name "perl-crypt-openssl-guess")
+ (version "0.11")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
+ (build-system perl-build-system)
+ (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
+ (synopsis "Guess the OpenSSL include path")
+ (description
+ "The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
+correct OpenSSL include path. It is intended for use in your
+@file{Makefile.PL}.")
+ (license license:perl-license)))
+
(define-public perl-crypt-openssl-random
(package
(name "perl-crypt-openssl-random")
- (version "0.11")
+ (version "0.13")
(source
(origin
(method url-fetch)
".tar.gz"))
(sha256
(base32
- "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
+ "0vmvrb3shrzjzri3qn524dzdasbq8zhhbpc1vmq8sx68n4jhizb0"))))
(build-system perl-build-system)
- (inputs `(("openssl" ,openssl)))
+ (native-inputs
+ `(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
+ (inputs
+ `(("openssl" ,openssl)))
(arguments perl-crypt-arguments)
(home-page
- "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
+ "https://metacpan.org/release/Crypt-OpenSSL-Random")
(synopsis
"OpenSSL/LibreSSL pseudo-random number generator access")
(description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
(define-public mbedtls-apache
(package
(name "mbedtls-apache")
- (version "2.7.0")
+ (version "2.7.6")
(source
(origin
(method url-fetch)
version "-apache.tgz"))
(sha256
(base32
- "1vsmgxnw7dpvma51896n63yaf9sncmf885ax2jfcg89ssin6vdmf"))
- ;; An RFC 5114 constant was accidentally renamed in version 2.7.0.
- ;; See https://github.com/ARMmbed/mbedtls/pull/1362.
- (modules '((guix build utils)))
- (snippet
- '(begin
- (substitute* "include/mbedtls/dhm.h"
- (("#define MBEDTLS_DHM_RFC5114_MODP_P")
- "#define MBEDTLS_DHM_RFC5114_MODP_2048_P"))
- #t))))
+ "0fl2nrxvlgx9ja7yy3kd1zadpr98fxbvn3f6fl2mj87gryhkfqlk"))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags
Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges, and many
extensions.")
(license license:bsd-3)))
+
+(define-public dehydrated
+ (package
+ (name "dehydrated")
+ (version "0.6.2")
+ (source (origin
+ (method url-fetch/tarbomb)
+ (uri (string-append
+ "https://github.com/lukas2511/dehydrated/archive/v"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "03p80yj6bnzjc6dkp5hb9wpplmlrla8n5src71cnzw4rj53q8cqn"))
+ (file-name (string-append name "-" version ".tar.gz"))))
+ (build-system trivial-build-system)
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder
+ (begin
+ (use-modules (guix build utils))
+ (let* ((source (assoc-ref %build-inputs "source"))
+ (out (assoc-ref %outputs "out"))
+ (bin (string-append out "/bin"))
+ (bash (in-vicinity (assoc-ref %build-inputs "bash") "bin")))
+ (mkdir-p bin)
+ (with-directory-excursion bin
+ (copy-file
+ (in-vicinity source (string-append "/dehydrated-" ,version
+ "/dehydrated"))
+ (in-vicinity bin "dehydrated"))
+ (patch-shebang "dehydrated" (list bash))
+
+ ;; Do not try to write in the store.
+ (substitute* "dehydrated"
+ (("SCRIPTDIR=\"\\$.*\"") "SCRIPTDIR=~/.dehydrated"))
+
+ (setenv "PATH" bash)
+ (wrap-program "dehydrated"
+ `("PATH" ":" prefix
+ ,(map (lambda (dir)
+ (string-append dir "/bin"))
+ (map (lambda (input)
+ (assoc-ref %build-inputs input))
+ '("coreutils"
+ "curl"
+ "diffutils"
+ "gawk"
+ "grep"
+ "openssl"
+ "sed"))))))
+ #t))))
+ (inputs
+ `(("bash" ,bash)
+ ("coreutils" ,coreutils)
+ ("curl" ,curl)
+ ("diffutils" ,diffutils)
+ ("gawk" ,gawk)
+ ("grep" ,grep)
+ ("openssl" ,openssl)
+ ("sed" ,sed)))
+ (home-page "https://dehydrated.io/")
+ (synopsis "Let's Encrypt/ACME client implemented as a shell script")
+ (description "Dehydrated is a client for signing certificates with an
+ACME-server (currently only provided by Let's Encrypt) implemented as a
+relatively simple Bash script.")
+ (license license:expat)))