;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2021 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017, 2018 ng0 <ng0@n0.is>
+;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017–2019, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu packages dns)
#:use-module (gnu packages gawk)
#:use-module (gnu packages guile)
+ #:use-module (gnu packages hurd)
#:use-module (gnu packages libbsd)
#:use-module (gnu packages libffi)
#:use-module (gnu packages libidn)
(define-public p11-kit
(package
(name "p11-kit")
- (version "0.23.20")
+ (version "0.23.22")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
"download/" version "/p11-kit-" version ".tar.xz"))
(sha256
- (base32
- "0131maw666ha4d6iyj13fkz18c4pnb3lw2xwv5kvkmnzqcj61n0l"))))
+ (base32 "1dn6br4v033d3gp2max9lsr3y4q0nj6iyr1yq3kzi8ym7lal13wa"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
(define-public gnutls
(package
(name "gnutls")
- (version "3.6.12")
+ (version "3.6.15")
+ (replacement gnutls/fixed)
(source (origin
- (method url-fetch)
- (uri
+ (method url-fetch)
;; Note: Releases are no longer on ftp.gnu.org since the
;; schism (after version 3.1.5).
- (string-append "mirror://gnupg/gnutls/v"
- (version-major+minor version)
- "/gnutls-" version ".tar.xz"))
- (patches (search-patches "gnutls-skip-trust-store-test.patch"))
- (sha256
- (base32
- "0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z"))))
+ (uri (string-append "mirror://gnupg/gnutls/v"
+ (version-major+minor version)
+ "/gnutls-" version ".tar.xz"))
+ (patches (search-patches "gnutls-skip-trust-store-test.patch"
+ "gnutls-cross.patch"))
+ (sha256
+ (base32
+ "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
(build-system gnu-build-system)
(arguments
- `(; Ensure we don't keep a reference to this buggy software.
- #:disallowed-references (,net-tools)
+ `(#:tests? ,(not (or (%current-target-system)
+ (hurd-target?)))
+ ;; Ensure we don't keep a reference to net-tools.
+ #:disallowed-references ,(if (hurd-target?) '() (list net-tools))
#:configure-flags
(list
;; GnuTLS doesn't consult any environment variables to specify
"debug"
"doc")) ;4.1 MiB of man pages
(native-inputs
- `(("net-tools" ,net-tools)
+ `(,@(if (%current-target-system) ;for cross-build
+ `(("guile" ,guile-3.0)) ;to create .go files
+ '())
+ ,@(if (hurd-target?)
+ '()
+ `(("net-tools" ,net-tools)))
("pkg-config" ,pkg-config)
("which" ,which)
- ("datefudge" ,datefudge) ;tests rely on 'datefudge'
+ ,@(if (hurd-target?) '()
+ `(("datefudge" ,datefudge))) ;tests rely on 'datefudge'
("util-linux" ,util-linux))) ;one test needs 'setsid'
(inputs
`(("guile" ,guile-3.0)))
(description
"GnuTLS is a secure communications library implementing the SSL, TLS
and DTLS protocols. It is provided in the form of a C library to support the
-protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
+protocols, as well as to parse and write X.509, PKCS #12, OpenPGP and other
required structures.")
(license license:lgpl2.1+)
(properties '((ftp-server . "ftp.gnutls.org")
(ftp-directory . "/gcrypt/gnutls")))))
-(define-public gnutls/guile-2.0
- ;; GnuTLS for Guile 2.0.
+(define gnutls/fixed
(package
(inherit gnutls)
+ (source (origin
+ (inherit (package-source gnutls))
+ (patches (append (search-patches "gnutls-CVE-2021-20231.patch"
+ "gnutls-CVE-2021-20232.patch")
+ (origin-patches (package-source gnutls))))))))
+
+(define-public gnutls/guile-2.0
+ ;; GnuTLS for Guile 2.0.
+ (package/inherit gnutls
(name "guile2.0-gnutls")
(inputs `(("guile" ,guile-2.0)
,@(alist-delete "guile" (package-inputs gnutls))))))
;; Authentication of Named Entities. This is required for GNS functionality
;; by GNUnet and gnURL. This is done in an extra package definition
;; to have the choice between GnuTLS with Dane and without Dane.
- (package
- (inherit gnutls)
+ (package/inherit gnutls
(name "gnutls-dane")
(inputs `(("unbound" ,unbound)
,@(package-inputs gnutls)))))
(define-public guile2.2-gnutls
- (package
- (inherit gnutls)
+ (package/inherit gnutls
(name "guile2.2-gnutls")
(inputs `(("guile" ,guile-2.2)
,@(alist-delete "guile"
(package-inputs gnutls))))))
-(define-public guile3.0-gnutls gnutls)
+(define-public guile3.0-gnutls
+ (deprecated-package "guile3.0-gnutls" gnutls))
(define-public openssl
(package
(name "openssl")
- (version "1.1.1d")
+ (replacement openssl/fixed)
+ (version "1.1.1i")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/openssl-" version ".tar.gz")))
+ (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
(sha256
(base32
- "1whinyw402z3b9xlb3qaxv4b9sk4w1bgh9k0y8df1z4x3yy92fhy"))
- (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
+ "0hjj1phcwkz69lx1lrvr9grhpl4y529mwqycqc1hdla1zqsnmgp8"))))
(build-system gnu-build-system)
(outputs '("out"
"doc" ;6.8 MiB of man3 pages and full HTML documentation
#:disallowed-references ,(list (canonical-package perl))
#:phases
(modify-phases %standard-phases
- ,@(if (%current-target-system)
- '((add-before
- 'configure 'set-cross-compile
- (lambda* (#:key target outputs #:allow-other-keys)
- (setenv "CROSS_COMPILE" (string-append target "-"))
- (setenv "CONFIGURE_TARGET_ARCH"
- (cond
- ((string-prefix? "i686" target)
- "linux-x86")
- ((string-prefix? "x86_64" target)
- "linux-x86_64")
- ((string-prefix? "arm" target)
- "linux-armv4")
- ((string-prefix? "aarch64" target)
- "linux-aarch64")))
- #t)))
- '())
+ ,@(if (%current-target-system)
+ '((add-before
+ 'configure 'set-cross-compile
+ (lambda* (#:key target outputs #:allow-other-keys)
+ (setenv "CROSS_COMPILE" (string-append target "-"))
+ (setenv "CONFIGURE_TARGET_ARCH"
+ (cond
+ ((string-prefix? "i586" target)
+ "hurd-x86")
+ ((string-prefix? "i686" target)
+ "linux-x86")
+ ((string-prefix? "x86_64" target)
+ "linux-x86_64")
+ ((string-prefix? "mips64el" target)
+ "linux-mips64")
+ ((string-prefix? "arm" target)
+ "linux-armv4")
+ ((string-prefix? "aarch64" target)
+ "linux-aarch64")
+ ((string-prefix? "powerpc64le" target)
+ "linux-ppc64le")
+ ((string-prefix? "powerpc64" target)
+ "linux-ppc64")
+ ((string-prefix? "powerpc" target)
+ "linux-ppc")))
+ #t)))
+ '())
(replace 'configure
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(string-append (assoc-ref %build-inputs "coreutils")
"/bin/env")))
(invoke ,@(if (%current-target-system)
- '("./Configure")
- '("./config"))
+ '("./Configure")
+ '("./config"))
"shared" ;build shared libraries
"--libdir=lib"
;; PREFIX/ssl. Change that to something more
;; conventional.
(string-append "--openssldir=" out
- "/share/openssl-" ,version)
+ "/share/openssl-"
+ ,(package-version this-package))
(string-append "--prefix=" out)
(string-append "-Wl,-rpath," lib)
- ,@(if (%current-target-system)
- '((getenv "CONFIGURE_TARGET_ARCH"))
- '())))))
+ ,@(if (%current-target-system)
+ '((getenv "CONFIGURE_TARGET_ARCH"))
+ '())))))
(add-after 'install 'move-static-libraries
(lambda* (#:key outputs #:allow-other-keys)
;; Move static libraries to the "static" output.
;; scripts. Remove them to avoid retaining a reference on Perl.
(let ((out (assoc-ref outputs "out")))
(delete-file-recursively (string-append out "/share/openssl-"
- ,version "/misc"))
+ ,(package-version this-package)
+ "/misc"))
#t))))))
(native-search-paths
(list (search-path-specification
(license license:openssl)
(home-page "https://www.openssl.org/")))
+(define-public openssl/fixed
+ (package
+ (inherit openssl)
+ (version "1.1.1k")
+ (source (origin
+ (method url-fetch)
+ (uri (list (string-append "https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
+ "openssl-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/openssl-" version ".tar.gz")))
+ (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
+ (sha256
+ (base32
+ "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9"))))))
+
(define-public openssl-1.0
(package
(inherit openssl)
(define-public libressl
(package
(name "libressl")
- (version "3.0.2")
+ (version "3.1.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://openbsd/LibreSSL/"
"libressl-" version ".tar.gz"))
(sha256
(base32
- "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz"))))
+ "1504a1sf43frw43j14pij0q1f48rm5q86ggrlxxhw708qp7ds4rc"))))
(build-system gnu-build-system)
(arguments
- ;; Do as if 'getentropy' was missing since older Linux kernels lack it
- ;; and libc would return ENOSYS, which is not properly handled.
+ ;; Do as if 'getentropy' were missing: Linux kernels before 3.17 lack its
+ ;; underlying 'getrandom' system call and ENOSYS isn't properly handled.
;; See <https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00235.html>.
'(#:configure-flags '("ac_cv_func_getentropy=no"
;; Provide a TLS-enabled netcat.
(package
(name "python-acme")
;; Remember to update the hash of certbot when updating python-acme.
- (version "1.3.0")
+ (version "1.14.0")
(source (origin
(method url-fetch)
(uri (pypi-uri "acme" version))
(sha256
(base32
- "03fjmg0fgfy7xfn3i8rzn9i0i4amajmijkash84qb8mlphgrxpn0"))))
+ "0d8wzac7qnsq1kzb67f2a8wi30i4r327y6jmraxqqqj30gxwrnk1"))))
(build-system python-build-system)
(arguments
`(#:phases
(install-file "docs/_build/texinfo/acme-python.info" info)
(install-file "docs/_build/man/acme-python.1" man)
#t))))))
- ;; TODO: Add optional inputs for testing.
(native-inputs
- `(("python-mock" ,python-mock)
- ("python-pytest" ,python-pytest)
+ `(("python-pytest" ,python-pytest)
;; For documentation
("python-sphinx" ,python-sphinx)
("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
("texinfo" ,texinfo)))
(propagated-inputs
`(("python-josepy" ,python-josepy)
- ("python-six" ,python-six)
("python-requests" ,python-requests)
("python-requests-toolbelt" ,python-requests-toolbelt)
("python-pytz" ,python-pytz)
(uri (pypi-uri "certbot" version))
(sha256
(base32
- "1n5i0k6kwmd6wvivshfl3k4djwcpwx390c39xmr2hhrgpk5r285w"))))
+ "1ss1d1iw7cq8xzg1apydmzv2x5s0p4n74wlpmf7a7p5qdc6ak7lm"))))
(build-system python-build-system)
(arguments
`(,@(substitute-keyword-arguments (package-arguments python-acme)
(install-file "docs/_build/man/certbot.1" man1)
(install-file "docs/_build/man/certbot.7" man7)
#t))))))))
- ;; TODO: Add optional inputs for testing.
(native-inputs
`(("python-mock" ,python-mock)
("python-pytest" ,python-pytest)
("python-distro" ,python-distro)
("python-zope-component" ,python-zope-component)
("python-parsedatetime" ,python-parsedatetime)
- ("python-six" ,python-six)
("python-psutil" ,python-psutil)
("python-requests" ,python-requests)
("python-pytz" ,python-pytz)))
(define-public mbedtls-apache
(package
(name "mbedtls-apache")
- (version "2.16.5")
+ ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
+ ;; when updating.
+ (version "2.23.0")
(source
(origin
- (method url-fetch)
- ;; XXX: The download links on the website are script redirection links
- ;; which effectively lead to the format listed in the uri here.
- (uri (string-append "https://tls.mbed.org/download/mbedtls-"
- version "-apache.tgz"))
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ARMmbed/mbedtls")
+ (commit (string-append "mbedtls-" version))))
(sha256
- (base32
- "0kdhwy241xsk4isbadqx6z80m8sf76da5sbmqv8qy11yr37cdd35"))))
+ (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62"))
+ (file-name (git-file-name name version))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags
(list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
- "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")))
+ "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'make-source-writable
+ (lambda _
+ (for-each make-file-writable (find-files "."))
+ #t)))))
(native-inputs
`(("perl" ,perl)
("python" ,python)))
(package
(inherit mbedtls-apache)
(arguments
- (substitute-keyword-arguments
- `(#:phases
- (modify-phases %standard-phases
- (add-after 'configure 'configure-extra-features
- (lambda _
- (for-each (lambda (feature)
- (invoke "scripts/config.pl" "set" feature))
- (list "MBEDTLS_THREADING_C"
- "MBEDTLS_THREADING_PTHREAD"))
- #t)))
- ,@(package-arguments mbedtls-apache)))))))
+ (substitute-keyword-arguments (package-arguments mbedtls-apache)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (add-before 'configure 'configure-extra-features
+ (lambda _
+ (for-each (lambda (feature)
+ (invoke "scripts/config.pl" "set" feature))
+ (list "MBEDTLS_THREADING_C"
+ "MBEDTLS_THREADING_PTHREAD"))
+ ;; XXX The above enables code that breaks with -Werror…
+ (substitute* "CMakeLists.txt"
+ ((" -Wformat-signedness") ""))
+ #t)))))))))
(define-public dehydrated
(package
(name "dehydrated")
- (version "0.6.5")
+ (version "0.7.0")
(source (origin
(method url-fetch)
(uri (string-append
"v" version "/dehydrated-" version ".tar.gz"))
(sha256
(base32
- "0dgskgbdd95p13jx6s13p77y15wngb5cm6p4305cf2s54w0bvahh"))))
+ "1yf4kldyd5y13r6qxrkcbbk74ykngq7jzy0351vb2r3ywp114pqw"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils)
derived from Mozilla's collection.")
(home-page "https://certifi.io")
(license license:mpl2.0))))
+
+(define-public s2n
+ (package
+ (name "s2n")
+ (version "1.0.0")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url (string-append "https://github.com/awslabs/" name))
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1q6kmgwb8jxmc4ijzk9pkqzz8lsbfsv9hyzqvy944w7306zx1r5h"))))
+ (build-system cmake-build-system)
+ (arguments
+ '(#:tests? #f ; tests fail to build for static library
+ #:configure-flags
+ '("-DBUILD_TESTING=OFF"
+ "-DBUILD_SHARED_LIBS=ON")))
+ (propagated-inputs
+ `(("openssl" ,openssl)
+ ("openssl:static" ,openssl "static")))
+ (synopsis "SSL/TLS implementation")
+ (description "This library provides a C99 implementation of SSL/TLS.")
+ (home-page "https://github.com/awslabs/s2n")
+ (license license:asl2.0)))