;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu packages guile)
#:use-module (gnu packages libffi)
#:use-module (gnu packages libidn)
+ #:use-module (gnu packages linux)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages nettle)
#:use-module (gnu packages perl)
(define-public libtasn1
(package
(name "libtasn1")
- (version "4.5")
+ (version "4.8")
(source
(origin
(method url-fetch)
version ".tar.gz"))
(sha256
(base32
- "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9"))))
+ "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))
(build-system gnu-build-system)
- (native-inputs `(("perl" ,perl)
-
- ;; XXX: For some reason, libtasn1.info wants to be
- ;; rebuilt, so we must provide 'makeinfo'.
- ("texinfo" ,texinfo)))
+ (native-inputs `(("perl" ,perl)))
(home-page "http://www.gnu.org/software/libtasn1/")
(synopsis "ASN.1 library")
(description
(source
(origin
(method url-fetch)
- (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-"
+ (uri (string-append "https://p11-glue.freedesktop.org/releases/p11-kit-"
version ".tar.gz"))
(sha256
(base32
(define-public gnutls
(package
(name "gnutls")
- (version "3.4.5")
+ (version "3.5.2")
(source (origin
(method url-fetch)
(uri
"/gnutls-" version ".tar.xz"))
(sha256
(base32
- "1bks1zpmhmnkz2v32dd9b44pz6x0a5w4yi9zzwsd0a078vhbi25g"))
- (patches (list (search-patch "gnutls-doc-fix.patch")))))
+ "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
"--without-p11-kit")
#:phases (modify-phases %standard-phases
- (add-after
- 'unpack 'delete-prebuilt-unfixed-info-file
- (lambda _
- ;; XXX Delete the prebuilt info file, so that it will be
- ;; rebuilt with the fixes in gnutls-doc-fix.patch.
- (delete-file "doc/gnutls.info")
- #t))
(add-after
'install 'move-doc
(lambda* (#:key outputs #:allow-other-keys)
"debug"
"doc")) ;4.1 MiB of man pages
(native-inputs
- `(("pkg-config" ,pkg-config)
- ("texinfo" ,texinfo) ; XXX needed only to replace prebuilt, unfixed docs.
+ `(("net-tools" ,net-tools)
+ ("pkg-config" ,pkg-config)
("which" ,which)))
(inputs
`(("guile" ,guile-2.0)
("libidn" ,libidn)
("nettle" ,nettle)
("zlib" ,zlib)))
- (home-page "http://www.gnu.org/software/gnutls/")
+ (home-page "https://www.gnu.org/software/gnutls/")
(synopsis "Transport layer security library")
(description
"GnuTLS is a secure communications library implementing the SSL, TLS
and DTLS protocols. It is provided in the form of a C library to support the
protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
required structures.")
- (license license:lgpl2.1+)))
+ (license license:lgpl2.1+)
+ (properties '((ftp-server . "ftp.gnutls.org")
+ (ftp-directory . "/gcrypt/gnutls")))))
(define-public openssl
(package
(name "openssl")
- (version "1.0.2e")
+ (version "1.0.2h")
(source (origin
- (method url-fetch)
- (uri (string-append "ftp://ftp.openssl.org/source/openssl-" version
- ".tar.gz"))
- (sha256
- (base32
- "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72"))
- (patches (map search-patch
- '("openssl-runpath.patch"
- "openssl-c-rehash.patch")))))
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+ (patches (search-patches "openssl-runpath.patch"
+ "openssl-c-rehash-in.patch"
+ "openssl-CVE-2016-2177.patch"
+ "openssl-CVE-2016-2178.patch"))))
(build-system gnu-build-system)
+ (outputs '("out"
+ "doc" ;1.5MiB of man3 pages
+ "static")) ;6MiB of .a files
(native-inputs `(("perl" ,perl)))
(arguments
- `(#:parallel-build? #f
+ `(#:disallowed-references (,perl)
+ #:parallel-build? #f
#:parallel-tests? #f
#:test-target "test"
+
+ ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
+ ;; so we explicitly disallow it here.
+ #:disallowed-references ,(list (canonical-package perl))
#:phases
(modify-phases %standard-phases
(add-before
(find-files (string-append out "/lib")
"\\.so"))
#t)))
- (add-after
- 'unpack 'fix-broken-symlinks
- (lambda _
- ;; Repair the broken symlinks in the openssl-1.0.2e tarball.
- (let* ((link-prefix "openssl-1.0.2e/")
- (link-prefix-length (string-length link-prefix))
- (broken-links
- (find-files "." (lambda (file stat)
- (and (eq? 'symlink (stat:type stat))
- (string-prefix? link-prefix
- (readlink file)))))))
- (when (null? broken-links)
- (error "The 'fix-broken-symlinks' phase is obsolete; remove it"))
- (for-each (lambda (file)
- (let* ((old-target (readlink file))
- (new-target (string-drop old-target
- link-prefix-length)))
- (delete-file file)
- (symlink new-target file)))
- broken-links)
- #t)))
+ (add-after 'install 'move-static-libraries
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move static libraries to the "static" output.
+ (let* ((out (assoc-ref outputs "out"))
+ (lib (string-append out "/lib"))
+ (static (assoc-ref outputs "static"))
+ (slib (string-append static "/lib")))
+ (mkdir-p slib)
+ (for-each (lambda (file)
+ (install-file file slib)
+ (delete-file file))
+ (find-files lib "\\.a$"))
+ #t)))
+ (add-after 'install 'move-man3-pages
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move section 3 man pages to "doc".
+ (let* ((out (assoc-ref outputs "out"))
+ (man3 (string-append out "/share/man/man3"))
+ (doc (assoc-ref outputs "doc"))
+ (target (string-append doc "/share/man/man3")))
+ (mkdir-p target)
+ (for-each (lambda (file)
+ (rename-file file
+ (string-append target "/"
+ (basename file))))
+ (find-files man3))
+ #t)))
(add-before
'patch-source-shebangs 'patch-tests
(lambda* (#:key inputs native-inputs #:allow-other-keys)
(license license:openssl)
(home-page "http://www.openssl.org/")))
+(define-public openssl-next
+ (package
+ (inherit openssl)
+ (name "openssl")
+ (version "1.1.0")
+ (source (origin
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
+ (sha256
+ (base32
+ "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm"))))
+ (outputs '("out"
+ "doc" ;1.3MiB of man3 pages
+ "static")) ; 5.5MiB of .a files
+ (arguments
+ (substitute-keyword-arguments (package-arguments openssl)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (delete 'patch-tests) ; These two phases are not needed by
+ (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
+
+ (add-after 'configure 'patch-runpath
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
+ (substitute* "Makefile.shared"
+ (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}")
+ (string-append "$${SHAREDCMD} $${SHAREDFLAGS}"
+ " -Wl,-rpath," lib)))
+ #t)))))))))
+
(define-public libressl
(package
(name "libressl")
- (version "2.2.0")
+ (version "2.4.2")
(source
(origin
(method url-fetch)
(uri (string-append
"http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
version ".tar.gz"))
- (sha256 (base32
- "0h1haqb4y39p1zihwvnr1ib0zfq5bcqfnbj5jm9l4j2xibrxi44n"))))
+ (sha256
+ (base32
+ "1qyrcyzrrn6r9cqvm66ib72qyr65q4hrdyiq1vb24a6nwmwdg1sz"))))
(build-system gnu-build-system)
(native-search-paths
;; FIXME: These two variables must designate a single file or directory
"file://COPYING"
"See COPYING in the distribution.")))))
-(define-public acme
+(define-public python-acme
(package
- (name "acme")
- (version "0.1.0")
+ (name "python-acme")
+ (version "0.8.1")
(source (origin
- (method url-fetch)
- (uri (string-append "https://pypi.python.org/packages/source/a/acme/acme-"
- version ".tar.gz"))
+ (method url-fetch)
+ (uri (string-append
+ "https://pypi.python.org/packages/"
+ "f5/7a/11a99b5d1d1c692f6eed27cfab69e6ba4d2f0c2a461d2607e6a930ff2c68/"
+ "acme-" version ".tar.gz"))
(sha256
(base32
- "0fj0m04zzdxx23vazl00ilqyl3jxqq9c9p4x61pfz1zps7nbzsy3"))))
+ "17vx2miczpd8ww4xizmc0nca2c7jf04wnhfnswx2bxhb537lmsnk"))))
(build-system python-build-system)
(arguments
- `(#:python ,python-2))
- ;; TODO: Add optional inputs for testing and building documentation.
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-before 'install 'disable-egg-compression
+ (lambda _
+ ;; Do not compress the egg.
+ ;; See <http://bugs.gnu.org/20765>.
+ (let ((port (open-file "setup.cfg" "a")))
+ (display "\n[easy_install]\nzip_ok = 0\n"
+ port)
+ (close-port port)
+ #t)))
+ (add-after 'install 'docs
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (man (string-append out "/share/man/man1"))
+ (info (string-append out "/info")))
+ (and (zero? (system* "make" "-C" "docs" "man" "info"))
+ (install-file "docs/_build/texinfo/acme-python.info" info)
+ (install-file "docs/_build/man/acme-python.1" man)
+ #t)))))))
+ ;; TODO: Add optional inputs for testing.
(native-inputs
- `(("python2-mock" ,python2-mock)
- ("python2-setuptools" ,python2-setuptools)))
+ `(("python-mock" ,python-mock)
+ ;; For documentation
+ ("python-sphinx" ,python-sphinx)
+ ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
+ ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
+ ("python-setuptools" ,python-setuptools)
+ ("texinfo" ,texinfo)))
(propagated-inputs
- `(("python2-ndg-httpsclient" ,python2-ndg-httpsclient)
- ("python2-werkzeug" ,python2-werkzeug)
- ("python2-six" ,python2-six)
- ("python2-requests" ,python2-requests)
- ("python2-pytz" ,python2-pytz)
- ("python2-pyrfc3339" ,python2-pyrfc3339)
- ("python2-pyasn1" ,python2-pyasn1)
- ("python2-cryptography" ,python2-cryptography)
- ("python2-pyopenssl" ,python2-pyopenssl)))
+ `(("python-ndg-httpsclient" ,python-ndg-httpsclient)
+ ("python-werkzeug" ,python-werkzeug)
+ ("python-six" ,python-six)
+ ("python-requests" ,python-requests)
+ ("python-pytz" ,python-pytz)
+ ("python-pyrfc3339" ,python-pyrfc3339)
+ ("python-pyasn1" ,python-pyasn1)
+ ("python-cryptography" ,python-cryptography)
+ ("python-pyopenssl" ,python-pyopenssl)))
(home-page "https://github.com/letsencrypt/letsencrypt")
(synopsis "ACME protocol implementation in Python")
(description "ACME protocol implementation in Python")
(license license:asl2.0)))
-(define-public letsencrypt
+(define-public python2-acme
+ (package-with-python2 python-acme))
+
+(define-public certbot
(package
- (name "letsencrypt")
- (version "0.1.0")
+ (name "certbot")
+ (version "0.8.1")
(source (origin
(method url-fetch)
- (uri (string-append "https://pypi.python.org/packages/source/l/"
- "letsencrypt/letsencrypt-" version ".tar.gz"))
+ (uri (string-append
+ "https://pypi.python.org/packages/"
+ "a2/3b/4756e6a0ceb14e084042a2a65c615d68d25621c6fd446d0fc10d14c4ce7d/"
+ name "-" version ".tar.gz"))
(sha256
(base32
- "1zb96xz32k6ai41h5m1l22qi47y71dq69dcmbz7vfm6jfrhjgxl1"))))
+ "0w972cf2mk74aji5d8dylg3jw6wczg01gb4asf3ndv8c64yxza3c"))))
(build-system python-build-system)
(arguments
- `(#:python ,python-2))
- ;; TODO: Add optional inputs for testing building documentation.
+ `(#:python ,python-2
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'build 'docs
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (man1 (string-append out "/share/man/man1"))
+ (man7 (string-append out "/share/man/man7"))
+ (info (string-append out "/info")))
+ (and
+ (zero? (system* "make" "-C" "docs" "man" "info"))
+ (install-file "docs/_build/texinfo/Certbot.info" info)
+ (install-file "docs/_build/man/certbot.1" man1)
+ (install-file "docs/_build/man/certbot.7" man7)
+ #t)))))))
+ ;; TODO: Add optional inputs for testing.
(native-inputs
`(("python2-nose" ,python2-nose)
- ("python2-mock" ,python2-mock)))
+ ("python2-mock" ,python2-mock)
+ ;; For documentation
+ ("python2-sphinx" ,python2-sphinx)
+ ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
+ ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
+ ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
+ ("texinfo" ,texinfo)))
(propagated-inputs
- `(("acme" ,acme)
+ `(("python2-acme" ,python2-acme)
("python2-zope-interface" ,python2-zope-interface)
("python2-pythondialog" ,python2-pythondialog)
("python2-pyrfc3339" ,python2-pyrfc3339)
(description "Tool to automatically receive and install X.509 certificates
to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which
will be issuing browser-trusted certificates for free.")
- (home-page "https://letsencrypt.org/")
+ (home-page "https://certbot.eff.org/")
(license license:asl2.0)))
+(define-public letsencrypt
+ (package (inherit certbot)
+ (name "letsencrypt")))
+
(define-public perl-net-ssleay
(package
(name "perl-net-ssleay")
servers or clients for more complicated applications.")
(license (package-license perl))
(home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
+
+(define-public perl-crypt-openssl-rsa
+ (package
+ (name "perl-crypt-openssl-rsa")
+ (version "0.28")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
+ version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
+ (build-system perl-build-system)
+ (inputs
+ `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
+ ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
+ ("openssl" ,openssl)))
+ (arguments perl-crypt-arguments)
+ (home-page
+ "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
+ (synopsis
+ "RSA encoding and decoding, using the openSSL libraries")
+ (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
+OpenSSL libraries).")
+ (license (package-license perl))))
+
+(define perl-crypt-arguments
+ `(#:phases (modify-phases %standard-phases
+ (add-before 'configure 'patch-Makefile.PL
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "Makefile.PL"
+ (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
+ (assoc-ref inputs "openssl")
+ "/lib -lcrypto'],")))
+ #t)))))
+
+(define-public perl-crypt-openssl-bignum
+ (package
+ (name "perl-crypt-openssl-bignum")
+ (version "0.06")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
+ version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
+ (build-system perl-build-system)
+ (inputs `(("openssl" ,openssl)))
+ (arguments perl-crypt-arguments)
+ (home-page
+ "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
+ (synopsis
+ "OpenSSL's multiprecision integer arithmetic in Perl")
+ (description "Crypt::OpenSSL::Bignum provides multiprecision integer
+arithmetic in Perl.")
+ ;; At your option either gpl1+ or the Artistic License
+ (license (package-license perl))))
+
+(define-public perl-crypt-openssl-random
+ (package
+ (name "perl-crypt-openssl-random")
+ (version "0.11")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
+ version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
+ (build-system perl-build-system)
+ (inputs `(("openssl" ,openssl)))
+ (arguments perl-crypt-arguments)
+ (home-page
+ "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
+ (synopsis
+ "OpenSSL/LibreSSL pseudo-random number generator access")
+ (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
+number generator")
+ (license (package-license perl))))