;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016, 2017, 2018 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2017, 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
-;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
-;;; Copyright © 2016, 2017 Nils Gillmann <ng0@n0.is>
-;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 ng0 <ng0@n0.is>
+;;; Copyright © 2016, 2017, 2019 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
;;; Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2018 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;; Copyright © 2018 Nicolò Balzarotti <nicolo@nixo.xyz>
+;;; Copyright © 2018 Tim Gesthuizen <tim.gesthuizen@yahoo.de>
+;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz>
+;;; Copyright © 2019 Tanguy Le Carrour <tanguy@bioneland.org>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
#:use-module (gnu packages cryptsetup)
- #:use-module (gnu packages databases)
#:use-module (gnu packages gettext)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages image)
#:use-module (gnu packages libbsd)
#:use-module (gnu packages libffi)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages lsof)
#:use-module (gnu packages nettle)
#:use-module (gnu packages password-utils)
#:use-module (gnu packages perl)
#:use-module (gnu packages perl-check)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
+ #:use-module (gnu packages python-xyz)
#:use-module (gnu packages readline)
#:use-module (gnu packages search)
#:use-module (gnu packages serialization)
#:use-module (gnu packages shells)
+ #:use-module (gnu packages sqlite)
#:use-module (gnu packages tcl)
#:use-module (gnu packages tls)
#:use-module (gnu packages xml)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (guix build-system perl)
+ #:use-module (guix build utils)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26))
(define-public libsodium
(package
(name "libsodium")
- (version "1.0.16")
+ (version "1.0.18")
(source (origin
(method url-fetch)
(uri (list (string-append
"releases/old/libsodium-" version ".tar.gz")))
(sha256
(base32
- "0cq5pn7qcib7q70mm1lgjwj75xdxix27v0xl1xl0kvxww7hwgbgf"))))
+ "1h9ncvj23qbbni958knzsli8dvybcswcjbx0qjjgi922nf848l3g"))))
(build-system gnu-build-system)
(synopsis "Portable NaCl-based crypto library")
(description
(define-public signify
(package
(name "signify")
- (version "24")
+ (version "27")
+ (home-page "https://github.com/aperezdc/signify")
(source (origin
(method url-fetch)
- (uri (string-append "https://github.com/aperezdc/signify/"
- "archive/v" version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
+ (uri (string-append "https://github.com/aperezdc/signify/releases"
+ "/download/v" version "/signify-" version ".tar.xz"))
(sha256
(base32
- "0594vyvkq176xxzaz9xbq8qs0xdnr8s9gkd1prblwpdvnzmw0xvc"))))
+ "0ngjsqz95yb0knlw9zs02fnclif40s63r1mydgiv17ii3mds82df"))))
(build-system gnu-build-system)
;; TODO Build with libwaive (described in README.md), to implement something
;; like OpenBSD's pledge().
(description "The signify utility creates and verifies cryptographic
signatures using the elliptic curve Ed25519. This is a Linux port of the
OpenBSD tool of the same name.")
- (home-page "https://github.com/aperezdc/signify")
;; This package includes third-party code that was originally released under
;; various non-copyleft licenses. See the source files for clarification.
(license (list license:bsd-3 license:bsd-4 license:expat license:isc
"See base64.c in the distribution for
the license from IBM.")))))
-
-(define-public opendht
- (package
- (name "opendht")
- (version "0.6.1")
- (source
- (origin
- (method url-fetch)
- (uri
- (string-append
- "https://github.com/savoirfairelinux/" name
- "/archive/" version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
- (modules '((guix build utils)))
- (snippet
- '(begin
- (delete-file-recursively "src/argon2")
- (substitute* "src/Makefile.am"
- (("./argon2/libargon2.la") "")
- (("SUBDIRS = argon2") ""))
- (substitute* "src/crypto.cpp"
- (("argon2/argon2.h") "argon2.h"))
- (substitute* "configure.ac"
- (("src/argon2/Makefile") ""))
- #t))
- (sha256
- (base32
- "09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x"))))
- (build-system gnu-build-system)
- (inputs
- `(("gnutls" ,gnutls)
- ("nettle" ,nettle)
- ("readline" ,readline)
- ("argon2" ,argon2)))
- (propagated-inputs
- `(("msgpack" ,msgpack))) ;included in several installed headers
- (native-inputs
- `(("autoconf" ,autoconf)
- ("pkg-config" ,pkg-config)
- ("automake" ,automake)
- ("libtool" ,libtool)))
- (arguments
- `(#:configure-flags '("--disable-tools" "--disable-python")
- #:phases (modify-phases %standard-phases
- (add-after 'unpack 'autoconf
- (lambda _
- (zero? (system* "autoreconf" "-vfi")))))))
- (home-page "https://github.com/savoirfairelinux/opendht/")
- (synopsis "Distributed Hash Table (DHT) library")
- (description "OpenDHT is a Distributed Hash Table (DHT) library. It may
-be used to manage peer-to-peer network connections as needed for real time
-communication.")
- (license license:gpl3)))
-
(define-public encfs
(package
(name "encfs")
(add-after 'unpack 'unpack-googletest
(lambda* (#:key inputs #:allow-other-keys)
(mkdir-p "vendor/github.com/google/googletest")
- (invoke "tar" "xvf" (assoc-ref inputs "googletest-source")
- "-C" "vendor/github.com/google/googletest"
- "--strip-components=1")))
+ (copy-recursively (assoc-ref inputs "googletest-source")
+ "vendor/github.com/google/googletest")
+ #t))
+ (add-before 'configure 'patch-CMakeLists.txt
+ (lambda _
+ ;; Prevent CMake from adding libc on the system include path.
+ ;; Otherwise it will interfere with the libc used by GCC and
+ ;; ultimately cause #include_next errors.
+ (substitute* "CMakeLists.txt"
+ (("include_directories \\(SYSTEM \\$\\{Intl_INCLUDE_DIRS\\}\\)")
+ ""))
+ #t))
(add-before 'check 'make-unittests
(lambda _
(invoke "make" "unittests"))))))
(define-public keyutils
(package
(name "keyutils")
- (version "1.5.11")
+ (version "1.6")
(source
(origin
(method url-fetch)
version ".tar.bz2"))
(sha256
(base32
- "1ddig6j5xjyk6g9l2wlqc7k1cgvryxdqbsv3c9rk1p3f42448n0i"))
+ "05bi5ja6f3h3kdi7p9dihlqlfrsmi1wh1r2bdgxc0180xh6g5bnk"))
(modules '((guix build utils)))
;; Create relative symbolic links instead of absolute ones to /lib/*.
(snippet '(begin
(delete 'configure)
(replace 'check
(lambda _
- (and
- (zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
- "3-6" "top150adjectives.txt" "3-6"))
- (zero? (system* "./eschalot" "-r" "^guix|^guixsd"))
- (zero? (system* "./eschalot" "-r" "^gnu|^free"))
- (zero? (system* "./eschalot" "-r" "^cyber|^hack"))
- (zero? (system* "./eschalot" "-r" "^troll")))))
+ (invoke "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
+ "3-6" "top150adjectives.txt" "3-6")
+ (invoke "./eschalot" "-r" "^guix|^guixsd")
+ (invoke "./eschalot" "-r" "^gnu|^free")
+ (invoke "./eschalot" "-r" "^cyber|^hack")
+ (invoke "./eschalot" "-r" "^troll")))
;; Make install can not create the bin dir, create it.
(add-before 'install 'create-bin-dir
(lambda* (#:key outputs #:allow-other-keys)
(define-public tomb
(package
(name "tomb")
- (version "2.5")
+ (version "2.7")
(source (origin
(method url-fetch)
(uri (string-append "https://files.dyne.org/tomb/"
"Tomb-" version ".tar.gz"))
(sha256
(base32
- "12c6qldngaw520gvb02inzkhnxbl4k0dwmddrgnaf7xashy6j0wc"))))
+ "0x3al02796vx1cvy6y6h685c367qx70dwv471g0hmks2gr10f0cn"))
+ (patches (search-patches "tomb-fix-errors-on-open.patch"))))
(build-system gnu-build-system)
(native-inputs `(("sudo" ,sudo))) ;presence needed for 'check' phase
(inputs
("cryptsetup" ,cryptsetup)
("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4
("gettext" ,gettext-minimal) ;used at runtime
+ ("lsof" ,lsof)
("mlocate" ,mlocate)
("pinentry" ,pinentry)
("qrencode" ,qrencode)
("util-linux" ,util-linux)))
(arguments
`(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+ ;; The "sudo" input is needed only to satisfy dependency checks in the
+ ;; 'check' phase. The "sudo" used at runtime should come from the
+ ;; system's setuid-programs, so ensure no reference is kept.
+ #:disallowed-references (,sudo)
;; TODO: Build and install gtk and qt trays
#:phases
(modify-phases %standard-phases
- (delete 'configure) ;no configuration to be done
+ (delete 'configure) ;no configuration to be done
(add-after 'install 'i18n
(lambda* (#:key make-flags #:allow-other-keys)
(apply invoke "make" "-C" "extras/translations"
,@(map (lambda (program)
(or (and=> (which program) dirname)
(error "program not found:" program)))
- '("seq" "mkfs.ext4" "pinentry" "sudo"
- "gpg" "cryptsetup" "gettext"
+ '("seq" "mkfs.ext4" "pinentry"
+ "gpg" "cryptsetup" "gettext" "lsof"
"qrencode" "steghide" "findmnt")))))
#t)))
(delete 'check)
`(("openssl" ,openssl)))
(home-page "https://www.tarsnap.com/scrypt.html")
(synopsis "Memory-hard encryption tool based on scrypt")
- (description "This packages provides a simple password-based encryption
+ (description "This package provides a simple password-based encryption
utility as a demonstration of the @code{scrypt} key derivation function.
@code{Scrypt} is designed to be far more resistant against hardware brute-force
attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
(define-public perl-crypt-random-source
(package
(name "perl-crypt-random-source")
- (version "0.12")
+ (version "0.14")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
"Crypt-Random-Source-" version ".tar.gz"))
(sha256
- (base32
- "00mw5m52sbz9nqp3f6axyrgcrihqxn7k8gv0vi1kvm1j1nc9g29h"))))
+ (base32 "1rpdds3sy5l1fhngnkrsgwsmwd54wpicx3i9ds69blcskwkcwkpc"))))
(build-system perl-build-system)
(native-inputs
`(("perl-module-build-tiny" ,perl-module-build-tiny)
- ("perl-test-exception" ,perl-test-exception)))
+ ("perl-test-fatal" ,perl-test-fatal)))
(propagated-inputs
`(("perl-capture-tiny" ,perl-capture-tiny)
("perl-module-find" ,perl-module-find)
(define-public crypto++
(package
(name "crypto++")
- (version "6.0.0")
+ (version "8.0.0")
(source (origin
(method url-fetch/zipbomb)
(uri (string-append "https://cryptopp.com/cryptopp"
".zip"))
(sha256
(base32
- "1nidm6xbdza5cbgf5md2zznmaq692rfyjasycwipl6rzdfwjvb34"))))
+ "0b5qrsm4jhy4nzxgrm13nixhvbswr242plx1jw6r4sw492rqkzdv"))))
(build-system gnu-build-system)
(arguments
`(#:make-flags
- (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+ (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+ ;; Override "/sbin/ldconfig" with simply "echo" since
+ ;; we don't need ldconfig(8).
+ "LDCONF=echo")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'disable-native-optimisation
(substitute* "GNUmakefile"
((" -march=native") ""))
#t))
- (delete 'configure))))
+ (delete 'configure)
+ (add-after 'build 'build-shared
+ (lambda _
+ ;; By default, only the static library is built.
+ (invoke "make" "shared")))
+ (add-after 'install 'install-pkg-config
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (pkg-dir (string-append out "/lib/pkgconfig")))
+ (mkdir-p pkg-dir)
+ (with-output-to-file (string-append pkg-dir "/libcrypto++.pc")
+ (lambda _
+ (display
+ (string-append
+ "prefix=" out "\n"
+ "libdir=" out "/lib\n"
+ "includedir=" out "/include\n\n"
+ "Name: libcrypto++-" ,version "\n"
+ "Description: Class library of cryptographic schemes"
+ "Version: " ,version "\n"
+ "Libs: -L${libdir} -lcryptopp\n"
+ "Cflags: -I${includedir}\n"))))))))))
(native-inputs
`(("unzip" ,unzip)))
(home-page "https://cryptopp.com/")
(define-public libb2
(package
(name "libb2")
- (version "0.98")
+ (version "0.98.1")
(source (origin
(method url-fetch)
(uri (string-append
version "/libb2-" version ".tar.gz"))
(sha256
(base32
- "0vq39cvwy05754l565xl11rqr2jvjb6ykjzca886vi9vm71y0sg8"))))
+ "0bn7yrzdixdvzm46shbhpkqbr6zyqyxiqn7a7x54ag3mrvfnyqjk"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(define-public rhash
(package
(name "rhash")
- (version "1.3.6")
+ (version "1.3.8")
(source
(origin
(method url-fetch)
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "14ngzfgmd1lfp7m78sn49x8ymf2s37nrr67c6p5vas85nrrgjkcn"))))
+ "0k60ywyhwqwqxa2q2l85vwgf884hcgy31nxir3dqgz7ymib6llxy"))))
(build-system gnu-build-system)
(arguments
`(#:make-flags
(lambda* (#:key make-flags #:allow-other-keys)
(apply invoke
"make" "-C" "librhash"
- "install-headers" "install-so-link"
+ "install-lib-headers" "install-so-link"
make-flags))))))
(home-page "https://sourceforge.net/projects/rhash/")
(synopsis "Utility for computing hash sums")
(define-public botan
(package
(name "botan")
- (version "2.7.0")
+ (version "2.12.1")
(source (origin
(method url-fetch)
(uri (string-append "https://botan.randombit.net/releases/"
- "Botan-" version ".tgz"))
+ "Botan-" version ".tar.xz"))
(sha256
(base32
- "142aqabwc266jxn8wrp0f1ffrmcvdxwvyh8frb38hx9iaqazjbg4"))))
+ "1ada3ga7b0z4m0vjmxlvfi4nsic2l8kjcy85jwss3z2i58a5y0vy"))))
(build-system gnu-build-system)
(arguments
'(#:phases
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref %outputs "out"))
(lib (string-append out "/lib")))
+ ;; Upstream tests and benchmarks with -O3.
+ (setenv "CXXFLAGS" "-O3")
(invoke "python" "./configure.py"
(string-append "--prefix=" out)
;; Otherwise, the `botan` executable cannot find
;; libbotan.
(string-append "--ldflags=-Wl,-rpath=" lib)
+
+ "--with-os-feature=getentropy"
"--with-rst2man"
+
;; Recommended by upstream
"--with-zlib" "--with-bzip2" "--with-sqlite3"))))
(replace 'check
(lambda _ (invoke "./botan-test"))))))
(native-inputs
- `(("python" ,python-minimal-wrapper)
+ `(("python" ,python-wrapper)
("python-docutils" ,python-docutils)))
(inputs
`(("sqlite" ,sqlite)
("automake" ,automake)
("libtool" ,libtool)))
(inputs
- `(("openssl" ,openssl-next)))
+ `(("openssl" ,openssl)))
(home-page "https://github.com/vstakhov/asignify")
(synopsis "Cryptographic authentication and encryption tool and library")
(description "Asignify offers public cryptographic signatures and
trivial to build for local use. Portability is emphasized over performance.")
(home-page "https://github.com/skeeto/enchive")
(license license:unlicense)))
+
+(define-public libsecp256k1
+ (let ((commit "e34ceb333b1c0e6f4115ecbb80c632ac1042fa49"))
+ (package
+ (name "libsecp256k1")
+ (version (git-version "20181126" "1" commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/bitcoin-core/secp256k1")
+ (commit commit)))
+ (sha256
+ (base32
+ "0as78s179hcr3ysk3fw98k5wzabgnwri7vkkc17wg31lyz6ids6c"))
+ (file-name (git-file-name name version))))
+ (build-system gnu-build-system)
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)))
+ ;; WARNING: This package might need additional configure flags to run properly.
+ ;; See https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/libsecp256k1.
+ (synopsis "C library for EC operations on curve secp256k1")
+ (description
+ "Optimized C library for EC operations on curve secp256k1.
+
+This library is a work in progress and is being used to research best
+practices. Use at your own risk.
+
+Features:
+
+@itemize
+@item secp256k1 ECDSA signing/verification and key generation.
+@item Adding/multiplying private/public keys.
+@item Serialization/parsing of private keys, public keys, signatures.
+@item Constant time, constant memory access signing and pubkey generation.
+@item Derandomized DSA (via RFC6979 or with a caller provided function.)
+@item Very efficient implementation.
+@end itemize\n")
+ (home-page "https://github.com/bitcoin-core/secp256k1")
+ (license license:unlicense))))
+
+(define-public stoken
+ (package
+ (name "stoken")
+ (version "0.92")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://sourceforge/stoken/"
+ "stoken-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0npgr6y85gzwksy8jkwa4yzvqwjprwnplx3yiw3ayk4f0ldlhaxa"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
+ (inputs
+ `(("nettle" ,nettle)
+ ("libxml2" ,libxml2)))
+ (home-page "http://stoken.sf.net")
+ (synopsis "Software Token for cryptographic authentication")
+ (description
+ "@code{stoken} is a token code generator compatible with RSA SecurID
+128-bit (AES) tokens. This package contains a standalone command-line program
+that allows for importing token seeds, generating token codes, and various
+utility/testing functions.")
+ (license license:lgpl2.1+)))
+
+(define-public hpenc
+ (package
+ (name "hpenc")
+ (version "3.0")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/vstakhov/hpenc")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1fb5yi3d2k8kd4zm7liiqagpz610y168xrr1cvn7cbq314jm2my1"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:tests? #f ; No test suite
+ #:make-flags
+ (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+ ;; Build the program and the docs.
+ "SUBDIRS=src doc")
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure) ; No ./configure script
+ (add-after 'unpack 'patch-path
+ (lambda _
+ (substitute* '("src/Makefile" "doc/Makefile")
+ (("/usr/bin/install")
+ "install"))))
+ (add-before 'install 'make-output-directories
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin"))
+ (man1 (string-append out "/share/man/man1")))
+ (mkdir-p bin)
+ (mkdir-p man1)
+ #t))))))
+ (inputs
+ `(("libsodium" ,libsodium)
+ ("openssl" ,openssl)))
+ (synopsis "High-performance command-line tool for stream encryption")
+ (description "Hpenc is a command-line tool for performing authenticated
+encryption (AES-GCM and ChaCha20-Poly1305) of streaming data. It does not
+perform an asymmetric key exchange, instead requiring the user to distribute
+pre-shared keys out of band. It is designed to handle large amounts of data
+quickly by using all your CPU cores and hardware acceleration.")
+ (home-page "https://github.com/vstakhov/hpenc")
+ (license license:bsd-3)))
+
+(define-public minisign
+ (package
+ (name "minisign")
+ (version "0.8")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append "https://github.com/jedisct1/minisign/releases/download/"
+ version "/minisign-" version ".tar.gz"))
+ (sha256
+ (base32
+ "10hhgwxf9rcdlr00shrkcyxndrc22dh5lj8k5z27xg3nc0jba3hk"))))
+ (build-system cmake-build-system)
+ (arguments
+ ; No test suite
+ `(#:tests? #f))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
+ (inputs
+ `(("libsodium" ,libsodium)))
+ (home-page "https://jedisct1.github.io/minisign")
+ (synopsis "Tool to sign files and verify signatures")
+ (description
+ "Minisign is a dead simple tool to sign files and verify signatures. It is
+portable, lightweight, and uses the highly secure Ed25519 public-key signature
+system. Signature written by minisign can be verified using OpenBSD's
+signify tool: public key files and signature files are compatible. However,
+minisign uses a slightly different format to store secret keys. Minisign
+signatures include trusted comments in addition to untrusted comments.
+Trusted comments are signed, thus verified, before being displayed.")
+ (license license:isc)))