;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu packages guile)
#:use-module (gnu packages libffi)
#:use-module (gnu packages libidn)
+ #:use-module (gnu packages linux)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages nettle)
#:use-module (gnu packages perl)
(define-public libtasn1
(package
(name "libtasn1")
- (version "4.7")
+ (version "4.8")
(source
(origin
(method url-fetch)
version ".tar.gz"))
(sha256
(base32
- "1j8iixynchziw1y39lnibyl5h81m4p78w3i4f28q2vgwjgf801x4"))))
+ "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(home-page "http://www.gnu.org/software/libtasn1/")
(define-public gnutls
(package
(name "gnutls")
- (version "3.4.7")
+ (version "3.5.2")
(source (origin
(method url-fetch)
(uri
"/gnutls-" version ".tar.xz"))
(sha256
(base32
- "0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1"))))
+ "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
"debug"
"doc")) ;4.1 MiB of man pages
(native-inputs
- `(("pkg-config" ,pkg-config)
+ `(("net-tools" ,net-tools)
+ ("pkg-config" ,pkg-config)
("which" ,which)))
(inputs
`(("guile" ,guile-2.0)
("libidn" ,libidn)
("nettle" ,nettle)
("zlib" ,zlib)))
- (home-page "http://www.gnu.org/software/gnutls/")
+ (home-page "https://www.gnu.org/software/gnutls/")
(synopsis "Transport layer security library")
(description
"GnuTLS is a secure communications library implementing the SSL, TLS
and DTLS protocols. It is provided in the form of a C library to support the
protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
required structures.")
- (license license:lgpl2.1+)))
+ (license license:lgpl2.1+)
+ (properties '((ftp-server . "ftp.gnutls.org")
+ (ftp-directory . "/gcrypt/gnutls")))))
(define-public openssl
(package
- (replacement openssl-1.0.2g)
(name "openssl")
- (version "1.0.2f")
+ (version "1.0.2h")
(source (origin
- (method url-fetch)
- (uri (list (string-append "ftp://ftp.openssl.org/source/"
- name "-" version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/"
- (string-trim-right version char-set:letter)
- "/" name "-" version ".tar.gz")))
- (sha256
- (base32
- "171fkdg9v6j29d962nh6kb79kfm8kkhy7n9makw39d7jvvj4wawk"))
- (patches (map search-patch
- '("openssl-runpath.patch"
- "openssl-c-rehash.patch")))))
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+ (patches (search-patches "openssl-runpath.patch"
+ "openssl-c-rehash-in.patch"
+ "openssl-CVE-2016-2177.patch"
+ "openssl-CVE-2016-2178.patch"))))
(build-system gnu-build-system)
+ (outputs '("out"
+ "doc" ;1.5MiB of man3 pages
+ "static")) ;6MiB of .a files
(native-inputs `(("perl" ,perl)))
(arguments
- `(#:parallel-build? #f
+ `(#:disallowed-references (,perl)
+ #:parallel-build? #f
#:parallel-tests? #f
#:test-target "test"
+
+ ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
+ ;; so we explicitly disallow it here.
+ #:disallowed-references ,(list (canonical-package perl))
#:phases
(modify-phases %standard-phases
(add-before
(find-files (string-append out "/lib")
"\\.so"))
#t)))
+ (add-after 'install 'move-static-libraries
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move static libraries to the "static" output.
+ (let* ((out (assoc-ref outputs "out"))
+ (lib (string-append out "/lib"))
+ (static (assoc-ref outputs "static"))
+ (slib (string-append static "/lib")))
+ (mkdir-p slib)
+ (for-each (lambda (file)
+ (install-file file slib)
+ (delete-file file))
+ (find-files lib "\\.a$"))
+ #t)))
+ (add-after 'install 'move-man3-pages
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move section 3 man pages to "doc".
+ (let* ((out (assoc-ref outputs "out"))
+ (man3 (string-append out "/share/man/man3"))
+ (doc (assoc-ref outputs "doc"))
+ (target (string-append doc "/share/man/man3")))
+ (mkdir-p target)
+ (for-each (lambda (file)
+ (rename-file file
+ (string-append target "/"
+ (basename file))))
+ (find-files man3))
+ #t)))
(add-before
'patch-source-shebangs 'patch-tests
(lambda* (#:key inputs native-inputs #:allow-other-keys)
(license license:openssl)
(home-page "http://www.openssl.org/")))
-(define openssl-1.0.2g
+(define-public openssl-next
(package
(inherit openssl)
- (replacement #f)
- (source
- (let ((name "openssl") (version "1.0.2g"))
- (origin
- (method url-fetch)
- (uri (list (string-append "ftp://ftp.openssl.org/source/"
- name "-" version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/"
- (string-trim-right version char-set:letter)
- "/" name "-" version ".tar.gz")))
- (sha256
- (base32
- "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
- (patches (map search-patch
- '("openssl-runpath.patch"
- "openssl-c-rehash-in.patch"))))))))
+ (name "openssl")
+ (version "1.1.0")
+ (source (origin
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
+ (sha256
+ (base32
+ "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm"))))
+ (outputs '("out"
+ "doc" ;1.3MiB of man3 pages
+ "static")) ; 5.5MiB of .a files
+ (arguments
+ (substitute-keyword-arguments (package-arguments openssl)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (delete 'patch-tests) ; These two phases are not needed by
+ (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
+
+ (add-after 'configure 'patch-runpath
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
+ (substitute* "Makefile.shared"
+ (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}")
+ (string-append "$${SHAREDCMD} $${SHAREDFLAGS}"
+ " -Wl,-rpath," lib)))
+ #t)))))))))
(define-public libressl
(package
(name "libressl")
- (version "2.2.5")
+ (version "2.4.2")
(source
(origin
(method url-fetch)
(uri (string-append
"http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
version ".tar.gz"))
- (sha256 (base32
- "0jwidi7fafcdh5qml72dx0ad0kfsk94qxzm29i7wd3cx8v8dxjp3"))))
+ (sha256
+ (base32
+ "1qyrcyzrrn6r9cqvm66ib72qyr65q4hrdyiq1vb24a6nwmwdg1sz"))))
(build-system gnu-build-system)
(native-search-paths
;; FIXME: These two variables must designate a single file or directory
(define-public python-acme
(package
(name "python-acme")
- (version "0.4.0")
+ (version "0.8.1")
(source (origin
- (method url-fetch)
- (uri (pypi-uri "acme" version))
+ (method url-fetch)
+ (uri (string-append
+ "https://pypi.python.org/packages/"
+ "f5/7a/11a99b5d1d1c692f6eed27cfab69e6ba4d2f0c2a461d2607e6a930ff2c68/"
+ "acme-" version ".tar.gz"))
(sha256
(base32
- "173j2zkslh43fzf3wkl1jdzfjry361m0mhlc3jpwp7hk7lrclzjg"))))
+ "17vx2miczpd8ww4xizmc0nca2c7jf04wnhfnswx2bxhb537lmsnk"))))
(build-system python-build-system)
(arguments
`(#:phases
(define-public python2-acme
(package-with-python2 python-acme))
-(define-public letsencrypt
+(define-public certbot
(package
- (name "letsencrypt")
- (version "0.4.0")
+ (name "certbot")
+ (version "0.8.1")
(source (origin
(method url-fetch)
- (uri (pypi-uri "letsencrypt" version))
+ (uri (string-append
+ "https://pypi.python.org/packages/"
+ "a2/3b/4756e6a0ceb14e084042a2a65c615d68d25621c6fd446d0fc10d14c4ce7d/"
+ name "-" version ".tar.gz"))
(sha256
(base32
- "1wwq8yvfdybf4d0gv4yfddkrg865s7rhng5xg563kks4wza1a2wp"))))
+ "0w972cf2mk74aji5d8dylg3jw6wczg01gb4asf3ndv8c64yxza3c"))))
(build-system python-build-system)
(arguments
`(#:python ,python-2
#:phases
(modify-phases %standard-phases
- (add-after 'install 'docs
+ (add-after 'build 'docs
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(man1 (string-append out "/share/man/man1"))
(man7 (string-append out "/share/man/man7"))
(info (string-append out "/info")))
- (substitute* "docs/man/letsencrypt.rst"
- (("letsencrypt --help all")
- (string-append out "/bin/letsencrypt" " --help all")))
(and
(zero? (system* "make" "-C" "docs" "man" "info"))
- (install-file "docs/_build/texinfo/LetsEncrypt.info" info)
- (install-file "docs/_build/man/letsencrypt.1" man1)
- (install-file "docs/_build/man/letsencrypt.7" man7)
+ (install-file "docs/_build/texinfo/Certbot.info" info)
+ (install-file "docs/_build/man/certbot.1" man1)
+ (install-file "docs/_build/man/certbot.7" man7)
#t)))))))
;; TODO: Add optional inputs for testing.
(native-inputs
(description "Tool to automatically receive and install X.509 certificates
to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which
will be issuing browser-trusted certificates for free.")
- (home-page "https://letsencrypt.org/")
+ (home-page "https://certbot.eff.org/")
(license license:asl2.0)))
+(define-public letsencrypt
+ (package (inherit certbot)
+ (name "letsencrypt")))
+
(define-public perl-net-ssleay
(package
(name "perl-net-ssleay")
servers or clients for more complicated applications.")
(license (package-license perl))
(home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
+
+(define-public perl-crypt-openssl-rsa
+ (package
+ (name "perl-crypt-openssl-rsa")
+ (version "0.28")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/P/PE/PERLER/Crypt-OpenSSL-RSA-"
+ version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "1gnpvv09b2gpifwdzc5jnhama3d1a4c39lzj9hcaicsb8rvzjmsk"))))
+ (build-system perl-build-system)
+ (inputs
+ `(("perl-crypt-openssl-bignum" ,perl-crypt-openssl-bignum)
+ ("perl-crypt-openssl-random" ,perl-crypt-openssl-random)
+ ("openssl" ,openssl)))
+ (arguments perl-crypt-arguments)
+ (home-page
+ "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
+ (synopsis
+ "RSA encoding and decoding, using the openSSL libraries")
+ (description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
+OpenSSL libraries).")
+ (license (package-license perl))))
+
+(define perl-crypt-arguments
+ `(#:phases (modify-phases %standard-phases
+ (add-before 'configure 'patch-Makefile.PL
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "Makefile.PL"
+ (("'LIBS'.*=>.*") (string-append "'LIBS' => ['-L"
+ (assoc-ref inputs "openssl")
+ "/lib -lcrypto'],")))
+ #t)))))
+
+(define-public perl-crypt-openssl-bignum
+ (package
+ (name "perl-crypt-openssl-bignum")
+ (version "0.06")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/K/KM/KMX/Crypt-OpenSSL-Bignum-"
+ version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67"))))
+ (build-system perl-build-system)
+ (inputs `(("openssl" ,openssl)))
+ (arguments perl-crypt-arguments)
+ (home-page
+ "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
+ (synopsis
+ "OpenSSL's multiprecision integer arithmetic in Perl")
+ (description "Crypt::OpenSSL::Bignum provides multiprecision integer
+arithmetic in Perl.")
+ ;; At your option either gpl1+ or the Artistic License
+ (license (package-license perl))))
+
+(define-public perl-crypt-openssl-random
+ (package
+ (name "perl-crypt-openssl-random")
+ (version "0.11")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/R/RU/RURBAN/Crypt-OpenSSL-Random-"
+ version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "0yjcabkibrkafywvdkmd1xpi6br48skyk3l15ni176wvlg38335v"))))
+ (build-system perl-build-system)
+ (inputs `(("openssl" ,openssl)))
+ (arguments perl-crypt-arguments)
+ (home-page
+ "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
+ (synopsis
+ "OpenSSL/LibreSSL pseudo-random number generator access")
+ (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
+number generator")
+ (license (package-license perl))))
HCoop / jackhill / guix / guix.git / blobdiff