X-Git-Url: https://git.hcoop.net/jackhill/guix/guix.git/blobdiff_plain/1e07bd2aa7fd3a112a308ae6cf84603f2effe114..c8535c252776ce7da3310c549d211df74f30559b:/gnu/packages/tls.scm diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index f6746ebe21..00b0bf6ddb 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -4,8 +4,8 @@ ;;; Copyright © 2014 Ian Denhardt ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2015 David Thompson -;;; Copyright © 2015, 2016, 2017, 2018, 2019 Leo Famulari -;;; Copyright © 2016, 2017, 2019, 2020 Efraim Flashner +;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari +;;; Copyright © 2016, 2017, 2019 Efraim Flashner ;;; Copyright © 2016, 2017, 2018 Nikita ;;; Copyright © 2016 Hartmut Goebel ;;; Copyright © 2017 Ricardo Wurmus @@ -125,15 +125,14 @@ in intelligent transportation networks.") (define-public p11-kit (package (name "p11-kit") - (version "0.23.20") + (version "0.23.21") (source (origin (method url-fetch) (uri (string-append "https://github.com/p11-glue/p11-kit/releases/" "download/" version "/p11-kit-" version ".tar.xz")) (sha256 - (base32 - "0131maw666ha4d6iyj13fkz18c4pnb3lw2xwv5kvkmnzqcj61n0l")))) + (base32 "09q6n63qmqcdw6v0fwmhdmsqrcndnp5m9jvby1kxi82wy29s9fpi")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -165,7 +164,8 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (replacement gnutls-3.6.13) + ;; XXX Unversion openconnect's "gnutls" input when ungrafting. + (replacement gnutls-3.6.14) (version "3.6.12") (source (origin (method url-fetch) @@ -181,9 +181,10 @@ living in the same process.") "0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z")))) (build-system gnu-build-system) (arguments - `(,@(if (hurd-target?) '(#:tests? #f) '()) - ; Ensure we don't keep a reference to this buggy software. - #:disallowed-references (,net-tools) + `(#:tests? ,(not (or (%current-target-system) + (hurd-target?))) + ;; Ensure we don't keep a reference to net-tools. + #:disallowed-references ,(if (hurd-target?) '() (list net-tools)) #:configure-flags (list ;; GnuTLS doesn't consult any environment variables to specify @@ -253,20 +254,20 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) -(define-public gnutls-3.6.13 +(define-public gnutls-3.6.14 (package (inherit gnutls) - (version "3.6.13") + (version "3.6.14") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" (version-major+minor version) - "/gnutls-3.6.13.tar.xz")) + "/gnutls-" version ".tar.xz")) (patches (search-patches "gnutls-skip-trust-store-test.patch" "gnutls-cross.patch")) (sha256 (base32 - "0f1gnm0756qms5cpx6yn6xb8d3imc2gkqmygf12n9x6r8zs1s11j")))) + "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n")))) (native-inputs `(,@(if (%current-target-system) ;for cross-build `(("guile" ,guile-3.0)) ;to create .go files @@ -333,25 +334,33 @@ required structures.") #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases - ,@(if (%current-target-system) - '((add-before - 'configure 'set-cross-compile - (lambda* (#:key target outputs #:allow-other-keys) - (setenv "CROSS_COMPILE" (string-append target "-")) - (setenv "CONFIGURE_TARGET_ARCH" - (cond - ((string-prefix? "i586" target) - "hurd-x86") - ((string-prefix? "i686" target) - "linux-x86") - ((string-prefix? "x86_64" target) - "linux-x86_64") - ((string-prefix? "arm" target) - "linux-armv4") - ((string-prefix? "aarch64" target) - "linux-aarch64"))) - #t))) - '()) + ,@(if (%current-target-system) + '((add-before + 'configure 'set-cross-compile + (lambda* (#:key target outputs #:allow-other-keys) + (setenv "CROSS_COMPILE" (string-append target "-")) + (setenv "CONFIGURE_TARGET_ARCH" + (cond + ((string-prefix? "i586" target) + "hurd-x86") + ((string-prefix? "i686" target) + "linux-x86") + ((string-prefix? "x86_64" target) + "linux-x86_64") + ((string-prefix? "mips64el" target) + "linux-mips64") + ((string-prefix? "arm" target) + "linux-armv4") + ((string-prefix? "aarch64" target) + "linux-aarch64") + ((string-prefix? "powerpc64le" target) + "linux-ppc64le") + ((string-prefix? "powerpc64" target) + "linux-ppc64") + ((string-prefix? "powerpc" target) + "linux-ppc"))) + #t))) + '()) (replace 'configure (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) @@ -362,8 +371,8 @@ required structures.") (string-append (assoc-ref %build-inputs "coreutils") "/bin/env"))) (invoke ,@(if (%current-target-system) - '("./Configure") - '("./config")) + '("./Configure") + '("./config")) "shared" ;build shared libraries "--libdir=lib" @@ -375,9 +384,9 @@ required structures.") (string-append "--prefix=" out) (string-append "-Wl,-rpath," lib) - ,@(if (%current-target-system) - '((getenv "CONFIGURE_TARGET_ARCH")) - '()))))) + ,@(if (%current-target-system) + '((getenv "CONFIGURE_TARGET_ARCH")) + '()))))) (add-after 'install 'move-static-libraries (lambda* (#:key outputs #:allow-other-keys) ;; Move static libraries to the "static" output. @@ -543,14 +552,14 @@ required structures.") (define-public libressl (package (name "libressl") - (version "3.0.2") + (version "3.1.4") (source (origin (method url-fetch) (uri (string-append "mirror://openbsd/LibreSSL/" "libressl-" version ".tar.gz")) (sha256 (base32 - "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz")))) + "1dnbbnr43jashxivnafmh9gnn57c7ayva788ba03z633k6f18k21")))) (build-system gnu-build-system) (arguments ;; Do as if 'getentropy' was missing since older Linux kernels lack it @@ -585,13 +594,13 @@ netcat implementation that supports TLS.") (package (name "python-acme") ;; Remember to update the hash of certbot when updating python-acme. - (version "1.3.0") + (version "1.8.0") (source (origin (method url-fetch) (uri (pypi-uri "acme" version)) (sha256 (base32 - "03fjmg0fgfy7xfn3i8rzn9i0i4amajmijkash84qb8mlphgrxpn0")))) + "0b80qmlchf8f071nrrh4ihq64cwicn9rshs34snp73952iyhd3dd")))) (build-system python-build-system) (arguments `(#:phases @@ -642,7 +651,7 @@ netcat implementation that supports TLS.") (uri (pypi-uri "certbot" version)) (sha256 (base32 - "1n5i0k6kwmd6wvivshfl3k4djwcpwx390c39xmr2hhrgpk5r285w")))) + "1r2k54d2k2smn4c3lpd0z6gdzfqk4654kwbh1p8wqhv5mwbcads8")))) (build-system python-build-system) (arguments `(,@(substitute-keyword-arguments (package-arguments python-acme) @@ -890,22 +899,29 @@ then ported to the GNU / Linux environment.") (define-public mbedtls-apache (package (name "mbedtls-apache") - (version "2.16.6") + ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha + ;; when updating. + (version "2.23.0") (source (origin - (method url-fetch) - ;; XXX: The download links on the website are script redirection links - ;; which effectively lead to the format listed in the uri here. - (uri (string-append "https://tls.mbed.org/download/mbedtls-" - version "-apache.tgz")) + (method git-fetch) + (uri (git-reference + (url "https://github.com/ARMmbed/mbedtls") + (commit (string-append "mbedtls-" version)))) (sha256 - (base32 - "0w0p51vx0cc6fyqfdn59669q6n4187vi64fw5ha302hrlqimwib6")))) + (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62")) + (file-name (git-file-name name version)))) (build-system cmake-build-system) (arguments `(#:configure-flags (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON" - "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF"))) + "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'make-source-writable + (lambda _ + (for-each make-file-writable (find-files ".")) + #t))))) (native-inputs `(("perl" ,perl) ("python" ,python))) @@ -924,17 +940,19 @@ coding footprint.") (package (inherit mbedtls-apache) (arguments - (substitute-keyword-arguments - `(#:phases - (modify-phases %standard-phases - (add-after 'configure 'configure-extra-features - (lambda _ - (for-each (lambda (feature) - (invoke "scripts/config.pl" "set" feature)) - (list "MBEDTLS_THREADING_C" - "MBEDTLS_THREADING_PTHREAD")) - #t))) - ,@(package-arguments mbedtls-apache))))))) + (substitute-keyword-arguments (package-arguments mbedtls-apache) + ((#:phases phases) + `(modify-phases ,phases + (add-before 'configure 'configure-extra-features + (lambda _ + (for-each (lambda (feature) + (invoke "scripts/config.pl" "set" feature)) + (list "MBEDTLS_THREADING_C" + "MBEDTLS_THREADING_PTHREAD")) + ;; XXX The above enables code that breaks with -Werror… + (substitute* "CMakeLists.txt" + ((" -Wformat-signedness") "")) + #t))))))))) (define-public dehydrated (package @@ -1021,23 +1039,25 @@ relatively simple Bash script.") (license license:expat))) (define-public go-github-com-certifi-gocertifi - (package - (name "go-github-com-certifi-gocertifi") - (version "2020.02.11") - (source (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/certifi/gocertifi") - (commit version))) - (file-name (git-file-name name version)) - (sha256 - (base32 - "018bsy1vclsdk2kns9f37giabibg3kggk3vpj0yr3dv0k72gzybk")))) - (build-system go-build-system) - (arguments - '(#:import-path "github.com/certifi/gocertifi")) - (synopsis "X.509 TLS root certificate bundle for Go") - (description "This package is a Go language X.509 TLS root certificate bundle, + (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec") + (revision "1")) + (package + (name "go-github-com-certifi-gocertifi") + (version (git-version "2018.01.18" revision commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/certifi/gocertifi") + (commit commit))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/certifi/gocertifi")) + (synopsis "X.509 TLS root certificate bundle for Go") + (description "This package is a Go language X.509 TLS root certificate bundle, derived from Mozilla's collection.") - (home-page "https://certifi.io") - (license license:mpl2.0))) + (home-page "https://certifi.io") + (license license:mpl2.0))))