X-Git-Url: https://git.hcoop.net/jackhill/guix/guix.git/blobdiff_plain/8a68b71d99a2cbb0b252cd18fc52e1593aa10acd..9a40a6219280cbb6da0184fa701fffaa53207307:/gnu/packages/crypto.scm diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index e070ef61ac..80c598ed86 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -1,15 +1,19 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 David Thompson -;;; Copyright © 2015, 2017 Ricardo Wurmus -;;; Copyright © 2016, 2017, 2018 Leo Famulari +;;; Copyright © 2015, 2017, 2018, 2019 Ricardo Wurmus +;;; Copyright © 2016, 2017, 2018, 2019 Leo Famulari ;;; Copyright © 2016 Lukas Gradl -;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice -;;; Copyright © 2016, 2017 Nils Gillmann -;;; Copyright © 2016, 2017 Eric Bavier +;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice +;;; Copyright © 2016, 2017 ng0 +;;; Copyright © 2016, 2017, 2019 Eric Bavier ;;; Copyright © 2017 Pierre Langlois ;;; Copyright © 2018 Efraim Flashner ;;; Copyright © 2018 Arun Isaac ;;; Copyright © 2018 Nicolas Goaziou +;;; Copyright © 2018 Nicolò Balzarotti +;;; Copyright © 2018 Tim Gesthuizen +;;; Copyright © 2019 Pierre Neidhardt +;;; Copyright © 2019 Tanguy Le Carrour ;;; ;;; This file is part of GNU Guix. ;;; @@ -36,7 +40,6 @@ #:use-module (gnu packages check) #:use-module (gnu packages compression) #:use-module (gnu packages cryptsetup) - #:use-module (gnu packages databases) #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) #:use-module (gnu packages image) @@ -44,16 +47,19 @@ #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) #:use-module (gnu packages linux) + #:use-module (gnu packages lsof) #:use-module (gnu packages nettle) #:use-module (gnu packages password-utils) #:use-module (gnu packages perl) #:use-module (gnu packages perl-check) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) + #:use-module (gnu packages python-xyz) #:use-module (gnu packages readline) #:use-module (gnu packages search) #:use-module (gnu packages serialization) #:use-module (gnu packages shells) + #:use-module (gnu packages sqlite) #:use-module (gnu packages tcl) #:use-module (gnu packages tls) #:use-module (gnu packages xml) @@ -64,13 +70,14 @@ #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) #:use-module (guix build-system perl) + #:use-module (guix build utils) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26)) (define-public libsodium (package (name "libsodium") - (version "1.0.16") + (version "1.0.18") (source (origin (method url-fetch) (uri (list (string-append @@ -81,7 +88,7 @@ "releases/old/libsodium-" version ".tar.gz"))) (sha256 (base32 - "0cq5pn7qcib7q70mm1lgjwj75xdxix27v0xl1xl0kvxww7hwgbgf")))) + "1h9ncvj23qbbni958knzsli8dvybcswcjbx0qjjgi922nf848l3g")))) (build-system gnu-build-system) (synopsis "Portable NaCl-based crypto library") (description @@ -93,7 +100,7 @@ communication, encryption, decryption, signatures, etc.") (define-public libmd (package (name "libmd") - (version "1.0.0") + (version "1.0.1") (source (origin (method url-fetch) (uri @@ -104,7 +111,7 @@ communication, encryption, decryption, signatures, etc.") version ".tar.xz"))) (sha256 (base32 - "1iv45npzv0gncjgcpx5m081861zdqxw667ysghqb8721yrlyl6pj")))) + "0waclg2d5qin3r26gy5jvy4584ik60njc8pqbzwk0lzq3j9ynkp1")))) (build-system gnu-build-system) (synopsis "Message Digest functions from BSD systems") (description @@ -126,15 +133,15 @@ communication, encryption, decryption, signatures, etc.") (define-public signify (package (name "signify") - (version "23") + (version "27") + (home-page "https://github.com/aperezdc/signify") (source (origin (method url-fetch) - (uri (string-append "https://github.com/aperezdc/signify/" - "archive/v" version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) + (uri (string-append "https://github.com/aperezdc/signify/releases" + "/download/v" version "/signify-" version ".tar.xz")) (sha256 (base32 - "0c70mzawgahsvmsv4xdrass4pgyynd67ipd9lij0fgi8wkq0ns8w")))) + "0ngjsqz95yb0knlw9zs02fnclif40s63r1mydgiv17ii3mds82df")))) (build-system gnu-build-system) ;; TODO Build with libwaive (described in README.md), to implement something ;; like OpenBSD's pledge(). @@ -154,7 +161,6 @@ communication, encryption, decryption, signatures, etc.") (description "The signify utility creates and verifies cryptographic signatures using the elliptic curve Ed25519. This is a Linux port of the OpenBSD tool of the same name.") - (home-page "https://github.com/aperezdc/signify") ;; This package includes third-party code that was originally released under ;; various non-copyleft licenses. See the source files for clarification. (license (list license:bsd-3 license:bsd-4 license:expat license:isc @@ -163,60 +169,6 @@ OpenBSD tool of the same name.") "See base64.c in the distribution for the license from IBM."))))) - -(define-public opendht - (package - (name "opendht") - (version "0.6.1") - (source - (origin - (method url-fetch) - (uri - (string-append - "https://github.com/savoirfairelinux/" name - "/archive/" version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) - (modules '((guix build utils))) - (snippet - '(begin - (delete-file-recursively "src/argon2") - (substitute* "src/Makefile.am" - (("./argon2/libargon2.la") "") - (("SUBDIRS = argon2") "")) - (substitute* "src/crypto.cpp" - (("argon2/argon2.h") "argon2.h")) - (substitute* "configure.ac" - (("src/argon2/Makefile") "")) - #t)) - (sha256 - (base32 - "09yvkmbqbym3b5md4n96qc1s9sf2n8ji404hagih45rmsj49599x")))) - (build-system gnu-build-system) - (inputs - `(("gnutls" ,gnutls) - ("nettle" ,nettle) - ("readline" ,readline) - ("argon2" ,argon2))) - (propagated-inputs - `(("msgpack" ,msgpack))) ;included in several installed headers - (native-inputs - `(("autoconf" ,autoconf) - ("pkg-config" ,pkg-config) - ("automake" ,automake) - ("libtool" ,libtool))) - (arguments - `(#:configure-flags '("--disable-tools" "--disable-python") - #:phases (modify-phases %standard-phases - (add-after 'unpack 'autoconf - (lambda _ - (zero? (system* "autoreconf" "-vfi"))))))) - (home-page "https://github.com/savoirfairelinux/opendht/") - (synopsis "Distributed Hash Table (DHT) library") - (description "OpenDHT is a Distributed Hash Table (DHT) library. It may -be used to manage peer-to-peer network connections as needed for real time -communication.") - (license license:gpl3))) - (define-public encfs (package (name "encfs") @@ -257,9 +209,18 @@ communication.") (add-after 'unpack 'unpack-googletest (lambda* (#:key inputs #:allow-other-keys) (mkdir-p "vendor/github.com/google/googletest") - (invoke "tar" "xvf" (assoc-ref inputs "googletest-source") - "-C" "vendor/github.com/google/googletest" - "--strip-components=1"))) + (copy-recursively (assoc-ref inputs "googletest-source") + "vendor/github.com/google/googletest") + #t)) + (add-before 'configure 'patch-CMakeLists.txt + (lambda _ + ;; Prevent CMake from adding libc on the system include path. + ;; Otherwise it will interfere with the libc used by GCC and + ;; ultimately cause #include_next errors. + (substitute* "CMakeLists.txt" + (("include_directories \\(SYSTEM \\$\\{Intl_INCLUDE_DIRS\\}\\)") + "")) + #t)) (add-before 'check 'make-unittests (lambda _ (invoke "make" "unittests")))))) @@ -278,7 +239,7 @@ the wrong hands.") (define-public keyutils (package (name "keyutils") - (version "1.5.11") + (version "1.6") (source (origin (method url-fetch) @@ -287,7 +248,7 @@ the wrong hands.") version ".tar.bz2")) (sha256 (base32 - "1ddig6j5xjyk6g9l2wlqc7k1cgvryxdqbsv3c9rk1p3f42448n0i")) + "05bi5ja6f3h3kdi7p9dihlqlfrsmi1wh1r2bdgxc0180xh6g5bnk")) (modules '((guix build utils))) ;; Create relative symbolic links instead of absolute ones to /lib/*. (snippet '(begin @@ -353,13 +314,12 @@ secure operations. ") (delete 'configure) (replace 'check (lambda _ - (and - (zero? (system* "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt" - "3-6" "top150adjectives.txt" "3-6")) - (zero? (system* "./eschalot" "-r" "^guix|^guixsd")) - (zero? (system* "./eschalot" "-r" "^gnu|^free")) - (zero? (system* "./eschalot" "-r" "^cyber|^hack")) - (zero? (system* "./eschalot" "-r" "^troll"))))) + (invoke "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt" + "3-6" "top150adjectives.txt" "3-6") + (invoke "./eschalot" "-r" "^guix|^guixsd") + (invoke "./eschalot" "-r" "^gnu|^free") + (invoke "./eschalot" "-r" "^cyber|^hack") + (invoke "./eschalot" "-r" "^troll"))) ;; Make install can not create the bin dir, create it. (add-before 'install 'create-bin-dir (lambda* (#:key outputs #:allow-other-keys) @@ -380,14 +340,15 @@ no man page, refer to the home page for usage details.") (define-public tomb (package (name "tomb") - (version "2.5") + (version "2.7") (source (origin (method url-fetch) (uri (string-append "https://files.dyne.org/tomb/" "Tomb-" version ".tar.gz")) (sha256 (base32 - "12c6qldngaw520gvb02inzkhnxbl4k0dwmddrgnaf7xashy6j0wc")))) + "0x3al02796vx1cvy6y6h685c367qx70dwv471g0hmks2gr10f0cn")) + (patches (search-patches "tomb-fix-errors-on-open.patch")))) (build-system gnu-build-system) (native-inputs `(("sudo" ,sudo))) ;presence needed for 'check' phase (inputs @@ -396,6 +357,7 @@ no man page, refer to the home page for usage details.") ("cryptsetup" ,cryptsetup) ("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4 ("gettext" ,gettext-minimal) ;used at runtime + ("lsof" ,lsof) ("mlocate" ,mlocate) ("pinentry" ,pinentry) ("qrencode" ,qrencode) @@ -403,10 +365,14 @@ no man page, refer to the home page for usage details.") ("util-linux" ,util-linux))) (arguments `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) + ;; The "sudo" input is needed only to satisfy dependency checks in the + ;; 'check' phase. The "sudo" used at runtime should come from the + ;; system's setuid-programs, so ensure no reference is kept. + #:disallowed-references (,sudo) ;; TODO: Build and install gtk and qt trays #:phases (modify-phases %standard-phases - (delete 'configure) ;no configuration to be done + (delete 'configure) ;no configuration to be done (add-after 'install 'i18n (lambda* (#:key make-flags #:allow-other-keys) (apply invoke "make" "-C" "extras/translations" @@ -421,8 +387,8 @@ no man page, refer to the home page for usage details.") ,@(map (lambda (program) (or (and=> (which program) dirname) (error "program not found:" program))) - '("seq" "mkfs.ext4" "pinentry" "sudo" - "gpg" "cryptsetup" "gettext" + '("seq" "mkfs.ext4" "pinentry" + "gpg" "cryptsetup" "gettext" "lsof" "qrencode" "steghide" "findmnt"))))) #t))) (delete 'check) @@ -476,7 +442,7 @@ user's graphical desktop.") `(("openssl" ,openssl))) (home-page "https://www.tarsnap.com/scrypt.html") (synopsis "Memory-hard encryption tool based on scrypt") - (description "This packages provides a simple password-based encryption + (description "This package provides a simple password-based encryption utility as a demonstration of the @code{scrypt} key derivation function. @code{Scrypt} is designed to be far more resistant against hardware brute-force attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.") @@ -569,19 +535,18 @@ generator.") (define-public perl-crypt-random-source (package (name "perl-crypt-random-source") - (version "0.12") + (version "0.14") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/" "Crypt-Random-Source-" version ".tar.gz")) (sha256 - (base32 - "00mw5m52sbz9nqp3f6axyrgcrihqxn7k8gv0vi1kvm1j1nc9g29h")))) + (base32 "1rpdds3sy5l1fhngnkrsgwsmwd54wpicx3i9ds69blcskwkcwkpc")))) (build-system perl-build-system) (native-inputs `(("perl-module-build-tiny" ,perl-module-build-tiny) - ("perl-test-exception" ,perl-test-exception))) + ("perl-test-fatal" ,perl-test-fatal))) (propagated-inputs `(("perl-capture-tiny" ,perl-capture-tiny) ("perl-module-find" ,perl-module-find) @@ -638,7 +603,7 @@ data on your platform, so the seed itself will be as random as possible. (define-public crypto++ (package (name "crypto++") - (version "6.0.0") + (version "8.0.0") (source (origin (method url-fetch/zipbomb) (uri (string-append "https://cryptopp.com/cryptopp" @@ -646,11 +611,14 @@ data on your platform, so the seed itself will be as random as possible. ".zip")) (sha256 (base32 - "1nidm6xbdza5cbgf5md2zznmaq692rfyjasycwipl6rzdfwjvb34")))) + "0b5qrsm4jhy4nzxgrm13nixhvbswr242plx1jw6r4sw492rqkzdv")))) (build-system gnu-build-system) (arguments `(#:make-flags - (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) + (list (string-append "PREFIX=" (assoc-ref %outputs "out")) + ;; Override "/sbin/ldconfig" with simply "echo" since + ;; we don't need ldconfig(8). + "LDCONF=echo") #:phases (modify-phases %standard-phases (add-after 'unpack 'disable-native-optimisation @@ -660,7 +628,28 @@ data on your platform, so the seed itself will be as random as possible. (substitute* "GNUmakefile" ((" -march=native") "")) #t)) - (delete 'configure)))) + (delete 'configure) + (add-after 'build 'build-shared + (lambda _ + ;; By default, only the static library is built. + (invoke "make" "shared"))) + (add-after 'install 'install-pkg-config + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (pkg-dir (string-append out "/lib/pkgconfig"))) + (mkdir-p pkg-dir) + (with-output-to-file (string-append pkg-dir "/libcrypto++.pc") + (lambda _ + (display + (string-append + "prefix=" out "\n" + "libdir=" out "/lib\n" + "includedir=" out "/include\n\n" + "Name: libcrypto++-" ,version "\n" + "Description: Class library of cryptographic schemes" + "Version: " ,version "\n" + "Libs: -L${libdir} -lcryptopp\n" + "Cflags: -I${includedir}\n")))))))))) (native-inputs `(("unzip" ,unzip))) (home-page "https://cryptopp.com/") @@ -673,7 +662,7 @@ data on your platform, so the seed itself will be as random as possible. (define-public libb2 (package (name "libb2") - (version "0.98") + (version "0.98.1") (source (origin (method url-fetch) (uri (string-append @@ -681,7 +670,7 @@ data on your platform, so the seed itself will be as random as possible. version "/libb2-" version ".tar.gz")) (sha256 (base32 - "0vq39cvwy05754l565xl11rqr2jvjb6ykjzca886vi9vm71y0sg8")))) + "0bn7yrzdixdvzm46shbhpkqbr6zyqyxiqn7a7x54ag3mrvfnyqjk")))) (build-system gnu-build-system) (arguments `(#:configure-flags @@ -710,7 +699,7 @@ BLAKE.") (define-public rhash (package (name "rhash") - (version "1.3.6") + (version "1.3.8") (source (origin (method url-fetch) @@ -719,7 +708,7 @@ BLAKE.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "14ngzfgmd1lfp7m78sn49x8ymf2s37nrr67c6p5vas85nrrgjkcn")))) + "0k60ywyhwqwqxa2q2l85vwgf884hcgy31nxir3dqgz7ymib6llxy")))) (build-system gnu-build-system) (arguments `(#:make-flags @@ -738,7 +727,7 @@ BLAKE.") (lambda* (#:key make-flags #:allow-other-keys) (apply invoke "make" "-C" "librhash" - "install-headers" "install-so-link" + "install-lib-headers" "install-so-link" make-flags)))))) (home-page "https://sourceforge.net/projects/rhash/") (synopsis "Utility for computing hash sums") @@ -751,14 +740,14 @@ SHA256, SHA512, SHA3, AICH, ED2K, Tiger, DC++ TTH, BitTorrent BTIH, GOST R (define-public botan (package (name "botan") - (version "2.7.0") + (version "2.12.1") (source (origin (method url-fetch) (uri (string-append "https://botan.randombit.net/releases/" - "Botan-" version ".tgz")) + "Botan-" version ".tar.xz")) (sha256 (base32 - "142aqabwc266jxn8wrp0f1ffrmcvdxwvyh8frb38hx9iaqazjbg4")))) + "1ada3ga7b0z4m0vjmxlvfi4nsic2l8kjcy85jwss3z2i58a5y0vy")))) (build-system gnu-build-system) (arguments '(#:phases @@ -767,18 +756,23 @@ SHA256, SHA512, SHA3, AICH, ED2K, Tiger, DC++ TTH, BitTorrent BTIH, GOST R (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((out (assoc-ref %outputs "out")) (lib (string-append out "/lib"))) + ;; Upstream tests and benchmarks with -O3. + (setenv "CXXFLAGS" "-O3") (invoke "python" "./configure.py" (string-append "--prefix=" out) ;; Otherwise, the `botan` executable cannot find ;; libbotan. (string-append "--ldflags=-Wl,-rpath=" lib) + + "--with-os-feature=getentropy" "--with-rst2man" + ;; Recommended by upstream "--with-zlib" "--with-bzip2" "--with-sqlite3")))) (replace 'check (lambda _ (invoke "./botan-test")))))) (native-inputs - `(("python" ,python-minimal-wrapper) + `(("python" ,python-wrapper) ("python-docutils" ,python-docutils))) (inputs `(("sqlite" ,sqlite) @@ -816,3 +810,222 @@ which is also used in the Advanced Encryption Standard (AES, see @url{http://www.nist.gov/aes}). This cipher is believed to provide very strong security.") (license license:gpl2))) + +(define-public asignify + (let ((commit "f58e7977a599f040797975d649ed318e25cbd2d5") + (revision "0")) + (package + (name "asignify") + (version (git-version "1.1" revision commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/vstakhov/asignify.git") + (commit commit))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1zl68qq6js6fdahxzyhvhrpyrwlv8c2zhdplycnfxyr1ckkhq8dw")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags + (list "--enable-openssl" + (string-append "--with-openssl=" + (assoc-ref %build-inputs "openssl"))))) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("libtool" ,libtool))) + (inputs + `(("openssl" ,openssl))) + (home-page "https://github.com/vstakhov/asignify") + (synopsis "Cryptographic authentication and encryption tool and library") + (description "Asignify offers public cryptographic signatures and +encryption with a library or a command-line tool. The tool is heavily inspired +by signify as used in OpenBSD. The main goal of this project is to define a +high level API for signing files, validating signatures and encrypting using +public-key cryptography. Asignify is designed to be portable and self-contained +with zero external dependencies. Asignify can verify OpenBSD signatures, but it +cannot sign messages in OpenBSD format yet.") + (license license:bsd-2)))) + +(define-public enchive + (package + (name "enchive") + (version "3.4") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/skeeto/" name "/archive/" + version ".tar.gz")) + (sha256 + (base32 + "17hrxpp4cpn10bk48sfvfjc8hghky34agsnypam1v9f36kbalqfk")) + (file-name (string-append name "-" version ".tar.gz")))) + (build-system gnu-build-system) + (arguments + '(#:tests? #f ; no check target ' + #:make-flags (list "CC=gcc" "PREFIX=$(out)") + #:phases (modify-phases %standard-phases + (delete 'configure) + (add-after 'install 'post-install + (lambda _ + (let* ((out (assoc-ref %outputs "out")) + (lisp (string-append out "/share/emacs/site-lisp"))) + (install-file "enchive-mode.el" lisp) + #t)))))) + (synopsis "Encrypted personal archives") + (description + "Enchive is a tool to encrypt files to yourself for long-term +archival. It's a focused, simple alternative to more complex solutions such as +GnuPG or encrypted filesystems. Enchive has no external dependencies and is +trivial to build for local use. Portability is emphasized over performance.") + (home-page "https://github.com/skeeto/enchive") + (license license:unlicense))) + +(define-public libsecp256k1 + (let ((commit "e34ceb333b1c0e6f4115ecbb80c632ac1042fa49")) + (package + (name "libsecp256k1") + (version (git-version "20181126" "1" commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/bitcoin-core/secp256k1") + (commit commit))) + (sha256 + (base32 + "0as78s179hcr3ysk3fw98k5wzabgnwri7vkkc17wg31lyz6ids6c")) + (file-name (git-file-name name version)))) + (build-system gnu-build-system) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("libtool" ,libtool))) + ;; WARNING: This package might need additional configure flags to run properly. + ;; See https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/libsecp256k1. + (synopsis "C library for EC operations on curve secp256k1") + (description + "Optimized C library for EC operations on curve secp256k1. + +This library is a work in progress and is being used to research best +practices. Use at your own risk. + +Features: + +@itemize +@item secp256k1 ECDSA signing/verification and key generation. +@item Adding/multiplying private/public keys. +@item Serialization/parsing of private keys, public keys, signatures. +@item Constant time, constant memory access signing and pubkey generation. +@item Derandomized DSA (via RFC6979 or with a caller provided function.) +@item Very efficient implementation. +@end itemize\n") + (home-page "https://github.com/bitcoin-core/secp256k1") + (license license:unlicense)))) + +(define-public stoken + (package + (name "stoken") + (version "0.92") + (source (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/stoken/" + "stoken-" version ".tar.gz")) + (sha256 + (base32 + "0npgr6y85gzwksy8jkwa4yzvqwjprwnplx3yiw3ayk4f0ldlhaxa")))) + (build-system gnu-build-system) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("nettle" ,nettle) + ("libxml2" ,libxml2))) + (home-page "http://stoken.sf.net") + (synopsis "Software Token for cryptographic authentication") + (description + "@code{stoken} is a token code generator compatible with RSA SecurID +128-bit (AES) tokens. This package contains a standalone command-line program +that allows for importing token seeds, generating token codes, and various +utility/testing functions.") + (license license:lgpl2.1+))) + +(define-public hpenc + (package + (name "hpenc") + (version "3.0") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/vstakhov/hpenc") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1fb5yi3d2k8kd4zm7liiqagpz610y168xrr1cvn7cbq314jm2my1")))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; No test suite + #:make-flags + (list (string-append "PREFIX=" (assoc-ref %outputs "out")) + ;; Build the program and the docs. + "SUBDIRS=src doc") + #:phases + (modify-phases %standard-phases + (delete 'configure) ; No ./configure script + (add-after 'unpack 'patch-path + (lambda _ + (substitute* '("src/Makefile" "doc/Makefile") + (("/usr/bin/install") + "install")))) + (add-before 'install 'make-output-directories + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin")) + (man1 (string-append out "/share/man/man1"))) + (mkdir-p bin) + (mkdir-p man1) + #t)))))) + (inputs + `(("libsodium" ,libsodium) + ("openssl" ,openssl))) + (synopsis "High-performance command-line tool for stream encryption") + (description "Hpenc is a command-line tool for performing authenticated +encryption (AES-GCM and ChaCha20-Poly1305) of streaming data. It does not +perform an asymmetric key exchange, instead requiring the user to distribute +pre-shared keys out of band. It is designed to handle large amounts of data +quickly by using all your CPU cores and hardware acceleration.") + (home-page "https://github.com/vstakhov/hpenc") + (license license:bsd-3))) + +(define-public minisign + (package + (name "minisign") + (version "0.8") + (source + (origin + (method url-fetch) + (uri + (string-append "https://github.com/jedisct1/minisign/releases/download/" + version "/minisign-" version ".tar.gz")) + (sha256 + (base32 + "10hhgwxf9rcdlr00shrkcyxndrc22dh5lj8k5z27xg3nc0jba3hk")))) + (build-system cmake-build-system) + (arguments + ; No test suite + `(#:tests? #f)) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("libsodium" ,libsodium))) + (home-page "https://jedisct1.github.io/minisign") + (synopsis "Tool to sign files and verify signatures") + (description + "Minisign is a dead simple tool to sign files and verify signatures. It is +portable, lightweight, and uses the highly secure Ed25519 public-key signature +system. Signature written by minisign can be verified using OpenBSD's +signify tool: public key files and signature files are compatible. However, +minisign uses a slightly different format to store secret keys. Minisign +signatures include trusted comments in addition to untrusted comments. +Trusted comments are signed, thus verified, before being displayed.") + (license license:isc)))