X-Git-Url: https://git.hcoop.net/jackhill/guix/guix.git/blobdiff_plain/c3f47e44cdcb9db3c70ef13526a33d538ed40aa9..b86f77469b7e312aaa23e0959aab3fb2eecc9a13:/gnu/packages/crypto.scm diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index 3cb80eb0f2..80c598ed86 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -1,10 +1,10 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 David Thompson ;;; Copyright © 2015, 2017, 2018, 2019 Ricardo Wurmus -;;; Copyright © 2016, 2017, 2018 Leo Famulari +;;; Copyright © 2016, 2017, 2018, 2019 Leo Famulari ;;; Copyright © 2016 Lukas Gradl -;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice -;;; Copyright © 2016, 2017 Nils Gillmann +;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice +;;; Copyright © 2016, 2017 ng0 ;;; Copyright © 2016, 2017, 2019 Eric Bavier ;;; Copyright © 2017 Pierre Langlois ;;; Copyright © 2018 Efraim Flashner @@ -13,6 +13,7 @@ ;;; Copyright © 2018 Nicolò Balzarotti ;;; Copyright © 2018 Tim Gesthuizen ;;; Copyright © 2019 Pierre Neidhardt +;;; Copyright © 2019 Tanguy Le Carrour ;;; ;;; This file is part of GNU Guix. ;;; @@ -46,6 +47,7 @@ #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) #:use-module (gnu packages linux) + #:use-module (gnu packages lsof) #:use-module (gnu packages nettle) #:use-module (gnu packages password-utils) #:use-module (gnu packages perl) @@ -68,13 +70,14 @@ #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) #:use-module (guix build-system perl) + #:use-module (guix build utils) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26)) (define-public libsodium (package (name "libsodium") - (version "1.0.17") + (version "1.0.18") (source (origin (method url-fetch) (uri (list (string-append @@ -85,7 +88,7 @@ "releases/old/libsodium-" version ".tar.gz"))) (sha256 (base32 - "1cf2d9v1gylz1qcy2zappbf526qfmph6gd6fnn3w2b347vixmhqc")))) + "1h9ncvj23qbbni958knzsli8dvybcswcjbx0qjjgi922nf848l3g")))) (build-system gnu-build-system) (synopsis "Portable NaCl-based crypto library") (description @@ -130,15 +133,15 @@ communication, encryption, decryption, signatures, etc.") (define-public signify (package (name "signify") - (version "24") + (version "27") + (home-page "https://github.com/aperezdc/signify") (source (origin (method url-fetch) - (uri (string-append "https://github.com/aperezdc/signify/" - "archive/v" version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) + (uri (string-append "https://github.com/aperezdc/signify/releases" + "/download/v" version "/signify-" version ".tar.xz")) (sha256 (base32 - "0594vyvkq176xxzaz9xbq8qs0xdnr8s9gkd1prblwpdvnzmw0xvc")))) + "0ngjsqz95yb0knlw9zs02fnclif40s63r1mydgiv17ii3mds82df")))) (build-system gnu-build-system) ;; TODO Build with libwaive (described in README.md), to implement something ;; like OpenBSD's pledge(). @@ -158,7 +161,6 @@ communication, encryption, decryption, signatures, etc.") (description "The signify utility creates and verifies cryptographic signatures using the elliptic curve Ed25519. This is a Linux port of the OpenBSD tool of the same name.") - (home-page "https://github.com/aperezdc/signify") ;; This package includes third-party code that was originally released under ;; various non-copyleft licenses. See the source files for clarification. (license (list license:bsd-3 license:bsd-4 license:expat license:isc @@ -207,9 +209,18 @@ OpenBSD tool of the same name.") (add-after 'unpack 'unpack-googletest (lambda* (#:key inputs #:allow-other-keys) (mkdir-p "vendor/github.com/google/googletest") - (invoke "tar" "xvf" (assoc-ref inputs "googletest-source") - "-C" "vendor/github.com/google/googletest" - "--strip-components=1"))) + (copy-recursively (assoc-ref inputs "googletest-source") + "vendor/github.com/google/googletest") + #t)) + (add-before 'configure 'patch-CMakeLists.txt + (lambda _ + ;; Prevent CMake from adding libc on the system include path. + ;; Otherwise it will interfere with the libc used by GCC and + ;; ultimately cause #include_next errors. + (substitute* "CMakeLists.txt" + (("include_directories \\(SYSTEM \\$\\{Intl_INCLUDE_DIRS\\}\\)") + "")) + #t)) (add-before 'check 'make-unittests (lambda _ (invoke "make" "unittests")))))) @@ -228,7 +239,7 @@ the wrong hands.") (define-public keyutils (package (name "keyutils") - (version "1.5.11") + (version "1.6") (source (origin (method url-fetch) @@ -237,7 +248,7 @@ the wrong hands.") version ".tar.bz2")) (sha256 (base32 - "1ddig6j5xjyk6g9l2wlqc7k1cgvryxdqbsv3c9rk1p3f42448n0i")) + "05bi5ja6f3h3kdi7p9dihlqlfrsmi1wh1r2bdgxc0180xh6g5bnk")) (modules '((guix build utils))) ;; Create relative symbolic links instead of absolute ones to /lib/*. (snippet '(begin @@ -329,14 +340,15 @@ no man page, refer to the home page for usage details.") (define-public tomb (package (name "tomb") - (version "2.5") + (version "2.7") (source (origin (method url-fetch) (uri (string-append "https://files.dyne.org/tomb/" "Tomb-" version ".tar.gz")) (sha256 (base32 - "12c6qldngaw520gvb02inzkhnxbl4k0dwmddrgnaf7xashy6j0wc")))) + "0x3al02796vx1cvy6y6h685c367qx70dwv471g0hmks2gr10f0cn")) + (patches (search-patches "tomb-fix-errors-on-open.patch")))) (build-system gnu-build-system) (native-inputs `(("sudo" ,sudo))) ;presence needed for 'check' phase (inputs @@ -345,6 +357,7 @@ no man page, refer to the home page for usage details.") ("cryptsetup" ,cryptsetup) ("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4 ("gettext" ,gettext-minimal) ;used at runtime + ("lsof" ,lsof) ("mlocate" ,mlocate) ("pinentry" ,pinentry) ("qrencode" ,qrencode) @@ -352,10 +365,14 @@ no man page, refer to the home page for usage details.") ("util-linux" ,util-linux))) (arguments `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) + ;; The "sudo" input is needed only to satisfy dependency checks in the + ;; 'check' phase. The "sudo" used at runtime should come from the + ;; system's setuid-programs, so ensure no reference is kept. + #:disallowed-references (,sudo) ;; TODO: Build and install gtk and qt trays #:phases (modify-phases %standard-phases - (delete 'configure) ;no configuration to be done + (delete 'configure) ;no configuration to be done (add-after 'install 'i18n (lambda* (#:key make-flags #:allow-other-keys) (apply invoke "make" "-C" "extras/translations" @@ -370,8 +387,8 @@ no man page, refer to the home page for usage details.") ,@(map (lambda (program) (or (and=> (which program) dirname) (error "program not found:" program))) - '("seq" "mkfs.ext4" "pinentry" "sudo" - "gpg" "cryptsetup" "gettext" + '("seq" "mkfs.ext4" "pinentry" + "gpg" "cryptsetup" "gettext" "lsof" "qrencode" "steghide" "findmnt"))))) #t))) (delete 'check) @@ -425,7 +442,7 @@ user's graphical desktop.") `(("openssl" ,openssl))) (home-page "https://www.tarsnap.com/scrypt.html") (synopsis "Memory-hard encryption tool based on scrypt") - (description "This packages provides a simple password-based encryption + (description "This package provides a simple password-based encryption utility as a demonstration of the @code{scrypt} key derivation function. @code{Scrypt} is designed to be far more resistant against hardware brute-force attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.") @@ -518,19 +535,18 @@ generator.") (define-public perl-crypt-random-source (package (name "perl-crypt-random-source") - (version "0.12") + (version "0.14") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/" "Crypt-Random-Source-" version ".tar.gz")) (sha256 - (base32 - "00mw5m52sbz9nqp3f6axyrgcrihqxn7k8gv0vi1kvm1j1nc9g29h")))) + (base32 "1rpdds3sy5l1fhngnkrsgwsmwd54wpicx3i9ds69blcskwkcwkpc")))) (build-system perl-build-system) (native-inputs `(("perl-module-build-tiny" ,perl-module-build-tiny) - ("perl-test-exception" ,perl-test-exception))) + ("perl-test-fatal" ,perl-test-fatal))) (propagated-inputs `(("perl-capture-tiny" ,perl-capture-tiny) ("perl-module-find" ,perl-module-find) @@ -646,7 +662,7 @@ data on your platform, so the seed itself will be as random as possible. (define-public libb2 (package (name "libb2") - (version "0.98") + (version "0.98.1") (source (origin (method url-fetch) (uri (string-append @@ -654,7 +670,7 @@ data on your platform, so the seed itself will be as random as possible. version "/libb2-" version ".tar.gz")) (sha256 (base32 - "0vq39cvwy05754l565xl11rqr2jvjb6ykjzca886vi9vm71y0sg8")))) + "0bn7yrzdixdvzm46shbhpkqbr6zyqyxiqn7a7x54ag3mrvfnyqjk")))) (build-system gnu-build-system) (arguments `(#:configure-flags @@ -724,14 +740,14 @@ SHA256, SHA512, SHA3, AICH, ED2K, Tiger, DC++ TTH, BitTorrent BTIH, GOST R (define-public botan (package (name "botan") - (version "2.7.0") + (version "2.12.1") (source (origin (method url-fetch) (uri (string-append "https://botan.randombit.net/releases/" - "Botan-" version ".tgz")) + "Botan-" version ".tar.xz")) (sha256 (base32 - "142aqabwc266jxn8wrp0f1ffrmcvdxwvyh8frb38hx9iaqazjbg4")))) + "1ada3ga7b0z4m0vjmxlvfi4nsic2l8kjcy85jwss3z2i58a5y0vy")))) (build-system gnu-build-system) (arguments '(#:phases @@ -740,18 +756,23 @@ SHA256, SHA512, SHA3, AICH, ED2K, Tiger, DC++ TTH, BitTorrent BTIH, GOST R (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((out (assoc-ref %outputs "out")) (lib (string-append out "/lib"))) + ;; Upstream tests and benchmarks with -O3. + (setenv "CXXFLAGS" "-O3") (invoke "python" "./configure.py" (string-append "--prefix=" out) ;; Otherwise, the `botan` executable cannot find ;; libbotan. (string-append "--ldflags=-Wl,-rpath=" lib) + + "--with-os-feature=getentropy" "--with-rst2man" + ;; Recommended by upstream "--with-zlib" "--with-bzip2" "--with-sqlite3")))) (replace 'check (lambda _ (invoke "./botan-test")))))) (native-inputs - `(("python" ,python-minimal-wrapper) + `(("python" ,python-wrapper) ("python-docutils" ,python-docutils))) (inputs `(("sqlite" ,sqlite) @@ -816,7 +837,7 @@ security.") ("automake" ,automake) ("libtool" ,libtool))) (inputs - `(("openssl" ,openssl-next))) + `(("openssl" ,openssl))) (home-page "https://github.com/vstakhov/asignify") (synopsis "Cryptographic authentication and encryption tool and library") (description "Asignify offers public cryptographic signatures and @@ -927,3 +948,84 @@ Features: that allows for importing token seeds, generating token codes, and various utility/testing functions.") (license license:lgpl2.1+))) + +(define-public hpenc + (package + (name "hpenc") + (version "3.0") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/vstakhov/hpenc") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1fb5yi3d2k8kd4zm7liiqagpz610y168xrr1cvn7cbq314jm2my1")))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; No test suite + #:make-flags + (list (string-append "PREFIX=" (assoc-ref %outputs "out")) + ;; Build the program and the docs. + "SUBDIRS=src doc") + #:phases + (modify-phases %standard-phases + (delete 'configure) ; No ./configure script + (add-after 'unpack 'patch-path + (lambda _ + (substitute* '("src/Makefile" "doc/Makefile") + (("/usr/bin/install") + "install")))) + (add-before 'install 'make-output-directories + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin")) + (man1 (string-append out "/share/man/man1"))) + (mkdir-p bin) + (mkdir-p man1) + #t)))))) + (inputs + `(("libsodium" ,libsodium) + ("openssl" ,openssl))) + (synopsis "High-performance command-line tool for stream encryption") + (description "Hpenc is a command-line tool for performing authenticated +encryption (AES-GCM and ChaCha20-Poly1305) of streaming data. It does not +perform an asymmetric key exchange, instead requiring the user to distribute +pre-shared keys out of band. It is designed to handle large amounts of data +quickly by using all your CPU cores and hardware acceleration.") + (home-page "https://github.com/vstakhov/hpenc") + (license license:bsd-3))) + +(define-public minisign + (package + (name "minisign") + (version "0.8") + (source + (origin + (method url-fetch) + (uri + (string-append "https://github.com/jedisct1/minisign/releases/download/" + version "/minisign-" version ".tar.gz")) + (sha256 + (base32 + "10hhgwxf9rcdlr00shrkcyxndrc22dh5lj8k5z27xg3nc0jba3hk")))) + (build-system cmake-build-system) + (arguments + ; No test suite + `(#:tests? #f)) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("libsodium" ,libsodium))) + (home-page "https://jedisct1.github.io/minisign") + (synopsis "Tool to sign files and verify signatures") + (description + "Minisign is a dead simple tool to sign files and verify signatures. It is +portable, lightweight, and uses the highly secure Ed25519 public-key signature +system. Signature written by minisign can be verified using OpenBSD's +signify tool: public key files and signature files are compatible. However, +minisign uses a slightly different format to store secret keys. Minisign +signatures include trusted comments in addition to untrusted comments. +Trusted comments are signed, thus verified, before being displayed.") + (license license:isc)))