X-Git-Url: https://git.hcoop.net/jackhill/guix/guix.git/blobdiff_plain/d19b14c8349ce8cacb62619ab68953265daeeca7..c8535c252776ce7da3310c549d211df74f30559b:/gnu/packages/tls.scm diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 45ee67fa9c..00b0bf6ddb 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -4,9 +4,9 @@ ;;; Copyright © 2014 Ian Denhardt ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2015 David Thompson -;;; Copyright © 2015, 2016, 2017, 2018, 2019 Leo Famulari +;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari ;;; Copyright © 2016, 2017, 2019 Efraim Flashner -;;; Copyright © 2016, 2017, 2018 ng0 +;;; Copyright © 2016, 2017, 2018 Nikita ;;; Copyright © 2016 Hartmut Goebel ;;; Copyright © 2017 Ricardo Wurmus ;;; Copyright © 2017, 2018, 2019, 2020 Marius Bakke @@ -14,6 +14,7 @@ ;;; Copyright © 2017 Rutger Helling ;;; Copyright © 2018 Clément Lassieur ;;; Copyright © 2019 Mathieu Othacehe +;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen ;;; ;;; This file is part of GNU Guix. ;;; @@ -50,6 +51,7 @@ #:use-module (gnu packages dns) #:use-module (gnu packages gawk) #:use-module (gnu packages guile) + #:use-module (gnu packages hurd) #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) #:use-module (gnu packages libidn) @@ -123,15 +125,14 @@ in intelligent transportation networks.") (define-public p11-kit (package (name "p11-kit") - (version "0.23.20") + (version "0.23.21") (source (origin (method url-fetch) (uri (string-append "https://github.com/p11-glue/p11-kit/releases/" "download/" version "/p11-kit-" version ".tar.xz")) (sha256 - (base32 - "0131maw666ha4d6iyj13fkz18c4pnb3lw2xwv5kvkmnzqcj61n0l")))) + (base32 "09q6n63qmqcdw6v0fwmhdmsqrcndnp5m9jvby1kxi82wy29s9fpi")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -163,6 +164,8 @@ living in the same process.") (define-public gnutls (package (name "gnutls") + ;; XXX Unversion openconnect's "gnutls" input when ungrafting. + (replacement gnutls-3.6.14) (version "3.6.12") (source (origin (method url-fetch) @@ -178,8 +181,10 @@ living in the same process.") "0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z")))) (build-system gnu-build-system) (arguments - `(; Ensure we don't keep a reference to this buggy software. - #:disallowed-references (,net-tools) + `(#:tests? ,(not (or (%current-target-system) + (hurd-target?))) + ;; Ensure we don't keep a reference to net-tools. + #:disallowed-references ,(if (hurd-target?) '() (list net-tools)) #:configure-flags (list ;; GnuTLS doesn't consult any environment variables to specify @@ -223,10 +228,12 @@ living in the same process.") "debug" "doc")) ;4.1 MiB of man pages (native-inputs - `(("net-tools" ,net-tools) + `(,@(if (hurd-target?) '() + `(("net-tools" ,net-tools))) ("pkg-config" ,pkg-config) ("which" ,which) - ("datefudge" ,datefudge) ;tests rely on 'datefudge' + ,@(if (hurd-target?) '() + `(("datefudge" ,datefudge))) ;tests rely on 'datefudge' ("util-linux" ,util-linux))) ;one test needs 'setsid' (inputs `(("guile" ,guile-3.0))) @@ -247,10 +254,29 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) -(define-public gnutls/guile-2.0 - ;; GnuTLS for Guile 2.0. +(define-public gnutls-3.6.14 (package (inherit gnutls) + (version "3.6.14") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-" version ".tar.xz")) + (patches (search-patches "gnutls-skip-trust-store-test.patch" + "gnutls-cross.patch")) + (sha256 + (base32 + "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n")))) + (native-inputs + `(,@(if (%current-target-system) ;for cross-build + `(("guile" ,guile-3.0)) ;to create .go files + '()) + ,@(package-native-inputs gnutls))))) + +(define-public gnutls/guile-2.0 + ;; GnuTLS for Guile 2.0. + (package/inherit gnutls (name "guile2.0-gnutls") (inputs `(("guile" ,guile-2.0) ,@(alist-delete "guile" (package-inputs gnutls)))))) @@ -260,8 +286,7 @@ required structures.") ;; Authentication of Named Entities. This is required for GNS functionality ;; by GNUnet and gnURL. This is done in an extra package definition ;; to have the choice between GnuTLS with Dane and without Dane. - (package - (inherit gnutls) + (package/inherit gnutls (name "gnutls-dane") (inputs `(("unbound" ,unbound) ,@(package-inputs gnutls))))) @@ -280,8 +305,8 @@ required structures.") (define-public openssl (package (name "openssl") - (version "1.1.1d") - (replacement openssl-1.1.1e) + (version "1.1.1f") + (replacement openssl-1.1.1g) (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -293,7 +318,7 @@ required structures.") "/openssl-" version ".tar.gz"))) (sha256 (base32 - "1whinyw402z3b9xlb3qaxv4b9sk4w1bgh9k0y8df1z4x3yy92fhy")) + "0d9zv9srjqivs8nn099fpbjv1wyhfcb8lzy491dpmfngdvz6nv0q")) (patches (search-patches "openssl-1.1-c-rehash-in.patch")))) (build-system gnu-build-system) (outputs '("out" @@ -309,23 +334,33 @@ required structures.") #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases - ,@(if (%current-target-system) - '((add-before - 'configure 'set-cross-compile - (lambda* (#:key target outputs #:allow-other-keys) - (setenv "CROSS_COMPILE" (string-append target "-")) - (setenv "CONFIGURE_TARGET_ARCH" - (cond - ((string-prefix? "i686" target) - "linux-x86") - ((string-prefix? "x86_64" target) - "linux-x86_64") - ((string-prefix? "arm" target) - "linux-armv4") - ((string-prefix? "aarch64" target) - "linux-aarch64"))) - #t))) - '()) + ,@(if (%current-target-system) + '((add-before + 'configure 'set-cross-compile + (lambda* (#:key target outputs #:allow-other-keys) + (setenv "CROSS_COMPILE" (string-append target "-")) + (setenv "CONFIGURE_TARGET_ARCH" + (cond + ((string-prefix? "i586" target) + "hurd-x86") + ((string-prefix? "i686" target) + "linux-x86") + ((string-prefix? "x86_64" target) + "linux-x86_64") + ((string-prefix? "mips64el" target) + "linux-mips64") + ((string-prefix? "arm" target) + "linux-armv4") + ((string-prefix? "aarch64" target) + "linux-aarch64") + ((string-prefix? "powerpc64le" target) + "linux-ppc64le") + ((string-prefix? "powerpc64" target) + "linux-ppc64") + ((string-prefix? "powerpc" target) + "linux-ppc"))) + #t))) + '()) (replace 'configure (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) @@ -336,8 +371,8 @@ required structures.") (string-append (assoc-ref %build-inputs "coreutils") "/bin/env"))) (invoke ,@(if (%current-target-system) - '("./Configure") - '("./config")) + '("./Configure") + '("./config")) "shared" ;build shared libraries "--libdir=lib" @@ -349,9 +384,9 @@ required structures.") (string-append "--prefix=" out) (string-append "-Wl,-rpath," lib) - ,@(if (%current-target-system) - '((getenv "CONFIGURE_TARGET_ARCH")) - '()))))) + ,@(if (%current-target-system) + '((getenv "CONFIGURE_TARGET_ARCH")) + '()))))) (add-after 'install 'move-static-libraries (lambda* (#:key outputs #:allow-other-keys) ;; Move static libraries to the "static" output. @@ -403,10 +438,10 @@ required structures.") (license license:openssl) (home-page "https://www.openssl.org/"))) -(define openssl-1.1.1e +(define openssl-1.1.1g (package (inherit openssl) - (version "1.1.1e") + (version "1.1.1g") (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -419,7 +454,7 @@ required structures.") (patches (search-patches "openssl-1.1-c-rehash-in.patch")) (sha256 (base32 - "1gnwlri1dphr5wdzmg9vlhkh6aq2yqgpfkpmffzwjlfb26n62kv9")))))) + "0ikdcc038i7jk8h7asq5xcn8b1xc2rrbc88yfm4hqbz3y5s4gc6x")))))) (define-public openssl-1.0 (package @@ -517,14 +552,14 @@ required structures.") (define-public libressl (package (name "libressl") - (version "3.0.2") + (version "3.1.4") (source (origin (method url-fetch) (uri (string-append "mirror://openbsd/LibreSSL/" "libressl-" version ".tar.gz")) (sha256 (base32 - "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz")))) + "1dnbbnr43jashxivnafmh9gnn57c7ayva788ba03z633k6f18k21")))) (build-system gnu-build-system) (arguments ;; Do as if 'getentropy' was missing since older Linux kernels lack it @@ -559,13 +594,13 @@ netcat implementation that supports TLS.") (package (name "python-acme") ;; Remember to update the hash of certbot when updating python-acme. - (version "1.3.0") + (version "1.8.0") (source (origin (method url-fetch) (uri (pypi-uri "acme" version)) (sha256 (base32 - "03fjmg0fgfy7xfn3i8rzn9i0i4amajmijkash84qb8mlphgrxpn0")))) + "0b80qmlchf8f071nrrh4ihq64cwicn9rshs34snp73952iyhd3dd")))) (build-system python-build-system) (arguments `(#:phases @@ -616,7 +651,7 @@ netcat implementation that supports TLS.") (uri (pypi-uri "certbot" version)) (sha256 (base32 - "1n5i0k6kwmd6wvivshfl3k4djwcpwx390c39xmr2hhrgpk5r285w")))) + "1r2k54d2k2smn4c3lpd0z6gdzfqk4654kwbh1p8wqhv5mwbcads8")))) (build-system python-build-system) (arguments `(,@(substitute-keyword-arguments (package-arguments python-acme) @@ -864,22 +899,29 @@ then ported to the GNU / Linux environment.") (define-public mbedtls-apache (package (name "mbedtls-apache") - (version "2.16.5") + ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha + ;; when updating. + (version "2.23.0") (source (origin - (method url-fetch) - ;; XXX: The download links on the website are script redirection links - ;; which effectively lead to the format listed in the uri here. - (uri (string-append "https://tls.mbed.org/download/mbedtls-" - version "-apache.tgz")) + (method git-fetch) + (uri (git-reference + (url "https://github.com/ARMmbed/mbedtls") + (commit (string-append "mbedtls-" version)))) (sha256 - (base32 - "0kdhwy241xsk4isbadqx6z80m8sf76da5sbmqv8qy11yr37cdd35")))) + (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62")) + (file-name (git-file-name name version)))) (build-system cmake-build-system) (arguments `(#:configure-flags (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON" - "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF"))) + "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'make-source-writable + (lambda _ + (for-each make-file-writable (find-files ".")) + #t))))) (native-inputs `(("perl" ,perl) ("python" ,python))) @@ -898,17 +940,19 @@ coding footprint.") (package (inherit mbedtls-apache) (arguments - (substitute-keyword-arguments - `(#:phases - (modify-phases %standard-phases - (add-after 'configure 'configure-extra-features - (lambda _ - (for-each (lambda (feature) - (invoke "scripts/config.pl" "set" feature)) - (list "MBEDTLS_THREADING_C" - "MBEDTLS_THREADING_PTHREAD")) - #t))) - ,@(package-arguments mbedtls-apache))))))) + (substitute-keyword-arguments (package-arguments mbedtls-apache) + ((#:phases phases) + `(modify-phases ,phases + (add-before 'configure 'configure-extra-features + (lambda _ + (for-each (lambda (feature) + (invoke "scripts/config.pl" "set" feature)) + (list "MBEDTLS_THREADING_C" + "MBEDTLS_THREADING_PTHREAD")) + ;; XXX The above enables code that breaks with -Werror… + (substitute* "CMakeLists.txt" + ((" -Wformat-signedness") "")) + #t))))))))) (define-public dehydrated (package