X-Git-Url: https://git.hcoop.net/jackhill/guix/guix.git/blobdiff_plain/de32aa74b4f7762e887e80047804c42d495ab841..c71011f80f17a7160d067a6b83e444b75f8bc527:/gnu/packages/tls.scm diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 607fa33b27..d4ba77fed3 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -1,10 +1,11 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès +;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès ;;; Copyright © 2014, 2015, 2016 Mark H Weaver ;;; Copyright © 2014 Ian Denhardt ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2015 David Thompson ;;; Copyright © 2015, 2016 Leo Famulari +;;; Copyright © 2015, 2016, 2017 Leo Famulari ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 ng0 ;;; Copyright © 2016 Hartmut Goebel @@ -45,12 +46,13 @@ #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) #:use-module (gnu packages texinfo) - #:use-module (gnu packages base)) + #:use-module (gnu packages base) + #:use-module (srfi srfi-1)) (define-public libtasn1 (package (name "libtasn1") - (version "4.9") + (version "4.10") (source (origin (method url-fetch) @@ -58,7 +60,7 @@ version ".tar.gz")) (sha256 (base32 - "0869cp6jx7cajgv6cnddsh3vc7bimmdkdjn80y1jpb4iss7plvsg")))) + "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "http://www.gnu.org/software/libtasn1/") @@ -138,7 +140,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.5.4") + (version "3.5.9") (source (origin (method url-fetch) (uri @@ -149,7 +151,7 @@ living in the same process.") "/gnutls-" version ".tar.xz")) (sha256 (base32 - "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))) + "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -192,8 +194,7 @@ living in the same process.") ("pkg-config" ,pkg-config) ("which" ,which))) (inputs - `(("guile" ,guile-2.0) - ("perl" ,perl))) + `(("guile" ,guile-2.0))) (propagated-inputs ;; These are all in the 'Requires.private' field of gnutls.pc. `(("libtasn1" ,libtasn1) @@ -211,10 +212,23 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) +(define-public gnutls/guile-2.2 + ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5. + (package + (inherit gnutls) + (name "guile2.2-gnutls") + (arguments + ;; Remove '--with-guile-site-dir=…/2.0'. + (substitute-keyword-arguments (package-arguments gnutls) + ((#:configure-flags flags) + `(cdr ,flags)))) + (inputs `(("guile" ,guile-next) + ,@(alist-delete "guile" (package-inputs gnutls)))))) + (define-public openssl (package (name "openssl") - (version "1.0.2j") + (version "1.0.2k") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -224,7 +238,7 @@ required structures.") "/" name "-" version ".tar.gz"))) (sha256 (base32 - "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7")) + "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb")) (patches (search-patches "openssl-runpath.patch" "openssl-c-rehash-in.patch")))) (build-system gnu-build-system) @@ -294,7 +308,6 @@ required structures.") (lib (string-append out "/lib")) (static (assoc-ref outputs "static")) (slib (string-append static "/lib"))) - (mkdir-p slib) (for-each (lambda (file) (install-file file slib) (delete-file file)) @@ -321,7 +334,7 @@ required structures.") (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) (substitute* (find-files "test" ".*") (("/bin/sh") - (string-append bash "/bin/bash")) + (string-append bash "/bin/sh")) (("/bin/rm") "rm")) #t))) @@ -355,7 +368,7 @@ required structures.") (package (inherit openssl) (name "openssl") - (version "1.1.0b") + (version "1.1.0e") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -366,7 +379,7 @@ required structures.") (patches (search-patches "openssl-1.1.0-c-rehash-in.patch")) (sha256 (base32 - "1xznrqvb1dbngv2k2nb6da6fdw00c01sy2i36yjdxr4vpxrf0pd4")))) + "0k47sdd9gs6yxfv6ldlgpld2lyzrkcv9kz4cf88ck04xjwc8dgjp")))) (outputs '("out" "doc" ;1.3MiB of man3 pages "static")) ; 5.5MiB of .a files @@ -377,13 +390,42 @@ required structures.") (delete 'patch-tests) ; These two phases are not needed by (delete 'patch-Makefile.org) ; OpenSSL 1.1.0. - (add-after 'configure 'patch-runpath + ;; Override configure phase since -rpath is now a configure option. + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib"))) + (zero? + (system* "./config" + "shared" ;build shared libraries + "--libdir=lib" + + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=" out + "/share/openssl-" ,version) + + (string-append "--prefix=" out) + (string-append "-Wl,-rpath," lib) + + ;; XXX FIXME: Work around a code generation bug in GCC + ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: + ;; + ,@(if (and (not (%current-target-system)) + (string-prefix? "armhf" (%current-system))) + '("-mfpu=vfpv3") + '())))))) + + ;; XXX: Duplicate this phase to make sure 'version' evaluates + ;; in the current scope and not the inherited one. + (replace 'remove-miscellany (lambda* (#:key outputs #:allow-other-keys) - (let ((lib (string-append (assoc-ref outputs "out") "/lib"))) - (substitute* "Makefile.shared" - (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}") - (string-append "$${SHAREDCMD} $${SHAREDFLAGS}" - " -Wl,-rpath," lib))) + ;; The 'misc' directory contains random undocumented shell and Perl + ;; scripts. Remove them to avoid retaining a reference on Perl. + (let ((out (assoc-ref outputs "out"))) + (delete-file-recursively (string-append out "/share/openssl-" + ,version "/misc")) #t))))))))) (define-public libressl @@ -426,13 +468,14 @@ security, and applying best practice development processes.") (define-public python-acme (package (name "python-acme") - (version "0.9.3") + ;; Remember to update the hash of certbot when updating python-acme. + (version "0.11.1") (source (origin (method url-fetch) (uri (pypi-uri "acme" version)) (sha256 - (base32 - "16a02bb0apnk1bm68bcabdmmwd6rnvnjzanrmcb46bpbapwz3vx6")))) + (base32 + "0kk95iqxygrg0cd66kq8kbyalg2x5pz9hn1175cgwgf1vy72adfv")))) (build-system python-build-system) (arguments `(#:phases @@ -475,13 +518,15 @@ security, and applying best practice development processes.") (define-public certbot (package (name "certbot") - (version "0.9.3") + ;; Certbot and python-acme are developed in the same repository, and their + ;; versions should remain synchronized. + (version (package-version python-acme)) (source (origin (method url-fetch) (uri (pypi-uri name version)) (sha256 (base32 - "1c7k4lfq5j78d1rvrwrb9082ngwibz92cwkf4kazaa9b76w9q538")))) + "1wis5kgqcsrs60kkcmbrbx8z9yasmwa6lg9ir5im232hdm4285vc")))) (build-system python-build-system) (arguments `(#:python ,python-2 @@ -524,9 +569,10 @@ security, and applying best practice development processes.") ("python2-requests" ,python2-requests) ("python2-pytz" ,python2-pytz))) (synopsis "Let's Encrypt client by the Electronic Frontier Foundation") - (description "Tool to automatically receive and install X.509 certificates -to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which -will be issuing browser-trusted certificates for free.") + (description "Certbot automatically receives and installs X.509 certificates +to enable Transport Layer Security (TLS) on servers. It interoperates with the +Let’s Encrypt certificate authority (CA), which issues browser-trusted +certificates for free.") (home-page "https://certbot.eff.org/") (license license:asl2.0))) @@ -671,7 +717,7 @@ number generator") (define-public acme-client (package (name "acme-client") - (version "0.1.14") + (version "0.1.16") (source (origin (method url-fetch) (uri (string-append "https://kristaps.bsd.lv/" name "/" @@ -679,7 +725,7 @@ number generator") version ".tgz")) (sha256 (base32 - "1qq4xk41pn65m3v7nnvkmxg96pr06vz6hzdrm0vcmlp3clzpbahl")))) + "00q05b3b1dfnfp7sr1nbd212n0mqrycl3cr9lbs51m7ncaihbrz9")))) (build-system gnu-build-system) (arguments '(#:tests? #f ; no test suite @@ -688,7 +734,16 @@ number generator") (string-append "PREFIX=" (assoc-ref %outputs "out"))) #:phases (modify-phases %standard-phases + (add-after 'unpack 'patch-paths + (lambda* (#:key inputs #:allow-other-keys) + (let ((pem (string-append (assoc-ref inputs "libressl") + "/etc/ssl/cert.pem"))) + (substitute* "http.c" + (("/etc/ssl/cert.pem") pem)) + #t))) (delete 'configure)))) ; no './configure' script + (native-inputs + `(("pkg-config" ,pkg-config))) (inputs `(("libbsd" ,libbsd) ("libressl" ,libressl)))