diff options
Diffstat (limited to 'gnu/packages/certs.scm')
| -rw-r--r-- | gnu/packages/certs.scm | 193 |
1 files changed, 41 insertions, 152 deletions
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index e2de6b168b..8f7bbb5d9c 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -1,13 +1,8 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015 Andreas Enge <andreas@enge.fr> -;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016-2017, 2021-2022 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2017 Leo Famulari <leo@famulari.name> -;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> -;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com> -;;; Copyright © 2021 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2021 Maxim Cournoyer <maxim@guixotic.coop> ;;; Copyright © 2021 Raghav Gururajan <rg@raghavgururajan.name> -;;; Copyright © 2024 Zheng Junjie <873216071@qq.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -26,7 +21,6 @@ (define-module (gnu packages certs) #:use-module ((guix licenses) #:prefix license:) - #:use-module ((guix search-paths) #:select ($SSL_CERT_DIR $SSL_CERT_FILE)) #:use-module (guix packages) #:use-module (guix utils) #:use-module (guix download) @@ -36,11 +30,51 @@ #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) #:use-module (gnu packages) + #:use-module (gnu packages nss) #:use-module (gnu packages curl) #:use-module (gnu packages python) #:use-module (gnu packages perl) #:use-module (gnu packages tls)) +(define-public certdata2pem + (let ((revision "1") + (commit "4c576f350f44186d439179f63d5be19f710a73f5")) + (package + (name "certdata2pem") + (version "0.0.0") ;no version + (source (origin + (method url-fetch) + (uri (string-append + "https://raw.githubusercontent.com/sabotage-linux/sabotage/" + commit "/KEEP/certdata2pem.c")) + (sha256 + (base32 + "1rywp29q4l1cs2baplkbcravxqs4kw2cys4yifhfznbc210pskq6")))) + (build-system gnu-build-system) + (arguments + `(#:phases (modify-phases %standard-phases + (delete 'configure) + (add-before 'build 'fix-extension + (lambda _ + (substitute* "certdata2pem.c" + (("\\.crt") + ".pem")))) + (replace 'build + (lambda _ + (invoke ,(cc-for-target) "certdata2pem.c" + "-o" "certdata2pem"))) + (delete 'check) ;no test suite + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (install-file "certdata2pem" + (string-append out "/bin")))))))) + (home-page "https://github.com/sabotage-linux/") + (synopsis "Utility to split TLS certificates data into multiple PEM files") + (description "This is a C version of the certdata2pem Python utility +that was originally contributed to Debian.") + (license license:isc)))) + (define-public desec-certbot-hook (let ((commit "68da7abc0793602fd336962a7e2348b57c5d6fd6") (revision "0")) @@ -88,151 +122,6 @@ port forwarding to your local machine.") (home-page "https://desec.io") (license license:expat)))) -(define-public certdata2pem - (let ((revision "1") - (commit "4c576f350f44186d439179f63d5be19f710a73f5")) - (package - (name "certdata2pem") - (version "0.0.0") ;no version - (source (origin - (method url-fetch) - (uri (string-append - "https://raw.githubusercontent.com/sabotage-linux/sabotage/" - commit "/KEEP/certdata2pem.c")) - (sha256 - (base32 - "1rywp29q4l1cs2baplkbcravxqs4kw2cys4yifhfznbc210pskq6")))) - (build-system gnu-build-system) - (arguments - `(#:phases (modify-phases %standard-phases - (delete 'configure) - (add-before 'build 'fix-extension - (lambda _ - (substitute* "certdata2pem.c" - (("\\.crt") - ".pem")))) - (replace 'build - (lambda _ - (invoke ,(cc-for-target) "certdata2pem.c" - "-o" "certdata2pem"))) - (delete 'check) ;no test suite - (replace 'install - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (install-file "certdata2pem" - (string-append out "/bin")))))))) - (home-page "https://github.com/sabotage-linux/") - (synopsis "Utility to split TLS certificates data into multiple PEM files") - (description "This is a C version of the certdata2pem Python utility -that was originally contributed to Debian.") - (license license:isc)))) - -(define-public nss-certs - (package - (name "nss-certs") - ;; FIXME We used to refer to the nss package here, but that eventually caused - ;; module cycles. The below is a quick copy-paste job that must be kept in - ;; sync manually. Surely there's a better way…? - (version "3.99") - (source (origin - (method url-fetch) - (uri (let ((version-with-underscores - (string-join (string-split version #\.) "_"))) - (string-append - "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" - "releases/NSS_" version-with-underscores "_RTM/src/" - "nss-" version ".tar.gz"))) - (sha256 - (base32 - "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw")) - ;; Create nss.pc and nss-config. - (patches (search-patches "nss-3.56-pkgconfig.patch" - "nss-getcwd-nonnull.patch" - "nss-increase-test-timeout.patch")) - (modules '((guix build utils))) - (snippet - '(begin - ;; Delete the bundled copy of these libraries. - (delete-file-recursively "nss/lib/zlib") - (delete-file-recursively "nss/lib/sqlite"))))) - (build-system gnu-build-system) - (outputs '("out")) - (native-inputs - (list certdata2pem openssl)) - (inputs '()) - (propagated-inputs '()) - (arguments - (list #:modules '((guix build gnu-build-system) - (guix build utils) - (rnrs io ports) - (srfi srfi-26)) - #:phases - #~(modify-phases - (map (cut assq <> %standard-phases) - '(set-paths install-locale unpack)) - (add-after 'unpack 'install - (lambda _ - (let ((certsdir (string-append #$output - "/etc/ssl/certs/"))) - (with-directory-excursion "nss/lib/ckfw/builtins/" - (unless (file-exists? "blacklist.txt") - (call-with-output-file "blacklist.txt" (const #t))) - ;; Extract selected single certificates from blob. - (invoke "certdata2pem") - ;; Copy .pem files into the output. - (for-each (cut install-file <> certsdir) - (find-files "." ".*\\.pem$"))) - (invoke "openssl" "rehash" certsdir))))))) - (synopsis "CA certificates from Mozilla") - (description - "This package provides certificates for Certification Authorities (CA) -taken from the NSS package and thus ultimately from the Mozilla project.") - (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS") - (license license:mpl2.0))) - -(define-public nss-certs-for-test - (hidden-package - (package - (inherit nss-certs) - (name "nss-certs-for-test") - (source #f) - (build-system trivial-build-system) - (native-inputs (list nss-certs)) - (inputs '()) - (propagated-inputs '()) - (arguments - (list #:modules '((guix build utils) - (rnrs io ports) - (srfi srfi-26)) - #:builder - #~(begin - (use-modules (guix build utils) - (rnrs io ports) - (srfi srfi-26)) - (define certs-dir (string-append #$output "/etc/ssl/certs/")) - (define ca-files - (find-files (string-append #+(this-package-native-input - "nss-certs") - "/etc/ssl/certs") - (lambda (file stat) - (string-suffix? ".pem" file)))) - (define (concatenate-files files result) - "Make RESULT the concatenation of all of FILES." - (define (dump file port) - (display (call-with-input-file file get-string-all) port) - (newline port)) - (call-with-output-file result - (lambda (port) - (for-each (cut dump <> port) files)))) - - (mkdir-p certs-dir) - (concatenate-files - ca-files (string-append certs-dir "/ca-certificates.crt")) - (for-each (cut install-file <> certs-dir) ca-files)))) - (native-search-paths - (list $SSL_CERT_DIR - $SSL_CERT_FILE))))) - (define-public le-certs (package (name "le-certs") |