diff options
Diffstat (limited to 'gnu/packages/tls.scm')
| -rw-r--r-- | gnu/packages/tls.scm | 212 |
1 files changed, 116 insertions, 96 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 7eefc31928..29b6101908 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -15,7 +15,7 @@ ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2020, 2023, 2025 Janneke Nieuwenhuizen <janneke@gnu.org> -;;; Copyright © 2020, 2021, 2023, 2024 Maxim Cournoyer <maxim.cournoyer@gmail.com> +;;; Copyright © 2020, 2021, 2023-2025 Maxim Cournoyer <maxim@guixotic.coop> ;;; Copyright © 2021 Solene Rapenne <solene@perso.pw> ;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re> ;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be> @@ -50,6 +50,7 @@ #:use-module (guix build-system gnu) #:use-module (guix build-system go) #:use-module (guix build-system perl) + #:use-module (guix build-system pyproject) #:use-module (guix build-system python) #:use-module (guix build-system cmake) #:use-module (guix build-system trivial) @@ -58,6 +59,7 @@ #:use-module (gnu packages compression) #:use-module (gnu packages) #:use-module (gnu packages autotools) + #:use-module (gnu packages base) #:use-module (gnu packages bash) #:use-module (gnu packages build-tools) #:use-module (gnu packages check) @@ -74,9 +76,11 @@ #:use-module (gnu packages ncurses) #:use-module (gnu packages nettle) #:use-module (gnu packages networking) + #:use-module (gnu packages nss) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) + #:use-module (gnu packages python-build) #:use-module (gnu packages python-crypto) #:use-module (gnu packages python-web) #:use-module (gnu packages python-xyz) @@ -199,6 +203,43 @@ coordinating the use of PKCS#11 by different components or libraries living in the same process.") (license license:bsd-3))) +(define-public libp11 + (package + (name "libp11") + (version "0.4.16") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/OpenSC/libp11") + (commit (string-append "libp11-" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 "0sjd3jxpyp61d85n4drmw9rf3bh7hwhrplr5nw6lmcpr2xr4gqds")))) + (build-system gnu-build-system) + (arguments + (list #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'patch-enginesdir + (lambda _ + (substitute* "configure.ac" + (("libcrypto`") + (string-append "libcrypto | sed 's#.*/#" + #$output "/lib/#'`")))))))) + (native-inputs + (list autoconf automake libtool pkg-config sed)) + (inputs + (list openssl)) + (home-page "https://github.com/OpenSC/libp11") + (synopsis "PKCS#11 wrapper library") + (description + "@code{libp11} is a library implementing a thin layer on top of PKCS#11 +API to make PKCS#11 implementations easier.") + (license (list license:lgpl2.1+ + license:bsd-2 + license:openssl + (license:fsf-free "file:///src/pkcs11.h"))))) + (define-public gnutls (package (name "gnutls") @@ -330,11 +371,11 @@ required structures.") ;; url-fetch is used here to avoid a circular dependency with ;; git-download, see https://issues.guix.gnu.org/63331 (method url-fetch) - (uri (string-append "mirror://gnu/gnutls/guile-gnutls-" - version ".tar.gz")) + (uri (string-append "mirror://gnu/gnutls/guile-gnutls-v" + version "-src.tar.gz")) (sha256 (base32 - "0azgp79a4hgmbg2p2ghd1x2zav8894m9ch3i4hbvq8dlxvrnf06c")))) + "0kqngyx4520gjk49l6whjd2ss994kaj9rm78lli6p3q6xry0945i")))) (build-system gnu-build-system) (outputs '("out" "debug")) (arguments @@ -351,6 +392,7 @@ required structures.") "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")))) (native-inputs (list libtool + autoconf automake pkg-config texinfo gnutls @@ -710,48 +752,48 @@ netcat implementation that supports TLS.") (package (name "python-acme") ;; Remember to update the hash of certbot when updating python-acme. - (version "2.3.0") - (source (origin - (method url-fetch) - (uri (pypi-uri "acme" version)) - (sha256 - (base32 - "1z6293g4pyxvx5w7v07j8wnaxyr7srsqfqvgly888b8k52fq9ipa")))) - (build-system python-build-system) + (version "4.2.0") + (source + (origin + (method url-fetch) + (uri (pypi-uri "acme" version)) + (sha256 + (base32 "0h8ckyal5j8lkm24fd52dajy38mxa76zh4q022i28f6b3878rxhd")))) + (build-system pyproject-build-system) (arguments - `(#:phases - (modify-phases %standard-phases - (add-after 'build 'build-documentation - (lambda _ - (invoke "make" "-C" "docs" "man" "info"))) - (add-after 'install 'install-documentation - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (man (string-append out "/share/man/man1")) - (info (string-append out "/info"))) - (install-file "docs/_build/texinfo/acme-python.info" info) - (install-file "docs/_build/man/acme-python.1" man)))) - (replace 'check - (lambda* (#:key tests? #:allow-other-keys) - (when tests? - (invoke "pytest" "-vv"))))))) + (list + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'relax-requirements + (lambda _ + (substitute* "setup.py" + (("'PyOpenSSL.*',") + "'PyOpenSSL',")))) + (add-after 'build 'build-documentation + (lambda _ + (invoke "make" "-C" "docs" "man" "info"))) + (add-after 'install 'install-documentation + (lambda _ + (let ((man (string-append #$output "/share/man/man1")) + (info (string-append #$output "/info"))) + (install-file "docs/_build/texinfo/acme-python.info" info) + (install-file "docs/_build/man/acme-python.1" man))))))) (native-inputs (list python-pytest + python-pytest-xdist + python-setuptools + python-wheel ;; For documentation python-sphinx python-sphinxcontrib-programoutput python-sphinx-rtd-theme texinfo)) (propagated-inputs - (list python-chardet + (list python-cryptography python-josepy - python-requests - python-requests-toolbelt - python-pytz + python-pyopenssl python-pyrfc3339 - python-pyasn1 - python-cryptography - python-pyopenssl)) + python-requests)) (home-page "https://github.com/certbot/certbot") (synopsis "ACME protocol implementation in Python") (description "ACME protocol implementation in Python") @@ -763,30 +805,33 @@ netcat implementation that supports TLS.") ;; Certbot and python-acme are developed in the same repository, and their ;; versions should remain synchronized. (version (package-version python-acme)) - (source (origin - (method url-fetch) - (uri (pypi-uri "certbot" version)) - (sha256 - (base32 - "12nd9nmdj3bf1xlvhj1ln473xbyv4qzxf6qhz0djbca7jl59zlwk")))) - (build-system python-build-system) + (source + (origin + (method url-fetch) + (uri (pypi-uri "certbot" version)) + (sha256 + (base32 "0yy287h1sjdkm5cj4wazq316igwwla856yqcmi4yqaq7ib55c7pv")))) + (build-system pyproject-build-system) (arguments - `(,@(substitute-keyword-arguments (package-arguments python-acme) - ((#:phases phases) - `(modify-phases ,phases - (replace 'install-documentation - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (man1 (string-append out "/share/man/man1")) - (man7 (string-append out "/share/man/man7")) - (info (string-append out "/info"))) - (install-file "docs/_build/texinfo/Certbot.info" info) - (install-file "docs/_build/man/certbot.1" man1) - (install-file "docs/_build/man/certbot.7" man7) - #t)))))))) + (substitute-keyword-arguments (package-arguments python-acme) + ((#:test-flags flags '()) + ;; XXX: No time zone found with key Asia/Sanghai, pytz version? + #~(list "-k" "not test_add_time_interval")) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'install-documentation + (lambda* (#:key outputs #:allow-other-keys) + (let ((man1 (string-append #$output "/share/man/man1")) + (man7 (string-append #$output "/share/man/man7")) + (info (string-append #$output "/info"))) + (install-file "docs/_build/texinfo/Certbot.info" info) + (install-file "docs/_build/man/certbot.1" man1) + (install-file "docs/_build/man/certbot.7" man7)))))))) (native-inputs (list python-mock python-pytest + python-setuptools + python-wheel ;; For documentation python-sphinx python-sphinx-rtd-theme @@ -806,8 +851,9 @@ netcat implementation that supports TLS.") python-requests python-pytz)) (synopsis "Let's Encrypt client by the Electronic Frontier Foundation") - (description "Certbot automatically receives and installs X.509 certificates -to enable Transport Layer Security (TLS) on servers. It interoperates with the + (description + "Certbot automatically receives and installs X.509 certificates to enable +Transport Layer Security (TLS) on servers. It interoperates with the Let’s Encrypt certificate authority (CA), which issues browser-trusted certificates for free.") (home-page "https://certbot.eff.org/") @@ -963,6 +1009,8 @@ correct OpenSSL include path. It is intended for use in your number generator") (license license:perl-license))) +;;; TODO: No longer maintained, migrate dependents to current mbedtls v3 +;;; (which is the new LTS). (define-public mbedtls-lts (package (name "mbedtls") @@ -1003,25 +1051,21 @@ coding footprint.") (package (inherit mbedtls-lts) (name "mbedtls") - (version "3.5.2") - (source (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/ARMmbed/mbedtls") - (commit (string-append "mbedtls-" version)))) - (file-name (git-file-name name version)) - (sha256 - (base32 - "1wsjrx98h74q0q4zqwsghiqvjz4aqgvigpxb9f8xjw0w4sfsclcm")))))) - -(define-public mbedtls-apache - (deprecated-package "mbedtls-apache" mbedtls-lts)) + (version "3.6.4") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/Mbed-TLS/mbedtls/releases" + "/download/mbedtls-" version + "/mbedtls-" version ".tar.bz2")) + (sha256 + (base32 + "0441cwfh3z0xnik0wsafih599s4kzyc8pnrh7s6gjg2rdj5b2dgc")))))) ;; The Hiawatha Web server requires some specific features to be enabled. (define-public mbedtls-for-hiawatha (hidden-package - (package - (inherit mbedtls) + (package/inherit mbedtls (arguments (substitute-keyword-arguments (package-arguments mbedtls) ((#:phases phases) @@ -1125,30 +1169,6 @@ ACME server (such as Let's Encrypt) implemented as a relatively simple Bash script.") (license license:expat))) -(define-public go-github-com-certifi-gocertifi - (let ((commit "a5e0173ced670013bfb649c7e806bc9529c986ec") - (revision "1")) - (package - (name "go-github-com-certifi-gocertifi") - (version (git-version "2018.01.18" revision commit)) - (source (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/certifi/gocertifi") - (commit commit))) - (file-name (git-file-name name version)) - (sha256 - (base32 - "1n9drccl3q1rr8wg3nf60slkf1lgsmz5ahifrglbdrc6har3rryj")))) - (build-system go-build-system) - (arguments - '(#:import-path "github.com/certifi/gocertifi")) - (synopsis "X.509 TLS root certificate bundle for Go") - (description "This package is a Go language X.509 TLS root certificate bundle, -derived from Mozilla's collection.") - (home-page "https://certifi.io") - (license license:mpl2.0)))) - (define-public s2n (package (name "s2n") |