diff options
Diffstat (limited to 'gnu/packages/tls.scm')
| -rw-r--r-- | gnu/packages/tls.scm | 294 |
1 files changed, 141 insertions, 153 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 20dc69282a..c45767c1b3 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> @@ -9,7 +9,7 @@ ;;; Copyright © 2016, 2017, 2018 ng0 <ng0@n0.is> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017, 2018, 2019 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> @@ -70,7 +70,7 @@ (define-public libtasn1 (package (name "libtasn1") - (version "4.13") + (version "4.14") (source (origin (method url-fetch) @@ -78,7 +78,7 @@ version ".tar.gz")) (sha256 (base32 - "1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky")))) + "025sqnlzji78ss2fi78dajc0v0h5fi02wp39hws41sn8qnjlnq4y")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--disable-static"))) @@ -122,16 +122,15 @@ in intelligent transportation networks.") (define-public p11-kit (package (name "p11-kit") - (version "0.23.15") + (version "0.23.18.1") (source (origin (method url-fetch) (uri (string-append "https://github.com/p11-glue/p11-kit/releases/" "download/" version "/p11-kit-" version ".tar.gz")) - (patches (search-patches "p11-kit-jks-timestamps.patch")) (sha256 (base32 - "166pwj00cffv4qq4dvx0k53zka0b0r1fa0whc49007vsqyh3khgp")))) + "0vrwab1082f7l5sbzpb28nrs3q4d2q7wzbi8c977rpah026bvhrl")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -163,7 +162,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.6.5") + (version "3.6.9") (source (origin (method url-fetch) (uri @@ -175,16 +174,7 @@ living in the same process.") (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0ddvg97dyrh8dkffv1mdc0knxx5my3qdbzv97s4a6jggmk9wwgh7")) - (modules '((guix build utils))) - (snippet - '(begin - ;; XXX: The generated configure script in GnuTLS 3.6.5 - ;; apparently does not know about Guile 2.2. - (substitute* "configure" - (("guile_versions_to_search=\"2\\.0 1\\.8\"") - "guile_versions_to_search=\"2.2 2.0 1.8\"")) - #t)))) + "1jqz5s3lv8sa53348cfi9nr5pw5l55n8m40b8msdvv0pb2jzqca3")))) (build-system gnu-build-system) (arguments `(; Ensure we don't keep a reference to this buggy software. @@ -202,6 +192,15 @@ living in the same process.") ;; independently. This seems suboptimal. "--with-default-trust-store-dir=/etc/ssl/certs" + ;; Tell the build system that we want Guile bindings installed to + ;; the output instead of Guiles own module directory. + (string-append "--with-guile-site-dir=" + "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)") + (string-append "--with-guile-site-ccache-dir=" + "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache") + (string-append "--with-guile-extension-dir=" + "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions") + ;; FIXME: Temporarily disable p11-kit support since it is not ;; working on mips64el. "--without-p11-kit") @@ -245,9 +244,6 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) -(define-public gnutls/guile-2.2 - (deprecated-package "guile2.2-gnutls" gnutls)) - (define-public gnutls/guile-2.0 ;; GnuTLS for Guile 2.0. (package @@ -270,8 +266,8 @@ required structures.") (define-public openssl (package (name "openssl") - (replacement openssl/fixed) - (version "1.0.2p") + (version "1.1.1c") + (replacement openssl-1.1.1d) (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -283,13 +279,12 @@ required structures.") "/openssl-" version ".tar.gz"))) (sha256 (base32 - "003xh9f898i56344vpvpxxxzmikivxig4xwlm7vbi7m8n43qxaah")) - (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch")))) + "142c7zdlz06hjrrvinb9f276czc78bnkyhd9xma621qmmmwk1yzn")) + (patches (search-patches "openssl-1.1-c-rehash-in.patch")))) (build-system gnu-build-system) (outputs '("out" - "doc" ;1.5MiB of man3 pages - "static")) ;6MiB of .a files + "doc" ;6.8 MiB of man3 pages and full HTML documentation + "static")) ;6.4 MiB of .a files (native-inputs `(("perl" ,perl))) (arguments `(#:disallowed-references (,perl) @@ -302,41 +297,27 @@ required structures.") #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases - (add-before - 'configure 'patch-Makefile.org - (lambda* (#:key outputs #:allow-other-keys) - ;; The default MANDIR is some unusual place. Fix that. - (let ((out (assoc-ref outputs "out"))) - (patch-makefile-SHELL "Makefile.org") - (substitute* "Makefile.org" - (("^MANDIR[[:blank:]]*=.*$") - (string-append "MANDIR = " out "/share/man\n"))) - #t))) - (replace - 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (invoke "./config" - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,version) - - (string-append "--prefix=" out))))) - (add-after - 'install 'make-libraries-writable - (lambda* (#:key outputs #:allow-other-keys) - ;; Make libraries writable so that 'strip' does its job. - (let ((out (assoc-ref outputs "out"))) - (for-each (lambda (file) - (chmod file #o644)) - (find-files (string-append out "/lib") - "\\.so")) - #t))) + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib"))) + ;; It's not a shebang so patch-source-shebangs misses it. + (substitute* "config" + (("/usr/bin/env") + (string-append (assoc-ref %build-inputs "coreutils") + "/bin/env"))) + (invoke "./config" + "shared" ;build shared libraries + "--libdir=lib" + + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=" out + "/share/openssl-" ,version) + + (string-append "--prefix=" out) + (string-append "-Wl,-rpath," lib))))) (add-after 'install 'move-static-libraries (lambda* (#:key outputs #:allow-other-keys) ;; Move static libraries to the "static" output. @@ -349,31 +330,20 @@ required structures.") (delete-file file)) (find-files lib "\\.a$")) #t))) - (add-after 'install 'move-man3-pages + (add-after 'install 'move-extra-documentation (lambda* (#:key outputs #:allow-other-keys) - ;; Move section 3 man pages to "doc". - (let* ((out (assoc-ref outputs "out")) - (man3 (string-append out "/share/man/man3")) - (doc (assoc-ref outputs "doc")) - (target (string-append doc "/share/man/man3"))) - (mkdir-p target) - (for-each (lambda (file) - (rename-file file - (string-append target "/" - (basename file)))) - (find-files man3)) - (delete-file-recursively man3) - #t))) - (add-before - 'patch-source-shebangs 'patch-tests - (lambda* (#:key inputs native-inputs #:allow-other-keys) - (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) - (substitute* (find-files "test" ".*") - (("/bin/sh") - (string-append bash "/bin/sh")) - (("/bin/rm") - "rm")) - #t))) + ;; Move man3 pages and full HTML documentation to "doc". + (let* ((out (assoc-ref outputs "out")) + (man3 (string-append out "/share/man/man3")) + (html (string-append out "/share/doc/openssl")) + (doc (assoc-ref outputs "doc")) + (man-target (string-append doc "/share/man/man3")) + (html-target (string-append doc "/share/doc/openssl"))) + (copy-recursively man3 man-target) + (delete-file-recursively man3) + (copy-recursively html html-target) + (delete-file-recursively html) + #t))) (add-after 'install 'remove-miscellany (lambda* (#:key outputs #:allow-other-keys) @@ -399,21 +369,11 @@ required structures.") (license license:openssl) (home-page "https://www.openssl.org/"))) -(define-public openssl/fixed - (hidden-package - (package - (inherit openssl) - (source (origin - (inherit (package-source openssl)) - (patches (append (origin-patches (package-source openssl)) - (search-patches "openssl-CVE-2019-1559.patch")))))))) - -(define-public openssl-next - (package - (inherit openssl) - (name "openssl") - (version "1.1.1c") - (source (origin +(define openssl-1.1.1d + (package/inherit + openssl + (version "1.1.1d") + (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" version ".tar.gz") @@ -422,58 +382,86 @@ required structures.") (string-append "ftp://ftp.openssl.org/source/old/" (string-trim-right version char-set:letter) "/openssl-" version ".tar.gz"))) - (patches (search-patches "openssl-1.1-c-rehash-in.patch")) + (patches (search-patches "openssl-1.1-c-rehash-in.patch")) + (sha256 + (base32 + "1whinyw402z3b9xlb3qaxv4b9sk4w1bgh9k0y8df1z4x3yy92fhy")))))) + +(define-public openssl-1.0 + (package + (inherit openssl) + (name "openssl") + (version "1.0.2s") + (source (origin + (method url-fetch) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" + "openssl-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/openssl-" version ".tar.gz"))) (sha256 (base32 - "142c7zdlz06hjrrvinb9f276czc78bnkyhd9xma621qmmmwk1yzn")))) + "15mbmg8hf7s12vr3v2bdc0pi9y4pdbnsxhzk4fyyap42jaa5rgfa")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch")))) (outputs '("out" - "doc" ; 6.8 MiB of man3 pages and full HTML documentation - "static")) ; 6.4 MiB of .a files + "doc" ;1.5MiB of man3 pages + "static")) ;6MiB of .a files (arguments (substitute-keyword-arguments (package-arguments openssl) ((#:phases phases) `(modify-phases ,phases - (delete 'patch-tests) ; These two phases are not needed by - (delete 'patch-Makefile.org) ; OpenSSL 1.1. - - ;; Override configure phase since -rpath is now a configure option. - (replace 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib"))) - ;; It's not a shebang so patch-source-shebangs misses it. - (substitute* "config" - (("/usr/bin/env") - (string-append (assoc-ref %build-inputs "coreutils") - "/bin/env"))) - (invoke "./config" - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,version) - - (string-append "--prefix=" out) - (string-append "-Wl,-rpath," lib))))) - - (delete 'move-man3-pages) - (add-after 'install 'move-extra-documentation + (add-before 'patch-source-shebangs 'patch-tests + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) + (substitute* (find-files "test" ".*") + (("/bin/sh") + (string-append bash "/bin/sh")) + (("/bin/rm") + "rm")) + #t))) + (add-before 'configure 'patch-Makefile.org (lambda* (#:key outputs #:allow-other-keys) - ;; Move man3 pages and full HTML documentation to "doc". - (let* ((out (assoc-ref outputs "out")) - (man3 (string-append out "/share/man/man3")) - (html (string-append out "/share/doc/openssl")) - (doc (assoc-ref outputs "doc")) - (man-target (string-append doc "/share/man/man3")) - (html-target (string-append doc "/share/doc/openssl"))) - (copy-recursively man3 man-target) - (delete-file-recursively man3) - (copy-recursively html html-target) - (delete-file-recursively html) + ;; The default MANDIR is some unusual place. Fix that. + (let ((out (assoc-ref outputs "out"))) + (patch-makefile-SHELL "Makefile.org") + (substitute* "Makefile.org" + (("^MANDIR[[:blank:]]*=.*$") + (string-append "MANDIR = " out "/share/man\n"))) #t))) + (replace 'configure + ;; Override this phase because OpenSSL 1.0 does not understand -rpath. + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (invoke "./config" + "shared" ;build shared libraries + "--libdir=lib" + + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=" out + "/share/openssl-" ,version) + + (string-append "--prefix=" out))))) + (delete 'move-extra-documentation) + (add-after 'install 'move-man3-pages + (lambda* (#:key outputs #:allow-other-keys) + ;; Move section 3 man pages to "doc". + (let* ((out (assoc-ref outputs "out")) + (man3 (string-append out "/share/man/man3")) + (doc (assoc-ref outputs "doc")) + (target (string-append doc "/share/man/man3"))) + (mkdir-p target) + (for-each (lambda (file) + (rename-file file + (string-append target "/" + (basename file)))) + (find-files man3)) + (delete-file-recursively man3) + #t))) ;; XXX: Duplicate this phase to make sure 'version' evaluates ;; in the current scope and not the inherited one. (replace 'remove-miscellany @@ -532,13 +520,13 @@ netcat implementation that supports TLS.") (package (name "python-acme") ;; Remember to update the hash of certbot when updating python-acme. - (version "0.35.1") + (version "0.37.2") (source (origin (method url-fetch) (uri (pypi-uri "acme" version)) (sha256 (base32 - "08y4ankn0di34c9d1c3pqd9by9n0ckzz7b5ld1g0fx6c32sbi259")))) + "0p3zqhna9p8iy5i9mfhzdf5bmjigs05r6rlwnxykk4n67fp8yyc8")))) (build-system python-build-system) (arguments `(#:phases @@ -586,10 +574,10 @@ netcat implementation that supports TLS.") (version (package-version python-acme)) (source (origin (method url-fetch) - (uri (pypi-uri name version)) + (uri (pypi-uri "certbot" version)) (sha256 (base32 - "0q0855qvsvs4mgglss5iim7f1p22rv4rn1n6j731vv869v0yrs6p")))) + "1xbfv4fwkgfp9qqzlk8wxbhchc61349m26q9fg35j9fnm253cm74")))) (build-system python-build-system) (arguments `(,@(substitute-keyword-arguments (package-arguments python-acme) @@ -836,7 +824,7 @@ then ported to the GNU / Linux environment.") (define-public mbedtls-apache (package (name "mbedtls-apache") - (version "2.16.2") + (version "2.16.3") (source (origin (method url-fetch) @@ -846,7 +834,7 @@ then ported to the GNU / Linux environment.") version "-apache.tgz")) (sha256 (base32 - "1906hbwlkq32075hca4vjad03dcc36aycvmaz8yvhr3ygg6lz0x6")))) + "0qd65lnr63vmx2gxla6lcmm5gawlnaj4wy4h4vmdc3h9h9nyw6zc")))) (build-system cmake-build-system) (arguments `(#:configure-flags @@ -884,7 +872,7 @@ coding footprint.") (define-public dehydrated (package (name "dehydrated") - (version "0.6.2") + (version "0.6.5") (source (origin (method url-fetch) (uri (string-append @@ -892,7 +880,7 @@ coding footprint.") "v" version "/dehydrated-" version ".tar.gz")) (sha256 (base32 - "03p80yj6bnzjc6dkp5hb9wpplmlrla8n5src71cnzw4rj53q8cqn")))) + "0dgskgbdd95p13jx6s13p77y15wngb5cm6p4305cf2s54w0bvahh")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) |