diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/packages/patches/gnutls-doc-fix.patch | 546 | ||||
-rw-r--r-- | gnu/packages/tls.scm | 13 |
2 files changed, 2 insertions, 557 deletions
diff --git a/gnu/packages/patches/gnutls-doc-fix.patch b/gnu/packages/patches/gnutls-doc-fix.patch deleted file mode 100644 index 170d2468bc..0000000000 --- a/gnu/packages/patches/gnutls-doc-fix.patch +++ /dev/null @@ -1,546 +0,0 @@ -diff -ru gnutls-3.4.4/doc/invoke-certtool.texi gnutls-3.4.4.1/doc/invoke-certtool.texi ---- gnutls-3.4.4.1/doc/invoke-certtool.texi 2015-08-10 13:43:52.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-certtool.texi 2015-07-31 15:44:21.000000000 -0400 -@@ -41,7 +41,97 @@ - - @exampleindent 0 - @example --certtool is unavailable - no --help -+certtool - GnuTLS certificate tool -+Usage: certtool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -V, --verbose More verbose output -+ - may appear multiple times -+ --infile=file Input file -+ - file must pre-exist -+ --outfile=str Output file -+ -s, --generate-self-signed Generate a self-signed certificate -+ -c, --generate-certificate Generate a signed certificate -+ --generate-proxy Generates a proxy certificate -+ --generate-crl Generate a CRL -+ -u, --update-certificate Update a signed certificate -+ -p, --generate-privkey Generate a private key -+ -q, --generate-request Generate a PKCS #10 certificate request -+ - prohibits the option 'infile' -+ -e, --verify-chain Verify a PEM encoded certificate chain -+ --verify Verify a PEM encoded certificate chain using a trusted list -+ --verify-crl Verify a CRL using a trusted list -+ - requires the option 'load-ca-certificate' -+ --generate-dh-params Generate PKCS #3 encoded Diffie-Hellman parameters -+ --get-dh-params Get the included PKCS #3 encoded Diffie-Hellman parameters -+ --dh-info Print information PKCS #3 encoded Diffie-Hellman parameters -+ --load-privkey=str Loads a private key file -+ --load-pubkey=str Loads a public key file -+ --load-request=str Loads a certificate request file -+ --load-certificate=str Loads a certificate file -+ --load-ca-privkey=str Loads the certificate authority's private key file -+ --load-ca-certificate=str Loads the certificate authority's certificate file -+ --password=str Password to use -+ --null-password Enforce a NULL password -+ --empty-password Enforce an empty password -+ --hex-numbers Print big number in an easier format to parse -+ --cprint In certain operations it prints the information in C-friendly format -+ -i, --certificate-info Print information on the given certificate -+ --certificate-pubkey Print certificate's public key -+ --pgp-certificate-info Print information on the given OpenPGP certificate -+ --pgp-ring-info Print information on the given OpenPGP keyring structure -+ -l, --crl-info Print information on the given CRL structure -+ --crq-info Print information on the given certificate request -+ --no-crq-extensions Do not use extensions in certificate requests -+ --p12-info Print information on a PKCS #12 structure -+ --p12-name=str The PKCS #12 friendly name to use -+ --p7-info Print information on a PKCS #7 structure -+ --smime-to-p7 Convert S/MIME to PKCS #7 structure -+ -k, --key-info Print information on a private key -+ --pgp-key-info Print information on an OpenPGP private key -+ --pubkey-info Print information on a public key -+ --v1 Generate an X.509 version 1 certificate (with no extensions) -+ -!, --to-p12 Generate a PKCS #12 structure -+ - requires the option 'load-certificate' -+ -", --to-p8 Generate a PKCS #8 structure -+ -8, --pkcs8 Use PKCS #8 format for private keys -+ -#, --rsa Generate RSA key -+ -$, --dsa Generate DSA key -+ -%, --ecc Generate ECC (ECDSA) key -+ -&, --ecdsa an alias for the 'ecc' option -+ -', --hash=str Hash algorithm to use for signing -+ -(, --inder Use DER format for input certificates, private keys, and DH parameters -+ - disabled as '--no-inder' -+ -), --inraw an alias for the 'inder' option -+ -*, --outder Use DER format for output certificates, private keys, and DH parameters -+ - disabled as '--no-outder' -+ -+, --outraw an alias for the 'outder' option -+ -,, --bits=num Specify the number of bits for key generate -+ --, --curve=str Specify the curve used for EC key generation -+ -., --sec-param=str Specify the security level [low, legacy, medium, high, ultra] -+ -/, --disable-quick-random No effect -+ -0, --template=str Template file to use for non-interactive operation -+ -1, --stdout-info Print information to stdout instead of stderr -+ -2, --ask-pass Enable interaction for entering password when in batch mode. -+ -3, --pkcs-cipher=str Cipher to use for PKCS #8 and #12 operations -+ -4, --provider=str Specify the PKCS #11 provider library -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+ -+Tool to parse and generate X.509 certificates, requests and private keys. -+It can be used interactively or non interactively by specifying the -+template command line option. -+ -+The tool accepts files or URLs supported by GnuTLS. In case PIN is -+required for the URL access you can provide it using the environment -+variables GNUTLS_PIN and GNUTLS_SO_PIN. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-gnutls-cli-debug.texi gnutls-3.4.4.1/doc/invoke-gnutls-cli-debug.texi ---- gnutls-3.4.4.1/doc/invoke-gnutls-cli-debug.texi 2015-08-10 13:43:50.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-gnutls-cli-debug.texi 2015-07-31 15:44:18.000000000 -0400 -@@ -40,7 +40,34 @@ - - @exampleindent 0 - @example --gnutls-cli-debug is unavailable - no --help -+gnutls-cli-debug - GnuTLS debug client -+Usage: gnutls-cli-debug [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -V, --verbose More verbose output -+ - may appear multiple times -+ -p, --port=num The port to connect to -+ - it must be in the range: -+ 0 to 65536 -+ --app-proto=str The application protocol to be used to obtain the server's certificate -+(https, ftp, smtp, imap) -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+Operands and options may be intermixed. They will be reordered. -+ -+TLS debug client. It sets up multiple TLS connections to a server and -+queries its capabilities. It was created to assist in debugging GnuTLS, -+but it might be useful to extract a TLS server's capabilities. It connects -+to a TLS server, performs tests and print the server's capabilities. If -+called with the `-v' parameter more checks will be performed. Can be used -+to check for servers with special needs or bugs. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-gnutls-cli.texi gnutls-3.4.4.1/doc/invoke-gnutls-cli.texi ---- gnutls-3.4.4.1/doc/invoke-gnutls-cli.texi 2015-08-10 13:43:49.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-gnutls-cli.texi 2015-07-31 15:44:17.000000000 -0400 -@@ -36,7 +36,95 @@ - - @exampleindent 0 - @example --gnutls-cli is unavailable - no --help -+gnutls-cli - GnuTLS client -+Usage: gnutls-cli [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [hostname] -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -V, --verbose More verbose output -+ - may appear multiple times -+ --tofu Enable trust on first use authentication -+ - disabled as '--no-tofu' -+ --strict-tofu Fail to connect if a known certificate has changed -+ - disabled as '--no-strict-tofu' -+ --dane Enable DANE certificate verification (DNSSEC) -+ - disabled as '--no-dane' -+ --local-dns Use the local DNS server for DNSSEC resolving -+ - disabled as '--no-local-dns' -+ --ca-verification Disable CA certificate verification -+ - disabled as '--no-ca-verification' -+ - enabled by default -+ --ocsp Enable OCSP certificate verification -+ - disabled as '--no-ocsp' -+ -r, --resume Establish a session and resume -+ -e, --rehandshake Establish a session and rehandshake -+ -s, --starttls Connect, establish a plain session and start TLS -+ --app-proto=str an alias for the 'starttls-proto' option -+ --starttls-proto=str The application protocol to be used to obtain the server's certificate -+(https, ftp, smtp, imap) -+ - prohibits the option 'starttls' -+ -u, --udp Use DTLS (datagram TLS) over UDP -+ --mtu=num Set MTU for datagram TLS -+ - it must be in the range: -+ 0 to 17000 -+ --crlf Send CR LF instead of LF -+ --x509fmtder Use DER format for certificates to read from -+ -f, --fingerprint Send the openpgp fingerprint, instead of the key -+ --print-cert Print peer's certificate in PEM format -+ --dh-bits=num The minimum number of bits allowed for DH -+ --priority=str Priorities string -+ --x509cafile=str Certificate file or PKCS #11 URL to use -+ --x509crlfile=file CRL file to use -+ - file must pre-exist -+ --pgpkeyfile=file PGP Key file to use -+ - file must pre-exist -+ --pgpkeyring=file PGP Key ring file to use -+ - file must pre-exist -+ --pgpcertfile=file PGP Public Key (certificate) file to use -+ - file must pre-exist -+ --x509keyfile=str X.509 key file or PKCS #11 URL to use -+ --x509certfile=str X.509 Certificate file or PKCS #11 URL to use -+ --pgpsubkey=str PGP subkey to use (hex or auto) -+ --srpusername=str SRP username to use -+ --srppasswd=str SRP password to use -+ --pskusername=str PSK username to use -+ --pskkey=str PSK key (in hex) to use -+ -p, --port=str The port or service to connect to -+ --insecure Don't abort program if server certificate can't be validated -+ --ranges Use length-hiding padding to prevent traffic analysis -+ --benchmark-ciphers Benchmark individual ciphers -+ --benchmark-tls-kx Benchmark TLS key exchange methods -+ --benchmark-tls-ciphers Benchmark TLS ciphers -+ -l, --list Print a list of the supported algorithms and modes -+ - prohibits the option 'port' -+ --noticket Don't allow session tickets -+ -!, --srtp-profiles=str Offer SRTP profiles -+ -", --alpn=str Application layer protocol -+ - may appear multiple times -+ -b, --heartbeat Activate heartbeat support -+ -#, --recordsize=num The maximum record size to advertize -+ - it must be in the range: -+ 0 to 4096 -+ -$, --disable-sni Do not send a Server Name Indication (SNI) -+ -%, --disable-extensions Disable all the TLS extensions -+ -&, --inline-commands Inline commands of the form ^<cmd>^ -+ -', --inline-commands-prefix=str Change the default delimiter for inline commands. -+ -(, --provider=file Specify the PKCS #11 provider library -+ - file must pre-exist -+ -), --fips140-mode Reports the status of the FIPS140-2 mode in gnutls library -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+Operands and options may be intermixed. They will be reordered. -+ -+Simple client program to set up a TLS connection to some other computer. It -+sets up a TLS connection and forwards data from the standard input to the -+secured socket and vice versa. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-gnutls-serv.texi gnutls-3.4.4.1/doc/invoke-gnutls-serv.texi ---- gnutls-3.4.4.1/doc/invoke-gnutls-serv.texi 2015-08-10 13:43:51.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-gnutls-serv.texi 2015-07-31 15:44:20.000000000 -0400 -@@ -35,7 +35,69 @@ - - @exampleindent 0 - @example --gnutls-serv is unavailable - no --help -+gnutls-serv - GnuTLS server -+Usage: gnutls-serv [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ --noticket Don't accept session tickets -+ -g, --generate Generate Diffie-Hellman and RSA-export parameters -+ -q, --quiet Suppress some messages -+ --nodb Do not use a resumption database -+ --http Act as an HTTP server -+ --echo Act as an Echo server -+ -u, --udp Use DTLS (datagram TLS) over UDP -+ --mtu=num Set MTU for datagram TLS -+ - it must be in the range: -+ 0 to 17000 -+ --srtp-profiles=str Offer SRTP profiles -+ -a, --disable-client-cert Do not request a client certificate -+ -r, --require-client-cert Require a client certificate -+ --verify-client-cert If a client certificate is sent then verify it. -+ -b, --heartbeat Activate heartbeat support -+ --x509fmtder Use DER format for certificates to read from -+ --priority=str Priorities string -+ --dhparams=file DH params file to use -+ - file must pre-exist -+ --x509cafile=str Certificate file or PKCS #11 URL to use -+ --x509crlfile=file CRL file to use -+ - file must pre-exist -+ --pgpkeyfile=file PGP Key file to use -+ - file must pre-exist -+ --pgpkeyring=file PGP Key ring file to use -+ - file must pre-exist -+ --pgpcertfile=file PGP Public Key (certificate) file to use -+ - file must pre-exist -+ --x509keyfile=str X.509 key file or PKCS #11 URL to use -+ --x509certfile=str X.509 Certificate file or PKCS #11 URL to use -+ --x509dsakeyfile=str Alternative X.509 key file or PKCS #11 URL to use -+ --x509dsacertfile=str Alternative X.509 Certificate file or PKCS #11 URL to use -+ --x509ecckeyfile=str Alternative X.509 key file or PKCS #11 URL to use -+ --x509ecccertfile=str Alternative X.509 Certificate file or PKCS #11 URL to use -+ --pgpsubkey=str PGP subkey to use (hex or auto) -+ --srppasswd=file SRP password file to use -+ - file must pre-exist -+ --srppasswdconf=file SRP password configuration file to use -+ - file must pre-exist -+ --pskpasswd=file PSK password file to use -+ - file must pre-exist -+ --pskhint=str PSK identity hint to use -+ --ocsp-response=file The OCSP response to send to client -+ - file must pre-exist -+ -p, --port=num The port to connect to -+ -l, --list Print a list of the supported algorithms and modes -+ --provider=file Specify the PKCS #11 provider library -+ - file must pre-exist -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+ -+Server program that listens to incoming TLS connections. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-ocsptool.texi gnutls-3.4.4.1/doc/invoke-ocsptool.texi ---- gnutls-3.4.4.1/doc/invoke-ocsptool.texi 2015-08-10 13:43:53.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-ocsptool.texi 2015-07-31 15:44:22.000000000 -0400 -@@ -37,7 +37,53 @@ - - @exampleindent 0 - @example --ocsptool is unavailable - no --help -+ocsptool - GnuTLS OCSP tool -+Usage: ocsptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -V, --verbose More verbose output -+ - may appear multiple times -+ --infile=file Input file -+ - file must pre-exist -+ --outfile=str Output file -+ --ask[=arg] Ask an OCSP/HTTP server on a certificate validity -+ - requires these options: -+ load-cert -+ load-issuer -+ -e, --verify-response Verify response -+ -i, --request-info Print information on a OCSP request -+ -j, --response-info Print information on a OCSP response -+ -q, --generate-request Generate an OCSP request -+ --nonce Use (or not) a nonce to OCSP request -+ - disabled as '--no-nonce' -+ --load-issuer=file Read issuer certificate from file -+ - file must pre-exist -+ --load-cert=file Read certificate to check from file -+ - file must pre-exist -+ --load-trust=file Read OCSP trust anchors from file -+ - prohibits the option 'load-signer' -+ - file must pre-exist -+ --load-signer=file Read OCSP response signer from file -+ - prohibits the option 'load-trust' -+ - file must pre-exist -+ --inder Use DER format for input certificates and private keys -+ - disabled as '--no-inder' -+ -Q, --load-request=file Read DER encoded OCSP request from file -+ - file must pre-exist -+ -S, --load-response=file Read DER encoded OCSP response from file -+ - file must pre-exist -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+ -+Ocsptool is a program that can parse and print information about OCSP -+requests/responses, generate requests and verify responses. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-p11tool.texi gnutls-3.4.4.1/doc/invoke-p11tool.texi ---- gnutls-3.4.4.1/doc/invoke-p11tool.texi 2015-08-10 13:43:58.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-p11tool.texi 2015-07-31 15:44:26.000000000 -0400 -@@ -45,7 +45,97 @@ - - @exampleindent 0 - @example --p11tool is unavailable - no --help -+p11tool - GnuTLS PKCS #11 tool -+Usage: p11tool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [url] -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ --outfile=str Output file -+ --list-tokens List all available tokens -+ --export Export the object specified by the URL -+ --export-chain Export the certificate specified by the URL and its chain of trust -+ --list-mechanisms List all available mechanisms in a token -+ --info List information on an available object in a token -+ --list-all List all available objects in a token -+ --list-all-certs List all available certificates in a token -+ --list-certs List all certificates that have an associated private key -+ --list-all-privkeys List all available private keys in a token -+ --list-privkeys an alias for the 'list-all-privkeys' option -+ --list-keys an alias for the 'list-all-privkeys' option -+ --list-all-trusted List all available certificates marked as trusted -+ --write Writes the loaded objects to a PKCS #11 token -+ --delete Deletes the objects matching the PKCS #11 URL -+ --generate-random=num Generate random data -+ --generate-rsa Generate an RSA private-public key pair -+ --generate-dsa Generate an RSA private-public key pair -+ --generate-ecc Generate an RSA private-public key pair -+ --export-pubkey Export the public key for a private key -+ --label=str Sets a label for the write operation -+ --mark-wrap Marks the generated key to be a wrapping key -+ - disabled as '--no-mark-wrap' -+ --mark-trusted Marks the object to be written as trusted -+ - disabled as '--no-mark-trusted' -+ --mark-ca Marks the object to be written as a CA -+ - disabled as '--no-mark-ca' -+ --mark-private Marks the object to be written as private -+ - disabled as '--no-mark-private' -+ - enabled by default -+ --trusted an alias for the 'mark-trusted' option -+ --ca an alias for the 'mark-ca' option -+ --private an alias for the 'mark-private' option -+ - enabled by default -+ --login Force (user) login to token -+ - disabled as '--no-login' -+ --so-login Force security officer login to token -+ - disabled as '--no-so-login' -+ --admin-login an alias for the 'so-login' option -+ --detailed-url Print detailed URLs -+ - disabled as '--no-detailed-url' -+ -!, --secret-key=str Provide a hex encoded secret key -+ -", --load-privkey=file Private key file to use -+ - file must pre-exist -+ -#, --load-pubkey=file Public key file to use -+ - file must pre-exist -+ -$, --load-certificate=file Certificate file to use -+ - file must pre-exist -+ -8, --pkcs8 Use PKCS #8 format for private keys -+ -%, --bits=num Specify the number of bits for key generate -+ -&, --curve=str Specify the curve used for EC key generation -+ -', --sec-param=str Specify the security level -+ -(, --inder Use DER/RAW format for input -+ - disabled as '--no-inder' -+ -), --inraw an alias for the 'inder' option -+ -*, --outder Use DER format for output certificates, private keys, and DH parameters -+ - disabled as '--no-outder' -+ -+, --outraw an alias for the 'outder' option -+ -,, --initialize Initializes a PKCS #11 token -+ --, --set-pin=str Specify the PIN to use on token initialization -+ -., --set-so-pin=str Specify the Security Officer's PIN to use on token initialization -+ -/, --provider=file Specify the PKCS #11 provider library -+ - file must pre-exist -+ -0, --batch Disable all interaction with the tool. All parameters need to be -+specified on command line. -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+Operands and options may be intermixed. They will be reordered. -+ -+Program that allows operations on PKCS #11 smart cards and security -+modules. -+ -+To use PKCS #11 tokens with GnuTLS the p11-kit configuration files need to -+be setup. That is create a .module file in /etc/pkcs11/modules with the -+contents 'module: /path/to/pkcs11.so'. Alternatively the configuration -+file /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of -+the form 'load=/usr/lib/opensc-pkcs11.so'. -+ -+You can provide the PIN to be used for the PKCS #11 operations with the -+environment variables GNUTLS_PIN and GNUTLS_SO_PIN. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-psktool.texi gnutls-3.4.4.1/doc/invoke-psktool.texi ---- gnutls-3.4.4.1/doc/invoke-psktool.texi 2015-08-10 13:43:57.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-psktool.texi 2015-07-31 15:44:25.000000000 -0400 -@@ -36,7 +36,27 @@ - - @exampleindent 0 - @example --psktool is unavailable - no --help -+psktool - GnuTLS PSK tool -+Usage: psktool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -s, --keysize=num specify the key size in bytes -+ - it must be in the range: -+ 0 to 512 -+ -u, --username=str specify a username -+ -p, --passwd=str specify a password file -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+ -+Program that generates random keys for use with TLS-PSK. The keys are -+stored in hexadecimal format in a key file. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-srptool.texi gnutls-3.4.4.1/doc/invoke-srptool.texi ---- gnutls-3.4.4.1/doc/invoke-srptool.texi 2015-08-10 13:43:56.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-srptool.texi 2015-07-31 15:44:24.000000000 -0400 -@@ -41,7 +41,34 @@ - - @exampleindent 0 - @example --srptool is unavailable - no --help -+srptool - GnuTLS SRP tool -+Usage: srptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -i, --index=num specify the index of the group parameters in tpasswd.conf to use -+ -u, --username=str specify a username -+ -p, --passwd=str specify a password file -+ -s, --salt=num specify salt size -+ --verify just verify the password. -+ -v, --passwd-conf=str specify a password conf file. -+ --create-conf=str Generate a password configuration file. -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+ -+Simple program that emulates the programs in the Stanford SRP (Secure -+Remote Password) libraries using GnuTLS. It is intended for use in places -+where you don't expect SRP authentication to be the used for system users. -+ -+In brief, to use SRP you need to create two files. These are the password -+file that holds the users and the verifiers associated with them and the -+configuration file to hold the group parameters (called tpasswd.conf). -+ - @end example - @exampleindent 4 - diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 494128eeae..c10d1cbfc7 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -107,7 +107,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.4.5") + (version "3.4.7") (source (origin (method url-fetch) (uri @@ -118,8 +118,7 @@ living in the same process.") "/gnutls-" version ".tar.xz")) (sha256 (base32 - "1bks1zpmhmnkz2v32dd9b44pz6x0a5w4yi9zzwsd0a078vhbi25g")) - (patches (list (search-patch "gnutls-doc-fix.patch"))))) + "0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -143,13 +142,6 @@ living in the same process.") #:phases (modify-phases %standard-phases (add-after - 'unpack 'delete-prebuilt-unfixed-info-file - (lambda _ - ;; XXX Delete the prebuilt info file, so that it will be - ;; rebuilt with the fixes in gnutls-doc-fix.patch. - (delete-file "doc/gnutls.info") - #t)) - (add-after 'install 'move-doc (lambda* (#:key outputs #:allow-other-keys) ;; Copy the 4.1 MiB of section 3 man pages to "doc". @@ -166,7 +158,6 @@ living in the same process.") "doc")) ;4.1 MiB of man pages (native-inputs `(("pkg-config" ,pkg-config) - ("texinfo" ,texinfo) ; XXX needed only to replace prebuilt, unfixed docs. ("which" ,which))) (inputs `(("guile" ,guile-2.0) |