summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-02-28 20:21:10 -0500
committerLeo Famulari <leo@famulari.name>2017-03-12 03:23:16 -0400
commit0a6bd107e506b535a79ff4f3bd214953d592f7e6 (patch)
treec18ac8755aabdbc4ca0d0a9c6f86e4e3d46a9e6f
parenteba560765a5afccbc5d3b64df410d89b1f79a18e (diff)
downloadguix-0a6bd107e506b535a79ff4f3bd214953d592f7e6.tar.gz
gnu: Add le-certs.
* gnu/packages/certs.scm (le-certs): New variable.
-rw-r--r--gnu/packages/certs.scm58
1 files changed, 58 insertions, 0 deletions
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 246e5ca14a..e35e9aabab 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -139,3 +140,60 @@
 taken from the NSS package and thus ultimately from the Mozilla project.")
     (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
     (license license:mpl2.0)))
+
+(define-public le-certs
+  (package
+    (name "le-certs")
+    (version "0")
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     '(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((root (assoc-ref %build-inputs "isrgrootx1.pem"))
+               (intermediate (assoc-ref %build-inputs "letsencryptauthorityx3.pem"))
+               (backup (assoc-ref %build-inputs "letsencryptauthorityx4.pem"))
+               (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs")))
+           (mkdir-p out)
+           (for-each
+             (lambda (cert)
+               (copy-file cert (string-append out "/"
+                                              (strip-store-file-name cert))))
+             (list root intermediate backup))))))
+    (inputs
+     `(; The Let's Encrypt root certificate, "ISRG Root X1".
+       ("isrgrootx1.pem"
+        ,(origin
+           (method url-fetch)
+           (uri "https://letsencrypt.org/certs/isrgrootx1.pem")
+           (sha256
+            (base32
+             "0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y"))))
+       ;; "Let’s Encrypt Authority X3", the active Let's Encrypt intermediate
+       ;; certificate.
+       ("letsencryptauthorityx3.pem"
+        ,(origin
+           (method url-fetch)
+           (uri "https://letsencrypt.org/certs/letsencryptauthorityx3.pem")
+           (sha256
+            (base32
+             "0zbamj6c7zqw1j9mbqygc8k1ykgj6xiisp9svmlif5lkbnyjhnkk"))))
+       ;; "Let’s Encrypt Authority X4", the backup Let's Encrypt intermediate
+       ;; certificate.  This will be used for disaster recovery and will only be
+       ;; used should Let's Encrypt lose the ability to issue with "Let’s
+       ;; Encrypt Authority X3".
+       ("letsencryptauthorityx4.pem"
+        ,(origin
+           (method url-fetch)
+           (uri "https://letsencrypt.org/certs/letsencryptauthorityx4.pem")
+           (sha256
+            (base32
+             "003dc94c8qwj634h0dq743x7hqv9rdcfaisdksprkmi2jd107xq4"))))))
+    (home-page "https://letsencrypt.org/certificates/")
+    (synopsis "Let's Encrypt root and intermediate certificates")
+    (description "This package provides a certificate store containing only the
+Let's Encrypt root and intermediate certificates.  It is intended to be used
+within Guix.")
+    (license license:public-domain)))