summary refs log tree commit diff
path: root/gnu/packages/certs.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/certs.scm')
-rw-r--r--gnu/packages/certs.scm118
1 files changed, 118 insertions, 0 deletions
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
new file mode 100644
index 0000000000..ab46143202
--- /dev/null
+++ b/gnu/packages/certs.scm
@@ -0,0 +1,118 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages certs)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system trivial)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages openssl)
+  #:use-module (gnu packages python))
+
+(define certdata2pem
+  (package
+    (name "certdata2pem")
+    (version "2013")
+    (source
+    (origin
+      (method url-fetch)
+        (uri
+          "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/plain/certdata2pem.py?id=053dde8a2f5901e97028a58bf54e7d0ef8095a54")
+        (sha256
+          (base32
+            "0zscrm41gnsf14zvlkxhy00h3dmgidyz645ldpda3y3vabnwv8dx"))))
+   (build-system trivial-build-system)
+   (inputs
+     `(("python" ,python-2)))
+   (arguments
+    `(#:modules ((guix build utils))
+      #:builder
+        (begin
+          (use-modules (guix build utils))
+          (let ((bin (string-append %output "/bin")))
+            (copy-file (assoc-ref %build-inputs "source") "certdata2pem.py")
+            (chmod "certdata2pem.py" #o555)
+            (substitute* "certdata2pem.py"
+              (("/usr/bin/python")
+               (string-append (assoc-ref %build-inputs "python")
+                              "/bin/python"))
+              ;; Use the file extension .pem instead of .crt.
+              (("crt") "pem"))
+            (mkdir-p bin)
+            (copy-file "certdata2pem.py"
+                       (string-append bin "/certdata2pem.py"))))))
+   (synopsis "Python script to extract .pem data from certificate collection")
+   (description
+    "certdata2pem.py is a Python script to transform X.509 certificate
+\"source code\" as contained, for example, in the Mozilla sources, into
+.pem formatted certificates.")
+   (license license:gpl2+)
+   (home-page "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/")))
+
+(define-public nss-certs
+  (package (inherit nss) ; to reuse the source, version and some metadata
+    (name "nss-certs")
+    (build-system gnu-build-system)
+    (outputs '("out"))
+    (native-inputs
+     `(("certdata2pem" ,certdata2pem)
+       ("openssl" ,openssl)))
+    (inputs '())
+    (propagated-inputs '())
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-26))
+       #:imported-modules ((guix build gnu-build-system)
+                           (guix build utils))
+       #:phases
+         (alist-cons-after
+           'unpack 'install
+           (lambda _
+             (let ((certsdir (string-append %output "/etc/ssl/certs/")))
+               (mkdir-p certsdir)
+               (with-directory-excursion "nss/lib/ckfw/builtins/"
+                 ;; extract single certificates from blob
+                 (system* "certdata2pem.py" "certdata.txt")
+                 ;; copy the .pem files into the output
+                 (for-each
+                   (lambda (file)
+                     (copy-file file (string-append certsdir file)))
+                   ;; FIXME: Some of the file names are UTF8 (?) and cause an
+                   ;; error message such as 
+                   ;; find-files:
+                   ;; ./EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??:2.8.76.175.115.66.28.142.116.2.pem:
+                   ;; No such file or directory
+                   (find-files "." ".*\\.pem")))
+                 (with-directory-excursion certsdir
+                   ;; create symbolic links for and by openssl
+                   ;; Strangely, the call (system* "c_rehash" certsdir)
+                   ;; from inside the build dir fails with
+                   ;; "Usage error; try -help."
+                   ;; This looks like a bug in openssl-1.0.2, but we can also
+                   ;; switch into the target directory.
+                   (system* "c_rehash" "."))))
+           (map (cut assq <> %standard-phases)
+                '(set-paths unpack)))))
+    (synopsis "CA certificates from Mozilla")
+    (description
+      "This package provides certificates for Certification Authorities (CA)
+taken from the NSS package and thus ultimately from the Mozilla project.")))
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-18 07:05:29 +0000