diff options
Diffstat (limited to 'gnu/packages/tls.scm')
-rw-r--r-- | gnu/packages/tls.scm | 268 |
1 files changed, 130 insertions, 138 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 93c79d63e4..4f7b67cf46 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2016, 2017, 2018 ng0 <ng0@n0.is> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017, 2018, 2019 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> @@ -70,7 +70,7 @@ (define-public libtasn1 (package (name "libtasn1") - (version "4.13") + (version "4.14") (source (origin (method url-fetch) @@ -78,7 +78,7 @@ version ".tar.gz")) (sha256 (base32 - "1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky")))) + "025sqnlzji78ss2fi78dajc0v0h5fi02wp39hws41sn8qnjlnq4y")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--disable-static"))) @@ -162,7 +162,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.6.5") + (version "3.6.9") (source (origin (method url-fetch) (uri @@ -174,16 +174,7 @@ living in the same process.") (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0ddvg97dyrh8dkffv1mdc0knxx5my3qdbzv97s4a6jggmk9wwgh7")) - (modules '((guix build utils))) - (snippet - '(begin - ;; XXX: The generated configure script in GnuTLS 3.6.5 - ;; apparently does not know about Guile 2.2. - (substitute* "configure" - (("guile_versions_to_search=\"2\\.0 1\\.8\"") - "guile_versions_to_search=\"2.2 2.0 1.8\"")) - #t)))) + "1jqz5s3lv8sa53348cfi9nr5pw5l55n8m40b8msdvv0pb2jzqca3")))) (build-system gnu-build-system) (arguments `(; Ensure we don't keep a reference to this buggy software. @@ -201,6 +192,15 @@ living in the same process.") ;; independently. This seems suboptimal. "--with-default-trust-store-dir=/etc/ssl/certs" + ;; Tell the build system that we want Guile bindings installed to + ;; the output instead of Guiles own module directory. + (string-append "--with-guile-site-dir=" + "$(datarootdir)/guile/site/$(GUILE_EFFECTIVE_VERSION)") + (string-append "--with-guile-site-ccache-dir=" + "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/site-ccache") + (string-append "--with-guile-extension-dir=" + "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions") + ;; FIXME: Temporarily disable p11-kit support since it is not ;; working on mips64el. "--without-p11-kit") @@ -269,8 +269,8 @@ required structures.") (define-public openssl (package (name "openssl") - (replacement openssl/fixed) - (version "1.0.2p") + (version "1.1.1c") + (replacement openssl-1.1.1d) (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -282,13 +282,12 @@ required structures.") "/openssl-" version ".tar.gz"))) (sha256 (base32 - "003xh9f898i56344vpvpxxxzmikivxig4xwlm7vbi7m8n43qxaah")) - (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch")))) + "142c7zdlz06hjrrvinb9f276czc78bnkyhd9xma621qmmmwk1yzn")) + (patches (search-patches "openssl-1.1-c-rehash-in.patch")))) (build-system gnu-build-system) (outputs '("out" - "doc" ;1.5MiB of man3 pages - "static")) ;6MiB of .a files + "doc" ;6.8 MiB of man3 pages and full HTML documentation + "static")) ;6.4 MiB of .a files (native-inputs `(("perl" ,perl))) (arguments `(#:disallowed-references (,perl) @@ -301,41 +300,27 @@ required structures.") #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases - (add-before - 'configure 'patch-Makefile.org - (lambda* (#:key outputs #:allow-other-keys) - ;; The default MANDIR is some unusual place. Fix that. - (let ((out (assoc-ref outputs "out"))) - (patch-makefile-SHELL "Makefile.org") - (substitute* "Makefile.org" - (("^MANDIR[[:blank:]]*=.*$") - (string-append "MANDIR = " out "/share/man\n"))) - #t))) - (replace - 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (invoke "./config" - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,version) - - (string-append "--prefix=" out))))) - (add-after - 'install 'make-libraries-writable - (lambda* (#:key outputs #:allow-other-keys) - ;; Make libraries writable so that 'strip' does its job. - (let ((out (assoc-ref outputs "out"))) - (for-each (lambda (file) - (chmod file #o644)) - (find-files (string-append out "/lib") - "\\.so")) - #t))) + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib"))) + ;; It's not a shebang so patch-source-shebangs misses it. + (substitute* "config" + (("/usr/bin/env") + (string-append (assoc-ref %build-inputs "coreutils") + "/bin/env"))) + (invoke "./config" + "shared" ;build shared libraries + "--libdir=lib" + + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=" out + "/share/openssl-" ,version) + + (string-append "--prefix=" out) + (string-append "-Wl,-rpath," lib))))) (add-after 'install 'move-static-libraries (lambda* (#:key outputs #:allow-other-keys) ;; Move static libraries to the "static" output. @@ -348,31 +333,20 @@ required structures.") (delete-file file)) (find-files lib "\\.a$")) #t))) - (add-after 'install 'move-man3-pages + (add-after 'install 'move-extra-documentation (lambda* (#:key outputs #:allow-other-keys) - ;; Move section 3 man pages to "doc". - (let* ((out (assoc-ref outputs "out")) - (man3 (string-append out "/share/man/man3")) - (doc (assoc-ref outputs "doc")) - (target (string-append doc "/share/man/man3"))) - (mkdir-p target) - (for-each (lambda (file) - (rename-file file - (string-append target "/" - (basename file)))) - (find-files man3)) - (delete-file-recursively man3) - #t))) - (add-before - 'patch-source-shebangs 'patch-tests - (lambda* (#:key inputs native-inputs #:allow-other-keys) - (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) - (substitute* (find-files "test" ".*") - (("/bin/sh") - (string-append bash "/bin/sh")) - (("/bin/rm") - "rm")) - #t))) + ;; Move man3 pages and full HTML documentation to "doc". + (let* ((out (assoc-ref outputs "out")) + (man3 (string-append out "/share/man/man3")) + (html (string-append out "/share/doc/openssl")) + (doc (assoc-ref outputs "doc")) + (man-target (string-append doc "/share/man/man3")) + (html-target (string-append doc "/share/doc/openssl"))) + (copy-recursively man3 man-target) + (delete-file-recursively man3) + (copy-recursively html html-target) + (delete-file-recursively html) + #t))) (add-after 'install 'remove-miscellany (lambda* (#:key outputs #:allow-other-keys) @@ -398,21 +372,11 @@ required structures.") (license license:openssl) (home-page "https://www.openssl.org/"))) -(define-public openssl/fixed - (hidden-package - (package - (inherit openssl) - (source (origin - (inherit (package-source openssl)) - (patches (append (origin-patches (package-source openssl)) - (search-patches "openssl-CVE-2019-1559.patch")))))))) - -(define-public openssl-next - (package - (inherit openssl) - (name "openssl") - (version "1.1.1d") - (source (origin +(define openssl-1.1.1d + (package/inherit + openssl + (version "1.1.1d") + (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" version ".tar.gz") @@ -421,58 +385,86 @@ required structures.") (string-append "ftp://ftp.openssl.org/source/old/" (string-trim-right version char-set:letter) "/openssl-" version ".tar.gz"))) - (patches (search-patches "openssl-1.1-c-rehash-in.patch")) + (patches (search-patches "openssl-1.1-c-rehash-in.patch")) + (sha256 + (base32 + "1whinyw402z3b9xlb3qaxv4b9sk4w1bgh9k0y8df1z4x3yy92fhy")))))) + +(define-public openssl-1.0 + (package + (inherit openssl) + (name "openssl") + (version "1.0.2s") + (source (origin + (method url-fetch) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" + "openssl-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/openssl-" version ".tar.gz"))) (sha256 (base32 - "1whinyw402z3b9xlb3qaxv4b9sk4w1bgh9k0y8df1z4x3yy92fhy")))) + "15mbmg8hf7s12vr3v2bdc0pi9y4pdbnsxhzk4fyyap42jaa5rgfa")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch")))) (outputs '("out" - "doc" ; 6.8 MiB of man3 pages and full HTML documentation - "static")) ; 6.4 MiB of .a files + "doc" ;1.5MiB of man3 pages + "static")) ;6MiB of .a files (arguments (substitute-keyword-arguments (package-arguments openssl) ((#:phases phases) `(modify-phases ,phases - (delete 'patch-tests) ; These two phases are not needed by - (delete 'patch-Makefile.org) ; OpenSSL 1.1. - - ;; Override configure phase since -rpath is now a configure option. - (replace 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib"))) - ;; It's not a shebang so patch-source-shebangs misses it. - (substitute* "config" - (("/usr/bin/env") - (string-append (assoc-ref %build-inputs "coreutils") - "/bin/env"))) - (invoke "./config" - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,version) - - (string-append "--prefix=" out) - (string-append "-Wl,-rpath," lib))))) - - (delete 'move-man3-pages) - (add-after 'install 'move-extra-documentation + (add-before 'patch-source-shebangs 'patch-tests + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) + (substitute* (find-files "test" ".*") + (("/bin/sh") + (string-append bash "/bin/sh")) + (("/bin/rm") + "rm")) + #t))) + (add-before 'configure 'patch-Makefile.org (lambda* (#:key outputs #:allow-other-keys) - ;; Move man3 pages and full HTML documentation to "doc". - (let* ((out (assoc-ref outputs "out")) - (man3 (string-append out "/share/man/man3")) - (html (string-append out "/share/doc/openssl")) - (doc (assoc-ref outputs "doc")) - (man-target (string-append doc "/share/man/man3")) - (html-target (string-append doc "/share/doc/openssl"))) - (copy-recursively man3 man-target) - (delete-file-recursively man3) - (copy-recursively html html-target) - (delete-file-recursively html) + ;; The default MANDIR is some unusual place. Fix that. + (let ((out (assoc-ref outputs "out"))) + (patch-makefile-SHELL "Makefile.org") + (substitute* "Makefile.org" + (("^MANDIR[[:blank:]]*=.*$") + (string-append "MANDIR = " out "/share/man\n"))) #t))) + (replace 'configure + ;; Override this phase because OpenSSL 1.0 does not understand -rpath. + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (invoke "./config" + "shared" ;build shared libraries + "--libdir=lib" + + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=" out + "/share/openssl-" ,version) + + (string-append "--prefix=" out))))) + (delete 'move-extra-documentation) + (add-after 'install 'move-man3-pages + (lambda* (#:key outputs #:allow-other-keys) + ;; Move section 3 man pages to "doc". + (let* ((out (assoc-ref outputs "out")) + (man3 (string-append out "/share/man/man3")) + (doc (assoc-ref outputs "doc")) + (target (string-append doc "/share/man/man3"))) + (mkdir-p target) + (for-each (lambda (file) + (rename-file file + (string-append target "/" + (basename file)))) + (find-files man3)) + (delete-file-recursively man3) + #t))) ;; XXX: Duplicate this phase to make sure 'version' evaluates ;; in the current scope and not the inherited one. (replace 'remove-miscellany |