From 0a6bd107e506b535a79ff4f3bd214953d592f7e6 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Tue, 28 Feb 2017 20:21:10 -0500
Subject: gnu: Add le-certs.

* gnu/packages/certs.scm (le-certs): New variable.
---
 gnu/packages/certs.scm | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

(limited to 'gnu/packages')

diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 246e5ca14a..e35e9aabab 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -139,3 +140,60 @@
 taken from the NSS package and thus ultimately from the Mozilla project.")
     (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
     (license license:mpl2.0)))
+
+(define-public le-certs
+  (package
+    (name "le-certs")
+    (version "0")
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     '(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((root (assoc-ref %build-inputs "isrgrootx1.pem"))
+               (intermediate (assoc-ref %build-inputs "letsencryptauthorityx3.pem"))
+               (backup (assoc-ref %build-inputs "letsencryptauthorityx4.pem"))
+               (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs")))
+           (mkdir-p out)
+           (for-each
+             (lambda (cert)
+               (copy-file cert (string-append out "/"
+                                              (strip-store-file-name cert))))
+             (list root intermediate backup))))))
+    (inputs
+     `(; The Let's Encrypt root certificate, "ISRG Root X1".
+       ("isrgrootx1.pem"
+        ,(origin
+           (method url-fetch)
+           (uri "https://letsencrypt.org/certs/isrgrootx1.pem")
+           (sha256
+            (base32
+             "0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y"))))
+       ;; "Let’s Encrypt Authority X3", the active Let's Encrypt intermediate
+       ;; certificate.
+       ("letsencryptauthorityx3.pem"
+        ,(origin
+           (method url-fetch)
+           (uri "https://letsencrypt.org/certs/letsencryptauthorityx3.pem")
+           (sha256
+            (base32
+             "0zbamj6c7zqw1j9mbqygc8k1ykgj6xiisp9svmlif5lkbnyjhnkk"))))
+       ;; "Let’s Encrypt Authority X4", the backup Let's Encrypt intermediate
+       ;; certificate.  This will be used for disaster recovery and will only be
+       ;; used should Let's Encrypt lose the ability to issue with "Let’s
+       ;; Encrypt Authority X3".
+       ("letsencryptauthorityx4.pem"
+        ,(origin
+           (method url-fetch)
+           (uri "https://letsencrypt.org/certs/letsencryptauthorityx4.pem")
+           (sha256
+            (base32
+             "003dc94c8qwj634h0dq743x7hqv9rdcfaisdksprkmi2jd107xq4"))))))
+    (home-page "https://letsencrypt.org/certificates/")
+    (synopsis "Let's Encrypt root and intermediate certificates")
+    (description "This package provides a certificate store containing only the
+Let's Encrypt root and intermediate certificates.  It is intended to be used
+within Guix.")
+    (license license:public-domain)))
-- 
cgit 1.4.1