From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: [PATCH] Libressl Date: Mon, 15 Jun 2015 21:11:02 +0200 Message-ID: <20150615191102.GA4777@debian> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="+QahgC5+KEYLbs62" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50418) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Z4Zmp-0008Jc-R0 for guix-devel@gnu.org; Mon, 15 Jun 2015 15:11:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Z4Zmm-0005xW-5Q for guix-devel@gnu.org; Mon, 15 Jun 2015 15:11:11 -0400 Received: from mout.kundenserver.de ([212.227.17.10]:63895) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Z4Zml-0005wk-R1 for guix-devel@gnu.org; Mon, 15 Jun 2015 15:11:08 -0400 Content-Disposition: inline List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello, the attached patch adds libressl. As you can see, it is quite a bit simpler than the openssl package, which already inspires confidence. I think we should add the package; the next question would be whether we should switch all inputs from openssl to libressl. I tried it for fetchmail, and it works just the same. I also wonder whether we should not unite gnutls.scm and openssl.scm into one tls.scm. What do you think? Andreas --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0001-gnu-Add-libressl.patch" >From 5e84bb645666deb410181cf24501c449597ebc4c Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Mon, 15 Jun 2015 13:45:34 +0200 Subject: [PATCH] gnu: Add libressl. * gnu/packages/openssl.scm (libressl): New variable. --- gnu/packages/openssl.scm | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/gnu/packages/openssl.scm b/gnu/packages/openssl.scm index dec51a1..0185d45 100644 --- a/gnu/packages/openssl.scm +++ b/gnu/packages/openssl.scm @@ -113,4 +113,38 @@ servers or clients for more complicated applications.") (license (package-license perl)) (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/"))) - +(define-public libressl + (package + (name "libressl") + (version "2.2.0") + (source + (origin + (method url-fetch) + (uri (string-append + "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-" + version ".tar.gz")) + (sha256 (base32 + "0h1haqb4y39p1zihwvnr1ib0zfq5bcqfnbj5jm9l4j2xibrxi44n")))) + (build-system gnu-build-system) + (native-search-paths + ;; FIXME: These two variables must designate a single file or directory + ;; and are not actually "search paths." In practice it works OK in + ;; user profiles because there's always just one item that matches the + ;; specification. + (list (search-path-specification + (variable "SSL_CERT_DIR") + (files '("etc/ssl/certs"))) + (search-path-specification + (variable "SSL_CERT_FILE") + (files '("etc/ssl/certs/ca-certificates.crt"))))) + (home-page "http://www.libressl.org/") + (synopsis "SSL/TLS implementation") + (description "LibreSSL is a version of the TLS/crypto stack forked +from OpenSSL in 2014, with the goals of modernizing the codebase, improving +security, and applying best practice development processes.") + ;; Files taken from OpenSSL keep their license, others are under various + ;; non-copyleft licenses. + (license (list license:openssl + (license:non-copyleft + "file://COPYING" + "See COPYING in the distribution."))))) -- 2.2.1 --+QahgC5+KEYLbs62--