[bug#74355] [PATCH 7/7] gnu: Add go-github-com-caddyserver-certmagic.

["Artyom V. Poptsov" <poptsov.artyom@gmail.com>]

* gnu/packages/golang-web.scm (go-github-com-caddyserver-certmagic): New variable.

Change-Id: I54093acde851c9a73e18f8c557650d72a521c05f
---
 gnu/packages/golang-web.scm | 76 +++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/gnu/packages/golang-web.scm b/gnu/packages/golang-web.scm
index b29fc69b1a..c7d6e56351 100644
--- a/gnu/packages/golang-web.scm
+++ b/gnu/packages/golang-web.scm
@@ -641,6 +641,82 @@ (define-public go-github-com-bep-golibsass
      "This package provides SCSS compiler support for Go applications.")
     (license license:expat)))
 
+(define-public go-github-com-caddyserver-certmagic
+  (package
+    (name "go-github-com-caddyserver-certmagic")
+    (version "0.21.4")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/caddyserver/certmagic")
+             (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "061whx9p00lpxlfnywizqx5z9b020ggqg5vx5r5v2qhdrprg1gkz"))))
+    (build-system go-build-system)
+    (arguments
+     (list
+      #:tests? #f                       ; Tests require networking.
+      #:import-path "github.com/caddyserver/certmagic"))
+    (native-inputs
+     (list go-github-com-caddyserver-zerossl
+           go-github-com-klauspost-cpuid-v2
+           go-github-com-libdns-libdns
+           go-github-com-mholt-acmez
+           go-github-com-miekg-dns
+           go-github-com-zeebo-blake3
+           go-go-uber-org-zap
+           go-golang-org-x-crypto
+           go-golang-org-x-net))
+    (home-page "https://github.com/caddyserver/certmagic")
+    (synopsis "Automatic HTTPS for any Go program")
+    (description "@code{certmagic} provides API for TLS Automation.
+
+Main features:
+@itemize
+@item Fully automated certificate management including issuance and renewal.
+@item One-line, fully managed HTTPS servers.
+@item Full control over almost every aspect of the system.
+
+@item HTTP->HTTPS redirects.
+
+@item Multiple issuers supported: get certificates from multiple sources/CAs for
+redundancy and resiliency.
+
+@item Solves all 3 common ACME challenges: HTTP, TLS-ALPN, and DNS (and capable of
+others.)
+
+@item Most robust error handling of any ACME client
+@itemize
+@item Challenges are randomized to avoid accidental dependence.
+@item Challenges are rotated to overcome certain network blockages
+@item Robust retries for up to 30 days
+@item Exponential backoff with carefully-tuned intervals
+@item Retries with optional test/staging CA endpoint instead of production, to avoid
+rate limits.
+@end itemize
+@item Powered by @code{ACMEz}, an ACME client library for Go.
+@item All libdns DNS providers work out-of-the-box.
+@item Pluggable storage backends (default: file system.)
+@item Pluggable key sources.
+@item Wildcard certificates.
+@item Automatic OCSP stapling.
+@item Distributed solving of all challenges (works behind load balancers.)
+@item Supports @samp{on-demand} issuance of certificates.
+@item Optional event hooks for observation.
+@item One-time private keys by default (new key for each cert) to discourage pinning
+and reduce scope of key compromise.
+@item Works with any certificate authority (CA) compliant with the ACME specification
+@url{https://tools.ietf.org/html/rfc8555, RFC 8555}.
+@item Certificate revocation
+@item Must-Staple (optional; not default.)
+@item Use in conjunction with your own certificates.
+@item Full support for draft-ietf-acme-ari (ACME Renewal Information; ARI) extension.
+@end itemize
+")
+    (license license:expat)))
+
 (define-public go-github-com-caddyserver-zerossl
   (package
     (name "go-github-com-caddyserver-zerossl")
-- 
2.46.0