ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-12-26 22:38:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: nss-certs: Remove Python 2 and Perl build dependencies.

Browse source 
* gnu/packages/certs.scm (certdata2pem): Swap package to a C variant.
(nss-certs): Use 'openssl rehash' instead of the Perl 'c_rehash' script.
Adjust for the new certdata2pem program.  The number of certificates installed
compared to when using the previous script remains unchanged (139 at the time
of this commit).
This commit is contained in:
Maxim Cournoyer 2021-01-26 23:11:55 -05:00
parent 18c38c1898
commit 9e804e3880
No known key found for this signature in database
GPG key ID: 1260E46482E63562
1 changed files with 42 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

115
gnu/packages/certs.scm
View file

@ -29,51 +29,40 @@ (define-module (gnu packages certs)
#:use-module (guix build-system trivial)
#:use-module (gnu packages)
#:use-module (gnu packages nss)
#:use-module (gnu packages python)
#:use-module (gnu packages perl)
#:use-module (gnu packages tls))
(define certdata2pem
(package
(name "certdata2pem")
(version "2013")
(source
(origin
(method url-fetch)
(uri
"http://pkgs.fedoraproject.org/cgit/ca-certificates.git/plain/certdata2pem.py?id=053dde8a2f5901e97028a58bf54e7d0ef8095a54")
(file-name "certdata2pem.py")
(sha256
(base32
"0zscrm41gnsf14zvlkxhy00h3dmgidyz645ldpda3y3vabnwv8dx"))))
(build-system trivial-build-system)
(inputs
`(("python" ,python-2)))
(arguments
`(#:modules ((guix build utils))
#:builder
(begin
(use-modules (guix build utils))
(let ((bin (string-append %output "/bin")))
(copy-file (assoc-ref %build-inputs "source") "certdata2pem.py")
(chmod "certdata2pem.py" #o555)
(substitute* "certdata2pem.py"
(("/usr/bin/python")
(string-append (assoc-ref %build-inputs "python")
"/bin/python"))
;; Use the file extension .pem instead of .crt.
(("crt") "pem"))
(mkdir-p bin)
(copy-file "certdata2pem.py"
(string-append bin "/certdata2pem.py"))
#t))))
(synopsis "Python script to extract .pem data from certificate collection")
(description
"certdata2pem.py is a Python script to transform X.509 certificate
\"source code\" as contained, for example, in the Mozilla sources, into
.pem formatted certificates.")
(license license:gpl2+)
(home-page "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/")))
(let ((revision "1")
(commit "4c576f350f44186d439179f63d5be19f710a73f5"))
(package
(name "certdata2pem")
(version "0.0.0") ;no version
(source (origin
(method url-fetch)
(uri (string-append
"https://github.com/sabotage-linux/sabotage/blob/"
commit "/KEEP/certdata2pem.c"))
(sha256
(base32
"1rywp29q4l1cs2baplkbcravxqs4kw2cys4yifhfznbc210pskq6"))))
(build-system gnu-build-system)
(arguments
`(#:phases (modify-phases %standard-phases
(delete 'configure)
(replace 'build
(lambda _
(invoke "gcc" "certdata2pem.c" "-o" "certdata2pem")))
(delete 'check) ;no test suite
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(install-file "certdata2pem"
(string-append out "/bin"))))))))
(home-page "https://github.com/sabotage-linux/")
(synopsis "Utility to split TLS certificates data into multiple PEM files")
(description "This is a C version of the certdata2pem Python utility
that was originally contributed to Debian.")
(license license:isc))))
(define-public nss-certs
(package
@ -84,50 +73,30 @@ (define-public nss-certs
(outputs '("out"))
(native-inputs
`(("certdata2pem" ,certdata2pem)
("openssl" ,openssl)
("perl" ,perl))) ;for OpenSSL's 'c_rehash'
("openssl" ,openssl)))
(inputs '())
(propagated-inputs '())
(arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
(rnrs io ports)
(srfi srfi-26)
(ice-9 regex))
(srfi srfi-26))
#:phases
(modify-phases
(map (cut assq <> %standard-phases)
'(set-paths install-locale unpack))
(add-after 'unpack 'install
(lambda _
(let ((certsdir (string-append %output "/etc/ssl/certs/"))
(trusted-rx (make-regexp "^# openssl-trust=[a-zA-Z]"
regexp/newline)))
(define (maybe-install-cert file)
(let ((cert (call-with-input-file file get-string-all)))
(when (regexp-exec trusted-rx cert)
(call-with-output-file
(string-append certsdir file)
(cut display cert <>)))))
(mkdir-p certsdir)
(let ((certsdir (string-append %output "/etc/ssl/certs/")))
(with-directory-excursion "lib/ckfw/builtins/"
;; extract single certificates from blob
(invoke "certdata2pem.py" "certdata.txt")
;; copy selected .pem files into the output
(for-each maybe-install-cert
(find-files "." ".*\\.pem")))
(with-directory-excursion certsdir
;; create symbolic links for and by openssl
;; Strangely, the call (system* "c_rehash" certsdir)
;; from inside the build dir fails with
;; "Usage error; try -help."
;; This looks like a bug in openssl-1.0.2, but we can also
;; switch into the target directory.
(invoke "c_rehash" "."))))))))
(unless (file-exists? "blacklist.txt")
(call-with-output-file "blacklist.txt" (const #t)))
;; Extract selected single certificates from blob.
(invoke "certdata2pem")
;; Copy .crt files into the output.
(for-each (cut install-file <> certsdir)
(find-files "." ".*\\.crt$")))
(invoke "openssl" "rehash" certsdir)))))))
(synopsis "CA certificates from Mozilla")
(description
"This package provides certificates for Certification Authorities (CA)