gnu: Add le-certs.

* gnu/packages/certs.scm (le-certs): New variable.
2017-02-28 20:21:10 -05:00 · 2017-02-28 20:21:10 -05:00 · 0a6bd107e5
commit 0a6bd107e5
parent eba560765a
1 changed files with 58 additions and 0 deletions
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@ -2,6 +2,7 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -139,3 +140,60 @@ (define (maybe-install-cert file)
 taken from the NSS package and thus ultimately from the Mozilla project.")
    (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
    (license license:mpl2.0)))
+
+(define-public le-certs
+  (package
+    (name "le-certs")
+    (version "0")
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     '(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((root (assoc-ref %build-inputs "isrgrootx1.pem"))
+               (intermediate (assoc-ref %build-inputs "letsencryptauthorityx3.pem"))
+               (backup (assoc-ref %build-inputs "letsencryptauthorityx4.pem"))
+               (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs")))
+           (mkdir-p out)
+           (for-each
+             (lambda (cert)
+               (copy-file cert (string-append out "/"
+                                              (strip-store-file-name cert))))
+             (list root intermediate backup))))))
+    (inputs
+     `(; The Let's Encrypt root certificate, "ISRG Root X1".
+       ("isrgrootx1.pem"
+        ,(origin
+           (method url-fetch)
+           (uri "https://letsencrypt.org/certs/isrgrootx1.pem")
+           (sha256
+            (base32
+             "0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y"))))
+       ;; "Let’s Encrypt Authority X3", the active Let's Encrypt intermediate
+       ;; certificate.
+       ("letsencryptauthorityx3.pem"
+        ,(origin
+           (method url-fetch)
+           (uri "https://letsencrypt.org/certs/letsencryptauthorityx3.pem")
+           (sha256
+            (base32
+             "0zbamj6c7zqw1j9mbqygc8k1ykgj6xiisp9svmlif5lkbnyjhnkk"))))
+       ;; "Let’s Encrypt Authority X4", the backup Let's Encrypt intermediate
+       ;; certificate.  This will be used for disaster recovery and will only be
+       ;; used should Let's Encrypt lose the ability to issue with "Let’s
+       ;; Encrypt Authority X3".
+       ("letsencryptauthorityx4.pem"
+        ,(origin
+           (method url-fetch)
+           (uri "https://letsencrypt.org/certs/letsencryptauthorityx4.pem")
+           (sha256
+            (base32
+             "003dc94c8qwj634h0dq743x7hqv9rdcfaisdksprkmi2jd107xq4"))))))
+    (home-page "https://letsencrypt.org/certificates/")
+    (synopsis "Let's Encrypt root and intermediate certificates")
+    (description "This package provides a certificate store containing only the
+Let's Encrypt root and intermediate certificates.  It is intended to be used
+within Guix.")
+    (license license:public-domain)))