netcraft
/
litecoin
mirror of https://github.com/litecoin-project/litecoin
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

guix: Package codesigning tools

Browse Source
pull/826/head
Carl Dong 4 years ago
parent 0a2176d477
commit bac2690e6f
2 changed files with 351 additions and 2 deletions
Show Stats Download Patch File Download Diff File

340
contrib/guix/manifest.scm
Unescape View File

@ -4,12 +4,14 @@
(gnu packages base)
(gnu packages bash)
(gnu packages bison)
(gnu packages certs)
(gnu packages cdrom)
(gnu packages check)
(gnu packages cmake)
(gnu packages commencement)
(gnu packages compression)
(gnu packages cross-base)
(gnu packages curl)
(gnu packages file)
(gnu packages gawk)
(gnu packages gcc)
@ -23,7 +25,9 @@
(gnu packages perl)
(gnu packages pkg-config)
(gnu packages python)
(gnu packages python-web)
(gnu packages shells)
(gnu packages tls)
(gnu packages version-control)
(guix build-system font)
(guix build-system gnu)
@ -217,6 +221,337 @@ chain for " target " development."))
parse, modify and abstract ELF, PE and MachO formats.")
(license license:asl2.0)))
(define osslsigncode
(package
(name "osslsigncode")
(version "2.0")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/mtrojnar/"
name "/archive/" version ".tar.gz"))
(sha256
(base32
"0byri6xny770wwb2nciq44j5071122l14bvv65axdd70nfjf0q2s"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
("autoconf" ,autoconf)
("automake" ,automake)
("libtool" ,libtool)))
(inputs
`(("openssl" ,openssl)))
(arguments
`(#:configure-flags
`("--without-gsf"
"--without-curl"
"--disable-dependency-tracking")))
(home-page "https://github.com/mtrojnar/osslsigncode")
(synopsis "Authenticode signing and timestamping tool")
(description "osslsigncode is a small tool that implements part of the
functionality of the Microsoft tool signtool.exe - more exactly the Authenticode
signing and timestamping. But osslsigncode is based on OpenSSL and cURL, and
thus should be able to compile on most platforms where these exist.")
(license license:gpl3+))) ; license is with openssl exception
(define-public python-asn1crypto
(package
(name "python-asn1crypto")
(version "1.4.0")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/wbond/asn1crypto")
(commit version)))
(file-name (git-file-name name version))
(sha256
(base32
"19abibn6jw20mzi1ln4n9jjvpdka8ygm4m439hplyrdfqbvgm01r"))))
(build-system python-build-system)
(arguments
'(#:phases
(modify-phases %standard-phases
(replace 'check
(lambda _
(invoke "python" "run.py" "tests"))))))
(home-page "https://github.com/wbond/asn1crypto")
(synopsis "ASN.1 parser and serializer in Python")
(description "asn1crypto is an ASN.1 parser and serializer with definitions
for private keys, public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7,
PKCS#8, PKCS#12, PKCS#5, X.509 and TSP.")
(license license:expat)))
(define-public python-elfesteem
(let ((commit "87bbd79ab7e361004c98cc8601d4e5f029fd8bd5"))
(package
(name "python-elfesteem")
(version (git-version "0.1" "1" commit))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/LRGH/elfesteem")
(commit commit)))
(file-name (git-file-name name commit))
(sha256
(base32
"1nyvjisvyxyxnd0023xjf5846xd03lwawp5pfzr8vrky7wwm5maz"))))
(build-system python-build-system)
;; There are no tests, but attempting to run python setup.py test leads to
;; PYTHONPATH problems, just disable the test
(arguments '(#:tests? #f))
(home-page "https://github.com/LRGH/elfesteem")
(synopsis "ELF/PE/Mach-O parsing library")
(description "elfesteem parses ELF, PE and Mach-O files.")
(license license:lgpl2.1))))
(define-public python-oscrypto
(package
(name "python-oscrypto")
(version "1.2.1")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/wbond/oscrypto")
(commit version)))
(file-name (git-file-name name version))
(sha256
(base32
"1d4d8s4z340qhvb3g5m5v3436y3a71yc26wk4749q64m09kxqc3l"))
(patches (search-our-patches "oscrypto-hard-code-openssl.patch"))))
(build-system python-build-system)
(native-search-paths
(list (search-path-specification
(variable "SSL_CERT_FILE")
(file-type 'regular)
(separator #f) ;single entry
(files '("etc/ssl/certs/ca-certificates.crt")))))
(propagated-inputs
`(("python-asn1crypto" ,python-asn1crypto)
("openssl" ,openssl)))
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'hard-code-path-to-libscrypt
(lambda* (#:key inputs #:allow-other-keys)
(let ((openssl (assoc-ref inputs "openssl")))
(substitute* "oscrypto/__init__.py"
(("@GUIX_OSCRYPTO_USE_OPENSSL@")
(string-append openssl "/lib/libcrypto.so" "," openssl "/lib/libssl.so")))
#t)))
(add-after 'unpack 'disable-broken-tests
(lambda _
;; This test is broken as there is no keyboard interrupt.
(substitute* "tests/test_trust_list.py"
(("^(.*)class TrustListTests" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line)))
(substitute* "tests/test_tls.py"
(("^(.*)class TLSTests" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line)))
#t))
(replace 'check
(lambda _
(invoke "python" "run.py" "tests")
#t)))))
(home-page "https://github.com/wbond/oscrypto")
(synopsis "Compiler-free Python crypto library backed by the OS")
(description "oscrypto is a compilation-free, always up-to-date encryption library for Python.")
(license license:expat)))
(define-public python-oscryptotests
(package (inherit python-oscrypto)
(name "python-oscryptotests")
(arguments
`(#:tests? #f
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'hard-code-path-to-libscrypt
(lambda* (#:key inputs #:allow-other-keys)
(chdir "tests")
#t)))))))
(define-public python-certvalidator
(let ((commit "e5bdb4bfcaa09fa0af355eb8867d00dfeecba08c"))
(package
(name "python-certvalidator")
(version (git-version "0.1" "1" commit))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/achow101/certvalidator")
(commit commit)))
(file-name (git-file-name name commit))
(sha256
(base32
"18pvxkvpkfkzgvfylv0kx65pmxfcv1hpsg03cip93krfvrrl4c75"))))
(build-system python-build-system)
(propagated-inputs
`(("python-asn1crypto" ,python-asn1crypto)
("python-oscrypto" ,python-oscrypto)
("python-oscryptotests", python-oscryptotests))) ;; certvalidator tests import oscryptotests
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'disable-broken-tests
(lambda _
(substitute* "tests/test_certificate_validator.py"
(("^(.*)class CertificateValidatorTests" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line)))
(substitute* "tests/test_crl_client.py"
(("^(.*)def test_fetch_crl" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line)))
(substitute* "tests/test_ocsp_client.py"
(("^(.*)def test_fetch_ocsp" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line)))
(substitute* "tests/test_registry.py"
(("^(.*)def test_build_paths" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line)))
(substitute* "tests/test_validate.py"
(("^(.*)def test_revocation_mode_hard" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line)))
#t))
(replace 'check
(lambda _
(invoke "python" "run.py" "tests")
#t)))))
(home-page "https://github.com/wbond/certvalidator")
(synopsis "Python library for validating X.509 certificates and paths")
(description "certvalidator is a Python library for validating X.509
certificates or paths. Supports various options, including: validation at a
specific moment in time, whitelisting and revocation checks.")
(license license:expat))))
(define-public python-requests-2.25.1
(package (inherit python-requests)
(version "2.25.1")
(source (origin
(method url-fetch)
(uri (pypi-uri "requests" version))
(sha256
(base32
"015qflyqsgsz09gnar69s6ga74ivq5kch69s4qxz3904m7a3v5r7"))))))
(define-public python-altgraph
(package
(name "python-altgraph")
(version "0.17")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/ronaldoussoren/altgraph")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
(base32
"09sm4srvvkw458pn48ga9q7ykr4xlz7q8gh1h9w7nxpf001qgpwb"))))
(build-system python-build-system)
(home-page "https://github.com/ronaldoussoren/altgraph")
(synopsis "Python graph (network) package")
(description "altgraph is a fork of graphlib: a graph (network) package for
constructing graphs, BFS and DFS traversals, topological sort, shortest paths,
etc. with graphviz output.")
(license license:expat)))
(define-public python-macholib
(package
(name "python-macholib")
(version "1.14")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/ronaldoussoren/macholib")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
(base32
"0aislnnfsza9wl4f0vp45ivzlc0pzhp9d4r08700slrypn5flg42"))))
(build-system python-build-system)
(propagated-inputs
`(("python-altgraph" ,python-altgraph)))
(arguments
'(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'disable-broken-tests
(lambda _
;; This test is broken as there is no keyboard interrupt.
(substitute* "macholib_tests/test_command_line.py"
(("^(.*)class TestCmdLine" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line)))
(substitute* "macholib_tests/test_dyld.py"
(("^(.*)def test_\\S+_find" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line))
(("^(.*)def testBasic" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line))
)
#t)))))
(home-page "https://github.com/ronaldoussoren/macholib")
(synopsis "Python library for analyzing and editing Mach-O headers")
(description "macholib is a Macho-O header analyzer and editor. It's
typically used as a dependency analysis tool, and also to rewrite dylib
references in Mach-O headers to be @executable_path relative. Though this tool
targets a platform specific file format, it is pure python code that is platform
and endian independent.")
(license license:expat)))
(define-public python-signapple
(let ((commit "4ff1c1754e37042c002a3f6375c47fd931f2030b"))
(package
(name "python-signapple")
(version (git-version "0.1" "1" commit))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/dongcarl/signapple")
(commit commit)))
(file-name (git-file-name name commit))
(sha256
(base32
"043czyzfm04rcx5xsp59vsppla3vm5g45dbp1npy2hww4066rlnh"))))
(build-system python-build-system)
(propagated-inputs
`(("python-asn1crypto" ,python-asn1crypto)
("python-oscrypto" ,python-oscrypto)
("python-certvalidator" ,python-certvalidator)
("python-elfesteem" ,python-elfesteem)
("python-requests" ,python-requests-2.25.1)
("python-macholib" ,python-macholib)
("libcrypto" ,openssl)))
;; There are no tests, but attempting to run python setup.py test leads to
;; problems, just disable the test
(arguments '(#:tests? #f))
(home-page "https://github.com/achow101/signapple")
(synopsis "Mach-O binary signature tool")
(description "signapple is a Python tool for creating, verifying, and
inspecting signatures in Mach-O binaries.")
(license license:expat))))
(packages->manifest
(append
(list ;; The Basics
@ -262,9 +597,10 @@ parse, modify and abstract ELF, PE and MachO formats.")
;; Windows
(list zip
(make-mingw-pthreads-cross-toolchain "x86_64-w64-mingw32")
(make-nsis-with-sde-support nsis-x86_64)))
(make-nsis-with-sde-support nsis-x86_64)
osslsigncode))
((string-contains target "-linux-")
(list (make-bitcoin-cross-toolchain target)))
((string-contains target "darwin")
(list clang-toolchain-10 binutils imagemagick libtiff librsvg font-tuffy cmake xorriso))
(list clang-toolchain-10 binutils imagemagick libtiff librsvg font-tuffy cmake xorriso python-signapple))
(else '())))))

13
contrib/guix/patches/oscrypto-hard-code-openssl.patch
Unescape View File

@ -0,0 +1,13 @@
diff --git a/oscrypto/__init__.py b/oscrypto/__init__.py
index eb27313..371ab24 100644
--- a/oscrypto/__init__.py
+++ b/oscrypto/__init__.py
@@ -302,3 +302,8 @@ def load_order():
'oscrypto._win.tls',
'oscrypto.tls',
]
+
+
+paths = '@GUIX_OSCRYPTO_USE_OPENSSL@'.split(',')
+assert len(paths) == 2, 'Value for OSCRYPTO_USE_OPENSSL env var must be two paths separated by a comma'
+use_openssl(*paths)
Write Preview
Loading…
Cancel
Save