diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index 246e5ca14a..e35e9aabab 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2015 Andreas Enge ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Ludovic Courtès +;;; Copyright © 2017 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -139,3 +140,60 @@ taken from the NSS package and thus ultimately from the Mozilla project.") (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS") (license license:mpl2.0))) + +(define-public le-certs + (package + (name "le-certs") + (version "0") + (source #f) + (build-system trivial-build-system) + (arguments + '(#:modules ((guix build utils)) + #:builder + (begin + (use-modules (guix build utils)) + (let ((root (assoc-ref %build-inputs "isrgrootx1.pem")) + (intermediate (assoc-ref %build-inputs "letsencryptauthorityx3.pem")) + (backup (assoc-ref %build-inputs "letsencryptauthorityx4.pem")) + (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs"))) + (mkdir-p out) + (for-each + (lambda (cert) + (copy-file cert (string-append out "/" + (strip-store-file-name cert)))) + (list root intermediate backup)))))) + (inputs + `(; The Let's Encrypt root certificate, "ISRG Root X1". + ("isrgrootx1.pem" + ,(origin + (method url-fetch) + (uri "https://letsencrypt.org/certs/isrgrootx1.pem") + (sha256 + (base32 + "0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y")))) + ;; "Let’s Encrypt Authority X3", the active Let's Encrypt intermediate + ;; certificate. + ("letsencryptauthorityx3.pem" + ,(origin + (method url-fetch) + (uri "https://letsencrypt.org/certs/letsencryptauthorityx3.pem") + (sha256 + (base32 + "0zbamj6c7zqw1j9mbqygc8k1ykgj6xiisp9svmlif5lkbnyjhnkk")))) + ;; "Let’s Encrypt Authority X4", the backup Let's Encrypt intermediate + ;; certificate. This will be used for disaster recovery and will only be + ;; used should Let's Encrypt lose the ability to issue with "Let’s + ;; Encrypt Authority X3". + ("letsencryptauthorityx4.pem" + ,(origin + (method url-fetch) + (uri "https://letsencrypt.org/certs/letsencryptauthorityx4.pem") + (sha256 + (base32 + "003dc94c8qwj634h0dq743x7hqv9rdcfaisdksprkmi2jd107xq4")))))) + (home-page "https://letsencrypt.org/certificates/") + (synopsis "Let's Encrypt root and intermediate certificates") + (description "This package provides a certificate store containing only the +Let's Encrypt root and intermediate certificates. It is intended to be used +within Guix.") + (license license:public-domain)))