From patchwork Thu Nov 14 20:12:26 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Artyom V. Poptsov" <poptsov.artyom@gmail.com>
X-Patchwork-Id: 70402
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 7774227BBEB; Thu, 14 Nov 2024 20:14:35 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No,
 score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,
	RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=unavailable autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id C800027BBE2
	for <patchwork@mira.cbaines.net>; Thu, 14 Nov 2024 20:14:32 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1tBgEE-0001IE-JS; Thu, 14 Nov 2024 15:14:10 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tBgE9-0001GU-2D
 for guix-patches@gnu.org; Thu, 14 Nov 2024 15:14:05 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tBgE8-0004vV-4o
 for guix-patches@gnu.org; Thu, 14 Nov 2024 15:14:04 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org;
 h=MIME-Version:References:In-Reply-To:Date:From:To:Subject;
 bh=XWCvTEqhzl0o2rBfVmCk4QqrsDWg59QsczKxK23vmns=;
 b=dC+Mp86WUsRfJOcMtaNgrrQTTCje5p95SBiy9rcnHksQAEhqwcXHHtXvNjDjQLjjE1HKOKhXI9emNaNepC0/myMSRC9FWXNdGZEh5y6yn+CVyvbEowegPZuaN3JYpASD7rdzThi0xrBsquL+oVJ1IpW5KDWUiYnCvI0eN63tO6NQ9Fs4ISPD4ZLRtBF/WimI6qnXrkc0uGIk5Bc8kQMwNTAs7Zd/Ob96ciL0sYhVJZpMe6bR6+I52eVvSTFrRoLwFXOt4zNcQN4RG7NWAcWe5R8O9pXwp6Lw1qcsmy7xGhTciUCSTA618eH4yovYSnrJJC9YA4I/FeC+dYmTSVUvbQ==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tBgE8-0001RE-0B
 for guix-patches@gnu.org; Thu, 14 Nov 2024 15:14:04 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#74355] [PATCH 7/7] gnu: Add go-github-com-caddyserver-certmagic.
Resent-From: "Artyom V. Poptsov" <poptsov.artyom@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 14 Nov 2024 20:14:03 +0000
Resent-Message-ID: <handler.74355.B74355.17316152295451@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 74355
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 74355@debbugs.gnu.org
Cc: "Artyom V. Poptsov" <poptsov.artyom@gmail.com>
Received: via spool by 74355-submit@debbugs.gnu.org id=B74355.17316152295451
 (code B ref 74355); Thu, 14 Nov 2024 20:14:03 +0000
Received: (at 74355) by debbugs.gnu.org; 14 Nov 2024 20:13:49 +0000
Received: from localhost ([127.0.0.1]:47329 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tBgDs-0001Pf-4a
 for submit@debbugs.gnu.org; Thu, 14 Nov 2024 15:13:48 -0500
Received: from mail-lf1-f41.google.com ([209.85.167.41]:38195)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <poptsov.artyom@gmail.com>) id 1tBgDp-0001PI-4Q
 for 74355@debbugs.gnu.org; Thu, 14 Nov 2024 15:13:45 -0500
Received: by mail-lf1-f41.google.com with SMTP id
 2adb3069b0e04-539e83daa12so112466e87.1
 for <74355@debbugs.gnu.org>; Thu, 14 Nov 2024 12:13:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1731615164; x=1732219964; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=XWCvTEqhzl0o2rBfVmCk4QqrsDWg59QsczKxK23vmns=;
 b=AJQ1VpemYdyyKzIbe8Ep3ZLmRC77gO9GbO7azVw8duGNjPYfE5KxoT3y31BJyIjLwS
 dY1EPm2RAD/+s5ONKpGgGFSUv21inoy9JgjXsktQDvuqxg07/V/M0i9Ax93GxeOwkvaZ
 itK3o+zaU+8UiB2t0KxgqyB90PDsgLpmcXDRkQzOUWrXgkYLaAO6SyCw09+AQN9xfigF
 i4qOjqzEsOhp84WpoE8MlPaY3Bwqmd4ZKPMD0TkRpPeBLE1VtygnkV6z3fYZptiozoLp
 BemRMVSbzsouwekk+1eJQFAm8MG9uSEMvFxzGF279qf4+5t1SgpV3ndWUUeudlRn2XNt
 zSKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1731615164; x=1732219964;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=XWCvTEqhzl0o2rBfVmCk4QqrsDWg59QsczKxK23vmns=;
 b=TlL7+9z8JePFLzwUVgZaTyi02nQFJUjQ/K9pHk3NYI6HeWR2lDZdb7XjA4JljZgxev
 JfJ/Xn5LIrDSfaHwxR5VhuD0ShlR64b2Y/6LRdW/QPDPko3FVuqB0CbcrTNNwhY+Mwo/
 0ajpD1qbHQiusv6jFkz3b6NPTbm5eruEe6XJsAtv0qKl+8jMXcX3ja20usC/2ydtsETD
 boxkiOqyfsW0BOJU9EIR1D00nf2dYZOk8p0cp0fK30+ey2pKsSJyHSqw8g51aOeCAPmV
 F7poQwhFSdGe2tv68aT2GIOeeA/TH1dQbYApx6yePWtMpvVmfRZfxQKLMF0hZDaDQuee
 eBdw==
X-Gm-Message-State: AOJu0YyqGbrguY0Y2jPfYFNsZLeeTl8WkIKOIZXa+AYlAxiPEJmy6UCo
 v7WVF0j9o++k818rbXn6V3Z7KXZMmFEJ2c2rskKXkbGO6nsI4dMwG6GC2ynzOhQ=
X-Gm-Gg: ASbGncu2nBzBI02UAJGN6onU3eDdhJU0MEr+RByvcETy2LzAQzwnnq6HEA+aVEn2BQS
 f7rEWqSwRc7mjznRCob8oVuG+pTXYrfXS9GxsKXRsfa43ptKgHoQ3w3F0LreWzhfxbNT2ZdCN0r
 Ls1iw5H5m9QYP3CmukyPmcgNWvXeJIYoUzHevi4676jlqclt2SFcao0BwEW5WJ+A9H6TI/nYCGI
 IGEW/PnzHWF6QycWACY0s8xUtUfZ/Ra6ZTY94E1csCbO53u7u1+
X-Google-Smtp-Source: 
 AGHT+IEsV94Dxkz3KcIQwDGTxK82r+5UVjMu3NozMSggJAjPW5OqK/HCLmydgtq1F9a1VMGN2tyXzA==
X-Received: by 2002:a05:6512:1155:b0:53c:774a:6a0c with SMTP id
 2adb3069b0e04-53dab295ea1mr6979e87.1.1731615163833;
 Thu, 14 Nov 2024 12:12:43 -0800 (PST)
Received: from elephant.. ([5.164.195.48]) by smtp.gmail.com with ESMTPSA id
 2adb3069b0e04-53da653e3f9sm296167e87.189.2024.11.14.12.12.41
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 14 Nov 2024 12:12:43 -0800 (PST)
From: "Artyom V. Poptsov" <poptsov.artyom@gmail.com>
Date: Thu, 14 Nov 2024 23:12:26 +0300
Message-ID: 
 <115401a2eaec3c4dbdfe68a3985f31063649ec0e.1731615008.git.poptsov.artyom@gmail.com>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <cover.1731615008.git.poptsov.artyom@gmail.com>
References: <cover.1731615008.git.poptsov.artyom@gmail.com>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/packages/golang-web.scm (go-github-com-caddyserver-certmagic): New variable.

Change-Id: I54093acde851c9a73e18f8c557650d72a521c05f
---
 gnu/packages/golang-web.scm | 76 +++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/gnu/packages/golang-web.scm b/gnu/packages/golang-web.scm
index b29fc69b1a..c7d6e56351 100644
--- a/gnu/packages/golang-web.scm
+++ b/gnu/packages/golang-web.scm
@@ -641,6 +641,82 @@ (define-public go-github-com-bep-golibsass
      "This package provides SCSS compiler support for Go applications.")
     (license license:expat)))
 
+(define-public go-github-com-caddyserver-certmagic
+  (package
+    (name "go-github-com-caddyserver-certmagic")
+    (version "0.21.4")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/caddyserver/certmagic")
+             (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "061whx9p00lpxlfnywizqx5z9b020ggqg5vx5r5v2qhdrprg1gkz"))))
+    (build-system go-build-system)
+    (arguments
+     (list
+      #:tests? #f                       ; Tests require networking.
+      #:import-path "github.com/caddyserver/certmagic"))
+    (native-inputs
+     (list go-github-com-caddyserver-zerossl
+           go-github-com-klauspost-cpuid-v2
+           go-github-com-libdns-libdns
+           go-github-com-mholt-acmez
+           go-github-com-miekg-dns
+           go-github-com-zeebo-blake3
+           go-go-uber-org-zap
+           go-golang-org-x-crypto
+           go-golang-org-x-net))
+    (home-page "https://github.com/caddyserver/certmagic")
+    (synopsis "Automatic HTTPS for any Go program")
+    (description "@code{certmagic} provides API for TLS Automation.
+
+Main features:
+@itemize
+@item Fully automated certificate management including issuance and renewal.
+@item One-line, fully managed HTTPS servers.
+@item Full control over almost every aspect of the system.
+
+@item HTTP->HTTPS redirects.
+
+@item Multiple issuers supported: get certificates from multiple sources/CAs for
+redundancy and resiliency.
+
+@item Solves all 3 common ACME challenges: HTTP, TLS-ALPN, and DNS (and capable of
+others.)
+
+@item Most robust error handling of any ACME client
+@itemize
+@item Challenges are randomized to avoid accidental dependence.
+@item Challenges are rotated to overcome certain network blockages
+@item Robust retries for up to 30 days
+@item Exponential backoff with carefully-tuned intervals
+@item Retries with optional test/staging CA endpoint instead of production, to avoid
+rate limits.
+@end itemize
+@item Powered by @code{ACMEz}, an ACME client library for Go.
+@item All libdns DNS providers work out-of-the-box.
+@item Pluggable storage backends (default: file system.)
+@item Pluggable key sources.
+@item Wildcard certificates.
+@item Automatic OCSP stapling.
+@item Distributed solving of all challenges (works behind load balancers.)
+@item Supports @samp{on-demand} issuance of certificates.
+@item Optional event hooks for observation.
+@item One-time private keys by default (new key for each cert) to discourage pinning
+and reduce scope of key compromise.
+@item Works with any certificate authority (CA) compliant with the ACME specification
+@url{https://tools.ietf.org/html/rfc8555, RFC 8555}.
+@item Certificate revocation
+@item Must-Staple (optional; not default.)
+@item Use in conjunction with your own certificates.
+@item Full support for draft-ietf-acme-ari (ACME Renewal Information; ARI) extension.
+@end itemize
+")
+    (license license:expat)))
+
 (define-public go-github-com-caddyserver-zerossl
   (package
     (name "go-github-com-caddyserver-zerossl")