From patchwork Sat Nov 16 07:26:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Artyom V. Poptsov" X-Patchwork-Id: 70441 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id DCFA827BBEA; Sat, 16 Nov 2024 07:29:28 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 1635427BBE2 for ; Sat, 16 Nov 2024 07:29:28 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tCDEu-0004Rb-0O; Sat, 16 Nov 2024 02:29:04 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tCDEs-0004R8-Ke for guix-patches@gnu.org; Sat, 16 Nov 2024 02:29:02 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tCDEs-0004bs-BT for guix-patches@gnu.org; Sat, 16 Nov 2024 02:29:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=SrdYEsTo0yAZTI1XtcT6/fEAtouBLPhLzqi8xBBqJK8=; b=hIKN/C0go/V80mkxj56LZRCFXafxk/GedaGrd/huK3z8QFt8B1vWr1otqF/rP7bhquoOYW7N+9zhvACaxO0ggG3EcV6/8JoHtsVQlCIby50ahF0RSFm9iZF4YAiPZPHK+kw4mYYP7whV01wa3Xw6k18QfLthqIr1Rh6+uTotd87ZvKz/3lXaMdgzAgEqAa3uNj/roJbh7xRAWpYwRX1JI4HwdSGkC3UIuMDDBFio+0R7m81MvKtMz7VizqvYavoRNx4gxeUBrN5kG9WRPDtlKSWurJuXNqnASmBvOYSUyAWwsVV2/XzPBfa6+6gVESZLoI588ioaOnXB2Pbt2y+sWg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tCDEs-0002rq-63 for guix-patches@gnu.org; Sat, 16 Nov 2024 02:29:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74355] [PATCH v2 7/7] gnu: Add go-github-com-caddyserver-certmagic. Resent-From: "Artyom V. Poptsov" Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 16 Nov 2024 07:29:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74355 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74355@debbugs.gnu.org Cc: "Artyom V. Poptsov" Received: via spool by 74355-submit@debbugs.gnu.org id=B74355.173174208510934 (code B ref 74355); Sat, 16 Nov 2024 07:29:02 +0000 Received: (at 74355) by debbugs.gnu.org; 16 Nov 2024 07:28:05 +0000 Received: from localhost ([127.0.0.1]:51922 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tCDDw-0002qH-Kf for submit@debbugs.gnu.org; Sat, 16 Nov 2024 02:28:05 -0500 Received: from mail-lf1-f52.google.com ([209.85.167.52]:40811) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tCDDu-0002pZ-Mk for 74355@debbugs.gnu.org; Sat, 16 Nov 2024 02:28:03 -0500 Received: by mail-lf1-f52.google.com with SMTP id 2adb3069b0e04-539f0802bf1so340329e87.3 for <74355@debbugs.gnu.org>; Fri, 15 Nov 2024 23:28:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731742022; x=1732346822; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SrdYEsTo0yAZTI1XtcT6/fEAtouBLPhLzqi8xBBqJK8=; b=WGTaYnLmxYZwur+JI+nz4gMFhFtinE6A3BiGI4u5jRQDVIdG1G4ohWixpykgtA75GB Ik0Fl/1Hs4ZQjxjojkb+Vx9oHuwB7sqLkvhTJ3cG1sELNBgNjjFNUVpQoJ4gw+WkzSgV IkVgrxf5jZ+xn5eyHaMpzcezNM1SPVBymm81waIfV7y2t79hJqRPswKnZcS8G5b2oeCg ZKsuBGcYFzTL31QVG0yNEp9A1UBRbfh8bfbBbTy0JoDVePtYoFuearht+NWJToq/o1st iOa2vTVhzBu07AKun5ozGP5ueSRCcBZGQBVpCs4J7j1XQX9UFg1LFEpIQifcclt1kBjC B/rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731742022; x=1732346822; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SrdYEsTo0yAZTI1XtcT6/fEAtouBLPhLzqi8xBBqJK8=; b=OYtHozd3DUyoNpFWOAij5Kd/L8KqD4sBk1ULwrgvMF9/97z1AfHkXJGPvsaU5pypZT toO1VChJZ/gVOkQCO0CZfx+hSyXMEwBp26Ghjl2o0qOJKauqFKTA39sdW5KmpAPb3NQ0 +qdTDmyDLf6bqynGdNEHdgbHCZWUn7QwYsiky0/wI9Dg6Suj05W/En7c8DeHK8Jeffp+ wKSJllDAI5KNKkzZ9/VOEnXr32fZXNKPm5xSWdsUmWnCFMYvBN54lTHvEXuMiIX0D+dv kzk28IFR+bjub2fVZxHjxUgWtGikOSaL8+ejiSs+OpT/Lfn8QFxErZdNVaOVrv5SmVVP pmvA== X-Gm-Message-State: AOJu0YxXfaZHcfJ/av5oF5wVRVXYY5Edmi4FzICUDHsGaIVrgzVrEW9m 72FGeUHH8dzIyZ7hchwX6yNEhyu1O/1r2N/rSd0x9fnXdcFQXrGLOptz7pt1UoI= X-Google-Smtp-Source: AGHT+IHaARPPOo74gXa5JhOkv3pwXm5Rb5HUVqEsf2b5KvPliEWOoHLYe1kBfqzgZQTtqqK1LkQmVg== X-Received: by 2002:a05:6512:ac1:b0:539:f67b:b859 with SMTP id 2adb3069b0e04-53dab29cc20mr738659e87.4.1731742021448; Fri, 15 Nov 2024 23:27:01 -0800 (PST) Received: from elephant.. ([5.164.195.48]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-53da653e1c6sm830904e87.217.2024.11.15.23.26.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Nov 2024 23:27:00 -0800 (PST) From: "Artyom V. Poptsov" Date: Sat, 16 Nov 2024 10:26:34 +0300 Message-ID: <21b126f86c406430734f86200441f542fe006e07.1731741895.git.poptsov.artyom@gmail.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <259514ca31c56e4152c7f7c99d75b6755523381e.1731741895.git.poptsov.artyom@gmail.com> References: <259514ca31c56e4152c7f7c99d75b6755523381e.1731741895.git.poptsov.artyom@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/golang-web.scm (go-github-com-caddyserver-certmagic): New variable. Change-Id: I54093acde851c9a73e18f8c557650d72a521c05f --- gnu/packages/golang-web.scm | 79 +++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/gnu/packages/golang-web.scm b/gnu/packages/golang-web.scm index ec71b598f0..31cf2e02f9 100644 --- a/gnu/packages/golang-web.scm +++ b/gnu/packages/golang-web.scm @@ -641,6 +641,85 @@ (define-public go-github-com-bep-golibsass "This package provides SCSS compiler support for Go applications.") (license license:expat))) +(define-public go-github-com-caddyserver-certmagic + (package + (name "go-github-com-caddyserver-certmagic") + (version "0.21.4") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/caddyserver/certmagic") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 "061whx9p00lpxlfnywizqx5z9b020ggqg5vx5r5v2qhdrprg1gkz")))) + (build-system go-build-system) + (arguments + (list + #:test-flags + #~(list "-skip" + ;; Some tests require networking to run so skip them altogether. + (string-join (list "TestLookupNameserversOK/physics.georgetown.edu." + "TestFindZoneByFqdn/domain_is_a_CNAME" + "TestFindZoneByFqdn/domain_is_a_non-existent_subdomain" + "TestFindZoneByFqdn/domain_is_a_eTLD" + "TestFindZoneByFqdn/domain_is_a_cross-zone_CNAME" + "TestFindZoneByFqdn/NXDOMAIN" + "TestFindZoneByFqdn/several_non_existent_nameservers") + "|")) + #:import-path "github.com/caddyserver/certmagic")) + (native-inputs + (list go-github-com-caddyserver-zerossl + go-github-com-klauspost-cpuid-v2 + go-github-com-libdns-libdns + go-github-com-mholt-acmez + go-github-com-miekg-dns + go-github-com-zeebo-blake3 + go-go-uber-org-zap + go-golang-org-x-crypto + go-golang-org-x-net)) + (home-page "https://github.com/caddyserver/certmagic") + (synopsis "Automatic HTTPS for any Go program") + (description + "@code{certmagic} provides API for TLS Automation with full control over almost +every aspect of the system. + +Main features: +@itemize +@item Fully automated certificate management including issuance and renewal, with +support for certificate revocation. Also works in conjunction with your own +certificates. +@item Wildcard certificates. +@item One-line, fully managed HTTPS servers, with HTTP->HTTPS redirects. +@item Multiple issuers supported: get certificates from multiple sources/CAs for +redundancy and resiliency. +@item Solves all 3 common ACME challenges: HTTP, TLS-ALPN, and DNS (and capable of +others.) +@item Robust error handling: +@itemize +@item Challenges are randomized to avoid accidental dependence and rotated to +overcome certain network blockages. +@item Robust retries for up to 30 days. +@item Exponential backoff with carefully-tuned intervals. +@item Retries with optional test/staging CA endpoint instead of production, to avoid +rate limits. +@end itemize +@item All libdns DNS providers work out-of-the-box. +@item Pluggable storage backends (default: file system) and key sources. +@item Automatic OCSP stapling. +@item Distributed solving of all challenges (works behind load balancers.) +@item Supports @samp{on-demand} issuance of certificates. +@item Optional event hooks for observation. +@item One-time private keys by default (new key for each cert) to discourage pinning +and reduce scope of key compromise. +@item Works with any certificate authority (CA) compliant with the ACME specification +@url{https://tools.ietf.org/html/rfc8555, RFC 8555}. +@item Must-Staple (optional; not default.) +@item Full support for draft-ietf-acme-ari (ACME Renewal Information; ARI) extension. +@end itemize") + (license license:expat))) + (define-public go-github-com-caddyserver-zerossl (package (name "go-github-com-caddyserver-zerossl")