From patchwork Sat Nov 16 15:21:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Artyom V. Poptsov" X-Patchwork-Id: 70453 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8C5A227BBEA; Sat, 16 Nov 2024 15:24:15 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id B924D27BBE2 for ; Sat, 16 Nov 2024 15:24:14 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tCKeb-0005h2-AI; Sat, 16 Nov 2024 10:24:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tCKeY-0005gZ-Jg for guix-patches@gnu.org; Sat, 16 Nov 2024 10:24:02 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tCKeY-0005Cg-4p for guix-patches@gnu.org; Sat, 16 Nov 2024 10:24:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=r/FEpVpTEqfzGlB3GrU9Qc8k4PrHisfYA2vEzftz/WU=; b=Wj8EvUBJzPajk4+89nJAoYXAijEgBmTwe8WI6pF1iAxKpfSP9ZDM7WMN4aifIJu4NL+/neyO++cw1+IlZU11rDmvI6AeZ19PbWdb78qg8CSSKjrk03yoLHGizbyx+Xq9grU0G95mHdq4AqDdBqt+NqVkYBKDiDRHj+DwJeJhP8Ctrt2P7u1FhTOrXx602XDnjJ7e0mHwSbJ9qk/RevKoAb8jWOn8H67NBNVO+9tw4Wxhw201VzqE+vWhl4VHHr2K9G5oShMpNsDbXrK8CYUROljxDA0+e/qqfCtwpzaCLZkKXENXrKel9UDc4UIpwRdEzPHgyYRdM01LlyP4hba83Q==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tCKeX-000095-W6 for guix-patches@gnu.org; Sat, 16 Nov 2024 10:24:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74355] [PATCH v3 7/7] gnu: Add go-github-com-caddyserver-certmagic. Resent-From: "Artyom V. Poptsov" Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 16 Nov 2024 15:24:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74355 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74355@debbugs.gnu.org Cc: "Artyom V. Poptsov" Received: via spool by 74355-submit@debbugs.gnu.org id=B74355.1731770591485 (code B ref 74355); Sat, 16 Nov 2024 15:24:01 +0000 Received: (at 74355) by debbugs.gnu.org; 16 Nov 2024 15:23:11 +0000 Received: from localhost ([127.0.0.1]:54385 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tCKdi-00007j-Hk for submit@debbugs.gnu.org; Sat, 16 Nov 2024 10:23:11 -0500 Received: from mail-lf1-f44.google.com ([209.85.167.44]:41174) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tCKdY-00005J-LD for 74355@debbugs.gnu.org; Sat, 16 Nov 2024 10:23:01 -0500 Received: by mail-lf1-f44.google.com with SMTP id 2adb3069b0e04-539d9ba5c81so352561e87.0 for <74355@debbugs.gnu.org>; Sat, 16 Nov 2024 07:23:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731770515; x=1732375315; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=r/FEpVpTEqfzGlB3GrU9Qc8k4PrHisfYA2vEzftz/WU=; b=IiLewdQsW4/iWynQmewA4AE4CwA0Gg5wQ5gVgQu1r6EZi5HdKbWSnpOpzkPXrGqhAe nDxxQI5s90iLKEkFRXD7wQuTyM7A+2khpVg0s27p3MKeb8fZllxuI89seWqm+y85TcxZ lbzM9L1jhCRJCAYwoPV821iFKvxQGhlWOId0Qe7dcVaL//2njuZpTMWYSmL9A2Ud4UTX jvV55Xz0lDN4B5j+bT9MQ0l4ygztra/jHxLFh3kyuC8bKf8knIToFfCIZAet4ZpdZull lbAavBIxaOkJe/zRbto/crCH9bMN2oh1xfjGX40BwWJDNc8an1ThFhwzxu6FxNKXcu0t Crpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731770515; x=1732375315; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r/FEpVpTEqfzGlB3GrU9Qc8k4PrHisfYA2vEzftz/WU=; b=M8m6K4B/XDGC4UB2Xup7G/As6bt5SC9Tn1mCdisjoyE75optHlqeprKqsSMvIlMKAv R4PMjKHhoaxzDGF7xZZaEnp3jh/3+7/KO4/t1zyy7NTrOVSZTx+kTYiUf+OneFOtTuB5 sUk4fzXuUNrd7qvgQxUR0ff3dzslZvsJ3/PhwgRuoRJM3ooCfBFmBKyzEPUG7LiCviLO nXzDX6Ui19Xo1yWfK7f0z8ox4A9mas0uBDB4KsBMjm9+qeLOlYjJxtR0Y5QW4e7i2Otx 6U7AJE4BrzvY0UD3ihUcuRVUBiuqC/K683C9KeXnekpvu7XlF5NKqBJVCNVfMmf/7aGg x9nA== X-Gm-Message-State: AOJu0YwSCguRDkPkaCHRI64FHhKF3FggGyf1fx5BV+CyfS6kPTLH92sF 3LOq3N4DK98BSx3MwypTDHQwSdQitijTJDG4KOXk4j7ETSA0GWjAXwSOQZlVMkY= X-Google-Smtp-Source: AGHT+IGwqu/caUBQShnLQLNzX4pDoQzt/qO0r9XjXgzBYJ+bGevUF4fTQwo9zQMDHb3yXU4KNHAnbQ== X-Received: by 2002:a05:6512:3da6:b0:52f:10b:666c with SMTP id 2adb3069b0e04-53dab29f468mr829290e87.5.1731770514496; Sat, 16 Nov 2024 07:21:54 -0800 (PST) Received: from elephant.. ([95.79.75.181]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-53da653e137sm964091e87.192.2024.11.16.07.21.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 16 Nov 2024 07:21:53 -0800 (PST) From: "Artyom V. Poptsov" Date: Sat, 16 Nov 2024 18:21:38 +0300 Message-ID: X-Mailer: git-send-email 2.46.0 In-Reply-To: <63c54994d2630c740169a14e9479892e324c10a9.1731770479.git.poptsov.artyom@gmail.com> References: <63c54994d2630c740169a14e9479892e324c10a9.1731770479.git.poptsov.artyom@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/golang-web.scm (go-github-com-caddyserver-certmagic): New variable. Change-Id: I54093acde851c9a73e18f8c557650d72a521c05f --- gnu/packages/golang-web.scm | 80 +++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/gnu/packages/golang-web.scm b/gnu/packages/golang-web.scm index 689048b368..f9f18da3ff 100644 --- a/gnu/packages/golang-web.scm +++ b/gnu/packages/golang-web.scm @@ -641,6 +641,86 @@ (define-public go-github-com-bep-golibsass "This package provides SCSS compiler support for Go applications.") (license license:expat))) +(define-public go-github-com-caddyserver-certmagic + (package + (name "go-github-com-caddyserver-certmagic") + (version "0.21.4") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/caddyserver/certmagic") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 "061whx9p00lpxlfnywizqx5z9b020ggqg5vx5r5v2qhdrprg1gkz")))) + (build-system go-build-system) + (arguments + (list + #:test-flags + #~(list "-skip" + ;; Some tests require networking to run so skip them altogether. + (string-join + (list "TestLookupNameserversOK/physics.georgetown.edu." + "TestFindZoneByFqdn/domain_is_a_CNAME" + "TestFindZoneByFqdn/domain_is_a_non-existent_subdomain" + "TestFindZoneByFqdn/domain_is_a_eTLD" + "TestFindZoneByFqdn/domain_is_a_cross-zone_CNAME" + "TestFindZoneByFqdn/NXDOMAIN" + "TestFindZoneByFqdn/several_non_existent_nameservers") + "|")) + #:import-path "github.com/caddyserver/certmagic")) + (native-inputs + (list go-github-com-caddyserver-zerossl + go-github-com-klauspost-cpuid-v2 + go-github-com-libdns-libdns + go-github-com-mholt-acmez + go-github-com-miekg-dns + go-github-com-zeebo-blake3 + go-go-uber-org-zap + go-golang-org-x-crypto + go-golang-org-x-net)) + (home-page "https://github.com/caddyserver/certmagic") + (synopsis "Automatic HTTPS for any Go program") + (description + "@code{certmagic} provides API for TLS Automation with full control over almost +every aspect of the system. + +Main features: +@itemize +@item Fully automated certificate management including issuance and renewal, with +support for certificate revocation. Also works in conjunction with your own +certificates. +@item Wildcard certificates. +@item One-line, fully managed HTTPS servers, with HTTP->HTTPS redirects. +@item Multiple issuers supported: get certificates from multiple sources/CAs for +redundancy and resiliency. +@item Solves all 3 common ACME challenges: HTTP, TLS-ALPN, and DNS (and capable of +others.) +@item Robust error handling: +@itemize +@item Challenges are randomized to avoid accidental dependence and rotated to +overcome certain network blockages. +@item Robust retries for up to 30 days. +@item Exponential backoff with carefully-tuned intervals. +@item Retries with optional test/staging CA endpoint instead of production, to avoid +rate limits. +@end itemize +@item All libdns DNS providers work out-of-the-box. +@item Pluggable storage backends (default: file system) and key sources. +@item Automatic OCSP stapling. +@item Distributed solving of all challenges (works behind load balancers.) +@item Supports @samp{on-demand} issuance of certificates. +@item Optional event hooks for observation. +@item One-time private keys by default (new key for each cert) to discourage pinning +and reduce scope of key compromise. +@item Works with any certificate authority (CA) compliant with the ACME specification +@url{https://tools.ietf.org/html/rfc8555, RFC 8555}. +@item Must-Staple (optional; not default.) +@item Full support for draft-ietf-acme-ari (ACME Renewal Information; ARI) extension. +@end itemize") + (license license:expat))) + (define-public go-github-com-caddyserver-zerossl (package (name "go-github-com-caddyserver-zerossl")