@@ -1060,6 +1060,7 @@ dist_patch_DATA = \
%D%/packages/patches/clucene-contribs-lib.patch \
%D%/packages/patches/cube-nocheck.patch \
%D%/packages/patches/curl-use-ssl-cert-env.patch \
+ %D%/packages/patches/curl-8.5-use-ssl-cert-env.patch \
%D%/packages/patches/curlftpfs-fix-error-closing-file.patch \
%D%/packages/patches/curlftpfs-fix-file-names.patch \
%D%/packages/patches/curlftpfs-fix-memory-leak.patch \
@@ -16,6 +16,7 @@
;;; Copyright © 2021 Felix Gruber <felgru@posteo.net>
;;; Copyright © 2023 Sharlatan Hellseher <sharlatanus@gmail.com>
;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com>
+;;; Copyright © 2024 Tomas Volf <~@wolfsden.cz>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -46,14 +47,19 @@ (define-module (gnu packages curl)
#:use-module (guix build-system meson)
#:use-module ((guix search-paths) #:select ($SSL_CERT_DIR $SSL_CERT_FILE))
#:use-module (gnu packages)
+ #:use-module (gnu packages certs)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
#:use-module (gnu packages golang)
+ #:use-module (gnu packages gsasl)
+ #:use-module (gnu packages groff)
#:use-module (gnu packages guile)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages logging)
#:use-module (gnu packages libevent)
#:use-module (gnu packages libidn)
+ #:use-module (gnu packages openldap)
+ #:use-module (gnu packages networking)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
@@ -169,6 +175,69 @@ (define-public curl
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
+(define-public curl-full
+ (package/inherit curl
+ (name "curl-full")
+ (version "8.5.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://curl.se/download/curl-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "1pas8z1vijp08za5xgh2vvsajwi1p2208vlhl0vs94xp4pzigz05"))
+ (patches (search-patches "curl-8.5-use-ssl-cert-env.patch"))))
+ (arguments
+ (substitute-keyword-arguments (package-arguments curl)
+ ((#:configure-flags flags)
+ #~(cons* "--enable-manual"
+ ;; Not yet available: https://github.com/curl/curl/pull/11922
+ ;; "--enable-ech"
+ "--enable-websockets"
+ "--with-brotli"
+ "--with-ldap"
+ "--with-ldaps"
+ "--with-librtmp"
+ "--with-libssh2"
+ "--with-nghttp3"
+ "--with-ngtcp2"
+ "--with-zstd"
+ #$flags))
+ ((#:phases phases)
+ #~(modify-phases #$phases
+ (add-after 'unpack 'skip-tests
+ (lambda _
+ (let ((port (open-file "tests/data/DISABLED" "a")))
+ ;; I do not understand why curl package ignores this test
+ ;; just on some architectures. I had it fail even on amd64,
+ ;; it is just too flaky.
+ (display "1474\n" port)
+ ;; Required files are missing, should be fixed in >8.5.0:
+ ;; https://github.com/curl/curl/issues/12462
+ (display "1477\n" port)
+ (close port))))))))
+ (propagated-inputs
+ (list nss-certs))
+ (native-inputs
+ (modify-inputs (package-native-inputs curl)
+ (prepend groff)))
+ (inputs
+ (modify-inputs (package-inputs curl)
+ (prepend brotli
+ gsasl
+ libpsl
+ libssh2
+ nghttp3
+ ngtcp2
+ openldap
+ rtmpdump
+ `(,zstd "lib"))))
+ (description (string-append (package-description curl)
+ "\n\n"
+ "Compared to the regular curl package, this
+one enables everything that can be enabled, bringing in additional features
+and security."))))
+
(define-public curl-ssh
(package/inherit curl
(arguments
new file mode 100644
@@ -0,0 +1,79 @@
+From 0a942e9f2f5255793e99408ca3da0940d52dfdad Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jakub=20K=C4=85dzio=C5=82ka?= <kuba@kadziolka.net>
+Date: Mon, 8 Jan 2024 15:07:38 +0100
+Subject: [PATCH] libcurl: Respect SSL_CERT_DIR and SSL_CERT_FILE.
+
+Make libcurl respect the SSL_CERT_{DIR,FILE} variables by default. The variables
+are fetched during initialization to preserve thread-safety (curl_global_init(3)
+must be called when no other threads exist).
+
+This fixes network functionality in rust:cargo, and probably removes the need
+for other future workarounds.
+---
+ lib/easy.c | 9 +++++++++
+ lib/url.c | 15 +++++++++++++++
+ 2 files changed, 24 insertions(+)
+
+diff --git a/lib/easy.c b/lib/easy.c
+index 322d1a41b..2a235a19c 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -137,6 +137,9 @@ curl_wcsdup_callback Curl_cwcsdup = Curl_wcsdup;
+ static char *leakpointer;
+ #endif
+
++char * Curl_ssl_cert_dir = NULL;
++char * Curl_ssl_cert_file = NULL;
++
+ /**
+ * curl_global_init() globally initializes curl given a bitwise set of the
+ * different features of what to initialize.
+@@ -163,6 +166,9 @@ static CURLcode global_init(long flags, bool memoryfuncs)
+ goto fail;
+ }
+
++ Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR");
++ Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE");
++
+ if(!Curl_ssl_init()) {
+ DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
+ goto fail;
+@@ -287,6 +293,9 @@ void curl_global_cleanup(void)
+ Curl_ssl_cleanup();
+ Curl_resolver_global_cleanup();
+
++ free(Curl_ssl_cert_dir);
++ free(Curl_ssl_cert_file);
++
+ #ifdef _WIN32
+ Curl_win32_cleanup(easy_init_flags);
+ #endif
+diff --git a/lib/url.c b/lib/url.c
+index b81785fe2..d607e74bb 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -454,6 +454,21 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
+ if(result)
+ return result;
+ #endif
++ extern char * Curl_ssl_cert_dir;
++ extern char * Curl_ssl_cert_file;
++ if(Curl_ssl_cert_dir) {
++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir))
++ return result;
++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
++ return result;
++ }
++
++ if(Curl_ssl_cert_file) {
++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file))
++ return result;
++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
++ return result;
++ }
+ }
+
+ #ifndef CURL_DISABLE_FTP
+--
+2.41.0
+