fix(steps-guix): replace p11-kit with gnutls and add static-only guile-gnutls flow with no-so patch

steps-guix/gnutls-3.8.0/pass1.sh

@@ -0,0 +1,39 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+src_prepare() {
+    default
+}
+
+src_configure() {
+    local host_triplet
+    host_triplet="$(gcc -dumpmachine)"
+
+    PATH="${PREFIX}/bin:/usr/bin:/bin" \
+    PKG_CONFIG_PATH="${LIBDIR}/pkgconfig:${PREFIX}/lib/pkgconfig" \
+    ./configure \
+        --prefix="${PREFIX}" \
+        --libdir="${LIBDIR}" \
+        --includedir="${PREFIX}/include" \
+        --host="${host_triplet}" \
+        --build="${host_triplet}" \
+        --enable-static \
+        --enable-shared \
+        --disable-doc \
+        --disable-tests \
+        --disable-tools \
+        --disable-libdane \
+        --without-p11-kit \
+        --without-idn \
+        --without-zlib \
+        --without-brotli \
+        --without-tpm \
+        --without-tpm2
+}
+
+src_compile() {
+    default_src_compile
+}
+
+src_install() {
+    default_src_install
+}

steps-guix/gnutls-3.8.0/sources

@@ -0,0 +1 @@
+f https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.0.tar.xz a7b341421bfd459acf7a374ca4af3b9e06608dcd7bd792b2bf470bea012b8e51 gnutls-3.8.0.tar.xz

steps-guix/guile-gnutls-v5.0.1/pass1.sh

@@ -0,0 +1,35 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+src_prepare() {
+    default
+    autoreconf -fi
+}
+
+src_configure() {
+    local host_triplet pkg_config_path
+    host_triplet="$(gcc -dumpmachine)"
+    pkg_config_path="${LIBDIR}/pkgconfig"
+
+    PATH="${PREFIX}/bin:/usr/bin:/bin" \
+    PKG_CONFIG_LIBDIR="${pkg_config_path}" \
+    PKG_CONFIG_PATH="${pkg_config_path}" \
+    LD_LIBRARY_PATH="${LIBDIR}:${LD_LIBRARY_PATH}" \
+    LIBS="$(pkg-config --static --libs guile-3.0)" \
+    GUILE_LIBS="$(pkg-config --static --libs guile-3.0)" \
+    GNUTLS_LIBS="$(pkg-config --static --libs gnutls)" \
+    ./configure \
+        --prefix="${PREFIX}" \
+        --libdir="${LIBDIR}" \
+        --host="${host_triplet}" \
+        --build="${host_triplet}" \
+        --enable-static \
+        --disable-shared
+}
+
+src_compile() {
+    default_src_compile
+}
+
+src_install() {
+    default_src_install
+}

steps-guix/guile-gnutls-v5.0.1/patches/static-no-so.patch

@@ -0,0 +1,92 @@
+--- guile-gnutls-v5.0.1/configure.ac	2025-07-13 09:01:47
++++ guile-gnutls-v5.0.1/configure.ac	2026-02-25 20:59:39
+@@ -37,7 +37,7 @@
+ AC_PROG_CC
+ AC_PROG_CPP
+ AM_PROG_AR
+-LT_INIT([disable-static])
++LT_INIT
+ 
+ PKG_CHECK_MODULES(GNUTLS, [gnutls])
+ 
+@@ -508,6 +508,15 @@
+ fi
+ 
+ AC_SUBST([maybe_guileextensiondir])
++
++if test "x$enable_shared" = "xyes"; then
++  gnutls_guile_load_extension=yes
++else
++  gnutls_guile_load_extension=no
++fi
++AC_SUBST([gnutls_guile_load_extension])
++AM_CONDITIONAL([BUILD_SHARED], [test "x$enable_shared" = "xyes"])
++
+ AM_CONDITIONAL([HAVE_GUILD], [test "x$GUILD" != "x"])
+ AM_CONDITIONAL([CROSS_COMPILING], [test "x$cross_compiling" = "xyes"])
+ AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"])
+--- guile-gnutls-v5.0.1/guile/Makefile.am	2025-07-13 09:01:47
++++ guile-gnutls-v5.0.1/guile/Makefile.am	2026-02-25 20:59:39
+@@ -46,6 +46,7 @@
+ .in.scm:
+ 	$(AM_V_GEN)$(MKDIR_P) "`dirname "$@"`" ; cat "$^" |		\
+ 	  $(SED) -e's|[@]maybe_guileextensiondir[@]|$(maybe_guileextensiondir)|g' \
++	         -e's|[@]gnutls_guile_load_extension[@]|$(gnutls_guile_load_extension)|g' \
+ 	  > "$@.tmp"
+ 	$(AM_V_at)mv "$@.tmp" "$@"
+ 
+@@ -73,8 +74,12 @@
+ if CROSS_COMPILING
+ CROSS_COMPILING_VARIABLE = GNUTLS_GUILE_CROSS_COMPILING=yes
+ else
++if BUILD_SHARED
+ CROSS_COMPILING_VARIABLE =
++else
++CROSS_COMPILING_VARIABLE = GNUTLS_GUILE_CROSS_COMPILING=yes
+ endif
++endif
+ 
+ # Make sure 'gnutls.scm' is built first.
+ # Unset 'GUILE_LOAD_COMPILED_PATH' so we can be sure that any .go file that we
+--- guile-gnutls-v5.0.1/guile/modules/gnutls.in	2025-07-13 09:01:47
++++ guile-gnutls-v5.0.1/guile/modules/gnutls.in	2026-02-25 20:59:39
+@@ -817,7 +817,8 @@
+         ;; save 'extensiondir' only if it's different from what Guile expects.
+         @maybe_guileextensiondir@))
+ 
+-  (unless (getenv "GNUTLS_GUILE_CROSS_COMPILING")
++  (unless (or (getenv "GNUTLS_GUILE_CROSS_COMPILING")
++              (string=? "@gnutls_guile_load_extension@" "no"))
+     (load-extension (if %libdir
+                         (string-append %libdir "/guile-gnutls-v-2")
+                         "guile-gnutls-v-2")
+@@ -866,7 +867,8 @@
+ (define certificate-verify/allow-any-x509-v1-ca-certificate #f)
+ (define certificate-verify/allow-x509-v1-ca-certificate #f)
+ 
+-(unless (getenv "GNUTLS_GUILE_CROSS_COMPILING")
++(unless (or (getenv "GNUTLS_GUILE_CROSS_COMPILING")
++            (string=? "@gnutls_guile_load_extension@" "no"))
+   ;; Renaming.
+   (set! protocol/ssl-3 protocol/ssl3)
+   (set! protocol/tls-1.0 protocol/tls1-0)
+--- guile-gnutls-v5.0.1/guile/src/Makefile.am	2025-07-13 09:01:47
++++ guile-gnutls-v5.0.1/guile/src/Makefile.am	2026-02-25 20:59:39
+@@ -35,12 +35,17 @@
+ 
+ CLEANFILES = $(BUILT_SOURCES)
+ 
++if BUILD_SHARED
+ guileextension_LTLIBRARIES  = guile-gnutls-v-2.la
+ 
+ # Use '-module' to build a "dlopenable module", in Libtool terms.
+ # Use '-undefined' to placate Libtool on Windows; see
+ # <https://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
+ guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined
++else
++noinst_LTLIBRARIES = guile-gnutls-v-2.la
++guile_gnutls_v_2_la_LDFLAGS = -all-static -no-undefined
++endif
+ 
+ guile_gnutls_v_2_la_SOURCES = core.c errors.c utils.c
+ guile_gnutls_v_2_la_CFLAGS =			\

steps-guix/guile-gnutls-v5.0.1/sources

@@ -0,0 +1 @@
+f https://ftp.gnu.org/gnu/gnutls/guile-gnutls-v5.0.1-src.tar.gz b190047cee068f6b22a5e8d49ca49a2425ad4593901b9ac8940f8842ba7f164f guile-gnutls-v5.0.1-src.tar.gz

steps-guix/manifest

@@ -21,6 +21,7 @@ build: cmake-4.2.3
 build: libgit2-1.9.2
 build: nettle-3.10.2
 build: libtasn1-v4.21.0
-# build: p11-kit-0.26.2
+build: gnutls-3.8.0
+build: guile-gnutls-v5.0.1
 
 improve: after