gnu: rnp: Update to 0.17.1. [security fixes]

This fixes CVE-2023-29479 and CVE-2023-29480.

* gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
[arguments]: Improve style using gexps.
<#:phases>: Add phase 'inject-sexpp-source.
[inputs]: Add sexpp.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Co-authored-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: Ic1d4740da168cd9fde8b642f279c2c77a1c3806f

gnu/packages/openpgp.scm

@@ -23,6 +23,7 @@
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
+  #:use-module (guix gexp)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages)
   #:use-module (gnu packages check)
@@ -98,10 +99,10 @@ environments.")
     (license license:gpl2+)))
 
 (define-public rnp
-  (let ((day-of-release "2022-09-22"))
+  (let ((day-of-release "2024-05-14"))
     (package
       (name "rnp")
-      (version "0.16.2")
+      (version "0.17.1")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
@@ -110,33 +111,39 @@ environments.")
                 (file-name (git-file-name name version))
                 (sha256
                  (base32
-                  "13z5kxm48a72w4m2crwgdjdng4a4pwxsd72r2z3a4pcakfp2swi8"))))
+                  "052872b6a88vkcc58alxcm532y6dra5qqd997jga41v72h3pnj4d"))))
       (build-system cmake-build-system)
-      (arguments `(#:configure-flags
-                   '("-DBUILD_SHARED_LIBS=on"
-                     "-DBUILD_TESTING=on"
-                     "-DDOWNLOAD_GTEST=off"
-                     "-DDOWNLOAD_RUBYRNP=off")
-                   #:phases
-                   (modify-phases %standard-phases
-                     (add-after 'unpack 'patch-tests
-                       (lambda _
-                         (substitute* "src/tests/support.cpp"
-                           (("\"cp\"") (search-input-file inputs "/bin/cp")))))
-                     (replace 'check
-                       (lambda* (#:key tests? #:allow-other-keys)
-                         (when tests?
-                           ;; Some OpenPGP certificates used by the tests expire.
-                           ;; To work around that, set the time to roughly the
-                           ;; release date.
-                           (invoke "faketime" ,day-of-release "make" "test")))))))
+      (arguments
+       (list
+        #:configure-flags
+        #~(list "-DBUILD_SHARED_LIBS=on"
+                "-DSYSTEM_LIBSEXPP=on"
+                ;; Lower the minimum tuning ratio from 6 to 4, as suggested
+                ;; upstream to avoid the s2k_iteration_tuning failing.
+                "-DS2K_MINIMUM_TUNING_RATIO=4"
+                "-DBUILD_TESTING=on"
+                "-DDOWNLOAD_GTEST=off"
+                "-DDOWNLOAD_RUBYRNP=off")
+        #:phases
+        #~(modify-phases %standard-phases
+            (replace 'check
+              (lambda* (#:key tests? parallel-tests? #:allow-other-keys)
+                (when tests?
+                  ;; Some OpenPGP certificates used by the tests expire.
+                  ;; To work around that, set the time to roughly the
+                  ;; release date.
+                  (setenv "CTEST_OUTPUT_ON_FAILURE" "1")
+                  (invoke "faketime" #$day-of-release "ctest"
+                          "-j" (if parallel-tests?
+                                   (number->string (parallel-job-count))
+                                   "1"))))))))
       (native-inputs
-       (list gnupg       ; for tests
-             googletest  ; for tests
-             libfaketime ; for tests
+       (list gnupg                      ;for tests
+             googletest                 ;for tests
+             libfaketime                ;for tests
              pkg-config
              python))
-      (inputs (list botan bzip2 json-c zlib))
+      (inputs (list botan bzip2 json-c sexpp zlib))
       (synopsis
        "RFC4880-compliant OpenPGP library written in C++")
       (description