diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
27 files changed, 425 insertions, 123 deletions
diff --git a/nixpkgs/pkgs/tools/security/badchars/default.nix b/nixpkgs/pkgs/tools/security/badchars/default.nix index a6e5666c189f..4c4d566c9074 100644 --- a/nixpkgs/pkgs/tools/security/badchars/default.nix +++ b/nixpkgs/pkgs/tools/security/badchars/default.nix @@ -1,33 +1,41 @@ { lib , buildPythonApplication , fetchPypi +, python3 }: -buildPythonApplication rec { +python3.pkgs.buildPythonApplication rec { pname = "badchars"; version = "0.4.0"; + pyproject = true; src = fetchPypi { inherit pname version; - sha256 = "1xqki8qnfwl97d60xj69alyzwa1mnfbwki25j0vhvhb05varaxz2"; + hash = "sha256-4neV1S5gwQ03kEXEyZezNSj+PVXJyA5MO4lyZzGKE/c="; }; postPatch = '' - substituteInPlace setup.py --replace "argparse" "" + substituteInPlace setup.py \ + --replace-fail "argparse" "" ''; + build-system = with python3.pkgs; [ + setuptools + ]; + # no tests are available and it can't be imported (it's only a script, not a module) doCheck = false; meta = with lib; { description = "HEX badchar generator for different programming languages"; - mainProgram = "badchars"; longDescription = '' A HEX bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars. ''; homepage = "https://github.com/cytopia/badchars"; + changelog = "https://github.com/cytopia/badchars/releases/tag/${version}"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; + mainProgram = "badchars"; }; } diff --git a/nixpkgs/pkgs/tools/security/bitwarden-directory-connector/default.nix b/nixpkgs/pkgs/tools/security/bitwarden-directory-connector/default.nix index 7f46b444b2e9..7bc4d9a1fe83 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden-directory-connector/default.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden-directory-connector/default.nix @@ -13,14 +13,14 @@ let common = { name, npmBuildScript, installPhase }: buildNpmPackage rec { pname = name; - version = "2023.10.0"; + version = "2024.3.1"; nodejs = nodejs_18; src = fetchFromGitHub { owner = "bitwarden"; repo = "directory-connector"; rev = "v${version}"; - hash = "sha256-PlOtTh+rpTxAv8ajHBDHZuL7yeeLVpbAfKEDPQlejIg="; + hash = "sha256-NbyjL6x/Ij5waYlIDNKrg7fDT+co/EcdCW4ZBJ6KV34="; }; postPatch = '' @@ -32,7 +32,7 @@ let --replace-fail "AppImage" "dir" ''; - npmDepsHash = "sha256-jBAWWY12qeX2EDhUvT3TQpnQvYXRsIilRrXGpVzxYvw="; + npmDepsHash = "sha256-6WYNaF6z8OwWmi/Mv091LsuTUEUhWd8cDD11QKE8A5U="; env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; diff --git a/nixpkgs/pkgs/tools/security/cnspec/default.nix b/nixpkgs/pkgs/tools/security/cnspec/default.nix index b37f05e779cc..57d33623f0a2 100644 --- a/nixpkgs/pkgs/tools/security/cnspec/default.nix +++ b/nixpkgs/pkgs/tools/security/cnspec/default.nix @@ -5,18 +5,18 @@ buildGoModule rec { pname = "cnspec"; - version = "10.8.4"; + version = "10.9.1"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnspec"; rev = "refs/tags/v${version}"; - hash = "sha256-emY8y+OKk052o5LGhHMra7CTpbmS/U+5sjWIYR7DRsA="; + hash = "sha256-9NHzSgcUWRVhq4hqkq8xJ0FgTk9BBz2Zc0yuj72WL+c="; }; proxyVendor = true; - vendorHash = "sha256-W39Ccc5UU+K+W/h/R1vrB1lcJXKZs8gbfxmb99vGEfM="; + vendorHash = "sha256-bhpVAvoIriqA7QnYysqUfuAYbR9PoaPHgWCHlJLdgYY="; subPackages = [ "apps/cnspec" diff --git a/nixpkgs/pkgs/tools/security/cryptomator/default.nix b/nixpkgs/pkgs/tools/security/cryptomator/default.nix index 39654ae0ceaf..2766a4e88ac2 100644 --- a/nixpkgs/pkgs/tools/security/cryptomator/default.nix +++ b/nixpkgs/pkgs/tools/security/cryptomator/default.nix @@ -14,13 +14,13 @@ in assert stdenv.isLinux; # better than `called with unexpected argument 'enableJavaFX'` mavenJdk.buildMavenPackage rec { pname = "cryptomator"; - version = "1.12.3"; + version = "1.12.4"; src = fetchFromGitHub { owner = "cryptomator"; repo = "cryptomator"; rev = version; - hash = "sha256-pVQ3xlNgJIDz8dnNoiLJaG6y4kNHNLL7zYq1sl6rleY="; + hash = "sha256-i5TrWXOkRR+1iqSzMTJEe5xMJ3iM5kdI3fXb/Z5/Gb0="; }; mvnParameters = "-Dmaven.test.skip=true -Plinux"; diff --git a/nixpkgs/pkgs/tools/security/eid-mw/default.nix b/nixpkgs/pkgs/tools/security/eid-mw/default.nix index 36f1245de43e..5a330c7126fa 100644 --- a/nixpkgs/pkgs/tools/security/eid-mw/default.nix +++ b/nixpkgs/pkgs/tools/security/eid-mw/default.nix @@ -16,6 +16,7 @@ , openssl , p11-kit , pcsclite +, wrapGAppsHook }: stdenv.mkDerivation rec { @@ -36,7 +37,7 @@ stdenv.mkDerivation rec { ''; - nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config makeWrapper ]; + nativeBuildInputs = [ wrapGAppsHook autoreconfHook autoconf-archive pkg-config makeWrapper ]; buildInputs = [ curl gtk3 libassuan libbsd libproxy libxml2 openssl p11-kit pcsclite ]; preConfigure = '' diff --git a/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix b/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix index ee3ed2e8154d..6c67773b6dd3 100644 --- a/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix +++ b/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix @@ -1,36 +1,38 @@ { lib -, buildPythonApplication , fetchFromGitHub -, impacket -, ldap3 -, pyyaml +, python3 , samba }: -buildPythonApplication rec { +python3.pkgs.buildPythonApplication rec { pname = "enum4linux-ng"; version = "1.3.2"; + pyproject = true; src = fetchFromGitHub { owner = "cddmp"; - repo = pname; + repo = "enum4linux-ng"; rev = "refs/tags/v${version}"; hash = "sha256-O3TZcCn2kRLrMjQPVg8F5Q2ri968xRbXrdnfytfMkYM="; }; - propagatedBuildInputs = [ + build-system = with python3.pkgs; [ + setuptools + ]; + + dependencies = [ + samba + ] ++ (with python3.pkgs; [ impacket ldap3 pyyaml - samba - ]; + ]); # It's only a script and not a Python module. Project has no tests doCheck = false; meta = with lib; { description = "Windows/Samba enumeration tool"; - mainProgram = "enum4linux-ng"; longDescription = '' enum4linux-ng.py is a rewrite of Mark Lowe's enum4linux.pl, a tool for enumerating information from Windows and Samba systems. @@ -39,5 +41,6 @@ buildPythonApplication rec { changelog = "https://github.com/cddmp/enum4linux-ng/releases/tag/v${version}"; license = with licenses; [ gpl3Plus ]; maintainers = with maintainers; [ fab ]; + mainProgram = "enum4linux-ng"; }; } diff --git a/nixpkgs/pkgs/tools/security/exploitdb/default.nix b/nixpkgs/pkgs/tools/security/exploitdb/default.nix index 9b971e958aa2..3db2051c8de0 100644 --- a/nixpkgs/pkgs/tools/security/exploitdb/default.nix +++ b/nixpkgs/pkgs/tools/security/exploitdb/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2024-03-23"; + version = "2024-03-26"; src = fetchFromGitLab { owner = "exploit-database"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-2Z6HY2Pz7PKh0iBXaplxj7il0Ekzqsbq57l0/Pk03+s="; + hash = "sha256-oZfo9p23uvDw2f7O5AnycVpE14Rul8ZIeQPojVGQCXI="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/fprintd/default.nix b/nixpkgs/pkgs/tools/security/fprintd/default.nix index 27425b1a1491..3e651f593f45 100644 --- a/nixpkgs/pkgs/tools/security/fprintd/default.nix +++ b/nixpkgs/pkgs/tools/security/fprintd/default.nix @@ -92,6 +92,11 @@ stdenv.mkDerivation rec { doCheck = true; + mesonCheckFlags = [ + # PAM related checks are timing out + "--no-suite" "fprintd:TestPamFprintd" + ]; + postPatch = '' patchShebangs \ po/check-translations.sh \ diff --git a/nixpkgs/pkgs/tools/security/gotestwaf/default.nix b/nixpkgs/pkgs/tools/security/gotestwaf/default.nix index b710d209244c..6198fc58ad73 100644 --- a/nixpkgs/pkgs/tools/security/gotestwaf/default.nix +++ b/nixpkgs/pkgs/tools/security/gotestwaf/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "gotestwaf"; - version = "0.4.16"; + version = "0.4.17"; src = fetchFromGitHub { owner = "wallarm"; repo = "gotestwaf"; rev = "refs/tags/v${version}"; - hash = "sha256-fMSXnA8ZuyfOQINkWiYwX7NSffsHbdlfDcpfo/hahMY="; + hash = "sha256-Ix2S+yJMAn7RCMuw5SkvnfVy7XH6yIuGwXP/EAnhyI0="; }; vendorHash = null; diff --git a/nixpkgs/pkgs/tools/security/katana/default.nix b/nixpkgs/pkgs/tools/security/katana/default.nix index fef276e414c9..98aabba79d3a 100644 --- a/nixpkgs/pkgs/tools/security/katana/default.nix +++ b/nixpkgs/pkgs/tools/security/katana/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "katana"; - version = "1.0.5"; + version = "1.1.0"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "katana"; rev = "refs/tags/v${version}"; - hash = "sha256-phxJhrZaJ+gw7gZWwQK0pvWWxkS4UDi77s+qgTvS/fo="; + hash = "sha256-upqsQQlrDRRcLMAe7nI86Sc2y3hNpELEeM5Im4XfLl8="; }; - vendorHash = "sha256-go+6NOQOnmds7EuA5k076Qdib2CqGthH9BHOm0YYKaA="; + vendorHash = "sha256-OehyKcO8AwQ8D+KeMg9T/0/T9wSuzdkVVfbginlQJro="; subPackages = [ "cmd/katana" diff --git a/nixpkgs/pkgs/tools/security/knockpy/default.nix b/nixpkgs/pkgs/tools/security/knockpy/default.nix index 6d4e80ec98c2..169165067c93 100644 --- a/nixpkgs/pkgs/tools/security/knockpy/default.nix +++ b/nixpkgs/pkgs/tools/security/knockpy/default.nix @@ -18,15 +18,16 @@ python3.pkgs.buildPythonApplication rec { pythonRelaxDeps = [ "beautifulsoup4" "dnspython" + "pyopenssl" "tqdm" ]; - nativeBuildInputs = with python3.pkgs; [ + build-system = with python3.pkgs; [ pythonRelaxDepsHook setuptools ]; - propagatedBuildInputs = with python3.pkgs; [ + dependencies = with python3.pkgs; [ beautifulsoup4 dnspython pyopenssl @@ -43,10 +44,10 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool to scan subdomains"; - mainProgram = "knockpy"; homepage = "https://github.com/guelfoweb/knock"; changelog = "https://github.com/guelfoweb/knock/releases/tag/${version}"; license = with licenses; [ gpl3Only ]; maintainers = with maintainers; [ fab ]; + mainProgram = "knockpy"; }; } diff --git a/nixpkgs/pkgs/tools/security/ldeep/default.nix b/nixpkgs/pkgs/tools/security/ldeep/default.nix index 92d5ff106b6c..0b3a2b47df4c 100644 --- a/nixpkgs/pkgs/tools/security/ldeep/default.nix +++ b/nixpkgs/pkgs/tools/security/ldeep/default.nix @@ -19,13 +19,13 @@ python3.pkgs.buildPythonApplication rec { "cryptography" ]; - nativeBuildInputs = with python3.pkgs; [ + build-system = with python3.pkgs; [ cython pythonRelaxDepsHook setuptools ]; - propagatedBuildInputs = with python3.pkgs; [ + dependencies = with python3.pkgs; [ commandparse cryptography dnspython @@ -39,7 +39,7 @@ python3.pkgs.buildPythonApplication rec { tqdm ]; - # no tests are present + # Project has no tests doCheck = false; pythonImportsCheck = [ @@ -48,10 +48,10 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "In-depth LDAP enumeration utility"; - mainProgram = "ldeep"; homepage = "https://github.com/franc-pentest/ldeep"; changelog = "https://github.com/franc-pentest/ldeep/releases/tag/${version}"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; + mainProgram = "ldeep"; }; } diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/default.nix b/nixpkgs/pkgs/tools/security/pass/extensions/default.nix index f7ac0a3d16ba..b9c45a1096d3 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/default.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/default.nix @@ -1,6 +1,8 @@ { pkgs, ... }: -with pkgs; +let + inherit (pkgs) callPackage python3Packages; +in { pass-audit = callPackage ./audit { diff --git a/nixpkgs/pkgs/tools/security/saml2aws/default.nix b/nixpkgs/pkgs/tools/security/saml2aws/default.nix index beb2b89e20b4..50b365a9070b 100644 --- a/nixpkgs/pkgs/tools/security/saml2aws/default.nix +++ b/nixpkgs/pkgs/tools/security/saml2aws/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "saml2aws"; - version = "2.36.13"; + version = "2.36.14"; src = fetchFromGitHub { owner = "Versent"; repo = "saml2aws"; rev = "v${version}"; - sha256 = "sha256-cLH1GcMgTPnPJVpHOQkW71hf0MKusL8NRc1YQsNSW2I="; + sha256 = "sha256-0XI1G6ULsSuNPCqsX+A0yvUSkyxL8jvYSplmAKj9GNs="; }; - vendorHash = "sha256-E3WYExtV4VsrBZ0uEQZ36CUCK+qf8LTPlNwcdO0eEzA="; + vendorHash = "sha256-SHi2yr/CR1n0/PnGifOlJkFD8ca0TTOTqMCo581a7hc="; buildInputs = lib.optionals stdenv.isDarwin [ AppKit ]; diff --git a/nixpkgs/pkgs/tools/security/semgrep/common.nix b/nixpkgs/pkgs/tools/security/semgrep/common.nix index 57f5163f4cbf..3436d4267964 100644 --- a/nixpkgs/pkgs/tools/security/semgrep/common.nix +++ b/nixpkgs/pkgs/tools/security/semgrep/common.nix @@ -1,9 +1,9 @@ { lib }: rec { - version = "1.63.0"; + version = "1.66.2"; - srcHash = "sha256-VMB+slexCXxv9z6kOxbYQrnet6sb4ZKTATXWkLix9u4="; + srcHash = "sha256-xonZzZsAkAPMVINGEA10CvQ1diYgHBowNsR2pk4tYr8="; # submodule dependencies # these are fetched so we: @@ -13,8 +13,8 @@ rec { "cli/src/semgrep/semgrep_interfaces" = { owner = "semgrep"; repo = "semgrep-interfaces"; - rev = "8751faab89f23f7af3a92f5d4d4e6451ccaa205a"; - hash = "sha256-0Si4wUymwA2k/u953GifYgHKi6gvu3FiaDHm1Kj30sA="; + rev = "215a54782174de84f97188632b4a37e35ba0f827"; + hash = "sha256-Q8E5LkC/NV0wvt9ZwhkoPGjPlDavVHHMnX0sVNK3dAM="; }; }; @@ -25,15 +25,15 @@ rec { core = { x86_64-linux = { platform = "any"; - hash = "sha256-KBiYd1zWDxs5T2AGR49o/X2J6espuqi7ykCh3Zsg8i4="; + hash = "sha256-f/RcuJyd8y2bMclMxZ1BdNTVixhjLz0UxSKGZm+H8yI="; }; x86_64-darwin = { platform = "macosx_10_14_x86_64"; - hash = "sha256-EfVpKdRE5qvEVMGu8QUM183YPNDjgxQlca3nUb3m1tw="; + hash = "sha256-4H9PT41lPydMFl51O2CgeMQiTE66fZ8RP26CVT7Y7Ok="; }; aarch64-darwin = { platform = "macosx_11_0_arm64"; - hash = "sha256-ksqkVdE7aIbeETSxLpDXef6Hmv7G5LxQ0+v+/G9OpKk="; + hash = "sha256-WxQ0ohojzhWmPo208xN98F5GwbNzQuxCjSwP7h3rBGA="; }; }; diff --git a/nixpkgs/pkgs/tools/security/semgrep/default.nix b/nixpkgs/pkgs/tools/security/semgrep/default.nix index 70e6b8641ee8..6b62ab80e7ea 100644 --- a/nixpkgs/pkgs/tools/security/semgrep/default.nix +++ b/nixpkgs/pkgs/tools/security/semgrep/default.nix @@ -27,14 +27,6 @@ buildPythonApplication rec { hash = common.srcHash; }; - patches = [ - (fetchpatch { - name = "fix-test_dump_engine-test-for-nix-store-path.patch"; - url = "https://github.com/semgrep/semgrep/commit/c7553c1a61251146773617f80a2d360e6b6ab3f9.patch"; - hash = "sha256-A3QdL0DDh/pbDpRIBACUie7PEvC17iG4t6qTnmPIwA4="; - }) - ]; - # prepare a subset of the submodules as we only need a handful # and there are many many submodules total postPatch = (lib.concatStringsSep "\n" (lib.mapAttrsToList @@ -94,6 +86,12 @@ buildPythonApplication rec { types-freezegun ]); + disabledTestPaths = [ + "tests/default/e2e" + "tests/default/e2e-pro" + "tests/default/e2e-pysemgrep" + ]; + disabledTests = [ # requires networking "test_send" @@ -117,14 +115,6 @@ buildPythonApplication rec { # replace old semgrep with wrapped one rm ./bin/semgrep ln -s $out/bin/semgrep ./bin/semgrep - - # disabledTestPaths doesn't manage to avoid the e2e tests - # remove them from pyproject.toml - # and remove need for pytest-split - substituteInPlace pyproject.toml \ - --replace '"tests/e2e",' "" \ - --replace '"tests/e2e-pro",' "" \ - --replace 'addopts = "--splitting-algorithm=least_duration"' "" ''; postCheck = '' diff --git a/nixpkgs/pkgs/tools/security/sipvicious/default.nix b/nixpkgs/pkgs/tools/security/sipvicious/default.nix index 1167d40e4327..8b0fa05cf0b5 100644 --- a/nixpkgs/pkgs/tools/security/sipvicious/default.nix +++ b/nixpkgs/pkgs/tools/security/sipvicious/default.nix @@ -1,26 +1,46 @@ { lib -, buildPythonApplication , fetchFromGitHub +, installShellFiles +, python3 }: -buildPythonApplication rec { +python3.pkgs.buildPythonApplication rec { pname = "sipvicious"; version = "0.3.4"; + pyproject = true; src = fetchFromGitHub { owner = "EnableSecurity"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-O8/9Vz/u8BoF1dfGceOJdzPPYLfkdBp2DkwA5WQ3dgo="; + repo = "sipvicious"; + rev = "refs/tags/v${version}"; + hash = "sha256-O8/9Vz/u8BoF1dfGceOJdzPPYLfkdBp2DkwA5WQ3dgo="; }; + build-system = [ + installShellFiles + ] ++ (with python3.pkgs; [ + setuptools + ]); + + dependencies = with python3.pkgs; [ + scapy + ]; + + postInstall = '' + installManPage man1/*.1 + ''; + # Project has no tests doCheck = false; - pythonImportsCheck = [ "sipvicious" ]; + + pythonImportsCheck = [ + "sipvicious" + ]; meta = with lib; { - description = " Set of tools to audit SIP based VoIP systems"; + description = "Set of tools to audit SIP based VoIP systems"; homepage = "https://github.com/EnableSecurity/sipvicious"; + changelog = "https://github.com/EnableSecurity/sipvicious/releases/tag/v${version}"; license = with licenses; [ gpl3Plus ]; maintainers = with maintainers; [ fab ]; }; diff --git a/nixpkgs/pkgs/tools/security/slsa-verifier/default.nix b/nixpkgs/pkgs/tools/security/slsa-verifier/default.nix index 1ed192c732a1..0d261fc3a6fd 100644 --- a/nixpkgs/pkgs/tools/security/slsa-verifier/default.nix +++ b/nixpkgs/pkgs/tools/security/slsa-verifier/default.nix @@ -5,20 +5,18 @@ buildGoModule rec { pname = "slsa-verifier"; - version = "2.4.1"; + version = "2.5.1"; src = fetchFromGitHub { owner = "slsa-framework"; repo = "slsa-verifier"; rev = "v${version}"; - hash = "sha256-swyBDJTv6Sp65Q46QGm/N/kIfGfln+vBTYXVOI9CAOE="; + hash = "sha256-vDzgbE/Cl3TMVzf6H300EtDpGPYBkkSOJBu+0l2fPFw="; }; - vendorHash = "sha256-rCGj2o59US2t/ckqXirEDgYn9dGvVSzMVcFEZosasBc="; + vendorHash = "sha256-NkEYr56Wb3EV7TI+0W7w7PdmbZpX3/yQ4TbOebqW9ng="; CGO_ENABLED = 0; - GO111MODULE = "on"; - GOFLAGS = "-trimpath"; subPackages = [ "cli/slsa-verifier" ]; diff --git a/nixpkgs/pkgs/tools/security/spire/default.nix b/nixpkgs/pkgs/tools/security/spire/default.nix index 19e2704516da..49d0b296fd52 100644 --- a/nixpkgs/pkgs/tools/security/spire/default.nix +++ b/nixpkgs/pkgs/tools/security/spire/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "spire"; - version = "1.9.1"; + version = "1.9.2"; outputs = [ "out" "agent" "server" ]; @@ -10,10 +10,10 @@ buildGoModule rec { owner = "spiffe"; repo = pname; rev = "v${version}"; - sha256 = "sha256-+IIT2y4TJDhxxEFiaefgiHVSzO4sVQ3oPO1aMEoBQTU="; + sha256 = "sha256-Gbi6nM9tjH/bYOFwpBrjH/rFEtSs9ihxM3jDAt+5HTU="; }; - vendorHash = "sha256-X8/R2u7mAJuwfltIZV5NrgbzR0U6Ty092Wlbs3u9oIw="; + vendorHash = "sha256-XYM6r/+31apm9Ygq3eMX5DRf8p7/jwkBNaE2OvooRwM="; subPackages = [ "cmd/spire-agent" "cmd/spire-server" ]; diff --git a/nixpkgs/pkgs/tools/security/swtpm/default.nix b/nixpkgs/pkgs/tools/security/swtpm/default.nix index 8c4785dee62b..b39c43a8e1b6 100644 --- a/nixpkgs/pkgs/tools/security/swtpm/default.nix +++ b/nixpkgs/pkgs/tools/security/swtpm/default.nix @@ -16,13 +16,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "swtpm"; - version = "0.8.1"; + version = "0.8.2"; src = fetchFromGitHub { owner = "stefanberger"; repo = "swtpm"; rev = "v${finalAttrs.version}"; - sha256 = "sha256-QKR5S7FlMFDw4+VpyRdqixMWyzLpQkf3QCUceQvsliU="; + hash = "sha256-48/BOzGPoKr/BGEXFo3FXWr6ZoPB+ixZIvv78g6L294="; }; nativeBuildInputs = [ @@ -101,5 +101,6 @@ stdenv.mkDerivation (finalAttrs: { license = licenses.bsd3; maintainers = [ maintainers.baloo ]; mainProgram = "swtpm"; + platforms = platforms.all; }; }) diff --git a/nixpkgs/pkgs/tools/security/tracee/default.nix b/nixpkgs/pkgs/tools/security/tracee/default.nix index c1615c1ddf56..315ec08116af 100644 --- a/nixpkgs/pkgs/tools/security/tracee/default.nix +++ b/nixpkgs/pkgs/tools/security/tracee/default.nix @@ -12,22 +12,28 @@ , nixosTests , testers , tracee +, makeWrapper }: buildGoModule rec { pname = "tracee"; - version = "0.13.1"; + version = "0.20.0"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; - rev = "v${version}"; - hash = "sha256-YO5u/hE5enoqh8niV4Zi+NFUsU+UXCCxdqvxolZImGk="; + # project has branches and tags of the same name + rev = "refs/tags/v${version}"; + hash = "sha256-OnOayDxisvDd802kDKGctaQc5LyoyFfdfvC+2JpRjHY="; }; - vendorHash = "sha256-swMvJe+Dz/kwPIStPlQ7d6U/UwXSMcJ3eONxjzebXCc="; + vendorHash = "sha256-26sAKTJQ7Rf5KRlu7j5XiZVr6CkAC6fm60Pam7KH0uA="; patches = [ ./use-our-libbpf.patch + # can not vendor dependencies with old pyroscope + # remove once https://github.com/aquasecurity/tracee/pull/3927 + # makes it to a release + ./update-pyroscope.patch ]; enableParallelBuilding = true; @@ -47,7 +53,7 @@ buildGoModule rec { buildPhase = '' runHook preBuild mkdir -p ./dist - make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf-core all + make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf all runHook postBuild ''; @@ -63,29 +69,20 @@ buildGoModule rec { mkdir -p $out/bin $lib/lib/tracee $share/share/tracee - mv ./dist/tracee $out/bin/ - mv ./dist/tracee.bpf.core.o $lib/lib/tracee/ + mv ./dist/{tracee,signatures} $out/bin/ + mv ./dist/tracee.bpf.o $lib/lib/tracee/ mv ./cmd/tracee-rules/templates $share/share/tracee/ runHook postInstall ''; - doInstallCheck = true; - installCheckPhase = '' - runHook preInstallCheck - - $out/bin/tracee --help - $out/bin/tracee --version | grep "v${version}" - - runHook postInstallCheck - ''; - passthru.tests = { integration = nixosTests.tracee; + integration-test-cli = import ./integration-tests.nix { inherit lib tracee makeWrapper; }; version = testers.testVersion { package = tracee; version = "v${version}"; - command = "tracee --version"; + command = "tracee version"; }; }; diff --git a/nixpkgs/pkgs/tools/security/tracee/integration-tests.nix b/nixpkgs/pkgs/tools/security/tracee/integration-tests.nix new file mode 100644 index 000000000000..fd3feb69f564 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tracee/integration-tests.nix @@ -0,0 +1,42 @@ +{ lib, tracee, makeWrapper }: +tracee.overrideAttrs (oa: { + pname = oa.pname + "-integration"; + postPatch = oa.postPatch or "" + '' + # fix the test to look at nixos paths for running programs + # --replace-fail '"integration.tes"' '"tracee-integrat"' \ + substituteInPlace tests/integration/event_filters_test.go \ + --replace-fail "exec=/usr/bin/dockerd" "comm=dockerd" \ + --replace-fail "exec=/usr/bin" "exec=/tmp/testdir" \ + --replace-fail "/usr/bin/tee" "tee" \ + --replace-fail "/usr/bin" "/run/current-system/sw/bin" \ + --replace-fail 'syscallerAbsPath := filepath.Join("..", "..", "dist", "syscaller")' "syscallerAbsPath := filepath.Join(\"$out/bin/syscaller\")" + substituteInPlace tests/integration/exec_test.go \ + --replace-fail "/usr/bin" "/run/current-system/sw/bin" + ''; + nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ makeWrapper ]; + buildPhase = '' + runHook preBuild + # copy existing built object to dist + mkdir -p dist/btfhub + touch dist/btfhub/.placeholder + cp ${lib.getOutput "lib" tracee}/lib/tracee/tracee.bpf.o ./dist/ + + # then compile the tests to be ran later + mkdir -p $GOPATH/tracee-integration + CGO_LDFLAGS="$(pkg-config --libs libbpf)" go build -o $GOPATH/tracee-integration/syscaller ./tests/integration/syscaller/cmd + CGO_LDFLAGS="$(pkg-config --libs libbpf)" go test -tags core,ebpf,integration -c -o $GOPATH/tracee-integration/ ./tests/integration/... + runHook postBuild + ''; + doCheck = false; + installPhase = '' + mkdir -p $out/bin + mv $GOPATH/tracee-integration/{integration.test,syscaller} $out/bin/ + # cp -r ${tracee}/bin/signatures $out/bin/ + ''; + doInstallCheck = false; + + outputs = [ "out" ]; + meta = oa.meta // { + outputsToInstall = [ "out" ]; + }; +}) diff --git a/nixpkgs/pkgs/tools/security/tracee/update-pyroscope.patch b/nixpkgs/pkgs/tools/security/tracee/update-pyroscope.patch new file mode 100644 index 000000000000..17f27e6b88dd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tracee/update-pyroscope.patch @@ -0,0 +1,229 @@ +diff --git a/go.mod b/go.mod +index 8288d7d0a..0ac753fa1 100644 +--- a/go.mod ++++ b/go.mod +@@ -16,6 +16,7 @@ require ( + github.com/docker/docker v24.0.7+incompatible + github.com/golang/protobuf v1.5.3 + github.com/google/gopacket v1.1.19 ++ github.com/grafana/pyroscope-go v1.1.1 + github.com/hashicorp/golang-lru v0.5.4 + github.com/hashicorp/golang-lru/v2 v2.0.2 + github.com/mennanov/fmutils v0.2.0 +@@ -23,7 +24,6 @@ require ( + github.com/mitchellh/mapstructure v1.5.0 + github.com/open-policy-agent/opa v0.52.0 + github.com/prometheus/client_golang v1.16.0 +- github.com/pyroscope-io/pyroscope v0.37.2 + github.com/sashabaranov/go-gpt3 v1.4.0 + github.com/spf13/cobra v1.7.0 + github.com/spf13/viper v1.15.0 +@@ -57,15 +57,14 @@ require ( + github.com/go-logr/logr v1.2.4 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/go-logr/zapr v1.2.4 // indirect +- github.com/go-ole/go-ole v1.2.6 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.3 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/gofuzz v1.2.0 // indirect ++ github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 // indirect + github.com/gorilla/websocket v1.5.0 // indirect +- github.com/hashicorp/errwrap v1.1.0 // indirect +- github.com/hashicorp/go-multierror v1.1.1 // indirect ++ github.com/grafana/pyroscope-go/godeltaprof v0.1.6 // indirect + github.com/hashicorp/hcl v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/josharian/intern v1.0.0 // indirect +@@ -73,24 +72,18 @@ require ( + github.com/magiconair/properties v1.8.7 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-runewidth v0.0.10 // indirect +- github.com/mitchellh/go-ps v1.0.0 // indirect + github.com/moby/sys/sequential v0.5.0 // indirect + github.com/moby/term v0.5.0 // indirect ++ github.com/morikuni/aec v1.0.0 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pelletier/go-toml/v2 v2.0.7 // indirect + github.com/philhofer/fwd v1.1.2 // indirect +- github.com/pyroscope-io/dotnetdiag v1.2.1 // indirect + github.com/rivo/uniseg v0.2.0 // indirect +- github.com/shirou/gopsutil v3.21.11+incompatible // indirect + github.com/spf13/afero v1.9.5 // indirect + github.com/spf13/jwalterweatherman v1.1.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/subosito/gotenv v1.4.2 // indirect + github.com/tinylib/msgp v1.1.8 // indirect +- github.com/tklauser/go-sysconf v0.3.11 // indirect +- github.com/tklauser/numcpus v0.6.0 // indirect +- github.com/valyala/bytebufferpool v1.0.0 // indirect +- github.com/yusufpapurcu/wmi v1.2.2 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect + go.opentelemetry.io/otel v1.19.0 // indirect + go.opentelemetry.io/otel/metric v1.19.0 // indirect +@@ -145,7 +138,7 @@ require ( + github.com/huandu/xstrings v1.4.0 // indirect + github.com/imdario/mergo v0.3.15 // indirect + github.com/json-iterator/go v1.1.12 // indirect +- github.com/klauspost/compress v1.16.5 // indirect ++ github.com/klauspost/compress v1.17.3 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/mitchellh/copystructure v1.2.0 // indirect + github.com/mitchellh/reflectwalk v1.0.2 // indirect +diff --git a/go.sum b/go.sum +index 2ecdafafc..598416eeb 100644 +--- a/go.sum ++++ b/go.sum +@@ -53,7 +53,6 @@ github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0 + github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= + github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= + github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= +-github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= + github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= + github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= + github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= +@@ -144,8 +143,6 @@ github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCv + github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= + github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= + github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= +-github.com/felixge/fgprof v0.9.1 h1:E6FUJ2Mlv043ipLOCFqo8+cHo9MhQ203E2cdEK/isEs= +-github.com/felixge/fgprof v0.9.1/go.mod h1:7/HK6JFtFaARhIljgP2IV8rJLIoHDoOYoUphsnGvqxE= + github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= + github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= + github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= +@@ -169,8 +166,6 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= + github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= + github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= + github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= +-github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= +-github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= + github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= + github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= + github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +@@ -266,11 +261,10 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m + github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= + github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= + github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +-github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +-github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= ++github.com/grafana/pyroscope-go v1.1.1 h1:PQoUU9oWtO3ve/fgIiklYuGilvsm8qaGhlY4Vw6MAcQ= ++github.com/grafana/pyroscope-go v1.1.1/go.mod h1:Mw26jU7jsL/KStNSGGuuVYdUq7Qghem5P8aXYXSXG88= ++github.com/grafana/pyroscope-go/godeltaprof v0.1.6 h1:nEdZ8louGAplSvIJi1HVp7kWvFvdiiYg3COLlTwJiFo= ++github.com/grafana/pyroscope-go/godeltaprof v0.1.6/go.mod h1:Tk376Nbldo4Cha9RgiU7ik8WKFkNpfds98aUzS8omLE= + github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= + github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= + github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= +@@ -300,8 +294,8 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 + github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= + github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= + github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +-github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= +-github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= ++github.com/klauspost/compress v1.17.3 h1:qkRjuerhUU1EmXLYGkSH6EZL+vPSxIrYjLNAK4slzwA= ++github.com/klauspost/compress v1.17.3/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= + github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= + github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= + github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= +@@ -331,8 +325,6 @@ github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5 + github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= + github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= + github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= +-github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= +-github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= + github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= + github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= + github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +@@ -397,10 +389,6 @@ github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO + github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= + github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= + github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= +-github.com/pyroscope-io/dotnetdiag v1.2.1 h1:3XEMrfFJnZ87BiEhozyQKmCUAuMd/Spq7KChPuD2Cf0= +-github.com/pyroscope-io/dotnetdiag v1.2.1/go.mod h1:eFUEHCp4eD1TgcXMlJihC+R4MrqGf7nTRdWxNADbDHA= +-github.com/pyroscope-io/pyroscope v0.37.2 h1:MOgLU/oO7VfV6jWqb0xoFH/YPSVbWD5pGsX+tZVGh98= +-github.com/pyroscope-io/pyroscope v0.37.2/go.mod h1:r4wq4ajJvN7g1OeXGyNvmwzBfQ+Tm5alYvmxqEQSTsc= + github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= + github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= + github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +@@ -414,13 +402,10 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf + github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= + github.com/sashabaranov/go-gpt3 v1.4.0 h1:UqHYdXgJNtNvTtbzDnnQgkQ9TgTnHtCXx966uFTYXvU= + github.com/sashabaranov/go-gpt3 v1.4.0/go.mod h1:BIZdbwdzxZbCrcKGMGH6u2eyGe1xFuX9Anmh3tCP8lQ= +-github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI= +-github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= + github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= + github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= + github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= + github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= + github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= + github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= + github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +@@ -456,14 +441,8 @@ github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BG + github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= + github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0= + github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw= +-github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM= +-github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI= +-github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms= +-github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4= + github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M= + github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= +-github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= +-github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= + github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= + github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= + github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +@@ -476,8 +455,6 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de + github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= + github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= + github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +-github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg= +-github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= + go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= + go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= + go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +@@ -629,7 +606,6 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w + golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= + golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= + golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= + golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= + golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= + golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +diff --git a/pkg/server/http/server.go b/pkg/server/http/server.go +index 898344591..85ccc68ed 100644 +--- a/pkg/server/http/server.go ++++ b/pkg/server/http/server.go +@@ -7,7 +7,7 @@ import ( + "net/http/pprof" + + "github.com/prometheus/client_golang/prometheus/promhttp" +- "github.com/pyroscope-io/pyroscope/pkg/agent/profiler" ++ "github.com/grafana/pyroscope-go" + + "github.com/aquasecurity/tracee/pkg/logger" + ) +@@ -17,7 +17,7 @@ type Server struct { + hs *http.Server + mux *http.ServeMux // just an exposed copy of hs.Handler + metricsEnabled bool +- pyroProfiler *profiler.Profiler ++ pyroProfiler *pyroscope.Profiler + } + + // New creates a new server +@@ -90,8 +90,8 @@ func (s *Server) EnablePProfEndpoint() { + // EnablePyroAgent enables pyroscope agent in golang push mode + // TODO: make this configurable + func (s *Server) EnablePyroAgent() error { +- p, err := profiler.Start( +- profiler.Config{ ++ p, err := pyroscope.Start( ++ pyroscope.Config{ + ApplicationName: "tracee", + ServerAddress: "http://localhost:4040", + }, diff --git a/nixpkgs/pkgs/tools/security/tracee/use-our-libbpf.patch b/nixpkgs/pkgs/tools/security/tracee/use-our-libbpf.patch index 00d91ca6e3b3..4f6dc5957a77 100644 --- a/nixpkgs/pkgs/tools/security/tracee/use-our-libbpf.patch +++ b/nixpkgs/pkgs/tools/security/tracee/use-our-libbpf.patch @@ -1,8 +1,8 @@ diff --git a/Makefile b/Makefile -index d7596a1a..dd7b97b6 100644 +index 29be1ae71..b88f31cba 100644 --- a/Makefile +++ b/Makefile -@@ -50,6 +50,7 @@ CMD_STATICCHECK ?= staticcheck +@@ -54,6 +54,7 @@ CMD_CONTROLLER_GEN ?= controller-gen # libs # @@ -10,26 +10,26 @@ index d7596a1a..dd7b97b6 100644 LIB_ELF ?= libelf LIB_ZLIB ?= zlib -@@ -279,8 +280,6 @@ OUTPUT_DIR = ./dist +@@ -299,8 +300,6 @@ OUTPUT_DIR = ./dist $(OUTPUT_DIR): # @$(CMD_MKDIR) -p $@ -- @$(CMD_MKDIR) -p $@/libbpf -- @$(CMD_MKDIR) -p $@/libbpf/obj +- $(CMD_MKDIR) -p $@/libbpf +- $(CMD_MKDIR) -p $@/libbpf/obj # # embedded btfhub -@@ -418,7 +417,6 @@ TRACEE_EBPF_OBJ_CORE_HEADERS = $(shell find pkg/ebpf/c -name *.h) - bpf-core: $(OUTPUT_DIR)/tracee.bpf.core.o +@@ -353,7 +352,6 @@ TRACEE_EBPF_OBJ_HEADERS = $(shell find pkg/ebpf/c -name *.h) + bpf: $(OUTPUT_DIR)/tracee.bpf.o - $(OUTPUT_DIR)/tracee.bpf.core.o: \ + $(OUTPUT_DIR)/tracee.bpf.o: \ - $(OUTPUT_DIR)/libbpf/libbpf.a \ $(TRACEE_EBPF_OBJ_SRC) \ - $(TRACEE_EBPF_OBJ_CORE_HEADERS) + $(TRACEE_EBPF_OBJ_HEADERS) # -@@ -453,8 +451,8 @@ ifeq ($(STATIC), 1) - GO_TAGS_EBPF := $(GO_TAGS_EBPF),netgo - endif +@@ -391,8 +389,8 @@ endif + TRACEE_SRC_DIRS = ./cmd/ ./pkg/ ./signatures/ + TRACEE_SRC = $(shell find $(TRACEE_SRC_DIRS) -type f -name '*.go' ! -name '*_test.go') -CUSTOM_CGO_CFLAGS = "-I$(abspath $(OUTPUT_DIR)/libbpf)" -CUSTOM_CGO_LDFLAGS = "$(shell $(call pkg_config, $(LIB_ELF))) $(shell $(call pkg_config, $(LIB_ZLIB))) $(abspath $(OUTPUT_DIR)/libbpf/libbpf.a)" @@ -38,11 +38,11 @@ index d7596a1a..dd7b97b6 100644 GO_ENV_EBPF = GO_ENV_EBPF += GOOS=linux -@@ -474,6 +472,7 @@ $(OUTPUT_DIR)/tracee-ebpf: \ - $(TRACEE_EBPF_SRC) \ - ./embedded-ebpf.go \ +@@ -437,6 +435,7 @@ $(OUTPUT_DIR)/tracee: \ + $(OUTPUT_DIR)/tracee.bpf.o \ + $(TRACEE_SRC) \ | .checkver_$(CMD_GO) \ + .checklib_$(LIB_BPF) \ .checklib_$(LIB_ELF) \ .checklib_$(LIB_ZLIB) \ - btfhub + btfhub \ diff --git a/nixpkgs/pkgs/tools/security/trueseeing/default.nix b/nixpkgs/pkgs/tools/security/trueseeing/default.nix index 182f33138b95..e5d89ab3ac0c 100644 --- a/nixpkgs/pkgs/tools/security/trueseeing/default.nix +++ b/nixpkgs/pkgs/tools/security/trueseeing/default.nix @@ -5,28 +5,30 @@ python3.pkgs.buildPythonApplication rec { pname = "trueseeing"; - version = "2.2.1"; + version = "2.2.2"; pyproject = true; src = fetchFromGitHub { owner = "alterakey"; repo = "trueseeing"; rev = "refs/tags/v${version}"; - hash = "sha256-bgvnzCcxRiJnjcHVbcIA6YfpCOIDTLD5tQae/0Tqk4E="; + hash = "sha256-5IHJXlpHZJFKj7rdmRsWA5FXZFJf3usGsLgXx1cYEmU="; }; - nativeBuildInputs = with python3.pkgs; [ + build-system = with python3.pkgs; [ flit-core pythonRelaxDepsHook ]; pythonRelaxDeps = true; - propagatedBuildInputs = with python3.pkgs; [ + dependencies = with python3.pkgs; [ + aiohttp asn1crypto attrs importlib-metadata jinja2 + lief lxml progressbar2 pypubsub @@ -44,10 +46,10 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Non-decompiling Android vulnerability scanner"; - mainProgram = "trueseeing"; homepage = "https://github.com/alterakey/trueseeing"; changelog = "https://github.com/alterakey/trueseeing/releases/tag/v${version}"; license = with licenses; [ gpl3Plus ]; maintainers = with maintainers; [ fab ]; + mainProgram = "trueseeing"; }; } diff --git a/nixpkgs/pkgs/tools/security/vals/default.nix b/nixpkgs/pkgs/tools/security/vals/default.nix index 0c43a0204bbb..3822119bd04b 100644 --- a/nixpkgs/pkgs/tools/security/vals/default.nix +++ b/nixpkgs/pkgs/tools/security/vals/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "vals"; - version = "0.35.0"; + version = "0.36.0"; src = fetchFromGitHub { rev = "v${version}"; owner = "variantdev"; repo = pname; - sha256 = "sha256-PH2R39bI357ND3Gf//Fe+xtMGVuqwggT9zZyy/OimmY="; + sha256 = "sha256-jD7fYvPOR6fwpCqNhxNXzjc8qtmjXkJy+f/L7t9Jlu4="; }; - vendorHash = "sha256-oesPCwDZyJ1Q8LdyEnvAU5sdXFFHdxUP4jXltww8vuk="; + vendorHash = "sha256-b4GmDzRvWQzoKzQo7am/3M9cFqO+QNW4UxlWZrPswiA="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/default.nix b/nixpkgs/pkgs/tools/security/vaultwarden/default.nix index ec93f40e3040..a4ee5f430962 100644 --- a/nixpkgs/pkgs/tools/security/vaultwarden/default.nix +++ b/nixpkgs/pkgs/tools/security/vaultwarden/default.nix @@ -20,6 +20,9 @@ rustPlatform.buildRustPackage rec { cargoHash = "sha256-K0T0uTERjxlI3bGG/Tz6sJ0A08J0ROAhpppdZcdQPB8="; + # used for "Server Installed" version in admin panel + env.VW_VERSION = version; + nativeBuildInputs = [ pkg-config ]; buildInputs = with lib; [ openssl ] ++ optionals stdenv.isDarwin [ libiconv Security CoreServices SystemConfiguration ] |