diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-01-07 02:18:36 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-01-07 02:18:47 +0000 |
commit | 36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2 (patch) | |
tree | b3faaf573407b32aa645237a4d16b82778a39a92 /nixpkgs/pkgs/os-specific/linux/checksec/default.nix | |
parent | 4e31070265257dc67d120c27e0f75c2344fdfa9a (diff) | |
parent | abf060725d7614bd3b9f96764262dfbc2f9c2199 (diff) | |
download | nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.gz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.bz2 nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.lz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.xz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.zst nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.zip |
Add 'nixpkgs/' from commit 'abf060725d7614bd3b9f96764262dfbc2f9c2199'
git-subtree-dir: nixpkgs git-subtree-mainline: 4e31070265257dc67d120c27e0f75c2344fdfa9a git-subtree-split: abf060725d7614bd3b9f96764262dfbc2f9c2199
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/checksec/default.nix')
-rw-r--r-- | nixpkgs/pkgs/os-specific/linux/checksec/default.nix | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/checksec/default.nix b/nixpkgs/pkgs/os-specific/linux/checksec/default.nix new file mode 100644 index 000000000000..6c927ae93afb --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/checksec/default.nix @@ -0,0 +1,43 @@ +{ stdenv, fetchurl, file, findutils, binutils-unwrapped, glibc, coreutils, sysctl }: + +stdenv.mkDerivation rec { + name = "checksec-${version}"; + version = "1.5"; + + src = fetchurl { + url = "https://www.trapkit.de/tools/checksec.sh"; + sha256 = "0iq9v568mk7g7ksa1939g5f5sx7ffq8s8n2ncvphvlckjgysgf3p"; + }; + + patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch ]; + + unpackPhase = '' + mkdir ${name} + cp $src ${name}/checksec.sh + cd ${name} + ''; + + installPhase = '' + mkdir -p $out/bin + cp checksec.sh $out/bin/checksec + chmod +x $out/bin/checksec + substituteInPlace $out/bin/checksec --replace /bin/bash ${stdenv.shell} + substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6 + substituteInPlace $out/bin/checksec --replace find ${findutils}/bin/find + substituteInPlace $out/bin/checksec --replace "file $" "${file}/bin/file $" + substituteInPlace $out/bin/checksec --replace "xargs file" "xargs ${file}/bin/file" + substituteInPlace $out/bin/checksec --replace " readelf -" " ${binutils-unwrapped}/bin/readelf -" + substituteInPlace $out/bin/checksec --replace "(readelf -" "(${binutils-unwrapped}/bin/readelf -" + substituteInPlace $out/bin/checksec --replace "command_exists readelf" "command_exists ${binutils-unwrapped}/bin/readelf" + substituteInPlace $out/bin/checksec --replace "/sbin/sysctl -" "${sysctl}/bin/sysctl -" + substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -" + ''; + + meta = { + description = "A tool for checking security bits on executables"; + homepage = "http://www.trapkit.de/tools/checksec.html"; + license = stdenv.lib.licenses.bsd3; + platforms = stdenv.lib.platforms.linux; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} |