diff options
| author | Alyssa Ross <hi@alyssa.is> | 2020-05-12 14:45:39 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2020-05-12 14:56:01 +0000 |
| commit | eb7dadee9c0f903f1152f8dd4165453bfa48ccf4 (patch) | |
| tree | a6bd66dcbec895aae167465672af08a1ca70f089 /nixpkgs/pkgs/tools/security | |
| parent | 3879b925f5dae3a0eb5c98b10c1ac5a0e4d729a3 (diff) | |
| parent | 683c68232e91f76386db979c461d8fbe2a018782 (diff) | |
| download | nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar.gz nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar.bz2 nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar.lz nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar.xz nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar.zst nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.zip | |
Merge commit '683c68232e91f76386db979c461d8fbe2a018782'
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
43 files changed, 506 insertions, 323 deletions
diff --git a/nixpkgs/pkgs/tools/security/afl/default.nix b/nixpkgs/pkgs/tools/security/afl/default.nix index df5e3728943e..e32aa0348747 100644 --- a/nixpkgs/pkgs/tools/security/afl/default.nix +++ b/nixpkgs/pkgs/tools/security/afl/default.nix @@ -47,6 +47,11 @@ let # has totally different semantics in that case(?) - and also set a # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out # of $PATH. + # first though we need to replace the afl-clang-fast++ symlink with + # a real copy to prevent wrapProgram skipping the symlink and confusing + # nix's cc wrapper + rm $out/bin/afl-clang-fast++ + cp $out/bin/afl-clang-fast $out/bin/afl-clang-fast++ for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do wrapProgram $x \ --prefix AFL_PATH : "$out/lib/afl" \ @@ -68,7 +73,7 @@ let also useful for seeding other, more labor or resource-intensive testing regimes down the road. ''; - homepage = "http://lcamtuf.coredump.cx/afl/"; + homepage = "https://lcamtuf.coredump.cx/afl/"; license = stdenv.lib.licenses.asl20; platforms = ["x86_64-linux" "i686-linux"]; maintainers = with stdenv.lib.maintainers; [ thoughtpolice ris ]; diff --git a/nixpkgs/pkgs/tools/security/afl/libdislocator.nix b/nixpkgs/pkgs/tools/security/afl/libdislocator.nix index 953c59e435cb..103786d12441 100644 --- a/nixpkgs/pkgs/tools/security/afl/libdislocator.nix +++ b/nixpkgs/pkgs/tools/security/afl/libdislocator.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation { ''; meta = with stdenv.lib; { - homepage = "http://lcamtuf.coredump.cx/afl/"; + homepage = "https://lcamtuf.coredump.cx/afl/"; description = '' Drop-in replacement for the libc allocator which improves the odds of bumping into heap-related security bugs in diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/default.nix b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix new file mode 100644 index 000000000000..f99be6d75758 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix @@ -0,0 +1,146 @@ +{ stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper +, clang_9, llvm_9, gcc, which, libcgroup, python, perl, gmp +, file, cmocka, wine ? null, fetchpatch +}: + +# wine fuzzing is only known to work for win32 binaries, and using a mixture of +# 32 and 64-bit libraries ... complicates things, so it's recommended to build +# a full 32bit version of this package if you want to do wine fuzzing +assert (wine != null) -> (stdenv.targetPlatform.system == "i686-linux"); + +let + aflplusplus-qemu = callPackage ./qemu.nix { inherit aflplusplus; }; + qemu-exe-name = if stdenv.targetPlatform.system == "x86_64-linux" then "qemu-x86_64" + else if stdenv.targetPlatform.system == "i686-linux" then "qemu-i386" + else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; + libdislocator = callPackage ./libdislocator.nix { inherit aflplusplus; }; + libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; + aflplusplus = stdenvNoCC.mkDerivation rec { + pname = "aflplusplus"; + version = "2.64c"; + + src = fetchFromGitHub { + owner = "AFLplusplus"; + repo = "AFLplusplus"; + rev = version; + sha256 = "0n618pk6nlmkcbv1qm05fny4mnhcprrw0ppmra1phvk1y22iildj"; + }; + enableParallelBuilding = true; + + # build of unsigaction32 broken in 2.64c: + # https://github.com/AFLplusplus/AFLplusplus/commit/079fdbf9bc5be1adba19e4bd08be965bd4dd79dc#commitcomment-38428357 + # The applied patch fixes it. + patches = [ + (fetchpatch { + url = "https://github.com/AFLplusplus/AFLplusplus/commit/5b9928f1a9d4b017ea04365ca8b522fde71236eb.patch"; + sha256 = "1m4w9w4jaxb2mjkwvr6r4qa2j5cdzzpchjphpwd95861h0zvb6hh"; + }) + ]; + + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + nativeBuildInputs = [ makeWrapper which clang_9 gcc ]; + buildInputs = [ llvm_9 python gmp ] + ++ stdenv.lib.optional (wine != null) python.pkgs.wrapPython; + + + postPatch = '' + # Replace the CLANG_BIN variables with the correct path + substituteInPlace llvm_mode/afl-clang-fast.c \ + --replace "CLANGPP_BIN" '"${clang_9}/bin/clang++"' \ + --replace "CLANG_BIN" '"${clang_9}/bin/clang"' \ + --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" + + # Replace "gcc" and friends with full paths in afl-gcc + # Prevents afl-gcc picking up any (possibly incorrect) gcc from the path + substituteInPlace src/afl-gcc.c \ + --replace '"gcc"' '"${gcc}/bin/gcc"' \ + --replace '"g++"' '"${gcc}/bin/g++"' \ + --replace '"gcj"' '"gcj-UNSUPPORTED"' \ + --replace '"clang"' '"clang-UNSUPPORTED"' \ + --replace '"clang++"' '"clang++-UNSUPPORTED"' + ''; + + makeFlags = [ "PREFIX=$(out)" ]; + buildPhase = '' + common="$makeFlags -j$NIX_BUILD_CORES" + make all $common + make radamsa $common + make -C gcc_plugin CC=${gcc}/bin/gcc CXX=${gcc}/bin/g++ $common + make -C llvm_mode $common + make -C qemu_mode/libcompcov $common + make -C qemu_mode/unsigaction $common + ''; + + postInstall = '' + # remove afl-clang(++) which are just symlinks to afl-clang-fast + rm $out/bin/afl-clang $out/bin/afl-clang++ + + # the makefile neglects to install unsigaction + cp qemu_mode/unsigaction/unsigaction*.so $out/lib/afl/ + + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${aflplusplus-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # give user a convenient way of accessing libcompconv.so, libdislocator.so, libtokencap.so + cat > $out/bin/get-afl-qemu-libcompcov-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libcompcov.so + END + chmod +x $out/bin/get-afl-qemu-libcompcov-so + cp ${libdislocator}/bin/get-libdislocator-so $out/bin/ + cp ${libtokencap}/bin/get-libtokencap-so $out/bin/ + + # Install the cgroups wrapper for asan-based fuzzing. + cp examples/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + patchShebangs $out/bin + + '' + stdenv.lib.optionalString (wine != null) '' + substitute afl-wine-trace $out/bin/afl-wine-trace \ + --replace "qemu_mode/unsigaction" "$out/lib/afl" + chmod +x $out/bin/afl-wine-trace + + # qemu needs to be fed ELFs, not wrapper scripts, so we have to cheat a bit if we + # detect a wrapped wine + for winePath in ${wine}/bin/.wine ${wine}/bin/wine; do + if [ -x $winePath ]; then break; fi + done + makeWrapperArgs="--set-default 'AFL_WINE_PATH' '$winePath'" \ + wrapPythonProgramsIn $out/bin ${python.pkgs.pefile} + ''; + + installCheckInputs = [ perl file cmocka ]; + doInstallCheck = true; + installCheckPhase = '' + # replace references to tools in build directory with references to installed locations + substituteInPlace test/test.sh \ + --replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \ + --replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \ + --replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`' + perl -pi -e 's|(?<!\.)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh + cd test && ./test.sh + ''; + + passthru = { + inherit libdislocator libtokencap; + qemu = aflplusplus-qemu; + }; + + meta = { + description = '' + AFL++ is a heavily enhanced version of AFL, incorporating many features and + improvements from the community. + ''; + homepage = "https://aflplus.plus"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = with stdenv.lib.maintainers; [ ris mindavi ]; + }; + }; +in aflplusplus diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix b/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix new file mode 100644 index 000000000000..6f947a7280af --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix @@ -0,0 +1,37 @@ +{ stdenv, aflplusplus}: + +stdenv.mkDerivation { + version = stdenv.lib.getVersion aflplusplus; + pname = "libdislocator"; + + src = aflplusplus.src; + postUnpack = "chmod -R +w ${aflplusplus.src.name}"; + sourceRoot = "${aflplusplus.src.name}/libdislocator"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + # issue is fixed upstream: https://github.com/AFLplusplus/AFLplusplus/commit/2a60ceb6944a7ca273057ddf64dcf837bf7f9521 + sed -i 's/README\.dislocator\.md/README\.md/g' Makefile + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libdislocator-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libdislocator.so + END + chmod +x $out/bin/get-libdislocator-so + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + description = '' + Drop-in replacement for the libc allocator which improves + the odds of bumping into heap-related security bugs in + several ways. + ''; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix b/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix new file mode 100644 index 000000000000..9421ee0d1e2b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix @@ -0,0 +1,32 @@ +{ stdenv, aflplusplus}: + +stdenv.mkDerivation { + version = stdenv.lib.getVersion aflplusplus; + pname = "libtokencap"; + + src = aflplusplus.src; + postUnpack = "chmod -R +w ${aflplusplus.src.name}"; + sourceRoot = "${aflplusplus.src.name}/libtokencap"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + mkdir -p $out/share/doc/afl + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libtokencap-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libtokencap.so + END + chmod +x $out/bin/get-libtokencap-so + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + description = "strcmp & memcmp token capture library"; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch b/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch new file mode 100644 index 000000000000..5dfbfd780f1c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index d6b9dc1..ce7c493 100644 +--- a/Makefile ++++ b/Makefile +@@ -601,7 +601,7 @@ install-localstatedir: + endif + + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir ++install: all $(if $(BUILD_DOCS),install-doc) install-datadir + ifneq ($(TOOLS),) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) + endif diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix b/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix new file mode 100644 index 000000000000..c51c839afe85 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix @@ -0,0 +1,83 @@ +{ stdenv, fetchurl, aflplusplus, python2, zlib, pkgconfig, glib, perl +, texinfo, libuuid, flex, bison, pixman, autoconf +}: + +with stdenv.lib; + +let + qemuName = "qemu-3.1.0"; + cpuTarget = if stdenv.targetPlatform.system == "x86_64-linux" then "x86_64-linux-user" + else if stdenv.targetPlatform.system == "i686-linux" then "i386-linux-user" + else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; +in +stdenv.mkDerivation { + name = "aflplusplus-${qemuName}"; + + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "08frr1fdjx8qcfh3fafn10kibdwbvkqqvfl7hpqbm7i9dg4f1zlq"; + }) + aflplusplus.src + ]; + + sourceRoot = qemuName; + + postUnpack = '' + chmod -R +w ${aflplusplus.src.name} + for f in ${aflplusplus.src.name}/qemu_mode/patches/* ; do + sed -E -i 's|(\.\./)+patches/([a-z-]+\.h)|\2|g' $f + sed -E -i 's|\.\./\.\./config\.h|afl-config.h|g' $f + sed -E -i 's|\.\./\.\./include/cmplog\.h|afl-cmplog.h|g' $f + done + cp ${aflplusplus.src.name}/qemu_mode/patches/*.h $sourceRoot/ + cp ${aflplusplus.src.name}/types.h $sourceRoot/afl-types.h + substitute ${aflplusplus.src.name}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${aflplusplus.src.name}/include/cmplog.h $sourceRoot/afl-cmplog.h \ + --replace "config.h" "afl-config.h" \ + --replace "forkserver.h" "afl-forkserver.h" + substitute ${aflplusplus.src.name}/include/forkserver.h $sourceRoot/afl-forkserver.h \ + --replace "types.h" "afl-types.h" + + cat ${aflplusplus.src.name}/qemu_mode/patches/*.diff > all.patch + ''; + + nativeBuildInputs = [ + python2 perl pkgconfig flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman libuuid + ]; + + enableParallelBuilding = true; + + patches = [ + # patches extracted from aflplusplus source + "../all.patch" + # nix-specific patches to make installation more well-behaved + ./qemu-no-etc-install.patch + ]; + + configureFlags = + [ "--disable-system" + "--enable-linux-user" + "--disable-gtk" + "--disable-sdl" + "--disable-vnc" + "--disable-kvm" + "--target-list=${cpuTarget}" + "--enable-pie" + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + meta = with stdenv.lib; { + homepage = "https://www.qemu.org/"; + description = "Fork of QEMU with AFL++ instrumentation support"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ ris ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix b/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix index 6accefa58a4f..6d3c4bccef9f 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix @@ -8,13 +8,13 @@ let in rustPlatform.buildRustPackage rec { pname = "bitwarden_rs"; - version = "1.14.1"; + version = "1.14.2"; src = fetchFromGitHub { owner = "dani-garcia"; repo = pname; rev = version; - sha256 = "10fi5vvckmdbjvlg6mlaqh2dsm33sbkq1z1b6gmz8qjbijc8i7gw"; + sha256 = "0413yjbnj4k917x48h1gnj64kygbr6c1n55f23qkvj0hgbxpgssz"; }; nativeBuildInputs = [ pkgconfig ]; @@ -25,7 +25,7 @@ in rustPlatform.buildRustPackage rec { RUSTC_BOOTSTRAP = 1; - cargoSha256 = "1p8wpndj1aydhcjl15z3xhjf52a0l5rh5cy9qs6w4776crya2jjr"; + cargoSha256 = "09747f9g7yyq9c8wbfdb3hwxii5xq23ynhba0vc01nhjpjyn0ksd"; cargoBuildFlags = [ featuresFlag ]; checkPhase = '' diff --git a/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix b/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix index 43d8d3a9b118..0c60ab621063 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "bitwarden_rs-vault"; - version = "2.13.2"; + version = "2.13.2b"; src = fetchurl { url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - sha256 = "1000iqjr670imm1dlw9r003d8psp5sq0m0p62sjnll7wnycd805r"; + sha256 = "1pba3d04gfnviv8r98anpv7m8r9r417s352r5fz8qzg8lr070540"; }; buildCommand = '' diff --git a/nixpkgs/pkgs/tools/security/brutespray/default.nix b/nixpkgs/pkgs/tools/security/brutespray/default.nix index be7c99f52527..78dd789047d0 100644 --- a/nixpkgs/pkgs/tools/security/brutespray/default.nix +++ b/nixpkgs/pkgs/tools/security/brutespray/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "brutespray"; - version = "1.6.6"; + version = "1.6.8"; src = fetchFromGitHub { owner = "x90skysn3k"; repo = pname; rev = "brutespray-${version}"; - sha256 = "1rj8fkq1xz4ph1pmldphlsa25mg6xl7i7dranb0qjx00jhfxjxjh"; + sha256 = "1pi4d5vcvvjsby39dq995dlhpxdicmfhqsiw23hr25m38ccfm3rh"; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/ccid/default.nix b/nixpkgs/pkgs/tools/security/ccid/default.nix index b9cffc7f769d..e74e1b61438a 100644 --- a/nixpkgs/pkgs/tools/security/ccid/default.nix +++ b/nixpkgs/pkgs/tools/security/ccid/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "ccid"; - version = "1.4.31"; + version = "1.4.32"; src = fetchurl { url = "https://ccid.apdu.fr/files/${pname}-${version}.tar.bz2"; - sha256 = "1xz8ikr6vk73w3xnwb931yq8lqc1zrj8c3v34n6h63irwjvdfj3b"; + sha256 = "0f8nzk7379ip4x2ii5vn6h67jyx733pq0ywnnsj2llbxi2vllpsl"; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/crowbar/default.nix b/nixpkgs/pkgs/tools/security/crowbar/default.nix new file mode 100644 index 000000000000..cd4e7db87186 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/crowbar/default.nix @@ -0,0 +1,42 @@ +{ fetchFromGitHub +, freerdp +, nmap +, openvpn +, python3Packages +, stdenv +, tigervnc +}: + +python3Packages.buildPythonApplication rec { + pname = "crowbar"; + version = "unstable-2020-04-23"; + + src = fetchFromGitHub { + owner = "galkan"; + repo = pname; + rev = "500d633ff5ddfcbc70eb6d0b4d2181e5b8d3c535"; + sha256 = "05m9vywr9976pc7il0ak8nl26mklzxlcqx0p8rlfyx1q766myqzf"; + }; + + propagatedBuildInputs = [ python3Packages.paramiko ]; + + patchPhase = '' + sed -i 's,/usr/bin/xfreerdp,${freerdp}/bin/xfreerdp,g' lib/main.py + sed -i 's,/usr/bin/vncviewer,${tigervnc}/bin/vncviewer,g' lib/main.py + sed -i 's,/usr/sbin/openvpn,${openvpn}/bin/openvpn,g' lib/main.py + + sed -i 's,/usr/bin/nmap,${nmap}/bin/nmap,g' lib/nmap.py + ''; + + # Sanity check + checkPhase = '' + $out/bin/crowbar --help > /dev/null + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/galkan/crowbar"; + description = "A brute forcing tool that can be used during penetration tests"; + license = licenses.mit; + maintainers = with maintainers; [ pamplemousse ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/doas/default.nix b/nixpkgs/pkgs/tools/security/doas/default.nix index ce8b5825647c..58ada1086bcf 100644 --- a/nixpkgs/pkgs/tools/security/doas/default.nix +++ b/nixpkgs/pkgs/tools/security/doas/default.nix @@ -1,15 +1,19 @@ -{ stdenv, lib, fetchFromGitHub, bison, pam }: +{ stdenv +, lib +, fetchFromGitHub +, bison +, pam +}: stdenv.mkDerivation rec { pname = "doas"; - - version = "6.0"; + version = "6.6.1"; src = fetchFromGitHub { owner = "Duncaen"; repo = "OpenDoas"; rev = "v${version}"; - sha256 = "1j50l3jvbgvg8vmp1nx6vrjxkbj5bvfh3m01bymzfn25lkwwhz1x"; + sha256 = "07kkc5729p654jrgfsc8zyhiwicgmq38yacmwfvay2b3gmy728zn"; }; # otherwise confuses ./configure @@ -26,6 +30,6 @@ stdenv.mkDerivation rec { homepage = "https://github.com/Duncaen/OpenDoas"; license = licenses.isc; platforms = platforms.linux; - maintainers = with maintainers; [ cstrahan ]; + maintainers = with maintainers; [ cole-h cstrahan ]; }; } diff --git a/nixpkgs/pkgs/tools/security/genpass/default.nix b/nixpkgs/pkgs/tools/security/genpass/default.nix new file mode 100644 index 000000000000..ee3eebac991b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/genpass/default.nix @@ -0,0 +1,25 @@ +{ stdenv +, fetchFromGitHub +, rustPlatform +}: +rustPlatform.buildRustPackage rec { + pname = "genpass"; + version = "0.4.1"; + + src = fetchFromGitHub { + owner = "cyplo"; + repo = pname; + rev = "v${version}"; + sha256 = "1b22m7g55k5ry0vwyd8pakh8rmfkhk37qy5r74cn3n5pv3fcwini"; + }; + + cargoSha256 = "1p6l64s9smhwka8bh3pamqimamxziad859i62nrmxzqc49nq5s7m"; + + meta = with stdenv.lib; { + description = "A simple yet robust commandline random password generator."; + homepage = "https://github.com/cyplo/genpass"; + license = licenses.agpl3; + platforms = platforms.all; + maintainers = with maintainers; [ cyplo ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix b/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix index c2f6da9812f7..d430a689524a 100644 --- a/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix +++ b/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix @@ -53,7 +53,7 @@ python3.pkgs.buildPythonApplication rec { gst_all_1.gstreamer gst_all_1.gst-plugins-base (gst_all_1.gst-plugins-good.override { gtkSupport = true; }) - gst_all_1.gst-plugins-bad # for zbar plug-in + (gst_all_1.gst-plugins-bad.override { enableZbar = true; }) # for zbar plug-in ]; propagatedBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/gnupg/20.nix b/nixpkgs/pkgs/tools/security/gnupg/20.nix index ea9001607526..f5b693fed35a 100644 --- a/nixpkgs/pkgs/tools/security/gnupg/20.nix +++ b/nixpkgs/pkgs/tools/security/gnupg/20.nix @@ -4,7 +4,7 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. , pinentry ? null, guiSupport ? false -, openldap ? null, bzip2 ? null, libusb ? null, curl ? null +, openldap ? null, bzip2 ? null, libusb-compat-0_1 ? null, curl ? null }: with stdenv.lib; @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { buildInputs = [ readline zlib libgpgerror libgcrypt libassuan libksba pth - openldap bzip2 libusb curl libiconv ]; + openldap bzip2 libusb-compat-0_1 curl libiconv ]; patches = [ ./gpgkey2ssh-20.patch ]; diff --git a/nixpkgs/pkgs/tools/security/gopass/default.nix b/nixpkgs/pkgs/tools/security/gopass/default.nix index 8af24bf7ab52..a16701f48ea8 100644 --- a/nixpkgs/pkgs/tools/security/gopass/default.nix +++ b/nixpkgs/pkgs/tools/security/gopass/default.nix @@ -1,20 +1,29 @@ -{ stdenv, buildGoPackage, fetchFromGitHub, git, gnupg, xclip, wl-clipboard, makeWrapper }: +{ stdenv, makeWrapper +, buildGoModule, fetchFromGitHub, installShellFiles +, git +, gnupg +, xclip +, wl-clipboard +, passAlias ? false +}: -buildGoPackage rec { +buildGoModule rec { pname = "gopass"; - version = "1.8.6"; + version = "1.9.1"; - goPackagePath = "github.com/gopasspw/gopass"; - - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ installShellFiles makeWrapper ]; src = fetchFromGitHub { owner = "gopasspw"; repo = pname; rev = "v${version}"; - sha256 = "0v3sx9hb03bdn4rvsv2r0jzif6p1rx47hrkpsbnwva31k396mck2"; + sha256 = "19xhyyd76r17rwn6s8xgfjnyi7kywagy0i4anqws40w79j3qb1p0"; }; + modSha256 = "0zr4ihpcclw5pfhcdrd4n4qb3i3djcwyvwr4m2kpn99icp55bml8"; + + buildFlagsArray = [ "-ldflags=-s -w -X main.version=${version} -X main.commit=${src.rev}" ]; + wrapperPath = stdenv.lib.makeBinPath ([ git gnupg @@ -22,17 +31,16 @@ buildGoPackage rec { ] ++ stdenv.lib.optional stdenv.isLinux wl-clipboard); postInstall = '' - mkdir -p \ - $bin/share/bash-completion/completions \ - $bin/share/zsh/site-functions \ - $bin/share/fish/vendor_completions.d - $bin/bin/gopass completion bash > $bin/share/bash-completion/completions/_gopass - $bin/bin/gopass completion zsh > $bin/share/zsh/site-functions/_gopass - $bin/bin/gopass completion fish > $bin/share/fish/vendor_completions.d/gopass.fish + for shell in bash fish zsh; do + $out/bin/gopass completion $shell > gopass.$shell + installShellCompletion gopass.$shell + done + '' + stdenv.lib.optionalString passAlias '' + ln -s $out/bin/gopass $out/bin/pass ''; postFixup = '' - wrapProgram $bin/bin/gopass \ + wrapProgram $out/bin/gopass \ --prefix PATH : "${wrapperPath}" ''; @@ -40,7 +48,7 @@ buildGoPackage rec { description = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go."; homepage = "https://www.gopass.pw/"; license = licenses.mit; - maintainers = with maintainers; [ andir ]; + maintainers = with maintainers; [ andir rvolosatovs ]; platforms = platforms.unix; longDescription = '' diff --git a/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix b/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix index f1c2cee9f3a6..6a2eee471432 100644 --- a/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix +++ b/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix @@ -1,7 +1,7 @@ { stdenv, lib, fetchFromGitHub, openssl }: stdenv.mkDerivation rec { - pname = "hxcdumptool"; + pname = "hcxdumptool"; version = "6.0.5"; src = fetchFromGitHub { diff --git a/nixpkgs/pkgs/tools/security/hcxtools/default.nix b/nixpkgs/pkgs/tools/security/hcxtools/default.nix index 84517ce2bd8b..5634ee6cff06 100644 --- a/nixpkgs/pkgs/tools/security/hcxtools/default.nix +++ b/nixpkgs/pkgs/tools/security/hcxtools/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hcxtools"; - version = "6.0.1"; + version = "6.0.2"; src = fetchFromGitHub { owner = "ZerBea"; repo = pname; rev = version; - sha256 = "0r7pjz89chgb7zl2pqgw3zb1z8cgwp0nxmqvmkv0jn1m9dw3f44f"; + sha256 = "0a36184igdgs2h83zr4zihc5acps91ipmgph37jakvzwrsn64ma6"; }; buildInputs = [ curl openssl zlib ]; diff --git a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix index f2314d7a0e87..2161aa5f1cd8 100644 --- a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "jwt-cli"; - version = "3.0.1"; + version = "3.1.0"; src = fetchFromGitHub { owner = "mike-engel"; repo = pname; rev = version; - sha256 = "108pwk0h6zcbfmp0k8rhjxaa9yk8rhb78aaql22x48n11fnjl27i"; + sha256 = "0pmxis3m3madwnmswz9hn0i8fz6a9bg11slgrrwql7mx23ijqf6y"; }; - cargoSha256 = "1xh2ylx5fqblhlrs8yhl3zf8kvgrqnwdwmix6yzch9bi5mv5c11w"; + cargoSha256 = "165g1v0c8jxs8ddm8ld0hh7k8mvk3566ig43pf99hnw009fg1yc2"; buildInputs = stdenv.lib.optional stdenv.isDarwin Security; diff --git a/nixpkgs/pkgs/tools/security/keybase/default.nix b/nixpkgs/pkgs/tools/security/keybase/default.nix index 2d8957a9d540..bbc99c2ac410 100644 --- a/nixpkgs/pkgs/tools/security/keybase/default.nix +++ b/nixpkgs/pkgs/tools/security/keybase/default.nix @@ -6,7 +6,7 @@ buildGoPackage rec { pname = "keybase"; - version = "5.3.1"; + version = "5.4.2"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/kbnm" "go/keybase" ]; @@ -17,7 +17,7 @@ buildGoPackage rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - sha256 = "1a1h2c8jr4r20w4gyvyrpsslmh69bl8syl3jbr0fcr2kka7vqnzg"; + sha256 = "08lw5aw962f75xi42bwbgba94hiql2n2jnsxrkx84czi0ijs1wlr"; }; patches = [ @@ -35,7 +35,7 @@ buildGoPackage rec { homepage = "https://www.keybase.io/"; description = "The Keybase official command-line utility and service."; platforms = platforms.linux ++ platforms.darwin; - maintainers = with maintainers; [ carlsverre np rvolosatovs filalex77 ]; + maintainers = with maintainers; [ avaq carlsverre np rvolosatovs filalex77 ]; license = licenses.bsd3; }; } diff --git a/nixpkgs/pkgs/tools/security/keybase/gui.nix b/nixpkgs/pkgs/tools/security/keybase/gui.nix index 9c34d78aee8e..054907843909 100644 --- a/nixpkgs/pkgs/tools/security/keybase/gui.nix +++ b/nixpkgs/pkgs/tools/security/keybase/gui.nix @@ -4,16 +4,16 @@ , runtimeShell, gsettings-desktop-schemas }: let - versionSuffix = "20200320154633.3e235215b3"; + versionSuffix = "20200424214931.7b0bbf1e3c"; in stdenv.mkDerivation rec { pname = "keybase-gui"; - version = "5.3.1"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "5.4.2"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - sha256 = "00k1xg27arbqpa836c55fhkxjvjbhjgkf6jqzprjzz76zksfdcx4"; + sha256 = "06iksmrr959mlzxc3nwd70apmvhij1xarxvvflys5qa31vravizs"; }; nativeBuildInputs = [ @@ -108,7 +108,7 @@ stdenv.mkDerivation rec { homepage = "https://www.keybase.io/"; description = "The Keybase official GUI"; platforms = platforms.linux; - maintainers = with maintainers; [ rvolosatovs puffnfresh np filalex77 ]; + maintainers = with maintainers; [ avaq rvolosatovs puffnfresh np filalex77 ]; license = licenses.bsd3; }; } diff --git a/nixpkgs/pkgs/tools/security/keybase/kbfs.nix b/nixpkgs/pkgs/tools/security/keybase/kbfs.nix index 20fadee6a40e..e9284e7230fb 100644 --- a/nixpkgs/pkgs/tools/security/keybase/kbfs.nix +++ b/nixpkgs/pkgs/tools/security/keybase/kbfs.nix @@ -16,7 +16,7 @@ buildGoPackage { homepage = "https://keybase.io/docs/kbfs"; description = "The Keybase filesystem"; platforms = platforms.unix; - maintainers = with maintainers; [ rvolosatovs bennofs np ]; + maintainers = with maintainers; [ avaq rvolosatovs bennofs np ]; license = licenses.bsd3; }; } diff --git a/nixpkgs/pkgs/tools/security/kpcli/default.nix b/nixpkgs/pkgs/tools/security/kpcli/default.nix index f56bd59cd9af..09916f85f9e6 100644 --- a/nixpkgs/pkgs/tools/security/kpcli/default.nix +++ b/nixpkgs/pkgs/tools/security/kpcli/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, makeWrapper, perl, perlPackages }: stdenv.mkDerivation rec { - version = "3.3"; + version = "3.4"; pname = "kpcli"; src = fetchurl { url = "mirror://sourceforge/kpcli/${pname}-${version}.pl"; - sha256 = "1z6dy70d3ag16vgzzafcnxb8gap3wahfmy4vd22fpgbrdd6riph4"; + sha256 = "0s46cni16ph93havmkrlai3k13mdppyca1s2bqm751a6rirmsgj0"; }; buildInputs = [ makeWrapper perl ]; diff --git a/nixpkgs/pkgs/tools/security/libacr38u/default.nix b/nixpkgs/pkgs/tools/security/libacr38u/default.nix index 45d0279099fd..b56c15af3d62 100644 --- a/nixpkgs/pkgs/tools/security/libacr38u/default.nix +++ b/nixpkgs/pkgs/tools/security/libacr38u/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, pcsclite , libusb }: +{ stdenv, fetchurl, pkgconfig, pcsclite , libusb-compat-0_1 }: stdenv.mkDerivation { version = "1.7.11"; @@ -12,7 +12,7 @@ stdenv.mkDerivation { doCheck = true; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ pcsclite libusb ]; + buildInputs = [ pcsclite libusb-compat-0_1 ]; preBuild = '' makeFlagsArray=(usbdropdir="$out/pcsc/drivers"); diff --git a/nixpkgs/pkgs/tools/security/notary/default.nix b/nixpkgs/pkgs/tools/security/notary/default.nix index 4f0b5f2c9548..15797fc86650 100644 --- a/nixpkgs/pkgs/tools/security/notary/default.nix +++ b/nixpkgs/pkgs/tools/security/notary/default.nix @@ -26,7 +26,7 @@ buildGoPackage rec { installPhase = '' runHook preInstall - install -D bin/notary $bin/bin/notary + install -D bin/notary $out/bin/notary runHook postInstall ''; diff --git a/nixpkgs/pkgs/tools/security/p0f/default.nix b/nixpkgs/pkgs/tools/security/p0f/default.nix index 1e618cdce1ad..02d888b725ff 100644 --- a/nixpkgs/pkgs/tools/security/p0f/default.nix +++ b/nixpkgs/pkgs/tools/security/p0f/default.nix @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { meta = { description = "Passive network reconnaissance and fingerprinting tool"; - homepage = "http://lcamtuf.coredump.cx/p0f3/"; + homepage = "https://lcamtuf.coredump.cx/p0f3/"; license = stdenv.lib.licenses.lgpl21; platforms = stdenv.lib.platforms.linux; maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; diff --git a/nixpkgs/pkgs/tools/security/pass/default.nix b/nixpkgs/pkgs/tools/security/pass/default.nix index 46dfafa81519..76b90d5b8858 100644 --- a/nixpkgs/pkgs/tools/security/pass/default.nix +++ b/nixpkgs/pkgs/tools/security/pass/default.nix @@ -144,7 +144,7 @@ stdenv.mkDerivation rec { description = "Stores, retrieves, generates, and synchronizes passwords securely"; homepage = "https://www.passwordstore.org/"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher globin ma27 ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher globin ma27 ]; platforms = platforms.unix; longDescription = '' diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/audit/0001-Make-it-possible-to-run-the-tests-offline.patch b/nixpkgs/pkgs/tools/security/pass/extensions/audit/0001-Make-it-possible-to-run-the-tests-offline.patch deleted file mode 100644 index 36faf3140ccd..000000000000 --- a/nixpkgs/pkgs/tools/security/pass/extensions/audit/0001-Make-it-possible-to-run-the-tests-offline.patch +++ /dev/null @@ -1,175 +0,0 @@ -From 37c2b4d2940476555aeec20fe1e5e3fa0492a94e Mon Sep 17 00:00:00 2001 -From: Maximilian Bosch <maximilian@mbosch.me> -Date: Sun, 15 Mar 2020 19:58:53 +0100 -Subject: [PATCH] Make it possible to run the tests offline - -Helpful when developing without network access, also makes sure that -the test actually depend on the API's data like number of breaches -(which will change in time). ---- - tests/commons.py | 25 +++++++++++++++++++++++++ - tests/test_audit.py | 8 +++++--- - tests/test_pass_audit.py | 10 +++++++++- - tests/test_pwned.py | 8 +++++--- - 4 files changed, 44 insertions(+), 7 deletions(-) - -diff --git a/tests/commons.py b/tests/commons.py -index 13c4cb1..4f1ecd8 100644 ---- a/tests/commons.py -+++ b/tests/commons.py -@@ -56,3 +56,28 @@ class TestPass(TestBase): - for path in self.store.list(root): - data[path] = self.store.show(path) - return data -+ -+ -+def mock_request(*args, **kwargs): -+ class MockResponse: -+ def __init__(self): -+ data = [ -+ "D5EE0CB1A41071812CCED2F1930E6E1A5D2:2", -+ "2DC183F740EE76F27B78EB39C8AD972A757:52579", -+ "CF164D7A51A1FD864B1BF9E1CE8A3EC171B:4", -+ "D0B910E7A3028703C0B30039795E908CEB2:7", -+ "AD6438836DBE526AA231ABDE2D0EEF74D42:3", -+ "EBAB0A7CE978E0194608B572E4F9404AA21:3", -+ "17727EAB0E800E62A776C76381DEFBC4145:120", -+ "5370372AC65308F03F6ED75EC6068C8E1BE:1386", -+ "1E4C9B93F3F0682250B6CF8331B7EE68FD8:3730471", -+ "437FAA5A7FCE15D1DDCB9EAEAEA377667B8:123422", -+ "944C22589AC652B0F47918D58CA0CDCCB63:411" -+ ] -+ -+ self.text = "\r\n".join(data) -+ -+ def raise_for_status(self): -+ pass -+ -+ return MockResponse() -diff --git a/tests/test_audit.py b/tests/test_audit.py -index d8c7a9a..5e0a9cf 100644 ---- a/tests/test_audit.py -+++ b/tests/test_audit.py -@@ -17,12 +17,13 @@ - # - - from .. import pass_audit --from tests.commons import TestPass -- -+from tests.commons import TestPass, mock_request -+from unittest import mock - - class TestPassAudit(TestPass): - passwords_nb = 7 - -+ @mock.patch('requests.get', mock_request) - def test_password_notpwned(self): - """Testing: pass audit for password not breached with K-anonymity method.""" - data = self._getdata("Password/notpwned") -@@ -30,9 +31,10 @@ class TestPassAudit(TestPass): - breached = audit.password() - self.assertTrue(len(breached) == 0) - -+ @mock.patch('requests.get', mock_request) - def test_password_pwned(self): - """Testing: pass audit for password breached with K-anonymity method.""" -- ref_counts = [51259, 3, 114, 1352, 3645804, 78773, 396] -+ ref_counts = [52579, 3, 120, 1386, 3730471, 123422, 411] - data = self._getdata("Password/pwned") - audit = pass_audit.PassAudit(data) - breached = audit.password() -diff --git a/tests/test_pass_audit.py b/tests/test_pass_audit.py -index 4c10f87..2c949f7 100644 ---- a/tests/test_pass_audit.py -+++ b/tests/test_pass_audit.py -@@ -19,7 +19,8 @@ - import os - - from .. import pass_audit --from tests.commons import TestPass -+from tests.commons import TestPass, mock_request -+from unittest import mock - - - class TestPassAuditCMD(TestPass): -@@ -47,6 +48,7 @@ class TestPassAuditCMD(TestPass): - cmd = ['--not-an-option', '-q'] - self._passaudit(cmd, 2) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_StoreNotInitialized(self): - """Testing: store not initialized.""" - cmd = ['Password/', '-v'] -@@ -56,6 +58,7 @@ class TestPassAuditCMD(TestPass): - os.rename(os.path.join(self.store.prefix, 'backup.gpg-id'), - os.path.join(self.store.prefix, '.gpg-id')) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_InvalidID(self): - """Testing: invalid user ID.""" - os.rename(os.path.join(self.store.prefix, '.gpg-id'), -@@ -66,26 +69,31 @@ class TestPassAuditCMD(TestPass): - os.rename(os.path.join(self.store.prefix, 'backup.gpg-id'), - os.path.join(self.store.prefix, '.gpg-id')) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_NotAFile(self): - """Testing: pass audit not_a_file.""" - cmd = ['not_a_file'] - self._passaudit(cmd, 1) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_passwords_notpwned(self): - """Testing: pass audit Password/notpwned.""" - cmd = ['Password/notpwned'] - self._passaudit(cmd) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_passwords_pwned(self): - """Testing: pass audit Password/pwned.""" - cmd = ['Password/pwned'] - self._passaudit(cmd) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_passwords_good(self): - """Testing: pass audit Password/good.""" - cmd = ['Password/good'] - self._passaudit(cmd) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_passwords_all(self): - """Testing: pass audit .""" - cmd = [''] -diff --git a/tests/test_pwned.py b/tests/test_pwned.py -index 5ce6bc6..c28939a 100644 ---- a/tests/test_pwned.py -+++ b/tests/test_pwned.py -@@ -17,7 +17,8 @@ - # - - from .. import pass_audit --from tests.commons import TestPass -+from tests.commons import TestPass, mock_request -+from unittest import mock - - - class TestPwnedAPI(TestPass): -@@ -25,12 +26,13 @@ class TestPwnedAPI(TestPass): - def setUp(self): - self.api = pass_audit.PwnedAPI() - -+ @mock.patch('requests.get', mock_request) - def test_password_range(self): - """Testing: https://api.haveibeenpwned.com/range API.""" - prefix = '21BD1' - Hash = '21BD12DC183F740EE76F27B78EB39C8AD972A757' - hashes, counts = self.api.password_range(prefix) - self.assertIn(Hash, hashes) -- self.assertTrue(counts[hashes.index(Hash)] == 51259) -+ self.assertTrue(counts[hashes.index(Hash)] == 52579) - self.assertTrue(len(hashes) == len(counts)) -- self.assertTrue(len(hashes) == 527) -+ self.assertTrue(len(hashes) == 11) --- -2.25.0 - diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix b/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix index 5f8e0f7b1c60..144d13238f26 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix @@ -5,23 +5,24 @@ let in stdenv.mkDerivation rec { pname = "pass-audit"; - version = "1.0.1"; + version = "1.1"; src = fetchFromGitHub { owner = "roddhjav"; repo = "pass-audit"; rev = "v${version}"; - sha256 = "1mdckw0dwcnv8smp1za96y0zmdnykbkw2606v7mzfnzbz4zjdlwl"; + sha256 = "1vapymgpab91kh798mirgs1nb7j9qln0gm2d3321cmsghhb7xs45"; }; patches = [ - ./0001-Make-it-possible-to-run-the-tests-offline.patch ./0002-Fix-audit.bash-setup.patch ]; postPatch = '' substituteInPlace audit.bash \ - --replace '/usr/bin/env python3' "${pythonEnv}/bin/python3" + --replace 'python3' "${pythonEnv}/bin/python3" + substituteInPlace Makefile \ + --replace "install --root" "install --prefix ''' --root" ''; outputs = [ "out" "man" ]; diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix index c2fc2cff8815..cc5f0c94e119 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix @@ -53,7 +53,7 @@ in stdenv.mkDerivation rec { description = "Pass extension for importing data from existing password managers"; homepage = "https://github.com/roddhjav/pass-import"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix b/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix index f5b61207de66..43c74a9029b3 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { description = "Pass extension that keeps the password store encrypted inside a tomb"; homepage = "https://github.com/roddhjav/pass-tomb"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/update.nix b/nixpkgs/pkgs/tools/security/pass/extensions/update.nix index 5bc88d394e75..b2f331f13757 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/update.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/update.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { description = "Pass extension that provides an easy flow for updating passwords"; homepage = "https://github.com/roddhjav/pass-update"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix b/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix index 7daf42ab6c79..b3c086488629 100644 --- a/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix +++ b/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix @@ -50,7 +50,6 @@ stdenv.mkDerivation rec { meta = { description = "A script to make rofi work with password-store"; homepage = "https://github.com/carnager/rofi-pass"; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; license = stdenv.lib.licenses.gpl3; platforms = with stdenv.lib.platforms; linux; }; diff --git a/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix b/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix index cb651ff7ce15..7ae062547aa2 100644 --- a/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix @@ -1,25 +1,28 @@ { stdenv, fetchurl, autoreconfHook, pkgconfig, libusb1, pcsclite }: -stdenv.mkDerivation rec { +let + version = "3.99.5"; + suffix = "SP13"; + tarBall = "${version}final.${suffix}"; + +in stdenv.mkDerivation rec { pname = "pcsc-cyberjack"; - version = "3.99.5_SP13"; - - src = with stdenv.lib; let - splittedVer = splitString "_" version; - mainVer = if length splittedVer >= 1 then head splittedVer else version; - spVer = optionalString (length splittedVer >= 1) ("." + last splittedVer); - tarballVersion = "${mainVer}final${spVer}"; - in fetchurl { - url = "http://support.reiner-sct.de/downloads/LINUX/V${version}" - + "/pcsc-cyberjack_${tarballVersion}.tar.gz"; + inherit version; + + src = fetchurl { + url = + "http://support.reiner-sct.de/downloads/LINUX/V${version}_${suffix}/${pname}_${tarBall}.tar.gz"; sha256 = "1lx4bfz4riz7j77sl65akyxzww0ygm63w0c1b75knr1pijlv8d3b"; }; outputs = [ "out" "tools" ]; nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ libusb1 pcsclite ]; + enableParallelBuilding = true; + configureFlags = [ "--with-usbdropdir=${placeholder "out"}/pcsc/drivers" "--bindir=${placeholder "tools"}/bin" @@ -31,7 +34,7 @@ stdenv.mkDerivation rec { description = "REINER SCT cyberJack USB chipcard reader user space driver"; homepage = "https://www.reiner-sct.com/"; license = licenses.gpl2Plus; - platforms = platforms.linux; maintainers = with maintainers; [ aszlig ]; + platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix index b400d628fd77..62f4c3e85564 100644 --- a/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, unzip, libusb }: +{ stdenv, fetchurl, unzip, libusb-compat-0_1 }: let arch = if stdenv.hostPlatform.system == "i686-linux" then "32" @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { cp -r proprietary/*.bundle $out/pcsc/drivers ''; - libPath = stdenv.lib.makeLibraryPath [ libusb ]; + libPath = stdenv.lib.makeLibraryPath [ libusb-compat-0_1 ]; fixupPhase = '' patchelf --set-rpath $libPath \ diff --git a/nixpkgs/pkgs/tools/security/pdfcrack/default.nix b/nixpkgs/pkgs/tools/security/pdfcrack/default.nix index 9d05304cf2f6..afef0d4c4723 100644 --- a/nixpkgs/pkgs/tools/security/pdfcrack/default.nix +++ b/nixpkgs/pkgs/tools/security/pdfcrack/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pdfcrack"; - version = "0.18"; + version = "0.19"; src = fetchurl { url = "mirror://sourceforge/pdfcrack/pdfcrack/pdfcrack-${version}.tar.gz"; - sha256 = "035s3jzrs3ci0i53x04dzpqp9225c4s52cd722d6zqra5b2sw8w2"; + sha256 = "1vf0l83xk627fg0a3b10wabgqxy08q4vbm0xjw9xzkdpk1lj059i"; }; installPhase = '' diff --git a/nixpkgs/pkgs/tools/security/prey/default.nix b/nixpkgs/pkgs/tools/security/prey/default.nix deleted file mode 100644 index c66756012311..000000000000 --- a/nixpkgs/pkgs/tools/security/prey/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ stdenv, fetchurl, fetchgit, curl, scrot, imagemagick, xawtv, inetutils, makeWrapper, coreutils -, apiKey ? "" -, deviceKey ? "" }: - -# TODO: this should assert keys are set, somehow if set through .override assertion fails -#assert apiKey != ""; -#assert deviceKey != ""; - -let - modulesSrc = fetchgit { - url = "git://github.com/prey/prey-bash-client-modules.git"; - rev = "aba260ef110834cb2e92923a31f50c15970639ee"; - sha256 = "9cb1ad813d052a0a3e3bbdd329a8711ae3272e340379489511f7dd578d911e30"; - }; -in stdenv.mkDerivation rec { - pname = "prey-bash-client"; - version = "0.6.0"; - - src = fetchurl { - url = "https://github.com/prey/prey-bash-client/archive/v${version}.tar.gz"; - sha256 = "09cb15jh4jdwvix9nx048ajkw2r5jaflk68y3rkha541n8n0qwh0"; - }; - - buildInputs = [ curl scrot imagemagick xawtv makeWrapper ]; - - phases = "unpackPhase installPhase"; - - installPhase = '' - substituteInPlace config --replace api_key=\'\' "api_key='${apiKey}'" - substituteInPlace config --replace device_key=\'\' "device_key='${deviceKey}'" - - substituteInPlace prey.sh --replace /bin/bash $(type -Pp bash) - mkdir -p $out/modules - cp -R . $out - cp -R ${modulesSrc}/* $out/modules/ - wrapProgram "$out/prey.sh" \ - --prefix PATH ":" "${stdenv.lib.makeBinPath [ xawtv imagemagick curl scrot inetutils coreutils ]}" \ - --set CURL_CA_BUNDLE "/etc/ssl/certs/ca-certificates.crt" - ''; - - meta = with stdenv.lib; { - homepage = "https://preyproject.com"; - description = "Proven tracking software that helps you find, lock and recover your devices when stolen or missing"; - maintainers = with maintainers; [ domenkozar ]; - license = licenses.gpl3; - platforms = with platforms; linux; - }; -} diff --git a/nixpkgs/pkgs/tools/security/super/default.nix b/nixpkgs/pkgs/tools/security/super/default.nix index 73321fd618e3..070517310696 100644 --- a/nixpkgs/pkgs/tools/security/super/default.nix +++ b/nixpkgs/pkgs/tools/security/super/default.nix @@ -17,9 +17,11 @@ stdenv.mkDerivation rec { ''; patches = [ - (fetchpatch { url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch"; - sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; - }) + (fetchpatch { + name = "CVE-2014-0470.patch"; + url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch"; + sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; + }) ]; NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE"; diff --git a/nixpkgs/pkgs/tools/security/tor/default.nix b/nixpkgs/pkgs/tools/security/tor/default.nix index 215ab63328fc..e6cd74eda4b1 100644 --- a/nixpkgs/pkgs/tools/security/tor/default.nix +++ b/nixpkgs/pkgs/tools/security/tor/default.nix @@ -30,6 +30,10 @@ stdenv.mkDerivation rec { patches = [ ./disable-monotonic-timer-tests.patch ]; + # cross compiles correctly but needs the following + configureFlags = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) + "--disable-tool-name-check"; + NIX_CFLAGS_LINK = stdenv.lib.optionalString stdenv.cc.isGNU "-lgcc_s"; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/trufflehog/default.nix b/nixpkgs/pkgs/tools/security/trufflehog/default.nix index a02059703664..353590ed87c8 100644 --- a/nixpkgs/pkgs/tools/security/trufflehog/default.nix +++ b/nixpkgs/pkgs/tools/security/trufflehog/default.nix @@ -1,22 +1,22 @@ -{ lib, pythonPackages }: +{ lib, python3Packages }: let - truffleHogRegexes = pythonPackages.buildPythonPackage rec { + truffleHogRegexes = python3Packages.buildPythonPackage rec { pname = "truffleHogRegexes"; - version = "0.0.4"; - src = pythonPackages.fetchPypi { + version = "0.0.7"; + src = python3Packages.fetchPypi { inherit pname version; - sha256 = "09vrscbb4h4w01gmamlzghxx6cvrqdscylrbdcnbjsd05xl7zh4z"; + sha256 = "b81dfc60c86c1e353f436a0e201fd88edb72d5a574615a7858485c59edf32405"; }; }; in - pythonPackages.buildPythonApplication rec { + python3Packages.buildPythonApplication rec { pname = "truffleHog"; - version = "2.0.97"; + version = "2.1.11"; - src = pythonPackages.fetchPypi { + src = python3Packages.fetchPypi { inherit pname version; - sha256 = "034kpv1p4m90286slvc6d4mlrzaf0b5jbd4qaj87hj65wbpcpg8r"; + sha256 = "53619f0c5be082abd377f987291ace80bc3b88f864972b1a30494780980f769e"; }; # Relax overly restricted version constraint @@ -24,7 +24,7 @@ in substituteInPlace setup.py --replace "GitPython ==" "GitPython >= " ''; - propagatedBuildInputs = [ pythonPackages.GitPython truffleHogRegexes ]; + propagatedBuildInputs = [ python3Packages.GitPython truffleHogRegexes ]; # Test cases run git clone and require network access doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/vault/default.nix b/nixpkgs/pkgs/tools/security/vault/default.nix index 54be477cfe2c..515b5884999e 100644 --- a/nixpkgs/pkgs/tools/security/vault/default.nix +++ b/nixpkgs/pkgs/tools/security/vault/default.nix @@ -1,28 +1,30 @@ -{ stdenv, fetchFromGitHub, buildGoPackage }: +{ stdenv, fetchFromGitHub, buildGoPackage, installShellFiles }: buildGoPackage rec { pname = "vault"; - version = "1.4.0"; + version = "1.4.1"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "13ycg9shara4ycbi79wj28z6nimnsqgisbf35ca3q9w066ac0ja2"; + sha256 = "0fbbvihvlzh95rrk65bwxfcam6y57q0yffq8dzvcbm3i0ap7ndar"; }; goPackagePath = "github.com/hashicorp/vault"; subPackages = [ "." ]; + nativeBuildInputs = [ installShellFiles ]; + buildFlagsArray = [ "-tags='vault'" "-ldflags=\"-X github.com/hashicorp/vault/sdk/version.GitCommit='v${version}'\"" ]; postInstall = '' - mkdir -p $bin/share/bash-completion/completions - echo "complete -C $bin/bin/vault vault" > $bin/share/bash-completion/completions/vault + echo "complete -C $out/bin/vault vault" > vault.bash + installShellCompletion vault.bash ''; meta = with stdenv.lib; { diff --git a/nixpkgs/pkgs/tools/security/verifpal/default.nix b/nixpkgs/pkgs/tools/security/verifpal/default.nix index 95afb580d4e1..e1e5e100bd11 100644 --- a/nixpkgs/pkgs/tools/security/verifpal/default.nix +++ b/nixpkgs/pkgs/tools/security/verifpal/default.nix @@ -28,8 +28,8 @@ buildGoPackage rec { ''; installPhase = '' - mkdir -p $bin/bin - cp go/src/$goPackagePath/build/bin/linux/verifpal $bin/bin/ + mkdir -p $out/bin + cp go/src/$goPackagePath/build/bin/linux/verifpal $out/bin/ ''; meta = { |