diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-03-30 13:30:47 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-03-31 10:13:20 +0000 |
commit | f2e61678de300336b3666afd19af7565efb0c4cf (patch) | |
tree | 49f6906c9d557f7fdd58257ff85ec17fc4495f31 /nixpkgs/pkgs/tools/security | |
parent | f920d5e07c29a9aa1b77d9b88bd604cf1a1f3664 (diff) | |
parent | 00e27c78d3d2de6964096ceee8d70e5b487365e3 (diff) | |
download | nixlib-f2e61678de300336b3666afd19af7565efb0c4cf.tar nixlib-f2e61678de300336b3666afd19af7565efb0c4cf.tar.gz nixlib-f2e61678de300336b3666afd19af7565efb0c4cf.tar.bz2 nixlib-f2e61678de300336b3666afd19af7565efb0c4cf.tar.lz nixlib-f2e61678de300336b3666afd19af7565efb0c4cf.tar.xz nixlib-f2e61678de300336b3666afd19af7565efb0c4cf.tar.zst nixlib-f2e61678de300336b3666afd19af7565efb0c4cf.zip |
Merge commit '00e27c78d3d2de6964096ceee8d70e5b487365e3'
Conflicts: nixpkgs/nixos/modules/system/boot/systemd.nix nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix nixpkgs/pkgs/applications/version-management/git-and-tools/cgit/common.nix nixpkgs/pkgs/applications/version-management/git-and-tools/cgit/default.nix nixpkgs/pkgs/applications/version-management/git-and-tools/cgit/pink.nix nixpkgs/pkgs/top-level/all-packages.nix
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
45 files changed, 450 insertions, 254 deletions
diff --git a/nixpkgs/pkgs/tools/security/amber/default.nix b/nixpkgs/pkgs/tools/security/amber/default.nix index 5fb88ca9921b..c2196cea686a 100644 --- a/nixpkgs/pkgs/tools/security/amber/default.nix +++ b/nixpkgs/pkgs/tools/security/amber/default.nix @@ -3,16 +3,16 @@ rustPlatform.buildRustPackage rec { # Renaming it to amber-secret because another package named amber exists pname = "amber-secret"; - version = "0.1.2"; + version = "0.1.3"; src = fetchFromGitHub { owner = "fpco"; repo = "amber"; rev = "v${version}"; - sha256 = "sha256-+vipQl/HWoYnOPkQLjeIedpnnqPVYaUWhks9eCgMOxQ="; + sha256 = "sha256-kPDNTwsfI+8nOgsLv2aONrLGSRZhw5YzNntJ2tbE0oI="; }; - cargoSha256 = "sha256-xWEQvCyd8auE0q9rBt9iDgU8Dscf4pq/gsAINH2eQY4="; + cargoSha256 = "sha256-fTdTgbeOQXEpLHq9tHiPLkttvaxS/WJ86h3jRdrfbJM="; buildInputs = lib.optionals stdenv.isDarwin [ Security ]; diff --git a/nixpkgs/pkgs/tools/security/authoscope/default.nix b/nixpkgs/pkgs/tools/security/authoscope/default.nix index eafd5ebb7d2f..f21df67035e4 100644 --- a/nixpkgs/pkgs/tools/security/authoscope/default.nix +++ b/nixpkgs/pkgs/tools/security/authoscope/default.nix @@ -12,16 +12,16 @@ rustPlatform.buildRustPackage rec { pname = "authoscope"; - version = "0.8.0"; + version = "0.8.1"; src = fetchFromGitHub { owner = "kpcyrd"; repo = pname; rev = "v${version}"; - sha256 = "11ci38m6d3lj4f0g7cl3dqf10kfk258k2k92phd2nav1my4i90pf"; + sha256 = "sha256-SKgb/N249s0+Rb59moBT/MeFb4zAAElCMQJto0diyUk="; }; - cargoSha256 = "13x7i52i3k88vkfvk2smy2aqfg3na4317scvw7ali1rv545nbxds"; + cargoSha256 = "sha256-rSHuKy86iJNLAKSVcb7fn7A/cc75EOc97jGI14EaC6k="; nativeBuildInputs = [ installShellFiles diff --git a/nixpkgs/pkgs/tools/security/cameradar/default.nix b/nixpkgs/pkgs/tools/security/cameradar/default.nix index 569be38ee28a..950132ea0b8b 100644 --- a/nixpkgs/pkgs/tools/security/cameradar/default.nix +++ b/nixpkgs/pkgs/tools/security/cameradar/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "cameradar"; - version = "5.0.1"; + version = "5.0.2"; src = fetchFromGitHub { owner = "Ullaakut"; repo = pname; rev = "v${version}"; - sha256 = "03nm03cqhq04ixw4rssfkgrin918pa0v7ai26v4h99gz7j8hs7ll"; + sha256 = "sha256-GOqmz/aiOLGMfs9rQBIEQSgBycPzhu8BohcAc2U+gBw="; }; - vendorSha256 = "099np130dn51nb4lcyrrm46fihfipxrw0vpqs2jh5g4c6pnbk200"; + vendorSha256 = "sha256-AIi57DWMvAKl0PhuwHO/0cHoDKk5e0bJsqHYBka4NiU="; nativeBuildInputs = [ pkg-config diff --git a/nixpkgs/pkgs/tools/security/cariddi/default.nix b/nixpkgs/pkgs/tools/security/cariddi/default.nix index 9f29826808db..74e9b05b2370 100644 --- a/nixpkgs/pkgs/tools/security/cariddi/default.nix +++ b/nixpkgs/pkgs/tools/security/cariddi/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "cariddi"; - version = "1.1.5"; + version = "1.1.6"; src = fetchFromGitHub { owner = "edoardottt"; repo = pname; rev = "v${version}"; - sha256 = "sha256-PXQljC9rwlxXQ96fII3EjD4NXu61EMkYvMWqkcJZ4vU="; + sha256 = "sha256-/ez2biYU8NnVny8v5Mu9pLq0oqzcIenpyEb3qkPd9v8="; }; - vendorSha256 = "sha256-zNUdglsfy6lEV54afCAoigxa3rR0qf/e3+B4PvVRIa4="; + vendorSha256 = "sha256-zJ39tAq+ooROMHG1vC2m2rbq+wttxqYxAd2hLg5GtJM="; meta = with lib; { description = "Crawler for URLs and endpoints"; diff --git a/nixpkgs/pkgs/tools/security/cfripper/default.nix b/nixpkgs/pkgs/tools/security/cfripper/default.nix index 39b0187c4a6e..96848acd7c04 100644 --- a/nixpkgs/pkgs/tools/security/cfripper/default.nix +++ b/nixpkgs/pkgs/tools/security/cfripper/default.nix @@ -5,13 +5,13 @@ python3.pkgs.buildPythonApplication rec { pname = "cfripper"; - version = "1.5.1"; + version = "1.7.0"; src = fetchFromGitHub { owner = "Skyscanner"; repo = pname; rev = version; - hash = "sha256-/qcpLCk1ZZMKxhqK6q6sSbRDjiF5GQmDJzvCaV2kAqQ="; + hash = "sha256-bYKusyEItnhj1mU6Tucsdi5pdMoWrUK4Y91SK8dNGE4="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/cryptomator/default.nix b/nixpkgs/pkgs/tools/security/cryptomator/default.nix index ec18a5ed10ce..05e9f1ef384a 100644 --- a/nixpkgs/pkgs/tools/security/cryptomator/default.nix +++ b/nixpkgs/pkgs/tools/security/cryptomator/default.nix @@ -1,25 +1,18 @@ { lib, stdenv, fetchFromGitHub , autoPatchelfHook -, fuse, packer +, fuse, jffi , maven, jdk, jre, makeWrapper, glib, wrapGAppsHook }: let pname = "cryptomator"; - version = "1.5.15"; + version = "1.6.7"; src = fetchFromGitHub { owner = "cryptomator"; repo = "cryptomator"; rev = version; - sha256 = "06n7wda7gfalvsg1rlcm51ss73nlbhh95z6zq18yvn040clkzkij"; - }; - - icons = fetchFromGitHub { - owner = "cryptomator"; - repo = "cryptomator-linux"; - rev = version; - sha256 = "1sqbx858zglv0xkpjya0cpbkxf2hkj1xvxhnir3176y2xyjv6aib"; + sha256 = "sha256-hOILOdVYBnS9XuEXaIJcf2bPF72Lcr7IBX4CFCIsC8k="; }; # perform fake build to make a fixed-output derivation out of the files downloaded from maven central (120MB) @@ -28,10 +21,10 @@ let inherit src; nativeBuildInputs = [ jdk maven ]; + buildInputs = [ jre ]; buildPhase = '' - cd main - while mvn -Prelease package -Dmaven.repo.local=$out/.m2 -Dmaven.wagon.rto=5000; [ $? = 1 ]; do + while mvn -Plinux package -Dmaven.test.skip=true -Dmaven.repo.local=$out/.m2 -Dmaven.wagon.rto=5000; [ $? = 1 ]; do echo "timeout, restart maven to continue downloading" done ''; @@ -44,42 +37,52 @@ let outputHashAlgo = "sha256"; outputHashMode = "recursive"; - outputHash = "195ysv9l861y9d1lvmvi7wmk172ynlba9n233blpaigq88cjn208"; + outputHash = "sha256-XFqXjNjPN2vwA3jay7TS79S4FHksjjrODdD/p4oTvpg="; + + doCheck = false; }; in stdenv.mkDerivation rec { inherit pname version src; buildPhase = '' - cd main - mvn -Prelease package --offline -Dmaven.repo.local=$(cp -dpR ${deps}/.m2 ./ && chmod +w -R .m2 && pwd)/.m2 + mvn -Plinux package --offline -Dmaven.test.skip=true -Dmaven.repo.local=$(cp -dpR ${deps}/.m2 ./ && chmod +w -R .m2 && pwd)/.m2 ''; installPhase = '' - mkdir -p $out/bin/ $out/usr/share/cryptomator/libs/ + mkdir -p $out/bin/ $out/share/cryptomator/libs/ $out/share/cryptomator/mods/ + + cp target/libs/* $out/share/cryptomator/libs/ + cp target/mods/* target/cryptomator-*.jar $out/share/cryptomator/mods/ - cp buildkit/target/libs/* buildkit/target/linux-libs/* $out/usr/share/cryptomator/libs/ + # The bundeled jffi.so dosn't work on nixos and causes a segmentation fault + # we thus replace it with a version build by nixos + rm $out/share/cryptomator/libs/jff*.jar + cp -f ${jffi}/share/java/jffi-complete.jar $out/share/cryptomator/libs/ makeWrapper ${jre}/bin/java $out/bin/cryptomator \ - --add-flags "-classpath '$out/usr/share/cryptomator/libs/*'" \ + --add-flags "--class-path '$out/share/cryptomator/libs/*'" \ + --add-flags "--module-path '$out/share/cryptomator/mods'" \ --add-flags "-Dcryptomator.settingsPath='~/.config/Cryptomator/settings.json'" \ - --add-flags "-Dcryptomator.ipcPortPath='~/.config/Cryptomator/ipcPort.bin'" \ + --add-flags "-Dcryptomator.ipcSocketPath='~/.config/Cryptomator/ipc.socket'" \ --add-flags "-Dcryptomator.logDir='~/.local/share/Cryptomator/logs'" \ --add-flags "-Dcryptomator.mountPointsDir='~/.local/share/Cryptomator/mnt'" \ --add-flags "-Djdk.gtk.version=3" \ --add-flags "-Xss20m" \ --add-flags "-Xmx512m" \ - --add-flags "org.cryptomator.launcher.Cryptomator" \ - --prefix PATH : "$out/usr/share/cryptomator/libs/:${lib.makeBinPath [ jre glib ]}" \ + --add-flags "-Djavafx.embed.singleThread=true " \ + --add-flags "-Dawt.useSystemAAFontSettings=on" \ + --add-flags "--module org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator" \ + --prefix PATH : "$out/share/cryptomator/libs/:${lib.makeBinPath [ jre glib ]}" \ --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ fuse ]}" \ --set JAVA_HOME "${jre.home}" # install desktop entry and icons - cp -r ${icons}/resources/appimage/AppDir/usr/* $out/ + cp -r ${src}/dist/linux/appimage/resources/AppDir/usr/* $out/ ''; nativeBuildInputs = [ autoPatchelfHook maven makeWrapper wrapGAppsHook jdk ]; - buildInputs = [ fuse packer jre glib ]; + buildInputs = [ fuse jre glib jffi ]; meta = with lib; { description = "Free client-side encryption for your cloud files"; diff --git a/nixpkgs/pkgs/tools/security/exploitdb/default.nix b/nixpkgs/pkgs/tools/security/exploitdb/default.nix index a50588fc1f81..e589ca529c61 100644 --- a/nixpkgs/pkgs/tools/security/exploitdb/default.nix +++ b/nixpkgs/pkgs/tools/security/exploitdb/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2022-03-11"; + version = "2022-03-24"; src = fetchFromGitHub { owner = "offensive-security"; repo = pname; rev = version; - sha256 = "sha256-dW4cLm//4wROsizRQ59sqEGPRZ26yIU5I7mdPEYC3YU="; + sha256 = "sha256-G2KFDNNM4NJ7DgQu1+uNjgixzyLFnF0G0YQ29PgYZ/0="; }; diff --git a/nixpkgs/pkgs/tools/security/feroxbuster/default.nix b/nixpkgs/pkgs/tools/security/feroxbuster/default.nix new file mode 100644 index 000000000000..ecfc496ce8e7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/feroxbuster/default.nix @@ -0,0 +1,45 @@ +{ lib +, stdenv +, fetchFromGitHub +, openssl +, pkg-config +, rustPlatform +, Security +}: + +rustPlatform.buildRustPackage rec { + pname = "feroxbuster"; + version = "2.6.1"; + + src = fetchFromGitHub { + owner = "epi052"; + repo = pname; + rev = "v${version}"; + hash = "sha256-RY9bFuALRaVXDrC0eIx0inPjRqNpRKNZf3mCrKIdGL8="; + }; + + cargoSha256 = "sha256-0Zawlx/lhF7K8nOsHYKO84pnctVMpm3RfnAFCOltOqE="; + + OPENSSL_NO_VENDOR = true; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + openssl + ] ++ lib.optionals stdenv.isDarwin [ + Security + ]; + + # Tests require network access + doCheck = false; + + meta = with lib; { + description = "Fast, simple, recursive content discovery tool"; + homepage = "https://github.com/epi052/feroxbuster"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/ffuf/default.nix b/nixpkgs/pkgs/tools/security/ffuf/default.nix index 076fd78d7136..a24b4a8452a7 100644 --- a/nixpkgs/pkgs/tools/security/ffuf/default.nix +++ b/nixpkgs/pkgs/tools/security/ffuf/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "ffuf"; - version = "1.3.1"; + version = "1.4.0"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "sha256-NkRf36wFmzqFv13P0DxpzEOGyBGbSXMLjWE7URzRXGY="; + sha256 = "sha256-M+wzS/u40zjUNc+63qzkoM9eJ4ruradeJKhhQTP2jxQ="; }; vendorSha256 = "sha256-szT08rIozAuliOmge5RFX4NeVrJ2pCVyfotrHuvc0UU="; diff --git a/nixpkgs/pkgs/tools/security/fulcio/default.nix b/nixpkgs/pkgs/tools/security/fulcio/default.nix index 96ef86d18d1c..300b996524df 100644 --- a/nixpkgs/pkgs/tools/security/fulcio/default.nix +++ b/nixpkgs/pkgs/tools/security/fulcio/default.nix @@ -2,33 +2,61 @@ buildGoModule rec { pname = "fulcio"; - version = "0.1.1"; + version = "0.2.0"; src = fetchFromGitHub { owner = "sigstore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-MvLQMGPyJYqYUljLqsr+qJeeYnxdH9aNGkWpDRvOeh8="; + sha256 = "sha256-tCjFx9Ug8rO8cSxQb2vBG/MHSUJCx17lDeGnSGjZLcI="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + git rev-parse HEAD > $out/COMMIT + # '0000-00-00T00:00:00Z' + date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; }; - vendorSha256 = "sha256-pRL0et+UOi/tzuQz/Q7UmSA+pVhLJYR8lG8NAbPN9PU="; + vendorSha256 = "sha256-CmtsReP0JacgNyRqCrYZRONwR5eluymrQgsj/ukhYNQ="; - ldflags = [ "-s" "-w" ]; - - # Install completions post-install + # install completions post-install nativeBuildInputs = [ installShellFiles ]; + ldflags = [ + "-s" + "-w" + "-X github.com/sigstore/fulcio/cmd/app.gitVersion=v${version}" + "-X github.com/sigstore/fulcio/cmd/app.gitTreeState=clean" + ]; + + # ldflags based on metadata from git and source + preBuild = '' + ldflags+=" -X github.com/sigstore/fulcio/cmd/app.gitCommit=$(cat COMMIT)" + ldflags+=" -X github.com/sigstore/fulcio/cmd/app.buildDate=$(cat SOURCE_DATE_EPOCH)" + ''; + + preCheck = '' + # remove test that requires networking + rm pkg/config/config_test.go + ''; + postInstall = '' - mv $out/bin/fulcio $out/bin/fulcio-server - installShellCompletion --cmd fulcio-server \ - --bash <($out/bin/fulcio-server completion bash) \ - --fish <($out/bin/fulcio-server completion fish) \ - --zsh <($out/bin/fulcio-server completion zsh) + installShellCompletion --cmd fulcio \ + --bash <($out/bin/fulcio completion bash) \ + --fish <($out/bin/fulcio completion fish) \ + --zsh <($out/bin/fulcio completion zsh) ''; doInstallCheck = true; installCheckPhase = '' runHook preInstallCheck - $out/bin/fulcio-server --help + + $out/bin/fulcio --help + $out/bin/fulcio version | grep "v${version}" + runHook postInstallCheck ''; diff --git a/nixpkgs/pkgs/tools/security/gitleaks/default.nix b/nixpkgs/pkgs/tools/security/gitleaks/default.nix index a574c3476290..bbeca94a993e 100644 --- a/nixpkgs/pkgs/tools/security/gitleaks/default.nix +++ b/nixpkgs/pkgs/tools/security/gitleaks/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "gitleaks"; - version = "8.4.0"; + version = "8.5.1"; src = fetchFromGitHub { owner = "zricethezav"; repo = pname; rev = "v${version}"; - sha256 = "sha256-z3YGRDgBGpr2hixIayih4wxGWPtYL0EPAuTYVPByzQc="; + sha256 = "sha256-lx7xjOajFyeetnGcJwX66pIcZw2A7+QGWb5crCoA83g="; }; - vendorSha256 = "sha256-J1xX+r+Mph1QkqjK87tqGDkYvPZp0lHgdRhd88WZi1c="; + vendorSha256 = "sha256-gelUrZOYiThO0+COIv9cOgho/tjv7ZqSKOktWIbdADw="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/gopass/default.nix b/nixpkgs/pkgs/tools/security/gopass/default.nix index 50dfe3b8ce63..ee70413591d4 100644 --- a/nixpkgs/pkgs/tools/security/gopass/default.nix +++ b/nixpkgs/pkgs/tools/security/gopass/default.nix @@ -13,7 +13,7 @@ buildGoModule rec { pname = "gopass"; - version = "1.13.1"; + version = "1.14.0"; nativeBuildInputs = [ installShellFiles makeWrapper ]; @@ -21,10 +21,10 @@ buildGoModule rec { owner = "gopasspw"; repo = pname; rev = "v${version}"; - sha256 = "sha256-g/ICT489uW3a5EnsxJPYOnV+yeOFfaFPMowdIK0M1Fc="; + sha256 = "sha256-swvZrsRuevBe8lVg67J0R9u3GB/Wc2ZR54Y6j1Bsa3E="; }; - vendorSha256 = "sha256-HGc6jUp4WO5P5dwfa0r7+X78a8us9fWrf+/IOotZHqk="; + vendorSha256 = "sha256-Fq9jEJm65efBL5ShcB/XCM70UVDO/8STbbTOOHXrpSk="; subPackages = [ "." ]; diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix index cc35a24151a6..3e3dc6ff098a 100644 --- a/nixpkgs/pkgs/tools/security/grype/default.nix +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -6,28 +6,26 @@ buildGoModule rec { pname = "grype"; - version = "0.33.1"; + version = "0.34.7"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-5QjyGIpxnrwTnEmi0D16vPKodg3+SKiINFONwU2OzC0="; + sha256 = "sha256-t95efLTqPnmYiXTBxuxEoDdafoZC/bXXTfKdA8gy3fk="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; postFetch = '' cd "$out" - commit="$(git rev-parse HEAD)" - source_date_epoch=$(git log --date=format:'%Y-%m-%dT%H:%M:%SZ' -1 --pretty=%ad) - substituteInPlace "$out/internal/version/build.go" \ - --replace 'gitCommit = valueNotProvided' "gitCommit = \"$commit\"" \ - --replace 'buildDate = valueNotProvided' "buildDate = \"$source_date_epoch\"" + git rev-parse HEAD > $out/COMMIT + # 0000-00-00T00:00:00Z + date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH find "$out" -name .git -print0 | xargs -0 rm -rf ''; }; - vendorSha256 = "sha256-CPMfQv9oiLbIMkZe/t482LzssoNTcNVJdr2o2wJecSA="; + vendorSha256 = "sha256-FZMgS0aNZVq4nvwog4l62dOzC6wW7pQCNbOW1/jssWo="; nativeBuildInputs = [ installShellFiles @@ -37,14 +35,17 @@ buildGoModule rec { "-s" "-w" "-X github.com/anchore/grype/internal/version.version=${version}" + "-X github.com/anchore/grype/internal/version.gitDescription=v${version}" "-X github.com/anchore/grype/internal/version.gitTreeState=clean" ]; preBuild = '' # grype version also displays the version of the syft library used # we need to grab it from the go.sum and add an ldflag for it - SYFTVERSION="$(grep "github.com/anchore/syft" go.sum -m 1 | awk '{print $2}')" - ldflags+=" -X github.com/anchore/grype/internal/version.syftVersion=$SYFTVERSION" + SYFT_VERSION="$(grep "github.com/anchore/syft" go.sum -m 1 | awk '{print $2}')" + ldflags+=" -X github.com/anchore/grype/internal/version.syftVersion=$SYFT_VERSION" + ldflags+=" -X github.com/anchore/grype/internal/version.gitCommit=$(cat COMMIT)" + ldflags+=" -X github.com/anchore/grype/internal/version.buildDate=$(cat SOURCE_DATE_EPOCH)" ''; # Tests require a running Docker instance diff --git a/nixpkgs/pkgs/tools/security/jadx/default.nix b/nixpkgs/pkgs/tools/security/jadx/default.nix index e5b805b89cc5..2aadf1fb7b27 100644 --- a/nixpkgs/pkgs/tools/security/jadx/default.nix +++ b/nixpkgs/pkgs/tools/security/jadx/default.nix @@ -2,13 +2,13 @@ let pname = "jadx"; - version = "1.3.3"; + version = "1.3.4"; src = fetchFromGitHub { owner = "skylot"; repo = pname; rev = "v${version}"; - hash = "sha256-z8u6j6YLBHmgZKSGh/rFDDSnWZrBgWsqfKP3vhaukbY="; + hash = "sha256-G2BgGhWk0Prbjni6HPZ/0+bWiC9uI2O13Q1SDCE5mBE="; }; deps = stdenv.mkDerivation { @@ -40,7 +40,7 @@ let ''; outputHashMode = "recursive"; - outputHash = "sha256-kiNtA63sINX7VRsq4JKAiZYzymHe1TrNetZsE6S9KVM="; + outputHash = "sha256-QZClHuj7oCUYX3I8B3A90m4zK7+FP24C19RIzYyPC1w="; }; in stdenv.mkDerivation { inherit pname version src; diff --git a/nixpkgs/pkgs/tools/security/keybase/gui.nix b/nixpkgs/pkgs/tools/security/keybase/gui.nix index d5f04099f756..f5147e17ac5e 100644 --- a/nixpkgs/pkgs/tools/security/keybase/gui.nix +++ b/nixpkgs/pkgs/tools/security/keybase/gui.nix @@ -4,16 +4,16 @@ , runtimeShell, gsettings-desktop-schemas }: let - versionSuffix = "20220120174718.95a3939b3a"; + versionSuffix = "20220216215910.c82d65a685"; in stdenv.mkDerivation rec { pname = "keybase-gui"; - version = "5.9.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "5.9.3"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - sha256 = "sha256-Wdl5pZFIz+mDkkE0EDpLGH/eGWYoBbLV05LYJgkwpI4="; + hash = "sha256-JY2DaqApv6K02y3B+JIXpV4SvvMQpBhw9eqr/5Sn0cg="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/keyscope/default.nix b/nixpkgs/pkgs/tools/security/keyscope/default.nix index dad09970b911..d73b1b499eca 100644 --- a/nixpkgs/pkgs/tools/security/keyscope/default.nix +++ b/nixpkgs/pkgs/tools/security/keyscope/default.nix @@ -12,16 +12,16 @@ rustPlatform.buildRustPackage rec { pname = "keyscope"; - version = "1.1.0"; + version = "1.2.2"; src = fetchFromGitHub { owner = "spectralops"; repo = pname; rev = "v${version}"; - sha256 = "sha256-4ZKIukxeadzGpq2lwxbyyIKqWgbZpdHPRAT+LsyWjzk="; + sha256 = "sha256-SLVNzxwZhdK2Fk2Vu5P/j0d8IoUPzlb9e5hnJrZ8Qsk="; }; - cargoSha256 = "sha256-aq7xUma8QDRnu74R7JSuZjrXCco7L9JrNmAZiGtTyts="; + cargoSha256 = "sha256-PBSQeLQ7UkWhGlRID+bv2HwzgvoiJ120t/TNKJFUY+M="; nativeBuildInputs = [ pkg-config ]; diff --git a/nixpkgs/pkgs/tools/security/libtpms/default.nix b/nixpkgs/pkgs/tools/security/libtpms/default.nix index d93f0135c20a..2042ec30fff6 100644 --- a/nixpkgs/pkgs/tools/security/libtpms/default.nix +++ b/nixpkgs/pkgs/tools/security/libtpms/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "libtpms"; - version = "0.9.2"; + version = "0.9.3"; src = fetchFromGitHub { owner = "stefanberger"; repo = "libtpms"; rev = "v${version}"; - sha256 = "sha256-sfAmyx9MgzCVA1Da7hl6/sKxhS9ptaNLeSB8wmJIKDs="; + sha256 = "sha256-ih154MtLWBUdo7+ugu6tg5O/XSjlgFC00wgWC71VeaE="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/melt/default.nix b/nixpkgs/pkgs/tools/security/melt/default.nix new file mode 100644 index 000000000000..846b70b87538 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/melt/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "melt"; + version = "0.2.0"; + + src = fetchFromGitHub { + owner = "charmbracelet"; + repo = "melt"; + rev = "v${version}"; + sha256 = "sha256-HambmUodAwgi1/r/Nj7P7gXNK5pyBO3omMZ9ZvSK7cc=4"; + }; + + vendorSha256 = "sha256-1f3QBbWaTiplEp/4ihds1PwrEnoq/81TzlT46TufGFs="; + + ldflags = [ "-s" "-w" "-X=main.Version=${version}" ]; + + meta = with lib; { + description = "Backup and restore Ed25519 SSH keys with seed words"; + homepage = "https://github.com/charmbracelet/melt"; + changelog = "https://github.com/charmbracelet/melt/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ penguwin ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile b/nixpkgs/pkgs/tools/security/metasploit/Gemfile index bdecd4e0a945..992e5c84fdfe 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.1.32" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.1.35" diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock index 6855f10bb48e..c3fd51f14b7f 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: f7cd9896b753377c4c663188b6c26500b7850f41 - ref: refs/tags/6.1.32 + revision: c1efca37c6e967103978915618efa41515134ea1 + ref: refs/tags/6.1.35 specs: - metasploit-framework (6.1.32) + metasploit-framework (6.1.35) actionpack (~> 6.0) activerecord (~> 6.0) activesupport (~> 6.0) @@ -98,25 +98,25 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.1.0) - actionpack (6.1.4.6) - actionview (= 6.1.4.6) - activesupport (= 6.1.4.6) + actionpack (6.1.5) + actionview (= 6.1.5) + activesupport (= 6.1.5) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (6.1.4.6) - activesupport (= 6.1.4.6) + actionview (6.1.5) + activesupport (= 6.1.5) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activemodel (6.1.4.6) - activesupport (= 6.1.4.6) - activerecord (6.1.4.6) - activemodel (= 6.1.4.6) - activesupport (= 6.1.4.6) - activesupport (6.1.4.6) + activemodel (6.1.5) + activesupport (= 6.1.5) + activerecord (6.1.5) + activemodel (= 6.1.5) + activesupport (= 6.1.5) + activesupport (6.1.5) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -128,13 +128,13 @@ GEM arel-helpers (2.14.0) activerecord (>= 3.1.0, < 8) aws-eventstream (1.2.0) - aws-partitions (1.563.0) - aws-sdk-core (3.128.0) + aws-partitions (1.570.0) + aws-sdk-core (3.130.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-ec2 (1.302.0) + aws-sdk-ec2 (1.304.0) aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) aws-sdk-iam (1.68.0) @@ -149,7 +149,7 @@ GEM aws-sigv4 (~> 1.4) aws-sigv4 (1.4.0) aws-eventstream (~> 1, >= 1.0.2) - bcrypt (3.1.16) + bcrypt (3.1.17) bcrypt_pbkdf (1.1.0) bindata (2.4.10) bson (4.14.1) @@ -221,7 +221,7 @@ GEM io-console (0.5.11) irb (1.3.6) reline (>= 0.2.5) - jmespath (1.6.0) + jmespath (1.6.1) jsobfu (0.4.2) rkelly-remix json (2.6.1) @@ -229,7 +229,7 @@ GEM logging (2.3.0) little-plugger (~> 1.1) multi_json (~> 1.14) - loofah (2.14.0) + loofah (2.15.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) metasm (1.0.5) @@ -298,7 +298,7 @@ GEM hashery (~> 2.0) ruby-rc4 ttfunk - pg (1.3.3) + pg (1.3.4) public_suffix (4.0.6) puma (5.6.2) nio4r (~> 2.0) @@ -313,11 +313,11 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.1.4.6) - actionpack (= 6.1.4.6) - activesupport (= 6.1.4.6) + railties (6.1.5) + actionpack (= 6.1.5) + activesupport (= 6.1.5) method_source - rake (>= 0.13) + rake (>= 12.2) thor (~> 1.0) rake (13.0.6) rb-readline (0.5.5) @@ -334,12 +334,12 @@ GEM rex-core rex-struct2 rex-text - rex-core (0.1.26) + rex-core (0.1.27) rex-encoder (0.1.6) metasm rex-arch rex-text - rex-exploitation (0.1.28) + rex-exploitation (0.1.29) jsobfu metasm rex-arch @@ -347,7 +347,7 @@ GEM rex-text rexml rex-java (0.1.6) - rex-mime (0.1.6) + rex-mime (0.1.7) rex-text rex-nop (0.1.2) rex-arch @@ -409,11 +409,11 @@ GEM ttfunk (1.7.0) tzinfo (2.0.4) concurrent-ruby (~> 1.0) - tzinfo-data (1.2021.5) + tzinfo-data (1.2022.1) tzinfo (>= 1.0.0) unf (0.1.4) unf_ext - unf_ext (0.0.8) + unf_ext (0.0.8.1) unix-crypt (1.3.0) warden (1.2.9) rack (>= 2.0.9) diff --git a/nixpkgs/pkgs/tools/security/metasploit/default.nix b/nixpkgs/pkgs/tools/security/metasploit/default.nix index 11215cd3dde9..8d807d85844a 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/default.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.1.32"; + version = "6.1.35"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-UoH+tp3I9YTXXNXDaYne1E9Zpoj9fbr7mnIQws6TXJs="; + sha256 = "sha256-1xEc+I2Pvs6GQuEGAHWWAum7ASESX5R5D1qN+wPtFgY="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix index 0104412d350e..45270cea4cfb 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix @@ -4,50 +4,50 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1d4nxv0p3wv4w0pf89nmxzg10balny5rwbchwsscgiminzh3mg7y"; + sha256 = "0kk8c6n94lg5gyarsy33wakw04zbmdwgfr7zxv4zzmbnp1yach0w"; type = "gem"; }; - version = "6.1.4.6"; + version = "6.1.5"; }; actionview = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cmxc80gg7pm6d9y7ah5qr4ymzks8rp51jv0a2qdq2m9p6llzlkk"; + sha256 = "16w7pl8ir253g1dzlzx4mwrjsx3v7fl7zn941xz53zb4ld286mhi"; type = "gem"; }; - version = "6.1.4.6"; + version = "6.1.5"; }; activemodel = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0izra8g3g1agv3mz72b0474adkj4ldszj3nwk3l0szgrln7df0lv"; + sha256 = "16anyz7wqwmphzb6w1sgmvdvj50g3zp70s94s5v8hwxj680f6195"; type = "gem"; }; - version = "6.1.4.6"; + version = "6.1.5"; }; activerecord = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15v0dwp2122yzwlw8ca0lgx5qbw8fsasbn8zzcks1mvmc9afisss"; + sha256 = "0jl6jc9g9jxsljfnnmbkxrgwrz86icw6g745cv6iavryizrmw939"; type = "gem"; }; - version = "6.1.4.6"; + version = "6.1.5"; }; activesupport = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0vrz4vgqz4grr2ykwkd8zhhd0rg12z89n89zl6aff17zrdhhad35"; + sha256 = "0jmqndx3a46hpwz33ximqch27018n3mk9z19azgpylm33w7xpkx4"; type = "gem"; }; - version = "6.1.4.6"; + version = "6.1.5"; }; addressable = { groups = ["default"]; @@ -104,30 +104,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0l4f97kmsz1niicj52bm88ggbq3lvn41w0cckfwksh4yikjh20wv"; + sha256 = "0w3y40l5xg0p5sha6w4wppwb6kil129nk760yblswqw7vz0s0mm0"; type = "gem"; }; - version = "1.563.0"; + version = "1.570.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0xpqx000gq1j0n211c9bch5b2rc48a54kxk87m6y8z844c0wlqk7"; + sha256 = "14ymvp06k46gvkpvz5zaqvbvr6wd8vdka5iq25q0wd0fzdx7aivm"; type = "gem"; }; - version = "3.128.0"; + version = "3.130.0"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "13x9rwkykyw873prd2k9pqwrjkf9jsqih9aksbf9fn8hfnsv6db8"; + sha256 = "0vvplr6ml7acl047lynmsdl2bs2i992vx68dhzqmllppf8ggcjvs"; type = "gem"; }; - version = "1.302.0"; + version = "1.304.0"; }; aws-sdk-iam = { groups = ["default"]; @@ -174,10 +174,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "02r1c3isfchs5fxivbq99gc3aq4vfyn8snhcy707dal1p8qz12qb"; + sha256 = "1rakdhrnlclrpy7sihi9ipwdh7fjkkvzga171464lq6rzp07cf65"; type = "gem"; }; - version = "3.1.16"; + version = "3.1.17"; }; bcrypt_pbkdf = { groups = ["default"]; @@ -594,10 +594,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1gjrr5pdcl3l3skhp9d0jzs4yhmknpv3ldcz59b339b9lqbqasnr"; + sha256 = "1mnvb80cdg7fzdcs3xscv21p28w4igk5sj5m7m81xp8v2ks87jj0"; type = "gem"; }; - version = "1.6.0"; + version = "1.6.1"; }; jsobfu = { groups = ["default"]; @@ -644,10 +644,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0z8bdcmw66j3dy6ivcc02yq32lx3n9bavx497llln8qy014xjm4w"; + sha256 = "1yp1h1j7pdkqvnx8jl6bkzlajav3h5mhqzihgs9p6y3c8927mw23"; type = "gem"; }; - version = "2.14.0"; + version = "2.15.0"; }; metasm = { groups = ["default"]; @@ -684,12 +684,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "f7cd9896b753377c4c663188b6c26500b7850f41"; - sha256 = "16swjg7c443jkbxvlzgxi2k5jkylvs4nkhymbkbq9xf8knvgx0aj"; + rev = "c1efca37c6e967103978915618efa41515134ea1"; + sha256 = "01hnxl1zp3as1xwr8pqj440vps82jrsh01p18a3cxglgipw1q4fp"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.1.32"; + version = "6.1.35"; }; metasploit-model = { groups = ["default"]; @@ -977,10 +977,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0qqky1q9xhji017q1apx9w81qdlwpm6ix3amhikjy416hxxmhcj1"; + sha256 = "090c3kazlmiizp25las7dgi8wlc11s29nrs2gy3qrp1z8qikgcmb"; type = "gem"; }; - version = "1.3.3"; + version = "1.3.4"; }; public_suffix = { groups = ["default"]; @@ -1067,10 +1067,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1snhwpbnmsyhr297qmin8i5i631aimjca1hiazi128i1355255hb"; + sha256 = "1fdqhv8qhk2dspkrr9f5dj3806g52cb0l1chh2hx8v81y218cl93"; type = "gem"; }; - version = "6.1.4.6"; + version = "6.1.5"; }; rake = { groups = ["default"]; @@ -1147,10 +1147,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1hjc70q6wb580k0jk4g4s9aqwd25l48kr0pcyjjs2ffax0zcm4d0"; + sha256 = "0a5fb8g6ksak1g1syhvh5rh87shnx617l7nl6afl80in0h4fd4xd"; type = "gem"; }; - version = "0.1.26"; + version = "0.1.27"; }; rex-encoder = { groups = ["default"]; @@ -1167,10 +1167,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "08v5nam0xp6f8qi3nyqzh97sz07hy59w82y213jz919mrgpb70vc"; + sha256 = "0asx13g0xqb8wnslrmsld2l1w2qpl6kjrcbfl945kw1nm7k5bwxb"; type = "gem"; }; - version = "0.1.28"; + version = "0.1.29"; }; rex-java = { groups = ["default"]; @@ -1187,10 +1187,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0wzw1qcdgbn3iyskppy5038mcdrzplyai45pilm5qjj4fwvjdl6m"; + sha256 = "00qpd5i8naw601q6aij652gw8x6my5d5drf63lq9fridjrqj0nja"; type = "gem"; }; - version = "0.1.6"; + version = "0.1.7"; }; rex-nop = { groups = ["default"]; @@ -1497,10 +1497,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0w1iyvw0m2xvdr4654jnn1g27jwj84y94dvaj1k2p3lcrvndm698"; + sha256 = "0yvfyxz70r45j65763fzy0p5j8cxlhnpn1n5lcxj4is7hp8v5i23"; type = "gem"; }; - version = "1.2021.5"; + version = "1.2022.1"; }; unf = { groups = ["default"]; @@ -1517,10 +1517,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jmbimpnpjdzz8hlrppgl9spm99qh3qzbx0b81k3gkgwba8nk3yd"; + sha256 = "0bf120xbq23zjyf8zi8h1576d71g58srr8rndig0whn10w72vrxz"; type = "gem"; }; - version = "0.0.8"; + version = "0.0.8.1"; }; unix-crypt = { groups = ["default"]; diff --git a/nixpkgs/pkgs/tools/security/minio-certgen/default.nix b/nixpkgs/pkgs/tools/security/minio-certgen/default.nix index ee4413c90411..16dbfdf63add 100644 --- a/nixpkgs/pkgs/tools/security/minio-certgen/default.nix +++ b/nixpkgs/pkgs/tools/security/minio-certgen/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "minio-certgen"; - version = "1.1.0"; + version = "1.2.0"; src = fetchFromGitHub { owner = "minio"; repo = "certgen"; rev = "v${version}"; - sha256 = "sha256-Qs+wpx9pRdWdY9FrBaKM8gdB0+POy80I6DB4UaBsJEE="; + sha256 = "sha256-FBx4v29ZuhXwubWivIXReO5Ge/rPt1J3LbXlprC7E9c="; }; vendorSha256 = null; diff --git a/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix b/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix index d6f2e20611d2..f06877b99fe1 100644 --- a/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix +++ b/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix @@ -36,7 +36,6 @@ stdenv.mkDerivation rec { See https://www.nitrokey.com/ for more information. ''; homepage = "https://github.com/Nitrokey/nitrokey-app"; - repositories.git = "https://github.com/Nitrokey/nitrokey-app.git"; license = licenses.gpl3; maintainers = with maintainers; [ kaiha fpletz ]; }; diff --git a/nixpkgs/pkgs/tools/security/nuclei/default.nix b/nixpkgs/pkgs/tools/security/nuclei/default.nix index 0b3e21b73d19..14539bf21574 100644 --- a/nixpkgs/pkgs/tools/security/nuclei/default.nix +++ b/nixpkgs/pkgs/tools/security/nuclei/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nuclei"; - version = "2.6.3"; + version = "2.6.5"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - sha256 = "sha256-4jByNyO0EvJ2ppdg21+7YfeB9arjBZALrOm5MJlkZsg="; + sha256 = "sha256-g78sZDhV2+MgoFkJIrE2RbVLa/aPjbKFFRyKj594Hb0="; }; - vendorSha256 = "sha256-717+jJiyqmctR9Yb/XnnKd1N+31K2+xO1XClGMKlL+k="; + vendorSha256 = "sha256-/umoSOQ0ehQplxU8OTGJVmTgO+8xPZxVwRBfM67zMh8="; modRoot = "./v2"; subPackages = [ diff --git a/nixpkgs/pkgs/tools/security/nwipe/default.nix b/nixpkgs/pkgs/tools/security/nwipe/default.nix index 8cfa47b5d44a..50a8cf83db22 100644 --- a/nixpkgs/pkgs/tools/security/nwipe/default.nix +++ b/nixpkgs/pkgs/tools/security/nwipe/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "nwipe"; - version = "0.32"; + version = "0.33"; src = fetchFromGitHub { owner = "martijnvanbrummelen"; repo = "nwipe"; rev = "v${version}"; - sha256 = "sha256-O3kYiai+5KMHWd2om4+HrTIw9lB2wLJF3Mrr6iY2+I8="; + sha256 = "sha256-i+cK2XTdWc3ByG9i+rfwL3Ds8Sl15/wZwEc5nrcWdeY="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/onlykey/default.nix b/nixpkgs/pkgs/tools/security/onlykey/default.nix index 312f580c0239..d924e7ccc3a4 100644 --- a/nixpkgs/pkgs/tools/security/onlykey/default.nix +++ b/nixpkgs/pkgs/tools/security/onlykey/default.nix @@ -20,7 +20,7 @@ let elem; # this must be updated anytime this package is updated. - onlykeyPkg = "onlykey-git://github.com/trustcrypto/OnlyKey-App.git#v${version}"; + onlykeyPkg = "onlykey-git+https://github.com/trustcrypto/OnlyKey-App.git#v${version}"; # define a shortcut to get to onlykey. onlykey = self."${onlykeyPkg}"; diff --git a/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix b/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix index d6713a0f42a8..d5e3cd84fed6 100644 --- a/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix +++ b/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix @@ -6316,12 +6316,12 @@ let }; in { - "onlykey-git://github.com/trustcrypto/OnlyKey-App.git#v5.3.3" = nodeEnv.buildNodePackage { + "onlykey-git+https://github.com/trustcrypto/OnlyKey-App.git#v5.3.3" = nodeEnv.buildNodePackage { name = "OnlyKey"; packageName = "OnlyKey"; version = "5.3.3"; src = fetchgit { - url = "git://github.com/trustcrypto/OnlyKey-App.git"; + url = "https://github.com/trustcrypto/OnlyKey-App.git"; rev = "0bd08ef5828d9493cd4c5f4909e9a4fc4c59a494"; sha256 = "d2386369fd9d9b7d5ea5d389434848c33fa34e26d713d439e8e2f2e447237bb0"; }; diff --git a/nixpkgs/pkgs/tools/security/onlykey/package.json b/nixpkgs/pkgs/tools/security/onlykey/package.json index d9a1a72c4297..06fa903f6a55 100644 --- a/nixpkgs/pkgs/tools/security/onlykey/package.json +++ b/nixpkgs/pkgs/tools/security/onlykey/package.json @@ -1,3 +1,3 @@ [ - {"onlykey": "git://github.com/trustcrypto/OnlyKey-App.git#v5.3.3"} + {"onlykey": "git+https://github.com/trustcrypto/OnlyKey-App.git#v5.3.3"} ] diff --git a/nixpkgs/pkgs/tools/security/sequoia/default.nix b/nixpkgs/pkgs/tools/security/sequoia/default.nix index 324af6aa4c99..4803430018ed 100644 --- a/nixpkgs/pkgs/tools/security/sequoia/default.nix +++ b/nixpkgs/pkgs/tools/security/sequoia/default.nix @@ -5,7 +5,7 @@ , git , nettle # Use the same llvmPackages version as Rust -, llvmPackages_10 +, llvmPackages_12 , cargo , rustc , rustPlatform @@ -41,8 +41,8 @@ rustPlatform.buildRustPackage rec { cargo rustc git - llvmPackages_10.libclang.lib - llvmPackages_10.clang + llvmPackages_12.libclang.lib + llvmPackages_12.clang ensureNewerSourcesForZipFilesHook capnproto ] ++ @@ -72,7 +72,7 @@ rustPlatform.buildRustPackage rec { "build-release" ]; - LIBCLANG_PATH = "${llvmPackages_10.libclang.lib}/lib"; + LIBCLANG_PATH = "${llvmPackages_12.libclang.lib}/lib"; # Sometimes, tests fail on CI (ofborg) & hydra without this CARGO_TEST_ARGS = "--workspace --exclude sequoia-store"; diff --git a/nixpkgs/pkgs/tools/security/shisho/default.nix b/nixpkgs/pkgs/tools/security/shisho/default.nix new file mode 100644 index 000000000000..5a5995f5da3b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/shisho/default.nix @@ -0,0 +1,59 @@ +{ lib +, fetchFromGitHub +, rustPlatform +, installShellFiles +, rustfmt +}: + +rustPlatform.buildRustPackage rec { + pname = "shisho"; + version = "0.5.2"; + + src = fetchFromGitHub { + owner = "flatt-security"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-G7sHaDq+F5lXNaF1sSLUecdjZbCejJE79P4AQifKdFY="; + fetchSubmodules = true; + }; + cargoSha256 = "sha256-xd4andytmDMOIT+3DkmUC9fkxxGJ6yRY2WSdnGB6ZwY="; + + nativeBuildInputs = [ + installShellFiles + # required to build serde-sarif dependency + rustfmt + ]; + + postInstall = '' + installShellCompletion --cmd shisho \ + --bash <($out/bin/shisho completion bash) \ + --fish <($out/bin/shisho completion fish) \ + --zsh <($out/bin/shisho completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + + $out/bin/shisho --help + $out/bin/shisho --version | grep "${version}" + + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://docs.shisho.dev/shisho/"; + changelog = "https://docs.shisho.dev/changelog/"; + description = "Lightweight static analyzer for several programming languages"; + longDescription = '' + Shisho is a lightweight static code analyzer designed for developers and + is the core engine for Shisho products. It is, so to speak, like a + pluggable and configurable linter; it gives developers a way to codify + your domain knowledge over your code as rules. With powerful automation + and integration capabilities, the rules will help you find and fix issues + semiautomatically. + ''; + license = licenses.agpl3Only; + maintainers = with maintainers; [ jk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sigma-cli/default.nix b/nixpkgs/pkgs/tools/security/sigma-cli/default.nix index 3bf4e7889124..a2417e7b8fe2 100644 --- a/nixpkgs/pkgs/tools/security/sigma-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/sigma-cli/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "sigma-cli"; - version = "0.3.0"; + version = "0.3.4"; format = "pyproject"; src = fetchFromGitHub { owner = "SigmaHQ"; repo = pname; rev = "v${version}"; - hash = "sha256-Nfd78Y35naDTzwodcdvJr/02CptcHxS717VGsR/QOuI="; + hash = "sha256-FWcPHtEYqS+81dU4lB+4BLFOXtFumcyhucwvmu2TAt8="; }; nativeBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/spire/default.nix b/nixpkgs/pkgs/tools/security/spire/default.nix index 5f06abeda1b0..9b9e9e93488f 100644 --- a/nixpkgs/pkgs/tools/security/spire/default.nix +++ b/nixpkgs/pkgs/tools/security/spire/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "spire"; - version = "1.2.0"; + version = "1.2.1"; outputs = [ "out" "agent" "server" ]; @@ -10,10 +10,10 @@ buildGoModule rec { owner = "spiffe"; repo = pname; rev = "v${version}"; - sha256 = "01ph9jzh18bnidrsbnnxm3gxh0cgfllnjvf7a5haqz51lm6a9pny"; + sha256 = "sha256-LK73RGSTwGhCXOglsqK8RAAldovRzliE78vi2ilTSrw="; }; - vendorSha256 = "1fd1k5by4wcjmzfgi3gnrwnb38b0wa3w67kzjlx8s0nwapyfgx0b"; + vendorSha256 = "sha256-am8ZTUX8Vph1Eg013NObMiSVeupS2hlHdpZ/1mO27dY="; subPackages = [ "cmd/spire-agent" "cmd/spire-server" ]; @@ -30,6 +30,7 @@ buildGoModule rec { meta = with lib; { description = "The SPIFFE Runtime Environment"; homepage = "https://github.com/spiffe/spire"; + changelog = "https://github.com/spiffe/spire/releases/tag/v${version}"; license = licenses.asl20; maintainers = with maintainers; [ jonringer fkautz ]; }; diff --git a/nixpkgs/pkgs/tools/security/sshuttle/default.nix b/nixpkgs/pkgs/tools/security/sshuttle/default.nix index 959712488a20..4b4bbd3788b3 100644 --- a/nixpkgs/pkgs/tools/security/sshuttle/default.nix +++ b/nixpkgs/pkgs/tools/security/sshuttle/default.nix @@ -11,11 +11,11 @@ python3Packages.buildPythonApplication rec { pname = "sshuttle"; - version = "1.0.5"; + version = "1.1.0"; src = python3Packages.fetchPypi { inherit pname version; - sha256 = "fd8c691aac2cb80933aae7f94d9d9e271a820efc5c48e73408f1a90da426a1bd"; + sha256 = "sha256-IfuRvfOStQ5422uNdelbc6ydr9Nh4mV+eE5nRWEhkxU="; }; patches = [ ./sudo.patch ]; @@ -27,9 +27,7 @@ python3Packages.buildPythonApplication rec { nativeBuildInputs = [ makeWrapper python3Packages.setuptools-scm ]; - propagatedBuildInputs = [ python3Packages.psutil ]; - - checkInputs = with python3Packages; [ mock pytestCheckHook flake8 ]; + checkInputs = with python3Packages; [ pytestCheckHook ]; postInstall = '' wrapProgram $out/bin/sshuttle \ @@ -45,6 +43,6 @@ python3Packages.buildPythonApplication rec { Works with Linux and Mac OS and supports DNS tunneling. ''; license = licenses.lgpl21; - maintainers = with maintainers; [ domenkozar carlosdagos ]; + maintainers = with maintainers; [ domenkozar carlosdagos SuperSandro2000 ]; }; } diff --git a/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch b/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch index 6e8634bd4a1f..d00aab087948 100644 --- a/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch +++ b/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch @@ -5,7 +5,7 @@ index cab5b1c..e89f8a6 100644 @@ -192,7 +192,7 @@ class FirewallClient: self.auto_nets = [] - python_path = os.path.dirname(os.path.dirname(__file__)) + - argvbase = ([sys.executable, sys.argv[0]] + + argvbase = ([sys.argv[0]] + ['-v'] * (helpers.verbose or 0) + diff --git a/nixpkgs/pkgs/tools/security/step-ca/default.nix b/nixpkgs/pkgs/tools/security/step-ca/default.nix index 97a42646312e..b650b93f411b 100644 --- a/nixpkgs/pkgs/tools/security/step-ca/default.nix +++ b/nixpkgs/pkgs/tools/security/step-ca/default.nix @@ -12,16 +12,16 @@ buildGoModule rec { pname = "step-ca"; - version = "0.18.1"; + version = "0.18.2"; src = fetchFromGitHub { owner = "smallstep"; repo = "certificates"; rev = "v${version}"; - sha256 = "sha256-oebmJ+xrJTV5gXH3U1lWCSQMHiVnUTa0ZTp39sVB7KM="; + sha256 = "sha256-BhPup3q2muYGWzAa/9b4vnIjBces4GhUHZ/mg4CWMRc="; }; - vendorSha256 = "sha256-IJXJS+Z93Hw1I1CAeRv4mq8as9DKebqNFa0IMgZ+Kic="; + vendorSha256 = "sha256-oVaziWZGslZCVqkEXL32XvOVU54VOf41Qg+VoVWo7x0="; ldflags = [ "-buildid=" ]; diff --git a/nixpkgs/pkgs/tools/security/tboot/default.nix b/nixpkgs/pkgs/tools/security/tboot/default.nix index a33c26419e16..0b7ecca4f240 100644 --- a/nixpkgs/pkgs/tools/security/tboot/default.nix +++ b/nixpkgs/pkgs/tools/security/tboot/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "tboot"; - version = "1.10.4"; + version = "1.10.5"; src = fetchurl { url = "mirror://sourceforge/tboot/${pname}-${version}.tar.gz"; - sha256 = "sha256-iEn6mZ0tuDBA1a2POpJEBaIM0TMVDohbVvp/6OO4nAY="; + sha256 = "sha256-O0vhbAPLwlBx7x1L2gtP1VDu2G2sbH9+/fAkI8VRs5M="; }; buildInputs = [ openssl trousers zlib ]; diff --git a/nixpkgs/pkgs/tools/security/tor/default.nix b/nixpkgs/pkgs/tools/security/tor/default.nix index 571b4e7f4da7..14e0be73f01e 100644 --- a/nixpkgs/pkgs/tools/security/tor/default.nix +++ b/nixpkgs/pkgs/tools/security/tor/default.nix @@ -97,7 +97,6 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://www.torproject.org/"; - repositories.git = "https://git.torproject.org/git/tor"; description = "Anonymizing overlay network"; longDescription = '' diff --git a/nixpkgs/pkgs/tools/security/tor/torsocks.nix b/nixpkgs/pkgs/tools/security/tor/torsocks.nix index 399afe7f75cb..16eeca0ffad7 100644 --- a/nixpkgs/pkgs/tools/security/tor/torsocks.nix +++ b/nixpkgs/pkgs/tools/security/tor/torsocks.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { version = "2.3.0"; src = fetchgit { - url = meta.repositories.git; + url = "https://git.torproject.org/torsocks.git"; rev = "refs/tags/v${version}"; sha256 = "0x0wpcigf22sjxg7bm0xzqihmsrz51hl4v8xf91qi4qnmr4ny1hb"; }; @@ -35,7 +35,6 @@ stdenv.mkDerivation rec { meta = { description = "Wrapper to safely torify applications"; homepage = "https://github.com/dgoulet/torsocks"; - repositories.git = "https://git.torproject.org/torsocks.git"; license = lib.licenses.gpl2; platforms = lib.platforms.unix; maintainers = with lib.maintainers; [ thoughtpolice ]; diff --git a/nixpkgs/pkgs/tools/security/tpm-luks/default.nix b/nixpkgs/pkgs/tools/security/tpm-luks/default.nix index 4aab72cb5dfc..6063cdecc67a 100644 --- a/nixpkgs/pkgs/tools/security/tpm-luks/default.nix +++ b/nixpkgs/pkgs/tools/security/tpm-luks/default.nix @@ -1,13 +1,14 @@ -{ lib, stdenv, fetchgit, autoreconfHook, gawk, trousers, cryptsetup, openssl }: +{ lib, stdenv, fetchFromGitHub, autoreconfHook, gawk, trousers, cryptsetup, openssl }: stdenv.mkDerivation { pname = "tpm-luks"; version = "unstable-2015-07-11"; - src = fetchgit { - url = "https://github.com/momiji/tpm-luks"; + src = fetchFromGitHub { + owner = "momiji"; + repo = "tpm-luks"; rev = "c9c5b7fdddbcdac1cd4d2ea6baddd0617cc88ffa"; - sha256 = "1ms2v57f13r9km6mvf9rha5ndmlmjvrz3mcikai6nzhpj0nrjz0w"; + sha256 = "sha256-HHyZLZAXfmuimpHV8fOWldZmi4I5uV1NnSmP4E7ZQtc="; }; patches = [ diff --git a/nixpkgs/pkgs/tools/security/vault/default.nix b/nixpkgs/pkgs/tools/security/vault/default.nix index 458e2a533896..d349c205ad4f 100644 --- a/nixpkgs/pkgs/tools/security/vault/default.nix +++ b/nixpkgs/pkgs/tools/security/vault/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "vault"; - version = "1.9.4"; + version = "1.10.0"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "sha256-zqtRM2p+RrLrXzDCMtHJZNx/dKWyFqM+3V5eICwWvWs="; + sha256 = "sha256-XgrEtAVfMcXbmAjwgIWME/v85QHJ11fUXapAZtS/lSw="; }; - vendorSha256 = "sha256-EiQ6XmGrw1O2Zd8TM7HSr3sQUd1naQYKbYLKB/vWdXU="; + vendorSha256 = "sha256-Bo0+HSG7NqaweMKPdl+kzB6RdbQsy2FAzmr7ZZVgcsg="; subPackages = [ "." ]; @@ -46,6 +46,6 @@ buildGoModule rec { changelog = "https://github.com/hashicorp/vault/blob/v${version}/CHANGELOG.md"; platforms = platforms.linux ++ platforms.darwin; license = licenses.mpl20; - maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri Chili-Man ]; + maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri Chili-Man techknowlogick ]; }; } diff --git a/nixpkgs/pkgs/tools/security/vault/update-bin.sh b/nixpkgs/pkgs/tools/security/vault/update-bin.sh new file mode 100644 index 000000000000..25f41e2aad12 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vault/update-bin.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl gnused gawk nix-prefetch + +set -euo pipefail + +ROOT="$(dirname "$(readlink -f "$0")")" +NIX_DRV="$ROOT/vault-bin.nix" +if [ ! -f "$NIX_DRV" ]; then + echo "ERROR: cannot find vault-bin in $ROOT" + exit 1 +fi + +fetch_arch() { + VER="$1"; ARCH="$2" + URL="https://releases.hashicorp.com/vault/${VER}/vault_${VER}_${ARCH}.zip" + nix-prefetch "{ stdenv, fetchzip }: +stdenv.mkDerivation rec { + pname = \"vault-bin\"; version = \"${VER}\"; + src = fetchzip { url = \"$URL\"; }; +} +" +} + +replace_sha() { + sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV" +} + +# https://releases.hashicorp.com/vault/1.9.4/vault_1.9.4_linux_arm64.zip +VAULT_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/hashicorp/vault/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//') + +VAULT_LINUX_X86_SHA256=$(fetch_arch "$VAULT_VER" "linux_386") +VAULT_LINUX_X64_SHA256=$(fetch_arch "$VAULT_VER" "linux_amd64") +VAULT_DARWIN_X64_SHA256=$(fetch_arch "$VAULT_VER" "darwin_amd64") +VAULT_LINUX_AARCH64_SHA256=$(fetch_arch "$VAULT_VER" "linux_arm64") +VAULT_DARWIN_AARCH64_SHA256=$(fetch_arch "$VAULT_VER" "darwin_arm64") + +sed -i "s/version = \".*\"/version = \"$VAULT_VER\"/" "$NIX_DRV" + +replace_sha "i686-linux" "$VAULT_LINUX_X86_SHA256" +replace_sha "x86_64-linux" "$VAULT_LINUX_X64_SHA256" +replace_sha "x86_64-darwin" "$VAULT_DARWIN_X64_SHA256" +replace_sha "aarch64-linux" "$VAULT_LINUX_AARCH64_SHA256" +replace_sha "aarch64-darwin" "$VAULT_DARWIN_AARCH64_SHA256" diff --git a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix index 1ffd793be8b2..ebb70a1f6292 100644 --- a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix +++ b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix @@ -1,63 +1,61 @@ -{ lib, stdenv, fetchurl, unzip, makeWrapper, gawk, glibc }: +{ lib, stdenv, fetchurl, unzip, makeWrapper, gawk, glibc, fetchzip }: -let - version = "1.9.1"; - - sources = let - base = "https://releases.hashicorp.com/vault/${version}"; - in { - x86_64-linux = fetchurl { - url = "${base}/vault_${version}_linux_amd64.zip"; - sha256 = "sha256-kP1wLbkktVCTZopVaT0h/WKqAG3Pd9g7qeruk4MIWJM="; - }; - i686-linux = fetchurl { - url = "${base}/vault_${version}_linux_386.zip"; - sha256 = "sha256-cTZ/hek8wQo9FxIRQ/cc23h7Nqjfonvprf492/lSzLw="; - }; - x86_64-darwin = fetchurl { - url = "${base}/vault_${version}_darwin_amd64.zip"; - sha256 = "sha256-uKW9Yl4PjxWJ886OVAHl1sbPhgYWoL6IJK44vczLQsY="; - }; - aarch64-darwin = fetchurl { - url = "${base}/vault_${version}_darwin_arm64.zip"; - sha256 = "sha256-J0qwUBcnZRZU5TTQB3K8wNE6rdQC1Boy/gKNQRvUYEI="; - }; - aarch64-linux = fetchurl { - url = "${base}/vault_${version}_linux_arm64.zip"; - sha256 = "sha256-eU5s15tBuZFThJGNtnjOV07tiBoVjSSHMS9sY2WqO1o="; - }; - }; - -in stdenv.mkDerivation { +stdenv.mkDerivation rec { pname = "vault-bin"; - inherit version; - - src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}"); - - nativeBuildInputs = [ makeWrapper unzip ]; + version = "1.10.0"; + + src = + let + inherit (stdenv.hostPlatform) system; + selectSystem = attrs: attrs.${system} or (throw "Unsupported system: ${system}"); + suffix = selectSystem { + x86_64-linux = "linux_amd64"; + aarch64-linux = "linux_arm64"; + i686-linux = "linux_386"; + x86_64-darwin = "darwin_amd64"; + aarch64-darwin = "darwin_arm64"; + }; + sha256 = selectSystem { + x86_64-linux = "sha256-enD/JcOmeavvUd/njbu7IksAqp9dKepVdYPkLJHA8OQ="; + aarch64-linux = "sha256-FDkgUqFEVJoSED/FWqOXa4BTO6AYwkLS2iZh+BkzlqA="; + i686-linux = "sha256-XUTWB5Ynu92SMP9Nt/0jAki6til4upKv1sdFzPbWxiw="; + x86_64-darwin = "sha256-QNCsbIza56NqSU7R6+Cx//WBXiEOz6CEMCjrx4AR1x8="; + aarch64-darwin = "sha256-LBgd8gqeU92336kypSIwMtKo7I1qB/RP2dNoIGJgq7k="; + }; + in + fetchzip { + url = "https://releases.hashicorp.com/vault/${version}/vault_${version}_${suffix}.zip"; + inherit sha256; + }; - sourceRoot = "."; + dontConfigure = true; + dontBuild = true; + dontStrip = stdenv.isDarwin; installPhase = '' runHook preInstall - - mkdir -p $out/bin $out/share/bash-completion/completions - mv vault $out/bin - echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault - '' + lib.optionalString stdenv.isLinux '' - wrapProgram $out/bin/vault \ - --prefix PATH : ${lib.makeBinPath [ gawk glibc ]} - + install -D vault $out/bin/vault runHook postInstall ''; - dontStrip = stdenv.isDarwin; + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/vault --help + $out/bin/vault version + runHook postInstallCheck + ''; + + dontPatchELF = true; + dontPatchShebangs = true; + + passthru.updateScript = ./update-bin.sh; meta = with lib; { homepage = "https://www.vaultproject.io"; description = "A tool for managing secrets, this binary includes the UI"; platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ]; license = licenses.mpl20; - maintainers = with maintainers; teams.serokell.members ++ [ offline psyanticy Chili-Man ]; + maintainers = with maintainers; teams.serokell.members ++ [ offline psyanticy Chili-Man techknowlogick ]; }; } diff --git a/nixpkgs/pkgs/tools/security/volatility3/default.nix b/nixpkgs/pkgs/tools/security/volatility3/default.nix index 393ac90d3164..e019d96129f5 100644 --- a/nixpkgs/pkgs/tools/security/volatility3/default.nix +++ b/nixpkgs/pkgs/tools/security/volatility3/default.nix @@ -5,15 +5,13 @@ python3.pkgs.buildPythonApplication rec { pname = "volatility3"; - version = "2.0.0"; - - disabled = python3.pythonOlder "3.6"; + version = "2.0.1"; src = fetchFromGitHub { owner = "volatilityfoundation"; repo = pname; rev = "v${version}"; - sha256 = "141n09cdc17pfdhs01aw8l4cvsqpcz8ji5l4gi7r88cyf4ix2lnz"; + hash = "sha256-rEqp+V5r4Sk4D+r2ukR1uy4IDj9XQGhYwoYSPeMyKpA="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -31,7 +29,9 @@ python3.pkgs.buildPythonApplication rec { # Project has no tests doCheck = false; - pythonImportsCheck = [ "volatility3" ]; + pythonImportsCheck = [ + "volatility3" + ]; meta = with lib; { description = "Volatile memory extraction frameworks"; diff --git a/nixpkgs/pkgs/tools/security/zdns/default.nix b/nixpkgs/pkgs/tools/security/zdns/default.nix index 913735d4cb9f..354dd5b64475 100644 --- a/nixpkgs/pkgs/tools/security/zdns/default.nix +++ b/nixpkgs/pkgs/tools/security/zdns/default.nix @@ -5,19 +5,16 @@ buildGoModule rec { pname = "zdns"; - version = "20210327-${lib.strings.substring 0 7 rev}"; - rev = "8c53210f0b9a4fe16c70a5d854e9413c3d0c1ba2"; + version = "2022-03-14-unstable"; src = fetchFromGitHub { owner = "zmap"; repo = pname; - inherit rev; - sha256 = "0pdfz1489ynpw72flalnlkwybp683v826icjx7ljys45xvagdvck"; + rev = "d659a361f6d5165462c10e1c1243f420175e066b"; + hash = "sha256-856O6H03me3IM39/+6n56KJIetL+v4on6+lJx5D2Pcw="; }; - vendorSha256 = "0b8h5n01xmhar1a09svb35ah48k9zdy1mn5balq0h2l0jxr05z78"; - - subPackages = [ "zdns" ]; + vendorSha256 = "sha256-5kZ0voyicnqK/0yrMYW+gR1vVDyptW6I1HgyG4zleX8="; meta = with lib; { description = "CLI DNS lookup tool"; |