Merge branch 'master' into staging-next

7 files changed, 68 insertions, 107 deletions

diff --git a/pkgs/tools/security/aws-okta/default.nix b/pkgs/tools/security/aws-okta/default.nix
index 7ec5b024de13..cdb35453d3d2 100644
--- a/pkgs/tools/security/aws-okta/default.nix
+++ b/pkgs/tools/security/aws-okta/default.nix
@@ -1,4 +1,5 @@
 { buildGoPackage, fetchFromGitHub, stdenv }:
+
 buildGoPackage rec {
   name = "aws-okta-${version}";
   version = "0.19.0";
@@ -19,6 +20,7 @@ buildGoPackage rec {
     description = "aws-vault like tool for Okta authentication";
     license = licenses.mit;
     maintainers = [maintainers.imalsogreg];
+    broken = stdenv.isDarwin;  # test with CoreFoundation 10.11
     platforms = platforms.all;
     homepage = https://github.com/segmentio/aws-okta;
     downloadPage = "https://github.com/segmentio/aws-okta";
diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix
index 729f85a73fce..3ef07c44f501 100644
--- a/pkgs/tools/security/duo-unix/default.nix
+++ b/pkgs/tools/security/duo-unix/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "duo-unix-${version}";
-  version = "1.9.20";
+  version = "1.10.4";
 
   src = fetchurl {
     url    = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz";
-    sha256 = "0zxrpdbgi8k8jbqg5yxjv3b0lz9kpk89pglwb3lqlvzscbxdv5qj";
+    sha256 = "1pbl6ii7sh66i277s5mqpnv092jd2q52qis3ar4lwy4mywfvrhjp";
   };
 
   buildInputs = [ pam openssl zlib ];
diff --git a/pkgs/tools/security/lynis/default.nix b/pkgs/tools/security/lynis/default.nix
index bb7a6a0e7724..8158a4fbfd74 100644
--- a/pkgs/tools/security/lynis/default.nix
+++ b/pkgs/tools/security/lynis/default.nix
@@ -2,14 +2,14 @@
 
 stdenv.mkDerivation rec {
   pname = "lynis";
-  version = "2.6.7";
+  version = "2.6.8";
   name = "${pname}-${version}";
 
   src = fetchFromGitHub {
     owner = "CISOfy";
     repo = "${pname}";
     rev = "${version}";
-    sha256 = "0ayil5bzxqaksmr79x0gxy60k8djzg0bs60jfg8qi6128q6srhar";
+    sha256 = "1g7jxjqvzl78fy770vlg6n6l003nvm452i2g3wnrb1fqcwkrm6ax";
   };
 
   nativeBuildInputs = [ makeWrapper perl ];
diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix
index d1266ca495ed..f4def72b728c 100644
--- a/pkgs/tools/security/monkeysphere/default.nix
+++ b/pkgs/tools/security/monkeysphere/default.nix
@@ -1,35 +1,53 @@
-{ stdenv, fetchurl, perl, makeWrapper, perlPackages }:
+{ stdenv, fetchurl, makeWrapper
+, perl, libassuan, libgcrypt
+, perlPackages, lockfileProgs, gnupg
+}:
 
 stdenv.mkDerivation rec {
   name = "monkeysphere-${version}";
-  version = "0.37";
+  version = "0.41";
 
   src = fetchurl {
-    url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.37.orig.tar.gz";
-    sha256 = "0nbfd220miflah5l2y20qlmgfpbqi0j8h7qgx1b06h7v2jjbh45m";
+    url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz";
+    sha256 = "0jz7kwkwgylqprnl8bwvl084s5gjrilza77ln18i3f6x48b2y6li";
   };
 
-  buildInputs = [ makeWrapper perl ];
-
   patches = [ ./monkeysphere.patch ];
 
+  nativeBuildInputs = [ makeWrapper ];
+  buildInputs = [ perl libassuan libgcrypt ];
+
   makeFlags = ''
     PREFIX=/
     DESTDIR=$(out)
   '';
 
-  postInstall = ''
-    wrapProgram $out/bin/openpgp2ssh --prefix PERL5LIB : \
-      "${with perlPackages; stdenv.lib.makePerlPath [
-        CryptOpenSSLRSA
-        CryptOpenSSLBignum
-      ]}"
-    wrapProgram $out/bin/monkeysphere --prefix PERL5LIB :\
-      "${with perlPackages; stdenv.lib.makePerlPath [
-        CryptOpenSSLRSA
-        CryptOpenSSLBignum
-      ]}"
-  '';
+  postFixup =
+    let wrapperArgs = runtimeDeps:
+          "--prefix PERL5LIB : "
+          + (with perlPackages; stdenv.lib.makePerlPath [
+              CryptOpenSSLRSA
+              CryptOpenSSLBignum
+            ])
+          + stdenv.lib.optionalString
+              (builtins.length runtimeDeps > 0)
+              " --prefix PATH : ${stdenv.lib.makeBinPath runtimeDeps}";
+        wrapMonkeysphere = runtimeDeps: program:
+          "wrapProgram $out/bin/${program} ${wrapperArgs runtimeDeps}\n";
+        wrapPrograms = runtimeDeps: programs: stdenv.lib.concatMapStrings
+          (wrapMonkeysphere runtimeDeps)
+          programs;
+    in wrapPrograms [ gnupg ] [ "monkeysphere-authentication" "monkeysphere-host" ]
+      + wrapPrograms [ lockfileProgs ] [ "monkeysphere" ]
+      + ''
+        # These 4 programs depend on the program name ($0):
+        for program in openpgp2pem openpgp2spki openpgp2ssh pem2openpgp; do
+          rm $out/bin/$program
+          ln -sf keytrans $out/share/monkeysphere/$program
+          makeWrapper $out/share/monkeysphere/$program $out/bin/$program \
+            ${wrapperArgs [ ]}
+        done
+      '';
 
   meta = with stdenv.lib; {
     homepage = http://web.monkeysphere.info/;
@@ -43,7 +61,8 @@ stdenv.mkDerivation rec {
       TLS/SSL communications through the normal use of tools you are
       familiar with, such as your web browser0 or secure shell.
     '';
-    license = licenses.gpl3;
+    license = licenses.gpl3Plus;
     platforms = platforms.all;
+    maintainers = with maintainers; [ primeos ];
   };
 }
diff --git a/pkgs/tools/security/monkeysphere/monkeysphere.patch b/pkgs/tools/security/monkeysphere/monkeysphere.patch
index 8b343b93454f..fdf4b9335b19 100644
--- a/pkgs/tools/security/monkeysphere/monkeysphere.patch
+++ b/pkgs/tools/security/monkeysphere/monkeysphere.patch
@@ -1,92 +1,32 @@
-diff -rupN monkeysphere-0.37/Makefile monkeysphere-0.37-patched/Makefile
---- monkeysphere-0.37/Makefile	2014-08-06 19:27:38.000000000 +0200
-+++ monkeysphere-0.37-patched/Makefile	2015-07-31 19:51:57.539373097 +0200
-@@ -42,11 +42,11 @@ install: all installman
- 	mkdir -p $(DESTDIR)$(PREFIX)/share/doc/monkeysphere
- 	printf "Monkeysphere %s\n" $(MONKEYSPHERE_VERSION) > $(DESTDIR)$(PREFIX)/share/monkeysphere/VERSION
- 	install src/monkeysphere $(DESTDIR)$(PREFIX)/bin
--	sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/bin/monkeysphere
-+	sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/bin/monkeysphere
- 	install src/monkeysphere-host $(DESTDIR)$(PREFIX)/sbin
--	sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host
-+	sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host
- 	install src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin
--	sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication
-+	sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication
- 	install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere
- 	install -m 0755 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
- 	install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere
-@@ -59,8 +59,8 @@ install: all installman
- 	ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2pem
- 	ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2spki
- 	install -m 0744 src/transitions/* $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions
--	sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23
--	sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28
-+	sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23
-+	sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28
- 	install -m 0644 src/transitions/README.txt $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions
- 	install -m 0644 src/share/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m
- 	install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh
-diff -rupN monkeysphere-0.37/src/share/checkperms monkeysphere-0.37-patched/src/share/checkperms
---- monkeysphere-0.37/src/share/checkperms	2014-08-06 19:27:38.000000000 +0200
-+++ monkeysphere-0.37-patched/src/share/checkperms	2015-07-31 19:52:18.170675985 +0200
+diff --git a/Makefile b/Makefile
+--- a/Makefile
++++ b/Makefile
+@@ -52,7 +52,7 @@ clean:
+ replaced/%: %
+ 	mkdir -p $(dir $@)
+ 	sed < $< > $@ \
+-	-e 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' \
++	-e 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' \
+ 	-e 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' \
+ 	-e 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):'
+ 
+diff --git a/src/share/checkperms b/src/share/checkperms
+--- a/src/share/checkperms
++++ b/src/share/checkperms
 @@ -1,4 +1,4 @@
 -#!/usr/bin/perl -T
 +#!/usr/bin/perl
  
  # checkperms: ensure as best we can that a given file can only be
  # modified by the given user (or the superuser, naturally).  This
-diff -rupN monkeysphere-0.37/src/share/keytrans monkeysphere-0.37-patched/src/share/keytrans
---- monkeysphere-0.37/src/share/keytrans	2014-08-06 19:27:38.000000000 +0200
-+++ monkeysphere-0.37-patched/src/share/keytrans	2015-07-31 20:13:36.664514290 +0200
+diff --git a/src/share/keytrans b/src/share/keytrans
+--- a/src/share/keytrans
++++ b/src/share/keytrans
 @@ -1,4 +1,4 @@
 -#!/usr/bin/perl -T
 +#!/usr/bin/perl
  
  # keytrans: this is an RSA key translation utility; it is capable of
  # transforming RSA keys (both public keys and secret keys) between
-@@ -1069,7 +1069,7 @@ sub packetwalk {
- 
- 
- for (basename($0)) {
--  if (/^pem2openpgp$/) {
-+  if (/pem2openpgp/) {
-     my $rsa;
-     my $stdin;
- 
-@@ -1107,7 +1107,7 @@ for (basename($0)) {
- 		      }
- 		     );
-   }
--  elsif (/^openpgp2ssh$/) {
-+  elsif (/openpgp2ssh/) {
-       my $fpr = shift;
-       my $instream;
-       open($instream,'-');
-@@ -1123,7 +1123,7 @@ for (basename($0)) {
- 	die "No matching key found.\n";
-       }
-   }
--  elsif (/^openpgp2pem$/) {
-+  elsif (/openpgp2pem/) {
-       my $fpr = shift;
-       my $instream;
-       open($instream,'-');
-@@ -1139,7 +1139,7 @@ for (basename($0)) {
- 	die "No matching key found.\n";
-       }
-   }
--  elsif (/^openpgp2spki$/) {
-+  elsif (/openpgp2spki/) {
-       my $fpr = shift;
-       my $instream;
-       open($instream,'-');
-@@ -1151,7 +1151,7 @@ for (basename($0)) {
- 	die "No matching key found.\n";
-       }
-   }
--  elsif (/^keytrans$/) {
-+  elsif (/keytrans/) {
-     # subcommands when keytrans is invoked directly are UNSUPPORTED,
-     # UNDOCUMENTED, and WILL NOT BE MAINTAINED.
-     my $subcommand = shift;
+-- 
+2.16.3
diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix
index bb49e478910d..338afb7b3e17 100644
--- a/pkgs/tools/security/tor/default.nix
+++ b/pkgs/tools/security/tor/default.nix
@@ -14,11 +14,11 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "tor-0.3.3.9";
+  name = "tor-0.3.4.8";
 
   src = fetchurl {
     url = "https://dist.torproject.org/${name}.tar.gz";
-    sha256 = "0vyf5z0dn5jghp2qjp076aq62lsz9g32qv9jiqf08skf096nnd45";
+    sha256 = "08qhzcmzxp5xr2l5721vagksqnnbrzzzy5hmz5y9r8lrq2r4qsl2";
   };
 
   outputs = [ "out" "geoip" ];
diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix
index a9e8d8fca351..091b17c6ffe1 100644
--- a/pkgs/tools/security/vault/default.nix
+++ b/pkgs/tools/security/vault/default.nix
@@ -9,13 +9,13 @@ let
   };
 in stdenv.mkDerivation rec {
   name = "vault-${version}";
-  version = "0.10.4";
+  version = "0.11.1";
 
   src = fetchFromGitHub {
     owner = "hashicorp";
     repo = "vault";
     rev = "v${version}";
-    sha256 = "1f11arvj7zp8wwkvv3nn7kyga0ci8psdif6djrnzwjksskdgdbx5";
+    sha256 = "1ydnb9z6rd5ck6wza5ir6927xq375i1a9zh5p2xanp29ly6ijiiz";
   };
 
   nativeBuildInputs = [ go gox removeReferencesTo ];