Merge staging into staging-next

10 files changed, 35 insertions, 28 deletions

diff --git a/pkgs/tools/security/cfssl/default.nix b/pkgs/tools/security/cfssl/default.nix
index 2391ea1b859b..750539b3ace8 100644
--- a/pkgs/tools/security/cfssl/default.nix
+++ b/pkgs/tools/security/cfssl/default.nix
@@ -27,8 +27,8 @@ buildGoPackage rec {
   meta = with stdenv.lib; {
     homepage = https://cfssl.org/;
     description = "Cloudflare's PKI and TLS toolkit";
-    platforms = platforms.linux;
     license = licenses.bsd2;
     maintainers = with maintainers; [ mbrgm ];
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix
index 3ef07c44f501..a76e88772bcf 100644
--- a/pkgs/tools/security/duo-unix/default.nix
+++ b/pkgs/tools/security/duo-unix/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "duo-unix-${version}";
-  version = "1.10.4";
+  version = "1.10.5";
 
   src = fetchurl {
     url    = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz";
-    sha256 = "1pbl6ii7sh66i277s5mqpnv092jd2q52qis3ar4lwy4mywfvrhjp";
+    sha256 = "1h88gwvbh8vwwga7d65iwa9qrmyx23wh5m0rmlv8qbx4fyj7q1f9";
   };
 
   buildInputs = [ pam openssl zlib ];
diff --git a/pkgs/tools/security/gnupg/1compat.nix b/pkgs/tools/security/gnupg/1compat.nix
index eadfbe230b3f..371a7ca67afd 100644
--- a/pkgs/tools/security/gnupg/1compat.nix
+++ b/pkgs/tools/security/gnupg/1compat.nix
@@ -4,14 +4,22 @@ stdenv.mkDerivation {
   name = "gnupg1compat-${gnupg.version}";
 
   builder = writeScript "gnupg1compat-builder" ''
+    PATH=${coreutils}/bin
     # First symlink all top-level dirs
-    ${coreutils}/bin/mkdir -p $out
-    ${coreutils}/bin/ln -s "${gnupg}/"* $out
+    mkdir -p $out
+    ln -s "${gnupg}/"* $out
 
     # Replace bin with directory and symlink it contents
-    ${coreutils}/bin/rm $out/bin
-    ${coreutils}/bin/mkdir -p $out/bin
-    ${coreutils}/bin/ln -s "${gnupg}/bin/"* $out/bin
+    rm $out/bin
+    mkdir -p $out/bin
+    ln -s "${gnupg}/bin/"* $out/bin
+
+    # Add symlinks for any executables that end in 2 and lack any non-*2 version
+    for f in $out/bin/*2; do
+      [[ -x $f ]] || continue # ignore failed globs and non-executable files
+      [[ -e ''${f%2} ]] && continue # ignore commands that already have non-*2 versions
+      ln -s -- "''${f##*/}" "''${f%2}"
+    done
   '';
 
   meta = gnupg.meta // {
diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix
index 9404cb1d0655..6ae2bbc436ed 100644
--- a/pkgs/tools/security/gnupg/20.nix
+++ b/pkgs/tools/security/gnupg/20.nix
@@ -12,7 +12,8 @@ with stdenv.lib;
 assert guiSupport -> pinentry != null;
 
 stdenv.mkDerivation rec {
-  name = "gnupg-2.0.30";
+  name = "gnupg-${version}";
+  version = "2.0.30";
 
   src = fetchurl {
     url = "mirror://gnupg/gnupg/${name}.tar.bz2";
diff --git a/pkgs/tools/security/kbfs/default.nix b/pkgs/tools/security/kbfs/default.nix
index ff153fddf4d3..f5b2ba3803c8 100644
--- a/pkgs/tools/security/kbfs/default.nix
+++ b/pkgs/tools/security/kbfs/default.nix
@@ -2,7 +2,7 @@
 
 buildGoPackage rec {
   name = "kbfs-${version}";
-  version = "2.5.0";
+  version = "2.6.0";
 
   goPackagePath = "github.com/keybase/kbfs";
   subPackages = [ "kbfsfuse" "kbfsgit/git-remote-keybase" ];
@@ -13,7 +13,7 @@ buildGoPackage rec {
     owner = "keybase";
     repo = "kbfs";
     rev = "v${version}";
-    sha256 = "196w7vvi49xpmzn9d75qr5a1b8w23931544kx9bkc9bbwbjfc4la";
+    sha256 = "0i4f1bc0gcnax572s749m7zcpy53a0f9yzi4lwc312zzxi7krz2f";
   };
 
   buildFlags = [ "-tags production" ];
diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix
index beea202a9562..555244bc38cd 100644
--- a/pkgs/tools/security/keybase/default.nix
+++ b/pkgs/tools/security/keybase/default.nix
@@ -4,7 +4,7 @@
 
 buildGoPackage rec {
   name = "keybase-${version}";
-  version = "2.5.0";
+  version = "2.7.3";
 
   goPackagePath = "github.com/keybase/client";
   subPackages = [ "go/keybase" ];
@@ -15,7 +15,7 @@ buildGoPackage rec {
     owner  = "keybase";
     repo   = "client";
     rev    = "v${version}";
-    sha256 = "0fa55nizld8q0szhlpsf75ifb53js3crh98xmf8mn4bvms7d0x09";
+    sha256 = "1sw6v3vf544vp8grw8p287cx078mr9v0v1wffcj6f9p9shlwj7ic";
   };
 
   buildInputs = lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ];
diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix
index c8bbe42c9d6a..8831f26a42d5 100644
--- a/pkgs/tools/security/keybase/gui.nix
+++ b/pkgs/tools/security/keybase/gui.nix
@@ -38,10 +38,10 @@ let
 in
 stdenv.mkDerivation rec {
   name = "keybase-gui-${version}";
-  version = "2.5.0-20180807164805.0fda758997";
+  version = "2.7.0-20180926133747.0d62c866fc";
   src = fetchurl {
     url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version}_amd64.deb";
-    sha256 = "135sm3h5i2h9j06py827psjbhhiqy1mb133s92p7jp6q1mhr8j1x";
+    sha256 = "0a0ax3skfw398vcjl7822qp7160lbll1snwdqsa13dy8qrjl1byp";
   };
   phases = ["unpackPhase" "installPhase" "fixupPhase"];
   unpackPhase = ''
diff --git a/pkgs/tools/security/nsjail/default.nix b/pkgs/tools/security/nsjail/default.nix
index 8f087ef3d93c..80398d2d30cb 100644
--- a/pkgs/tools/security/nsjail/default.nix
+++ b/pkgs/tools/security/nsjail/default.nix
@@ -1,20 +1,20 @@
-{ stdenv, fetchFromGitHub, autoconf, pkgconfig, libtool
-, bison, flex, libnl, protobuf, protobufc }:
+{ stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkgconfig, which
+, libnl, protobuf, protobufc }:
 
 stdenv.mkDerivation rec {
   name = "nsjail-${version}";
-  version = "2.2";
+  version = "2.7";
 
   src = fetchFromGitHub {
     owner           = "google";
     repo            = "nsjail";
     rev             = version;
     fetchSubmodules = true;
-    sha256          = "11323j5wd02nm8ibvzbzq7dla70bmcldc71lv5bpk4x7h64ai14v";
+    sha256          = "13s1bi2b80rlwrgls1bx4bk140qhncwdamm9q51jd677s0i3xg3s";
   };
 
-  nativeBuildInputs = [ autoconf libtool pkgconfig ];
-  buildInputs = [ bison flex libnl protobuf protobufc ];
+  nativeBuildInputs = [ autoconf bison flex libtool pkgconfig which ];
+  buildInputs = [ libnl protobuf protobufc ];
   enableParallelBuilding = true;
 
   installPhase = ''
diff --git a/pkgs/tools/security/pcsctools/default.nix b/pkgs/tools/security/pcsctools/default.nix
index 5b67a6d89ceb..42f1df8b3842 100644
--- a/pkgs/tools/security/pcsctools/default.nix
+++ b/pkgs/tools/security/pcsctools/default.nix
@@ -6,17 +6,15 @@
 let deps = lib.makeBinPath [ wget coreutils ];
 
 in stdenv.mkDerivation rec {
-  name = "pcsc-tools-1.4.25";
+  name = "pcsc-tools-1.5.3";
 
   src = fetchurl {
-    url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${name}.tar.gz";
-    sha256 = "0iqcy28pb963ds4pjrpi37577vm6nkgf3i0b3rr978jy9qi1bix9";
+    url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${name}.tar.bz2";
+    sha256 = "050x3yqd5ywl385zai3k1zhbm2lz1f5ksalfpm9hd86s50f03ans";
   };
 
   buildInputs = [ udev dbus perl pcsclite ];
 
-  makeFlags = [ "DESTDIR=$(out)" ];
-
   nativeBuildInputs = [ makeWrapper pkgconfig ];
 
   postInstall = ''
diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix
index a0f7d0f6287f..597047a679bb 100644
--- a/pkgs/tools/security/vault/default.nix
+++ b/pkgs/tools/security/vault/default.nix
@@ -11,13 +11,13 @@ let
   };
 in stdenv.mkDerivation rec {
   name = "vault-${version}";
-  version = "0.11.1";
+  version = "0.11.2";
 
   src = fetchFromGitHub {
     owner = "hashicorp";
     repo = "vault";
     rev = "v${version}";
-    sha256 = "1ydnb9z6rd5ck6wza5ir6927xq375i1a9zh5p2xanp29ly6ijiiz";
+    sha256 = "0lckpfp1yw6rfq2cardsp2qjiajg706qjk98cycrlsa5nr2csafa";
   };
 
   nativeBuildInputs = [ go gox removeReferencesTo ];