diff options
author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-25 11:08:05 -0800 |
---|---|---|
committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-25 11:08:05 -0800 |
commit | bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e (patch) | |
tree | 56abaf30f11ad2f24b9fb7729f74c5fff50fbd93 /pkgs/tools/security | |
parent | 1f9494b752082ec3ac048e56d1c6364a2e23a675 (diff) | |
parent | 104c3db6594043dbb81005303f055b02145305a5 (diff) | |
download | nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar.gz nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar.bz2 nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar.lz nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar.xz nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar.zst nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.zip |
setcap-wrapper: Merging with upstream master and resolving conflicts
Diffstat (limited to 'pkgs/tools/security')
56 files changed, 1084 insertions, 376 deletions
diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix index eac593e00767..d07396319d8d 100644 --- a/pkgs/tools/security/afl/default.nix +++ b/pkgs/tools/security/afl/default.nix @@ -9,11 +9,11 @@ let in stdenv.mkDerivation rec { name = "afl-${version}"; - version = "2.23b"; + version = "2.35b"; src = fetchurl { url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; - sha256 = "152pqrc0py6jk1i3pwn2k928bsgax0d4yavpa3ca29bmrbzpnadh"; + sha256 = "1smwc3j0mrpnhqq7li2ry42fxcmq3q2kl568dpq9r9npg996fqar"; }; # Note: libcgroup isn't needed for building, just for the afl-cgroup diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix index 3dd47f50cf76..0e91e2871237 100644 --- a/pkgs/tools/security/afl/qemu.nix +++ b/pkgs/tools/security/afl/qemu.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, python, zlib, pkgconfig, glib, ncurses, perl +{ stdenv, fetchurl, python2, zlib, pkgconfig, glib, ncurses, perl , attr, libcap, vde2, alsaLib, texinfo, libuuid, flex, bison, lzo, snappy , libaio, libcap_ng, gnutls, pixman, autoconf , writeText @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { }; buildInputs = - [ python zlib pkgconfig glib pixman ncurses perl attr libcap + [ python2 zlib pkgconfig glib pixman ncurses perl attr libcap vde2 texinfo libuuid flex bison lzo snappy autoconf libcap_ng gnutls ] diff --git a/pkgs/tools/security/chkrootkit/default.nix b/pkgs/tools/security/chkrootkit/default.nix index 2dad4b3e43aa..54aeb32cabd6 100644 --- a/pkgs/tools/security/chkrootkit/default.nix +++ b/pkgs/tools/security/chkrootkit/default.nix @@ -1,15 +1,25 @@ -{stdenv, fetchurl}: +{ stdenv, fetchurl }: -stdenv.mkDerivation { - name = "chkrootkit-0.50"; +stdenv.mkDerivation rec { + name = "chkrootkit-0.51"; src = fetchurl { - url = ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit-0.50.tar.gz; - sha256 = "1ivclp7ixndacjmf7xgj8lfa6h7ihx44mzzsapqdvf0c5f9gqj4m"; + url = "ftp://ftp.pangeia.com.br/pub/seg/pac/${name}.tar.gz"; + sha256 = "0y0kbhy8156y8zli0wcqbakb9rprzl1w7jn0kw3xjfgzrgsncqgn"; }; - installPhase = " + # TODO: a lazy work-around for linux build failure ... + makeFlags = [ "STATIC=" ]; + + installPhase = '' mkdir -p $out/sbin cp check_wtmpx chkdirs chklastlog chkproc chkrootkit chkutmp chkwtmp ifpromisc strings-static $out/sbin - "; + ''; + + meta = with stdenv.lib; { + description = "Locally checks for signs of a rootkit"; + homepage = http://www.chkrootkit.org/; + license = licenses.bsd2; + platforms = with platforms; linux; + }; } diff --git a/pkgs/tools/security/cipherscan/default.nix b/pkgs/tools/security/cipherscan/default.nix index eac237f2ff47..859c1fdf49a0 100644 --- a/pkgs/tools/security/cipherscan/default.nix +++ b/pkgs/tools/security/cipherscan/default.nix @@ -2,42 +2,40 @@ stdenv.mkDerivation rec { name = "cipherscan-${version}"; - version = "2015-12-17"; + version = "2016-08-16"; + src = fetchFromGitHub { - owner = "jvehent"; + owner = "mozilla"; repo = "cipherscan"; - rev = "18b0d1b952d027d20e38f07329817873ec077d26"; - sha256 = "0b6fkfm2y8w04am4krspmapcc5ngn603n5rlwyjly92z2dawc7h8"; + rev = "74dd82e8ad994a140daf79489d3bd1c5ad928d38"; + sha256 = "16azhlmairnvdz7xmwgvfpn2pzw1p8z7c9b27m07fngqjkpx0mhh"; }; - buildInputs = [ makeWrapper python ]; - patches = [ ./path.patch ]; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ python ]; + buildPhase = '' - substituteInPlace cipherscan \ - --replace "@OPENSSLBIN@" \ - "${openssl.bin}/bin/openssl" \ - --replace "@TIMEOUTBIN@" \ - "${coreutils}/bin/timeout" \ - --replace "@READLINKBIN@" \ - "${coreutils}/bin/readlink" - - substituteInPlace analyze.py \ - --replace "@OPENSSLBIN@" \ - "${openssl.bin}/bin/openssl" + substituteInPlace cipherscan --replace '$0' 'cipherscan' ''; + installPhase = '' mkdir -p $out/bin cp cipherscan $out/bin cp openssl.cnf $out/bin - cp analyze.py $out/bin + cp analyze.py $out/bin/cipherscan-analyze - wrapProgram $out/bin/analyze.py --set PYTHONPATH "$PYTHONPATH" + wrapProgram $out/bin/cipherscan \ + --set NOAUTODETECT 1 \ + --set TIMEOUTBIN "${coreutils}/bin/timeout" \ + --set OPENSSLBIN "${openssl}/bin/openssl" ''; + meta = with lib; { + inherit (src.meta) homepage; description = "Very simple way to find out which SSL ciphersuites are supported by a target"; - homepage = "https://github.com/jvehent/cipherscan"; license = licenses.mpl20; platforms = platforms.all; - maintainers = with maintainers; [ cstrahan ]; + maintainers = with maintainers; [ cstrahan fpletz ]; }; } diff --git a/pkgs/tools/security/cipherscan/path.patch b/pkgs/tools/security/cipherscan/path.patch deleted file mode 100644 index 3b6d8ef80509..000000000000 --- a/pkgs/tools/security/cipherscan/path.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff --git a/analyze.py b/analyze.py -index bb62af8..e929253 100755 ---- a/analyze.py -+++ b/analyze.py -@@ -418,13 +418,7 @@ def build_ciphers_lists(opensslbin): - - # use system openssl if not on linux 64 - if not opensslbin: -- if platform.system() == 'Linux' and platform.architecture()[0] == '64bit': -- opensslbin = mypath + '/openssl' -- elif platform.system() == 'Darwin' and platform.architecture()[0] == '64bit': -- opensslbin = mypath + '/openssl-darwin64' -- else: -- opensslbin='openssl' -- print("warning: analyze.py is using system's openssl, which may limit the tested ciphers and recommendations") -+ opensslbin = "@OPENSSLBIN@" - - logging.debug('Loading all ciphers: ' + allC) - all_ciphers = subprocess.Popen([opensslbin, 'ciphers', allC], -diff --git a/cipherscan b/cipherscan -index 236b34f..a240d13 100755 ---- a/cipherscan -+++ b/cipherscan -@@ -30,43 +30,12 @@ if [[ -n $NOAUTODETECT ]]; then - else - case "$(uname -s)" in - Darwin) -- opensslbin_name="openssl-darwin64" -- -- READLINKBIN=$(which greadlink 2>/dev/null) -- if [[ -z $READLINKBIN ]]; then -- echo "greadlink not found. (try: brew install coreutils)" 1>&2 -- exit 1 -- fi -- TIMEOUTBIN=$(which gtimeout 2>/dev/null) -- if [[ -z $TIMEOUTBIN ]]; then -- echo "gtimeout not found. (try: brew install coreutils)" 1>&2 -- exit 1 -- fi -+ READLINKBIN="@READLINKBIN@" -+ TIMEOUTBIN="@TIMEOUTBIN@" - ;; - *) -- opensslbin_name="openssl" -- -- # test that readlink or greadlink (darwin) are present -- READLINKBIN="$(which readlink)" -- -- if [[ -z $READLINKBIN ]]; then -- READLINKBIN="$(which greadlink)" -- if [[ -z $READLINKBIN ]]; then -- echo "neither readlink nor greadlink are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2 -- exit 1 -- fi -- fi -- -- # test that timeout or gtimeout (darwin) are present -- TIMEOUTBIN="$(which timeout)" -- -- if [[ -z $TIMEOUTBIN ]]; then -- TIMEOUTBIN="$(which gtimeout)" -- if [[ -z $TIMEOUTBIN ]]; then -- echo "neither timeout nor gtimeout are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2 -- exit 1 -- fi -- fi -+ READLINKBIN="@READLINKBIN@" -+ TIMEOUTBIN="@TIMEOUTBIN@" - - # Check for busybox, which has different arguments - TIMEOUTOUTPUT="$($TIMEOUTBIN --help 2>&1)" -@@ -1944,20 +1913,7 @@ do - done - - if [[ -z $OPENSSLBIN ]]; then -- readlink_result=$("$READLINKBIN" -f "$0") -- if [[ -z $readlink_result ]]; then -- echo "$READLINKBIN -f $0 failed, aborting." 1>&2 -- exit 1 -- fi -- REALPATH=$(dirname "$readlink_result") -- if [[ -z $REALPATH ]]; then -- echo "dirname $REALPATH failed, aborting." 1>&2 -- exit 1 -- fi -- OPENSSLBIN="${REALPATH}/${opensslbin_name}" -- if ! [[ -x "${OPENSSLBIN}" ]]; then -- OPENSSLBIN="$(which openssl)" # fallback to generic openssl -- fi -+ OPENSSLBIN="@OPENSSLBIN@" - fi - # use custom config file to enable GOST ciphers - if [[ -e $DIRNAMEPATH/openssl.cnf ]]; then diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 0cb34b2e73c9..da469771c6ec 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl -, libmilter, pcre, freshclamConf ? null }: +, libmilter, pcre }: stdenv.mkDerivation rec { name = "clamav-${version}"; @@ -10,10 +10,19 @@ stdenv.mkDerivation rec { sha256 = "0yh2q318bnmf2152g2h1yvzgqbswn0wvbzb8p4kf7v057shxcyqn"; }; - buildInputs = [ zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre ]; + # don't install sample config files into the absolute sysconfdir folder + postPatch = '' + substituteInPlace Makefile.in --replace ' etc ' ' ' + ''; + + buildInputs = [ + zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre + ]; configureFlags = [ + "--sysconfdir=/etc/clamav" "--with-zlib=${zlib.dev}" + "--disable-zlib-vcheck" # it fails to recognize that 1.2.10 >= 1.2.2 "--with-libbz2-prefix=${bzip2.dev}" "--with-iconv-dir=${libiconv}" "--with-xml=${libxml2.dev}" @@ -22,10 +31,12 @@ stdenv.mkDerivation rec { "--with-libcurl=${curl.dev}" "--with-pcre=${pcre.dev}" "--enable-milter" - "--disable-clamav" ]; - fixupPhase = if (freshclamConf != null) then ''echo "${freshclamConf}" > $out/etc/freshclam.conf'' else ""; + postInstall = '' + mkdir $out/etc + cp etc/*.sample $out/etc + ''; meta = with stdenv.lib; { homepage = http://www.clamav.net; diff --git a/pkgs/tools/security/cowpatty/default.nix b/pkgs/tools/security/cowpatty/default.nix new file mode 100644 index 000000000000..de34005401b1 --- /dev/null +++ b/pkgs/tools/security/cowpatty/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl, openssl, libpcap +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + name = "cowpatty-${version}"; + version = "4.6"; + + buildInputs = [ openssl libpcap ]; + + src = fetchurl { + url = "http://www.willhackforsushi.com/code/cowpatty/${version}/${name}.tgz"; + sha256 = "1hivh3bq2maxvqzwfw06fr7h8bbpvxzah6mpibh3wb85wl9w2gyd"; + }; + + installPhase = "make DESTDIR=$out BINDIR=/bin install"; + + meta = { + description = "Offline dictionary attack against WPA/WPA2 networks"; + license = licenses.gpl2; + homepage = http://www.willhackforsushi.com/?page_id=50; + maintainers = with maintainers; [ nico202 ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix index a477b22f191a..7e941e5378a7 100644 --- a/pkgs/tools/security/ecryptfs/default.nix +++ b/pkgs/tools/security/ecryptfs/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python, pam +{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python2, pam , intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }: stdenv.mkDerivation rec { @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { done ''; - buildInputs = [ pkgconfig perl nss nspr python pam intltool makeWrapper ]; + buildInputs = [ pkgconfig perl nss nspr python2 pam intltool makeWrapper ]; propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ]; postInstall = '' diff --git a/pkgs/tools/security/ecryptfs/helper.nix b/pkgs/tools/security/ecryptfs/helper.nix index 40e6771251ab..0d4b37a8efc0 100644 --- a/pkgs/tools/security/ecryptfs/helper.nix +++ b/pkgs/tools/security/ecryptfs/helper.nix @@ -1,7 +1,7 @@ { stdenv , fetchurl , makeWrapper -, python +, python2 }: stdenv.mkDerivation rec { @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { installPhase = '' mkdir -p $out/bin $out/libexec cp $src $out/libexec/ecryptfs-helper.py - makeWrapper "${python.interpreter} $out/libexec/ecryptfs-helper.py" $out/bin/ecryptfs-helper + makeWrapper "${python2.interpreter} $out/libexec/ecryptfs-helper.py" $out/bin/ecryptfs-helper ''; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index 5ee630539b69..f26b2d3308b7 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -4,10 +4,10 @@ stdenv.mkDerivation rec { name = "eid-mw-${version}"; - version = "4.1.18"; + version = "4.1.19"; src = fetchFromGitHub { - sha256 = "049rxrlcwcb9yir8q2inmqlslp49alpgm4pccl138xl34cg1hyhl"; + sha256 = "191c74kxfrfb894v8y4vi2iygyffjy9jjq5fj7cnnddgwai5n3c5"; rev = "v${version}"; repo = "eid-mw"; owner = "Fedict"; diff --git a/pkgs/tools/security/encryptr/default.nix b/pkgs/tools/security/encryptr/default.nix new file mode 100644 index 000000000000..95d0299e8733 --- /dev/null +++ b/pkgs/tools/security/encryptr/default.nix @@ -0,0 +1,57 @@ +{ stdenv, fetchurl, glib, nss, nspr, gconf, fontconfig, freetype +, pango , cairo, libX11 , libXi, libXcursor, libXext, libXfixes +, libXrender, libXcomposite , alsaLib, libXdamage, libXtst, libXrandr +, expat, libcap, systemd , dbus, gtk2 , gdk_pixbuf, libnotify +}: + +let + arch = if stdenv.system == "x86_64-linux" then "amd" + else if stdenv.system == "i686-linux" then "i386" + else throw "Encryptr for ${stdenv.system} not supported!"; + + sha256 = if stdenv.system == "x86_64-linux" then "1j3g467g7ar86hpnh6q9mf7mh2h4ia94mwhk1283zh739s2g53q2" + else if stdenv.system == "i686-linux" then "02j9hg9b1jlv25q1sjfhv8d46mii33f94dj0ccn83z9z18q4y2cm" + else throw "Encryptr for ${stdenv.system} not supported!"; + +in stdenv.mkDerivation rec { + name = "encryptr-${version}"; + version = "2.0.0"; + + src = fetchurl { + url = "https://spideroak.com/dist/encryptr/signed/linux/targz/encryptr-${version}_${arch}.tar.gz"; + inherit sha256; + }; + + dontBuild = true; + + rpath = stdenv.lib.makeLibraryPath [ + glib nss nspr gconf fontconfig freetype pango cairo libX11 libXi + libXcursor libXext libXfixes libXrender libXcomposite alsaLib + libXdamage libXtst libXrandr expat libcap dbus gtk2 gdk_pixbuf + libnotify stdenv.cc.cc + ]; + + installPhase = '' + mkdir -pv $out/bin $out/lib + cp -v {encryptr-bin,icudtl.dat,nw.pak} $out/bin + mv -v $out/bin/encryptr{-bin,} + cp -v lib* $out/lib + ln -sv ${systemd.lib}/lib/libudev.so.1 $out/lib/libudev.so.0 + + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + --set-rpath $out/lib:${rpath} \ + $out/bin/encryptr + ''; + + # If stripping, node-webkit does not find + # its application and shows a generic page + dontStrip = true; + + meta = with stdenv.lib; { + homepage = https://spideroak.com/solutions/encryptr; + description = "Free, private and secure password management tool and e-wallet"; + license = licenses.unfree; + maintainers = with maintainers; [ guillaumekoenig ]; + platform = platforms.linux; + }; +} diff --git a/pkgs/tools/security/enpass/data.json b/pkgs/tools/security/enpass/data.json new file mode 100644 index 000000000000..b3625d928b5f --- /dev/null +++ b/pkgs/tools/security/enpass/data.json @@ -0,0 +1,12 @@ +{ + "amd64": { + "path": "pool/main/e/enpass/enpass_5.4.0-4_amd64.deb", + "sha256": "6b460fed2d7d8473e2b5d069dbe60263195b916c8b79a8fc7c2e8cb953134579", + "version": "5.4.0.post4" + }, + "i386": { + "path": "pool/main/e/enpass/enpass_5.4.0-4_i386.deb", + "sha256": "1ec8088d5c3b2906d6820f96e1868c473e78dbe882f04e74a7816d19d43e3692", + "version": "5.4.0.post4" + } +} \ No newline at end of file diff --git a/pkgs/tools/security/enpass/default.nix b/pkgs/tools/security/enpass/default.nix new file mode 100644 index 000000000000..257af4645f68 --- /dev/null +++ b/pkgs/tools/security/enpass/default.nix @@ -0,0 +1,105 @@ +{stdenv, system, fetchurl, dpkg, openssl, xorg +, glib, mesa, libpulseaudio, zlib, dbus, fontconfig, freetype +, gtk2, pango, atk, cairo, gdk_pixbuf, jasper, xkeyboardconfig +, makeWrapper , makeDesktopItem, python, pythonPackages, lib +, libredirect, lsof}: +assert system == "i686-linux" || system == "x86_64-linux"; +let + all_data = (with builtins; fromJSON (readFile ./data.json)); + system_map = { + i686-linux = "i386"; + x86_64-linux = "amd64"; + }; + + data = (with builtins; getAttr (getAttr system system_map) all_data); + + baseUrl = http://repo.sinew.in; + + # used of both wrappers and libpath + libPath = lib.makeLibraryPath (with xorg; [ + openssl + mesa + fontconfig + freetype + libpulseaudio + zlib + dbus + libX11 + libXi + libSM + libICE + libXext + libXrender + libXScrnSaver + glib + gtk2 + pango + cairo + atk + gdk_pixbuf + jasper + stdenv.cc.cc + ]); + package = stdenv.mkDerivation rec { + + inherit (data) version; + name = "enpass-${version}"; + + src = fetchurl { + inherit (data) sha256; + url = "${baseUrl}/${data.path}"; + }; + + meta = { + description = "a well known password manager"; + homepage = https://www.enpass.io/; + maintainer = lib.maintainers.ronny; + license = lib.licenses.unfree; + platforms = lib.platforms.linux; + }; + + buildInputs = [makeWrapper dpkg]; + phases = [ "unpackPhase" "installPhase" ]; + + unpackPhase = "dpkg -X $src ."; + installPhase='' + mkdir $out + cp -r opt/Enpass/* $out + cp -r usr/* $out + rm $out/bin/runenpass.sh + cp $out/bin/EnpassHelper/EnpassHelper{,.untampered} + + sed \ + -i s@/opt/Enpass/bin/runenpass.sh@$out/bin/Enpass@ \ + $out/share/applications/enpass.desktop + + for i in $out/bin/{Enpass,EnpassHelper/EnpassHelper}; do + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) $i + done + + # The helper's sha256 sum must match, hence the use of libredirect. + # Also, lsof must be in the path for proper operation. + wrapProgram $out/bin/Enpass \ + --set LD_LIBRARY_PATH "${libPath}:$out/lib:$out/plugins/sqldrivers" \ + --set QT_PLUGIN_PATH "$out/plugins" \ + --set QT_QPA_PLATFORM_PLUGIN_PATH "$out/plugins/platforms" \ + --set QT_XKB_CONFIG_ROOT "${xkeyboardconfig}/share/X11/xkb" \ + --set HIDE_TOOLBAR_LINE 0 \ + --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \ + --set NIX_REDIRECTS "$out/bin/EnpassHelper/EnpassHelper=$out/bin/EnpassHelper/EnpassHelper.untampered" \ + --prefix PATH : ${lsof}/bin + ''; + }; + updater = { + update = stdenv.mkDerivation rec { + name = "enpass-update-script"; + SCRIPT =./update_script.py; + + buildInputs = with pythonPackages; [python requests pathlib2 six attrs ]; + shellHook = '' + exec python $SCRIPT --target pkgs/tools/security/enpass/data.json --repo ${baseUrl} + ''; + + }; + }; +in (package // {refresh = updater;}) diff --git a/pkgs/tools/security/enpass/update_script.py b/pkgs/tools/security/enpass/update_script.py new file mode 100644 index 000000000000..f8ec715cb5e4 --- /dev/null +++ b/pkgs/tools/security/enpass/update_script.py @@ -0,0 +1,95 @@ +from __future__ import print_function + + +import argparse +import bz2 +import email +import json +import logging + +from itertools import product +from operator import itemgetter + +import attr +import pkg_resources + +from pathlib2 import Path +from requests import Session +from six.moves.urllib_parse import urljoin + + +@attr.s +class ReleaseElement(object): + sha256 = attr.ib(repr=False) + size = attr.ib(convert=int) + path = attr.ib() + +log = logging.getLogger('enpass.updater') + + +parser = argparse.ArgumentParser() +parser.add_argument('--repo') +parser.add_argument('--target', type=Path) + + +session = Session() + + +def parse_bz2_msg(msg): + msg = bz2.decompress(msg) + if '\n\n' in msg: + parts = msg.split('\n\n') + return list(map(email.message_from_string, parts)) + return email.message_from_string(msg) + + +def fetch_meta(repo, name, parse=email.message_from_string, split=False): + url = urljoin(repo, 'dists/stable', name) + response = session.get("{repo}/dists/stable/{name}".format(**locals())) + return parse(response.content) + + +def fetch_filehashes(repo, path): + meta = fetch_meta(repo, path, parse=parse_bz2_msg) + for item in meta: + yield { + 'version': pkg_resources.parse_version(str(item['Version'])), + 'path': item['Filename'], + 'sha256': item['sha256'], + } + + +def fetch_archs(repo): + m = fetch_meta(repo, 'Release') + + architectures = m['Architectures'].split() + elements = [ReleaseElement(*x.split()) for x in m['SHA256'].splitlines()] + elements = [x for x in elements if x.path.endswith('bz2')] + + for arch, elem in product(architectures, elements): + if arch in elem.path: + yield arch, max(fetch_filehashes(repo, elem.path), + key=itemgetter('version')) + + +class OurVersionEncoder(json.JSONEncoder): + def default(self, obj): + # the other way around to avoid issues with + # newer setuptools having strict/legacy versions + if not isinstance(obj, (dict, str)): + return str(obj) + return json.JSONEncoder.default(self, obj) + + +def main(repo, target): + logging.basicConfig(level=logging.DEBUG) + with target.open(mode='wb') as fp: + json.dump( + dict(fetch_archs(repo)), fp, + cls=OurVersionEncoder, + indent=2, + sort_keys=True) + + +opts = parser.parse_args() +main(opts.repo, opts.target) diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index 70dfb9e82c6b..695bfcce3a59 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -13,7 +13,7 @@ pythonPackages.buildPythonApplication { sha256 = "1m8gqj35kwrn30rqwd488sgakaisz22xa5v9llvz6gwf4f7ps0a9"; }; - propagatedBuildInputs = [ python.modules.sqlite3 gamin ] + propagatedBuildInputs = [ gamin ] ++ (stdenv.lib.optional stdenv.isLinux pythonPackages.systemd); preConfigure = '' diff --git a/pkgs/tools/security/fpm2/default.nix b/pkgs/tools/security/fpm2/default.nix new file mode 100644 index 000000000000..8bb3cba15c46 --- /dev/null +++ b/pkgs/tools/security/fpm2/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchurl, pkgconfig, gnupg, gtk2 +, libxml2, intltool +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + name = "fpm2-${version}"; + version = "0.79"; + + src = fetchurl { + url = "http://als.regnet.cz/fpm2/download/fpm2-${version}.tar.bz2"; + sha256 = "d55e9ce6be38a44fc1053d82db2d117cf3991a51898bd86d7913bae769f04da7"; + }; + + buildInputs = [ pkgconfig gnupg gtk2 libxml2 intltool ]; + + meta = { + description = "FPM2 is GTK2 port from Figaro's Password Manager originally developed by John Conneely, with some new enhancements."; + homepage = http://als.regnet.cz/fpm2/; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ hce ]; + }; +} diff --git a/pkgs/tools/security/fprintd/default.nix b/pkgs/tools/security/fprintd/default.nix index fb72782abee6..e5bf5a08afc7 100644 --- a/pkgs/tools/security/fprintd/default.nix +++ b/pkgs/tools/security/fprintd/default.nix @@ -2,11 +2,12 @@ , libfprint, glib, dbus_glib, polkit, nss, pam, systemd }: stdenv.mkDerivation rec { - name = "fprintd-0.6.0"; + name = "fprintd-${version}"; + version = "0.7.0"; src = fetchurl { url = "http://people.freedesktop.org/~hadess/${name}.tar.xz"; - sha256 = "1by6nvlrqkwzcz2v2kyq6avi3h384vmlr42vj9s2yzcinkp64m1z"; + sha256 = "05915i0bv7q62fqrs5diqwr8dz3pwqa1c1ivcgggkjyw0xk4ldp5"; }; buildInputs = [ libfprint glib dbus_glib polkit nss pam systemd ]; diff --git a/pkgs/tools/security/gencfsm/default.nix b/pkgs/tools/security/gencfsm/default.nix index 8441fbbb7613..fbd32cdc22df 100644 --- a/pkgs/tools/security/gencfsm/default.nix +++ b/pkgs/tools/security/gencfsm/default.nix @@ -1,17 +1,18 @@ { stdenv, fetchurl, autoconf, automake, intltool, libtool, pkgconfig, encfs -, glib , gnome3, gtk3, libgnome_keyring, vala_0_23, wrapGAppsHook, xorg }: +, glib , gnome3, gtk3, libgnome_keyring, vala, wrapGAppsHook, xorg +}: stdenv.mkDerivation rec { - version = "1.8.16"; + version = "1.8.18"; name = "gnome-encfs-manager-${version}"; src = fetchurl { - url = "https://launchpad.net/gencfsm/trunk/1.8/+download/gnome-encfs-manager_${version}.tar.gz"; - sha256 = "06sz6zcmvxkqww5gx4brcqs4hlpy9d8sal9nmw0pdsvh8k5vmpgn"; + url = "https://launchpad.net/gencfsm/trunk/1.8/+download/gnome-encfs-manager_${version}.tar.xz"; + sha256 = "1rpf683lxa78fmxxb0hnq7vdh3yn7qid2gqq67q9mk65sp9vdhdj"; }; - buildInputs = [ autoconf automake intltool libtool pkgconfig vala_0_23 glib encfs - gtk3 libgnome_keyring gnome3.libgee_1 xorg.libSM xorg.libICE + buildInputs = [ autoconf automake intltool libtool pkgconfig vala glib encfs + gtk3 libgnome_keyring gnome3.libgee xorg.libSM xorg.libICE wrapGAppsHook ]; patches = [ ./makefile-mkdir.patch ]; @@ -26,6 +27,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = http://www.libertyzero.com/GEncfsM/; + downloadPage = https://launchpad.net/gencfsm/; description = "EncFS manager and mounter with GNOME3 integration"; license = licenses.gpl2Plus; platforms = platforms.linux; diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix index 932bf508c2fa..fd79419d82ac 100644 --- a/pkgs/tools/security/gnupg/20.nix +++ b/pkgs/tools/security/gnupg/20.nix @@ -3,13 +3,13 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. -, pinentry ? null, x11Support ? true +, pinentry ? null, guiSupport ? true , openldap ? null, bzip2 ? null, libusb ? null, curl ? null }: with stdenv.lib; -assert x11Support -> pinentry != null; +assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-2.0.30"; @@ -35,7 +35,8 @@ stdenv.mkDerivation rec { patch gl/stdint_.h < ${./clang.patch} ''; - configureFlags = optional x11Support "--with-pinentry-pgm=${pinentry}/bin/pinentry"; + pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; + configureFlags = optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c"; diff --git a/pkgs/tools/security/gnupg/21.nix b/pkgs/tools/security/gnupg/21.nix index 34042d802ccb..b96226d5c3f8 100644 --- a/pkgs/tools/security/gnupg/21.nix +++ b/pkgs/tools/security/gnupg/21.nix @@ -1,37 +1,41 @@ { fetchurl, stdenv, pkgconfig, libgcrypt, libassuan, libksba, libiconv, npth -, gettext, texinfo, pcsclite +, gettext, texinfo, pcsclite, sqlite # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. -, pinentry ? null, x11Support ? true +, pinentry ? null, guiSupport ? true , adns ? null, gnutls ? null, libusb ? null, openldap ? null , readline ? null, zlib ? null, bzip2 ? null }: with stdenv.lib; -assert x11Support -> pinentry != null; +assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-${version}"; - version = "2.1.15"; + version = "2.1.17"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "1pgz02gd84ab94w4xdg67p9z8kvkyr9d523bvcxxd2hviwh1m362"; + sha256 = "1js308b46ifx1gim0c9nivr5yxhans7iq1yvkf7zl2928gdm9p65"; }; buildInputs = [ pkgconfig libgcrypt libassuan libksba libiconv npth gettext texinfo - readline libusb gnutls adns openldap zlib bzip2 + readline libusb gnutls adns openldap zlib bzip2 sqlite ]; + NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-lintl"; + + patches = [ ./fix-libusb-include-path.patch ]; postPatch = stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( - configureFlags = optional x11Support "--with-pinentry-pgm=${pinentry}/bin/pinentry"; + pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; + configureFlags = optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; meta = with stdenv.lib; { homepage = http://gnupg.org; diff --git a/pkgs/tools/security/gnupg/fix-libusb-include-path.patch b/pkgs/tools/security/gnupg/fix-libusb-include-path.patch new file mode 100644 index 000000000000..18c4f1107388 --- /dev/null +++ b/pkgs/tools/security/gnupg/fix-libusb-include-path.patch @@ -0,0 +1,11 @@ +--- a/configure ++++ b/configure +@@ -8872,7 +8872,7 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking libusb include dir" >&5 + $as_echo_n "checking libusb include dir... " >&6; } + usb_incdir_found="no" +- for _incdir in "" "/usr/include/libusb-1.0" "/usr/local/include/libusb-1.0"; do ++ for _incdir in "$($PKG_CONFIG --variable=includedir libusb-1.0)/libusb-1.0"; do + _libusb_save_cppflags=$CPPFLAGS + if test -n "${_incdir}"; then + CPPFLAGS="-I${_incdir} ${CPPFLAGS}" diff --git a/pkgs/tools/security/gorilla-bin/default.nix b/pkgs/tools/security/gorilla-bin/default.nix new file mode 100644 index 000000000000..cbd260455d8e --- /dev/null +++ b/pkgs/tools/security/gorilla-bin/default.nix @@ -0,0 +1,41 @@ +{ fetchurl, makeWrapper, patchelf, pkgs, stdenv, libXft, libX11, freetype, fontconfig, libXrender, libXScrnSaver, libXext }: + +stdenv.mkDerivation rec { + name = "gorilla-bin-${version}"; + version = "1.5.3.7"; + + src = fetchurl { + name = "gorilla1537_64.bin"; + url = "http://gorilla.dp100.com/downloads/gorilla1537_64.bin"; + sha256 = "19ir6x4c01825hpx2wbbcxkk70ymwbw4j03v8b2xc13ayylwzx0r"; + }; + + buildInputs = [ patchelf makeWrapper ]; + phases = [ "unpackPhase" "installPhase" ]; + + unpackCmd = '' + mkdir gorilla; + cp $curSrc gorilla/gorilla-${version}; + ''; + + installPhase = let + interpreter = "$(< \"$NIX_CC/nix-support/dynamic-linker\")"; + libPath = stdenv.lib.makeLibraryPath [ libXft libX11 freetype fontconfig libXrender libXScrnSaver libXext ]; + in '' + mkdir -p $out/opt/password-gorilla + mkdir -p $out/bin + cp gorilla-${version} $out/opt/password-gorilla + chmod ugo+x $out/opt/password-gorilla/gorilla-${version} + patchelf --set-interpreter "${interpreter}" "$out/opt/password-gorilla/gorilla-${version}" + makeWrapper "$out/opt/password-gorilla/gorilla-${version}" "$out/bin/gorilla" \ + --prefix LD_LIBRARY_PATH : "${libPath}" + ''; + + meta = { + description = "Password Gorilla is a Tk based password manager"; + homepage = https://github.com/zdia/gorilla/wiki; + maintainers = [ stdenv.lib.maintainers.namore ]; + platforms = [ "x86_64-linux" ]; + license = stdenv.lib.licenses.gpl2; + }; +} diff --git a/pkgs/tools/security/hashcat/hashcat3/default.nix b/pkgs/tools/security/hashcat/hashcat3/default.nix new file mode 100644 index 000000000000..ef41b0b2a0ed --- /dev/null +++ b/pkgs/tools/security/hashcat/hashcat3/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchurl, makeWrapper, opencl-headers, opencl-icd }: + +assert stdenv.isLinux; + +stdenv.mkDerivation rec { + name = "hashcat-${version}"; + version = "3.10"; + + src = fetchurl { + name = "${name}.tar.gz"; + url = "https://hashcat.net/files_legacy/hashcat-${version}.tar.gz"; + sha256 = "1sg30d9as6xsl7b0i7mz26igachbv0l0yimwb12nmarmgdgmwm9v"; + }; + + buildInputs = [ opencl-headers makeWrapper ]; + + makeFlags = [ "OPENCL_HEADERS_KHRONOS=${opencl-headers}/include" ]; + + # $out is not known until the build has started. + configurePhase = '' + makeFlags="$makeFlags PREFIX=$out" + ''; + + postFixup = '' + wrapProgram $out/bin/hashcat --prefix LD_LIBRARY_PATH : ${opencl-icd}/lib + ''; + + meta = { + description = "Fast password cracker"; + homepage = http://hashcat.net/hashcat/; + license = stdenv.lib.licenses.mit; + platforms = stdenv.lib.platforms.linux; + maintainers = [ stdenv.lib.maintainers.kierdavis ]; + }; +} diff --git a/pkgs/tools/security/hologram/default.nix b/pkgs/tools/security/hologram/default.nix index 5e8d260d6936..e7673cf58422 100644 --- a/pkgs/tools/security/hologram/default.nix +++ b/pkgs/tools/security/hologram/default.nix @@ -13,5 +13,5 @@ buildGoPackage rec { sha256 = "0i0p170brdsczfz079mqbc5y7x7mdph04p3wgqsd7xcrddvlkkaf"; }; - goDeps = ./deps.json; + goDeps = ./deps.nix; } diff --git a/pkgs/tools/security/hologram/deps.json b/pkgs/tools/security/hologram/deps.json deleted file mode 100644 index 3d40bfd2cee0..000000000000 --- a/pkgs/tools/security/hologram/deps.json +++ /dev/null @@ -1,101 +0,0 @@ -[ - { - "goPackagePath": "golang.org/x/crypto", - "fetch": { - "type": "git", - "url": "https://go.googlesource.com/crypto", - "rev": "575fdbe86e5dd89229707ebec0575ce7d088a4a6", - "sha256": "1kgv1mkw9y404pk3lcwbs0vgl133mwyp294i18jg9hp10s5d56xa" - } - }, - { - "goPackagePath": "github.com/golang/protobuf", - "fetch": { - "type": "git", - "url": "https://github.com/golang/protobuf", - "rev": "59b73b37c1e45995477aae817e4a653c89a858db", - "sha256": "1dx22jvhvj34ivpr7gw01fncg9yyx35mbpal4mpgnqka7ajmgjsa" - } - }, - { - "goPackagePath": "github.com/howeyc/gopass", - "fetch": { - "type": "git", - "url": "https://github.com/howeyc/gopass", - "rev": "2c70fa70727c953c51695f800f25d6b44abb368e", - "sha256": "152lrkfxk205rlxiign0w5wb0fmfh910yz4jhlv4f4l1qr1h2lx8" - } - }, - { - "goPackagePath": "github.com/aybabtme/rgbterm", - "fetch": { - "type": "git", - "url": "https://github.com/aybabtme/rgbterm", - "rev": "c07e2f009ed2311e9c35bca12ec00b38ccd48283", - "sha256": "1qph7drds44jzx1whqlrh1hs58k0wv0v58zyq2a81hmm72gsgzam" - } - }, - { - "goPackagePath": "github.com/vaughan0/go-ini", - "fetch": { - "type": "git", - "url": "https://github.com/vaughan0/go-ini", - "rev": "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1", - "sha256": "1l1isi3czis009d9k5awsj4xdxgbxn4n9yqjc1ac7f724x6jacfa" - } - }, - { - "goPackagePath": "github.com/mitchellh/go-homedir", - "fetch": { - "type": "git", - "url": "https://github.com/mitchellh/go-homedir", - "rev": "1f6da4a72e57d4e7edd4a7295a585e0a3999a2d4", - "sha256": "1l5lrsjrnwxn299mhvyxvz8hd0spkx0d31gszm4cyx21bg1xsiy9" - } - }, - { - "goPackagePath": "github.com/goamz/goamz", - "fetch": { - "type": "git", - "url": "https://github.com/goamz/goamz", - "rev": "2a8fed5e89ab9e16210fc337d1aac780e8c7bbb7", - "sha256": "0rlinp0cvgw66qjndg4padr5s0wd3n7kjfggkx6czqj9bqaxcz4b" - } - }, - { - "goPackagePath": "github.com/nmcclain/asn1-ber", - "fetch": { - "type": "git", - "url": "https://github.com/go-asn1-ber/asn1-ber", - "rev": "f4b6f4a84f5cde443d1925b5ec185ee93c2bdc72", - "sha256": "0qdyax6yw3hvplzqc2ykpihi3m5y4nii581ay0mxy9c54bzs2nk9" - } - }, - { - "goPackagePath": "gopkg.in/asn1-ber.v1", - "fetch": { - "type": "git", - "url": "https://github.com/go-asn1-ber/asn1-ber", - "rev": "f4b6f4a84f5cde443d1925b5ec185ee93c2bdc72", - "sha256": "0qdyax6yw3hvplzqc2ykpihi3m5y4nii581ay0mxy9c54bzs2nk9" - } - }, - { - "goPackagePath": "github.com/peterbourgon/g2s", - "fetch": { - "type": "git", - "url": "https://github.com/peterbourgon/g2s", - "rev": "ec76db4c1ac16400ac0e17ca9c4840e1d23da5dc", - "sha256": "1p4p8755v2nrn54rik7yifpg9szyg44y5rpp0kryx4ycl72307rj" - } - }, - { - "goPackagePath": "github.com/nmcclain/ldap", - "fetch": { - "type": "git", - "url": "https://github.com/go-ldap/ldap", - "rev": "83e65426fd1c06626e88aa8a085e5bfed0208e29", - "sha256": "179lwaf0hvczl8g4xzkpcpzq25p1b23f7399bx5zl55iin62d8yz" - } - } -] diff --git a/pkgs/tools/security/hologram/deps.nix b/pkgs/tools/security/hologram/deps.nix new file mode 100644 index 000000000000..2c4cdbe84f00 --- /dev/null +++ b/pkgs/tools/security/hologram/deps.nix @@ -0,0 +1,101 @@ +[ + { + goPackagePath = "golang.org/x/crypto"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/crypto"; + rev = "575fdbe86e5dd89229707ebec0575ce7d088a4a6"; + sha256 = "1kgv1mkw9y404pk3lcwbs0vgl133mwyp294i18jg9hp10s5d56xa"; + }; + } + { + goPackagePath = "github.com/golang/protobuf"; + fetch = { + type = "git"; + url = "https://github.com/golang/protobuf"; + rev = "59b73b37c1e45995477aae817e4a653c89a858db"; + sha256 = "1dx22jvhvj34ivpr7gw01fncg9yyx35mbpal4mpgnqka7ajmgjsa"; + }; + } + { + goPackagePath = "github.com/howeyc/gopass"; + fetch = { + type = "git"; + url = "https://github.com/howeyc/gopass"; + rev = "2c70fa70727c953c51695f800f25d6b44abb368e"; + sha256 = "152lrkfxk205rlxiign0w5wb0fmfh910yz4jhlv4f4l1qr1h2lx8"; + }; + } + { + goPackagePath = "github.com/aybabtme/rgbterm"; + fetch = { + type = "git"; + url = "https://github.com/aybabtme/rgbterm"; + rev = "c07e2f009ed2311e9c35bca12ec00b38ccd48283"; + sha256 = "1qph7drds44jzx1whqlrh1hs58k0wv0v58zyq2a81hmm72gsgzam"; + }; + } + { + goPackagePath = "github.com/vaughan0/go-ini"; + fetch = { + type = "git"; + url = "https://github.com/vaughan0/go-ini"; + rev = "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1"; + sha256 = "1l1isi3czis009d9k5awsj4xdxgbxn4n9yqjc1ac7f724x6jacfa"; + }; + } + { + goPackagePath = "github.com/mitchellh/go-homedir"; + fetch = { + type = "git"; + url = "https://github.com/mitchellh/go-homedir"; + rev = "1f6da4a72e57d4e7edd4a7295a585e0a3999a2d4"; + sha256 = "1l5lrsjrnwxn299mhvyxvz8hd0spkx0d31gszm4cyx21bg1xsiy9"; + }; + } + { + goPackagePath = "github.com/goamz/goamz"; + fetch = { + type = "git"; + url = "https://github.com/goamz/goamz"; + rev = "2a8fed5e89ab9e16210fc337d1aac780e8c7bbb7"; + sha256 = "0rlinp0cvgw66qjndg4padr5s0wd3n7kjfggkx6czqj9bqaxcz4b"; + }; + } + { + goPackagePath = "github.com/nmcclain/asn1-ber"; + fetch = { + type = "git"; + url = "https://github.com/go-asn1-ber/asn1-ber"; + rev = "f4b6f4a84f5cde443d1925b5ec185ee93c2bdc72"; + sha256 = "0qdyax6yw3hvplzqc2ykpihi3m5y4nii581ay0mxy9c54bzs2nk9"; + }; + } + { + goPackagePath = "gopkg.in/asn1-ber.v1"; + fetch = { + type = "git"; + url = "https://github.com/go-asn1-ber/asn1-ber"; + rev = "f4b6f4a84f5cde443d1925b5ec185ee93c2bdc72"; + sha256 = "0qdyax6yw3hvplzqc2ykpihi3m5y4nii581ay0mxy9c54bzs2nk9"; + }; + } + { + goPackagePath = "github.com/peterbourgon/g2s"; + fetch = { + type = "git"; + url = "https://github.com/peterbourgon/g2s"; + rev = "ec76db4c1ac16400ac0e17ca9c4840e1d23da5dc"; + sha256 = "1p4p8755v2nrn54rik7yifpg9szyg44y5rpp0kryx4ycl72307rj"; + }; + } + { + goPackagePath = "github.com/nmcclain/ldap"; + fetch = { + type = "git"; + url = "https://github.com/go-ldap/ldap"; + rev = "83e65426fd1c06626e88aa8a085e5bfed0208e29"; + sha256 = "179lwaf0hvczl8g4xzkpcpzq25p1b23f7399bx5zl55iin62d8yz"; + }; + } +] diff --git a/pkgs/tools/security/jd-gui/default.nix b/pkgs/tools/security/jd-gui/default.nix index f247f8c4e89e..106fbf0a150a 100644 --- a/pkgs/tools/security/jd-gui/default.nix +++ b/pkgs/tools/security/jd-gui/default.nix @@ -1,8 +1,8 @@ -{ stdenv, fetchurl, gtk, atk, gdk_pixbuf, pango, makeWrapper }: +{ stdenv, fetchurl, gtk2, atk, gdk_pixbuf, pango, makeWrapper }: let dynlibPath = stdenv.lib.makeLibraryPath - [ gtk atk gdk_pixbuf pango ]; + [ gtk2 atk gdk_pixbuf pango ]; in stdenv.mkDerivation rec { name = "jd-gui-${version}"; diff --git a/pkgs/tools/security/kbfs/default.nix b/pkgs/tools/security/kbfs/default.nix index fb7b8cc9fe74..a38e70df6323 100644 --- a/pkgs/tools/security/kbfs/default.nix +++ b/pkgs/tools/security/kbfs/default.nix @@ -1,8 +1,8 @@ { stdenv, buildGoPackage, fetchFromGitHub }: buildGoPackage rec { - name = "kbfs-2016-08-02-git"; - version = "1.0.16"; + name = "kbfs-2016-11-18-git"; + version = "1.0.2"; goPackagePath = "github.com/keybase/kbfs"; subPackages = [ "kbfsfuse" ]; @@ -12,8 +12,8 @@ buildGoPackage rec { src = fetchFromGitHub { owner = "keybase"; repo = "kbfs"; - rev = "a8f0714536d15668e0f561ec4d3324762c8cf030"; - sha256 = "0m4k55akd8cv5k8mfpm3rb3fz13z31l49pml7mgviv0hi3mnisqd"; + rev = "aac615d7c50e7512a51a133c14cb699d9941ba8c"; + sha256 = "0vah6x37g2w1f7mb5x16f1815608mvv2d1mrpkpnhz2gz7qzz6bv"; }; buildFlags = [ "-tags production" ]; diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index c4d0f20d6c2d..fbed233b090d 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "keybase-${version}"; - version = "1.0.17"; + version = "1.0.18"; rev = "v${version}"; goPackagePath = "github.com/keybase/client"; @@ -14,7 +14,7 @@ buildGoPackage rec { owner = "keybase"; repo = "client"; inherit rev; - sha256 = "14cj0npsvnc3whw7gashgd7lhj3lvjdkivsnvsjg7dp3hifvqxnx"; + sha256 = "16n9fwx8v3jradp1l2564872akq6npib794jadfl5d122cll0n7h"; }; buildFlags = [ "-tags production" ]; diff --git a/pkgs/tools/security/knockknock/default.nix b/pkgs/tools/security/knockknock/default.nix index 7e4ff32e8805..ce7663b18cf9 100644 --- a/pkgs/tools/security/knockknock/default.nix +++ b/pkgs/tools/security/knockknock/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchFromGitHub, pythonPackages, buildPythonApplication, hping }: +{ stdenv, fetchFromGitHub, python2Packages, hping }: -pythonPackages.buildPythonApplication rec { +python2Packages.buildPythonApplication rec { rev = "bf14bbff"; name = "knockknock-r${rev}"; @@ -11,7 +11,10 @@ pythonPackages.buildPythonApplication rec { sha256 = "1chpfs3w2vkjrgay69pbdr116z1jldv53fi768a1i05fdqhy1px4"; }; - propagatedBuildInputs = [ pythonPackages.pycrypto ]; + propagatedBuildInputs = [ python2Packages.pycrypto ]; + + # No tests + doCheck = false; patchPhase = '' sed -i '/build\//d' setup.py diff --git a/pkgs/tools/security/kpcli/default.nix b/pkgs/tools/security/kpcli/default.nix index 7303db34649d..bc5b7c0e3f45 100644 --- a/pkgs/tools/security/kpcli/default.nix +++ b/pkgs/tools/security/kpcli/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, makeWrapper, perl, perlPackages }: stdenv.mkDerivation rec { - version = "3.0"; + version = "3.1"; name = "kpcli-${version}"; src = fetchurl { url = "mirror://sourceforge/kpcli/${name}.pl"; - sha256 = "1704b412f8h9cls85xcpqm9k4n5vga26r4xq9ghp4pr1hl27nywl"; + sha256 = "06m276if13w6gd54wi8nqd1yvk2csbhdmm8pcw9aw3hdlc27gw7i"; }; buildInputs = [ makeWrapper perl ]; diff --git a/pkgs/tools/security/lastpass-cli/default.nix b/pkgs/tools/security/lastpass-cli/default.nix index bfd1343f5e58..7b6720a2139b 100644 --- a/pkgs/tools/security/lastpass-cli/default.nix +++ b/pkgs/tools/security/lastpass-cli/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { name = "lastpass-cli-${version}"; - version = "0.9.0"; + version = "1.0.0"; src = fetchFromGitHub { owner = "lastpass"; repo = "lastpass-cli"; rev = "v${version}"; - sha256 = "1iaz36bcyss2kahhlm92l7yh26rxvs12wnkkh1289yarl5wi0yld"; + sha256 = "0hidx2qfr52bwjb6as4fbfa34jqh3zwvrcx590vbsji3bq4g7avb"; }; buildInputs = [ @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { description = "Stores, retrieves, generates, and synchronizes passwords securely"; homepage = "https://github.com/lastpass/lastpass-cli"; license = licenses.gpl2Plus; - platforms = platforms.linux; + platforms = stdenv.lib.platforms.unix; maintainers = with maintainers; [ cstrahan ]; }; } diff --git a/pkgs/tools/security/mpw/default.nix b/pkgs/tools/security/mpw/default.nix index 813c7e5c06cd..e30866021da6 100644 --- a/pkgs/tools/security/mpw/default.nix +++ b/pkgs/tools/security/mpw/default.nix @@ -1,37 +1,41 @@ -{ stdenv, fetchurl, autoconf, automake, openssl, libxml2 }: +{ stdenv, fetchzip, autoconf, automake, openssl, libxml2, fetchFromGitHub, ncurses }: let - scrypt_src = fetchurl { - url = "http://masterpasswordapp.com/libscrypt-b12b554.tar.gz"; - sha256 = "02vz4i66v1acd15xjgki4ilmmp28m6a5603gi4hf8id3d3ndl9n7"; + scrypt_src = fetchzip { + url = "http://www.tarsnap.com/scrypt/scrypt-1.2.0.tgz"; + sha256 = "0ahylib2pimlhjcm566kpim6n16jci5v749xwdkr9ivgfjrv3xn4"; }; in stdenv.mkDerivation { - name = "mpw-2.1-cli4"; + name = "mpw-2.1-6834f36"; - srcs = [ - (fetchurl { - url = "https://ssl.masterpasswordapp.com/mpw-2.1-cli4-0-gf6b2287.tar.gz"; - sha256 = "141bzb3nj18rbnbpdvsri8cdwwwxz4d6akyhfa834542xf96b9vf"; - }) - scrypt_src - ]; - - sourceRoot = "."; + src = fetchFromGitHub { + owner = "Lyndir"; + repo = "MasterPassword"; + rev = "6834f3689f5dfd4e59ad6959961d349c224977ee"; + sha256 = "0zlpx3hb1y2l60hg961h05lb9yf3xb5phnyycvazah2674gkwb2p"; + }; postUnpack = '' - cp -R libscrypt-b12b554/* lib/scrypt + sourceRoot+=/MasterPassword/C ''; prePatch = '' patchShebangs . + mkdir lib/scrypt/src + cp -R --no-preserve=ownership ${scrypt_src}/* lib/scrypt/src + chmod +w -R lib/scrypt/src + substituteInPlace lib/scrypt/src/libcperciva/cpusupport/Build/cpusupport.sh \ + --replace dirname "$(type -P dirname)" + substituteInPlace lib/scrypt/src/Makefile.in --replace "command -p mv" "mv" ''; NIX_CFLAGS_COMPILE = "-I${libxml2.dev}/include/libxml2"; - buildInputs = [ autoconf automake openssl libxml2 ]; + buildInputs = [ autoconf automake openssl libxml2 ncurses ]; buildPhase = '' + substituteInPlace build --replace '"curses"' '"ncurses"' targets="mpw mpw-tests" ./build ''; diff --git a/pkgs/tools/security/nitrokey-app/FixInstallDestination.patch b/pkgs/tools/security/nitrokey-app/FixInstallDestination.patch new file mode 100644 index 000000000000..74e466069d93 --- /dev/null +++ b/pkgs/tools/security/nitrokey-app/FixInstallDestination.patch @@ -0,0 +1,57 @@ +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -251,23 +251,23 @@ + # ${CMAKE_SOURCE_DIR}/data/icons/48x48 + # ${CMAKE_SOURCE_DIR}/data/icons/128x128 + ${CMAKE_SOURCE_DIR}/data/icons/ +- DESTINATION usr/share/icons/ ++ DESTINATION share/icons/ + ) + + install(FILES + ${CMAKE_SOURCE_DIR}/data/nitrokey-app.desktop +- DESTINATION usr/share/applications ++ DESTINATION share/applications + ) + + install(FILES + ${CMAKE_SOURCE_DIR}/data/icons/hicolor/128x128/apps/nitrokey-app.png +- DESTINATION usr/share/pixmaps ++ DESTINATION share/pixmaps + ) + + # Install Nitrokey udev rules + install(FILES + ${CMAKE_SOURCE_DIR}/data/40-nitrokey.rules +- DESTINATION usr/lib/udev/rules.d ++ DESTINATION lib/udev/rules.d + ) + + # Install autocompletion scripts +@@ -278,7 +278,7 @@ + + install(FILES + ${CMAKE_SOURCE_DIR}/po/de_DE/nitrokey-app.mo +- DESTINATION usr/share/locale/de_DE/LC_MESSAGES ++ DESTINATION share/locale/de_DE/LC_MESSAGES + ) + + install(FILES +@@ -286,7 +286,7 @@ + ${CMAKE_SOURCE_DIR}/images/quit.png + ${CMAKE_SOURCE_DIR}/images/safe_zahlenkreis.png + ${CMAKE_SOURCE_DIR}/images/settings.png +- DESTINATION usr/share/nitrokey ++ DESTINATION share/nitrokey + ) + + ENDIF () # NOT WIN32 +@@ -299,7 +299,7 @@ + ${resources_ouput} + ) + +-INSTALL(TARGETS nitrokey-app DESTINATION usr/bin) ++INSTALL(TARGETS nitrokey-app DESTINATION bin) + + TARGET_LINK_LIBRARIES(nitrokey-app + ${QT_LIBRARIES} diff --git a/pkgs/tools/security/nitrokey-app/HeaderPath.patch b/pkgs/tools/security/nitrokey-app/HeaderPath.patch new file mode 100644 index 000000000000..695b7559116c --- /dev/null +++ b/pkgs/tools/security/nitrokey-app/HeaderPath.patch @@ -0,0 +1,13 @@ +diff --git a/src/utils/hid_libusb.c b/src/utils/hid_libusb.c +index bd8c14e..537292d 100644 +--- a/src/utils/hid_libusb.c ++++ b/src/utils/hid_libusb.c +@@ -44,7 +44,7 @@ + #include <wchar.h> + + /* GNU / LibUSB */ +-#include "libusb.h" ++#include "libusb-1.0/libusb.h" + #include "iconv.h" + + #include "hidapi.h" diff --git a/pkgs/tools/security/nitrokey-app/default.nix b/pkgs/tools/security/nitrokey-app/default.nix new file mode 100644 index 000000000000..91d5e75272bc --- /dev/null +++ b/pkgs/tools/security/nitrokey-app/default.nix @@ -0,0 +1,37 @@ +{ stdenv, cmake, fetchFromGitHub, libusb1, pkgconfig, qt5 }: + +stdenv.mkDerivation rec { + name = "nitrokey-app"; + version = "0.5.1"; + + src = fetchFromGitHub { + owner = "Nitrokey"; + repo = "nitrokey-app"; + rev = "v${version}"; + sha256 = "0acb2502r3wa0mry6h8sz1k16zaa4bgnhxwxqd1vd1y42xc6g9bw"; + }; + + buildInputs = [ + cmake + libusb1 + pkgconfig + qt5.qtbase + ]; + patches = [ + ./FixInstallDestination.patch + ./HeaderPath.patch + ]; + cmakeFlags = "-DHAVE_LIBAPPINDICATOR=NO"; + meta = { + description = "Provides extra functionality for the Nitrokey Pro and Storage"; + longDescription = '' + The nitrokey-app provides a QT system tray widget with wich you can + access the extra functionality of a Nitrokey Storage or Nitrokey Pro. + See https://www.nitrokey.com/ for more information. + ''; + homepage = https://github.com/Nitrokey/nitrokey-app; + repositories.git = https://github.com/Nitrokey/nitrokey-app.git; + license = stdenv.lib.licenses.gpl3; + maintainer = stdenv.lib.maintainers.kaiha; + }; +} diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index f9c7dba5660b..9413f9920866 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -1,38 +1,45 @@ { stdenv, fetchurl, libpcap, pkgconfig, openssl , graphicalSupport ? false +, gtk2 ? null , libX11 ? null -, gtk ? null -, pythonPackages -, makeWrapper ? null +, withPython ? false # required for the `ndiff` binary +, python2 ? null }: +assert withPython -> python2 != null; + with stdenv.lib; let - inherit (pythonPackages) python pygtk pygobject pycairo pysqlite; + + # Zenmap (the graphical program) also requires Python, + # so automatically enable pythonSupport if graphicalSupport is requested. + pythonSupport = withPython || graphicalSupport; + + pythonEnv = python2.withPackages(ps: with ps; [] + ++ optionals graphicalSupport [ pycairo pygobject2 pygtk pysqlite ] + ); + in stdenv.mkDerivation rec { name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; - version = "7.12"; + version = "7.31"; src = fetchurl { - url = "http://nmap.org/dist/nmap-${version}.tar.bz2"; - sha256 = "014vagh9ak10hidwzp9s6g30y5h5fhsh8wykcnc1hnn9hwm0ipv3"; + url = "https://nmap.org/dist/nmap-${version}.tar.bz2"; + sha256 = "0hiqb28950kn4bjsmw0ksfyss7j2qdmgrj3xsjf7073pq01lx7yb"; }; patches = ./zenmap.patch; - configureFlags = optionalString (!graphicalSupport) "--without-zenmap"; - - postInstall = '' - wrapProgram $out/bin/ndiff --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" - '' + optionalString graphicalSupport '' - wrapProgram $out/bin/zenmap --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" --prefix PYTHONPATH : $(toPythonPath ${pygtk})/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath ${pygobject})/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath ${pycairo})/gtk-2.0 - ''; + configureFlags = [] + ++ optional (!pythonSupport) "--without-ndiff" + ++ optional (!graphicalSupport) "--without-zenmap" + ; - buildInputs = [ libpcap pkgconfig openssl makeWrapper python ] - ++ optionals graphicalSupport [ - libX11 gtk pygtk pysqlite pygobject pycairo - ]; + buildInputs = [ libpcap pkgconfig openssl ] + ++ optional pythonSupport pythonEnv + ++ optionals graphicalSupport [ gtk2 libX11 ] + ; meta = { description = "A free and open source utility for network discovery and security auditing"; diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 534e06814e2b..b0137619f0c1 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl -, coreutils, gnused, getopt, pwgen, git, tree, gnupg, which +, coreutils, gnused, getopt, pwgen, git, tree, gnupg, which, procps , makeWrapper , xclip ? null, xdotool ? null, dmenu ? null @@ -20,8 +20,9 @@ stdenv.mkDerivation rec { }; patches = - [ ./program-name.patch ] ++ - stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; + [ ./program-name.patch + ./set-correct-program-name-for-sleep.patch + ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; buildInputs = [ makeWrapper ]; @@ -63,14 +64,15 @@ stdenv.mkDerivation rec { wrapperPath = with stdenv.lib; makeBinPath ([ coreutils - gnused getopt git gnupg + gnused pwgen tree which - ] ++ ifEnable x11Support [ dmenu xclip xdotool ]); + ] ++ stdenv.lib.optional stdenv.isLinux procps + ++ ifEnable x11Support [ dmenu xclip xdotool ]); postFixup = '' # Fix program name in --help diff --git a/pkgs/tools/security/pass/rofi-pass.nix b/pkgs/tools/security/pass/rofi-pass.nix index b834cc6adc53..165091d934ae 100644 --- a/pkgs/tools/security/pass/rofi-pass.nix +++ b/pkgs/tools/security/pass/rofi-pass.nix @@ -1,15 +1,16 @@ -{ stdenv, fetchgit -, pass, rofi, coreutils, utillinux, xdotool, gnugrep, pwgen, findutils, gawk -, makeWrapper }: +{ stdenv, fetchFromGitHub, pass, rofi, coreutils, utillinux, xdotool, gnugrep +, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper +}: stdenv.mkDerivation rec { name = "rofi-pass-${version}"; - version = "1.3.2"; + version = "1.4.3"; - src = fetchgit { - url = "https://github.com/carnager/rofi-pass"; - rev = "refs/tags/${version}"; - sha256 = "1xqp8s0yyjs2ca9mf8lbz8viwl9xzxf5kk1v68v9hqdgxj26wgls"; + src = fetchFromGitHub { + owner = "carnager"; + repo = "rofi-pass"; + rev = version; + sha256 = "09wpkxg5b7xicdisgbhlfr8vs1iv7z9sc58pjl0p198yap57khq5"; }; buildInputs = [ makeWrapper ]; @@ -18,22 +19,25 @@ stdenv.mkDerivation rec { installPhase = '' mkdir -p $out/bin - cp -a $src/rofi-pass $out/bin/rofi-pass + cp -a rofi-pass $out/bin/rofi-pass mkdir -p $out/share/doc/rofi-pass/ - cp -a $src/config.example $out/share/doc/rofi-pass/config.example + cp -a config.example $out/share/doc/rofi-pass/config.example ''; wrapperPath = with stdenv.lib; makeBinPath [ coreutils findutils + gawk gnugrep + gnused + libnotify pass pwgen rofi utillinux + xclip xdotool - gawk ]; fixupPhase = '' @@ -46,7 +50,7 @@ stdenv.mkDerivation rec { meta = { description = "A script to make rofi work with password-store"; homepage = https://github.com/carnager/rofi-pass; - maintainers = with stdenv.lib.maintainers; [ hiberno the-kenny ]; + maintainers = with stdenv.lib.maintainers; [ the-kenny ]; license = stdenv.lib.licenses.gpl3; platforms = with stdenv.lib.platforms; linux; }; diff --git a/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch b/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch new file mode 100644 index 000000000000..f00307307eb5 --- /dev/null +++ b/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch @@ -0,0 +1,33 @@ +From 6ad29ae97263060c9ec95856e0d8ab18409108c0 Mon Sep 17 00:00:00 2001 +From: Franz Pletz <fpletz@fnordicwalking.de> +Date: Sat, 3 Sep 2016 05:45:36 +0200 +Subject: [PATCH] Set correct program name for sleep + +--- + src/password-store.sh | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/password-store.sh b/src/password-store.sh +index 63be840..ca47df3 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -133,11 +133,14 @@ clip() { + # variable. Specifically, it cannot store nulls nor (non-trivally) store + # trailing new lines. + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)" + echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ # Execute sleep as a child process of bash because it may be ++ # a symlink to a single binary version of coreutils or busybox ++ # which depends on argv0 correctly set to "sleep" ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(xclip -o -selection "$X_SELECTION" | base64)" + [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + +-- +2.9.3 + diff --git a/pkgs/tools/security/pgpdump/default.nix b/pkgs/tools/security/pgpdump/default.nix new file mode 100644 index 000000000000..1e33c18753a6 --- /dev/null +++ b/pkgs/tools/security/pgpdump/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "pgpdump-${version}"; + version = "0.31"; + + src = fetchFromGitHub { + owner = "kazu-yamamoto"; + repo = "pgpdump"; + rev = "v${version}"; + sha256 = "05ywdgxzq3976dsy95vgdx3nnhd9i9vypzyrkabpmnxphfnjfrb4"; + }; + + meta = with stdenv.lib; { + description = "A PGP packet visualizer"; + longDescription = '' + pgpdump is a PGP packet visualizer which displays the packet format of + OpenPGP (RFC 4880) and PGP version 2 (RFC 1991). + ''; + homepage = "http://www.mew.org/~kazu/proj/pgpdump/en/"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} + diff --git a/pkgs/tools/security/phrasendrescher/default.nix b/pkgs/tools/security/phrasendrescher/default.nix new file mode 100644 index 000000000000..814bc0d85302 --- /dev/null +++ b/pkgs/tools/security/phrasendrescher/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchurl, openssl }: + +stdenv.mkDerivation rec { + name = "phrasendrescher-${version}"; + version = "1.0"; + + src = fetchurl { + url = "http://leidecker.info/projects/phrasendrescher/${name}.tar.gz"; + sha256 = "1r0j7ms3i324p6if9cg8i0q900zqfjpvfr8pwj181x8ascysbbf2"; + }; + + buildInputs = [ openssl ]; + + meta = with stdenv.lib; { + description = "Cracking tool that finds passphrases of SSH keys"; + homepage = "http://leidecker.info/projects/phrasendrescher.shtml"; + license = licenses.gpl2Plus; + platforms = platforms.all; + maintainers = with maintainers; [ bjornfor ]; + }; +} diff --git a/pkgs/tools/security/pinentry-mac/default.nix b/pkgs/tools/security/pinentry-mac/default.nix index faf8c613ea83..7116d1777d6d 100644 --- a/pkgs/tools/security/pinentry-mac/default.nix +++ b/pkgs/tools/security/pinentry-mac/default.nix @@ -17,6 +17,10 @@ stdenv.mkDerivation rec { mv build/Release/pinentry-mac.app $out/Applications ''; + passthru = { + binaryPath = "Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac"; + }; + meta = { description = "Pinentry for GPG on Mac"; license = stdenv.lib.licenses.gpl2Plus; diff --git a/pkgs/tools/security/secp256k1/default.nix b/pkgs/tools/security/secp256k1/default.nix index 1b982bf06d1b..83a23744c2e9 100644 --- a/pkgs/tools/security/secp256k1/default.nix +++ b/pkgs/tools/security/secp256k1/default.nix @@ -1,32 +1,49 @@ -{ stdenv, fetchFromGitHub, autoconf, automake, libtool, ... }: +{ stdenv, fetchFromGitHub, autoreconfHook, jdk + +# Enable ECDSA pubkey recovery module +, enableRecovery ? true + +# Enable ECDH shared secret computation (disabled by default because it is +# experimental) +, enableECDH ? false + +# Enable libsecp256k1_jni (disabled by default because it requires a jdk, +# which is a large dependency) +, enableJNI ? false + +}: + +let inherit (stdenv.lib) optionals; in stdenv.mkDerivation rec { name = "secp256k1-${version}"; - # I can't find any version numbers, so we're just using the date - # of the last commit. - version = "2016-05-30"; + # I can't find any version numbers, so we're just using the date of the + # last commit. + version = "2016-11-27"; src = fetchFromGitHub { owner = "bitcoin-core"; repo = "secp256k1"; - rev = "b3be8521e694eaf45dd29baea035055183c42fe2"; - sha256 = "1pgsy72w87yxbiqn96hnm8alsfx3rj7d9jlzdsypyf6i1rf6w4bq"; + rev = "2928420c1b8e1feee8c20dff4e3cc41a0de2fc22"; + sha256 = "1djsr2vrhh88353czlwb8bwlyabf008w1f7xg0fs3q33rf42w5gm"; }; - buildInputs = [ autoconf automake libtool ]; + buildInputs = optionals enableJNI [ jdk ]; - configureFlags = [ "--enable-module-recovery" ]; + nativeBuildInputs = [ autoreconfHook ]; - preConfigure = "./autogen.sh"; + configureFlags = + optionals enableECDH [ "--enable-module-ecdh" "--enable-experimental" ] ++ + optionals enableRecovery [ "--enable-module-recovery" ] ++ + optionals enableJNI [ "--enable-jni" ]; meta = with stdenv.lib; { description = "Optimized C library for EC operations on curve secp256k1"; longDescription = '' - Optimized C library for EC operations on curve secp256k1. - Part of Bitcoin Core. This library is a work in progress - and is being used to research best practices. Use at your - own risk. + Optimized C library for EC operations on curve secp256k1. Part of + Bitcoin Core. This library is a work in progress and is being used + to research best practices. Use at your own risk. ''; homepage = https://github.com/bitcoin-core/secp256k1; license = with licenses; [ mit ]; diff --git a/pkgs/tools/security/softhsm/default.nix b/pkgs/tools/security/softhsm/default.nix index 4bd199686763..5f282dd378a5 100644 --- a/pkgs/tools/security/softhsm/default.nix +++ b/pkgs/tools/security/softhsm/default.nix @@ -21,11 +21,11 @@ stdenv.mkDerivation rec { postInstall = "rm -rf $out/var"; - meta = { + meta = with stdenv.lib; { homepage = https://www.opendnssec.org/softhsm; description = "Cryptographic store accessible through a PKCS #11 interface"; - license = stdenv.lib.licenses.bsd2; - maintainers = stdenv.lib.maintainers.leenaars; - platforms = stdenv.lib.platforms.linux; + license = licenses.bsd2; + maintainers = [ maintainers.leenaars ]; + platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/ssdeep/default.nix b/pkgs/tools/security/ssdeep/default.nix index 4f2cf551816b..b581d8007947 100644 --- a/pkgs/tools/security/ssdeep/default.nix +++ b/pkgs/tools/security/ssdeep/default.nix @@ -9,8 +9,6 @@ stdenv.mkDerivation rec { sha256 = "1igqy0j7jrklb8fdlrm6ald4cyl1fda5ipfl8crzyl6bax2ajk3f"; }; - buildInputs = stdenv.lib.optional (!stdenv.isDarwin) [ patchelf ]; - # For some reason (probably a build system bug), the binary isn't # properly linked to $out/lib to find libfuzzy.so postFixup = stdenv.lib.optionalString (!stdenv.isDarwin) '' diff --git a/pkgs/tools/security/sslscan/default.nix b/pkgs/tools/security/sslscan/default.nix index f6777a0e979f..6b205d845340 100644 --- a/pkgs/tools/security/sslscan/default.nix +++ b/pkgs/tools/security/sslscan/default.nix @@ -1,12 +1,14 @@ -{ stdenv, fetchurl, openssl }: +{ stdenv, fetchFromGitHub, openssl }: stdenv.mkDerivation rec { name = "sslscan-${version}"; version = "1.11.7"; - src = fetchurl { - url = "https://github.com/rbsec/sslscan/archive/${version}-rbsec.tar.gz"; - sha256 = "0wygz2gm9asvhpfy44333y4pkdja1sbr41hc6mhkxg7a4ys8f9qs"; + src = fetchFromGitHub { + owner = "rbsec"; + repo = "sslscan"; + rev = "${version}-rbsec"; + sha256 = "007lf3rxcn9nz6jrki3mavgd9sd2hmm9nzp2g13h0ri51yc3bkp0"; }; buildInputs = [ openssl ]; @@ -23,4 +25,3 @@ stdenv.mkDerivation rec { platforms = platforms.all; }; } - diff --git a/pkgs/tools/security/su-exec/default.nix b/pkgs/tools/security/su-exec/default.nix new file mode 100644 index 000000000000..56e40d514bb1 --- /dev/null +++ b/pkgs/tools/security/su-exec/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "su-exec-${version}"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "ncopa"; + repo = "su-exec"; + rev = "v${version}"; + sha256 = "12vqlnpv48cjfh25sn98k1myc7h2wiv5qw2y2awgp6sipzv88abv"; + }; + + installPhase = '' + mkdir -p $out/bin + cp -a su-exec $out/bin/su-exec + ''; + + meta = with stdenv.lib; { + description = "switch user and group id and exec"; + homepage = "https://github.com/ncopa/su-exec"; + license = licenses.mit; + maintainers = with maintainers; [ zimbatm ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index b0b19d750eb4..a3a13f198037 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -4,14 +4,14 @@ }: stdenv.mkDerivation rec { - name = "sudo-1.8.17p1"; + name = "sudo-1.8.19p1"; src = fetchurl { urls = [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" ]; - sha256 = "c690d707fb561b3ecdf6a6de5563bc0b769388eff201c851edbace408bb155cc"; + sha256 = "14pwdwl03kdbbyjkvxrfx409x3c1fjqz8aqz2wgwddinhz7v3bxq"; }; configureFlags = [ diff --git a/pkgs/tools/security/sudolikeaboss/default.nix b/pkgs/tools/security/sudolikeaboss/default.nix new file mode 100644 index 000000000000..066fef39a82a --- /dev/null +++ b/pkgs/tools/security/sudolikeaboss/default.nix @@ -0,0 +1,37 @@ +# This file was generated by go2nix, then modified by hand for Darwin support. +{ stdenv, buildGoPackage, fetchFromGitHub, fixDarwinDylibNames, darwin }: + +buildGoPackage rec { + name = "sudolikeaboss-unstable-${version}"; + version = "20161127-${stdenv.lib.strings.substring 0 7 rev}"; + rev = "2d9afe19f872c9f433d476e57ee86169781b164c"; + + goPackagePath = "github.com/ravenac95/sudolikeaboss"; + + src = fetchFromGitHub { + owner = "ravenac95"; + repo = "sudolikeaboss"; + inherit rev; + sha256 = "0ni3v4kanxfzxzjd48f5dgv62jbfrw7kdmq0snj09hw7ciw55yg6"; + }; + + goDeps = ./deps.nix; + + propagatedBuildInputs = with darwin.apple_sdk.frameworks; [ + Cocoa + fixDarwinDylibNames + ]; + + postInstall = '' + install_name_tool -delete_rpath $out/lib -add_rpath $bin $bin/bin/sudolikeaboss + ''; + + meta = with stdenv.lib; { + inherit version; + inherit (src.meta) homepage; + description = "Get 1password access from iterm2"; + license = licenses.mit; + maintainers = [ maintainers.grahamc ]; + platforms = platforms.darwin; + }; +} diff --git a/pkgs/tools/security/sudolikeaboss/deps.nix b/pkgs/tools/security/sudolikeaboss/deps.nix new file mode 100644 index 000000000000..350306a24f4b --- /dev/null +++ b/pkgs/tools/security/sudolikeaboss/deps.nix @@ -0,0 +1,39 @@ +# This file was generated by go2nix. +[ + { + goPackagePath = "github.com/Sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/Sirupsen/logrus"; + rev = "881bee4e20a5d11a6a88a5667c6f292072ac1963"; + sha256 = "176a09lp20f0qfhwwlh2xg0vk7z1g7gq8k2wr3sg1fd8m86wrzzg"; + }; + } + { + goPackagePath = "github.com/satori/go.uuid"; + fetch = { + type = "git"; + url = "https://github.com/satori/go.uuid"; + rev = "b061729afc07e77a8aa4fad0a2fd840958f1942a"; + sha256 = "0q87n5an7ha2d8kl6gn9wi41rq0whsxq68w5x3nxz7w9vgkfnq1k"; + }; + } + { + goPackagePath = "github.com/urfave/cli"; + fetch = { + type = "git"; + url = "https://github.com/urfave/cli"; + rev = "0bdeddeeb0f650497d603c4ad7b20cfe685682f6"; + sha256 = "1ny63c7bfwfrsp7vfkvb4i0xhq4v7yxqnwxa52y4xlfxs4r6v6fg"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "0c96df335ed3f17f758cba1a2c71b7849dd828e3"; + sha256 = "02zn1f539y5yc1sx82ym8c3pp3z371d1ldhl20skwjwbdw1ln8hm"; + }; + } +] diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 533cb0dcd8eb..da52bde56bd6 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -3,11 +3,11 @@ }: stdenv.mkDerivation rec { - name = "tor-0.2.8.7"; + name = "tor-0.2.8.12"; src = fetchurl { url = "https://archive.torproject.org/tor-package-archive/${name}.tar.gz"; - sha256 = "1iigfi8ljl88s8b5y1g4ak8im57simazscl467zvfbg8k6vf4i5f"; + sha256 = "1bsagy4gcf6hgq04q949hv45ljb36j3ylxxn22cwxy4whgr4hmxk"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/tools/security/tor/tor-arm.nix b/pkgs/tools/security/tor/tor-arm.nix index 1857cfcbe22e..170d5c4ff7a4 100644 --- a/pkgs/tools/security/tor/tor-arm.nix +++ b/pkgs/tools/security/tor/tor-arm.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, makeWrapper -, pythonPackages, ncurses, lsof, nettools +, python2Packages, ncurses, lsof, nettools }: stdenv.mkDerivation rec { @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "1yi87gdglkvi1a23hv5c3k7mc18g0rw7b05lfcw81qyxhlapf3pw"; }; - nativeBuildInputs = [ makeWrapper pythonPackages.python ]; + nativeBuildInputs = [ makeWrapper python2Packages.python ]; outputs = [ "out" "man" ]; @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { --replace "lsof -wnPi" "${lsof}/bin/lsof" substituteInPlace ./arm --replace '"$0" = /usr/bin/arm' 'true' - substituteInPlace ./arm --replace "python" "${pythonPackages.python}/bin/python" + substituteInPlace ./arm --replace "python" "${python2Packages.python}/bin/python" for i in ./install ./arm ./src/gui/controller.py ./src/cli/wizard.py ./src/resources/torrcOverride/override.h ./src/resources/torrcOverride/override.py ./src/resources/arm.1 ./setup.py; do substituteInPlace $i --replace "/usr/share" "$out/share" @@ -40,7 +40,7 @@ stdenv.mkDerivation rec { cp -R src/TorCtl $out/libexec wrapProgram $out/bin/arm \ - --prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pythonPackages.curses}):$out/libexec:$PYTHONPATH" \ + --prefix PYTHONPATH : "$(toPythonPath $out):$out/libexec:$PYTHONPATH" \ --set TERMINFO "${ncurses.out}/share/terminfo" \ --set TERM "xterm" ''; diff --git a/pkgs/tools/security/tor/torbrowser.nix b/pkgs/tools/security/tor/torbrowser.nix index da45866ed2fe..f08d741f6938 100644 --- a/pkgs/tools/security/tor/torbrowser.nix +++ b/pkgs/tools/security/tor/torbrowser.nix @@ -1,26 +1,37 @@ { stdenv, fetchurl, makeDesktopItem -, libXrender, libX11, libXext, libXt, alsaLib, dbus, dbus_glib, glib, gtk +, libXrender, libX11, libXext, libXt, alsaLib, dbus, dbus_glib, glib, gtk2 , atk, pango, freetype, fontconfig, gdk_pixbuf, cairo, zlib +, gstreamer, gst_plugins_base, gst_plugins_good, gst_ffmpeg, gmp, ffmpeg +, libpulseaudio }: let libPath = stdenv.lib.makeLibraryPath [ - stdenv.cc.cc zlib glib alsaLib dbus dbus_glib gtk atk pango freetype + stdenv.cc.cc zlib glib alsaLib dbus dbus_glib gtk2 atk pango freetype fontconfig gdk_pixbuf cairo libXrender libX11 libXext libXt - ]; + gstreamer gst_plugins_base gmp ffmpeg + libpulseaudio + ] ; + + gstPlugins = [ gstreamer gst_plugins_base gst_plugins_good gst_ffmpeg ]; + + gstPluginsPath = stdenv.lib.concatMapStringsSep ":" (x: + "${x}/lib/gstreamer-0.10") gstPlugins; in stdenv.mkDerivation rec { name = "tor-browser-${version}"; - version = "6.0.4"; + version = "6.0.8"; src = fetchurl { url = "https://archive.torproject.org/tor-package-archive/torbrowser/${version}/tor-browser-linux${if stdenv.is64bit then "64" else "32"}-${version}_en-US.tar.xz"; sha256 = if stdenv.is64bit then - "14ds39frkg4hbim0icb372crink902f7i6mqj6dmbaiz2fi88y8q" else - "1d2mg46dg5y16h5lwzq0ilv3zk8aqy3vg3j4a5c3wzsxj0hpl4v5"; + "1s2yv72kj4zxba0850fi1jv41c69vcw3inhj9kqhy1d45ql7iw0w" else + "0zvqf444h35ikv1f3nwkh2jx51zj5k9w4zdxx32zcrnxpk5nhn97"; }; + preferLocalBuild = true; + desktopItem = makeDesktopItem { name = "torbrowser"; exec = "tor-browser"; @@ -66,6 +77,7 @@ stdenv.mkDerivation rec { fi export FONTCONFIG_PATH=\$HOME/Data/fontconfig export LD_LIBRARY_PATH=${libPath}:$out/share/tor-browser/Browser/TorBrowser/Tor + export GST_PLUGIN_SYSTEM_PATH=${gstPluginsPath} exec $out/share/tor-browser/Browser/firefox --class "Tor Browser" -no-remote -profile ~/Data/Browser/profile.default "\$@" EOF chmod +x $out/bin/tor-browser diff --git a/pkgs/tools/security/tor/torsocks.nix b/pkgs/tools/security/tor/torsocks.nix index ee4749683a52..466dc4b4e46c 100644 --- a/pkgs/tools/security/tor/torsocks.nix +++ b/pkgs/tools/security/tor/torsocks.nix @@ -1,25 +1,28 @@ -{ stdenv, fetchgit, autoreconfHook, which }: +{ stdenv, fetchgit, autoreconfHook, libcap }: stdenv.mkDerivation rec { name = "torsocks-${version}"; - version = "2.1.0"; + version = "2.2.0"; src = fetchgit { url = meta.repositories.git; rev = "refs/tags/v${version}"; - sha256 = "1l890pg0h2hqpkabsnwc6pq2qi8mfv58qzaaicc9y62rq5nmrrws"; + sha256 = "1xwkmfaxhhnbmvp37agnby1n53hznwhvx0dg1hj35467qfx985zc"; }; - buildInputs = [ autoreconfHook ]; - preConfigure = '' - export configureFlags="$configureFlags --libdir=$out/lib" - ''; + nativeBuildInputs = [ autoreconfHook ]; - patchPhase = '' - substituteInPlace src/bin/torsocks.in \ - --replace which ${which}/bin/which + postPatch = '' + # Patch torify_app() + sed -i \ + -e 's,\(local app_path\)=`which $1`,\1=`type -P $1`,' \ + -e 's,\(local getcap\)=.*,\1=${libcap}/bin/getcap,' \ + src/bin/torsocks.in ''; + doInstallCheck = true; + installCheckTarget = "check-recursive"; + meta = { description = "Wrapper to safely torify applications"; homepage = http://code.google.com/p/torsocks/; diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 4ede689bf972..96bb4cd482e9 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -1,16 +1,39 @@ { stdenv, lib, buildGoPackage, fetchFromGitHub }: -buildGoPackage rec { +let + vaultBashCompletions = fetchFromGitHub { + owner = "iljaweis"; + repo = "vault-bash-completion"; + rev = "62c142e20929f930c893ebe3366350d735e81fbd"; + sha256 = "0nfv10ykjq9751ijdyq728gjlgldm1lxvrar8kf6nz6rdfnnl2n5"; + }; +in buildGoPackage rec { name = "vault-${version}"; - version = "0.6.0"; - rev = "v${version}"; + version = "0.6.3"; goPackagePath = "github.com/hashicorp/vault"; src = fetchFromGitHub { - inherit rev; owner = "hashicorp"; repo = "vault"; - sha256 = "0byb91nqrhl7w0rq0ilml1ybamh8w1qga47a790kggsmjhcj9ybx"; + rev = "v${version}"; + sha256 = "0cbaws106v5dxqjii1s9rmk55pm6y34jls35iggpx0pp1dd433xy"; + }; + + buildFlagsArray = '' + -ldflags= + -X github.com/hashicorp/vault/version.GitCommit=${version} + ''; + + postInstall = '' + mkdir -p $bin/share/bash-completion/completions/ + cp ${vaultBashCompletions}/vault-bash-completion.sh $bin/share/bash-completion/completions/vault + ''; + + meta = with stdenv.lib; { + homepage = https://www.vaultproject.io; + description = "A tool for managing secrets"; + license = licenses.mpl20; + maintainers = with maintainers; [ rushmorem offline ]; }; } |