diff options
| author | Jonathan Ringer <jonringer117@gmail.com> | 2019-11-27 22:57:50 -0800 |
|---|---|---|
| committer | Jonathan Ringer <jonringer117@gmail.com> | 2019-11-27 22:57:50 -0800 |
| commit | 0c1c18ca4416baa46c940960aa5e619873a2318e (patch) | |
| tree | 78d7fd3eb63e91fa99267e2d91a2a891ee29f567 /pkgs/tools/security | |
| parent | 4cc592761db580855b47fb84776e68b1d936521c (diff) | |
| parent | f4f816902112778172565baf91c2483186027c3b (diff) | |
| download | nixlib-0c1c18ca4416baa46c940960aa5e619873a2318e.tar nixlib-0c1c18ca4416baa46c940960aa5e619873a2318e.tar.gz nixlib-0c1c18ca4416baa46c940960aa5e619873a2318e.tar.bz2 nixlib-0c1c18ca4416baa46c940960aa5e619873a2318e.tar.lz nixlib-0c1c18ca4416baa46c940960aa5e619873a2318e.tar.xz nixlib-0c1c18ca4416baa46c940960aa5e619873a2318e.tar.zst nixlib-0c1c18ca4416baa46c940960aa5e619873a2318e.zip | |
Merge branch 'master' into staging-next
Diffstat (limited to 'pkgs/tools/security')
| -rw-r--r-- | pkgs/tools/security/clamav/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/tools/security/gnome-keysign/default.nix | 8 | ||||
| -rw-r--r-- | pkgs/tools/security/ipscan/default.nix | 40 | ||||
| -rw-r--r-- | pkgs/tools/security/keybase/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/tools/security/pbis/default.nix | 70 | ||||
| -rw-r--r-- | pkgs/tools/security/vault/vault-bin.nix | 14 |
6 files changed, 128 insertions, 10 deletions
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index de275b6c09a3..43f56352ceb3 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "clamav"; - version = "0.102.0"; + version = "0.102.1"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - sha256 = "1qdyj4r39266bmbsd2nwyspm20k9wh3c30awrg8c54y78s61izj8"; + sha256 = "1mpdgn3isz26hd1j6p8lcb76v8hjs54k1wb655rnil4hv78aig8d"; }; # don't install sample config files into the absolute sysconfdir folder diff --git a/pkgs/tools/security/gnome-keysign/default.nix b/pkgs/tools/security/gnome-keysign/default.nix index 2c216c0a4044..a559039d95ac 100644 --- a/pkgs/tools/security/gnome-keysign/default.nix +++ b/pkgs/tools/security/gnome-keysign/default.nix @@ -28,6 +28,14 @@ python3.pkgs.buildPythonApplication rec { url = "https://gitlab.gnome.org/GNOME/gnome-keysign/commit/216c3677e68960afc517edc00529323e85909323.patch"; sha256 = "1w410gvcridbq26sry7fxn49v59ss2lc0w5ab7csva8rzs1nc990"; }) + + # stop requiring lxml (no longer used) + # https://gitlab.gnome.org/GNOME/gnome-keysign/merge_requests/23 + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gnome-keysign/commit/ffc6f40584d7564951e1c8b6d18d4f8a6a3fa09d.patch"; + sha256 = "1hs6mmhi2f21kvy26llzvp37yf0i0dr69d18r641139nr6qg6kwy"; + includes = [ "setup.py" ]; + }) ]; nativeBuildInputs = [ diff --git a/pkgs/tools/security/ipscan/default.nix b/pkgs/tools/security/ipscan/default.nix new file mode 100644 index 000000000000..40546b6f1c33 --- /dev/null +++ b/pkgs/tools/security/ipscan/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, jdk, jre, swt, makeWrapper, xorg, dpkg }: + +stdenv.mkDerivation rec { + pname = "ipscan"; + version = "3.6.2"; + + src = fetchurl { + url = "https://github.com/angryip/ipscan/releases/download/${version}/ipscan_${version}_amd64.deb"; + sha256 = "0wnnnabpj0dsxdijvss5sl9kd4i6rmcq55zbas33xs3c5g305ssk"; + }; + + sourceRoot = "."; + unpackCmd = "${dpkg}/bin/dpkg-deb -x $src ."; + + buildInputs = [ makeWrapper jdk ]; + + installPhase = '' + mkdir -p $out/share + cp usr/lib/ipscan/ipscan-linux64-${version}.jar $out/share/${pname}-${version}.jar + + makeWrapper ${jre}/bin/java $out/bin/ipscan \ + --prefix LD_LIBRARY_PATH : "$out/lib/:${stdenv.lib.makeLibraryPath [ swt xorg.libXtst ]}" \ + --add-flags "-Xmx256m -cp $out/share/${pname}-${version}.jar:${swt}/jars/swt.jar net.azib.ipscan.Main" + + mkdir -p $out/share/applications + cp usr/share/applications/ipscan.desktop $out/share/applications/ipscan.desktop + substituteInPlace $out/share/applications/ipscan.desktop --replace "/usr/bin" "$out/bin" + + mkdir -p $out/share/pixmaps + cp usr/share/pixmaps/ipscan.png $out/share/pixmaps/ipscan.png + ''; + + meta = with stdenv.lib; { + description = "Fast and friendly network scanner"; + homepage = https://angryip.org; + license = licenses.gpl2; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ kylesferrazza ]; + }; +} diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index 97c8ffb89484..1edf86675c31 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -9,7 +9,7 @@ buildGoPackage rec { version = "5.0.0"; goPackagePath = "github.com/keybase/client"; - subPackages = [ "go/keybase" ]; + subPackages = [ "go/kbnm" "go/keybase" ]; dontRenameImports = true; diff --git a/pkgs/tools/security/pbis/default.nix b/pkgs/tools/security/pbis/default.nix new file mode 100644 index 000000000000..ee1282e9a135 --- /dev/null +++ b/pkgs/tools/security/pbis/default.nix @@ -0,0 +1,70 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, perl, flex, bison, curl, + pam, popt, libiconv, libuuid, openssl_1_0_2, cyrus_sasl, sqlite, tdb, libxml2 }: + +stdenv.mkDerivation rec { + pname = "pbis-open"; + version = "9.1.0"; + + src = fetchFromGitHub { + owner = "BeyondTrust"; + repo = pname; + rev = version; + sha256 = "081jm34sf488nwz5wzs55d6rxx3sv566x6p4h1yqcjaw36174m8v"; + }; + + nativeBuildInputs = [ + autoconf automake libtool perl flex bison + ]; + + # curl must be placed after openssl_1_0_2, because it pulls openssl 1.1 dependency. + buildInputs = [ + pam popt libiconv libuuid openssl_1_0_2 cyrus_sasl + curl sqlite popt tdb libxml2 /*libglade2 for gtk*/ + ]; + + postPatch = '' + patchShebangs . + sed -i -e 's/legacy//g' lwupgrade/MakeKitBuild # disable /opt/ symlinks + sed -i -e 's/tdb.h//g' samba-interop/MakeKitBuild #include <tdb.h> fails but it won't affect the build + ''; + preConfigure = '' + mkdir release + cd release + if [ $CC = gcc ]; then + NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -Wno-error=format-overflow" + fi + NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -isystem ${stdenv.lib.getDev libxml2}/include/libxml2 -Wno-error=array-bounds -Wno-error=pointer-sign -Wno-error=deprecated-declarations -Wno-error=unused-variable" + ''; + configureScript = ''../configure''; + configureFlags = [ + "CFLAGS=-O" + "--docdir=${placeholder "prefix"}/share/doc" + "--mandir=${placeholder "prefix"}/share/doc/man" + "--datadir=${placeholder "prefix"}/share" + "--lw-initdir=${placeholder "prefix"}/etc/init.d" + "--selinux=no" # NixOS does not support SELinux + "--build-isas=x86_64" # [lwbase] endianness (host/x86_32): [lwbase] ERROR: could not determine endianness + "--fail-on-warn=no" + # "--debug=yes" + ]; # ^ See https://github.com/BeyondTrust/pbis-open/issues/124 + configureFlagsArray = [ "--lw-bundled-libs=linenoise-mob tomlc99 opensoap krb5 cyrus-sasl curl openldap ${ if libuuid == null then "libuuid" else "" }" ]; + # ^ it depends on old krb5 version 1.9 (issue #228) + # linenoise-mod, tomlc99, opensoap is not in nixpkgs. + # krb5 must be old one, and cyrus-sasl and openldap have dependency to newer libkrb5 that cause runtime error + enableParallelBuilding = true; + makeFlags = "SHELL="; + hardeningDisable = [ "format" ]; # -Werror=format-security + installPhase = '' + mkdir $sys + mv stage/{lib,var} $sys + mv stage$out $out + ''; + outputs = [ "out" "sys" ]; + + meta = with stdenv.lib; { + description = "BeyondTrust AD Bridge Open simplifies the process of joining non-Microsoft hosts to Active Directory domains"; + homepage = "https://github.com/BeyondTrust/pbis-open"; + license = with licenses; [ gpl2 lgpl21 ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/tools/security/vault/vault-bin.nix b/pkgs/tools/security/vault/vault-bin.nix index 87f2e922ff74..6e2ab221c42f 100644 --- a/pkgs/tools/security/vault/vault-bin.nix +++ b/pkgs/tools/security/vault/vault-bin.nix @@ -1,30 +1,30 @@ { stdenv, fetchurl, unzip }: let - version = "1.1.3"; + version = "1.3.0"; sources = let base = "https://releases.hashicorp.com/vault/${version}"; in { x86_64-linux = fetchurl { url = "${base}/vault_${version}_linux_amd64.zip"; - sha256 = "293b88f4d31f6bcdcc8b508eccb7b856a0423270adebfa0f52f04144c5a22ae0"; + sha256 = "1crfj4gd1qwwa2xidd0pjffv0n6hf5hbhv6568m6zc1ig0qqm6yq"; }; i686-linux = fetchurl { url = "${base}/vault_${version}_linux_386.zip"; - sha256 = "9f2fb99e08fa3d25af1497516d08b5d2d8a73bcacd5354ddec024e9628795867"; + sha256 = "0pyf0kyvxpmx3fwfvin1r0x30r9byx9lyi81894q06xrhiwbqc0l"; }; x86_64-darwin = fetchurl { url = "${base}/vault_${version}_darwin_amd64.zip"; - sha256 = "a0a7a242f8299ac4a00af8aa10ccedaf63013c8a068f56eadfb9d730b87155ea"; + sha256 = "113vnpz9n6y7z2k9jqpfpxqxqbrmd9bhny79yaxqzkfdqw8vyv3g"; }; i686-darwin = fetchurl { url = "${base}/vault_${version}_darwin_386.zip"; - sha256 = "50542cfb37abb06e8bb6b8ba41f5ca7d72a4d6a4396d4e3f4a8391bed14f63be"; + sha256 = "0d191qai0bpl7cyivca26wqgycsj2dz08809z147d1vnrz321v6w"; }; aarch64-linux = fetchurl { url = "${base}/vault_${version}_linux_arm64.zip"; - sha256 = "c243dce14b2e48e3667c2aa5b7fb37009dd7043b56032d6ebe50dd456715fd3f"; + sha256 = "1bk5y3knc42mh07gnnn6p109qz908014620h1s0348wp4qfdy49w"; }; }; @@ -49,6 +49,6 @@ in stdenv.mkDerivation { description = "A tool for managing secrets, this binary includes the UI"; platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" "i686-darwin" ]; license = licenses.mpl20; - maintainers = with maintainers; [ offline psyanticy ]; + maintainers = with maintainers; [ offline psyanticy mkaito ]; }; } |