Merge master into staging-next

6 files changed, 155 insertions, 10 deletions

diff --git a/pkgs/tools/security/bitwarden_rs/cargo-lock-lettre.patch b/pkgs/tools/security/bitwarden_rs/cargo-lock-lettre.patch
new file mode 100644
index 000000000000..d9f491ca290a
--- /dev/null
+++ b/pkgs/tools/security/bitwarden_rs/cargo-lock-lettre.patch
@@ -0,0 +1,58 @@
+diff --git a/Cargo.lock b/Cargo.lock
+index 2e0b695..6d23410 100644
+--- a/Cargo.lock
++++ b/Cargo.lock
+@@ -114,8 +114,8 @@ dependencies = [
+  "handlebars 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
+  "jsonwebtoken 6.0.1 (registry+https://github.com/rust-lang/crates.io-index)",
+  "lazy_static 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+- "lettre 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)",
+- "lettre_email 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)",
++ "lettre 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)",
++ "lettre_email 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)",
+  "libsqlite3-sys 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)",
+  "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
+  "multipart 0.16.1 (registry+https://github.com/rust-lang/crates.io-index)",
+@@ -1007,13 +1007,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
+ 
+ [[package]]
+ name = "lettre"
+-version = "0.9.1"
++version = "0.9.2"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ dependencies = [
+  "base64 0.10.1 (registry+https://github.com/rust-lang/crates.io-index)",
+  "bufstream 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)",
+- "failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+- "failure_derive 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+  "fast_chemail 0.9.6 (registry+https://github.com/rust-lang/crates.io-index)",
+  "hostname 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+  "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
+@@ -1026,14 +1024,12 @@ dependencies = [
+ 
+ [[package]]
+ name = "lettre_email"
+-version = "0.9.1"
++version = "0.9.2"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ dependencies = [
+  "base64 0.10.1 (registry+https://github.com/rust-lang/crates.io-index)",
+  "email 0.0.20 (registry+https://github.com/rust-lang/crates.io-index)",
+- "failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+- "failure_derive 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+- "lettre 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)",
++ "lettre 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)",
+  "mime 0.3.13 (registry+https://github.com/rust-lang/crates.io-index)",
+  "time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)",
+  "uuid 0.7.4 (registry+https://github.com/rust-lang/crates.io-index)",
+@@ -2858,8 +2854,8 @@ dependencies = [
+ "checksum language-tags 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a91d884b6667cd606bb5a69aa0c99ba811a115fc68915e7056ec08a46e93199a"
+ "checksum lazy_static 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bc5729f27f159ddd61f4df6228e827e86643d4d3e7c32183cb30a1c08f604a14"
+ "checksum lazycell 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b294d6fa9ee409a054354afc4352b0b9ef7ca222c69b8812cbea9e7d2bf3783f"
+-"checksum lettre 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "646aee0a55545eaffdf0df1ac19b500b51adb3095ec4dfdc704134e56ea23531"
+-"checksum lettre_email 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "ae1b3d43e4bb7beb9974a359cbb3ea4f93dfba6c1c0c6e9c9f82e538e0f9ab9f"
++"checksum lettre 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)" = "c66afaa5dfadbb81d4e00fd1d1ab057c7cd4c799c5a44e0009386d553587e728"
++"checksum lettre_email 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bbb68ca999042d965476e47bbdbacd52db0927348b6f8062c44dd04a3b1fd43b"
+ "checksum libc 0.2.55 (registry+https://github.com/rust-lang/crates.io-index)" = "42914d39aad277d9e176efbdad68acb1d5443ab65afe0e0e4f0d49352a950880"
+ "checksum libsqlite3-sys 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fd6457c70bbff456d9fe49deaba35ec47c3e598bf8d7950ff0575ceb7a8a6ad1"
+ "checksum lock_api 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "62ebf1391f6acad60e5c8b43706dde4582df75c06698ab44511d15016bc2442c"
diff --git a/pkgs/tools/security/bitwarden_rs/default.nix b/pkgs/tools/security/bitwarden_rs/default.nix
index d22a2773fd9d..f04996f1b431 100644
--- a/pkgs/tools/security/bitwarden_rs/default.nix
+++ b/pkgs/tools/security/bitwarden_rs/default.nix
@@ -2,21 +2,26 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "bitwarden_rs";
-  version = "1.9.0";
+  version = "1.9.1";
 
   src = fetchFromGitHub {
     owner = "dani-garcia";
     repo = pname;
     rev = version;
-    sha256 = "14c2blzkmdd9s0gpf6b7y141yx9s2v2gmwy5l1lgqjhi3h6jpcqr";
+    sha256 = "0jfb4b2lp2v01aw615lx0qj1qh73hyrbjn9kva7zqp74wcfw12gp";
   };
 
+  cargoPatches = [
+    # type annotations required: cannot resolve `std::string::String: std::convert::AsRef<_>`
+    ./cargo-lock-lettre.patch
+  ];
+
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ openssl ] ++ stdenv.lib.optionals stdenv.isDarwin [ Security CoreServices ];
 
   RUSTC_BOOTSTRAP = 1;
 
-  cargoSha256 = "038l6alcdc0g4avpbzxgd2k09nr3wrsbry763bq2c77qqgwldj8r";
+  cargoSha256 = "0p39gqrqdmgqhngp1qyh6jl0sp0ifj5n3bxfqafjbspb4zph3ls4";
 
   meta = with stdenv.lib; {
     description = "An unofficial lightweight implementation of the Bitwarden server API using Rust and SQLite";
diff --git a/pkgs/tools/security/bitwarden_rs/vault.nix b/pkgs/tools/security/bitwarden_rs/vault.nix
index 44c8047684fd..76b9f24224c1 100644
--- a/pkgs/tools/security/bitwarden_rs/vault.nix
+++ b/pkgs/tools/security/bitwarden_rs/vault.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "bitwarden_rs-vault";
-  version = "2.10.1";
+  version = "2.11.0";
 
   src = fetchurl {
     url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz";
-    sha256 = "1avgxlsxi7mb8zpqai3j1qb43qq09ya5ngb7l4q7mj0d89lxrzhb";
+    sha256 = "06f0rcpqhz5qjm01jbxx2czhnj9ng29rgsrilm5r5xx31s9dnhg7";
   };
 
   buildCommand = ''
diff --git a/pkgs/tools/security/passff-host/default.nix b/pkgs/tools/security/passff-host/default.nix
index a97bc57ad45f..59f03db0200d 100644
--- a/pkgs/tools/security/passff-host/default.nix
+++ b/pkgs/tools/security/passff-host/default.nix
@@ -1,27 +1,41 @@
 { stdenv, fetchFromGitHub, python3, pass }:
 
 stdenv.mkDerivation rec {
-  name = "passff-host-${version}";
+  pname = "passff-host";
   version = "1.2.1";
 
   src = fetchFromGitHub {
     owner = "passff";
-    repo = "passff-host";
+    repo = pname;
     rev = version;
     sha256 = "0ydfwvhgnw5c3ydx2gn5d7ys9g7cxlck57vfddpv6ix890v21451";
   };
 
   buildInputs = [ python3 ];
+  makeFlags = [ "VERSION=${version}" ];
 
   patchPhase = ''
     sed -i 's#COMMAND = "pass"#COMMAND = "${pass}/bin/pass"#' src/passff.py
   '';
 
   installPhase = ''
-    install -D bin/testing/passff.py $out/share/passff-host/passff.py
-    cp bin/testing/passff.json $out/share/passff-host/passff.json
-    substituteInPlace $out/share/passff-host/passff.json \
+    substituteInPlace bin/${version}/passff.json \
       --replace PLACEHOLDER $out/share/passff-host/passff.py
+
+    install -Dt $out/share/passff-host \
+      bin/${version}/passff.{py,json}
+
+    nativeMessagingPaths=(
+      /lib/mozilla/native-messaging-hosts
+      /etc/opt/chrome/native-messaging-hosts
+      /etc/chromium/native-messaging-hosts
+      /etc/vivaldi/native-messaging-hosts
+    )
+
+    for manifestDir in "''${nativeMessagingPaths[@]}"; do
+      install -d $out$manifestDir
+      ln -s $out/share/passff-host/passff.json $out$manifestDir/
+    done
   '';
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/security/pwgen-secure/default.nix b/pkgs/tools/security/pwgen-secure/default.nix
new file mode 100644
index 000000000000..c3141676b370
--- /dev/null
+++ b/pkgs/tools/security/pwgen-secure/default.nix
@@ -0,0 +1,36 @@
+{ lib, python3Packages, fetchFromGitHub }:
+
+with python3Packages;
+
+buildPythonApplication rec {
+  pname = "pwgen-secure";
+  version = "0.9.1";
+
+  # it needs `secrets` which was introduced in 3.6
+  disabled = pythonOlder "3.6";
+
+  # GH is newer than Pypi and contains both library *and* the actual program
+  # whereas Pypi only has the library
+  src = fetchFromGitHub {
+    owner = "mjmunger";
+    repo = "pwgen_secure";
+    rev = "v${version}";
+    sha256 = "15md5606hzy1xfhj2lxmc0nvynyrcs4vxa5jdi34kfm31rdklj28";
+  };
+
+  propagatedBuildInputs = [ docopt ];
+
+  postInstall = ''
+    install -Dm755 spwgen.py $out/bin/spwgen
+  '';
+
+  # there are no checks
+  doCheck = false;
+
+  meta = with lib; {
+    description = "Secure password generation library to replace pwgen";
+    homepage = "https://github.com/mjmunger/pwgen_secure/";
+    license = licenses.mit;
+    maintainers = with maintainers; [ peterhoeg ];
+  };
+}
diff --git a/pkgs/tools/security/sequoia-tool/default.nix b/pkgs/tools/security/sequoia-tool/default.nix
new file mode 100644
index 000000000000..00472c1a3aa4
--- /dev/null
+++ b/pkgs/tools/security/sequoia-tool/default.nix
@@ -0,0 +1,32 @@
+{ stdenv, fetchFromGitLab, rustPlatform, darwin
+, pkgconfig, capnproto, clang, libclang, nettle, openssl, sqlite }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "sequoia-tool";
+  version = "0.9.0";
+
+  src = fetchFromGitLab {
+    owner = "sequoia-pgp";
+    repo = "sequoia";
+    rev = "v${version}";
+    sha256 = "13dzwdzz33dy2lgnznsv8wqnw2501f2ggrkfwpqy5x6d1kgms8rj";
+  };
+
+  nativeBuildInputs = [ pkgconfig clang libclang ];
+  buildInputs = [ capnproto nettle openssl sqlite ]
+    ++ stdenv.lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security ];
+
+  LIBCLANG_PATH = libclang + "/lib";
+
+  cargoBuildFlags = [ "--package=sequoia-tool" ];
+
+  cargoSha256 = "1zcnkpzcar3a2fk2rn3i3nb70b59ds9fpfa44f15r3aaxajsdhdi";
+
+  meta = with stdenv.lib; {
+    description = "A command-line frontend for Sequoia, an implementation of OpenPGP";
+    homepage = https://sequoia-pgp.org/;
+    license = licenses.gpl3;
+    maintainers = with maintainers; [ minijackson ];
+    platforms = platforms.all;
+  };
+}