diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2019-02-01 09:22:29 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2019-02-01 09:22:29 +0100 |
commit | 5effa4e0f98b317fe4607b1a6548811017c3325d (patch) | |
tree | d62ab19ccca3b0c6409595074b637eeb3d4371dc /pkgs/tools/security | |
parent | ca2edf79f75ad2a43a5af5c1283db9f0f843680a (diff) | |
parent | 8f58e00226e3192994050b12aa9ed119be0220f3 (diff) | |
download | nixlib-5effa4e0f98b317fe4607b1a6548811017c3325d.tar nixlib-5effa4e0f98b317fe4607b1a6548811017c3325d.tar.gz nixlib-5effa4e0f98b317fe4607b1a6548811017c3325d.tar.bz2 nixlib-5effa4e0f98b317fe4607b1a6548811017c3325d.tar.lz nixlib-5effa4e0f98b317fe4607b1a6548811017c3325d.tar.xz nixlib-5effa4e0f98b317fe4607b1a6548811017c3325d.tar.zst nixlib-5effa4e0f98b317fe4607b1a6548811017c3325d.zip |
Merge branch 'master' into staging-next
Comments on conflicts: - llvm: d6f401e1 vs. 469ecc70 - docs for 6 and 7 say the default is to build all targets, so we should be fine - some pypi hashes: they were equivalent, just base16 vs. base32
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/ccid/default.nix | 1 | ||||
-rw-r--r-- | pkgs/tools/security/certmgr/default.nix | 54 | ||||
-rw-r--r-- | pkgs/tools/security/efitools/default.nix | 39 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/22.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/default.nix | 12 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/gui.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/monkeysphere/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/monkeysphere/monkeysphere.patch | 12 | ||||
-rw-r--r-- | pkgs/tools/security/opensc/default.nix | 1 | ||||
-rw-r--r-- | pkgs/tools/security/pcsclite/default.nix | 1 | ||||
-rw-r--r-- | pkgs/tools/security/signing-party/default.nix | 13 |
11 files changed, 104 insertions, 41 deletions
diff --git a/pkgs/tools/security/ccid/default.nix b/pkgs/tools/security/ccid/default.nix index 67252453743b..c5a0de0c75f6 100644 --- a/pkgs/tools/security/ccid/default.nix +++ b/pkgs/tools/security/ccid/default.nix @@ -25,7 +25,6 @@ stdenv.mkDerivation rec { description = "ccid drivers for pcsclite"; homepage = https://ccid.apdu.fr/; license = licenses.gpl2Plus; - maintainers = with maintainers; [ wkennington ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/certmgr/default.nix b/pkgs/tools/security/certmgr/default.nix index fa3076e8b593..4a9cd4867da6 100644 --- a/pkgs/tools/security/certmgr/default.nix +++ b/pkgs/tools/security/certmgr/default.nix @@ -1,23 +1,43 @@ -{ stdenv, buildGoPackage, fetchFromGitHub }: +{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }: -buildGoPackage rec { - version = "1.6.1"; - name = "certmgr-${version}"; +let + generic = { patches ? [] }: + buildGoPackage rec { + version = "1.6.1"; + name = "certmgr-${version}"; - goPackagePath = "github.com/cloudflare/certmgr/"; + goPackagePath = "github.com/cloudflare/certmgr/"; - src = fetchFromGitHub { - owner = "cloudflare"; - repo = "certmgr"; - rev = "v${version}"; - sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2"; - }; + src = fetchFromGitHub { + owner = "cloudflare"; + repo = "certmgr"; + rev = "v${version}"; + sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2"; + }; + + inherit patches; + + meta = with stdenv.lib; { + homepage = https://cfssl.org/; + description = "Cloudflare's certificate manager"; + platforms = platforms.linux; + license = licenses.bsd2; + maintainers = with maintainers; [ johanot srhb ]; + }; + }; +in +{ + certmgr = generic {}; - meta = with stdenv.lib; { - homepage = https://cfssl.org/; - description = "Cloudflare's certificate manager"; - platforms = platforms.linux; - license = licenses.bsd2; - maintainers = with maintainers; [ johanot srhb ]; + certmgr-selfsigned = generic { + # The following patch makes it possible to use a self-signed x509 cert + # for the cfssl apiserver. + # TODO: remove patch when PR is merged. + patches = [ + (fetchpatch { + url = "https://github.com/cloudflare/certmgr/pull/51.patch"; + sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs"; + }) + ]; }; } diff --git a/pkgs/tools/security/efitools/default.nix b/pkgs/tools/security/efitools/default.nix new file mode 100644 index 000000000000..1d983cb8599a --- /dev/null +++ b/pkgs/tools/security/efitools/default.nix @@ -0,0 +1,39 @@ +{ stdenv, gnu-efi, openssl, sbsigntool, perl, perlPackages, +help2man, fetchgit }: +stdenv.mkDerivation rec { + name = "efitools-${version}"; + version = "1.9.2"; + + buildInputs = [ + gnu-efi + openssl + sbsigntool + ]; + + nativeBuildInputs = [ + perl + perlPackages.FileSlurp + help2man + ]; + + src = fetchgit { + url = "git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git"; + rev = "v${version}"; + sha256 = "0jabgl2pxvfl780yvghq131ylpf82k7banjz0ksjhlm66ik8gb1i"; + }; + + postPatch = '' + sed -i -e 's#/usr/include/efi#${gnu-efi}/include/efi/#g' Make.rules + sed -i -e 's#/usr/lib64/gnuefi#${gnu-efi}/lib/#g' Make.rules + sed -i -e 's#$(DESTDIR)/usr#$(out)#g' Make.rules + patchShebangs . + ''; + + meta = with stdenv.lib; { + description = "Tools for manipulating UEFI secure boot platforms"; + homepage = "https://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git"; + license = licenses.gpl2; + maintainers = [ maintainers.grahamc ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index b6de575edb90..ad4eae9578cb 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -64,7 +64,7 @@ stdenv.mkDerivation rec { frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME. ''; - maintainers = with maintainers; [ wkennington peti fpletz vrthra ]; + maintainers = with maintainers; [ peti fpletz vrthra ]; platforms = platforms.all; }; } diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index b27b4ac24c0a..ae726544453a 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -1,22 +1,20 @@ -{ stdenv, lib, buildGoPackage, fetchFromGitHub, cf-private +{ stdenv, lib, buildGoPackage, fetchurl, cf-private , AVFoundation, AudioToolbox, ImageIO, CoreMedia , Foundation, CoreGraphics, MediaToolbox }: buildGoPackage rec { name = "keybase-${version}"; - version = "2.11.0"; + version = "2.13.1"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/keybase" ]; dontRenameImports = true; - src = fetchFromGitHub { - owner = "keybase"; - repo = "client"; - rev = "v${version}"; - sha256 = "1mj78cs6j0f1f86c71j4gdphas75j3rfaqygpy87dc40kc2yj0gd"; + src = fetchurl { + url = "https://github.com/keybase/client/archive/v${version}.tar.gz"; + sha256 = "0avq87y7cs3jipl444ssz1zd5jygpks20hls0fkqxxaikkpdsy4v"; }; buildInputs = lib.optionals stdenv.isDarwin [ diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix index a8c2d5ea4837..bd8166b214dc 100644 --- a/pkgs/tools/security/keybase/gui.nix +++ b/pkgs/tools/security/keybase/gui.nix @@ -3,16 +3,16 @@ , libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook }: let - versionSuffix = "20190104191034.69b3ee25b7"; + versionSuffix = "20190115203650.eec94506e4"; in stdenv.mkDerivation rec { name = "keybase-gui-${version}"; - version = "2.13.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "2.13.1"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - sha256 = "5b188185dc6d594cd18876a2c955bb6481598c206f048cfd80ac2e7e8022241e"; + sha256 = "01663jknr8s4sp51mclw9llhx07ww6yh22apawxikvpwmw9yg2qr"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix index 114ba57e1700..af507dbf993b 100644 --- a/pkgs/tools/security/monkeysphere/default.nix +++ b/pkgs/tools/security/monkeysphere/default.nix @@ -14,14 +14,14 @@ let }); in stdenv.mkDerivation rec { name = "monkeysphere-${version}"; - version = "0.42"; + version = "0.43"; # The patched OpenSSH binary MUST NOT be used (except in the check phase): disallowedRequisites = [ opensshUnsafe ]; src = fetchurl { url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz"; - sha256 = "1haqgjxm8v2xnhc652lx79p2cqggb9gxgaf19w9l9akar2qmdjf1"; + sha256 = "18i7qpvp5qb7mmd0z5rqai550rya9l3nbsq2hamwkl3smqsjdqc0"; }; patches = [ ./monkeysphere.patch ]; diff --git a/pkgs/tools/security/monkeysphere/monkeysphere.patch b/pkgs/tools/security/monkeysphere/monkeysphere.patch index fdf4b9335b19..0a05635d6a80 100644 --- a/pkgs/tools/security/monkeysphere/monkeysphere.patch +++ b/pkgs/tools/security/monkeysphere/monkeysphere.patch @@ -28,5 +28,17 @@ diff --git a/src/share/keytrans b/src/share/keytrans # keytrans: this is an RSA key translation utility; it is capable of # transforming RSA keys (both public keys and secret keys) between +diff --git a/tests/basic b/tests/basic +--- a/tests/basic ++++ b/tests/basic +@@ -343,7 +340,7 @@ if [ "$MONKEYSPHERE_TEST_USE_ED25519" = true ]; then + echo "### generating ed25519 key for testuser..." + # from the imported secret key + USER_FPR=8A4B353B4CBA6F30625498BAE00B5EEEBA79B482 +- gpg --quick-add-key "$USER_FPR" ed25519 auth 2d ++ gpg --no-tty --quick-add-key "$USER_FPR" ed25519 auth 2d + else + echo "### generating standard monkeysphere key for testuser..." + monkeysphere gen-subkey -- 2.16.3 diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index c23827842f23..7d709712fc80 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -44,7 +44,6 @@ stdenv.mkDerivation rec { description = "Set of libraries and utilities to access smart cards"; homepage = https://github.com/OpenSC/OpenSC/wiki; license = licenses.lgpl21Plus; - maintainers = with maintainers; [ wkennington ]; platforms = platforms.all; }; } diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index 95f9bf16ebac..66a5615ee135 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -43,7 +43,6 @@ stdenv.mkDerivation rec { description = "Middleware to access a smart card using SCard API (PC/SC)"; homepage = https://pcsclite.apdu.fr/; license = licenses.bsd3; - maintainers = with maintainers; [ wkennington ]; platforms = with platforms; unix; }; } diff --git a/pkgs/tools/security/signing-party/default.nix b/pkgs/tools/security/signing-party/default.nix index 996b6fa6d2c2..287ed1edcdae 100644 --- a/pkgs/tools/security/signing-party/default.nix +++ b/pkgs/tools/security/signing-party/default.nix @@ -1,12 +1,11 @@ { stdenv, fetchurl, autoconf, automake, makeWrapper -, python, perl, perlPackages +, python3, perl, perlPackages , libmd, gnupg1, which, getopt, libpaper, nettools, qprint , sendmailPath ? "/run/wrappers/bin/sendmail" }: let # All runtime dependencies from the CPAN graph: # https://widgets.stratopan.com/wheel?q=GnuPG-Interface-0.52&runtime=1&fs=1 - # TODO: XSLoader seems optional GnuPGInterfaceRuntimeDependencies = with perlPackages; [ strictures ClassMethodModifiers DataPerl DevelGlobalDestruction ExporterTiny GnuPGInterface ListMoreUtils ModuleRuntime Moo MooXHandlesVia MooXlate @@ -14,16 +13,14 @@ let ]; in stdenv.mkDerivation rec { pname = "signing-party"; - version = "2.7"; + version = "2.8"; name = "${pname}-${version}"; src = fetchurl { url = "mirror://debian/pool/main/s/${pname}/${pname}_${version}.orig.tar.gz"; - sha256 = "0znklgvxn7k7p6q7r8chcj86zmzildjamr3qlqfxkj5m7yziqr21"; + sha256 = "1dfry04gsa8kv7a2kr4p7a4b616sql41hsyff4pmfvrhiv2fz39z"; }; - sourceRoot = "."; - # TODO: Get this patch upstream... patches = [ ./gpgwrap_makefile.patch ]; @@ -45,7 +42,7 @@ in stdenv.mkDerivation rec { # Perl is required for it's pod2man. # Python and Perl are required for patching the script interpreter paths. nativeBuildInputs = [ autoconf automake makeWrapper ]; - buildInputs = [ python perl perlPackages.GnuPGInterface libmd gnupg1 ]; + buildInputs = [ python3 perl perlPackages.GnuPGInterface libmd gnupg1 ]; postInstall = '' # Install all tools which aren't handled by 'make install'. @@ -193,7 +190,7 @@ in stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - homepage = https://pgp-tools.alioth.debian.org/; + homepage = https://salsa.debian.org/debian/signing-party; description = "A collection of several projects relating to OpenPGP"; longDescription = '' This is a collection of several projects relating to OpenPGP. |