Merge branch 'staging-next' into staging

author: Vladimír Čunát <vcunat@gmail.com> 2019-02-01 09:42:53 +0100
committer: Vladimír Čunát <vcunat@gmail.com> 2019-02-01 09:42:53 +0100
commit: 8ba516664bf367889b06b06e4122372f82f24feb (patch)
tree: 01b691a7e1ad4797843b4c93d8a9d74fd16311d7 /pkgs/tools/security
parent: d00ca4476cd91bae052e8ded4d94e124a353d091 (diff)
parent: 5effa4e0f98b317fe4607b1a6548811017c3325d (diff)
download: nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar
nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.gz
nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.bz2
nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.lz
nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.xz
nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.zst
nixlib-8ba516664bf367889b06b06e4122372f82f24feb.zip
4 files changed, 56 insertions, 27 deletions
diff --git a/pkgs/tools/security/certmgr/default.nix b/pkgs/tools/security/certmgr/default.nix
index fa3076e8b593..4a9cd4867da6 100644
--- a/pkgs/tools/security/certmgr/default.nix
+++ b/pkgs/tools/security/certmgr/default.nix
@@ -1,23 +1,43 @@
-{ stdenv, buildGoPackage, fetchFromGitHub }:
+{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }:
 
-buildGoPackage rec {
-  version = "1.6.1";
-  name = "certmgr-${version}";
+let
+  generic = { patches ? [] }:
+    buildGoPackage rec {
+      version = "1.6.1";
+      name = "certmgr-${version}";
 
-  goPackagePath = "github.com/cloudflare/certmgr/";
+      goPackagePath = "github.com/cloudflare/certmgr/";
 
-  src = fetchFromGitHub {
-    owner = "cloudflare";
-    repo = "certmgr";
-    rev = "v${version}";
-    sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2";
-  };
+      src = fetchFromGitHub {
+        owner = "cloudflare";
+        repo = "certmgr";
+        rev = "v${version}";
+        sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2";
+      };
+
+      inherit patches;
+
+      meta = with stdenv.lib; {
+        homepage = https://cfssl.org/;
+        description = "Cloudflare's certificate manager";
+        platforms = platforms.linux;
+        license = licenses.bsd2;
+        maintainers = with maintainers; [ johanot srhb ];
+      };
+    };
+in
+{
+  certmgr = generic {};
 
-  meta = with stdenv.lib; {
-    homepage = https://cfssl.org/;
-    description = "Cloudflare's certificate manager";
-    platforms = platforms.linux;
-    license = licenses.bsd2;
-    maintainers = with maintainers; [ johanot srhb ];
+  certmgr-selfsigned = generic {
+    # The following patch makes it possible to use a self-signed x509 cert
+    # for the cfssl apiserver.
+    # TODO: remove patch when PR is merged.
+    patches = [
+      (fetchpatch {
+        url    = "https://github.com/cloudflare/certmgr/pull/51.patch";
+        sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs";
+      })
+    ];
   };
 }
diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix
index 114ba57e1700..af507dbf993b 100644
--- a/pkgs/tools/security/monkeysphere/default.nix
+++ b/pkgs/tools/security/monkeysphere/default.nix
@@ -14,14 +14,14 @@ let
   });
 in stdenv.mkDerivation rec {
   name = "monkeysphere-${version}";
-  version = "0.42";
+  version = "0.43";
 
   # The patched OpenSSH binary MUST NOT be used (except in the check phase):
   disallowedRequisites = [ opensshUnsafe ];
 
   src = fetchurl {
     url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz";
-    sha256 = "1haqgjxm8v2xnhc652lx79p2cqggb9gxgaf19w9l9akar2qmdjf1";
+    sha256 = "18i7qpvp5qb7mmd0z5rqai550rya9l3nbsq2hamwkl3smqsjdqc0";
   };
 
   patches = [ ./monkeysphere.patch ];
diff --git a/pkgs/tools/security/monkeysphere/monkeysphere.patch b/pkgs/tools/security/monkeysphere/monkeysphere.patch
index fdf4b9335b19..0a05635d6a80 100644
--- a/pkgs/tools/security/monkeysphere/monkeysphere.patch
+++ b/pkgs/tools/security/monkeysphere/monkeysphere.patch
@@ -28,5 +28,17 @@ diff --git a/src/share/keytrans b/src/share/keytrans
  
  # keytrans: this is an RSA key translation utility; it is capable of
  # transforming RSA keys (both public keys and secret keys) between
+diff --git a/tests/basic b/tests/basic
+--- a/tests/basic
++++ b/tests/basic
+@@ -343,7 +340,7 @@ if [ "$MONKEYSPHERE_TEST_USE_ED25519" = true ]; then
+     echo "### generating ed25519 key for testuser..."
+     # from the imported secret key
+     USER_FPR=8A4B353B4CBA6F30625498BAE00B5EEEBA79B482
+-    gpg --quick-add-key "$USER_FPR" ed25519 auth 2d
++    gpg --no-tty --quick-add-key "$USER_FPR" ed25519 auth 2d
+ else
+     echo "### generating standard monkeysphere key for testuser..."
+     monkeysphere gen-subkey
 -- 
 2.16.3
diff --git a/pkgs/tools/security/signing-party/default.nix b/pkgs/tools/security/signing-party/default.nix
index 996b6fa6d2c2..287ed1edcdae 100644
--- a/pkgs/tools/security/signing-party/default.nix
+++ b/pkgs/tools/security/signing-party/default.nix
@@ -1,12 +1,11 @@
 { stdenv, fetchurl, autoconf, automake, makeWrapper
-, python, perl, perlPackages
+, python3, perl, perlPackages
 , libmd, gnupg1, which, getopt, libpaper, nettools, qprint
 , sendmailPath ? "/run/wrappers/bin/sendmail" }:
 
 let
   # All runtime dependencies from the CPAN graph:
   # https://widgets.stratopan.com/wheel?q=GnuPG-Interface-0.52&runtime=1&fs=1
-  # TODO: XSLoader seems optional
   GnuPGInterfaceRuntimeDependencies = with perlPackages; [
     strictures ClassMethodModifiers DataPerl DevelGlobalDestruction ExporterTiny
     GnuPGInterface ListMoreUtils ModuleRuntime Moo MooXHandlesVia MooXlate
@@ -14,16 +13,14 @@ let
   ];
 in stdenv.mkDerivation rec {
   pname = "signing-party";
-  version = "2.7";
+  version = "2.8";
   name = "${pname}-${version}";
 
   src = fetchurl {
     url = "mirror://debian/pool/main/s/${pname}/${pname}_${version}.orig.tar.gz";
-    sha256 = "0znklgvxn7k7p6q7r8chcj86zmzildjamr3qlqfxkj5m7yziqr21";
+    sha256 = "1dfry04gsa8kv7a2kr4p7a4b616sql41hsyff4pmfvrhiv2fz39z";
   };
 
-  sourceRoot = ".";
-
   # TODO: Get this patch upstream...
   patches = [ ./gpgwrap_makefile.patch ];
 
@@ -45,7 +42,7 @@ in stdenv.mkDerivation rec {
   # Perl is required for it's pod2man.
   # Python and Perl are required for patching the script interpreter paths.
   nativeBuildInputs = [ autoconf automake makeWrapper ];
-  buildInputs = [ python perl perlPackages.GnuPGInterface libmd gnupg1 ];
+  buildInputs = [ python3 perl perlPackages.GnuPGInterface libmd gnupg1 ];
 
   postInstall = ''
     # Install all tools which aren't handled by 'make install'.
@@ -193,7 +190,7 @@ in stdenv.mkDerivation rec {
   '';
 
   meta = with stdenv.lib; {
-    homepage = https://pgp-tools.alioth.debian.org/;
+    homepage = https://salsa.debian.org/debian/signing-party;
     description = "A collection of several projects relating to OpenPGP";
     longDescription = ''
       This is a collection of several projects relating to OpenPGP.
author	Vladimír Čunát <vcunat@gmail.com>	2019-02-01 09:42:53 +0100
committer	Vladimír Čunát <vcunat@gmail.com>	2019-02-01 09:42:53 +0100
commit	8ba516664bf367889b06b06e4122372f82f24feb (patch)
tree	01b691a7e1ad4797843b4c93d8a9d74fd16311d7 /pkgs/tools/security
parent	d00ca4476cd91bae052e8ded4d94e124a353d091 (diff)
parent	5effa4e0f98b317fe4607b1a6548811017c3325d (diff)
download	nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.gz nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.bz2 nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.lz nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.xz nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.zst nixlib-8ba516664bf367889b06b06e4122372f82f24feb.zip