diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2019-02-01 09:42:53 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2019-02-01 09:42:53 +0100 |
commit | 8ba516664bf367889b06b06e4122372f82f24feb (patch) | |
tree | 01b691a7e1ad4797843b4c93d8a9d74fd16311d7 /pkgs/tools/security | |
parent | d00ca4476cd91bae052e8ded4d94e124a353d091 (diff) | |
parent | 5effa4e0f98b317fe4607b1a6548811017c3325d (diff) | |
download | nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.gz nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.bz2 nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.lz nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.xz nixlib-8ba516664bf367889b06b06e4122372f82f24feb.tar.zst nixlib-8ba516664bf367889b06b06e4122372f82f24feb.zip |
Merge branch 'staging-next' into staging
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/certmgr/default.nix | 54 | ||||
-rw-r--r-- | pkgs/tools/security/monkeysphere/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/monkeysphere/monkeysphere.patch | 12 | ||||
-rw-r--r-- | pkgs/tools/security/signing-party/default.nix | 13 |
4 files changed, 56 insertions, 27 deletions
diff --git a/pkgs/tools/security/certmgr/default.nix b/pkgs/tools/security/certmgr/default.nix index fa3076e8b593..4a9cd4867da6 100644 --- a/pkgs/tools/security/certmgr/default.nix +++ b/pkgs/tools/security/certmgr/default.nix @@ -1,23 +1,43 @@ -{ stdenv, buildGoPackage, fetchFromGitHub }: +{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }: -buildGoPackage rec { - version = "1.6.1"; - name = "certmgr-${version}"; +let + generic = { patches ? [] }: + buildGoPackage rec { + version = "1.6.1"; + name = "certmgr-${version}"; - goPackagePath = "github.com/cloudflare/certmgr/"; + goPackagePath = "github.com/cloudflare/certmgr/"; - src = fetchFromGitHub { - owner = "cloudflare"; - repo = "certmgr"; - rev = "v${version}"; - sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2"; - }; + src = fetchFromGitHub { + owner = "cloudflare"; + repo = "certmgr"; + rev = "v${version}"; + sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2"; + }; + + inherit patches; + + meta = with stdenv.lib; { + homepage = https://cfssl.org/; + description = "Cloudflare's certificate manager"; + platforms = platforms.linux; + license = licenses.bsd2; + maintainers = with maintainers; [ johanot srhb ]; + }; + }; +in +{ + certmgr = generic {}; - meta = with stdenv.lib; { - homepage = https://cfssl.org/; - description = "Cloudflare's certificate manager"; - platforms = platforms.linux; - license = licenses.bsd2; - maintainers = with maintainers; [ johanot srhb ]; + certmgr-selfsigned = generic { + # The following patch makes it possible to use a self-signed x509 cert + # for the cfssl apiserver. + # TODO: remove patch when PR is merged. + patches = [ + (fetchpatch { + url = "https://github.com/cloudflare/certmgr/pull/51.patch"; + sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs"; + }) + ]; }; } diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix index 114ba57e1700..af507dbf993b 100644 --- a/pkgs/tools/security/monkeysphere/default.nix +++ b/pkgs/tools/security/monkeysphere/default.nix @@ -14,14 +14,14 @@ let }); in stdenv.mkDerivation rec { name = "monkeysphere-${version}"; - version = "0.42"; + version = "0.43"; # The patched OpenSSH binary MUST NOT be used (except in the check phase): disallowedRequisites = [ opensshUnsafe ]; src = fetchurl { url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz"; - sha256 = "1haqgjxm8v2xnhc652lx79p2cqggb9gxgaf19w9l9akar2qmdjf1"; + sha256 = "18i7qpvp5qb7mmd0z5rqai550rya9l3nbsq2hamwkl3smqsjdqc0"; }; patches = [ ./monkeysphere.patch ]; diff --git a/pkgs/tools/security/monkeysphere/monkeysphere.patch b/pkgs/tools/security/monkeysphere/monkeysphere.patch index fdf4b9335b19..0a05635d6a80 100644 --- a/pkgs/tools/security/monkeysphere/monkeysphere.patch +++ b/pkgs/tools/security/monkeysphere/monkeysphere.patch @@ -28,5 +28,17 @@ diff --git a/src/share/keytrans b/src/share/keytrans # keytrans: this is an RSA key translation utility; it is capable of # transforming RSA keys (both public keys and secret keys) between +diff --git a/tests/basic b/tests/basic +--- a/tests/basic ++++ b/tests/basic +@@ -343,7 +340,7 @@ if [ "$MONKEYSPHERE_TEST_USE_ED25519" = true ]; then + echo "### generating ed25519 key for testuser..." + # from the imported secret key + USER_FPR=8A4B353B4CBA6F30625498BAE00B5EEEBA79B482 +- gpg --quick-add-key "$USER_FPR" ed25519 auth 2d ++ gpg --no-tty --quick-add-key "$USER_FPR" ed25519 auth 2d + else + echo "### generating standard monkeysphere key for testuser..." + monkeysphere gen-subkey -- 2.16.3 diff --git a/pkgs/tools/security/signing-party/default.nix b/pkgs/tools/security/signing-party/default.nix index 996b6fa6d2c2..287ed1edcdae 100644 --- a/pkgs/tools/security/signing-party/default.nix +++ b/pkgs/tools/security/signing-party/default.nix @@ -1,12 +1,11 @@ { stdenv, fetchurl, autoconf, automake, makeWrapper -, python, perl, perlPackages +, python3, perl, perlPackages , libmd, gnupg1, which, getopt, libpaper, nettools, qprint , sendmailPath ? "/run/wrappers/bin/sendmail" }: let # All runtime dependencies from the CPAN graph: # https://widgets.stratopan.com/wheel?q=GnuPG-Interface-0.52&runtime=1&fs=1 - # TODO: XSLoader seems optional GnuPGInterfaceRuntimeDependencies = with perlPackages; [ strictures ClassMethodModifiers DataPerl DevelGlobalDestruction ExporterTiny GnuPGInterface ListMoreUtils ModuleRuntime Moo MooXHandlesVia MooXlate @@ -14,16 +13,14 @@ let ]; in stdenv.mkDerivation rec { pname = "signing-party"; - version = "2.7"; + version = "2.8"; name = "${pname}-${version}"; src = fetchurl { url = "mirror://debian/pool/main/s/${pname}/${pname}_${version}.orig.tar.gz"; - sha256 = "0znklgvxn7k7p6q7r8chcj86zmzildjamr3qlqfxkj5m7yziqr21"; + sha256 = "1dfry04gsa8kv7a2kr4p7a4b616sql41hsyff4pmfvrhiv2fz39z"; }; - sourceRoot = "."; - # TODO: Get this patch upstream... patches = [ ./gpgwrap_makefile.patch ]; @@ -45,7 +42,7 @@ in stdenv.mkDerivation rec { # Perl is required for it's pod2man. # Python and Perl are required for patching the script interpreter paths. nativeBuildInputs = [ autoconf automake makeWrapper ]; - buildInputs = [ python perl perlPackages.GnuPGInterface libmd gnupg1 ]; + buildInputs = [ python3 perl perlPackages.GnuPGInterface libmd gnupg1 ]; postInstall = '' # Install all tools which aren't handled by 'make install'. @@ -193,7 +190,7 @@ in stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - homepage = https://pgp-tools.alioth.debian.org/; + homepage = https://salsa.debian.org/debian/signing-party; description = "A collection of several projects relating to OpenPGP"; longDescription = '' This is a collection of several projects relating to OpenPGP. |