diff options
author | John Ericson <John.Ericson@Obsidian.Systems> | 2019-11-24 17:25:07 +0000 |
---|---|---|
committer | John Ericson <John.Ericson@Obsidian.Systems> | 2019-11-24 17:25:07 +0000 |
commit | d0d5136cce5e0cbe2305c53090bd4bd886114746 (patch) | |
tree | 70092947536a3c65e215df9df20e571e34652f7a /pkgs/tools/security | |
parent | 9b090ccbca3f7dd26d91db06e96e8bf8282c37ca (diff) | |
parent | 195c263a812dec532656dcfd5d0360458cdc93fd (diff) | |
download | nixlib-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar nixlib-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.gz nixlib-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.bz2 nixlib-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.lz nixlib-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.xz nixlib-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.zst nixlib-d0d5136cce5e0cbe2305c53090bd4bd886114746.zip |
Merge remote-tracking branch 'upstream/master' into wrapper-pname-support
Diffstat (limited to 'pkgs/tools/security')
63 files changed, 1550 insertions, 355 deletions
diff --git a/pkgs/tools/security/aespipe/default.nix b/pkgs/tools/security/aespipe/default.nix index 22fb8848eb91..69bef27258e8 100644 --- a/pkgs/tools/security/aespipe/default.nix +++ b/pkgs/tools/security/aespipe/default.nix @@ -2,18 +2,20 @@ stdenv.mkDerivation rec { pname = "aespipe"; - version = "2.4e"; + version = "2.4f"; src = fetchurl { url = "mirror://sourceforge/loop-aes/aespipe/aespipe-v${version}.tar.bz2"; - sha256 = "0fmr0vk408bf13jydhdmcdhqw31yc9qk329bs9i60alccywapmds"; + sha256 = "15pg9j27mjzl78mpzkdqd84kdafj0g6j72f8wgjrpp2qkxjy2ddi"; }; - meta = { + configureFlags = [ "--enable-padlock" "--enable-intelaes" ]; + + meta = with stdenv.lib; { description = "AES encrypting or decrypting pipe"; homepage = http://loop-aes.sourceforge.net/aespipe.README; - license = stdenv.lib.licenses.gpl2; - maintainers = [ stdenv.lib.maintainers.goibhniu ]; - platforms = stdenv.lib.platforms.linux; + license = licenses.gpl2; + maintainers = [ maintainers.goibhniu ]; + platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix b/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix index 6b3a922bbe5c..580cf7585c92 100644 --- a/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix +++ b/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix @@ -15,15 +15,20 @@ stdenv.mkDerivation { sha256 = "0yrc302a2fhbzryb10718ky4fymfcps3lk67ivis1qab5kbp6z8r"; }; - buildInputs = [ imagemagick qrencode ] ++ stdenv.lib.optional testQR zbar; dontBuild = true; dontStrip = true; dontPatchELF = true; - preInstall = '' - substituteInPlace asc-to-gif.sh \ - --replace "convert" "${imagemagick}/bin/convert" \ - --replace "qrencode" "${qrencode.bin}/bin/qrencode" + preInstall = let + substitutions = [ + ''--replace "convert" "${imagemagick}/bin/convert"'' + ''--replace "qrencode" "${qrencode.bin}/bin/qrencode"'' + ] ++ stdenv.lib.optional testQR [ + ''--replace "hash zbarimg" "true"'' # hash does not work on NixOS + ''--replace "$(zbarimg --raw" "$(${zbar.out}/bin/zbarimg --raw"'' + ]; + in '' + substituteInPlace asc-to-gif.sh ${stdenv.lib.concatStringsSep " " substitutions} ''; installPhase = '' diff --git a/pkgs/tools/security/bettercap/default.nix b/pkgs/tools/security/bettercap/default.nix index c72bc6d8b9e8..d0cda57e2d06 100644 --- a/pkgs/tools/security/bettercap/default.nix +++ b/pkgs/tools/security/bettercap/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "bettercap"; - version = "2.24"; + version = "2.26.1"; goPackagePath = "github.com/bettercap/bettercap"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "1f8bzxbcyf0bpyqj6hz4l8dp5xknnb537xy9y5skcznp03i44h55"; + sha256 = "10qsknyzfpzfpm4gp98jwvw6qmkmx23nw88sbnpl2rlr725l560c"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/tools/security/bettercap/deps.nix b/pkgs/tools/security/bettercap/deps.nix index ef09a821317e..12aeb1918c6e 100644 --- a/pkgs/tools/security/bettercap/deps.nix +++ b/pkgs/tools/security/bettercap/deps.nix @@ -1,336 +1,534 @@ -# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix) +# file generated from go.mod using vgo2nix (https://github.com/adisbladis/vgo2nix) [ { - goPackagePath = "github.com/adrianmo/go-nmea"; + goPackagePath = "github.com/BurntSushi/toml"; + fetch = { + type = "git"; + url = "https://github.com/BurntSushi/toml"; + rev = "v0.3.1"; + sha256 = "1fjdwwfzyzllgiwydknf1pwjvy49qxfsczqx5gz3y0izs7as99j6"; + }; + } + { + goPackagePath = "github.com/adrianmo/go-nmea"; fetch = { type = "git"; url = "https://github.com/adrianmo/go-nmea"; - rev = "a32116e4989e2b0e17c057ee378b4d5246add74e"; + rev = "v1.1.0"; sha256 = "167iwpwdwfbyghqfrzdfvfpvsmj92x7qqy6sx6yngdw21wd0m44f"; }; } { - goPackagePath = "github.com/antchfx/jsonquery"; + goPackagePath = "github.com/antchfx/jsonquery"; fetch = { type = "git"; url = "https://github.com/antchfx/jsonquery"; - rev = "a2896be8c82bb2229d1cf26204863180e34b2b31"; - sha256 = "0mh6v21i3v3sxqjln7vph6wx3sm79p99010in9am1wh7k30rrjl5"; + rev = "v1.0.0"; + sha256 = "04xk7ib059xzl1y87ah41q7vzl3xp99mq8nyccx8hlsng1nc0haw"; }; } { - goPackagePath = "github.com/antchfx/xpath"; + goPackagePath = "github.com/antchfx/xpath"; fetch = { type = "git"; url = "https://github.com/antchfx/xpath"; - rev = "ce1d48779e67a1ddfb380995fe532b2e0015919c"; - sha256 = "0brd75mhd5ix7rz1ijhbggyp53v6g8kz9bc2n7g6zwavzxarfj5p"; + rev = "v1.1.0"; + sha256 = "0bgin15841q009yxbyqfqk5b2yk2f4a1mswjkgiqxgarmql0mpsy"; }; } { - goPackagePath = "github.com/bettercap/gatt"; + goPackagePath = "github.com/bettercap/gatt"; fetch = { type = "git"; url = "https://github.com/bettercap/gatt"; - rev = "fac16c0ad797bbccae1fe4acf49761b98f7516e7"; - sha256 = "08pyg4caw7lzb230l3k4rwgvn68zz6kmrlsdapaf3wa216pphyd9"; + rev = "569d3d9372bb"; + sha256 = "0ncg6wd4wkr12l4bs7vyyrd08imyd5y1vdyp7f9shjq9nzv3rzcz"; }; } { - goPackagePath = "github.com/bettercap/nrf24"; + goPackagePath = "github.com/bettercap/nrf24"; fetch = { type = "git"; url = "https://github.com/bettercap/nrf24"; - rev = "aa37e6d0e0eb125cee9ec71ed694db2ad58b509a"; + rev = "aa37e6d0e0eb"; sha256 = "1y6ffcj94hk7slajqw3lqpdxzx6iqpj2i2zpsvggg6kfaa1iklnj"; }; } { - goPackagePath = "github.com/bettercap/readline"; + goPackagePath = "github.com/bettercap/readline"; fetch = { type = "git"; url = "https://github.com/bettercap/readline"; - rev = "62c6fe6193755f722b8b8788aa7357be55a50ff1"; - sha256 = "1qd2qhjps26x4pin2614w732giy89p22b2qww4wg15zz5g2365nk"; + rev = "9cec905dd291"; + sha256 = "1lsnyckg2l78hz4la8dhwvjsyff706khw10nxds5afzl4mrih3vn"; }; } { - goPackagePath = "github.com/bettercap/recording"; + goPackagePath = "github.com/bettercap/recording"; fetch = { type = "git"; url = "https://github.com/bettercap/recording"; - rev = "3ce1dcf032e391eb321311b34cdf31c6fc9523f5"; + rev = "3ce1dcf032e3"; sha256 = "1arh12iz15anyrqr4q496lpd0gx5nf2cwyr5rv17rawqqz8ydg23"; }; } { - goPackagePath = "github.com/chifflier/nfqueue-go"; + goPackagePath = "github.com/chifflier/nfqueue-go"; fetch = { type = "git"; url = "https://github.com/chifflier/nfqueue-go"; - rev = "61ca646babef3bd4dea1deb610bfb0005c0a1298"; + rev = "61ca646babef"; sha256 = "1i1q2xl86f3s9x3j2ffxprwqhcrkh4w23hh4ib7jksxvaq36v33l"; }; } { - goPackagePath = "github.com/dustin/go-humanize"; + goPackagePath = "github.com/chzyer/logex"; + fetch = { + type = "git"; + url = "https://github.com/chzyer/logex"; + rev = "v1.1.10"; + sha256 = "08pbjj3wx9acavlwyr055isa8a5hnmllgdv5k6ra60l5y1brmlq4"; + }; + } + { + goPackagePath = "github.com/chzyer/test"; + fetch = { + type = "git"; + url = "https://github.com/chzyer/test"; + rev = "a1ea475d72b1"; + sha256 = "0rns2aqk22i9xsgyap0pq8wi4cfaxsri4d9q6xxhhyma8jjsnj2k"; + }; + } + { + goPackagePath = "github.com/davecgh/go-spew"; + fetch = { + type = "git"; + url = "https://github.com/davecgh/go-spew"; + rev = "v1.1.1"; + sha256 = "0hka6hmyvp701adzag2g26cxdj47g21x6jz4sc6jjz1mn59d474y"; + }; + } + { + goPackagePath = "github.com/dustin/go-humanize"; fetch = { type = "git"; url = "https://github.com/dustin/go-humanize"; - rev = "9f541cc9db5d55bce703bd99987c9d5cb8eea45e"; + rev = "v1.0.0"; sha256 = "1kqf1kavdyvjk7f8kx62pnm7fbypn9z1vbf8v2qdh3y7z7a0cbl3"; }; } { - goPackagePath = "github.com/elazarl/goproxy"; + goPackagePath = "github.com/elazarl/goproxy"; fetch = { type = "git"; url = "https://github.com/elazarl/goproxy"; - rev = "9d40249d3c2f14d1a9d75e070a738362adeb5a83"; - sha256 = "0hpzna9dvs2ff0bj8baz3sc5gg49vqmb0cbi6p061lmwl09cd00i"; + rev = "473e67f1d7d2"; + sha256 = "1xsrdlcgl088phanm81pskym2ry8z1nizvq3lsq0c7cvzb6mrw4p"; }; } { - goPackagePath = "github.com/evilsocket/islazy"; + goPackagePath = "github.com/evilsocket/islazy"; fetch = { type = "git"; url = "https://github.com/evilsocket/islazy"; - rev = "c5c7a41bb1c20e6df409825ed24af8de5fb7fb70"; + rev = "v1.10.4"; sha256 = "1ayc4di6584yajybh724mcmng069q38j1dpljgi8fhsyhb4sila3"; }; } { - goPackagePath = "github.com/gobwas/glob"; + goPackagePath = "github.com/gobwas/glob"; fetch = { type = "git"; url = "https://github.com/gobwas/glob"; - rev = "e7a84e9525fe90abcda167b604e483cc959ad4aa"; + rev = "e7a84e9525fe"; sha256 = "1v6vjklq06wqddv46ihajahaj1slv0imgaivlxr8bsx59i90js5q"; }; } { - goPackagePath = "github.com/google/go-github"; + goPackagePath = "github.com/google/go-github"; fetch = { type = "git"; url = "https://github.com/google/go-github"; - rev = "e48060a28fac52d0f1cb758bc8b87c07bac4a87d"; - sha256 = "0a15gsqpshcipd4vmm0dzxgi99pfk0c5b60n3czfw2px864mg7x9"; + rev = "v17.0.0"; + sha256 = "1kvw95l77a5n5rgal9n1xjh58zxb3a40ij1j722b1h4z8yg9jhg4"; }; } { - goPackagePath = "github.com/google/go-querystring"; + goPackagePath = "github.com/google/go-querystring"; fetch = { type = "git"; url = "https://github.com/google/go-querystring"; - rev = "44c6ddd0a2342c386950e880b658017258da92fc"; + rev = "v1.0.0"; sha256 = "0xl12bqyvmn4xcnf8p9ksj9rmnr7s40pvppsdmy8n9bzw1db0iwz"; }; } { - goPackagePath = "github.com/google/gopacket"; + goPackagePath = "github.com/google/gopacket"; fetch = { type = "git"; url = "https://github.com/google/gopacket"; - rev = "v1.1.16"; - sha256 = "1vnjgjz52l1bzrhx70qpvmwandf8v13zhiaj3rdljsphdp5cgadi"; + rev = "v1.1.17"; + sha256 = "192af5z18nnafn35gdy4wahlx6ggbhlnxzlm1yvxjxawfwnilidn"; }; } { - goPackagePath = "github.com/google/gousb"; + goPackagePath = "github.com/google/gousb"; fetch = { type = "git"; url = "https://github.com/google/gousb"; - rev = "64d82086770b8b671e1e7f162372dd37f1f5efba"; - sha256 = "1kjgg8cdp8wz9rck4nh48pcia741p7a8w2nikhzxsscn0ld33109"; + rev = "18f4c1d8a750"; + sha256 = "1i7ffkq395x0v1186j9bhfgy67wlq6s840xkyx8wn87w55yd05rh"; }; } { - goPackagePath = "github.com/gorilla/mux"; + goPackagePath = "github.com/google/renameio"; + fetch = { + type = "git"; + url = "https://github.com/google/renameio"; + rev = "v0.1.0"; + sha256 = "1ki2x5a9nrj17sn092d6n4zr29lfg5ydv4xz5cp58z6cw8ip43jx"; + }; + } + { + goPackagePath = "github.com/gorilla/mux"; fetch = { type = "git"; url = "https://github.com/gorilla/mux"; - rev = "c5c6c98bc25355028a63748a498942a6398ccd22"; - sha256 = "0im4da3hqxb6zr8g3m640qz234f5gs0a8hqhcz35mkvfqlv48f62"; + rev = "v1.7.3"; + sha256 = "0vr38zdad3zgg7q7nn24knl8axngj7cgmlwa93m17yhsnlvqi531"; }; } { - goPackagePath = "github.com/gorilla/websocket"; + goPackagePath = "github.com/gorilla/websocket"; fetch = { type = "git"; url = "https://github.com/gorilla/websocket"; - rev = "66b9c49e59c6c48f0ffce28c2d8b8a5678502c6d"; - sha256 = "00i4vb31nsfkzzk7swvx3i75r2d960js3dri1875vypk3v2s0pzk"; + rev = "v1.4.1"; + sha256 = "03n1n0nwz3k9qshmriycqznnnvd3dkzsfwpnfjzzvafjxk9kyapv"; }; } { - goPackagePath = "github.com/hashicorp/mdns"; + goPackagePath = "github.com/hashicorp/mdns"; fetch = { type = "git"; url = "https://github.com/hashicorp/mdns"; - rev = "06dd1a31b32c42d4d6c2cf8dbce70597d1118f54"; + rev = "v1.0.1"; sha256 = "185zpyj1jf1jm7hihg73gqnspr0a359aqwv11v4a6mwd5bkdh19j"; }; } { - goPackagePath = "github.com/inconshreveable/go-vhost"; + goPackagePath = "github.com/inconshreveable/go-vhost"; fetch = { type = "git"; url = "https://github.com/inconshreveable/go-vhost"; - rev = "06d84117953b22058c096b49a429ebd4f3d3d97b"; + rev = "06d84117953b"; sha256 = "0wliilsybm7xf5h685a23rsm8bnlhkr332pkdkhf32q16sr1a9rk"; }; } { - goPackagePath = "github.com/jpillora/go-tld"; + goPackagePath = "github.com/jpillora/go-tld"; fetch = { type = "git"; url = "https://github.com/jpillora/go-tld"; - rev = "f16ca3b7b383d3f0373109cac19147de3e8ae2d1"; + rev = "f16ca3b7b383"; sha256 = "19v8bj14w0lcvysaw84klf5dg6ka351ixz9r6cd9mksdd80nvzcq"; }; } { - goPackagePath = "github.com/kr/binarydist"; + goPackagePath = "github.com/kisielk/gotool"; + fetch = { + type = "git"; + url = "https://github.com/kisielk/gotool"; + rev = "v1.0.0"; + sha256 = "14af2pa0ssyp8bp2mvdw184s5wcysk6akil3wzxmr05wwy951iwn"; + }; + } + { + goPackagePath = "github.com/kr/binarydist"; fetch = { type = "git"; url = "https://github.com/kr/binarydist"; - rev = "88f551ae580780cc79d12ab4c218ba1ca346b83a"; + rev = "v0.1.0"; sha256 = "0hz1yqlxmkdib8xsdkkvn4ian4i69jmfapadim9fhj632d6jpi7w"; }; } { - goPackagePath = "github.com/malfunkt/iprange"; + goPackagePath = "github.com/kr/pretty"; + fetch = { + type = "git"; + url = "https://github.com/kr/pretty"; + rev = "v0.1.0"; + sha256 = "18m4pwg2abd0j9cn5v3k2ksk9ig4vlwxmlw9rrglanziv9l967qp"; + }; + } + { + goPackagePath = "github.com/kr/pty"; + fetch = { + type = "git"; + url = "https://github.com/kr/pty"; + rev = "v1.1.1"; + sha256 = "0383f0mb9kqjvncqrfpidsf8y6ns5zlrc91c6a74xpyxjwvzl2y6"; + }; + } + { + goPackagePath = "github.com/kr/text"; + fetch = { + type = "git"; + url = "https://github.com/kr/text"; + rev = "v0.1.0"; + sha256 = "1gm5bsl01apvc84bw06hasawyqm4q84vx1pm32wr9jnd7a8vjgj1"; + }; + } + { + goPackagePath = "github.com/malfunkt/iprange"; fetch = { type = "git"; url = "https://github.com/malfunkt/iprange"; - rev = "3a31f5ed42d2d8a1fc46f1be91fd693bdef2dd52"; + rev = "v0.9.0"; sha256 = "0gv5w678r74jval675xp0y1hzpf7mm5m9apa1rz9krxc9zd0ycr8"; }; } { - goPackagePath = "github.com/mattn/go-colorable"; + goPackagePath = "github.com/mattn/go-colorable"; fetch = { type = "git"; url = "https://github.com/mattn/go-colorable"; - rev = "3a70a971f94a22f2fa562ffcc7a0eb45f5daf045"; - sha256 = "0l640974j804c1yyjfgyxqlsivz0yrzmbql4mhcw2azryigkp08p"; + rev = "v0.1.4"; + sha256 = "1yxcz08kminqr1221zxpibnbzfcgs3fafin0z9zqb3gqvf74jywz"; }; } { - goPackagePath = "github.com/mattn/go-isatty"; + goPackagePath = "github.com/mattn/go-isatty"; fetch = { type = "git"; url = "https://github.com/mattn/go-isatty"; - rev = "c2a7a6ca930a4cd0bc33a3f298eb71960732a3a7"; - sha256 = "1i77aq4gf9as03m8fpfh8fq49n4z9j7548blrcsidm1xhslzk5xd"; + rev = "v0.0.10"; + sha256 = "0jf4hwfwd2cpxrlyv0jzcia809q2bjw7y1m3ciaj2s8lj2jqyf6r"; }; } { - goPackagePath = "github.com/mdlayher/dhcp6"; + goPackagePath = "github.com/mdlayher/dhcp6"; fetch = { type = "git"; url = "https://github.com/mdlayher/dhcp6"; - rev = "2a67805d7d0b0bad6c1103058981afdea583b459"; + rev = "2a67805d7d0b"; sha256 = "0xn7canpik3lrz73dcz4jzapq1bfxpnashvjvnvshcpa2n1lh8yw"; }; } { - goPackagePath = "github.com/mdlayher/raw"; - fetch = { - type = "git"; - url = "https://github.com/mdlayher/raw"; - rev = "480b93709cce56651807d3fdeb260a5a7c4e2d5f"; - sha256 = "0a0zlznk67nhpmgp21hxsbhyl5lvlkmwy5xvm3d3q0yaq0rqnh2x"; - }; - } - { - goPackagePath = "github.com/mgutz/ansi"; + goPackagePath = "github.com/mgutz/ansi"; fetch = { type = "git"; url = "https://github.com/mgutz/ansi"; - rev = "9520e82c474b0a04dd04f8a40959027271bab992"; + rev = "9520e82c474b"; sha256 = "00bz22314j26736w1f0q4jy9d9dfaml17vn890n5zqy3cmvmww1j"; }; } { - goPackagePath = "github.com/mgutz/logxi"; + goPackagePath = "github.com/mgutz/logxi"; fetch = { type = "git"; url = "https://github.com/mgutz/logxi"; - rev = "aebf8a7d67ab4625e0fd4a665766fef9a709161b"; + rev = "aebf8a7d67ab"; sha256 = "1f8sqibkzz9wfplvvblz9s0xvvmhkd2af8ghcsmjw8818gcrzsqx"; }; } { - goPackagePath = "github.com/miekg/dns"; + goPackagePath = "github.com/miekg/dns"; fetch = { type = "git"; url = "https://github.com/miekg/dns"; - rev = "8aa92d4e02c501ba21e26fb92cf2fb9f23f56917"; - sha256 = "1niymj11xv82ghif3p7i60bgj0lqskwm7fmrzfjchd8wxwbk4bbi"; + rev = "v1.1.22"; + sha256 = "1iv9jznakz8f5swiir0z4zilr9ypavnsc0g4zi1r0vad6npy7zfl"; }; } { - goPackagePath = "github.com/pkg/errors"; + goPackagePath = "github.com/mitchellh/go-homedir"; + fetch = { + type = "git"; + url = "https://github.com/mitchellh/go-homedir"; + rev = "v1.1.0"; + sha256 = "0ydzkipf28hwj2bfxqmwlww47khyk6d152xax4bnyh60f4lq3nx1"; + }; + } + { + goPackagePath = "github.com/pkg/errors"; fetch = { type = "git"; url = "https://github.com/pkg/errors"; - rev = "ba968bfe8b2f7e042a574c888954fccecfa385b4"; + rev = "v0.8.1"; sha256 = "0g5qcb4d4fd96midz0zdk8b9kz8xkzwfa8kr1cliqbg8sxsy5vd1"; }; } { - goPackagePath = "github.com/robertkrimen/otto"; + goPackagePath = "github.com/pmezard/go-difflib"; + fetch = { + type = "git"; + url = "https://github.com/pmezard/go-difflib"; + rev = "v1.0.0"; + sha256 = "0c1cn55m4rypmscgf0rrb88pn58j3ysvc2d0432dp3c6fqg6cnzw"; + }; + } + { + goPackagePath = "github.com/robertkrimen/otto"; fetch = { type = "git"; url = "https://github.com/robertkrimen/otto"; - rev = "15f95af6e78dcd2030d8195a138bd88d4f403546"; + rev = "15f95af6e78d"; sha256 = "07j7l340lmqwpfscwyb8llk3k37flvs20a4a8vzc85f16xyd9npf"; }; } { - goPackagePath = "github.com/tarm/serial"; + goPackagePath = "github.com/rogpeppe/go-charset"; + fetch = { + type = "git"; + url = "https://github.com/rogpeppe/go-charset"; + rev = "2471d30d28b4"; + sha256 = "1cmkhwkqx1smnsvrr9ah2x5qav0i6vdiq8x4j8j812xspfl69zwx"; + }; + } + { + goPackagePath = "github.com/rogpeppe/go-internal"; + fetch = { + type = "git"; + url = "https://github.com/rogpeppe/go-internal"; + rev = "v1.3.0"; + sha256 = "0mcdh1licgnnahwml9y2iq6xy5x9xmjw5frcnds2s3wpjyqrl216"; + }; + } + { + goPackagePath = "github.com/stretchr/objx"; + fetch = { + type = "git"; + url = "https://github.com/stretchr/objx"; + rev = "v0.1.0"; + sha256 = "19ynspzjdynbi85xw06mh8ad5j0qa1vryvxjgvbnyrr8rbm4vd8w"; + }; + } + { + goPackagePath = "github.com/stretchr/testify"; + fetch = { + type = "git"; + url = "https://github.com/stretchr/testify"; + rev = "v1.3.0"; + sha256 = "0wjchp2c8xbgcbbq32w3kvblk6q6yn533g78nxl6iskq6y95lxsy"; + }; + } + { + goPackagePath = "github.com/tarm/serial"; fetch = { type = "git"; url = "https://github.com/tarm/serial"; - rev = "98f6abe2eb07edd42f6dfa2a934aea469acc29b7"; + rev = "98f6abe2eb07"; sha256 = "1yj4jiv2f3x3iawxdflrlmdan0k9xsbnccgc9yz658rmif1ag3pb"; }; } { - goPackagePath = "golang.org/x/crypto"; + goPackagePath = "golang.org/x/crypto"; fetch = { type = "git"; url = "https://go.googlesource.com/crypto"; - rev = "a29dc8fdc73485234dbef99ebedb95d2eced08de"; - sha256 = "07f0jj4haqs0ywc1akk1qjwn5msl2j0pry1rxjkkbfcq4r6ihc1p"; + rev = "87dc89f01550"; + sha256 = "0z4i1m2yn3f31ci7wvcm2rxkx2yiv7a78mfzklncmsz2k97rlh2g"; }; } { - goPackagePath = "golang.org/x/net"; + goPackagePath = "golang.org/x/mod"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/mod"; + rev = "4bf6d317e70e"; + sha256 = "19lg1ly3j31anx92p0hynic1gjk417wwxphfdrb2cq1c19kj3r17"; + }; + } + { + goPackagePath = "golang.org/x/net"; fetch = { type = "git"; url = "https://go.googlesource.com/net"; - rev = "9ce7a6920f093fc0b908c4a5f66ae049110f417e"; - sha256 = "1kbs85jsqbv4v89ii2zam4b8dhmllhsrf46njmi09x0w6s0b9cbk"; + rev = "da9a3fd4c582"; + sha256 = "0iavs400534jn7drmdphx0f18vgg060p2r59xw5d85ji1l5rin1l"; + }; + } + { + goPackagePath = "golang.org/x/sync"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/sync"; + rev = "112230192c58"; + sha256 = "05i2k43j2d0llq768hg5pf3hb2yhfzp9la1w5wp0rsnnzblr0lfn"; }; } { - goPackagePath = "golang.org/x/sys"; + goPackagePath = "golang.org/x/sys"; fetch = { type = "git"; url = "https://go.googlesource.com/sys"; - rev = "d89cdac9e8725f2aefce25fcbfef41134c9ad412"; - sha256 = "0iazr13ir6i267nb2w81lc3pr740wdjs86nsliwpf90kkgzn853f"; + rev = "727590c5006e"; + sha256 = "0891pfmc73hyr6hrsq1mkk3lasxa8fz4vlnljnzz6yihmhz9ab6a"; }; } { - goPackagePath = "gopkg.in/sourcemap.v1"; + goPackagePath = "golang.org/x/text"; fetch = { type = "git"; - url = "https://github.com/go-sourcemap/sourcemap"; - rev = "6e83acea0053641eff084973fee085f0c193c61a"; + url = "https://go.googlesource.com/text"; + rev = "v0.3.2"; + sha256 = "0flv9idw0jm5nm8lx25xqanbkqgfiym6619w575p7nrdh0riqwqh"; + }; + } + { + goPackagePath = "golang.org/x/tools"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/tools"; + rev = "2ca718005c18"; + sha256 = "1nl4cw8vrfigab0hij86vl2mmhfmyim69r7vy5qk2v60g8frvgxg"; + }; + } + { + goPackagePath = "golang.org/x/xerrors"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/xerrors"; + rev = "a985d3407aa7"; + sha256 = "00wzr5w8aadipgc3rkk8f11i41znskfj9ix5nhhaxyg7isrslgcj"; + }; + } + { + goPackagePath = "gopkg.in/check.v1"; + fetch = { + type = "git"; + url = "https://gopkg.in/check.v1"; + rev = "788fd7840127"; + sha256 = "0v3bim0j375z81zrpr5qv42knqs0y2qv2vkjiqi5axvb78slki1a"; + }; + } + { + goPackagePath = "gopkg.in/errgo.v2"; + fetch = { + type = "git"; + url = "https://gopkg.in/errgo.v2"; + rev = "v2.1.0"; + sha256 = "065mbihiy7q67wnql0bzl9y1kkvck5ivra68254zbih52jxwrgr2"; + }; + } + { + goPackagePath = "gopkg.in/sourcemap.v1"; + fetch = { + type = "git"; + url = "https://gopkg.in/sourcemap.v1"; + rev = "v1.0.5"; sha256 = "08rf2dl13hbnm3fq2cm0nnsspy9fhf922ln23cz5463cv7h62as4"; }; } -] \ No newline at end of file + { + goPackagePath = "honnef.co/go/tools"; + fetch = { + type = "git"; + url = "https://github.com/dominikh/go-tools"; + rev = "v0.0.0-2019.2.1"; + sha256 = "1frpy4pl9yp6j00mjj2yss3k8hip0cc7b5i5mz61n3dlw0kga9z1"; + }; + } +] diff --git a/pkgs/tools/security/bitwarden/default.nix b/pkgs/tools/security/bitwarden/default.nix index d94e02c4adca..fbef98df82d7 100644 --- a/pkgs/tools/security/bitwarden/default.nix +++ b/pkgs/tools/security/bitwarden/default.nix @@ -16,11 +16,11 @@ let pname = "bitwarden"; version = { - x86_64-linux = "1.15.2"; + x86_64-linux = "1.16.6"; }.${system} or ""; sha256 = { - x86_64-linux = "0yz4hkqqwq2zrdjfxk5kybhs90n80k6bkn0625m47b09lwl2di4f"; + x86_64-linux = "074hqm4gjljc82nhn7h6wsd74567390018fi3v38g7jh7aph10jj"; }.${system} or ""; meta = with stdenv.lib; { @@ -51,7 +51,7 @@ let dontBuild = true; dontConfigure = true; - dontPatchElf = true; + dontPatchELF = true; dontWrapGApps = true; buildInputs = [ libsecret ] ++ atomEnv.packages; diff --git a/pkgs/tools/security/bitwarden_rs/vault.nix b/pkgs/tools/security/bitwarden_rs/vault.nix index 76b9f24224c1..51dde99bcf19 100644 --- a/pkgs/tools/security/bitwarden_rs/vault.nix +++ b/pkgs/tools/security/bitwarden_rs/vault.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "bitwarden_rs-vault"; - version = "2.11.0"; + version = "2.12.0"; src = fetchurl { url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - sha256 = "06f0rcpqhz5qjm01jbxx2czhnj9ng29rgsrilm5r5xx31s9dnhg7"; + sha256 = "064dxfplqn67grpx03ryzshwmr7s00w4mll0hk0anddviwvd8r1n"; }; buildCommand = '' diff --git a/pkgs/tools/security/chipsec/default.nix b/pkgs/tools/security/chipsec/default.nix index a32752f8b231..7b4c8cf68eb8 100644 --- a/pkgs/tools/security/chipsec/default.nix +++ b/pkgs/tools/security/chipsec/default.nix @@ -1,14 +1,14 @@ -{ stdenv, lib, fetchFromGitHub, python27Packages, nasm, libelf +{ stdenv, lib, fetchFromGitHub, pythonPackages, nasm, libelf , kernel ? null, withDriver ? false }: -python27Packages.buildPythonApplication rec { +pythonPackages.buildPythonApplication rec { name = "chipsec-${version}"; - version = "1.3.7"; + version = "1.4.1"; src = fetchFromGitHub { owner = "chipsec"; repo = "chipsec"; rev = version; - sha256 = "00hwhi5f24y429zazhm77l1pp31q7fmx7ks3sfm6d16v89zbcp9a"; + sha256 = "043gf21zygvrzvvkwv5xxpcv3ryj5m8klkgyhq0lnh6k594qrg77"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 54932e1200bf..de275b6c09a3 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "clamav"; - version = "0.101.4"; + version = "0.102.0"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - sha256 = "1kdw0b49hbvja6xn589v4f0q334wav16pmi1hibql5cxj7q99w0b"; + sha256 = "1qdyj4r39266bmbsd2nwyspm20k9wh3c30awrg8c54y78s61izj8"; }; # don't install sample config files into the absolute sysconfdir folder diff --git a/pkgs/tools/security/diceware/default.nix b/pkgs/tools/security/diceware/default.nix index 1c3d5f1d465f..07682eb22c51 100644 --- a/pkgs/tools/security/diceware/default.nix +++ b/pkgs/tools/security/diceware/default.nix @@ -15,6 +15,8 @@ buildPythonApplication rec { nativeBuildInputs = [ pytestrunner ]; + propagatedBuildInputs = [ setuptools ]; + checkInputs = [ coverage pytest ]; # see https://github.com/ulif/diceware/commit/a7d844df76cd4b95a717f21ef5aa6167477b6733 diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix index 49ceacadcb7d..2cf9b92745fd 100644 --- a/pkgs/tools/security/duo-unix/default.nix +++ b/pkgs/tools/security/duo-unix/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "duo-unix"; - version = "1.11.2"; + version = "1.11.3"; src = fetchurl { url = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz"; - sha256 = "11467kk8blg777vss0hsgz6k8f5m43p50zqs7yhx2sgbh9ygnn6y"; + sha256 = "097i2dsnbndpnyc4nx1j76qkx1bxwwlxnzmp1h3j4raghddgiq0g"; }; buildInputs = [ pam openssl zlib ]; diff --git a/pkgs/tools/security/efitools/default.nix b/pkgs/tools/security/efitools/default.nix index 8a64a019fef0..33b6c3b672da 100644 --- a/pkgs/tools/security/efitools/default.nix +++ b/pkgs/tools/security/efitools/default.nix @@ -26,6 +26,7 @@ stdenv.mkDerivation rec { sed -i -e 's#/usr/include/efi#${gnu-efi}/include/efi/#g' Make.rules sed -i -e 's#/usr/lib64/gnuefi#${gnu-efi}/lib/#g' Make.rules sed -i -e 's#$(DESTDIR)/usr#$(out)#g' Make.rules + substituteInPlace lib/console.c --replace "EFI_WARN_UNKOWN_GLYPH" "EFI_WARN_UNKNOWN_GLYPH" patchShebangs . ''; diff --git a/pkgs/tools/security/enpass/default.nix b/pkgs/tools/security/enpass/default.nix index 89e09a47858d..3cb5c1163e57 100644 --- a/pkgs/tools/security/enpass/default.nix +++ b/pkgs/tools/security/enpass/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, dpkg, xorg , glib, libGLU_combined, libpulseaudio, zlib, dbus, fontconfig, freetype , gtk3, pango -, makeWrapper , python, pythonPackages, lib +, makeWrapper , python2Packages, lib , lsof, curl, libuuid, cups, mesa }: @@ -84,9 +84,9 @@ let name = "enpass-update-script"; SCRIPT =./update_script.py; - buildInputs = with pythonPackages; [python requests pathlib2 six attrs ]; + buildInputs = with python2Packages; [python requests pathlib2 six attrs ]; shellHook = '' - exec python $SCRIPT --target pkgs/tools/security/enpass/data.json --repo ${baseUrl} + exec python $SCRIPT --target pkgs/tools/security/enpass/data.json --repo ${baseUrl} ''; }; diff --git a/pkgs/tools/security/fierce/default.nix b/pkgs/tools/security/fierce/default.nix index 809d8e29ea35..5d12a0008158 100644 --- a/pkgs/tools/security/fierce/default.nix +++ b/pkgs/tools/security/fierce/default.nix @@ -2,13 +2,13 @@ python3.pkgs.buildPythonApplication rec { pname = "fierce"; - version = "1.3.0"; + version = "1.4.0"; src = fetchFromGitHub { owner = "mschwager"; repo = pname; rev = version; - sha256 = "0cdp9rpabazyfnks30rsf3qfdi40z1bkspxk4ds9bm82kpq33jxy"; + sha256 = "11yaz8ap9swx95j3wpqh0b6jhw6spqgfnsyn1liw9zqi4jwgiax7"; }; propagatedBuildInputs = [ python3.pkgs.dns ]; diff --git a/pkgs/tools/security/fprintd/default.nix b/pkgs/tools/security/fprintd/default.nix index 84727f55b933..41a00306f695 100644 --- a/pkgs/tools/security/fprintd/default.nix +++ b/pkgs/tools/security/fprintd/default.nix @@ -1,26 +1,61 @@ { thinkpad ? false -, stdenv, fetchurl, pkgconfig, intltool, libfprint-thinkpad ? null -, libfprint ? null, glib, dbus-glib, polkit, nss, pam, systemd }: +, stdenv +, fetchurl +, fetchpatch +, pkgconfig +, intltool +, libfprint-thinkpad ? null +, libfprint ? null +, glib +, dbus-glib +, polkit +, nss +, pam +, systemd +, autoreconfHook +, gtk-doc +}: stdenv.mkDerivation rec { pname = "fprintd" + stdenv.lib.optionalString thinkpad "-thinkpad"; - version = "0.8.1"; + version = "0.9.0"; src = fetchurl { - url = "https://gitlab.freedesktop.org/libfprint/fprintd/uploads/bdd9f91909f535368b7c21f72311704a/fprintd-${version}.tar.xz"; - sha256 = "124s0g9syvglgsmqnavp2a8c0zcq8cyaph8p8iyvbla11vfizs9l"; + url = "https://gitlab.freedesktop.org/libfprint/fprintd/uploads/9dec4b63d1f00e637070be1477ce63c0/fprintd-${version}.tar.xz"; + sha256 = "182gcnwb6zjwmk0dn562rjmpbk7ac7dhipbfdhfic2sn1jzis49p"; }; - buildInputs = [ glib dbus-glib polkit nss pam systemd ] - ++ stdenv.lib.optional thinkpad libfprint-thinkpad - ++ stdenv.lib.optional (!thinkpad) libfprint; + patches = [ + (fetchpatch { + url = "https://gitlab.freedesktop.org/libfprint/fprintd/merge_requests/16.patch"; + sha256 = "1y39zsmxjll9hip8464qwhq5qg06c13pnafyafgxdph75lvhdll7"; + }) + ]; + + nativeBuildInputs = [ + intltool + pkgconfig + autoreconfHook # Drop with above patch + gtk-doc # Drop with above patch + ]; - nativeBuildInputs = [ pkgconfig intltool ]; + buildInputs = [ + glib + dbus-glib + polkit + nss + pam + systemd + ] + ++ stdenv.lib.optional thinkpad libfprint-thinkpad + ++ stdenv.lib.optional (!thinkpad) libfprint + ; - configureFlags = [ - "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" - "--localstatedir=/var" - "--sysconfdir=${placeholder "out"}/etc" + configureFlags = [ + # is hardcoded to /var/lib/fprint, this is for the StateDirectory install target + "--localstatedir=${placeholder "out"}/var" + "--sysconfdir=${placeholder "out"}/etc" + "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/gnome-keysign/default.nix b/pkgs/tools/security/gnome-keysign/default.nix index 04fa923ce2cc..2c216c0a4044 100644 --- a/pkgs/tools/security/gnome-keysign/default.nix +++ b/pkgs/tools/security/gnome-keysign/default.nix @@ -1,5 +1,6 @@ { stdenv , fetchFromGitLab +, fetchpatch , python3 , wrapGAppsHook , gobject-introspection @@ -11,22 +12,30 @@ python3.pkgs.buildPythonApplication rec { pname = "gnome-keysign"; - version = "1.0.1"; + version = "1.2.0"; src = fetchFromGitLab { domain = "gitlab.gnome.org"; owner = "GNOME"; repo = pname; rev = version; - sha256 = "0iy70dskd7wly37lpb2ypd9phhyml5j3c7rzajii4f2s7zgb3abg"; + sha256 = "1sjphi1lsivg9jmc8khbcqa9w6608pkrccz4nz3rlcc54hn0k0sj"; }; + patches = [ + # fix build failure due to missing import + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gnome-keysign/commit/216c3677e68960afc517edc00529323e85909323.patch"; + sha256 = "1w410gvcridbq26sry7fxn49v59ss2lc0w5ab7csva8rzs1nc990"; + }) + ]; + nativeBuildInputs = [ wrapGAppsHook gobject-introspection ] ++ (with python3.pkgs; [ Babel - lxml + babelgladeextractor ]); buildInputs = [ diff --git a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix new file mode 100644 index 000000000000..bc7cff99dc23 --- /dev/null +++ b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchurl, libgpgerror, libassuan, libgcrypt, pkcs11helper, + pkgconfig, openssl }: + +stdenv.mkDerivation rec { + pname = "gnupg-pkcs11-scd"; + version = "0.9.2"; + + src = fetchurl { + url = "https://github.com/alonbl/${pname}/releases/download/${pname}-${version}/${pname}-${version}.tar.bz2"; + sha256 = "sha256:1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx"; + }; + + buildInputs = [ pkcs11helper pkgconfig openssl ]; + + configureFlags = [ + "--with-libgpg-error-prefix=${libgpgerror.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + ]; + + meta = with stdenv.lib; { + description = "A smart-card daemon to enable the use of PKCS#11 tokens with GnuPG"; + longDescription = '' + gnupg-pkcs11 is a project to implement a BSD-licensed smart-card + daemon to enable the use of PKCS#11 tokens with GnuPG. + ''; + homepage = http://gnupg-pkcs11.sourceforge.net/; + license = licenses.bsd3; + maintainers = with maintainers; [ lschuermann philandstuff ]; + platforms = platforms.unix; + }; +} + diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix index 6336d319997f..ef348e388342 100644 --- a/pkgs/tools/security/gnupg/20.nix +++ b/pkgs/tools/security/gnupg/20.nix @@ -3,7 +3,7 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. -, pinentry ? null, guiSupport ? true +, pinentry ? null, guiSupport ? false , openldap ? null, bzip2 ? null, libusb ? null, curl ? null }: diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index 90bd55f55a23..e54a1e1c5db9 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -1,17 +1,17 @@ { fetchurl, fetchpatch, stdenv, pkgconfig, libgcrypt, libassuan, libksba -, libgpgerror, libiconv, npth, gettext, texinfo, pcsclite, sqlite -, buildPackages +, libgpgerror, libiconv, npth, gettext, texinfo, buildPackages # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. -, pinentry ? null, guiSupport ? true -, adns ? null, gnutls ? null, libusb ? null, openldap ? null -, readline ? null, zlib ? null, bzip2 ? null +, guiSupport ? true, enableMinimal ? false +, adns ? null , bzip2 ? null , gnutls ? null , libusb ? null , openldap ? null +, pcsclite ? null , pinentry ? null , readline ? null , sqlite ? null , zlib ? +null }: with stdenv.lib; -assert guiSupport -> pinentry != null; +assert guiSupport -> pinentry != null && enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; @@ -24,9 +24,9 @@ stdenv.mkDerivation rec { }; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ pkgconfig texinfo ]; buildInputs = [ - libgcrypt libassuan libksba libiconv npth gettext texinfo + libgcrypt libassuan libksba libiconv npth gettext readline libusb gnutls adns openldap zlib bzip2 sqlite ]; @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { postPatch = '' sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' \ configure doc/dirmngr.texi doc/gnupg.info-1 - '' + stdenv.lib.optionalString stdenv.isLinux '' + '' + stdenv.lib.optionalString ( stdenv.isLinux && pcsclite != null) '' sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( @@ -50,7 +50,14 @@ stdenv.mkDerivation rec { "--with-npth-prefix=${npth}" ] ++ optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; - postInstall = '' + postInstall = if enableMinimal + then '' + rm -r $out/{libexec,sbin,share} + for f in `find $out/bin -type f -not -name gpg` + do + rm $f + done + '' else '' mkdir -p $out/lib/systemd/user for f in doc/examples/systemd-user/*.{service,socket} ; do substitute $f $out/lib/systemd/user/$(basename $f) \ diff --git a/pkgs/tools/security/haka/default.nix b/pkgs/tools/security/haka/default.nix index bd7d356c1a0e..bfac54d2d860 100644 --- a/pkgs/tools/security/haka/default.nix +++ b/pkgs/tools/security/haka/default.nix @@ -30,6 +30,6 @@ stdenv.mkDerivation { homepage = http://www.haka-security.org/; license = stdenv.lib.licenses.mpl20; maintainers = [ stdenv.lib.maintainers.tvestelind ]; - platforms = stdenv.lib.platforms.linux; + platforms = [ "x86_64-linux" "i686-linux" ]; # fails on aarch64 }; } diff --git a/pkgs/tools/security/hcxtools/default.nix b/pkgs/tools/security/hcxtools/default.nix index 216d58192fbc..40e9ee03952b 100644 --- a/pkgs/tools/security/hcxtools/default.nix +++ b/pkgs/tools/security/hcxtools/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hcxtools"; - version = "5.2.0"; + version = "5.2.2"; src = fetchFromGitHub { owner = "ZerBea"; repo = pname; rev = version; - sha256 = "0k2qlq9hz5zc21nyc6yrnfqzga7hydn5mm0x3rpl2fhkwl81lxcn"; + sha256 = "0jschcjk9z9s3q2f7qcb4nmjmyipar3f0yqbrgmbg3jpgamahykn"; }; buildInputs = [ curl openssl zlib ]; diff --git a/pkgs/tools/security/john/default.nix b/pkgs/tools/security/john/default.nix index dd3a93be9950..fd5659e7f9db 100644 --- a/pkgs/tools/security/john/default.nix +++ b/pkgs/tools/security/john/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, openssl, nss, nspr, kerberos, gmp, zlib, libpcap, re2 -, gcc, pythonPackages, perl, perlPackages, makeWrapper +, gcc, python3Packages, perl, perlPackages, makeWrapper }: with stdenv.lib; @@ -33,8 +33,9 @@ stdenv.mkDerivation rec { ''; configureFlags = [ "--disable-native-macro" ]; - buildInputs = [ openssl nss nspr kerberos gmp zlib libpcap re2 gcc pythonPackages.wrapPython perl makeWrapper ]; - propagatedBuildInputs = (with pythonPackages; [ dpkt scapy lxml ]) ++ # For pcap2john.py + buildInputs = [ openssl nss nspr kerberos gmp zlib libpcap re2 ]; + nativeBuildInputs = [ gcc python3Packages.wrapPython perl makeWrapper ]; + propagatedBuildInputs = (with python3Packages; [ dpkt scapy lxml ]) ++ # For pcap2john.py (with perlPackages; [ DigestMD4 DigestSHA1 GetoptLong # For pass_gen.pl perlldap ]); # For sha-dump.pl # TODO: Get dependencies for radius2john.pl and lion2john-alt.pl @@ -46,11 +47,12 @@ stdenv.mkDerivation rec { NIX_CFLAGS_COMPILE = [ "-DJOHN_SYSTEMWIDE=1" ]; postInstall = '' - mkdir -p "$out/bin" "$out/etc/john" "$out/share/john" "$out/share/doc/john" + mkdir -p "$out/bin" "$out/etc/john" "$out/share/john" "$out/share/doc/john" "$out/share/john/rules" find -L ../run -mindepth 1 -maxdepth 1 -type f -executable \ -exec cp -d {} "$out/bin" \; cp -vt "$out/etc/john" ../run/*.conf cp -vt "$out/share/john" ../run/*.chr ../run/password.lst + cp -vt "$out/share/john/rules" ../run/rules/*.rule cp -vrt "$out/share/doc/john" ../doc/* ''; diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index 1a2b06ea41f9..97c8ffb89484 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -1,11 +1,12 @@ -{ stdenv, lib, buildGoPackage, fetchFromGitHub +{ stdenv, substituteAll, lib, buildGoPackage, fetchFromGitHub , AVFoundation, AudioToolbox, ImageIO, CoreMedia , Foundation, CoreGraphics, MediaToolbox +, gnupg }: buildGoPackage rec { pname = "keybase"; - version = "4.3.1"; + version = "5.0.0"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/keybase" ]; @@ -16,10 +17,18 @@ buildGoPackage rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - sha256 = "1743d7a7ix882yxz9pk230vdvdj46sbscqv4wqyhb0la2pl9jqdp"; + sha256 = "0cxxqmgp82qi2b1fljyfa38is94y8ghb2pd31nbyh8y4wnmi0x1s"; }; - buildInputs = lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ]; + patches = [ + (substituteAll { + src = ./fix-paths-keybase.patch; + gpg = "${gnupg}/bin/gpg"; + gpg2 = "${gnupg}/bin/gpg2"; + }) + ]; + + buildInputs = stdenv.lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ]; buildFlags = [ "-tags production" ]; meta = with stdenv.lib; { @@ -27,5 +36,6 @@ buildGoPackage rec { description = "The Keybase official command-line utility and service."; platforms = platforms.linux ++ platforms.darwin; maintainers = with maintainers; [ carlsverre np rvolosatovs ]; + license = licenses.bsd3; }; } diff --git a/pkgs/tools/security/keybase/fix-paths-kbfs.patch b/pkgs/tools/security/keybase/fix-paths-kbfs.patch new file mode 100644 index 000000000000..1180f38b865d --- /dev/null +++ b/pkgs/tools/security/keybase/fix-paths-kbfs.patch @@ -0,0 +1,48 @@ +diff --git a/go/kbfs/libfuse/mounter.go b/go/kbfs/libfuse/mounter.go +index d791ffc2..b116ad5d 100644 +--- a/go/kbfs/libfuse/mounter.go ++++ b/go/kbfs/libfuse/mounter.go +@@ -108,7 +108,7 @@ func (m *mounter) Unmount() (err error) { + case "darwin": + _, err = exec.Command("/sbin/umount", dir).Output() + case "linux": +- fusermountOutput, fusermountErr := exec.Command("fusermount", "-u", dir).CombinedOutput() ++ fusermountOutput, fusermountErr := exec.Command("@fusermount@", "-u", dir).CombinedOutput() + // Only clean up mountdir on a clean unmount. + if fusermountErr == nil { + m.log.Info("Successfully unmounted") +@@ -135,7 +135,7 @@ func (m *mounter) Unmount() (err error) { + "/usr/sbin/diskutil", "unmountDisk", "force", dir).Output() + case "linux": + // Lazy unmount; will unmount when KBFS is no longer in use. +- _, err = exec.Command("fusermount", "-u", "-z", dir).Output() ++ _, err = exec.Command("@fusermount@", "-u", "-z", dir).Output() + default: + err = errors.New("Forced unmount is not supported on this platform yet") + } +diff --git a/go/vendor/bazil.org/fuse/mount_linux.go b/go/vendor/bazil.org/fuse/mount_linux.go +index ec7fd89c..4d0a9e30 100644 +--- a/go/vendor/bazil.org/fuse/mount_linux.go ++++ b/go/vendor/bazil.org/fuse/mount_linux.go +@@ -196,7 +196,7 @@ func mount(dir string, conf *mountConfig, ready chan<- struct{}, _ *error) (fuse + defer readFile.Close() + + cmd := exec.Command( +- "fusermount", ++ "@fusermount@", + "-o", conf.getOptions(), + "--", + dir, +diff --git a/go/vendor/bazil.org/fuse/unmount_linux.go b/go/vendor/bazil.org/fuse/unmount_linux.go +index f02448af..6e4c6c23 100644 +--- a/go/vendor/bazil.org/fuse/unmount_linux.go ++++ b/go/vendor/bazil.org/fuse/unmount_linux.go +@@ -21,7 +21,7 @@ func unmount(dir string) error { + return sysunix.Unmount(dir, sysunix.MNT_DETACH) + } + +- cmd := exec.Command("fusermount", "-u", dir) ++ cmd := exec.Command("@fusermount@", "-u", dir) + output, err := cmd.CombinedOutput() + if err != nil { + if len(output) > 0 { diff --git a/pkgs/tools/security/keybase/fix-paths-keybase.patch b/pkgs/tools/security/keybase/fix-paths-keybase.patch new file mode 100644 index 000000000000..b3de7bbb530d --- /dev/null +++ b/pkgs/tools/security/keybase/fix-paths-keybase.patch @@ -0,0 +1,16 @@ +diff --git a/go/libkb/gpg_cli.go b/go/libkb/gpg_cli.go +index 3c7c6257..ae8f7e2f 100644 +--- a/go/libkb/gpg_cli.go ++++ b/go/libkb/gpg_cli.go +@@ -54,9 +54,9 @@ func (g *GpgCLI) Configure(mctx MetaContext) (err error) { + if len(prog) > 0 { + err = canExec(prog) + } else { +- prog, err = exec.LookPath("gpg2") ++ prog, err = exec.LookPath("@gpg2@") + if err != nil { +- prog, err = exec.LookPath("gpg") ++ prog, err = exec.LookPath("@gpg@") + } + } + if err != nil { diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix index 3954ec818b14..2ec97f882367 100644 --- a/pkgs/tools/security/keybase/gui.nix +++ b/pkgs/tools/security/keybase/gui.nix @@ -1,19 +1,19 @@ { stdenv, fetchurl, alsaLib, atk, cairo, cups, udev -, dbus, expat, fontconfig, freetype, gdk-pixbuf, glib, gtk3 +, dbus, expat, fontconfig, freetype, gdk-pixbuf, glib, gtk3, libappindicator-gtk3 , libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook , runtimeShell, gsettings-desktop-schemas }: let - versionSuffix = "20190813132700.6f497ec371"; + versionSuffix = "20191114203213.f73f97dac6"; in stdenv.mkDerivation rec { pname = "keybase-gui"; - version = "4.3.1"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "5.0.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - sha256 = "1mbbfy1aijqr8209jjja6dm2nzw721qqw94839df047rcwnd38pg"; + sha256 = "e175e52a6355d8359d66ef4b445981b572c513754329d5c7f75ad7bb14ec348f"; }; nativeBuildInputs = [ @@ -34,6 +34,7 @@ stdenv.mkDerivation rec { glib gsettings-desktop-schemas gtk3 + libappindicator-gtk3 libnotify nspr nss @@ -55,11 +56,12 @@ stdenv.mkDerivation rec { runtimeDependencies = [ udev.lib + libappindicator-gtk3 ]; dontBuild = true; dontConfigure = true; - dontPatchElf = true; + dontPatchELF = true; unpackPhase = '' ar xf $src diff --git a/pkgs/tools/security/keybase/kbfs.nix b/pkgs/tools/security/keybase/kbfs.nix index 9448182a65a7..93c7bd540d8a 100644 --- a/pkgs/tools/security/keybase/kbfs.nix +++ b/pkgs/tools/security/keybase/kbfs.nix @@ -1,4 +1,4 @@ -{ stdenv, buildGoPackage, fetchFromGitHub, keybase }: +{ stdenv, substituteAll, buildGoPackage, fetchFromGitHub, fuse, osxfuse, keybase }: buildGoPackage { pname = "kbfs"; @@ -10,6 +10,13 @@ buildGoPackage { dontRenameImports = true; + patches = [ + (substituteAll { + src = ./fix-paths-kbfs.patch; + fusermount = "${fuse}/bin/fusermount"; + }) + ]; + buildFlags = [ "-tags production" ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/keycard-cli/default.nix b/pkgs/tools/security/keycard-cli/default.nix new file mode 100644 index 000000000000..a76c102b2bb9 --- /dev/null +++ b/pkgs/tools/security/keycard-cli/default.nix @@ -0,0 +1,31 @@ +{ lib, buildGoPackage, fetchFromGitHub, pkgconfig, pcsclite }: + +buildGoPackage rec { + pname = "keycard-cli"; + version = "0.0.12"; + + goPackagePath = "github.com/status-im/keycard-cli"; + subPackages = [ "." ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ pcsclite ]; + + src = fetchFromGitHub { + owner = "status-im"; + repo = pname; + rev = version; + sha256 = "1jnbaq57i6i9bad1hcvd28mxfqq6v8rv806c6l74vlb79ff4v1wb"; + }; + + buildFlagsArray = [ + "-ldflags=" + "-X main.version=${version}" + ]; + + meta = with lib; { + description = "A command line tool and shell to manage keycards"; + homepage = "https://keycard.status.im"; + license = licenses.mpl20; + maintainers = [ maintainers.zimbatm ]; + }; +} diff --git a/pkgs/tools/security/kwalletcli/default.nix b/pkgs/tools/security/kwalletcli/default.nix index fedf3421fb1c..9356e2f53f94 100644 --- a/pkgs/tools/security/kwalletcli/default.nix +++ b/pkgs/tools/security/kwalletcli/default.nix @@ -1,5 +1,5 @@ { mkDerivation, fetchFromGitHub, lib, makeWrapper, pkgconfig -, kcoreaddons, ki18n, kwallet, mksh, pinentry_qt5 }: +, kcoreaddons, ki18n, kwallet, mksh, pinentry-qt }: mkDerivation rec { pname = "kwalletcli"; @@ -36,7 +36,7 @@ mkDerivation rec { postInstall = '' wrapProgram $out/bin/pinentry-kwallet \ - --prefix PATH : $out/bin:${lib.makeBinPath [ pinentry_qt5 ]} \ + --prefix PATH : $out/bin:${lib.makeBinPath [ pinentry-qt ]} \ --set-default PINENTRY pinentry-qt ''; diff --git a/pkgs/tools/security/lesspass-cli/default.nix b/pkgs/tools/security/lesspass-cli/default.nix index afcdf0c0a07a..76732170079c 100644 --- a/pkgs/tools/security/lesspass-cli/default.nix +++ b/pkgs/tools/security/lesspass-cli/default.nix @@ -2,14 +2,15 @@ let inherit (python3.pkgs) buildPythonApplication pytest mock pexpect; + repo = "lesspass"; in buildPythonApplication rec { pname = "lesspass-cli"; version = "9.0.0"; src = fetchFromGitHub { - owner = pname; - repo = pname; + owner = repo; + repo = repo; rev = version; sha256 = "1mdv0c0fn4d72iigy8hz4s7kf7q3pg4gjjadxwxyjwsalapnsapk"; }; diff --git a/pkgs/tools/security/mbox/default.nix b/pkgs/tools/security/mbox/default.nix index 24a7ea51a82c..1ef282b8b6eb 100644 --- a/pkgs/tools/security/mbox/default.nix +++ b/pkgs/tools/security/mbox/default.nix @@ -33,6 +33,7 @@ stdenv.mkDerivation { maintainers = with maintainers; [ ehmry ]; license = licenses.bsd3; platforms = [ "x86_64-linux" ]; + broken = true; }; } diff --git a/pkgs/tools/security/meo/default.nix b/pkgs/tools/security/meo/default.nix index 308b94231e76..19f51775ff24 100644 --- a/pkgs/tools/security/meo/default.nix +++ b/pkgs/tools/security/meo/default.nix @@ -30,5 +30,6 @@ stdenv.mkDerivation { license = stdenv.lib.licenses.agpl3Plus; maintainers = with stdenv.lib.maintainers; [viric]; platforms = with stdenv.lib.platforms; linux; + broken = true; }; } diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index 8b67e90f415c..8486f10bab05 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -28,7 +28,7 @@ in stdenv.mkDerivation rec { buildInputs = [ makeWrapper ]; - dontPatchelf = true; # stay away from exploit executables + dontPatchELF = true; # stay away from exploit executables installPhase = '' mkdir -p $out/{bin,share/msf} diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix index b4d5ddb267dc..97d032045b35 100644 --- a/pkgs/tools/security/monkeysphere/default.nix +++ b/pkgs/tools/security/monkeysphere/default.nix @@ -97,7 +97,7 @@ in stdenv.mkDerivation rec { familiar with, such as your web browser0 or secure shell. ''; license = licenses.gpl3Plus; - platforms = platforms.all; + platforms = platforms.linux; maintainers = with maintainers; [ primeos ]; }; } diff --git a/pkgs/tools/security/nsjail/default.nix b/pkgs/tools/security/nsjail/default.nix index 3f04d2764891..f1335a1ad1d7 100644 --- a/pkgs/tools/security/nsjail/default.nix +++ b/pkgs/tools/security/nsjail/default.nix @@ -4,14 +4,14 @@ stdenv.mkDerivation rec { pname = "nsjail"; - version = "2.8"; + version = "2.9"; src = fetchFromGitHub { owner = "google"; repo = "nsjail"; rev = version; fetchSubmodules = true; - sha256 = "0cgycj0cz74plmz4asxryqprg6mkzpmnxzqbfsp1wwackinxq5fq"; + sha256 = "0218n0qjb45fawqqfj3gdxgd0fw5k0vxn9iggi0ciljmr9zywkgh"; }; postPatch = '' diff --git a/pkgs/tools/security/nwipe/default.nix b/pkgs/tools/security/nwipe/default.nix index caaa5eba86a9..62d7fb3b34a3 100644 --- a/pkgs/tools/security/nwipe/default.nix +++ b/pkgs/tools/security/nwipe/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchFromGitHub, ncurses, parted, automake, autoconf, pkgconfig }: stdenv.mkDerivation rec { - version = "0.25"; + version = "0.26"; pname = "nwipe"; src = fetchFromGitHub { owner = "martijnvanbrummelen"; repo = "nwipe"; rev = "v${version}"; - sha256 = "1hx041arw82k814g9r8dqsfi736mj5nlzp2zpi8n2qfqfc1q8nir"; + sha256 = "072gg7hafq4vncpgm62yswshg6qgbi9mg2hl0p22c7if908p4vaa"; }; nativeBuildInputs = [ automake autoconf pkgconfig ]; buildInputs = [ ncurses parted ]; diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index e5611f8b2671..4f220ee7717e 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -22,6 +22,16 @@ stdenv.mkDerivation rec { url = "https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9.patch"; sha256 = "1y42lmz8i9w99hgpakdncnv8f94cqjfabz0v4xg6wfz9akl3ff7d"; }) + (fetchpatch { + name = "CVE-2019-15945.patch"; + url = "https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68.patch"; + sha256 = "088i2i1fkvdxnywmb54bn4283vhbxx6i2632b34ss5dh7k080hp7"; + }) + (fetchpatch { + name = "CVE-2019-15946.patch"; + url = "https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740.patch"; + sha256 = "1qr9n8cbarrdn4kr5z0ys7flq50hfmcbm8584mhw7r39p08qwmvq"; + }) ]; nativeBuildInputs = [ pkgconfig autoreconfHook ]; diff --git a/pkgs/tools/security/ossec/default.nix b/pkgs/tools/security/ossec/default.nix index 7231f6821daf..2b52099e70b3 100644 --- a/pkgs/tools/security/ossec/default.nix +++ b/pkgs/tools/security/ossec/default.nix @@ -31,8 +31,8 @@ yes ''; meta = { - description = "Open soruce host-based instrusion detection system"; - homepage = http://www.ossec.net; + description = "Open source host-based instrusion detection system"; + homepage = https://www.ossec.net; license = stdenv.lib.licenses.gpl2; platforms = stdenv.lib.platforms.linux; }; diff --git a/pkgs/tools/security/pass/clip-wayland-support.patch b/pkgs/tools/security/pass/clip-wayland-support.patch new file mode 100644 index 000000000000..7b8d2eb010d2 --- /dev/null +++ b/pkgs/tools/security/pass/clip-wayland-support.patch @@ -0,0 +1,113 @@ +From b0b784b1a57c0b06936e6f5d6560712b4b810cd3 Mon Sep 17 00:00:00 2001 +From: Brett Cornwall <brett@i--b.com> +Date: Wed, 27 Feb 2019 00:08:33 -0700 +Subject: clip: Add support for wl-clipboard + +Edited to properly apply with +`set-correct-program-name-for-sleep.patch`. + +--- + README | 4 +++- + man/pass.1 | 5 +++++ + src/password-store.sh | 26 +++++++++++++++++++++----- + 3 files changed, 29 insertions(+), 6 deletions(-) + +diff --git a/README b/README +index 6b59965..1a46242 100644 +--- a/README ++++ b/README +@@ -19,8 +19,10 @@ Depends on: + http://www.gnupg.org/ + - git + http://www.git-scm.com/ +-- xclip ++- xclip (for X11 environments) + http://sourceforge.net/projects/xclip/ ++- wl-clipboard (for wlroots Wayland-based environments) ++ https://github.com/bugaevc/wl-clipboard + - tree >= 1.7.0 + http://mama.indstate.edu/users/ice/tree/ + - GNU getopt +diff --git a/man/pass.1 b/man/pass.1 +index 01a3fbe..a555dcb 100644 +--- a/man/pass.1 ++++ b/man/pass.1 +@@ -99,6 +99,8 @@ Decrypt and print a password named \fIpass-name\fP. If \fI--clip\fP or \fI-c\fP + is specified, do not print the password but instead copy the first (or otherwise specified) + line to the clipboard using + .BR xclip (1) ++or ++.BR wl-clipboard(1) + and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP) seconds. If \fI--qrcode\fP + or \fI-q\fP is specified, do not print the password but instead display a QR code using + .BR qrencode (1) +@@ -132,6 +134,8 @@ in generating passwords can be changed with the \fIPASSWORD_STORE_CHARACTER_SET\ + If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy + it to the clipboard using + .BR xclip (1) ++or ++.BR wl-clipboard(1) + and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP) seconds. If \fI--qrcode\fP + or \fI-q\fP is specified, do not print the password but instead display a QR code using + .BR qrencode (1) +@@ -466,6 +470,7 @@ The location of the text editor used by \fBedit\fP. + .BR tr (1), + .BR git (1), + .BR xclip (1), ++.BR wl-clipboard (1), + .BR qrencode (1). + + .SH AUTHOR +diff --git a/src/password-store.sh b/src/password-store.sh +index d89d455..284eabf 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -152,16 +152,32 @@ check_sneaky_paths() { + # + + clip() { ++ if [[ -n $WAYLAND_DISPLAY ]]; then ++ local copy_cmd=( wl-copy ) ++ local paste_cmd=( wl-paste -n ) ++ if [[ $X_SELECTION == primary ]]; then ++ copy_cmd+=( --primary ) ++ paste_cmd+=( --primary ) ++ fi ++ local display_name="$WAYLAND_DISPLAY" ++ elif [[ -n $DISPLAY ]]; then ++ local copy_cmd=( xclip -selection "$X_SELECTION" ) ++ local paste_cmd=( xclip -o -selection "$X_SELECTION" ) ++ local display_name="$DISPLAY" ++ else ++ die "Error: No X11 or Wayland display detected" ++ fi ++ local sleep_argv0="password store sleep on display $display_name" ++ + # This base64 business is because bash cannot store binary data in a shell + # variable. Specifically, it cannot store nulls nor (non-trivally) store + # trailing new lines. +- local sleep_argv0="password store sleep on display $DISPLAY" + pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 +- local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | $BASE64)" +- echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" ++ local before="$("${paste_cmd[@]}" 2>/dev/null | $BASE64)" ++ echo -n "$1" | "${copy_cmd[@]}" || die "Error: Could not copy data to the clipboard" + ( + ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") ) +- local now="$(xclip -o -selection "$X_SELECTION" | $BASE64)" ++ local now="$("${paste_cmd[@]}" | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + + # It might be nice to programatically check to see if klipper exists, +@@ -173,7 +189,7 @@ clip() { + # so we axe it here: + qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory &>/dev/null + +- echo "$before" | $BASE64 -d | xclip -selection "$X_SELECTION" ++ echo "$before" | $BASE64 -d | "${copy_cmd[@]}" + ) >/dev/null 2>&1 & disown + echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." + } +-- +cgit v1.2.1-28-gf32c + diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index aeb838c05765..5d0e94bc803e 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -4,6 +4,7 @@ , xclip ? null, xdotool ? null, dmenu ? null , x11Support ? !stdenv.isDarwin +, waylandSupport ? false, wl-clipboard ? null # For backwards-compatibility , tombPluginSupport ? false @@ -15,6 +16,8 @@ assert x11Support -> xclip != null && xdotool != null && dmenu != null; +assert waylandSupport -> wl-clipboard != null; + let passExtensions = import ./extensions { inherit pkgs; }; @@ -37,8 +40,11 @@ let sha256 = "1x53k5dn3cdmvy8m4fqdld4hji5n676ksl0ql4armkmsds26av1b"; }; - patches = [ ./set-correct-program-name-for-sleep.patch - ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; + patches = [ ./set-correct-program-name-for-sleep.patch ] + ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch + # TODO (@Ma27) this patch adds support for wl-clipboard and can be removed during the next + # version bump. + ++ stdenv.lib.optional waylandSupport ./clip-wayland-support.patch; nativeBuildInputs = [ makeWrapper ]; @@ -67,7 +73,8 @@ let qrencode procps ] ++ optional stdenv.isDarwin openssl - ++ ifEnable x11Support [ dmenu xclip xdotool ]); + ++ ifEnable x11Support [ dmenu xclip xdotool ] + ++ optional waylandSupport wl-clipboard); postFixup = '' # Link extensions env diff --git a/pkgs/tools/security/pass/extensions/checkup.nix b/pkgs/tools/security/pass/extensions/checkup.nix new file mode 100644 index 000000000000..83a1d7a8872d --- /dev/null +++ b/pkgs/tools/security/pass/extensions/checkup.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub +, curl, findutils, gnugrep, gnused }: + +stdenv.mkDerivation rec { + pname = "pass-checkup"; + version = "0.2.0"; + + src = fetchFromGitHub { + owner = "etu"; + repo = "pass-checkup"; + rev = version; + sha256 = "17fyf8zj535fg43yddjww1jhxfb3nbdkn622wjxaai2nf46jzh7y"; + }; + + patchPhase = '' + substituteInPlace checkup.bash \ + --replace curl ${curl}/bin/curl \ + --replace find ${findutils}/bin/find \ + --replace grep ${gnugrep}/bin/grep \ + --replace sed ${gnused}/bin/sed + ''; + + installPhase = '' + install -D -m755 checkup.bash $out/lib/password-store/extensions/checkup.bash + ''; + + meta = with stdenv.lib; { + description = "A pass extension to check against the Have I been pwned API to see if your passwords are publicly leaked or not"; + homepage = "https://github.com/etu/pass-checkup"; + license = licenses.gpl3; + maintainers = with maintainers; [ etu ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/tools/security/pass/extensions/default.nix b/pkgs/tools/security/pass/extensions/default.nix index 96d79a8daceb..6eb321229e00 100644 --- a/pkgs/tools/security/pass/extensions/default.nix +++ b/pkgs/tools/security/pass/extensions/default.nix @@ -6,6 +6,7 @@ with pkgs; pass-audit = callPackage ./audit.nix { pythonPackages = python3Packages; }; + pass-checkup = callPackage ./checkup.nix {}; pass-import = callPackage ./import.nix { pythonPackages = python3Packages; }; diff --git a/pkgs/tools/security/pass/extensions/genphrase.nix b/pkgs/tools/security/pass/extensions/genphrase.nix index c031c59e3f63..187852e8b55a 100644 --- a/pkgs/tools/security/pass/extensions/genphrase.nix +++ b/pkgs/tools/security/pass/extensions/genphrase.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pass-genphrase"; - version = "0.1"; + version = "0.2"; src = fetchFromGitHub { owner = "congma"; repo = "pass-genphrase"; rev = version; - sha256 = "0vcg3b79n1r949qfn8ns85bq2mfsmbf4jw2dlzif8425n8ppfsgd"; + sha256 = "1sdkmz5s6wdx4vdlgqf5kmyrm17zwzy3n52s13qpx32bnnajap1h"; }; dontBuild = true; diff --git a/pkgs/tools/security/pass/extensions/import.nix b/pkgs/tools/security/pass/extensions/import.nix index 9d9d36fd0d90..90e3105bbd80 100644 --- a/pkgs/tools/security/pass/extensions/import.nix +++ b/pkgs/tools/security/pass/extensions/import.nix @@ -1,34 +1,51 @@ -{ stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper }: +{ stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper, fetchpatch }: let - pythonEnv = pythonPackages.python.withPackages (p: [ p.defusedxml ]); + pythonEnv = pythonPackages.python.withPackages (p: [ + p.defusedxml + p.setuptools + p.pyaml + ]); in stdenv.mkDerivation rec { pname = "pass-import"; - version = "2.3"; + version = "2.6"; src = fetchFromGitHub { owner = "roddhjav"; repo = "pass-import"; rev = "v${version}"; - sha256 = "1209aqkiqqbir5yzwk5jvyk8c1fyrsj9igr3n4banf347rlwmzfv"; + sha256 = "1q8rln4djh2z8j2ycm654df5y6anm5iv2r19spgy07c3fnisxlac"; }; nativeBuildInputs = [ makeWrapper ]; buildInputs = [ pythonEnv ]; - patchPhase = '' + patches = [ + # https://github.com/roddhjav/pass-import/pull/91 + (fetchpatch { + url = "https://github.com/roddhjav/pass-import/commit/6ccaf639e92df45bd400503757ae4aa2c5c030d7.patch"; + sha256 = "0lw9vqvbqcy96s7v7nz0i1bdx93x7qr13azymqypcdhjwmq9i63h"; + }) + ]; + + postPatch = '' sed -i -e 's|$0|${pass}/bin/pass|' import.bash ''; dontBuild = true; - installFlags = [ "PREFIX=$(out)" ]; + installFlags = [ + "PREFIX=$(out)" + "BASHCOMPDIR=$(out)/etc/bash_completion.d" + ]; postFixup = '' + install -D pass_import.py $out/${pythonPackages.python.sitePackages}/pass_import.py wrapProgram $out/lib/password-store/extensions/import.bash \ --prefix PATH : "${pythonEnv}/bin" \ + --prefix PYTHONPATH : "$out/${pythonPackages.python.sitePackages}" \ --run "export PREFIX" ''; diff --git a/pkgs/tools/security/pdfcrack/default.nix b/pkgs/tools/security/pdfcrack/default.nix index c235c98b9719..bf8f014bcfd1 100644 --- a/pkgs/tools/security/pdfcrack/default.nix +++ b/pkgs/tools/security/pdfcrack/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pdfcrack"; - version = "0.17"; + version = "0.18"; src = fetchurl { url = "mirror://sourceforge/pdfcrack/pdfcrack/pdfcrack-${version}.tar.gz"; - sha256 = "15hfxwr9yfzkx842p0jjdjnjarny6qc5fwcpy2f6lnq047pb26sn"; + sha256 = "035s3jzrs3ci0i53x04dzpqp9225c4s52cd722d6zqra5b2sw8w2"; }; installPhase = '' diff --git a/pkgs/tools/security/pinentry/autoconf-ar.patch b/pkgs/tools/security/pinentry/autoconf-ar.patch new file mode 100644 index 000000000000..6f531cfce325 --- /dev/null +++ b/pkgs/tools/security/pinentry/autoconf-ar.patch @@ -0,0 +1,35 @@ +diff -ur a/configure.ac b/configure.ac +--- a/configure.ac 2019-09-14 11:30:11.584847746 +0000 ++++ b/configure.ac 2019-09-14 11:31:26.692355265 +0000 +@@ -81,6 +81,7 @@ + AC_PROG_CPP + AC_PROG_INSTALL + AC_PROG_RANLIB ++AC_CHECK_TOOL(AR, ar) + # We need to check for cplusplus here because we may not do the test + # for Qt and autoconf does does not allow that. + AC_PROG_CXX +diff -ur a/pinentry/Makefile.in b/pinentry/Makefile.in +--- a/pinentry/Makefile.in 2017-12-03 17:43:23.000000000 +0000 ++++ b/pinentry/Makefile.in 2019-09-14 11:32:02.532000236 +0000 +@@ -113,7 +113,7 @@ + CONFIG_CLEAN_FILES = + CONFIG_CLEAN_VPATH_FILES = + LIBRARIES = $(noinst_LIBRARIES) +-AR = ar ++AR = @AR@ + ARFLAGS = cru + AM_V_AR = $(am__v_AR_@AM_V@) + am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@) +diff -ur a/secmem/Makefile.in b/secmem/Makefile.in +--- a/secmem/Makefile.in 2017-12-03 17:43:23.000000000 +0000 ++++ b/secmem/Makefile.in 2019-09-14 11:31:58.764934552 +0000 +@@ -113,7 +113,7 @@ + CONFIG_CLEAN_FILES = + CONFIG_CLEAN_VPATH_FILES = + LIBRARIES = $(noinst_LIBRARIES) +-AR = ar ++AR = @AR@ + ARFLAGS = cru + AM_V_AR = $(am__v_AR_@AM_V@) + am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@) diff --git a/pkgs/tools/security/pinentry/default.nix b/pkgs/tools/security/pinentry/default.nix index 25e018de6276..87edc914131d 100644 --- a/pkgs/tools/security/pinentry/default.nix +++ b/pkgs/tools/security/pinentry/default.nix @@ -1,58 +1,93 @@ -{ fetchurl, fetchpatch, stdenv, lib, pkgconfig -, libgpgerror, libassuan -, libcap ? null, libsecret ? null, ncurses ? null, gtk2 ? null, gcr ? null -, qt4 ? null, qt5 ? null -, enableEmacs ? false +{ fetchurl, mkDerivation, fetchpatch, stdenv, lib, pkgconfig, autoreconfHook, wrapGAppsHook +, libgpgerror, libassuan, qtbase, wrapQtAppsHook +, ncurses, gtk2, gcr +, libcap ? null, libsecret ? null +, enabledFlavors ? [ "curses" "tty" "gtk2" "qt" "gnome3" "emacs" ] }: -assert qt5 != null -> qt4 == null; -assert qt4 != null -> qt5 == null; +with stdenv.lib; + +assert isList enabledFlavors && enabledFlavors != []; let - mkDerivation = - if qt5 != null - then qt5.mkDerivation + pinentryMkDerivation = + if (builtins.elem "qt" enabledFlavors) + then mkDerivation else stdenv.mkDerivation; + + mkFlag = pfxTrue: pfxFalse: cond: name: + "--${if cond then pfxTrue else pfxFalse}-${name}"; + mkEnable = mkFlag "enable" "disable"; + mkWith = mkFlag "with" "without"; + + mkEnablePinentry = f: + let + info = flavorInfo.${f}; + flag = flavorInfo.${f}.flag or null; + in + optionalString (flag != null) + (mkEnable (elem f enabledFlavors) ("pinentry-" + flag)); + + flavorInfo = { + curses = { bin = "curses"; flag = "curses"; buildInputs = [ ncurses ]; }; + tty = { bin = "tty"; flag = "tty"; }; + gtk2 = { bin = "gtk-2"; flag = "gtk2"; buildInputs = [ gtk2 ]; }; + gnome3 = { bin = "gnome3"; flag = "gnome3"; buildInputs = [ gcr ]; nativeBuildInputs = [ wrapGAppsHook ]; }; + qt = { bin = "qt"; flag = "qt"; buildInputs = [ qtbase ]; nativeBuildInputs = [ wrapQtAppsHook ]; }; + emacs = { bin = "emacs"; flag = "emacs"; buildInputs = []; }; + }; + in -mkDerivation rec { - name = "pinentry-1.1.0"; +pinentryMkDerivation rec { + pname = "pinentry"; + version = "1.1.0"; src = fetchurl { - url = "mirror://gnupg/pinentry/${name}.tar.bz2"; + url = "mirror://gnupg/pinentry/${pname}-${version}.tar.bz2"; sha256 = "0w35ypl960pczg5kp6km3dyr000m1hf0vpwwlh72jjkjza36c1v8"; }; - nativeBuildInputs = [ pkgconfig ]; - buildInputs = - [ libgpgerror libassuan libcap libsecret gtk2 gcr ncurses qt4 ] - ++ stdenv.lib.optional (qt5 != null) qt5.qtbase; + nativeBuildInputs = [ pkgconfig autoreconfHook ] + ++ concatMap(f: flavorInfo.${f}.nativeBuildInputs or []) enabledFlavors; + buildInputs = [ libgpgerror libassuan libcap libsecret ] + ++ concatMap(f: flavorInfo.${f}.buildInputs or []) enabledFlavors; - prePatch = '' - substituteInPlace pinentry/pinentry-curses.c --replace ncursesw ncurses - ''; + dontWrapGApps = true; + dontWrapQtApps = true; - patches = lib.optionals (gtk2 != null) [ + patches = [ + ./autoconf-ar.patch + ] ++ optionals (elem "gtk2" enabledFlavors) [ (fetchpatch { - url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/" - + "0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch"; + url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch"; sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd"; }) ]; configureFlags = [ - (stdenv.lib.withFeature (libcap != null) "libcap") - (stdenv.lib.enableFeature (libsecret != null) "libsecret") - (stdenv.lib.enableFeature (ncurses != null) "pinentry-curses") - (stdenv.lib.enableFeature true "pinentry-tty") - (stdenv.lib.enableFeature enableEmacs "pinentry-emacs") - (stdenv.lib.enableFeature (gtk2 != null) "pinentry-gtk2") - (stdenv.lib.enableFeature (gcr != null) "pinentry-gnome3") - (stdenv.lib.enableFeature (qt4 != null || qt5 != null) "pinentry-qt") - - "--with-libassuan-prefix=${libassuan.dev}" - "--with-libgpg-error-prefix=${libgpgerror.dev}" - ]; + (mkWith (libcap != null) "libcap") + (mkEnable (libsecret != null) "libsecret") + ] ++ (map mkEnablePinentry (attrNames flavorInfo)); + + postInstall = + concatStrings (flip map enabledFlavors (f: + let + binary = "pinentry-" + flavorInfo.${f}.bin; + in '' + moveToOutput bin/${binary} ${placeholder f} + ln -sf ${placeholder f}/bin/${binary} ${placeholder f}/bin/pinentry + '' + optionalString (f == "gnome3") '' + wrapGApp ${placeholder f}/bin/${binary} + '' + optionalString (f == "qt") '' + wrapQtApp ${placeholder f}/bin/${binary} + '')) + '' + ln -sf ${placeholder (head enabledFlavors)}/bin/pinentry-${flavorInfo.${head enabledFlavors}.bin} $out/bin/pinentry + ''; + + outputs = [ "out" ] ++ enabledFlavors; + + passthru = { flavors = enabledFlavors; }; meta = with stdenv.lib; { homepage = http://gnupg.org/aegypten2/; @@ -63,6 +98,6 @@ mkDerivation rec { Pinentry provides a console and (optional) GTK and Qt GUIs allowing users to enter a passphrase when `gpg' or `gpg2' is run and needs it. ''; - maintainers = [ maintainers.ttuegel ]; + maintainers = with maintainers; [ ttuegel fpletz ]; }; } diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix index 41faa375f83d..4238fc5be334 100644 --- a/pkgs/tools/security/rng-tools/default.nix +++ b/pkgs/tools/security/rng-tools/default.nix @@ -1,13 +1,12 @@ { stdenv, fetchFromGitHub, libtool, autoreconfHook, pkgconfig , sysfsutils +, argp-standalone # WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS # https://www.nist.gov/programs-projects/nist-randomness-beacon , curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source , libgcrypt ? null, withGcrypt ? true - # Not sure if jitterentropy is safe to use for cryptography - # and thus a default entropy source -, jitterentropy ? null, withJitterEntropy ? false +, jitterentropy ? null, withJitterEntropy ? true , libp11 ? null, opensc ? null, withPkcs11 ? true }: @@ -15,18 +14,16 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "rng-tools"; - version = "6.7"; + version = "6.8"; src = fetchFromGitHub { owner = "nhorman"; repo = "rng-tools"; rev = "v${version}"; - sha256 = "19f75m6mzg8h7b4snzg7d6ypvkz6nq32lrpi9ja95gqz4wsd18a5"; + sha256 = "1clm9i9xg3j79q0d6vinn6dx0nwh1fvzcmkqpcbay7mwsgkknvw2"; }; postPatch = '' - cp README.md README - ${optionalString withPkcs11 '' substituteInPlace rngd.c \ --replace /usr/lib64/opensc-pkcs11.so ${opensc}/lib/opensc-pkcs11.so @@ -42,25 +39,27 @@ stdenv.mkDerivation rec { (withFeature withPkcs11 "pkcs11") ]; + # argp-standalone is only used when libc lacks argp parsing (musl) buildInputs = [ sysfsutils ] + ++ optionals stdenv.hostPlatform.isx86_64 [ argp-standalone ] ++ optionals withGcrypt [ libgcrypt ] ++ optionals withJitterEntropy [ jitterentropy ] ++ optionals withNistBeacon [ curl libxml2 openssl ] ++ optionals withPkcs11 [ libp11 openssl ]; - # This shouldn't be necessary but is as of 6.7 - NIX_LDFLAGS = optionalString withPkcs11 "-lcrypto"; - enableParallelBuilding = true; # For cross-compilation makeFlags = [ "AR:=$(AR)" ]; + doCheck = true; + preCheck = "patchShebangs tests/*.sh"; + meta = { description = "A random number generator daemon"; homepage = https://github.com/nhorman/rng-tools; license = licenses.gpl2Plus; platforms = platforms.linux; - maintainers = with maintainers; [ johnazoidberg ]; + maintainers = with maintainers; [ johnazoidberg c0bw3b ]; }; } diff --git a/pkgs/tools/security/scrypt/default.nix b/pkgs/tools/security/scrypt/default.nix index 2ca4c1df18c4..66313b536499 100644 --- a/pkgs/tools/security/scrypt/default.nix +++ b/pkgs/tools/security/scrypt/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "scrypt"; - version = "1.2.1"; + version = "1.3.0"; src = fetchurl { url = "https://www.tarsnap.com/scrypt/${pname}-${version}.tgz"; - sha256 = "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6"; + sha256 = "0j17yfrpi2bk5cawb4a4mzpv1vadqxh956hx0pa1gqfisknk8c16"; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/security/sequoia/default.nix b/pkgs/tools/security/sequoia/default.nix index 9d6928abf86f..21403225aad2 100644 --- a/pkgs/tools/security/sequoia/default.nix +++ b/pkgs/tools/security/sequoia/default.nix @@ -9,16 +9,16 @@ assert pythonSupport -> pythonPackages != null; rustPlatform.buildRustPackage rec { pname = "sequoia"; - version = "0.10.0"; + version = "0.11.0"; src = fetchFromGitLab { owner = "sequoia-pgp"; repo = pname; rev = "v${version}"; - sha256 = "0gvczghyik56jlnb8cz7jg2l3nbm519gf19g7l5blxci3009v23d"; + sha256 = "1k0pr3vn77fpfzyvbg7xb4jwm6srsiws9bsd8q7i3hl6j56a880i"; }; - cargoSha256 = "0dk9sjcbmygbdpwqnah5krli1p9j5hahgiqrca9c0kfpfiwgx62q"; + cargoSha256 = "15bhg7b88rq8p0bn6y5wwv2l42kqb1qyx2s3kw0r0v0wadf823q3"; nativeBuildInputs = [ pkgconfig @@ -87,5 +87,6 @@ rustPlatform.buildRustPackage rec { license = licenses.gpl3; maintainers = with maintainers; [ minijackson doronbehar ]; platforms = platforms.all; + broken = stdenv.targetPlatform.isDarwin; }; } diff --git a/pkgs/tools/security/sops/default.nix b/pkgs/tools/security/sops/default.nix index fcc455422148..8aa2e219e7df 100644 --- a/pkgs/tools/security/sops/default.nix +++ b/pkgs/tools/security/sops/default.nix @@ -1,20 +1,20 @@ -{ stdenv, buildGoPackage, fetchFromGitHub }: +{ stdenv, buildGoModule, fetchFromGitHub }: -buildGoPackage rec { +buildGoModule rec { pname = "sops"; - version = "3.3.1"; - - goPackagePath = "go.mozilla.org/sops"; + version = "3.5.0"; src = fetchFromGitHub { - rev = version; + rev = "v${version}"; owner = "mozilla"; repo = pname; - sha256 = "0jbrz3yz6cj08h8cx6y98m8r0lpclh9367cw5apy6w3v71i3svfi"; + sha256 = "1515bk0fl0pvdkp402l51gdg63bmqlh89sglss6prc1qqvv5v2xy"; }; + modSha256 = "0vhxd3dschj5i9sig6vpxzbl59cas1qa843akzmjnfjrrafb916y"; + meta = with stdenv.lib; { - inherit (src.meta) homepage; + homepage = "https://github.com/mozilla/sops"; description = "Mozilla sops (Secrets OPerationS) is an editor of encrypted files"; maintainers = [ maintainers.marsam ]; license = licenses.mpl20; diff --git a/pkgs/tools/security/step-cli/default.nix b/pkgs/tools/security/step-cli/default.nix new file mode 100644 index 000000000000..0ecd3bc82532 --- /dev/null +++ b/pkgs/tools/security/step-cli/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "step-cli"; + version = "0.13.3"; + + goPackagePath = "github.com/smallstep/cli"; + + src = fetchFromGitHub { + owner = "smallstep"; + repo = "cli"; + rev = "v${version}"; + sha256 = "0b5hk9a8yq1nyh8m1gmf28yiha95xwsc4dk321g84hvai7g47pbr"; + }; + + goDeps = ./deps.nix; + + meta = with lib; { + description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc"; + homepage = https://smallstep.com/cli/; + license = licenses.asl20; + maintainers = with maintainers; [ xfix ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/pkgs/tools/security/step-cli/deps.nix b/pkgs/tools/security/step-cli/deps.nix new file mode 100644 index 000000000000..bae1ba070a69 --- /dev/null +++ b/pkgs/tools/security/step-cli/deps.nix @@ -0,0 +1,453 @@ +# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix) +[ + { + goPackagePath = "github.com/AndreasBriese/bbloom"; + fetch = { + type = "git"; + url = "https://github.com/AndreasBriese/bbloom"; + rev = "e2d15f34fcf99d5dbb871c820ec73f710fca9815"; + sha256 = "05kkrsmpragy69bj6s80pxlm3pbwxrkkx7wgk0xigs6y2n6ylpds"; + }; + } + { + goPackagePath = "github.com/ThomasRooney/gexpect"; + fetch = { + type = "git"; + url = "https://github.com/ThomasRooney/gexpect"; + rev = "5482f03509440585d13d8f648989e05903001842"; + sha256 = "04zan78ndabxlwsw2hdcqbz32435pw2s04ljza07jlxnxzjp4kws"; + }; + } + { + goPackagePath = "github.com/asaskevich/govalidator"; + fetch = { + type = "git"; + url = "https://github.com/asaskevich/govalidator"; + rev = "ccb8e960c48f04d6935e72476ae4a51028f9e22f"; + sha256 = "1sih4yb6fqmdp5g6594yyida0qm7dvvqcfvf8pgikydkxyqb8g0k"; + }; + } + { + goPackagePath = "github.com/boombuler/barcode"; + fetch = { + type = "git"; + url = "https://github.com/boombuler/barcode"; + rev = "3cfea5ab600ae37946be2b763b8ec2c1cf2d272d"; + sha256 = "1fzb8wz1ny2sc78g9rm0bcm80pgwvkm2k6lmim2sb4jgm1j3sajd"; + }; + } + { + goPackagePath = "github.com/chzyer/readline"; + fetch = { + type = "git"; + url = "https://github.com/chzyer/readline"; + rev = "2972be24d48e78746da79ba8e24e8b488c9880de"; + sha256 = "104q8dazj8yf6b089jjr82fy9h1g80zyyzvp3g8b44a7d8ngjj6r"; + }; + } + { + goPackagePath = "github.com/corpix/uarand"; + fetch = { + type = "git"; + url = "https://github.com/corpix/uarand"; + rev = "2b8494104d86337cdd41d0a49cbed8e4583c0ab4"; + sha256 = "06ml5m8l9wbr96gvyg6z1syawn797f8kmq74nhgry3vqpngyb6yn"; + }; + } + { + goPackagePath = "github.com/davecgh/go-spew"; + fetch = { + type = "git"; + url = "https://github.com/davecgh/go-spew"; + rev = "8991bc29aa16c548c550c7ff78260e27b9ab7c73"; + sha256 = "0hka6hmyvp701adzag2g26cxdj47g21x6jz4sc6jjz1mn59d474y"; + }; + } + { + goPackagePath = "github.com/dgraph-io/badger"; + fetch = { + type = "git"; + url = "https://github.com/dgraph-io/badger"; + rev = "391b6d3b93e6014fe8c2971fcc0c1266e47dbbd9"; + sha256 = "13zyd6irxagwfv4azgmpk2qg8f80plhxrcjl8x89jzsjkl0a0pkx"; + }; + } + { + goPackagePath = "github.com/dgryski/go-farm"; + fetch = { + type = "git"; + url = "https://github.com/dgryski/go-farm"; + rev = "6a90982ecee230ff6cba02d5bd386acc030be9d3"; + sha256 = "1x3l4jgps0v1bjvd446kj4dp0ckswjckxgrng9afm275ixnf83ix"; + }; + } + { + goPackagePath = "github.com/go-chi/chi"; + fetch = { + type = "git"; + url = "https://github.com/go-chi/chi"; + rev = "0ebf7795c516423a110473652e9ba3a59a504863"; + sha256 = "18hwj6vni19ykp3bsmg9ggnl6y2hawym0vbsigdgx8craqbp7jb1"; + }; + } + { + goPackagePath = "github.com/go-sql-driver/mysql"; + fetch = { + type = "git"; + url = "https://github.com/go-sql-driver/mysql"; + rev = "72cd26f257d44c1114970e19afddcd812016007e"; + sha256 = "1fvsvwc1v2i0gqn01mynvi1shp5xm0xaym6xng09fcbqb56lbjx1"; + }; + } + { + goPackagePath = "github.com/golang/protobuf"; + fetch = { + type = "git"; + url = "https://github.com/golang/protobuf"; + rev = "b5d812f8a3706043e23a9cd5babf2e5423744d30"; + sha256 = "15am4s4646qy6iv0g3kkqq52rzykqjhm4bf08dk0fy2r58knpsyl"; + }; + } + { + goPackagePath = "github.com/google/certificate-transparency-go"; + fetch = { + type = "git"; + url = "https://github.com/google/certificate-transparency-go"; + rev = "3629d6846518309d22c16fee15d1007262a459d2"; + sha256 = "16vsq7dd2kbbk3vwlrhm3jrlg5kq16wf4iz6d1gnyc32s5fcy9d7"; + }; + } + { + goPackagePath = "github.com/icrowley/fake"; + fetch = { + type = "git"; + url = "https://github.com/icrowley/fake"; + rev = "4178557ae428460c3780a381c824a1f3aceb6325"; + sha256 = "1mv4bxfphaqbvacy49v4lf4gf2nmadzpmjq0jbdx93wi5bnkc977"; + }; + } + { + goPackagePath = "github.com/juju/ansiterm"; + fetch = { + type = "git"; + url = "https://github.com/juju/ansiterm"; + rev = "720a0952cc2ac777afc295d9861263e2a4cf96a1"; + sha256 = "0n6j0y7xhashp8gdkdl0r7vlbkdrkymrzxn9hxrx522k2isggs7h"; + }; + } + { + goPackagePath = "github.com/kballard/go-shellquote"; + fetch = { + type = "git"; + url = "https://github.com/kballard/go-shellquote"; + rev = "95032a82bc518f77982ea72343cc1ade730072f0"; + sha256 = "1rspvmnsikdq95jmx3dykxd4k1rmgl98ryjrysvl0cf18hl1vq80"; + }; + } + { + goPackagePath = "github.com/konsorten/go-windows-terminal-sequences"; + fetch = { + type = "git"; + url = "https://github.com/konsorten/go-windows-terminal-sequences"; + rev = "5c8c8bd35d3832f5d134ae1e1e375b69a4d25242"; + sha256 = "1lchgf27n276vma6iyxa0v1xds68n2g8lih5lavqnx5x6q5pw2ip"; + }; + } + { + goPackagePath = "github.com/kr/pty"; + fetch = { + type = "git"; + url = "https://github.com/kr/pty"; + rev = "db8e3cd836b82e82e0a9c8edc6896967dd31374f"; + sha256 = "0knzlvndfgjm2k23vhp2xj1cv3fm31vbg5b20gdl1vnxk7rh549h"; + }; + } + { + goPackagePath = "github.com/lunixbochs/vtclean"; + fetch = { + type = "git"; + url = "https://github.com/lunixbochs/vtclean"; + rev = "2d01aacdc34a083dca635ba869909f5fc0cd4f41"; + sha256 = "1ss88dyx5hr4imvpg5lixvp0cf7c2qm4x9m8mdgshjpm92g5rqmf"; + }; + } + { + goPackagePath = "github.com/manifoldco/promptui"; + fetch = { + type = "git"; + url = "https://github.com/manifoldco/promptui"; + rev = "157c96fb638a14d268b305cf2012582431fcc410"; + sha256 = "0zha48i5f529q4j1qycybdzza4l9706hijiqws36ikd5jzg8i7wz"; + }; + } + { + goPackagePath = "github.com/mattn/go-colorable"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-colorable"; + rev = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"; + sha256 = "1nwjmsppsjicr7anq8na6md7b1z84l9ppnlr045hhxjvbkqwalvx"; + }; + } + { + goPackagePath = "github.com/mattn/go-isatty"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-isatty"; + rev = "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c"; + sha256 = "0zs92j2cqaw9j8qx1sdxpv3ap0rgbs0vrvi72m40mg8aa36gd39w"; + }; + } + { + goPackagePath = "github.com/mmcloughlin/avo"; + fetch = { + type = "git"; + url = "https://github.com/mmcloughlin/avo"; + rev = "2e7d06bc7ada2979f17ccf8ebf486dba23b84fc7"; + sha256 = "0fna1hhg193zy428lkj24a8853g3qviqs2c9xi96mji6ldprna5d"; + }; + } + { + goPackagePath = "github.com/newrelic/go-agent"; + fetch = { + type = "git"; + url = "https://github.com/newrelic/go-agent"; + rev = "f5bce3387232559bcbe6a5f8227c4bf508dac1ba"; + sha256 = "1zbp1cqhxp0sz3faymam6h1f91r1gl8dnnjx7qg8r06bd5fbzllb"; + }; + } + { + goPackagePath = "github.com/pkg/errors"; + fetch = { + type = "git"; + url = "https://github.com/pkg/errors"; + rev = "ba968bfe8b2f7e042a574c888954fccecfa385b4"; + sha256 = "0g5qcb4d4fd96midz0zdk8b9kz8xkzwfa8kr1cliqbg8sxsy5vd1"; + }; + } + { + goPackagePath = "github.com/pmezard/go-difflib"; + fetch = { + type = "git"; + url = "https://github.com/pmezard/go-difflib"; + rev = "792786c7400a136282c1664665ae0a8db921c6c2"; + sha256 = "0c1cn55m4rypmscgf0rrb88pn58j3ysvc2d0432dp3c6fqg6cnzw"; + }; + } + { + goPackagePath = "github.com/pquerna/otp"; + fetch = { + type = "git"; + url = "https://github.com/pquerna/otp"; + rev = "b7b89250c468c06871d3837bee02e2d5c155ae19"; + sha256 = "0gsl9rh8awira21z6cj26c6swasskx03z66q72yjc1mpbvyg6han"; + }; + } + { + goPackagePath = "github.com/rs/xid"; + fetch = { + type = "git"; + url = "https://github.com/rs/xid"; + rev = "15d26544def341f036c5f8dca987a4cbe575032c"; + sha256 = "1vgw1dikqw273awcci6pzifs7shkl5ah4l88j1zjbnpgbiwzlx9j"; + }; + } + { + goPackagePath = "github.com/samfoo/ansi"; + fetch = { + type = "git"; + url = "https://github.com/samfoo/ansi"; + rev = "b6bd2ded7189ce35bc02233b554eb56a5146af73"; + sha256 = "0sw2d7c6l2ry34x0n4j37ydr8s7hxnax76yh6n35gb2g6f1h46sz"; + }; + } + { + goPackagePath = "github.com/shurcooL/sanitized_anchor_name"; + fetch = { + type = "git"; + url = "https://github.com/shurcooL/sanitized_anchor_name"; + rev = "86672fcb3f950f35f2e675df2240550f2a50762f"; + sha256 = "142m507s9971cl8qdmbcw7sqxnkgi3xqd8wzvfq15p0w7w8i4a3h"; + }; + } + { + goPackagePath = "github.com/sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/sirupsen/logrus"; + rev = "ad15b42461921f1fb3529b058c6786c6a45d5162"; + sha256 = "02xdfcp4f6dqvpavwf1vvr794qgz2fx8929paam7wnvcxy7ib606"; + }; + } + { + goPackagePath = "github.com/smallstep/assert"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/assert"; + rev = "de77670473b5492f5d0bce155b5c01534c2d13f7"; + sha256 = "15z2b4qyylnwgq2pzlaxsdabqxh8dbna4ddprk9rzmsvnfkpds16"; + }; + } + { + goPackagePath = "github.com/smallstep/certificates"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/certificates"; + rev = "effb490d276f33b8cdab661df8b57a8ded67e082"; + sha256 = "1i76bbm4rbpv4cw2ln36v0x74jjkss6j8pdh49hfvb75j2n32790"; + }; + } + { + goPackagePath = "github.com/smallstep/certinfo"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/certinfo"; + rev = "78e21b44234ef6ddeb58f5e8aad2ed09975b694a"; + sha256 = "0zrxql9173vzn7zirv4299j0vw2mzwknivrg8rzhdbkhvbfiql9q"; + }; + } + { + goPackagePath = "github.com/smallstep/nosql"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/nosql"; + rev = "a0934e12468769d8cbede3ed316c47a4b88de4ca"; + sha256 = "08bg0sgrhkzflyl0ybi8v2vmk8bfk5pmcyfrizpxssyql7k27fam"; + }; + } + { + goPackagePath = "github.com/smallstep/truststore"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/truststore"; + rev = "e16045d94a61ca04b60d5d246da3117e7eeb1ecf"; + sha256 = "15cv3dkn2npf6rwhkb575sdq089rf70rha8wrym4ygc8rjbgwbab"; + }; + } + { + goPackagePath = "github.com/smallstep/zcrypto"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/zcrypto"; + rev = "6bab21fcaafc3d150cf793b6d5f25fe32f49c80e"; + sha256 = "129az7k556lmnhh14ayrwzrp1y205zdgwk3rj1xcmgisx5irliqp"; + }; + } + { + goPackagePath = "github.com/smallstep/zlint"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/zlint"; + rev = "d84eaafe274f9dc1f811ebfbb073e18c466e2a44"; + sha256 = "1xm7b1wvbify20vk9f3kmgmi5mnj5x2z3czc0r4zylcqcwwjkfd6"; + }; + } + { + goPackagePath = "github.com/stretchr/testify"; + fetch = { + type = "git"; + url = "https://github.com/stretchr/testify"; + rev = "f35b8ab0b5a2cef36673838d662e249dd9c94686"; + sha256 = "0dlszlshlxbmmfxj5hlwgv3r22x0y1af45gn1vd198nvvs3pnvfs"; + }; + } + { + goPackagePath = "github.com/urfave/cli"; + fetch = { + type = "git"; + url = "https://github.com/urfave/cli"; + rev = "b67dcf995b6a7b7f14fad5fcb7cc5441b05e814b"; + sha256 = "0n5vq4nydlhb7w12jiwphvxqdy4jwpxc3zwlxyhf05lq1nxfb56h"; + }; + } + { + goPackagePath = "github.com/weppos/publicsuffix-go"; + fetch = { + type = "git"; + url = "https://github.com/weppos/publicsuffix-go"; + rev = "386050f8211b04c965721c3591e7d96650a1ea86"; + sha256 = "17nvc0m0azm418w4mcyk7r1qcik0099vjpn455ia0lxhbqbl701b"; + }; + } + { + goPackagePath = "go.etcd.io/bbolt"; + fetch = { + type = "git"; + url = "https://github.com/etcd-io/bbolt"; + rev = "63597a96ec0ad9e6d43c3fc81e809909e0237461"; + sha256 = "13d5l6p6c5wvkr6vn9hkhz9c593qifn7fgx0hg4d6jcvg1y0bnm2"; + }; + } + { + goPackagePath = "golang.org/x/crypto"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/crypto"; + rev = "4d3f4d9ffa16a13f451c3b2999e9c49e9750bf06"; + sha256 = "0sbsgjm6wqa162ssrf1gnpv62ak5wjn1bn8v7sxwwfg8a93z1028"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "c44066c5c816ec500d459a2a324a753f78531ae0"; + sha256 = "0mgww74bl15d0jvsh4f3qr1ckjzb8icb8hn0mgs5ppa0b2fgpc4f"; + }; + } + { + goPackagePath = "golang.org/x/sys"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/sys"; + rev = "9b800f95dbbc54abff0acf7ee32d88ba4e328c89"; + sha256 = "07v3l7q7y59cwvw0mc85i39v7qjcc1jh4svwi789rmrqqm5nq7q6"; + }; + } + { + goPackagePath = "golang.org/x/text"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/text"; + rev = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"; + sha256 = "0r6x6zjzhr8ksqlpiwm5gdd7s209kwk5p4lw54xjvz10cs3qlq19"; + }; + } + { + goPackagePath = "golang.org/x/tools"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/tools"; + rev = "3a10b9bf0a52df7e992a8c3eb712a86d3c896c75"; + sha256 = "19f3dijcc54jnd7458jab2dgpd0gzccmv2qympd9wi8cc8jpnhws"; + }; + } + { + goPackagePath = "google.golang.org/appengine"; + fetch = { + type = "git"; + url = "https://github.com/golang/appengine"; + rev = "54a98f90d1c46b7731eb8fb305d2a321c30ef610"; + sha256 = "0l7mkdnwhidv8m686x432vmx8z5nqcrr9f46ddgvrxbh4wvyfcll"; + }; + } + { + goPackagePath = "gopkg.in/square/go-jose.v2"; + fetch = { + type = "git"; + url = "https://github.com/square/go-jose"; + rev = "730df5f748271903322feb182be83b43ebbbe27d"; + sha256 = "11r93g9xrcjqj7qvq8sbd5hy5rnbpmim0vdsp6rbav8gl7wimaa3"; + }; + } + { + goPackagePath = "howett.net/plist"; + fetch = { + type = "git"; + url = "https://gitlab.howett.net/go/plist.git"; + rev = "591f970eefbbeb04d7b37f334a0c4c3256e32876"; + sha256 = "1gr74rf6m8bgayf6mxcfaxb3cc49ldlhydzqfafx7di5nds5hxk9"; + }; + } +] diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index 9714943b30d5..a0922f4df738 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -5,14 +5,14 @@ }: stdenv.mkDerivation rec { - name = "sudo-1.8.27"; + name = "sudo-1.8.29"; src = fetchurl { urls = [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" ]; - sha256 = "1h1f7v9pv0rzp14cxzv8kaa8mdd717fbqv83l7c5dvvi8jwnisvv"; + sha256 = "0z4wyadh9cks17gdpfgx4kvbrlnyb6nai2sd6chk7qh4jsngylyf"; }; prePatch = '' @@ -48,7 +48,7 @@ stdenv.mkDerivation rec { #define _PATH_MV "${coreutils}/bin/mv" EOF makeFlags="install_uid=$(id -u) install_gid=$(id -g)" - installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy" + installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/" ''; nativeBuildInputs = [ groff ]; diff --git a/pkgs/tools/security/thc-hydra/default.nix b/pkgs/tools/security/thc-hydra/default.nix index 252d73b479b6..aa36901e46b9 100644 --- a/pkgs/tools/security/thc-hydra/default.nix +++ b/pkgs/tools/security/thc-hydra/default.nix @@ -1,30 +1,37 @@ -{ stdenv, lib, fetchurl, zlib, openssl, ncurses, libidn, pcre, libssh, mysql, postgresql +{ stdenv, lib, fetchFromGitHub, zlib, openssl, ncurses, libidn, pcre, libssh, libmysqlclient, postgresql , withGUI ? false, makeWrapper, pkgconfig, gtk2 }: -let - makeDirs = output: subDir: pkgs: lib.concatStringsSep " " (map (path: lib.getOutput output path + "/" + subDir) pkgs); - -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { pname = "thc-hydra"; - version = "8.5"; + version = "9.0"; - src = fetchurl { - url = "http://www.thc.org/releases/hydra-${version}.tar.gz"; - sha256 = "0vfx6xwmw0r7nd0s232y7rckcj58fc1iqjgp4s56rakpz22b4yjm"; + src = fetchFromGitHub { + owner = "vanhauser-thc"; + repo = "thc-hydra"; + rev = "v${version}"; + sha256 = "09d2f55wky1iabnl871d4r6dyyvr8zhp47d9j1p6d0pvdv93kl4z"; }; - preConfigure = '' + postPatch = let + makeDirs = output: subDir: lib.concatStringsSep " " (map (path: lib.getOutput output path + "/" + subDir) buildInputs); + in '' substituteInPlace configure \ - --replace "\$LIBDIRS" "${makeDirs "lib" "lib" buildInputs}" \ - --replace "\$INCDIRS" "${makeDirs "dev" "include" buildInputs}" \ + --replace '$LIBDIRS' "${makeDirs "lib" "lib"}" \ + --replace '$INCDIRS' "${makeDirs "dev" "include"}" \ --replace "/usr/include/math.h" "${lib.getDev stdenv.cc.libc}/include/math.h" \ --replace "libcurses.so" "libncurses.so" \ --replace "-lcurses" "-lncurses" ''; nativeBuildInputs = lib.optionals withGUI [ pkgconfig makeWrapper ]; - buildInputs = [ zlib openssl ncurses libidn pcre libssh mysql.connector-c postgresql ] - ++ lib.optional withGUI gtk2; + + buildInputs = [ + zlib openssl ncurses libidn pcre libssh libmysqlclient postgresql + ] ++ lib.optional withGUI gtk2; + + enableParallelBuilding = true; + + DATADIR = "/share/${pname}"; postInstall = lib.optionalString withGUI '' wrapProgram $out/bin/xhydra \ @@ -33,9 +40,9 @@ in stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "A very fast network logon cracker which support many different services"; + homepage = "https://www.thc.org/thc-hydra/"; license = licenses.agpl3; - homepage = https://www.thc.org/thc-hydra/; - maintainers = with maintainers; [offline]; + maintainers = with maintainers; [ offline ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/theharvester/default.nix b/pkgs/tools/security/theharvester/default.nix index 4a1e92e6104a..4153ddafbf48 100644 --- a/pkgs/tools/security/theharvester/default.nix +++ b/pkgs/tools/security/theharvester/default.nix @@ -1,40 +1,36 @@ -{ stdenv, fetchFromGitHub, makeWrapper, python3Packages }: +{ lib, fetchFromGitHub, python3 }: -stdenv.mkDerivation rec { +python3.pkgs.buildPythonApplication rec { pname = "theHarvester"; - version = "3.0.6"; + version = "3.1"; src = fetchFromGitHub { owner = "laramies"; repo = pname; - rev = version; - sha256 = "0f33a7sfb5ih21yp1wspb03fxsls1m14yizgrw0srfirm2a6aa0c"; + rev = "V${version}"; + sha256 = "0lxzxfa9wbzim50d2jmd27i57szd0grm1dfayhnym86jn01qpvn3"; }; - nativeBuildInputs = [ makeWrapper ]; + propagatedBuildInputs = with python3.pkgs; [ + aiodns beautifulsoup4 dns grequests netaddr + plotly pyyaml requests retrying shodan texttable + ]; - # add dependencies - propagatedBuildInputs = with python3Packages; [ requests beautifulsoup4 plotly ]; + checkInputs = [ python3.pkgs.pytest ]; - installPhase = '' - # create dirs - mkdir -p $out/share/${pname} $out/bin + checkPhase = "runHook preCheck ; pytest tests/test_myparser.py ; runHook postCheck"; + # We don't run other tests (discovery modules) because they require network access - # move project code - mv * $out/share/${pname}/ - - # make project runnable - chmod +x $out/share/${pname}/theHarvester.py - ln -s $out/share/${pname}/theHarvester.py $out/bin - - wrapProgram "$out/bin/theHarvester.py" --prefix PYTHONPATH : $out/share/${pname}:$PYTHONPATH - ''; - - meta = with stdenv.lib; { + meta = with lib; { description = "Gather E-mails, subdomains and names from different public sources"; + longDescription = '' + theHarvester is a very simple, yet effective tool designed to be used in the early + stages of a penetration test. Use it for open source intelligence gathering and + helping to determine an entity's external threat landscape on the internet. The tool + gathers emails, names, subdomains, IPs, and URLs using multiple public data sources. + ''; homepage = "https://github.com/laramies/theHarvester"; - platforms = platforms.all; - maintainers = with maintainers; [ treemo ]; + maintainers = with maintainers; [ c0bw3b treemo ]; license = licenses.gpl2; }; } diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 249ff435c5fc..527c8064bac5 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.1.5"; + version = "0.4.1.6"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "0984jb6hdcc10f7aq8xzl7l4jf93skp45wkv2v63z4zv0nvf0r58"; + sha256 = "0wgdid8w7srd218hh4rwslzdx2ickxw1pg18p2wry1r6wi65521a"; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/security/tpm2-abrmd/default.nix b/pkgs/tools/security/tpm2-abrmd/default.nix new file mode 100644 index 000000000000..84dafca4e0c4 --- /dev/null +++ b/pkgs/tools/security/tpm2-abrmd/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, lib +, tpm2-tss, pkgconfig, glib, which, dbus, cmocka }: + +stdenv.mkDerivation rec { + pname = "tpm2-abrmd"; + version = "2.2.0"; + + src = fetchurl { + url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; + sha256 = "1lbfhyyh9k54r8s1h8ca2czxv4hg0yq984kdh3vqh3990aca0x9a"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + tpm2-tss glib which dbus cmocka + ]; + + # Unit tests are currently broken as the check phase attempts to start a dbus daemon etc. + #configureFlags = [ "--enable-unit" ]; + doCheck = false; + + meta = with lib; { + description = "TPM2 resource manager, accessible via D-Bus"; + homepage = https://github.com/tpm2-software/tpm2-tools; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ lschuermann ]; + }; +} diff --git a/pkgs/tools/security/tpm2-tools/default.nix b/pkgs/tools/security/tpm2-tools/default.nix index 1a6c8aaaa5d2..03347f5f7874 100644 --- a/pkgs/tools/security/tpm2-tools/default.nix +++ b/pkgs/tools/security/tpm2-tools/default.nix @@ -1,24 +1,36 @@ { stdenv, fetchurl, lib -, cmocka, curl, pandoc, pkgconfig, openssl, tpm2-tss }: +, pandoc, pkgconfig, makeWrapper, curl, openssl, tpm2-tss +, abrmdSupport ? true, tpm2-abrmd ? null }: stdenv.mkDerivation rec { pname = "tpm2-tools"; - version = "3.2.0"; + version = "4.0.1"; src = fetchurl { url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "057gg84zly6gjp6ypj6bv6zzmnr77cqsygl8x0147cylwa1ywydd"; + sha256 = "zOw/ymNwNBoQLFwu8d205c0kK/G7xsUdlp93/HjKZ9E="; }; - nativeBuildInputs = [ pandoc pkgconfig ]; + nativeBuildInputs = [ pandoc pkgconfig makeWrapper ]; buildInputs = [ curl openssl tpm2-tss - # For unit tests. - cmocka ]; - configureFlags = [ "--enable-unit" ]; - doCheck = true; + preFixup = let + ldLibraryPath = lib.makeLibraryPath ([ + tpm2-tss + ] ++ (lib.optional abrmdSupport tpm2-abrmd)); + in '' + for bin in $out/bin/*; do + wrapProgram $bin \ + --suffix LD_LIBRARY_PATH : "${ldLibraryPath}" + done + ''; + + + # Unit tests disabled, as they rely on a dbus session + #configureFlags = [ "--enable-unit" ]; + doCheck = false; meta = with lib; { description = "Command line tools that provide access to a TPM 2.0 compatible device"; diff --git a/pkgs/tools/security/trousers/default.nix b/pkgs/tools/security/trousers/default.nix index 6f7fed20c89d..a38c011d7a49 100644 --- a/pkgs/tools/security/trousers/default.nix +++ b/pkgs/tools/security/trousers/default.nix @@ -2,13 +2,15 @@ stdenv.mkDerivation rec { pname = "trousers"; - version = "0.3.13"; + version = "0.3.14"; src = fetchurl { url = "mirror://sourceforge/trousers/trousers/${version}/${pname}-${version}.tar.gz"; - sha256 = "1lvnla1c1ig2w3xvvrqg2w9qm7a1ygzy1j2gg8j7p8c87i58x45v"; + sha256 = "0iwgsbrbb7nfqgl61x8aailwxm8akxh9gkcwxhsvf50x4qx72l6f"; }; + sourceRoot = "."; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ openssl ]; @@ -16,21 +18,14 @@ stdenv.mkDerivation rec { configureFlags = [ "--disable-usercheck" ]; - # Attempt to remove -std=gnu89 when updating if using gcc5 - NIX_CFLAGS_COMPILE = "-std=gnu89 -DALLOW_NON_TSS_CONFIG_FILE"; - NIX_LDFLAGS = "-lgcc_s"; - - # Fix broken libtool file - preFixup = stdenv.lib.optionalString (!stdenv.isDarwin) '' - sed 's,-lcrypto,-L${openssl.out}/lib -lcrypto,' -i $out/lib/libtspi.la - ''; + NIX_CFLAGS_COMPILE = [ "-DALLOW_NON_TSS_CONFIG_FILE" ]; + enableParallelBuilding = true; meta = with stdenv.lib; { description = "Trusted computing software stack"; homepage = http://trousers.sourceforge.net/; - license = licenses.cpl10; + license = licenses.bsd3; maintainers = [ maintainers.ak ]; platforms = platforms.linux; }; } - diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index c0fa221c9691..1e5a16e19582 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -1,17 +1,19 @@ -{ stdenv, fetchFromGitHub, buildGoModule }: +{ stdenv, fetchFromGitHub, buildGoPackage }: -buildGoModule rec { +buildGoPackage rec { pname = "vault"; - version = "1.2.2"; + version = "1.3.0"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "1xljm7xmb4ldg3wx8s9kw1spffg4ywk4r1jqfa743czd2xxmqavl"; + sha256 = "0ayvmqg4fj9cliwbl4pb12mailq7062j3f9v8arpv6x5r4hydlpy"; }; - modSha256 = "13pr3piv6hrsc562qagpn1h5wckiziyfqraj13172hdglz3n2i7q"; + goPackagePath = "github.com/hashicorp/vault"; + + subPackages = [ "." ]; buildFlagsArray = [ "-tags='vault'" @@ -19,8 +21,8 @@ buildGoModule rec { ]; postInstall = '' - mkdir -p $out/share/bash-completion/completions - echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault + mkdir -p $bin/share/bash-completion/completions + echo "complete -C $bin/bin/vault vault" > $bin/share/bash-completion/completions/vault ''; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/verifpal/default.nix b/pkgs/tools/security/verifpal/default.nix index 3b72cf3bd53e..95afb580d4e1 100644 --- a/pkgs/tools/security/verifpal/default.nix +++ b/pkgs/tools/security/verifpal/default.nix @@ -1,24 +1,28 @@ -{ lib, fetchFromGitHub, buildGoPackage, pigeon }: +{ lib +, fetchgit +, buildGoPackage +, pigeon +}: + buildGoPackage rec { pname = "verifpal"; - version = "0.2"; + version = "0.7.5"; goPackagePath = "github.com/SymbolicSoft/verifpal"; goDeps = ./deps.nix; - src = fetchFromGitHub { - owner = "SymbolicSoft"; - repo = pname; + src = fetchgit { + url = "https://source.symbolic.software/verifpal/verifpal.git"; rev = version; - sha256 = "08a0xvgg94k6vq91ylvgi97kpkjbw0rw172v2dzwl2rfpzkigk1r"; + sha256 = "0njgn6j5qg5kgid6ddv23axhw5gwjbayhdjkj4ya08mnxndr284m"; }; + nativeBuildInputs = [ pigeon ]; + postPatch = '' sed -e 's|/bin/echo |echo |g' -i Makefile ''; - buildInputs = [ pigeon ]; - buildPhase = '' make -C go/src/$goPackagePath parser linux ''; @@ -33,6 +37,6 @@ buildGoPackage rec { description = "Cryptographic protocol analysis for students and engineers"; maintainers = with lib.maintainers; [ zimbatm ]; license = with lib.licenses; [ gpl3 ]; - platforms = ["x86_64-linux"]; + platforms = [ "x86_64-linux" ]; }; } diff --git a/pkgs/tools/security/vulnix/default.nix b/pkgs/tools/security/vulnix/default.nix index 2f7986c128b5..809787508f6f 100644 --- a/pkgs/tools/security/vulnix/default.nix +++ b/pkgs/tools/security/vulnix/default.nix @@ -1,18 +1,18 @@ -{ stdenv, pythonPackages, nix, ronn }: +{ stdenv, python3Packages, nix, ronn }: -pythonPackages.buildPythonApplication rec { +python3Packages.buildPythonApplication rec { pname = "vulnix"; - version = "1.8.2"; + version = "1.9.2"; - src = pythonPackages.fetchPypi { + src = python3Packages.fetchPypi { inherit pname version; - sha256 = "0zn21j15vd1z7s40s45zr5wri3r770yvazxqmm60fqpzc5sg552y"; + sha256 = "06mi4a80g6nzvqxj51c7lc0q0dpdr603ly2r77ksf5m3k4glb6dm"; }; outputs = [ "out" "doc" "man" ]; nativeBuildInputs = [ ronn ]; - checkInputs = with pythonPackages; [ + checkInputs = with python3Packages; [ freezegun pytest pytestcov @@ -21,12 +21,12 @@ pythonPackages.buildPythonApplication rec { propagatedBuildInputs = [ nix - ] ++ (with pythonPackages; [ + ] ++ (with python3Packages; [ click colorama - lxml pyyaml requests + setuptools toml zodb ]); @@ -46,8 +46,8 @@ pythonPackages.buildPythonApplication rec { meta = with stdenv.lib; { description = "NixOS vulnerability scanner"; - homepage = https://github.com/flyingcircusio/vulnix; + homepage = "https://github.com/flyingcircusio/vulnix"; license = licenses.bsd3; - maintainers = with maintainers; [ ckauhaus plumps ]; + maintainers = with maintainers; [ ckauhaus ]; }; } diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix index ccebb2dbab42..e09e1e694083 100644 --- a/pkgs/tools/security/yara/default.nix +++ b/pkgs/tools/security/yara/default.nix @@ -1,21 +1,30 @@ -{ stdenv, fetchFromGitHub, autoconf, automake, libtool, pcre +{ stdenv, fetchFromGitHub, fetchpatch, autoconf, automake, libtool, pcre , withCrypto ? true, openssl , enableMagic ? true, file , enableCuckoo ? true, jansson }: stdenv.mkDerivation rec { - version = "3.10.0"; + version = "3.11.0"; pname = "yara"; src = fetchFromGitHub { owner = "VirusTotal"; repo = "yara"; rev = "v${version}"; - sha256 = "1qxqk324cyvi4n09s79786ciig1gdyhs9dnsm07hf95a3kh6w5z2"; + sha256 = "0mx3xm2a70fx8vlynkavq8gfd9w5yjcix5rx85444i2s1h6kcd0j"; }; - buildInputs = [ autoconf automake libtool pcre] + # See: https://github.com/VirusTotal/yara/issues/1036 + # TODO: This patch should not be necessary in the next release + patches = [ + (fetchpatch { + url = "https://github.com/VirusTotal/yara/commit/04df811fa61fa54390b274bfcf56d7403c184404.patch"; + sha256 = "0hsbc2k7nmk2kskll971draz0an4rmcs5v0iql47mz596vqvkzmb"; + }) + ]; + + buildInputs = [ autoconf automake libtool pcre ] ++ stdenv.lib.optionals withCrypto [ openssl ] ++ stdenv.lib.optionals enableMagic [ file ] ++ stdenv.lib.optionals enableCuckoo [ jansson ] |