Merge branch 'master' into closure-size

TODO: there was more significant refactoring of qtbase and plasma 5.5 on master, and I'm deferring pointing to correct outputs to later.
author: Vladimír Čunát <vcunat@gmail.com> 2015-12-31 09:47:26 +0100
committer: Vladimír Čunát <vcunat@gmail.com> 2015-12-31 09:53:02 +0100
commit: f9f6f41bff2213e199bded515e9b66d1e5c4d7dd (patch)
tree: 29c5a75228e31f305f42c5b761709a186e406776 /pkgs/tools/security
parent: bbcf127c7c9029cba43493d7d25a9d1c65d59152 (diff)
parent: 468f698f609e123bb0ffae67181d07ac99eb2204 (diff)
download: nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar
nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.gz
nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.bz2
nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.lz
nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.xz
nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.zst
nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.zip
16 files changed, 87 insertions, 71 deletions
diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix
index 7823a9e0307a..eba1bef18704 100644
--- a/pkgs/tools/security/eid-mw/default.nix
+++ b/pkgs/tools/security/eid-mw/default.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchFromGitHub, autoreconfHook, gtk3, nssTools, pcsclite
 , pkgconfig }:
 
-let version = "4.1.9"; in
+let version = "4.1.11"; in
 stdenv.mkDerivation {
   name = "eid-mw-${version}";
 
   src = fetchFromGitHub {
-    sha256 = "03hf3bkawhr4kpjcv71xhja3d947qvxmjf0lkyjmv7i3fw3j8jqs";
+    sha256 = "09rp4x1vg0j4rb2dl74f8a7szqx73saacjz09jkih1sz6vwi0j0w";
     rev = "v${version}";
     repo = "eid-mw";
     owner = "Fedict";
diff --git a/pkgs/tools/security/eid-viewer/default.nix b/pkgs/tools/security/eid-viewer/default.nix
index c96632537615..ac6dee4beaa3 100644
--- a/pkgs/tools/security/eid-viewer/default.nix
+++ b/pkgs/tools/security/eid-viewer/default.nix
@@ -1,16 +1,12 @@
-{ stdenv, fetchurl, jre, makeWrapper, pcsclite }:
-
-let
-  # TODO: find out what the version components actually mean, if anything:
-  major = "4.1.4-v4.1.4";
-  minor = "tcm406-270732";
-  version = "${major}-${minor}";
-in stdenv.mkDerivation rec {
+{ stdenv, fetchurl, makeWrapper, jre, pcsclite }:
+
+let version = "4.1.9"; in
+stdenv.mkDerivation rec {
   name = "eid-viewer-${version}";
 
   src = fetchurl {
-    url = "http://eid.belgium.be/en/binaries/eid-viewer-${major}.src.tar_${minor}.gz";
-    sha256 = "06kda45y7c3wvvqby153zcasgz4jibjypv8gvfwvrwvn4ag2z934";
+    url = "https://downloads.services.belgium.be/eid/eid-viewer-${version}-v${version}.src.tar.gz";
+    sha256 = "0bq9jl4kl97j0dfhz4crcb1wqhn420z5vpg510zadvrmqjhy1x4g";
   };
 
   buildInputs = [ jre pcsclite ];
diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix
index 184f8a59d28c..667157978a38 100644
--- a/pkgs/tools/security/fail2ban/default.nix
+++ b/pkgs/tools/security/fail2ban/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, fetchzip, python, pythonPackages, unzip, systemd, gamin }:
+{ stdenv, fetchzip, python, pythonPackages, unzip, gamin }:
 
-let version = "0.9.1"; in
+let version = "0.9.3"; in
 
 pythonPackages.buildPythonPackage {
   name = "fail2ban-${version}";
@@ -9,23 +9,15 @@ pythonPackages.buildPythonPackage {
   src = fetchzip {
     name   = "fail2ban-${version}-src";
     url    = "https://github.com/fail2ban/fail2ban/archive/${version}.tar.gz";
-    sha256 = "111xvy2gxwn868kn0zy2fmdfa423z6fk57i7wsfrc0l74p1cdvs5";
+    sha256 = "1pwgr56i6l6wh2ap8b5vknxgsscfzjqy2nmd1c3vzdii5kf72j0f";
   };
 
   buildInputs = [ unzip ];
 
-  pythonPath = (stdenv.lib.optional stdenv.isLinux systemd)
-    ++ [ python.modules.sqlite3 gamin ];
+  propagatedBuildInputs = [ python.modules.sqlite3 gamin ]
+    ++ (stdenv.lib.optional stdenv.isLinux pythonPackages.systemd);
 
   preConfigure = ''
-    substituteInPlace setup.cfg \
-      --replace /usr $out
-
-    substituteInPlace setup.py \
-      --replace /usr $out \
-      --replace /etc $out/etc \
-      --replace /var $TMPDIR/var \
-
     for i in fail2ban-client fail2ban-regex fail2ban-server; do
       substituteInPlace $i \
         --replace /usr/share/fail2ban $out/share/fail2ban
@@ -40,6 +32,18 @@ pythonPackages.buildPythonPackage {
 
   doCheck = false;
 
+  preInstall = ''
+    # see https://github.com/NixOS/nixpkgs/issues/4968
+    ${python}/bin/${python.executable} setup.py install_data --install-dir=$out --root=$out
+  '';
+
+  postInstall = let
+    sitePackages = "$out/lib/${python.libPrefix}/site-packages";
+  in ''
+    # see https://github.com/NixOS/nixpkgs/issues/4968
+    rm -rf ${sitePackages}/etc ${sitePackages}/usr ${sitePackages}/var;
+  '';
+
   meta = with stdenv.lib; {
     homepage    = http://www.fail2ban.org/;
     description = "A program that scans log files for repeated failing login attempts and bans IP addresses";
diff --git a/pkgs/tools/security/gnupg/1.nix b/pkgs/tools/security/gnupg/1.nix
index d5045806e0c9..8593fe69733a 100644
--- a/pkgs/tools/security/gnupg/1.nix
+++ b/pkgs/tools/security/gnupg/1.nix
@@ -1,15 +1,13 @@
 { stdenv, fetchurl, readline, bzip2 }:
 
 stdenv.mkDerivation rec {
-  name = "gnupg-1.4.19";
+  name = "gnupg-1.4.20";
 
   src = fetchurl {
     url = "mirror://gnupg/gnupg/${name}.tar.bz2";
-    sha256 = "7f09319d044b0f6ee71fe3587bb873be701723ac0952cff5069046a78de8fd86";
+    sha256 = "1k7d6zi0zznqsmcjic0yrgfhqklqz3qgd3yac7wxsa7s6088p604";
   };
 
-  patches = [ ./remove-debug-message.patch ];
-
   buildInputs = [ readline bzip2 ];
 
   doCheck = true;
diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix
index 36c877620f19..117fc41c1abe 100644
--- a/pkgs/tools/security/gnupg/20.nix
+++ b/pkgs/tools/security/gnupg/20.nix
@@ -23,7 +23,9 @@ stdenv.mkDerivation rec {
     = [ readline zlib libgpgerror libgcrypt libassuan libksba pth
         openldap bzip2 libusb curl libiconv ];
 
-  patchPhase = ''
+  patches = [ ./gpgkey2ssh-20.patch ];
+
+  prePatch = ''
     find tests -type f | xargs sed -e 's@/bin/pwd@${coreutils}&@g' -i
   '' + stdenv.lib.optionalString stdenv.isLinux ''
     sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
@@ -35,6 +37,8 @@ stdenv.mkDerivation rec {
 
   configureFlags = optional x11Support "--with-pinentry-pgm=${pinentry}/bin/pinentry";
 
+  postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c";
+
   checkPhase="GNUPGHOME=`pwd` ./agent/gpg-agent --daemon make check";
 
   doCheck = true;
diff --git a/pkgs/tools/security/gnupg/21.nix b/pkgs/tools/security/gnupg/21.nix
index 9390207e14ad..bafcd88f1b90 100644
--- a/pkgs/tools/security/gnupg/21.nix
+++ b/pkgs/tools/security/gnupg/21.nix
@@ -20,10 +20,14 @@ stdenv.mkDerivation rec {
     sha256 = "1ybcsazjm21i2ys1wh49cz4azmqz7ghx5rb6hm4gm93i2zc5igck";
   };
 
+  patches = [ ./gpgkey2ssh-21.patch ];
+
   postPatch = stdenv.lib.optionalString stdenv.isLinux ''
     sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
   ''; #" fix Emacs syntax highlighting :-(
 
+  postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c";
+
   buildInputs = [
     pkgconfig libgcrypt libassuan libksba libiconv npth
     autoreconfHook gettext texinfo
diff --git a/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch b/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch
new file mode 100644
index 000000000000..b536a4fe50e3
--- /dev/null
+++ b/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch
@@ -0,0 +1,14 @@
+diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c
+index 903fb5b..d5611dc 100644
+--- a/tools/gpgkey2ssh.c
++++ b/tools/gpgkey2ssh.c
+@@ -266,7 +266,7 @@ main (int argc, char **argv)
+   keyid = argv[1];
+ 
+   ret = asprintf (&command,
+-		  "gpg --list-keys --with-colons --with-key-data '%s'",
++		  "@out@/bin/gpg2 --list-keys --with-colons --with-key-data '%s'",
+ 		  keyid);
+   assert (ret > 0);
+ 
+
diff --git a/pkgs/tools/security/gnupg/gpgkey2ssh-21.patch b/pkgs/tools/security/gnupg/gpgkey2ssh-21.patch
new file mode 100644
index 000000000000..198869423e5c
--- /dev/null
+++ b/pkgs/tools/security/gnupg/gpgkey2ssh-21.patch
@@ -0,0 +1,13 @@
+diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c
+index f12c5f4..2e3f2ac 100644
+--- a/tools/gpgkey2ssh.c
++++ b/tools/gpgkey2ssh.c
+@@ -281,7 +281,7 @@ main (int argc, char **argv)
+   keyid = argv[1];
+ 
+   asprintf (&command,
+-            "gpg2 --list-keys --with-colons --with-key-data '%s'",
++            "@out@/bin/gpg2 --list-keys --with-colons --with-key-data '%s'",
+             keyid);
+   if (! command)
+     {
diff --git a/pkgs/tools/security/gnupg/remove-debug-message.patch b/pkgs/tools/security/gnupg/remove-debug-message.patch
deleted file mode 100644
index 92fc6f2cfcac..000000000000
--- a/pkgs/tools/security/gnupg/remove-debug-message.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-commit 936416690e6c889505d84fe96983a66983beae5e
-Author: Werner Koch <wk@gnupg.org>
-Date:   Thu Feb 26 09:38:58 2015 +0100
-
-    gpg: Remove left-over debug message.
-
-    * g10/armor.c (check_input): Remove log_debug.
-
-diff --git a/g10/armor.c b/g10/armor.c
-index 6c0013d..de1726d 100644
---- a/g10/armor.c
-+++ b/g10/armor.c
-@@ -534,9 +534,6 @@ check_input( armor_filter_context_t *afx, IOBUF a )
-             /* This is probably input from a keyserver helper and we
-                have not yet seen an error line.  */
-             afx->key_failed_code = parse_key_failed_line (line+4, len-4);
--            log_debug ("armor-keys-failed (%.*s) ->%d\n",
--                       (int)len, line,
--                       afx->key_failed_code);
-           }
-       if( i >= 0 && !(afx->only_keyblocks && i != 1 && i != 5 && i != 6 )) {
-           hdr_line = i;
diff --git a/pkgs/tools/security/lastpass-cli/default.nix b/pkgs/tools/security/lastpass-cli/default.nix
index 92c7a027d69f..01495156810b 100644
--- a/pkgs/tools/security/lastpass-cli/default.nix
+++ b/pkgs/tools/security/lastpass-cli/default.nix
@@ -3,13 +3,13 @@
 stdenv.mkDerivation rec {
   name = "lastpass-cli-${version}";
 
-  version = "0.5.1";
+  version = "0.7.0";
 
   src = fetchFromGitHub {
     owner = "lastpass";
     repo = "lastpass-cli";
     rev = "v${version}";
-    sha256 = "0k2dbfizd6gwd4s8badm50qg2djrh22szd932l1a96mn79q8zb70";
+    sha256 = "18dn4sx173666w6aaqhwcya5x2z3q0fmhg8h76lgdmx8adrhzdzc";
   };
 
   buildInputs = [
diff --git a/pkgs/tools/security/logkeys/default.nix b/pkgs/tools/security/logkeys/default.nix
index ba875c04e2ba..b856308712f8 100644
--- a/pkgs/tools/security/logkeys/default.nix
+++ b/pkgs/tools/security/logkeys/default.nix
@@ -2,12 +2,12 @@
 
 stdenv.mkDerivation rec {
   name = "logkeys-${version}";
-  version = "5ef6b0dcb9e3";
+  version = "2015-11-10";
 
   src = fetchgit {
     url = https://github.com/kernc/logkeys;
-    rev = "5ef6b0dcb9e38e6137ad1579d624ec12107c56c3";
-    sha256 = "02p0l92l0fq069g31ks6xbqavzxa9njj9460vw2jsa7livcn2z9d";
+    rev = "78321c6e70f61c1e7e672fa82daa664017c9e69d";
+    sha256 = "1b1fa1rblyfsg6avqyls03y0rq0favipn5fha770rsirzg4r637q";
   };
 
   buildInputs = [ which procps kbd ];
diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix
index c7d927bdb448..351654b60326 100644
--- a/pkgs/tools/security/nmap/default.nix
+++ b/pkgs/tools/security/nmap/default.nix
@@ -13,11 +13,11 @@
 with stdenv.lib;
 stdenv.mkDerivation rec {
   name = "nmap${optionalString graphicalSupport "-graphical"}-${version}";
-  version = "7.00";
+  version = "7.01";
 
   src = fetchurl {
     url = "http://nmap.org/dist/nmap-${version}.tar.bz2";
-    sha256 = "1bh25200jidhb2ig206ibiwv1ngyrl2ka743hnihiihmqq0j6i4z";
+    sha256 = "01bpc820fmjl1vd08a3j9fpa84psaa7c3cxc8wpzabms8ckcs7yg";
   };
 
   patches = ./zenmap.patch;
diff --git a/pkgs/tools/security/polkit-gnome/default.nix b/pkgs/tools/security/polkit-gnome/default.nix
index c06aac204a1c..38d47e742a29 100644
--- a/pkgs/tools/security/polkit-gnome/default.nix
+++ b/pkgs/tools/security/polkit-gnome/default.nix
@@ -1,17 +1,20 @@
 { stdenv, fetchurl, polkit, gtk3, pkgconfig, intltool }:
 
-stdenv.mkDerivation {
-  name = "polkit-gnome-0.105";
+let
+  version = "0.105";
+
+in stdenv.mkDerivation rec {
+  name = "polkit-gnome-${version}";
 
   src = fetchurl {
-    url = mirror://gnome/sources/polkit-gnome/0.105/polkit-gnome-0.105.tar.xz;
+    url = "mirror://gnome/sources/polkit-gnome/${version}/${name}.tar.xz";
     sha256 = "0sckmcbxyj6sbrnfc5p5lnw27ccghsid6v6wxq09mgxqcd4lk10p";
   };
 
   buildInputs = [ polkit gtk3 ];
   nativeBuildInputs = [ pkgconfig intltool ];
 
-  configureFlags = "--disable-introspection";
+  configureFlags = [ "--disable-introspection" ];
 
   # Desktop file from Debian
   postInstall = ''
@@ -24,5 +27,6 @@ stdenv.mkDerivation {
     description = "A dbus session bus service that is used to bring up authentication dialogs";
     license = stdenv.lib.licenses.gpl2;
     maintainers = with stdenv.lib.maintainers; [ urkud phreedom ];
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/tools/security/signing-party/default.nix b/pkgs/tools/security/signing-party/default.nix
index 21e0bb4c4a97..dfd5cd6c7d7c 100644
--- a/pkgs/tools/security/signing-party/default.nix
+++ b/pkgs/tools/security/signing-party/default.nix
@@ -1,12 +1,12 @@
 {stdenv, fetchurl, gnupg, perl, automake111x, autoconf}:
 
 stdenv.mkDerivation rec {
-  version = "2.0";
+  version = "2.1";
   basename = "signing-party";
   name = "${basename}-${version}";
   src = fetchurl {
     url = "mirror://debian/pool/main/s/${basename}/${basename}_${version}.orig.tar.gz";
-    sha256 = "0vn15sb2yyzd57xdblw48p5hi6fnpvgy83mqyz5ygph65y5y88yc";
+    sha256 = "0pcni3mf92503bqknwlsvv1f5gz23dmzwas2j8g2fk7afjd891ya";
   };
 
   sourceRoot = ".";
diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix
index 9e73c7d4053f..7ff1cd9cca56 100644
--- a/pkgs/tools/security/tor/default.nix
+++ b/pkgs/tools/security/tor/default.nix
@@ -1,17 +1,18 @@
 { stdenv, fetchurl, libevent, openssl, zlib, torsocks, libseccomp }:
 
 stdenv.mkDerivation rec {
-  name = "tor-0.2.7.5";
+  name = "tor-0.2.7.6";
 
   src = fetchurl {
     url = "https://archive.torproject.org/tor-package-archive/${name}.tar.gz";
-    sha256 = "0pxayvcab4cb107ynbpzx4g0qyr1mjfba2an76wdx6dxn56rwakx";
+    sha256 = "0p8hjlfi8dwghlyjif5s0q98cmpgz9kn9jja25430l04z5wqcfj9";
   };
 
   # Note: torsocks is specified as a dependency, as the distributed
   # 'torify' wrapper attempts to use it; although there is no
   # ./configure time check for any of this.
-  buildInputs = [ libevent openssl zlib torsocks libseccomp ];
+  buildInputs = [ libevent openssl zlib torsocks ] ++
+    stdenv.lib.optional stdenv.isLinux libseccomp;
 
   NIX_CFLAGS_LINK = stdenv.lib.optionalString stdenv.cc.isGNU "-lgcc_s";
 
diff --git a/pkgs/tools/security/tor/torbrowser.nix b/pkgs/tools/security/tor/torbrowser.nix
index 3ff4ce724b80..e6ce333cc915 100644
--- a/pkgs/tools/security/tor/torbrowser.nix
+++ b/pkgs/tools/security/tor/torbrowser.nix
@@ -16,13 +16,13 @@ let
 
 in stdenv.mkDerivation rec {
   name = "tor-browser-${version}";
-  version = "5.0.4";
+  version = "5.0.6";
 
   src = fetchurl {
     url = "https://archive.torproject.org/tor-package-archive/torbrowser/${version}/tor-browser-linux${if stdenv.is64bit then "64" else "32"}-${version}_en-US.tar.xz";
     sha256 = if stdenv.is64bit then
-      "03vn1wkkpgr6wzd6iiyqs7zv7yxl9q99j755n8l2579bd10w1xcn" else
-      "1yc13cykr4fafz6r8hnjccl0s33sk297c779cknbdbhj3z3yn163";
+      "1ix05760l9j6bwbswd2fnk4b6nrrzxp3b8abvm4y4979pkkmasfw" else
+      "1q5mf91xxj1xs4ajj9i6mdhnzqycbdvprkzskx8pl6j9ll2hlsyh";
   };
 
   patchPhase = ''
author	Vladimír Čunát <vcunat@gmail.com>	2015-12-31 09:47:26 +0100
committer	Vladimír Čunát <vcunat@gmail.com>	2015-12-31 09:53:02 +0100
commit	f9f6f41bff2213e199bded515e9b66d1e5c4d7dd (patch)
tree	29c5a75228e31f305f42c5b761709a186e406776 /pkgs/tools/security
parent	bbcf127c7c9029cba43493d7d25a9d1c65d59152 (diff)
parent	468f698f609e123bb0ffae67181d07ac99eb2204 (diff)
download	nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.gz nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.bz2 nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.lz nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.xz nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.zst nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.zip