diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2015-12-31 09:47:26 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2015-12-31 09:53:02 +0100 |
commit | f9f6f41bff2213e199bded515e9b66d1e5c4d7dd (patch) | |
tree | 29c5a75228e31f305f42c5b761709a186e406776 /pkgs/tools/security | |
parent | bbcf127c7c9029cba43493d7d25a9d1c65d59152 (diff) | |
parent | 468f698f609e123bb0ffae67181d07ac99eb2204 (diff) | |
download | nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.gz nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.bz2 nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.lz nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.xz nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.tar.zst nixlib-f9f6f41bff2213e199bded515e9b66d1e5c4d7dd.zip |
Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5 on master, and I'm deferring pointing to correct outputs to later.
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/eid-mw/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/eid-viewer/default.nix | 16 | ||||
-rw-r--r-- | pkgs/tools/security/fail2ban/default.nix | 30 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/1.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/20.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/21.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/gpgkey2ssh-20.patch | 14 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/gpgkey2ssh-21.patch | 13 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/remove-debug-message.patch | 22 | ||||
-rw-r--r-- | pkgs/tools/security/lastpass-cli/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/logkeys/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/nmap/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/polkit-gnome/default.nix | 12 | ||||
-rw-r--r-- | pkgs/tools/security/signing-party/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/tor/default.nix | 7 | ||||
-rw-r--r-- | pkgs/tools/security/tor/torbrowser.nix | 6 |
16 files changed, 87 insertions, 71 deletions
diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index 7823a9e0307a..eba1bef18704 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchFromGitHub, autoreconfHook, gtk3, nssTools, pcsclite , pkgconfig }: -let version = "4.1.9"; in +let version = "4.1.11"; in stdenv.mkDerivation { name = "eid-mw-${version}"; src = fetchFromGitHub { - sha256 = "03hf3bkawhr4kpjcv71xhja3d947qvxmjf0lkyjmv7i3fw3j8jqs"; + sha256 = "09rp4x1vg0j4rb2dl74f8a7szqx73saacjz09jkih1sz6vwi0j0w"; rev = "v${version}"; repo = "eid-mw"; owner = "Fedict"; diff --git a/pkgs/tools/security/eid-viewer/default.nix b/pkgs/tools/security/eid-viewer/default.nix index c96632537615..ac6dee4beaa3 100644 --- a/pkgs/tools/security/eid-viewer/default.nix +++ b/pkgs/tools/security/eid-viewer/default.nix @@ -1,16 +1,12 @@ -{ stdenv, fetchurl, jre, makeWrapper, pcsclite }: - -let - # TODO: find out what the version components actually mean, if anything: - major = "4.1.4-v4.1.4"; - minor = "tcm406-270732"; - version = "${major}-${minor}"; -in stdenv.mkDerivation rec { +{ stdenv, fetchurl, makeWrapper, jre, pcsclite }: + +let version = "4.1.9"; in +stdenv.mkDerivation rec { name = "eid-viewer-${version}"; src = fetchurl { - url = "http://eid.belgium.be/en/binaries/eid-viewer-${major}.src.tar_${minor}.gz"; - sha256 = "06kda45y7c3wvvqby153zcasgz4jibjypv8gvfwvrwvn4ag2z934"; + url = "https://downloads.services.belgium.be/eid/eid-viewer-${version}-v${version}.src.tar.gz"; + sha256 = "0bq9jl4kl97j0dfhz4crcb1wqhn420z5vpg510zadvrmqjhy1x4g"; }; buildInputs = [ jre pcsclite ]; diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index 184f8a59d28c..667157978a38 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchzip, python, pythonPackages, unzip, systemd, gamin }: +{ stdenv, fetchzip, python, pythonPackages, unzip, gamin }: -let version = "0.9.1"; in +let version = "0.9.3"; in pythonPackages.buildPythonPackage { name = "fail2ban-${version}"; @@ -9,23 +9,15 @@ pythonPackages.buildPythonPackage { src = fetchzip { name = "fail2ban-${version}-src"; url = "https://github.com/fail2ban/fail2ban/archive/${version}.tar.gz"; - sha256 = "111xvy2gxwn868kn0zy2fmdfa423z6fk57i7wsfrc0l74p1cdvs5"; + sha256 = "1pwgr56i6l6wh2ap8b5vknxgsscfzjqy2nmd1c3vzdii5kf72j0f"; }; buildInputs = [ unzip ]; - pythonPath = (stdenv.lib.optional stdenv.isLinux systemd) - ++ [ python.modules.sqlite3 gamin ]; + propagatedBuildInputs = [ python.modules.sqlite3 gamin ] + ++ (stdenv.lib.optional stdenv.isLinux pythonPackages.systemd); preConfigure = '' - substituteInPlace setup.cfg \ - --replace /usr $out - - substituteInPlace setup.py \ - --replace /usr $out \ - --replace /etc $out/etc \ - --replace /var $TMPDIR/var \ - for i in fail2ban-client fail2ban-regex fail2ban-server; do substituteInPlace $i \ --replace /usr/share/fail2ban $out/share/fail2ban @@ -40,6 +32,18 @@ pythonPackages.buildPythonPackage { doCheck = false; + preInstall = '' + # see https://github.com/NixOS/nixpkgs/issues/4968 + ${python}/bin/${python.executable} setup.py install_data --install-dir=$out --root=$out + ''; + + postInstall = let + sitePackages = "$out/lib/${python.libPrefix}/site-packages"; + in '' + # see https://github.com/NixOS/nixpkgs/issues/4968 + rm -rf ${sitePackages}/etc ${sitePackages}/usr ${sitePackages}/var; + ''; + meta = with stdenv.lib; { homepage = http://www.fail2ban.org/; description = "A program that scans log files for repeated failing login attempts and bans IP addresses"; diff --git a/pkgs/tools/security/gnupg/1.nix b/pkgs/tools/security/gnupg/1.nix index d5045806e0c9..8593fe69733a 100644 --- a/pkgs/tools/security/gnupg/1.nix +++ b/pkgs/tools/security/gnupg/1.nix @@ -1,15 +1,13 @@ { stdenv, fetchurl, readline, bzip2 }: stdenv.mkDerivation rec { - name = "gnupg-1.4.19"; + name = "gnupg-1.4.20"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "7f09319d044b0f6ee71fe3587bb873be701723ac0952cff5069046a78de8fd86"; + sha256 = "1k7d6zi0zznqsmcjic0yrgfhqklqz3qgd3yac7wxsa7s6088p604"; }; - patches = [ ./remove-debug-message.patch ]; - buildInputs = [ readline bzip2 ]; doCheck = true; diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix index 36c877620f19..117fc41c1abe 100644 --- a/pkgs/tools/security/gnupg/20.nix +++ b/pkgs/tools/security/gnupg/20.nix @@ -23,7 +23,9 @@ stdenv.mkDerivation rec { = [ readline zlib libgpgerror libgcrypt libassuan libksba pth openldap bzip2 libusb curl libiconv ]; - patchPhase = '' + patches = [ ./gpgkey2ssh-20.patch ]; + + prePatch = '' find tests -type f | xargs sed -e 's@/bin/pwd@${coreutils}&@g' -i '' + stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c @@ -35,6 +37,8 @@ stdenv.mkDerivation rec { configureFlags = optional x11Support "--with-pinentry-pgm=${pinentry}/bin/pinentry"; + postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c"; + checkPhase="GNUPGHOME=`pwd` ./agent/gpg-agent --daemon make check"; doCheck = true; diff --git a/pkgs/tools/security/gnupg/21.nix b/pkgs/tools/security/gnupg/21.nix index 9390207e14ad..bafcd88f1b90 100644 --- a/pkgs/tools/security/gnupg/21.nix +++ b/pkgs/tools/security/gnupg/21.nix @@ -20,10 +20,14 @@ stdenv.mkDerivation rec { sha256 = "1ybcsazjm21i2ys1wh49cz4azmqz7ghx5rb6hm4gm93i2zc5igck"; }; + patches = [ ./gpgkey2ssh-21.patch ]; + postPatch = stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( + postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c"; + buildInputs = [ pkgconfig libgcrypt libassuan libksba libiconv npth autoreconfHook gettext texinfo diff --git a/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch b/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch new file mode 100644 index 000000000000..b536a4fe50e3 --- /dev/null +++ b/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch @@ -0,0 +1,14 @@ +diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c +index 903fb5b..d5611dc 100644 +--- a/tools/gpgkey2ssh.c ++++ b/tools/gpgkey2ssh.c +@@ -266,7 +266,7 @@ main (int argc, char **argv) + keyid = argv[1]; + + ret = asprintf (&command, +- "gpg --list-keys --with-colons --with-key-data '%s'", ++ "@out@/bin/gpg2 --list-keys --with-colons --with-key-data '%s'", + keyid); + assert (ret > 0); + + diff --git a/pkgs/tools/security/gnupg/gpgkey2ssh-21.patch b/pkgs/tools/security/gnupg/gpgkey2ssh-21.patch new file mode 100644 index 000000000000..198869423e5c --- /dev/null +++ b/pkgs/tools/security/gnupg/gpgkey2ssh-21.patch @@ -0,0 +1,13 @@ +diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c +index f12c5f4..2e3f2ac 100644 +--- a/tools/gpgkey2ssh.c ++++ b/tools/gpgkey2ssh.c +@@ -281,7 +281,7 @@ main (int argc, char **argv) + keyid = argv[1]; + + asprintf (&command, +- "gpg2 --list-keys --with-colons --with-key-data '%s'", ++ "@out@/bin/gpg2 --list-keys --with-colons --with-key-data '%s'", + keyid); + if (! command) + { diff --git a/pkgs/tools/security/gnupg/remove-debug-message.patch b/pkgs/tools/security/gnupg/remove-debug-message.patch deleted file mode 100644 index 92fc6f2cfcac..000000000000 --- a/pkgs/tools/security/gnupg/remove-debug-message.patch +++ /dev/null @@ -1,22 +0,0 @@ -commit 936416690e6c889505d84fe96983a66983beae5e -Author: Werner Koch <wk@gnupg.org> -Date: Thu Feb 26 09:38:58 2015 +0100 - - gpg: Remove left-over debug message. - - * g10/armor.c (check_input): Remove log_debug. - -diff --git a/g10/armor.c b/g10/armor.c -index 6c0013d..de1726d 100644 ---- a/g10/armor.c -+++ b/g10/armor.c -@@ -534,9 +534,6 @@ check_input( armor_filter_context_t *afx, IOBUF a ) - /* This is probably input from a keyserver helper and we - have not yet seen an error line. */ - afx->key_failed_code = parse_key_failed_line (line+4, len-4); -- log_debug ("armor-keys-failed (%.*s) ->%d\n", -- (int)len, line, -- afx->key_failed_code); - } - if( i >= 0 && !(afx->only_keyblocks && i != 1 && i != 5 && i != 6 )) { - hdr_line = i; diff --git a/pkgs/tools/security/lastpass-cli/default.nix b/pkgs/tools/security/lastpass-cli/default.nix index 92c7a027d69f..01495156810b 100644 --- a/pkgs/tools/security/lastpass-cli/default.nix +++ b/pkgs/tools/security/lastpass-cli/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { name = "lastpass-cli-${version}"; - version = "0.5.1"; + version = "0.7.0"; src = fetchFromGitHub { owner = "lastpass"; repo = "lastpass-cli"; rev = "v${version}"; - sha256 = "0k2dbfizd6gwd4s8badm50qg2djrh22szd932l1a96mn79q8zb70"; + sha256 = "18dn4sx173666w6aaqhwcya5x2z3q0fmhg8h76lgdmx8adrhzdzc"; }; buildInputs = [ diff --git a/pkgs/tools/security/logkeys/default.nix b/pkgs/tools/security/logkeys/default.nix index ba875c04e2ba..b856308712f8 100644 --- a/pkgs/tools/security/logkeys/default.nix +++ b/pkgs/tools/security/logkeys/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { name = "logkeys-${version}"; - version = "5ef6b0dcb9e3"; + version = "2015-11-10"; src = fetchgit { url = https://github.com/kernc/logkeys; - rev = "5ef6b0dcb9e38e6137ad1579d624ec12107c56c3"; - sha256 = "02p0l92l0fq069g31ks6xbqavzxa9njj9460vw2jsa7livcn2z9d"; + rev = "78321c6e70f61c1e7e672fa82daa664017c9e69d"; + sha256 = "1b1fa1rblyfsg6avqyls03y0rq0favipn5fha770rsirzg4r637q"; }; buildInputs = [ which procps kbd ]; diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index c7d927bdb448..351654b60326 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -13,11 +13,11 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; - version = "7.00"; + version = "7.01"; src = fetchurl { url = "http://nmap.org/dist/nmap-${version}.tar.bz2"; - sha256 = "1bh25200jidhb2ig206ibiwv1ngyrl2ka743hnihiihmqq0j6i4z"; + sha256 = "01bpc820fmjl1vd08a3j9fpa84psaa7c3cxc8wpzabms8ckcs7yg"; }; patches = ./zenmap.patch; diff --git a/pkgs/tools/security/polkit-gnome/default.nix b/pkgs/tools/security/polkit-gnome/default.nix index c06aac204a1c..38d47e742a29 100644 --- a/pkgs/tools/security/polkit-gnome/default.nix +++ b/pkgs/tools/security/polkit-gnome/default.nix @@ -1,17 +1,20 @@ { stdenv, fetchurl, polkit, gtk3, pkgconfig, intltool }: -stdenv.mkDerivation { - name = "polkit-gnome-0.105"; +let + version = "0.105"; + +in stdenv.mkDerivation rec { + name = "polkit-gnome-${version}"; src = fetchurl { - url = mirror://gnome/sources/polkit-gnome/0.105/polkit-gnome-0.105.tar.xz; + url = "mirror://gnome/sources/polkit-gnome/${version}/${name}.tar.xz"; sha256 = "0sckmcbxyj6sbrnfc5p5lnw27ccghsid6v6wxq09mgxqcd4lk10p"; }; buildInputs = [ polkit gtk3 ]; nativeBuildInputs = [ pkgconfig intltool ]; - configureFlags = "--disable-introspection"; + configureFlags = [ "--disable-introspection" ]; # Desktop file from Debian postInstall = '' @@ -24,5 +27,6 @@ stdenv.mkDerivation { description = "A dbus session bus service that is used to bring up authentication dialogs"; license = stdenv.lib.licenses.gpl2; maintainers = with stdenv.lib.maintainers; [ urkud phreedom ]; + platforms = stdenv.lib.platforms.linux; }; } diff --git a/pkgs/tools/security/signing-party/default.nix b/pkgs/tools/security/signing-party/default.nix index 21e0bb4c4a97..dfd5cd6c7d7c 100644 --- a/pkgs/tools/security/signing-party/default.nix +++ b/pkgs/tools/security/signing-party/default.nix @@ -1,12 +1,12 @@ {stdenv, fetchurl, gnupg, perl, automake111x, autoconf}: stdenv.mkDerivation rec { - version = "2.0"; + version = "2.1"; basename = "signing-party"; name = "${basename}-${version}"; src = fetchurl { url = "mirror://debian/pool/main/s/${basename}/${basename}_${version}.orig.tar.gz"; - sha256 = "0vn15sb2yyzd57xdblw48p5hi6fnpvgy83mqyz5ygph65y5y88yc"; + sha256 = "0pcni3mf92503bqknwlsvv1f5gz23dmzwas2j8g2fk7afjd891ya"; }; sourceRoot = "."; diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 9e73c7d4053f..7ff1cd9cca56 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -1,17 +1,18 @@ { stdenv, fetchurl, libevent, openssl, zlib, torsocks, libseccomp }: stdenv.mkDerivation rec { - name = "tor-0.2.7.5"; + name = "tor-0.2.7.6"; src = fetchurl { url = "https://archive.torproject.org/tor-package-archive/${name}.tar.gz"; - sha256 = "0pxayvcab4cb107ynbpzx4g0qyr1mjfba2an76wdx6dxn56rwakx"; + sha256 = "0p8hjlfi8dwghlyjif5s0q98cmpgz9kn9jja25430l04z5wqcfj9"; }; # Note: torsocks is specified as a dependency, as the distributed # 'torify' wrapper attempts to use it; although there is no # ./configure time check for any of this. - buildInputs = [ libevent openssl zlib torsocks libseccomp ]; + buildInputs = [ libevent openssl zlib torsocks ] ++ + stdenv.lib.optional stdenv.isLinux libseccomp; NIX_CFLAGS_LINK = stdenv.lib.optionalString stdenv.cc.isGNU "-lgcc_s"; diff --git a/pkgs/tools/security/tor/torbrowser.nix b/pkgs/tools/security/tor/torbrowser.nix index 3ff4ce724b80..e6ce333cc915 100644 --- a/pkgs/tools/security/tor/torbrowser.nix +++ b/pkgs/tools/security/tor/torbrowser.nix @@ -16,13 +16,13 @@ let in stdenv.mkDerivation rec { name = "tor-browser-${version}"; - version = "5.0.4"; + version = "5.0.6"; src = fetchurl { url = "https://archive.torproject.org/tor-package-archive/torbrowser/${version}/tor-browser-linux${if stdenv.is64bit then "64" else "32"}-${version}_en-US.tar.xz"; sha256 = if stdenv.is64bit then - "03vn1wkkpgr6wzd6iiyqs7zv7yxl9q99j755n8l2579bd10w1xcn" else - "1yc13cykr4fafz6r8hnjccl0s33sk297c779cknbdbhj3z3yn163"; + "1ix05760l9j6bwbswd2fnk4b6nrrzxp3b8abvm4y4979pkkmasfw" else + "1q5mf91xxj1xs4ajj9i6mdhnzqycbdvprkzskx8pl6j9ll2hlsyh"; }; patchPhase = '' |