diff options
author | Robin Gloster <mail@glob.in> | 2016-07-19 10:37:02 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-07-19 10:37:02 +0000 |
commit | 203846b9de3bc67e77c93be9d111408286a17d5d (patch) | |
tree | 3306a68a635fad0de834440c25f7e1b69b1e4b10 /pkgs/tools | |
parent | 6539901c7f5eeb18cf5e9a493c230a912ff27f82 (diff) | |
parent | b54009fdfb7951bb5423c4fabcb28b70581b5ba8 (diff) | |
download | nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.gz nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.bz2 nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.lz nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.xz nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.zst nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.zip |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'pkgs/tools')
25 files changed, 543 insertions, 97 deletions
diff --git a/pkgs/tools/archivers/p7zip/default.nix b/pkgs/tools/archivers/p7zip/default.nix index 63487b460343..7c952a8f7294 100644 --- a/pkgs/tools/archivers/p7zip/default.nix +++ b/pkgs/tools/archivers/p7zip/default.nix @@ -1,14 +1,12 @@ { stdenv, fetchurl }: -let - version = "15.14.1"; -in stdenv.mkDerivation rec { name = "p7zip-${version}"; + version = "16.02"; src = fetchurl { url = "mirror://sourceforge/p7zip/p7zip_${version}_src_all.tar.bz2"; - sha256 = "1m15iwglyjpiw82m7dbpykz8s55imch34w20w09l34116vdb97b9"; + sha256 = "5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f"; }; preConfigure = '' diff --git a/pkgs/tools/archivers/xarchiver/default.nix b/pkgs/tools/archivers/xarchiver/default.nix index ea59cb8319e8..507e777a7c37 100644 --- a/pkgs/tools/archivers/xarchiver/default.nix +++ b/pkgs/tools/archivers/xarchiver/default.nix @@ -1,18 +1,20 @@ -{ stdenv, fetchurl, gtk2, pkgconfig, intltool }: +{ stdenv, fetchFromGitHub, gtk, pkgconfig, intltool }: stdenv.mkDerivation rec { - version = "0.5.4"; + version = "0.5.4.6"; name = "xarchiver-${version}"; - src = fetchurl { - url = "mirror://sourceforge/xarchiver/${name}.tar.bz2"; - sha256 = "1x1f8m71cvv2p1364rz99iqs2caxj7yrb46aikz6xigwg4wsfgz6"; + src = fetchFromGitHub { + owner = "ib"; + repo = "xarchiver"; + rev = "${name}"; + sha256 = "1w6b4cchd4prswrn981a7bkq44ad51xm2qiwlpzy43ynql14q877"; }; - buildInputs = [ gtk2 pkgconfig intltool ]; + buildInputs = [ gtk pkgconfig intltool ]; meta = { - description = "GTK+2 only frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)"; + description = "GTK+ frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)"; homepage = http://sourceforge.net/projects/xarchiver/; maintainers = [ stdenv.lib.maintainers.domenkozar ]; license = stdenv.lib.licenses.gpl2; diff --git a/pkgs/tools/graphics/nip2/default.nix b/pkgs/tools/graphics/nip2/default.nix index e61488e202d3..fb88a8c37d4c 100644 --- a/pkgs/tools/graphics/nip2/default.nix +++ b/pkgs/tools/graphics/nip2/default.nix @@ -1,17 +1,17 @@ { stdenv, fetchurl, pkgconfig, glib, libxml2, flex, bison, vips, gnome, -fftw, gsl, goffice_0_8, libgsf }: +fftw, gsl, goffice, libgsf }: stdenv.mkDerivation rec { - name = "nip2-8.0"; + name = "nip2-8.3.0"; src = fetchurl { url = "http://www.vips.ecs.soton.ac.uk/supported/current/${name}.tar.gz"; - sha256 = "10ybac0qrz63x1yk1d0gpv9z1vzpadyii2qhrai6lllplzw6jqx7"; + sha256 = "0vr12gyfvhxx2a28y74lzfg379d1fk0g9isc69k0vdgpn4y1i8aa"; }; buildInputs = [ pkgconfig glib libxml2 flex bison vips - gnome.gtk fftw gsl goffice_0_8 libgsf + gnome.gtk fftw gsl goffice libgsf ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/graphics/vips/default.nix b/pkgs/tools/graphics/vips/default.nix index 7b0cbc16e11a..6ff2ee5cd442 100644 --- a/pkgs/tools/graphics/vips/default.nix +++ b/pkgs/tools/graphics/vips/default.nix @@ -4,11 +4,11 @@ }: stdenv.mkDerivation rec { - name = "vips-8.2.2"; + name = "vips-8.3.1"; src = fetchurl { url = "http://www.vips.ecs.soton.ac.uk/supported/current/${name}.tar.gz"; - sha256 = "12b319aicr129cpi5sixwd3q91y97vwwva6b044zy54px4s8ls0g"; + sha256 = "01hh1baar2r474kny24fcq6ddshcvq104207mqxnkis0as6pzjq9"; }; buildInputs = diff --git a/pkgs/tools/misc/disper/default.nix b/pkgs/tools/misc/disper/default.nix index 777f7b486752..449f0f20b80d 100644 --- a/pkgs/tools/misc/disper/default.nix +++ b/pkgs/tools/misc/disper/default.nix @@ -1,14 +1,19 @@ -{stdenv, fetchurl, python}: +{stdenv, fetchurl, python, xorg, makeWrapper}: stdenv.mkDerivation rec { name = "disper-0.3.1"; - buildInputs = [python]; + buildInputs = [python makeWrapper]; preConfigure = '' export makeFlags="PREFIX=$out" ''; + postInstall = '' + wrapProgram $out/bin/disper \ + --prefix "LD_LIBRARY_PATH" : "${xorg.libXrandr.out}/lib:${xorg.libX11.out}/lib" + ''; + src = fetchurl { url = http://ppa.launchpad.net/disper-dev/ppa/ubuntu/pool/main/d/disper/disper_0.3.1.tar.gz; sha256 = "1l8brcpfn4iascb454ym0wrv5kqyz4f0h8k6db54nc3zhfwy7vvw"; diff --git a/pkgs/tools/misc/ethtool/default.nix b/pkgs/tools/misc/ethtool/default.nix index 9ffc4723dfd3..363aaf3f389a 100644 --- a/pkgs/tools/misc/ethtool/default.nix +++ b/pkgs/tools/misc/ethtool/default.nix @@ -1,11 +1,12 @@ { stdenv, fetchurl }: stdenv.mkDerivation rec { - name = "ethtool-4.5"; + name = "ethtool-${version}"; + version = "4.6"; src = fetchurl { url = "mirror://kernel/software/network/ethtool/${name}.tar.xz"; - sha256 = "0fyakzpcrjb7hkaj9ccpcgza7r2im17qzxy9w6xzbiss5hrk8a5v"; + sha256 = "e90589a9349d008cce8c0510ac4e8878efdc0ddb1b732a9a4cc333b101313415"; }; meta = with stdenv.lib; { diff --git a/pkgs/tools/misc/fzf/default.nix b/pkgs/tools/misc/fzf/default.nix index e8c8d9830c7b..6ba2b8817849 100644 --- a/pkgs/tools/misc/fzf/default.nix +++ b/pkgs/tools/misc/fzf/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "fzf-${version}"; - version = "0.13.2"; + version = "0.13.3"; rev = "${version}"; goPackagePath = "github.com/junegunn/fzf"; @@ -11,13 +11,13 @@ buildGoPackage rec { inherit rev; owner = "junegunn"; repo = "fzf"; - sha256 = "12dr0wib2ajs64a8d3l3zmgj2y8rklkc3xrvgscxgiv29lrlmvfz"; + sha256 = "0mfrlb91akzrj0qpjpaa9bkp6m9z95z56glamry73qy21vbnj58m"; }; buildInputs = [ ncurses ]; goDeps = ./deps.json; - + patchPhase = '' sed -i -e "s|expand('<sfile>:h:h').'/bin/fzf'|'$bin/bin/fzf'|" plugin/fzf.vim sed -i -e "s|expand('<sfile>:h:h').'/bin/fzf-tmux'|'$bin/bin/fzf-tmux'|" plugin/fzf.vim @@ -28,4 +28,11 @@ buildGoPackage rec { mkdir -p $out/share/vim-plugins ln -s $out/share/go/src/github.com/junegunn/fzf $out/share/vim-plugins/${name} ''; + + meta = with stdenv.lib; { + homepage = https://github.com/junegunn/fzf; + description = "A command-line fuzzy finder written in Go"; + license = licenses.mit; + platforms = platforms.unix; + }; } diff --git a/pkgs/tools/misc/gti/default.nix b/pkgs/tools/misc/gti/default.nix index 39e28073abce..3705dd832e9d 100644 --- a/pkgs/tools/misc/gti/default.nix +++ b/pkgs/tools/misc/gti/default.nix @@ -11,6 +11,10 @@ stdenv.mkDerivation rec { sha256 = "1wki7d61kcmv9s3xayky9cz84qa773x3y1z88y768hq8ifwadcbn"; }; + prePatch = '' + substituteInPlace Makefile --replace gcc cc + ''; + installPhase = '' mkdir -p $out/bin $out/share/man/man6 cp gti $out/bin diff --git a/pkgs/tools/misc/youtube-dl/default.nix b/pkgs/tools/misc/youtube-dl/default.nix index b6f55bdcc207..12ecf11517c7 100644 --- a/pkgs/tools/misc/youtube-dl/default.nix +++ b/pkgs/tools/misc/youtube-dl/default.nix @@ -12,11 +12,11 @@ buildPythonApplication rec { name = "youtube-dl-${version}"; - version = "2016.07.09.2"; + version = "2016.07.16"; src = fetchurl { url = "https://yt-dl.org/downloads/${version}/${name}.tar.gz"; - sha256 = "0qs99ss1w22apx3n2173j5mly7h0ngfgkkgz07bn30235saf0fd3"; + sha256 = "017x2hqc2bacypjmn9ac9f91y9y6afydl0z7dich5l627494hvfg"; }; buildInputs = [ makeWrapper zip pandoc ]; diff --git a/pkgs/tools/networking/ndjbdns/default.nix b/pkgs/tools/networking/ndjbdns/default.nix index 2a7e996f8db2..256f50e5c546 100644 --- a/pkgs/tools/networking/ndjbdns/default.nix +++ b/pkgs/tools/networking/ndjbdns/default.nix @@ -1,11 +1,12 @@ { stdenv, fetchurl, systemd, pkgconfig }: stdenv.mkDerivation rec { - version = "1.05.9"; + version = "1.06"; name = "ndjbdns-${version}"; + src = fetchurl { url = "http://pjp.dgplug.org/ndjbdns/${name}.tar.gz"; - sha256 = "0gf3hlmr6grcn6dzflf83lqqfp6hk3ldhbc7z0a1rrh059m93ap5"; + sha256 = "09qi5a9abqm08iqmxj74fzzq9x1w5lzr1jlbzj2hl8hz0g2sgraw"; }; buildInputs = [ pkgconfig systemd ]; @@ -21,4 +22,4 @@ stdenv.mkDerivation rec { platforms = platforms.linux; }; -} \ No newline at end of file +} diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 064745f88558..a0cb0795a261 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -45,6 +45,9 @@ stdenv.mkDerivation rec { ./locale_archive.patch ./fix-host-key-algorithms-plus.patch ./CVE-2015-8325.patch + + # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 + ./dont_create_privsep_path.patch ] ++ optional withGssapiPatches gssapiSrc; @@ -66,11 +69,6 @@ stdenv.mkDerivation rec { ++ optional stdenv.isDarwin "--disable-libutil" ++ optional (!linkOpenssl) "--without-openssl"; - preConfigure = '' - configureFlagsArray+=("--with-privsep-path=$out/empty") - mkdir -p $out/empty - ''; - enableParallelBuilding = true; hardeningEnable = [ "pie" ]; diff --git a/pkgs/tools/networking/openssh/dont_create_privsep_path.patch b/pkgs/tools/networking/openssh/dont_create_privsep_path.patch new file mode 100644 index 000000000000..b6d432d5c5de --- /dev/null +++ b/pkgs/tools/networking/openssh/dont_create_privsep_path.patch @@ -0,0 +1,11 @@ +diff -ur openssh-7.2p2_orig/Makefile.in openssh-7.2p2/Makefile.in +--- openssh-7.2p2_orig/Makefile.in 2016-03-09 19:04:48.000000000 +0100 ++++ openssh-7.2p2/Makefile.in 2016-07-16 09:56:05.643903293 +0200 +@@ -301,7 +301,6 @@ + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 + $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) +- (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) diff --git a/pkgs/tools/networking/proxychains/default.nix b/pkgs/tools/networking/proxychains/default.nix index 2b85cef70c55..ed19f9d1674f 100644 --- a/pkgs/tools/networking/proxychains/default.nix +++ b/pkgs/tools/networking/proxychains/default.nix @@ -1,10 +1,13 @@ -{ stdenv, fetchgit } : -stdenv.mkDerivation { - name = "proxychains-4.0.1-head"; - src = fetchgit { - url = https://github.com/haad/proxychains.git; - rev = "c9b8ce35b24f9d4e80563242b759dff54867163f"; - sha256 = "163h3d3lpglbzjadf8a9kfaf0i1ds25r7si6ll6d5khn1835zik5"; +{ stdenv, fetchFromGitHub } : +stdenv.mkDerivation rec { + name = "proxychains-${version}"; + version = "4.2.0"; + + src = fetchFromGitHub { + owner = "haad"; + repo = "proxychains"; + rev = name; + sha256 = "015skh3z1jmm8kxbm3nkqv1w56kcvabdmcbmpwzywxr4xnh3x3pc"; }; meta = { diff --git a/pkgs/tools/networking/shncpd/default.nix b/pkgs/tools/networking/shncpd/default.nix new file mode 100644 index 000000000000..be2bc6a75a17 --- /dev/null +++ b/pkgs/tools/networking/shncpd/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "shncpd-${version}"; + version = "2016-06-22"; + + src = fetchFromGitHub { + owner = "jech"; + repo = "shncpd"; + rev = "62ef688db7a6535ce11e66c8c93ab64a1bb09484"; + sha256 = "1sj7a77isc2jmh7gw2naw9l9366kjx6jb909h7spj7daxdwvji8f"; + }; + + hardeningEnable = [ "pie" ]; + + preConfigure = '' + makeFlags=( "PREFIX=$out" ) + ''; + + meta = with stdenv.lib; { + description = "Simple, stupid and slow HNCP daemon"; + homepage = https://www.irif.univ-paris-diderot.fr/~jch/software/homenet/shncpd.html; + license = licenses.mit; + platforms = platforms.linux; + maintainers = [ maintainers.fpletz ]; + }; +} diff --git a/pkgs/tools/networking/vtun/default.nix b/pkgs/tools/networking/vtun/default.nix index b0397149e60d..09f48d9fa1ad 100644 --- a/pkgs/tools/networking/vtun/default.nix +++ b/pkgs/tools/networking/vtun/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, openssl, lzo, zlib, yacc, flex }: +{ stdenv, fetchurl, fetchpatch, openssl, lzo, zlib, yacc, flex }: stdenv.mkDerivation rec { name = "vtun-3.0.3"; @@ -8,7 +8,13 @@ stdenv.mkDerivation rec { sha256 = "1jxrxp3klhc8az54d5qn84cbc0vdafg319jh84dxkrswii7vxp39"; }; - patchPhase = '' + patches = [ + (fetchpatch { url = http://sources.debian.net/data/main/v/vtun/3.0.3-2.2/debian/patches/08-gcc5-inline.patch; + sha256 = "18sys97v2hx6vac5zp3ld7sa6kz4izv3g9dnkm0lflbaxhym2vs1"; + }) + ]; + + postPatch = '' sed -i -e 's/-m 755//' -e 's/-o root -g 0//' Makefile.in sed -i '/strip/d' Makefile.in ''; diff --git a/pkgs/tools/package-management/packagekit/default.nix b/pkgs/tools/package-management/packagekit/default.nix index bdd02e58cbb6..dbac7be10d79 100644 --- a/pkgs/tools/package-management/packagekit/default.nix +++ b/pkgs/tools/package-management/packagekit/default.nix @@ -1,57 +1,54 @@ -{ stdenv, fetchurl, intltool, glib, pkgconfig, polkit, python, sqlite }: +{ stdenv, fetchFromGitHub, intltool, glib, pkgconfig, polkit, python, sqlite, systemd +, gobjectIntrospection, vala, gtk_doc, autoreconfHook, autoconf-archive +, nix, boost +, enableCommandNotFound ? false +, enableBashCompletion ? false, bashCompletion ? null }: + +with stdenv.lib; stdenv.mkDerivation rec { - name = "packagekit-${version}"; - version = "1.1.1"; + name = "packagekit-2016-06-03"; - src = fetchurl { - sha256 = "1i6an483vmm6y39szr2alq5vf6kfxhk3j5ca79qrshcj9jjlhcs8"; - url = "http://www.freedesktop.org/software/PackageKit/releases/PackageKit-${version}.tar.xz"; + src = fetchFromGitHub { + owner = "hughsie"; + repo = "PackageKit"; + rev = "99fd83bbb26badf43c6a17a9f0c6dc054c7484c8"; + sha256 = "0y42vl6r1wh57sbjfkn4khjs78q54wshf4p0v4nly9s7hydxpi6a"; }; - buildInputs = [ glib polkit python ]; - propagatedBuildInputs = [ sqlite ]; - nativeBuildInputs = [ intltool pkgconfig ]; + buildInputs = [ glib polkit systemd python gobjectIntrospection vala ] + ++ optional enableBashCompletion bashCompletion; + propagatedBuildInputs = [ sqlite nix boost ]; + nativeBuildInputs = [ intltool pkgconfig autoreconfHook autoconf-archive gtk_doc ]; + + preAutoreconf = '' + gtkdocize + intltoolize + ''; configureFlags = [ - "--disable-static" - "--disable-python3" - "--disable-networkmanager" - "--disable-connman" - "--disable-systemd" - "--disable-bash-completion" - "--disable-gstreamer-plugin" - "--disable-gtk-module" - "--disable-command-not-found" + "--enable-systemd" + "--enable-nix" + "--disable-dummy" "--disable-cron" - "--disable-daemon-tests" - "--disable-alpm" - "--disable-aptcc" - "--enable-dummy" - "--disable-entropy" - "--disable-hif" - "--disable-pisi" - "--disable-poldek" - "--disable-portage" - "--disable-ports" - "--disable-katja" - "--disable-urpmi" - "--disable-yum" - "--disable-zypp" - ]; + "--disable-introspection" + "--disable-offline-update" + "--localstatedir=/var" + "--sysconfdir=/etc" + "--with-dbus-sys=$(out)/etc/dbus-1/system.d" + "--with-systemdsystemunitdir=$(out)/lib/systemd/system/" + ] + ++ optional (!enableBashCompletion) "--disable-bash-completion" + ++ optional (!enableCommandNotFound) "--disable-command-not-found"; enableParallelBuilding = true; - preInstall = '' - # Don't install anything to e.g. $out/var/cache: - for dir in src data; do - substituteInPlace $dir/Makefile \ - --replace " install-data-hook" "" \ - --replace " install-databaseDATA" "" - done - ''; + installFlags = [ + "sysconfdir=\${out}/etc" + "localstatedir=\${TMPDIR}" + ]; - meta = with stdenv.lib; { + meta = { description = "System to facilitate installing and updating packages"; longDescription = '' PackageKit is a system designed to make installing and updating software @@ -66,6 +63,6 @@ stdenv.mkDerivation rec { homepage = http://www.packagekit.org/; license = licenses.gpl2Plus; platforms = platforms.linux; - maintainers = with maintainers; [ nckx ]; + maintainers = with maintainers; [ nckx matthewbauer ]; }; } diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix new file mode 100644 index 000000000000..87a0596f6f08 --- /dev/null +++ b/pkgs/tools/security/keybase/default.nix @@ -0,0 +1,28 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "keybase-${version}"; + version = "1.0.16"; + rev = "v${version}"; + + goPackagePath = "github.com/keybase/client"; + subPackages = [ "go/keybase" ]; + + dontRenameImports = true; + + src = fetchFromGitHub { + owner = "keybase"; + repo = "client"; + inherit rev; + sha256 = "0p62cqpfgx9b5kfnviqpig27i20yv9bg5mq61am5xrmkp68jk35b"; + }; + + buildFlags = [ "-tags production" ]; + + meta = with stdenv.lib; { + homepage = https://www.keybase.io/; + description = "The Keybase official command-line utility and service."; + platforms = platforms.linux; + maintainers = with maintainers; [ carlsverre ]; + }; +} diff --git a/pkgs/tools/security/minisign/default.nix b/pkgs/tools/security/minisign/default.nix index 373ebc1e6ff9..1a573048aa4e 100644 --- a/pkgs/tools/security/minisign/default.nix +++ b/pkgs/tools/security/minisign/default.nix @@ -1,12 +1,14 @@ -{ stdenv, fetchurl, cmake, libsodium }: +{ stdenv, fetchFromGitHub, cmake, libsodium }: stdenv.mkDerivation rec { name = "minisign-${version}"; version = "0.6"; - src = fetchurl { - url = "https://github.com/jedisct1/minisign/archive/${version}.tar.gz"; - sha256 = "029g8ian72fy07k73nf451dw1yggav6crjjc2x6kv4nfpq3pl9pj"; + src = fetchFromGitHub { + repo = "minisign"; + owner = "jedisct1"; + rev = version; + sha256 = "1m71ngxaij3q1dw602kjgj22y5xfjlxrrkjdmx1v4p36y0n6wl92"; }; nativeBuildInputs = [ cmake ]; @@ -22,5 +24,6 @@ stdenv.mkDerivation rec { homepage = https://jedisct1.github.io/minisign/; license = licenses.isc; maintainers = with maintainers; [ joachifm ]; + platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/nasty/default.nix b/pkgs/tools/security/nasty/default.nix index 35bbb3bae48d..fb078674ea74 100644 --- a/pkgs/tools/security/nasty/default.nix +++ b/pkgs/tools/security/nasty/default.nix @@ -9,6 +9,10 @@ stdenv.mkDerivation rec { sha256 = "1dznlxr728k1pgy1kwmlm7ivyl3j3rlvkmq34qpwbwbj8rnja1vn"; }; + # does not apply cleanly with patchPhase/fetchpatch + # https://sources.debian.net/src/nasty/0.6-3/debian/patches/02_add_largefile_support.patch + CFLAGS = "-D_FILE_OFFSET_BITS=64"; + buildInputs = [ gpgme ]; installPhase = '' diff --git a/pkgs/tools/security/sslscan/default.nix b/pkgs/tools/security/sslscan/default.nix index 50cc380b970e..f6777a0e979f 100644 --- a/pkgs/tools/security/sslscan/default.nix +++ b/pkgs/tools/security/sslscan/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "sslscan-${version}"; - version = "1.11.5"; + version = "1.11.7"; src = fetchurl { url = "https://github.com/rbsec/sslscan/archive/${version}-rbsec.tar.gz"; - sha256 = "0mcg8hyx1r9sq716bw1r554fcsf512khgcms2ixxb1c31ng6lhq6"; + sha256 = "0wygz2gm9asvhpfy44333y4pkdja1sbr41hc6mhkxg7a4ys8f9qs"; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index b2af5451b8b5..e2c69377df5a 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -4,14 +4,14 @@ }: stdenv.mkDerivation rec { - name = "sudo-1.8.16"; + name = "sudo-1.8.17p1"; src = fetchurl { urls = [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" ]; - sha256 = "0k86sm9ilhxhvnfwq3092zhfxazj3kddn0y2mirz0nqjqmpq50rd"; + sha256 = "c690d707fb561b3ecdf6a6de5563bc0b769388eff201c851edbace408bb155cc"; }; configureFlags = [ diff --git a/pkgs/tools/text/platinum-searcher/default.nix b/pkgs/tools/text/platinum-searcher/default.nix index 9eae37c6d1a7..21a49d493aa7 100644 --- a/pkgs/tools/text/platinum-searcher/default.nix +++ b/pkgs/tools/text/platinum-searcher/default.nix @@ -2,8 +2,8 @@ buildGoPackage rec { name = "the_platinum_searcher-${version}"; - version = "2.1.1"; - rev = "v2.1.1"; + version = "2.1.3"; + rev = "v2.1.3"; goPackagePath = "github.com/monochromegane/the_platinum_searcher"; @@ -11,7 +11,7 @@ buildGoPackage rec { inherit rev; owner = "monochromegane"; repo = "the_platinum_searcher"; - sha256 = "06cs936w3l64ikszcysdm9ijn52kwgi1ffjxkricxbdb677gsk23"; + sha256 = "09pkdfh7fqn3x4l9zaw5wzk20k7nfdwry7br9vfy3vv3fwv61ynp"; }; goDeps = ./deps.json; diff --git a/pkgs/tools/virtualization/nixos-container/default.nix b/pkgs/tools/virtualization/nixos-container/default.nix new file mode 100644 index 000000000000..0763536533f0 --- /dev/null +++ b/pkgs/tools/virtualization/nixos-container/default.nix @@ -0,0 +1,17 @@ +{ substituteAll, perl, perlPackages, shadow, utillinux }: + +substituteAll { + name = "nixos-container"; + dir = "bin"; + isExecutable = true; + src = ./nixos-container.pl; + perl = "${perl}/bin/perl -I${perlPackages.FileSlurp}/lib/perl5/site_perl"; + su = "${shadow.su}/bin/su"; + inherit utillinux; + + postInstall = '' + t=$out/etc/bash_completion.d + mkdir -p $t + cp ${./nixos-container-completion.sh} $t/nixos-container + ''; +} diff --git a/pkgs/tools/virtualization/nixos-container/nixos-container-completion.sh b/pkgs/tools/virtualization/nixos-container/nixos-container-completion.sh new file mode 100644 index 000000000000..0fe8ab811a17 --- /dev/null +++ b/pkgs/tools/virtualization/nixos-container/nixos-container-completion.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +_nixos-container() { + local cur prev opts + COMPREPLY=() + cur="${COMP_WORDS[COMP_CWORD]}" + prev="${COMP_WORDS[COMP_CWORD-1]}" + opts="list create destroy start stop status update login root-login run show-ip show-host-key" + startstop_opts=$(nixos-container list) + update_opts="--config" + + if [[ "$prev" == "nixos-container" ]] + then + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + fi + + if [[ $(echo "$opts" | grep "$prev") ]] + then + if [[ "$prev" == "start" || "$prev" == "stop" ]] + then + COMPREPLY=( $(compgen -W "${startstop_opts}" -- ${cur}) ) + return 0 + elif [[ "$prev" == "update" ]] + then + COMPREPLY=( $(compgen -W "${update_opts}" -- ${cur}) ) + return 0 + fi + fi +} + +complete -F _nixos-container nixos-container + diff --git a/pkgs/tools/virtualization/nixos-container/nixos-container.pl b/pkgs/tools/virtualization/nixos-container/nixos-container.pl new file mode 100755 index 000000000000..eda57a9751eb --- /dev/null +++ b/pkgs/tools/virtualization/nixos-container/nixos-container.pl @@ -0,0 +1,301 @@ +#! @perl@ + +use strict; +use POSIX; +use File::Path; +use File::Slurp; +use Fcntl ':flock'; +use Getopt::Long qw(:config gnu_getopt); + +my $nsenter = "@utillinux@/bin/nsenter"; +my $su = "@su@"; + +# Ensure a consistent umask. +umask 0022; + +# Parse the command line. + +sub showHelp { + print <<EOF; +Usage: nixos-container list + nixos-container create <container-name> [--system-path <path>] [--config <string>] [--ensure-unique-name] [--auto-start] + nixos-container destroy <container-name> + nixos-container start <container-name> + nixos-container stop <container-name> + nixos-container status <container-name> + nixos-container update <container-name> [--config <string>] + nixos-container login <container-name> + nixos-container root-login <container-name> + nixos-container run <container-name> -- args... + nixos-container show-ip <container-name> + nixos-container show-host-key <container-name> +EOF + exit 0; +} + +my $systemPath; +my $ensureUniqueName = 0; +my $autoStart = 0; +my $extraConfig; + +GetOptions( + "help" => sub { showHelp() }, + "ensure-unique-name" => \$ensureUniqueName, + "auto-start" => \$autoStart, + "system-path=s" => \$systemPath, + "config=s" => \$extraConfig + ) or exit 1; + +my $action = $ARGV[0] or die "$0: no action specified\n"; + + +# Execute the selected action. + +mkpath("/etc/containers", 0, 0755); +mkpath("/var/lib/containers", 0, 0700); + +if ($action eq "list") { + foreach my $confFile (glob "/etc/containers/*.conf") { + $confFile =~ /\/([^\/]+).conf$/ or next; + print "$1\n"; + } + exit 0; +} + +my $containerName = $ARGV[1] or die "$0: no container name specified\n"; +$containerName =~ /^[a-zA-Z0-9\-]+$/ or die "$0: invalid container name\n"; + +sub writeNixOSConfig { + my ($nixosConfigFile) = @_; + + my $nixosConfig = <<EOF; +{ config, lib, pkgs, ... }: + +with lib; + +{ boot.isContainer = true; + networking.hostName = mkDefault "$containerName"; + networking.useDHCP = false; + $extraConfig +} +EOF + + write_file($nixosConfigFile, $nixosConfig); +} + +if ($action eq "create") { + # Acquire an exclusive lock to prevent races with other + # invocations of ‘nixos-container create’. + my $lockFN = "/run/lock/nixos-container"; + open(my $lock, '>>', $lockFN) or die "$0: opening $lockFN: $!"; + flock($lock, LOCK_EX) or die "$0: could not lock $lockFN: $!"; + + my $confFile = "/etc/containers/$containerName.conf"; + my $root = "/var/lib/containers/$containerName"; + + # Maybe generate a unique name. + if ($ensureUniqueName) { + my $base = $containerName; + for (my $nr = 0; ; $nr++) { + $confFile = "/etc/containers/$containerName.conf"; + $root = "/var/lib/containers/$containerName"; + last unless -e $confFile || -e $root; + $containerName = "$base-$nr"; + } + } + + die "$0: container ‘$containerName’ already exists\n" if -e $confFile; + + # Due to interface name length restrictions, container names must + # be restricted too. + die "$0: container name ‘$containerName’ is too long\n" if length $containerName > 11; + + # Get an unused IP address. + my %usedIPs; + foreach my $confFile2 (glob "/etc/containers/*.conf") { + my $s = read_file($confFile2) or die; + $usedIPs{$1} = 1 if $s =~ /^HOST_ADDRESS=([0-9\.]+)$/m; + $usedIPs{$1} = 1 if $s =~ /^LOCAL_ADDRESS=([0-9\.]+)$/m; + } + + my ($ipPrefix, $hostAddress, $localAddress); + for (my $nr = 1; $nr < 255; $nr++) { + $ipPrefix = "10.233.$nr"; + $hostAddress = "$ipPrefix.1"; + $localAddress = "$ipPrefix.2"; + last unless $usedIPs{$hostAddress} || $usedIPs{$localAddress}; + $ipPrefix = undef; + } + + die "$0: out of IP addresses\n" unless defined $ipPrefix; + + my @conf; + push @conf, "PRIVATE_NETWORK=1\n"; + push @conf, "HOST_ADDRESS=$hostAddress\n"; + push @conf, "LOCAL_ADDRESS=$localAddress\n"; + push @conf, "AUTO_START=$autoStart\n"; + write_file($confFile, \@conf); + + close($lock); + + print STDERR "host IP is $hostAddress, container IP is $localAddress\n"; + + # The per-container directory is restricted to prevent users on + # the host from messing with guest users who happen to have the + # same uid. + my $profileDir = "/nix/var/nix/profiles/per-container"; + mkpath($profileDir, 0, 0700); + $profileDir = "$profileDir/$containerName"; + mkpath($profileDir, 0, 0755); + + # Build/set the initial configuration. + if (defined $systemPath) { + system("nix-env", "-p", "$profileDir/system", "--set", $systemPath) == 0 + or die "$0: failed to set initial container configuration\n"; + } else { + mkpath("$root/etc/nixos", 0, 0755); + + my $nixosConfigFile = "$root/etc/nixos/configuration.nix"; + writeNixOSConfig $nixosConfigFile; + + system("nix-env", "-p", "$profileDir/system", + "-I", "nixos-config=$nixosConfigFile", "-f", "<nixpkgs/nixos>", + "--set", "-A", "system") == 0 + or die "$0: failed to build initial container configuration\n"; + } + + print "$containerName\n" if $ensureUniqueName; + exit 0; +} + +my $root = "/var/lib/containers/$containerName"; +my $profileDir = "/nix/var/nix/profiles/per-container/$containerName"; +my $gcRootsDir = "/nix/var/nix/gcroots/per-container/$containerName"; +my $confFile = "/etc/containers/$containerName.conf"; +if (!-e $confFile) { + if ($action eq "destroy") { + exit 0; + } elsif ($action eq "status") { + print "gone\n"; + } + die "$0: container ‘$containerName’ does not exist\n" ; +} + +sub isContainerRunning { + my $status = `systemctl show 'container\@$containerName'`; + return $status =~ /ActiveState=active/; +} + +sub stopContainer { + system("systemctl", "stop", "container\@$containerName") == 0 + or die "$0: failed to stop container\n"; +} + +# Return the PID of the init process of the container. +sub getLeader { + my $s = `machinectl show "$containerName" -p Leader`; + chomp $s; + $s =~ /^Leader=(\d+)$/ or die "unable to get container's main PID\n"; + return int($1); +} + +# Run a command in the container. +sub runInContainer { + my @args = @_; + my $leader = getLeader; + exec($nsenter, "-t", $leader, "-m", "-u", "-i", "-n", "-p", "--", @args); + die "cannot run ‘nsenter’: $!\n"; +} + +# Remove a directory while recursively unmounting all mounted filesystems within +# that directory and unmounting/removing that directory afterwards as well. +# +# NOTE: If the specified path is a mountpoint, its contents will be removed, +# only mountpoints underneath that path will be unmounted properly. +sub safeRemoveTree { + my ($path) = @_; + system("find", $path, "-mindepth", "1", "-xdev", + "(", "-type", "d", "-exec", "mountpoint", "-q", "{}", ";", ")", + "-exec", "umount", "-fR", "{}", "+"); + system("rm", "--one-file-system", "-rf", $path); + if (-e $path) { + system("umount", "-fR", $path); + system("rm", "--one-file-system", "-rf", $path); + } +} + +if ($action eq "destroy") { + die "$0: cannot destroy declarative container (remove it from your configuration.nix instead)\n" + unless POSIX::access($confFile, &POSIX::W_OK); + + stopContainer if isContainerRunning; + + safeRemoveTree($profileDir) if -e $profileDir; + safeRemoveTree($gcRootsDir) if -e $gcRootsDir; + safeRemoveTree($root) if -e $root; + unlink($confFile) or die; +} + +elsif ($action eq "start") { + system("systemctl", "start", "container\@$containerName") == 0 + or die "$0: failed to start container\n"; +} + +elsif ($action eq "stop") { + stopContainer; +} + +elsif ($action eq "status") { + print isContainerRunning() ? "up" : "down", "\n"; +} + +elsif ($action eq "update") { + my $nixosConfigFile = "$root/etc/nixos/configuration.nix"; + + # FIXME: may want to be more careful about clobbering the existing + # configuration.nix. + writeNixOSConfig $nixosConfigFile if (defined $extraConfig && $extraConfig ne ""); + + system("nix-env", "-p", "$profileDir/system", + "-I", "nixos-config=$nixosConfigFile", "-f", "<nixpkgs/nixos>", + "--set", "-A", "system") == 0 + or die "$0: failed to build container configuration\n"; + + if (isContainerRunning) { + print STDERR "reloading container...\n"; + system("systemctl", "reload", "container\@$containerName") == 0 + or die "$0: failed to reload container\n"; + } +} + +elsif ($action eq "login") { + exec("machinectl", "login", "--", $containerName); +} + +elsif ($action eq "root-login") { + runInContainer("@su@", "root", "-l"); +} + +elsif ($action eq "run") { + shift @ARGV; shift @ARGV; + # Escape command. + my $s = join(' ', map { s/'/'\\''/g; "'$_'" } @ARGV); + runInContainer("@su@", "root", "-l", "-c", "exec " . $s); +} + +elsif ($action eq "show-ip") { + my $s = read_file($confFile) or die; + $s =~ /^LOCAL_ADDRESS=([0-9\.]+)$/m or die "$0: cannot get IP address\n"; + print "$1\n"; +} + +elsif ($action eq "show-host-key") { + my $fn = "$root/etc/ssh/ssh_host_ed25519_key.pub"; + $fn = "$root/etc/ssh/ssh_host_ecdsa_key.pub" unless -e $fn; + exit 1 if ! -f $fn; + print read_file($fn); +} + +else { + die "$0: unknown action ‘$action’\n"; +} |