diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
26 files changed, 211 insertions, 420 deletions
diff --git a/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix index 39c0c02890bd..44282d5f9643 100644 --- a/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix +++ b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix @@ -1,27 +1,22 @@ -# This file was generated by https://github.com/kamilchm/go2nix v1.2.1 -{ stdenv, buildGoPackage, fetchgit }: +{ stdenv, buildGoPackage, fetchFromGitHub }: buildGoPackage rec { - name = "aws-iam-authenticator-${version}"; - # This is meant to be a stable release, but since the rename from - # heptio, there has been no release. Please pin this to an actual - # release once that happens. - version = "2018-07-29"; - rev = "01dd27d77ec1e2ec640a010970f00b2f8074b0b5"; + pname = "aws-iam-authenticator"; + version = "0.4.0"; goPackagePath = "github.com/kubernetes-sigs/aws-iam-authenticator"; - src = fetchgit { - inherit rev; - url = "https://github.com/kubernetes-sigs/aws-iam-authenticator"; - sha256 = "1n7khd2qvl527x3ac6f89smf12za92g08d9v2j393i7n9l1rgw38"; + src = fetchFromGitHub { + owner = "kubernetes-sigs"; + repo = pname; + rev = "v${version}"; + sha256 = "1ghl2vms9wmvczdl2raqhy0gffxmk24h158gjb5mlw7rggzvb7bg"; }; - meta = { + meta = with stdenv.lib; { homepage = "https://github.com/kubernetes-sigs/aws-iam-authenticator"; description = "AWS IAM credentials for Kubernetes authentication"; - license = stdenv.lib.licenses.asl20; - platforms = stdenv.lib.platforms.all; - maintainers = [ stdenv.lib.maintainers.srhb ]; + license = licenses.asl20; + maintainers = [ maintainers.srhb ]; }; } diff --git a/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix b/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix index 788c561da3c5..2dbbd93e13bf 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix @@ -15,7 +15,7 @@ rustPlatform.buildRustPackage rec { RUSTC_BOOTSTRAP = 1; - cargoSha256 = "0bzid5wrpcrghazv5652ghyv4amp298p5kfridswv175kmr9gg0x"; + cargoSha256 = "02xrz7vq8nan70f07xyf335blfmdc6gaz9sbfjipsi1drgfccf09"; meta = with lib; { description = "An unofficial lightweight implementation of the Bitwarden server API using Rust and SQLite"; diff --git a/nixpkgs/pkgs/tools/security/browserpass/2.nix b/nixpkgs/pkgs/tools/security/browserpass/2.nix deleted file mode 100644 index fdbd757449a6..000000000000 --- a/nixpkgs/pkgs/tools/security/browserpass/2.nix +++ /dev/null @@ -1,43 +0,0 @@ -# This file was generated by https://github.com/kamilchm/go2nix v1.2.1 -{ stdenv, buildGoPackage, fetchFromGitHub, gnupg }: - -buildGoPackage rec { - name = "browserpass-${version}"; - version = "2.0.22"; - - goPackagePath = "github.com/dannyvankooten/browserpass"; - - goDeps = ./2deps.nix; - - src = fetchFromGitHub { - repo = "browserpass"; - owner = "dannyvankooten"; - rev = version; - sha256 = "05cacrx08k99c5zra7ksdik9xxn3vih3x6in7536zs5gm55mkbfx"; - }; - - postPatch = '' - substituteInPlace browserpass.go \ - --replace /usr/local/bin/gpg ${gnupg}/bin/gpg - ''; - - postInstall = '' - host_file="$bin/bin/browserpass" - mkdir -p "$bin/etc" - - sed -e "s!%%replace%%!$host_file!" go/src/${goPackagePath}/chrome/host.json > chrome-host.json - sed -e "s!%%replace%%!$host_file!" go/src/${goPackagePath}/firefox/host.json > firefox-host.json - - install chrome-host.json $bin/etc/ - install -D firefox-host.json $bin/lib/mozilla/native-messaging-hosts/com.dannyvankooten.browserpass.json - install go/src/${goPackagePath}/chrome/policy.json $bin/etc/chrome-policy.json - ''; - - meta = with stdenv.lib; { - description = "A Chrome & Firefox extension for zx2c4's pass"; - homepage = https://github.com/dannyvankooten/browserpass; - license = licenses.mit; - platforms = with platforms; linux ++ darwin ++ openbsd; - maintainers = with maintainers; [ rvolosatovs ]; - }; -} diff --git a/nixpkgs/pkgs/tools/security/browserpass/2deps.nix b/nixpkgs/pkgs/tools/security/browserpass/2deps.nix deleted file mode 100644 index 631463a69d11..000000000000 --- a/nixpkgs/pkgs/tools/security/browserpass/2deps.nix +++ /dev/null @@ -1,39 +0,0 @@ -# This file was generated by https://github.com/kamilchm/go2nix v1.2.1 -[ - { - goPackagePath = "github.com/gokyle/twofactor"; - fetch = { - type = "git"; - url = "https://github.com/gokyle/twofactor"; - rev = "eaad1884d40f9cabff98a57a524c17afd00c9fe7"; - sha256 = "07kvga6f2b56kpy52a3xk16garvlqz950s350dax97x7cayba95g"; - }; - } - { - goPackagePath = "github.com/mattn/go-zglob"; - fetch = { - type = "git"; - url = "https://github.com/mattn/go-zglob"; - rev = "4959821b481786922ac53e7ef25c61ae19fb7c36"; - sha256 = "0rwkdw143kphpmingsrw1zp030zf3p08f64h347jpdm4lz8z5449"; - }; - } - { - goPackagePath = "github.com/sahilm/fuzzy"; - fetch = { - type = "git"; - url = "https://github.com/sahilm/fuzzy"; - rev = "a154b19bb758dcdd6ede58dc11ea53c2950527b2"; - sha256 = "0jkw6474d5ik2fq2zznqxj4y3p42z47r7mbg856ln5wyara2sg0l"; - }; - } - { - goPackagePath = "rsc.io/qr"; - fetch = { - type = "git"; - url = "https://github.com/rsc/qr"; - rev = "48b2ede4844e13f1a2b7ce4d2529c9af7e359fc5"; - sha256 = "1npxy32glnkvsp0871972jzjzgkwaqmbv6jsj9wgqsa1s2jr004p"; - }; - } -] diff --git a/nixpkgs/pkgs/tools/security/browserpass/default.nix b/nixpkgs/pkgs/tools/security/browserpass/default.nix index 055444d5566d..4e602804405b 100644 --- a/nixpkgs/pkgs/tools/security/browserpass/default.nix +++ b/nixpkgs/pkgs/tools/security/browserpass/default.nix @@ -1,12 +1,5 @@ -{ lib, callPackage, buildGoPackage, fetchFromGitHub, makeWrapper, gnupg }: -let - # For backwards compatibility with v2 of the browser extension, we embed v2 - # of the native host in v3. Because the extension will auto-update when it - # is released, this code can be removed from that point on. - # Don't forget to remove v2 references down below and the v2 files in this - # folder - v2 = callPackage ./2.nix {}; -in buildGoPackage rec { +{ lib, callPackage, buildGoModule, fetchFromGitHub, makeWrapper, gnupg }: +buildGoModule rec { pname = "browserpass"; version = "3.0.6"; @@ -19,8 +12,7 @@ in buildGoPackage rec { nativeBuildInputs = [ makeWrapper ]; - goPackagePath = "github.com/browserpass/browserpass-native"; - goDeps = ./deps.nix; + modSha256 = "13yw7idgw8l48yvm4jjha0kbx6q22m2zp13y006mikavynqsr5kj"; postPatch = '' # Because this Makefile will be installed to be used by the user, patch @@ -31,10 +23,9 @@ in buildGoPackage rec { sed -i -e 's/INSTALL :=.*/INSTALL := install/' Makefile ''; - DESTDIR = placeholder "bin"; + DESTDIR = placeholder "out"; postConfigure = '' - cd "go/src/$goPackagePath" make configure ''; @@ -45,16 +36,12 @@ in buildGoPackage rec { installPhase = '' make install - wrapProgram $bin/bin/browserpass \ + wrapProgram $out/bin/browserpass \ --suffix PATH : ${lib.makeBinPath [ gnupg ]} # This path is used by our firefox wrapper for finding native messaging hosts - mkdir -p $bin/lib/mozilla/native-messaging-hosts - ln -s $bin/lib/browserpass/hosts/firefox/*.json $bin/lib/mozilla/native-messaging-hosts - - # These can be removed too, see comment up top - ln -s ${lib.getBin v2}/etc $bin/etc - ln -s ${lib.getBin v2}/lib/mozilla/native-messaging-hosts/* $bin/lib/mozilla/native-messaging-hosts + mkdir -p $out/lib/mozilla/native-messaging-hosts + ln -s $out/lib/browserpass/hosts/firefox/*.json $out/lib/mozilla/native-messaging-hosts ''; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/browserpass/deps.nix b/nixpkgs/pkgs/tools/security/browserpass/deps.nix deleted file mode 100644 index 334a189ad404..000000000000 --- a/nixpkgs/pkgs/tools/security/browserpass/deps.nix +++ /dev/null @@ -1,93 +0,0 @@ -# file generated from go.mod using vgo2nix (https://github.com/adisbladis/vgo2nix) -[ - { - goPackagePath = "github.com/davecgh/go-spew"; - fetch = { - type = "git"; - url = "https://github.com/davecgh/go-spew"; - rev = "v1.1.1"; - sha256 = "0hka6hmyvp701adzag2g26cxdj47g21x6jz4sc6jjz1mn59d474y"; - }; - } - { - goPackagePath = "github.com/konsorten/go-windows-terminal-sequences"; - fetch = { - type = "git"; - url = "https://github.com/konsorten/go-windows-terminal-sequences"; - rev = "v1.0.2"; - sha256 = "09mn209ika7ciy87xf2x31dq5fnqw39jidgaljvmqxwk7ff1hnx7"; - }; - } - { - goPackagePath = "github.com/mattn/go-zglob"; - fetch = { - type = "git"; - url = "https://github.com/mattn/go-zglob"; - rev = "v0.0.1"; - sha256 = "1sncdyq5fbd42al4amyy91h7vlzm3wm6c9vl8za2pjgfgsd581fz"; - }; - } - { - goPackagePath = "github.com/pmezard/go-difflib"; - fetch = { - type = "git"; - url = "https://github.com/pmezard/go-difflib"; - rev = "v1.0.0"; - sha256 = "0c1cn55m4rypmscgf0rrb88pn58j3ysvc2d0432dp3c6fqg6cnzw"; - }; - } - { - goPackagePath = "github.com/rifflock/lfshook"; - fetch = { - type = "git"; - url = "https://github.com/rifflock/lfshook"; - rev = "b9218ef580f5"; - sha256 = "0wxqjcjfg8c0klmdgmbw3ckagby3wg9rkga9ihd4fsf05x5scxrc"; - }; - } - { - goPackagePath = "github.com/sirupsen/logrus"; - fetch = { - type = "git"; - url = "https://github.com/sirupsen/logrus"; - rev = "v1.4.0"; - sha256 = "1y1qjcg19z7q9sy32rhc148kdql2aw7xkcm9d6r1blrl0mdgpx0w"; - }; - } - { - goPackagePath = "github.com/stretchr/objx"; - fetch = { - type = "git"; - url = "https://github.com/stretchr/objx"; - rev = "v0.1.1"; - sha256 = "0iph0qmpyqg4kwv8jsx6a56a7hhqq8swrazv40ycxk9rzr0s8yls"; - }; - } - { - goPackagePath = "github.com/stretchr/testify"; - fetch = { - type = "git"; - url = "https://github.com/stretchr/testify"; - rev = "v1.3.0"; - sha256 = "0wjchp2c8xbgcbbq32w3kvblk6q6yn533g78nxl6iskq6y95lxsy"; - }; - } - { - goPackagePath = "golang.org/x/crypto"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/crypto"; - rev = "c2843e01d9a2"; - sha256 = "01xgxbj5r79nmisdvpq48zfy8pzaaj90bn6ngd4nf33j9ar1dp8r"; - }; - } - { - goPackagePath = "golang.org/x/sys"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/sys"; - rev = "fead79001313"; - sha256 = "12vwl6sv6w7q0dyvynjhbp67242rhh77d6nlsb22ajr8rf17c63i"; - }; - } -] diff --git a/nixpkgs/pkgs/tools/security/ccid/default.nix b/nixpkgs/pkgs/tools/security/ccid/default.nix index c5a0de0c75f6..6fbcffdae290 100644 --- a/nixpkgs/pkgs/tools/security/ccid/default.nix +++ b/nixpkgs/pkgs/tools/security/ccid/default.nix @@ -25,6 +25,6 @@ stdenv.mkDerivation rec { description = "ccid drivers for pcsclite"; homepage = https://ccid.apdu.fr/; license = licenses.gpl2Plus; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/keybase/default.nix b/nixpkgs/pkgs/tools/security/keybase/default.nix index 36b7709c56a8..e07acd4566de 100644 --- a/nixpkgs/pkgs/tools/security/keybase/default.nix +++ b/nixpkgs/pkgs/tools/security/keybase/default.nix @@ -5,7 +5,7 @@ buildGoPackage rec { name = "keybase-${version}"; - version = "3.0.0"; + version = "3.2.2"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/keybase" ]; @@ -14,7 +14,7 @@ buildGoPackage rec { src = fetchurl { url = "https://github.com/keybase/client/archive/v${version}.tar.gz"; - sha256 = "1mxzihgd3qfahlmnfrpbg2kbixbjmkajrl964kaxmihrkx0fylvf"; + sha256 = "ed977c45f3a888d291aaf46afc1e1e32e4851d44b26a39854f00a0003b7556b5"; }; buildInputs = lib.optionals stdenv.isDarwin [ diff --git a/nixpkgs/pkgs/tools/security/keybase/gui.nix b/nixpkgs/pkgs/tools/security/keybase/gui.nix index 4207bac44732..0ca41fb7708d 100644 --- a/nixpkgs/pkgs/tools/security/keybase/gui.nix +++ b/nixpkgs/pkgs/tools/security/keybase/gui.nix @@ -1,19 +1,19 @@ { stdenv, fetchurl, alsaLib, atk, cairo, cups, udev, hicolor-icon-theme , dbus, expat, fontconfig, freetype, gdk_pixbuf, glib, gtk3, gnome3 , libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook -, runtimeShell }: +, runtimeShell, gsettings-desktop-schemas }: let - versionSuffix = "20190205202117.6394d03e6c"; + versionSuffix = "20190412141809.5262f90fd9"; in stdenv.mkDerivation rec { name = "keybase-gui-${version}"; - version = "3.0.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "3.2.2"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - sha256 = "0nwz0v6sqx1gd7spha09pk2bjbb8lgaxbrh0r6j6p0xzgzz6birw"; + sha256 = "20f0cbfae52a8afbc88c1130279b2c2ced21fd498eee7e43c88f5b88abd8f21b"; }; nativeBuildInputs = [ @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { freetype gdk_pixbuf glib - gnome3.gsettings-desktop-schemas + gsettings-desktop-schemas gtk3 libnotify nspr diff --git a/nixpkgs/pkgs/tools/security/krunner-pass/default.nix b/nixpkgs/pkgs/tools/security/krunner-pass/default.nix index dac6df56a796..57174148160d 100644 --- a/nixpkgs/pkgs/tools/security/krunner-pass/default.nix +++ b/nixpkgs/pkgs/tools/security/krunner-pass/default.nix @@ -1,15 +1,10 @@ -{ mkDerivation, stdenv, - fetchFromGitHub, - cmake, extra-cmake-modules, gnumake, +{ mkDerivation, lib, fetchFromGitHub, fetchpatch, cmake, extra-cmake-modules +, kauth, krunner +, pass, pass-otp ? null }: - pass, pass-otp ? null, krunner, -}: -let +mkDerivation rec { pname = "krunner-pass"; version = "1.3.0"; -in -mkDerivation rec { - name = "${pname}-${version}"; src = fetchFromGitHub { owner = "akermu"; @@ -19,22 +14,26 @@ mkDerivation rec { }; buildInputs = [ - pass - pass-otp - krunner + kauth krunner + pass pass-otp ]; - nativeBuildInputs = [cmake extra-cmake-modules gnumake]; + nativeBuildInputs = [ cmake extra-cmake-modules ]; patches = [ + (fetchpatch { + url = https://github.com/peterhoeg/krunner-pass/commit/be2695f4ae74b0cccec8294defcc92758583d96b.patch; + sha256 = "098dqnal57994p51p2srfzg4lgcd6ybp29h037llr9cdv02hdxvl"; + name = "fix_build.patch"; + }) ./pass-path.patch ]; CXXFLAGS = [ - ''-DNIXPKGS_PASS=\"${stdenv.lib.getBin pass}/bin/pass\"'' + ''-DNIXPKGS_PASS=\"${lib.getBin pass}/bin/pass\"'' ]; - meta = with stdenv.lib; { + meta = with lib; { description = "Integrates krunner with pass the unix standard password manager (https://www.passwordstore.org/)"; homepage = https://github.com/akermu/krunner-pass; license = licenses.gpl3; diff --git a/nixpkgs/pkgs/tools/security/kwalletcli/default.nix b/nixpkgs/pkgs/tools/security/kwalletcli/default.nix index 52e8ab8cf570..fedf3421fb1c 100644 --- a/nixpkgs/pkgs/tools/security/kwalletcli/default.nix +++ b/nixpkgs/pkgs/tools/security/kwalletcli/default.nix @@ -1,48 +1,48 @@ -{ - mkDerivation, fetchurl, lib, - pkgconfig, - kcoreaddons, ki18n, kwallet, - mksh -}: - -let +{ mkDerivation, fetchFromGitHub, lib, makeWrapper, pkgconfig +, kcoreaddons, ki18n, kwallet, mksh, pinentry_qt5 }: + +mkDerivation rec { pname = "kwalletcli"; version = "3.02"; -in -mkDerivation rec { - name = "${pname}-${version}"; - src = fetchurl { - url = "https://www.mirbsd.org/MirOS/dist/hosted/kwalletcli/${name}.tar.gz"; - sha256 = "05njayi07996ljfl8a6frlk2s60grk5w27f0f445nmvd5n0bzgpn"; + src = fetchFromGitHub { + owner = "MirBSD"; + repo = pname; + rev = "${pname}-${lib.replaceStrings [ "." ] [ "_" ] version}"; + sha256 = "1gq45afb5nmmjfqxglv7wvcxcjd9822pc7nysq0350jmmmqwb474"; }; postPatch = '' substituteInPlace GNUmakefile \ - --replace '-I/usr/include/KF5/KCoreAddons' '-I${kcoreaddons.dev}/include/KF5/KCoreAddons' \ - --replace '-I/usr/include/KF5/KI18n' '-I${ki18n.dev}/include/KF5/KI18n' \ - --replace '-I/usr/include/KF5/KWallet' '-I${kwallet.dev}/include/KF5/KWallet' \ - --replace /usr/bin $out/bin \ - --replace /usr/share/man $out/share/man + --replace -I/usr/include/KF5/KCoreAddons -I${kcoreaddons.dev}/include/KF5/KCoreAddons \ + --replace -I/usr/include/KF5/KI18n -I${ki18n.dev}/include/KF5/KI18n \ + --replace -I/usr/include/KF5/KWallet -I${kwallet.dev}/include/KF5/KWallet \ + --replace /usr/bin $out/bin \ + --replace /usr/share/man $out/share/man + + substituteInPlace pinentry-kwallet \ + --replace '/usr/bin/env mksh' ${mksh}/bin/mksh ''; makeFlags = [ "KDE_VER=5" ]; - # we need this when building against qt 5.8+ - NIX_CFLAGS_COMPILE = [ "-std=c++11" ]; - - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ makeWrapper pkgconfig ]; # if using just kwallet, cmake will be added as a buildInput and fail the build propagatedBuildInputs = [ kcoreaddons ki18n (lib.getLib kwallet) ]; - propagatedUserEnvPkgs = [ mksh ]; preInstall = '' mkdir -p $out/bin $out/share/man/man1 ''; + postInstall = '' + wrapProgram $out/bin/pinentry-kwallet \ + --prefix PATH : $out/bin:${lib.makeBinPath [ pinentry_qt5 ]} \ + --set-default PINENTRY pinentry-qt + ''; + meta = with lib; { description = "Command-Line Interface to the KDE Wallet"; - homepage = http://www.mirbsd.org/kwalletcli.htm; + homepage = https://www.mirbsd.org/kwalletcli.htm; license = licenses.miros; maintainers = with maintainers; [ peterhoeg ]; }; diff --git a/nixpkgs/pkgs/tools/security/lynis/default.nix b/nixpkgs/pkgs/tools/security/lynis/default.nix index dfbda2b5e073..198e33c8500e 100644 --- a/nixpkgs/pkgs/tools/security/lynis/default.nix +++ b/nixpkgs/pkgs/tools/security/lynis/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "lynis"; - version = "2.7.3"; + version = "2.7.4"; name = "${pname}-${version}"; src = fetchFromGitHub { owner = "CISOfy"; repo = "${pname}"; rev = "${version}"; - sha256 = "0md1w86i3fy9l78i98ijr5136nbhdiik2dxyw9qnzmvdlvkqmw70"; + sha256 = "1jjk5hcxmp4f4ppsljiq95l2ln6b03azydap3b35lsvxkjybv88k"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/nixpkgs/pkgs/tools/security/mfoc/default.nix b/nixpkgs/pkgs/tools/security/mfoc/default.nix index 278818e88b54..1ae18e343537 100644 --- a/nixpkgs/pkgs/tools/security/mfoc/default.nix +++ b/nixpkgs/pkgs/tools/security/mfoc/default.nix @@ -1,17 +1,28 @@ -{ stdenv, fetchurl, pkgconfig, libnfc }: +{ stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, pkgconfig, libnfc }: stdenv.mkDerivation rec { - name = "mfoc-${version}"; - version = "0.10.6"; + pname = "mfoc"; + version = "0.10.7"; - src = fetchurl { - url = "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/mfoc/${name}.tar.gz"; - sha1 = "3adce3029dce9124ff3bc7d0fad86fa0c374a9e3"; + src = fetchFromGitHub { + owner = "nfc-tools"; + repo = pname; + rev = "${pname}-${version}"; + sha256 = "0hbg1fn4000qdg1cfc7y8l0vh1mxlxcz7gapkcq54xp2l6kk1z65"; }; - patches = [./mf_mini.patch]; + patches = [ + (fetchpatch { + url = "https://github.com/nfc-tools/mfoc/commit/f13efb0a6deb1d97ba945d555a6a5d6be89b593f.patch"; + sha256 = "109gqzp8rdsjvj0nra686vy0dpd2bl6q5v9m4v98cpxkbz496450"; + }) + (fetchpatch { + url = "https://github.com/nfc-tools/mfoc/commit/00eae36f891bc4580103e3b54f0bb5228af2cdef.patch"; + sha256 = "1w56aj96g776f37j53jmf3hk21x4mqik3l2bmghrdp8drixc8bzk"; + }) + ]; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; buildInputs = [ libnfc ]; meta = with stdenv.lib; { diff --git a/nixpkgs/pkgs/tools/security/mfoc/mf_mini.patch b/nixpkgs/pkgs/tools/security/mfoc/mf_mini.patch deleted file mode 100644 index 02bd656d6025..000000000000 --- a/nixpkgs/pkgs/tools/security/mfoc/mf_mini.patch +++ /dev/null @@ -1,96 +0,0 @@ -diff --git a/src/mfoc.c b/src/mfoc.c -index 0cb917d..195de68 100644 ---- a/src/mfoc.c -+++ b/src/mfoc.c -@@ -93,8 +93,8 @@ int main(int argc, char *const argv[]) - {0x58, 0x7e, 0xe5, 0xf9, 0x35, 0x0f}, - {0xa0, 0x47, 0x8c, 0xc3, 0x90, 0x91}, - {0x53, 0x3c, 0xb6, 0xc7, 0x23, 0xf6}, -- {0x8f, 0xd0, 0xa4, 0xf2, 0x56, 0xe9} -- -+ {0x8f, 0xd0, 0xa4, 0xf2, 0x56, 0xe9}, -+ {0xb4, 0xc1, 0x32, 0x43, 0x9e, 0xef} - }; - - mftag t; -@@ -219,12 +219,31 @@ int main(int argc, char *const argv[]) - goto error; - } - -- // Save tag's block size (b4K) -- t.b4K = (t.nt.nti.nai.abtAtqa[1] == 0x02); - t.authuid = (uint32_t) bytes_to_num(t.nt.nti.nai.abtUid + t.nt.nti.nai.szUidLen - 4, 4); - -- t.num_blocks = (t.b4K) ? 0xff : 0x3f; -- t.num_sectors = t.b4K ? NR_TRAILERS_4k : NR_TRAILERS_1k; -+ // Get Mifare Classic type from SAK -+ // see http://www.nxp.com/documents/application_note/AN10833.pdf Section 3.2 -+ switch (t.nt.nti.nai.btSak) -+ { -+ case 0x08: -+ printf("Found Mifare Classic 1k tag\n"); -+ t.num_sectors = NR_TRAILERS_1k; -+ t.num_blocks = NR_BLOCKS_1k; -+ break; -+ case 0x09: -+ printf("Found Mifare Classic Mini tag\n"); -+ t.num_sectors = NR_TRAILERS_MINI; -+ t.num_blocks = NR_BLOCKS_MINI; -+ break; -+ case 0x18: -+ printf("Found Mifare Classic 4k tag\n"); -+ t.num_sectors = NR_TRAILERS_4k; -+ t.num_blocks = NR_BLOCKS_4k; -+ break; -+ defaul: -+ ERR("Cannot determine card type from SAK"); -+ goto error; -+ } - - t.sectors = (void *) calloc(t.num_sectors, sizeof(sector)); - if (t.sectors == NULL) { -@@ -564,7 +583,7 @@ void usage(FILE *stream, int errno) - fprintf(stream, " k try the specified key in addition to the default keys\n"); - // fprintf(stream, " D number of distance probes, default is 20\n"); - // fprintf(stream, " S number of sets with keystreams, default is 5\n"); -- fprintf(stream, " P number of probes per sector, instead of default of 20\n"); -+ fprintf(stream, " P number of probes per sector, instead of default of 150\n"); - fprintf(stream, " T nonce tolerance half-range, instead of default of 20\n (i.e., 40 for the total range, in both directions)\n"); - // fprintf(stream, " s specify the list of sectors to crack, for example -s 0,1,3,5\n"); - fprintf(stream, " O file in which the card contents will be written (REQUIRED)\n"); -diff --git a/src/mfoc.h b/src/mfoc.h -index b411670..532e834 100644 ---- a/src/mfoc.h -+++ b/src/mfoc.h -@@ -2,11 +2,21 @@ - #define TRY_KEYS 50 - - // Number of trailers == number of sectors --// 16x64b = 16 -+// Mifare Classic 1k 16x64b = 16 - #define NR_TRAILERS_1k (16) --// 32x64b + 8*256b = 40 -+// Mifare Classic Mini -+#define NR_TRAILERS_MINI (5) -+// Mifare Classic 4k 32x64b + 8*256b = 40 - #define NR_TRAILERS_4k (40) - -+// Number of blocks -+// Mifare Classic 1k -+#define NR_BLOCKS_1k 0x3f -+// Mifare Classic Mini -+#define NR_BLOCKS_MINI 0x13 -+// Mifare Classic 4k -+#define NR_BLOCKS_4k 0xff -+ - #define MAX_FRAME_LEN 264 - - // Used for counting nonce distances, explore [nd-value, nd+value] -@@ -46,7 +56,6 @@ typedef struct { - uint8_t num_sectors; - uint8_t num_blocks; - uint32_t authuid; -- bool b4K; - } mftag; - - typedef struct { diff --git a/nixpkgs/pkgs/tools/security/mkp224o/default.nix b/nixpkgs/pkgs/tools/security/mkp224o/default.nix index b649c57b3462..0c927b7501b6 100644 --- a/nixpkgs/pkgs/tools/security/mkp224o/default.nix +++ b/nixpkgs/pkgs/tools/security/mkp224o/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "mkp224o-${version}"; - version = "1.2.0"; + version = "1.3.0"; src = fetchFromGitHub { owner = "cathugger"; repo = "mkp224o"; rev = "v${version}"; - sha256 = "1m7r0jfm6na6rk75v1kals3bx2cs6jsfxdgpxdljn39j3qr4mxvd"; + sha256 = "1il12ahcs5pj52hxn4xvpjfz801xcg31zk2jnkl80frzlwq040qi"; }; buildCommand = diff --git a/nixpkgs/pkgs/tools/security/pdfcrack/default.nix b/nixpkgs/pkgs/tools/security/pdfcrack/default.nix index 3606e7b23f4b..55d2505ed1cb 100644 --- a/nixpkgs/pkgs/tools/security/pdfcrack/default.nix +++ b/nixpkgs/pkgs/tools/security/pdfcrack/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "pdfcrack-${version}"; - version = "0.16"; + version = "0.17"; src = fetchurl { url = "mirror://sourceforge/pdfcrack/pdfcrack/pdfcrack-${version}.tar.gz"; - sha256 = "1vvkrg3niinz0j9wwm31laxgmd7wdz201kn82b3dbksc0w1v4rbq"; + sha256 = "15hfxwr9yfzkx842p0jjdjnjarny6qc5fwcpy2f6lnq047pb26sn"; }; installPhase = '' diff --git a/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix b/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix index 294e296ba6e0..93dc75c1f32d 100644 --- a/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix +++ b/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix @@ -1,19 +1,26 @@ -{ stdenv, fetchurl, openssl }: +{ stdenv, fetchurl, openssl, libssh2, gpgme }: stdenv.mkDerivation rec { - name = "phrasendrescher-${version}"; - version = "1.0"; + pname = "phrasendrescher"; + version = "1.2.2c"; src = fetchurl { - url = "http://leidecker.info/projects/phrasendrescher/${name}.tar.gz"; - sha256 = "1r0j7ms3i324p6if9cg8i0q900zqfjpvfr8pwj181x8ascysbbf2"; + url = "http://leidecker.info/projects/${pname}/${pname}-${version}.tar.gz"; + sha256 = "18vg6h294219v14x5zqm8ddmq5amxlbz7pw81lcmpz8v678kwyph"; }; - buildInputs = [ openssl ]; + postPatch = '' + substituteInPlace configure \ + --replace 'SSL_LIB="ssl"' 'SSL_LIB="crypto"' + ''; + + buildInputs = [ openssl libssh2 gpgme ]; + + configureFlags = "--with-plugins"; meta = with stdenv.lib; { - description = "Cracking tool that finds passphrases of SSH keys"; - homepage = http://leidecker.info/projects/phrasendrescher.shtml; + description = "A modular and multi processing pass phrase cracking tool"; + homepage = "http://leidecker.info/projects/phrasendrescher/index.shtml"; license = licenses.gpl2Plus; platforms = platforms.all; maintainers = with maintainers; [ bjornfor ]; diff --git a/nixpkgs/pkgs/tools/security/pinentry/default.nix b/nixpkgs/pkgs/tools/security/pinentry/default.nix index 87df0ffd834d..ba7ef7a3cfdd 100644 --- a/nixpkgs/pkgs/tools/security/pinentry/default.nix +++ b/nixpkgs/pkgs/tools/security/pinentry/default.nix @@ -20,7 +20,8 @@ stdenv.mkDerivation rec { patches = lib.optionals (gtk2 != null) [ (fetchpatch { - url = https://sources.debian.org/data/main/p/pinentry/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch; + url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/" + + "0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch"; sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd"; }) ]; diff --git a/nixpkgs/pkgs/tools/security/rng-tools/default.nix b/nixpkgs/pkgs/tools/security/rng-tools/default.nix index 3e460c5f8448..41faa375f83d 100644 --- a/nixpkgs/pkgs/tools/security/rng-tools/default.nix +++ b/nixpkgs/pkgs/tools/security/rng-tools/default.nix @@ -8,7 +8,7 @@ # Not sure if jitterentropy is safe to use for cryptography # and thus a default entropy source , jitterentropy ? null, withJitterEntropy ? false -, libp11 ? null, withPkcs11 ? true +, libp11 ? null, opensc ? null, withPkcs11 ? true }: with stdenv.lib; @@ -26,6 +26,11 @@ stdenv.mkDerivation rec { postPatch = '' cp README.md README + + ${optionalString withPkcs11 '' + substituteInPlace rngd.c \ + --replace /usr/lib64/opensc-pkcs11.so ${opensc}/lib/opensc-pkcs11.so + ''} ''; nativeBuildInputs = [ autoreconfHook libtool pkgconfig ]; @@ -40,7 +45,7 @@ stdenv.mkDerivation rec { buildInputs = [ sysfsutils ] ++ optionals withGcrypt [ libgcrypt ] ++ optionals withJitterEntropy [ jitterentropy ] - ++ optionals withNistBeacon [ openssl curl libxml2 ] + ++ optionals withNistBeacon [ curl libxml2 openssl ] ++ optionals withPkcs11 [ libp11 openssl ]; # This shouldn't be necessary but is as of 6.7 diff --git a/nixpkgs/pkgs/tools/security/signing-party/default.nix b/nixpkgs/pkgs/tools/security/signing-party/default.nix index b3ec973368ca..29af5a5cc0a7 100644 --- a/nixpkgs/pkgs/tools/security/signing-party/default.nix +++ b/nixpkgs/pkgs/tools/security/signing-party/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, autoconf, automake, makeWrapper +{ stdenv, fetchFromGitLab, autoconf, automake, makeWrapper , python3, perl, perlPackages , libmd, gnupg1, which, getopt, libpaper, nettools, qprint , sendmailPath ? "/run/wrappers/bin/sendmail" }: @@ -13,12 +13,15 @@ let ]; in stdenv.mkDerivation rec { pname = "signing-party"; - version = "2.9"; + version = "2.10"; name = "${pname}-${version}"; - src = fetchurl { - url = "mirror://debian/pool/main/s/${pname}/${pname}_${version}.orig.tar.gz"; - sha256 = "14pgi45zqa0zd1ldfj9mnf9jgv5kfrhl78lr8iy7k88p9h6b9n7n"; + src = fetchFromGitLab { + domain = "salsa.debian.org"; + owner = "signing-party-team"; + repo = "signing-party"; + rev = "v${version}"; + sha256 = "0lq8nmwjmysry0n4jg6vb7bh0lagbyb9pa11ii3s41p1mhzchf2r"; }; # TODO: Get this patch upstream... diff --git a/nixpkgs/pkgs/tools/security/ssh-audit/default.nix b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix new file mode 100644 index 000000000000..e615cec945dd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix @@ -0,0 +1,53 @@ +{ fetchFromGitHub, python3Packages, stdenv }: + +python3Packages.buildPythonPackage rec { + pname = "ssh-audit"; + version = "1.7.0"; + + src = fetchFromGitHub { + owner = "arthepsy"; + repo = pname; + rev = "refs/tags/v${version}"; + sha256 = "0akrychkdym9f6830ysq787c9nc0bkyqvy4h72498lyghwvwc2ms"; + }; + + checkInputs = [ + python3Packages.pytest + python3Packages.pytestcov + ]; + + checkPhase = '' + py.test --cov-report= --cov=ssh-audit -v test + ''; + + postPatch = '' + printf %s "$setupPy" > setup.py + mkdir scripts + cp ssh-audit.py scripts/ssh-audit + mkdir ssh_audit + cp ssh-audit.py ssh_audit/__init__.py + ''; + + setupPy = /* py */ '' + from distutils.core import setup + setup( + author='arthepsy', + description='${meta.description}', + license='${meta.license.spdxId}', + name='${pname}', + packages=['ssh_audit'], + scripts=['scripts/ssh-audit'], + url='${meta.homepage}', + version='${version}', + ) + ''; + + meta = { + description = "Tool for ssh server auditing"; + homepage = "https://github.com/arthepsy/ssh-audit"; + license = stdenv.lib.licenses.mit; + maintainers = [ + stdenv.lib.maintainers.tv + ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tor/default.nix b/nixpkgs/pkgs/tools/security/tor/default.nix index 1bda80dab454..b3b71a16eb88 100644 --- a/nixpkgs/pkgs/tools/security/tor/default.nix +++ b/nixpkgs/pkgs/tools/security/tor/default.nix @@ -14,11 +14,12 @@ }: stdenv.mkDerivation rec { - name = "tor-0.3.5.7"; + pname = "tor"; + version = "0.4.0.5"; src = fetchurl { - url = "https://dist.torproject.org/${name}.tar.gz"; - sha256 = "17l31p58rsd30w4b6r4d8pbr84z3y7awahvjxbpmnlxc47y8f20v"; + url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; + sha256 = "0vk9j3ybz5dwwbmqrdj1bjcsxy76pc8frmfvflkdzwfkvkqcp8mm"; }; outputs = [ "out" "geoip" ]; diff --git a/nixpkgs/pkgs/tools/security/wpscan/Gemfile b/nixpkgs/pkgs/tools/security/wpscan/Gemfile index 3b5e4282ab58..5d76cd24f3ea 100644 --- a/nixpkgs/pkgs/tools/security/wpscan/Gemfile +++ b/nixpkgs/pkgs/tools/security/wpscan/Gemfile @@ -1,2 +1,2 @@ source 'https://rubygems.org' -gem 'wpscan', '= 3.4.3' +gem 'wpscan' diff --git a/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock b/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock index 877e3f4b53bf..bf03aba14181 100644 --- a/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock @@ -1,34 +1,34 @@ GEM remote: https://rubygems.org/ specs: - activesupport (5.2.2) + activesupport (5.2.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.5.2) + addressable (2.6.0) public_suffix (>= 2.0.2, < 4.0) - cms_scanner (0.0.41.3) + cms_scanner (0.5.1) nokogiri (~> 1.10.0) - opt_parse_validator (~> 0.0.16.6) + opt_parse_validator (~> 1.7.2) public_suffix (~> 3.0.0) ruby-progressbar (~> 1.10.0) typhoeus (~> 1.3.0) xmlrpc (~> 0.3) yajl-ruby (~> 1.4.1) - concurrent-ruby (1.1.4) + concurrent-ruby (1.1.5) ethon (0.12.0) ffi (>= 1.3.0) ffi (1.10.0) - i18n (1.5.2) + i18n (1.6.0) concurrent-ruby (~> 1.0) mini_portile2 (2.4.0) minitest (5.11.3) - nokogiri (1.10.1) + nokogiri (1.10.3) mini_portile2 (~> 2.4.0) - opt_parse_validator (0.0.16.6) + opt_parse_validator (1.7.2) activesupport (>= 4.2, < 5.3.0) - addressable (~> 2.5.0) + addressable (>= 2.5, < 2.7) public_suffix (3.0.3) ruby-progressbar (1.10.0) thread_safe (0.3.6) @@ -36,8 +36,8 @@ GEM ethon (>= 0.9.0) tzinfo (1.2.5) thread_safe (~> 0.1) - wpscan (3.4.3) - cms_scanner (~> 0.0.41.2) + wpscan (3.5.3) + cms_scanner (~> 0.5.0) xmlrpc (0.3.0) yajl-ruby (1.4.1) @@ -45,7 +45,7 @@ PLATFORMS ruby DEPENDENCIES - wpscan (= 3.4.3) + wpscan BUNDLED WITH - 1.16.3 + 1.17.2 diff --git a/nixpkgs/pkgs/tools/security/wpscan/default.nix b/nixpkgs/pkgs/tools/security/wpscan/default.nix index 9049318c249d..85455325f695 100644 --- a/nixpkgs/pkgs/tools/security/wpscan/default.nix +++ b/nixpkgs/pkgs/tools/security/wpscan/default.nix @@ -15,7 +15,7 @@ bundlerApp { description = "Black box WordPress vulnerability scanner"; homepage = https://wpscan.org/; license = licenses.unfreeRedistributable; - maintainers = [ maintainers.nyanloutre ]; + maintainers = with maintainers; [ nyanloutre manveru ]; platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/wpscan/gemset.nix b/nixpkgs/pkgs/tools/security/wpscan/gemset.nix index 6377f05607fe..c0ad80bd99b1 100644 --- a/nixpkgs/pkgs/tools/security/wpscan/gemset.nix +++ b/nixpkgs/pkgs/tools/security/wpscan/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1iya7vxqwxysr74s7b4z1x19gmnx5advimzip3cbmsd5bd43wfgz"; + sha256 = "110vp4frgkw3mpzlmshg2f2ig09cknls2w68ym1r1s39d01v0mi8"; type = "gem"; }; - version = "5.2.2"; + version = "5.2.3"; }; addressable = { dependencies = ["public_suffix"]; @@ -16,10 +16,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0viqszpkggqi8hq87pqp0xykhvz60g99nwmkwsb0v45kc2liwxvk"; + sha256 = "0bcm2hchn897xjhqj9zzsxf3n9xhddymj4lsclz508f4vw3av46l"; type = "gem"; }; - version = "2.5.2"; + version = "2.6.0"; }; cms_scanner = { dependencies = ["nokogiri" "opt_parse_validator" "public_suffix" "ruby-progressbar" "typhoeus" "xmlrpc" "yajl-ruby"]; @@ -27,20 +27,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0m09dlyd4c51nd81dp09nddjpp81n1y0k8g36jf4d78nlgsc83s6"; + sha256 = "03hvvqq0s35a6l7lx9zpagv0gcdzhw7jvhzssiaiy6y81cx4z9pn"; type = "gem"; }; - version = "0.0.41.3"; + version = "0.5.1"; }; concurrent-ruby = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ixcx9pfissxrga53jbdpza85qd5f6b5nq1sfqa9rnfq82qnlbp1"; + sha256 = "1x07r23s7836cpp5z9yrlbpljcxpax14yw4fy4bnp6crhr6x24an"; type = "gem"; }; - version = "1.1.4"; + version = "1.1.5"; }; ethon = { dependencies = ["ffi"]; @@ -69,10 +69,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "088xnnpi7hq243n44fmgqvjr0m86ivk8r87k9b3ddq3b7nl6nyf9"; + sha256 = "1hfxnlyr618s25xpafw9mypa82qppjccbh292c4l3bj36az7f6wl"; type = "gem"; }; - version = "1.5.2"; + version = "1.6.0"; }; mini_portile2 = { groups = ["default"]; @@ -100,10 +100,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "09zll7c6j7xr6wyvh5mm5ncj6pkryp70ybcsxdbw1nyphx5dh184"; + sha256 = "02bjydih0j515szfv9mls195cvpyidh6ixm7dwbl3s2sbaxxk5s4"; type = "gem"; }; - version = "1.10.1"; + version = "1.10.3"; }; opt_parse_validator = { dependencies = ["activesupport" "addressable"]; @@ -111,10 +111,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "127qxgf6kvv4fnnn5bxx8ivfknjf3ydz3vkxrxj26mva4ijwnkl4"; + sha256 = "14zp0260x652pf75maq9ydvqsqgv8ji9w85gjk8f0vwjykf1151n"; type = "gem"; }; - version = "0.0.16.6"; + version = "1.7.2"; }; public_suffix = { groups = ["default"]; @@ -174,10 +174,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "13wmgmkh7n2jkgf46q9755nsvj34fag1gnns7rlbynkk1277ng6x"; + sha256 = "0j4v24iwy35q7qy3l8zr5r8mjn7nc7ahdiq13dpgjwrprvrw1jk2"; type = "gem"; }; - version = "3.4.3"; + version = "3.5.3"; }; xmlrpc = { groups = ["default"]; |