about summary refs log tree commit diff
path: root/nixpkgs/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
-rw-r--r--nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix4
-rw-r--r--nixpkgs/pkgs/tools/security/fail2ban/default.nix15
-rw-r--r--nixpkgs/pkgs/tools/security/fido2luks/default.nix32
-rw-r--r--nixpkgs/pkgs/tools/security/jwt-cli/default.nix4
-rw-r--r--nixpkgs/pkgs/tools/security/nmap/default.nix43
-rw-r--r--nixpkgs/pkgs/tools/security/nmap/qt.nix4
-rw-r--r--nixpkgs/pkgs/tools/security/pass/default.nix6
-rw-r--r--nixpkgs/pkgs/tools/security/rage/default.nix24
8 files changed, 90 insertions, 42 deletions
diff --git a/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix b/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix
index 5e304f86b4ef..76c845e7a99e 100644
--- a/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix
+++ b/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, fetchFromGitHub, qmake, pcsclite, pkgconfig, opensc }:
+{ mkDerivation, fetchFromGitHub, qmake, pcsclite, pkgconfig, opensc }:
 
-stdenv.mkDerivation rec {
+mkDerivation rec {
   pname = "chrome-token-signing";
   version = "1.0.7";
 
diff --git a/nixpkgs/pkgs/tools/security/fail2ban/default.nix b/nixpkgs/pkgs/tools/security/fail2ban/default.nix
index 5ea918542828..4ec84353e4ee 100644
--- a/nixpkgs/pkgs/tools/security/fail2ban/default.nix
+++ b/nixpkgs/pkgs/tools/security/fail2ban/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, fetchFromGitHub, fetchpatch, python3, gamin }:
+{ stdenv, fetchFromGitHub, python3, gamin }:
 
-let version = "0.10.4"; in
+let version = "0.10.5"; in
 
 python3.pkgs.buildPythonApplication {
   pname = "fail2ban";
@@ -10,18 +10,9 @@ python3.pkgs.buildPythonApplication {
     owner  = "fail2ban";
     repo   = "fail2ban";
     rev    = version;
-    sha256 = "07ik6rm856q0ic2r7vbg6j3hsdcdgkv44hh5ck0c2y21fqwrck3l";
+    sha256 = "1s8g46vkwhqnagj69v4wvcasypzkmq7awhfbxahffrypcpad5ach";
   };
 
-  patches = [
-    # 0.10.3 supports Python 3 but somehow this got into the way
-    # https://github.com/fail2ban/fail2ban/issues/2255
-    (fetchpatch {
-      url = "https://github.com/fail2ban/fail2ban/commit/657b147c0d7830f3600f3dc7feaa4815a7e19fde.patch";
-      sha256 = "1hrk2x7ssrfhab1wrjk5xw1sxhiv2735glfcp6qcj8x4dss3q7f7";
-    })
-  ];
-
   pythonPath = with python3.pkgs;
     stdenv.lib.optionals stdenv.isLinux [
       systemd
diff --git a/nixpkgs/pkgs/tools/security/fido2luks/default.nix b/nixpkgs/pkgs/tools/security/fido2luks/default.nix
new file mode 100644
index 000000000000..0bb5a91a81a7
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/fido2luks/default.nix
@@ -0,0 +1,32 @@
+{ stdenv
+, rustPlatform
+, fetchFromGitHub
+, cryptsetup
+, pkg-config
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "fido2luks";
+  version = "0.2.2";
+
+  src = fetchFromGitHub {
+    owner = "shimunn";
+    repo = pname;
+    rev = version;
+    sha256 = "018qzbgmgm0f0d0c7i54nqqjbr4k5mzy1xfavi6hpifjll971wci";
+  };
+
+  buildInputs = [ cryptsetup ];
+  nativeBuildInputs = [ pkg-config ];
+
+  cargoSha256 = "1kf757wxxk5h8dfbz588qw1pnyjbg5qzr7rz14i7x8rhmn5xwb74";
+  verifyCargoDeps = true;
+
+  meta = with stdenv.lib; {
+    description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator";
+    homepage = "https://github.com/shimunn/fido2luks";
+    license = licenses.gpl3;
+    maintainers = with maintainers; [ prusnak mmahut ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix
index 7146cc52e9e1..83b630a4f4f6 100644
--- a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix
+++ b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, rustPlatform }:
+{ stdenv, fetchFromGitHub, rustPlatform, Security }:
 
 rustPlatform.buildRustPackage rec {
   pname = "jwt-cli";
@@ -13,6 +13,8 @@ rustPlatform.buildRustPackage rec {
 
   cargoSha256 = "005y92acsn5j490jkp23ny7bsjd9ql1glybmbh4cyc8b15hmy618";
 
+  buildInputs = stdenv.lib.optional stdenv.isDarwin Security;
+
   meta = with stdenv.lib; {
     description = "Super fast CLI tool to decode and encode JWTs";
     homepage = "https://github.com/mike-engel/jwt-cli";
diff --git a/nixpkgs/pkgs/tools/security/nmap/default.nix b/nixpkgs/pkgs/tools/security/nmap/default.nix
index 1b66dab35c8f..f88c533d71d3 100644
--- a/nixpkgs/pkgs/tools/security/nmap/default.nix
+++ b/nixpkgs/pkgs/tools/security/nmap/default.nix
@@ -1,24 +1,16 @@
 { stdenv, fetchurl, fetchpatch, libpcap, pkgconfig, openssl, lua5_3
+, pcre, liblinear, libssh2
 , graphicalSupport ? false
 , libX11 ? null
 , gtk2 ? null
-, withPython ? false # required for the `ndiff` binary
-, python2Packages ? null
+, python2 ? null
 , makeWrapper ? null
 , withLua ? true
 }:
 
-assert withPython -> python2Packages != null;
-
 with stdenv.lib;
 
-let
-
-  # Zenmap (the graphical program) also requires Python,
-  # so automatically enable pythonSupport if graphicalSupport is requested.
-  pythonSupport = withPython || graphicalSupport;
-
-in stdenv.mkDerivation rec {
+stdenv.mkDerivation rec {
   name = "nmap${optionalString graphicalSupport "-graphical"}-${version}";
   version = "7.80";
 
@@ -48,10 +40,7 @@ in stdenv.mkDerivation rec {
 
   configureFlags = [
     (if withLua then "--with-liblua=${lua5_3}" else "--without-liblua")
-  ]
-    ++ optional (!pythonSupport) "--without-ndiff"
-    ++ optional (!graphicalSupport) "--without-zenmap"
-    ;
+  ] ++ optionals (!graphicalSupport) [ "--without-ndiff" "--without-zenmap" ];
 
   makeFlags = optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
     "AR=${stdenv.cc.bintools.targetPrefix}ar"
@@ -59,18 +48,22 @@ in stdenv.mkDerivation rec {
     "CC=${stdenv.cc.targetPrefix}gcc"
   ];
 
-  postInstall = optionalString pythonSupport ''
-      wrapProgram $out/bin/ndiff --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH"
-  '' + optionalString graphicalSupport ''
-      wrapProgram $out/bin/zenmap --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" --prefix PYTHONPATH : $(toPythonPath $pygtk)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pygobject)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pycairo)/gtk-2.0
+  pythonPath = with python2.pkgs; optionals graphicalSupport  [
+    pygtk pysqlite pygobject2 pycairo
+  ];
+
+  nativeBuildInputs = [ pkgconfig ] ++ optionals graphicalSupport [ python2.pkgs.wrapPython ];
+  buildInputs = [ pcre liblinear libssh2 libpcap openssl ] ++ optionals graphicalSupport (with python2.pkgs; [
+    python2 libX11 gtk2
+  ]);
+
+  postInstall = optionalString graphicalSupport ''
+    buildPythonPath "$out $pythonPath"
+    patchPythonScript $out/bin/ndiff
+    patchPythonScript $out/bin/zenmap
   '';
 
-  nativeBuildInputs = [ pkgconfig ];
-  buildInputs = with python2Packages; [ libpcap openssl ]
-    ++ optionals pythonSupport [ makeWrapper python ]
-    ++ optionals graphicalSupport [
-      libX11 gtk2 pygtk pysqlite pygobject2 pycairo
-    ];
+  enableParallelBuilding = true;
 
   doCheck = false; # fails 3 tests, probably needs the net
 
diff --git a/nixpkgs/pkgs/tools/security/nmap/qt.nix b/nixpkgs/pkgs/tools/security/nmap/qt.nix
index f873c475bbfe..2dcd7fed0c4b 100644
--- a/nixpkgs/pkgs/tools/security/nmap/qt.nix
+++ b/nixpkgs/pkgs/tools/security/nmap/qt.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, cmake, pkgconfig, makeWrapper
+{ stdenv, fetchFromGitHub, cmake, pkgconfig, wrapQtAppsHook
 , dnsutils, nmap
 , qtbase, qtscript, qtwebengine }:
 
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
     sha256 = "10wqyrjzmad1g7lqa65rymbkna028xbp4xcpj442skw8gyrs3994";
   };
 
-  nativeBuildInputs = [ cmake makeWrapper pkgconfig ];
+  nativeBuildInputs = [ cmake pkgconfig wrapQtAppsHook ];
 
   buildInputs = [ qtbase qtscript qtwebengine ];
 
diff --git a/nixpkgs/pkgs/tools/security/pass/default.nix b/nixpkgs/pkgs/tools/security/pass/default.nix
index 5d0e94bc803e..54a8f4de7d7b 100644
--- a/nixpkgs/pkgs/tools/security/pass/default.nix
+++ b/nixpkgs/pkgs/tools/security/pass/default.nix
@@ -111,6 +111,12 @@ let
     '' + stdenv.lib.optionalString stdenv.isDarwin ''
       # 'pass edit' uses hdid, which is not available from the sandbox.
       rm -f tests/t0200-edit-tests.sh
+      rm -f tests/t0010-generate-tests.sh
+      rm -f tests/t0020-show-tests.sh
+      rm -f tests/t0050-mv-tests.sh
+      rm -f tests/t0100-insert-tests.sh
+      rm -f tests/t0300-reencryption.sh
+      rm -f tests/t0400-grep.sh
     '';
 
     doCheck = false;
diff --git a/nixpkgs/pkgs/tools/security/rage/default.nix b/nixpkgs/pkgs/tools/security/rage/default.nix
new file mode 100644
index 000000000000..63cc2972a58d
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/rage/default.nix
@@ -0,0 +1,24 @@
+{ stdenv, rustPlatform, fetchFromGitHub, Security }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "rage";
+  version = "0.2.0";
+
+  src = fetchFromGitHub {
+    owner = "str4d";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0ri4rfhy1wl0cppi2cp97kkiz08x2f072yfahn2kv9r4v1i9f4a7";
+  };
+
+  cargoSha256 = "02adwvcvha83zcvc5n7p88l7wmkg52j2xhznmhabc0zn328as2yd";
+
+  buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security ];
+
+  meta = with stdenv.lib; {
+    description = "A simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability";
+    homepage = "https://github.com/str4d/rage";
+    license = licenses.asl20;
+    maintainers = [ maintainers.marsam ];
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-21 07:41:56 +0000