diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
-rw-r--r-- | nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/fail2ban/default.nix | 15 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/fido2luks/default.nix | 32 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/jwt-cli/default.nix | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/nmap/default.nix | 43 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/nmap/qt.nix | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/pass/default.nix | 6 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/rage/default.nix | 24 |
8 files changed, 90 insertions, 42 deletions
diff --git a/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix b/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix index 5e304f86b4ef..76c845e7a99e 100644 --- a/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix +++ b/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchFromGitHub, qmake, pcsclite, pkgconfig, opensc }: +{ mkDerivation, fetchFromGitHub, qmake, pcsclite, pkgconfig, opensc }: -stdenv.mkDerivation rec { +mkDerivation rec { pname = "chrome-token-signing"; version = "1.0.7"; diff --git a/nixpkgs/pkgs/tools/security/fail2ban/default.nix b/nixpkgs/pkgs/tools/security/fail2ban/default.nix index 5ea918542828..4ec84353e4ee 100644 --- a/nixpkgs/pkgs/tools/security/fail2ban/default.nix +++ b/nixpkgs/pkgs/tools/security/fail2ban/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchFromGitHub, fetchpatch, python3, gamin }: +{ stdenv, fetchFromGitHub, python3, gamin }: -let version = "0.10.4"; in +let version = "0.10.5"; in python3.pkgs.buildPythonApplication { pname = "fail2ban"; @@ -10,18 +10,9 @@ python3.pkgs.buildPythonApplication { owner = "fail2ban"; repo = "fail2ban"; rev = version; - sha256 = "07ik6rm856q0ic2r7vbg6j3hsdcdgkv44hh5ck0c2y21fqwrck3l"; + sha256 = "1s8g46vkwhqnagj69v4wvcasypzkmq7awhfbxahffrypcpad5ach"; }; - patches = [ - # 0.10.3 supports Python 3 but somehow this got into the way - # https://github.com/fail2ban/fail2ban/issues/2255 - (fetchpatch { - url = "https://github.com/fail2ban/fail2ban/commit/657b147c0d7830f3600f3dc7feaa4815a7e19fde.patch"; - sha256 = "1hrk2x7ssrfhab1wrjk5xw1sxhiv2735glfcp6qcj8x4dss3q7f7"; - }) - ]; - pythonPath = with python3.pkgs; stdenv.lib.optionals stdenv.isLinux [ systemd diff --git a/nixpkgs/pkgs/tools/security/fido2luks/default.nix b/nixpkgs/pkgs/tools/security/fido2luks/default.nix new file mode 100644 index 000000000000..0bb5a91a81a7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fido2luks/default.nix @@ -0,0 +1,32 @@ +{ stdenv +, rustPlatform +, fetchFromGitHub +, cryptsetup +, pkg-config +}: + +rustPlatform.buildRustPackage rec { + pname = "fido2luks"; + version = "0.2.2"; + + src = fetchFromGitHub { + owner = "shimunn"; + repo = pname; + rev = version; + sha256 = "018qzbgmgm0f0d0c7i54nqqjbr4k5mzy1xfavi6hpifjll971wci"; + }; + + buildInputs = [ cryptsetup ]; + nativeBuildInputs = [ pkg-config ]; + + cargoSha256 = "1kf757wxxk5h8dfbz588qw1pnyjbg5qzr7rz14i7x8rhmn5xwb74"; + verifyCargoDeps = true; + + meta = with stdenv.lib; { + description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator"; + homepage = "https://github.com/shimunn/fido2luks"; + license = licenses.gpl3; + maintainers = with maintainers; [ prusnak mmahut ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix index 7146cc52e9e1..83b630a4f4f6 100644 --- a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, rustPlatform }: +{ stdenv, fetchFromGitHub, rustPlatform, Security }: rustPlatform.buildRustPackage rec { pname = "jwt-cli"; @@ -13,6 +13,8 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "005y92acsn5j490jkp23ny7bsjd9ql1glybmbh4cyc8b15hmy618"; + buildInputs = stdenv.lib.optional stdenv.isDarwin Security; + meta = with stdenv.lib; { description = "Super fast CLI tool to decode and encode JWTs"; homepage = "https://github.com/mike-engel/jwt-cli"; diff --git a/nixpkgs/pkgs/tools/security/nmap/default.nix b/nixpkgs/pkgs/tools/security/nmap/default.nix index 1b66dab35c8f..f88c533d71d3 100644 --- a/nixpkgs/pkgs/tools/security/nmap/default.nix +++ b/nixpkgs/pkgs/tools/security/nmap/default.nix @@ -1,24 +1,16 @@ { stdenv, fetchurl, fetchpatch, libpcap, pkgconfig, openssl, lua5_3 +, pcre, liblinear, libssh2 , graphicalSupport ? false , libX11 ? null , gtk2 ? null -, withPython ? false # required for the `ndiff` binary -, python2Packages ? null +, python2 ? null , makeWrapper ? null , withLua ? true }: -assert withPython -> python2Packages != null; - with stdenv.lib; -let - - # Zenmap (the graphical program) also requires Python, - # so automatically enable pythonSupport if graphicalSupport is requested. - pythonSupport = withPython || graphicalSupport; - -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; version = "7.80"; @@ -48,10 +40,7 @@ in stdenv.mkDerivation rec { configureFlags = [ (if withLua then "--with-liblua=${lua5_3}" else "--without-liblua") - ] - ++ optional (!pythonSupport) "--without-ndiff" - ++ optional (!graphicalSupport) "--without-zenmap" - ; + ] ++ optionals (!graphicalSupport) [ "--without-ndiff" "--without-zenmap" ]; makeFlags = optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ "AR=${stdenv.cc.bintools.targetPrefix}ar" @@ -59,18 +48,22 @@ in stdenv.mkDerivation rec { "CC=${stdenv.cc.targetPrefix}gcc" ]; - postInstall = optionalString pythonSupport '' - wrapProgram $out/bin/ndiff --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" - '' + optionalString graphicalSupport '' - wrapProgram $out/bin/zenmap --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" --prefix PYTHONPATH : $(toPythonPath $pygtk)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pygobject)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pycairo)/gtk-2.0 + pythonPath = with python2.pkgs; optionals graphicalSupport [ + pygtk pysqlite pygobject2 pycairo + ]; + + nativeBuildInputs = [ pkgconfig ] ++ optionals graphicalSupport [ python2.pkgs.wrapPython ]; + buildInputs = [ pcre liblinear libssh2 libpcap openssl ] ++ optionals graphicalSupport (with python2.pkgs; [ + python2 libX11 gtk2 + ]); + + postInstall = optionalString graphicalSupport '' + buildPythonPath "$out $pythonPath" + patchPythonScript $out/bin/ndiff + patchPythonScript $out/bin/zenmap ''; - nativeBuildInputs = [ pkgconfig ]; - buildInputs = with python2Packages; [ libpcap openssl ] - ++ optionals pythonSupport [ makeWrapper python ] - ++ optionals graphicalSupport [ - libX11 gtk2 pygtk pysqlite pygobject2 pycairo - ]; + enableParallelBuilding = true; doCheck = false; # fails 3 tests, probably needs the net diff --git a/nixpkgs/pkgs/tools/security/nmap/qt.nix b/nixpkgs/pkgs/tools/security/nmap/qt.nix index f873c475bbfe..2dcd7fed0c4b 100644 --- a/nixpkgs/pkgs/tools/security/nmap/qt.nix +++ b/nixpkgs/pkgs/tools/security/nmap/qt.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, cmake, pkgconfig, makeWrapper +{ stdenv, fetchFromGitHub, cmake, pkgconfig, wrapQtAppsHook , dnsutils, nmap , qtbase, qtscript, qtwebengine }: @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { sha256 = "10wqyrjzmad1g7lqa65rymbkna028xbp4xcpj442skw8gyrs3994"; }; - nativeBuildInputs = [ cmake makeWrapper pkgconfig ]; + nativeBuildInputs = [ cmake pkgconfig wrapQtAppsHook ]; buildInputs = [ qtbase qtscript qtwebengine ]; diff --git a/nixpkgs/pkgs/tools/security/pass/default.nix b/nixpkgs/pkgs/tools/security/pass/default.nix index 5d0e94bc803e..54a8f4de7d7b 100644 --- a/nixpkgs/pkgs/tools/security/pass/default.nix +++ b/nixpkgs/pkgs/tools/security/pass/default.nix @@ -111,6 +111,12 @@ let '' + stdenv.lib.optionalString stdenv.isDarwin '' # 'pass edit' uses hdid, which is not available from the sandbox. rm -f tests/t0200-edit-tests.sh + rm -f tests/t0010-generate-tests.sh + rm -f tests/t0020-show-tests.sh + rm -f tests/t0050-mv-tests.sh + rm -f tests/t0100-insert-tests.sh + rm -f tests/t0300-reencryption.sh + rm -f tests/t0400-grep.sh ''; doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/rage/default.nix b/nixpkgs/pkgs/tools/security/rage/default.nix new file mode 100644 index 000000000000..63cc2972a58d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rage/default.nix @@ -0,0 +1,24 @@ +{ stdenv, rustPlatform, fetchFromGitHub, Security }: + +rustPlatform.buildRustPackage rec { + pname = "rage"; + version = "0.2.0"; + + src = fetchFromGitHub { + owner = "str4d"; + repo = pname; + rev = "v${version}"; + sha256 = "0ri4rfhy1wl0cppi2cp97kkiz08x2f072yfahn2kv9r4v1i9f4a7"; + }; + + cargoSha256 = "02adwvcvha83zcvc5n7p88l7wmkg52j2xhznmhabc0zn328as2yd"; + + buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security ]; + + meta = with stdenv.lib; { + description = "A simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability"; + homepage = "https://github.com/str4d/rage"; + license = licenses.asl20; + maintainers = [ maintainers.marsam ]; + }; +} |