diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
511 files changed, 31508 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/2fa/default.nix b/nixpkgs/pkgs/tools/security/2fa/default.nix new file mode 100644 index 000000000000..b06454e736c8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/2fa/default.nix @@ -0,0 +1,22 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + version = "1.2.0"; + pname = "2fa"; + + goPackagePath = "rsc.io/2fa"; + + src = fetchFromGitHub { + owner = "rsc"; + repo = "2fa"; + rev = "v${version}"; + sha256 = "sha256-cB5iADZwvJQwwK1GockE2uicFlqFMEAY6xyeXF5lnUY="; + }; + + meta = with lib; { + homepage = "https://rsc.io/2fa"; + description = "Two-factor authentication on the command line"; + maintainers = with maintainers; [ rvolosatovs ]; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/acsccid/default.nix b/nixpkgs/pkgs/tools/security/acsccid/default.nix new file mode 100644 index 000000000000..f471393b2cfc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/acsccid/default.nix @@ -0,0 +1,84 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoconf +, automake +, libtool +, gettext +, flex +, perl +, pkg-config +, pcsclite +, libusb1 +, libiconv +}: + +stdenv.mkDerivation rec { + version = "1.1.8"; + pname = "acsccid"; + + src = fetchFromGitHub { + owner = "acshk"; + repo = pname; + rev = "v${version}"; + sha256 = "12aahrvsk21qgpjwcrr01s742ixs44nmjkvcvqyzhqb307x1rrn3"; + }; + + nativeBuildInputs = [ + pkg-config + autoconf + automake + libtool + gettext + flex + perl + ]; + + buildInputs = [ + pcsclite + libusb1 + ] ++ lib.optionals stdenv.isDarwin [ + libiconv + ]; + + configureFlags = [ + "--enable-usbdropdir=${placeholder "out"}/pcsc/drivers" + ]; + + doCheck = true; + + postPatch = '' + sed -e s_/bin/echo_echo_g -i src/Makefile.am + patchShebangs src/convert_version.pl + patchShebangs src/create_Info_plist.pl + ''; + + preConfigure = '' + libtoolize --force + aclocal + autoheader + automake --force-missing --add-missing + autoconf + ''; + + meta = with lib; { + description = "A PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card readers"; + longDescription = '' + acsccid is a PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card + readers. This library provides a PC/SC IFD handler implementation and + communicates with the readers through the PC/SC Lite resource manager (pcscd). + + acsccid is based on ccid. See CCID free software driver for more + information: + https://ccid.apdu.fr/ + + It can be enabled in /etc/nixos/configuration.nix by adding: + services.pcscd.enable = true; + services.pcscd.plugins = [ pkgs.acsccid ]; + ''; + homepage = src.meta.homepage; + license = licenses.lgpl2Plus; + maintainers = with maintainers; [ ]; + platforms = with platforms; unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aespipe/default.nix b/nixpkgs/pkgs/tools/security/aespipe/default.nix new file mode 100644 index 000000000000..dcef28f2258f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aespipe/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchurl, sharutils, makeWrapper }: + +stdenv.mkDerivation rec { + pname = "aespipe"; + version = "2.4f"; + + src = fetchurl { + url = "mirror://sourceforge/loop-aes/aespipe/aespipe-v${version}.tar.bz2"; + sha256 = "15pg9j27mjzl78mpzkdqd84kdafj0g6j72f8wgjrpp2qkxjy2ddi"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + configureFlags = [ "--enable-padlock" "--enable-intelaes" ]; + + postInstall = '' + cp bz2aespipe $out/bin + wrapProgram $out/bin/bz2aespipe \ + --prefix PATH : $out/bin:${lib.makeBinPath [ sharutils ]} + ''; + + meta = with lib; { + description = "AES encrypting or decrypting pipe"; + homepage = "http://loop-aes.sourceforge.net/aespipe.README"; + license = licenses.gpl2; + maintainers = [ maintainers.goibhniu ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/afl/README.md b/nixpkgs/pkgs/tools/security/afl/README.md new file mode 100644 index 000000000000..180cad6bc4ca --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/README.md @@ -0,0 +1,19 @@ +Updating the QEMU patches +========================= + +When updating to the latest American Fuzzy Lop, make sure to check for +any new patches to qemu for binary fuzzing support: + +https://github.com/google/AFL/tree/master/qemu_mode + +Be sure to check the build script and make sure it's also using the +right QEMU version and options in `qemu.nix`: + +https://github.com/google/AFL/blob/master/qemu_mode/build_qemu_support.sh + +`afl-config.h`, `afl-types.h`, and `afl-qemu-cpu-inl.h` are part of +the afl source code, and copied from `config.h`, `types.h` and +`afl-qemu-cpu-inl.h` appropriately. These files and the QEMU patches +need to be slightly adjusted to fix their `#include`s (the patches +try to otherwise include files like `../../config.h` which causes the +build to fail). diff --git a/nixpkgs/pkgs/tools/security/afl/default.nix b/nixpkgs/pkgs/tools/security/afl/default.nix new file mode 100644 index 000000000000..ccdbd78716d9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/default.nix @@ -0,0 +1,82 @@ +{ lib, stdenv, fetchFromGitHub, callPackage, makeWrapper +, clang, llvm, which, libcgroup +}: + +let + afl-qemu = callPackage ./qemu.nix { inherit afl; }; + qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64" + else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386" + else throw "afl: no support for ${stdenv.hostPlatform.system}!"; + afl = stdenv.mkDerivation rec { + pname = "afl"; + version = "2.57b"; + + src = fetchFromGitHub { + owner = "google"; + repo = pname; + rev = "v${version}"; + sha256 = "0fqj3g6ds1f21kxz7m9mc1fspi9r4jg9jcmi60inwxijrc5ncvr6"; + }; + enableParallelBuilding = true; + + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + nativeBuildInputs = [ makeWrapper which llvm.dev ]; + buildInputs = [ llvm ]; + + makeFlags = [ "PREFIX=$(out)" ]; + postBuild = '' + make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES + ''; + postInstall = '' + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # Install the cgroups wrapper for asan-based fuzzing. + cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + # Patch shebangs before wrapping + patchShebangs $out/bin + + # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it + # has totally different semantics in that case(?) - and also set a + # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out + # of $PATH. + # first though we need to replace the afl-clang-fast++ symlink with + # a real copy to prevent wrapProgram skipping the symlink and confusing + # nix's cc wrapper + rm $out/bin/afl-clang-fast++ + cp $out/bin/afl-clang-fast $out/bin/afl-clang-fast++ + for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do + wrapProgram $x \ + --prefix AFL_PATH : "$out/lib/afl" \ + --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' + done + ''; + + passthru.qemu = afl-qemu; + + meta = { + description = "Powerful fuzzer via genetic algorithms and instrumentation"; + longDescription = '' + American fuzzy lop is a fuzzer that employs a novel type of + compile-time instrumentation and genetic algorithms to + automatically discover clean, interesting test cases that + trigger new internal states in the targeted binary. This + substantially improves the functional coverage for the fuzzed + code. The compact synthesized corpora produced by the tool are + also useful for seeding other, more labor or resource-intensive + testing regimes down the road. + ''; + homepage = "https://lcamtuf.coredump.cx/afl/"; + license = lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = with lib.maintainers; [ thoughtpolice ris ]; + }; + }; +in afl diff --git a/nixpkgs/pkgs/tools/security/afl/libdislocator.nix b/nixpkgs/pkgs/tools/security/afl/libdislocator.nix new file mode 100644 index 000000000000..400464c00567 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/libdislocator.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, afl}: + +stdenv.mkDerivation { + version = lib.getVersion afl; + pname = "libdislocator"; + + src = afl.src; + sourceRoot = "${afl.src.name}/libdislocator"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libdislocator-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libdislocator.so + END + chmod +x $out/bin/get-libdislocator-so + ''; + + meta = with lib; { + homepage = "https://lcamtuf.coredump.cx/afl/"; + description = '' + Drop-in replacement for the libc allocator which improves + the odds of bumping into heap-related security bugs in + several ways. + ''; + license = lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch b/nixpkgs/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch new file mode 100644 index 000000000000..5dfbfd780f1c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index d6b9dc1..ce7c493 100644 +--- a/Makefile ++++ b/Makefile +@@ -601,7 +601,7 @@ install-localstatedir: + endif + + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir ++install: all $(if $(BUILD_DOCS),install-doc) install-datadir + ifneq ($(TOOLS),) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) + endif diff --git a/nixpkgs/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff b/nixpkgs/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff new file mode 100644 index 000000000000..aa2950bf157c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff @@ -0,0 +1,51 @@ +--- qemu-2.10.0-clean/linux-user/syscall.c 2020-03-12 18:47:47.898592169 +0100 ++++ qemu-2.10.0/linux-user/syscall.c 2020-03-13 09:13:42.461809699 +0100 +@@ -34,6 +34,7 @@ + #include <sys/resource.h> + #include <sys/swap.h> + #include <linux/capability.h> ++#include <linux/sockios.h> // https://lkml.org/lkml/2019/6/3/988 + #include <sched.h> + #include <sys/timex.h> + #ifdef __ia64__ +@@ -256,7 +257,9 @@ static type name (type1 arg1,type2 arg2, + #endif + + #ifdef __NR_gettid +-_syscall0(int, gettid) ++// taken from https://patchwork.kernel.org/patch/10862231/ ++#define __NR_sys_gettid __NR_gettid ++_syscall0(int, sys_gettid) + #else + /* This is a replacement for the host gettid() and must return a host + errno. */ +@@ -6219,7 +6222,7 @@ static void *clone_func(void *arg) + cpu = ENV_GET_CPU(env); + thread_cpu = cpu; + ts = (TaskState *)cpu->opaque; +- info->tid = gettid(); ++ info->tid = sys_gettid(); + task_settid(ts); + if (info->child_tidptr) + put_user_u32(info->tid, info->child_tidptr); +@@ -6363,9 +6366,9 @@ static int do_fork(CPUArchState *env, un + mapping. We can't repeat the spinlock hack used above because + the child process gets its own copy of the lock. */ + if (flags & CLONE_CHILD_SETTID) +- put_user_u32(gettid(), child_tidptr); ++ put_user_u32(sys_gettid(), child_tidptr); + if (flags & CLONE_PARENT_SETTID) +- put_user_u32(gettid(), parent_tidptr); ++ put_user_u32(sys_gettid(), parent_tidptr); + ts = (TaskState *)cpu->opaque; + if (flags & CLONE_SETTLS) + cpu_set_tls (env, newtls); +@@ -11402,7 +11405,7 @@ abi_long do_syscall(void *cpu_env, int n + break; + #endif + case TARGET_NR_gettid: +- ret = get_errno(gettid()); ++ ret = get_errno(sys_gettid()); + break; + #ifdef TARGET_NR_readahead + case TARGET_NR_readahead: diff --git a/nixpkgs/pkgs/tools/security/afl/qemu.nix b/nixpkgs/pkgs/tools/security/afl/qemu.nix new file mode 100644 index 000000000000..e33c4c2fb03a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/qemu.nix @@ -0,0 +1,79 @@ +{ lib, stdenv, fetchurl, afl, python2, zlib, pkg-config, glib, perl +, texinfo, libuuid, flex, bison, pixman, autoconf +}: + +with lib; + +let + cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user" + else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user" + else throw "afl: no support for ${stdenv.hostPlatform.system}!"; +in +stdenv.mkDerivation rec { + pname = "afl-qemu"; + version = "2.10.0"; + + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/qemu-${version}.tar.bz2"; + sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy"; + }) + afl.src + ]; + + sourceRoot = "qemu-${version}"; + + postUnpack = '' + cp ${afl.src.name}/types.h $sourceRoot/afl-types.h + substitute ${afl.src.name}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${afl.src.name}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \ + --replace "../../config.h" "afl-config.h" + substituteInPlace ${afl.src.name}/qemu_mode/patches/cpu-exec.diff \ + --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h" + ''; + + nativeBuildInputs = [ + python2 perl pkg-config flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman libuuid + ]; + + enableParallelBuilding = true; + + patches = [ + # patches extracted from afl source + "../${afl.src.name}/qemu_mode/patches/cpu-exec.diff" + "../${afl.src.name}/qemu_mode/patches/elfload.diff" + "../${afl.src.name}/qemu_mode/patches/syscall.diff" + "../${afl.src.name}/qemu_mode/patches/configure.diff" + "../${afl.src.name}/qemu_mode/patches/memfd.diff" + # nix-specific patches to make installation more well-behaved + ./qemu-patches/no-etc-install.patch + # patch for fixing qemu build on glibc >= 2.30 + ./qemu-patches/syscall-glibc2_30.diff + ]; + + configureFlags = + [ "--disable-system" + "--enable-linux-user" + "--disable-gtk" + "--disable-sdl" + "--disable-vnc" + "--disable-kvm" + "--target-list=${cpuTarget}" + "--enable-pie" + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + meta = with lib; { + homepage = "http://www.qemu.org/"; + description = "Fork of QEMU with AFL instrumentation support"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ thoughtpolice ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/default.nix b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix new file mode 100644 index 000000000000..79a0779e60a1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix @@ -0,0 +1,136 @@ +{ lib, stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper +, clang, llvm, gcc, which, libcgroup, python, perl, gmp +, file, wine ? null, fetchpatch +}: + +# wine fuzzing is only known to work for win32 binaries, and using a mixture of +# 32 and 64-bit libraries ... complicates things, so it's recommended to build +# a full 32bit version of this package if you want to do wine fuzzing +assert (wine != null) -> (stdenv.targetPlatform.system == "i686-linux"); + +let + aflplusplus-qemu = callPackage ./qemu.nix { inherit aflplusplus; }; + qemu-exe-name = if stdenv.targetPlatform.system == "x86_64-linux" then "qemu-x86_64" + else if stdenv.targetPlatform.system == "i686-linux" then "qemu-i386" + else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; + libdislocator = callPackage ./libdislocator.nix { inherit aflplusplus; }; + libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; + aflplusplus = stdenvNoCC.mkDerivation rec { + pname = "aflplusplus"; + version = "2.65c"; + + src = fetchFromGitHub { + owner = "AFLplusplus"; + repo = "AFLplusplus"; + rev = version; + sha256 = "1np2a3kypb2m8nyv6qnij18yzn41pl8619jzydci40br4vxial9l"; + }; + enableParallelBuilding = true; + + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + nativeBuildInputs = [ makeWrapper which clang gcc ]; + buildInputs = [ llvm python gmp ] + ++ lib.optional (wine != null) python.pkgs.wrapPython; + + + postPatch = '' + # Replace the CLANG_BIN variables with the correct path + substituteInPlace llvm_mode/afl-clang-fast.c \ + --replace "CLANGPP_BIN" '"${clang}/bin/clang++"' \ + --replace "CLANG_BIN" '"${clang}/bin/clang"' \ + --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" + + # Replace "gcc" and friends with full paths in afl-gcc + # Prevents afl-gcc picking up any (possibly incorrect) gcc from the path + substituteInPlace src/afl-gcc.c \ + --replace '"gcc"' '"${gcc}/bin/gcc"' \ + --replace '"g++"' '"${gcc}/bin/g++"' \ + --replace '"gcj"' '"gcj-UNSUPPORTED"' \ + --replace '"clang"' '"clang-UNSUPPORTED"' \ + --replace '"clang++"' '"clang++-UNSUPPORTED"' + ''; + + makeFlags = [ "PREFIX=$(out)" ]; + buildPhase = '' + common="$makeFlags -j$NIX_BUILD_CORES" + make all $common + make radamsa $common + make -C gcc_plugin CC=${gcc}/bin/gcc CXX=${gcc}/bin/g++ $common + make -C llvm_mode $common + make -C qemu_mode/libcompcov $common + make -C qemu_mode/unsigaction $common + ''; + + postInstall = '' + # remove afl-clang(++) which are just symlinks to afl-clang-fast + rm $out/bin/afl-clang $out/bin/afl-clang++ + + # the makefile neglects to install unsigaction + cp qemu_mode/unsigaction/unsigaction*.so $out/lib/afl/ + + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${aflplusplus-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # give user a convenient way of accessing libcompconv.so, libdislocator.so, libtokencap.so + cat > $out/bin/get-afl-qemu-libcompcov-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libcompcov.so + END + chmod +x $out/bin/get-afl-qemu-libcompcov-so + cp ${libdislocator}/bin/get-libdislocator-so $out/bin/ + cp ${libtokencap}/bin/get-libtokencap-so $out/bin/ + + # Install the cgroups wrapper for asan-based fuzzing. + cp examples/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + patchShebangs $out/bin + + '' + lib.optionalString (wine != null) '' + substitute afl-wine-trace $out/bin/afl-wine-trace \ + --replace "qemu_mode/unsigaction" "$out/lib/afl" + chmod +x $out/bin/afl-wine-trace + + # qemu needs to be fed ELFs, not wrapper scripts, so we have to cheat a bit if we + # detect a wrapped wine + for winePath in ${wine}/bin/.wine ${wine}/bin/wine; do + if [ -x $winePath ]; then break; fi + done + makeWrapperArgs="--set-default 'AFL_WINE_PATH' '$winePath'" \ + wrapPythonProgramsIn $out/bin ${python.pkgs.pefile} + ''; + + installCheckInputs = [ perl file ]; + doInstallCheck = true; + installCheckPhase = '' + # replace references to tools in build directory with references to installed locations + substituteInPlace test/test.sh \ + --replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \ + --replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \ + --replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`' + perl -pi -e 's|(?<!\.)(?<!-I)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh + cd test && ./test.sh + ''; + + passthru = { + inherit libdislocator libtokencap; + qemu = aflplusplus-qemu; + }; + + meta = { + description = '' + A heavily enhanced version of AFL, incorporating many features + and improvements from the community + ''; + homepage = "https://aflplus.plus"; + license = lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = with lib.maintainers; [ ris mindavi ]; + }; + }; +in aflplusplus diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix b/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix new file mode 100644 index 000000000000..ed695a7a7027 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix @@ -0,0 +1,37 @@ +{ lib, stdenv, aflplusplus}: + +stdenv.mkDerivation { + version = lib.getVersion aflplusplus; + pname = "libdislocator"; + + src = aflplusplus.src; + postUnpack = "chmod -R +w ${aflplusplus.src.name}"; + sourceRoot = "${aflplusplus.src.name}/libdislocator"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + # issue is fixed upstream: https://github.com/AFLplusplus/AFLplusplus/commit/2a60ceb6944a7ca273057ddf64dcf837bf7f9521 + sed -i 's/README\.dislocator\.md/README\.md/g' Makefile + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libdislocator-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libdislocator.so + END + chmod +x $out/bin/get-libdislocator-so + ''; + + meta = with lib; { + homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + description = '' + Drop-in replacement for the libc allocator which improves + the odds of bumping into heap-related security bugs in + several ways. + ''; + license = lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix b/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix new file mode 100644 index 000000000000..f3ea5d4ec6b7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, aflplusplus}: + +stdenv.mkDerivation { + version = lib.getVersion aflplusplus; + pname = "libtokencap"; + + src = aflplusplus.src; + postUnpack = "chmod -R +w ${aflplusplus.src.name}"; + sourceRoot = "${aflplusplus.src.name}/libtokencap"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + mkdir -p $out/share/doc/afl + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libtokencap-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libtokencap.so + END + chmod +x $out/bin/get-libtokencap-so + ''; + + meta = with lib; { + homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + description = "strcmp & memcmp token capture library"; + license = lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch b/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch new file mode 100644 index 000000000000..5dfbfd780f1c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index d6b9dc1..ce7c493 100644 +--- a/Makefile ++++ b/Makefile +@@ -601,7 +601,7 @@ install-localstatedir: + endif + + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir ++install: all $(if $(BUILD_DOCS),install-doc) install-datadir + ifneq ($(TOOLS),) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) + endif diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix b/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix new file mode 100644 index 000000000000..1fb613aef2e2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix @@ -0,0 +1,83 @@ +{ lib, stdenv, fetchurl, aflplusplus, python3, zlib, pkg-config, glib, perl +, texinfo, libuuid, flex, bison, pixman, autoconf +}: + +with lib; + +let + qemuName = "qemu-3.1.0"; + cpuTarget = if stdenv.targetPlatform.system == "x86_64-linux" then "x86_64-linux-user" + else if stdenv.targetPlatform.system == "i686-linux" then "i386-linux-user" + else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; +in +stdenv.mkDerivation { + name = "aflplusplus-${qemuName}"; + + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "08frr1fdjx8qcfh3fafn10kibdwbvkqqvfl7hpqbm7i9dg4f1zlq"; + }) + aflplusplus.src + ]; + + sourceRoot = qemuName; + + postUnpack = '' + chmod -R +w ${aflplusplus.src.name} + for f in ${aflplusplus.src.name}/qemu_mode/patches/* ; do + sed -E -i 's|(\.\./)+patches/([a-z-]+\.h)|\2|g' $f + sed -E -i 's|\.\./\.\./config\.h|afl-config.h|g' $f + sed -E -i 's|\.\./\.\./include/cmplog\.h|afl-cmplog.h|g' $f + done + cp ${aflplusplus.src.name}/qemu_mode/patches/*.h $sourceRoot/ + cp ${aflplusplus.src.name}/types.h $sourceRoot/afl-types.h + substitute ${aflplusplus.src.name}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${aflplusplus.src.name}/include/cmplog.h $sourceRoot/afl-cmplog.h \ + --replace "config.h" "afl-config.h" \ + --replace "forkserver.h" "afl-forkserver.h" + substitute ${aflplusplus.src.name}/include/forkserver.h $sourceRoot/afl-forkserver.h \ + --replace "types.h" "afl-types.h" + + cat ${aflplusplus.src.name}/qemu_mode/patches/*.diff > all.patch + ''; + + nativeBuildInputs = [ + python3 perl pkg-config flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman libuuid + ]; + + enableParallelBuilding = true; + + patches = [ + # patches extracted from aflplusplus source + "../all.patch" + # nix-specific patches to make installation more well-behaved + ./qemu-no-etc-install.patch + ]; + + configureFlags = + [ "--disable-system" + "--enable-linux-user" + "--disable-gtk" + "--disable-sdl" + "--disable-vnc" + "--disable-kvm" + "--target-list=${cpuTarget}" + "--enable-pie" + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + meta = with lib; { + homepage = "https://www.qemu.org/"; + description = "Fork of QEMU with AFL++ instrumentation support"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ ris ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/age-plugin-yubikey/default.nix b/nixpkgs/pkgs/tools/security/age-plugin-yubikey/default.nix new file mode 100644 index 000000000000..a880f490dc7e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/age-plugin-yubikey/default.nix @@ -0,0 +1,37 @@ +{ lib +, stdenv +, rustPlatform +, fetchFromGitHub +, pkg-config +, pcsclite +, PCSC +}: + +rustPlatform.buildRustPackage rec { + pname = "age-plugin-yubikey"; + version = "0.2.0"; + + src = fetchFromGitHub { + owner = "str4d"; + repo = pname; + rev = "51910edfab4006a068864602469ff7db3766bfbe"; # no tag for this release + sha256 = "sha256-mMqvBlGFdwe5BaC0bXZg/27BGNmFTTYbLUHWUciqxQ0="; + }; + + cargoSha256 = "sha256-OCbVLSmGx51pJ/EPgPfOyVrYWdloNEbexDV1zMsmEJc="; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = + if stdenv.isDarwin then [ + PCSC + ] else [ + pcsclite + ]; + + meta = with lib; { + description = "YubiKey plugin for age clients"; + homepage = "https://github.com/str4d/age-plugin-yubikey"; + license = with licenses; [ asl20 mit ]; + maintainers = with maintainers; [ vtuan10 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/age/default.nix b/nixpkgs/pkgs/tools/security/age/default.nix new file mode 100644 index 000000000000..2e9d988500f1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/age/default.nix @@ -0,0 +1,41 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: + +buildGoModule rec { + pname = "age"; + version = "1.0.0"; + vendorSha256 = "sha256-Hdsd+epcLFLkeHzJ2CUu4ss1qOd0+lTjhfs9MhI5Weg="; + + src = fetchFromGitHub { + owner = "FiloSottile"; + repo = "age"; + rev = "v${version}"; + sha256 = "sha256-MfyW8Yv8swKqA7Hl45l5Zn4wZrQmE661eHsKIywy36U="; + }; + + ldflags = [ + "-s" "-w" "-X main.Version=${version}" + ]; + + nativeBuildInputs = [ installShellFiles ]; + + preInstall = '' + installManPage doc/*.1 + ''; + + doInstallCheck = true; + installCheckPhase = '' + if [[ "$("$out/bin/${pname}" --version)" == "${version}" ]]; then + echo '${pname} smoke check passed' + else + echo '${pname} smoke check failed' + return 1 + fi + ''; + + meta = with lib; { + homepage = "https://age-encryption.org/"; + description = "Modern encryption tool with small explicit keys"; + license = licenses.bsd3; + maintainers = with maintainers; [ tazjin ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/agebox/default.nix b/nixpkgs/pkgs/tools/security/agebox/default.nix new file mode 100644 index 000000000000..9e0c7c48e592 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/agebox/default.nix @@ -0,0 +1,27 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "agebox"; + version = "0.6.1"; + + src = fetchFromGitHub { + owner = "slok"; + repo = pname; + rev = "v${version}"; + sha256 = "1gi6lj3dpckhsx6hdpdnr8rclqgfkbdmkzx966nlxyi52bjfzbsv"; + }; + vendorSha256 = "1jwzx6hp04y8hfpwfvf9zmhqjj3ghvr3gmgnllpcff1lai78vdrw"; + + ldflags = [ + "-s" "-w" + "-X main.Version=${version}" + ]; + + meta = with lib; { + homepage = "https://github.com/slok/agebox"; + changelog = "https://github.com/slok/agebox/releases/tag/v${version}"; + description = "Age based repository file encryption gitops tool"; + license = licenses.asl20; + maintainers = with maintainers; [ lesuisse ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aide/default.nix b/nixpkgs/pkgs/tools/security/aide/default.nix new file mode 100644 index 000000000000..0724a756b919 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aide/default.nix @@ -0,0 +1,28 @@ +{ lib, stdenv, fetchurl, flex, bison, libmhash, zlib, acl, attr, libselinux, pcre }: + +stdenv.mkDerivation rec { + pname = "aide"; + version = "0.17.4"; + + src = fetchurl { + url = "https://github.com/aide/aide/releases/download/v${version}/${pname}-${version}.tar.gz"; + sha256 = "sha256-yBUFJG8//C52A21Dp3ISroKJW1iB2bniXBNhsam3qEY="; + }; + + buildInputs = [ flex bison libmhash zlib acl attr libselinux pcre ]; + + + configureFlags = [ + "--with-posix-acl" + "--with-selinux" + "--with-xattr" + ]; + + meta = with lib; { + homepage = "https://aide.github.io/"; + description = "A file and directory integrity checker"; + license = licenses.gpl2Plus; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aiodnsbrute/default.nix b/nixpkgs/pkgs/tools/security/aiodnsbrute/default.nix new file mode 100644 index 000000000000..77f03e4174f6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aiodnsbrute/default.nix @@ -0,0 +1,45 @@ +{ lib +, buildPythonApplication +, fetchFromGitHub +, aiodns +, click +, tqdm +, uvloop +}: + +buildPythonApplication rec { + pname = "aiodnsbrute"; + version = "0.3.2"; + + src = fetchFromGitHub { + owner = "blark"; + repo = pname; + rev = "v${version}"; + sha256 = "0fs8544kx7vwvc97zpg4rs3lmvnb4vwika5g952rv3bfx4rv3bpg"; + }; + + # https://github.com/blark/aiodnsbrute/pull/8 + prePatch = '' + substituteInPlace setup.py --replace " 'asyncio', " "" + ''; + + propagatedBuildInputs = [ + aiodns + click + tqdm + uvloop + ]; + + # no tests present + doCheck = false; + + pythonImportsCheck = [ "aiodnsbrute.cli" ]; + + meta = with lib; { + description = "DNS brute force utility"; + homepage = "https://github.com/blark/aiodnsbrute"; + # https://github.com/blark/aiodnsbrute/issues/5 + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/amber/default.nix b/nixpkgs/pkgs/tools/security/amber/default.nix new file mode 100644 index 000000000000..5fb88ca9921b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/amber/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, rustPlatform, fetchFromGitHub, Security }: + +rustPlatform.buildRustPackage rec { + # Renaming it to amber-secret because another package named amber exists + pname = "amber-secret"; + version = "0.1.2"; + + src = fetchFromGitHub { + owner = "fpco"; + repo = "amber"; + rev = "v${version}"; + sha256 = "sha256-+vipQl/HWoYnOPkQLjeIedpnnqPVYaUWhks9eCgMOxQ="; + }; + + cargoSha256 = "sha256-xWEQvCyd8auE0q9rBt9iDgU8Dscf4pq/gsAINH2eQY4="; + + buildInputs = lib.optionals stdenv.isDarwin [ Security ]; + + meta = with lib; { + description = "Manage secret values in-repo via public key cryptography"; + homepage = "https://github.com/fpco/amber"; + license = licenses.mit; + maintainers = with maintainers; [ psibi ]; + mainProgram = "amber"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/apg/default.nix b/nixpkgs/pkgs/tools/security/apg/default.nix new file mode 100644 index 000000000000..a283678e0a16 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/apg/default.nix @@ -0,0 +1,67 @@ +{ lib, stdenv, fetchFromGitHub, openssl, autoreconfHook }: +stdenv.mkDerivation rec { + pname = "apg"; + version = "unstable-2015-01-29"; + + src = fetchFromGitHub { + owner = "wilx"; + repo = "apg"; + rev = "7ecdbac79156c8864fa3ff8d61e9f1eb264e56c2"; + sha256 = "sha256-+7TrJACdm/i/pc0dsp8edEIOjx8cip+x0Qc2gONajSE="; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + buildInputs = [ openssl ]; + + meta = { + description = "Tools for random password generation"; + longDescription = '' + APG (Automated Password Generator) is the tool set for random + password generation. + + Standalone version + + Generates some random words of required type and prints them + to standard output. + + Network version + + APG server: When client's request is arrived generates some + random words of predefined type and send them to client over + the network (according to RFC0972). + + APG client: Sends the password generation request to the APG + server, wait for generated Passwords arrival and then prints + them to the standard output. + + Advantages + + * Built-in ANSI X9.17 RNG (Random Number Generator) (CAST/SHA1) + * Built-in password quality checking system (it has support for + Bloom filter for faster access) + * Two Password Generation Algorithms: + 1. Pronounceable Password Generation Algorithm (according to + NIST FIPS 181) + 2. Random Character Password Generation Algorithm with 35 + configurable modes of operation + * Configurable password length parameters + * Configurable amount of generated passwords + * Ability to initialize RNG with user string + * Support for /dev/random + * Ability to crypt() generated passwords and print them as + additional output + * Special parameters to use APG in script + * Ability to log password generation requests for network version + * Ability to control APG service access using tcpd + * Ability to use password generation service from any type of box + (Mac, WinXX, etc.) that connected to network + * Ability to enforce remote users to use only allowed type of + password generation + ''; + homepage = "https://github.com/wilx/apg"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ astsmtl ]; + platforms = lib.platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/apkleaks/default.nix b/nixpkgs/pkgs/tools/security/apkleaks/default.nix new file mode 100644 index 000000000000..133601e4025f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/apkleaks/default.nix @@ -0,0 +1,37 @@ +{ lib +, fetchFromGitHub +, jadx +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "apkleaks"; + version = "2.6.1"; + + disabled = python3.pythonOlder "3.6"; + + src = fetchFromGitHub { + owner = "dwisiswant0"; + repo = pname; + rev = "v${version}"; + sha256 = "0ysciv643p8gkqw2wp7zy4n07hihdcyil8d20lj86cpgga71rd64"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + jadx + pyaxmlparser + setuptools + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ "apkleaks" ]; + + meta = with lib; { + description = "Scanning APK file for URIs, endpoints and secrets"; + homepage = "https://github.com/dwisiswant0/apkleaks"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/arsenal/default.nix b/nixpkgs/pkgs/tools/security/arsenal/default.nix new file mode 100644 index 000000000000..cd927715d2e8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/arsenal/default.nix @@ -0,0 +1,37 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "arsenal"; + version = "1.0.2"; + + src = fetchFromGitHub { + owner = "Orange-Cyberdefense"; + repo = "arsenal"; + rev = version; + sha256 = "sha256-RZxGSrtEa3hAtowD2lUb9BgwpSWlYo90fU9nDvUfoAk="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + libtmux + docutils + pyperclip + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "arsenal" + ]; + + meta = with lib; { + description = "Tool to generate commands for security and network tools"; + homepage = "https://github.com/Orange-Cyberdefense/arsenal"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + mainProgram = "arsenal"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix b/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix new file mode 100644 index 000000000000..13327a84fff0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix @@ -0,0 +1,45 @@ +{ lib, stdenv, fetchFromGitHub, imagemagick, qrencode +, testQR ? false, zbar ? null +}: + +assert testQR -> zbar != false; + +stdenv.mkDerivation { + pname = "asc-key-to-qr-code-gif"; + version = "20180613"; + + src = fetchFromGitHub { + owner = "yishilin14"; + repo = "asc-key-to-qr-code-gif"; + rev = "5b7b239a0089a5269444cbe8a651c99dd43dce3f"; + sha256 = "0yrc302a2fhbzryb10718ky4fymfcps3lk67ivis1qab5kbp6z8r"; + }; + + dontBuild = true; + dontStrip = true; + dontPatchELF = true; + + preInstall = let + substitutions = [ + ''--replace "convert" "${imagemagick}/bin/convert"'' + ''--replace "qrencode" "${qrencode.bin}/bin/qrencode"'' + ] ++ lib.optional testQR [ + ''--replace "hash zbarimg" "true"'' # hash does not work on NixOS + ''--replace "$(zbarimg --raw" "$(${zbar.out}/bin/zbarimg --raw"'' + ]; + in '' + substituteInPlace asc-to-gif.sh ${lib.concatStringsSep " " substitutions} + ''; + + installPhase = '' + mkdir -p $out/bin + cp * $out/bin/ + ''; + + meta = with lib; { + homepage = "https://github.com/yishilin14/asc-key-to-qr-code-gif"; + description = "Convert ASCII-armored PGP keys to animated QR code"; + platforms = platforms.unix; + maintainers = with maintainers; [ asymmetric ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/authoscope/default.nix b/nixpkgs/pkgs/tools/security/authoscope/default.nix new file mode 100644 index 000000000000..eafd5ebb7d2f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/authoscope/default.nix @@ -0,0 +1,50 @@ +{ lib +, stdenv +, fetchFromGitHub +, installShellFiles +, libcap +, openssl +, pkg-config +, rustPlatform +, Security +, zlib +}: + +rustPlatform.buildRustPackage rec { + pname = "authoscope"; + version = "0.8.0"; + + src = fetchFromGitHub { + owner = "kpcyrd"; + repo = pname; + rev = "v${version}"; + sha256 = "11ci38m6d3lj4f0g7cl3dqf10kfk258k2k92phd2nav1my4i90pf"; + }; + + cargoSha256 = "13x7i52i3k88vkfvk2smy2aqfg3na4317scvw7ali1rv545nbxds"; + + nativeBuildInputs = [ + installShellFiles + pkg-config + ]; + + buildInputs = [ + libcap + zlib + openssl + ] ++ lib.optional stdenv.isDarwin Security; + + postInstall = '' + installManPage docs/${pname}.1 + ''; + + # Tests requires access to httpin.org + doCheck = false; + + meta = with lib; { + description = "Scriptable network authentication cracker"; + homepage = "https://github.com/kpcyrd/authoscope"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix new file mode 100644 index 000000000000..b1f5d8b56c30 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix @@ -0,0 +1,28 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "aws-iam-authenticator"; + version = "0.5.5"; + + src = fetchFromGitHub { + owner = "kubernetes-sigs"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-5QtNAcInp1mUE8SHUUMS8/XURbPx/q8xMsvEEo/rnCs="; + }; + + # Upstream has inconsistent vendoring, see https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/377 + deleteVendor = true; + vendorSha256 = null; + + ldflags = [ "-s" "-w" "-X main.version=v${version}" ]; + + subPackages = [ "cmd/aws-iam-authenticator" ]; + + meta = with lib; { + homepage = "https://github.com/kubernetes-sigs/aws-iam-authenticator"; + description = "AWS IAM credentials for Kubernetes authentication"; + license = licenses.asl20; + maintainers = [ maintainers.srhb ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aws-okta/default.nix b/nixpkgs/pkgs/tools/security/aws-okta/default.nix new file mode 100644 index 000000000000..88002fc1ce43 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aws-okta/default.nix @@ -0,0 +1,30 @@ +{ buildGoPackage, fetchFromGitHub, libusb1, pkg-config, lib, libiconv }: + +buildGoPackage rec { + pname = "aws-okta"; + version = "1.0.11"; + + goPackagePath = "github.com/segmentio/aws-okta"; + + src = fetchFromGitHub { + owner = "segmentio"; + repo = "aws-okta"; + rev = "v${version}"; + sha256 = "sha256-1cprKpIFgM3+lUEHNvda34nJTH4Ch3LtTRq/Dp6QBQ8="; + }; + + tags = [ "release" ]; + + ldflags = [ "-X main.Version=${version}" ]; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ libusb1 libiconv ]; + + meta = with lib; { + description = "aws-vault like tool for Okta authentication"; + license = licenses.mit; + maintainers = with maintainers; [imalsogreg Chili-Man]; + homepage = "https://github.com/segmentio/aws-okta"; + downloadPage = "https://github.com/segmentio/aws-okta"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/b2sum/default.nix b/nixpkgs/pkgs/tools/security/b2sum/default.nix new file mode 100644 index 000000000000..bf415e7554e6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/b2sum/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchFromGitHub, openmp ? null }: + +with lib; + +stdenv.mkDerivation { + pname = "b2sum"; + version = "unstable-2018-06-11"; + + src = fetchFromGitHub { + owner = "BLAKE2"; + repo = "BLAKE2"; + rev = "320c325437539ae91091ce62efec1913cd8093c2"; + sha256 = "E60M9oP/Sdfg/L3ZxUcDtUXhFz9oP72IybdtVUJh9Sk="; + }; + + sourceRoot = "source/b2sum"; + + buildInputs = [ openmp ]; + + buildFlags = [ (optional (openmp == null) "NO_OPENMP=1") ]; + installFlags = [ "PREFIX=$(out)" ]; + + meta = { + description = "The b2sum utility is similar to the md5sum or shasum utilities but for BLAKE2"; + homepage = "https://blake2.net"; + license = with licenses; [ asl20 cc0 openssl ]; + maintainers = with maintainers; [ kirelagin ]; + # "This code requires at least SSE2." + platforms = with platforms; [ "x86_64-linux" "i686-linux" ] ++ darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/b3sum/default.nix b/nixpkgs/pkgs/tools/security/b3sum/default.nix new file mode 100644 index 000000000000..0749cba209c3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/b3sum/default.nix @@ -0,0 +1,20 @@ +{ lib, fetchCrate, rustPlatform }: + +rustPlatform.buildRustPackage rec { + pname = "b3sum"; + version = "1.3.1"; + + src = fetchCrate { + inherit version pname; + sha256 = "sha256-Vb4W1TfHppKm2Ib2VHm+917A09JY1oNebymzcQpPm8Q="; + }; + + cargoSha256 = "sha256-cpY69NsbsHgQITdElsNjrhjaih9rgOVpFEv4Pfp9OPw="; + + meta = { + description = "BLAKE3 cryptographic hash function"; + homepage = "https://github.com/BLAKE3-team/BLAKE3/"; + maintainers = with lib.maintainers; [ fpletz ivan ]; + license = with lib.licenses; [ cc0 asl20 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/badchars/default.nix b/nixpkgs/pkgs/tools/security/badchars/default.nix new file mode 100644 index 000000000000..3125ff0c28c9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/badchars/default.nix @@ -0,0 +1,32 @@ +{ lib +, buildPythonApplication +, fetchPypi +}: + +buildPythonApplication rec { + pname = "badchars"; + version = "0.4.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "1xqki8qnfwl97d60xj69alyzwa1mnfbwki25j0vhvhb05varaxz2"; + }; + + postPatch = '' + substituteInPlace setup.py --replace "argparse" "" + ''; + + # no tests are available and it can't be imported (it's only a script, not a module) + doCheck = false; + + meta = with lib; { + description = "HEX badchar generator for different programming languages"; + longDescription = '' + A HEX bad char generator to instruct encoders such as shikata-ga-nai to + transform those to other chars. + ''; + homepage = "https://github.com/cytopia/badchars"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix b/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix new file mode 100644 index 000000000000..ba80734e5cf8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix @@ -0,0 +1,48 @@ +{ lib, stdenv +, fetchFromGitHub +, unstableGitUpdater +, makeWrapper +, openssl +, coreutils +, gnugrep }: + +stdenv.mkDerivation { + pname = "bash-supergenpass"; + version = "unstable-2020-02-03"; + + nativeBuildInputs = [ makeWrapper ]; + + src = fetchFromGitHub { + owner = "lanzz"; + repo = "bash-supergenpass"; + rev = "e5d96599b65d65a37148996f00f9d057e522e4d8"; + sha256 = "1d8csp94l2p5y5ln53aza5qf246rwmd10043x0x1yrswqrrya40f"; + }; + + installPhase = '' + install -m755 -D supergenpass.sh "$out/bin/supergenpass" + wrapProgram "$out/bin/supergenpass" --prefix PATH : "${lib.makeBinPath [ openssl coreutils gnugrep ]}" + ''; + + passthru.updateScript = unstableGitUpdater { + url = "https://github.com/lanzz/bash-supergenpass.git"; + }; + + meta = with lib; { + description = "Bash shell-script implementation of SuperGenPass password generation"; + longDescription = '' + Bash shell-script implementation of SuperGenPass password generation + Usage: ./supergenpass.sh <domain> [ <length> ] + + Default <length> is 10, which is also the original SuperGenPass default length. + + The <domain> parameter is also optional, but it does not make much sense to omit it. + + supergenpass will ask for your master password interactively, and it will not be displayed on your terminal. + ''; + license = licenses.mit; + platforms = platforms.all; + maintainers = with maintainers; [ fgaz ]; + homepage = "https://github.com/lanzz/bash-supergenpass"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bettercap/default.nix b/nixpkgs/pkgs/tools/security/bettercap/default.nix new file mode 100644 index 000000000000..cdd50aaa809a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bettercap/default.nix @@ -0,0 +1,41 @@ +{ lib, stdenv +, buildGoModule +, fetchFromGitHub +, pkg-config +, libpcap +, libnfnetlink +, libnetfilter_queue +, libusb1 +}: + +buildGoModule rec { + pname = "bettercap"; + version = "2.32.0"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-OND8WPqU/95rKykqMAPWmDsJ+AjsjGjrncZ2/m3mpt0="; + }; + + vendorSha256 = "sha256-QKv8F9QLRi+1Bqj9KywJsTErjs7o6gFM4tJLA8y52MY="; + + doCheck = false; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ libpcap libusb1 ] + ++ lib.optionals stdenv.isLinux [ libnfnetlink libnetfilter_queue ]; + + meta = with lib; { + description = "A man in the middle tool"; + longDescription = '' + BetterCAP is a powerful, flexible and portable tool created to perform various + types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic + in realtime, sniff for credentials and much more. + ''; + homepage = "https://www.bettercap.org/"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ y0no ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/beyond-identity/default.nix b/nixpkgs/pkgs/tools/security/beyond-identity/default.nix new file mode 100644 index 000000000000..a9e554ff42cc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/beyond-identity/default.nix @@ -0,0 +1,89 @@ +{ lib, stdenv, fetchurl, dpkg, buildFHSUserEnv +, glibc, glib, openssl, tpm2-tss +, gtk3, gnome, polkit, polkit_gnome +}: + +let + pname = "beyond-identity"; + version = "2.49.0-0"; + libPath = lib.makeLibraryPath ([ glib glibc openssl tpm2-tss gtk3 gnome.gnome-keyring polkit polkit_gnome ]); + meta = with lib; { + description = "Passwordless MFA identities for workforces, customers, and developers"; + homepage = "https://www.beyondidentity.com"; + downloadPage = "https://app.byndid.com/downloads"; + license = licenses.unfree; + maintainers = with maintainers; [ klden ]; + platforms = [ "x86_64-linux" ]; + }; + + beyond-identity = stdenv.mkDerivation { + inherit pname version meta; + + src = fetchurl { + url = "https://packages.beyondidentity.com/public/linux-authenticator/deb/ubuntu/pool/focal/main/b/be/${pname}_${version}/${pname}_${version}_amd64.deb"; + sha512 = "sha512-+9vwH1r5WW+MqyiwsAFInboaM7o2dc7zvRaKwHC/o2LOBugvUHmUzmZ6uSHilc9zQ5FcHUIIglhkASbFtsvPeA=="; + }; + + nativeBuildInputs = [ + dpkg + ]; + + unpackPhase = '' + dpkg -x $src . + ''; + + installPhase = '' + mkdir -p $out/opt/beyond-identity + + rm -rf usr/share/doc + + # https://github.com/NixOS/nixpkgs/issues/42117 + sed -i -e 's/auth_self/yes/g' usr/share/polkit-1/actions/com.beyondidentity.endpoint.stepup.policy + + cp -ar usr/{bin,share} $out + cp -ar opt/beyond-identity/bin $out/opt/beyond-identity + + ln -s $out/opt/beyond-identity/bin/* $out/bin/ + ''; + + postFixup = '' + substituteInPlace \ + $out/share/applications/com.beyondidentity.endpoint.BeyondIdentity.desktop \ + --replace /usr/bin/ $out/bin/ + substituteInPlace \ + $out/share/applications/com.beyondidentity.endpoint.webserver.BeyondIdentity.desktop \ + --replace /opt/ $out/opt/ + substituteInPlace \ + $out/opt/beyond-identity/bin/byndid-web \ + --replace /opt/ $out/opt/ + substituteInPlace \ + $out/bin/beyond-identity \ + --replace /opt/ $out/opt/ \ + --replace /usr/bin/gtk-launch ${gtk3}/bin/gtk-launch + + patchelf \ + --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ + --set-rpath "${libPath}" \ + --force-rpath \ + $out/bin/byndid + ''; + }; +# /usr/bin/pkcheck is hardcoded in binary - we need FHS +in buildFHSUserEnv { + inherit meta; + name = pname; + + targetPkgs = pkgs: [ + beyond-identity + glib glibc openssl tpm2-tss + gtk3 gnome.gnome-keyring + polkit polkit_gnome + ]; + + extraInstallCommands = '' + ln -s ${beyond-identity}/share $out + ''; + + runScript = "beyond-identity"; +} + diff --git a/nixpkgs/pkgs/tools/security/bitwarden/default.nix b/nixpkgs/pkgs/tools/security/bitwarden/default.nix new file mode 100644 index 000000000000..40552d149043 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bitwarden/default.nix @@ -0,0 +1,72 @@ +{ atomEnv +, autoPatchelfHook +, dpkg +, fetchurl +, lib +, libsecret +, libxshmfence +, makeDesktopItem +, makeWrapper +, stdenv +, udev +, wrapGAppsHook +}: + +stdenv.mkDerivation rec { + pname = "bitwarden"; + version = "1.31.3"; + + src = fetchurl { + url = "https://github.com/bitwarden/desktop/releases/download/v${version}/Bitwarden-${version}-amd64.deb"; + sha256 = "sha256-ASL4+FZh5st3V5Z+jsfvLD26hG9KNVI+tht7kL8lbL4="; + }; + + desktopItem = makeDesktopItem { + name = "bitwarden"; + exec = "bitwarden %U"; + icon = "bitwarden"; + comment = "A secure and free password manager for all of your devices"; + desktopName = "Bitwarden"; + categories = "Utility"; + }; + + dontBuild = true; + dontConfigure = true; + dontPatchELF = true; + dontWrapGApps = true; + + nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook wrapGAppsHook ]; + + buildInputs = [ libsecret libxshmfence ] ++ atomEnv.packages; + + unpackPhase = "dpkg-deb -x $src ."; + + installPhase = '' + mkdir -p "$out/bin" + cp -R "opt" "$out" + cp -R "usr/share" "$out/share" + chmod -R g-w "$out" + + # Desktop file + mkdir -p "$out/share/applications" + cp "${desktopItem}/share/applications/"* "$out/share/applications" + ''; + + runtimeDependencies = [ + (lib.getLib udev) + ]; + + postFixup = '' + makeWrapper $out/opt/Bitwarden/bitwarden $out/bin/bitwarden \ + --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ libsecret stdenv.cc.cc ] }" \ + "''${gappsWrapperArgs[@]}" + ''; + + meta = with lib; { + description = "A secure and free password manager for all of your devices"; + homepage = "https://bitwarden.com"; + license = licenses.gpl3; + maintainers = with maintainers; [ kiwi ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bmrsa/11.nix b/nixpkgs/pkgs/tools/security/bmrsa/11.nix new file mode 100644 index 000000000000..71bdfae4e42e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bmrsa/11.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + pname = "bmrsa"; + version = "11"; + + src = fetchurl { + url = "mirror://sourceforge/bmrsa/bmrsa${version}.zip"; + sha256 = "0ksd9xkvm9lkvj4yl5sl0zmydp1wn3xhc55b28gj70gi4k75kcl4"; + }; + + nativeBuildInputs = [ unzip ]; + + unpackPhase = '' + mkdir bmrsa + cd bmrsa + unzip ${src} + sed -e 's/gcc/g++/' -i Makefile + mkdir -p $out/bin + echo -e 'install:\n\tcp bmrsa '$out'/bin' >> Makefile + ''; + + meta = with lib; { + description = "RSA utility"; + homepage = "http://bmrsa.sourceforge.net/"; + license = licenses.gpl1; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/boofuzz/default.nix b/nixpkgs/pkgs/tools/security/boofuzz/default.nix new file mode 100644 index 000000000000..572a9e888fd3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/boofuzz/default.nix @@ -0,0 +1,54 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "boofuzz"; + version = "0.4.1"; + + src = fetchFromGitHub { + owner = "jtpereyda"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-mbxImm5RfYWq1JCCSvvG58Sxv2ad4BOh+RLvtNjQCKE="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + attrs + click + colorama + flask + funcy + future + psutil + pyserial + pydot + six + tornado + ]; + + checkInputs = with python3.pkgs; [ + mock + netifaces + pytest-bdd + pytestCheckHook + ]; + + disabledTests = [ + # Tests require socket access + "test_raw_l2" + "test_raw_l3" + ]; + + pythonImportsCheck = [ + "boofuzz" + ]; + + meta = with lib; { + description = "Network protocol fuzzing tool"; + homepage = "https://github.com/jtpereyda/boofuzz"; + license = with licenses; [ gpl2Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bpb/default.nix b/nixpkgs/pkgs/tools/security/bpb/default.nix new file mode 100644 index 000000000000..4d601aac1553 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bpb/default.nix @@ -0,0 +1,32 @@ +{ stdenv +, lib +, rustPlatform +, fetchFromGitHub +, Security +}: + +rustPlatform.buildRustPackage rec { + pname = "bpb"; + version = "unstable-2018-07-27"; + + src = fetchFromGitHub { + owner = "withoutboats"; + repo = "bpb"; + rev = "b1ef5ca1d2dea0e2ec0b1616f087f110ea17adfa"; + sha256 = "sVfM8tlAsF4uKLxl3g/nSYgOx+znHIdPalSIiCd18o4="; + }; + + cargoSha256 = "7cARRJWRxF1kMySX6KcB6nrVf8k1p/nr3OyAwNLmztc="; + + # a nightly compiler is required unless we use this cheat code. + RUSTC_BOOTSTRAP = 1; + + buildInputs = lib.optional stdenv.isDarwin Security; + + meta = with lib; { + description = "Tool to automatically sign git commits, replacing gpg for that purpose"; + homepage = "https://github.com/withoutboats/bpb"; + license = licenses.mit; + maintainers = with maintainers; [ jtojnar ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/browserpass/default.nix b/nixpkgs/pkgs/tools/security/browserpass/default.nix new file mode 100644 index 000000000000..9aec14e0a418 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/browserpass/default.nix @@ -0,0 +1,55 @@ +{ lib, buildGoModule, fetchFromGitHub, makeWrapper, gnupg }: +buildGoModule rec { + pname = "browserpass"; + version = "3.0.6"; + + src = fetchFromGitHub { + owner = "browserpass"; + repo = "browserpass-native"; + rev = version; + sha256 = "0q3bsla07zjl6i69nj1axbkg2ia89pvh0jg6nlqgbm2kpzzbn0pz"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + vendorSha256 = "1wcbn0ip596f2dp68y6jmxgv20l0dgrcxg5cwclkawigj05416zj"; + + doCheck = false; + + postPatch = '' + # Because this Makefile will be installed to be used by the user, patch + # variables to be valid by default + substituteInPlace Makefile \ + --replace "PREFIX ?= /usr" "" + sed -i -e 's/SED :=.*/SED := sed/' Makefile + sed -i -e 's/INSTALL :=.*/INSTALL := install/' Makefile + ''; + + DESTDIR = placeholder "out"; + + postConfigure = '' + make configure + ''; + + buildPhase = '' + make + ''; + + installPhase = '' + make install + + wrapProgram $out/bin/browserpass \ + --suffix PATH : ${lib.makeBinPath [ gnupg ]} + + # This path is used by our firefox wrapper for finding native messaging hosts + mkdir -p $out/lib/mozilla/native-messaging-hosts + ln -s $out/lib/browserpass/hosts/firefox/*.json $out/lib/mozilla/native-messaging-hosts + ''; + + meta = with lib; { + description = "Browserpass native client app"; + homepage = "https://github.com/browserpass/browserpass-native"; + license = licenses.isc; + maintainers = with maintainers; [ rvolosatovs infinisil ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bruteforce-luks/default.nix b/nixpkgs/pkgs/tools/security/bruteforce-luks/default.nix new file mode 100644 index 000000000000..084368c105b2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bruteforce-luks/default.nix @@ -0,0 +1,35 @@ +{ lib, stdenv, fetchFromGitHub, autoreconfHook, cryptsetup }: + +stdenv.mkDerivation rec { + pname = "bruteforce-luks"; + version = "1.4.0"; + + src = fetchFromGitHub { + sha256 = "0yyrda077avdapq1mvavgv5mvj2r94d6p01q56bbnaq4a3h5kfd6"; + rev = version; + repo = "bruteforce-luks"; + owner = "glv2"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ cryptsetup ]; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with lib; { + inherit (src.meta) homepage; + description = "Cracks passwords of LUKS encrypted volumes"; + longDescription = '' + The program tries to decrypt at least one of the key slots by trying + all the possible passwords. It is especially useful if you know + something about the password (i.e. you forgot a part of your password but + still remember most of it). Finding the password of a volume without + knowing anything about it would take way too much time (unless the + password is really short and/or weak). It can also use a dictionary. + ''; + license = licenses.gpl3Plus; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/brutespray/default.nix b/nixpkgs/pkgs/tools/security/brutespray/default.nix new file mode 100644 index 000000000000..d7f8e30e182d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/brutespray/default.nix @@ -0,0 +1,50 @@ +{ lib +, stdenv +, python3 +, fetchFromGitHub +, makeWrapper +, medusa +}: + +stdenv.mkDerivation rec { + pname = "brutespray"; + version = "1.7.0"; + + src = fetchFromGitHub { + owner = "x90skysn3k"; + repo = pname; + rev = "${pname}-${version}"; + sha256 = "0lkm3fvx35ml5jh4ykjr2srq8qfajkmxwp4qfcn9xi58khk3asq3"; + }; + + postPatch = '' + substituteInPlace brutespray.py \ + --replace "/usr/share/brutespray" "$out/share/brutespray" + ''; + + dontBuild = true; + nativeBuildInputs = [ python3.pkgs.wrapPython makeWrapper ]; + buildInputs = [ python3 ]; + + installPhase = '' + install -Dm0755 brutespray.py $out/bin/brutespray + patchShebangs $out/bin + patchPythonScript $out/bin/brutespray + wrapProgram $out/bin/brutespray \ + --prefix PATH : ${lib.makeBinPath [ medusa ]} + + mkdir -p $out/share/brutespray + cp -r wordlist/ $out/share/brutespray/wordlist + ''; + + meta = with lib; { + homepage = "https://github.com/x90skysn3k/brutespray"; + description = "Tool to do brute-forcing from Nmap output"; + longDescription = '' + This tool automatically attempts default credentials on found services + directly from Nmap output. + ''; + license = licenses.mit; + maintainers = with maintainers; [ ma27 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile new file mode 100644 index 000000000000..f9fb0e329bd4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile @@ -0,0 +1,2 @@ +source 'https://rubygems.org' +gem 'bundler-audit' diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock new file mode 100644 index 000000000000..f1671500fe43 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock @@ -0,0 +1,16 @@ +GEM + remote: https://rubygems.org/ + specs: + bundler-audit (0.9.0.1) + bundler (>= 1.2.0, < 3) + thor (~> 1.0) + thor (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + bundler-audit + +BUNDLED WITH + 2.2.20 diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/default.nix b/nixpkgs/pkgs/tools/security/bundler-audit/default.nix new file mode 100644 index 000000000000..c24831f26b06 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bundler-audit/default.nix @@ -0,0 +1,29 @@ +{ bundlerEnv, ruby, lib, bundlerUpdateScript }: + +bundlerEnv rec { + name = "${pname}-${version}"; + pname = "bundler-audit"; + version = (import ./gemset.nix).bundler-audit.version; + + inherit ruby; + gemdir = ./.; + + passthru.updateScript = bundlerUpdateScript "bundler-audit"; + + meta = with lib; { + description = "Patch-level verification for Bundler"; + longDescription = '' + Features: + - Checks for vulnerable versions of gems in Gemfile.lock. + - Checks for insecure gem sources (http://). + - Allows ignoring certain advisories that have been manually worked around. + - Prints advisory information. + - Does not require a network connection. + ''; + homepage = "https://github.com/rubysec/bundler-audit"; + changelog = "https://github.com/rubysec/bundler-audit/blob/v${version}/ChangeLog.md"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ primeos nicknovitski ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix new file mode 100644 index 000000000000..a740f40e4073 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix @@ -0,0 +1,23 @@ +{ + bundler-audit = { + dependencies = ["thor"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "05k19l5388248rd74cn2lm2ksci7fzmga74n835v7k31m4kbzw8v"; + type = "gem"; + }; + version = "0.9.0.1"; + }; + thor = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "18yhlvmfya23cs3pvhr1qy38y41b6mhr5q9vwv5lrgk16wmf3jna"; + type = "gem"; + }; + version = "1.1.0"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix b/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix new file mode 100644 index 000000000000..07df51e84e38 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix @@ -0,0 +1,33 @@ +{ lib, fetchurl, appimageTools }: + +let + pname = "buttercup-desktop"; + version = "2.13.0"; + name = "${pname}-${version}"; + src = fetchurl { + url = "https://github.com/buttercup/buttercup-desktop/releases/download/v${version}/Buttercup-linux-x86_64.AppImage"; + sha256 = "sha256-JXXJZyd/fp2463WyxIB+pKcNzGUFfCouPE6iTx2lhME="; + }; + appimageContents = appimageTools.extractType2 { inherit name src; }; + +in appimageTools.wrapType2 { + inherit name src; + + extraPkgs = pkgs: (appimageTools.defaultFhsEnvArgs.multiPkgs pkgs) ++ [ pkgs.libsecret ]; + + extraInstallCommands = '' + mv $out/bin/${name} $out/bin/buttercup-desktop + install -m 444 -D ${appimageContents}/buttercup.desktop -t $out/share/applications + substituteInPlace $out/share/applications/buttercup.desktop \ + --replace 'Exec=AppRun' 'Exec=buttercup-desktop' + cp -r ${appimageContents}/usr/share/icons $out/share + ''; + + meta = with lib; { + description = "Cross-Platform Passwords & Secrets Vault"; + homepage = "https://buttercup.pw"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ wolfangaukang ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cameradar/default.nix b/nixpkgs/pkgs/tools/security/cameradar/default.nix new file mode 100644 index 000000000000..569be38ee28a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cameradar/default.nix @@ -0,0 +1,41 @@ +{ lib +, buildGoModule +, curl +, fetchFromGitHub +, pkg-config +}: + +buildGoModule rec { + pname = "cameradar"; + version = "5.0.1"; + + src = fetchFromGitHub { + owner = "Ullaakut"; + repo = pname; + rev = "v${version}"; + sha256 = "03nm03cqhq04ixw4rssfkgrin918pa0v7ai26v4h99gz7j8hs7ll"; + }; + + vendorSha256 = "099np130dn51nb4lcyrrm46fihfipxrw0vpqs2jh5g4c6pnbk200"; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + curl + ]; + + subPackages = [ + "cmd/cameradar" + ]; + # At least one test is outdated + #doCheck = false; + + meta = with lib; { + description = "RTSP stream access tool"; + homepage = "https://github.com/Ullaakut/cameradar"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cariddi/default.nix b/nixpkgs/pkgs/tools/security/cariddi/default.nix new file mode 100644 index 000000000000..9f29826808db --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cariddi/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "cariddi"; + version = "1.1.5"; + + src = fetchFromGitHub { + owner = "edoardottt"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-PXQljC9rwlxXQ96fII3EjD4NXu61EMkYvMWqkcJZ4vU="; + }; + + vendorSha256 = "sha256-zNUdglsfy6lEV54afCAoigxa3rR0qf/e3+B4PvVRIa4="; + + meta = with lib; { + description = "Crawler for URLs and endpoints"; + homepage = "https://github.com/edoardottt/cariddi"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ccid/default.nix b/nixpkgs/pkgs/tools/security/ccid/default.nix new file mode 100644 index 000000000000..b8d0baf5a55d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ccid/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchurl, pcsclite, pkg-config, libusb1, perl }: + +stdenv.mkDerivation rec { + pname = "ccid"; + version = "1.5.0"; + + src = fetchurl { + url = "https://ccid.apdu.fr/files/${pname}-${version}.tar.bz2"; + sha256 = "sha256-gVSbNCJGnVA5ltA6Ou0u8TdbNZFn8Q1mvp44ROcpMi4="; + }; + + postPatch = '' + patchShebangs . + substituteInPlace src/Makefile.in --replace /bin/echo echo + ''; + + preConfigure = '' + configureFlagsArray+=("--enable-usbdropdir=$out/pcsc/drivers") + ''; + + nativeBuildInputs = [ pkg-config perl ]; + buildInputs = [ pcsclite libusb1 ]; + + meta = with lib; { + description = "ccid drivers for pcsclite"; + homepage = "https://ccid.apdu.fr/"; + license = licenses.gpl2Plus; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ccrypt/default.nix b/nixpkgs/pkgs/tools/security/ccrypt/default.nix new file mode 100644 index 000000000000..2972fc9ae55f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ccrypt/default.nix @@ -0,0 +1,23 @@ +{lib, stdenv, fetchurl, perl}: + +stdenv.mkDerivation rec { + pname = "ccrypt"; + version = "1.11"; + + src = fetchurl { + url = "mirror://sourceforge/ccrypt/ccrypt-${version}.tar.gz"; + sha256 = "0kx4a5mhmp73ljknl2lcccmw9z3f5y8lqw0ghaymzvln1984g75i"; + }; + + nativeBuildInputs = [ perl ]; + + hardeningDisable = [ "format" ]; + + meta = { + homepage = "http://ccrypt.sourceforge.net/"; + description = "Utility for encrypting and decrypting files and streams with AES-256"; + license = lib.licenses.gpl2Plus; + maintainers = with lib.maintainers; [viric]; + platforms = with lib.platforms; all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cdk-go/default.nix b/nixpkgs/pkgs/tools/security/cdk-go/default.nix new file mode 100644 index 000000000000..14f7e05140e0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cdk-go/default.nix @@ -0,0 +1,31 @@ +{ lib +, stdenv +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "cdk-go"; + version = "1.0.4"; + + src = fetchFromGitHub { + owner = "cdk-team"; + repo = "CDK"; + rev = "v${version}"; + sha256 = "1zz9jaz5nlvs52nqlaisivrnz7lz8g48qii0n2s1783a5jpkk9ml"; + }; + + vendorSha256 = "0sn709mbhfymwwfdqc5xpdz2lgimqx3xycfmq24vbfmlh8wqcs7l"; + + # At least one test is outdated + doCheck = false; + + meta = with lib; { + description = "Container penetration toolkit"; + homepage = "https://github.com/cdk-team/CDK"; + license = with licenses; [ gpl2Only ]; + maintainers = with maintainers; [ fab ]; + mainProgram = "cdk"; + broken = stdenv.isDarwin; # needs to update gopsutil to at least v3.21.3 to include https://github.com/shirou/gopsutil/pull/1042 + }; +} diff --git a/nixpkgs/pkgs/tools/security/certgraph/default.nix b/nixpkgs/pkgs/tools/security/certgraph/default.nix new file mode 100644 index 000000000000..f15ec8f89e03 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/certgraph/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "certgraph"; + version = "20210224"; + + src = fetchFromGitHub { + owner = "lanrat"; + repo = pname; + rev = version; + sha256 = "14l2bls25xwd8gnsmshc588br72rwz1s0gjnsnqksri4ksqkdqlz"; + }; + + vendorSha256 = "1vih64z0zwmaflc0pwvnwyj5fhrc8qfp0kvrz73nnfpcrcan2693"; + + meta = with lib; { + description = "Intelligence tool to crawl the graph of certificate alternate names"; + homepage = "https://github.com/lanrat/certgraph"; + license = with licenses; [ gpl2Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/certipy/default.nix b/nixpkgs/pkgs/tools/security/certipy/default.nix new file mode 100644 index 000000000000..536a1a502adb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/certipy/default.nix @@ -0,0 +1,40 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "certipy"; + version = "2.0"; + + src = fetchFromGitHub { + owner = "ly4k"; + repo = "Certipy"; + rev = version; + hash = "sha256-xN0DrLrxWNCEy3HodA1pOJHYhDyA1sMRVIfefbXq45E="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + asn1crypto + dnspython + dsinternals + impacket + ldap3 + pyasn1 + pycryptodome + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "certipy" + ]; + + meta = with lib; { + description = "Tool to enumerate and abuse misconfigurations in Active Directory Certificate Services"; + homepage = "https://github.com/ly4k/Certipy"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/certmgr/default.nix b/nixpkgs/pkgs/tools/security/certmgr/default.nix new file mode 100644 index 000000000000..e2318c853f11 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/certmgr/default.nix @@ -0,0 +1,43 @@ +{ lib, buildGoPackage, fetchFromGitHub, fetchpatch }: + +let + generic = { patches ? [] }: + buildGoPackage rec { + version = "1.6.4"; + pname = "certmgr"; + + goPackagePath = "github.com/cloudflare/certmgr/"; + + src = fetchFromGitHub { + owner = "cloudflare"; + repo = "certmgr"; + rev = "v${version}"; + sha256 = "0glvyp61ya21pdm2bsvq3vfhmmxc2998vxc6hiyc79ijsv9n6jqi"; + }; + + inherit patches; + + meta = with lib; { + homepage = "https://cfssl.org/"; + description = "Cloudflare's certificate manager"; + platforms = platforms.linux; + license = licenses.bsd2; + maintainers = with maintainers; [ johanot srhb ]; + }; + }; +in +{ + certmgr = generic {}; + + certmgr-selfsigned = generic { + # The following patch makes it possible to use a self-signed x509 cert + # for the cfssl apiserver. + # TODO: remove patch when PR is merged. + patches = [ + (fetchpatch { + url = "https://github.com/cloudflare/certmgr/pull/51.patch"; + sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs"; + }) + ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/certstrap/default.nix b/nixpkgs/pkgs/tools/security/certstrap/default.nix new file mode 100644 index 000000000000..ff6522f1d35f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/certstrap/default.nix @@ -0,0 +1,22 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "certstrap"; + version = "1.2.0"; + + goPackagePath = "github.com/square/certstrap"; + + src = fetchFromGitHub { + owner = "square"; + repo = "certstrap"; + rev = "v${version}"; + sha256 = "1ymchnn7c9g3pq7rw4lrwsd6z3wfjx90g7qgrw6r5hssl77mnscj"; + }; + + meta = with lib; { + inherit (src.meta) homepage; + description = "Tools to bootstrap CAs, certificate requests, and signed certificates"; + license = licenses.asl20; + maintainers = with maintainers; [ volth ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cewl/Gemfile b/nixpkgs/pkgs/tools/security/cewl/Gemfile new file mode 100644 index 000000000000..97d9ae757acc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cewl/Gemfile @@ -0,0 +1,8 @@ +source 'https://rubygems.org' +gem 'mime' +gem 'mime-types', ">=3.3.1" +gem 'mini_exiftool' +gem 'nokogiri' +gem 'rexml' +gem 'rubyzip' +gem 'spider' diff --git a/nixpkgs/pkgs/tools/security/cewl/Gemfile.lock b/nixpkgs/pkgs/tools/security/cewl/Gemfile.lock new file mode 100644 index 000000000000..85bb2eb4b822 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cewl/Gemfile.lock @@ -0,0 +1,31 @@ +GEM + remote: https://rubygems.org/ + specs: + mime (0.4.4) + mime-types (3.3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2021.0704) + mini_exiftool (2.10.2) + mini_portile2 (2.5.3) + nokogiri (1.11.7) + mini_portile2 (~> 2.5.0) + racc (~> 1.4) + racc (1.5.2) + rexml (3.2.5) + rubyzip (2.3.2) + spider (0.5.4) + +PLATFORMS + ruby + +DEPENDENCIES + mime + mime-types (>= 3.3.1) + mini_exiftool + nokogiri + rexml + rubyzip + spider + +BUNDLED WITH + 2.1.4 diff --git a/nixpkgs/pkgs/tools/security/cewl/default.nix b/nixpkgs/pkgs/tools/security/cewl/default.nix new file mode 100644 index 000000000000..06d983c14e36 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cewl/default.nix @@ -0,0 +1,33 @@ +{ stdenv, lib, fetchFromGitHub, bundlerEnv }: + +let + rubyEnv = bundlerEnv { + name = "cewl-ruby-env"; + gemdir = ./.; + }; +in +stdenv.mkDerivation rec { + pname = "cewl"; + version = "5.5.2"; + src = fetchFromGitHub { + owner = "digininja"; + repo = "CeWL"; + rev = version; + sha256 = "sha256-5LTZUr3OMeu1NODhIgBiVqtQnUWYfZTm73q61vT3rXc="; + }; + + buildInputs = [ rubyEnv.wrappedRuby ]; + + installPhase = '' + mkdir -p $out/bin + cp *.rb $out/bin/ + mv $out/bin/cewl.rb $out/bin/cewl + ''; + + meta = with lib; { + description = "Custom wordlist generator"; + homepage = "https://digi.ninja/projects/cewl.php/"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ elohmeier ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cewl/gemset.nix b/nixpkgs/pkgs/tools/security/cewl/gemset.nix new file mode 100644 index 000000000000..851a6d2442d3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cewl/gemset.nix @@ -0,0 +1,104 @@ +{ + mime = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nskys7brz2bylhxiknl0z9i19w3wb1knf0h93in6mjq70jdw5cr"; + type = "gem"; + }; + version = "0.4.4"; + }; + mime-types = { + dependencies = ["mime-types-data"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1zj12l9qk62anvk9bjvandpa6vy4xslil15wl6wlivyf51z773vh"; + type = "gem"; + }; + version = "3.3.1"; + }; + mime-types-data = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0dlxwc75iy0dj23x824cxpvpa7c8aqcpskksrmb32j6m66h5mkcy"; + type = "gem"; + }; + version = "3.2021.0704"; + }; + mini_exiftool = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ir4wigpm6nkd3f40wcjdqrhjx3l60w1hwcg143is1a95ypnvqhr"; + type = "gem"; + }; + version = "2.10.2"; + }; + mini_portile2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ad0mli9rc0f17zw4ibp24dbj1y39zkykijsjmnzl4gwpg5s0j6k"; + type = "gem"; + }; + version = "2.5.3"; + }; + nokogiri = { + dependencies = ["mini_portile2" "racc"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1vrn31385ix5k9b0yalnlzv360isv6dincbcvi8psllnwz4sjxj9"; + type = "gem"; + }; + version = "1.11.7"; + }; + racc = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "178k7r0xn689spviqzhvazzvxfq6fyjldxb3ywjbgipbfi4s8j1g"; + type = "gem"; + }; + version = "1.5.2"; + }; + rexml = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08ximcyfjy94pm1rhcx04ny1vx2sk0x4y185gzn86yfsbzwkng53"; + type = "gem"; + }; + version = "3.2.5"; + }; + rubyzip = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0grps9197qyxakbpw02pda59v45lfgbgiyw48i0mq9f2bn9y6mrz"; + type = "gem"; + }; + version = "2.3.2"; + }; + spider = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0fix7zhnvlfqg66bxwdpbsffbynzdnaifnxpakn07bjh3rdj75cx"; + type = "gem"; + }; + version = "0.5.4"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cfripper/default.nix b/nixpkgs/pkgs/tools/security/cfripper/default.nix new file mode 100644 index 000000000000..8959d6627de4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cfripper/default.nix @@ -0,0 +1,76 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +let + py = python3.override { + packageOverrides = self: super: { + + # pycfmodel is pinned, https://github.com/Skyscanner/cfripper/issues/204 + pycfmodel = super.pycfmodel.overridePythonAttrs (oldAttrs: rec { + version = "0.13.0"; + + src = fetchFromGitHub { + owner = "Skyscanner"; + repo = "pycfmodel"; + rev = version; + hash = "sha256-BlnLf0C/wxPXhoAH0SRB22eGWbbZ05L20rNy6qfOI+A="; + }; + }); + }; + }; +in +with py.pkgs; + +buildPythonApplication rec { + pname = "cfripper"; + version = "1.3.3"; + + src = fetchFromGitHub { + owner = "Skyscanner"; + repo = pname; + rev = version; + hash = "sha256-y3h/atfFl/wDmr+YBdsWrCez4PQBEcl3xNDyTwXZIp4="; + }; + + propagatedBuildInputs = with py.pkgs; [ + boto3 + cfn-flip + click + pluggy + pycfmodel + pydash + pyyaml + setuptools + ]; + + checkInputs = with py.pkgs; [ + moto + pytestCheckHook + ]; + + postPatch = '' + substituteInPlace setup.py \ + --replace "click~=7.1.1" "click" \ + --replace "pluggy~=0.13.1" "pluggy" \ + --replace "pydash~=4.7.6" "pydash" + ''; + + disabledTestPaths = [ + # Tests are failing + "tests/test_boto3_client.py" + "tests/config/test_pluggy.py" + ]; + + pythonImportsCheck = [ + "cfripper" + ]; + + meta = with lib; { + description = "Tool for analysing CloudFormation templates"; + homepage = "https://github.com/Skyscanner/cfripper"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cfssl/default.nix b/nixpkgs/pkgs/tools/security/cfssl/default.nix new file mode 100644 index 000000000000..4b4e6cedc5cd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cfssl/default.nix @@ -0,0 +1,48 @@ +{ lib, buildGoModule, fetchFromGitHub, go-rice }: + +buildGoModule rec { + pname = "cfssl"; + version = "1.6.1"; + + src = fetchFromGitHub { + owner = "cloudflare"; + repo = "cfssl"; + rev = "v${version}"; + sha256 = "sha256-QY04MecjQTmrkPkWcLkXJWErtaw7esb6GnPIKGTJL34="; + }; + + subPackages = [ + "cmd/cfssl" + "cmd/cfssljson" + "cmd/cfssl-bundle" + "cmd/cfssl-certinfo" + "cmd/cfssl-newkey" + "cmd/cfssl-scan" + "cmd/multirootca" + "cmd/mkbundle" + ]; + + vendorSha256 = null; + + doCheck = false; + + nativeBuildInputs = [ go-rice ]; + + preBuild = '' + pushd cli/serve + rice embed-go + popd + ''; + + ldflags = [ + "-s" "-w" + "-X github.com/cloudflare/cfssl/cli/version.version=v${version}" + ]; + + meta = with lib; { + homepage = "https://cfssl.org/"; + description = "Cloudflare's PKI and TLS toolkit"; + license = licenses.bsd2; + maintainers = with maintainers; [ mbrgm ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chaps/default.nix b/nixpkgs/pkgs/tools/security/chaps/default.nix new file mode 100644 index 000000000000..13ac6d67febf --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chaps/default.nix @@ -0,0 +1,91 @@ +{ lib, stdenv, fetchFromGitiles, fetchFromGitHub, fetchurl, trousers, leveldb, unzip +, scons, pkg-config, glib, dbus_cplusplus, dbus, protobuf, openssl, snappy, pam +}: + +let + src_chromebase = fetchFromGitiles { + url = "https://chromium.googlesource.com/chromium/src/base"; + rev = "2dfe404711e15e24e79799516400c61b2719d7af"; + sha256 = "2bd93a3ace4b6767db2c1bd1e16f426c97b8d2133a9cb15f8372b2516cfa65c5"; + }; + + src_gmock = fetchurl { + url = "https://googlemock.googlecode.com/files/gmock-1.7.0.zip"; + sha256 = "0nq98cpnv2jsx2byp4ilam6kydcnziflkc16ikydajmp4mcvpz16"; + }; + + src_platform2 = fetchFromGitiles { + url = "https://chromium.googlesource.com/chromiumos/platform2"; + rev = "e999e989eaa71c3db7314fc7b4e20829b2b5473b"; + sha256 = "15n1bsv6r7cny7arx0hdb223xzzbk7vkxg2r7xajhl4nsj39adjh"; + }; + +in + +stdenv.mkDerivation rec { + pname = "chaps"; + version = "0.42-6812"; + + src = fetchFromGitHub { + owner = "google"; + repo = "chaps-linux"; + rev = "989aadc45cdb216ca35b0c97d13fc691576fa1d7"; + sha256 = "0chk6pnn365d5kcz6vfqx1d0383ksk97icc0lzg0vvb0kvyj0ff1"; + }; + + NIX_CFLAGS_COMPILE = [ + # readdir_r(3) is deprecated in glibc >= 2.24 + "-Wno-error=deprecated-declarations" + # gcc8 catching polymorphic type error + "-Wno-error=catch-value" + ]; + + patches = [ ./fix_absolute_path.patch ./fix_environment_variables.patch ./fix_scons.patch ./insert_prefetches.patch ]; + + postPatch = '' + substituteInPlace makefile --replace @@NIXOS_SRC_CHROMEBASE@@ ${src_chromebase} + substituteInPlace makefile --replace @@NIXOS_SRC_GMOCK@@ ${src_gmock} + substituteInPlace makefile --replace @@NIXOS_SRC_PLATFORM2@@ ${src_platform2} + substituteInPlace makefile --replace @@NIXOS_LEVELDB@@ ${leveldb} + ''; + + nativeBuildInputs = [ unzip scons pkg-config ]; + + buildInputs = [ trousers glib dbus_cplusplus dbus protobuf openssl snappy leveldb pam ]; + + buildPhase = '' + make build + ''; + + installPhase = '' + mkdir -p $out/bin + cp ${pname}-${version}/out/chapsd $out/bin/. + cp ${pname}-${version}/out/chaps_client $out/bin/. + + mkdir -p $out/lib + cp ${pname}-${version}/out/libchaps.so.* $out/lib/. + mkdir -p $out/lib/security + cp ${pname}-${version}/out/pam_chaps.so $out/lib/security/. + + mkdir -p $out/include + cp -r ${pname}-${version}/out/chaps $out/include/. + + mkdir -p $out/etc/dbus-1/system.d + cp ${pname}-${version}/out/org.chromium.Chaps.conf $out/etc/dbus-1/system.d/. + mkdir -p $out/etc/dbus-1/system-services + cp ${pname}-${version}/platform2/chaps/org.chromium.Chaps.service $out/etc/dbus-1/system-services/. + + mkdir -p $out/usr/share/pam-configs/chaps + mkdir -p $out/usr/share/man/man8 + cp ${pname}-${version}/man/* $out/usr/share/man/man8/. + ''; + + meta = with lib; { + description = "PKCS #11 implementation based on trusted platform module (TPM)"; + homepage = "https://www.chromium.org/developers/design-documents/chaps-technical-design"; + maintainers = [ maintainers.tstrobel ]; + platforms = [ "x86_64-linux" ]; + license = licenses.bsd3; + broken = true; # build failure withn openssl 1.1 + }; +} diff --git a/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch b/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch new file mode 100644 index 000000000000..7dbd60c73c42 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch @@ -0,0 +1,18 @@ +diff --git a/patches/platform2/fix_echo.patch b/patches/platform2/fix_echo.patch +new file mode 100644 +index 0000000..d2272f6 +--- /dev/null ++++ b/patches/platform2/fix_echo.patch +@@ -0,0 +1,12 @@ ++diff -uNr platform2/common-mk/common.mk platform2-new/common-mk/common.mk ++--- platform2/common-mk/common.mk 2015-07-03 12:07:47.482745292 +0200 +++++ platform2-new/common-mk/common.mk 2015-07-03 12:08:16.868600569 +0200 ++@@ -263,7 +263,7 @@ ++ $(eval $(call override_var,STRIP,strip)) ++ ++ RMDIR ?= rmdir ++-ECHO = /bin/echo -e +++ECHO = echo -e ++ ++ ifeq ($(lastword $(subst /, ,$(CC))),clang) ++ CDRIVER = clang diff --git a/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch b/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch new file mode 100644 index 000000000000..2d7ee0d9a734 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch @@ -0,0 +1,42 @@ +diff --git a/extrasrc/Makefile b/extrasrc/Makefile +index fb95845..77125c0 100644 +--- a/extrasrc/Makefile ++++ b/extrasrc/Makefile +@@ -10,11 +10,11 @@ OUTDIR=$(SRCDIR)/out + GMOCK_DIR=$(SRCDIR)/gmock-$(GMOCK_VER) + GTEST_DIR=$(GMOCK_DIR)/gtest + +-INCLUDES="-I$(SRCDIR)/include -I$(SRCDIR)/platform2/libchromeos -isystem $(GTEST_DIR)/include -I$(GMOCK_DIR)/include -I$(SRCDIR)/leveldb/include" ++INCLUDES="-I$(SRCDIR)/include -I$(SRCDIR)/platform2/libchromeos -isystem $(GTEST_DIR)/include -I$(GMOCK_DIR)/include -I$(SRCDIR)/leveldb/include $(NIX_LDFLAG) $(NIX_CFLAGS_COMPILE)" + + # To build Chaps, defer to platform2/chaps/Makefile + all: libchrome-$(BASE_VER).a libchromeos-$(BASE_VER).a | out +- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) ++ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) + + # To build required Chromium components, defer to scons file. + libchrome-$(BASE_VER).a: +@@ -38,7 +38,7 @@ out/libgmock.a: out/gmock-all.o + ar -rv $@ $< + + test: out/libgtest.a out/libgmock.a libchrome-$(BASE_VER).a libchromeos-$(BASE_VER).a | out +- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) LDLIBS="-L$(OUTDIR)" OUT=$(OUTDIR) $(MAKE) tests ++ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) LDLIBS="-L$(OUTDIR)" OUT=$(OUTDIR) $(MAKE) tests + + clean: clean_chaps clean_chromeos clean_chromebase clean_gmock clean_debian + clean_gmock: +@@ -49,7 +49,7 @@ clean_chromebase: + clean_chromeos: + -BASE_VER=$(BASE_VER) scons -f Sconstruct.libchromeos -c + clean_chaps: +- -cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) $(MAKE) clean ++ -cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) $(MAKE) clean + rm -rf out + clean_debian: + dh_clean +@@ -64,4 +64,4 @@ install_man: + $(INSTALL) -m 0644 -D man/chapsd.8 $(MANDIR)/man8/chapsd.8 + $(INSTALL) -m 0644 -D man/chaps_client.8 $(MANDIR)/man8/chaps_client.8 + install: install_man +- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) install_files ++ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) install_files diff --git a/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch b/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch new file mode 100644 index 000000000000..54843453c868 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch @@ -0,0 +1,26 @@ +diff --git a/extrasrc/Sconstruct.libchrome b/extrasrc/Sconstruct.libchrome +index 4feb76d..311fe8a 100644 +--- a/extrasrc/Sconstruct.libchrome ++++ b/extrasrc/Sconstruct.libchrome +@@ -103,7 +103,7 @@ base_lib = { + 'pc_libs' : 'glib-2.0', + } + +-env = Environment() ++env = Environment(ENV = os.environ) + + BASE_VER = os.environ.get('BASE_VER', '0') + GTEST_DIR = os.environ.get('GTEST_DIR', '0') +diff --git a/extrasrc/Sconstruct.libchromeos b/extrasrc/Sconstruct.libchromeos +index 1da6001..66f9acb 100644 +--- a/extrasrc/Sconstruct.libchromeos ++++ b/extrasrc/Sconstruct.libchromeos +@@ -18,7 +18,7 @@ base_lib = { + 'pc_libs' : 'dbus-c++-1', + } + +-env = Environment() ++env = Environment(ENV = os.environ) + + PKG_CONFIG = os.environ.get('PKG_CONFIG', 'pkg-config') + BASE_VER = os.environ.get('BASE_VER', '0') diff --git a/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch b/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch new file mode 100644 index 000000000000..8b8449a6e661 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch @@ -0,0 +1,51 @@ +diff --git a/makefile b/makefile +index b6865f3..c14f5ec 100644 +--- a/makefile ++++ b/makefile +@@ -53,8 +53,8 @@ $(SRCDIR)/include/trousers/scoped_tss_type.h: extrasrc/scoped_tss_type.h | $(SRC + cp $< $@ + # Chromium includes <leveldb/memenv.h>. This requires an install of libleveldb-dev that has + # memenv support included; move this into a local leveldb/ subdirectory +-$(SRCDIR)/include/leveldb/memenv.h: /usr/include/leveldb/helpers/memenv.h | $(SRCDIR)/include/leveldb +- cp $< $@ ++$(SRCDIR)/include/leveldb/memenv.h: $(SRCDIR)/include/leveldb ++ cp @@NIXOS_LEVELDB@@/include/leveldb/helpers/memenv.h $@ + # Chromium includes <include/testing/gtest/include/gtest/gtest_prod.h>, so have a local copy. + $(SRCDIR)/include/testing/gtest/include/gtest/gtest_prod.h: extrasrc/gtest_prod.h | $(SRCDIR)/include/testing/gtest/include/gtest + cp $< $@ +@@ -80,7 +80,7 @@ GMOCK_DIR=$(SRCDIR)/gmock-$(GMOCK_VERSION) + GTEST_DIR=$(GMOCK_DIR)/gtest + src_gmock: $(GMOCK_DIR)/LICENSE + $(GMOCK_DIR)/LICENSE: | $(SRCDIR) +- cd $(SRCDIR) && wget $(GMOCK_URL) ++ cd $(SRCDIR) && cp @@NIXOS_SRC_GMOCK@@ gmock-$(GMOCK_VERSION).zip && chmod +w gmock-$(GMOCK_VERSION).zip + cd $(SRCDIR) && unzip -q gmock-$(GMOCK_VERSION).zip + rm $(SRCDIR)/gmock-$(GMOCK_VERSION).zip + touch $@ +@@ -107,8 +107,7 @@ src_chromebase: $(SRCDIR)/base/base64.h + $(SRCDIR)/base: | $(SRCDIR) + mkdir -p $@ + $(SRCDIR)/base/base64.h: | $(SRCDIR)/base +- git clone $(CHROMEBASE_GIT) $(SRCDIR)/base +- cd $(SRCDIR)/base && git checkout $(CHROMEBASE_COMMIT) ++ cp -r @@NIXOS_SRC_CHROMEBASE@@/. $(SRCDIR)/base && chmod -R +w $(SRCDIR)/base + + # We need two subdirectories from the platform2 repository from ChromiumOS: + # - chaps/ for the Chaps source code +@@ -119,14 +118,8 @@ $(SRCDIR)/platform2: + PLATFORM2_GIT=https://chromium.googlesource.com/chromiumos/platform2 + PATCHES=$(wildcard $(CURDIR)/patches/platform2/*.patch) + $(SRCDIR)/platform2/chaps/Makefile: | $(SRCDIR)/platform2 +- cd $(SRCDIR)/platform2 && git init . && git remote add -f origin $(PLATFORM2_GIT) +- cd $(SRCDIR)/platform2 && git config core.sparsecheckout true +- cd $(SRCDIR)/platform2 && echo "chaps" > .git/info/sparse-checkout +- cd $(SRCDIR)/platform2 && echo "libchromeos/chromeos" >> .git/info/sparse-checkout +- cd $(SRCDIR)/platform2 && echo "common-mk/common.mk" >> .git/info/sparse-checkout +- cd $(SRCDIR)/platform2 && git pull origin master +- cd $(SRCDIR)/platform2 && git checkout $(CROS_BRANCH) +- cd $(SRCDIR)/platform2 && if [ ! -z "$(PATCHES)" ]; then git am $(PATCHES); fi ++ cd $(SRCDIR)/platform2 && cp -r @@NIXOS_SRC_PLATFORM2@@/. . && chmod -R +w $(SRCDIR)/platform2 ++ cd $(SRCDIR)/platform2 && if [ ! -z "$(PATCHES)" ]; then patch -p1 < $(PATCHES); fi + + + # Copy man pages diff --git a/nixpkgs/pkgs/tools/security/chipsec/compile-ko.diff b/nixpkgs/pkgs/tools/security/chipsec/compile-ko.diff new file mode 100644 index 000000000000..0ab2c80a6251 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chipsec/compile-ko.diff @@ -0,0 +1,13 @@ +diff --git i/setup.py w/setup.py +index cfe2665..5795874 100755 +--- i/setup.py ++++ w/setup.py +@@ -179,7 +179,7 @@ class build_ext(_build_ext): + driver_build_function = self._build_win_driver + self._build_win_compression() + +- if not self.skip_driver: ++ if True: + driver_build_function() + + def get_source_files(self): diff --git a/nixpkgs/pkgs/tools/security/chipsec/default.nix b/nixpkgs/pkgs/tools/security/chipsec/default.nix new file mode 100644 index 000000000000..64d8885eedd4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chipsec/default.nix @@ -0,0 +1,73 @@ +{ lib +, stdenv +, fetchFromGitHub +, kernel ? null +, libelf +, nasm +, python3 +, withDriver ? false +}: + +python3.pkgs.buildPythonApplication rec { + pname = "chipsec"; + version = "1.8.1"; + + disabled = !stdenv.isLinux; + + src = fetchFromGitHub { + owner = "chipsec"; + repo = "chipsec"; + rev = version; + hash = "sha256-bK8wlwhP0pi8rOs8ysbSZ+0aZOaX4mckfH/p4OLGnes="; + }; + + patches = lib.optionals withDriver [ ./ko-path.diff ./compile-ko.diff ]; + + KSRC = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + + nativeBuildInputs = [ + libelf + nasm + ]; + + checkInputs = with python3.pkgs; [ + distro + pytestCheckHook + ]; + + preBuild = lib.optionalString withDriver '' + export CHIPSEC_BUILD_LIB=$(mktemp -d) + mkdir -p $CHIPSEC_BUILD_LIB/chipsec/helper/linux + ''; + + preInstall = lib.optionalString withDriver '' + mkdir -p $out/${python3.pkgs.python.sitePackages}/drivers/linux + mv $CHIPSEC_BUILD_LIB/chipsec/helper/linux/chipsec.ko \ + $out/${python3.pkgs.python.sitePackages}/drivers/linux/chipsec.ko + ''; + + setupPyBuildFlags = [ + "--build-lib=$CHIPSEC_BUILD_LIB" + ] ++ lib.optional (!withDriver) [ + "--skip-driver" + ]; + + pythonImportsCheck = [ + "chipsec" + ]; + + meta = with lib; { + description = "Platform Security Assessment Framework"; + longDescription = '' + CHIPSEC is a framework for analyzing the security of PC platforms + including hardware, system firmware (BIOS/UEFI), and platform components. + It includes a security test suite, tools for accessing various low level + interfaces, and forensic capabilities. It can be run on Windows, Linux, + Mac OS X and UEFI shell. + ''; + license = licenses.gpl2Only; + homepage = "https://github.com/chipsec/chipsec"; + maintainers = with maintainers; [ johnazoidberg ]; + platforms = if withDriver then [ "x86_64-linux" ] else platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chipsec/ko-path.diff b/nixpkgs/pkgs/tools/security/chipsec/ko-path.diff new file mode 100644 index 000000000000..ad26d232d964 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chipsec/ko-path.diff @@ -0,0 +1,13 @@ +diff --git c/chipsec/helper/linux/linuxhelper.py i/chipsec/helper/linux/linuxhelper.py +index c51b5e6..4be05ea 100644 +--- c/chipsec/helper/linux/linuxhelper.py ++++ i/chipsec/helper/linux/linuxhelper.py +@@ -152,7 +152,7 @@ class LinuxHelper(Helper): + else: + a2 = "a2=0x{}".format(phys_mem_access_prot) + +- driver_path = os.path.join(chipsec.file.get_main_dir(), "chipsec", "helper", "linux", "chipsec.ko" ) ++ driver_path = os.path.join(chipsec.file.get_main_dir(), "drivers", "linux", "chipsec.ko" ) + if not os.path.exists(driver_path): + driver_path += ".xz" + if not os.path.exists(driver_path): diff --git a/nixpkgs/pkgs/tools/security/chkrootkit/default.nix b/nixpkgs/pkgs/tools/security/chkrootkit/default.nix new file mode 100644 index 000000000000..b365fa62f953 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chkrootkit/default.nix @@ -0,0 +1,36 @@ +{ lib, stdenv, fetchurl, makeWrapper, binutils-unwrapped }: + +stdenv.mkDerivation rec { + pname = "chkrootkit"; + version = "0.55"; + + src = fetchurl { + url = "ftp://ftp.pangeia.com.br/pub/seg/pac/${pname}-${version}.tar.gz"; + sha256 = "sha256-qBwChuxEkxP5U3ASAqAOgbIE/Cz0PieFhaEcEqXgJYs="; + }; + + # TODO: a lazy work-around for linux build failure ... + makeFlags = [ "STATIC=" ]; + + nativeBuildInputs = [ makeWrapper ]; + + postPatch = '' + substituteInPlace chkrootkit \ + --replace " ./" " $out/bin/" + ''; + + installPhase = '' + mkdir -p $out/sbin + cp check_wtmpx chkdirs chklastlog chkproc chkrootkit chkutmp chkwtmp ifpromisc strings-static $out/sbin + + wrapProgram $out/sbin/chkrootkit \ + --prefix PATH : "${lib.makeBinPath [ binutils-unwrapped ]}" + ''; + + meta = with lib; { + description = "Locally checks for signs of a rootkit"; + homepage = "http://www.chkrootkit.org/"; + license = licenses.bsd2; + platforms = with platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch b/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch new file mode 100644 index 000000000000..9c379adb7dfb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch @@ -0,0 +1,25 @@ +diff -urN chntpw-140201.orig/Makefile chntpw-140201/Makefile +--- chntpw-140201.orig/Makefile 2014-02-01 20:54:37.000000000 +0400 ++++ chntpw-140201/Makefile 2014-08-03 20:26:56.497161881 +0400 +@@ -12,14 +12,13 @@ + + CC=gcc + +-# Force 32 bit +-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 +-OSSLLIB=$(OSSLPATH)/lib +- +-# 64 bit if default for compiler setup +-#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall +-#OSSLLIB=$(OSSLPATH)/lib64 +- ++ifeq '$(shell gcc -dumpmachine)' 'x86_64-unknown-linux-gnu' ++ CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall ++ OSSLLIB=$(OSSLPATH)/lib64 ++else ifeq '$(shell gcc -dumpmachine)' 'i686-unknown-linux-gnu' ++ CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 ++ OSSLLIB=$(OSSLPATH)/lib ++endif + + # This is to link with whatever we have, SSL crypto lib we put in static + #LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a diff --git a/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch b/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch new file mode 100644 index 000000000000..d3163a026f91 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch @@ -0,0 +1,26 @@ +diff -urN chntpw-140201.orig/Makefile chntpw-140201/Makefile +--- chntpw-140201.orig/Makefile 2014-08-03 20:26:56.497161881 +0400 ++++ chntpw-140201/Makefile 2014-08-04 12:57:16.563818342 +0400 +@@ -10,6 +10,8 @@ + OSSLPATH=/usr + OSSLINC=$(OSSLPATH)/include + ++PREFIX ?= /usr ++ + CC=gcc + + ifeq '$(shell gcc -dumpmachine)' 'x86_64-unknown-linux-gnu' +@@ -24,8 +26,12 @@ + #LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a + LIBS=-L$(OSSLLIB) + ++BINARIES := chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static + +-all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static ++all: $(BINARIES) ++install: $(BINARIES) ++ mkdir -p $(PREFIX)/bin ++ cp $^ $(PREFIX)/bin + + chntpw: chntpw.o ntreg.o edlib.o libsam.o + $(CC) $(CFLAGS) -o chntpw chntpw.o ntreg.o edlib.o libsam.o $(LIBS) diff --git a/nixpkgs/pkgs/tools/security/chntpw/default.nix b/nixpkgs/pkgs/tools/security/chntpw/default.nix new file mode 100644 index 000000000000..5bda55c418aa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chntpw/default.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + pname = "chntpw"; + + version = "140201"; + + src = fetchurl { + url = "http://pogostick.net/~pnh/ntpasswd/chntpw-source-${version}.zip"; + sha256 = "1k1cxsj0221dpsqi5yibq2hr7n8xywnicl8yyaicn91y8h2hkqln"; + }; + + nativeBuildInputs = [ unzip ]; + buildInputs = lib.optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; + + patches = [ + ./00-chntpw-build-arch-autodetect.patch + ./01-chntpw-install-target.patch + ]; + + installPhase = '' + make install PREFIX=$out + ''; + + meta = with lib; { + homepage = "http://pogostick.net/~pnh/ntpasswd/"; + description = "An utility to reset the password of any user that has a valid local account on a Windows system"; + maintainers = with lib.maintainers; [ deepfire ]; + license = licenses.gpl2; + platforms = with lib.platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chopchop/default.nix b/nixpkgs/pkgs/tools/security/chopchop/default.nix new file mode 100644 index 000000000000..10ac9e7f4a77 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chopchop/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "chopchop"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "michelin"; + repo = "ChopChop"; + rev = "v${version}"; + sha256 = "qSBQdcS6d0tctSHRbkY4T7s6Zj7xI2abaPUvNKh1M2E="; + }; + + vendorSha256 = "UxWARWOFp8AYKEdiJwRZNwFrphgMTJSZjnvktTNOsgU="; + + meta = with lib; { + description = "CLI to search for sensitive services/files/folders"; + homepage = "https://github.com/michelin/ChopChop"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix b/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix new file mode 100644 index 000000000000..18104aa7710d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix @@ -0,0 +1,38 @@ +{ lib, mkDerivation, fetchFromGitHub, qmake, pcsclite, pkg-config, opensc }: + +mkDerivation rec { + pname = "chrome-token-signing"; + version = "1.1.5"; + + src = fetchFromGitHub { + owner = "open-eid"; + repo = "chrome-token-signing"; + rev = "v${version}"; + sha256 = "sha256-wKy/RVR7jx5AkMJgHXsuV+jlzyfH5nDRggcIUgh2ML4="; + }; + + buildInputs = [ qmake pcsclite pkg-config ]; + dontUseQmakeConfigure = true; + + patchPhase = '' + substituteInPlace host-linux/ee.ria.esteid.json --replace /usr $out + # TODO: macos + substituteInPlace host-shared/PKCS11Path.cpp \ + --replace opensc-pkcs11.so ${opensc}/lib/pkcs11/opensc-pkcs11.so + ''; + + installPhase = '' + install -D -t $out/bin host-linux/chrome-token-signing + # TODO: wire these up + install -D -t $out/etc/chromium/native-messaging-hosts host-linux/ee.ria.esteid.json + install -D -t $out/lib/mozilla/native-messaging-hosts host-linux/ff/ee.ria.esteid.json + ''; + + meta = with lib; { + description = "Chrome and Firefox extension for signing with your eID on the web"; + homepage = "https://github.com/open-eid/chrome-token-signing/wiki"; + license = licenses.lgpl21; + maintainers = [ maintainers.mmahut ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cipherscan/default.nix b/nixpkgs/pkgs/tools/security/cipherscan/default.nix new file mode 100644 index 000000000000..23022f92b6af --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cipherscan/default.nix @@ -0,0 +1,43 @@ +{ stdenv, lib, fetchFromGitHub, openssl, makeWrapper, python3, coreutils }: + +stdenv.mkDerivation rec { + pname = "cipherscan"; + version = "2016-08-16"; + + src = fetchFromGitHub { + owner = "mozilla"; + repo = "cipherscan"; + rev = "74dd82e8ad994a140daf79489d3bd1c5ad928d38"; + sha256 = "16azhlmairnvdz7xmwgvfpn2pzw1p8z7c9b27m07fngqjkpx0mhh"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ python3 ]; + + strictDeps = true; + + buildPhase = '' + substituteInPlace cipherscan --replace '$0' 'cipherscan' + ''; + + installPhase = '' + mkdir -p $out/bin + + cp cipherscan $out/bin + cp openssl.cnf $out/bin + cp analyze.py $out/bin/cipherscan-analyze + + wrapProgram $out/bin/cipherscan \ + --set NOAUTODETECT 1 \ + --set TIMEOUTBIN "${coreutils}/bin/timeout" \ + --set OPENSSLBIN "${openssl}/bin/openssl" + ''; + + meta = with lib; { + inherit (src.meta) homepage; + description = "Very simple way to find out which SSL ciphersuites are supported by a target"; + license = licenses.mpl20; + platforms = platforms.all; + maintainers = with maintainers; [ cstrahan fpletz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/clamav/default.nix b/nixpkgs/pkgs/tools/security/clamav/default.nix new file mode 100644 index 000000000000..cc1eaf8265cf --- /dev/null +++ b/nixpkgs/pkgs/tools/security/clamav/default.nix @@ -0,0 +1,59 @@ +{ lib, stdenv, fetchurl, pkg-config +, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2 +, libmspack, systemd, Foundation, json_c, check +}: + +stdenv.mkDerivation rec { + pname = "clamav"; + version = "0.103.5"; + + src = fetchurl { + url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; + sha256 = "sha256-HnSx4dKoqQVkScMT9Ippg7nVug1vte8LK+atPIQaVCY="; + }; + + # don't install sample config files into the absolute sysconfdir folder + postPatch = '' + substituteInPlace Makefile.in --replace ' etc ' ' ' + ''; + + enableParallelBuilding = true; + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ + zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack json_c check + ] ++ lib.optional stdenv.isLinux systemd + ++ lib.optional stdenv.isDarwin Foundation; + + configureFlags = [ + "--libdir=$(out)/lib" + "--sysconfdir=/etc/clamav" + "--disable-llvm" # enabling breaks the build at the moment + "--with-zlib=${zlib.dev}" + "--with-xml=${libxml2.dev}" + "--with-openssl=${openssl.dev}" + "--with-libcurl=${curl.dev}" + "--with-libjson=${json_c.dev}" + "--with-system-libmspack" + "--enable-milter" + "--disable-unrar" # disable unrar because it's non-free and requires some extra patching to work properly + "--enable-check" + ] ++ lib.optional stdenv.isLinux + "--with-systemdsystemunitdir=$(out)/lib/systemd"; + + postInstall = '' + mkdir $out/etc + cp etc/*.sample $out/etc + ''; + + # Only required for the unit tests + hardeningDisable = [ "format" ]; + doCheck = true; + + meta = with lib; { + homepage = "https://www.clamav.net"; + description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats"; + license = licenses.gpl2; + maintainers = with maintainers; [ robberer qknight fpletz globin ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/clevis/default.nix b/nixpkgs/pkgs/tools/security/clevis/default.nix new file mode 100644 index 000000000000..753fd8a6395e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/clevis/default.nix @@ -0,0 +1,41 @@ +{ lib, stdenv, fetchFromGitHub, meson, ninja, pkg-config, asciidoc +, makeWrapper, jansson, jose, cryptsetup, curl, libpwquality, luksmeta +, coreutils, tpm2-tools +}: + +stdenv.mkDerivation rec { + pname = "clevis"; + version = "18"; + + src = fetchFromGitHub { + owner = "latchset"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-m1UhyjD5ydSgCTBu6sECLlxFx0rnQxFnBA7frbdUqU8="; + }; + + postPatch = '' + for f in $(find src/ -type f); do + grep -q "/bin/cat" "$f" && substituteInPlace "$f" \ + --replace '/bin/cat' '${coreutils}/bin/cat' || true + done + ''; + + postInstall = '' + # We wrap the main clevis binary entrypoint but not the sub-binaries. + wrapProgram $out/bin/clevis \ + --prefix PATH ':' "${tpm2-tools}/bin:${jose}/bin:${placeholder "out"}/bin" + ''; + + nativeBuildInputs = [ meson ninja pkg-config asciidoc makeWrapper ]; + buildInputs = [ jansson jose cryptsetup curl libpwquality luksmeta tpm2-tools ]; + + outputs = [ "out" "man" ]; + + meta = { + description = "Automated Encryption Framework"; + homepage = "https://github.com/latchset/clevis"; + maintainers = with lib.maintainers; [ fpletz ]; + license = lib.licenses.gpl3Plus; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cloudbrute/default.nix b/nixpkgs/pkgs/tools/security/cloudbrute/default.nix new file mode 100644 index 000000000000..84a59ec495f2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cloudbrute/default.nix @@ -0,0 +1,30 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "cloudbrute"; + version = "1.0.7"; + + src = fetchFromGitHub { + owner = "0xsha"; + repo = "CloudBrute"; + rev = "v${version}"; + sha256 = "05b9klddk8wvi78j47jyg9pix6qpxyr01l1m7k1j7598siazfv9g"; + }; + + vendorSha256 = "0f3n0wrmg9d2qyn8hlnhf9lsfqd9443myzr04p48v68m8n83j6a9"; + + meta = with lib; { + description = "Cloud enumeration tool"; + longDescription = '' + A tool to find a company (target) infrastructure, files, and apps on + the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, + Alibaba, Vultr, Linode). + ''; + homepage = "https://github.com/0xsha/CloudBrute"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cloudlist/default.nix b/nixpkgs/pkgs/tools/security/cloudlist/default.nix new file mode 100644 index 000000000000..203b044a6ded --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cloudlist/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "cloudlist"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "projectdiscovery"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-o5xJwbdYeFF3jWTy/zvswB9dFp/fxtgZB5a+c7cc2OQ="; + }; + + vendorSha256 = "sha256-rzbf/au2qrdoBowsw7DbeCcBbF42bqJDnuKC1sSFxho="; + + meta = with lib; { + description = "Tool for listing assets from multiple cloud providers"; + homepage = "https://github.com/projectdiscovery/cloudlist"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cosign/default.nix b/nixpkgs/pkgs/tools/security/cosign/default.nix new file mode 100644 index 000000000000..5bfc16718bf7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cosign/default.nix @@ -0,0 +1,52 @@ +{ stdenv, lib, buildGoModule, fetchFromGitHub, pcsclite, pkg-config, installShellFiles, PCSC, pivKeySupport ? true, pkcs11Support ? true }: + +buildGoModule rec { + pname = "cosign"; + version = "1.5.2"; + + src = fetchFromGitHub { + owner = "sigstore"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-37jahAGgQn7HwwdRTlAS/oJQ3BxTkMViI6iJMBYFgjI="; + }; + + buildInputs = lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite) + ++ lib.optionals (stdenv.isDarwin && pivKeySupport) [ PCSC ]; + + nativeBuildInputs = [ pkg-config installShellFiles ]; + + vendorSha256 = "sha256-d3aOX4iMlhlxgYbqCHCIFKXunVha0Fw4ZBmy4OA6EhI="; + + excludedPackages = "\\(sample\\|webhook\\|help\\)"; + + tags = [] ++ lib.optionals pivKeySupport [ "pivkey" ] ++ lib.optionals pkcs11Support [ "pkcs11key" ]; + + ldflags = [ "-s" "-w" "-X github.com/sigstore/cosign/pkg/version.GitVersion=v${version}" ]; + + postPatch = '' + rm pkg/cosign/tuf/client_test.go # Require network access + rm internal/pkg/cosign/fulcio/signer_test.go # Require network access + rm internal/pkg/cosign/rekor/signer_test.go # Require network access + rm pkg/cosign/kubernetes/webhook/validator_test.go # Require network access + ''; + + postInstall = '' + installShellCompletion --cmd cosign \ + --bash <($out/bin/cosign completion bash) \ + --fish <($out/bin/cosign completion fish) \ + --zsh <($out/bin/cosign completion zsh) + installShellCompletion --cmd sget \ + --bash <($out/bin/sget completion bash) \ + --fish <($out/bin/sget completion fish) \ + --zsh <($out/bin/sget completion zsh) + ''; + + meta = with lib; { + homepage = "https://github.com/sigstore/cosign"; + changelog = "https://github.com/sigstore/cosign/releases/tag/v${version}"; + description = "Container Signing CLI with support for ephemeral keys and Sigstore signing"; + license = licenses.asl20; + maintainers = with maintainers; [ lesuisse jk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cowpatty/default.nix b/nixpkgs/pkgs/tools/security/cowpatty/default.nix new file mode 100644 index 000000000000..934b31a35da6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cowpatty/default.nix @@ -0,0 +1,48 @@ +{ lib +, stdenv +, clang +, fetchFromGitHub +, installShellFiles +, openssl +, libpcap +}: + +stdenv.mkDerivation rec { + pname = "cowpatty"; + version = "4.8"; + + src = fetchFromGitHub { + owner = "joswr1ght"; + repo = pname; + rev = version; + sha256 = "0fvwwghhd7wsx0lw2dj9rdsjnirawnq3c6silzvhi0yfnzn5fs0s"; + }; + + nativeBuildInputs = [ + clang + installShellFiles + ]; + + buildInputs = [ + openssl + libpcap + ]; + + makeFlags = [ + "DESTDIR=$(out)" + "BINDIR=/bin" + ]; + + postInstall = '' + installManPage cowpatty.1 + installManPage genpmk.1 + ''; + + meta = with lib; { + description = "Offline dictionary attack against WPA/WPA2 networks"; + homepage = "https://github.com/joswr1ght/cowpatty"; + license = licenses.bsd3; + maintainers = with maintainers; [ nico202 fab ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/crackxls/default.nix b/nixpkgs/pkgs/tools/security/crackxls/default.nix new file mode 100644 index 000000000000..748bfdcb2cad --- /dev/null +++ b/nixpkgs/pkgs/tools/security/crackxls/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub, pkg-config, autoconf, automake, openssl, libgsf, gmp }: + +stdenv.mkDerivation rec { + + pname = "crackxls"; + version = "0.4"; + + src = fetchFromGitHub { + owner = "GavinSmith0123"; + repo = "crackxls2003"; + rev = "v${version}"; + sha256 = "0q5jl7hcds3f0rhly3iy4fhhbyh9cdrfaw7zdrazzf1wswwhyssz"; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ autoconf automake openssl libgsf gmp ]; + + installPhase = + '' + mkdir -p $out/bin + cp crackxls2003 $out/bin/ + ''; + + meta = with lib; { + homepage = "https://github.com/GavinSmith0123/crackxls2003/"; + description = "Used to break the encryption on old Microsoft Excel and Microsoft Word files"; + platforms = platforms.linux; + license = licenses.gpl3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/credential-detector/default.nix b/nixpkgs/pkgs/tools/security/credential-detector/default.nix new file mode 100644 index 000000000000..1e3497b0ca0e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/credential-detector/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "credential-detector"; + version = "1.7.0"; + + src = fetchFromGitHub { + owner = "ynori7"; + repo = pname; + rev = "v${version}"; + sha256 = "1g5ja32rsf1b7y9gvmy29qz2ymyyvgh53wzd6vvknfla1df0slab"; + }; + + vendorSha256 = "1mn3sysvdz4b94804gns1yssk2q08djq3kq3cd1h7gm942zwrnq4"; + + meta = with lib; { + description = "Tool to detect potentially hard-coded credentials"; + homepage = "https://github.com/ynori7/credential-detector"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/credslayer/default.nix b/nixpkgs/pkgs/tools/security/credslayer/default.nix new file mode 100644 index 000000000000..223f9dd70eb9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/credslayer/default.nix @@ -0,0 +1,52 @@ +{ lib +, fetchFromGitHub +, python3 +, wireshark-cli +}: + +python3.pkgs.buildPythonApplication rec { + pname = "credslayer"; + version = "0.1.2"; + + src = fetchFromGitHub { + owner = "ShellCode33"; + repo = "CredSLayer"; + rev = "v${version}"; + sha256 = "1rbfy0h9c2gra1r2b39kngj3m7g177nmzzs5xy9np8lxixrh17pc"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + pyshark + ]; + + checkInputs = with python3.pkgs; [ + wireshark-cli + pytestCheckHook + ]; + + pytestFlagsArray = [ "tests/tests.py" ]; + + disabledTests = [ + # Requires a telnet setup + "test_telnet" + # stdout has all the correct data, but the underlying test code fails + # functionally everything seems to be intact + "http_get_auth" + "test_http_post_auth" + "test_ntlmssp" + ]; + + pythonImportsCheck = [ "credslayer" ]; + + postInstall = '' + wrapProgram $out/bin/credslayer \ + --prefix PATH : "${lib.makeBinPath [ wireshark-cli ]}" + ''; + + meta = with lib; { + description = "Extract credentials and other useful info from network captures"; + homepage = "https://github.com/ShellCode33/CredSLayer"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/crlfuzz/default.nix b/nixpkgs/pkgs/tools/security/crlfuzz/default.nix new file mode 100644 index 000000000000..d203d0d7f463 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/crlfuzz/default.nix @@ -0,0 +1,27 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "crlfuzz"; + version = "1.4.1"; + + src = fetchFromGitHub { + owner = "dwisiswant0"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-rqhdxOQmZCRtq+IZygKLleb5GoKP2akyEc3rbGcnZmw="; + }; + + vendorSha256 = "sha256-yLtISEJWIKqCuZtQxReu/Vykw5etqgLpuXqOdtwBkqU="; + + doCheck = true; + + meta = with lib; { + description = "Tool to scan for CRLF vulnerability"; + homepage = "https://github.com/dwisiswant0/crlfuzz"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/crowbar/default.nix b/nixpkgs/pkgs/tools/security/crowbar/default.nix new file mode 100644 index 000000000000..e58f77457de2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/crowbar/default.nix @@ -0,0 +1,42 @@ +{ fetchFromGitHub +, freerdp +, nmap +, openvpn +, python3Packages +, lib +, tigervnc +}: + +python3Packages.buildPythonApplication rec { + pname = "crowbar"; + version = "unstable-2020-04-23"; + + src = fetchFromGitHub { + owner = "galkan"; + repo = pname; + rev = "500d633ff5ddfcbc70eb6d0b4d2181e5b8d3c535"; + sha256 = "05m9vywr9976pc7il0ak8nl26mklzxlcqx0p8rlfyx1q766myqzf"; + }; + + propagatedBuildInputs = [ python3Packages.paramiko ]; + + patchPhase = '' + sed -i 's,/usr/bin/xfreerdp,${freerdp}/bin/xfreerdp,g' lib/main.py + sed -i 's,/usr/bin/vncviewer,${tigervnc}/bin/vncviewer,g' lib/main.py + sed -i 's,/usr/sbin/openvpn,${openvpn}/bin/openvpn,g' lib/main.py + + sed -i 's,/usr/bin/nmap,${nmap}/bin/nmap,g' lib/nmap.py + ''; + + # Sanity check + checkPhase = '' + $out/bin/crowbar --help > /dev/null + ''; + + meta = with lib; { + homepage = "https://github.com/galkan/crowbar"; + description = "A brute forcing tool that can be used during penetration tests"; + license = licenses.mit; + maintainers = with maintainers; [ pamplemousse ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/crunch/default.nix b/nixpkgs/pkgs/tools/security/crunch/default.nix new file mode 100644 index 000000000000..df1d50c60fad --- /dev/null +++ b/nixpkgs/pkgs/tools/security/crunch/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchurl, which }: + +stdenv.mkDerivation rec { + pname = "crunch"; + version = "3.6"; + + src = fetchurl { + url = "mirror://sourceforge/crunch-wordlist/${pname}-${version}.tgz"; + sha256 = "0mgy6ghjvzr26yrhj1bn73qzw6v9qsniskc5wqq1kk0hfhy6r3va"; + }; + + buildInputs = [ which ]; + + preBuild = '' + substituteInPlace Makefile \ + --replace '-g root -o root' "" \ + --replace '-g wheel -o root' "" \ + --replace 'sudo ' "" + ''; + + makeFlags = [ "PREFIX=$(out)" ]; + + meta = with lib; { + description = "Wordlist generator"; + homepage = "https://sourceforge.net/projects/crunch-wordlist/"; + platforms = platforms.unix; + license = with licenses; [ gpl2Only ]; + maintainers = with maintainers; [ lnl7 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cryptomator/default.nix b/nixpkgs/pkgs/tools/security/cryptomator/default.nix new file mode 100644 index 000000000000..ec18a5ed10ce --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cryptomator/default.nix @@ -0,0 +1,91 @@ +{ lib, stdenv, fetchFromGitHub +, autoPatchelfHook +, fuse, packer +, maven, jdk, jre, makeWrapper, glib, wrapGAppsHook +}: + +let + pname = "cryptomator"; + version = "1.5.15"; + + src = fetchFromGitHub { + owner = "cryptomator"; + repo = "cryptomator"; + rev = version; + sha256 = "06n7wda7gfalvsg1rlcm51ss73nlbhh95z6zq18yvn040clkzkij"; + }; + + icons = fetchFromGitHub { + owner = "cryptomator"; + repo = "cryptomator-linux"; + rev = version; + sha256 = "1sqbx858zglv0xkpjya0cpbkxf2hkj1xvxhnir3176y2xyjv6aib"; + }; + + # perform fake build to make a fixed-output derivation out of the files downloaded from maven central (120MB) + deps = stdenv.mkDerivation { + name = "cryptomator-${version}-deps"; + inherit src; + + nativeBuildInputs = [ jdk maven ]; + + buildPhase = '' + cd main + while mvn -Prelease package -Dmaven.repo.local=$out/.m2 -Dmaven.wagon.rto=5000; [ $? = 1 ]; do + echo "timeout, restart maven to continue downloading" + done + ''; + + # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside + installPhase = '' + find $out/.m2 -type f -regex '.+\(\.lastUpdated\|resolver-status\.properties\|_remote\.repositories\)' -delete + find $out/.m2 -type f -iname '*.pom' -exec sed -i -e 's/\r\+$//' {} \; + ''; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "195ysv9l861y9d1lvmvi7wmk172ynlba9n233blpaigq88cjn208"; + }; + +in stdenv.mkDerivation rec { + inherit pname version src; + + buildPhase = '' + cd main + mvn -Prelease package --offline -Dmaven.repo.local=$(cp -dpR ${deps}/.m2 ./ && chmod +w -R .m2 && pwd)/.m2 + ''; + + installPhase = '' + mkdir -p $out/bin/ $out/usr/share/cryptomator/libs/ + + cp buildkit/target/libs/* buildkit/target/linux-libs/* $out/usr/share/cryptomator/libs/ + + makeWrapper ${jre}/bin/java $out/bin/cryptomator \ + --add-flags "-classpath '$out/usr/share/cryptomator/libs/*'" \ + --add-flags "-Dcryptomator.settingsPath='~/.config/Cryptomator/settings.json'" \ + --add-flags "-Dcryptomator.ipcPortPath='~/.config/Cryptomator/ipcPort.bin'" \ + --add-flags "-Dcryptomator.logDir='~/.local/share/Cryptomator/logs'" \ + --add-flags "-Dcryptomator.mountPointsDir='~/.local/share/Cryptomator/mnt'" \ + --add-flags "-Djdk.gtk.version=3" \ + --add-flags "-Xss20m" \ + --add-flags "-Xmx512m" \ + --add-flags "org.cryptomator.launcher.Cryptomator" \ + --prefix PATH : "$out/usr/share/cryptomator/libs/:${lib.makeBinPath [ jre glib ]}" \ + --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ fuse ]}" \ + --set JAVA_HOME "${jre.home}" + + # install desktop entry and icons + cp -r ${icons}/resources/appimage/AppDir/usr/* $out/ + ''; + + nativeBuildInputs = [ autoPatchelfHook maven makeWrapper wrapGAppsHook jdk ]; + buildInputs = [ fuse packer jre glib ]; + + meta = with lib; { + description = "Free client-side encryption for your cloud files"; + homepage = "https://cryptomator.org"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ bachp ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ctmg/default.nix b/nixpkgs/pkgs/tools/security/ctmg/default.nix new file mode 100644 index 000000000000..b08af06825e3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ctmg/default.nix @@ -0,0 +1,21 @@ +{ lib, stdenv, fetchzip }: + +stdenv.mkDerivation rec { + pname = "ctmg"; + version = "1.2"; + + src = fetchzip { + url = "https://git.zx2c4.com/ctmg/snapshot/ctmg-${version}.tar.xz"; + sha256 = "1i4v8sriwjrmj3yizbl1ysckb711yl9qsn9x45jq0ij1apsydhyc"; + }; + + installPhase = "install -D ctmg.sh $out/bin/ctmg"; + + meta = with lib; { + description = "An encrypted container manager for Linux using cryptsetup"; + homepage = "https://git.zx2c4.com/ctmg/about/"; + license = licenses.isc; + maintainers = with maintainers; [ mrVanDalo ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix b/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix new file mode 100644 index 000000000000..dd26ce887eaa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix @@ -0,0 +1,84 @@ +{ lib +, buildPythonApplication +, fetchFromGitHub +, jsonschema +, plotly +, pytest +, pytest-xdist +, pytest-cov +, pytest-asyncio +, beautifulsoup4 +, pyyaml +, isort +, py +, jinja2 +, rpmfile +, reportlab +, zstandard +, rich +, aiohttp +, toml +, distro + # aiohttp[speedups] +, aiodns +, brotlipy +, cchardet +, pillow +, pytestCheckHook +}: +buildPythonApplication rec { + pname = "cve-bin-tool"; + version = "3.0"; + + src = fetchFromGitHub { + owner = "intel"; + repo = "cve-bin-tool"; + rev = "v${version}"; + sha256 = "1fmdnlhi03fdr4d4n7ydf6m0gx0cl77n3db8ldbs3m9zryblhzpr"; + }; + + # Wants to open a sqlite database, access the internet, etc + doCheck = false; + + propagatedBuildInputs = [ + jsonschema + plotly + pytest + pytest-xdist + pytest-cov + pytest-asyncio + beautifulsoup4 + pyyaml + isort + py + jinja2 + rpmfile + reportlab + zstandard + rich + aiohttp + toml + distro + # aiohttp[speedups] + aiodns + brotlipy + cchardet + # needed by brotlipy + pillow + ]; + + checkInputs = [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "cve_bin_tool" + ]; + + meta = with lib; { + description = "CVE Binary Checker Tool"; + homepage = "https://github.com/intel/cve-bin-tool"; + license = licenses.gpl3Only; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dalfox/default.nix b/nixpkgs/pkgs/tools/security/dalfox/default.nix new file mode 100644 index 000000000000..5ce633d3cec9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dalfox/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "dalfox"; + version = "2.7.1"; + + src = fetchFromGitHub { + owner = "hahwul"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-+Jr2pWV3iImKVnXH8mQXauHOh3uJChUe22U4JzIotD0="; + }; + + vendorSha256 = "sha256-4ot9qvTsUMxbcbu1y+5Tkvgo3t0MWA1EPSGqM0CM2DU="; + + meta = with lib; { + description = "Tool for analysing parameter and XSS scanning"; + homepage = "https://github.com/hahwul/dalfox"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/deepsea/default.nix b/nixpkgs/pkgs/tools/security/deepsea/default.nix new file mode 100644 index 000000000000..e351eb7a79d4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/deepsea/default.nix @@ -0,0 +1,30 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "deepsea"; + version = "0.9"; + + src = fetchFromGitHub { + owner = "dsnezhkov"; + repo = pname; + rev = "v${version}"; + sha256 = "02s03sha8vwp7dsaw3z446pskhb6wmy0hyj0mhpbx58sf147rkig"; + }; + + vendorSha256 = "0vpkzykfg1rq4qi1v5lsa0drpil9i6ccfw96k48ppi9hiwzpq94w"; + + meta = with lib; { + description = "Phishing tool for red teams and pentesters"; + longDescription = '' + DeepSea phishing gear aims to help RTOs and pentesters with the + delivery of opsec-tight, flexible email phishing campaigns carried + out on the outside as well as on the inside of a perimeter. + ''; + homepage = "https://github.com/dsnezhkov/deepsea"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dirmngr/default.nix b/nixpkgs/pkgs/tools/security/dirmngr/default.nix new file mode 100644 index 000000000000..b7aeed2ace14 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dirmngr/default.nix @@ -0,0 +1,18 @@ +{ lib, stdenv, fetchurl, libgpg-error, libgcrypt, libassuan, libksba, pth, openldap +, libiconv}: + +stdenv.mkDerivation rec { + pname = "dirmngr"; + version = "1.1.1"; + src = fetchurl { + url = "mirror://gnupg/dirmngr/dirmngr-${version}.tar.bz2"; + sha256 = "1zz6m87ca55nq5f59hzm6qs48d37h93il881y7d0rf2d6660na6j"; + }; + buildInputs = [ libgpg-error libgcrypt libassuan libksba + pth openldap libiconv ]; + + meta = { + platforms = lib.platforms.unix; + license = lib.licenses.gpl2Plus; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dismap/default.nix b/nixpkgs/pkgs/tools/security/dismap/default.nix new file mode 100644 index 000000000000..c6dcd1051e56 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dismap/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "dismap"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "zhzyker"; + repo = pname; + rev = "v${version}"; + sha256 = "0d5r6n92ndlr48f4z6lxwrx7bdh5mmibdjcyab4j2h49lf37c1qd"; + }; + + vendorSha256 = "00hwhc86rj806arvqfhfarmxs1drcdp91xkr12whqhsi9ddc254d"; + + meta = with lib; { + description = "Asset discovery and identification tools"; + homepage = "https://github.com/zhzyker/dismap"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dnsenum/default.nix b/nixpkgs/pkgs/tools/security/dnsenum/default.nix new file mode 100644 index 000000000000..a24fc96621f1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dnsenum/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchFromGitHub, makeWrapper, perl, perlPackages }: + +stdenv.mkDerivation rec { + pname = "dnsenum"; + version = "1.2.4.2"; + + src = fetchFromGitHub { + owner = "fwaeytens"; + repo = pname; + rev = version; + sha256 = "1bg1ljv6klic13wq4r53bg6inhc74kqwm3w210865b1v1n8wj60v"; + }; + + propagatedBuildInputs = with perlPackages; [ + perl NetDNS NetIP NetNetmask StringRandom XMLWriter NetWhoisIP WWWMechanize + ]; + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + install -vD dnsenum.pl $out/bin/dnsenum + install -vD dns.txt -t $out/share + ''; + + meta = with lib; { + homepage = "https://github.com/fwaeytens/dnsenum"; + description = "A tool to enumerate DNS information"; + maintainers = with maintainers; [ c0bw3b ]; + license = licenses.gpl2Plus; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dnspeep/default.nix b/nixpkgs/pkgs/tools/security/dnspeep/default.nix new file mode 100644 index 000000000000..58abf25b858d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dnspeep/default.nix @@ -0,0 +1,25 @@ +{ lib, rustPlatform, fetchFromGitHub, libpcap }: + +rustPlatform.buildRustPackage rec { + pname = "dnspeep"; + version = "0.1.3"; + + src = fetchFromGitHub { + owner = "jvns"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-QpUbHiMDQFRCTVyjrO9lfQQ62Z3qanv0j+8eEXjE3n4="; + }; + + cargoSha256 = "sha256-w81FewtyweuSNYNPNr2uxB0uB1JoN5t252CAG1pm4Z8="; + + LIBPCAP_LIBDIR = lib.makeLibraryPath [ libpcap ]; + LIBPCAP_VER = libpcap.version; + + meta = with lib; { + description = "Spy on the DNS queries your computer is making"; + homepage = "https://github.com/jvns/dnspeep"; + license = licenses.mit; + maintainers = with maintainers; [ figsoda ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dnsrecon/default.nix b/nixpkgs/pkgs/tools/security/dnsrecon/default.nix new file mode 100644 index 000000000000..e3fe955eb9f1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dnsrecon/default.nix @@ -0,0 +1,47 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "dnsrecon"; + version = "1.0.0"; + format = "other"; + + src = fetchFromGitHub { + owner = "darkoperator"; + repo = pname; + rev = version; + sha256 = "sha256-VRO5ugr/+iZh+hh3tVs/JNAr7GXao/HK43O3FlkbcSM="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + dnspython + netaddr + lxml + ]; + + postPatch = '' + substituteInPlace dnsrecon.py \ + --replace "namelist.txt" "../share/namelist.txt" + ''; + + installPhase = '' + runHook preInstall + + install -vD dnsrecon.py $out/bin/dnsrecon + install -vD namelist.txt subdomains-*.txt -t $out/share + install -vd $out/${python3.sitePackages}/ + cp -R lib tools msf_plugin $out/${python3.sitePackages} + + runHook postInstall + ''; + + + meta = with lib; { + description = "DNS Enumeration script"; + homepage = "https://github.com/darkoperator/dnsrecon"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ c0bw3b fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dnsx/default.nix b/nixpkgs/pkgs/tools/security/dnsx/default.nix new file mode 100644 index 000000000000..9ba91d186530 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dnsx/default.nix @@ -0,0 +1,31 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "dnsx"; + version = "1.0.8"; + + src = fetchFromGitHub { + owner = "projectdiscovery"; + repo = "dnsx"; + rev = "v${version}"; + sha256 = "sha256-+ZLnQtN5MnWnOpLHkaZMhhsFWgGhnhalkXLakJf1wKU="; + }; + + vendorSha256 = "sha256-RtYAggUWQ8b2qf5ly7BSRc+8npbLiWdM4h0Krdp4Py4="; + + meta = with lib; { + description = "Fast and multi-purpose DNS toolkit"; + longDescription = '' + dnsx is a fast and multi-purpose DNS toolkit allow to run multiple + probers using retryabledns library, that allows you to perform + multiple DNS queries of your choice with a list of user supplied + resolvers. + ''; + homepage = "https://github.com/projectdiscovery/dnsx"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch b/nixpkgs/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch new file mode 100644 index 000000000000..a22781269d8b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch @@ -0,0 +1,24 @@ +From 9218347b8f833ab05d016dfba5617dcdeb59eb7b Mon Sep 17 00:00:00 2001 +From: Cole Helbling <cole.e.helbling@outlook.com> +Date: Wed, 27 May 2020 08:02:57 -0700 +Subject: [PATCH] add NixOS-specific dirs to safe PATH + +--- + doas.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/doas.c b/doas.c +index e253905..2fdb20f 100644 +--- a/doas.c ++++ b/doas.c +@@ -234,6 +234,7 @@ int + main(int argc, char **argv) + { + const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:" ++ "/run/wrappers/bin:/run/current-system/sw/bin:/run/current-system/sw/sbin:" + "/usr/local/bin:/usr/local/sbin"; + const char *confpath = NULL; + char *shargv[] = { NULL, NULL }; +-- +2.26.2 + diff --git a/nixpkgs/pkgs/tools/security/doas/default.nix b/nixpkgs/pkgs/tools/security/doas/default.nix new file mode 100644 index 000000000000..b79dba7c325f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/doas/default.nix @@ -0,0 +1,49 @@ +{ lib +, stdenv +, fetchFromGitHub +, bison +, pam + +, withPAM ? true +, withTimestamp ? true +}: + +stdenv.mkDerivation rec { + pname = "doas"; + version = "6.8.2"; + + src = fetchFromGitHub { + owner = "Duncaen"; + repo = "OpenDoas"; + rev = "v${version}"; + sha256 = "9uOQ2Ta5HzEpbCz2vbqZEEksPuIjL8lvmfmynfqxMeM="; + }; + + # otherwise confuses ./configure + dontDisableStatic = true; + + configureFlags = [ + (lib.optionalString withTimestamp "--with-timestamp") # to allow the "persist" setting + (lib.optionalString (!withPAM) "--without-pam") + ]; + + patches = [ + # Allow doas to discover binaries in /run/current-system/sw/{s,}bin and + # /run/wrappers/bin + ./0001-add-NixOS-specific-dirs-to-safe-PATH.patch + ]; + + postPatch = '' + sed -i '/\(chown\|chmod\)/d' GNUmakefile + ''; + + buildInputs = [ bison pam ]; + + meta = with lib; { + description = "Executes the given command as another user"; + homepage = "https://github.com/Duncaen/OpenDoas"; + license = licenses.isc; + platforms = platforms.linux; + maintainers = with maintainers; [ cole-h cstrahan ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dontgo403/default.nix b/nixpkgs/pkgs/tools/security/dontgo403/default.nix new file mode 100644 index 000000000000..d1595d9de2b7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dontgo403/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "dontgo403"; + version = "0.3"; + + src = fetchFromGitHub { + owner = "devploit"; + repo = pname; + rev = version; + hash = "sha256-QHkmnhOLdyci3PAhf/JIiYlCta8DJ3cZb1S6Sim0qGQ="; + }; + + vendorSha256 = "sha256-jF+CSmLHMdlFpttYf3pK84wdfFAHSVPAK8S5zunUzB0="; + + meta = with lib; { + description = "Tool to bypass 40X response codes"; + homepage = "https://github.com/devploit/dontgo403"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/doona/default.nix b/nixpkgs/pkgs/tools/security/doona/default.nix new file mode 100644 index 000000000000..e0f459ad7453 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/doona/default.nix @@ -0,0 +1,36 @@ +{ fetchFromGitHub +, lib, stdenv +, perl +}: + +stdenv.mkDerivation rec { + pname = "doona"; + version = "unstable-2019-03-08"; + + src = fetchFromGitHub { + owner = "wireghoul"; + repo = pname; + rev = "master"; + sha256 = "0x9irwrw5x2ia6ch6gshadrlqrgdi1ivkadmr7j4m75k04a7nvz1"; + }; + + buildInputs = [ perl ]; + + installPhase = '' + mkdir -p $out/bin + cp -r ${src}/bedmod $out/bin/bedmod + cp ${src}/doona.pl $out/bin/doona + chmod +x $out/bin/doona + ''; + + meta = with lib; { + homepage = "https://github.com/wireghoul/doona"; + description = "A fork of the Bruteforce Exploit Detector Tool (BED)"; + longDescription = '' + A fork of the Bruteforce Exploit Detector Tool (BED). + BED is a program which is designed to check daemons for potential buffer overflows, format string bugs etc. + ''; + license = licenses.gpl2; + maintainers = with maintainers; [ pamplemousse ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/doppler/default.nix b/nixpkgs/pkgs/tools/security/doppler/default.nix new file mode 100644 index 000000000000..8b21ef160a2f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/doppler/default.nix @@ -0,0 +1,28 @@ +{ buildGoModule, fetchFromGitHub, lib }: + +buildGoModule rec { + pname = "doppler"; + version = "3.38.0"; + + src = fetchFromGitHub { + owner = "dopplerhq"; + repo = "cli"; + rev = version; + sha256 = "sha256-GKsq6AhkhacG+5XIELpe58bDe5l3BnLCwJHMkCzTzJU="; + }; + + vendorSha256 = "sha256-VPxHxNtDeP5CFDMTeMsZYED9ZGWMquJdeupeCVldY/E="; + + ldflags = [ "-X github.com/DopplerHQ/cli/pkg/version.ProgramVersion=v${version}" ]; + + postInstall = '' + mv $out/bin/cli $out/bin/doppler + ''; + + meta = with lib; { + homepage = "https://doppler.com"; + description = "The official CLI for interacting with your Doppler Enclave secrets and configuation"; + license = licenses.asl20; + maintainers = with maintainers; [ lucperkins ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dorkscout/default.nix b/nixpkgs/pkgs/tools/security/dorkscout/default.nix new file mode 100644 index 000000000000..27cc5a0d4e1b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dorkscout/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "dorkscout"; + version = "1.0"; + + src = fetchFromGitHub { + owner = "R4yGM"; + repo = pname; + rev = version; + sha256 = "0h2m458jxdm3xg0h2vb8yq1jc28jqwinv1pdqypdsbvsz48s0hxz"; + }; + + vendorSha256 = "05vn9hd5r8cy45b3ixjch17v38p08k8di8gclq0i9rkz9bvy1nph"; + + meta = with lib; { + description = "Tool to automate the work with Google dorks"; + homepage = "https://github.com/R4yGM/dorkscout"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/duo-unix/default.nix b/nixpkgs/pkgs/tools/security/duo-unix/default.nix new file mode 100644 index 000000000000..0ec07371df38 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/duo-unix/default.nix @@ -0,0 +1,28 @@ +{ lib, stdenv, fetchurl, pam, openssl, zlib }: + +stdenv.mkDerivation rec { + pname = "duo-unix"; + version = "1.11.5"; + + src = fetchurl { + url = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz"; + sha256 = "sha256-7pE4EnyV22qQ13RFKHv0ah/BQYHJE1jdTwXBeqpBFgs="; + }; + + buildInputs = [ pam openssl zlib ]; + configureFlags = + [ "--with-pam=$(out)/lib/security" + "--prefix=$(out)" + "--sysconfdir=$(out)/etc/duo" + "--with-openssl=${openssl.dev}" + "--enable-lib64=no" + ]; + + meta = { + description = "Duo Security Unix login integration"; + homepage = "https://duosecurity.com"; + license = lib.licenses.gpl2; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/earlybird/default.nix b/nixpkgs/pkgs/tools/security/earlybird/default.nix new file mode 100644 index 000000000000..30916acda720 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/earlybird/default.nix @@ -0,0 +1,26 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: +buildGoModule { + pname = "earlybird"; + version = "1.25.0"; + + src = fetchFromGitHub { + owner = "americanexpress"; + repo = "earlybird"; + # According to the GitHub repo, the latest version *is* 1.25.0, but they + # tagged it as "refs/heads/main-2" + rev = "4f365f1c02972dc0a68a196a262912d9c4325b21"; + sha256 = "UZXHYBwBmb9J1HrE/htPZcKvZ+7mc+oXnUtzgBmBgN4="; + }; + + vendorSha256 = "oSHBR1EvK/1+cXqGNCE9tWn6Kd/BwNY3m5XrKCAijhA="; + + meta = with lib; { + description = "A sensitive data detection tool capable of scanning source code repositories for passwords, key files, and more"; + homepage = "https://github.com/americanexpress/earlybird"; + license = licenses.asl20; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ecdsatool/default.nix b/nixpkgs/pkgs/tools/security/ecdsatool/default.nix new file mode 100644 index 000000000000..0498b758c1d3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ecdsatool/default.nix @@ -0,0 +1,28 @@ +{ lib, stdenv, pkgs }: + +stdenv.mkDerivation { + version = "0.0.1"; + pname = "ecdsatool"; + + src = pkgs.fetchFromGitHub { + owner = "kaniini"; + repo = "ecdsatool"; + rev = "7c0b2c51e2e64d1986ab1dc2c57c2d895cc00ed1"; + sha256 = "08z9309znkhrjpwqd4ygvm7cd1ha1qbrnlzw64fr8704jrmx762k"; + }; + + configurePhase = '' + ./autogen.sh + ./configure --prefix=$out + ''; + + nativeBuildInputs = with pkgs; [openssl autoconf automake]; + buildInputs = with pkgs; [libuecc]; + + meta = with lib; { + description = "Create and manipulate ECC NISTP256 keypairs"; + homepage = "https://github.com/kaniini/ecdsatool/"; + license = with licenses; [free]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ecdsautils/default.nix b/nixpkgs/pkgs/tools/security/ecdsautils/default.nix new file mode 100644 index 000000000000..6bdac96811a0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ecdsautils/default.nix @@ -0,0 +1,24 @@ +{ lib, stdenv, pkgs }: + +stdenv.mkDerivation { + version = "0.4.0"; + pname = "ecdsautils"; + + src = pkgs.fetchFromGitHub { + owner = "freifunk-gluon"; + repo = "ecdsautils"; + rev = "07538893fb6c2a9539678c45f9dbbf1e4f222b46"; + sha256 = "18sr8x3qiw8s9l5pfi7r9i3ayplz4jqdml75ga9y933vj7vs0k4d"; + }; + + nativeBuildInputs = with pkgs; [ cmake pkg-config doxygen ]; + buildInputs = with pkgs; [ libuecc ]; + + meta = with lib; { + description = "Tiny collection of programs used for ECDSA (keygen, sign, verify)"; + homepage = "https://github.com/tcatm/ecdsautils/"; + license = with licenses; [ mit bsd2 ]; + maintainers = with maintainers; [ ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/echidna/default.nix b/nixpkgs/pkgs/tools/security/echidna/default.nix new file mode 100644 index 000000000000..88deac03a8f7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/echidna/default.nix @@ -0,0 +1,54 @@ +{ lib +, fetchpatch +, fetchFromGitHub +# Haskell deps +, mkDerivation, aeson, ansi-terminal, base, base16-bytestring, binary, brick +, bytestring, cborg, containers, data-dword, data-has, deepseq, directory +, exceptions, filepath, hashable, hevm, hpack, lens, lens-aeson, megaparsec +, MonadRandom, mtl, optparse-applicative, process, random, stm, tasty +, tasty-hunit, tasty-quickcheck, temporary, text, transformers , unix, unliftio +, unliftio-core, unordered-containers, vector, vector-instances, vty +, wl-pprint-annotated, word8, yaml , extra, ListLike, semver +}: +mkDerivation rec { + pname = "echidna"; + version = "1.7.3"; + + src = fetchFromGitHub { + owner = "crytic"; + repo = "echidna"; + rev = "v${version}"; + sha256 = "sha256-NkAAXYa1bbCNUO0eDM7LQbyC3//RRFAKmEHGH2Dhl/M="; + }; + + isLibrary = true; + isExecutable = true; + libraryHaskellDepends = [ + aeson ansi-terminal base base16-bytestring binary brick bytestring cborg + containers data-dword data-has deepseq directory exceptions filepath + hashable hevm lens lens-aeson megaparsec MonadRandom mtl + optparse-applicative process random stm temporary text transformers unix + unliftio unliftio-core unordered-containers vector vector-instances vty + wl-pprint-annotated word8 yaml extra ListLike semver + ]; + libraryToolDepends = [ hpack ]; + executableHaskellDepends = libraryHaskellDepends; + testHaskellDepends = [ + tasty tasty-hunit tasty-quickcheck + ]; + preConfigure = '' + hpack + # re-enable dynamic build for Linux + sed -i -e 's/os(linux)/false/' echidna.cabal + ''; + shellHook = "hpack"; + doHaddock = false; + # tests depend on a specific version of solc + doCheck = false; + + description = "Ethereum smart contract fuzzer"; + homepage = "https://github.com/crytic/echidna"; + license = lib.licenses.agpl3Plus; + maintainers = with lib.maintainers; [ arturcygan ]; + platforms = lib.platforms.unix; +} diff --git a/nixpkgs/pkgs/tools/security/ecryptfs/default.nix b/nixpkgs/pkgs/tools/security/ecryptfs/default.nix new file mode 100644 index 000000000000..cd90342738ed --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ecryptfs/default.nix @@ -0,0 +1,67 @@ +{ lib, stdenv, fetchurl, pkg-config, perl, util-linux, keyutils, nss, nspr, python2, pam, enablePython ? false +, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }: + +stdenv.mkDerivation rec { + pname = "ecryptfs"; + version = "111"; + + src = fetchurl { + url = "https://launchpad.net/ecryptfs/trunk/${version}/+download/ecryptfs-utils_${version}.orig.tar.gz"; + sha256 = "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i"; + }; + + # TODO: replace wrapperDir below with from <nixos> config.security.wrapperDir; + wrapperDir = "/run/wrappers/bin"; + + postPatch = '' + FILES="$(grep -r '/bin/sh' src/utils -l; find src -name \*.c)" + for file in $FILES; do + substituteInPlace "$file" \ + --replace /bin/mount ${util-linux}/bin/mount \ + --replace /bin/umount ${util-linux}/bin/umount \ + --replace /sbin/mount.ecryptfs_private ${wrapperDir}/mount.ecryptfs_private \ + --replace /sbin/umount.ecryptfs_private ${wrapperDir}/umount.ecryptfs_private \ + --replace /sbin/mount.ecryptfs $out/sbin/mount.ecryptfs \ + --replace /sbin/umount.ecryptfs $out/sbin/umount.ecryptfs \ + --replace /usr/bin/ecryptfs-rewrite-file $out/bin/ecryptfs-rewrite-file \ + --replace /usr/bin/ecryptfs-mount-private $out/bin/ecryptfs-mount-private \ + --replace /usr/bin/ecryptfs-setup-private $out/bin/ecryptfs-setup-private \ + --replace /sbin/cryptsetup ${cryptsetup}/sbin/cryptsetup \ + --replace /sbin/dmsetup ${lvm2}/sbin/dmsetup \ + --replace /sbin/unix_chkpwd ${wrapperDir}/unix_chkpwd \ + --replace /bin/bash ${bash}/bin/bash + done + ''; + + configureFlags = lib.optionals (!enablePython) [ "--disable-pywrap" ]; + + nativeBuildInputs = [ pkg-config makeWrapper ] + # if python2 support is requested, it is needed at builtime as well as runtime. + ++ lib.optionals (enablePython) [ python2 ] + ; + buildInputs = [ perl nss nspr pam intltool ] + ++ lib.optionals (enablePython) [ python2 ] + ; + propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ]; + + postInstall = '' + FILES="$(grep -r '/bin/sh' $out/bin -l)" + for file in $FILES; do + wrapProgram $file \ + --prefix PATH ":" "${coreutils}/bin" \ + --prefix PATH ":" "${gettext}/bin" \ + --prefix PATH ":" "${rsync}/bin" \ + --prefix PATH ":" "${keyutils}/bin" \ + --prefix PATH ":" "${which}/bin" \ + --prefix PATH ":" "${lsof}/bin" \ + --prefix PATH ":" "$out/bin" + done + ''; + + meta = with lib; { + description = "Enterprise-class stacked cryptographic filesystem"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ obadz ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix b/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix new file mode 100644 index 000000000000..e0252dac820a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix @@ -0,0 +1,34 @@ +{ lib, stdenv +, fetchurl +, makeWrapper +, python2 +}: + +stdenv.mkDerivation { + pname = "ecryptfs-helper"; + version = "20160722"; + + src = fetchurl { + url = "https://gist.githubusercontent.com/obadz/ec053fdb00dcb48441d8313169874e30/raw/4b657a4b7c3dc684e4d5e3ffaf46ced1b7675163/ecryptfs-helper.py"; + sha256 = "0gp4m22zc80814ng80s38hp930aa8r4zqihr7jr23m0m2iq4pdpg"; + }; + + dontUnpack = true; + + nativeBuildInputs = [ makeWrapper ]; + + # Do not hardcode PATH to ${ecryptfs} as we need the script to invoke executables from /run/wrappers/bin + installPhase = '' + mkdir -p $out/bin $out/libexec + cp $src $out/libexec/ecryptfs-helper.py + makeWrapper "${python2.interpreter}" "$out/bin/ecryptfs-helper" --add-flags "$out/libexec/ecryptfs-helper.py" + ''; + + meta = with lib; { + description = "Helper script to create/mount/unemount encrypted directories using eCryptfs without needing root permissions"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ obadz ]; + platforms = platforms.linux; + hydraPlatforms = []; + }; +} diff --git a/nixpkgs/pkgs/tools/security/efitools/default.nix b/nixpkgs/pkgs/tools/security/efitools/default.nix new file mode 100644 index 000000000000..60bb3627cc99 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/efitools/default.nix @@ -0,0 +1,40 @@ +{ lib, stdenv, gnu-efi, openssl, sbsigntool, perl, perlPackages, +help2man, fetchgit }: +stdenv.mkDerivation rec { + pname = "efitools"; + version = "1.9.2"; + + buildInputs = [ + gnu-efi + openssl + sbsigntool + ]; + + nativeBuildInputs = [ + perl + perlPackages.FileSlurp + help2man + ]; + + src = fetchgit { + url = "git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git"; + rev = "v${version}"; + sha256 = "0jabgl2pxvfl780yvghq131ylpf82k7banjz0ksjhlm66ik8gb1i"; + }; + + postPatch = '' + sed -i -e 's#/usr/include/efi#${gnu-efi}/include/efi/#g' Make.rules + sed -i -e 's#/usr/lib64/gnuefi#${gnu-efi}/lib/#g' Make.rules + sed -i -e 's#$(DESTDIR)/usr#$(out)#g' Make.rules + substituteInPlace lib/console.c --replace "EFI_WARN_UNKOWN_GLYPH" "EFI_WARN_UNKNOWN_GLYPH" + patchShebangs . + ''; + + meta = with lib; { + description = "Tools for manipulating UEFI secure boot platforms"; + homepage = "https://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git"; + license = licenses.gpl2; + maintainers = [ maintainers.grahamc ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/eid-mw/default.nix b/nixpkgs/pkgs/tools/security/eid-mw/default.nix new file mode 100644 index 000000000000..925931e6a3e3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/eid-mw/default.nix @@ -0,0 +1,101 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, autoconf-archive +, pkg-config +, makeWrapper +, curl +, gtk3 +, libassuan +, libbsd +, libproxy +, libxml2 +, openssl +, p11-kit +, pcsclite +, nssTools +, substituteAll +}: + +stdenv.mkDerivation rec { + pname = "eid-mw"; + # NOTE: Don't just blindly update to the latest version/tag. Releases are always for a specific OS. + version = "5.0.28"; + + src = fetchFromGitHub { + owner = "Fedict"; + repo = "eid-mw"; + rev = "v${version}"; + sha256 = "rrrzw8i271ZZkwY3L6aRw2Nlz+GmDr/1ahYYlUBvtzo="; + }; + + nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config makeWrapper ]; + buildInputs = [ curl gtk3 libassuan libbsd libproxy libxml2 openssl p11-kit pcsclite ]; + preConfigure = '' + mkdir openssl + ln -s ${openssl.out}/lib openssl + ln -s ${openssl.bin}/bin openssl + ln -s ${openssl.dev}/include openssl + export SSL_PREFIX=$(realpath openssl) + substituteInPlace plugins_tools/eid-viewer/Makefile.in \ + --replace "c_rehash" "openssl rehash" + ''; + # pinentry uses hardcoded `/usr/bin/pinentry`, so use the built-in (uglier) dialogs for pinentry. + configureFlags = [ "--disable-pinentry" ]; + + postPatch = '' + sed 's@m4_esyscmd_s(.*,@[${version}],@' -i configure.ac + ''; + + postInstall = + let + eid-nssdb-in = substituteAll { + inherit (stdenv) shell; + isExecutable = true; + src = ./eid-nssdb.in; + }; + in + '' + install -D ${eid-nssdb-in} $out/bin/eid-nssdb + substituteInPlace $out/bin/eid-nssdb \ + --replace "modutil" "${nssTools}/bin/modutil" + + rm $out/bin/about-eid-mw + wrapProgram $out/bin/eid-viewer --prefix XDG_DATA_DIRS : "$out/share/gsettings-schemas/$name" + ''; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with lib; { + description = "Belgian electronic identity card (eID) middleware"; + homepage = "https://eid.belgium.be/en"; + license = licenses.lgpl3Only; + longDescription = '' + Allows user authentication and digital signatures with Belgian ID cards. + Also requires a running pcscd service and compatible card reader. + + eid-viewer is also installed. + + This package only installs the libraries. To use eIDs in Firefox or + Chromium, the eID Belgium add-on must be installed. + This package only installs the libraries. To use eIDs in NSS-compatible + browsers like Chrom{e,ium} or Firefox, each user must first execute: + ~$ eid-nssdb add + (Running the script once as root with the --system option enables eID + support for all users, but will *not* work when using Chrom{e,ium}!) + Before uninstalling this package, it is a very good idea to run + ~$ eid-nssdb [--system] remove + and remove all ~/.pki and/or /etc/pki directories no longer needed. + + The above procedure doesn't seem to work in Firefox. You can override the + firefox wrapper to add this derivation to the PKCS#11 modules, like so: + + firefox.override { pkcs11Modules = [ pkgs.eid-mw ]; } + ''; + platforms = platforms.linux; + maintainers = with maintainers; [ bfortz chvp ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in b/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in new file mode 100644 index 000000000000..636b4c1ee118 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in @@ -0,0 +1,83 @@ +#!@shell@ + +rootdb="/etc/pki/nssdb" +userdb="$HOME/.pki/nssdb" +dbentry="Belgium eID" +libfile="/run/current-system/sw/lib/libbeidpkcs11.so" + +dbdir="$userdb" + +while true; do + case "$1" in + --help|"") cat << EOF +(Un)register $dbentry with NSS-compatible browsers. + +Usage: `basename "$0"` [OPTION] ACTION [LIBRARY] + +Options: + --db PATH use custom NSS database directory PATH + --user use user NSS database $userdb (default) + --system use global NSS database $rootdb + --help show this message + +Actions: + add add $dbentry to NSS database + remove remove $dbentry from NSS database + show show $dbentry NSS database entry + +Default arguments if unspecified: + LIBRARY $libfile +EOF + exit ;; + --db) dbdir="$2" + shift 2 ;; + --user) dbdir="$userdb" + shift ;; + --system) + dbdir="$rootdb" + shift ;; + -*) echo "$0: unknown option: '$1'" >&2 + echo "Try --help for usage information." + exit 1 ;; + *) break ;; + esac +done + +if [ "$2" ]; then + libfile="$2" + if ! [ -f "$libfile" ]; then + echo "$0: error: '$libfile' not found" >&2 + exit 1 + fi +fi + +mkdir -p "$dbdir" +if ! [ -d "$dbdir" ]; then + echo "$0: error: '$dbdir' must be a writable directory" >&2 + exit 1 +fi + +dbdir="sql:$dbdir" + +echo "NSS database: $dbdir" +echo "BEID library: $libfile" + +case "$1" in +add) echo "Adding $dbentry to database:" + modutil -dbdir "$dbdir" -add "$dbentry" -libfile "$libfile" || + echo "Tip: try removing the module before adding it again." ;; +remove) echo "Removing $dbentry from database:" + modutil -dbdir "$dbdir" -delete "$dbentry" ;; +show) echo "Displaying $dbentry database entry, if any:" + echo "Note: this may fail if you don't have the correct permissions." ;; +'') exec "$0" --help ;; +*) echo "$0: unknown action: '$1'" >&2 + echo "Try --help for usage information." + exit 1 ;; +esac + +ret=$? + +modutil -dbdir "$dbdir" -list "$dbentry" 2>/dev/null + +exit $ret diff --git a/nixpkgs/pkgs/tools/security/enchive/default.nix b/nixpkgs/pkgs/tools/security/enchive/default.nix new file mode 100644 index 000000000000..960ef251b1cd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/enchive/default.nix @@ -0,0 +1,27 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "enchive"; + version = "3.5"; + src = fetchFromGitHub { + owner = "skeeto"; + repo = "enchive"; + rev = version; + sha256 = "0fdrfc5l42lj2bvmv9dmkmhmm7qiszwk7cmdvnqad3fs7652g0qa"; + }; + + makeFlags = ["PREFIX=$(out)"]; + + postInstall = '' + mkdir -p $out/share/emacs/site-lisp/ + cp -v "$src/enchive-mode.el" "$out/share/emacs/site-lisp/" + ''; + + meta = { + description = "Encrypted personal archives"; + homepage = "https://github.com/skeeto/enchive"; + license = lib.licenses.unlicense; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.nico202 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/enpass/data.json b/nixpkgs/pkgs/tools/security/enpass/data.json new file mode 100644 index 000000000000..20d252bce580 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/enpass/data.json @@ -0,0 +1,12 @@ +{ + "amd64": { + "path": "pool/main/e/enpass/enpass_6.6.1.809_amd64.deb", + "sha256": "b1b9bd67653c3163bd80b340150ecf123552cbe4af23c350fbadea8ffd7939ba", + "version": "6.6.1.809" + }, + "i386": { + "path": "pool/main/e/enpass/enpass_5.6.9_i386.deb", + "sha256": "3f699ac3e2ecfd4afee1505d8d364d4f6b6b94c55ba989d0a80bd678ff66cb2c", + "version": "5.6.9" + } +} diff --git a/nixpkgs/pkgs/tools/security/enpass/default.nix b/nixpkgs/pkgs/tools/security/enpass/default.nix new file mode 100644 index 000000000000..00c161eeb730 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/enpass/default.nix @@ -0,0 +1,99 @@ +{ stdenv, fetchurl, dpkg, xorg +, glib, libGLU, libGL, libpulseaudio, zlib, dbus, fontconfig, freetype +, gtk3, pango +, makeWrapper , python3Packages, lib +, lsof, curl, libuuid, cups, mesa, xz, libxkbcommon +}: + +let + all_data = lib.importJSON ./data.json; + system_map = { + # i686-linux = "i386"; Uncomment if enpass 6 becomes available on i386 + x86_64-linux = "amd64"; + }; + + data = all_data.${system_map.${stdenv.hostPlatform.system} or (throw "Unsupported platform")}; + + baseUrl = "http://repo.sinew.in"; + + # used of both wrappers and libpath + libPath = lib.makeLibraryPath (with xorg; [ + mesa.drivers + libGLU libGL + fontconfig + freetype + libpulseaudio + zlib + dbus + libX11 + libXi + libSM + libICE + libXrender + libXScrnSaver + libxcb + glib + gtk3 + pango + curl + libuuid + cups + xz + libxkbcommon + ]); + package = stdenv.mkDerivation { + + inherit (data) version; + pname = "enpass"; + + src = fetchurl { + inherit (data) sha256; + url = "${baseUrl}/${data.path}"; + }; + + meta = with lib; { + description = "A well known password manager"; + homepage = "https://www.enpass.io/"; + license = licenses.unfree; + platforms = [ "x86_64-linux" "i686-linux"]; + maintainers = with maintainers; [ ewok ]; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [dpkg]; + + unpackPhase = "dpkg -X $src ."; + installPhase='' + mkdir -p $out/bin + cp -r opt/enpass/* $out/bin + cp -r usr/* $out + + sed \ + -i s@/opt/enpass/Enpass@$out/bin/Enpass@ \ + $out/share/applications/enpass.desktop + + for i in $out/bin/{Enpass,importer_enpass}; do + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) $i + done + + # lsof must be in PATH for proper operation + wrapProgram $out/bin/Enpass \ + --set LD_LIBRARY_PATH "${libPath}" \ + --prefix PATH : ${lsof}/bin \ + --unset QML2_IMPORT_PATH \ + --unset QT_PLUGIN_PATH + ''; + }; + updater = { + update = stdenv.mkDerivation { + name = "enpass-update-script"; + SCRIPT =./update_script.py; + + buildInputs = with python3Packages; [python requests pathlib2 six attrs ]; + shellHook = '' + exec python $SCRIPT --target pkgs/tools/security/enpass/data.json --repo ${baseUrl} + ''; + + }; + }; +in (package // {refresh = updater;}) diff --git a/nixpkgs/pkgs/tools/security/enpass/update_script.py b/nixpkgs/pkgs/tools/security/enpass/update_script.py new file mode 100644 index 000000000000..f8ec715cb5e4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/enpass/update_script.py @@ -0,0 +1,95 @@ +from __future__ import print_function + + +import argparse +import bz2 +import email +import json +import logging + +from itertools import product +from operator import itemgetter + +import attr +import pkg_resources + +from pathlib2 import Path +from requests import Session +from six.moves.urllib_parse import urljoin + + +@attr.s +class ReleaseElement(object): + sha256 = attr.ib(repr=False) + size = attr.ib(convert=int) + path = attr.ib() + +log = logging.getLogger('enpass.updater') + + +parser = argparse.ArgumentParser() +parser.add_argument('--repo') +parser.add_argument('--target', type=Path) + + +session = Session() + + +def parse_bz2_msg(msg): + msg = bz2.decompress(msg) + if '\n\n' in msg: + parts = msg.split('\n\n') + return list(map(email.message_from_string, parts)) + return email.message_from_string(msg) + + +def fetch_meta(repo, name, parse=email.message_from_string, split=False): + url = urljoin(repo, 'dists/stable', name) + response = session.get("{repo}/dists/stable/{name}".format(**locals())) + return parse(response.content) + + +def fetch_filehashes(repo, path): + meta = fetch_meta(repo, path, parse=parse_bz2_msg) + for item in meta: + yield { + 'version': pkg_resources.parse_version(str(item['Version'])), + 'path': item['Filename'], + 'sha256': item['sha256'], + } + + +def fetch_archs(repo): + m = fetch_meta(repo, 'Release') + + architectures = m['Architectures'].split() + elements = [ReleaseElement(*x.split()) for x in m['SHA256'].splitlines()] + elements = [x for x in elements if x.path.endswith('bz2')] + + for arch, elem in product(architectures, elements): + if arch in elem.path: + yield arch, max(fetch_filehashes(repo, elem.path), + key=itemgetter('version')) + + +class OurVersionEncoder(json.JSONEncoder): + def default(self, obj): + # the other way around to avoid issues with + # newer setuptools having strict/legacy versions + if not isinstance(obj, (dict, str)): + return str(obj) + return json.JSONEncoder.default(self, obj) + + +def main(repo, target): + logging.basicConfig(level=logging.DEBUG) + with target.open(mode='wb') as fp: + json.dump( + dict(fetch_archs(repo)), fp, + cls=OurVersionEncoder, + indent=2, + sort_keys=True) + + +opts = parser.parse_args() +main(opts.repo, opts.target) diff --git a/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix b/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix new file mode 100644 index 000000000000..a84de966b6f4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix @@ -0,0 +1,41 @@ +{ lib +, buildPythonApplication +, fetchFromGitHub +, impacket +, ldap3 +, pyyaml +, samba +}: + +buildPythonApplication rec { + pname = "enum4linux-ng"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "cddmp"; + repo = pname; + rev = "v${version}"; + sha256 = "0fk6hzmvxb5y3nb41qr6dssxhdahkh5nxhbx480x42fhnqpssir5"; + }; + + propagatedBuildInputs = [ + impacket + ldap3 + pyyaml + samba + ]; + + # It's only a script and not a Python module. Project has no tests + doCheck = false; + + meta = with lib; { + description = "Windows/Samba enumeration tool"; + longDescription = '' + enum4linux-ng.py is a rewrite of Mark Lowe's enum4linux.pl, a tool for + enumerating information from Windows and Samba systems. + ''; + homepage = "https://github.com/cddmp/enum4linux-ng"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/enum4linux/default.nix b/nixpkgs/pkgs/tools/security/enum4linux/default.nix new file mode 100644 index 000000000000..b6da742dc6fa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/enum4linux/default.nix @@ -0,0 +1,49 @@ +{ lib +, stdenv +, fetchFromGitHub +, makeWrapper +, samba +, perl +, openldap +}: + +stdenv.mkDerivation rec { + pname = "enum4linux"; + version = "0.9.1"; + + src = fetchFromGitHub { + owner = "CiscoCXSecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-/R0P4Ft9Y0LZwKwhDGAe36UKviih6CNbJbj1lcNKEkM="; + }; + + dontBuild = true; + + nativeBuildInputs = [ + makeWrapper + ]; + + buildInputs = [ + openldap + perl + samba + ]; + + installPhase = '' + mkdir -p $out/bin + cp enum4linux.pl $out/bin/enum4linux + + wrapProgram $out/bin/enum4linux \ + --prefix PATH : ${lib.makeBinPath [ samba openldap ]} + ''; + + meta = with lib; { + description = "A tool for enumerating information from Windows and Samba systems"; + homepage = "https://labs.portcullis.co.uk/tools/enum4linux/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ fishi0x01 ]; + platforms = platforms.unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/eschalot/default.nix b/nixpkgs/pkgs/tools/security/eschalot/default.nix new file mode 100644 index 000000000000..0c984c5d35e5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/eschalot/default.nix @@ -0,0 +1,27 @@ +{ lib, stdenv, fetchFromGitHub, openssl }: + +stdenv.mkDerivation rec { + pname = "eschalot"; + version = "1.2.0.20191006"; + + src = fetchFromGitHub { + owner = "ReclaimYourPrivacy"; + repo = pname; + rev = "a45bad5b9a3e4939340ddd8a751ceffa3c0db76a"; + sha256 = "1wbi0azc2b57nmmx6c1wmvng70d9ph1s83yhnl5lxaaqaj85h22g"; + }; + + buildInputs = [ openssl ]; + + installPhase = '' + install -D -t $out/bin eschalot worgen + ''; + + meta = with lib; { + description = "Tor hidden service name generator"; + homepage = src.meta.homepage; + license = licenses.isc; + platforms = platforms.unix; + maintainers = with maintainers; [ dotlambda ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/expliot/default.nix b/nixpkgs/pkgs/tools/security/expliot/default.nix new file mode 100644 index 000000000000..848ee536380f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/expliot/default.nix @@ -0,0 +1,78 @@ +{ lib +, fetchFromGitLab +, python3 +}: +let + py = python3.override { + packageOverrides = self: super: { + + cmd2 = super.cmd2.overridePythonAttrs (oldAttrs: rec { + version = "1.5.0"; + src = oldAttrs.src.override { + inherit version; + sha256 = "0qiax309my534drk81lihq9ghngr96qnm40kbmgc9ay4fncqq6kh"; + }; + }); + }; + }; +in +with py.pkgs; + +buildPythonApplication rec { + pname = "expliot"; + version = "0.9.8"; + + src = fetchFromGitLab { + owner = "expliot_framework"; + repo = pname; + rev = version; + sha256 = "sha256-7Cuj3YKKwDxP2KKueJR9ZO5Bduv+lw0Y87Rw4b0jbGY="; + }; + + propagatedBuildInputs = [ + aiocoap + awsiotpythonsdk + bluepy + can + cmd2 + cryptography + paho-mqtt + pyi2cflash + pymodbus + pynetdicom + pyparsing + pyserial + pyspiflash + upnpy + xmltodict + zeroconf + ]; + + postPatch = '' + # https://gitlab.com/expliot_framework/expliot/-/merge_requests/113 + substituteInPlace setup.py \ + --replace "pynetdicom>=1.5.1,<2" "pynetdicom>=2,<3" + ''; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "expliot" + ]; + + meta = with lib; { + description = "IoT security testing and exploitation framework"; + longDescription = '' + EXPLIoT is a Framework for security testing and exploiting IoT + products and IoT infrastructure. It provides a set of plugins + (test cases) which are used to perform the assessment and can + be extended easily with new ones. The name EXPLIoT (pronounced + expl-aa-yo-tee) is a pun on the word exploit and explains the + purpose of the framework i.e. IoT exploitation. + ''; + homepage = "https://expliot.readthedocs.io/"; + license = with licenses; [ agpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/exploitdb/default.nix b/nixpkgs/pkgs/tools/security/exploitdb/default.nix new file mode 100644 index 000000000000..fc92019292d4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/exploitdb/default.nix @@ -0,0 +1,31 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper }: + +stdenv.mkDerivation rec { + pname = "exploitdb"; + version = "2022-02-19"; + + src = fetchFromGitHub { + owner = "offensive-security"; + repo = pname; + rev = version; + sha256 = "sha256-cHAvExbZqqLGPRsa578Po1G3uX2EIcx/visOB0RgNQc="; + }; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + runHook preInstall + mkdir -p $out/bin $out/share + cp --recursive . $out/share/exploitdb + makeWrapper $out/share/exploitdb/searchsploit $out/bin/searchsploit + runHook postInstall + ''; + + meta = with lib; { + homepage = "https://github.com/offensive-security/exploitdb"; + description = "Archive of public exploits and corresponding vulnerable software"; + license = with licenses; [ gpl2Plus gpl3Plus mit ]; + maintainers = with maintainers; [ applePrincess ]; + mainProgram = "searchsploit"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/extrude/default.nix b/nixpkgs/pkgs/tools/security/extrude/default.nix new file mode 100644 index 000000000000..e8d2b0784117 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/extrude/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "extrude"; + version = "0.0.12"; + + src = fetchFromGitHub { + owner = "liamg"; + repo = pname; + rev = "v${version}"; + hash = "sha256-7gCEBhnNU5CqC5n0KP4Dd/fmddPRwNqyMFXTrRrJjfU="; + }; + + vendorSha256 = "sha256-8qjIYPkWtYTvl7wAnefpZAjbNSQLQFqRnGGccYZ8ZmU="; + + meta = with lib; { + description = "Tool to analyse binaries for missing security features"; + homepage = "https://github.com/liamg/extrude"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fail2ban/default.nix b/nixpkgs/pkgs/tools/security/fail2ban/default.nix new file mode 100644 index 000000000000..6c3fb0727091 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fail2ban/default.nix @@ -0,0 +1,79 @@ +{ lib, stdenv, fetchFromGitHub +, python3 +, fetchpatch +}: + +python3.pkgs.buildPythonApplication rec { + pname = "fail2ban"; + version = "0.11.2"; + + src = fetchFromGitHub { + owner = "fail2ban"; + repo = "fail2ban"; + rev = version; + sha256 = "q4U9iWCa1zg8sA+6pPNejt6v/41WGIKN5wITJCrCqQE="; + }; + + pythonPath = with python3.pkgs; + lib.optionals stdenv.isLinux [ + systemd + ]; + + patches = [ + # remove references to use_2to3, for setuptools>=58 + # has been merged into master, remove next release + (fetchpatch { + url = "https://github.com/fail2ban/fail2ban/commit/5ac303df8a171f748330d4c645ccbf1c2c7f3497.patch"; + sha256 = "sha256-aozQJHwPcJTe/D/PLQzBk1YH3OAP6Qm7wO7cai5CVYI="; + }) + ]; + + preConfigure = '' + # workaround for setuptools 58+ + # https://github.com/fail2ban/fail2ban/issues/3098 + patchShebangs fail2ban-2to3 + ./fail2ban-2to3 + + for i in config/action.d/sendmail*.conf; do + substituteInPlace $i \ + --replace /usr/sbin/sendmail sendmail \ + --replace /usr/bin/whois whois + done + + substituteInPlace config/filter.d/dovecot.conf \ + --replace dovecot.service dovecot2.service + ''; + + doCheck = false; + + preInstall = '' + substituteInPlace setup.py --replace /usr/share/doc/ share/doc/ + + # see https://github.com/NixOS/nixpkgs/issues/4968 + ${python3.interpreter} setup.py install_data --install-dir=$out --root=$out + ''; + + postPatch = '' + ${stdenv.shell} ./fail2ban-2to3 + ''; + + postInstall = + let + sitePackages = "$out/${python3.sitePackages}"; + in + '' + # see https://github.com/NixOS/nixpkgs/issues/4968 + rm -r "${sitePackages}/etc" + '' + lib.optionalString stdenv.isLinux '' + # see https://github.com/NixOS/nixpkgs/issues/4968 + rm -r "${sitePackages}/usr" + ''; + + meta = with lib; { + homepage = "https://www.fail2ban.org/"; + description = "A program that scans log files for repeated failing login attempts and bans IP addresses"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ eelco lovek323 fpletz ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix b/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix new file mode 100644 index 000000000000..aecdbf8dd250 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix @@ -0,0 +1,69 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "faraday-agent-dispatcher"; + version = "2.1.3"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "infobyte"; + repo = "faraday_agent_dispatcher"; + rev = version; + hash = "sha256-lqCW1/wRXfN7C9c6TPvninueOgrhzNdjRJ9fuueMyH0="; + }; + + nativeBuildInputs = with python3.pkgs; [ + setuptools-scm + ]; + + propagatedBuildInputs = with python3.pkgs; [ + aiohttp + click + faraday-agent-parameters-types + faraday-plugins + itsdangerous + python-gvm + python-owasp-zap-v2-4 + pyyaml + requests + syslog-rfc5424-formatter + websockets + ]; + + checkInputs = with python3.pkgs; [ + pytest-asyncio + pytestCheckHook + ]; + + postPatch = '' + substituteInPlace setup.py \ + --replace '"pytest-runner",' "" + ''; + + preCheck = '' + export HOME=$(mktemp -d); + ''; + + disabledTests = [ + "test_execute_agent" + ]; + + disabledTestPaths = [ + # Tests require a running Docker instance + "tests/plugins-docker/test_executors.py" + ]; + + pythonImportsCheck = [ + "faraday_agent_dispatcher" + ]; + + meta = with lib; { + description = "Tool to send result from tools to the Faraday Platform"; + homepage = "https://github.com/infobyte/faraday_agent_dispatcher"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/faraday-cli/default.nix b/nixpkgs/pkgs/tools/security/faraday-cli/default.nix new file mode 100644 index 000000000000..276252777528 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/faraday-cli/default.nix @@ -0,0 +1,47 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "faraday-cli"; + version = "2.0.2"; + + src = fetchFromGitHub { + owner = "infobyte"; + repo = pname; + rev = "v${version}"; + hash = "sha256-J3YlFsX/maOqWo4ILEMXzIJeQ8vr47ApGGiaBWrUCMs="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + arrow + click + cmd2 + colorama + faraday-plugins + jsonschema + log-symbols + packaging + pyyaml + simple-rest-client + spinners + tabulate + termcolor + validators + ]; + + # Tests requires credentials + doCheck = false; + + pythonImportsCheck = [ + "faraday_cli" + ]; + + meta = with lib; { + description = "Command Line Interface for Faraday"; + homepage = "https://github.com/infobyte/faraday-cli"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fcrackzip/default.nix b/nixpkgs/pkgs/tools/security/fcrackzip/default.nix new file mode 100644 index 000000000000..31d0b44fb710 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fcrackzip/default.nix @@ -0,0 +1,26 @@ +{lib, stdenv, fetchurl}: + +stdenv.mkDerivation rec { + pname = "fcrackzip"; + version = "1.0"; + src = fetchurl { + url = "http://oldhome.schmorp.de/marc/data/${pname}-${version}.tar.gz"; + sha256 = "0l1qsk949vnz18k4vjf3ppq8p497966x4c7f2yx18x8pk35whn2a"; + }; + + # 'fcrackzip --use-unzip' cannot deal with file names containing a single quote + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430387 + patches = [ ./fcrackzip_forkexec.patch ]; + + # Do not clash with unizp/zipinfo + postInstall = "mv $out/bin/zipinfo $out/bin/fcrackzip-zipinfo"; + + meta = with lib; { + description = "zip password cracker, similar to fzc, zipcrack and others"; + homepage = "http://oldhome.schmorp.de/marc/fcrackzip.html"; + license = licenses.gpl2; + maintainers = with maintainers; [ nico202 ]; + platforms = with platforms; unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch b/nixpkgs/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch new file mode 100644 index 000000000000..8e508ec1f596 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch @@ -0,0 +1,105 @@ +--- origin/main.c 2016-12-12 12:53:38.344285376 +0100 ++++ main.c 2016-12-12 13:01:41.134548824 +0100 +@@ -26,11 +26,13 @@ + #include <string.h> + + #ifdef USE_UNIX_REDIRECTION +-#define DEVNULL ">/dev/null 2>&1" ++#define DEVNULL "/dev/null" + #else +-#define DEVNULL ">NUL 2>&1" ++#define DEVNULL "NUL" + #endif + ++#include <errno.h> ++ + #include "crack.h" + + int use_unzip; +@@ -47,21 +49,77 @@ + int REGPARAM + check_unzip (const char *pw) + { +- char buff[1024]; +- int status; ++pid_t cpid; ++cpid = fork (); ++if (cpid == -1) ++ { ++ perror ("fork"); ++ exit (EXIT_FAILURE); ++ } ++ ++if (cpid == 0) ++ { ++ // Redirect STDERR/STDOUT to /dev/null ++ int oldfd_stderr, oldfd_stdout; ++ oldfd_stdout = dup (fileno (stdout)); ++ if (oldfd_stdout == -1) ++ { ++ perror ("dup for stdout"); ++ _exit (127); ++ } ++ oldfd_stderr = dup (fileno (stderr)); ++ if (oldfd_stderr == -1) ++ { ++ perror ("dup for stderr"); ++ _exit (127); ++ } ++ if (freopen (DEVNULL, "w", stdout) == NULL) ++ { ++ perror ("freopen " DEVNULL " for stdout"); ++ _exit (127); ++ } ++ if (freopen (DEVNULL, "w", stderr) == NULL) ++ { ++ perror ("freopen " DEVNULL " for stderr"); ++ _exit (127); ++ } ++ execlp ("unzip", "unzip", "-qqtP", pw, file_path[0], NULL); ++ ++ // When execlp failed. ++ // Restores the stderr/stdout redirection to print an error. ++ int errno_saved = errno; ++ dup2 (oldfd_stderr, fileno (stderr)); ++ dup2 (oldfd_stdout, fileno (stdout)); ++ close (oldfd_stderr); ++ close (oldfd_stdout); ++ errno = errno_saved; ++ perror ("execlp for unzip"); ++ _exit (127); // Returns 127 on error as system(3) does ++ } + +- sprintf (buff, "unzip -qqtP \"%s\" %s " DEVNULL, pw, file_path[0]); +- status = system (buff); +- +-#undef REDIR ++ int status; + +- if (status == EXIT_SUCCESS) ++ if (waitpid (cpid, &status, 0) == -1) + { +- printf("\n\nPASSWORD FOUND!!!!: pw == %s\n", pw); ++ perror ("waitpid"); ++ exit (EXIT_FAILURE); ++ } ++ ++ // The child process does not terminated normally, OR returns the exit status 127. ++ if (!WIFEXITED (status) ++ || (WIFEXITED (status) && (WEXITSTATUS (status) == 127))) ++ { ++ fprintf (stderr, "Executing unzip failed.\n"); ++ exit (EXIT_FAILURE); ++ } ++// unzip exited normally with the exit status 0 then... ++ if (WIFEXITED (status) && (WEXITSTATUS (status) == EXIT_SUCCESS)) ++ { ++ printf ("\n\nPASSWORD FOUND!!!!: pw == %s\n", pw); + exit (EXIT_SUCCESS); + } + +- return !status; ++ return 0; + } + + /* misc. callbacks. */ diff --git a/nixpkgs/pkgs/tools/security/ffuf/default.nix b/nixpkgs/pkgs/tools/security/ffuf/default.nix new file mode 100644 index 000000000000..076fd78d7136 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ffuf/default.nix @@ -0,0 +1,30 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "ffuf"; + version = "1.3.1"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-NkRf36wFmzqFv13P0DxpzEOGyBGbSXMLjWE7URzRXGY="; + }; + + vendorSha256 = "sha256-szT08rIozAuliOmge5RFX4NeVrJ2pCVyfotrHuvc0UU="; + + meta = with lib; { + description = "Fast web fuzzer written in Go"; + longDescription = '' + FFUF, or “Fuzz Faster you Fool” is an open source web fuzzing tool, + intended for discovering elements and content within web applications + or web servers. + ''; + homepage = "https://github.com/ffuf/ffuf"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fido2luks/default.nix b/nixpkgs/pkgs/tools/security/fido2luks/default.nix new file mode 100644 index 000000000000..1229620c21ca --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fido2luks/default.nix @@ -0,0 +1,37 @@ +{ lib +, rustPlatform +, fetchFromGitHub +, cryptsetup +, pkg-config +, clang +, llvmPackages +}: + +rustPlatform.buildRustPackage rec { + pname = "fido2luks"; + version = "0.2.19"; + + src = fetchFromGitHub { + owner = "shimunn"; + repo = pname; + rev = version; + sha256 = "sha256-o21KdsAE9KznobdMMKfVmVnENsLW3cMZjssnrsoN+KY="; + }; + + buildInputs = [ cryptsetup ]; + nativeBuildInputs = [ pkg-config clang ]; + + configurePhase = '' + export LIBCLANG_PATH="${llvmPackages.libclang.lib}/lib" + ''; + + cargoSha256 = "sha256-8JFe3mivf2Ewu1nLMugeeK+9ZXAGPHaqCyKfWfwLOc8="; + + meta = with lib; { + description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator"; + homepage = "https://github.com/shimunn/fido2luks"; + license = licenses.gpl3; + maintainers = with maintainers; [ prusnak mmahut ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fierce/default.nix b/nixpkgs/pkgs/tools/security/fierce/default.nix new file mode 100644 index 000000000000..9b8d8735b079 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fierce/default.nix @@ -0,0 +1,40 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "fierce"; + version = "1.5.0"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "mschwager"; + repo = pname; + rev = version; + sha256 = "sha256-9VTPD5i203BTl2nADjq131W9elgnaHNIWGIUuCiYlHg="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + dnspython + ]; + + postPatch = '' + substituteInPlace requirements.txt \ + --replace 'dnspython==1.16.0' 'dnspython' + ''; + + # tests require network access + doCheck = false; + + pythonImportsCheck = [ + "fierce" + ]; + + meta = with lib; { + description = "DNS reconnaissance tool for locating non-contiguous IP space"; + homepage = "https://github.com/mschwager/fierce"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ c0bw3b ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/firefox_decrypt/default.nix b/nixpkgs/pkgs/tools/security/firefox_decrypt/default.nix new file mode 100644 index 000000000000..3ca0774e22ea --- /dev/null +++ b/nixpkgs/pkgs/tools/security/firefox_decrypt/default.nix @@ -0,0 +1,45 @@ +{ lib +, fetchFromGitHub +, stdenvNoCC +, nss +, wrapPython +}: + +stdenvNoCC.mkDerivation rec { + pname = "firefox_decrypt"; + version = "unstable-2021-12-29"; + + src = fetchFromGitHub { + owner = "unode"; + repo = pname; + rev = "a3daadc09603a6cf8c4b7e49a59776340bc885e7"; + sha256 = "0g219zqbdnhh9j09d9a0b81vr6j44zzk13ckl5fzkr10gqndiscc"; + }; + + nativeBuildInputs = [ wrapPython ]; + + buildInputs = [ nss ]; + + installPhase = '' + runHook preInstall + + install -Dm 0755 firefox_decrypt.py "$out/bin/firefox_decrypt" + + runHook postInstall + ''; + + makeWrapperArgs = [ "--prefix" "LD_LIBRARY_PATH" ":" (lib.makeLibraryPath [ nss ]) ]; + + postFixup = '' + wrapPythonPrograms + ''; + + passthru.updateScript = ./update.sh; + + meta = with lib; { + homepage = "https://github.com/unode/firefox_decrypt"; + description = "A tool to extract passwords from profiles of Mozilla Firefox and derivates"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ schnusch ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/firefox_decrypt/update.sh b/nixpkgs/pkgs/tools/security/firefox_decrypt/update.sh new file mode 100755 index 000000000000..a56807f0ba0c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/firefox_decrypt/update.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p common-updater-scripts git jq nix nix-prefetch-git +git_url='https://github.com/unode/firefox_decrypt.git' +git_branch='master' +git_dir='/var/tmp/firefox_decrypt.git' +nix_file="$(dirname "${BASH_SOURCE[0]}")/default.nix" +pkg='firefox_decrypt' + +set -euo pipefail + +info() { + if [ -t 2 ]; then + set -- '\033[32m%s\033[39m\n' "$@" + else + set -- '%s\n' "$@" + fi + printf "$@" >&2 +} + +old_rev=$(nix-instantiate --eval --strict --json -A "$pkg.src.rev" | jq -r) +old_version=$(nix-instantiate --eval --strict --json -A "$pkg.version" | jq -r) +today=$(LANG=C date -u +'%Y-%m-%d') + +info "fetching $git_url..." +if [ ! -d "$git_dir" ]; then + git init --initial-branch="$git_branch" "$git_dir" + git -C "$git_dir" remote add origin "$git_url" +fi +git -C "$git_dir" fetch origin "$git_branch" + +# use latest commit before today, we should not call the version *today* +# because there might still be commits coming +# use the day of the latest commit we picked as version +new_rev=$(git -C "$git_dir" log -n 1 --format='format:%H' --before="${today}T00:00:00Z" "origin/$git_branch") +new_version="unstable-$(git -C "$git_dir" log -n 1 --format='format:%cs' "$new_rev")" +info "latest commit before $today: $new_rev" + +if [ "$new_rev" = "$old_rev" ]; then + info "$pkg is up-to-date." + exit +fi + +new_sha256=$(nix-prefetch-git --rev "$new_rev" "$git_dir" | jq -r .sha256) +update-source-version "$pkg" \ + "$new_version" \ + "$new_sha256" \ + --rev="$new_rev" +git add "$nix_file" +git commit --verbose --message "$pkg: $old_version -> $new_version" diff --git a/nixpkgs/pkgs/tools/security/flare-floss/default.nix b/nixpkgs/pkgs/tools/security/flare-floss/default.nix new file mode 100644 index 000000000000..fbf065dc3b15 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/flare-floss/default.nix @@ -0,0 +1,46 @@ +{ lib +, python3 +, fetchFromGitHub +}: + +python3.pkgs.buildPythonPackage rec { + pname = "flare-floss"; + version = "1.7.0"; + + src = fetchFromGitHub { + owner = "fireeye"; + repo = "flare-floss"; + rev = "v${version}"; + sha256 = "GMOA1+qM2A/Qw33kOTIINEvjsfqjWQWBXHNemh3IK8w="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + pyyaml + simplejson + tabulate + vivisect + plugnplay + viv-utils + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + ]; + + disabledTests = [ + # test data is in a submodule + "test_main" + ]; + + pythonImportsCheck = [ + "floss" + "floss.plugins" + ]; + + meta = with lib; { + description = "Automatically extract obfuscated strings from malware"; + homepage = "https://github.com/fireeye/flare-floss"; + license = licenses.asl20; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fpm2/default.nix b/nixpkgs/pkgs/tools/security/fpm2/default.nix new file mode 100644 index 000000000000..0ca45957d695 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fpm2/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchurl, pkg-config, gnupg, gtk2 +, libxml2, intltool +}: + +with lib; + +stdenv.mkDerivation rec { + pname = "fpm2"; + version = "0.79"; + + src = fetchurl { + url = "https://als.regnet.cz/fpm2/download/fpm2-${version}.tar.bz2"; + sha256 = "d55e9ce6be38a44fc1053d82db2d117cf3991a51898bd86d7913bae769f04da7"; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ gnupg gtk2 libxml2 intltool ]; + + meta = { + description = "GTK2 port from Figaro's Password Manager originally developed by John Conneely, with some new enhancements"; + homepage = "https://als.regnet.cz/fpm2/"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ hce ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fprintd/default.nix b/nixpkgs/pkgs/tools/security/fprintd/default.nix new file mode 100644 index 000000000000..b0339846a67d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fprintd/default.nix @@ -0,0 +1,110 @@ +{ lib, stdenv +, fetchFromGitLab +, pkg-config +, gobject-introspection +, meson +, ninja +, perl +, gettext +, cairo +, gtk-doc +, libxslt +, docbook-xsl-nons +, docbook_xml_dtd_412 +, fetchurl +, glib +, gusb +, dbus +, polkit +, nss +, pam +, systemd +, libfprint +, python3 +}: + +stdenv.mkDerivation rec { + pname = "fprintd"; + version = "1.94.1"; + outputs = [ "out" "devdoc" ]; + + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "libfprint"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-XHfHPffVp0jV3Md9Gui9v/nyOJ/bTWM3+hiR7WdEsgQ="; + }; + + nativeBuildInputs = [ + pkg-config + meson + ninja + perl # for pod2man + gettext + gtk-doc + libxslt + # TODO: apply this to D-Bus so that other packages can benefit. + # https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/202 + (dbus.overrideAttrs (attrs: { + postInstall = attrs.postInstall or "" + '' + ln -s ${fetchurl { + url = "https://gitlab.freedesktop.org/dbus/dbus/-/raw/b207135dbd8c09cf8da28f7e3b0a18bb11483663/doc/catalog.xml"; + sha256 = "1/43XwAIcmRXfM4OXOPephyQyUnW8DSveiZbiPvW72I="; + }} $out/share/xml/dbus-1/catalog.xml + ''; + })) + docbook-xsl-nons + docbook_xml_dtd_412 + ]; + + buildInputs = [ + glib + polkit + nss + pam + systemd + libfprint + ]; + + checkInputs = with python3.pkgs; [ + gobject-introspection # for setup hook + python-dbusmock + dbus-python + pygobject3 + pycairo + pypamtest + gusb # Required by libfprint’s typelib + ]; + + mesonFlags = [ + "-Dgtk_doc=true" + "-Dpam_modules_dir=${placeholder "out"}/lib/security" + "-Dsysconfdir=${placeholder "out"}/etc" + "-Ddbus_service_dir=${placeholder "out"}/share/dbus-1/system-services" + "-Dsystemd_system_unit_dir=${placeholder "out"}/lib/systemd/system" + ]; + + PKG_CONFIG_DBUS_1_INTERFACES_DIR = "${placeholder "out"}/share/dbus-1/interfaces"; + PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions"; + PKG_CONFIG_DBUS_1_DATADIR = "${placeholder "out"}/share"; + + # FIXME: Ugly hack for tests to find libpam_wrapper.so + LIBRARY_PATH = lib.makeLibraryPath [ python3.pkgs.pypamtest ]; + + doCheck = true; + + postPatch = '' + patchShebangs \ + po/check-translations.sh \ + tests/unittest_inspector.py + ''; + + meta = with lib; { + homepage = "https://fprint.freedesktop.org/"; + description = "D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar elyhaka ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fprintd/tod.nix b/nixpkgs/pkgs/tools/security/fprintd/tod.nix new file mode 100644 index 000000000000..4900124f8d19 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fprintd/tod.nix @@ -0,0 +1,21 @@ +{ fetchFromGitLab +, fprintd +, libfprint-tod +}: + +(fprintd.override { libfprint = libfprint-tod; }).overrideAttrs (oldAttrs: + let + pname = "fprintd-tod"; + version = "1.90.9"; + in + { + inherit pname version; + + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "libfprint"; + repo = "${oldAttrs.pname}"; + rev = "v${version}"; + sha256 = "sha256-rOTVThHOY/Q2IIu2RGiv26UE2V/JFfWWnfKZQfKl5Mg="; + }; + }) diff --git a/nixpkgs/pkgs/tools/security/fprot/default.nix b/nixpkgs/pkgs/tools/security/fprot/default.nix new file mode 100644 index 000000000000..6b930adcc26b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fprot/default.nix @@ -0,0 +1,42 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation { + + pname = "f-prot"; + version = "6.2.1"; + + src = fetchurl { + url = "http://files.f-prot.com/files/unix-trial/fp-Linux.x86.32-ws.tar.gz"; + sha256 = "0qlsrkanf0inplwv1i6hqbimdg91syf5ggd1vahsm9lhivmnr0v5"; + }; + + installPhase = '' + mkdir -p $out/bin + cp fpscan $out/bin + + mkdir -p $out/opt/f-prot + cp fpupdate $out/opt/f-prot + cp product.data.default $out/opt/f-prot/product.data + cp license.key $out/opt/f-prot/ + cp f-prot.conf.default $out/opt/f-prot/f-prot.conf + ln -s $out/opt/f-prot/fpupdate $out/bin/fpupdate + + patchelf --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/opt/f-prot/fpupdate + + mkdir -p $out/share/man/ + mkdir -p $out/share/man/man1 + cp doc/man/fpscan.1 $out/share/man/man1 + mkdir -p $out/share/man/man5 + cp doc/man/f-prot.conf.5 $out/share/man/man5 + mkdir -p $out/share/man/man8 + cp doc/man/fpupdate.8 $out/share/man/man8 + ''; + + meta = with lib; { + homepage = "http://www.f-prot.com"; + description = "A popular proprietary antivirus program"; + license = licenses.unfree; + maintainers = [ ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fulcio/default.nix b/nixpkgs/pkgs/tools/security/fulcio/default.nix new file mode 100644 index 000000000000..96ef86d18d1c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fulcio/default.nix @@ -0,0 +1,42 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: + +buildGoModule rec { + pname = "fulcio"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "sigstore"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-MvLQMGPyJYqYUljLqsr+qJeeYnxdH9aNGkWpDRvOeh8="; + }; + vendorSha256 = "sha256-pRL0et+UOi/tzuQz/Q7UmSA+pVhLJYR8lG8NAbPN9PU="; + + ldflags = [ "-s" "-w" ]; + + # Install completions post-install + nativeBuildInputs = [ installShellFiles ]; + + postInstall = '' + mv $out/bin/fulcio $out/bin/fulcio-server + installShellCompletion --cmd fulcio-server \ + --bash <($out/bin/fulcio-server completion bash) \ + --fish <($out/bin/fulcio-server completion fish) \ + --zsh <($out/bin/fulcio-server completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/fulcio-server --help + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://github.com/sigstore/fulcio"; + changelog = "https://github.com/sigstore/fulcio/releases/tag/v${version}"; + description = "A Root-CA for code signing certs - issuing certificates based on an OIDC email address"; + license = licenses.asl20; + maintainers = with maintainers; [ lesuisse jk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fwbuilder/default.nix b/nixpkgs/pkgs/tools/security/fwbuilder/default.nix new file mode 100644 index 000000000000..66d7a5a7537a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fwbuilder/default.nix @@ -0,0 +1,26 @@ +{ stdenv, lib, fetchFromGitHub, cmake, qtbase, wrapQtAppsHook }: + +stdenv.mkDerivation rec { + pname = "fwbuilder"; + version = "6.0.0-rc1"; + + src = fetchFromGitHub { + owner = "fwbuilder"; + repo = "fwbuilder"; + rev = "v${version}"; + hash = "sha256-j5HjGcIqq93Ca9OBqEgSotoSXyw+q6Fqxa3hKk1ctwQ="; + }; + + nativeBuildInputs = [ + cmake + wrapQtAppsHook + ]; + + meta = with lib; { + description = "GUI Firewall Management Application"; + homepage = "https://github.com/fwbuilder/fwbuilder"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = [ maintainers.elatov ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fwknop/default.nix b/nixpkgs/pkgs/tools/security/fwknop/default.nix new file mode 100644 index 000000000000..b56ba93dc7bc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fwknop/default.nix @@ -0,0 +1,62 @@ +{ lib, stdenv, fetchFromGitHub, autoreconfHook +, libpcap, texinfo +, iptables +, gnupgSupport ? true, gnupg, gpgme # Increases dependencies! +, wgetSupport ? true, wget +, buildServer ? true +, buildClient ? true }: + +stdenv.mkDerivation rec { + pname = "fwknop"; + version = "2.6.10"; + + src = fetchFromGitHub { + owner = "mrash"; + repo = pname; + rev = version; + sha256 = "05kvqhmxj9p2y835w75f3jvhr38bb96cd58mvfd7xil9dhmhn9ra"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ libpcap texinfo ] + ++ lib.optionals gnupgSupport [ gnupg gpgme.dev ] + ++ lib.optionals wgetSupport [ wget ]; + + configureFlags = [ + "--sysconfdir=/etc" + "--localstatedir=/run" + "--with-iptables=${iptables}/sbin/iptables" + (lib.enableFeature buildServer "server") + (lib.enableFeature buildClient "client") + (lib.withFeatureAs wgetSupport "wget" "${wget}/bin/wget") + ] ++ lib.optionalString gnupgSupport [ + "--with-gpgme" + "--with-gpgme-prefix=${gpgme.dev}" + "--with-gpg=${gnupg}" + ]; + + # Temporary hack to copy the example configuration files into the nix-store, + # this'll probably be helpful until there's a NixOS module for that (feel free + # to ping me (@primeos) if you want to help). + preInstall = '' + substituteInPlace Makefile --replace\ + "sysconfdir = /etc"\ + "sysconfdir = $out/etc" + substituteInPlace server/Makefile --replace\ + "wknopddir = /etc/fwknop"\ + "wknopddir = $out/etc/fwknop" + ''; + + meta = with lib; { + description = + "Single Packet Authorization (and Port Knocking) server/client"; + longDescription = '' + fwknop stands for the "FireWall KNock OPerator", and implements an + authorization scheme called Single Packet Authorization (SPA). + ''; + homepage = "https://www.cipherdyne.org/fwknop/"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/galer/default.nix b/nixpkgs/pkgs/tools/security/galer/default.nix new file mode 100644 index 000000000000..d64b47bfdaf6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/galer/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "galer"; + version = "0.0.2"; + + src = fetchFromGitHub { + owner = "dwisiswant0"; + repo = pname; + rev = "v${version}"; + sha256 = "1923071rk078mqk5mig45kcrr58ni02rby3r298myld7j9gfnylb"; + }; + + vendorSha256 = "0p5b6cp4ccvcjiy3g9brcwb08wxjbrpsza525fmx38wyyi0n0wns"; + + meta = with lib; { + description = "Tool to fetch URLs from HTML attributes"; + homepage = "https://github.com/dwisiswant0/galer"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gau/default.nix b/nixpkgs/pkgs/tools/security/gau/default.nix new file mode 100644 index 000000000000..59dc202e694a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gau/default.nix @@ -0,0 +1,29 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "gau"; + version = "2.0.8"; + + src = fetchFromGitHub { + owner = "lc"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-GkPAv6JrgzlblSw4oIvPvNSboOmvZCMKyFwAMD3W0fQ="; + }; + + vendorSha256 = "sha256-HQATUCzYvhhlqe4HhNu9H4CqmY2IGLNJ9ydt3/igSmQ="; + + meta = with lib; { + description = "Tool to fetch known URLs"; + longDescription = '' + getallurls (gau) fetches known URLs from various sources for any + given domain. + ''; + homepage = "https://github.com/lc/gau"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix b/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix new file mode 100644 index 000000000000..bb607c1fbd32 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix @@ -0,0 +1,43 @@ +{ coreutils, fetchFromGitHub, file, libcaca, makeWrapper, python3, openssl, qrencode, lib, stdenv, yubikey-manager }: + +stdenv.mkDerivation rec { + pname = "gen-oath-safe"; + version = "0.11.0"; + src = fetchFromGitHub { + owner = "mcepl"; + repo = "gen-oath-safe"; + rev = version; + sha256 = "1914z0jgj7lni0nf3hslkjgkv87mhxdr92cmhmbzhpjgjgr23ydp"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = + let + path = lib.makeBinPath [ + coreutils + file + libcaca.bin + openssl.bin + python3 + qrencode + yubikey-manager + ]; + in + '' + mkdir -p $out/bin + cp gen-oath-safe $out/bin/ + wrapProgram $out/bin/gen-oath-safe \ + --prefix PATH : ${path} + ''; + meta = with lib; { + homepage = "https://github.com/mcepl/gen-oath-safe"; + description = "Script for generating HOTP/TOTP keys (and QR code)"; + platforms = platforms.unix; + license = licenses.mit; + maintainers = [ maintainers.makefu ]; + }; + +} diff --git a/nixpkgs/pkgs/tools/security/gencfsm/default.nix b/nixpkgs/pkgs/tools/security/gencfsm/default.nix new file mode 100644 index 000000000000..4cf5338ca2e4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gencfsm/default.nix @@ -0,0 +1,57 @@ +{ lib, stdenv, fetchurl, autoconf, automake, intltool, libtool, pkg-config +, encfs, libsecret , glib , libgee, gtk3, vala, wrapGAppsHook, xorg +, gobject-introspection +}: + +stdenv.mkDerivation rec { + version = "1.9"; + pname = "gnome-encfs-manager"; + + src = fetchurl { + url = with lib.versions; + "https://launchpad.net/gencfsm/trunk/${major version}.${minor version}/+download/gnome-encfs-manager_${version}.tar.xz"; + sha256 = "RXVwg/xhfAQv3pWp3UylOhMKDh9ZACTuKM4lPrn1dk8="; + }; + + nativeBuildInputs = [ + autoconf + automake + intltool + libtool + pkg-config + vala + wrapGAppsHook + ]; + buildInputs = [ + glib + encfs + gtk3 + libgee + xorg.libSM + xorg.libICE + gobject-introspection + libsecret + ]; + + # Fix hardcoded paths to /bin/mkdir + patches = [ ./makefile-mkdir.patch ]; + + preConfigure = '' + ./autogen.sh + ''; + + configureFlags = [ "--disable-appindicator" ]; + + preFixup = "gappsWrapperArgs+=(--prefix PATH : ${encfs}/bin)"; + + enableParallelBuilding = true; + + meta = with lib; { + homepage = "http://www.libertyzero.com/GEncfsM/"; + downloadPage = "https://launchpad.net/gencfsm/"; + description = "EncFS manager and mounter with GNOME3 integration"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = [ maintainers.spacefrogg ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gencfsm/makefile-mkdir.patch b/nixpkgs/pkgs/tools/security/gencfsm/makefile-mkdir.patch new file mode 100644 index 000000000000..49c7b0b4d9d1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gencfsm/makefile-mkdir.patch @@ -0,0 +1,14 @@ +--- a/dist/Makefile.am ++++ b/dist/Makefile.am +@@ -10,9 +10,9 @@ install-data-hook: + chmod 0755 $(shell find $(dist) -type d) + chmod 0644 $(shell find $(dist) -type f) + chmod 0755 $(shell find "scripts" -type f) +- test -z "$(DESTDIR)$(datadir)/dbus-1/services/" || /bin/mkdir -p "$(DESTDIR)$(datadir)/dbus-1/services/" ++ test -z "$(DESTDIR)$(datadir)/dbus-1/services/" || $(MKDIR_P) "$(DESTDIR)$(datadir)/dbus-1/services/" + cp "extra/com.libertyzero.gnome-encfs-manager.service" "$(DESTDIR)$(datadir)/dbus-1/services/" +- test -z "$(gencfsmdir)" || /bin/mkdir -p "$(gencfsmdir)" ++ test -z "$(gencfsmdir)" || $(MKDIR_P) "$(gencfsmdir)" + cp --parent -rf $(dist) "$(gencfsmdir)" + cp --parent -rf $(icons) $(DESTDIR)$(datadir) + diff --git a/nixpkgs/pkgs/tools/security/genpass/default.nix b/nixpkgs/pkgs/tools/security/genpass/default.nix new file mode 100644 index 000000000000..9565bf80c950 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/genpass/default.nix @@ -0,0 +1,28 @@ +{ lib, stdenv +, fetchgit +, rustPlatform +, CoreFoundation +, libiconv +, Security +}: +rustPlatform.buildRustPackage rec { + pname = "genpass"; + version = "0.5.1"; + + src = fetchgit { + url = "https://git.sr.ht/~cyplo/genpass"; + rev = "v${version}"; + sha256 = "UyEgOlKtDyneRteN3jHA2BJlu5U1HFL8HA2MTQz5rns="; + }; + + cargoSha256 = "ls3tzZ+gtZQlObmbtwJDq6N/f5nY+Ps7RL5R/fR5Vgg="; + + buildInputs = lib.optionals stdenv.isDarwin [ CoreFoundation libiconv Security ]; + + meta = with lib; { + description = "A simple yet robust commandline random password generator"; + homepage = "https://sr.ht/~cyplo/genpass/"; + license = licenses.agpl3Only; + maintainers = with maintainers; [ cyplo ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gfshare/default.nix b/nixpkgs/pkgs/tools/security/gfshare/default.nix new file mode 100644 index 000000000000..e0da2fdaf35b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gfshare/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchgit, autoreconfHook }: + +stdenv.mkDerivation rec { + pname = "gfshare"; + version = "2.0.0"; + + src = fetchgit { + url = "git://git.gitano.org.uk/libgfshare.git"; + rev = version; + sha256 = "0s37xn9pr5p820hd40489xwra7kg3gzqrxhc2j9rnxnd489hl0pr"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + doCheck = true; + + outputs = [ "bin" "lib" "dev" "out" ]; + + meta = with lib; { + # Not the most descriptive homepage but it's what Debian and Ubuntu use + # https://packages.debian.org/sid/libgfshare2 + # https://launchpad.net/ubuntu/impish/+source/libgfshare/+copyright + homepage = "https://git.gitano.org.uk/libgfshare.git/"; + description = "Shamir's secret-sharing method in the Galois Field GF(2**8)"; + license = licenses.mit; + platforms = platforms.all; + maintainers = [ maintainers.rraval ]; + broken = stdenv.isDarwin; # never built on Hydra https://hydra.nixos.org/job/nixpkgs/trunk/gfshare.x86_64-darwin + }; +} diff --git a/nixpkgs/pkgs/tools/security/ghdorker/default.nix b/nixpkgs/pkgs/tools/security/ghdorker/default.nix new file mode 100644 index 000000000000..c6882fb110a8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ghdorker/default.nix @@ -0,0 +1,35 @@ +{ lib +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "ghdorker"; + version = "0.3.2"; + format = "setuptools"; + + src = python3.pkgs.fetchPypi { + inherit pname version; + sha256 = "sha256-wF4QoXxH55SpdYgKLHf4sCwUk1rkCpSdnIX5FvFi/BU="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + ghapi + glom + python-dotenv + pyyaml + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "GHDorker" + ]; + + meta = with lib; { + description = "Extensible GitHub dorking tool"; + homepage = "https://github.com/dtaivpp/ghdorker"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch b/nixpkgs/pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch new file mode 100644 index 000000000000..b3106802bd5c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch @@ -0,0 +1,130 @@ +From 913e74b8682f77da94ed7b7d459482b9b23a5d88 Mon Sep 17 00:00:00 2001 +From: roblabla <unfiltered@roblab.la> +Date: Tue, 28 Dec 2021 14:20:30 +0100 +Subject: [PATCH] Use protobuf gradle plugin + +--- + Ghidra/Debug/Debugger-gadp/build.gradle | 76 +++---------------------- + build.gradle | 6 ++ + 2 files changed, 15 insertions(+), 67 deletions(-) + +diff --git a/Ghidra/Debug/Debugger-gadp/build.gradle b/Ghidra/Debug/Debugger-gadp/build.gradle +index 1b4922f66..3d2ef8856 100644 +--- a/Ghidra/Debug/Debugger-gadp/build.gradle ++++ b/Ghidra/Debug/Debugger-gadp/build.gradle +@@ -23,42 +23,19 @@ apply from: "${rootProject.projectDir}/gradle/javaTestProject.gradle" + apply from: "${rootProject.projectDir}/gradle/distributableGhidraModule.gradle" + + apply plugin: 'eclipse' +-eclipse.project.name = 'Debug Debugger-gadp' ++apply plugin: 'com.google.protobuf' + +-configurations { +- allProtocArtifacts +- protocArtifact +-} ++eclipse.project.name = 'Debug Debugger-gadp' + + def platform = getCurrentPlatformName() + +-dependencies { +- allProtocArtifacts 'com.google.protobuf:protoc:3.17.3:windows-x86_64@exe' +- allProtocArtifacts 'com.google.protobuf:protoc:3.17.3:linux-x86_64@exe' +- allProtocArtifacts 'com.google.protobuf:protoc:3.17.3:linux-aarch_64@exe' +- allProtocArtifacts 'com.google.protobuf:protoc:3.17.3:osx-x86_64@exe' +- allProtocArtifacts 'com.google.protobuf:protoc:3.17.3:osx-aarch_64@exe' +- +- if (isCurrentWindows()) { +- protocArtifact 'com.google.protobuf:protoc:3.17.3:windows-x86_64@exe' +- } +- if (isCurrentLinux()) { +- if (platform.endsWith("x86_64")) { +- protocArtifact 'com.google.protobuf:protoc:3.17.3:linux-x86_64@exe' +- } +- else { +- protocArtifact 'com.google.protobuf:protoc:3.17.3:linux-aarch_64@exe' +- } +- } +- if (isCurrentMac()) { +- if (platform.endsWith("x86_64")) { +- protocArtifact 'com.google.protobuf:protoc:3.17.3:osx-x86_64@exe' +- } +- else { +- protocArtifact 'com.google.protobuf:protoc:3.17.3:osx-aarch_64@exe' +- } +- } ++buildscript { ++ dependencies { ++ classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.18' ++ } ++} + ++dependencies { + api 'com.google.protobuf:protobuf-java:3.17.3' + api project(':Framework-AsyncComm') + api project(':Framework-Debugging') +@@ -68,43 +45,8 @@ dependencies { + testImplementation project(path: ':Framework-Debugging', configuration: 'testArtifacts') + } + +-/*protobuf { ++protobuf { + protoc { + artifact = 'com.google.protobuf:protoc:3.17.3' + } +-}*/ +- +-task generateProto { +- ext.srcdir = file("src/main/proto") +- ext.src = fileTree(srcdir) { +- include "**/*.proto" +- } +- ext.outdir = file("build/generated/source/proto/main/java") +- outputs.dir(outdir) +- inputs.files(src) +- dependsOn(configurations.protocArtifact) +- doLast { +- def exe = configurations.protocArtifact.first() +- if (!isCurrentWindows()) { +- exe.setExecutable(true) +- } +- exec { +- commandLine exe, "--java_out=$outdir", "-I$srcdir" +- args src +- } +- } + } +- +-tasks.compileJava.dependsOn(tasks.generateProto) +-tasks.eclipse.dependsOn(tasks.generateProto) +-rootProject.tasks.prepDev.dependsOn(tasks.generateProto) +- +-sourceSets { +- main { +- java { +- srcDir tasks.generateProto.outdir +- } +- } +-} +-zipSourceSubproject.dependsOn generateProto +- +diff --git a/build.gradle b/build.gradle +index dce3a5149..7a2e637ce 100644 +--- a/build.gradle ++++ b/build.gradle +@@ -76,6 +76,12 @@ if (flatRepo.isDirectory()) { + jcenter() + flatDir name: "flat", dirs:["$flatRepo"] + } ++ buildscript { ++ repositories { ++ mavenLocal() ++ mavenCentral() ++ } ++ } + } + } + else { +-- +2.33.1 + diff --git a/nixpkgs/pkgs/tools/security/ghidra/build.nix b/nixpkgs/pkgs/tools/security/ghidra/build.nix new file mode 100644 index 000000000000..831ec3b6133e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ghidra/build.nix @@ -0,0 +1,178 @@ +{ stdenv +, fetchzip +, fetchurl +, fetchFromGitHub +, lib +, gradle +, perl +, makeWrapper +, openjdk11 +, unzip +, makeDesktopItem +, autoPatchelfHook +, icoutils +, xcbuild +, protobuf3_17 +, libredirect +}: + +let + pkg_path = "$out/lib/ghidra"; + pname = "ghidra"; + version = "10.1.2"; + + src = fetchFromGitHub { + owner = "NationalSecurityAgency"; + repo = "Ghidra"; + rev = "Ghidra_${version}_build"; + sha256 = "sha256-gnSIXje0hUpAculNXAyiS7Twc5XWitMgYp7svyZQxzE="; + }; + + desktopItem = makeDesktopItem { + name = "ghidra"; + exec = "ghidra"; + icon = "ghidra"; + desktopName = "Ghidra"; + genericName = "Ghidra Software Reverse Engineering Suite"; + categories = "Development;"; + }; + + # postPatch scripts. + # Tells ghidra to use our own protoc binary instead of the prebuilt one. + fixProtoc = '' + cat >>Ghidra/Debug/Debugger-gadp/build.gradle <<HERE +protobuf { + protoc { + path = '${protobuf3_17}/bin/protoc' + } +} +HERE + ''; + + # Adds a gradle step that downloads all the dependencies to the gradle cache. + addResolveStep = '' + cat >>build.gradle <<HERE +task resolveDependencies { + doLast { + project.rootProject.allprojects.each { subProject -> + subProject.buildscript.configurations.each { configuration -> + resolveConfiguration(subProject, configuration, "buildscript config \''${configuration.name}") + } + subProject.configurations.each { configuration -> + resolveConfiguration(subProject, configuration, "config \''${configuration.name}") + } + } + } +} +void resolveConfiguration(subProject, configuration, name) { + if (configuration.canBeResolved) { + logger.info("Resolving project {} {}", subProject.name, name) + configuration.resolve() + } +} +HERE + ''; + + # fake build to pre-download deps into fixed-output derivation + # Taken from mindustry derivation. + deps = stdenv.mkDerivation { + pname = "${pname}-deps"; + inherit version src; + + patches = [ ./0001-Use-protobuf-gradle-plugin.patch ]; + postPatch = fixProtoc + addResolveStep; + + nativeBuildInputs = [ gradle perl ] ++ lib.optional stdenv.isDarwin xcbuild; + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d) + + # First, fetch the static dependencies. + gradle --no-daemon --info -Dorg.gradle.java.home=${openjdk11} -I gradle/support/fetchDependencies.gradle init + + # Then, fetch the maven dependencies. + gradle --no-daemon --info -Dorg.gradle.java.home=${openjdk11} resolveDependencies + ''; + # perl code mavenizes pathes (com.squareup.okio/okio/1.13.0/a9283170b7305c8d92d25aff02a6ab7e45d06cbe/okio-1.13.0.jar -> com/squareup/okio/okio/1.13.0/okio-1.13.0.jar) + installPhase = '' + find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \ + | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/maven/$x/$3/$4/$5" #e' \ + | sh + cp -r dependencies $out/dependencies + ''; + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "sha256-UHV7Z2HaVTOCY5U0zjUtkchJicrXMBfYBHvL8AA7NTg="; + }; + +in stdenv.mkDerivation rec { + inherit pname version src; + + nativeBuildInputs = [ + gradle unzip makeWrapper icoutils + ] ++ lib.optional stdenv.isDarwin xcbuild; + + dontStrip = true; + + patches = [ ./0001-Use-protobuf-gradle-plugin.patch ]; + postPatch = fixProtoc; + + buildPhase = (lib.optionalString stdenv.isDarwin '' + export HOME=$(mktemp -d) + + # construct a dummy /etc/passwd file - something attempts to determine + # the user's "real" home using this + DUMMY_PASSWD=$(realpath ../dummy-passwd) + cat > $DUMMY_PASSWD <<EOF + $(whoami)::$(id -u):$(id -g)::$HOME:$SHELL + EOF + + export NIX_REDIRECTS=/etc/passwd=$DUMMY_PASSWD + export DYLD_INSERT_LIBRARIES=${libredirect}/lib/libredirect.dylib + '') + '' + + export GRADLE_USER_HOME=$(mktemp -d) + + ln -s ${deps}/dependencies dependencies + + sed -i "s#mavenLocal()#mavenLocal(); maven { url '${deps}/maven' }#g" build.gradle + + gradle --offline --no-daemon --info -Dorg.gradle.java.home=${openjdk11} buildGhidra + ''; + + installPhase = '' + mkdir -p "${pkg_path}" "$out/share/applications" + + ZIP=build/dist/$(ls build/dist) + echo $ZIP + unzip $ZIP -d ${pkg_path} + f=("${pkg_path}"/*) + mv "${pkg_path}"/*/* "${pkg_path}" + rmdir "''${f[@]}" + + ln -s ${desktopItem}/share/applications/* $out/share/applications + + icotool -x "Ghidra/RuntimeScripts/Windows/support/ghidra.ico" + rm ghidra_4_40x40x32.png + for f in ghidra_*.png; do + res=$(basename "$f" ".png" | cut -d"_" -f3 | cut -d"x" -f1-2) + mkdir -pv "$out/share/icons/hicolor/$res/apps" + mv "$f" "$out/share/icons/hicolor/$res/apps/ghidra.png" + done; + ''; + + postFixup = '' + mkdir -p "$out/bin" + ln -s "${pkg_path}/ghidraRun" "$out/bin/ghidra" + wrapProgram "${pkg_path}/support/launch.sh" \ + --prefix PATH : ${lib.makeBinPath [ openjdk11 ]} + ''; + + meta = with lib; { + description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; + homepage = "https://ghidra-sre.org/"; + platforms = [ "x86_64-linux" "x86_64-darwin" ]; + license = licenses.asl20; + maintainers = [ "roblabla" ]; + }; + +} diff --git a/nixpkgs/pkgs/tools/security/ghidra/default.nix b/nixpkgs/pkgs/tools/security/ghidra/default.nix new file mode 100644 index 000000000000..e57f60637e25 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ghidra/default.nix @@ -0,0 +1,79 @@ +{ stdenv +, fetchzip +, lib +, makeWrapper +, autoPatchelfHook +, openjdk11 +, pam +, makeDesktopItem +, icoutils +}: + +let + + pkg_path = "$out/lib/ghidra"; + + desktopItem = makeDesktopItem { + name = "ghidra"; + exec = "ghidra"; + icon = "ghidra"; + desktopName = "Ghidra"; + genericName = "Ghidra Software Reverse Engineering Suite"; + categories = "Development;"; + }; + +in stdenv.mkDerivation rec { + pname = "ghidra"; + version = "10.1.1"; + versiondate = "20211221"; + + src = fetchzip { + url = "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_${version}_build/ghidra_${version}_PUBLIC_${versiondate}.zip"; + sha256 = "1aib24hjfavy31vq0pasbzix9lpqrb90m3hp4n0iakg6ck8jcl5r"; + }; + + nativeBuildInputs = [ + makeWrapper + icoutils + ] + ++ lib.optionals stdenv.isLinux [ autoPatchelfHook ]; + + buildInputs = [ + stdenv.cc.cc.lib + pam + ]; + + dontStrip = true; + + installPhase = '' + mkdir -p "${pkg_path}" + mkdir -p "${pkg_path}" "$out/share/applications" + cp -a * "${pkg_path}" + ln -s ${desktopItem}/share/applications/* $out/share/applications + + icotool -x "${pkg_path}/support/ghidra.ico" + rm ghidra_4_40x40x32.png + for f in ghidra_*.png; do + res=$(basename "$f" ".png" | cut -d"_" -f3 | cut -d"x" -f1-2) + mkdir -pv "$out/share/icons/hicolor/$res/apps" + mv "$f" "$out/share/icons/hicolor/$res/apps/ghidra.png" + done; + ''; + + postFixup = '' + mkdir -p "$out/bin" + ln -s "${pkg_path}/ghidraRun" "$out/bin/ghidra" + + wrapProgram "${pkg_path}/support/launch.sh" \ + --prefix PATH : ${lib.makeBinPath [ openjdk11 ]} + ''; + + meta = with lib; { + description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; + homepage = "https://github.com/NationalSecurityAgency/ghidra"; + platforms = [ "x86_64-linux" "x86_64-darwin" ]; + license = licenses.asl20; + maintainers = with maintainers; [ ck3d govanify mic92 ]; + }; + +} diff --git a/nixpkgs/pkgs/tools/security/ghost/default.nix b/nixpkgs/pkgs/tools/security/ghost/default.nix new file mode 100644 index 000000000000..124caef45c20 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ghost/default.nix @@ -0,0 +1,34 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "ghost"; + version = "8.0.0"; + + disabled = python3.pythonOlder "3.7"; + + src = fetchFromGitHub { + owner = "EntySec"; + repo = "Ghost"; + rev = version; + sha256 = "13p3inw7v55na8438awr692v9vb7zgf5ggxpha9r3m8vfm3sb4iz"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + adb-shell + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ "ghost" ]; + + meta = with lib; { + description = "Android post-exploitation framework"; + homepage = "https://github.com/EntySec/ghost"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/git-hound/default.nix b/nixpkgs/pkgs/tools/security/git-hound/default.nix new file mode 100644 index 000000000000..56fa2ce47636 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/git-hound/default.nix @@ -0,0 +1,30 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "git-hound"; + version = "1.3"; + + src = fetchFromGitHub { + owner = "tillson"; + repo = pname; + rev = "v${version}"; + sha256 = "1l2bif7qpc1yl93ih01g9jci7ba47rsnpq9js88rz216q93dzmsf"; + }; + + vendorSha256 = "055hpfjbqng513c9rscb8jhnlxj7p82sr8cbsvwnzk569n71qwma"; + + meta = with lib; { + description = "Reconnaissance tool for GitHub code search"; + longDescription = '' + GitHound pinpoints exposed API keys and other sensitive information + across all of GitHub using pattern matching, commit history searching, + and a unique result scoring system. + ''; + homepage = "https://github.com/tillson/git-hound"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gitjacker/default.nix b/nixpkgs/pkgs/tools/security/gitjacker/default.nix new file mode 100644 index 000000000000..14d9ab9ccfa2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gitjacker/default.nix @@ -0,0 +1,43 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, git +, stdenv +}: + +buildGoModule rec { + pname = "gitjacker"; + version = "0.1.0"; + + src = fetchFromGitHub { + owner = "liamg"; + repo = "gitjacker"; + rev = "v${version}"; + sha256 = "sha256-rEn9FpcRfEt2yGepIPEAO9m8JeVb+nMhYMBWhC/barc="; + }; + + vendorSha256 = null; + + propagatedBuildInputs = [ git ]; + + checkInputs = [ git ]; + + doCheck = !stdenv.isDarwin; + + preCheck = '' + export PATH=$TMPDIR/usr/bin:$PATH + ''; + + meta = with lib; { + description = "Leak git repositories from misconfigured websites"; + longDescription = '' + Gitjacker downloads git repositories and extracts their contents + from sites where the .git directory has been mistakenly uploaded. + It will still manage to recover a significant portion of a repository + even where directory listings are disabled. + ''; + homepage = "https://github.com/liamg/gitjacker"; + license = with licenses; [ unlicense ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gitleaks/default.nix b/nixpkgs/pkgs/tools/security/gitleaks/default.nix new file mode 100644 index 000000000000..cb8155e5a1fa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gitleaks/default.nix @@ -0,0 +1,38 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "gitleaks"; + version = "8.2.7"; + + src = fetchFromGitHub { + owner = "zricethezav"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-kCKkPx0JEzmQn0y6UbVuwZXre7rDd4vKTudh6J3AxYA="; + }; + + vendorSha256 = "sha256-zJ9Xl4tRUWntQwco+EHzqmL1aVcOjp70LCCmRsboxQ4="; + + ldflags = [ + "-s" + "-w" + "-X github.com/zricethezav/gitleaks/v${lib.versions.major version}/version.Version=${version}" + ]; + + # With v8 the config tests are are blocking + doCheck = false; + + meta = with lib; { + description = "Scan git repos (or files) for secrets"; + longDescription = '' + Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, + API keys and tokens in git repos. + ''; + homepage = "https://github.com/zricethezav/gitleaks"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix b/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix new file mode 100644 index 000000000000..a94be8295ea0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix @@ -0,0 +1,83 @@ +{ lib +, fetchFromGitLab +, fetchpatch +, python3 +, wrapGAppsHook +, gobject-introspection +, gtk3 +, glib +, gst_all_1 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "gnome-keysign"; + version = "1.2.0"; + + src = fetchFromGitLab { + domain = "gitlab.gnome.org"; + owner = "GNOME"; + repo = pname; + rev = version; + sha256 = "1sjphi1lsivg9jmc8khbcqa9w6608pkrccz4nz3rlcc54hn0k0sj"; + }; + + patches = [ + # fix build failure due to missing import + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gnome-keysign/commit/216c3677e68960afc517edc00529323e85909323.patch"; + sha256 = "1w410gvcridbq26sry7fxn49v59ss2lc0w5ab7csva8rzs1nc990"; + }) + + # stop requiring lxml (no longer used) + # https://gitlab.gnome.org/GNOME/gnome-keysign/merge_requests/23 + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gnome-keysign/commit/ffc6f40584d7564951e1c8b6d18d4f8a6a3fa09d.patch"; + sha256 = "1hs6mmhi2f21kvy26llzvp37yf0i0dr69d18r641139nr6qg6kwy"; + includes = [ "setup.py" ]; + }) + ]; + + nativeBuildInputs = [ + wrapGAppsHook + gobject-introspection + ] ++ (with python3.pkgs; [ + Babel + babelgladeextractor + ]); + + buildInputs = [ + # TODO: add avahi support + gtk3 + glib + gst_all_1.gstreamer + gst_all_1.gst-plugins-base + (gst_all_1.gst-plugins-good.override { gtkSupport = true; }) + (gst_all_1.gst-plugins-bad.override { enableZbar = true; }) # for zbar plug-in + ]; + + propagatedBuildInputs = with python3.pkgs; [ + dbus-python + future + gpgme + magic-wormhole + pygobject3 + pybluez + qrcode + requests + twisted + ]; + + # https://github.com/NixOS/nixpkgs/issues/56943 + strictDeps = false; + + # bunch of linting + doCheck = false; + + meta = with lib; { + description = "GTK/GNOME application to use GnuPG for signing other peoples’ keys"; + homepage = "https://wiki.gnome.org/Apps/Keysign"; + license = licenses.gpl3Plus; + maintainers = teams.gnome.members; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnu-pw-mgr/default.nix b/nixpkgs/pkgs/tools/security/gnu-pw-mgr/default.nix new file mode 100644 index 000000000000..8478c3748366 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnu-pw-mgr/default.nix @@ -0,0 +1,20 @@ +{ stdenv, lib, fetchurl, gnulib }: + +stdenv.mkDerivation rec { + pname = "gnu-pw-mgr"; + version = "2.7.4"; + src = fetchurl { + url = "https://ftp.gnu.org/gnu/gnu-pw-mgr/${pname}-${version}.tar.xz"; + sha256 = "0fhwvsmsqpw0vnivarfg63l8pgwqfv7d5wi6l80jpb41dj6qpjz8"; + }; + + buildInputs = [ gnulib ]; + + meta = with lib; { + homepage = "https://www.gnu.org/software/gnu-pw-mgr/"; + description = "A password manager designed to make it easy to reconstruct difficult passwords"; + license = with licenses; [ gpl3Plus lgpl3Plus ]; + platforms = lib.platforms.linux; + maintainers = with maintainers; [ qoelet ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnupg-pkcs11-scd/default.nix b/nixpkgs/pkgs/tools/security/gnupg-pkcs11-scd/default.nix new file mode 100644 index 000000000000..1e46df40f85f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg-pkcs11-scd/default.nix @@ -0,0 +1,33 @@ +{ lib, stdenv, fetchurl, libgpg-error, libassuan, libgcrypt, pkcs11helper, + pkg-config, openssl }: + +stdenv.mkDerivation rec { + pname = "gnupg-pkcs11-scd"; + version = "0.10.0"; + + src = fetchurl { + url = "https://github.com/alonbl/${pname}/releases/download/${pname}-${version}/${pname}-${version}.tar.bz2"; + sha256 = "sha256-Kb8p53gPkhxtOhH2COKwSDwbtRDFr6hHMJAkndV8Ukk="; + }; + + buildInputs = [ pkcs11helper pkg-config openssl ]; + + configureFlags = [ + "--with-libgpg-error-prefix=${libgpg-error.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + ]; + + meta = with lib; { + description = "A smart-card daemon to enable the use of PKCS#11 tokens with GnuPG"; + longDescription = '' + gnupg-pkcs11 is a project to implement a BSD-licensed smart-card + daemon to enable the use of PKCS#11 tokens with GnuPG. + ''; + homepage = "http://gnupg-pkcs11.sourceforge.net/"; + license = licenses.bsd3; + maintainers = with maintainers; [ matthiasbeyer philandstuff ]; + platforms = platforms.unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch b/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch new file mode 100644 index 000000000000..061fb0e8de9c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch @@ -0,0 +1,34 @@ +From 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Sun, 30 Jun 2019 11:54:35 -0400 +Subject: [PATCH] dirmngr: Only use SKS pool CA for SKS pool + +* dirmngr/http.c (http_session_new): when checking whether the +keyserver is the HKPS pool, check specifically against the pool name, +as ./configure might have been used to select a different default +keyserver. It makes no sense to apply Kristian's certificate +authority to anything other than the literal host +hkps.pool.sks-keyservers.net. + +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +GnuPG-Bug-Id: 4593 +--- + dirmngr/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dirmngr/http.c b/dirmngr/http.c +index 384f2569d..8e5d53939 100644 +--- a/dirmngr/http.c ++++ b/dirmngr/http.c +@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session, + + is_hkps_pool = (intended_hostname + && !ascii_strcasecmp (intended_hostname, +- get_default_keyserver (1))); ++ "hkps.pool.sks-keyservers.net")); + + /* If the user has not specified a CA list, and they are looking + * for the hkps pool from sks-keyservers.net, then default to +-- +2.22.0 + diff --git a/nixpkgs/pkgs/tools/security/gnupg/1.nix b/nixpkgs/pkgs/tools/security/gnupg/1.nix new file mode 100644 index 000000000000..8fc5dce7ba04 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/1.nix @@ -0,0 +1,33 @@ +{ lib, stdenv, fetchurl, readline, bzip2 }: + +stdenv.mkDerivation rec { + pname = "gnupg"; + version = "1.4.23"; + + src = fetchurl { + url = "mirror://gnupg/gnupg/gnupg-${version}.tar.bz2"; + sha256 = "1fkq4sqldvf6a25mm2qz95swv1qjg464736091w51djiwqbjyin9"; + }; + + buildInputs = [ readline bzip2 ]; + + doCheck = true; + + meta = with lib; { + homepage = "https://gnupg.org"; + description = "Classic (1.4) release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "classic" (1.4) is the old standalone version which is most suitable for + older or embedded platforms. GnuPG allows to encrypt and sign your data + and communication, features a versatile key management system as well as + access modules for all kind of public key directories. GnuPG, also known + as GPG, is a command line tool with features for easy integration with + other applications. A wealth of frontend applications and libraries are + available. + ''; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnupg/1compat.nix b/nixpkgs/pkgs/tools/security/gnupg/1compat.nix new file mode 100644 index 000000000000..6625a4567954 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/1compat.nix @@ -0,0 +1,31 @@ +{ stdenv, gnupg, coreutils, writeScript }: + +stdenv.mkDerivation { + pname = "gnupg1compat"; + version = gnupg.version; + + builder = writeScript "gnupg1compat-builder" '' + PATH=${coreutils}/bin + # First symlink all top-level dirs + mkdir -p $out + ln -s "${gnupg}/"* $out + + # Replace bin with directory and symlink it contents + rm $out/bin + mkdir -p $out/bin + ln -s "${gnupg}/bin/"* $out/bin + + # Add symlinks for any executables that end in 2 and lack any non-*2 version + for f in $out/bin/*2; do + [[ -x $f ]] || continue # ignore failed globs and non-executable files + [[ -e ''${f%2} ]] && continue # ignore commands that already have non-*2 versions + ln -s -- "''${f##*/}" "''${f%2}" + done + ''; + + meta = gnupg.meta // { + description = gnupg.meta.description + + " with symbolic links for gpg and gpgv"; + priority = -1; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnupg/23.nix b/nixpkgs/pkgs/tools/security/gnupg/23.nix new file mode 100644 index 000000000000..ef7a5cf85e71 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/23.nix @@ -0,0 +1,107 @@ +{ fetchurl, fetchpatch, lib, stdenv, pkg-config, libgcrypt, libassuan, libksba +, libgpg-error, libiconv, npth, gettext, texinfo, buildPackages + +# Each of the dependencies below are optional. +# Gnupg can be built without them at the cost of reduced functionality. +, guiSupport ? stdenv.isDarwin, enableMinimal ? false +, adns ? null, bzip2 ? null , gnutls ? null , libusb1 ? null , openldap ? null +, tpm2-tss ? null +, pcsclite ? null , pinentry ? null , readline ? null , sqlite ? null , zlib ? null +}: + +with lib; + +assert guiSupport -> pinentry != null && enableMinimal == false; + +stdenv.mkDerivation rec { + pname = "gnupg"; + version = "2.3.3"; + + src = fetchurl { + url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; + sha256 = "0dz9x0r5021bhk1kjh29m1q13xbslwb8yn9qzcp7b9m1lrnvi2ap"; + }; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ pkg-config texinfo ]; + buildInputs = [ + libgcrypt libassuan libksba libiconv npth gettext + readline libusb1 gnutls adns openldap zlib bzip2 sqlite + ] ++ optional (!stdenv.isDarwin) tpm2-tss ; + + patches = [ + ./fix-libusb-include-path.patch + ./tests-add-test-cases-for-import-without-uid.patch + ./allow-import-of-previously-known-keys-even-without-UI.patch + ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch + ] ++ lib.optional stdenv.isDarwin [ + # Remove an innocent warning printed on systems without procfs + # https://dev.gnupg.org/T5656 + (fetchpatch { + url = "https://raw.githubusercontent.com/Homebrew/formula-patches/890be5f6af88e7913d177af87a50129049e681bb/gnupg/2.3.3-proc-error.patch"; + sha256 = "sha256-oiTa7Nf+AEmhZ683CJEaCb559PXJ6RpSSgRLpxz4CKU="; + }) + ]; + postPatch = '' + sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' configure doc/dirmngr.texi doc/gnupg.info-1 + # Fix broken SOURCE_DATE_EPOCH usage - remove on the next upstream update + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.am + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.in + '' + lib.optionalString (stdenv.isLinux && pcsclite != null) '' + sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c + ''; + + pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; + configureFlags = [ + "--with-libgpg-error-prefix=${libgpg-error.dev}" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + "--with-ksba-prefix=${libksba.dev}" + "--with-npth-prefix=${npth}" + ] ++ optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}" + ++ optional ( (!stdenv.isDarwin) && (tpm2-tss != null) ) "--with-tss=intel"; + postInstall = if enableMinimal + then '' + rm -r $out/{libexec,sbin,share} + for f in $(find $out/bin -type f -not -name gpg) + do + rm $f + done + '' else '' + mkdir -p $out/lib/systemd/user + for f in doc/examples/systemd-user/*.{service,socket} ; do + substitute $f $out/lib/systemd/user/$(basename $f) \ + --replace /usr/bin $out/bin + done + + # add gpg2 symlink to make sure git does not break when signing commits + ln -s $out/bin/gpg $out/bin/gpg2 + + # Make libexec tools available in PATH + for f in $out/libexec/; do + if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi + ln -s $f $out/bin/$(basename $f) + done + ''; + + enableParallelBuilding = true; + + meta = with lib; { + homepage = "https://gnupg.org"; + description = "Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "modern" (2.1) is the latest development with a lot of new features. + GnuPG allows to encrypt and sign your data and communication, features a + versatile key management system as well as access modules for all kind of + public key directories. GnuPG, also known as GPG, is a command line tool + with features for easy integration with other applications. A wealth of + frontend applications and libraries are available. Version 2 of GnuPG + also provides support for S/MIME. + ''; + maintainers = with maintainers; [ fpletz vrthra ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnupg/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch b/nixpkgs/pkgs/tools/security/gnupg/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch new file mode 100644 index 000000000000..5cbec92ae683 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch @@ -0,0 +1,32 @@ +From: Vincent Breitmoser <look@my.amazin.horse> +Date: Thu, 13 Jun 2019 21:27:43 +0200 +Subject: gpg: accept subkeys with a good revocation but no self-sig during + import + +* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we +encounter a valid revocation signature. This allows import of subkey +revocation signatures, even in the absence of a corresponding subkey +binding signature. + +-- + +This fixes the remaining test in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + g10/import.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/g10/import.c b/g10/import.c +index 4fdf248..ee2fed8 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -3613,6 +3613,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self) + /* It's valid, so is it newer? */ + if (sig->timestamp >= rsdate) + { ++ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ + if (rsnode) + { + /* Delete the last revocation sig since diff --git a/nixpkgs/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch b/nixpkgs/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch new file mode 100644 index 000000000000..98dda54fc7fa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch @@ -0,0 +1,107 @@ +From: Vincent Breitmoser <look@my.amazin.horse> +Date: Thu, 13 Jun 2019 21:27:42 +0200 +Subject: gpg: allow import of previously known keys, even without UIDs + +* g10/import.c (import_one): Accept an incoming OpenPGP certificate that +has no user id, as long as we already have a local variant of the cert +that matches the primary key. + +-- + +This fixes two of the three broken tests in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + g10/import.c | 44 +++++++++++--------------------------------- + 1 file changed, 11 insertions(+), 33 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index 5d3162c..f9acf95 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl, + size_t an; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; +- int any_filter = 0; + KEYDB_HANDLE hd = NULL; + + if (r_valid) +@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl, + log_printf ("\n"); + } + +- +- if (!uidnode) +- { +- if (!silent) +- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); +- return 0; +- } +- + if (screener && screener (keyblock, screener_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk (pk), +@@ -1907,18 +1898,10 @@ import_one_real (ctrl_t ctrl, + } + } + +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) +- { +- if (!silent) +- { +- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet) +- log_info(_("this may be caused by a missing self-signature\n")); +- } +- stats->no_user_id++; +- return 0; +- } ++ /* Delete invalid parts, and note if we have any valid ones left. ++ * We will later abort import if this key is new but contains ++ * no valid uids. */ ++ delete_inv_parts (ctrl, keyblock, keyid, options); + + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); +@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl, + { + apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); + commit_kbnode (&keyblock); +- any_filter = 1; + } + if (import_filter.drop_sig) + { + apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); + commit_kbnode (&keyblock); +- any_filter = 1; +- } +- +- /* If we ran any filter we need to check that at least one user id +- * is left in the keyring. Note that we do not use log_error in +- * this case. */ +- if (any_filter && !any_uid_left (keyblock)) +- { +- if (!opt.quiet ) +- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); +- stats->no_user_id++; +- return 0; + } + + /* The keyblock is valid and ready for real import. */ +@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl, + err = 0; + stats->skipped_new_keys++; + } ++ else if (err && !any_uid_left (keyblock)) ++ { ++ if (!silent) ++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); ++ err = 0; ++ stats->no_user_id++; ++ } + else if (err) /* Insert this key. */ + { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/nixpkgs/pkgs/tools/security/gnupg/clang.patch b/nixpkgs/pkgs/tools/security/gnupg/clang.patch new file mode 100644 index 000000000000..842785e5c932 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/clang.patch @@ -0,0 +1,13 @@ +diff --git a/gl/stdint_.h b/gl/stdint_.h +index bc27595..303e81a 100644 +--- a/gl/stdint_.h ++++ b/gl/stdint_.h +@@ -62,7 +62,7 @@ + int{8,16,32,64}_t, uint{8,16,32,64}_t and __BIT_TYPES_DEFINED__. + <inttypes.h> also defines intptr_t and uintptr_t. */ + # define _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H +-# include <inttypes.h> ++// # include <inttypes.h> + # undef _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H + #elif @HAVE_SYS_INTTYPES_H@ + /* Solaris 7 <sys/inttypes.h> has the types except the *_fast*_t types, and diff --git a/nixpkgs/pkgs/tools/security/gnupg/fix-libusb-include-path.patch b/nixpkgs/pkgs/tools/security/gnupg/fix-libusb-include-path.patch new file mode 100644 index 000000000000..f20249b1cad1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/fix-libusb-include-path.patch @@ -0,0 +1,12 @@ +--- a/configure ++++ b/configure +@@ -9281,8 +9281,7 @@ fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking libusb include dir" >&5 + $as_echo_n "checking libusb include dir... " >&6; } + usb_incdir_found="no" +- for _incdir in "" "/usr/include/libusb-1.0" \ +- "/usr/local/include/libusb-1.0" "/usr/pkg/include/libusb-1.0"; do ++ for _incdir in "$($PKG_CONFIG --variable=includedir libusb-1.0)/libusb-1.0"; do + _libusb_save_cppflags=$CPPFLAGS + if test -n "${_incdir}"; then + CPPFLAGS="-I${_incdir} ${CPPFLAGS}" diff --git a/nixpkgs/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch b/nixpkgs/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch new file mode 100644 index 000000000000..65804bac7642 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch @@ -0,0 +1,14 @@ +diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c +index 903fb5b..d5611dc 100644 +--- a/tools/gpgkey2ssh.c ++++ b/tools/gpgkey2ssh.c +@@ -268,7 +268,7 @@ main (int argc, char **argv) + keyid = argv[1]; + + ret = asprintf (&command, +- "gpg --list-keys --with-colons --with-key-data '%s'", ++ "@out@/bin/gpg --list-keys --with-colons --with-key-data '%s'", + keyid); + assert (ret > 0); + + diff --git a/nixpkgs/pkgs/tools/security/gnupg/tests-add-test-cases-for-import-without-uid.patch b/nixpkgs/pkgs/tools/security/gnupg/tests-add-test-cases-for-import-without-uid.patch new file mode 100644 index 000000000000..37ddeea22495 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/tests-add-test-cases-for-import-without-uid.patch @@ -0,0 +1,201 @@ +From: Vincent Breitmoser <look@my.amazin.horse> +Date: Thu, 13 Jun 2019 21:27:41 +0200 +Subject: tests: add test cases for import without uid + +This commit adds a test case that does the following, in order: +- Import of a primary key plus user id +- Check that import of a subkey works, without a user id present in the +imported key +- Check that import of a subkey revocation works, without a user id or +subkey binding signature present in the imported key +- Check that import of a primary key revocation works, without a user id +present in the imported key + +-- + +Note that this test currently fails. The following changesets will +fix gpg so that the tests pass. + +GnuPG-Bug-id: 4393 +Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + tests/openpgp/Makefile.am | 1 + + tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++ + .../import-incomplete/primary+revocation.asc | 9 +++ + .../primary+subkey+sub-revocation.asc | 10 ++++ + .../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++ + .../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++ + tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++ + 7 files changed, 118 insertions(+) + create mode 100755 tests/openpgp/import-incomplete.scm + create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc + +diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am +index f6014c9..6423da1 100644 +--- a/tests/openpgp/Makefile.am ++++ b/tests/openpgp/Makefile.am +@@ -78,6 +78,7 @@ XTESTS = \ + gpgv-forged-keyring.scm \ + armor.scm \ + import.scm \ ++ import-incomplete.scm \ + import-revocation-certificate.scm \ + ecc.scm \ + 4gb-packet.scm \ +diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm +new file mode 100755 +index 0000000..727a027 +--- /dev/null ++++ b/tests/openpgp/import-incomplete.scm +@@ -0,0 +1,68 @@ ++#!/usr/bin/env gpgscm ++ ++;; Copyright (C) 2016 g10 Code GmbH ++;; ++;; This file is part of GnuPG. ++;; ++;; GnuPG is free software; you can redistribute it and/or modify ++;; it under the terms of the GNU General Public License as published by ++;; the Free Software Foundation; either version 3 of the License, or ++;; (at your option) any later version. ++;; ++;; GnuPG is distributed in the hope that it will be useful, ++;; but WITHOUT ANY WARRANTY; without even the implied warranty of ++;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++;; GNU General Public License for more details. ++;; ++;; You should have received a copy of the GNU General Public License ++;; along with this program; if not, see <http://www.gnu.org/licenses/>. ++ ++(load (in-srcdir "tests" "openpgp" "defs.scm")) ++(setup-environment) ++ ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc"))) ++ ++(info "Test import of new subkey, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of a subkey revocation, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:r:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of revocation, from a certificate without uid") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "pub:r:") ++ (string-contains? line "0843DA969AA8DAFB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ +diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc +new file mode 100644 +index 0000000..6b7b608 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+revocation.asc +@@ -0,0 +1,9 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [E] primary key, revocation signature over primary (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ ++EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3 ++XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ== ++=tM90 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +new file mode 100644 +index 0000000..83a51a5 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [D] primary key, subkey, subkey revocation (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ ++3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ= ++=dwx2 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +new file mode 100644 +index 0000000..dc47a02 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [B] primary key, subkey, subkey binding sig (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR ++Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg= ++=xuDu ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc +new file mode 100644 +index 0000000..134607d +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [C] primary key and self-sig expiring in 2024 (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8 ++2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu ++3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN ++9ohXOEBWvdJgVv2YAg== ++=KWIK ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc +new file mode 100644 +index 0000000..055f300 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [A] primary key, user ID, and self-sig expiring in 2021 ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja +++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI ++kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs= ++=1eII ++-----END PGP PUBLIC KEY BLOCK----- diff --git a/nixpkgs/pkgs/tools/security/go-cve-search/default.nix b/nixpkgs/pkgs/tools/security/go-cve-search/default.nix new file mode 100644 index 000000000000..e68970b0b267 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/go-cve-search/default.nix @@ -0,0 +1,32 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "go-cve-search"; + version = "0.1.3"; + + src = fetchFromGitHub { + owner = "s-index"; + repo = pname; + rev = "v${version}"; + sha256 = "0hbv829daviskwsyp9xjcvl52m22986b2cylf2rldnxw5x8zqdvd"; + }; + + vendorSha256 = "0bhxk39ivbkhwjvq6415lax1pzn208b7px1id0d1nry93bk2zynd"; + + # Tests requires network access + doCheck = false; + + meta = with lib; { + description = "A lightweight CVE search tool"; + longDescription = '' + go-cve-search is a lightweight tool to search CVE (Common Vulnerabilities + and Exposures). + ''; + homepage = "https://github.com/s-index/go-cve-search"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/go365/default.nix b/nixpkgs/pkgs/tools/security/go365/default.nix new file mode 100644 index 000000000000..02e4c32c6cee --- /dev/null +++ b/nixpkgs/pkgs/tools/security/go365/default.nix @@ -0,0 +1,30 @@ +{ lib +, stdenv +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "go365"; + version = "1.4"; + + src = fetchFromGitHub { + owner = "optiv"; + repo = "Go365"; + rev = version; + sha256 = "0dh89hf00fr62gjdw2lb1ncdxd26nvlsh2s0i6981bp8xfg2pk5r"; + }; + + vendorSha256 = "0fx2966xfzmi8yszw1cq6ind3i2dvacdwfs029v3bq0n8bvbm3r2"; + + postInstall = lib.optionalString (!stdenv.isDarwin) '' + mv $out/bin/Go365 $out/bin/$pname + ''; + + meta = with lib; { + description = "Office 365 enumeration tool"; + homepage = "https://github.com/optiv/Go365"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gobuster/default.nix b/nixpkgs/pkgs/tools/security/gobuster/default.nix new file mode 100644 index 000000000000..cc436a16b587 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gobuster/default.nix @@ -0,0 +1,27 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "gobuster"; + version = "3.1.0"; + + src = fetchFromGitHub { + owner = "OJ"; + repo = "gobuster"; + rev = "v${version}"; + sha256 = "0nal2g5c6z46x6337yh0s6mqgnsigp91i7mp1l3sa91p5ihk71wr"; + }; + + vendorSha256 = "1isp2jd6k4ppns5zi9irj09090imnc0xp6vcps135ymgp8qg4163"; + + doCheck = false; + + meta = with lib; { + description = "Tool used to brute-force URIs, DNS subdomains, Virtual Host names on target web servers"; + homepage = "https://github.com/OJ/gobuster"; + license = licenses.asl20; + maintainers = with maintainers; [ pamplemousse ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gomapenum/default.nix b/nixpkgs/pkgs/tools/security/gomapenum/default.nix new file mode 100644 index 000000000000..ecfc74cac54c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gomapenum/default.nix @@ -0,0 +1,29 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "gomapenum"; + version = "1.0.3"; + + src = fetchFromGitHub { + owner = "nodauf"; + repo = "GoMapEnum"; + rev = "v${version}"; + sha256 = "sha256-AjHqD9r4ZU5NCqXEovvQuV4eeMLBy2jO/uqZQiCTyNI="; + }; + + vendorSha256 = "sha256-65NF814w1IUgSDuLLIqfbsf22va4AUC2E05ZgmuOHGY="; + + postInstall = '' + mv $out/bin/src $out/bin/$pname + ''; + + meta = with lib; { + description = "Tools for user enumeration and password bruteforce"; + homepage = "https://github.com/nodauf/GoMapEnum"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gopass/default.nix b/nixpkgs/pkgs/tools/security/gopass/default.nix new file mode 100644 index 000000000000..50dfe3b8ce63 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gopass/default.nix @@ -0,0 +1,75 @@ +{ lib +, stdenv +, makeWrapper +, buildGoModule +, fetchFromGitHub +, installShellFiles +, git +, gnupg +, xclip +, wl-clipboard +, passAlias ? false +}: + +buildGoModule rec { + pname = "gopass"; + version = "1.13.1"; + + nativeBuildInputs = [ installShellFiles makeWrapper ]; + + src = fetchFromGitHub { + owner = "gopasspw"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-g/ICT489uW3a5EnsxJPYOnV+yeOFfaFPMowdIK0M1Fc="; + }; + + vendorSha256 = "sha256-HGc6jUp4WO5P5dwfa0r7+X78a8us9fWrf+/IOotZHqk="; + + subPackages = [ "." ]; + + doCheck = false; + + ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.commit=${src.rev}" ]; + + wrapperPath = lib.makeBinPath ( + [ + git + gnupg + xclip + ] ++ lib.optional stdenv.isLinux wl-clipboard + ); + + postInstall = '' + installManPage gopass.1 + installShellCompletion --zsh --name _gopass zsh.completion + installShellCompletion --bash --name gopass.bash bash.completion + installShellCompletion --fish --name gopass.fish fish.completion + '' + lib.optionalString passAlias '' + ln -s $out/bin/gopass $out/bin/pass + ''; + + postFixup = '' + wrapProgram $out/bin/gopass \ + --prefix PATH : "${wrapperPath}" \ + --set GOPASS_NO_REMINDER true + ''; + + meta = with lib; { + description = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go"; + homepage = "https://www.gopass.pw/"; + license = licenses.mit; + maintainers = with maintainers; [ rvolosatovs ]; + changelog = "https://github.com/gopasspw/gopass/raw/v${version}/CHANGELOG.md"; + + longDescription = '' + gopass is a rewrite of the pass password manager in Go with the aim of + making it cross-platform and adding additional features. Our target + audience are professional developers and sysadmins (and especially teams + of those) who are well versed with a command line interface. One explicit + goal for this project is to make it more approachable to non-technical + users. We go by the UNIX philosophy and try to do one thing and do it + well, providing a stellar user experience and a sane, simple interface. + ''; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gopass/git-credential.nix b/nixpkgs/pkgs/tools/security/gopass/git-credential.nix new file mode 100644 index 000000000000..0b15e9b02353 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gopass/git-credential.nix @@ -0,0 +1,39 @@ +{ lib +, makeWrapper +, buildGoModule +, fetchFromGitHub +, gopass +}: + +buildGoModule rec { + pname = "git-credential-gopass"; + version = "1.12.0"; + + src = fetchFromGitHub { + owner = "gopasspw"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-IvYxpUMclDAKJ/EkRbNrX8eIFyhtY9Q0B0RipweieZA="; + }; + + vendorSha256 = "sha256-N6eU6KsnUrYBK90ydwUH8LNkR9KRjgc4ciGOGvy7pw8="; + + subPackages = [ "." ]; + + nativeBuildInputs = [ makeWrapper ]; + + ldflags = [ + "-s" "-w" "-X main.version=${version}" "-X main.commit=${src.rev}" + ]; + + postFixup = '' + wrapProgram $out/bin/git-credential-gopass --prefix PATH : "${lib.makeBinPath [ gopass ]}" + ''; + + meta = with lib; { + description = "Manage git credentials using gopass"; + homepage = "https://github.com/gopasspw/git-credential-gopass"; + license = licenses.mit; + maintainers = with maintainers; [ benneti ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix b/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix new file mode 100644 index 000000000000..c138bde2cc3c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix @@ -0,0 +1,40 @@ +{ lib +, makeWrapper +, buildGoModule +, fetchFromGitHub +, installShellFiles +, gopass +}: + +buildGoModule rec { + pname = "gopass-jsonapi"; + version = "1.11.1"; + + src = fetchFromGitHub { + owner = "gopasspw"; + repo = pname; + rev = "v${version}"; + sha256 = "03xhza7n92xg12z83as9qdvvc0yx1qy6q0c7i4njvng594f9a8x2"; + }; + + vendorSha256 = "0d4fyppsdfzvmjb0qvpnfnw0vl6z256bly7hfb0whk6rldks60wr"; + + subPackages = [ "." ]; + + nativeBuildInputs = [ installShellFiles makeWrapper ]; + + ldflags = [ + "-s" "-w" "-X main.version=${version}" "-X main.commit=${src.rev}" + ]; + + postFixup = '' + wrapProgram $out/bin/gopass-jsonapi --prefix PATH : "${lib.makeBinPath [ gopass ]}" + ''; + + meta = with lib; { + description = "Enables communication with gopass via JSON messages"; + homepage = "https://www.gopass.pw/"; + license = licenses.mit; + maintainers = with maintainers; [ maxhbr ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gopass/summon.nix b/nixpkgs/pkgs/tools/security/gopass/summon.nix new file mode 100644 index 000000000000..c1be7c9eb081 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gopass/summon.nix @@ -0,0 +1,39 @@ +{ lib +, makeWrapper +, buildGoModule +, fetchFromGitHub +, gopass +}: + +buildGoModule rec { + pname = "gopass-summon-provider"; + version = "1.12.0"; + + src = fetchFromGitHub { + owner = "gopasspw"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-mRZXczIlW1s0VGZJ+KQue4Dz6XCXGfl56+g6iRv2lZg="; + }; + + vendorSha256 = "sha256-fiV4rtel2jOw6y/ukOZHeFuNVqxHS3rnYhXJ6JZ+a/8="; + + subPackages = [ "." ]; + + nativeBuildInputs = [ makeWrapper ]; + + ldflags = [ + "-s" "-w" "-X main.version=${version}" "-X main.commit=${src.rev}" + ]; + + postFixup = '' + wrapProgram $out/bin/gopass-summon-provider --prefix PATH : "${lib.makeBinPath [ gopass ]}" + ''; + + meta = with lib; { + description = "Gopass Summon Provider"; + homepage = "https://www.gopass.pw/"; + license = licenses.mit; + maintainers = with maintainers; [ sikmir ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix b/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix new file mode 100644 index 000000000000..228271742c64 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix @@ -0,0 +1,40 @@ +{ fetchurl, makeWrapper, patchelf, lib, stdenv, libXft, libX11, freetype, fontconfig, libXrender, libXScrnSaver, libXext }: + +stdenv.mkDerivation rec { + pname = "gorilla-bin"; + version = "1.5.3.7"; + + src = fetchurl { + name = "gorilla1537_64.bin"; + url = "http://gorilla.dp100.com/downloads/gorilla1537_64.bin"; + sha256 = "19ir6x4c01825hpx2wbbcxkk70ymwbw4j03v8b2xc13ayylwzx0r"; + }; + + nativeBuildInputs = [ patchelf makeWrapper ]; + + unpackCmd = '' + mkdir gorilla; + cp $curSrc gorilla/gorilla-${version}; + ''; + + installPhase = let + interpreter = "$(< \"$NIX_CC/nix-support/dynamic-linker\")"; + libPath = lib.makeLibraryPath [ libXft libX11 freetype fontconfig libXrender libXScrnSaver libXext ]; + in '' + mkdir -p $out/opt/password-gorilla + mkdir -p $out/bin + cp gorilla-${version} $out/opt/password-gorilla + chmod ugo+x $out/opt/password-gorilla/gorilla-${version} + patchelf --set-interpreter "${interpreter}" "$out/opt/password-gorilla/gorilla-${version}" + makeWrapper "$out/opt/password-gorilla/gorilla-${version}" "$out/bin/gorilla" \ + --prefix LD_LIBRARY_PATH : "${libPath}" + ''; + + meta = { + description = "Password Gorilla is a Tk based password manager"; + homepage = "https://github.com/zdia/gorilla/wiki"; + maintainers = [ lib.maintainers.namore ]; + platforms = [ "x86_64-linux" ]; + license = lib.licenses.gpl2; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gosh/default.nix b/nixpkgs/pkgs/tools/security/gosh/default.nix new file mode 100644 index 000000000000..7d5cd7a15251 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gosh/default.nix @@ -0,0 +1,29 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "gosh"; + # https://github.com/redcode-labs/GoSH/issues/4 + version = "2020523-${lib.strings.substring 0 7 rev}"; + rev = "7ccb068279cded1121eacc5a962c14b2064a1859"; + + src = fetchFromGitHub { + owner = "redcode-labs"; + repo = "GoSH"; + inherit rev; + sha256 = "143ig0lqnkpnydhl8gnfzhg613x4wc38ibdbikkqwfyijlr6sgzd"; + }; + + vendorSha256 = "sha256-ITz6nkhttG6bsIZLsp03rcbEBHUQ7pFl4H6FOHTXIU4="; + + subPackages = [ "." ]; + + meta = with lib; { + description = "Reverse/bind shell generator"; + homepage = "https://github.com/redcode-labs/GoSH"; + license = licenses.mit; + maintainers = with maintainers; [ fab ] ++ teams.redcodelabs.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gospider/default.nix b/nixpkgs/pkgs/tools/security/gospider/default.nix new file mode 100644 index 000000000000..469be63a9024 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gospider/default.nix @@ -0,0 +1,33 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "gospider"; + version = "1.1.6"; + + src = fetchFromGitHub { + owner = "jaeles-project"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-1EnKheHaS1kxw0cjxCahT3rUWBXiqxjKefrDBI2xIvY="; + }; + + vendorSha256 = "sha256-egjjSEZH8F6UMbnkz3xytIzdW/oITB3RL1ddxrmvSZM="; + + # tests require internet access and API keys + doCheck = false; + + meta = with lib; { + description = "Fast web spider written in Go"; + longDescription = '' + GoSpider is a fast web crawler that parses sitemap.xml and robots.txt file. + It can generate and verify link from JavaScript files, extract URLs from + various sources and can detect subdomains from the response source. + ''; + homepage = "https://github.com/jaeles-project/gospider"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gotestwaf/default.nix b/nixpkgs/pkgs/tools/security/gotestwaf/default.nix new file mode 100644 index 000000000000..7783cbf4688f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gotestwaf/default.nix @@ -0,0 +1,30 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "gotestwaf"; + version = "0.3.1"; + + src = fetchFromGitHub { + owner = "wallarm"; + repo = pname; + rev = "v${version}"; + sha256 = "0c627bxx0mlxhc1fsd2k3x1lm5855pl215m88la662d70559z6k8"; + }; + + vendorSha256 = null; + + postFixup = '' + # Rename binary + mv $out/bin/cmd $out/bin/${pname} + ''; + + meta = with lib; { + description = "Tool for API and OWASP attack simulation"; + homepage = "https://github.com/wallarm/gotestwaf"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gpg-tui/default.nix b/nixpkgs/pkgs/tools/security/gpg-tui/default.nix new file mode 100644 index 000000000000..8e0fb95c7c43 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gpg-tui/default.nix @@ -0,0 +1,55 @@ +{ lib +, stdenv +, rustPlatform +, fetchFromGitHub +, gpgme +, libgpg-error +, libxcb +, libxkbcommon +, python3 +, AppKit +, Foundation +, libiconv +, libobjc +, libresolv +}: + +rustPlatform.buildRustPackage rec { + pname = "gpg-tui"; + version = "0.8.3"; + + src = fetchFromGitHub { + owner = "orhun"; + repo = "gpg-tui"; + rev = "v${version}"; + hash = "sha256-lqV09FEZAw1ir2cJr8ABhbgSoZoWnxhbxyA1HAufLQA="; + }; + + cargoHash = "sha256-RMF4/WJRcpHuXKMvDYAGaJxUazcpkQCpv//u5XOd9Dg="; + + nativeBuildInputs = [ + gpgme # for gpgme-config + libgpg-error # for gpg-error-config + python3 + ]; + + buildInputs = [ + gpgme + libgpg-error + libxcb + libxkbcommon + ] ++ lib.optionals stdenv.isDarwin [ + AppKit + Foundation + libiconv + libobjc + libresolv + ]; + + meta = with lib; { + description = "Terminal user interface for GnuPG"; + homepage = "https://github.com/orhun/gpg-tui"; + license = licenses.mit; + maintainers = with maintainers; [ dotlambda ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix new file mode 100644 index 000000000000..30206fab0eb9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -0,0 +1,71 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, installShellFiles +}: + +buildGoModule rec { + pname = "grype"; + version = "0.33.0"; + + src = fetchFromGitHub { + owner = "anchore"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-RXEeJZeC6hA6DetZnUNWFtNZEy4HJpxviL8pySBLfts="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + commit="$(git rev-parse HEAD)" + source_date_epoch=$(git log --date=format:'%Y-%m-%dT%H:%M:%SZ' -1 --pretty=%ad) + substituteInPlace "$out/internal/version/build.go" \ + --replace 'gitCommit = valueNotProvided' "gitCommit = \"$commit\"" \ + --replace 'buildDate = valueNotProvided' "buildDate = \"$source_date_epoch\"" + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; + }; + + vendorSha256 = "sha256-2T2fw1nOycP1LxUuMSmz1ke2bg4yox/tIAveXCNJG9Y="; + + nativeBuildInputs = [ + installShellFiles + ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/anchore/grype/internal/version.version=${version}" + "-X github.com/anchore/grype/internal/version.gitTreeState=clean" + ]; + + preBuild = '' + # grype version also displays the version of the syft library used + # we need to grab it from the go.sum and add an ldflag for it + SYFTVERSION="$(grep "github.com/anchore/syft" go.sum -m 1 | awk '{print $2}')" + ldflags+=" -X github.com/anchore/grype/internal/version.syftVersion=$SYFTVERSION" + ''; + + # Tests require a running Docker instance + doCheck = false; + + postInstall = '' + installShellCompletion --cmd grype \ + --bash <($out/bin/grype completion bash) \ + --fish <($out/bin/grype completion fish) \ + --zsh <($out/bin/grype completion zsh) + ''; + + meta = with lib; { + homepage = "https://github.com/anchore/grype"; + changelog = "https://github.com/anchore/grype/releases/tag/v${version}"; + description = "Vulnerability scanner for container images and filesystems"; + longDescription = '' + As a vulnerability scanner grype is able to scan the contents of a + container image or filesystem to find known vulnerabilities. + ''; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab jk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/haka/default.nix b/nixpkgs/pkgs/tools/security/haka/default.nix new file mode 100644 index 000000000000..3ea38e060407 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/haka/default.nix @@ -0,0 +1,36 @@ +{ lib, stdenv, fetchurl, cmake, swig, wireshark, check, rsync, libpcap, gawk, libedit, pcre, nixosTests }: + +let version = "0.3.0"; in + +stdenv.mkDerivation { + pname = "haka"; + inherit version; + + src = fetchurl { + name = "haka_${version}_source.tar.gz"; + url = "https://github.com/haka-security/haka/releases/download/v${version}/haka_${version}_source.tar.gz"; + sha256 = "0dm39g3k77sa70zrjsqadidg27a6iqq61jzfdxazpllnrw4mjy4w"; + }; + + NIX_CFLAGS_COMPILE = "-Wno-error"; + + preConfigure = '' + sed -i 's,/etc,'$out'/etc,' src/haka/haka.c + sed -i 's,/etc,'$out'/etc,' src/haka/CMakeLists.txt + sed -i 's,/opt/haka/etc,$out/opt/haka/etc,' src/haka/haka.1 + sed -i 's,/etc,'$out'/etc,' doc/user/tool_suite_haka.rst + ''; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ swig wireshark check rsync libpcap gawk libedit pcre ]; + + passthru.tests = { inherit (nixosTests) haka; }; + + meta = { + description = "A collection of tools that allows capturing TCP/IP packets and filtering them based on Lua policy files"; + homepage = "http://www.haka-security.org/"; + license = lib.licenses.mpl20; + maintainers = [ lib.maintainers.tvestelind ]; + platforms = [ "x86_64-linux" "i686-linux" ]; # fails on aarch64 + }; +} diff --git a/nixpkgs/pkgs/tools/security/hakrawler/default.nix b/nixpkgs/pkgs/tools/security/hakrawler/default.nix new file mode 100644 index 000000000000..0e2174e50ae5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hakrawler/default.nix @@ -0,0 +1,29 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "hakrawler"; + version = "2.0"; + + src = fetchFromGitHub { + owner = "hakluke"; + repo = "hakrawler"; + rev = version; + sha256 = "sha256-g0hJGRPLgnWAeB25iIw/JRANrYowfRtAniDD/yAQWYk="; + }; + + vendorSha256 = "sha256-VmMNUNThRP1jEAjZeJC4q1IvnQEDqoOM+7a0AnABQnU="; + + meta = with lib; { + description = "Web crawler for the discovery of endpoints and assets"; + homepage = "https://github.com/hakluke/hakrawler"; + longDescription = '' + Simple, fast web crawler designed for easy, quick discovery of endpoints + and assets within a web application. + ''; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hash-identifier/default.nix b/nixpkgs/pkgs/tools/security/hash-identifier/default.nix new file mode 100644 index 000000000000..5e9b49dd73db --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hash-identifier/default.nix @@ -0,0 +1,27 @@ +{ lib, fetchFromGitLab, python3Packages }: + +python3Packages.buildPythonApplication rec { + pname = "hash-identifier"; + version = "1.2"; + + src = fetchFromGitLab { + owner = "kalilinux"; + repo = "packages/hash-identifier"; + rev = "kali/${version}+git20180314-0kali1"; + sha256 = "1amz48ijwjjkccg6gmdn3ffnyp2p52ksagy4m9gy8l2v5wj3j32h"; + }; + + format = "other"; # no setup.py + + installPhase = '' + install -Dm0775 hash-id.py $out/bin/hash-identifier + ''; + + meta = with lib; { + description = "Software to identify the different types of hashes used to encrypt data and especially passwords."; + homepage = "https://github.com/blackploit/hash-identifier"; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ ethancedwards8 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hash-slinger/default.nix b/nixpkgs/pkgs/tools/security/hash-slinger/default.nix new file mode 100644 index 000000000000..e51d93e9d7fa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hash-slinger/default.nix @@ -0,0 +1,63 @@ +{ lib +, stdenv +, fetchFromGitHub +, python3 +, unbound +, libreswan +}: + +stdenv.mkDerivation rec { + pname = "hash-slinger"; + version = "3.1"; + + src = fetchFromGitHub { + owner = "letoams"; + repo = pname; + rev = version; + sha256 = "sha256-mhMUdZt846QjwRIh2m/4EE+93fUcCKc2FFeoFpzKYvk="; + }; + + pythonPath = with python3.pkgs; [ + dnspython + m2crypto + python-gnupg + pyunbound + ]; + + buildInputs = [ + python3.pkgs.wrapPython + ]; + + propagatedBuildInputs = [ + unbound + libreswan + ] ++ pythonPath; + + propagatedUserEnvPkgs = [ + unbound + libreswan + ]; + + postPatch = '' + substituteInPlace Makefile \ + --replace "$(DESTDIR)/usr" "$out" + substituteInPlace ipseckey \ + --replace "/usr/sbin/ipsec" "${libreswan}/sbin/ipsec" + substituteInPlace tlsa \ + --replace "/var/lib/unbound/root" "${python3.pkgs.pyunbound}/etc/pyunbound/root" + patchShebangs * + ''; + + installPhase = '' + mkdir -p $out/bin $out/man $out/lib/${python3.libPrefix}/site-packages + make install + wrapPythonPrograms + ''; + + meta = with lib; { + description = "Various tools to generate special DNS records"; + homepage = "https://github.com/letoams/hash-slinger"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ leenaars ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hash_extender/default.nix b/nixpkgs/pkgs/tools/security/hash_extender/default.nix new file mode 100644 index 000000000000..5baeb71ce899 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hash_extender/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub, openssl }: + +stdenv.mkDerivation { + pname = "hash_extender"; + version = "unstable-2020-03-24"; + + src = fetchFromGitHub { + owner = "iagox86"; + repo = "hash_extender"; + rev = "cb8aaee49f93e9c0d2f03eb3cafb429c9eed723d"; + sha256 = "1fj118566hr1wv03az2w0iqknazsqqkak0mvlcvwpgr6midjqi9b"; + }; + + buildInputs = [ openssl ]; + + doCheck = true; + checkPhase = "./hash_extender --test"; + + installPhase = '' + mkdir -p $out/bin + cp hash_extender $out/bin + ''; + + meta = with lib; { + description = "Tool to automate hash length extension attacks"; + homepage = "https://github.com/iagox86/hash_extender"; + license = licenses.bsd3; + maintainers = with maintainers; [ oxzi ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hashcash/default.nix b/nixpkgs/pkgs/tools/security/hashcash/default.nix new file mode 100644 index 000000000000..f86684178fcb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hashcash/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchurl, openssl }: + +stdenv.mkDerivation rec { + pname = "hashcash"; + version = "1.22"; + + buildInputs = [ openssl ]; + + src = fetchurl { + url = "http://www.hashcash.org/source/hashcash-${version}.tgz"; + sha256 = "15kqaimwb2y8wvzpn73021bvay9mz1gqqfc40gk4hj6f84nz34h1"; + }; + + makeFlags = [ + "generic-openssl" + "LIBCRYPTO=-lcrypto" + ]; + + installFlags = [ + "INSTALL_PATH=${placeholder "out"}/bin" + "MAN_INSTALL_PATH=${placeholder "out"}/share/man/man1" + "DOC_INSTALL_PATH=${placeholder "out"}/share/doc/hashcash-$(version)" + ]; + + meta = with lib; { + description = "Proof-of-work algorithm used as spam and denial-of-service counter measure"; + homepage = "http://hashcash.org"; + license = licenses.gpl2; + maintainers = with maintainers; [ kisonecat ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix b/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix new file mode 100644 index 000000000000..ccd6230b06f2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "hashcat-utils"; + version = "1.9"; + + src = fetchFromGitHub { + owner = "hashcat"; + repo = pname; + rev = "v${version}"; + sha256 = "0wgc6wv7i6cs95rgzzx3zqm14xxbjyajvcqylz8w97d8kk4x4wjr"; + }; + + sourceRoot = "source/src"; + + installPhase = '' + runHook preInstall + install -Dm0555 *.bin -t $out/bin + install -Dm0555 *.pl -t $out/bin + runHook postInstall + ''; + + meta = with lib; { + description = "Small utilities that are useful in advanced password cracking"; + homepage = "https://github.com/hashcat/hashcat-utils"; + license = licenses.mit; + platforms = platforms.unix; + maintainers = with maintainers; [ fadenb ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hashcat/default.nix b/nixpkgs/pkgs/tools/security/hashcat/default.nix new file mode 100644 index 000000000000..ed06ee992e4a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hashcat/default.nix @@ -0,0 +1,48 @@ +{ lib, stdenv +, fetchurl +, makeWrapper +, opencl-headers +, ocl-icd +, xxHash +}: + +stdenv.mkDerivation rec { + pname = "hashcat"; + version = "6.2.5"; + + src = fetchurl { + url = "https://hashcat.net/files/hashcat-${version}.tar.gz"; + sha256 = "sha256-b2iZ162Jlln3tDpNaAmFQ6tUbSFx+OUdaR0Iplk3iWk="; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ opencl-headers xxHash ]; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + "COMPTIME=1337" + "VERSION_TAG=${version}" + "USE_SYSTEM_OPENCL=1" + "USE_SYSTEM_XXHASH=1" + ]; + + preFixup = '' + for f in $out/share/hashcat/OpenCL/*.cl; do + # Rewrite files to be included for compilation at runtime for opencl offload + sed "s|#include \"\(.*\)\"|#include \"$out/share/hashcat/OpenCL/\1\"|g" -i "$f" + sed "s|#define COMPARE_\([SM]\) \"\(.*\.cl\)\"|#define COMPARE_\1 \"$out/share/hashcat/OpenCL/\2\"|g" -i "$f" + done + ''; + + postFixup = '' + wrapProgram $out/bin/hashcat --prefix LD_LIBRARY_PATH : ${ocl-icd}/lib + ''; + + meta = with lib; { + description = "Fast password cracker"; + homepage = "https://hashcat.net/hashcat/"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ kierdavis zimbatm ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hashdeep/default.nix b/nixpkgs/pkgs/tools/security/hashdeep/default.nix new file mode 100644 index 000000000000..0e24e0ec3a39 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hashdeep/default.nix @@ -0,0 +1,27 @@ +{ lib, stdenv, fetchFromGitHub, autoreconfHook }: + +stdenv.mkDerivation rec { + pname = "hashdeep"; + version = "4.4"; + + src = fetchFromGitHub { + owner = "jessek"; + repo = "hashdeep"; + rev = "release-${version}"; + sha256 = "0m2b042ndikavmplv3qjdhfj44hl1h8car83c192xi9nv5ahi7mf"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + meta = with lib; { + description = "A set of cross-platform tools to compute hashes"; + homepage = "https://github.com/jessek/hashdeep"; + license = licenses.gpl2; + maintainers = [ maintainers.karantan ]; + platforms = platforms.all; + # Build fails on Darwin: + # > ./xml.h:103:82: error: invalid suffix on literal; C++11 requires a space between literal and identifier [-Wreserved-user-defined-literal] + # > void xmlout(const std::string &tag,const int64_t value){ xmlprintf(tag,"","%"PRId64,value); } + broken = stdenv.isDarwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/haveged/default.nix b/nixpkgs/pkgs/tools/security/haveged/default.nix new file mode 100644 index 000000000000..2386bb90d1ac --- /dev/null +++ b/nixpkgs/pkgs/tools/security/haveged/default.nix @@ -0,0 +1,43 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "haveged"; + version = "1.9.17"; + + src = fetchFromGitHub { + owner = "jirka-h"; + repo = "haveged"; + rev = "v${version}"; + sha256 = "sha256-uVl+TZVMsf+9aRATQndYMK4l4JfOBvstd1O2nTHyMYU="; + }; + + strictDeps = true; + + postPatch = '' + patchShebangs ent # test shebang + ''; + + installFlags = [ + "sbindir=$(out)/bin" # no reason for us to have a $out/sbin, its just a symlink to $out/bin + ]; + + doCheck = true; + + meta = with lib; { + description = "A simple entropy daemon"; + longDescription = '' + The haveged project is an attempt to provide an easy-to-use, unpredictable + random number generator based upon an adaptation of the HAVEGE algorithm. + Haveged was created to remedy low-entropy conditions in the Linux random device + that can occur under some workloads, especially on headless servers. Current development + of haveged is directed towards improving overall reliability and adaptability while minimizing + the barriers to using haveged for other tasks. + ''; + homepage = "https://github.com/jirka-h/haveged"; + changelog = "https://raw.githubusercontent.com/jirka-h/haveged/v${version}/ChangeLog"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ domenkozar ]; + platforms = platforms.unix; + badPlatforms = platforms.darwin; # fails to build since v1.9.15 + }; +} diff --git a/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix b/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix new file mode 100644 index 000000000000..082ebac7f6f9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix @@ -0,0 +1,25 @@ +{ stdenv, lib, fetchFromGitHub, openssl }: + +stdenv.mkDerivation rec { + pname = "hcxdumptool"; + version = "6.1.4"; + + src = fetchFromGitHub { + owner = "ZerBea"; + repo = "hcxdumptool"; + rev = version; + sha256 = "14rwcchqpsxyzvk086d7wbi5qlcxj4jcmafzgvkwzrpbspqh8p24"; + }; + + buildInputs = [ openssl ]; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with lib; { + homepage = "https://github.com/ZerBea/hcxdumptool"; + description = "Small tool to capture packets from wlan devices"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ danielfullmer ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hcxtools/default.nix b/nixpkgs/pkgs/tools/security/hcxtools/default.nix new file mode 100644 index 000000000000..15abe8449eb0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hcxtools/default.nix @@ -0,0 +1,28 @@ +{ lib, stdenv, fetchFromGitHub, pkg-config, curl, openssl, zlib }: + +stdenv.mkDerivation rec { + pname = "hcxtools"; + version = "6.2.5"; + + src = fetchFromGitHub { + owner = "ZerBea"; + repo = pname; + rev = version; + sha256 = "sha256-f8QNP4ApBdgZooeWOs4Om2LtIFoiBbe1ZfCzokyzs0I="; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ curl openssl zlib ]; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + ]; + + meta = with lib; { + description = "Tools for capturing wlan traffic and conversion to hashcat and John the Ripper formats"; + homepage = "https://github.com/ZerBea/hcxtools"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ dywedir ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hfinger/default.nix b/nixpkgs/pkgs/tools/security/hfinger/default.nix new file mode 100644 index 000000000000..8116c222d077 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hfinger/default.nix @@ -0,0 +1,36 @@ +{ lib +, fetchFromGitHub +, python3 +, wireshark-cli +}: + +python3.pkgs.buildPythonApplication rec { + pname = "hfinger"; + version = "0.2.1"; + disabled = python3.pythonOlder "3.3"; + + src = fetchFromGitHub { + owner = "CERT-Polska"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-QKnrprDDBq+D8N1brkqgcfK4E+6ssvgPtRaSxkF0C84="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + fnvhash + python_magic + ] ++ [ + wireshark-cli + ]; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "hfinger" ]; + + meta = with lib; { + description = "Fingerprinting tool for HTTP requests"; + homepage = "https://github.com/CERT-Polska/hfinger"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hologram/default.nix b/nixpkgs/pkgs/tools/security/hologram/default.nix new file mode 100644 index 000000000000..ebb884378267 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hologram/default.nix @@ -0,0 +1,26 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "hologram"; + version = "unstable-2018-03-19"; + + src = fetchFromGitHub { + owner = "AdRoll"; + repo = "hologram"; + rev = "a7bab58642b530edb75b9cf6c1d834c85822ceac"; + sha256 = "00scryz8js6gbw8lp2y23qikbazz2dd992r97rqh0l1q4baa0ckn"; + }; + + goPackagePath = "github.com/AdRoll/hologram"; + + preConfigure = '' + sed -i 's|cacheTimeout != 3600|cacheTimeout != 0|' cmd/hologram-server/main.go + ''; + + meta = with lib; { + homepage = "https://github.com/AdRoll/hologram/"; + description = "Easy, painless AWS credentials on developer laptops"; + maintainers = with maintainers; [ ]; + license = licenses.asl20; + }; +} diff --git a/nixpkgs/pkgs/tools/security/honeytrap/default.nix b/nixpkgs/pkgs/tools/security/honeytrap/default.nix new file mode 100644 index 000000000000..735d5d69bd8a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/honeytrap/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: +buildGoModule { + pname = "honeytrap"; + version = "unstable-2020-12-10"; + + src = fetchFromGitHub { + owner = "honeytrap"; + repo = "honeytrap"; + rev = "affd7b21a5aa1b57f086e6871753cb98ce088d76"; + sha256 = "y1SWlBFgX3bFoSRGJ45DdC1DoIK5BfO9Vpi2h57wWtU="; + }; + + # Otherwise, will try to install a "scripts" binary; it's only used in + # dockerize.sh, which we don't care about. + subPackages = [ "." ]; + + vendorSha256 = "W8w66weYzCpZ+hmFyK2F6wdFz6aAZ9UxMhccNy1X1R8="; + + meta = with lib; { + description = "Advanced Honeypot framework"; + homepage = "https://github.com/honeytrap/honeytrap"; + license = licenses.asl20; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/honggfuzz/default.nix b/nixpkgs/pkgs/tools/security/honggfuzz/default.nix new file mode 100644 index 000000000000..7333c20fd7b8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/honggfuzz/default.nix @@ -0,0 +1,51 @@ +{ lib, stdenv, fetchFromGitHub, callPackage, makeWrapper, clang, llvm, libbfd +, libopcodes, libunwind, libblocksruntime }: + +let + honggfuzz = stdenv.mkDerivation rec { + pname = "honggfuzz"; + version = "2.5"; + + src = fetchFromGitHub { + owner = "google"; + repo = pname; + rev = version; + sha256 = "sha256-TkyUKmiiSAfCnfQhSOUxuce6+dRyMmHy7vFK59jPIxM="; + }; + + postPatch = '' + substituteInPlace hfuzz_cc/hfuzz-cc.c \ + --replace '"clang' '"${clang}/bin/clang' + ''; + + enableParallelBuilding = true; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ llvm ]; + propagatedBuildInputs = [ libbfd libopcodes libunwind libblocksruntime ]; + + makeFlags = [ "PREFIX=$(out)" ]; + + meta = { + description = + "A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer"; + longDescription = '' + Honggfuzz is a security oriented, feedback-driven, evolutionary, + easy-to-use fuzzer with interesting analysis options. It is + multi-process and multi-threaded, blazingly fast when the persistent + fuzzing mode is used and has a solid track record of uncovered security + bugs. + + Honggfuzz uses low-level interfaces to monitor processes and it will + discover and report hijacked/ignored signals from crashes. Feed it + a simple corpus directory (can even be empty for the feedback-driven + fuzzing), and it will work its way up, expanding it by utilizing + feedback-based coverage metrics. + ''; + homepage = "https://honggfuzz.dev/"; + license = lib.licenses.asl20; + platforms = [ "x86_64-linux" ]; + maintainers = with lib.maintainers; [ cpu ]; + }; + }; +in honggfuzz diff --git a/nixpkgs/pkgs/tools/security/httpdump/default.nix b/nixpkgs/pkgs/tools/security/httpdump/default.nix new file mode 100644 index 000000000000..c2e5a62969be --- /dev/null +++ b/nixpkgs/pkgs/tools/security/httpdump/default.nix @@ -0,0 +1,29 @@ +{ buildGoModule +, fetchFromGitHub +, lib +, libpcap +}: + +buildGoModule rec { + pname = "httpdump"; + version = "20210126-${lib.strings.substring 0 7 rev}"; + rev = "d2e0deadca5f9ec2544cb252da3c450966d1860e"; + + src = fetchFromGitHub { + owner = "hsiafan"; + repo = pname; + inherit rev; + sha256 = "0yh8kxy1k23lln09b614limwk9y59r7cn5qhbnzc06ga4mxfczv2"; + }; + + vendorSha256 = "0lb1p63lzn1ngj54bar9add7w0azvgcq3azhv9c5glk3ykv9c3iy"; + + propagatedBuildInputs = [ libpcap ]; + + meta = with lib; { + description = "Parse and display HTTP traffic from network device or pcap file"; + homepage = "https://github.com/hsiafan/httpdump"; + license = with licenses; [ bsd2 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/httpx/default.nix b/nixpkgs/pkgs/tools/security/httpx/default.nix new file mode 100644 index 000000000000..1e57679b4ad4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/httpx/default.nix @@ -0,0 +1,30 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "httpx"; + version = "1.1.5"; + + src = fetchFromGitHub { + owner = "projectdiscovery"; + repo = "httpx"; + rev = "v${version}"; + sha256 = "sha256-XA099gBp52g0RUbbFSE8uFa7gh56bO8H66KaFAtK1RU="; + }; + + vendorSha256 = "sha256-Qx0QaPKpEq4U+G3qdfMN4EVyY5zI2SyzcK/U6o6loHE="; + + meta = with lib; { + description = "Fast and multi-purpose HTTP toolkit"; + longDescription = '' + httpx is a fast and multi-purpose HTTP toolkit allow to run multiple + probers using retryablehttp library, it is designed to maintain the + result reliability with increased threads. + ''; + homepage = "https://github.com/projectdiscovery/httpx"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix b/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix new file mode 100644 index 000000000000..c5b738678aa2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchurl, fetchpatch, lib, openssl }: + +stdenv.mkDerivation rec { + pname = "ibm-sw-tpm2"; + version = "1661"; + + src = fetchurl { + url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz"; + sha256 = "sha256-VRRZKK0rJPNL5qDqz5+0kuEODqkZuEKMch+pcOhdYUc="; + }; + + patches = [ + (fetchpatch { + url = "https://github.com/kgoldman/ibmswtpm2/commit/e6684009aff9c1bad38875e3319c2e02ef791424.patch"; + sha256 = "1flzlri807c88agmpb0w8xvh5f16mmqv86xw4ic4z272iynzd40j"; + }) + ]; + + patchFlags = [ "-p2" ]; + + buildInputs = [ openssl ]; + + sourceRoot = "src"; + + prePatch = '' + # Fix hardcoded path to GCC. + substituteInPlace makefile --replace /usr/bin/gcc "${stdenv.cc}/bin/cc" + + # Remove problematic default CFLAGS. + substituteInPlace makefile \ + --replace -Werror "" \ + --replace -O0 "" \ + --replace -ggdb "" + ''; + + installPhase = '' + mkdir -p $out/bin + cp tpm_server $out/bin + ''; + + meta = with lib; { + description = "IBM's Software TPM 2.0, an implementation of the TCG TPM 2.0 specification"; + homepage = "https://sourceforge.net/projects/ibmswtpm2/"; + platforms = platforms.linux; + maintainers = with maintainers; [ delroth ]; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ic-keysmith/default.nix b/nixpkgs/pkgs/tools/security/ic-keysmith/default.nix new file mode 100644 index 000000000000..9e480d64d18e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ic-keysmith/default.nix @@ -0,0 +1,22 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "keysmith"; + version = "1.6.0"; + + src = fetchFromGitHub { + owner = "dfinity"; + repo = "keysmith"; + rev = "v${version}"; + sha256 = "1z0sxirk71yabgilq8v5lz4nd2bbm1xyrd5zppif8k9jqhr6v3v3"; + }; + + vendorSha256 = "1p0r15ihmnmrybf12cycbav80sdj2dv2kry66f4hjfjn6k8zb0dc"; + + meta = with lib; { + description = "Hierarchical Deterministic Key Derivation for the Internet Computer"; + homepage = "https://github.com/dfinity/keysmith"; + license = licenses.mit; + maintainers = with maintainers; [ imalison ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ifdnfc/default.nix b/nixpkgs/pkgs/tools/security/ifdnfc/default.nix new file mode 100644 index 000000000000..34c140023ac2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ifdnfc/default.nix @@ -0,0 +1,45 @@ +{ lib, stdenv, fetchFromGitHub , pkg-config +, pcsclite +, autoreconfHook +, libnfc +}: + +stdenv.mkDerivation { + pname = "ifdnfc"; + version = "2016-03-01"; + + src = fetchFromGitHub { + owner = "nfc-tools"; + repo = "ifdnfc"; + rev = "0e48e8e"; + sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg"; + }; + nativeBuildInputs = [ pkg-config autoreconfHook ]; + buildInputs = [ pcsclite libnfc ]; + + configureFlags = [ "--prefix=$(out)" ]; + makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ]; + + meta = with lib; { + description = "PC/SC IFD Handler based on libnfc"; + longDescription = + '' libnfc Interface Plugin to be used in <code>services.pcscd.plugins</code>. + It provides support for all readers which are not supported by ccid but by libnfc. + + For activating your reader you need to run + <code>ifdnfc-activate yes<code> with this package in your + <code>environment.systemPackages</code> + + To use your reader you may need to blacklist your reader kernel modules: + <code>boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ];</code> + + Supports the pn533 smart-card reader chip which is for example used in + the SCM SCL3711. + ''; + homepage = "https://github.com/nfc-tools/ifdnfc"; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ makefu ]; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/ike-scan/default.nix b/nixpkgs/pkgs/tools/security/ike-scan/default.nix new file mode 100644 index 000000000000..15d201fa3270 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ike-scan/default.nix @@ -0,0 +1,49 @@ +{ lib +, autoconf +, automake +, autoreconfHook +, fetchFromGitHub +, fetchpatch +, openssl +, stdenv +}: + +stdenv.mkDerivation rec { + pname = "ike-scan"; + version = "1.9.5"; + + src = fetchFromGitHub { + owner = "royhills"; + repo = pname; + rev = version; + sha256 = "sha256-mbfg8p3y4aKoXpmLuF9GXAMPEqV5CsvetwGCRDJ9UNY="; + }; + + nativeBuildInputs = [ + autoreconfHook + openssl + ]; + + configureFlags = [ "--with-openssl=${openssl.dev}" ]; + + patches = [ + # Using the same patches as for the Fedora RPM + (fetchpatch { + # Memory leaks, https://github.com/royhills/ike-scan/pull/15 + url = "https://github.com/royhills/ike-scan/pull/15/commits/d864811de08dcddd65ac9b8d0f2acf5d7ddb9dea.patch"; + sha256 = "0wbrq89dl8js7cdivd0c45hckmflan33cpgc3qm5s3az6r4mjljm"; + }) + ]; + + meta = with lib; { + description = "Tool to discover, fingerprint and test IPsec VPN servers"; + longDescription = '' + ike-scan is a command-line tool that uses the IKE protocol to discover, + fingerprint and test IPsec VPN servers. + ''; + homepage = "https://github.com/royhills/ike-scan"; + license = with licenses; [ gpl3Plus ]; + platforms = platforms.linux; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/inql/default.nix b/nixpkgs/pkgs/tools/security/inql/default.nix new file mode 100644 index 000000000000..28abbe075bf4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/inql/default.nix @@ -0,0 +1,34 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "inql"; + version = "4.0.5"; + + src = fetchFromGitHub { + owner = "doyensec"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-0LPJMCg7F9kcPcq4jkADdCPNLfRThXu8QHy4qOn7+QU="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + stickytape + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "inql" + ]; + + meta = with lib; { + description = "Security testing tool for GraphQL"; + homepage = "https://github.com/doyensec/inql"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ioccheck/default.nix b/nixpkgs/pkgs/tools/security/ioccheck/default.nix new file mode 100644 index 000000000000..e936ab025fad --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ioccheck/default.nix @@ -0,0 +1,80 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +let + py = python3.override { + packageOverrides = self: super: { + + # Support for later tweepy releases is missing + # https://github.com/ranguli/ioccheck/issues/70 + tweepy = super.tweepy.overridePythonAttrs (oldAttrs: rec { + version = "3.10.0"; + + src = fetchFromGitHub { + owner = "tweepy"; + repo = "tweepy"; + rev = "v${version}"; + sha256 = "0k4bdlwjna6f1k19jki4xqgckrinkkw8b9wihzymr1l04rwd05nw"; + }; + doCheck = false; + }); + }; + }; +in +with py.pkgs; + +buildPythonApplication rec { + pname = "ioccheck"; + version = "unstable-2021-09-29"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "ranguli"; + repo = pname; + rev = "db02d921e2519b77523a200ca2d78417802463db"; + sha256 = "0lgqypcd5lzb2yqd5lr02pba24m26ghly4immxgz13svi8f6vzm9"; + }; + + nativeBuildInputs = with py.pkgs; [ + poetry-core + ]; + + propagatedBuildInputs = with py.pkgs; [ + backoff + click + emoji + jinja2 + pyfiglet + ratelimit + requests + shodan + tabulate + termcolor + tweepy + vt-py + ]; + + checkInputs = with py.pkgs; [ + pytestCheckHook + ]; + + postPatch = '' + # Can be removed with the next release + substituteInPlace pyproject.toml \ + --replace '"hurry.filesize" = "^0.9"' "" \ + --replace 'vt-py = ">=0.6.1,<0.8.0"' 'vt-py = ">=0.6.1"' + ''; + + pythonImportsCheck = [ + "ioccheck" + ]; + + meta = with lib; { + description = "Tool for researching IOCs"; + homepage = "https://github.com/ranguli/ioccheck"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ipscan/default.nix b/nixpkgs/pkgs/tools/security/ipscan/default.nix new file mode 100644 index 000000000000..1d1d4797a9bb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ipscan/default.nix @@ -0,0 +1,41 @@ +{ lib, stdenv, fetchurl, jdk, jre, swt, makeWrapper, xorg, dpkg }: + +stdenv.mkDerivation rec { + pname = "ipscan"; + version = "3.8.2"; + + src = fetchurl { + url = "https://github.com/angryip/ipscan/releases/download/${version}/ipscan_${version}_all.deb"; + sha256 = "sha256-064V1KnMXBnjgM6mBrwkezdl+Tko3Xri0D4fCk9iPbk="; + }; + + sourceRoot = "."; + unpackCmd = "${dpkg}/bin/dpkg-deb -x $src ."; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ jdk ]; + + installPhase = '' + mkdir -p $out/share + cp usr/lib/ipscan/ipscan-any-${version}.jar $out/share/${pname}-${version}.jar + + makeWrapper ${jre}/bin/java $out/bin/ipscan \ + --prefix LD_LIBRARY_PATH : "$out/lib/:${lib.makeLibraryPath [ swt xorg.libXtst ]}" \ + --add-flags "-Xmx256m -cp $out/share/${pname}-${version}.jar:${swt}/jars/swt.jar net.azib.ipscan.Main" + + mkdir -p $out/share/applications + cp usr/share/applications/ipscan.desktop $out/share/applications/ipscan.desktop + substituteInPlace $out/share/applications/ipscan.desktop --replace "/usr/bin" "$out/bin" + + mkdir -p $out/share/pixmaps + cp usr/share/pixmaps/ipscan.png $out/share/pixmaps/ipscan.png + ''; + + meta = with lib; { + description = "Fast and friendly network scanner"; + homepage = "https://angryip.org"; + license = licenses.gpl2; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ kylesferrazza ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/jadx/default.nix b/nixpkgs/pkgs/tools/security/jadx/default.nix new file mode 100644 index 000000000000..eae06ea64910 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/jadx/default.nix @@ -0,0 +1,110 @@ +{ lib, stdenv, fetchFromGitHub, gradle, jdk, makeWrapper, perl }: + +let + pname = "jadx"; + version = "1.3.2"; + + src = fetchFromGitHub { + owner = "skylot"; + repo = pname; + rev = "v${version}"; + hash = "sha256-5meBBBijX49EQc9VejySwiIKsyCBEKGKIXvH7en6XuU="; + }; + + deps = stdenv.mkDerivation { + name = "${pname}-deps"; + inherit src; + + nativeBuildInputs = [ gradle jdk perl ]; + + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d) + export JADX_VERSION=${version} + gradle --no-daemon jar + + # Apparently, Gradle won't cache the `compileOnlyApi` dependency + # `org.jetbrains:annotations:22.0.0` which is defined in + # `io.github.skylot:raung-common`. To make it available in the + # output, we patch `build.gradle` and run Gradle again. + substituteInPlace build.gradle \ + --replace 'org.jetbrains:annotations:23.0.0' 'org.jetbrains:annotations:22.0.0' + gradle --no-daemon jar + ''; + + # Mavenize dependency paths + # e.g. org.codehaus.groovy/groovy/2.4.0/{hash}/groovy-2.4.0.jar -> org/codehaus/groovy/groovy/2.4.0/groovy-2.4.0.jar + installPhase = '' + find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \ + | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \ + | sh + ''; + + outputHashMode = "recursive"; + outputHash = "sha256-t+CkjoZqWqphxbg/4E3/7U8nKoV0AlITyRScLN8x6yY="; + }; +in stdenv.mkDerivation { + inherit pname version src; + + nativeBuildInputs = [ gradle jdk makeWrapper ]; + + buildPhase = '' + # The installDist Gradle build phase tries to copy some dependency .jar + # files multiple times into the build directory. This ends up failing when + # the dependencies are read directly from the Nix store since they are not + # marked as chmod +w. To work around this, get a local copy of the + # dependency store, and give write permissions. + depsDir=$(mktemp -d) + cp -R ${deps}/* $depsDir + chmod -R u+w $depsDir + + gradleInit=$(mktemp) + cat >$gradleInit <<EOF + gradle.projectsLoaded { + rootProject.allprojects { + buildscript { + repositories { + clear() + maven { url '$depsDir' } + } + } + repositories { + clear() + maven { url '$depsDir' } + } + } + } + + settingsEvaluated { settings -> + settings.pluginManagement { + repositories { + maven { url '$depsDir' } + } + } + } + EOF + + export GRADLE_USER_HOME=$(mktemp -d) + export JADX_VERSION=${version} + gradle --offline --no-daemon --info --init-script $gradleInit pack + ''; + + installPhase = '' + mkdir $out $out/bin + cp -R build/jadx/lib $out + for prog in jadx jadx-gui; do + cp build/jadx/bin/$prog $out/bin + wrapProgram $out/bin/$prog --set JAVA_HOME ${jdk.home} + done + ''; + + meta = with lib; { + description = "Dex to Java decompiler"; + longDescription = '' + Command line and GUI tools for produce Java source code from Android Dex + and Apk files. + ''; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ delroth ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/jaeles/default.nix b/nixpkgs/pkgs/tools/security/jaeles/default.nix new file mode 100644 index 000000000000..4580f08248d2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/jaeles/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "jaeles"; + version = "0.17"; + + src = fetchFromGitHub { + owner = "jaeles-project"; + repo = pname; + rev = "beta-v${version}"; + hash = "sha256-IGB+TYMOOO7fvRfDe9y+JSXuDSMDVJK+N4hS+kezG48="; + }; + + vendorSha256 = "sha256-R2cP5zNuGUs0/KeaGhbQm1m5gVBVhpcFrS/jsph3EBk="; + + # Tests want to download signatures + doCheck = false; + + meta = with lib; { + description = "Tool for automated Web application testing"; + homepage = "https://github.com/jaeles-project/jaeles"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/jd-gui/default.nix b/nixpkgs/pkgs/tools/security/jd-gui/default.nix new file mode 100644 index 000000000000..046abed36f0c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/jd-gui/default.nix @@ -0,0 +1,109 @@ +{ lib, stdenv, fetchFromGitHub, jre, jdk, gradle_5, makeDesktopItem, copyDesktopItems, perl, writeText, runtimeShell }: + +let + pname = "jd-gui"; + version = "1.6.6"; + + src = fetchFromGitHub { + owner = "java-decompiler"; + repo = pname; + rev = "v${version}"; + sha256 = "010bd3q2m4jy4qz5ahdx86b5f558s068gbjlbpdhq3bhh4yrjy20"; + }; + + deps = stdenv.mkDerivation { + name = "${pname}-deps"; + inherit src; + + nativeBuildInputs = [ jdk perl gradle_5 ]; + + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d); + gradle --no-daemon jar + ''; + + # Mavenize dependency paths + # e.g. org.codehaus.groovy/groovy/2.4.0/{hash}/groovy-2.4.0.jar -> org/codehaus/groovy/groovy/2.4.0/groovy-2.4.0.jar + installPhase = '' + find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \ + | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \ + | sh + ''; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "1qil12s0daxpxj5xj5dj6s2k89is0kiir2vcafkm3lasc41acmk3"; + }; + + # Point to our local deps repo + gradleInit = writeText "init.gradle" '' + logger.lifecycle 'Replacing Maven repositories with ${deps}...' + + gradle.projectsLoaded { + rootProject.allprojects { + buildscript { + repositories { + clear() + maven { url '${deps}' } + } + } + repositories { + clear() + maven { url '${deps}' } + } + } + } + ''; + + desktopItem = makeDesktopItem { + name = "jd-gui"; + exec = "jd-gui %F"; + icon = "jd-gui"; + comment = "Java Decompiler JD-GUI"; + desktopName = "JD-GUI"; + genericName = "Java Decompiler"; + mimeType = "application/java;application/java-vm;application/java-archive"; + categories = "Development;Debugger;"; + extraEntries="StartupWMClass=org-jd-gui-App"; + }; + +in stdenv.mkDerivation rec { + inherit pname version src; + name = "${pname}-${version}"; + + nativeBuildInputs = [ jdk gradle_5 copyDesktopItems ]; + + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d) + gradle --offline --no-daemon --info --init-script ${gradleInit} jar + ''; + + installPhase = let + jar = "$out/share/jd-gui/${name}.jar"; + in '' + runHook preInstall + + mkdir -p $out/bin $out/share/{jd-gui,icons/hicolor/128x128/apps} + cp build/libs/${name}.jar ${jar} + cp src/linux/resources/jd_icon_128.png $out/share/icons/hicolor/128x128/apps/jd-gui.png + + cat > $out/bin/jd-gui <<EOF + #!${runtimeShell} + export JAVA_HOME=${jre} + exec ${jre}/bin/java -jar ${jar} "\$@" + EOF + chmod +x $out/bin/jd-gui + + runHook postInstall + ''; + + desktopItems = [ desktopItem ]; + + meta = with lib; { + description = "Fast Java Decompiler with powerful GUI"; + homepage = "https://java-decompiler.github.io/"; + license = licenses.gpl3; + platforms = platforms.unix; + maintainers = [ maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/john/default.nix b/nixpkgs/pkgs/tools/security/john/default.nix new file mode 100644 index 000000000000..be6514630f56 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/john/default.nix @@ -0,0 +1,77 @@ +{ lib, stdenv, fetchurl, openssl, nss, nspr, libkrb5, gmp, zlib, libpcap, re2 +, gcc, python3Packages, perl, perlPackages, makeWrapper +}: + +with lib; + +stdenv.mkDerivation rec { + pname = "john"; + version = "1.9.0-jumbo-1"; + + src = fetchurl { + url = "http://www.openwall.com/john/k/${pname}-${version}.tar.xz"; + sha256 = "0fvz3v41hnaiv1ggpxanfykyfjq79cwp9qcqqn63vic357w27lgm"; + }; + + postPatch = '' + sed -ri -e ' + s!^(#define\s+CFG_[A-Z]+_NAME\s+).*/!\1"'"$out"'/etc/john/! + /^#define\s+JOHN_SYSTEMWIDE/s!/usr!'"$out"'! + ' src/params.h + sed -ri -e '/^\.include/ { + s!\$JOHN!'"$out"'/etc/john! + s!^(\.include\s*)<([^./]+\.conf)>!\1"'"$out"'/etc/john/\2"! + }' run/*.conf + ''; + + preConfigure = '' + cd src + # Makefile.in depends on AS and LD being set to CC, which is set by default in configure.ac. + # This ensures we override the environment variables set in cc-wrapper/setup-hook.sh + export AS=$CC + export LD=$CC + ''; + configureFlags = [ + "--disable-native-tests" + "--with-systemwide" + ]; + + buildInputs = [ openssl nss nspr libkrb5 gmp zlib libpcap re2 ]; + nativeBuildInputs = [ gcc python3Packages.wrapPython perl makeWrapper ]; + propagatedBuildInputs = (with python3Packages; [ dpkt scapy lxml ]) ++ # For pcap2john.py + (with perlPackages; [ DigestMD4 DigestSHA1 GetoptLong # For pass_gen.pl + CompressRawLzma # For 7z2john.pl + perlldap ]); # For sha-dump.pl + # TODO: Get dependencies for radius2john.pl and lion2john-alt.pl + + # gcc -DAC_BUILT -Wall vncpcap2john.o memdbg.o -g -lpcap -fopenmp -o ../run/vncpcap2john + # gcc: error: memdbg.o: No such file or directory + enableParallelBuilding = false; + + postInstall = '' + mkdir -p "$out/bin" "$out/etc/john" "$out/share/john" "$out/share/doc/john" "$out/share/john/rules" "$out/${perlPackages.perl.libPrefix}" + find -L ../run -mindepth 1 -maxdepth 1 -type f -executable \ + -exec cp -d {} "$out/bin" \; + cp -vt "$out/etc/john" ../run/*.conf + cp -vt "$out/share/john" ../run/*.chr ../run/password.lst + cp -vt "$out/share/john/rules" ../run/rules/*.rule + cp -vrt "$out/share/doc/john" ../doc/* + cp -vt "$out/${perlPackages.perl.libPrefix}" ../run/lib/* + ''; + + postFixup = '' + wrapPythonPrograms + + for i in $out/bin/*.pl; do + wrapProgram "$i" --prefix PERL5LIB : "$PERL5LIB:$out/${perlPackages.perl.libPrefix}" + done + ''; + + meta = { + description = "John the Ripper password cracker"; + license = licenses.gpl2; + homepage = "https://github.com/magnumripper/JohnTheRipper/"; + maintainers = with maintainers; [ offline matthewbauer ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix new file mode 100644 index 000000000000..77e5ce08913e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchFromGitHub, rustPlatform, Security, fetchpatch }: + +rustPlatform.buildRustPackage rec { + pname = "jwt-cli"; + version = "5.0.2"; + + src = fetchFromGitHub { + owner = "mike-engel"; + repo = pname; + rev = version; + sha256 = "0w7fqmh8gihknvdamnq1n519253d4lxrpv378jajca9x906rqy1r"; + }; + + cargoSha256 = "0b7m23azy8cb8d5wkawnw6nv8k7lfnfwc06swmbkfvg8vcxfsacs"; + + buildInputs = lib.optional stdenv.isDarwin Security; + + doInstallCheck = true; + installCheckPhase = '' + $out/bin/jwt --version > /dev/null + $out/bin/jwt decode eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c \ + | grep -q 'John Doe' + ''; + + meta = with lib; { + description = "Super fast CLI tool to decode and encode JWTs"; + homepage = "https://github.com/mike-engel/jwt-cli"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ rycee ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kbs2/default.nix b/nixpkgs/pkgs/tools/security/kbs2/default.nix new file mode 100644 index 000000000000..beaa06fd8360 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kbs2/default.nix @@ -0,0 +1,46 @@ +{ lib, stdenv, rustPlatform, fetchFromGitHub, installShellFiles, python3, libxcb, AppKit, libiconv }: + +rustPlatform.buildRustPackage rec { + pname = "kbs2"; + version = "0.5.1"; + + src = fetchFromGitHub { + owner = "woodruffw"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-GKjumkeo7aAYaECa6NoXCiXU2kqekBX3wCysRz8seW4="; + }; + + cargoSha256 = "sha256-rJ110kd18V2VGj0AHix3/vI09FG2kJ+TTOYKIthIrjQ="; + + nativeBuildInputs = [ installShellFiles ] + ++ lib.optionals stdenv.isLinux [ python3 ]; + + buildInputs = [ ] + ++ lib.optionals stdenv.isLinux [ libxcb ] + ++ lib.optionals stdenv.isDarwin [ AppKit libiconv ]; + + preCheck = '' + export HOME=$TMPDIR + ''; + + checkFlags = [ "--skip=kbs2::config::tests::test_find_config_dir" ] + ++ lib.optionals stdenv.isDarwin [ "--skip=test_ragelib_rewrap_keyfile" ]; + + postInstall = '' + mkdir -p $out/share/kbs2 + cp -r contrib/ $out/share/kbs2 + for shell in bash fish zsh; do + $out/bin/kbs2 --completions $shell > kbs2.$shell + installShellCompletion kbs2.$shell + done + ''; + + meta = with lib; { + description = "A secret manager backed by age"; + homepage = "https://github.com/woodruffw/kbs2"; + changelog = "https://github.com/woodruffw/kbs2/blob/v${version}/CHANGELOG.md"; + license = licenses.mit; + maintainers = [ maintainers.marsam ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kerbrute/default.nix b/nixpkgs/pkgs/tools/security/kerbrute/default.nix new file mode 100644 index 000000000000..997f3b63437e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kerbrute/default.nix @@ -0,0 +1,29 @@ +{ lib, python3 }: + +python3.pkgs.buildPythonApplication rec { + pname = "kerbrute"; + version = "0.0.2"; + + src = python3.pkgs.fetchPypi { + inherit pname version; + sha256 = "sha256-ok/yttRSkCaEdV4aM2670qERjgDBll6Oi3L5TV5YEEA="; + }; + + # This package does not have any tests + doCheck = false; + + propagatedBuildInputs = with python3.pkgs; [ + impacket + ]; + + installChechPhase = '' + $out/bin/kerbrute --version + ''; + + meta = { + homepage = "https://github.com/TarlogicSecurity/kerbrute"; + description = "Kerberos bruteforce utility"; + license = lib.licenses.gpl3Only; + maintainers = with lib.maintainers; [ applePrincess ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/keybase/default.nix b/nixpkgs/pkgs/tools/security/keybase/default.nix new file mode 100644 index 000000000000..1f53dc2a8aec --- /dev/null +++ b/nixpkgs/pkgs/tools/security/keybase/default.nix @@ -0,0 +1,42 @@ +{ stdenv, substituteAll, lib, buildGoModule, fetchFromGitHub +, AVFoundation, AudioToolbox, ImageIO, CoreMedia +, Foundation, CoreGraphics, MediaToolbox, gnupg +}: + +buildGoModule rec { + pname = "keybase"; + version = "5.9.3"; + + modRoot = "go"; + subPackages = [ "kbnm" "keybase" ]; + + dontRenameImports = true; + + src = fetchFromGitHub { + owner = "keybase"; + repo = "client"; + rev = "v${version}"; + sha256 = "sha256-vPQ1hBd33DwsW0b79kNH1yd7mrwkoftIYFgmMVxC+78="; + }; + vendorSha256 = "sha256-ckAnSSSEF00gbgxnPAi2Pi8TNu3nmAahK7TP6HnfmNo="; + + patches = [ + (substituteAll { + src = ./fix-paths-keybase.patch; + gpg = "${gnupg}/bin/gpg"; + gpg2 = "${gnupg}/bin/gpg2"; + }) + ]; + + buildInputs = lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ]; + tags = [ "production" ]; + ldflags = [ "-s" "-w" ]; + + meta = with lib; { + homepage = "https://www.keybase.io/"; + description = "The Keybase official command-line utility and service"; + platforms = platforms.linux ++ platforms.darwin; + maintainers = with maintainers; [ avaq carlsverre np rvolosatovs Br1ght0ne shofius ]; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/keybase/fix-paths-keybase.patch b/nixpkgs/pkgs/tools/security/keybase/fix-paths-keybase.patch new file mode 100644 index 000000000000..b3de7bbb530d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/keybase/fix-paths-keybase.patch @@ -0,0 +1,16 @@ +diff --git a/go/libkb/gpg_cli.go b/go/libkb/gpg_cli.go +index 3c7c6257..ae8f7e2f 100644 +--- a/go/libkb/gpg_cli.go ++++ b/go/libkb/gpg_cli.go +@@ -54,9 +54,9 @@ func (g *GpgCLI) Configure(mctx MetaContext) (err error) { + if len(prog) > 0 { + err = canExec(prog) + } else { +- prog, err = exec.LookPath("gpg2") ++ prog, err = exec.LookPath("@gpg2@") + if err != nil { +- prog, err = exec.LookPath("gpg") ++ prog, err = exec.LookPath("@gpg@") + } + } + if err != nil { diff --git a/nixpkgs/pkgs/tools/security/keybase/gui.nix b/nixpkgs/pkgs/tools/security/keybase/gui.nix new file mode 100644 index 000000000000..d5f04099f756 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/keybase/gui.nix @@ -0,0 +1,116 @@ +{ stdenv, lib, fetchurl, alsa-lib, atk, cairo, cups, udev, libdrm, mesa +, dbus, expat, fontconfig, freetype, gdk-pixbuf, glib, gtk3, libappindicator-gtk3 +, libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook +, runtimeShell, gsettings-desktop-schemas }: + +let + versionSuffix = "20220120174718.95a3939b3a"; +in + +stdenv.mkDerivation rec { + pname = "keybase-gui"; + version = "5.9.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + + src = fetchurl { + url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; + sha256 = "sha256-Wdl5pZFIz+mDkkE0EDpLGH/eGWYoBbLV05LYJgkwpI4="; + }; + + nativeBuildInputs = [ + autoPatchelfHook + wrapGAppsHook + ]; + + buildInputs = [ + alsa-lib + atk + cairo + cups + dbus + expat + fontconfig + freetype + gdk-pixbuf + glib + gsettings-desktop-schemas + gtk3 + libappindicator-gtk3 + libnotify + nspr + nss + pango + systemd + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libxcb + libdrm + mesa.out + ]; + + runtimeDependencies = [ + (lib.getLib udev) + libappindicator-gtk3 + ]; + + dontBuild = true; + dontConfigure = true; + dontPatchELF = true; + + unpackPhase = '' + ar xf $src + tar xf data.tar.xz + ''; + + installPhase = '' + mkdir -p $out/bin + mv usr/share $out/share + mv opt/keybase $out/share/ + + cat > $out/bin/keybase-gui <<EOF + #!${runtimeShell} + + checkFailed() { + if [ "\$NIX_SKIP_KEYBASE_CHECKS" = "1" ]; then + return + fi + echo "Set NIX_SKIP_KEYBASE_CHECKS=1 if you want to skip this check." >&2 + exit 1 + } + + if [ ! -S "\$XDG_RUNTIME_DIR/keybase/keybased.sock" ]; then + echo "Keybase service doesn't seem to be running." >&2 + echo "You might need to run: keybase service" >&2 + checkFailed + fi + + if [ -z "\$(keybase status | grep kbfsfuse)" ]; then + echo "Could not find kbfsfuse client in keybase status." >&2 + echo "You might need to run: kbfsfuse" >&2 + checkFailed + fi + + exec $out/share/keybase/Keybase "\$@" + EOF + chmod +x $out/bin/keybase-gui + + substituteInPlace $out/share/applications/keybase.desktop \ + --replace run_keybase $out/bin/keybase-gui + ''; + + meta = with lib; { + homepage = "https://www.keybase.io/"; + description = "The Keybase official GUI"; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ avaq rvolosatovs puffnfresh np Br1ght0ne shofius ]; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/keybase/kbfs.nix b/nixpkgs/pkgs/tools/security/keybase/kbfs.nix new file mode 100644 index 000000000000..52fedf3feef4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/keybase/kbfs.nix @@ -0,0 +1,21 @@ +{ lib, buildGoModule, fetchFromGitHub, keybase }: + +buildGoModule { + pname = "kbfs"; + + inherit (keybase) src version vendorSha256; + + modRoot = "go"; + subPackages = [ "kbfs/kbfsfuse" "kbfs/redirector" "kbfs/kbfsgit/git-remote-keybase" ]; + + tags = [ "production" ]; + ldflags = [ "-s" "-w" ]; + + meta = with lib; { + homepage = "https://keybase.io/docs/kbfs"; + description = "The Keybase filesystem"; + platforms = platforms.unix; + maintainers = with maintainers; [ avaq rvolosatovs bennofs np shofius ]; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/keycard-cli/default.nix b/nixpkgs/pkgs/tools/security/keycard-cli/default.nix new file mode 100644 index 000000000000..7e28bb7c0bfc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/keycard-cli/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, buildGoPackage, fetchFromGitHub, pkg-config, pcsclite }: + +buildGoPackage rec { + pname = "keycard-cli"; + version = "0.6.0"; + + goPackagePath = "github.com/status-im/keycard-cli"; + subPackages = [ "." ]; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ pcsclite ]; + + src = fetchFromGitHub { + owner = "status-im"; + repo = pname; + rev = version; + sha256 = "sha256-ejFvduZs3eWc6efr9o4pXb6qw2QWWQTtkTxF80vOGNU="; + }; + + ldflags = [ + "-X main.version=${version}" + ]; + + meta = with lib; { + description = "A command line tool and shell to manage keycards"; + homepage = "https://keycard.status.im"; + license = licenses.mpl20; + maintainers = [ maintainers.zimbatm ]; + broken = stdenv.isDarwin; # never built on Hydra https://hydra.nixos.org/job/nixpkgs/trunk/keycard-cli.x86_64-darwin + }; +} diff --git a/nixpkgs/pkgs/tools/security/keyscope/default.nix b/nixpkgs/pkgs/tools/security/keyscope/default.nix new file mode 100644 index 000000000000..dad09970b911 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/keyscope/default.nix @@ -0,0 +1,49 @@ +{ lib +, rustPlatform +, fetchFromGitHub +, pkg-config +, openssl +, stdenv +, DiskArbitration +, Foundation +, IOKit +, Security +}: + +rustPlatform.buildRustPackage rec { + pname = "keyscope"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "spectralops"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-4ZKIukxeadzGpq2lwxbyyIKqWgbZpdHPRAT+LsyWjzk="; + }; + + cargoSha256 = "sha256-aq7xUma8QDRnu74R7JSuZjrXCco7L9JrNmAZiGtTyts="; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ + DiskArbitration + Foundation + IOKit + Security + ]; + + # build script tries to get information from git + postPatch = '' + echo "fn main() {}" > build.rs + ''; + + VERGEN_GIT_SEMVER = "v${version}"; + + meta = with lib; { + description = "A key and secret workflow (validation, invalidation, etc.) tool"; + homepage = "https://github.com/spectralops/keyscope"; + changelog = "https://github.com/spectralops/keyscope/blob/v${version}/CHANGELOG.md"; + license = licenses.asl20; + maintainers = with maintainers; [ figsoda ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kiterunner/default.nix b/nixpkgs/pkgs/tools/security/kiterunner/default.nix new file mode 100644 index 000000000000..a455c17d717c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kiterunner/default.nix @@ -0,0 +1,39 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "kiterunner"; + version = "1.0.2"; + + src = fetchFromGitHub { + owner = "assetnote"; + repo = pname; + rev = "v${version}"; + sha256 = "084jywgqjj2hpaprdcb9a7i8hihphnfil0sx3wrlvjpa8sk0z1mw"; + }; + + vendorSha256 = "1nczzzsnh38qi949ki5268y39ggkwncanc1pv7727qpwllzl62vy"; + + ldflags = [ + "-s" "-w" "-X github.com/assetnote/kiterunner/cmd/kiterunner/cmd.Version=${version}" + ]; + + subPackages = [ "./cmd/kiterunner" ]; + + # Test data is missing in the repo + doCheck = false; + + meta = with lib; { + description = "Contextual content discovery tool"; + longDescription = '' + Kiterunner is a tool that is capable of not only performing traditional + content discovery at lightning fast speeds, but also bruteforcing routes + and endpoints in modern applications. + ''; + homepage = "https://github.com/assetnote/kiterunner"; + license = with licenses; [ agpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/knockpy/default.nix b/nixpkgs/pkgs/tools/security/knockpy/default.nix new file mode 100644 index 000000000000..5b4a2cbc33b3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/knockpy/default.nix @@ -0,0 +1,39 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "knockpy"; + version = "5.2.0"; + + src = fetchFromGitHub { + owner = "guelfoweb"; + repo = "knock"; + rev = version; + hash = "sha256-QPOIpgJt+09zRvSavRxuVEN+GGk4Z1CYCXti37YaO7o="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + beautifulsoup4 + colorama + matplotlib + networkx + pyqt5 + requests + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "knockpy" + ]; + + meta = with lib; { + description = "Tool to scan subdomains"; + homepage = "https://github.com/guelfoweb/knock"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kpcli/default.nix b/nixpkgs/pkgs/tools/security/kpcli/default.nix new file mode 100644 index 000000000000..176cc5e706bb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kpcli/default.nix @@ -0,0 +1,40 @@ +{ lib, stdenv, fetchurl, makeWrapper, perl, perlPackages }: + +stdenv.mkDerivation rec { + version = "3.6"; + pname = "kpcli"; + + src = fetchurl { + url = "mirror://sourceforge/kpcli/${pname}-${version}.pl"; + sha256 = "1srd6vrqgjlf906zdyxp4bg6gihkxn62cpzyfv0zzpsqsj13iwh1"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ perl ]; + + dontUnpack = true; + + installPhase = '' + mkdir -p $out/{bin,share} + cp ${src} $out/share/kpcli.pl + chmod +x $out/share/kpcli.pl + + makeWrapper $out/share/kpcli.pl $out/bin/kpcli --set PERL5LIB \ + "${with perlPackages; makePerlPath ([ + CaptureTiny Clipboard Clone CryptRijndael SortNaturally TermReadKey TermShellUI FileKeePass TermReadLineGnu XMLParser + ] ++ lib.optional stdenv.isDarwin MacPasteboard)}" + ''; + + + meta = with lib; { + description = "KeePass Command Line Interface"; + longDescription = '' + KeePass Command Line Interface (CLI) / interactive shell. + Use this program to access and manage your KeePass 1.x or 2.x databases from a Unix-like command line. + ''; + license = licenses.artistic1; + homepage = "http://kpcli.sourceforge.net"; + platforms = platforms.all; + maintainers = [ maintainers.j-keck ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/krunner-pass/default.nix b/nixpkgs/pkgs/tools/security/krunner-pass/default.nix new file mode 100644 index 000000000000..7904235b86a4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/krunner-pass/default.nix @@ -0,0 +1,43 @@ +{ mkDerivation, lib, fetchFromGitHub, fetchpatch, cmake, extra-cmake-modules +, kauth, krunner +, pass, pass-otp ? null }: + +mkDerivation rec { + pname = "krunner-pass"; + version = "1.3.0"; + + src = fetchFromGitHub { + owner = "akermu"; + repo = "krunner-pass"; + rev = "v${version}"; + sha256 = "032fs2174ls545kjixbhzyd65wgxkw4s5vg8b20irc5c9ak3pxm0"; + }; + + buildInputs = [ + kauth krunner + pass pass-otp + ]; + + nativeBuildInputs = [ cmake extra-cmake-modules ]; + + patches = [ + (fetchpatch { + url = "https://github.com/peterhoeg/krunner-pass/commit/be2695f4ae74b0cccec8294defcc92758583d96b.patch"; + sha256 = "098dqnal57994p51p2srfzg4lgcd6ybp29h037llr9cdv02hdxvl"; + name = "fix_build.patch"; + }) + ./pass-path.patch + ]; + + CXXFLAGS = [ + ''-DNIXPKGS_PASS=\"${lib.getBin pass}/bin/pass\"'' + ]; + + meta = with lib; { + description = "Integrates krunner with pass the unix standard password manager (https://www.passwordstore.org/)"; + homepage = "https://github.com/akermu/krunner-pass"; + license = licenses.gpl3; + maintainers = with maintainers; [ ysndr ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/krunner-pass/pass-path.patch b/nixpkgs/pkgs/tools/security/krunner-pass/pass-path.patch new file mode 100644 index 000000000000..4ceb3c5d92da --- /dev/null +++ b/nixpkgs/pkgs/tools/security/krunner-pass/pass-path.patch @@ -0,0 +1,13 @@ +diff --git a/pass.cpp b/pass.cpp +index c02f9d0..85c5b99 100644 +--- a/pass.cpp ++++ b/pass.cpp +@@ -193,7 +193,7 @@ void Pass::run(const Plasma::RunnerContext &context, const Plasma::QueryMatch &m + } else { + args << "show" << match.text(); + } +- pass->start("pass", args); ++ pass->start(NIXPKGS_PASS, args); + + connect(pass, static_cast<void(QProcess::*)(int, QProcess::ExitStatus)>(&QProcess::finished), + [=](int exitCode, QProcess::ExitStatus exitStatus) { diff --git a/nixpkgs/pkgs/tools/security/kube-hunter/default.nix b/nixpkgs/pkgs/tools/security/kube-hunter/default.nix new file mode 100644 index 000000000000..cbd4e4e3150f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kube-hunter/default.nix @@ -0,0 +1,57 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "kube-hunter"; + version = "0.6.5"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-2pmViizQLwyTdP6J92ynvdIdqkfgc6SIhsll85g9pHA="; + }; + + nativeBuildInputs = with python3.pkgs; [ + setuptools-scm + ]; + + propagatedBuildInputs = with python3.pkgs; [ + netaddr + netifaces + scapy + requests + prettytable + urllib3 + ruamel-yaml + future + packaging + pluggy + kubernetes + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + requests-mock + ]; + + postPatch = '' + substituteInPlace setup.cfg \ + --replace "dataclasses" "" \ + --replace "kubernetes==12.0.1" "kubernetes" \ + --replace "--cov=kube_hunter" "" + ''; + + pythonImportsCheck = [ + "kube_hunter" + ]; + + meta = with lib; { + description = "Tool to search issues in Kubernetes clusters"; + homepage = "https://github.com/aquasecurity/kube-hunter"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kubeaudit/default.nix b/nixpkgs/pkgs/tools/security/kubeaudit/default.nix new file mode 100644 index 000000000000..76cf9f65c36c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kubeaudit/default.nix @@ -0,0 +1,32 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "kubeaudit"; + version = "0.16.0"; + + src = fetchFromGitHub { + owner = "Shopify"; + repo = pname; + rev = version; + sha256 = "sha256-AIvH9HF0Ha1b+NZiJmiT6beYuKnCqJMXKzDFUzV9J4c="; + }; + + vendorSha256 = "sha256-XrEzkhQU/KPElQNgCX6yWDMQXZSd3lRXmUDJpsj5ACY="; + + postInstall = '' + mv $out/bin/cmd $out/bin/$pname + ''; + + # Tests require a running Kubernetes instance + doCheck = false; + + meta = with lib; { + description = "Audit tool for Kubernetes"; + homepage = "https://github.com/Shopify/kubeaudit"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kubei/default.nix b/nixpkgs/pkgs/tools/security/kubei/default.nix new file mode 100644 index 000000000000..840b4f69fc0a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kubei/default.nix @@ -0,0 +1,31 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "kubei"; + version = "1.0.12"; + + src = fetchFromGitHub { + owner = "Portshift"; + repo = pname; + rev = version; + sha256 = "sha256-QUPRw8fQ6ahBLZox6m4+feYIrcgDnCTe72nMF8iAV+Y="; + }; + + vendorSha256 = "sha256-uWDQf0zcTTPBthK60bmGJBP/m+yUu5PvYAbwyd0dcWE="; + + meta = with lib; { + description = "Kubernetes runtime scanner"; + longDescription = '' + Kubei is a vulnerabilities scanning and CIS Docker benchmark tool that + allows users to get an accurate and immediate risk assessment of their + kubernetes clusters. Kubei scans all images that are being used in a + Kubernetes cluster, including images of application pods and system pods. + ''; + homepage = "https://github.com/Portshift/kubei"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kubescape/default.nix b/nixpkgs/pkgs/tools/security/kubescape/default.nix new file mode 100644 index 000000000000..d41884242137 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kubescape/default.nix @@ -0,0 +1,58 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, installShellFiles +}: + +buildGoModule rec { + pname = "kubescape"; + version = "2.0.147"; + + src = fetchFromGitHub { + owner = "armosec"; + repo = pname; + rev = "v${version}"; + hash = "sha256-5ESAvLCAQ6ttpuc3YGkUwUvvhHZj+QYXyx30fhVSP1Y="; + }; + + nativeBuildInputs = [ + installShellFiles + ]; + + vendorSha256 = "sha256-xbOUggbu/4bNT07bD3TU/7CIDvgi6OtZLQzSqQykwRY="; + + ldflags = [ + "-s" + "-w" + "-X github.com/armosec/kubescape/clihandler/cmd.BuildNumber=v${version}" + ]; + + postInstall = '' + # Running kubescape to generate completions outputs error warnings + # but does not crash and completes successfully + # https://github.com/armosec/kubescape/issues/200 + installShellCompletion --cmd kubescape \ + --bash <($out/bin/kubescape completion bash) \ + --fish <($out/bin/kubescape completion fish) \ + --zsh <($out/bin/kubescape completion zsh) + ''; + + meta = with lib; { + description = "Tool for testing if Kubernetes is deployed securely"; + homepage = "https://github.com/armosec/kubescape"; + changelog = "https://github.com/armosec/kubescape/releases/tag/v${version}"; + longDescription = '' + Kubescape is the first open-source tool for testing if Kubernetes is + deployed securely according to multiple frameworks: regulatory, customized + company policies and DevSecOps best practices, such as the NSA-CISA and + the MITRE ATT&CK®. + Kubescape scans K8s clusters, YAML files, and HELM charts, and detect + misconfigurations and software vulnerabilities at early stages of the + CI/CD pipeline and provides a risk score instantly and risk trends over + time. Kubescape integrates natively with other DevOps tools, including + Jenkins, CircleCI and Github workflows. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ fab jk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kubesec/default.nix b/nixpkgs/pkgs/tools/security/kubesec/default.nix new file mode 100644 index 000000000000..001e851912a7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kubesec/default.nix @@ -0,0 +1,29 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "kubesec"; + version = "2.11.4"; + + src = fetchFromGitHub { + owner = "controlplaneio"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-z1v+xm0ZWs8F5KtltBSDx9W+xNqRsfvAgQUKgrZa+28="; + }; + + vendorSha256 = "sha256-t2GZaLa/Pc/TCjqTNGuLnOFSepExmE2xA8pc9HkUtcs="; + + # Tests wants to download the kubernetes schema for use with kubeval + doCheck = false; + + meta = with lib; { + description = "Security risk analysis tool for Kubernetes resources"; + homepage = "https://github.com/controlplaneio/kubesec"; + changelog = "https://github.com/controlplaneio/kubesec/blob/v${version}/CHANGELOG.md"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kwalletcli/default.nix b/nixpkgs/pkgs/tools/security/kwalletcli/default.nix new file mode 100644 index 000000000000..d18d5c1ef8b5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kwalletcli/default.nix @@ -0,0 +1,49 @@ +{ mkDerivation, fetchFromGitHub, lib, makeWrapper, pkg-config +, kcoreaddons, ki18n, kwallet, mksh, pinentry-qt }: + +mkDerivation rec { + pname = "kwalletcli"; + version = "3.03"; + + src = fetchFromGitHub { + owner = "MirBSD"; + repo = pname; + rev = "${pname}-${lib.replaceStrings [ "." ] [ "_" ] version}"; + sha256 = "sha256-DUtaQITzHhQrqA9QJd0U/5EDjH0IzY9/kal/7SYQ/Ck="; + }; + + postPatch = '' + substituteInPlace GNUmakefile \ + --replace -I/usr/include/KF5/KCoreAddons -I${kcoreaddons.dev}/include/KF5/KCoreAddons \ + --replace -I/usr/include/KF5/KI18n -I${ki18n.dev}/include/KF5/KI18n \ + --replace -I/usr/include/KF5/KWallet -I${kwallet.dev}/include/KF5/KWallet \ + --replace /usr/bin $out/bin \ + --replace /usr/share/man $out/share/man + + substituteInPlace pinentry-kwallet \ + --replace '/usr/bin/env mksh' ${mksh}/bin/mksh + ''; + + makeFlags = [ "KDE_VER=5" ]; + + nativeBuildInputs = [ makeWrapper pkg-config ]; + # if using just kwallet, cmake will be added as a buildInput and fail the build + propagatedBuildInputs = [ kcoreaddons ki18n (lib.getLib kwallet) ]; + + preInstall = '' + mkdir -p $out/bin $out/share/man/man1 + ''; + + postInstall = '' + wrapProgram $out/bin/pinentry-kwallet \ + --prefix PATH : $out/bin:${lib.makeBinPath [ pinentry-qt ]} \ + --set-default PINENTRY pinentry-qt + ''; + + meta = with lib; { + description = "Command-Line Interface to the KDE Wallet"; + homepage = "https://www.mirbsd.org/kwalletcli.htm"; + license = licenses.miros; + maintainers = with maintainers; [ peterhoeg ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix b/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix new file mode 100644 index 000000000000..3da3342e3794 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix @@ -0,0 +1,51 @@ +{ stdenv +, lib +, fetchFromGitHub +, asciidoc +, cmake +, docbook_xsl +, pkg-config +, bash-completion +, openssl +, curl +, libxml2 +, libxslt +}: + +stdenv.mkDerivation rec { + pname = "lastpass-cli"; + version = "1.3.3"; + + src = fetchFromGitHub { + owner = "lastpass"; + repo = pname; + rev = "v${version}"; + sha256 = "168jg8kjbylfgalhicn0llbykd7kdc9id2989gg0nxlgmnvzl58a"; + }; + + nativeBuildInputs = [ asciidoc cmake docbook_xsl pkg-config ]; + + buildInputs = [ + bash-completion + curl + openssl + libxml2 + libxslt + ]; + + installTargets = [ "install" "install-doc" ]; + + postInstall = '' + install -Dm644 -T ../contrib/lpass_zsh_completion $out/share/zsh/site-functions/_lpass + install -Dm644 -T ../contrib/completions-lpass.fish $out/share/fish/vendor_completions.d/lpass.fish + install -Dm755 -T ../contrib/examples/git-credential-lastpass $out/bin/git-credential-lastpass + ''; + + meta = with lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = "https://github.com/lastpass/lastpass-cli"; + license = licenses.gpl2Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ cstrahan ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ldeep/default.nix b/nixpkgs/pkgs/tools/security/ldeep/default.nix new file mode 100644 index 000000000000..82d0456a05b7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ldeep/default.nix @@ -0,0 +1,38 @@ +{ lib +, buildPythonApplication +, fetchPypi +, commandparse +, dnspython +, ldap3 +, termcolor +, tqdm +}: + +buildPythonApplication rec { + pname = "ldeep"; + version = "1.0.11"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-MYVC8fxLW85n8uZVMhb2Zml1lQ8vW9gw/eRLcmemQx4="; + }; + + propagatedBuildInputs = [ + commandparse + dnspython + ldap3 + termcolor + tqdm + ]; + + # no tests are present + doCheck = false; + pythonImportsCheck = [ "ldeep" ]; + + meta = with lib; { + description = "In-depth LDAP enumeration utility"; + homepage = "https://github.com/franc-pentest/ldeep"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/lesspass-cli/default.nix b/nixpkgs/pkgs/tools/security/lesspass-cli/default.nix new file mode 100644 index 000000000000..ce64b6847fe2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/lesspass-cli/default.nix @@ -0,0 +1,39 @@ +{ lib, python3, fetchFromGitHub }: + +let + inherit (python3.pkgs) buildPythonApplication pytest mock pexpect; + repo = "lesspass"; +in +buildPythonApplication rec { + pname = "lesspass-cli"; + version = "9.1.9"; + + src = fetchFromGitHub { + owner = repo; + repo = repo; + rev = version; + sha256 = "126zk248s9r72qk9b8j27yvb8gglw49kazwz0sd69b5kkxvhz2dh"; + }; + sourceRoot = "source/cli"; + + # some tests are designed to run against code in the source directory - adapt to run against + # *installed* code + postPatch = '' + for f in tests/test_functional.py tests/test_interaction.py ; do + substituteInPlace $f --replace "lesspass/core.py" "-m lesspass.core" + done + ''; + + checkInputs = [ pytest mock pexpect ]; + checkPhase = '' + mv lesspass lesspass.hidden # ensure we're testing against *installed* package + pytest tests + ''; + + meta = with lib; { + description = "Stateless password manager"; + homepage = "https://lesspass.com"; + maintainers = with maintainers; [ jasoncarr ]; + license = licenses.gpl3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/lethe/default.nix b/nixpkgs/pkgs/tools/security/lethe/default.nix new file mode 100644 index 000000000000..502757262787 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/lethe/default.nix @@ -0,0 +1,29 @@ +{ lib +, stdenv +, fetchFromGitHub +, rustPlatform +, Security +}: + +rustPlatform.buildRustPackage rec { + pname = "lethe"; + version = "0.6.1"; + + src = fetchFromGitHub { + owner = "kostassoid"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-0UYUzef7ja8nc2zs7eWqqXQfVVbEJEH9/NRRHVkvkYk="; + }; + + cargoSha256 = "sha256-suE8USKTZECVlTX4Wpz3vapo/Wmn7qaC3eyAJ3gmzqk="; + + buildInputs = lib.optional stdenv.isDarwin Security; + + meta = with lib; { + description = "Tool to wipe drives in a secure way"; + homepage = "https://github.com/kostassoid/lethe"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/libacr38u/default.nix b/nixpkgs/pkgs/tools/security/libacr38u/default.nix new file mode 100644 index 000000000000..0acb7e8bb1a8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/libacr38u/default.nix @@ -0,0 +1,42 @@ +{ lib, stdenv, fetchurl, pkg-config, pcsclite , libusb-compat-0_1, IOKit }: + +stdenv.mkDerivation { + version = "1.7.11"; + pname = "libacr38u"; + + src = fetchurl { + url = "http://http.debian.net/debian/pool/main/a/acr38/acr38_1.7.11.orig.tar.bz2"; + sha256 = "0lxbq17y51cablx6bcd89klwnyigvkz0rsf9nps1a97ggnllyzkx"; + }; + + doCheck = true; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ pcsclite libusb-compat-0_1 ] + ++ lib.optional stdenv.isDarwin IOKit; + + preBuild = '' + makeFlagsArray=(usbdropdir="$out/pcsc/drivers"); + ''; + + meta = with lib; { + description = "ACR38U smartcard reader driver for pcsclite"; + longDescription = '' + A PC/SC IFD handler implementation for the ACS ACR38U + smartcard readers. This driver is for the non-CCID version only. + + This package is needed to communicate with the ACR38U smartcard readers through + the PC/SC Lite resource manager (pcscd). + + It can be enabled in /etc/nixos/configuration.nix by adding: + services.pcscd.enable = true; + services.pcscd.plugins = [ libacr38u ]; + + The package is based on the debian package libacr38u. + ''; + homepage = "https://www.acs.com.hk"; + license = licenses.lgpl2Plus; + maintainers = with maintainers; [ berce ]; + platforms = with platforms; unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix b/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix new file mode 100644 index 000000000000..65512eb8be67 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix @@ -0,0 +1,70 @@ +{ lib, stdenv, fetchFromGitHub +, autoreconfHook, bison, flex, pkg-config +, curl, geoip, libmaxminddb, libxml2, lmdb, lua, pcre +, ssdeep, valgrind, yajl +}: + +stdenv.mkDerivation rec { + pname = "libmodsecurity"; + version = "3.0.6"; + + src = fetchFromGitHub { + owner = "SpiderLabs"; + repo = "ModSecurity"; + rev = "v${version}"; + sha256 = "sha256-V+NBT2YN8qO3Px8zEzSA2ZsjSf1pv8+VlLxYlrpqfGg="; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ autoreconfHook bison flex pkg-config ]; + buildInputs = [ curl geoip libmaxminddb libxml2 lmdb lua pcre ssdeep valgrind yajl ]; + + outputs = [ "out" "dev" ]; + + configureFlags = [ + "--enable-parser-generation" + "--with-curl=${curl.dev}" + "--with-libxml=${libxml2.dev}" + "--with-lmdb=${lmdb.out}" + "--with-maxmind=${libmaxminddb}" + "--with-pcre=${pcre.dev}" + "--with-ssdeep=${ssdeep}" + ]; + + postPatch = '' + substituteInPlace build/lmdb.m4 \ + --replace "\''${path}/include/lmdb.h" "${lmdb.dev}/include/lmdb.h" \ + --replace "lmdb_inc_path=\"\''${path}/include\"" "lmdb_inc_path=\"${lmdb.dev}/include\"" + substituteInPlace build/ssdeep.m4 \ + --replace "/usr/local/libfuzzy" "${ssdeep}/lib" \ + --replace "\''${path}/include/fuzzy.h" "${ssdeep}/include/fuzzy.h" \ + --replace "ssdeep_inc_path=\"\''${path}/include\"" "ssdeep_inc_path=\"${ssdeep}/include\"" + substituteInPlace modsecurity.conf-recommended \ + --replace "SecUnicodeMapFile unicode.mapping 20127" "SecUnicodeMapFile $out/share/modsecurity/unicode.mapping 20127" + ''; + + postInstall = '' + mkdir -p $out/share/modsecurity + cp ${src}/{AUTHORS,CHANGES,LICENSE,README.md,modsecurity.conf-recommended,unicode.mapping} $out/share/modsecurity + ''; + + enableParallelBuilding = true; + + meta = with lib; { + homepage = "https://github.com/SpiderLabs/ModSecurity"; + description = '' + ModSecurity v3 library component. + ''; + longDescription = '' + Libmodsecurity is one component of the ModSecurity v3 project. The + library codebase serves as an interface to ModSecurity Connectors taking + in web traffic and applying traditional ModSecurity processing. In + general, it provides the capability to load/interpret rules written in + the ModSecurity SecRules format and apply them to HTTP content provided + by your application via Connectors. + ''; + license = licenses.asl20; + platforms = platforms.all; + maintainers = with maintainers; [ izorkin ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/libtpms/default.nix b/nixpkgs/pkgs/tools/security/libtpms/default.nix new file mode 100644 index 000000000000..d93f0135c20a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/libtpms/default.nix @@ -0,0 +1,41 @@ +{ lib +, stdenv +, fetchFromGitHub +, pkg-config, autoreconfHook +, openssl, perl +}: + +stdenv.mkDerivation rec { + pname = "libtpms"; + version = "0.9.2"; + + src = fetchFromGitHub { + owner = "stefanberger"; + repo = "libtpms"; + rev = "v${version}"; + sha256 = "sha256-sfAmyx9MgzCVA1Da7hl6/sKxhS9ptaNLeSB8wmJIKDs="; + }; + + nativeBuildInputs = [ + autoreconfHook + pkg-config + perl # needed for pod2man + ]; + buildInputs = [ openssl ]; + + outputs = [ "out" "man" "dev" ]; + + enableParallelBuilding = true; + + configureFlags = [ + "--with-openssl" + "--with-tpm2" + ]; + + meta = with lib; { + description = "The libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0)"; + homepage = "https://github.com/stefanberger/libtpms"; + license = licenses.bsd3; + maintainers = [ maintainers.baloo ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/lmp/default.nix b/nixpkgs/pkgs/tools/security/lmp/default.nix new file mode 100644 index 000000000000..2f7f0283f904 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/lmp/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "lmp"; + version = "2.0"; + + src = fetchFromGitHub { + owner = "0xInfection"; + repo = "LogMePwn"; + rev = "v${version}"; + sha256 = "sha256-VL/Hp7YaXNcV9JPb3kgRHcdhJJ5p3KHUf3hHbT3gKVk="; + }; + + vendorSha256 = "sha256-3NTaJ/Y3Tc6UGLfYTKjZxAAI43GJyZQ5wQVYbnXHSYc="; + + meta = with lib; { + description = "Scanning and validation toolkit for the Log4J vulnerability"; + homepage = "https://github.com/0xInfection/LogMePwn"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/log4j-detect/default.nix b/nixpkgs/pkgs/tools/security/log4j-detect/default.nix new file mode 100644 index 000000000000..aaad1fb94efb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/log4j-detect/default.nix @@ -0,0 +1,38 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "log4j-detect"; + version = "unstable-2021-12-14"; + format = "other"; + + src = fetchFromGitHub { + owner = "takito1812"; + repo = pname; + rev = "2f5b7a598a6d0b4aee8111bb574ea72c6a1c76d6"; + sha256 = "sha256-fFKW7uPBfrnze0UoPL3Mfwd4sFOuHYuDP7kv6VtdM3o="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + requests + ]; + + postPatch = '' + sed -i "1 i #!/usr/bin/python" ${pname}.py + ''; + + installPhase = '' + runHook preInstall + install -vD ${pname}.py $out/bin/${pname} + runHook postInstall + ''; + + meta = with lib; { + description = "Tool to detect the log4j vulnerability"; + homepage = "https://github.com/takito1812/log4j-detect"; + license = licenses.unfree; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/log4j-scan/default.nix b/nixpkgs/pkgs/tools/security/log4j-scan/default.nix new file mode 100644 index 000000000000..bd2772efb416 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/log4j-scan/default.nix @@ -0,0 +1,44 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "log4j-scan"; + version = "unstable-2021-12-18"; + format = "other"; + + src = fetchFromGitHub { + owner = "fullhunt"; + repo = pname; + rev = "070fbd00f0945645bd5e0daa199a554ef3884b95"; + sha256 = "sha256-ORSc4KHyAMjuA7QHReDh6SYY5yZRunBBN1+lkCayqL4="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + pycryptodome + requests + termcolor + ]; + + postPatch = '' + substituteInPlace log4j-scan.py \ + --replace "headers.txt" "../share/headers.txt" + ''; + + installPhase = '' + runHook preInstall + + install -vD ${pname}.py $out/bin/${pname} + install -vD headers.txt headers-large.txt -t $out/share + + runHook postInstall + ''; + + meta = with lib; { + description = "Scanner for finding hosts which are vulnerable for log4j"; + homepage = "https://github.com/fullhunt/log4j-scan"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/log4j-sniffer/default.nix b/nixpkgs/pkgs/tools/security/log4j-sniffer/default.nix new file mode 100644 index 000000000000..0bc08fb6e3c8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/log4j-sniffer/default.nix @@ -0,0 +1,36 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, git +}: + +buildGoModule rec { + pname = "log4j-sniffer"; + version = "1.8.0"; + + src = fetchFromGitHub { + owner = "palantir"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-NojFXonov/80p+6kimfbiMK/v4najiMe//xFDnOi5KE="; + }; + + vendorSha256 = null; + + checkInputs = [ + git + ]; + + preCheck = '' + export HOME=$(mktemp -d); + cd $HOME + git init + ''; + + meta = with lib; { + description = "Tool that scans archives to check for vulnerable log4j versions"; + homepage = "https://github.com/palantir/log4j-sniffer"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/log4j-vuln-scanner/default.nix b/nixpkgs/pkgs/tools/security/log4j-vuln-scanner/default.nix new file mode 100644 index 000000000000..a33848b5d487 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/log4j-vuln-scanner/default.nix @@ -0,0 +1,30 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "log4j-vuln-scanner"; + version = "0.13"; + + src = fetchFromGitHub { + owner = "hillu"; + repo = "local-log4j-vuln-scanner"; + rev = "v${version}"; + sha256 = "sha256-YMD2233EdrrF1SLjwiRcNr53b7Rf5Tu8CZC43QhSY7c="; + }; + + vendorSha256 = null; + + postInstall = '' + mv $out/bin/scanner $out/bin/$pname + mv $out/bin/patcher $out/bin/log4j-vuln-patcher + ''; + + meta = with lib; { + description = "Local log4j vulnerability scanner"; + homepage = "https://github.com/hillu/local-log4j-vuln-scanner"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/log4jcheck/default.nix b/nixpkgs/pkgs/tools/security/log4jcheck/default.nix new file mode 100644 index 000000000000..291bf1ff96b4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/log4jcheck/default.nix @@ -0,0 +1,34 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "log4jcheck"; + version = "unstable-2021-12-14"; + format = "other"; + + src = fetchFromGitHub { + owner = "NorthwaveSecurity"; + repo = pname; + rev = "736f1f4044e8a9b7bf5db515e2d1b819253f0f6d"; + sha256 = "sha256-1al7EMYbE/hFXKV4mYZlkEWTUIKYxgXYU3qBLlczYvs="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + requests + ]; + + installPhase = '' + runHook preInstall + install -vD nw_log4jcheck.py $out/bin/${pname} + runHook postInstall + ''; + + meta = with lib; { + description = "Tool to check for vulnerable Log4j (CVE-2021-44228) systems"; + homepage = "https://github.com/NorthwaveSecurity/log4jcheck"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/log4shell-detector/default.nix b/nixpkgs/pkgs/tools/security/log4shell-detector/default.nix new file mode 100644 index 000000000000..6c51c5bcd6e9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/log4shell-detector/default.nix @@ -0,0 +1,40 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "log4shell-detector"; + version = "unstable-2021-12-16"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "Neo23x0"; + repo = pname; + rev = "622b88e7ea36819da23ce6ac090785cd6cca77f9"; + sha256 = "sha256-N81x9hq473LfM+bQIQLWizCAsVc/pzyB84PV7/N5jk4="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + zstandard + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + ]; + + installPhase = '' + runHook preInstall + install -vD ${pname}.py $out/bin/${pname} + install -vd $out/${python3.sitePackages}/ + cp -R Log4ShellDetector $out/${python3.sitePackages} + runHook postInstall + ''; + + meta = with lib; { + description = "Detector for Log4Shell exploitation attempts"; + homepage = "https://github.com/Neo23x0/log4shell-detector"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/logkeys/default.nix b/nixpkgs/pkgs/tools/security/logkeys/default.nix new file mode 100644 index 000000000000..7cd6b5fd194b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/logkeys/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchFromGitHub, autoconf, automake, which, procps, kbd }: + +stdenv.mkDerivation { + pname = "logkeys"; + version = "2018-01-22"; + + src = fetchFromGitHub { + owner = "kernc"; + repo = "logkeys"; + rev = "7a9f19fb6b152d9f00a0b3fe29ab266ff1f88129"; + sha256 = "1k6kj0913imwh53lh6hrhqmrpygqg2h462raafjsn7gbd3vkgx8n"; + }; + + buildInputs = [ autoconf automake which procps kbd ]; + + postPatch = '' + substituteInPlace src/Makefile.am --replace 'root' '$(id -u)' + substituteInPlace configure.ac --replace '/dev/input' '/tmp' + sed -i '/chmod u+s/d' src/Makefile.am + ''; + + preConfigure = "./autogen.sh"; + + meta = with lib; { + description = "A GNU/Linux keylogger that works!"; + license = licenses.gpl3; + homepage = "https://github.com/kernc/logkeys"; + maintainers = with maintainers; [mikoim offline]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/logmap/default.nix b/nixpkgs/pkgs/tools/security/logmap/default.nix new file mode 100644 index 000000000000..d6d4cb0f1a54 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/logmap/default.nix @@ -0,0 +1,34 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "logmap"; + version = "unstable-2021-12-15"; + format = "other"; + + src = fetchFromGitHub { + owner = "zhzyker"; + repo = pname; + rev = "5040707b4ae260830072de93ccd6a23615073abf"; + sha256 = "sha256-LOGjK5l/gaKObWbC9vaLruE8DdDsabztnEW/TjvCdtE="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + requests + ]; + + installPhase = '' + runHook preInstall + install -vD ${pname}.py $out/bin/${pname} + runHook postInstall + ''; + + meta = with lib; { + description = "Tools for fuzzing Log4j2 jndi injection"; + homepage = "https://github.com/zhzyker/logmap"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/lynis/default.nix b/nixpkgs/pkgs/tools/security/lynis/default.nix new file mode 100644 index 000000000000..3c198e9b7010 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/lynis/default.nix @@ -0,0 +1,38 @@ +{ lib, stdenv, makeWrapper, fetchFromGitHub, gawk, installShellFiles }: + +stdenv.mkDerivation rec { + pname = "lynis"; + version = "3.0.7"; + + src = fetchFromGitHub { + owner = "CISOfy"; + repo = pname; + rev = version; + sha256 = "sha256-tO9/egY4eNwQpCZU0zx8G3k4UYsf7S3tUdr6pCMTAWU="; + }; + + nativeBuildInputs = [ installShellFiles makeWrapper ]; + + postPatch = '' + grep -rl '/usr/local/lynis' ./ | xargs sed -i "s@/usr/local/lynis@$out/share/lynis@g" + ''; + + installPhase = '' + install -d $out/bin $out/share/lynis/plugins + cp -r include db default.prf $out/share/lynis/ + cp -a lynis $out/bin + wrapProgram "$out/bin/lynis" --prefix PATH : ${lib.makeBinPath [ gawk ]} + + installManPage lynis.8 + installShellCompletion --bash --name lynis.bash \ + extras/bash_completion.d/lynis + ''; + + meta = with lib; { + description = "Security auditing tool for Linux, macOS, and UNIX-based systems"; + homepage = "https://cisofy.com/lynis/"; + license = licenses.gpl3Only; + platforms = platforms.unix; + maintainers = [ maintainers.ryneeverett ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/maigret/default.nix b/nixpkgs/pkgs/tools/security/maigret/default.nix new file mode 100644 index 000000000000..316fbad81ba2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/maigret/default.nix @@ -0,0 +1,92 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "maigret"; + version = "0.4.1"; + + src = fetchFromGitHub { + owner = "soxoj"; + repo = pname; + rev = "v${version}"; + sha256 = "0igfxg238awdn1ly8s3r655yi3gpxink7g2hr6xb0c1nrm7z0kad"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + aiodns + aiohttp + aiohttp-socks + arabic-reshaper + async-timeout + attrs + beautifulsoup4 + certifi + chardet + colorama + future + html5lib + idna + jinja2 + lxml + markupsafe + mock + multidict + networkx + pycountry + pypdf2 + pysocks + python-bidi + pyvis + requests + requests-futures + six + socid-extractor + soupsieve + stem + torrequest + tqdm + typing-extensions + webencodings + xhtml2pdf + xmind + yarl + ]; + + checkInputs = with python3.pkgs; [ + pytest-httpserver + pytest-asyncio + pytestCheckHook + ]; + + postPatch = '' + # Remove all version pinning + sed -i -e "s/==[0-9.]*//" requirements.txt + # We are not build for Python < 3.7 + sed -i -e '/future-annotations/d' requirements.txt + # We can't work with dummy packages + sed -i -e 's/bs4/beautifulsoup4/g' requirements.txt + ''; + + disabledTests = [ + # Tests require network access + "test_extract_ids_from_page" + "test_import_aiohttp_cookies" + "test_maigret_results" + "test_pdf_report" + "test_self_check_db_negative_enabled" + "test_self_check_db_positive_enable" + ]; + + pythonImportsCheck = [ + "maigret" + ]; + + meta = with lib; { + description = "Tool to collect details about an username"; + homepage = "https://maigret.readthedocs.io"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/masscan/default.nix b/nixpkgs/pkgs/tools/security/masscan/default.nix new file mode 100644 index 000000000000..b7924936d6ca --- /dev/null +++ b/nixpkgs/pkgs/tools/security/masscan/default.nix @@ -0,0 +1,60 @@ +{ lib +, stdenv +, fetchFromGitHub +, installShellFiles +, makeWrapper +, libpcap +}: + +stdenv.mkDerivation rec { + pname = "masscan"; + version = "1.3.2"; + + src = fetchFromGitHub { + owner = "robertdavidgraham"; + repo = "masscan"; + rev = version; + sha256 = "sha256-mnGC/moQANloR5ODwRjzJzBa55OEZ9QU+9WpAHxQE/g="; + }; + + postPatch = lib.optionalString stdenv.isDarwin '' + # Fix broken install command + substituteInPlace Makefile --replace "-pm755" "-pDm755" + ''; + + nativeBuildInputs = [ makeWrapper installShellFiles ]; + + makeFlags = [ + "PREFIX=$(out)" + "GITVER=${version}" + "CC=${stdenv.cc.targetPrefix}cc" + ]; + + enableParallelBuilding = true; + + postInstall = '' + installManPage doc/masscan.? + + install -Dm444 -t $out/etc/masscan data/exclude.conf + install -Dm444 -t $out/share/doc/masscan doc/*.{html,js,md} + install -Dm444 -t $out/share/licenses/masscan LICENSE + + wrapProgram $out/bin/masscan \ + --prefix LD_LIBRARY_PATH : "${libpcap}/lib" + ''; + + doInstallCheck = true; + + installCheckPhase = '' + $out/bin/masscan --selftest + ''; + + meta = with lib; { + description = "Fast scan of the Internet"; + homepage = "https://github.com/robertdavidgraham/masscan"; + changelog = "https://github.com/robertdavidgraham/masscan/releases/tag/${version}"; + license = licenses.agpl3Only; + platforms = platforms.unix; + maintainers = with maintainers; [ rnhmjoj ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mbox/default.nix b/nixpkgs/pkgs/tools/security/mbox/default.nix new file mode 100644 index 000000000000..a39d226aac57 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mbox/default.nix @@ -0,0 +1,39 @@ +{ lib, stdenv, fetchFromGitHub, openssl, which }: + +stdenv.mkDerivation { + pname = "mbox"; + version = "unstable-2014-05-26"; + + src = fetchFromGitHub { + owner = "tsgates"; + repo = "mbox"; + rev = "a131424b6cb577e1c916bd0e8ffb2084a5f73048"; + sha256 = "06qggqxnzcxnc34m6sbafxwr2p64x65m9zm5wp7pwyarcckhh2hd"; + }; + + buildInputs = [ openssl which ]; + + preConfigure = '' + cd src + cp {.,}configsbox.h + ''; + + doCheck = true; + checkPhase = '' + rm tests/test-*vim.sh tests/test-pip.sh + + patchShebangs ./; dontPatchShebags=1 + sed -i 's|^/bin/||' tests/test-fileops.sh + + ./testall.sh + ''; + + meta = with lib; { + description = "Lightweight sandboxing mechanism that any user can use without special privileges"; + homepage = "http://pdos.csail.mit.edu/mbox/"; + maintainers = with maintainers; [ ehmry ]; + license = licenses.bsd3; + platforms = [ "x86_64-linux" ]; + broken = true; + }; +} diff --git a/nixpkgs/pkgs/tools/security/medusa/default.nix b/nixpkgs/pkgs/tools/security/medusa/default.nix new file mode 100644 index 000000000000..43a30aad8255 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/medusa/default.nix @@ -0,0 +1,27 @@ +{ lib, stdenv, fetchFromGitHub, pkg-config, freerdp, openssl, libssh2 }: + +stdenv.mkDerivation rec { + pname = "medusa-unstable"; + version = "2018-12-16"; + + src = fetchFromGitHub { + owner = "jmk-foofus"; + repo = "medusa"; + rev = "292193b3995444aede53ff873899640b08129fc7"; + sha256 = "0njlz4fqa0165wdmd5y8lfnafayf3c4la0r8pf3hixkdwsss1509"; + }; + + outputs = [ "out" "man" ]; + + configureFlags = [ "--enable-module-ssh=yes" ]; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ freerdp openssl libssh2 ]; + + meta = with lib; { + homepage = "https://github.com/jmk-foofus/medusa"; + description = "A speedy, parallel, and modular, login brute-forcer"; + license = licenses.gpl2; + maintainers = with maintainers; [ ma27 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/meo/default.nix b/nixpkgs/pkgs/tools/security/meo/default.nix new file mode 100644 index 000000000000..491bef3e0543 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/meo/default.nix @@ -0,0 +1,36 @@ +{ lib, stdenv, fetchhg, openssl, pcre-cpp, qt4, boost, pkcs11helper }: + +stdenv.mkDerivation { + pname = "meo"; + version = "unstable-2012-11-13"; + + src = fetchhg { + url = "http://oss.stamfest.net/hg/meo"; + rev = "b48e5f16cff8"; + sha256 = "0ifg7y28s89i9gwda6fyj1jbrykbcvq8bf1m6rxmdcv5afi3arbq"; + }; + + buildFlags = [ "QMAKE=qmake" ]; + + buildInputs = [ openssl pcre-cpp qt4 boost pkcs11helper ]; + + preConfigure = '' + sed -i s,-mt$,, meo-gui/meo-gui.pro + ''; + + installPhase = '' + mkdir -p $out/bin + cp tools/{meo,p11} $out/bin + cp meo-gui/meo-gui $out/bin + cp meo-gui/meo-gui $out/bin + ''; + + meta = with lib; { + homepage = "http://oss.stamfest.net/wordpress/meo-multiple-eyepairs-only"; + description = "Tools to use cryptography for things like four-eyes principles"; + license = licenses.agpl3Plus; + maintainers = with maintainers; [ viric ]; + platforms = platforms.linux; + broken = true; + }; +} diff --git a/nixpkgs/pkgs/tools/security/metabigor/default.nix b/nixpkgs/pkgs/tools/security/metabigor/default.nix new file mode 100644 index 000000000000..4e03e11f4985 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metabigor/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "metabigor"; + version = "1.10"; + + src = fetchFromGitHub { + owner = "j3ssie"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-ADpnSsGZQbXaSGidPmxwkQOl+P8ZupqRaDUh7t+XoDw="; + }; + + vendorSha256 = "sha256-la7bgeimycltFB7l6vNBYdlBIv4kD+HX7f2mo+eZhXM="; + + # Disabled for now as there are some failures ("undefined:") + doCheck = false; + + meta = with lib; { + description = "Tool to perform OSINT tasks"; + homepage = "https://github.com/j3ssie/metabigor"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile b/nixpkgs/pkgs/tools/security/metasploit/Gemfile new file mode 100644 index 000000000000..eb6e90ac7758 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile @@ -0,0 +1,4 @@ +# frozen_string_literal: true +source "https://rubygems.org" + +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.1.30" diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock new file mode 100644 index 000000000000..5711b8756e3f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock @@ -0,0 +1,449 @@ +GIT + remote: https://github.com/rapid7/metasploit-framework + revision: aab66244adaadb275bd780c1301fea51f444426a + ref: refs/tags/6.1.30 + specs: + metasploit-framework (6.1.30) + actionpack (~> 6.0) + activerecord (~> 6.0) + activesupport (~> 6.0) + aws-sdk-ec2 + aws-sdk-iam + aws-sdk-s3 + bcrypt + bcrypt_pbkdf + bson + concurrent-ruby (= 1.0.5) + dnsruby + ed25519 + em-http-request + eventmachine + faker + faraday + faye-websocket + filesize + hrr_rb_ssh-ed25519 + http-cookie + irb + jsobfu + json + metasm + metasploit-concern + metasploit-credential + metasploit-model + metasploit-payloads (= 2.0.74) + metasploit_data_models + metasploit_payloads-mettle (= 1.0.18) + mqtt + msgpack + nessus_rest + net-ldap + net-ssh + network_interface + nexpose + nokogiri + octokit + openssl-ccm + openvas-omp + packetfu + patch_finder + pcaprub + pdf-reader + pg + puma + railties + rb-readline + recog + redcarpet + reline (= 0.2.5) + rex-arch + rex-bin_tools + rex-core + rex-encoder + rex-exploitation + rex-java + rex-mime + rex-nop + rex-ole + rex-powershell + rex-random_identifier + rex-registry + rex-rop_builder + rex-socket + rex-sslscan + rex-struct2 + rex-text + rex-zip + ruby-macho + ruby_smb (~> 3.0) + rubyntlm + rubyzip + sinatra + sqlite3 + sshkey + swagger-blocks + thin + tzinfo + tzinfo-data + unix-crypt + warden + win32api + windows_error + winrm + xdr + xmlrpc + zeitwerk + +GEM + remote: https://rubygems.org/ + specs: + Ascii85 (1.1.0) + actionpack (6.1.4.6) + actionview (= 6.1.4.6) + activesupport (= 6.1.4.6) + rack (~> 2.0, >= 2.0.9) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actionview (6.1.4.6) + activesupport (= 6.1.4.6) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activemodel (6.1.4.6) + activesupport (= 6.1.4.6) + activerecord (6.1.4.6) + activemodel (= 6.1.4.6) + activesupport (= 6.1.4.6) + activesupport (6.1.4.6) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + addressable (2.8.0) + public_suffix (>= 2.0.2, < 5.0) + afm (0.2.2) + arel-helpers (2.14.0) + activerecord (>= 3.1.0, < 8) + aws-eventstream (1.2.0) + aws-partitions (1.555.0) + aws-sdk-core (3.126.2) + aws-eventstream (~> 1, >= 1.0.2) + aws-partitions (~> 1, >= 1.525.0) + aws-sigv4 (~> 1.1) + jmespath (~> 1.0) + aws-sdk-ec2 (1.299.0) + aws-sdk-core (~> 3, >= 3.126.0) + aws-sigv4 (~> 1.1) + aws-sdk-iam (1.67.0) + aws-sdk-core (~> 3, >= 3.126.0) + aws-sigv4 (~> 1.1) + aws-sdk-kms (1.54.0) + aws-sdk-core (~> 3, >= 3.126.0) + aws-sigv4 (~> 1.1) + aws-sdk-s3 (1.112.0) + aws-sdk-core (~> 3, >= 3.126.0) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.4) + aws-sigv4 (1.4.0) + aws-eventstream (~> 1, >= 1.0.2) + bcrypt (3.1.16) + bcrypt_pbkdf (1.1.0) + bindata (2.4.10) + bson (4.14.1) + builder (3.2.4) + concurrent-ruby (1.0.5) + cookiejar (0.3.3) + crass (1.0.6) + daemons (1.4.1) + dnsruby (1.61.9) + simpleidn (~> 0.1) + domain_name (0.5.20190701) + unf (>= 0.0.5, < 1.0.0) + ed25519 (1.3.0) + em-http-request (1.1.7) + addressable (>= 2.3.4) + cookiejar (!= 0.3.1) + em-socksify (>= 0.3) + eventmachine (>= 1.0.3) + http_parser.rb (>= 0.6.0) + em-socksify (0.3.2) + eventmachine (>= 1.0.0.beta.4) + erubi (1.10.0) + eventmachine (1.2.7) + faker (2.19.0) + i18n (>= 1.6, < 2) + faraday (1.10.0) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) + faraday-excon (~> 1.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) + faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.0) + faraday-patron (~> 1.0) + faraday-rack (~> 1.0) + faraday-retry (~> 1.0) + ruby2_keywords (>= 0.0.4) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.0) + faraday-excon (1.1.0) + faraday-httpclient (1.0.1) + faraday-multipart (1.0.3) + multipart-post (>= 1.2, < 3) + faraday-net_http (1.0.1) + faraday-net_http_persistent (1.2.0) + faraday-patron (1.0.0) + faraday-rack (1.0.0) + faraday-retry (1.0.3) + faye-websocket (0.11.1) + eventmachine (>= 0.12.0) + websocket-driver (>= 0.5.1) + ffi (1.15.5) + filesize (0.2.0) + gssapi (1.3.1) + ffi (>= 1.0.1) + gyoku (1.3.1) + builder (>= 2.1.2) + hashery (2.1.2) + hrr_rb_ssh (0.4.2) + hrr_rb_ssh-ed25519 (0.4.2) + ed25519 (~> 1.2) + hrr_rb_ssh (>= 0.4) + http-cookie (1.0.4) + domain_name (~> 0.5) + http_parser.rb (0.8.0) + httpclient (2.8.3) + i18n (1.10.0) + concurrent-ruby (~> 1.0) + io-console (0.5.11) + irb (1.3.6) + reline (>= 0.2.5) + jmespath (1.6.0) + jsobfu (0.4.2) + rkelly-remix + json (2.6.1) + little-plugger (1.1.4) + logging (2.3.0) + little-plugger (~> 1.1) + multi_json (~> 1.14) + loofah (2.14.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + metasm (1.0.5) + metasploit-concern (4.0.3) + activemodel (~> 6.0) + activesupport (~> 6.0) + railties (~> 6.0) + metasploit-credential (5.0.5) + metasploit-concern + metasploit-model + metasploit_data_models (>= 5.0.0) + net-ssh + pg + railties + rex-socket + rubyntlm + rubyzip + metasploit-model (4.0.3) + activemodel (~> 6.0) + activesupport (~> 6.0) + railties (~> 6.0) + metasploit-payloads (2.0.74) + metasploit_data_models (5.0.4) + activerecord (~> 6.0) + activesupport (~> 6.0) + arel-helpers + metasploit-concern + metasploit-model (>= 3.1) + pg + railties (~> 6.0) + recog (~> 2.0) + webrick + metasploit_payloads-mettle (1.0.18) + method_source (1.0.0) + mini_portile2 (2.7.1) + minitest (5.15.0) + mqtt (0.5.0) + msgpack (1.4.5) + multi_json (1.15.0) + multipart-post (2.1.1) + mustermann (1.1.1) + ruby2_keywords (~> 0.0.1) + nessus_rest (0.1.6) + net-ldap (0.17.0) + net-ssh (6.1.0) + network_interface (0.0.2) + nexpose (7.3.0) + nio4r (2.5.8) + nokogiri (1.13.1) + mini_portile2 (~> 2.7.0) + racc (~> 1.4) + nori (2.6.0) + octokit (4.22.0) + faraday (>= 0.9) + sawyer (~> 0.8.0, >= 0.5.3) + openssl-ccm (1.2.2) + openssl-cmac (2.0.1) + openvas-omp (0.0.4) + packetfu (1.1.13) + pcaprub + patch_finder (1.0.2) + pcaprub (0.13.1) + pdf-reader (2.9.1) + Ascii85 (~> 1.0) + afm (~> 0.2.1) + hashery (~> 2.0) + ruby-rc4 + ttfunk + pg (1.3.2) + public_suffix (4.0.6) + puma (5.6.2) + nio4r (~> 2.0) + racc (1.6.0) + rack (2.2.3) + rack-protection (2.2.0) + rack + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.4.2) + loofah (~> 2.3) + railties (6.1.4.6) + actionpack (= 6.1.4.6) + activesupport (= 6.1.4.6) + method_source + rake (>= 0.13) + thor (~> 1.0) + rake (13.0.6) + rb-readline (0.5.5) + recog (2.3.22) + nokogiri + redcarpet (3.5.1) + reline (0.2.5) + io-console (~> 0.5) + rex-arch (0.1.14) + rex-text + rex-bin_tools (0.1.8) + metasm + rex-arch + rex-core + rex-struct2 + rex-text + rex-core (0.1.26) + rex-encoder (0.1.6) + metasm + rex-arch + rex-text + rex-exploitation (0.1.28) + jsobfu + metasm + rex-arch + rex-encoder + rex-text + rexml + rex-java (0.1.6) + rex-mime (0.1.6) + rex-text + rex-nop (0.1.2) + rex-arch + rex-ole (0.1.7) + rex-text + rex-powershell (0.1.95) + rex-random_identifier + rex-text + ruby-rc4 + rex-random_identifier (0.1.8) + rex-text + rex-registry (0.1.4) + rex-rop_builder (0.1.4) + metasm + rex-core + rex-text + rex-socket (0.1.34) + rex-core + rex-sslscan (0.1.7) + rex-core + rex-socket + rex-text + rex-struct2 (0.1.3) + rex-text (0.2.37) + rex-zip (0.1.4) + rex-text + rexml (3.2.5) + rkelly-remix (0.0.7) + ruby-macho (3.0.0) + ruby-rc4 (0.1.5) + ruby2_keywords (0.0.5) + ruby_smb (3.0.4) + bindata + openssl-ccm + openssl-cmac + rubyntlm + windows_error (>= 0.1.3) + rubyntlm (0.6.3) + rubyzip (2.3.2) + sawyer (0.8.2) + addressable (>= 2.3.5) + faraday (> 0.8, < 2.0) + simpleidn (0.2.1) + unf (~> 0.1.4) + sinatra (2.2.0) + mustermann (~> 1.0) + rack (~> 2.2) + rack-protection (= 2.2.0) + tilt (~> 2.0) + sqlite3 (1.4.2) + sshkey (2.0.0) + swagger-blocks (3.0.0) + thin (1.8.1) + daemons (~> 1.0, >= 1.0.9) + eventmachine (~> 1.0, >= 1.0.4) + rack (>= 1, < 3) + thor (1.2.1) + tilt (2.0.10) + ttfunk (1.7.0) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) + tzinfo-data (1.2021.5) + tzinfo (>= 1.0.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.8) + unix-crypt (1.3.0) + warden (1.2.9) + rack (>= 2.0.9) + webrick (1.7.0) + websocket-driver (0.7.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + win32api (0.1.0) + windows_error (0.1.3) + winrm (2.3.6) + builder (>= 2.1.2) + erubi (~> 1.8) + gssapi (~> 1.2) + gyoku (~> 1.0) + httpclient (~> 2.2, >= 2.2.0.2) + logging (>= 1.6.1, < 3.0) + nori (~> 2.0) + rubyntlm (~> 0.6.0, >= 0.6.3) + xdr (3.0.3) + activemodel (>= 4.2, < 8.0) + activesupport (>= 4.2, < 8.0) + xmlrpc (0.3.2) + webrick + zeitwerk (2.5.4) + +PLATFORMS + ruby + +DEPENDENCIES + metasploit-framework! + +BUNDLED WITH + 2.3.6 diff --git a/nixpkgs/pkgs/tools/security/metasploit/default.nix b/nixpkgs/pkgs/tools/security/metasploit/default.nix new file mode 100644 index 000000000000..dcaeafc428a0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/default.nix @@ -0,0 +1,65 @@ +{ lib +, stdenv +, fetchFromGitHub +, makeWrapper +, ruby +, bundlerEnv +, python3 +}: + +let + env = bundlerEnv { + inherit ruby; + name = "metasploit-bundler-env"; + gemdir = ./.; + }; +in stdenv.mkDerivation rec { + pname = "metasploit-framework"; + version = "6.1.30"; + + src = fetchFromGitHub { + owner = "rapid7"; + repo = "metasploit-framework"; + rev = version; + sha256 = "sha256-QSKJIcHaWsxbHe2uTW5MnZFMoK1fOa6TejIT2Mq0z7k="; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ (python3.withPackages (ps: [ ps.requests ])) ]; + + dontPatchELF = true; # stay away from exploit executables + + installPhase = '' + mkdir -p $out/{bin,share/msf} + + cp -r * $out/share/msf + + grep -rl "^#\!.*python2$" $out/share/msf | xargs -d '\n' rm + + ( + cd $out/share/msf/ + for i in msf*; do + makeWrapper ${env}/bin/bundle $out/bin/$i \ + --add-flags "exec ${ruby}/bin/ruby $out/share/msf/$i" + done + ) + + makeWrapper ${env}/bin/bundle $out/bin/msf-pattern_create \ + --add-flags "exec ${ruby}/bin/ruby $out/share/msf/tools/exploit/pattern_create.rb" + + makeWrapper ${env}/bin/bundle $out/bin/msf-pattern_offset \ + --add-flags "exec ${ruby}/bin/ruby $out/share/msf/tools/exploit/pattern_offset.rb" + ''; + + # run with: nix-shell maintainers/scripts/update.nix --argstr path metasploit + passthru.updateScript = ./update.sh; + + meta = with lib; { + description = "Metasploit Framework - a collection of exploits"; + homepage = "https://github.com/rapid7/metasploit-framework/wiki"; + platforms = platforms.unix; + license = licenses.bsd3; + maintainers = with maintainers; [ fab makefu ]; + mainProgram = "msfconsole"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix new file mode 100644 index 000000000000..531b0b6c24e8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix @@ -0,0 +1,1635 @@ +{ + actionpack = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1d4nxv0p3wv4w0pf89nmxzg10balny5rwbchwsscgiminzh3mg7y"; + type = "gem"; + }; + version = "6.1.4.6"; + }; + actionview = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0cmxc80gg7pm6d9y7ah5qr4ymzks8rp51jv0a2qdq2m9p6llzlkk"; + type = "gem"; + }; + version = "6.1.4.6"; + }; + activemodel = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0izra8g3g1agv3mz72b0474adkj4ldszj3nwk3l0szgrln7df0lv"; + type = "gem"; + }; + version = "6.1.4.6"; + }; + activerecord = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15v0dwp2122yzwlw8ca0lgx5qbw8fsasbn8zzcks1mvmc9afisss"; + type = "gem"; + }; + version = "6.1.4.6"; + }; + activesupport = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0vrz4vgqz4grr2ykwkd8zhhd0rg12z89n89zl6aff17zrdhhad35"; + type = "gem"; + }; + version = "6.1.4.6"; + }; + addressable = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "022r3m9wdxljpbya69y2i3h9g3dhhfaqzidf95m6qjzms792jvgp"; + type = "gem"; + }; + version = "2.8.0"; + }; + afm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06kj9hgd0z8pj27bxp2diwqh6fv7qhwwm17z64rhdc4sfn76jgn8"; + type = "gem"; + }; + version = "0.2.2"; + }; + arel-helpers = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1b14yqwfjynlvl6x7jclhr4b2imik2cvabwxn9cpylabdnhr7gza"; + type = "gem"; + }; + version = "2.14.0"; + }; + Ascii85 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ds4v9xgsyvijnlflak4dzf1qwmda9yd5bv8jwsb56nngd399rlw"; + type = "gem"; + }; + version = "1.1.0"; + }; + aws-eventstream = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1pyis1nvnbjxk12a43xvgj2gv0mvp4cnkc1gzw0v1018r61399gz"; + type = "gem"; + }; + version = "1.2.0"; + }; + aws-partitions = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0r3ihnddcizpf34mcfggyjii8lmjyy1q89mswpbzqa5mxvws85qg"; + type = "gem"; + }; + version = "1.555.0"; + }; + aws-sdk-core = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19xi4dr675f7x9dmk1fc10jmjdgv45j3dn9k44m5xavd3qnpzx7v"; + type = "gem"; + }; + version = "3.126.2"; + }; + aws-sdk-ec2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13kl993psm21mni2g3llyj6b1nzway8kcabnrblnrjkd4d4fg3v7"; + type = "gem"; + }; + version = "1.299.0"; + }; + aws-sdk-iam = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1iv8db2wb3lajcnqx6icn7bdvhrfd7di01c329r95kgw6gzsf7sc"; + type = "gem"; + }; + version = "1.67.0"; + }; + aws-sdk-kms = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h2mn5ywrla2wqsvzvp9m8jhzr93ywqmyi2l0b538hrq6pmdhjq2"; + type = "gem"; + }; + version = "1.54.0"; + }; + aws-sdk-s3 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09fc16hdvripmpn1bj5bayqvmfz0pj2l1h2w954id9c9ar7vv7f5"; + type = "gem"; + }; + version = "1.112.0"; + }; + aws-sigv4 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1wh1y79v0s4zgby2m79bnifk65hwf5pvk2yyrxzn2jkjjq8f8fqa"; + type = "gem"; + }; + version = "1.4.0"; + }; + bcrypt = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "02r1c3isfchs5fxivbq99gc3aq4vfyn8snhcy707dal1p8qz12qb"; + type = "gem"; + }; + version = "3.1.16"; + }; + bcrypt_pbkdf = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ndamfaivnkhc6hy0yqyk2gkwr6f3bz6216lh74hsiiyk3axz445"; + type = "gem"; + }; + version = "1.1.0"; + }; + bindata = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06lqi4svq5qls9f7nnvd2zmjdqmi2sf82sq78ci5d78fq0z5x2vr"; + type = "gem"; + }; + version = "2.4.10"; + }; + bson = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03n3w96vpblaxvk1qk8hq7sbsmg4nv7qdkdr8f7nfvalgpakp5i5"; + type = "gem"; + }; + version = "4.14.1"; + }; + builder = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "045wzckxpwcqzrjr353cxnyaxgf0qg22jh00dcx7z38cys5g1jlr"; + type = "gem"; + }; + version = "3.2.4"; + }; + concurrent-ruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "183lszf5gx84kcpb779v6a2y0mx9sssy8dgppng1z9a505nj1qcf"; + type = "gem"; + }; + version = "1.0.5"; + }; + cookiejar = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0q0kmbks9l3hl0wdq744hzy97ssq9dvlzywyqv9k9y1p3qc9va2a"; + type = "gem"; + }; + version = "0.3.3"; + }; + crass = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pfl5c0pyqaparxaqxi6s4gfl21bdldwiawrc0aknyvflli60lfw"; + type = "gem"; + }; + version = "1.0.6"; + }; + daemons = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "07cszb0zl8mqmwhc8a2yfg36vi6lbgrp4pa5bvmryrpcz9v6viwg"; + type = "gem"; + }; + version = "1.4.1"; + }; + dnsruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0v8jfxamsdvs8rdl28ylcp5xphb03kmf5f1aqrnr2020ras618kc"; + type = "gem"; + }; + version = "1.61.9"; + }; + domain_name = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0lcqjsmixjp52bnlgzh4lg9ppsk52x9hpwdjd53k8jnbah2602h0"; + type = "gem"; + }; + version = "0.5.20190701"; + }; + ed25519 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0zb2dr2ihb1qiknn5iaj1ha1w9p7lj9yq5waasndlfadz225ajji"; + type = "gem"; + }; + version = "1.3.0"; + }; + em-http-request = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1azx5rgm1zvx7391sfwcxzyccs46x495vb34ql2ch83f58mwgyqn"; + type = "gem"; + }; + version = "1.1.7"; + }; + em-socksify = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0rk43ywaanfrd8180d98287xv2pxyl7llj291cwy87g1s735d5nk"; + type = "gem"; + }; + version = "0.3.2"; + }; + erubi = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09l8lz3j00m898li0yfsnb6ihc63rdvhw3k5xczna5zrjk104f2l"; + type = "gem"; + }; + version = "1.10.0"; + }; + eventmachine = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wh9aqb0skz80fhfn66lbpr4f86ya2z5rx6gm5xlfhd05bj1ch4r"; + type = "gem"; + }; + version = "1.2.7"; + }; + faker = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0hb9wfxyb4ss2vl2mrj1zgdk7dh4yaxghq22gbx62yxj5yb9w4zw"; + type = "gem"; + }; + version = "2.19.0"; + }; + faraday = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "00palwawk897p5gypw5wjrh93d4p0xz2yl9w93yicb4kq7amh8d4"; + type = "gem"; + }; + version = "1.10.0"; + }; + faraday-em_http = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "12cnqpbak4vhikrh2cdn94assh3yxza8rq2p9w2j34bqg5q4qgbs"; + type = "gem"; + }; + version = "1.0.0"; + }; + faraday-em_synchrony = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1vgrbhkp83sngv6k4mii9f2s9v5lmp693hylfxp2ssfc60fas3a6"; + type = "gem"; + }; + version = "1.0.0"; + }; + faraday-excon = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h09wkb0k0bhm6dqsd47ac601qiaah8qdzjh8gvxfd376x1chmdh"; + type = "gem"; + }; + version = "1.1.0"; + }; + faraday-httpclient = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0fyk0jd3ks7fdn8nv3spnwjpzx2lmxmg2gh4inz3by1zjzqg33sc"; + type = "gem"; + }; + version = "1.0.1"; + }; + faraday-multipart = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03qfi9020ynf7hkdiaq01sd2mllvw7fg4qiin3pk028b4wv23j3j"; + type = "gem"; + }; + version = "1.0.3"; + }; + faraday-net_http = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1fi8sda5hc54v1w3mqfl5yz09nhx35kglyx72w7b8xxvdr0cwi9j"; + type = "gem"; + }; + version = "1.0.1"; + }; + faraday-net_http_persistent = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0dc36ih95qw3rlccffcb0vgxjhmipsvxhn6cw71l7ffs0f7vq30b"; + type = "gem"; + }; + version = "1.2.0"; + }; + faraday-patron = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19wgsgfq0xkski1g7m96snv39la3zxz6x7nbdgiwhg5v82rxfb6w"; + type = "gem"; + }; + version = "1.0.0"; + }; + faraday-rack = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1h184g4vqql5jv9s9im6igy00jp6mrah2h14py6mpf9bkabfqq7g"; + type = "gem"; + }; + version = "1.0.0"; + }; + faraday-retry = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "153i967yrwnswqgvnnajgwp981k9p50ys1h80yz3q94rygs59ldd"; + type = "gem"; + }; + version = "1.0.3"; + }; + faye-websocket = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14lrb065xc4mny9faf91357r8s91qsbi7zfzsfqlj202b8hsgqf8"; + type = "gem"; + }; + version = "0.11.1"; + }; + ffi = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1862ydmclzy1a0cjbvm8dz7847d9rch495ib0zb64y84d3xd4bkg"; + type = "gem"; + }; + version = "1.15.5"; + }; + filesize = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "17p7rf1x7h3ivaznb4n4kmxnnzj25zaviryqgn2n12v2kmibhp8g"; + type = "gem"; + }; + version = "0.2.0"; + }; + gssapi = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1qdfhj12aq8v0y961v4xv96a1y2z80h3xhvzrs9vsfgf884g6765"; + type = "gem"; + }; + version = "1.3.1"; + }; + gyoku = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1wn0sl14396g5lyvp8sjmcb1hw9rbyi89gxng91r7w4df4jwiidh"; + type = "gem"; + }; + version = "1.3.1"; + }; + hashery = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qj8815bf7q6q7llm5rzdz279gzmpqmqqicxnzv066a020iwqffj"; + type = "gem"; + }; + version = "2.1.2"; + }; + hrr_rb_ssh = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1dr6mv98ll0crdn2wm2yy9ywh130iljcsvnnvs6639k19qbfk7qf"; + type = "gem"; + }; + version = "0.4.2"; + }; + hrr_rb_ssh-ed25519 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mfsvjcjmm63fwjf3zqkmg3cf55vx34vmvix0wj0ba4h9dzjq7p8"; + type = "gem"; + }; + version = "0.4.2"; + }; + http-cookie = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19370bc97gsy2j4hanij246hv1ddc85hw0xjb6sj7n1ykqdlx9l9"; + type = "gem"; + }; + version = "1.0.4"; + }; + "http_parser.rb" = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1gj4fmls0mf52dlr928gaq0c0cb0m3aqa9kaa6l0ikl2zbqk42as"; + type = "gem"; + }; + version = "0.8.0"; + }; + httpclient = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19mxmvghp7ki3klsxwrlwr431li7hm1lczhhj8z4qihl2acy8l99"; + type = "gem"; + }; + version = "2.8.3"; + }; + i18n = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0b2qyvnk4yynlg17ymkq4g5xgr275637fhl1mjh0valw3cb1fhhg"; + type = "gem"; + }; + version = "1.10.0"; + }; + io-console = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0r9kxrf9jccrr329pa3s37rf16vy426cbqmfwxkav1fidwvih93y"; + type = "gem"; + }; + version = "0.5.11"; + }; + irb = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0s4yjh5p1n05cm3pglh3g4ssrgy67x2bn3bsl0sydbm8mlf3xivr"; + type = "gem"; + }; + version = "1.3.6"; + }; + jmespath = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1gjrr5pdcl3l3skhp9d0jzs4yhmknpv3ldcz59b339b9lqbqasnr"; + type = "gem"; + }; + version = "1.6.0"; + }; + jsobfu = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hchns89cfj0gggm2zbr7ghb630imxm2x2d21ffx2jlasn9xbkyk"; + type = "gem"; + }; + version = "0.4.2"; + }; + json = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1z9grvjyfz16ag55hg522d3q4dh07hf391sf9s96npc0vfi85xkz"; + type = "gem"; + }; + version = "2.6.1"; + }; + little-plugger = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1frilv82dyxnlg8k1jhrvyd73l6k17mxc5vwxx080r4x1p04gwym"; + type = "gem"; + }; + version = "1.1.4"; + }; + logging = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pkmhcxi8lp74bq5gz9lxrvaiv5w0745kk7s4bw2b1x07qqri0n9"; + type = "gem"; + }; + version = "2.3.0"; + }; + loofah = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0z8bdcmw66j3dy6ivcc02yq32lx3n9bavx497llln8qy014xjm4w"; + type = "gem"; + }; + version = "2.14.0"; + }; + metasm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0dpjbkdvi4h6v0g01db7vlcsg15pfiyslkz3zd7wfk04yrc6g7wi"; + type = "gem"; + }; + version = "1.0.5"; + }; + metasploit-concern = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0lmvwja6v7s12g0fq9mp2d3sgashl526apfjqk5fchqvnfqw4gsb"; + type = "gem"; + }; + version = "4.0.3"; + }; + metasploit-credential = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0a17zm8cq71rd8qilxai7s3dzb8n5lzvjfwyxk7slblfcgbsl9np"; + type = "gem"; + }; + version = "5.0.5"; + }; + metasploit-framework = { + groups = ["default"]; + platforms = []; + source = { + fetchSubmodules = false; + rev = "aab66244adaadb275bd780c1301fea51f444426a"; + sha256 = "1ffgnk5dh4rjga9swfazmnh4r4cx9ip4vbpd3mdwqnnsq4hqj8j1"; + type = "git"; + url = "https://github.com/rapid7/metasploit-framework"; + }; + version = "6.1.30"; + }; + metasploit-model = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13zg6jw8vbspq95s4dpcbjxnjiacy21il7y8l2dq3rd04mickryy"; + type = "gem"; + }; + version = "4.0.3"; + }; + metasploit-payloads = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03q70mqn38chhm9cmjh6k4ch5jsrgf2id09jv0ylkn3vsrrjfzpg"; + type = "gem"; + }; + version = "2.0.74"; + }; + metasploit_data_models = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "12hnkrkgx89dskfr8ywpxk51y0nqnnj37qjz856f45z7ymx1nzip"; + type = "gem"; + }; + version = "5.0.4"; + }; + metasploit_payloads-mettle = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09mm8wbp7yaaqpz16bhsag3q5xd4aqx5l1n2p06zg55nph1dgy0s"; + type = "gem"; + }; + version = "1.0.18"; + }; + method_source = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1pnyh44qycnf9mzi1j6fywd5fkskv3x7nmsqrrws0rjn5dd4ayfp"; + type = "gem"; + }; + version = "1.0.0"; + }; + mini_portile2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0d3ga166pahsxavzwj19yjj4lr13rw1vsb36s2qs8blcxigrdp6z"; + type = "gem"; + }; + version = "2.7.1"; + }; + minitest = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06xf558gid4w8lwx13jwfdafsch9maz8m0g85wnfymqj63x5nbbd"; + type = "gem"; + }; + version = "5.15.0"; + }; + mqtt = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0d1khsry5mf63y03r6v91f4vrbn88277ksv7d69z3xmqs9sgpri9"; + type = "gem"; + }; + version = "0.5.0"; + }; + msgpack = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1cshgsx3hmpgx639xyqjqa2q3hgrhlyr9rpwhsglsx529alqq125"; + type = "gem"; + }; + version = "1.4.5"; + }; + multi_json = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pb1g1y3dsiahavspyzkdy39j4q377009f6ix0bh1ag4nqw43l0z"; + type = "gem"; + }; + version = "1.15.0"; + }; + multipart-post = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1zgw9zlwh2a6i1yvhhc4a84ry1hv824d6g2iw2chs3k5aylpmpfj"; + type = "gem"; + }; + version = "2.1.1"; + }; + mustermann = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ccm54qgshr1lq3pr1dfh7gphkilc19dp63rw6fcx7460pjwy88a"; + type = "gem"; + }; + version = "1.1.1"; + }; + nessus_rest = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1allyrd4rll333zbmsi3hcyg6cw1dhc4bg347ibsw191nswnp8ci"; + type = "gem"; + }; + version = "0.1.6"; + }; + net-ldap = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1j19yxrz7h3hj7kiiln13c7bz7hvpdqr31bwi88dj64zifr7896n"; + type = "gem"; + }; + version = "0.17.0"; + }; + net-ssh = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jp3jgcn8cij407xx9ldb5h9c6jv13jc4cf6kk2idclz43ww21c9"; + type = "gem"; + }; + version = "6.1.0"; + }; + network_interface = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xh4knfq77ii4pjzsd2z1p3nd6nrcdjhb2vi5gw36jqj43ffw0zp"; + type = "gem"; + }; + version = "0.0.2"; + }; + nexpose = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jz5xiwiwagd663qdlfhmc9fm76x78cqhighmfivy6w5v0n4xyq0"; + type = "gem"; + }; + version = "7.3.0"; + }; + nio4r = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xk64wghkscs6bv2n22853k2nh39d131c6rfpnlw12mbjnnv9v1v"; + type = "gem"; + }; + version = "2.5.8"; + }; + nokogiri = { + dependencies = ["mini_portile2" "racc"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1zqzawia52cdcmi55lp7v8jmiqyw7pcpwsksqlnirwfm3f7bnf11"; + type = "gem"; + }; + version = "1.13.1"; + }; + nori = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "066wc774a2zp4vrq3k7k8p0fhv30ymqmxma1jj7yg5735zls8agn"; + type = "gem"; + }; + version = "2.6.0"; + }; + octokit = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1nmdd7klyinvrrv2mggwwmc99ykaq7i379j00i37hvvaqx4giifj"; + type = "gem"; + }; + version = "4.22.0"; + }; + openssl-ccm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gxwxk657jya2s5m8cpckvgy5m7qx0hzfp8xvc0hg2wf1lg5gwp0"; + type = "gem"; + }; + version = "1.2.2"; + }; + openssl-cmac = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1k69p0p0ilvqnwskhc0bfax8rwvyk6n4wzarg8qsjdvm13xwx508"; + type = "gem"; + }; + version = "2.0.1"; + }; + openvas-omp = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14xf614vd76qjdjxjv14mmjar6s64fwp4cwb7bv5g1wc29srg28x"; + type = "gem"; + }; + version = "0.0.4"; + }; + packetfu = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16ppq9wfxq4x2hss61l5brs3s6fmi8gb50mnp1nnnzb1asq4g8ll"; + type = "gem"; + }; + version = "1.1.13"; + }; + patch_finder = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1md9scls55n1riw26vw1ak0ajq38dfygr36l0h00wqhv51cq745m"; + type = "gem"; + }; + version = "1.0.2"; + }; + pcaprub = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0886fcc5bi0kc0rbma5fj3wa3hbg2nl7ivnbi2j995yzg36zq7xy"; + type = "gem"; + }; + version = "0.13.1"; + }; + pdf-reader = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pn5l3ayjfn4mv2079q80q0x3q39q25nxcc5l9cjqz4lf5anhlfi"; + type = "gem"; + }; + version = "2.9.1"; + }; + pg = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0m776cj2hik15wi730vhgczd5v9s0xmi45q2hgcf5m5cnqvfih35"; + type = "gem"; + }; + version = "1.3.2"; + }; + public_suffix = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xqcgkl7bwws1qrlnmxgh8g4g9m10vg60bhlw40fplninb3ng6d9"; + type = "gem"; + }; + version = "4.0.6"; + }; + puma = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1np2myaxlk5iab1zarwgmp7zsjvm5j8ssg35ijv8b6dpvc3cjd56"; + type = "gem"; + }; + version = "5.6.2"; + }; + racc = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0la56m0z26j3mfn1a9lf2l03qx1xifanndf9p3vx1azf6sqy7v9d"; + type = "gem"; + }; + version = "1.6.0"; + }; + rack = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0i5vs0dph9i5jn8dfc6aqd6njcafmb20rwqngrf759c9cvmyff16"; + type = "gem"; + }; + version = "2.2.3"; + }; + rack-protection = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hz6h6d67r217qi202qmxq2xkn3643ay3iybhl3dq3qd6j8nm3b2"; + type = "gem"; + }; + version = "2.2.0"; + }; + rack-test = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0rh8h376mx71ci5yklnpqqn118z3bl67nnv5k801qaqn1zs62h8m"; + type = "gem"; + }; + version = "1.1.0"; + }; + rails-dom-testing = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1lfq2a7kp2x64dzzi5p4cjcbiv62vxh9lyqk2f0rqq3fkzrw8h5i"; + type = "gem"; + }; + version = "2.0.3"; + }; + rails-html-sanitizer = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09qrfi3pgllxb08r024lln9k0qzxs57v0slsj8616xf9c0cwnwbk"; + type = "gem"; + }; + version = "1.4.2"; + }; + railties = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1snhwpbnmsyhr297qmin8i5i631aimjca1hiazi128i1355255hb"; + type = "gem"; + }; + version = "6.1.4.6"; + }; + rake = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15whn7p9nrkxangbs9hh75q585yfn66lv0v2mhj6q6dl6x8bzr2w"; + type = "gem"; + }; + version = "13.0.6"; + }; + rb-readline = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14w79a121czmvk1s953qfzww30mqjb2zc0k9qhi0ivxxk3hxg6wy"; + type = "gem"; + }; + version = "0.5.5"; + }; + recog = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ml58i34gjpgmpl392c77v2n50w2w233gwxgy6cxq81bp58ywj92"; + type = "gem"; + }; + version = "2.3.22"; + }; + redcarpet = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0bvk8yyns5s1ls437z719y5sdv9fr8kfs8dmr6g8s761dv5n8zvi"; + type = "gem"; + }; + version = "3.5.1"; + }; + reline = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1bf86g8a761mp516349gzmvxkafj36nznczznb3flkn4a84dlk3k"; + type = "gem"; + }; + version = "0.2.5"; + }; + rex-arch = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1gi9641869pg30ij7ba3r2z89flvdqsma4spbpww6c8ph62iy4bp"; + type = "gem"; + }; + version = "0.1.14"; + }; + rex-bin_tools = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0p5r2h0zaixdjhp9k0jq0vgsvbhifx2jh3p9pr2w80qda1hkgqgj"; + type = "gem"; + }; + version = "0.1.8"; + }; + rex-core = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hjc70q6wb580k0jk4g4s9aqwd25l48kr0pcyjjs2ffax0zcm4d0"; + type = "gem"; + }; + version = "0.1.26"; + }; + rex-encoder = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15c2yqrvn3hxf6gn4cqrz2l65rdh68gbk2a7lwdq43nchfjnsnvg"; + type = "gem"; + }; + version = "0.1.6"; + }; + rex-exploitation = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08v5nam0xp6f8qi3nyqzh97sz07hy59w82y213jz919mrgpb70vc"; + type = "gem"; + }; + version = "0.1.28"; + }; + rex-java = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0g8xdj7ij4y51wgh6l29al6i107bqn6pwql6za7ahms75m8s9dys"; + type = "gem"; + }; + version = "0.1.6"; + }; + rex-mime = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wzw1qcdgbn3iyskppy5038mcdrzplyai45pilm5qjj4fwvjdl6m"; + type = "gem"; + }; + version = "0.1.6"; + }; + rex-nop = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0yjlmgmaaa65lkd6jrm71g8yfn8xy91jl07nd1v90xp9jrzrrl92"; + type = "gem"; + }; + version = "0.1.2"; + }; + rex-ole = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0rlsy1a4lig7iqvb4zn60fpf125v8k4bjrjzakks74prjb2qmqnp"; + type = "gem"; + }; + version = "0.1.7"; + }; + rex-powershell = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ydzvakfg8can56jn0i8qnrf742csyk82krj50b44sj93ncj7h54"; + type = "gem"; + }; + version = "0.1.95"; + }; + rex-random_identifier = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1zy8zkkv530iqzsc7apx4hq9ij30h5628slkmc80aqzva9z0fm0d"; + type = "gem"; + }; + version = "0.1.8"; + }; + rex-registry = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09b6jhcih4srrh0j52v49vbffqz8ngki6qpmq9b2wdabqnw63d1v"; + type = "gem"; + }; + version = "0.1.4"; + }; + rex-rop_builder = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ssynxq3kc86v3xnc6jx8pg5zh13q61wl2klqbi9hzn2n8lhdgvj"; + type = "gem"; + }; + version = "0.1.4"; + }; + rex-socket = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1rsgssbnnl5frxgnq17xq0n6rpxns6xdmxpya9852c2n72nm5ac0"; + type = "gem"; + }; + version = "0.1.34"; + }; + rex-sslscan = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "128y9xrb2nv8ccs85lav8wcydp8239y04ad7mjkc43r59hhkx74p"; + type = "gem"; + }; + version = "0.1.7"; + }; + rex-struct2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hp8yv55j995dl587hismwa7ydyprs03c75gia6rwp7v5bhshy4n"; + type = "gem"; + }; + version = "0.1.3"; + }; + rex-text = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xzym86blrah88qyi1m9f7pc53m6ssmr4d1znc8izbh90z38y51y"; + type = "gem"; + }; + version = "0.2.37"; + }; + rex-zip = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0azm4g4dm9k6vrav769vn0gffrv7pgxknlj4dr9yav632920cvqj"; + type = "gem"; + }; + version = "0.1.4"; + }; + rexml = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08ximcyfjy94pm1rhcx04ny1vx2sk0x4y185gzn86yfsbzwkng53"; + type = "gem"; + }; + version = "3.2.5"; + }; + rkelly-remix = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1g7hjl9nx7f953y7lncmfgp0xgxfxvgfm367q6da9niik6rp1y3j"; + type = "gem"; + }; + version = "0.0.7"; + }; + ruby-macho = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0sg0kzqrldx9mlpvymif3dcgz8j8q1nc8jaszrd03nfh5bvp3fd5"; + type = "gem"; + }; + version = "3.0.0"; + }; + ruby-rc4 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "00vci475258mmbvsdqkmqadlwn6gj9m01sp7b5a3zd90knil1k00"; + type = "gem"; + }; + version = "0.1.5"; + }; + ruby2_keywords = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1vz322p8n39hz3b4a9gkmz9y7a5jaz41zrm2ywf31dvkqm03glgz"; + type = "gem"; + }; + version = "0.0.5"; + }; + ruby_smb = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0w7ywnf3b3dsfqarj9yc21q1f5p29vs359x5d7sipvc0ljdwn95l"; + type = "gem"; + }; + version = "3.0.4"; + }; + rubyntlm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0b8hczk8hysv53ncsqzx4q6kma5gy5lqc7s5yx8h64x3vdb18cjv"; + type = "gem"; + }; + version = "0.6.3"; + }; + rubyzip = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0grps9197qyxakbpw02pda59v45lfgbgiyw48i0mq9f2bn9y6mrz"; + type = "gem"; + }; + version = "2.3.2"; + }; + sawyer = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0yrdchs3psh583rjapkv33mljdivggqn99wkydkjdckcjn43j3cz"; + type = "gem"; + }; + version = "0.8.2"; + }; + simpleidn = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06f7w6ph3bzzqk212yylfp4jfx275shgp9zg3xszbpv1ny2skp9m"; + type = "gem"; + }; + version = "0.2.1"; + }; + sinatra = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1x3rci7k30g96y307hvglpdgm3f7nga3k3n4i8n1v2xxx290800y"; + type = "gem"; + }; + version = "2.2.0"; + }; + sqlite3 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0lja01cp9xd5m6vmx99zwn4r7s97r1w5cb76gqd8xhbm1wxyzf78"; + type = "gem"; + }; + version = "1.4.2"; + }; + sshkey = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03bkn55qsng484iqwz2lmm6rkimj01vsvhwk661s3lnmpkl65lbp"; + type = "gem"; + }; + version = "2.0.0"; + }; + swagger-blocks = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0bycg5si4pr69b0qqiqzhwcich90mvmn0v0gs39slvxg5nv3h28k"; + type = "gem"; + }; + version = "3.0.0"; + }; + thin = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "123bh7qlv6shk8bg8cjc84ix8bhlfcilwnn3iy6zq3l57yaplm9l"; + type = "gem"; + }; + version = "1.8.1"; + }; + thor = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0inl77jh4ia03jw3iqm5ipr76ghal3hyjrd6r8zqsswwvi9j2xdi"; + type = "gem"; + }; + version = "1.2.1"; + }; + tilt = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0rn8z8hda4h41a64l0zhkiwz2vxw9b1nb70gl37h1dg2k874yrlv"; + type = "gem"; + }; + version = "2.0.10"; + }; + ttfunk = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15iaxz9iak5643bq2bc0jkbjv8w2zn649lxgvh5wg48q9d4blw13"; + type = "gem"; + }; + version = "1.7.0"; + }; + tzinfo = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "10qp5x7f9hvlc0psv9gsfbxg4a7s0485wsbq1kljkxq94in91l4z"; + type = "gem"; + }; + version = "2.0.4"; + }; + tzinfo-data = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0w1iyvw0m2xvdr4654jnn1g27jwj84y94dvaj1k2p3lcrvndm698"; + type = "gem"; + }; + version = "1.2021.5"; + }; + unf = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0bh2cf73i2ffh4fcpdn9ir4mhq8zi50ik0zqa1braahzadx536a9"; + type = "gem"; + }; + version = "0.1.4"; + }; + unf_ext = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jmbimpnpjdzz8hlrppgl9spm99qh3qzbx0b81k3gkgwba8nk3yd"; + type = "gem"; + }; + version = "0.0.8"; + }; + unix-crypt = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1wflipsmmicmgvqilp9pml4x19b337kh6p6jgrzqrzpkq2z52gdq"; + type = "gem"; + }; + version = "1.3.0"; + }; + warden = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1l7gl7vms023w4clg02pm4ky9j12la2vzsixi2xrv9imbn44ys26"; + type = "gem"; + }; + version = "1.2.9"; + }; + webrick = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1d4cvgmxhfczxiq5fr534lmizkhigd15bsx5719r5ds7k7ivisc7"; + type = "gem"; + }; + version = "1.7.0"; + }; + websocket-driver = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0a3bwxd9v3ghrxzjc4vxmf4xa18c6m4xqy5wb0yk5c6b9psc7052"; + type = "gem"; + }; + version = "0.7.5"; + }; + websocket-extensions = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0hc2g9qps8lmhibl5baa91b4qx8wqw872rgwagml78ydj8qacsqw"; + type = "gem"; + }; + version = "0.1.5"; + }; + win32api = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1liryy0pz0gpw5sadbb9xwaflay272b8bwv4pclh6wkhldnh7wg7"; + type = "gem"; + }; + version = "0.1.0"; + }; + windows_error = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1dy35rfdmj6pfhdicix1kcgpj5y7844a43i6bnklngn7b1wmy3av"; + type = "gem"; + }; + version = "0.1.3"; + }; + winrm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nxf6a47d1xf1nvi7rbfbzjyyjhz0iakrnrsr2hj6y24a381sd8i"; + type = "gem"; + }; + version = "2.3.6"; + }; + xdr = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1vsimn1vha6qjh1zbkvma5biwlh3hzc6s24ksw7vsxg0z27m8bmz"; + type = "gem"; + }; + version = "3.0.3"; + }; + xmlrpc = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xa79ry3976ylap38cr5g6q3m81plm611flqd3dwgnmgbkycb6jp"; + type = "gem"; + }; + version = "0.3.2"; + }; + zeitwerk = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09bq7j2p6mkbxnsg71s253dm2463kg51xc7bmjcxgyblqbh4ln7m"; + type = "gem"; + }; + version = "2.5.4"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/metasploit/shell.nix b/nixpkgs/pkgs/tools/security/metasploit/shell.nix new file mode 100644 index 000000000000..e4bae57b6866 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/shell.nix @@ -0,0 +1,17 @@ +# Env to update Gemfile.lock / gemset.nix +with import <nixpkgs> {}; +stdenv.mkDerivation { + name = "env"; + buildInputs = [ + bundix + git + libiconv + libpcap + libxml2 + libxslt + pkg-config + postgresql + ruby.devEnv + sqlite + ]; +} diff --git a/nixpkgs/pkgs/tools/security/metasploit/update.sh b/nixpkgs/pkgs/tools/security/metasploit/update.sh new file mode 100755 index 000000000000..ba41b78c0e8d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/update.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl bundix git libiconv libpcap libxml2 libxslt pkg-config postgresql ruby.devEnv sqlite xmlstarlet nix-update + +set -eu -o pipefail +cd "$(dirname "$(readlink -f "$0")")" + +latest=$(curl https://github.com/rapid7/metasploit-framework/tags.atom | xmlstarlet sel -N atom="http://www.w3.org/2005/Atom" -t -m /atom:feed/atom:entry -v atom:title -n | head -n1) +echo "Updating metasploit to $latest" + +sed -i "s#refs/tags/.*#refs/tags/$latest\"#" Gemfile + +bundler install +bundix +sed -i '/[ ]*dependencies =/d' gemset.nix + +cd "../../../../" +nix-update metasploit --version "$latest" diff --git a/nixpkgs/pkgs/tools/security/mfcuk/default.nix b/nixpkgs/pkgs/tools/security/mfcuk/default.nix new file mode 100644 index 000000000000..3128a787807a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mfcuk/default.nix @@ -0,0 +1,22 @@ +{ lib, stdenv, fetchurl, pkg-config, libnfc }: + +stdenv.mkDerivation { + pname = "mfcuk"; + version = "0.3.8"; + + src = fetchurl { + url = "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/mfcuk/mfcuk-0.3.8.tar.gz"; + sha256 = "0m9sy61rsbw63xk05jrrmnyc3xda0c3m1s8pg3sf8ijbbdv9axcp"; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ libnfc ]; + + meta = with lib; { + description = "MiFare Classic Universal toolKit"; + license = licenses.gpl2; + homepage = "https://github.com/nfc-tools/mfcuk"; + maintainers = with maintainers; [ offline ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mfoc/default.nix b/nixpkgs/pkgs/tools/security/mfoc/default.nix new file mode 100644 index 000000000000..ca1f4a5e4f25 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mfoc/default.nix @@ -0,0 +1,35 @@ +{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, pkg-config, libnfc }: + +stdenv.mkDerivation rec { + pname = "mfoc"; + version = "0.10.7"; + + src = fetchFromGitHub { + owner = "nfc-tools"; + repo = pname; + rev = "${pname}-${version}"; + sha256 = "0hbg1fn4000qdg1cfc7y8l0vh1mxlxcz7gapkcq54xp2l6kk1z65"; + }; + + patches = [ + (fetchpatch { + url = "https://github.com/nfc-tools/mfoc/commit/f13efb0a6deb1d97ba945d555a6a5d6be89b593f.patch"; + sha256 = "109gqzp8rdsjvj0nra686vy0dpd2bl6q5v9m4v98cpxkbz496450"; + }) + (fetchpatch { + url = "https://github.com/nfc-tools/mfoc/commit/00eae36f891bc4580103e3b54f0bb5228af2cdef.patch"; + sha256 = "1w56aj96g776f37j53jmf3hk21x4mqik3l2bmghrdp8drixc8bzk"; + }) + ]; + + nativeBuildInputs = [ autoreconfHook pkg-config ]; + buildInputs = [ libnfc ]; + + meta = with lib; { + description = "Mifare Classic Offline Cracker"; + license = licenses.gpl2; + homepage = "https://github.com/nfc-tools/mfoc"; + maintainers = with maintainers; [ offline ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/minica/default.nix b/nixpkgs/pkgs/tools/security/minica/default.nix new file mode 100644 index 000000000000..29574e39cd92 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/minica/default.nix @@ -0,0 +1,33 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "minica"; + version = "1.0.2"; + + goPackagePath = "github.com/jsha/minica"; + + src = fetchFromGitHub { + owner = "jsha"; + repo = "minica"; + rev = "v${version}"; + sha256 = "18518wp3dcjhf3mdkg5iwxqr3326n6jwcnqhyibphnb2a58ap7ny"; + }; + + ldflags = [ + "-X main.BuildVersion=${version}" + ]; + + meta = with lib; { + description = "A simple tool for generating self signed certificates"; + longDescription = '' + Minica is a simple CA intended for use in situations where the CA + operator also operates each host where a certificate will be used. It + automatically generates both a key and a certificate when asked to + produce a certificate. + ''; + homepage = "https://github.com/jsha/minica/"; + license = licenses.mit; + maintainers = with maintainers; [ m1cr0man ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/minio-certgen/default.nix b/nixpkgs/pkgs/tools/security/minio-certgen/default.nix new file mode 100644 index 000000000000..ec7b0e976ee2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/minio-certgen/default.nix @@ -0,0 +1,22 @@ +{ lib, fetchFromGitHub, buildGoModule }: + +buildGoModule rec { + pname = "minio-certgen"; + version = "0.0.2"; + + src = fetchFromGitHub { + owner = "minio"; + repo = "certgen"; + rev = "v${version}"; + sha256 = "sha256-HtzcoEUMt3LpQNyT0wGcmc4Q70QqHx7QpjrDh4YSO/Q="; + }; + + vendorSha256 = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo="; + + meta = with lib; { + description = "A simple Minio tool to generate self-signed certificates, and provides SAN certificates with DNS and IP entries"; + downloadPage = "https://github.com/minio/certgen"; + license = licenses.bsd3; + maintainers = with maintainers; [ bryanasdev000 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/minisign/default.nix b/nixpkgs/pkgs/tools/security/minisign/default.nix new file mode 100644 index 000000000000..a0e634730422 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/minisign/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchFromGitHub, cmake, pkg-config, libsodium }: + +stdenv.mkDerivation rec { + pname = "minisign"; + version = "0.10"; + + src = fetchFromGitHub { + repo = "minisign"; + owner = "jedisct1"; + rev = version; + sha256 = "sha256-uqlX4m1e5NTqqyI99j1c6/w/YQWeJC39FufpxAf4JT4="; + }; + + nativeBuildInputs = [ cmake pkg-config ]; + buildInputs = [ libsodium ]; + + meta = with lib; { + description = "A simple tool for signing files and verifying signatures"; + longDescription = '' + minisign uses public key cryptography to help facilitate secure (but not + necessarily private) file transfer, e.g., of software artefacts. minisign + is similar to and compatible with OpenBSD's signify. + ''; + homepage = "https://jedisct1.github.io/minisign/"; + license = licenses.isc; + maintainers = with maintainers; [ joachifm ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mkp224o/default.nix b/nixpkgs/pkgs/tools/security/mkp224o/default.nix new file mode 100644 index 000000000000..6f836271c0ab --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mkp224o/default.nix @@ -0,0 +1,47 @@ +{ stdenv, lib, fetchFromGitHub, autoreconfHook, libsodium }: + +stdenv.mkDerivation rec { + pname = "mkp224o"; + version = "1.5.0"; + + src = fetchFromGitHub { + owner = "cathugger"; + repo = "mkp224o"; + rev = "v${version}"; + sha256 = "0b2cn96wg4l8jkkqqp8l2295xlmm2jc8nrw6rdqb5g0zkpfmrxbb"; + }; + + buildCommand = + let + # compile few variants with different implementation of crypto + # the fastest depends on a particular cpu + variants = [ + { suffix = "ref10"; configureFlags = ["--enable-ref10"]; } + { suffix = "donna"; configureFlags = ["--enable-donna"]; } + ] ++ lib.optionals stdenv.hostPlatform.isx86 [ + { suffix = "donna-sse2"; configureFlags = ["--enable-donna-sse2"]; } + ] ++ lib.optionals (!stdenv.isDarwin && stdenv.isx86_64) [ + { suffix = "amd64-51-30k"; configureFlags = ["--enable-amd64-51-30k"]; } + { suffix = "amd64-64-20k"; configureFlags = ["--enable-amd64-64-24k"]; } + ]; + in + lib.concatMapStrings ({suffix, configureFlags}: '' + install -D ${ + stdenv.mkDerivation { + name = "mkp224o-${suffix}-${version}"; + inherit version src configureFlags; + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ libsodium ]; + installPhase = "install -D mkp224o $out"; + } + } $out/bin/mkp224o-${suffix} + '') variants; + + meta = with lib; { + description = "Vanity address generator for tor onion v3 (ed25519) hidden services"; + homepage = "http://cathug2kyi4ilneggumrenayhuhsvrgn6qv2y47bgeet42iivkpynqad.onion/"; + license = licenses.cc0; + platforms = platforms.unix; + maintainers = with maintainers; [ volth ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mkpasswd/default.nix b/nixpkgs/pkgs/tools/security/mkpasswd/default.nix new file mode 100644 index 000000000000..7fea400f008c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mkpasswd/default.nix @@ -0,0 +1,21 @@ +{ lib, stdenv, whois, libxcrypt, perl, pkg-config }: + +stdenv.mkDerivation { + pname = "mkpasswd"; + inherit (whois) version src; + + nativeBuildInputs = [ perl pkg-config ]; + buildInputs = [ libxcrypt ]; + + inherit (whois) preConfigure; + buildPhase = "make mkpasswd"; + installPhase = "make install-mkpasswd"; + + meta = with lib; { + homepage = "https://packages.qa.debian.org/w/whois.html"; + description = "Overfeatured front-end to crypt, from the Debian whois package"; + license = licenses.gpl2; + maintainers = with maintainers; [ cstrahan fpletz ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mkrand/default.nix b/nixpkgs/pkgs/tools/security/mkrand/default.nix new file mode 100644 index 000000000000..21c9586cd6c3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mkrand/default.nix @@ -0,0 +1,21 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "mkrand"; + version = "0.1.0"; + + src = fetchurl { + url = "https://github.com/mknight-tag/MKRAND/releases/download/v${version}/mkrand-${version}.tar.gz"; + sha256 = "1irwyv2j5c3606k3qbq77yrd65y27rcq3jdlp295rz875q8iq9fs"; + }; + + doCheck = true; + + meta = { + description = "A Digital Random Bit Generator"; + longDescription = "MKRAND is a utility for generating random information."; + homepage = "https://github.com/mknight-tag/MKRAND/"; + license = lib.licenses.mit; + platforms = lib.platforms.all; + }; + } diff --git a/nixpkgs/pkgs/tools/security/mktemp/default.nix b/nixpkgs/pkgs/tools/security/mktemp/default.nix new file mode 100644 index 000000000000..02be5103cbf6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mktemp/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchurl, groff }: + +stdenv.mkDerivation rec { + pname = "mktemp"; + version = "1.7"; + + # Have `configure' avoid `/usr/bin/nroff' in non-chroot builds. + NROFF = "${groff}/bin/nroff"; + + # Don't use "install -s" + postPatch = '' + substituteInPlace Makefile.in --replace " 0555 -s " " 0555 " + ''; + + src = fetchurl { + url = "ftp://ftp.mktemp.org/pub/mktemp/mktemp-${version}.tar.gz"; + sha256 = "0x969152znxxjbj7387xb38waslr4yv6bnj5jmhb4rpqxphvk54f"; + }; + + meta = with lib; { + description = "Simple tool to make temporary file handling in shells scripts safe and simple"; + homepage = "https://www.mktemp.org"; + license = licenses.isc; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/modsecurity-crs/default.nix b/nixpkgs/pkgs/tools/security/modsecurity-crs/default.nix new file mode 100644 index 000000000000..124eca09ca48 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/modsecurity-crs/default.nix @@ -0,0 +1,42 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + version = "3.3.2"; + pname = "modsecurity-crs"; + + src = fetchFromGitHub { + owner = "coreruleset"; + repo = "coreruleset"; + rev = "v${version}"; + sha256 = "sha256-m/iVLhk2y5BpYu8EwC2adrrDnbaVCQ0SE25ltvMokCw="; + }; + + installPhase = '' + install -D -m444 -t $out/rules ${src}/rules/*.conf + install -D -m444 -t $out/rules ${src}/rules/*.data + install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/*.md + install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/{CHANGES,INSTALL,LICENSE} + install -D -m444 -t $out/share/modsecurity-crs ${src}/rules/*.example + install -D -m444 -t $out/share/modsecurity-crs ${src}/crs-setup.conf.example + cat > $out/share/modsecurity-crs/modsecurity-crs.load.example <<EOF + ## + ## This is a sample file for loading OWASP CRS's rules. + ## + Include /etc/modsecurity/crs/crs-setup.conf + IncludeOptional /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf + Include $out/rules/*.conf + IncludeOptional /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf + EOF + ''; + + meta = with lib; { + homepage = "https://coreruleset.org"; + description = '' + The OWASP ModSecurity Core Rule Set is a set of generic attack detection + rules for use with ModSecurity or compatible web application firewalls. + ''; + license = licenses.asl20; + platforms = platforms.all; + maintainers = with maintainers; [ izorkin ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/modsecurity/Makefile.in.patch b/nixpkgs/pkgs/tools/security/modsecurity/Makefile.in.patch new file mode 100644 index 000000000000..98384c754ce7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/modsecurity/Makefile.in.patch @@ -0,0 +1,17 @@ +--- a/apache2/Makefile.in 2017-10-10 09:45:51.000000000 -0400 ++++ b/apache2/Makefile.in 2017-10-10 09:46:04.000000000 -0400 +@@ -1208,14 +1208,12 @@ + @LINUX_TRUE@ for m in $(pkglib_LTLIBRARIES); do \ + @LINUX_TRUE@ base=`echo $$m | sed 's/\..*//'`; \ + @LINUX_TRUE@ rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \ +-@LINUX_TRUE@ install -D -m444 $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES)/$$base.so; \ + @LINUX_TRUE@ done + @LINUX_FALSE@install-exec-hook: $(pkglib_LTLIBRARIES) + @LINUX_FALSE@ @echo "Removing unused static libraries..."; \ + @LINUX_FALSE@ for m in $(pkglib_LTLIBRARIES); do \ + @LINUX_FALSE@ base=`echo $$m | sed 's/\..*//'`; \ + @LINUX_FALSE@ rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \ +-@LINUX_FALSE@ cp -p $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES); \ + @LINUX_FALSE@ done + + # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/nixpkgs/pkgs/tools/security/modsecurity/default.nix b/nixpkgs/pkgs/tools/security/modsecurity/default.nix new file mode 100644 index 000000000000..1bbefd1342c3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/modsecurity/default.nix @@ -0,0 +1,54 @@ +{ stdenv, lib, fetchurl, pkg-config +, curl, apacheHttpd, pcre, apr, aprutil, libxml2 +, luaSupport ? false, lua5 +}: + +with lib; + +let luaValue = if luaSupport then lua5 else "no"; + optional = lib.optional; +in + +stdenv.mkDerivation rec { + pname = "modsecurity"; + version = "2.9.3"; + + src = fetchurl { + url = "https://www.modsecurity.org/tarball/${version}/${pname}-${version}.tar.gz"; + sha256 = "0611nskd2y6yagrciqafxdn4rxbdk2v4swf45kc1sgwx2sfh34j1"; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ curl apacheHttpd pcre apr aprutil libxml2 ] ++ + optional luaSupport lua5; + + configureFlags = [ + "--enable-standalone-module" + "--enable-static" + "--with-curl=${curl.dev}" + "--with-apxs=${apacheHttpd.dev}/bin/apxs" + "--with-pcre=${pcre.dev}" + "--with-apr=${apr.dev}" + "--with-apu=${aprutil.dev}/bin/apu-1-config" + "--with-libxml=${libxml2.dev}" + "--with-lua=${luaValue}" + ]; + + outputs = ["out" "nginx"]; + # by default modsecurity's install script copies compiled output to httpd's modules folder + # this patch removes those lines + patches = [ ./Makefile.in.patch ]; + + postInstall = '' + mkdir -p $nginx + cp -R * $nginx + ''; + + meta = { + description = "Open source, cross-platform web application firewall (WAF)"; + license = licenses.asl20; + homepage = "https://www.modsecurity.org/"; + maintainers = with maintainers; [offline]; + platforms = lib.platforms.linux ++ lib.platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mongoaudit/default.nix b/nixpkgs/pkgs/tools/security/mongoaudit/default.nix new file mode 100644 index 000000000000..4c15d1cfe948 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mongoaudit/default.nix @@ -0,0 +1,39 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "mongoaudit"; + version = "0.1.1"; + + disabled = python3.pythonOlder "3.8"; + + src = fetchFromGitHub { + owner = "stampery"; + repo = pname; + rev = version; + sha256 = "17k4vw5d3kr961axl49ywid4cf3n7zxvm885c4lv15w7s2al1425"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + pymongo + setuptools + urwid + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "mongoaudit" + ]; + + meta = with lib; { + description = "MongoDB auditing and pentesting tool"; + homepage = "https://github.com/stampery/mongoaudit"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/monkeysphere/default.nix b/nixpkgs/pkgs/tools/security/monkeysphere/default.nix new file mode 100644 index 000000000000..bc267a9a7703 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/monkeysphere/default.nix @@ -0,0 +1,103 @@ +{ lib, stdenv, fetchurl, makeWrapper +, perl, libassuan, libgcrypt +, perlPackages, lockfileProgs, gnupg, coreutils +# For the tests: +, openssh, which, socat, cpio, hexdump, procps, openssl +}: + +let + # A patch is needed to run the tests inside the Nix sandbox: + # /etc/passwd: "nixbld:x:1000:100:Nix build user:/build:/noshell" + # sshd: "User nixbld not allowed because shell /noshell does not exist" + opensshUnsafe = openssh.overrideAttrs (oldAttrs: { + patches = oldAttrs.patches ++ [ ./openssh-nixos-sandbox.patch ]; + }); +in stdenv.mkDerivation rec { + pname = "monkeysphere"; + version = "0.44"; + + # The patched OpenSSH binary MUST NOT be used (except in the check phase): + disallowedRequisites = [ opensshUnsafe ]; + + src = fetchurl { + url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz"; + sha256 = "1ah7hy8r9gj96pni8azzjb85454qky5l17m3pqn37854l6grgika"; + }; + + patches = [ ./monkeysphere.patch ]; + + postPatch = '' + sed -i "s,/usr/bin/env,${coreutils}/bin/env," src/share/ma/update_users + ''; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ perl libassuan libgcrypt ] + ++ lib.optional doCheck + ([ gnupg opensshUnsafe which socat cpio hexdump procps lockfileProgs ] ++ + (with perlPackages; [ CryptOpenSSLRSA CryptOpenSSLBignum ])); + + makeFlags = [ + "PREFIX=/" + "DESTDIR=$(out)" + ]; + + # The tests should be run (and succeed) when making changes to this package + # but they aren't enabled by default because they "drain" entropy (GnuPG + # still uses /dev/random). + doCheck = false; + preCheck = lib.optionalString doCheck '' + patchShebangs tests/ + patchShebangs src/ + sed -i \ + -e "s,/usr/sbin/sshd,${opensshUnsafe}/bin/sshd," \ + -e "s,/bin/true,${coreutils}/bin/true," \ + -e "s,/bin/false,${coreutils}/bin/false," \ + -e "s,openssl\ req,${openssl}/bin/openssl req," \ + tests/basic + sed -i "s/<(hd/<(hexdump/" tests/keytrans + ''; + + postFixup = + let wrapperArgs = runtimeDeps: + "--prefix PERL5LIB : " + + (with perlPackages; makePerlPath [ # Optional (only required for keytrans) + CryptOpenSSLRSA + CryptOpenSSLBignum + ]) + + lib.optionalString + (builtins.length runtimeDeps > 0) + " --prefix PATH : ${lib.makeBinPath runtimeDeps}"; + wrapMonkeysphere = runtimeDeps: program: + "wrapProgram $out/bin/${program} ${wrapperArgs runtimeDeps}\n"; + wrapPrograms = runtimeDeps: programs: lib.concatMapStrings + (wrapMonkeysphere runtimeDeps) + programs; + in wrapPrograms [ gnupg ] [ "monkeysphere-authentication" "monkeysphere-host" ] + + wrapPrograms [ gnupg lockfileProgs ] [ "monkeysphere" ] + + '' + # These 4 programs depend on the program name ($0): + for program in openpgp2pem openpgp2spki openpgp2ssh pem2openpgp; do + rm $out/bin/$program + ln -sf keytrans $out/share/monkeysphere/$program + makeWrapper $out/share/monkeysphere/$program $out/bin/$program \ + ${wrapperArgs [ ]} + done + ''; + + meta = with lib; { + homepage = "http://web.monkeysphere.info/"; + description = "Leverage the OpenPGP web of trust for SSH and TLS authentication"; + longDescription = '' + The Monkeysphere project's goal is to extend OpenPGP's web of + trust to new areas of the Internet to help us securely identify + servers we connect to, as well as each other while we work online. + The suite of Monkeysphere utilities provides a framework to + transparently leverage the web of trust for authentication of + TLS/SSL communications through the normal use of tools you are + familiar with, such as your web browser0 or secure shell. + ''; + license = licenses.gpl3Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/monkeysphere/monkeysphere.patch b/nixpkgs/pkgs/tools/security/monkeysphere/monkeysphere.patch new file mode 100644 index 000000000000..8cdd85017b93 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/monkeysphere/monkeysphere.patch @@ -0,0 +1,23 @@ +diff --git a/Makefile b/Makefile +--- a/Makefile ++++ b/Makefile +@@ -52,7 +52,7 @@ clean: + replaced/%: % + mkdir -p $(dir $@) + sed < $< > $@ \ +- -e 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' \ ++ -e 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' \ + -e 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' \ + -e 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' + +diff --git a/src/share/keytrans b/src/share/keytrans +--- a/src/share/keytrans ++++ b/src/share/keytrans +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -T ++#!/usr/bin/perl + + # keytrans: this is an RSA key translation utility; it is capable of + # transforming RSA keys (both public keys and secret keys) between +-- +2.16.3 diff --git a/nixpkgs/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch b/nixpkgs/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch new file mode 100644 index 000000000000..2a9a1fc8dfa9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch @@ -0,0 +1,17 @@ +diff --git a/auth.c b/auth.c +index d2a8cd65..811a129f 100644 +--- a/auth.c ++++ b/auth.c +@@ -580,6 +580,12 @@ getpwnamallow(const char *user) + #endif + + pw = getpwnam(user); ++ if (pw != NULL) { ++ // This is only for testing purposes, ++ // DO NOT USE THIS PATCH IN PRODUCTION! ++ char *shell = "/bin/sh"; ++ pw->pw_shell = shell; ++ } + + #if defined(_AIX) && defined(HAVE_SETAUTHDB) + aix_restoreauthdb(); diff --git a/nixpkgs/pkgs/tools/security/monsoon/default.nix b/nixpkgs/pkgs/tools/security/monsoon/default.nix new file mode 100644 index 000000000000..3f414081500f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/monsoon/default.nix @@ -0,0 +1,32 @@ +{ buildGoModule +, fetchFromGitHub +, lib, stdenv +}: + +buildGoModule rec { + pname = "monsoon"; + version = "0.6.0"; + + src = fetchFromGitHub { + owner = "RedTeamPentesting"; + repo = "monsoon"; + rev = "v${version}"; + sha256 = "01c84s11m645mqaa2vdnbsj0kb842arqjhicgjv0ahb7qdw65zz4"; + }; + + vendorSha256 = "1g84az07hv8w0jha2yl4f5jm0p9nkbawgw9l7cpmn8ckbfa54l7q"; + + # tests fails on darwin + doCheck = !stdenv.isDarwin; + + meta = with lib; { + description = "Fast HTTP enumerator"; + longDescription = '' + A fast HTTP enumerator that allows you to execute a large number of HTTP + requests, filter the responses and display them in real-time. + ''; + homepage = "https://github.com/RedTeamPentesting/monsoon"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mpw/default.nix b/nixpkgs/pkgs/tools/security/mpw/default.nix new file mode 100644 index 000000000000..3973ed51343f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mpw/default.nix @@ -0,0 +1,62 @@ +{ lib, stdenv, cmake, fetchFromGitLab +, json_c, libsodium, libxml2, ncurses }: + +let + rev = "22796663dcad81684ab24308d9db570f6781ba2c"; + +in stdenv.mkDerivation rec { + name = "mpw-${version}-${builtins.substring 0 8 rev}"; + version = "2.6"; + + src = fetchFromGitLab { + owner = "MasterPassword"; + repo = "MasterPassword"; + sha256 = "1f2vqacgbyam1mazawrfim8zwp38gnwf5v3xkkficsfnv789g6fw"; + inherit rev; + }; + + sourceRoot = "./source/platform-independent/c/cli"; + + postPatch = '' + rm build + substituteInPlace mpw-cli-tests \ + --replace '/usr/bin/env bash' ${stdenv.shell} \ + --replace ./mpw ./build/mpw + ''; + + cmakeFlags = [ + "-Dmpw_version=${version}" + "-DBUILD_MPW_TESTS=ON" + ]; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ json_c libxml2 libsodium ncurses ]; + + installPhase = '' + runHook preInstall + + install -Dm755 mpw $out/bin/mpw + install -Dm644 ../mpw.completion.bash $out/share/bash-completion/completions/_mpw + install -Dm644 ../../../../README.md $out/share/doc/mpw/README.md + + runHook postInstall + ''; + + doCheck = true; + + checkPhase = '' + runHook preCheck + + ../mpw-cli-tests + + runHook postCheck + ''; + + meta = with lib; { + description = "A stateless password management solution"; + homepage = "https://masterpasswordapp.com/"; + license = licenses.gpl3; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/munge/default.nix b/nixpkgs/pkgs/tools/security/munge/default.nix new file mode 100644 index 000000000000..01e208958a50 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/munge/default.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchFromGitHub, autoreconfHook, gawk, gnused, libgcrypt, zlib, bzip2 }: + +stdenv.mkDerivation rec { + pname = "munge"; + version = "0.5.14"; + + src = fetchFromGitHub { + owner = "dun"; + repo = "munge"; + rev = "${pname}-${version}"; + sha256 = "15h805rwcb9f89dyrkxfclzs41n3ff8x7cc1dbvs8mb0ds682c4j"; + }; + + nativeBuildInputs = [ autoreconfHook gawk gnused ]; + buildInputs = [ libgcrypt zlib bzip2 ]; + + preAutoreconf = '' + # Remove the install-data stuff, since it tries to write to /var + substituteInPlace src/Makefile.am --replace "etc \\" "\\" + ''; + + configureFlags = [ + "--localstatedir=/var" + ]; + + meta = with lib; { + description = '' + An authentication service for creating and validating credentials + ''; + license = licenses.lgpl3; + platforms = platforms.unix; + maintainers = [ maintainers.rickynils ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/naabu/default.nix b/nixpkgs/pkgs/tools/security/naabu/default.nix new file mode 100644 index 000000000000..5acd0a93ac22 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/naabu/default.nix @@ -0,0 +1,42 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, libpcap +}: + +buildGoModule rec { + pname = "naabu"; + version = "2.0.5"; + + src = fetchFromGitHub { + owner = "projectdiscovery"; + repo = "naabu"; + rev = "v${version}"; + sha256 = "0kbpfb1ryfqy8a54ksm7zm8pqy8f4adh06jc1ccpdxks3k0rygid"; + }; + + vendorSha256 = "17x60x68hd2jm84xw5mgsclv6phn6ajkp92kpcz013vlkcdaqrxs"; + + buildInputs = [ + libpcap + ]; + + modRoot = "./v2"; + + subPackages = [ + "cmd/naabu/" + ]; + + meta = with lib; { + description = "Fast SYN/CONNECT port scanner"; + longDescription = '' + Naabu is a port scanning tool written in Go that allows you to enumerate + valid ports for hosts in a fast and reliable manner. It is a really simple + tool that does fast SYN/CONNECT scans on the host/list of hosts and lists + all ports that return a reply. + ''; + homepage = "https://github.com/projectdiscovery/naabu"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nasty/default.nix b/nixpkgs/pkgs/tools/security/nasty/default.nix new file mode 100644 index 000000000000..b3b19c9268bf --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nasty/default.nix @@ -0,0 +1,36 @@ +{ lib, stdenv, fetchurl, gpgme }: + +stdenv.mkDerivation rec { + pname = "nasty"; + version = "0.6"; + + src = fetchurl { + url = "https://www.vanheusden.com/nasty/${pname}-${version}.tgz"; + sha256 = "1dznlxr728k1pgy1kwmlm7ivyl3j3rlvkmq34qpwbwbj8rnja1vn"; + }; + + # does not apply cleanly with patchPhase/fetchpatch + # https://sources.debian.net/src/nasty/0.6-3/debian/patches/02_add_largefile_support.patch + CFLAGS = "-D_FILE_OFFSET_BITS=64"; + + buildInputs = [ gpgme ]; + + installPhase = '' + mkdir -p $out/bin + cp nasty $out/bin + ''; + + meta = with lib; { + description = "Recover the passphrase of your PGP or GPG-key"; + longDescription = '' + Nasty is a program that helps you to recover the passphrase of your PGP or GPG-key + in case you forget or lost it. It is mostly a proof-of-concept: with a different implementation + this program could be at least 100x faster. + ''; + homepage = "http://www.vanheusden.com/nasty/"; + license = licenses.gpl2; + maintainers = with maintainers; [ davidak ]; + platforms = platforms.unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/nbtscanner/default.nix b/nixpkgs/pkgs/tools/security/nbtscanner/default.nix new file mode 100644 index 000000000000..6ad9fdd47708 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nbtscanner/default.nix @@ -0,0 +1,29 @@ +{ lib +, stdenv +, rustPlatform +, fetchFromGitHub +, Security +}: + +rustPlatform.buildRustPackage rec { + pname = "nbtscanner"; + version = "0.0.1"; + + src = fetchFromGitHub { + owner = "jonkgrimes"; + repo = pname; + rev = version; + sha256 = "06507a8y41v42cmvjpzimyrzdp972w15fjpc6c6750n1wa2wdl6c"; + }; + + cargoSha256 = "0cis54zmr2x0f4z664lmhk9dzx00hvds6jh3x417308sz7ak11gd"; + + buildInputs = lib.optional stdenv.isDarwin Security; + + meta = with lib; { + description = "NetBIOS scanner written in Rust"; + homepage = "https://github.com/jonkgrimes/nbtscanner"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ncrack/default.nix b/nixpkgs/pkgs/tools/security/ncrack/default.nix new file mode 100644 index 000000000000..e1504eb12b4c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ncrack/default.nix @@ -0,0 +1,23 @@ +{ lib, stdenv, fetchFromGitHub, openssl, zlib }: + +stdenv.mkDerivation rec { + pname = "ncrack"; + version = "0.7"; + + src = fetchFromGitHub { + owner = "nmap"; + repo = "ncrack"; + rev = version; + sha256 = "1gnv5xdd7n04glcpy7q1mkb6f8gdhdrhlrh8z6k4g2pjdhxlz26g"; + }; + + buildInputs = [ openssl zlib ]; + + meta = with lib; { + description = "Network authentication tool"; + homepage = "https://nmap.org/ncrack/"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ siraben ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/neopg/default.nix b/nixpkgs/pkgs/tools/security/neopg/default.nix new file mode 100644 index 000000000000..e39be14475ef --- /dev/null +++ b/nixpkgs/pkgs/tools/security/neopg/default.nix @@ -0,0 +1,49 @@ +{ lib, stdenv +, fetchFromGitHub +, cmake +, sqlite +, botan2 +, boost +, curl +, gettext +, pkg-config +, libusb1 +, gnutls }: + +stdenv.mkDerivation rec { + pname = "neopg"; + version = "0.0.6"; + + src = fetchFromGitHub { + owner = "das-labor"; + repo = "neopg"; + rev = "v${version}"; + sha256 = "15xp5w046ix59cfrhh8ka4camr0d8qqw643g184sqrcqwpk7nbrx"; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ cmake gettext pkg-config ]; + + buildInputs = [ sqlite botan2 boost curl libusb1 gnutls ]; + + doCheck = true; + checkTarget = "test"; + dontUseCmakeBuildDir = true; + + preCheck = '' + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg + ''; + + meta = with lib; { + homepage = "https://neopg.io/"; + description = "Modern replacement for GnuPG 2"; + license = licenses.gpl3; + longDescription = '' + NeoPG starts as an opiniated fork of GnuPG 2 to clean up the code and make it easier to develop. + It is written in C++11. + ''; + maintainers = with maintainers; [ erictapen ]; + platforms = platforms.linux; + broken = true; # fails to build with recent versions of botan. https://github.com/das-labor/neopg/issues/98 + }; +} diff --git a/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix b/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix new file mode 100644 index 000000000000..d6f2e20611d2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix @@ -0,0 +1,43 @@ +{ lib, stdenv, bash-completion, cmake, fetchFromGitHub, hidapi, libusb1, pkg-config +, qtbase, qttranslations, qtsvg, wrapQtAppsHook }: + +stdenv.mkDerivation rec { + pname = "nitrokey-app"; + version = "1.4.2"; + + src = fetchFromGitHub { + owner = "Nitrokey"; + repo = "nitrokey-app"; + rev = "v${version}"; + sha256 = "1k0w921hfrya4q2r7bqn7kgmwvwb7c15k9ymlbnksmfc9yyjyfcv"; + fetchSubmodules = true; + }; + + buildInputs = [ + bash-completion + hidapi + libusb1 + qtbase + qttranslations + qtsvg + ]; + nativeBuildInputs = [ + cmake + pkg-config + wrapQtAppsHook + ]; + cmakeFlags = [ "-DCMAKE_BUILD_TYPE=Release" ]; + + meta = with lib; { + description = "Provides extra functionality for the Nitrokey Pro and Storage"; + longDescription = '' + The nitrokey-app provides a QT system tray widget with which you can + access the extra functionality of a Nitrokey Storage or Nitrokey Pro. + See https://www.nitrokey.com/ for more information. + ''; + homepage = "https://github.com/Nitrokey/nitrokey-app"; + repositories.git = "https://github.com/Nitrokey/nitrokey-app.git"; + license = licenses.gpl3; + maintainers = with maintainers; [ kaiha fpletz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nitrokey-app/udev-rules.nix b/nixpkgs/pkgs/tools/security/nitrokey-app/udev-rules.nix new file mode 100644 index 000000000000..11dcd63d7761 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nitrokey-app/udev-rules.nix @@ -0,0 +1,20 @@ +{ lib, stdenv, nitrokey-app }: + + +stdenv.mkDerivation { + name = "nitrokey-udev-rules-${lib.getVersion nitrokey-app}"; + + inherit (nitrokey-app) src; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/etc/udev/rules.d + cp libnitrokey/data/41-nitrokey.rules $out/etc/udev/rules.d + ''; + + meta = { + description = "udev rules for Nitrokeys"; + inherit (nitrokey-app.meta) homepage license maintainers; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix b/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix new file mode 100644 index 000000000000..5b9494bf9d37 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix @@ -0,0 +1,31 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "nmap-formatter"; + version = "0.3.0"; + + src = fetchFromGitHub { + owner = "vdjagilev"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-tG91Cutk+RCBPv4Rf8CVnZa5Wh8qgsxEL0C6WIoEdsw="; + }; + + vendorSha256 = "sha256-WXX1b8fPcwIE40w+Kzd7ZuSRXPiYtolRXC/Z8Kc9H2s="; + + postPatch = '' + # Fix hard-coded release + substituteInPlace cmd/root.go \ + --replace "0.2.0" "${version}" + ''; + + meta = with lib; { + description = "Tool that allows you to convert nmap output"; + homepage = "https://github.com/vdjagilev/nmap-formatter"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nmap/default.nix b/nixpkgs/pkgs/tools/security/nmap/default.nix new file mode 100644 index 000000000000..0a6733e993d6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nmap/default.nix @@ -0,0 +1,78 @@ +{ lib, stdenv, fetchurl, fetchpatch, libpcap, pkg-config, openssl, lua5_3 +, pcre, libssh2 +, graphicalSupport ? false +, libX11 ? null +, gtk2 ? null +, python2 ? null +, makeWrapper ? null +, withLua ? true +}: + +with lib; + +stdenv.mkDerivation rec { + pname = "nmap${optionalString graphicalSupport "-graphical"}"; + version = "7.92"; + + src = fetchurl { + url = "https://nmap.org/dist/nmap-${version}.tar.bz2"; + sha256 = "sha256-pUefL4prCyUWdn0vcYnDhsHchY2ZcWfX7Fz8eYx1caE="; + }; + + patches = [ ./zenmap.patch ] + ++ optionals stdenv.cc.isClang [( + # Fixes a compile error due an ambiguous reference to bind(2) in + # nping/EchoServer.cc, which is otherwise resolved to std::bind. + # https://github.com/nmap/nmap/pull/1363 + fetchpatch { + url = "https://github.com/nmap/nmap/commit/5bbe66f1bd8cbd3718f5805139e2e8139e6849bb.diff"; + includes = [ "nping/EchoServer.cc" ]; + sha256 = "0xcph9mycy57yryjg253frxyz87c4135rrbndlqw1400c8jxq70c"; + } + )]; + + prePatch = optionalString stdenv.isDarwin '' + substituteInPlace libz/configure \ + --replace /usr/bin/libtool ar \ + --replace 'AR="libtool"' 'AR="ar"' \ + --replace 'ARFLAGS="-o"' 'ARFLAGS="-r"' + ''; + + configureFlags = [ + (if withLua then "--with-liblua=${lua5_3}" else "--without-liblua") + "--with-liblinear=included" + ] ++ optionals (!graphicalSupport) [ "--without-ndiff" "--without-zenmap" ]; + + makeFlags = optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ + "AR=${stdenv.cc.bintools.targetPrefix}ar" + "RANLIB=${stdenv.cc.bintools.targetPrefix}ranlib" + "CC=${stdenv.cc.targetPrefix}gcc" + ]; + + pythonPath = with python2.pkgs; optionals graphicalSupport [ + pygtk pysqlite pygobject2 pycairo + ]; + + nativeBuildInputs = [ pkg-config ] ++ optionals graphicalSupport [ python2.pkgs.wrapPython ]; + buildInputs = [ pcre libssh2 libpcap openssl ] ++ optionals graphicalSupport (with python2.pkgs; [ + python2 libX11 gtk2 + ]); + + postInstall = optionalString graphicalSupport '' + buildPythonPath "$out $pythonPath" + patchPythonScript $out/bin/ndiff + patchPythonScript $out/bin/zenmap + ''; + + enableParallelBuilding = true; + + doCheck = false; # fails 3 tests, probably needs the net + + meta = { + description = "A free and open source utility for network discovery and security auditing"; + homepage = "http://www.nmap.org"; + license = licenses.gpl2; + platforms = platforms.all; + maintainers = with maintainers; [ thoughtpolice fpletz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nmap/qt.nix b/nixpkgs/pkgs/tools/security/nmap/qt.nix new file mode 100644 index 000000000000..b4e406a0035b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nmap/qt.nix @@ -0,0 +1,60 @@ +{ lib, stdenv +, fetchFromGitHub +, cmake +, pkg-config +, wrapQtAppsHook +, dnsutils +, nmap +, qtbase +, qtscript +, qtwebengine +}: + +stdenv.mkDerivation rec { + pname = "nmapsi4"; + version = "0.5-alpha2"; + + src = fetchFromGitHub { + owner = "nmapsi4"; + repo = "nmapsi4"; + rev = "v${version}"; + sha256 = "sha256-q3XfwJ4TGK4E58haN0Q0xRH4GDpKD8VZzyxHe/VwBqY="; + }; + + nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ]; + + buildInputs = [ qtbase qtscript qtwebengine ]; + + postPatch = '' + substituteInPlace src/platform/digmanager.cpp \ + --replace '"dig"' '"${dnsutils}/bin/dig"' + substituteInPlace src/platform/discover.cpp \ + --replace '"nping"' '"${nmap}/bin/nping"' + for f in \ + src/platform/monitor/monitor.cpp \ + src/platform/nsemanager.cpp ; do + + substituteInPlace $f \ + --replace '"nmap"' '"${nmap}/bin/nmap"' + done + ''; + + postInstall = '' + mv $out/share/applications/kde4/*.desktop $out/share/applications + rmdir $out/share/applications/kde4 + + for f in $out/share/applications/* ; do + substituteInPlace $f \ + --replace Qt4 Qt5 \ + --replace Exec=nmapsi4 Exec=$out/bin/nmapsi4 \ + --replace "Exec=kdesu nmapsi4" "Exec=kdesu $out/bin/nmapsi4" + done + ''; + + meta = with lib; { + description = "Qt frontend for nmap"; + license = licenses.gpl2; + maintainers = with maintainers; [ peterhoeg ]; + inherit (src.meta) homepage; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nmap/zenmap.patch b/nixpkgs/pkgs/tools/security/nmap/zenmap.patch new file mode 100644 index 000000000000..3cd39750c881 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nmap/zenmap.patch @@ -0,0 +1,15 @@ +diff -ruN nmap-5.50.orig/zenmap/zenmapCore/Paths.py nmap-5.50/zenmap/zenmapCore/Paths.py +--- nmap-5.50.orig/zenmap/zenmapCore/Paths.py 2013-06-06 05:52:10.723087428 +0000 ++++ nmap-5.50/zenmap/zenmapCore/Paths.py 2013-06-06 07:07:25.481261761 +0000 +@@ -115,7 +115,10 @@ + else: + # Normal script execution. Look in the current directory to allow + # running from the distribution. +- return os.path.abspath(os.path.dirname(fs_dec(sys.argv[0]))) ++ # ++ # Grrwlf: No,no,dear. That's not a script, thats Nixos wrapper. Go add ++ # those '..' to substract /bin part. ++ return os.path.abspath(os.path.join(os.path.dirname(fs_dec(sys.argv[0])), "..")) + + prefix = get_prefix() + diff --git a/nixpkgs/pkgs/tools/security/nosqli/default.nix b/nixpkgs/pkgs/tools/security/nosqli/default.nix new file mode 100644 index 000000000000..dbe336edc6d0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nosqli/default.nix @@ -0,0 +1,25 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "nosqli"; + version = "0.5.4"; + + src = fetchFromGitHub { + owner = "Charlie-belmer"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-CgD9b5eHDK/8QhQmrqT09Jf9snn9WItNMtTNbJFT2sI="; + }; + + vendorSha256 = "sha256-QnrzEei4Pt4C0vCJu4YN28lWWAqEikmNLrqshd3knx4="; + + meta = with lib; { + description = "NoSql Injection tool for finding vulnerable websites using MongoDB"; + homepage = "https://github.com/Charlie-belmer/nosqli"; + license = with licenses; [ agpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/notary/default.nix b/nixpkgs/pkgs/tools/security/notary/default.nix new file mode 100644 index 000000000000..ab6ec0b16818 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/notary/default.nix @@ -0,0 +1,65 @@ +{ lib, fetchFromGitHub, buildGoPackage, libtool }: + +buildGoPackage rec { + pname = "notary"; + version = "0.6.1"; + gitcommit = "d6e1431f"; + + src = fetchFromGitHub { + owner = "theupdateframework"; + repo = "notary"; + rev = "v${version}"; + sha256 = "1ak9dk6vjny5069hp3w36dbjawcnaq82l3i2qvf7mn7zfglbsnf9"; + }; + + patches = [ ./no-git-usage.patch ]; + + buildInputs = [ libtool ]; + buildPhase = '' + runHook preBuild + cd go/src/github.com/theupdateframework/notary + SKIPENVCHECK=1 make client GITCOMMIT=${gitcommit} + runHook postBuild + ''; + + goPackagePath = "github.com/theupdateframework/notary"; + + installPhase = '' + runHook preInstall + install -D bin/notary $out/bin/notary + runHook postInstall + ''; + + #doCheck = true; # broken by tzdata: 2018g -> 2019a + checkPhase = '' + make test PKGS=github.com/theupdateframework/notary/cmd/notary + ''; + + meta = with lib; { + description = "A project that allows anyone to have trust over arbitrary collections of data"; + longDescription = '' + The Notary project comprises a server and a client for running and + interacting with trusted collections. See the service architecture + documentation for more information. + + Notary aims to make the internet more secure by making it easy for people + to publish and verify content. We often rely on TLS to secure our + communications with a web server which is inherently flawed, as any + compromise of the server enables malicious content to be substituted for + the legitimate content. + + With Notary, publishers can sign their content offline using keys kept + highly secure. Once the publisher is ready to make the content available, + they can push their signed trusted collection to a Notary Server. + + Consumers, having acquired the publisher's public key through a secure + channel, can then communicate with any notary server or (insecure) mirror, + relying only on the publisher's key to determine the validity and + integrity of the received content. + ''; + license = licenses.asl20; + homepage = "https://github.com/theupdateframework/notary"; + maintainers = with maintainers; [ vdemeester ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/notary/no-git-usage.patch b/nixpkgs/pkgs/tools/security/notary/no-git-usage.patch new file mode 100644 index 000000000000..363eefe36921 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/notary/no-git-usage.patch @@ -0,0 +1,15 @@ +diff --git a/Makefile b/Makefile +index ab794165..0cbd047f 100644 +--- a/Makefile ++++ b/Makefile +@@ -5,8 +5,8 @@ PREFIX?=$(shell pwd) + # Add to compile time flags + NOTARY_PKG := github.com/theupdateframework/notary + NOTARY_VERSION := $(shell cat NOTARY_VERSION) +-GITCOMMIT := $(shell git rev-parse --short HEAD) +-GITUNTRACKEDCHANGES := $(shell git status --porcelain --untracked-files=no) ++GITCOMMIT ?= $(shell git rev-parse --short HEAD) ++GITUNTRACKEDCHANGES := + ifneq ($(GITUNTRACKEDCHANGES),) + GITCOMMIT := $(GITCOMMIT)-dirty + endif diff --git a/nixpkgs/pkgs/tools/security/nsjail/001-fix-bison-link-error.patch b/nixpkgs/pkgs/tools/security/nsjail/001-fix-bison-link-error.patch new file mode 100644 index 000000000000..427cea5b02b6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nsjail/001-fix-bison-link-error.patch @@ -0,0 +1,30 @@ +From 8e309a0af0851ab54ca7c6d51b6f3d19ee42c8ee Mon Sep 17 00:00:00 2001 +From: Evangelos Foutras <evangelos@foutrelis.com> +Date: Wed, 17 Mar 2021 16:36:40 +0200 +Subject: [PATCH] Replace YYUSE call with void cast in src/parser.y + +The YYUSE macro was renamed to YY_USE in bison 3.7.5; we might as well +avoid using it altogether and cast the unused variable to void instead. + +Fixes the following linker error: + +/usr/bin/ld: kafel/libkafel.a(libkafel.o): in function `kafel_yyerror': +arm_syscalls.c:(.text+0x6984): undefined reference to `YYUSE' +--- + src/parser.y | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/parser.y b/src/parser.y +index e0f109c..0e01373 100644 +--- a/kafel/src/parser.y ++++ b/kafel/src/parser.y +@@ -420,8 +420,8 @@ const_def + + void yyerror(YYLTYPE * loc, struct kafel_ctxt* ctxt, yyscan_t scanner, + const char *msg) { ++ (void)scanner; /* suppress unused-parameter warning */ + if (!ctxt->lexical_error) { +- YYUSE(scanner); + if (loc->filename != NULL) { + append_error(ctxt, "%s:%d:%d: %s", loc->filename, loc->first_line, loc->first_column, msg); + } else { diff --git a/nixpkgs/pkgs/tools/security/nsjail/default.nix b/nixpkgs/pkgs/tools/security/nsjail/default.nix new file mode 100644 index 000000000000..568113368a08 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nsjail/default.nix @@ -0,0 +1,43 @@ +{ lib, stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkg-config, which +, libnl, protobuf, protobufc, shadow +}: + +stdenv.mkDerivation rec { + pname = "nsjail"; + version = "3.0"; # Bumping? Remove the bison patch. + + src = fetchFromGitHub { + owner = "google"; + repo = "nsjail"; + rev = version; + fetchSubmodules = true; + sha256 = "1w6x8xcrs0i1y3q41gyq8z3cq9x24qablklc4jiydf855lhqn4dh"; + }; + + nativeBuildInputs = [ autoconf bison flex libtool pkg-config which ]; + buildInputs = [ libnl protobuf protobufc ]; + enableParallelBuilding = true; + + patches = [ + # To remove after bumping 3.0 + ./001-fix-bison-link-error.patch + ]; + + preBuild = '' + makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap') + ''; + + installPhase = '' + mkdir -p $out/bin $out/share/man/man1 + install nsjail $out/bin/ + install nsjail.1 $out/share/man/man1/ + ''; + + meta = with lib; { + description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters"; + homepage = "http://nsjail.com/"; + license = licenses.asl20; + maintainers = with maintainers; [ arturcygan bosu c0bw3b ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ntlmrecon/default.nix b/nixpkgs/pkgs/tools/security/ntlmrecon/default.nix new file mode 100644 index 000000000000..d24d4ed4d683 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ntlmrecon/default.nix @@ -0,0 +1,35 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "ntlmrecon"; + version = "0.4"; + disabled = python3.pythonOlder "3.6"; + + src = fetchFromGitHub { + owner = "pwnfoo"; + repo = "NTLMRecon"; + rev = "v-${version}"; + sha256 = "0rrx49li2l9xlcax84qxjf60nbzp3fgq77c36yqmsp0pc9i89ah6"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + colorama + iptools + requests + termcolor + ]; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "ntlmrecon" ]; + + meta = with lib; { + description = "Information enumerator for NTLM authentication enabled web endpoints"; + homepage = "https://github.com/pwnfoo/NTLMRecon"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nuclei/default.nix b/nixpkgs/pkgs/tools/security/nuclei/default.nix new file mode 100644 index 000000000000..91dba36e332d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nuclei/default.nix @@ -0,0 +1,40 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "nuclei"; + version = "2.6.0"; + + src = fetchFromGitHub { + owner = "projectdiscovery"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-NTqpj97M61hJP44gr0mRIOI0Syw3oSQeH0ooNHkLgSE="; + }; + + vendorSha256 = "sha256-/mucUSk8+uAD+lIIKtt9+iNZKE4Y12a7GI6PHlnaPAQ="; + + modRoot = "./v2"; + subPackages = [ + "cmd/nuclei/" + ]; + + # Test files are not part of the release tarball + doCheck = false; + + meta = with lib; { + description = "Tool for configurable targeted scanning"; + longDescription = '' + Nuclei is used to send requests across targets based on a template + leading to zero false positives and providing effective scanning + for known paths. Main use cases for nuclei are during initial + reconnaissance phase to quickly check for low hanging fruits or + CVEs across targets that are known and easily detectable. + ''; + homepage = "https://github.com/projectdiscovery/nuclei"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nwipe/default.nix b/nixpkgs/pkgs/tools/security/nwipe/default.nix new file mode 100644 index 000000000000..8cfa47b5d44a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nwipe/default.nix @@ -0,0 +1,42 @@ +{ lib +, stdenv +, autoreconfHook +, fetchFromGitHub +, ncurses +, parted +, pkg-config +}: + +stdenv.mkDerivation rec { + pname = "nwipe"; + version = "0.32"; + + src = fetchFromGitHub { + owner = "martijnvanbrummelen"; + repo = "nwipe"; + rev = "v${version}"; + sha256 = "sha256-O3kYiai+5KMHWd2om4+HrTIw9lB2wLJF3Mrr6iY2+I8="; + }; + + nativeBuildInputs = [ + autoreconfHook + pkg-config + ]; + + buildInputs = [ + ncurses + parted + ]; + + preConfigure = '' + sh init.sh || : + ''; + + meta = with lib; { + description = "Securely erase disks"; + homepage = "https://github.com/martijnvanbrummelen/nwipe"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ woffs ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix b/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix new file mode 100644 index 000000000000..e542a2ae7140 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchurl, pam, xmlsec }: + +let + # TODO: Switch to OpenPAM once https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/26 is addressed upstream + securityDependency = + if stdenv.isDarwin then xmlsec + else pam; + +in stdenv.mkDerivation rec { + pname = "oath-toolkit"; + version = "2.6.7"; + + src = fetchurl { + url = "mirror://savannah/${pname}/${pname}-${version}.tar.gz"; + sha256 = "1aa620k05lsw3l3slkp2mzma40q3p9wginspn9zk8digiz7dzv9n"; + }; + + buildInputs = [ securityDependency ]; + + configureFlags = lib.optionals stdenv.isDarwin [ "--disable-pam" ]; + + passthru.updateScript = ./update.sh; + + meta = with lib; { + description = "Components for building one-time password authentication systems"; + homepage = "https://www.nongnu.org/oath-toolkit/"; + maintainers = with maintainers; [ schnusch ]; + platforms = with platforms; linux ++ darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/oath-toolkit/update.sh b/nixpkgs/pkgs/tools/security/oath-toolkit/update.sh new file mode 100755 index 000000000000..3502a541fa8c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/oath-toolkit/update.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl git gnugrep nix + +set -euo pipefail + +nixfile='default.nix' +release_url='https://download.savannah.nongnu.org/releases/oath-toolkit/' +attr='oathToolkit' +command='oathtool --version' + +color() { + printf '%s: \033[%sm%s\033[39m\n' "$0" "$1" "$2" >&2 || true +} + +color 32 "downloading $release_url..." +if ! release_page=$(curl -Lf "$release_url"); then + color 31 "cannot download release page" + exit 1 +fi + +tarball_name=$(printf '%s\n' "$release_page" \ + | grep -Po '(?<=href=").*?\.tar\.gz(?=")' \ + | sort -n | tail -n1) +tarball_version="${tarball_name%.tar.*}" +tarball_version="${tarball_version##*-}" +tarball_url="mirror://savannah${release_url#https://*/releases}$tarball_name" + +color 32 "nix-prefetch-url $tarball_url..." +if ! tarball_sha256=$(nix-prefetch-url --type sha256 "$tarball_url"); then + color 31 "cannot prefetch $tarball_url" + exit 1 +fi + +old_version=$(grep -Pom1 '(?<=version = ").*?(?=";)' "$nixfile") + +version=$(printf 'version = "%s";\n' "$tarball_version") +sha256=$(printf 'sha256 = "%s";\n' "$tarball_sha256") +sed -e "s,version = .*,$version," -e "s,sha256 = .*,$sha256," -i "$nixfile" + +if git diff --exit-code "$nixfile" > /dev/stderr; then + printf '\n' >&2 || true + color 32 "$tarball_version is up to date" +else + color 32 "running '$command' with nix-shell..." + nix-shell -p "callPackage ./$nixfile {}" --run "$command" + msg="$attr: $old_version -> $tarball_version" + printf '\n' >&2 || true + color 31 "$msg" + git commit -m "$msg" "$nixfile" +fi diff --git a/nixpkgs/pkgs/tools/security/omapd/default.nix b/nixpkgs/pkgs/tools/security/omapd/default.nix new file mode 100644 index 000000000000..7ce377e601a3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/omapd/default.nix @@ -0,0 +1,36 @@ +{ lib, stdenv, fetchurl, qt4, gdb, zlib }: + +stdenv.mkDerivation rec { + pname = "omapd"; + version = "0.9.2"; + + src = fetchurl { + url = "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/omapd/${pname}-${version}.tgz"; + sha256 = "0d7lgv957jhbsav60j50jhdy3rpcqgql74qsniwnnpm3yqj9p0xc"; + }; + + patches = [ ./zlib.patch ]; + + buildInputs = [ qt4 zlib gdb ]; + + buildPhase = '' + (cd plugins/RAMHashTables; qmake; make) + qmake + make + ''; + + installPhase = '' + install -vD omapd $out/bin/omapd + install -vD omapd.conf $out/etc/omapd.conf + install -vD plugins/libRAMHashTables.so $out/usr/lib/omapd/plugins/libRAMHashTables.so + ln -s $out/usr/lib/omapd/plugins $out/bin/plugins + ''; + + meta = with lib; { + homepage = "https://code.google.com/archive/p/omapd/"; + description = "IF-MAP Server that implements the IF-MAP v1.1 and v2.0 specifications published by the Trusted Computing Group (TCG)"; + license = licenses.gpl3; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/omapd/zlib.patch b/nixpkgs/pkgs/tools/security/omapd/zlib.patch new file mode 100644 index 000000000000..dc0644f2a016 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/omapd/zlib.patch @@ -0,0 +1,9 @@ +diff -uNr omapd-0.9.2-old/omapd.pro omapd-0.9.2/omapd.pro +--- omapd-0.9.2-old/omapd.pro 2015-08-03 09:46:47.463420480 +0200 ++++ omapd-0.9.2/omapd.pro 2015-08-03 09:48:32.238657105 +0200 +@@ -37,4 +37,4 @@ + clientconfiguration.h \ + managementserver.h \ + json.h +-INCLUDEPATH += $$[QT_INSTALL_PREFIX]/src/3rdparty/zlib ++LIBS += -lz diff --git a/nixpkgs/pkgs/tools/security/onesixtyone/default.nix b/nixpkgs/pkgs/tools/security/onesixtyone/default.nix new file mode 100644 index 000000000000..374d1322246b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/onesixtyone/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "onesixtyone"; + version = "unstable-2019-12-26"; + + src = fetchFromGitHub { + owner = "trailofbits"; + repo = "onesixtyone"; + rev = "9ce1dcdad73d45c8694086a4f90d7713be1cbdd7"; + sha256 = "111nxn4pcbx6p9j8cjjxv1j1s7dgf7f4dix8acsmahwbpzinzkg3"; + }; + + buildPhase = '' + $CC -o onesixtyone onesixtyone.c + ''; + + installPhase = '' + install -D onesixtyone $out/bin/onesixtyone + ''; + + meta = with lib; { + description = "Fast SNMP Scanner"; + homepage = "https://github.com/trailofbits/onesixtyone"; + license = licenses.gpl2Plus; + platforms = platforms.unix; + maintainers = [ maintainers.fishi0x01 ]; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/onioncircuits/default.nix b/nixpkgs/pkgs/tools/security/onioncircuits/default.nix new file mode 100644 index 000000000000..0186accc24a8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/onioncircuits/default.nix @@ -0,0 +1,30 @@ +{ lib, fetchgit, python3, intltool, gtk3, gobject-introspection, gnome }: + +python3.pkgs.buildPythonApplication rec { + pname = "onioncircuits"; + version = "0.5"; + + src = fetchgit { + url = "https://git-tails.immerda.ch/onioncircuits/"; + rev = version; + sha256 = "13mqif9b9iajpkrl9ijspdnvy82kxhprxd5mw3njk68rcn4z2pcm"; + }; + + nativeBuildInputs = [ intltool ]; + buildInputs = [ intltool gtk3 gobject-introspection ]; + propagatedBuildInputs = with python3.pkgs; [ stem distutils_extra pygobject3 ]; + + postFixup = '' + wrapProgram "$out/bin/onioncircuits" \ + --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ + --prefix XDG_DATA_DIRS : "$out/share:${gnome.adwaita-icon-theme}/share" + ''; + + meta = with lib; { + homepage = "https://tails.boum.org"; + description = "GTK application to display Tor circuits and streams"; + license = licenses.gpl3; + maintainers = [ ]; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/onlykey-agent/default.nix b/nixpkgs/pkgs/tools/security/onlykey-agent/default.nix new file mode 100644 index 000000000000..84c65b913458 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/onlykey-agent/default.nix @@ -0,0 +1,61 @@ +{ lib +, python3Packages +, onlykey-cli +}: + +let + # onlykey requires a patched version of libagent + lib-agent = with python3Packages; libagent.overridePythonAttrs (oa: rec{ + version = "1.0.2"; + src = fetchPypi { + inherit version; + pname = "lib-agent"; + sha256 = "sha256-NAimivO3m4UUPM4JgLWGq2FbXOaXdQEL/DqZAcy+kEw="; + }; + propagatedBuildInputs = oa.propagatedBuildInputs or [ ] ++ [ + pynacl + docutils + pycryptodome + wheel + ]; + + # turn off testing because I can't get it to work + doCheck = false; + pythonImportsCheck = [ "libagent" ]; + + meta = oa.meta // { + description = "Using OnlyKey as hardware SSH and GPG agent"; + homepage = "https://github.com/trustcrypto/onlykey-agent/tree/ledger"; + maintainers = with maintainers; [ kalbasit ]; + }; + }); +in +python3Packages.buildPythonApplication rec { + pname = "onlykey-agent"; + version = "1.1.11"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "sha256-YH/cqQOVy5s6dTp2JwxM3s4xRTXgwhOr00whtHAwZZI="; + }; + + propagatedBuildInputs = with python3Packages; [ lib-agent onlykey-cli ]; + + # move the python library into the sitePackages. + postInstall = '' + mkdir $out/${python3Packages.python.sitePackages}/onlykey_agent + mv $out/bin/onlykey_agent.py $out/${python3Packages.python.sitePackages}/onlykey_agent/__init__.py + chmod a-x $out/${python3Packages.python.sitePackages}/onlykey_agent/__init__.py + ''; + + # no tests + doCheck = false; + pythonImportsCheck = [ "onlykey_agent" ]; + + meta = with lib; { + description = " The OnlyKey agent is essentially middleware that lets you use OnlyKey as a hardware SSH/GPG device."; + homepage = "https://github.com/trustcrypto/onlykey-agent"; + license = licenses.lgpl3Only; + maintainers = with maintainers; [ kalbasit ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/onlykey-cli/default.nix b/nixpkgs/pkgs/tools/security/onlykey-cli/default.nix new file mode 100644 index 000000000000..934604cae556 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/onlykey-cli/default.nix @@ -0,0 +1,34 @@ +{ lib, python3Packages }: + +python3Packages.buildPythonApplication rec { + pname = "onlykey-cli"; + version = "1.2.5"; + + src = python3Packages.fetchPypi { + inherit version; + pname = "onlykey"; + sha256 = "sha256-7Pr1gXaPF5mctGxDciKKj0YDDQVFFi1+t6QztoKqpAA="; + }; + + propagatedBuildInputs = with python3Packages; [ + aenum + cython + ecdsa + hidapi + onlykey-solo-python + prompt-toolkit + pynacl + six + ]; + + # Requires having the physical onlykey (a usb security key) + doCheck = false; + pythonImportsCheck = [ "onlykey.cli" ]; + + meta = with lib; { + description = "OnlyKey client and command-line tool"; + homepage = "https://github.com/trustcrypto/python-onlykey"; + license = licenses.mit; + maintainers = with maintainers; [ ranfdev ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/onlykey/default.nix b/nixpkgs/pkgs/tools/security/onlykey/default.nix new file mode 100644 index 000000000000..312f580c0239 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/onlykey/default.nix @@ -0,0 +1,63 @@ +{ fetchgit +, lib +, makeDesktopItem +, node_webkit +, pkgs +, runCommand +, stdenv +, writeShellScript +}: + +let + # parse the version from package.json + version = + let + packageJson = lib.importJSON ./package.json; + splits = builtins.split "^.*#v(.*)$" (builtins.getAttr "onlykey" (builtins.head packageJson)); + matches = builtins.elemAt splits 1; + elem = builtins.head matches; + in + elem; + + # this must be updated anytime this package is updated. + onlykeyPkg = "onlykey-git://github.com/trustcrypto/OnlyKey-App.git#v${version}"; + + # define a shortcut to get to onlykey. + onlykey = self."${onlykeyPkg}"; + + super = (import ./onlykey.nix { + inherit pkgs; + inherit (stdenv.hostPlatform) system; + }); + + self = super // { + "${onlykeyPkg}" = super."${onlykeyPkg}".override (attrs: { + # when installing packages, nw tries to download nwjs in its postInstall + # script. There are currently no other postInstall scripts, so this + # should not break other things. + npmFlags = attrs.npmFlags or "" + " --ignore-scripts"; + + # this package requires to be built in order to become runnable. + postInstall = '' + cd $out/lib/node_modules/${attrs.packageName} + npm run build + ''; + }); + }; + + script = writeShellScript "${onlykey.packageName}-starter-${onlykey.version}" '' + ${node_webkit}/bin/nw ${onlykey}/lib/node_modules/${onlykey.packageName}/build + ''; + + desktop = makeDesktopItem { + name = onlykey.packageName; + exec = script; + icon = "${onlykey}/lib/node_modules/${onlykey.packageName}/resources/onlykey_logo_128.png"; + desktopName = onlykey.packageName; + genericName = onlykey.packageName; + }; +in +runCommand "${onlykey.packageName}-${onlykey.version}" { } '' + mkdir -p $out/bin + ln -s ${script} $out/bin/onlykey +'' diff --git a/nixpkgs/pkgs/tools/security/onlykey/generate.sh b/nixpkgs/pkgs/tools/security/onlykey/generate.sh new file mode 100755 index 000000000000..ec3730492323 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/onlykey/generate.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nodePackages.node2nix + +# XXX: --development is given here because we need access to gulp in order to build OnlyKey. +exec node2nix --nodejs-14 --development -i package.json -c onlykey.nix -e ../../../development/node-packages/node-env.nix --no-copy-node-env diff --git a/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix b/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix new file mode 100644 index 000000000000..d6713a0f42a8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix @@ -0,0 +1,7716 @@ +# This file has been generated by node2nix 1.9.0. Do not edit! + +{nodeEnv, fetchurl, fetchgit, nix-gitignore, stdenv, lib, globalBuildInputs ? []}: + +let + sources = { + "@babel/code-frame-7.14.5" = { + name = "_at_babel_slash_code-frame"; + packageName = "@babel/code-frame"; + version = "7.14.5"; + src = fetchurl { + url = "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.14.5.tgz"; + sha512 = "9pzDqyc6OLDaqe+zbACgFkb6fKMNG6CObKpnYXChRsvYGyEdc7CA2BaqeOM+vOtCS5ndmJicPJhKAwYRI6UfFw=="; + }; + }; + "@babel/helper-validator-identifier-7.14.9" = { + name = "_at_babel_slash_helper-validator-identifier"; + packageName = "@babel/helper-validator-identifier"; + version = "7.14.9"; + src = fetchurl { + url = "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.14.9.tgz"; + sha512 = "pQYxPY0UP6IHISRitNe8bsijHex4TWZXi2HwKVsjPiltzlhse2znVcm9Ace510VT1kxIHjGJCZZQBX2gJDbo0g=="; + }; + }; + "@babel/highlight-7.14.5" = { + name = "_at_babel_slash_highlight"; + packageName = "@babel/highlight"; + version = "7.14.5"; + src = fetchurl { + url = "https://registry.npmjs.org/@babel/highlight/-/highlight-7.14.5.tgz"; + sha512 = "qf9u2WFWVV0MppaL877j2dBtQIDgmidgjGk5VIMw3OadXvYaXn66U1BFlH2t4+t3i+8PhedppRv+i40ABzd+gg=="; + }; + }; + "@gulp-sourcemaps/identity-map-1.0.2" = { + name = "_at_gulp-sourcemaps_slash_identity-map"; + packageName = "@gulp-sourcemaps/identity-map"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/@gulp-sourcemaps/identity-map/-/identity-map-1.0.2.tgz"; + sha512 = "ciiioYMLdo16ShmfHBXJBOFm3xPC4AuwO4xeRpFeHz7WK9PYsWCmigagG2XyzZpubK4a3qNKoUBDhbzHfa50LQ=="; + }; + }; + "@gulp-sourcemaps/map-sources-1.0.0" = { + name = "_at_gulp-sourcemaps_slash_map-sources"; + packageName = "@gulp-sourcemaps/map-sources"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/@gulp-sourcemaps/map-sources/-/map-sources-1.0.0.tgz"; + sha1 = "890ae7c5d8c877f6d384860215ace9d7ec945bda"; + }; + }; + "@ungap/promise-all-settled-1.1.2" = { + name = "_at_ungap_slash_promise-all-settled"; + packageName = "@ungap/promise-all-settled"; + version = "1.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz"; + sha512 = "sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q=="; + }; + }; + "abbrev-1.1.1" = { + name = "abbrev"; + packageName = "abbrev"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz"; + sha512 = "nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q=="; + }; + }; + "acorn-5.7.4" = { + name = "acorn"; + packageName = "acorn"; + version = "5.7.4"; + src = fetchurl { + url = "https://registry.npmjs.org/acorn/-/acorn-5.7.4.tgz"; + sha512 = "1D++VG7BhrtvQpNbBzovKNc1FLGGEE/oGe7b9xJm/RFHMBeUaUGpluV9RLjZa47YFdPcDAenEYuq9pQPcMdLJg=="; + }; + }; + "acorn-7.4.1" = { + name = "acorn"; + packageName = "acorn"; + version = "7.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz"; + sha512 = "nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A=="; + }; + }; + "acorn-jsx-5.3.2" = { + name = "acorn-jsx"; + packageName = "acorn-jsx"; + version = "5.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz"; + sha512 = "rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ=="; + }; + }; + "ajv-6.12.6" = { + name = "ajv"; + packageName = "ajv"; + version = "6.12.6"; + src = fetchurl { + url = "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz"; + sha512 = "j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g=="; + }; + }; + "ansi-colors-1.1.0" = { + name = "ansi-colors"; + packageName = "ansi-colors"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-colors/-/ansi-colors-1.1.0.tgz"; + sha512 = "SFKX67auSNoVR38N3L+nvsPjOE0bybKTYbkf5tRvushrAPQ9V75huw0ZxBkKVeRU9kqH3d6HA4xTckbwZ4ixmA=="; + }; + }; + "ansi-colors-4.1.1" = { + name = "ansi-colors"; + packageName = "ansi-colors"; + version = "4.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz"; + sha512 = "JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA=="; + }; + }; + "ansi-escapes-4.3.2" = { + name = "ansi-escapes"; + packageName = "ansi-escapes"; + version = "4.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz"; + sha512 = "gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ=="; + }; + }; + "ansi-gray-0.1.1" = { + name = "ansi-gray"; + packageName = "ansi-gray"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-gray/-/ansi-gray-0.1.1.tgz"; + sha1 = "2962cf54ec9792c48510a3deb524436861ef7251"; + }; + }; + "ansi-regex-2.1.1" = { + name = "ansi-regex"; + packageName = "ansi-regex"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz"; + sha1 = "c3b33ab5ee360d86e0e628f0468ae7ef27d654df"; + }; + }; + "ansi-regex-4.1.0" = { + name = "ansi-regex"; + packageName = "ansi-regex"; + version = "4.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz"; + sha512 = "1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg=="; + }; + }; + "ansi-regex-5.0.0" = { + name = "ansi-regex"; + packageName = "ansi-regex"; + version = "5.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz"; + sha512 = "bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg=="; + }; + }; + "ansi-styles-2.2.1" = { + name = "ansi-styles"; + packageName = "ansi-styles"; + version = "2.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz"; + sha1 = "b432dd3358b634cf75e1e4664368240533c1ddbe"; + }; + }; + "ansi-styles-3.2.1" = { + name = "ansi-styles"; + packageName = "ansi-styles"; + version = "3.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz"; + sha512 = "VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA=="; + }; + }; + "ansi-styles-4.3.0" = { + name = "ansi-styles"; + packageName = "ansi-styles"; + version = "4.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz"; + sha512 = "zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="; + }; + }; + "ansi-wrap-0.1.0" = { + name = "ansi-wrap"; + packageName = "ansi-wrap"; + version = "0.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-wrap/-/ansi-wrap-0.1.0.tgz"; + sha1 = "a82250ddb0015e9a27ca82e82ea603bbfa45efaf"; + }; + }; + "anymatch-1.3.2" = { + name = "anymatch"; + packageName = "anymatch"; + version = "1.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/anymatch/-/anymatch-1.3.2.tgz"; + sha512 = "0XNayC8lTHQ2OI8aljNCN3sSx6hsr/1+rlcDAotXJR7C1oZZHCNsfpbKwMjRA3Uqb5tF1Rae2oloTr4xpq+WjA=="; + }; + }; + "anymatch-2.0.0" = { + name = "anymatch"; + packageName = "anymatch"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/anymatch/-/anymatch-2.0.0.tgz"; + sha512 = "5teOsQWABXHHBFP9y3skS5P3d/WfWXpv3FUpy+LorMrNYaT9pI4oLMQX7jzQ2KklNpGpWHzdCXTDT2Y3XGlZBw=="; + }; + }; + "anymatch-3.1.2" = { + name = "anymatch"; + packageName = "anymatch"; + version = "3.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz"; + sha512 = "P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg=="; + }; + }; + "append-buffer-1.0.2" = { + name = "append-buffer"; + packageName = "append-buffer"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/append-buffer/-/append-buffer-1.0.2.tgz"; + sha1 = "d8220cf466081525efea50614f3de6514dfa58f1"; + }; + }; + "applescript-1.0.0" = { + name = "applescript"; + packageName = "applescript"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/applescript/-/applescript-1.0.0.tgz"; + sha1 = "bb87af568cad034a4e48c4bdaf6067a3a2701317"; + }; + }; + "archy-1.0.0" = { + name = "archy"; + packageName = "archy"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/archy/-/archy-1.0.0.tgz"; + sha1 = "f9c8c13757cc1dd7bc379ac77b2c62a5c2868c40"; + }; + }; + "argparse-1.0.10" = { + name = "argparse"; + packageName = "argparse"; + version = "1.0.10"; + src = fetchurl { + url = "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz"; + sha512 = "o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg=="; + }; + }; + "argparse-2.0.1" = { + name = "argparse"; + packageName = "argparse"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz"; + sha512 = "8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="; + }; + }; + "arr-diff-2.0.0" = { + name = "arr-diff"; + packageName = "arr-diff"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/arr-diff/-/arr-diff-2.0.0.tgz"; + sha1 = "8f3b827f955a8bd669697e4a4256ac3ceae356cf"; + }; + }; + "arr-diff-4.0.0" = { + name = "arr-diff"; + packageName = "arr-diff"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/arr-diff/-/arr-diff-4.0.0.tgz"; + sha1 = "d6461074febfec71e7e15235761a329a5dc7c520"; + }; + }; + "arr-filter-1.1.2" = { + name = "arr-filter"; + packageName = "arr-filter"; + version = "1.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/arr-filter/-/arr-filter-1.1.2.tgz"; + sha1 = "43fdddd091e8ef11aa4c45d9cdc18e2dff1711ee"; + }; + }; + "arr-flatten-1.1.0" = { + name = "arr-flatten"; + packageName = "arr-flatten"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.1.0.tgz"; + sha512 = "L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg=="; + }; + }; + "arr-map-2.0.2" = { + name = "arr-map"; + packageName = "arr-map"; + version = "2.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/arr-map/-/arr-map-2.0.2.tgz"; + sha1 = "3a77345ffc1cf35e2a91825601f9e58f2e24cac4"; + }; + }; + "arr-union-3.1.0" = { + name = "arr-union"; + packageName = "arr-union"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/arr-union/-/arr-union-3.1.0.tgz"; + sha1 = "e39b09aea9def866a8f206e288af63919bae39c4"; + }; + }; + "array-each-1.0.1" = { + name = "array-each"; + packageName = "array-each"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/array-each/-/array-each-1.0.1.tgz"; + sha1 = "a794af0c05ab1752846ee753a1f211a05ba0c44f"; + }; + }; + "array-initial-1.1.0" = { + name = "array-initial"; + packageName = "array-initial"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/array-initial/-/array-initial-1.1.0.tgz"; + sha1 = "2fa74b26739371c3947bd7a7adc73be334b3d795"; + }; + }; + "array-last-1.3.0" = { + name = "array-last"; + packageName = "array-last"; + version = "1.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/array-last/-/array-last-1.3.0.tgz"; + sha512 = "eOCut5rXlI6aCOS7Z7kCplKRKyiFQ6dHFBem4PwlwKeNFk2/XxTrhRh5T9PyaEWGy/NHTZWbY+nsZlNFJu9rYg=="; + }; + }; + "array-slice-1.1.0" = { + name = "array-slice"; + packageName = "array-slice"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/array-slice/-/array-slice-1.1.0.tgz"; + sha512 = "B1qMD3RBP7O8o0H2KbrXDyB0IccejMF15+87Lvlor12ONPRHP6gTjXMNkt/d3ZuOGbAe66hFmaCfECI24Ufp6w=="; + }; + }; + "array-sort-1.0.0" = { + name = "array-sort"; + packageName = "array-sort"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/array-sort/-/array-sort-1.0.0.tgz"; + sha512 = "ihLeJkonmdiAsD7vpgN3CRcx2J2S0TiYW+IS/5zHBI7mKUq3ySvBdzzBfD236ubDBQFiiyG3SWCPc+msQ9KoYg=="; + }; + }; + "array-unique-0.2.1" = { + name = "array-unique"; + packageName = "array-unique"; + version = "0.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/array-unique/-/array-unique-0.2.1.tgz"; + sha1 = "a1d97ccafcbc2625cc70fadceb36a50c58b01a53"; + }; + }; + "array-unique-0.3.2" = { + name = "array-unique"; + packageName = "array-unique"; + version = "0.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz"; + sha1 = "a894b75d4bc4f6cd679ef3244a9fd8f46ae2d428"; + }; + }; + "asn1-0.2.4" = { + name = "asn1"; + packageName = "asn1"; + version = "0.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz"; + sha512 = "jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg=="; + }; + }; + "assert-plus-1.0.0" = { + name = "assert-plus"; + packageName = "assert-plus"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"; + sha1 = "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"; + }; + }; + "assertion-error-1.1.0" = { + name = "assertion-error"; + packageName = "assertion-error"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz"; + sha512 = "jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw=="; + }; + }; + "assign-symbols-1.0.0" = { + name = "assign-symbols"; + packageName = "assign-symbols"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/assign-symbols/-/assign-symbols-1.0.0.tgz"; + sha1 = "59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367"; + }; + }; + "astral-regex-1.0.0" = { + name = "astral-regex"; + packageName = "astral-regex"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/astral-regex/-/astral-regex-1.0.0.tgz"; + sha512 = "+Ryf6g3BKoRc7jfp7ad8tM4TtMiaWvbF/1/sQcZPkkS7ag3D5nMBCe2UfOTONtAkaG0tO0ij3C5Lwmf1EiyjHg=="; + }; + }; + "async-done-1.3.2" = { + name = "async-done"; + packageName = "async-done"; + version = "1.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/async-done/-/async-done-1.3.2.tgz"; + sha512 = "uYkTP8dw2og1tu1nmza1n1CMW0qb8gWWlwqMmLb7MhBVs4BXrFziT6HXUd+/RlRA/i4H9AkofYloUbs1fwMqlw=="; + }; + }; + "async-each-1.0.3" = { + name = "async-each"; + packageName = "async-each"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/async-each/-/async-each-1.0.3.tgz"; + sha512 = "z/WhQ5FPySLdvREByI2vZiTWwCnF0moMJ1hK9YQwDTHKh6I7/uSckMetoRGb5UBZPC1z0jlw+n/XCgjeH7y1AQ=="; + }; + }; + "async-settle-1.0.0" = { + name = "async-settle"; + packageName = "async-settle"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/async-settle/-/async-settle-1.0.0.tgz"; + sha1 = "1d0a914bb02575bec8a8f3a74e5080f72b2c0c6b"; + }; + }; + "asynckit-0.4.0" = { + name = "asynckit"; + packageName = "asynckit"; + version = "0.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz"; + sha1 = "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"; + }; + }; + "atob-2.1.2" = { + name = "atob"; + packageName = "atob"; + version = "2.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz"; + sha512 = "Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg=="; + }; + }; + "auto-launch-5.0.5" = { + name = "auto-launch"; + packageName = "auto-launch"; + version = "5.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/auto-launch/-/auto-launch-5.0.5.tgz"; + sha512 = "ppdF4mihhYzMYLuCcx9H/c5TUOCev8uM7en53zWVQhyYAJrurd2bFZx3qQVeJKF2jrc7rsPRNN5cD+i23l6PdA=="; + }; + }; + "aws-sign2-0.7.0" = { + name = "aws-sign2"; + packageName = "aws-sign2"; + version = "0.7.0"; + src = fetchurl { + url = "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz"; + sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"; + }; + }; + "aws4-1.11.0" = { + name = "aws4"; + packageName = "aws4"; + version = "1.11.0"; + src = fetchurl { + url = "https://registry.npmjs.org/aws4/-/aws4-1.11.0.tgz"; + sha512 = "xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA=="; + }; + }; + "bach-1.2.0" = { + name = "bach"; + packageName = "bach"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/bach/-/bach-1.2.0.tgz"; + sha1 = "4b3ce96bf27134f79a1b414a51c14e34c3bd9880"; + }; + }; + "balanced-match-1.0.2" = { + name = "balanced-match"; + packageName = "balanced-match"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz"; + sha512 = "3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="; + }; + }; + "base-0.11.2" = { + name = "base"; + packageName = "base"; + version = "0.11.2"; + src = fetchurl { + url = "https://registry.npmjs.org/base/-/base-0.11.2.tgz"; + sha512 = "5T6P4xPgpp0YDFvSWwEZ4NoE3aM4QBQXDzmVbraCkFj8zHM+mba8SyqB5DbZWyR7mYHo6Y7BdQo3MoA4m0TeQg=="; + }; + }; + "base64-js-1.5.1" = { + name = "base64-js"; + packageName = "base64-js"; + version = "1.5.1"; + src = fetchurl { + url = "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz"; + sha512 = "AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA=="; + }; + }; + "bcrypt-pbkdf-1.0.2" = { + name = "bcrypt-pbkdf"; + packageName = "bcrypt-pbkdf"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz"; + sha1 = "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"; + }; + }; + "binary-0.3.0" = { + name = "binary"; + packageName = "binary"; + version = "0.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/binary/-/binary-0.3.0.tgz"; + sha1 = "9f60553bc5ce8c3386f3b553cff47462adecaa79"; + }; + }; + "binary-extensions-1.13.1" = { + name = "binary-extensions"; + packageName = "binary-extensions"; + version = "1.13.1"; + src = fetchurl { + url = "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.13.1.tgz"; + sha512 = "Un7MIEDdUC5gNpcGDV97op1Ywk748MpHcFTHoYs6qnj1Z3j7I53VG3nwZhKzoBZmbdRNnb6WRdFlwl7tSDuZGw=="; + }; + }; + "binary-extensions-2.2.0" = { + name = "binary-extensions"; + packageName = "binary-extensions"; + version = "2.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz"; + sha512 = "jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA=="; + }; + }; + "bindings-1.5.0" = { + name = "bindings"; + packageName = "bindings"; + version = "1.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz"; + sha512 = "p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ=="; + }; + }; + "bl-1.2.3" = { + name = "bl"; + packageName = "bl"; + version = "1.2.3"; + src = fetchurl { + url = "https://registry.npmjs.org/bl/-/bl-1.2.3.tgz"; + sha512 = "pvcNpa0UU69UT341rO6AYy4FVAIkUHuZXRIWbq+zHnsVcRzDDjIAhGuuYoi0d//cwIwtt4pkpKycWEfjdV+vww=="; + }; + }; + "brace-expansion-1.1.11" = { + name = "brace-expansion"; + packageName = "brace-expansion"; + version = "1.1.11"; + src = fetchurl { + url = "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz"; + sha512 = "iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA=="; + }; + }; + "braces-1.8.5" = { + name = "braces"; + packageName = "braces"; + version = "1.8.5"; + src = fetchurl { + url = "https://registry.npmjs.org/braces/-/braces-1.8.5.tgz"; + sha1 = "ba77962e12dff969d6b76711e914b737857bf6a7"; + }; + }; + "braces-2.3.2" = { + name = "braces"; + packageName = "braces"; + version = "2.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz"; + sha512 = "aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w=="; + }; + }; + "braces-3.0.2" = { + name = "braces"; + packageName = "braces"; + version = "3.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz"; + sha512 = "b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A=="; + }; + }; + "browser-stdout-1.3.1" = { + name = "browser-stdout"; + packageName = "browser-stdout"; + version = "1.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz"; + sha512 = "qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw=="; + }; + }; + "buffer-5.7.1" = { + name = "buffer"; + packageName = "buffer"; + version = "5.7.1"; + src = fetchurl { + url = "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz"; + sha512 = "EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ=="; + }; + }; + "buffer-alloc-1.2.0" = { + name = "buffer-alloc"; + packageName = "buffer-alloc"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/buffer-alloc/-/buffer-alloc-1.2.0.tgz"; + sha512 = "CFsHQgjtW1UChdXgbyJGtnm+O/uLQeZdtbDo8mfUgYXCHSM1wgrVxXm6bSyrUuErEb+4sYVGCzASBRot7zyrow=="; + }; + }; + "buffer-alloc-unsafe-1.1.0" = { + name = "buffer-alloc-unsafe"; + packageName = "buffer-alloc-unsafe"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/buffer-alloc-unsafe/-/buffer-alloc-unsafe-1.1.0.tgz"; + sha512 = "TEM2iMIEQdJ2yjPJoSIsldnleVaAk1oW3DBVUykyOLsEsFmEc9kn+SFFPz+gl54KQNxlDnAwCXosOS9Okx2xAg=="; + }; + }; + "buffer-crc32-0.2.13" = { + name = "buffer-crc32"; + packageName = "buffer-crc32"; + version = "0.2.13"; + src = fetchurl { + url = "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz"; + sha1 = "0d333e3f00eac50aa1454abd30ef8c2a5d9a7242"; + }; + }; + "buffer-equal-1.0.0" = { + name = "buffer-equal"; + packageName = "buffer-equal"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/buffer-equal/-/buffer-equal-1.0.0.tgz"; + sha1 = "59616b498304d556abd466966b22eeda3eca5fbe"; + }; + }; + "buffer-fill-1.0.0" = { + name = "buffer-fill"; + packageName = "buffer-fill"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/buffer-fill/-/buffer-fill-1.0.0.tgz"; + sha1 = "f8f78b76789888ef39f205cd637f68e702122b2c"; + }; + }; + "buffer-from-1.1.2" = { + name = "buffer-from"; + packageName = "buffer-from"; + version = "1.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz"; + sha512 = "E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ=="; + }; + }; + "buffer-to-vinyl-1.1.0" = { + name = "buffer-to-vinyl"; + packageName = "buffer-to-vinyl"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/buffer-to-vinyl/-/buffer-to-vinyl-1.1.0.tgz"; + sha1 = "00f15faee3ab7a1dda2cde6d9121bffdd07b2262"; + }; + }; + "buffers-0.1.1" = { + name = "buffers"; + packageName = "buffers"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/buffers/-/buffers-0.1.1.tgz"; + sha1 = "b24579c3bed4d6d396aeee6d9a8ae7f5482ab7bb"; + }; + }; + "cache-base-1.0.1" = { + name = "cache-base"; + packageName = "cache-base"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/cache-base/-/cache-base-1.0.1.tgz"; + sha512 = "AKcdTnFSWATd5/GCPRxr2ChwIJ85CeyrEyjRHlKxQ56d4XJMGym0uAiKn0xbLOGOl3+yRpOTi484dVCEc5AUzQ=="; + }; + }; + "call-bind-1.0.2" = { + name = "call-bind"; + packageName = "call-bind"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz"; + sha512 = "7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA=="; + }; + }; + "callsites-3.1.0" = { + name = "callsites"; + packageName = "callsites"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz"; + sha512 = "P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ=="; + }; + }; + "camelcase-2.1.1" = { + name = "camelcase"; + packageName = "camelcase"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/camelcase/-/camelcase-2.1.1.tgz"; + sha1 = "7c1d16d679a1bbe59ca02cacecfb011e201f5a1f"; + }; + }; + "camelcase-3.0.0" = { + name = "camelcase"; + packageName = "camelcase"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/camelcase/-/camelcase-3.0.0.tgz"; + sha1 = "32fc4b9fcdaf845fcdf7e73bb97cac2261f0ab0a"; + }; + }; + "camelcase-6.2.0" = { + name = "camelcase"; + packageName = "camelcase"; + version = "6.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/camelcase/-/camelcase-6.2.0.tgz"; + sha512 = "c7wVvbw3f37nuobQNtgsgG9POC9qMbNuMQmTCqZv23b6MIz0fcYpBiOlv9gEN/hdLdnZTDQhg6e9Dq5M1vKvfg=="; + }; + }; + "capture-stack-trace-1.0.1" = { + name = "capture-stack-trace"; + packageName = "capture-stack-trace"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/capture-stack-trace/-/capture-stack-trace-1.0.1.tgz"; + sha512 = "mYQLZnx5Qt1JgB1WEiMCf2647plpGeQ2NMR/5L0HNZzGQo4fuSPnK+wjfPnKZV0aiJDgzmWqqkV/g7JD+DW0qw=="; + }; + }; + "caseless-0.12.0" = { + name = "caseless"; + packageName = "caseless"; + version = "0.12.0"; + src = fetchurl { + url = "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz"; + sha1 = "1b681c21ff84033c826543090689420d187151dc"; + }; + }; + "caw-2.0.1" = { + name = "caw"; + packageName = "caw"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/caw/-/caw-2.0.1.tgz"; + sha512 = "Cg8/ZSBEa8ZVY9HspcGUYaK63d/bN7rqS3CYCzEGUxuYv6UlmcjzDUz2fCFFHyTvUW5Pk0I+3hkA3iXlIj6guA=="; + }; + }; + "chai-4.3.4" = { + name = "chai"; + packageName = "chai"; + version = "4.3.4"; + src = fetchurl { + url = "https://registry.npmjs.org/chai/-/chai-4.3.4.tgz"; + sha512 = "yS5H68VYOCtN1cjfwumDSuzn/9c+yza4f3reKXlE5rUg7SFcCEy90gJvydNgOYtblyf4Zi6jIWRnXOgErta0KA=="; + }; + }; + "chai-as-promised-7.1.1" = { + name = "chai-as-promised"; + packageName = "chai-as-promised"; + version = "7.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/chai-as-promised/-/chai-as-promised-7.1.1.tgz"; + sha512 = "azL6xMoi+uxu6z4rhWQ1jbdUhOMhis2PvscD/xjLqNMkv3BPPp2JyyuTHOrf9BOosGpNQ11v6BKv/g57RXbiaA=="; + }; + }; + "chainsaw-0.1.0" = { + name = "chainsaw"; + packageName = "chainsaw"; + version = "0.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/chainsaw/-/chainsaw-0.1.0.tgz"; + sha1 = "5eab50b28afe58074d0d58291388828b5e5fbc98"; + }; + }; + "chalk-1.1.3" = { + name = "chalk"; + packageName = "chalk"; + version = "1.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz"; + sha1 = "a8115c55e4a702fe4d150abd3872822a7e09fc98"; + }; + }; + "chalk-2.4.2" = { + name = "chalk"; + packageName = "chalk"; + version = "2.4.2"; + src = fetchurl { + url = "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz"; + sha512 = "Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ=="; + }; + }; + "chalk-4.1.2" = { + name = "chalk"; + packageName = "chalk"; + version = "4.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz"; + sha512 = "oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA=="; + }; + }; + "chardet-0.7.0" = { + name = "chardet"; + packageName = "chardet"; + version = "0.7.0"; + src = fetchurl { + url = "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz"; + sha512 = "mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA=="; + }; + }; + "charm-0.1.2" = { + name = "charm"; + packageName = "charm"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/charm/-/charm-0.1.2.tgz"; + sha1 = "06c21eed1a1b06aeb67553cdc53e23274bac2296"; + }; + }; + "check-error-1.0.2" = { + name = "check-error"; + packageName = "check-error"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz"; + sha1 = "574d312edd88bb5dd8912e9286dd6c0aed4aac82"; + }; + }; + "chokidar-1.7.0" = { + name = "chokidar"; + packageName = "chokidar"; + version = "1.7.0"; + src = fetchurl { + url = "https://registry.npmjs.org/chokidar/-/chokidar-1.7.0.tgz"; + sha1 = "798e689778151c8076b4b360e5edd28cda2bb468"; + }; + }; + "chokidar-2.1.8" = { + name = "chokidar"; + packageName = "chokidar"; + version = "2.1.8"; + src = fetchurl { + url = "https://registry.npmjs.org/chokidar/-/chokidar-2.1.8.tgz"; + sha512 = "ZmZUazfOzf0Nve7duiCKD23PFSCs4JPoYyccjUFF3aQkQadqBhfzhjkwBH2mNOG9cTBwhamM37EIsIkZw3nRgg=="; + }; + }; + "chokidar-3.5.1" = { + name = "chokidar"; + packageName = "chokidar"; + version = "3.5.1"; + src = fetchurl { + url = "https://registry.npmjs.org/chokidar/-/chokidar-3.5.1.tgz"; + sha512 = "9+s+Od+W0VJJzawDma/gvBNQqkTiqYTWLuZoyAsivsI4AaWTCzHG06/TMjsf1cYe9Cb97UCEhjz7HvnPk2p/tw=="; + }; + }; + "class-utils-0.3.6" = { + name = "class-utils"; + packageName = "class-utils"; + version = "0.3.6"; + src = fetchurl { + url = "https://registry.npmjs.org/class-utils/-/class-utils-0.3.6.tgz"; + sha512 = "qOhPa/Fj7s6TY8H8esGu5QNpMMQxz79h+urzrNYN6mn+9BnxlDGf5QZ+XeCDsxSjPqsSR56XOZOJmpeurnLMeg=="; + }; + }; + "cli-cursor-3.1.0" = { + name = "cli-cursor"; + packageName = "cli-cursor"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz"; + sha512 = "I/zHAwsKf9FqGoXM4WWRACob9+SNukZTd94DWF57E4toouRulbCxcUh6RKUEOQlYTHJnzkPMySvPNaaSLNfLZw=="; + }; + }; + "cli-width-3.0.0" = { + name = "cli-width"; + packageName = "cli-width"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz"; + sha512 = "FxqpkPPwu1HjuN93Omfm4h8uIanXofW0RxVEW3k5RKx+mJJYSthzNhp32Kzxxy3YAEZ/Dc/EWN1vZRY0+kOhbw=="; + }; + }; + "cliui-3.2.0" = { + name = "cliui"; + packageName = "cliui"; + version = "3.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/cliui/-/cliui-3.2.0.tgz"; + sha1 = "120601537a916d29940f934da3b48d585a39213d"; + }; + }; + "cliui-7.0.4" = { + name = "cliui"; + packageName = "cliui"; + version = "7.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz"; + sha512 = "OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ=="; + }; + }; + "clone-0.2.0" = { + name = "clone"; + packageName = "clone"; + version = "0.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/clone/-/clone-0.2.0.tgz"; + sha1 = "c6126a90ad4f72dbf5acdb243cc37724fe93fc1f"; + }; + }; + "clone-1.0.4" = { + name = "clone"; + packageName = "clone"; + version = "1.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/clone/-/clone-1.0.4.tgz"; + sha1 = "da309cc263df15994c688ca902179ca3c7cd7c7e"; + }; + }; + "clone-2.1.2" = { + name = "clone"; + packageName = "clone"; + version = "2.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/clone/-/clone-2.1.2.tgz"; + sha1 = "1b7f4b9f591f1e8f83670401600345a02887435f"; + }; + }; + "clone-buffer-1.0.0" = { + name = "clone-buffer"; + packageName = "clone-buffer"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/clone-buffer/-/clone-buffer-1.0.0.tgz"; + sha1 = "e3e25b207ac4e701af721e2cb5a16792cac3dc58"; + }; + }; + "clone-stats-0.0.1" = { + name = "clone-stats"; + packageName = "clone-stats"; + version = "0.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/clone-stats/-/clone-stats-0.0.1.tgz"; + sha1 = "b88f94a82cf38b8791d58046ea4029ad88ca99d1"; + }; + }; + "clone-stats-1.0.0" = { + name = "clone-stats"; + packageName = "clone-stats"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/clone-stats/-/clone-stats-1.0.0.tgz"; + sha1 = "b3782dff8bb5474e18b9b6bf0fdfe782f8777680"; + }; + }; + "cloneable-readable-1.1.3" = { + name = "cloneable-readable"; + packageName = "cloneable-readable"; + version = "1.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/cloneable-readable/-/cloneable-readable-1.1.3.tgz"; + sha512 = "2EF8zTQOxYq70Y4XKtorQupqF0m49MBz2/yf5Bj+MHjvpG3Hy7sImifnqD6UA+TKYxeSV+u6qqQPawN5UvnpKQ=="; + }; + }; + "code-point-at-1.1.0" = { + name = "code-point-at"; + packageName = "code-point-at"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/code-point-at/-/code-point-at-1.1.0.tgz"; + sha1 = "0d070b4d043a5bea33a2f1a40e2edb3d9a4ccf77"; + }; + }; + "collection-map-1.0.0" = { + name = "collection-map"; + packageName = "collection-map"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/collection-map/-/collection-map-1.0.0.tgz"; + sha1 = "aea0f06f8d26c780c2b75494385544b2255af18c"; + }; + }; + "collection-visit-1.0.0" = { + name = "collection-visit"; + packageName = "collection-visit"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/collection-visit/-/collection-visit-1.0.0.tgz"; + sha1 = "4bc0373c164bc3291b4d368c829cf1a80a59dca0"; + }; + }; + "color-convert-1.9.3" = { + name = "color-convert"; + packageName = "color-convert"; + version = "1.9.3"; + src = fetchurl { + url = "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz"; + sha512 = "QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg=="; + }; + }; + "color-convert-2.0.1" = { + name = "color-convert"; + packageName = "color-convert"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz"; + sha512 = "RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ=="; + }; + }; + "color-name-1.1.3" = { + name = "color-name"; + packageName = "color-name"; + version = "1.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz"; + sha1 = "a7d0558bd89c42f795dd42328f740831ca53bc25"; + }; + }; + "color-name-1.1.4" = { + name = "color-name"; + packageName = "color-name"; + version = "1.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz"; + sha512 = "dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="; + }; + }; + "color-support-1.1.3" = { + name = "color-support"; + packageName = "color-support"; + version = "1.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/color-support/-/color-support-1.1.3.tgz"; + sha512 = "qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg=="; + }; + }; + "combined-stream-1.0.8" = { + name = "combined-stream"; + packageName = "combined-stream"; + version = "1.0.8"; + src = fetchurl { + url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz"; + sha512 = "FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg=="; + }; + }; + "commander-2.20.3" = { + name = "commander"; + packageName = "commander"; + version = "2.20.3"; + src = fetchurl { + url = "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz"; + sha512 = "GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="; + }; + }; + "component-emitter-1.3.0" = { + name = "component-emitter"; + packageName = "component-emitter"; + version = "1.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.0.tgz"; + sha512 = "Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg=="; + }; + }; + "concat-map-0.0.1" = { + name = "concat-map"; + packageName = "concat-map"; + version = "0.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz"; + sha1 = "d8a96bd77fd68df7793a73036a3ba0d5405d477b"; + }; + }; + "concat-stream-1.6.2" = { + name = "concat-stream"; + packageName = "concat-stream"; + version = "1.6.2"; + src = fetchurl { + url = "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz"; + sha512 = "27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw=="; + }; + }; + "config-chain-1.1.13" = { + name = "config-chain"; + packageName = "config-chain"; + version = "1.1.13"; + src = fetchurl { + url = "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz"; + sha512 = "qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ=="; + }; + }; + "convert-source-map-1.8.0" = { + name = "convert-source-map"; + packageName = "convert-source-map"; + version = "1.8.0"; + src = fetchurl { + url = "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.8.0.tgz"; + sha512 = "+OQdjP49zViI/6i7nIJpA8rAl4sV/JdPfU9nZs3VqOwGIgizICvuN2ru6fMd+4llL0tar18UYJXfZ/TWtmhUjA=="; + }; + }; + "copy-descriptor-0.1.1" = { + name = "copy-descriptor"; + packageName = "copy-descriptor"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/copy-descriptor/-/copy-descriptor-0.1.1.tgz"; + sha1 = "676f6eb3c39997c2ee1ac3a924fd6124748f578d"; + }; + }; + "copy-props-2.0.5" = { + name = "copy-props"; + packageName = "copy-props"; + version = "2.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/copy-props/-/copy-props-2.0.5.tgz"; + sha512 = "XBlx8HSqrT0ObQwmSzM7WE5k8FxTV75h1DX1Z3n6NhQ/UYYAvInWYmG06vFt7hQZArE2fuO62aihiWIVQwh1sw=="; + }; + }; + "core-util-is-1.0.2" = { + name = "core-util-is"; + packageName = "core-util-is"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz"; + sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7"; + }; + }; + "create-error-class-3.0.2" = { + name = "create-error-class"; + packageName = "create-error-class"; + version = "3.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/create-error-class/-/create-error-class-3.0.2.tgz"; + sha1 = "06be7abef947a3f14a30fd610671d401bca8b7b6"; + }; + }; + "cross-spawn-6.0.5" = { + name = "cross-spawn"; + packageName = "cross-spawn"; + version = "6.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz"; + sha512 = "eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ=="; + }; + }; + "css-2.2.4" = { + name = "css"; + packageName = "css"; + version = "2.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/css/-/css-2.2.4.tgz"; + sha512 = "oUnjmWpy0niI3x/mPL8dVEI1l7MnG3+HHyRPHf+YFSbK+svOhXpmSOcDURUh2aOCgl2grzrOPt1nHLuCVFULLw=="; + }; + }; + "d-1.0.1" = { + name = "d"; + packageName = "d"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/d/-/d-1.0.1.tgz"; + sha512 = "m62ShEObQ39CfralilEQRjH6oAMtNCV1xJyEx5LpRYUVN+EviphDgUc/F3hnYbADmkiNs67Y+3ylmlG7Lnu+FA=="; + }; + }; + "dashdash-1.14.1" = { + name = "dashdash"; + packageName = "dashdash"; + version = "1.14.1"; + src = fetchurl { + url = "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz"; + sha1 = "853cfa0f7cbe2fed5de20326b8dd581035f6e2f0"; + }; + }; + "debounce-1.2.1" = { + name = "debounce"; + packageName = "debounce"; + version = "1.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/debounce/-/debounce-1.2.1.tgz"; + sha512 = "XRRe6Glud4rd/ZGQfiV1ruXSfbvfJedlV9Y6zOlP+2K04vBYiJEte6stfFkCP03aMnY5tsipamumUjL14fofug=="; + }; + }; + "debug-2.6.9" = { + name = "debug"; + packageName = "debug"; + version = "2.6.9"; + src = fetchurl { + url = "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz"; + sha512 = "bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="; + }; + }; + "debug-3.2.7" = { + name = "debug"; + packageName = "debug"; + version = "3.2.7"; + src = fetchurl { + url = "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz"; + sha512 = "CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ=="; + }; + }; + "debug-4.3.1" = { + name = "debug"; + packageName = "debug"; + version = "4.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz"; + sha512 = "doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ=="; + }; + }; + "debug-4.3.2" = { + name = "debug"; + packageName = "debug"; + version = "4.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz"; + sha512 = "mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw=="; + }; + }; + "debug-fabulous-1.1.0" = { + name = "debug-fabulous"; + packageName = "debug-fabulous"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/debug-fabulous/-/debug-fabulous-1.1.0.tgz"; + sha512 = "GZqvGIgKNlUnHUPQhepnUZFIMoi3dgZKQBzKDeL2g7oJF9SNAji/AAu36dusFUas0O+pae74lNeoIPHqXWDkLg=="; + }; + }; + "decamelize-1.2.0" = { + name = "decamelize"; + packageName = "decamelize"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz"; + sha1 = "f6534d15148269b20352e7bee26f501f9a191290"; + }; + }; + "decamelize-4.0.0" = { + name = "decamelize"; + packageName = "decamelize"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz"; + sha512 = "9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ=="; + }; + }; + "decode-uri-component-0.2.0" = { + name = "decode-uri-component"; + packageName = "decode-uri-component"; + version = "0.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz"; + sha1 = "eb3913333458775cb84cd1a1fae062106bb87545"; + }; + }; + "decompress-3.0.0" = { + name = "decompress"; + packageName = "decompress"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress/-/decompress-3.0.0.tgz"; + sha1 = "af1dd50d06e3bfc432461d37de11b38c0d991bed"; + }; + }; + "decompress-4.2.1" = { + name = "decompress"; + packageName = "decompress"; + version = "4.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress/-/decompress-4.2.1.tgz"; + sha512 = "e48kc2IjU+2Zw8cTb6VZcJQ3lgVbS4uuB1TfCHbiZIP/haNXm+SVyhu+87jts5/3ROpd82GSVCoNs/z8l4ZOaQ=="; + }; + }; + "decompress-tar-3.1.0" = { + name = "decompress-tar"; + packageName = "decompress-tar"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress-tar/-/decompress-tar-3.1.0.tgz"; + sha1 = "217c789f9b94450efaadc5c5e537978fc333c466"; + }; + }; + "decompress-tar-4.1.1" = { + name = "decompress-tar"; + packageName = "decompress-tar"; + version = "4.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress-tar/-/decompress-tar-4.1.1.tgz"; + sha512 = "JdJMaCrGpB5fESVyxwpCx4Jdj2AagLmv3y58Qy4GE6HMVjWz1FeVQk1Ct4Kye7PftcdOo/7U7UKzYBJgqnGeUQ=="; + }; + }; + "decompress-tarbz2-3.1.0" = { + name = "decompress-tarbz2"; + packageName = "decompress-tarbz2"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress-tarbz2/-/decompress-tarbz2-3.1.0.tgz"; + sha1 = "8b23935681355f9f189d87256a0f8bdd96d9666d"; + }; + }; + "decompress-tarbz2-4.1.1" = { + name = "decompress-tarbz2"; + packageName = "decompress-tarbz2"; + version = "4.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress-tarbz2/-/decompress-tarbz2-4.1.1.tgz"; + sha512 = "s88xLzf1r81ICXLAVQVzaN6ZmX4A6U4z2nMbOwobxkLoIIfjVMBg7TeguTUXkKeXni795B6y5rnvDw7rxhAq9A=="; + }; + }; + "decompress-targz-3.1.0" = { + name = "decompress-targz"; + packageName = "decompress-targz"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress-targz/-/decompress-targz-3.1.0.tgz"; + sha1 = "b2c13df98166268991b715d6447f642e9696f5a0"; + }; + }; + "decompress-targz-4.1.1" = { + name = "decompress-targz"; + packageName = "decompress-targz"; + version = "4.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress-targz/-/decompress-targz-4.1.1.tgz"; + sha512 = "4z81Znfr6chWnRDNfFNqLwPvm4db3WuZkqV+UgXQzSngG3CEKdBkw5jrv3axjjL96glyiiKjsxJG3X6WBZwX3w=="; + }; + }; + "decompress-unzip-3.4.0" = { + name = "decompress-unzip"; + packageName = "decompress-unzip"; + version = "3.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress-unzip/-/decompress-unzip-3.4.0.tgz"; + sha1 = "61475b4152066bbe3fee12f9d629d15fe6478eeb"; + }; + }; + "decompress-unzip-4.0.1" = { + name = "decompress-unzip"; + packageName = "decompress-unzip"; + version = "4.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress-unzip/-/decompress-unzip-4.0.1.tgz"; + sha1 = "deaaccdfd14aeaf85578f733ae8210f9b4848f69"; + }; + }; + "decompress-zip-0.3.3" = { + name = "decompress-zip"; + packageName = "decompress-zip"; + version = "0.3.3"; + src = fetchurl { + url = "https://registry.npmjs.org/decompress-zip/-/decompress-zip-0.3.3.tgz"; + sha512 = "/fy1L4s+4jujqj3kNptWjilFw3E6De8U6XUFvqmh4npN3Vsypm3oT2V0bXcmbBWS+5j5tr4okYaFrOmyZkszEg=="; + }; + }; + "deep-eql-3.0.1" = { + name = "deep-eql"; + packageName = "deep-eql"; + version = "3.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/deep-eql/-/deep-eql-3.0.1.tgz"; + sha512 = "+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw=="; + }; + }; + "deep-is-0.1.3" = { + name = "deep-is"; + packageName = "deep-is"; + version = "0.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz"; + sha1 = "b369d6fb5dbc13eecf524f91b070feedc357cf34"; + }; + }; + "default-compare-1.0.0" = { + name = "default-compare"; + packageName = "default-compare"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/default-compare/-/default-compare-1.0.0.tgz"; + sha512 = "QWfXlM0EkAbqOCbD/6HjdwT19j7WCkMyiRhWilc4H9/5h/RzTF9gv5LYh1+CmDV5d1rki6KAWLtQale0xt20eQ=="; + }; + }; + "default-resolution-2.0.0" = { + name = "default-resolution"; + packageName = "default-resolution"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/default-resolution/-/default-resolution-2.0.0.tgz"; + sha1 = "bcb82baa72ad79b426a76732f1a81ad6df26d684"; + }; + }; + "define-properties-1.1.3" = { + name = "define-properties"; + packageName = "define-properties"; + version = "1.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz"; + sha512 = "3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ=="; + }; + }; + "define-property-0.2.5" = { + name = "define-property"; + packageName = "define-property"; + version = "0.2.5"; + src = fetchurl { + url = "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz"; + sha1 = "c35b1ef918ec3c990f9a5bc57be04aacec5c8116"; + }; + }; + "define-property-1.0.0" = { + name = "define-property"; + packageName = "define-property"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz"; + sha1 = "769ebaaf3f4a63aad3af9e8d304c9bbe79bfb0e6"; + }; + }; + "define-property-2.0.2" = { + name = "define-property"; + packageName = "define-property"; + version = "2.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz"; + sha512 = "jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ=="; + }; + }; + "delayed-stream-1.0.0" = { + name = "delayed-stream"; + packageName = "delayed-stream"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz"; + sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619"; + }; + }; + "detect-file-1.0.0" = { + name = "detect-file"; + packageName = "detect-file"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/detect-file/-/detect-file-1.0.0.tgz"; + sha1 = "f0d66d03672a825cb1b73bdb3fe62310c8e552b7"; + }; + }; + "detect-newline-2.1.0" = { + name = "detect-newline"; + packageName = "detect-newline"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/detect-newline/-/detect-newline-2.1.0.tgz"; + sha1 = "f41f1c10be4b00e87b5f13da680759f2c5bfd3e2"; + }; + }; + "diff-5.0.0" = { + name = "diff"; + packageName = "diff"; + version = "5.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz"; + sha512 = "/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w=="; + }; + }; + "doctrine-3.0.0" = { + name = "doctrine"; + packageName = "doctrine"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz"; + sha512 = "yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w=="; + }; + }; + "download-5.0.3" = { + name = "download"; + packageName = "download"; + version = "5.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/download/-/download-5.0.3.tgz"; + sha1 = "63537f977f99266a30eb8a2a2fbd1f20b8000f7a"; + }; + }; + "duplexer2-0.1.4" = { + name = "duplexer2"; + packageName = "duplexer2"; + version = "0.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/duplexer2/-/duplexer2-0.1.4.tgz"; + sha1 = "8b12dab878c0d69e3e7891051662a32fc6bddcc1"; + }; + }; + "duplexer3-0.1.4" = { + name = "duplexer3"; + packageName = "duplexer3"; + version = "0.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz"; + sha1 = "ee01dd1cac0ed3cbc7fdbea37dc0a8f1ce002ce2"; + }; + }; + "duplexify-3.7.1" = { + name = "duplexify"; + packageName = "duplexify"; + version = "3.7.1"; + src = fetchurl { + url = "https://registry.npmjs.org/duplexify/-/duplexify-3.7.1.tgz"; + sha512 = "07z8uv2wMyS51kKhD1KsdXJg5WQ6t93RneqRxUHnskXVtlYYkLqM0gqStQZ3pj073g687jPCHrqNfCzawLYh5g=="; + }; + }; + "each-props-1.3.2" = { + name = "each-props"; + packageName = "each-props"; + version = "1.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/each-props/-/each-props-1.3.2.tgz"; + sha512 = "vV0Hem3zAGkJAyU7JSjixeU66rwdynTAa1vofCrSA5fEln+m67Az9CcnkVD776/fsN/UjIWmBDoNRS6t6G9RfA=="; + }; + }; + "ecc-jsbn-0.1.2" = { + name = "ecc-jsbn"; + packageName = "ecc-jsbn"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz"; + sha1 = "3a83a904e54353287874c564b7549386849a98c9"; + }; + }; + "emoji-regex-7.0.3" = { + name = "emoji-regex"; + packageName = "emoji-regex"; + version = "7.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz"; + sha512 = "CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA=="; + }; + }; + "emoji-regex-8.0.0" = { + name = "emoji-regex"; + packageName = "emoji-regex"; + version = "8.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz"; + sha512 = "MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="; + }; + }; + "end-of-stream-1.4.4" = { + name = "end-of-stream"; + packageName = "end-of-stream"; + version = "1.4.4"; + src = fetchurl { + url = "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz"; + sha512 = "+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q=="; + }; + }; + "error-ex-1.3.2" = { + name = "error-ex"; + packageName = "error-ex"; + version = "1.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz"; + sha512 = "7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g=="; + }; + }; + "es5-ext-0.10.53" = { + name = "es5-ext"; + packageName = "es5-ext"; + version = "0.10.53"; + src = fetchurl { + url = "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.53.tgz"; + sha512 = "Xs2Stw6NiNHWypzRTY1MtaG/uJlwCk8kH81920ma8mvN8Xq1gsfhZvpkImLQArw8AHnv8MT2I45J3c0R8slE+Q=="; + }; + }; + "es6-iterator-2.0.3" = { + name = "es6-iterator"; + packageName = "es6-iterator"; + version = "2.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz"; + sha1 = "a7de889141a05a94b0854403b2d0a0fbfa98f3b7"; + }; + }; + "es6-symbol-3.1.3" = { + name = "es6-symbol"; + packageName = "es6-symbol"; + version = "3.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.3.tgz"; + sha512 = "NJ6Yn3FuDinBaBRWl/q5X/s4koRHBrgKAu+yGI6JCBeiu3qrcbJhwT2GeR/EXVfylRk8dpQVJoLEFhK+Mu31NA=="; + }; + }; + "es6-weak-map-2.0.3" = { + name = "es6-weak-map"; + packageName = "es6-weak-map"; + version = "2.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz"; + sha512 = "p5um32HOTO1kP+w7PRnB+5lQ43Z6muuMuIMffvDN8ZB4GcnjLBV6zGStpbASIMk4DCAvEaamhe2zhyCb/QXXsA=="; + }; + }; + "escalade-3.1.1" = { + name = "escalade"; + packageName = "escalade"; + version = "3.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz"; + sha512 = "k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw=="; + }; + }; + "escape-string-regexp-1.0.5" = { + name = "escape-string-regexp"; + packageName = "escape-string-regexp"; + version = "1.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz"; + sha1 = "1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"; + }; + }; + "escape-string-regexp-4.0.0" = { + name = "escape-string-regexp"; + packageName = "escape-string-regexp"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz"; + sha512 = "TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA=="; + }; + }; + "eslint-6.8.0" = { + name = "eslint"; + packageName = "eslint"; + version = "6.8.0"; + src = fetchurl { + url = "https://registry.npmjs.org/eslint/-/eslint-6.8.0.tgz"; + sha512 = "K+Iayyo2LtyYhDSYwz5D5QdWw0hCacNzyq1Y821Xna2xSJj7cijoLLYmLxTQgcgZ9mC61nryMy9S7GRbYpI5Ig=="; + }; + }; + "eslint-scope-5.1.1" = { + name = "eslint-scope"; + packageName = "eslint-scope"; + version = "5.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz"; + sha512 = "2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw=="; + }; + }; + "eslint-utils-1.4.3" = { + name = "eslint-utils"; + packageName = "eslint-utils"; + version = "1.4.3"; + src = fetchurl { + url = "https://registry.npmjs.org/eslint-utils/-/eslint-utils-1.4.3.tgz"; + sha512 = "fbBN5W2xdY45KulGXmLHZ3c3FHfVYmKg0IrAKGOkT/464PQsx2UeIzfz1RmEci+KLm1bBaAzZAh8+/E+XAeZ8Q=="; + }; + }; + "eslint-visitor-keys-1.3.0" = { + name = "eslint-visitor-keys"; + packageName = "eslint-visitor-keys"; + version = "1.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz"; + sha512 = "6J72N8UNa462wa/KFODt/PJ3IU60SDpC3QXC1Hjc1BXXpfL2C9R5+AU7jhe0F6GREqVMh4Juu+NY7xn+6dipUQ=="; + }; + }; + "espree-6.2.1" = { + name = "espree"; + packageName = "espree"; + version = "6.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/espree/-/espree-6.2.1.tgz"; + sha512 = "ysCxRQY3WaXJz9tdbWOwuWr5Y/XrPTGX9Kiz3yoUXwW0VZ4w30HTkQLaGx/+ttFjF8i+ACbArnB4ce68a9m5hw=="; + }; + }; + "esprima-4.0.1" = { + name = "esprima"; + packageName = "esprima"; + version = "4.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz"; + sha512 = "eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A=="; + }; + }; + "esquery-1.4.0" = { + name = "esquery"; + packageName = "esquery"; + version = "1.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/esquery/-/esquery-1.4.0.tgz"; + sha512 = "cCDispWt5vHHtwMY2YrAQ4ibFkAL8RbH5YGBnZBc90MolvvfkkQcJro/aZiAQUlQ3qgrYS6D6v8Gc5G5CQsc9w=="; + }; + }; + "esrecurse-4.3.0" = { + name = "esrecurse"; + packageName = "esrecurse"; + version = "4.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz"; + sha512 = "KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag=="; + }; + }; + "estraverse-4.3.0" = { + name = "estraverse"; + packageName = "estraverse"; + version = "4.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz"; + sha512 = "39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw=="; + }; + }; + "estraverse-5.2.0" = { + name = "estraverse"; + packageName = "estraverse"; + version = "5.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/estraverse/-/estraverse-5.2.0.tgz"; + sha512 = "BxbNGGNm0RyRYvUdHpIwv9IWzeM9XClbOxwoATuFdOE7ZE6wHL+HQ5T8hoPM+zHvmKzzsEqhgy0GrQ5X13afiQ=="; + }; + }; + "esutils-2.0.3" = { + name = "esutils"; + packageName = "esutils"; + version = "2.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz"; + sha512 = "kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g=="; + }; + }; + "event-emitter-0.3.5" = { + name = "event-emitter"; + packageName = "event-emitter"; + version = "0.3.5"; + src = fetchurl { + url = "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz"; + sha1 = "df8c69eef1647923c7157b9ce83840610b02cc39"; + }; + }; + "expand-brackets-0.1.5" = { + name = "expand-brackets"; + packageName = "expand-brackets"; + version = "0.1.5"; + src = fetchurl { + url = "https://registry.npmjs.org/expand-brackets/-/expand-brackets-0.1.5.tgz"; + sha1 = "df07284e342a807cd733ac5af72411e581d1177b"; + }; + }; + "expand-brackets-2.1.4" = { + name = "expand-brackets"; + packageName = "expand-brackets"; + version = "2.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/expand-brackets/-/expand-brackets-2.1.4.tgz"; + sha1 = "b77735e315ce30f6b6eff0f83b04151a22449622"; + }; + }; + "expand-range-1.8.2" = { + name = "expand-range"; + packageName = "expand-range"; + version = "1.8.2"; + src = fetchurl { + url = "https://registry.npmjs.org/expand-range/-/expand-range-1.8.2.tgz"; + sha1 = "a299effd335fe2721ebae8e257ec79644fc85337"; + }; + }; + "expand-tilde-2.0.2" = { + name = "expand-tilde"; + packageName = "expand-tilde"; + version = "2.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz"; + sha1 = "97e801aa052df02454de46b02bf621642cdc8502"; + }; + }; + "ext-1.4.0" = { + name = "ext"; + packageName = "ext"; + version = "1.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ext/-/ext-1.4.0.tgz"; + sha512 = "Key5NIsUxdqKg3vIsdw9dSuXpPCQ297y6wBjL30edxwPgt2E44WcWBZey/ZvUc6sERLTxKdyCu4gZFmUbk1Q7A=="; + }; + }; + "extend-3.0.2" = { + name = "extend"; + packageName = "extend"; + version = "3.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz"; + sha512 = "fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="; + }; + }; + "extend-shallow-2.0.1" = { + name = "extend-shallow"; + packageName = "extend-shallow"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz"; + sha1 = "51af7d614ad9a9f610ea1bafbb989d6b1c56890f"; + }; + }; + "extend-shallow-3.0.2" = { + name = "extend-shallow"; + packageName = "extend-shallow"; + version = "3.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz"; + sha1 = "26a71aaf073b39fb2127172746131c2704028db8"; + }; + }; + "external-editor-3.1.0" = { + name = "external-editor"; + packageName = "external-editor"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz"; + sha512 = "hMQ4CX1p1izmuLYyZqLMO/qGNw10wSv9QDCPfzXfyFrOaCSSoRfqE1Kf1s5an66J5JZC62NewG+mK49jOCtQew=="; + }; + }; + "extglob-0.3.2" = { + name = "extglob"; + packageName = "extglob"; + version = "0.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/extglob/-/extglob-0.3.2.tgz"; + sha1 = "2e18ff3d2f49ab2765cec9023f011daa8d8349a1"; + }; + }; + "extglob-2.0.4" = { + name = "extglob"; + packageName = "extglob"; + version = "2.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/extglob/-/extglob-2.0.4.tgz"; + sha512 = "Nmb6QXkELsuBr24CJSkilo6UHHgbekK5UiZgfE6UHD3Eb27YC6oD+bhcT+tJ6cl8dmsgdQxnWlcry8ksBIBLpw=="; + }; + }; + "extsprintf-1.3.0" = { + name = "extsprintf"; + packageName = "extsprintf"; + version = "1.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz"; + sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05"; + }; + }; + "fancy-log-1.3.3" = { + name = "fancy-log"; + packageName = "fancy-log"; + version = "1.3.3"; + src = fetchurl { + url = "https://registry.npmjs.org/fancy-log/-/fancy-log-1.3.3.tgz"; + sha512 = "k9oEhlyc0FrVh25qYuSELjr8oxsCoc4/LEZfg2iJJrfEk/tZL9bCoJE47gqAvI2m/AUjluCS4+3I0eTx8n3AEw=="; + }; + }; + "fast-deep-equal-3.1.3" = { + name = "fast-deep-equal"; + packageName = "fast-deep-equal"; + version = "3.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz"; + sha512 = "f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="; + }; + }; + "fast-json-stable-stringify-2.1.0" = { + name = "fast-json-stable-stringify"; + packageName = "fast-json-stable-stringify"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz"; + sha512 = "lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw=="; + }; + }; + "fast-levenshtein-1.1.4" = { + name = "fast-levenshtein"; + packageName = "fast-levenshtein"; + version = "1.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-1.1.4.tgz"; + sha1 = "e6a754cc8f15e58987aa9cbd27af66fd6f4e5af9"; + }; + }; + "fast-levenshtein-2.0.6" = { + name = "fast-levenshtein"; + packageName = "fast-levenshtein"; + version = "2.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz"; + sha1 = "3d8a5c66883a16a30ca8643e851f19baa7797917"; + }; + }; + "fd-slicer-1.1.0" = { + name = "fd-slicer"; + packageName = "fd-slicer"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz"; + sha1 = "25c7c89cb1f9077f8891bbe61d8f390eae256f1e"; + }; + }; + "figures-3.2.0" = { + name = "figures"; + packageName = "figures"; + version = "3.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz"; + sha512 = "yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg=="; + }; + }; + "file-entry-cache-5.0.1" = { + name = "file-entry-cache"; + packageName = "file-entry-cache"; + version = "5.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-5.0.1.tgz"; + sha512 = "bCg29ictuBaKUwwArK4ouCaqDgLZcysCFLmM/Yn/FDoqndh/9vNuQfXRDvTuXKLxfD/JtZQGKFT8MGcJBK644g=="; + }; + }; + "file-exists-2.0.0" = { + name = "file-exists"; + packageName = "file-exists"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/file-exists/-/file-exists-2.0.0.tgz"; + sha1 = "a24150665150e62d55bc5449281d88d2b0810dca"; + }; + }; + "file-type-3.9.0" = { + name = "file-type"; + packageName = "file-type"; + version = "3.9.0"; + src = fetchurl { + url = "https://registry.npmjs.org/file-type/-/file-type-3.9.0.tgz"; + sha1 = "257a078384d1db8087bc449d107d52a52672b9e9"; + }; + }; + "file-type-5.2.0" = { + name = "file-type"; + packageName = "file-type"; + version = "5.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/file-type/-/file-type-5.2.0.tgz"; + sha1 = "2ddbea7c73ffe36368dfae49dc338c058c2b8ad6"; + }; + }; + "file-type-6.2.0" = { + name = "file-type"; + packageName = "file-type"; + version = "6.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/file-type/-/file-type-6.2.0.tgz"; + sha512 = "YPcTBDV+2Tm0VqjybVd32MHdlEGAtuxS3VAYsumFokDSMG+ROT5wawGlnHDoz7bfMcMDt9hxuXvXwoKUx2fkOg=="; + }; + }; + "file-uri-to-path-1.0.0" = { + name = "file-uri-to-path"; + packageName = "file-uri-to-path"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz"; + sha512 = "0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw=="; + }; + }; + "filename-regex-2.0.1" = { + name = "filename-regex"; + packageName = "filename-regex"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/filename-regex/-/filename-regex-2.0.1.tgz"; + sha1 = "c1c4b9bee3e09725ddb106b75c1e301fe2f18b26"; + }; + }; + "filename-reserved-regex-2.0.0" = { + name = "filename-reserved-regex"; + packageName = "filename-reserved-regex"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/filename-reserved-regex/-/filename-reserved-regex-2.0.0.tgz"; + sha1 = "abf73dfab735d045440abfea2d91f389ebbfa229"; + }; + }; + "filenamify-2.1.0" = { + name = "filenamify"; + packageName = "filenamify"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/filenamify/-/filenamify-2.1.0.tgz"; + sha512 = "ICw7NTT6RsDp2rnYKVd8Fu4cr6ITzGy3+u4vUujPkabyaz+03F24NWEX7fs5fp+kBonlaqPH8fAO2NM+SXt/JA=="; + }; + }; + "fill-range-2.2.4" = { + name = "fill-range"; + packageName = "fill-range"; + version = "2.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/fill-range/-/fill-range-2.2.4.tgz"; + sha512 = "cnrcCbj01+j2gTG921VZPnHbjmdAf8oQV/iGeV2kZxGSyfYjjTyY79ErsK1WJWMpw6DaApEX72binqJE+/d+5Q=="; + }; + }; + "fill-range-4.0.0" = { + name = "fill-range"; + packageName = "fill-range"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz"; + sha1 = "d544811d428f98eb06a63dc402d2403c328c38f7"; + }; + }; + "fill-range-7.0.1" = { + name = "fill-range"; + packageName = "fill-range"; + version = "7.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz"; + sha512 = "qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ=="; + }; + }; + "find-up-1.1.2" = { + name = "find-up"; + packageName = "find-up"; + version = "1.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz"; + sha1 = "6b2e9822b1a2ce0a60ab64d610eccad53cb24d0f"; + }; + }; + "find-up-5.0.0" = { + name = "find-up"; + packageName = "find-up"; + version = "5.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz"; + sha512 = "78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng=="; + }; + }; + "findup-sync-2.0.0" = { + name = "findup-sync"; + packageName = "findup-sync"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/findup-sync/-/findup-sync-2.0.0.tgz"; + sha1 = "9326b1488c22d1a6088650a86901b2d9a90a2cbc"; + }; + }; + "findup-sync-3.0.0" = { + name = "findup-sync"; + packageName = "findup-sync"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/findup-sync/-/findup-sync-3.0.0.tgz"; + sha512 = "YbffarhcicEhOrm4CtrwdKBdCuz576RLdhJDsIfvNtxUuhdRet1qZcsMjqbePtAseKdAnDyM/IyXbu7PRPRLYg=="; + }; + }; + "fined-1.2.0" = { + name = "fined"; + packageName = "fined"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fined/-/fined-1.2.0.tgz"; + sha512 = "ZYDqPLGxDkDhDZBjZBb+oD1+j0rA4E0pXY50eplAAOPg2N/gUBSSk5IM1/QhPfyVo19lJ+CvXpqfvk+b2p/8Ng=="; + }; + }; + "first-chunk-stream-1.0.0" = { + name = "first-chunk-stream"; + packageName = "first-chunk-stream"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-1.0.0.tgz"; + sha1 = "59bfb50cd905f60d7c394cd3d9acaab4e6ad934e"; + }; + }; + "flagged-respawn-1.0.1" = { + name = "flagged-respawn"; + packageName = "flagged-respawn"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/flagged-respawn/-/flagged-respawn-1.0.1.tgz"; + sha512 = "lNaHNVymajmk0OJMBn8fVUAU1BtDeKIqKoVhk4xAALB57aALg6b4W0MfJ/cUE0g9YBXy5XhSlPIpYIJ7HaY/3Q=="; + }; + }; + "flat-5.0.2" = { + name = "flat"; + packageName = "flat"; + version = "5.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz"; + sha512 = "b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ=="; + }; + }; + "flat-cache-2.0.1" = { + name = "flat-cache"; + packageName = "flat-cache"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/flat-cache/-/flat-cache-2.0.1.tgz"; + sha512 = "LoQe6yDuUMDzQAEH8sgmh4Md6oZnc/7PjtwjNFSzveXqSHt6ka9fPBuso7IGf9Rz4uqnSnWiFH2B/zj24a5ReA=="; + }; + }; + "flatted-2.0.2" = { + name = "flatted"; + packageName = "flatted"; + version = "2.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/flatted/-/flatted-2.0.2.tgz"; + sha512 = "r5wGx7YeOwNWNlCA0wQ86zKyDLMQr+/RB8xy74M4hTphfmjlijTSSXGuH8rnvKZnfT9i+75zmd8jcKdMR4O6jA=="; + }; + }; + "flush-write-stream-1.1.1" = { + name = "flush-write-stream"; + packageName = "flush-write-stream"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/flush-write-stream/-/flush-write-stream-1.1.1.tgz"; + sha512 = "3Z4XhFZ3992uIq0XOqb9AreonueSYphE6oYbpt5+3u06JWklbsPkNv3ZKkP9Bz/r+1MWCaMoSQ28P85+1Yc77w=="; + }; + }; + "for-in-1.0.2" = { + name = "for-in"; + packageName = "for-in"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz"; + sha1 = "81068d295a8142ec0ac726c6e2200c30fb6d5e80"; + }; + }; + "for-own-0.1.5" = { + name = "for-own"; + packageName = "for-own"; + version = "0.1.5"; + src = fetchurl { + url = "https://registry.npmjs.org/for-own/-/for-own-0.1.5.tgz"; + sha1 = "5265c681a4f294dabbf17c9509b6763aa84510ce"; + }; + }; + "for-own-1.0.0" = { + name = "for-own"; + packageName = "for-own"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/for-own/-/for-own-1.0.0.tgz"; + sha1 = "c63332f415cedc4b04dbfe70cf836494c53cb44b"; + }; + }; + "forever-agent-0.6.1" = { + name = "forever-agent"; + packageName = "forever-agent"; + version = "0.6.1"; + src = fetchurl { + url = "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz"; + sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"; + }; + }; + "form-data-2.3.3" = { + name = "form-data"; + packageName = "form-data"; + version = "2.3.3"; + src = fetchurl { + url = "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz"; + sha512 = "1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ=="; + }; + }; + "fragment-cache-0.2.1" = { + name = "fragment-cache"; + packageName = "fragment-cache"; + version = "0.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/fragment-cache/-/fragment-cache-0.2.1.tgz"; + sha1 = "4290fad27f13e89be7f33799c6bc5a0abfff0d19"; + }; + }; + "fs-constants-1.0.0" = { + name = "fs-constants"; + packageName = "fs-constants"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz"; + sha512 = "y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="; + }; + }; + "fs-extra-7.0.1" = { + name = "fs-extra"; + packageName = "fs-extra"; + version = "7.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/fs-extra/-/fs-extra-7.0.1.tgz"; + sha512 = "YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw=="; + }; + }; + "fs-jetpack-4.1.1" = { + name = "fs-jetpack"; + packageName = "fs-jetpack"; + version = "4.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/fs-jetpack/-/fs-jetpack-4.1.1.tgz"; + sha512 = "BSZ+f6VjrMInpA6neNnUhQNFPPdf3M+I8v8M9dBRrbmExd8GNRbTJIq1tjNh86FQ4a+EoMtPcp1oemwY5ghGBw=="; + }; + }; + "fs-mkdirp-stream-1.0.0" = { + name = "fs-mkdirp-stream"; + packageName = "fs-mkdirp-stream"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fs-mkdirp-stream/-/fs-mkdirp-stream-1.0.0.tgz"; + sha1 = "0b7815fc3201c6a69e14db98ce098c16935259eb"; + }; + }; + "fs.realpath-1.0.0" = { + name = "fs.realpath"; + packageName = "fs.realpath"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz"; + sha1 = "1504ad2523158caa40db4a2787cb01411994ea4f"; + }; + }; + "fsevents-1.2.13" = { + name = "fsevents"; + packageName = "fsevents"; + version = "1.2.13"; + src = fetchurl { + url = "https://registry.npmjs.org/fsevents/-/fsevents-1.2.13.tgz"; + sha512 = "oWb1Z6mkHIskLzEJ/XWX0srkpkTQ7vaopMQkyaEIoq0fmtFVxOthb8cCxeT+p3ynTdkk/RZwbgG4brR5BeWECw=="; + }; + }; + "fsevents-2.3.2" = { + name = "fsevents"; + packageName = "fsevents"; + version = "2.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz"; + sha512 = "xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA=="; + }; + }; + "function-bind-1.1.1" = { + name = "function-bind"; + packageName = "function-bind"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz"; + sha512 = "yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A=="; + }; + }; + "functional-red-black-tree-1.0.1" = { + name = "functional-red-black-tree"; + packageName = "functional-red-black-tree"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz"; + sha1 = "1b0ab3bd553b2a0d6399d29c0e3ea0b252078327"; + }; + }; + "get-caller-file-1.0.3" = { + name = "get-caller-file"; + packageName = "get-caller-file"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/get-caller-file/-/get-caller-file-1.0.3.tgz"; + sha512 = "3t6rVToeoZfYSGd8YoLFR2DJkiQrIiUrGcjvFX2mDw3bn6k2OtwHN0TNCLbBO+w8qTvimhDkv+LSscbJY1vE6w=="; + }; + }; + "get-caller-file-2.0.5" = { + name = "get-caller-file"; + packageName = "get-caller-file"; + version = "2.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz"; + sha512 = "DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg=="; + }; + }; + "get-func-name-2.0.0" = { + name = "get-func-name"; + packageName = "get-func-name"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz"; + sha1 = "ead774abee72e20409433a066366023dd6887a41"; + }; + }; + "get-intrinsic-1.1.1" = { + name = "get-intrinsic"; + packageName = "get-intrinsic"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.1.tgz"; + sha512 = "kWZrnVM42QCiEA2Ig1bG8zjoIMOgxWwYCEeNdwY6Tv/cOSeGpcoX4pXHfKUxNKVoArnrEr2e9srnAxxGIraS9Q=="; + }; + }; + "get-proxy-2.1.0" = { + name = "get-proxy"; + packageName = "get-proxy"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/get-proxy/-/get-proxy-2.1.0.tgz"; + sha512 = "zmZIaQTWnNQb4R4fJUEp/FC51eZsc6EkErspy3xtIYStaq8EB/hDIWipxsal+E8rz0qD7f2sL/NA9Xee4RInJw=="; + }; + }; + "get-stdin-4.0.1" = { + name = "get-stdin"; + packageName = "get-stdin"; + version = "4.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz"; + sha1 = "b968c6b0a04384324902e8bf1a5df32579a450fe"; + }; + }; + "get-stream-2.3.1" = { + name = "get-stream"; + packageName = "get-stream"; + version = "2.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/get-stream/-/get-stream-2.3.1.tgz"; + sha1 = "5f38f93f346009666ee0150a054167f91bdd95de"; + }; + }; + "get-stream-3.0.0" = { + name = "get-stream"; + packageName = "get-stream"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz"; + sha1 = "8e943d1358dc37555054ecbe2edb05aa174ede14"; + }; + }; + "get-value-2.0.6" = { + name = "get-value"; + packageName = "get-value"; + version = "2.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/get-value/-/get-value-2.0.6.tgz"; + sha1 = "dc15ca1c672387ca76bd37ac0a395ba2042a2c28"; + }; + }; + "getpass-0.1.7" = { + name = "getpass"; + packageName = "getpass"; + version = "0.1.7"; + src = fetchurl { + url = "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz"; + sha1 = "5eff8e3e684d569ae4cb2b1282604e8ba62149fa"; + }; + }; + "glob-5.0.15" = { + name = "glob"; + packageName = "glob"; + version = "5.0.15"; + src = fetchurl { + url = "https://registry.npmjs.org/glob/-/glob-5.0.15.tgz"; + sha1 = "1bc936b9e02f4a603fcc222ecf7633d30b8b93b1"; + }; + }; + "glob-7.1.6" = { + name = "glob"; + packageName = "glob"; + version = "7.1.6"; + src = fetchurl { + url = "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz"; + sha512 = "LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA=="; + }; + }; + "glob-7.1.7" = { + name = "glob"; + packageName = "glob"; + version = "7.1.7"; + src = fetchurl { + url = "https://registry.npmjs.org/glob/-/glob-7.1.7.tgz"; + sha512 = "OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ=="; + }; + }; + "glob-base-0.3.0" = { + name = "glob-base"; + packageName = "glob-base"; + version = "0.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/glob-base/-/glob-base-0.3.0.tgz"; + sha1 = "dbb164f6221b1c0b1ccf82aea328b497df0ea3c4"; + }; + }; + "glob-parent-2.0.0" = { + name = "glob-parent"; + packageName = "glob-parent"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz"; + sha1 = "81383d72db054fcccf5336daa902f182f6edbb28"; + }; + }; + "glob-parent-3.1.0" = { + name = "glob-parent"; + packageName = "glob-parent"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz"; + sha1 = "9e6af6299d8d3bd2bd40430832bd113df906c5ae"; + }; + }; + "glob-parent-5.1.2" = { + name = "glob-parent"; + packageName = "glob-parent"; + version = "5.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz"; + sha512 = "AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="; + }; + }; + "glob-stream-5.3.5" = { + name = "glob-stream"; + packageName = "glob-stream"; + version = "5.3.5"; + src = fetchurl { + url = "https://registry.npmjs.org/glob-stream/-/glob-stream-5.3.5.tgz"; + sha1 = "a55665a9a8ccdc41915a87c701e32d4e016fad22"; + }; + }; + "glob-stream-6.1.0" = { + name = "glob-stream"; + packageName = "glob-stream"; + version = "6.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/glob-stream/-/glob-stream-6.1.0.tgz"; + sha1 = "7045c99413b3eb94888d83ab46d0b404cc7bdde4"; + }; + }; + "glob-watcher-5.0.5" = { + name = "glob-watcher"; + packageName = "glob-watcher"; + version = "5.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/glob-watcher/-/glob-watcher-5.0.5.tgz"; + sha512 = "zOZgGGEHPklZNjZQaZ9f41i7F2YwE+tS5ZHrDhbBCk3stwahn5vQxnFmBJZHoYdusR6R1bLSXeGUy/BhctwKzw=="; + }; + }; + "global-modules-1.0.0" = { + name = "global-modules"; + packageName = "global-modules"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz"; + sha512 = "sKzpEkf11GpOFuw0Zzjzmt4B4UZwjOcG757PPvrfhxcLFbq0wpsgpOqxpxtxFiCG4DtG93M6XRVbF2oGdev7bg=="; + }; + }; + "global-prefix-1.0.2" = { + name = "global-prefix"; + packageName = "global-prefix"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz"; + sha1 = "dbf743c6c14992593c655568cb66ed32c0122ebe"; + }; + }; + "globals-12.4.0" = { + name = "globals"; + packageName = "globals"; + version = "12.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/globals/-/globals-12.4.0.tgz"; + sha512 = "BWICuzzDvDoH54NHKCseDanAhE3CeDorgDL5MT6LMXXj2WCnd9UC2szdk4AWLfjdgNBCXLUanXYcpBBKOSWGwg=="; + }; + }; + "glogg-1.0.2" = { + name = "glogg"; + packageName = "glogg"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/glogg/-/glogg-1.0.2.tgz"; + sha512 = "5mwUoSuBk44Y4EshyiqcH95ZntbDdTQqA3QYSrxmzj28Ai0vXBGMH1ApSANH14j2sIRtqCEyg6PfsuP7ElOEDA=="; + }; + }; + "got-6.7.1" = { + name = "got"; + packageName = "got"; + version = "6.7.1"; + src = fetchurl { + url = "https://registry.npmjs.org/got/-/got-6.7.1.tgz"; + sha1 = "240cd05785a9a18e561dc1b44b41c763ef1e8db0"; + }; + }; + "graceful-fs-4.2.8" = { + name = "graceful-fs"; + packageName = "graceful-fs"; + version = "4.2.8"; + src = fetchurl { + url = "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.8.tgz"; + sha512 = "qkIilPUYcNhJpd33n0GBXTB1MMPp14TxEsEs0pTrsSVucApsYzW5V+Q8Qxhik6KU3evy+qkAAowTByymK0avdg=="; + }; + }; + "growl-1.10.5" = { + name = "growl"; + packageName = "growl"; + version = "1.10.5"; + src = fetchurl { + url = "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz"; + sha512 = "qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA=="; + }; + }; + "gulp-4.0.2" = { + name = "gulp"; + packageName = "gulp"; + version = "4.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/gulp/-/gulp-4.0.2.tgz"; + sha512 = "dvEs27SCZt2ibF29xYgmnwwCYZxdxhQ/+LFWlbAW8y7jt68L/65402Lz3+CKy0Ov4rOs+NERmDq7YlZaDqUIfA=="; + }; + }; + "gulp-cli-2.3.0" = { + name = "gulp-cli"; + packageName = "gulp-cli"; + version = "2.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/gulp-cli/-/gulp-cli-2.3.0.tgz"; + sha512 = "zzGBl5fHo0EKSXsHzjspp3y5CONegCm8ErO5Qh0UzFzk2y4tMvzLWhoDokADbarfZRL2pGpRp7yt6gfJX4ph7A=="; + }; + }; + "gulp-sourcemaps-1.6.0" = { + name = "gulp-sourcemaps"; + packageName = "gulp-sourcemaps"; + version = "1.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/gulp-sourcemaps/-/gulp-sourcemaps-1.6.0.tgz"; + sha1 = "b86ff349d801ceb56e1d9e7dc7bbcb4b7dee600c"; + }; + }; + "gulp-sourcemaps-2.6.5" = { + name = "gulp-sourcemaps"; + packageName = "gulp-sourcemaps"; + version = "2.6.5"; + src = fetchurl { + url = "https://registry.npmjs.org/gulp-sourcemaps/-/gulp-sourcemaps-2.6.5.tgz"; + sha512 = "SYLBRzPTew8T5Suh2U8jCSDKY+4NARua4aqjj8HOysBh2tSgT9u4jc1FYirAdPx1akUxxDeK++fqw6Jg0LkQRg=="; + }; + }; + "gulplog-1.0.0" = { + name = "gulplog"; + packageName = "gulplog"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/gulplog/-/gulplog-1.0.0.tgz"; + sha1 = "e28c4d45d05ecbbed818363ce8f9c5926229ffe5"; + }; + }; + "har-schema-2.0.0" = { + name = "har-schema"; + packageName = "har-schema"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz"; + sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92"; + }; + }; + "har-validator-5.1.5" = { + name = "har-validator"; + packageName = "har-validator"; + version = "5.1.5"; + src = fetchurl { + url = "https://registry.npmjs.org/har-validator/-/har-validator-5.1.5.tgz"; + sha512 = "nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w=="; + }; + }; + "has-1.0.3" = { + name = "has"; + packageName = "has"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/has/-/has-1.0.3.tgz"; + sha512 = "f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw=="; + }; + }; + "has-ansi-2.0.0" = { + name = "has-ansi"; + packageName = "has-ansi"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz"; + sha1 = "34f5049ce1ecdf2b0649af3ef24e45ed35416d91"; + }; + }; + "has-flag-3.0.0" = { + name = "has-flag"; + packageName = "has-flag"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz"; + sha1 = "b5d454dc2199ae225699f3467e5a07f3b955bafd"; + }; + }; + "has-flag-4.0.0" = { + name = "has-flag"; + packageName = "has-flag"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz"; + sha512 = "EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="; + }; + }; + "has-symbol-support-x-1.4.2" = { + name = "has-symbol-support-x"; + packageName = "has-symbol-support-x"; + version = "1.4.2"; + src = fetchurl { + url = "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz"; + sha512 = "3ToOva++HaW+eCpgqZrCfN51IPB+7bJNVT6CUATzueB5Heb8o6Nam0V3HG5dlDvZU1Gn5QLcbahiKw/XVk5JJw=="; + }; + }; + "has-symbols-1.0.2" = { + name = "has-symbols"; + packageName = "has-symbols"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.2.tgz"; + sha512 = "chXa79rL/UC2KlX17jo3vRGz0azaWEx5tGqZg5pO3NUyEJVB17dMruQlzCCOfUvElghKcm5194+BCRvi2Rv/Gw=="; + }; + }; + "has-to-string-tag-x-1.4.1" = { + name = "has-to-string-tag-x"; + packageName = "has-to-string-tag-x"; + version = "1.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/has-to-string-tag-x/-/has-to-string-tag-x-1.4.1.tgz"; + sha512 = "vdbKfmw+3LoOYVr+mtxHaX5a96+0f3DljYd8JOqvOLsf5mw2Otda2qCDT9qRqLAhrjyQ0h7ual5nOiASpsGNFw=="; + }; + }; + "has-value-0.3.1" = { + name = "has-value"; + packageName = "has-value"; + version = "0.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/has-value/-/has-value-0.3.1.tgz"; + sha1 = "7b1f58bada62ca827ec0a2078025654845995e1f"; + }; + }; + "has-value-1.0.0" = { + name = "has-value"; + packageName = "has-value"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/has-value/-/has-value-1.0.0.tgz"; + sha1 = "18b281da585b1c5c51def24c930ed29a0be6b177"; + }; + }; + "has-values-0.1.4" = { + name = "has-values"; + packageName = "has-values"; + version = "0.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/has-values/-/has-values-0.1.4.tgz"; + sha1 = "6d61de95d91dfca9b9a02089ad384bff8f62b771"; + }; + }; + "has-values-1.0.0" = { + name = "has-values"; + packageName = "has-values"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/has-values/-/has-values-1.0.0.tgz"; + sha1 = "95b0b63fec2146619a6fe57fe75628d5a39efe4f"; + }; + }; + "he-1.2.0" = { + name = "he"; + packageName = "he"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/he/-/he-1.2.0.tgz"; + sha512 = "F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw=="; + }; + }; + "homedir-polyfill-1.0.3" = { + name = "homedir-polyfill"; + packageName = "homedir-polyfill"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz"; + sha512 = "eSmmWE5bZTK2Nou4g0AI3zZ9rswp7GRKoKXS1BLUkvPviOqs4YTN1djQIqrXy9k5gEtdLPy86JjRwsNM9tnDcA=="; + }; + }; + "hosted-git-info-2.8.9" = { + name = "hosted-git-info"; + packageName = "hosted-git-info"; + version = "2.8.9"; + src = fetchurl { + url = "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz"; + sha512 = "mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw=="; + }; + }; + "http-signature-1.2.0" = { + name = "http-signature"; + packageName = "http-signature"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz"; + sha1 = "9aecd925114772f3d95b65a60abb8f7c18fbace1"; + }; + }; + "iconv-lite-0.4.24" = { + name = "iconv-lite"; + packageName = "iconv-lite"; + version = "0.4.24"; + src = fetchurl { + url = "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz"; + sha512 = "v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA=="; + }; + }; + "ieee754-1.2.1" = { + name = "ieee754"; + packageName = "ieee754"; + version = "1.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz"; + sha512 = "dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA=="; + }; + }; + "ignore-4.0.6" = { + name = "ignore"; + packageName = "ignore"; + version = "4.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz"; + sha512 = "cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg=="; + }; + }; + "immediate-3.0.6" = { + name = "immediate"; + packageName = "immediate"; + version = "3.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz"; + sha1 = "9db1dbd0faf8de6fbe0f5dd5e56bb606280de69b"; + }; + }; + "import-fresh-3.3.0" = { + name = "import-fresh"; + packageName = "import-fresh"; + version = "3.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz"; + sha512 = "veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw=="; + }; + }; + "imurmurhash-0.1.4" = { + name = "imurmurhash"; + packageName = "imurmurhash"; + version = "0.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz"; + sha1 = "9218b9b2b928a238b13dc4fb6b6d576f231453ea"; + }; + }; + "inflight-1.0.6" = { + name = "inflight"; + packageName = "inflight"; + version = "1.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz"; + sha1 = "49bd6331d7d02d0c09bc910a1075ba8165b56df9"; + }; + }; + "inherits-2.0.4" = { + name = "inherits"; + packageName = "inherits"; + version = "2.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz"; + sha512 = "k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="; + }; + }; + "ini-1.3.8" = { + name = "ini"; + packageName = "ini"; + version = "1.3.8"; + src = fetchurl { + url = "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz"; + sha512 = "JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew=="; + }; + }; + "inquirer-7.3.3" = { + name = "inquirer"; + packageName = "inquirer"; + version = "7.3.3"; + src = fetchurl { + url = "https://registry.npmjs.org/inquirer/-/inquirer-7.3.3.tgz"; + sha512 = "JG3eIAj5V9CwcGvuOmoo6LB9kbAYT8HXffUl6memuszlwDC/qvFAJw49XJ5NROSFNPxp3iQg1GqkFhaY/CR0IA=="; + }; + }; + "interpret-1.4.0" = { + name = "interpret"; + packageName = "interpret"; + version = "1.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/interpret/-/interpret-1.4.0.tgz"; + sha512 = "agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA=="; + }; + }; + "invert-kv-1.0.0" = { + name = "invert-kv"; + packageName = "invert-kv"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/invert-kv/-/invert-kv-1.0.0.tgz"; + sha1 = "104a8e4aaca6d3d8cd157a8ef8bfab2d7a3ffdb6"; + }; + }; + "is-absolute-0.1.7" = { + name = "is-absolute"; + packageName = "is-absolute"; + version = "0.1.7"; + src = fetchurl { + url = "https://registry.npmjs.org/is-absolute/-/is-absolute-0.1.7.tgz"; + sha1 = "847491119fccb5fb436217cc737f7faad50f603f"; + }; + }; + "is-absolute-1.0.0" = { + name = "is-absolute"; + packageName = "is-absolute"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-absolute/-/is-absolute-1.0.0.tgz"; + sha512 = "dOWoqflvcydARa360Gvv18DZ/gRuHKi2NU/wU5X1ZFzdYfH29nkiNZsF3mp4OJ3H4yo9Mx8A/uAGNzpzPN3yBA=="; + }; + }; + "is-accessor-descriptor-0.1.6" = { + name = "is-accessor-descriptor"; + packageName = "is-accessor-descriptor"; + version = "0.1.6"; + src = fetchurl { + url = "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz"; + sha1 = "a9e12cb3ae8d876727eeef3843f8a0897b5c98d6"; + }; + }; + "is-accessor-descriptor-1.0.0" = { + name = "is-accessor-descriptor"; + packageName = "is-accessor-descriptor"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz"; + sha512 = "m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ=="; + }; + }; + "is-arrayish-0.2.1" = { + name = "is-arrayish"; + packageName = "is-arrayish"; + version = "0.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz"; + sha1 = "77c99840527aa8ecb1a8ba697b80645a7a926a9d"; + }; + }; + "is-binary-path-1.0.1" = { + name = "is-binary-path"; + packageName = "is-binary-path"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-binary-path/-/is-binary-path-1.0.1.tgz"; + sha1 = "75f16642b480f187a711c814161fd3a4a7655898"; + }; + }; + "is-binary-path-2.1.0" = { + name = "is-binary-path"; + packageName = "is-binary-path"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz"; + sha512 = "ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw=="; + }; + }; + "is-buffer-1.1.6" = { + name = "is-buffer"; + packageName = "is-buffer"; + version = "1.1.6"; + src = fetchurl { + url = "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz"; + sha512 = "NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w=="; + }; + }; + "is-bzip2-1.0.0" = { + name = "is-bzip2"; + packageName = "is-bzip2"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-bzip2/-/is-bzip2-1.0.0.tgz"; + sha1 = "5ee58eaa5a2e9c80e21407bedf23ae5ac091b3fc"; + }; + }; + "is-core-module-2.6.0" = { + name = "is-core-module"; + packageName = "is-core-module"; + version = "2.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-core-module/-/is-core-module-2.6.0.tgz"; + sha512 = "wShG8vs60jKfPWpF2KZRaAtvt3a20OAn7+IJ6hLPECpSABLcKtFKTTI4ZtH5QcBruBHlq+WsdHWyz0BCZW7svQ=="; + }; + }; + "is-data-descriptor-0.1.4" = { + name = "is-data-descriptor"; + packageName = "is-data-descriptor"; + version = "0.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz"; + sha1 = "0b5ee648388e2c860282e793f1856fec3f301b56"; + }; + }; + "is-data-descriptor-1.0.0" = { + name = "is-data-descriptor"; + packageName = "is-data-descriptor"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz"; + sha512 = "jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ=="; + }; + }; + "is-descriptor-0.1.6" = { + name = "is-descriptor"; + packageName = "is-descriptor"; + version = "0.1.6"; + src = fetchurl { + url = "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz"; + sha512 = "avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg=="; + }; + }; + "is-descriptor-1.0.2" = { + name = "is-descriptor"; + packageName = "is-descriptor"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.2.tgz"; + sha512 = "2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg=="; + }; + }; + "is-dotfile-1.0.3" = { + name = "is-dotfile"; + packageName = "is-dotfile"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/is-dotfile/-/is-dotfile-1.0.3.tgz"; + sha1 = "a6a2f32ffd2dfb04f5ca25ecd0f6b83cf798a1e1"; + }; + }; + "is-equal-shallow-0.1.3" = { + name = "is-equal-shallow"; + packageName = "is-equal-shallow"; + version = "0.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/is-equal-shallow/-/is-equal-shallow-0.1.3.tgz"; + sha1 = "2238098fc221de0bcfa5d9eac4c45d638aa1c534"; + }; + }; + "is-extendable-0.1.1" = { + name = "is-extendable"; + packageName = "is-extendable"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz"; + sha1 = "62b110e289a471418e3ec36a617d472e301dfc89"; + }; + }; + "is-extendable-1.0.1" = { + name = "is-extendable"; + packageName = "is-extendable"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz"; + sha512 = "arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA=="; + }; + }; + "is-extglob-1.0.0" = { + name = "is-extglob"; + packageName = "is-extglob"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-extglob/-/is-extglob-1.0.0.tgz"; + sha1 = "ac468177c4943405a092fc8f29760c6ffc6206c0"; + }; + }; + "is-extglob-2.1.1" = { + name = "is-extglob"; + packageName = "is-extglob"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz"; + sha1 = "a88c02535791f02ed37c76a1b9ea9773c833f8c2"; + }; + }; + "is-fullwidth-code-point-1.0.0" = { + name = "is-fullwidth-code-point"; + packageName = "is-fullwidth-code-point"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz"; + sha1 = "ef9e31386f031a7f0d643af82fde50c457ef00cb"; + }; + }; + "is-fullwidth-code-point-2.0.0" = { + name = "is-fullwidth-code-point"; + packageName = "is-fullwidth-code-point"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz"; + sha1 = "a3b30a5c4f199183167aaab93beefae3ddfb654f"; + }; + }; + "is-fullwidth-code-point-3.0.0" = { + name = "is-fullwidth-code-point"; + packageName = "is-fullwidth-code-point"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz"; + sha512 = "zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="; + }; + }; + "is-glob-2.0.1" = { + name = "is-glob"; + packageName = "is-glob"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-glob/-/is-glob-2.0.1.tgz"; + sha1 = "d096f926a3ded5600f3fdfd91198cb0888c2d863"; + }; + }; + "is-glob-3.1.0" = { + name = "is-glob"; + packageName = "is-glob"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz"; + sha1 = "7ba5ae24217804ac70707b96922567486cc3e84a"; + }; + }; + "is-glob-4.0.1" = { + name = "is-glob"; + packageName = "is-glob"; + version = "4.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz"; + sha512 = "5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg=="; + }; + }; + "is-gzip-1.0.0" = { + name = "is-gzip"; + packageName = "is-gzip"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-gzip/-/is-gzip-1.0.0.tgz"; + sha1 = "6ca8b07b99c77998025900e555ced8ed80879a83"; + }; + }; + "is-natural-number-2.1.1" = { + name = "is-natural-number"; + packageName = "is-natural-number"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-natural-number/-/is-natural-number-2.1.1.tgz"; + sha1 = "7d4c5728377ef386c3e194a9911bf57c6dc335e7"; + }; + }; + "is-natural-number-4.0.1" = { + name = "is-natural-number"; + packageName = "is-natural-number"; + version = "4.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-natural-number/-/is-natural-number-4.0.1.tgz"; + sha1 = "ab9d76e1db4ced51e35de0c72ebecf09f734cde8"; + }; + }; + "is-negated-glob-1.0.0" = { + name = "is-negated-glob"; + packageName = "is-negated-glob"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-negated-glob/-/is-negated-glob-1.0.0.tgz"; + sha1 = "6910bca5da8c95e784b5751b976cf5a10fee36d2"; + }; + }; + "is-number-2.1.0" = { + name = "is-number"; + packageName = "is-number"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-number/-/is-number-2.1.0.tgz"; + sha1 = "01fcbbb393463a548f2f466cce16dece49db908f"; + }; + }; + "is-number-3.0.0" = { + name = "is-number"; + packageName = "is-number"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz"; + sha1 = "24fd6201a4782cf50561c810276afc7d12d71195"; + }; + }; + "is-number-4.0.0" = { + name = "is-number"; + packageName = "is-number"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-number/-/is-number-4.0.0.tgz"; + sha512 = "rSklcAIlf1OmFdyAqbnWTLVelsQ58uvZ66S/ZyawjWqIviTWCjg2PzVGw8WUA+nNuPTqb4wgA+NszrJ+08LlgQ=="; + }; + }; + "is-number-7.0.0" = { + name = "is-number"; + packageName = "is-number"; + version = "7.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz"; + sha512 = "41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng=="; + }; + }; + "is-object-1.0.2" = { + name = "is-object"; + packageName = "is-object"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/is-object/-/is-object-1.0.2.tgz"; + sha512 = "2rRIahhZr2UWb45fIOuvZGpFtz0TyOZLf32KxBbSoUCeZR495zCKlWUKKUByk3geS2eAs7ZAABt0Y/Rx0GiQGA=="; + }; + }; + "is-plain-obj-2.1.0" = { + name = "is-plain-obj"; + packageName = "is-plain-obj"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz"; + sha512 = "YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA=="; + }; + }; + "is-plain-object-2.0.4" = { + name = "is-plain-object"; + packageName = "is-plain-object"; + version = "2.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz"; + sha512 = "h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og=="; + }; + }; + "is-plain-object-5.0.0" = { + name = "is-plain-object"; + packageName = "is-plain-object"; + version = "5.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz"; + sha512 = "VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q=="; + }; + }; + "is-posix-bracket-0.1.1" = { + name = "is-posix-bracket"; + packageName = "is-posix-bracket"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-posix-bracket/-/is-posix-bracket-0.1.1.tgz"; + sha1 = "3334dc79774368e92f016e6fbc0a88f5cd6e6bc4"; + }; + }; + "is-primitive-2.0.0" = { + name = "is-primitive"; + packageName = "is-primitive"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-primitive/-/is-primitive-2.0.0.tgz"; + sha1 = "207bab91638499c07b2adf240a41a87210034575"; + }; + }; + "is-promise-2.2.2" = { + name = "is-promise"; + packageName = "is-promise"; + version = "2.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz"; + sha512 = "+lP4/6lKUBfQjZ2pdxThZvLUAafmZb8OAxFb8XXtiQmS35INgr85hdOGoEs124ez1FCnZJt6jau/T+alh58QFQ=="; + }; + }; + "is-redirect-1.0.0" = { + name = "is-redirect"; + packageName = "is-redirect"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-redirect/-/is-redirect-1.0.0.tgz"; + sha1 = "1d03dded53bd8db0f30c26e4f95d36fc7c87dc24"; + }; + }; + "is-relative-0.1.3" = { + name = "is-relative"; + packageName = "is-relative"; + version = "0.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/is-relative/-/is-relative-0.1.3.tgz"; + sha1 = "905fee8ae86f45b3ec614bc3c15c869df0876e82"; + }; + }; + "is-relative-1.0.0" = { + name = "is-relative"; + packageName = "is-relative"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-relative/-/is-relative-1.0.0.tgz"; + sha512 = "Kw/ReK0iqwKeu0MITLFuj0jbPAmEiOsIwyIXvvbfa6QfmN9pkD1M+8pdk7Rl/dTKbH34/XBFMbgD4iMJhLQbGA=="; + }; + }; + "is-retry-allowed-1.2.0" = { + name = "is-retry-allowed"; + packageName = "is-retry-allowed"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.2.0.tgz"; + sha512 = "RUbUeKwvm3XG2VYamhJL1xFktgjvPzL0Hq8C+6yrWIswDy3BIXGqCxhxkc30N9jqK311gVU137K8Ei55/zVJRg=="; + }; + }; + "is-stream-1.1.0" = { + name = "is-stream"; + packageName = "is-stream"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz"; + sha1 = "12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44"; + }; + }; + "is-tar-1.0.0" = { + name = "is-tar"; + packageName = "is-tar"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-tar/-/is-tar-1.0.0.tgz"; + sha1 = "2f6b2e1792c1f5bb36519acaa9d65c0d26fe853d"; + }; + }; + "is-typedarray-1.0.0" = { + name = "is-typedarray"; + packageName = "is-typedarray"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz"; + sha1 = "e479c80858df0c1b11ddda6940f96011fcda4a9a"; + }; + }; + "is-unc-path-1.0.0" = { + name = "is-unc-path"; + packageName = "is-unc-path"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-unc-path/-/is-unc-path-1.0.0.tgz"; + sha512 = "mrGpVd0fs7WWLfVsStvgF6iEJnbjDFZh9/emhRDcGWTduTfNHd9CHeUwH3gYIjdbwo4On6hunkztwOaAw0yllQ=="; + }; + }; + "is-utf8-0.2.1" = { + name = "is-utf8"; + packageName = "is-utf8"; + version = "0.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz"; + sha1 = "4b0da1442104d1b336340e80797e865cf39f7d72"; + }; + }; + "is-valid-glob-0.3.0" = { + name = "is-valid-glob"; + packageName = "is-valid-glob"; + version = "0.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-valid-glob/-/is-valid-glob-0.3.0.tgz"; + sha1 = "d4b55c69f51886f9b65c70d6c2622d37e29f48fe"; + }; + }; + "is-valid-glob-1.0.0" = { + name = "is-valid-glob"; + packageName = "is-valid-glob"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-valid-glob/-/is-valid-glob-1.0.0.tgz"; + sha1 = "29bf3eff701be2d4d315dbacc39bc39fe8f601aa"; + }; + }; + "is-windows-1.0.2" = { + name = "is-windows"; + packageName = "is-windows"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz"; + sha512 = "eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA=="; + }; + }; + "is-zip-1.0.0" = { + name = "is-zip"; + packageName = "is-zip"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-zip/-/is-zip-1.0.0.tgz"; + sha1 = "47b0a8ff4d38a76431ccfd99a8e15a4c86ba2325"; + }; + }; + "isarray-0.0.1" = { + name = "isarray"; + packageName = "isarray"; + version = "0.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz"; + sha1 = "8a18acfca9a8f4177e09abfc6038939b05d1eedf"; + }; + }; + "isarray-1.0.0" = { + name = "isarray"; + packageName = "isarray"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz"; + sha1 = "bb935d48582cba168c06834957a54a3e07124f11"; + }; + }; + "isexe-2.0.0" = { + name = "isexe"; + packageName = "isexe"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz"; + sha1 = "e8fbf374dc556ff8947a10dcb0572d633f2cfa10"; + }; + }; + "isobject-2.1.0" = { + name = "isobject"; + packageName = "isobject"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz"; + sha1 = "f065561096a3f1da2ef46272f815c840d87e0c89"; + }; + }; + "isobject-3.0.1" = { + name = "isobject"; + packageName = "isobject"; + version = "3.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz"; + sha1 = "4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"; + }; + }; + "isstream-0.1.2" = { + name = "isstream"; + packageName = "isstream"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz"; + sha1 = "47e63f7af55afa6f92e1500e690eb8b8529c099a"; + }; + }; + "isurl-1.0.0" = { + name = "isurl"; + packageName = "isurl"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/isurl/-/isurl-1.0.0.tgz"; + sha512 = "1P/yWsxPlDtn7QeRD+ULKQPaIaN6yF368GZ2vDfv0AL0NwpStafjWCDDdn0k8wgFMWpVAqG7oJhxHnlud42i9w=="; + }; + }; + "js-tokens-4.0.0" = { + name = "js-tokens"; + packageName = "js-tokens"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz"; + sha512 = "RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ=="; + }; + }; + "js-yaml-3.14.1" = { + name = "js-yaml"; + packageName = "js-yaml"; + version = "3.14.1"; + src = fetchurl { + url = "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz"; + sha512 = "okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g=="; + }; + }; + "js-yaml-4.0.0" = { + name = "js-yaml"; + packageName = "js-yaml"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/js-yaml/-/js-yaml-4.0.0.tgz"; + sha512 = "pqon0s+4ScYUvX30wxQi3PogGFAlUyH0awepWvwkj4jD4v+ova3RiYw8bmA6x2rDrEaj8i/oWKoRxpVNW+Re8Q=="; + }; + }; + "jsbn-0.1.1" = { + name = "jsbn"; + packageName = "jsbn"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz"; + sha1 = "a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"; + }; + }; + "json-10.0.0" = { + name = "json"; + packageName = "json"; + version = "10.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/json/-/json-10.0.0.tgz"; + sha512 = "iK7tAZtpoghibjdB1ncCWykeBMmke3JThUe+rnkD4qkZaglOIQ70Pw7r5UJ4lyUT+7gnw7ehmmLUHDuhqzQD+g=="; + }; + }; + "json-schema-0.2.3" = { + name = "json-schema"; + packageName = "json-schema"; + version = "0.2.3"; + src = fetchurl { + url = "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz"; + sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13"; + }; + }; + "json-schema-traverse-0.4.1" = { + name = "json-schema-traverse"; + packageName = "json-schema-traverse"; + version = "0.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz"; + sha512 = "xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="; + }; + }; + "json-stable-stringify-without-jsonify-1.0.1" = { + name = "json-stable-stringify-without-jsonify"; + packageName = "json-stable-stringify-without-jsonify"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz"; + sha1 = "9db7b59496ad3f3cfef30a75142d2d930ad72651"; + }; + }; + "json-stringify-safe-5.0.1" = { + name = "json-stringify-safe"; + packageName = "json-stringify-safe"; + version = "5.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz"; + sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"; + }; + }; + "jsonfile-4.0.0" = { + name = "jsonfile"; + packageName = "jsonfile"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz"; + sha1 = "8771aae0799b64076b76640fca058f9c10e33ecb"; + }; + }; + "jsprim-1.4.1" = { + name = "jsprim"; + packageName = "jsprim"; + version = "1.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz"; + sha1 = "313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"; + }; + }; + "jszip-3.7.1" = { + name = "jszip"; + packageName = "jszip"; + version = "3.7.1"; + src = fetchurl { + url = "https://registry.npmjs.org/jszip/-/jszip-3.7.1.tgz"; + sha512 = "ghL0tz1XG9ZEmRMcEN2vt7xabrDdqHHeykgARpmZ0BiIctWxM47Vt63ZO2dnp4QYt/xJVLLy5Zv1l/xRdh2byg=="; + }; + }; + "just-debounce-1.1.0" = { + name = "just-debounce"; + packageName = "just-debounce"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/just-debounce/-/just-debounce-1.1.0.tgz"; + sha512 = "qpcRocdkUmf+UTNBYx5w6dexX5J31AKK1OmPwH630a83DdVVUIngk55RSAiIGpQyoH0dlr872VHfPjnQnK1qDQ=="; + }; + }; + "kind-of-3.2.2" = { + name = "kind-of"; + packageName = "kind-of"; + version = "3.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz"; + sha1 = "31ea21a734bab9bbb0f32466d893aea51e4a3c64"; + }; + }; + "kind-of-4.0.0" = { + name = "kind-of"; + packageName = "kind-of"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz"; + sha1 = "20813df3d712928b207378691a45066fae72dd57"; + }; + }; + "kind-of-5.1.0" = { + name = "kind-of"; + packageName = "kind-of"; + version = "5.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz"; + sha512 = "NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw=="; + }; + }; + "kind-of-6.0.3" = { + name = "kind-of"; + packageName = "kind-of"; + version = "6.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz"; + sha512 = "dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw=="; + }; + }; + "last-run-1.1.1" = { + name = "last-run"; + packageName = "last-run"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/last-run/-/last-run-1.1.1.tgz"; + sha1 = "45b96942c17b1c79c772198259ba943bebf8ca5b"; + }; + }; + "lazystream-1.0.0" = { + name = "lazystream"; + packageName = "lazystream"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/lazystream/-/lazystream-1.0.0.tgz"; + sha1 = "f6995fe0f820392f61396be89462407bb77168e4"; + }; + }; + "lcid-1.0.0" = { + name = "lcid"; + packageName = "lcid"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/lcid/-/lcid-1.0.0.tgz"; + sha1 = "308accafa0bc483a3867b4b6f2b9506251d1b835"; + }; + }; + "lead-1.0.0" = { + name = "lead"; + packageName = "lead"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/lead/-/lead-1.0.0.tgz"; + sha1 = "6f14f99a37be3a9dd784f5495690e5903466ee42"; + }; + }; + "levn-0.3.0" = { + name = "levn"; + packageName = "levn"; + version = "0.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz"; + sha1 = "3b09924edf9f083c0490fdd4c0bc4421e04764ee"; + }; + }; + "lie-3.3.0" = { + name = "lie"; + packageName = "lie"; + version = "3.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz"; + sha512 = "UaiMJzeWRlEujzAuw5LokY1L5ecNQYZKfmyZ9L7wDHb/p5etKaxXhohBcrw0EYby+G/NA52vRSN4N39dxHAIwQ=="; + }; + }; + "liftoff-3.1.0" = { + name = "liftoff"; + packageName = "liftoff"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/liftoff/-/liftoff-3.1.0.tgz"; + sha512 = "DlIPlJUkCV0Ips2zf2pJP0unEoT1kwYhiiPUGF3s/jtxTCjziNLoiVVh+jqWOWeFi6mmwQ5fNxvAUyPad4Dfog=="; + }; + }; + "load-json-file-1.1.0" = { + name = "load-json-file"; + packageName = "load-json-file"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/load-json-file/-/load-json-file-1.1.0.tgz"; + sha1 = "956905708d58b4bab4c2261b04f59f31c99374c0"; + }; + }; + "locate-path-6.0.0" = { + name = "locate-path"; + packageName = "locate-path"; + version = "6.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz"; + sha512 = "iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw=="; + }; + }; + "lodash-4.17.21" = { + name = "lodash"; + packageName = "lodash"; + version = "4.17.21"; + src = fetchurl { + url = "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz"; + sha512 = "v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="; + }; + }; + "lodash.isequal-4.5.0" = { + name = "lodash.isequal"; + packageName = "lodash.isequal"; + version = "4.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz"; + sha1 = "415c4478f2bcc30120c22ce10ed3226f7d3e18e0"; + }; + }; + "log-symbols-4.0.0" = { + name = "log-symbols"; + packageName = "log-symbols"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/log-symbols/-/log-symbols-4.0.0.tgz"; + sha512 = "FN8JBzLx6CzeMrB0tg6pqlGU1wCrXW+ZXGH481kfsBqer0hToTIiHdjH4Mq8xJUbvATujKCvaREGWpGUionraA=="; + }; + }; + "lowercase-keys-1.0.1" = { + name = "lowercase-keys"; + packageName = "lowercase-keys"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.1.tgz"; + sha512 = "G2Lj61tXDnVFFOi8VZds+SoQjtQC3dgokKdDG2mTm1tx4m50NUHBOZSBwQQHyy0V12A0JTG4icfZQH+xPyh8VA=="; + }; + }; + "lru-queue-0.1.0" = { + name = "lru-queue"; + packageName = "lru-queue"; + version = "0.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz"; + sha1 = "2738bd9f0d3cf4f84490c5736c48699ac632cda3"; + }; + }; + "make-dir-1.3.0" = { + name = "make-dir"; + packageName = "make-dir"; + version = "1.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/make-dir/-/make-dir-1.3.0.tgz"; + sha512 = "2w31R7SJtieJJnQtGc7RVL2StM2vGYVfqUOvUDxH6bC6aJTxPxTF0GnIgCyu7tjockiUWAYQRbxa7vKn34s5sQ=="; + }; + }; + "make-iterator-1.0.1" = { + name = "make-iterator"; + packageName = "make-iterator"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/make-iterator/-/make-iterator-1.0.1.tgz"; + sha512 = "pxiuXh0iVEq7VM7KMIhs5gxsfxCux2URptUQaXo4iZZJxBAzTPOLE2BumO5dbfVYq/hBJFBR/a1mFDmOx5AGmw=="; + }; + }; + "map-cache-0.2.2" = { + name = "map-cache"; + packageName = "map-cache"; + version = "0.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/map-cache/-/map-cache-0.2.2.tgz"; + sha1 = "c32abd0bd6525d9b051645bb4f26ac5dc98a0dbf"; + }; + }; + "map-visit-1.0.0" = { + name = "map-visit"; + packageName = "map-visit"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/map-visit/-/map-visit-1.0.0.tgz"; + sha1 = "ecdca8f13144e660f1b5bd41f12f3479d98dfb8f"; + }; + }; + "matchdep-2.0.0" = { + name = "matchdep"; + packageName = "matchdep"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/matchdep/-/matchdep-2.0.0.tgz"; + sha1 = "c6f34834a0d8dbc3b37c27ee8bbcb27c7775582e"; + }; + }; + "math-random-1.0.4" = { + name = "math-random"; + packageName = "math-random"; + version = "1.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/math-random/-/math-random-1.0.4.tgz"; + sha512 = "rUxjysqif/BZQH2yhd5Aaq7vXMSx9NdEsQcyA07uEzIvxgI7zIr33gGsh+RU0/XjmQpCW7RsVof1vlkvQVCK5A=="; + }; + }; + "memoizee-0.4.15" = { + name = "memoizee"; + packageName = "memoizee"; + version = "0.4.15"; + src = fetchurl { + url = "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz"; + sha512 = "UBWmJpLZd5STPm7PMUlOw/TSy972M+z8gcyQ5veOnSDRREz/0bmpyTfKt3/51DhEBqCZQn1udM/5flcSPYhkdQ=="; + }; + }; + "merge-1.2.1" = { + name = "merge"; + packageName = "merge"; + version = "1.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/merge/-/merge-1.2.1.tgz"; + sha512 = "VjFo4P5Whtj4vsLzsYBu5ayHhoHJ0UqNm7ibvShmbmoz7tGi0vXaoJbGdB+GmDMLUdg8DpQXEIeVDAe8MaABvQ=="; + }; + }; + "merge-stream-1.0.1" = { + name = "merge-stream"; + packageName = "merge-stream"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/merge-stream/-/merge-stream-1.0.1.tgz"; + sha1 = "4041202d508a342ba00174008df0c251b8c135e1"; + }; + }; + "micromatch-2.3.11" = { + name = "micromatch"; + packageName = "micromatch"; + version = "2.3.11"; + src = fetchurl { + url = "https://registry.npmjs.org/micromatch/-/micromatch-2.3.11.tgz"; + sha1 = "86677c97d1720b363431d04d0d15293bd38c1565"; + }; + }; + "micromatch-3.1.10" = { + name = "micromatch"; + packageName = "micromatch"; + version = "3.1.10"; + src = fetchurl { + url = "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz"; + sha512 = "MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg=="; + }; + }; + "mime-db-1.49.0" = { + name = "mime-db"; + packageName = "mime-db"; + version = "1.49.0"; + src = fetchurl { + url = "https://registry.npmjs.org/mime-db/-/mime-db-1.49.0.tgz"; + sha512 = "CIc8j9URtOVApSFCQIF+VBkX1RwXp/oMMOrqdyXSBXq5RWNEsRfyj1kiRnQgmNXmHxPoFIxOroKA3zcU9P+nAA=="; + }; + }; + "mime-types-2.1.32" = { + name = "mime-types"; + packageName = "mime-types"; + version = "2.1.32"; + src = fetchurl { + url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.32.tgz"; + sha512 = "hJGaVS4G4c9TSMYh2n6SQAGrC4RnfU+daP8G7cSCmaqNjiOoUY0VHCMS42pxnQmVF1GWwFhbHWn3RIxCqTmZ9A=="; + }; + }; + "mimic-fn-2.1.0" = { + name = "mimic-fn"; + packageName = "mimic-fn"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz"; + sha512 = "OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg=="; + }; + }; + "minimatch-3.0.4" = { + name = "minimatch"; + packageName = "minimatch"; + version = "3.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz"; + sha512 = "yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA=="; + }; + }; + "minimist-1.2.5" = { + name = "minimist"; + packageName = "minimist"; + version = "1.2.5"; + src = fetchurl { + url = "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz"; + sha512 = "FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw=="; + }; + }; + "mixin-deep-1.3.2" = { + name = "mixin-deep"; + packageName = "mixin-deep"; + version = "1.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz"; + sha512 = "WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA=="; + }; + }; + "mkdirp-0.5.5" = { + name = "mkdirp"; + packageName = "mkdirp"; + version = "0.5.5"; + src = fetchurl { + url = "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz"; + sha512 = "NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ=="; + }; + }; + "mkpath-0.1.0" = { + name = "mkpath"; + packageName = "mkpath"; + version = "0.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/mkpath/-/mkpath-0.1.0.tgz"; + sha1 = "7554a6f8d871834cc97b5462b122c4c124d6de91"; + }; + }; + "mocha-8.4.0" = { + name = "mocha"; + packageName = "mocha"; + version = "8.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/mocha/-/mocha-8.4.0.tgz"; + sha512 = "hJaO0mwDXmZS4ghXsvPVriOhsxQ7ofcpQdm8dE+jISUOKopitvnXFQmpRR7jd2K6VBG6E26gU3IAbXXGIbu4sQ=="; + }; + }; + "ms-2.0.0" = { + name = "ms"; + packageName = "ms"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz"; + sha1 = "5608aeadfc00be6c2901df5f9861788de0d597c8"; + }; + }; + "ms-2.1.2" = { + name = "ms"; + packageName = "ms"; + version = "2.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz"; + sha512 = "sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="; + }; + }; + "ms-2.1.3" = { + name = "ms"; + packageName = "ms"; + version = "2.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz"; + sha512 = "6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="; + }; + }; + "multimeter-0.1.1" = { + name = "multimeter"; + packageName = "multimeter"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/multimeter/-/multimeter-0.1.1.tgz"; + sha1 = "f856c80fc3cf0f1d4ad8eb36ad68735e3ed5b3ea"; + }; + }; + "mute-stdout-1.0.1" = { + name = "mute-stdout"; + packageName = "mute-stdout"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/mute-stdout/-/mute-stdout-1.0.1.tgz"; + sha512 = "kDcwXR4PS7caBpuRYYBUz9iVixUk3anO3f5OYFiIPwK/20vCzKCHyKoulbiDY1S53zD2bxUpxN/IJ+TnXjfvxg=="; + }; + }; + "mute-stream-0.0.8" = { + name = "mute-stream"; + packageName = "mute-stream"; + version = "0.0.8"; + src = fetchurl { + url = "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz"; + sha512 = "nnbWWOkoWyUsTjKrhgD0dcz22mdkSnpYqbEjIm2nhwhuxlSkpywJmBo8h0ZqJdkp73mb90SssHkN4rsRaBAfAA=="; + }; + }; + "nan-2.15.0" = { + name = "nan"; + packageName = "nan"; + version = "2.15.0"; + src = fetchurl { + url = "https://registry.npmjs.org/nan/-/nan-2.15.0.tgz"; + sha512 = "8ZtvEnA2c5aYCZYd1cvgdnU6cqwixRoYg70xPLWUws5ORTa/lnw+u4amixRS/Ac5U5mQVgp9pnlSUnbNWFaWZQ=="; + }; + }; + "nanoid-3.1.20" = { + name = "nanoid"; + packageName = "nanoid"; + version = "3.1.20"; + src = fetchurl { + url = "https://registry.npmjs.org/nanoid/-/nanoid-3.1.20.tgz"; + sha512 = "a1cQNyczgKbLX9jwbS/+d7W8fX/RfgYR7lVWwWOGIPNgK2m0MWvrGF6/m4kk6U3QcFMnZf3RIhL0v2Jgh/0Uxw=="; + }; + }; + "nanomatch-1.2.13" = { + name = "nanomatch"; + packageName = "nanomatch"; + version = "1.2.13"; + src = fetchurl { + url = "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz"; + sha512 = "fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA=="; + }; + }; + "natural-compare-1.4.0" = { + name = "natural-compare"; + packageName = "natural-compare"; + version = "1.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz"; + sha1 = "4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"; + }; + }; + "next-tick-1.0.0" = { + name = "next-tick"; + packageName = "next-tick"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/next-tick/-/next-tick-1.0.0.tgz"; + sha1 = "ca86d1fe8828169b0120208e3dc8424b9db8342c"; + }; + }; + "next-tick-1.1.0" = { + name = "next-tick"; + packageName = "next-tick"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz"; + sha512 = "CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ=="; + }; + }; + "nice-try-1.0.5" = { + name = "nice-try"; + packageName = "nice-try"; + version = "1.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz"; + sha512 = "1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ=="; + }; + }; + "nopt-1.0.10" = { + name = "nopt"; + packageName = "nopt"; + version = "1.0.10"; + src = fetchurl { + url = "https://registry.npmjs.org/nopt/-/nopt-1.0.10.tgz"; + sha1 = "6ddd21bd2a31417b92727dd585f8a6f37608ebee"; + }; + }; + "nopt-3.0.6" = { + name = "nopt"; + packageName = "nopt"; + version = "3.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz"; + sha1 = "c6465dbf08abcd4db359317f79ac68a646b28ff9"; + }; + }; + "normalize-package-data-2.5.0" = { + name = "normalize-package-data"; + packageName = "normalize-package-data"; + version = "2.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz"; + sha512 = "/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA=="; + }; + }; + "normalize-path-2.1.1" = { + name = "normalize-path"; + packageName = "normalize-path"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz"; + sha1 = "1ab28b556e198363a8c1a6f7e6fa20137fe6aed9"; + }; + }; + "normalize-path-3.0.0" = { + name = "normalize-path"; + packageName = "normalize-path"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz"; + sha512 = "6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="; + }; + }; + "now-and-later-2.0.1" = { + name = "now-and-later"; + packageName = "now-and-later"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/now-and-later/-/now-and-later-2.0.1.tgz"; + sha512 = "KGvQ0cB70AQfg107Xvs/Fbu+dGmZoTRJp2TaPwcwQm3/7PteUyN2BCgk8KBMPGBUXZdVwyWS8fDCGFygBm19UQ=="; + }; + }; + "npm-conf-1.1.3" = { + name = "npm-conf"; + packageName = "npm-conf"; + version = "1.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/npm-conf/-/npm-conf-1.1.3.tgz"; + sha512 = "Yic4bZHJOt9RCFbRP3GgpqhScOY4HH3V2P8yBj6CeYq118Qr+BLXqT2JvpJ00mryLESpgOxf5XlFv4ZjXxLScw=="; + }; + }; + "number-is-nan-1.0.1" = { + name = "number-is-nan"; + packageName = "number-is-nan"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/number-is-nan/-/number-is-nan-1.0.1.tgz"; + sha1 = "097b602b53422a522c1afb8790318336941a011d"; + }; + }; + "nw-0.36.4" = { + name = "nw"; + packageName = "nw"; + version = "0.36.4"; + src = fetchurl { + url = "https://registry.npmjs.org/nw/-/nw-0.36.4.tgz"; + sha512 = "/8z60bdfI4AeBAWdZxOtvVpdpxUrwcAm+1PxOAmoLnJyKG0aXQYSsX9fZPNcJvubX9hy9GkqFEEd0rXn4n/Ryg=="; + }; + }; + "nw-autoupdater-1.1.11" = { + name = "nw-autoupdater"; + packageName = "nw-autoupdater"; + version = "1.1.11"; + src = fetchurl { + url = "https://registry.npmjs.org/nw-autoupdater/-/nw-autoupdater-1.1.11.tgz"; + sha512 = "kCDRDCRayjZSwE8VhIclUyDjkylzHz9JT2WK/45wFNcW/9y6zaR/fy+AG2V266YF4XWFEId9ZuK2M3nIBpm9iw=="; + }; + }; + "nw-dev-3.0.1" = { + name = "nw-dev"; + packageName = "nw-dev"; + version = "3.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/nw-dev/-/nw-dev-3.0.1.tgz"; + sha1 = "fcae540cd00cb1f225808c2ebd96842df0b780d2"; + }; + }; + "oauth-sign-0.9.0" = { + name = "oauth-sign"; + packageName = "oauth-sign"; + version = "0.9.0"; + src = fetchurl { + url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz"; + sha512 = "fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="; + }; + }; + "object-assign-2.1.1" = { + name = "object-assign"; + packageName = "object-assign"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/object-assign/-/object-assign-2.1.1.tgz"; + sha1 = "43c36e5d569ff8e4816c4efa8be02d26967c18aa"; + }; + }; + "object-assign-4.1.1" = { + name = "object-assign"; + packageName = "object-assign"; + version = "4.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz"; + sha1 = "2109adc7965887cfc05cbbd442cac8bfbb360863"; + }; + }; + "object-copy-0.1.0" = { + name = "object-copy"; + packageName = "object-copy"; + version = "0.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz"; + sha1 = "7e7d858b781bd7c991a41ba975ed3812754e998c"; + }; + }; + "object-keys-1.1.1" = { + name = "object-keys"; + packageName = "object-keys"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz"; + sha512 = "NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA=="; + }; + }; + "object-visit-1.0.1" = { + name = "object-visit"; + packageName = "object-visit"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/object-visit/-/object-visit-1.0.1.tgz"; + sha1 = "f79c4493af0c5377b59fe39d395e41042dd045bb"; + }; + }; + "object.assign-4.1.2" = { + name = "object.assign"; + packageName = "object.assign"; + version = "4.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/object.assign/-/object.assign-4.1.2.tgz"; + sha512 = "ixT2L5THXsApyiUPYKmW+2EHpXXe5Ii3M+f4e+aJFAHao5amFRW6J0OO6c/LU8Be47utCx2GL89hxGB6XSmKuQ=="; + }; + }; + "object.defaults-1.1.0" = { + name = "object.defaults"; + packageName = "object.defaults"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/object.defaults/-/object.defaults-1.1.0.tgz"; + sha1 = "3a7f868334b407dea06da16d88d5cd29e435fecf"; + }; + }; + "object.map-1.0.1" = { + name = "object.map"; + packageName = "object.map"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/object.map/-/object.map-1.0.1.tgz"; + sha1 = "cf83e59dc8fcc0ad5f4250e1f78b3b81bd801d37"; + }; + }; + "object.omit-2.0.1" = { + name = "object.omit"; + packageName = "object.omit"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/object.omit/-/object.omit-2.0.1.tgz"; + sha1 = "1a9c744829f39dbb858c76ca3579ae2a54ebd1fa"; + }; + }; + "object.pick-1.3.0" = { + name = "object.pick"; + packageName = "object.pick"; + version = "1.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/object.pick/-/object.pick-1.3.0.tgz"; + sha1 = "87a10ac4c1694bd2e1cbf53591a66141fb5dd747"; + }; + }; + "object.reduce-1.0.1" = { + name = "object.reduce"; + packageName = "object.reduce"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/object.reduce/-/object.reduce-1.0.1.tgz"; + sha1 = "6fe348f2ac7fa0f95ca621226599096825bb03ad"; + }; + }; + "once-1.4.0" = { + name = "once"; + packageName = "once"; + version = "1.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/once/-/once-1.4.0.tgz"; + sha1 = "583b1aa775961d4b113ac17d9c50baef9dd76bd1"; + }; + }; + "onetime-5.1.2" = { + name = "onetime"; + packageName = "onetime"; + version = "5.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz"; + sha512 = "kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg=="; + }; + }; + "optionator-0.8.3" = { + name = "optionator"; + packageName = "optionator"; + version = "0.8.3"; + src = fetchurl { + url = "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz"; + sha512 = "+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA=="; + }; + }; + "ordered-read-streams-0.3.0" = { + name = "ordered-read-streams"; + packageName = "ordered-read-streams"; + version = "0.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ordered-read-streams/-/ordered-read-streams-0.3.0.tgz"; + sha1 = "7137e69b3298bb342247a1bbee3881c80e2fd78b"; + }; + }; + "ordered-read-streams-1.0.1" = { + name = "ordered-read-streams"; + packageName = "ordered-read-streams"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ordered-read-streams/-/ordered-read-streams-1.0.1.tgz"; + sha1 = "77c0cb37c41525d64166d990ffad7ec6a0e1363e"; + }; + }; + "os-locale-1.4.0" = { + name = "os-locale"; + packageName = "os-locale"; + version = "1.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/os-locale/-/os-locale-1.4.0.tgz"; + sha1 = "20f9f17ae29ed345e8bde583b13d2009803c14d9"; + }; + }; + "os-tmpdir-1.0.2" = { + name = "os-tmpdir"; + packageName = "os-tmpdir"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz"; + sha1 = "bbe67406c79aa85c5cfec766fe5734555dfa1274"; + }; + }; + "p-limit-3.1.0" = { + name = "p-limit"; + packageName = "p-limit"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz"; + sha512 = "TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ=="; + }; + }; + "p-locate-5.0.0" = { + name = "p-locate"; + packageName = "p-locate"; + version = "5.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz"; + sha512 = "LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw=="; + }; + }; + "pako-1.0.11" = { + name = "pako"; + packageName = "pako"; + version = "1.0.11"; + src = fetchurl { + url = "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz"; + sha512 = "4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw=="; + }; + }; + "parent-module-1.0.1" = { + name = "parent-module"; + packageName = "parent-module"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz"; + sha512 = "GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g=="; + }; + }; + "parse-filepath-1.0.2" = { + name = "parse-filepath"; + packageName = "parse-filepath"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/parse-filepath/-/parse-filepath-1.0.2.tgz"; + sha1 = "a632127f53aaf3d15876f5872f3ffac763d6c891"; + }; + }; + "parse-glob-3.0.4" = { + name = "parse-glob"; + packageName = "parse-glob"; + version = "3.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/parse-glob/-/parse-glob-3.0.4.tgz"; + sha1 = "b2c376cfb11f35513badd173ef0bb6e3a388391c"; + }; + }; + "parse-json-2.2.0" = { + name = "parse-json"; + packageName = "parse-json"; + version = "2.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz"; + sha1 = "f480f40434ef80741f8469099f8dea18f55a4dc9"; + }; + }; + "parse-node-version-1.0.1" = { + name = "parse-node-version"; + packageName = "parse-node-version"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/parse-node-version/-/parse-node-version-1.0.1.tgz"; + sha512 = "3YHlOa/JgH6Mnpr05jP9eDG254US9ek25LyIxZlDItp2iJtwyaXQb57lBYLdT3MowkUFYEV2XXNAYIPlESvJlA=="; + }; + }; + "parse-passwd-1.0.0" = { + name = "parse-passwd"; + packageName = "parse-passwd"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz"; + sha1 = "6d5b934a456993b23d37f40a382d6f1666a8e5c6"; + }; + }; + "pascalcase-0.1.1" = { + name = "pascalcase"; + packageName = "pascalcase"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/pascalcase/-/pascalcase-0.1.1.tgz"; + sha1 = "b363e55e8006ca6fe21784d2db22bd15d7917f14"; + }; + }; + "path-dirname-1.0.2" = { + name = "path-dirname"; + packageName = "path-dirname"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/path-dirname/-/path-dirname-1.0.2.tgz"; + sha1 = "cc33d24d525e099a5388c0336c6e32b9160609e0"; + }; + }; + "path-exists-2.1.0" = { + name = "path-exists"; + packageName = "path-exists"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz"; + sha1 = "0feb6c64f0fc518d9a754dd5efb62c7022761f4b"; + }; + }; + "path-exists-4.0.0" = { + name = "path-exists"; + packageName = "path-exists"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz"; + sha512 = "ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w=="; + }; + }; + "path-is-absolute-1.0.1" = { + name = "path-is-absolute"; + packageName = "path-is-absolute"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz"; + sha1 = "174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f"; + }; + }; + "path-key-2.0.1" = { + name = "path-key"; + packageName = "path-key"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz"; + sha1 = "411cadb574c5a140d3a4b1910d40d80cc9f40b40"; + }; + }; + "path-parse-1.0.7" = { + name = "path-parse"; + packageName = "path-parse"; + version = "1.0.7"; + src = fetchurl { + url = "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz"; + sha512 = "LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="; + }; + }; + "path-root-0.1.1" = { + name = "path-root"; + packageName = "path-root"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/path-root/-/path-root-0.1.1.tgz"; + sha1 = "9a4a6814cac1c0cd73360a95f32083c8ea4745b7"; + }; + }; + "path-root-regex-0.1.2" = { + name = "path-root-regex"; + packageName = "path-root-regex"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/path-root-regex/-/path-root-regex-0.1.2.tgz"; + sha1 = "bfccdc8df5b12dc52c8b43ec38d18d72c04ba96d"; + }; + }; + "path-type-1.1.0" = { + name = "path-type"; + packageName = "path-type"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/path-type/-/path-type-1.1.0.tgz"; + sha1 = "59c44f7ee491da704da415da5a4070ba4f8fe441"; + }; + }; + "pathval-1.1.1" = { + name = "pathval"; + packageName = "pathval"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz"; + sha512 = "Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ=="; + }; + }; + "pend-1.2.0" = { + name = "pend"; + packageName = "pend"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz"; + sha1 = "7a57eb550a6783f9115331fcf4663d5c8e007a50"; + }; + }; + "performance-now-2.1.0" = { + name = "performance-now"; + packageName = "performance-now"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz"; + sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"; + }; + }; + "picomatch-2.3.0" = { + name = "picomatch"; + packageName = "picomatch"; + version = "2.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/picomatch/-/picomatch-2.3.0.tgz"; + sha512 = "lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw=="; + }; + }; + "pify-2.3.0" = { + name = "pify"; + packageName = "pify"; + version = "2.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz"; + sha1 = "ed141a6ac043a849ea588498e7dca8b15330e90c"; + }; + }; + "pify-3.0.0" = { + name = "pify"; + packageName = "pify"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz"; + sha1 = "e5a4acd2c101fdf3d9a4d07f0dbc4db49dd28176"; + }; + }; + "pinkie-2.0.4" = { + name = "pinkie"; + packageName = "pinkie"; + version = "2.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz"; + sha1 = "72556b80cfa0d48a974e80e77248e80ed4f7f870"; + }; + }; + "pinkie-promise-2.0.1" = { + name = "pinkie-promise"; + packageName = "pinkie-promise"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz"; + sha1 = "2135d6dfa7a358c069ac9b178776288228450ffa"; + }; + }; + "posix-character-classes-0.1.1" = { + name = "posix-character-classes"; + packageName = "posix-character-classes"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/posix-character-classes/-/posix-character-classes-0.1.1.tgz"; + sha1 = "01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab"; + }; + }; + "prelude-ls-1.1.2" = { + name = "prelude-ls"; + packageName = "prelude-ls"; + version = "1.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz"; + sha1 = "21932a549f5e52ffd9a827f570e04be62a97da54"; + }; + }; + "prepend-http-1.0.4" = { + name = "prepend-http"; + packageName = "prepend-http"; + version = "1.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/prepend-http/-/prepend-http-1.0.4.tgz"; + sha1 = "d4f4562b0ce3696e41ac52d0e002e57a635dc6dc"; + }; + }; + "preserve-0.2.0" = { + name = "preserve"; + packageName = "preserve"; + version = "0.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/preserve/-/preserve-0.2.0.tgz"; + sha1 = "815ed1f6ebc65926f865b310c0713bcb3315ce4b"; + }; + }; + "pretty-hrtime-1.0.3" = { + name = "pretty-hrtime"; + packageName = "pretty-hrtime"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz"; + sha1 = "b7e3ea42435a4c9b2759d99e0f201eb195802ee1"; + }; + }; + "process-nextick-args-2.0.1" = { + name = "process-nextick-args"; + packageName = "process-nextick-args"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz"; + sha512 = "3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="; + }; + }; + "progress-2.0.3" = { + name = "progress"; + packageName = "progress"; + version = "2.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz"; + sha512 = "7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA=="; + }; + }; + "proto-list-1.2.4" = { + name = "proto-list"; + packageName = "proto-list"; + version = "1.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz"; + sha1 = "212d5bfe1318306a420f6402b8e26ff39647a849"; + }; + }; + "psl-1.8.0" = { + name = "psl"; + packageName = "psl"; + version = "1.8.0"; + src = fetchurl { + url = "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz"; + sha512 = "RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ=="; + }; + }; + "pump-2.0.1" = { + name = "pump"; + packageName = "pump"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/pump/-/pump-2.0.1.tgz"; + sha512 = "ruPMNRkN3MHP1cWJc9OWr+T/xDP0jhXYCLfJcBuX54hhfIBnaQmAUMfDcG4DM5UMWByBbJY69QSphm3jtDKIkA=="; + }; + }; + "pumpify-1.5.1" = { + name = "pumpify"; + packageName = "pumpify"; + version = "1.5.1"; + src = fetchurl { + url = "https://registry.npmjs.org/pumpify/-/pumpify-1.5.1.tgz"; + sha512 = "oClZI37HvuUJJxSKKrC17bZ9Cu0ZYhEAGPsPUy9KlMUmv9dKX2o77RUmq7f3XjIxbwyGwYzbzQ1L2Ks8sIradQ=="; + }; + }; + "punycode-2.1.1" = { + name = "punycode"; + packageName = "punycode"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz"; + sha512 = "XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="; + }; + }; + "q-1.5.1" = { + name = "q"; + packageName = "q"; + version = "1.5.1"; + src = fetchurl { + url = "https://registry.npmjs.org/q/-/q-1.5.1.tgz"; + sha1 = "7e32f75b41381291d04611f1bf14109ac00651d7"; + }; + }; + "qs-6.5.2" = { + name = "qs"; + packageName = "qs"; + version = "6.5.2"; + src = fetchurl { + url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz"; + sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="; + }; + }; + "randomatic-3.1.1" = { + name = "randomatic"; + packageName = "randomatic"; + version = "3.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/randomatic/-/randomatic-3.1.1.tgz"; + sha512 = "TuDE5KxZ0J461RVjrJZCJc+J+zCkTb1MbH9AQUq68sMhOMcy9jLcb3BrZKgp9q9Ncltdg4QVqWrH02W2EFFVYw=="; + }; + }; + "randombytes-2.1.0" = { + name = "randombytes"; + packageName = "randombytes"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz"; + sha512 = "vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ=="; + }; + }; + "read-all-stream-3.1.0" = { + name = "read-all-stream"; + packageName = "read-all-stream"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/read-all-stream/-/read-all-stream-3.1.0.tgz"; + sha1 = "35c3e177f2078ef789ee4bfafa4373074eaef4fa"; + }; + }; + "read-pkg-1.1.0" = { + name = "read-pkg"; + packageName = "read-pkg"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/read-pkg/-/read-pkg-1.1.0.tgz"; + sha1 = "f5ffaa5ecd29cb31c0474bca7d756b6bb29e3f28"; + }; + }; + "read-pkg-up-1.0.1" = { + name = "read-pkg-up"; + packageName = "read-pkg-up"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-1.0.1.tgz"; + sha1 = "9d63c13276c065918d57f002a57f40a1b643fb02"; + }; + }; + "readable-stream-1.0.34" = { + name = "readable-stream"; + packageName = "readable-stream"; + version = "1.0.34"; + src = fetchurl { + url = "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz"; + sha1 = "125820e34bc842d2f2aaafafe4c2916ee32c157c"; + }; + }; + "readable-stream-1.1.14" = { + name = "readable-stream"; + packageName = "readable-stream"; + version = "1.1.14"; + src = fetchurl { + url = "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz"; + sha1 = "7cf4c54ef648e3813084c636dd2079e166c081d9"; + }; + }; + "readable-stream-2.3.7" = { + name = "readable-stream"; + packageName = "readable-stream"; + version = "2.3.7"; + src = fetchurl { + url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz"; + sha512 = "Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw=="; + }; + }; + "readdirp-2.2.1" = { + name = "readdirp"; + packageName = "readdirp"; + version = "2.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/readdirp/-/readdirp-2.2.1.tgz"; + sha512 = "1JU/8q+VgFZyxwrJ+SVIOsh+KywWGpds3NTqikiKpDMZWScmAYyKIgqkO+ARvNWJfXeXR1zxz7aHF4u4CyH6vQ=="; + }; + }; + "readdirp-3.5.0" = { + name = "readdirp"; + packageName = "readdirp"; + version = "3.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/readdirp/-/readdirp-3.5.0.tgz"; + sha512 = "cMhu7c/8rdhkHXWsY+osBhfSy0JikwpHK/5+imo+LpeasTF8ouErHrlYkwT0++njiyuDvc7OFY5T3ukvZ8qmFQ=="; + }; + }; + "rechoir-0.6.2" = { + name = "rechoir"; + packageName = "rechoir"; + version = "0.6.2"; + src = fetchurl { + url = "https://registry.npmjs.org/rechoir/-/rechoir-0.6.2.tgz"; + sha1 = "85204b54dba82d5742e28c96756ef43af50e3384"; + }; + }; + "regex-cache-0.4.4" = { + name = "regex-cache"; + packageName = "regex-cache"; + version = "0.4.4"; + src = fetchurl { + url = "https://registry.npmjs.org/regex-cache/-/regex-cache-0.4.4.tgz"; + sha512 = "nVIZwtCjkC9YgvWkpM55B5rBhBYRZhAaJbgcFYXXsHnbZ9UZI9nnVWYZpBlCqv9ho2eZryPnWrZGsOdPwVWXWQ=="; + }; + }; + "regex-not-1.0.2" = { + name = "regex-not"; + packageName = "regex-not"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/regex-not/-/regex-not-1.0.2.tgz"; + sha512 = "J6SDjUgDxQj5NusnOtdFxDwN/+HWykR8GELwctJ7mdqhcyy1xEc4SRFHUXvxTp661YaVKAjfRLZ9cCqS6tn32A=="; + }; + }; + "regexpp-2.0.1" = { + name = "regexpp"; + packageName = "regexpp"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/regexpp/-/regexpp-2.0.1.tgz"; + sha512 = "lv0M6+TkDVniA3aD1Eg0DVpfU/booSu7Eev3TDO/mZKHBfVjgCGTV4t4buppESEYDtkArYFOxTJWv6S5C+iaNw=="; + }; + }; + "remove-bom-buffer-3.0.0" = { + name = "remove-bom-buffer"; + packageName = "remove-bom-buffer"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/remove-bom-buffer/-/remove-bom-buffer-3.0.0.tgz"; + sha512 = "8v2rWhaakv18qcvNeli2mZ/TMTL2nEyAKRvzo1WtnZBl15SHyEhrCu2/xKlJyUFKHiHgfXIyuY6g2dObJJycXQ=="; + }; + }; + "remove-bom-stream-1.2.0" = { + name = "remove-bom-stream"; + packageName = "remove-bom-stream"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/remove-bom-stream/-/remove-bom-stream-1.2.0.tgz"; + sha1 = "05f1a593f16e42e1fb90ebf59de8e569525f9523"; + }; + }; + "remove-trailing-separator-1.1.0" = { + name = "remove-trailing-separator"; + packageName = "remove-trailing-separator"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/remove-trailing-separator/-/remove-trailing-separator-1.1.0.tgz"; + sha1 = "c24bce2a283adad5bc3f58e0d48249b92379d8ef"; + }; + }; + "repeat-element-1.1.4" = { + name = "repeat-element"; + packageName = "repeat-element"; + version = "1.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/repeat-element/-/repeat-element-1.1.4.tgz"; + sha512 = "LFiNfRcSu7KK3evMyYOuCzv3L10TW7yC1G2/+StMjK8Y6Vqd2MG7r/Qjw4ghtuCOjFvlnms/iMmLqpvW/ES/WQ=="; + }; + }; + "repeat-string-1.6.1" = { + name = "repeat-string"; + packageName = "repeat-string"; + version = "1.6.1"; + src = fetchurl { + url = "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz"; + sha1 = "8dcae470e1c88abc2d600fff4a776286da75e637"; + }; + }; + "replace-ext-0.0.1" = { + name = "replace-ext"; + packageName = "replace-ext"; + version = "0.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/replace-ext/-/replace-ext-0.0.1.tgz"; + sha1 = "29bbd92078a739f0bcce2b4ee41e837953522924"; + }; + }; + "replace-ext-1.0.1" = { + name = "replace-ext"; + packageName = "replace-ext"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/replace-ext/-/replace-ext-1.0.1.tgz"; + sha512 = "yD5BHCe7quCgBph4rMQ+0KkIRKwWCrHDOX1p1Gp6HwjPM5kVoCdKGNhN7ydqqsX6lJEnQDKZ/tFMiEdQ1dvPEw=="; + }; + }; + "replace-homedir-1.0.0" = { + name = "replace-homedir"; + packageName = "replace-homedir"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/replace-homedir/-/replace-homedir-1.0.0.tgz"; + sha1 = "e87f6d513b928dde808260c12be7fec6ff6e798c"; + }; + }; + "request-2.88.2" = { + name = "request"; + packageName = "request"; + version = "2.88.2"; + src = fetchurl { + url = "https://registry.npmjs.org/request/-/request-2.88.2.tgz"; + sha512 = "MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw=="; + }; + }; + "require-directory-2.1.1" = { + name = "require-directory"; + packageName = "require-directory"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz"; + sha1 = "8c64ad5fd30dab1c976e2344ffe7f792a6a6df42"; + }; + }; + "require-main-filename-1.0.1" = { + name = "require-main-filename"; + packageName = "require-main-filename"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/require-main-filename/-/require-main-filename-1.0.1.tgz"; + sha1 = "97f717b69d48784f5f526a6c5aa8ffdda055a4d1"; + }; + }; + "resolve-1.20.0" = { + name = "resolve"; + packageName = "resolve"; + version = "1.20.0"; + src = fetchurl { + url = "https://registry.npmjs.org/resolve/-/resolve-1.20.0.tgz"; + sha512 = "wENBPt4ySzg4ybFQW2TT1zMQucPK95HSh/nq2CFTZVOGut2+pQvSsgtda4d26YrYcr067wjbmzOG8byDPBX63A=="; + }; + }; + "resolve-dir-1.0.1" = { + name = "resolve-dir"; + packageName = "resolve-dir"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz"; + sha1 = "79a40644c362be82f26effe739c9bb5382046f43"; + }; + }; + "resolve-from-4.0.0" = { + name = "resolve-from"; + packageName = "resolve-from"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz"; + sha512 = "pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g=="; + }; + }; + "resolve-options-1.1.0" = { + name = "resolve-options"; + packageName = "resolve-options"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/resolve-options/-/resolve-options-1.1.0.tgz"; + sha1 = "32bb9e39c06d67338dc9378c0d6d6074566ad131"; + }; + }; + "resolve-url-0.2.1" = { + name = "resolve-url"; + packageName = "resolve-url"; + version = "0.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/resolve-url/-/resolve-url-0.2.1.tgz"; + sha1 = "2c637fe77c893afd2a663fe21aa9080068e2052a"; + }; + }; + "restore-cursor-3.1.0" = { + name = "restore-cursor"; + packageName = "restore-cursor"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz"; + sha512 = "l+sSefzHpj5qimhFSE5a8nufZYAM3sBSVMAPtYkmC+4EH2anSGaEMXSD0izRQbu9nfyQ9y5JrVmp7E8oZrUjvA=="; + }; + }; + "ret-0.1.15" = { + name = "ret"; + packageName = "ret"; + version = "0.1.15"; + src = fetchurl { + url = "https://registry.npmjs.org/ret/-/ret-0.1.15.tgz"; + sha512 = "TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg=="; + }; + }; + "rimraf-2.6.3" = { + name = "rimraf"; + packageName = "rimraf"; + version = "2.6.3"; + src = fetchurl { + url = "https://registry.npmjs.org/rimraf/-/rimraf-2.6.3.tgz"; + sha512 = "mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA=="; + }; + }; + "rimraf-2.7.1" = { + name = "rimraf"; + packageName = "rimraf"; + version = "2.7.1"; + src = fetchurl { + url = "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz"; + sha512 = "uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w=="; + }; + }; + "run-async-2.4.1" = { + name = "run-async"; + packageName = "run-async"; + version = "2.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz"; + sha512 = "tvVnVv01b8c1RrA6Ep7JkStj85Guv/YrMcwqYQnwjsAS2cTmmPGBBjAjpCW7RrSodNSoE2/qg9O4bceNvUuDgQ=="; + }; + }; + "rxjs-6.6.7" = { + name = "rxjs"; + packageName = "rxjs"; + version = "6.6.7"; + src = fetchurl { + url = "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz"; + sha512 = "hTdwr+7yYNIT5n4AMYp85KA6yw2Va0FLa3Rguvbpa4W3I5xynaBZo41cM3XM+4Q6fRMj3sBYIR1VAmZMXYJvRQ=="; + }; + }; + "safe-buffer-5.1.2" = { + name = "safe-buffer"; + packageName = "safe-buffer"; + version = "5.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz"; + sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="; + }; + }; + "safe-regex-1.1.0" = { + name = "safe-regex"; + packageName = "safe-regex"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/safe-regex/-/safe-regex-1.1.0.tgz"; + sha1 = "40a3669f3b077d1e943d44629e157dd48023bf2e"; + }; + }; + "safer-buffer-2.1.2" = { + name = "safer-buffer"; + packageName = "safer-buffer"; + version = "2.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz"; + sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="; + }; + }; + "sax-1.2.4" = { + name = "sax"; + packageName = "sax"; + version = "1.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz"; + sha512 = "NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="; + }; + }; + "seek-bzip-1.0.6" = { + name = "seek-bzip"; + packageName = "seek-bzip"; + version = "1.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/seek-bzip/-/seek-bzip-1.0.6.tgz"; + sha512 = "e1QtP3YL5tWww8uKaOCQ18UxIT2laNBXHjV/S2WYCiK4udiv8lkG89KRIoCjUagnAmCBurjF4zEVX2ByBbnCjQ=="; + }; + }; + "selenium-webdriver-3.6.0" = { + name = "selenium-webdriver"; + packageName = "selenium-webdriver"; + version = "3.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-3.6.0.tgz"; + sha512 = "WH7Aldse+2P5bbFBO4Gle/nuQOdVwpHMTL6raL3uuBj/vPG07k6uzt3aiahu352ONBr5xXh0hDlM3LhtXPOC4Q=="; + }; + }; + "semver-5.7.1" = { + name = "semver"; + packageName = "semver"; + version = "5.7.1"; + src = fetchurl { + url = "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz"; + sha512 = "sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ=="; + }; + }; + "semver-6.3.0" = { + name = "semver"; + packageName = "semver"; + version = "6.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz"; + sha512 = "b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw=="; + }; + }; + "semver-greatest-satisfied-range-1.1.0" = { + name = "semver-greatest-satisfied-range"; + packageName = "semver-greatest-satisfied-range"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/semver-greatest-satisfied-range/-/semver-greatest-satisfied-range-1.1.0.tgz"; + sha1 = "13e8c2658ab9691cb0cd71093240280d36f77a5b"; + }; + }; + "serialize-javascript-5.0.1" = { + name = "serialize-javascript"; + packageName = "serialize-javascript"; + version = "5.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz"; + sha512 = "SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA=="; + }; + }; + "set-blocking-2.0.0" = { + name = "set-blocking"; + packageName = "set-blocking"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz"; + sha1 = "045f9782d011ae9a6803ddd382b24392b3d890f7"; + }; + }; + "set-immediate-shim-1.0.1" = { + name = "set-immediate-shim"; + packageName = "set-immediate-shim"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz"; + sha1 = "4b2b1b27eb808a9f8dcc481a58e5e56f599f3f61"; + }; + }; + "set-value-2.0.1" = { + name = "set-value"; + packageName = "set-value"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz"; + sha512 = "JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw=="; + }; + }; + "shebang-command-1.2.0" = { + name = "shebang-command"; + packageName = "shebang-command"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz"; + sha1 = "44aac65b695b03398968c39f363fee5deafdf1ea"; + }; + }; + "shebang-regex-1.0.0" = { + name = "shebang-regex"; + packageName = "shebang-regex"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz"; + sha1 = "da42f49740c0b42db2ca9728571cb190c98efea3"; + }; + }; + "signal-exit-3.0.3" = { + name = "signal-exit"; + packageName = "signal-exit"; + version = "3.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.3.tgz"; + sha512 = "VUJ49FC8U1OxwZLxIbTTrDvLnf/6TDgxZcK8wxR8zs13xpx7xbG60ndBlhNrFi2EMuFRoeDoJO7wthSLq42EjA=="; + }; + }; + "slice-ansi-2.1.0" = { + name = "slice-ansi"; + packageName = "slice-ansi"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/slice-ansi/-/slice-ansi-2.1.0.tgz"; + sha512 = "Qu+VC3EwYLldKa1fCxuuvULvSJOKEgk9pi8dZeCVK7TqBfUNTH4sFkk4joj8afVSfAYgJoSOetjx9QWOJ5mYoQ=="; + }; + }; + "snapdragon-0.8.2" = { + name = "snapdragon"; + packageName = "snapdragon"; + version = "0.8.2"; + src = fetchurl { + url = "https://registry.npmjs.org/snapdragon/-/snapdragon-0.8.2.tgz"; + sha512 = "FtyOnWN/wCHTVXOMwvSv26d+ko5vWlIDD6zoUJ7LW8vh+ZBC8QdljveRP+crNrtBwioEUWy/4dMtbBjA4ioNlg=="; + }; + }; + "snapdragon-node-2.1.1" = { + name = "snapdragon-node"; + packageName = "snapdragon-node"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/snapdragon-node/-/snapdragon-node-2.1.1.tgz"; + sha512 = "O27l4xaMYt/RSQ5TR3vpWCAB5Kb/czIcqUFOM/C4fYcLnbZUc1PkjTAMjof2pBWaSTwOUd6qUHcFGVGj7aIwnw=="; + }; + }; + "snapdragon-util-3.0.1" = { + name = "snapdragon-util"; + packageName = "snapdragon-util"; + version = "3.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/snapdragon-util/-/snapdragon-util-3.0.1.tgz"; + sha512 = "mbKkMdQKsjX4BAL4bRYTj21edOf8cN7XHdYUJEe+Zn99hVEYcMvKPct1IqNe7+AZPirn8BCDOQBHQZknqmKlZQ=="; + }; + }; + "source-map-0.5.7" = { + name = "source-map"; + packageName = "source-map"; + version = "0.5.7"; + src = fetchurl { + url = "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz"; + sha1 = "8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc"; + }; + }; + "source-map-0.6.1" = { + name = "source-map"; + packageName = "source-map"; + version = "0.6.1"; + src = fetchurl { + url = "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz"; + sha512 = "UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g=="; + }; + }; + "source-map-resolve-0.5.3" = { + name = "source-map-resolve"; + packageName = "source-map-resolve"; + version = "0.5.3"; + src = fetchurl { + url = "https://registry.npmjs.org/source-map-resolve/-/source-map-resolve-0.5.3.tgz"; + sha512 = "Htz+RnsXWk5+P2slx5Jh3Q66vhQj1Cllm0zvnaY98+NFx+Dv2CF/f5O/t8x+KaNdrdIAsruNzoh/KpialbqAnw=="; + }; + }; + "source-map-url-0.4.1" = { + name = "source-map-url"; + packageName = "source-map-url"; + version = "0.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/source-map-url/-/source-map-url-0.4.1.tgz"; + sha512 = "cPiFOTLUKvJFIg4SKVScy4ilPPW6rFgMgfuZJPNoDuMs3nC1HbMUycBoJw77xFIp6z1UJQJOfx6C9GMH80DiTw=="; + }; + }; + "sparkles-1.0.1" = { + name = "sparkles"; + packageName = "sparkles"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/sparkles/-/sparkles-1.0.1.tgz"; + sha512 = "dSO0DDYUahUt/0/pD/Is3VIm5TGJjludZ0HVymmhYF6eNA53PVLhnUk0znSYbH8IYBuJdCE+1luR22jNLMaQdw=="; + }; + }; + "spdx-correct-3.1.1" = { + name = "spdx-correct"; + packageName = "spdx-correct"; + version = "3.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.1.1.tgz"; + sha512 = "cOYcUWwhCuHCXi49RhFRCyJEK3iPj1Ziz9DpViV3tbZOwXD49QzIN3MpOLJNxh2qwq2lJJZaKMVw9qNi4jTC0w=="; + }; + }; + "spdx-exceptions-2.3.0" = { + name = "spdx-exceptions"; + packageName = "spdx-exceptions"; + version = "2.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.3.0.tgz"; + sha512 = "/tTrYOC7PPI1nUAgx34hUpqXuyJG+DTHJTnIULG4rDygi4xu/tfgmq1e1cIRwRzwZgo4NLySi+ricLkZkw4i5A=="; + }; + }; + "spdx-expression-parse-3.0.1" = { + name = "spdx-expression-parse"; + packageName = "spdx-expression-parse"; + version = "3.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz"; + sha512 = "cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q=="; + }; + }; + "spdx-license-ids-3.0.10" = { + name = "spdx-license-ids"; + packageName = "spdx-license-ids"; + version = "3.0.10"; + src = fetchurl { + url = "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.10.tgz"; + sha512 = "oie3/+gKf7QtpitB0LYLETe+k8SifzsX4KixvpOsbI6S0kRiRQ5MKOio8eMSAKQ17N06+wdEOXRiId+zOxo0hA=="; + }; + }; + "split-string-3.1.0" = { + name = "split-string"; + packageName = "split-string"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/split-string/-/split-string-3.1.0.tgz"; + sha512 = "NzNVhJDYpwceVVii8/Hu6DKfD2G+NrQHlS/V/qgv763EYudVwEcMQNxd2lh+0VrUByXN/oJkl5grOhYWvQUYiw=="; + }; + }; + "sprintf-js-1.0.3" = { + name = "sprintf-js"; + packageName = "sprintf-js"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz"; + sha1 = "04e6926f662895354f3dd015203633b857297e2c"; + }; + }; + "sshpk-1.16.1" = { + name = "sshpk"; + packageName = "sshpk"; + version = "1.16.1"; + src = fetchurl { + url = "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz"; + sha512 = "HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg=="; + }; + }; + "stack-trace-0.0.10" = { + name = "stack-trace"; + packageName = "stack-trace"; + version = "0.0.10"; + src = fetchurl { + url = "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz"; + sha1 = "547c70b347e8d32b4e108ea1a2a159e5fdde19c0"; + }; + }; + "stat-mode-0.2.2" = { + name = "stat-mode"; + packageName = "stat-mode"; + version = "0.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/stat-mode/-/stat-mode-0.2.2.tgz"; + sha1 = "e6c80b623123d7d80cf132ce538f346289072502"; + }; + }; + "static-extend-0.1.2" = { + name = "static-extend"; + packageName = "static-extend"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/static-extend/-/static-extend-0.1.2.tgz"; + sha1 = "60809c39cbff55337226fd5e0b520f341f1fb5c6"; + }; + }; + "stream-combiner2-1.1.1" = { + name = "stream-combiner2"; + packageName = "stream-combiner2"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/stream-combiner2/-/stream-combiner2-1.1.1.tgz"; + sha1 = "fb4d8a1420ea362764e21ad4780397bebcb41cbe"; + }; + }; + "stream-exhaust-1.0.2" = { + name = "stream-exhaust"; + packageName = "stream-exhaust"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/stream-exhaust/-/stream-exhaust-1.0.2.tgz"; + sha512 = "b/qaq/GlBK5xaq1yrK9/zFcyRSTNxmcZwFLGSTG0mXgZl/4Z6GgiyYOXOvY7N3eEvFRAG1bkDRz5EPGSvPYQlw=="; + }; + }; + "stream-shift-1.0.1" = { + name = "stream-shift"; + packageName = "stream-shift"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.1.tgz"; + sha512 = "AiisoFqQ0vbGcZgQPY1cdP2I76glaVA/RauYR4G4thNFgkTqr90yXTo4LYX60Jl+sIlPNHHdGSwo01AvbKUSVQ=="; + }; + }; + "string-width-1.0.2" = { + name = "string-width"; + packageName = "string-width"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz"; + sha1 = "118bdf5b8cdc51a2a7e70d211e07e2b0b9b107d3"; + }; + }; + "string-width-3.1.0" = { + name = "string-width"; + packageName = "string-width"; + version = "3.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz"; + sha512 = "vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w=="; + }; + }; + "string-width-4.2.2" = { + name = "string-width"; + packageName = "string-width"; + version = "4.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/string-width/-/string-width-4.2.2.tgz"; + sha512 = "XBJbT3N4JhVumXE0eoLU9DCjcaF92KLNqTmFCnG1pf8duUxFGwtP6AD6nkjw9a3IdiRtL3E2w3JDiE/xi3vOeA=="; + }; + }; + "string_decoder-0.10.31" = { + name = "string_decoder"; + packageName = "string_decoder"; + version = "0.10.31"; + src = fetchurl { + url = "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz"; + sha1 = "62e203bc41766c6c28c9fc84301dab1c5310fa94"; + }; + }; + "string_decoder-1.1.1" = { + name = "string_decoder"; + packageName = "string_decoder"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz"; + sha512 = "n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg=="; + }; + }; + "strip-ansi-3.0.1" = { + name = "strip-ansi"; + packageName = "strip-ansi"; + version = "3.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz"; + sha1 = "6a385fb8853d952d5ff05d0e8aaf94278dc63dcf"; + }; + }; + "strip-ansi-5.2.0" = { + name = "strip-ansi"; + packageName = "strip-ansi"; + version = "5.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz"; + sha512 = "DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA=="; + }; + }; + "strip-ansi-6.0.0" = { + name = "strip-ansi"; + packageName = "strip-ansi"; + version = "6.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz"; + sha512 = "AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w=="; + }; + }; + "strip-bom-2.0.0" = { + name = "strip-bom"; + packageName = "strip-bom"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-bom/-/strip-bom-2.0.0.tgz"; + sha1 = "6219a85616520491f35788bdbf1447a99c7e6b0e"; + }; + }; + "strip-bom-stream-1.0.0" = { + name = "strip-bom-stream"; + packageName = "strip-bom-stream"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-1.0.0.tgz"; + sha1 = "e7144398577d51a6bed0fa1994fa05f43fd988ee"; + }; + }; + "strip-bom-string-1.0.0" = { + name = "strip-bom-string"; + packageName = "strip-bom-string"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-bom-string/-/strip-bom-string-1.0.0.tgz"; + sha1 = "e5211e9224369fbb81d633a2f00044dc8cedad92"; + }; + }; + "strip-dirs-1.1.1" = { + name = "strip-dirs"; + packageName = "strip-dirs"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-dirs/-/strip-dirs-1.1.1.tgz"; + sha1 = "960bbd1287844f3975a4558aa103a8255e2456a0"; + }; + }; + "strip-dirs-2.1.0" = { + name = "strip-dirs"; + packageName = "strip-dirs"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-dirs/-/strip-dirs-2.1.0.tgz"; + sha512 = "JOCxOeKLm2CAS73y/U4ZeZPTkE+gNVCzKt7Eox84Iej1LT/2pTWYpZKJuxwQpvX1LiZb1xokNR7RLfuBAa7T3g=="; + }; + }; + "strip-json-comments-3.1.1" = { + name = "strip-json-comments"; + packageName = "strip-json-comments"; + version = "3.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz"; + sha512 = "6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig=="; + }; + }; + "strip-outer-1.0.1" = { + name = "strip-outer"; + packageName = "strip-outer"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-outer/-/strip-outer-1.0.1.tgz"; + sha512 = "k55yxKHwaXnpYGsOzg4Vl8+tDrWylxDEpknGjhTiZB8dFRU5rTo9CAzeycivxV3s+zlTKwrs6WxMxR95n26kwg=="; + }; + }; + "sum-up-1.0.3" = { + name = "sum-up"; + packageName = "sum-up"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/sum-up/-/sum-up-1.0.3.tgz"; + sha1 = "1c661f667057f63bcb7875aa1438bc162525156e"; + }; + }; + "supports-color-2.0.0" = { + name = "supports-color"; + packageName = "supports-color"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz"; + sha1 = "535d045ce6b6363fa40117084629995e9df324c7"; + }; + }; + "supports-color-5.5.0" = { + name = "supports-color"; + packageName = "supports-color"; + version = "5.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz"; + sha512 = "QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow=="; + }; + }; + "supports-color-7.2.0" = { + name = "supports-color"; + packageName = "supports-color"; + version = "7.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz"; + sha512 = "qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw=="; + }; + }; + "supports-color-8.1.1" = { + name = "supports-color"; + packageName = "supports-color"; + version = "8.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz"; + sha512 = "MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q=="; + }; + }; + "sver-compat-1.5.0" = { + name = "sver-compat"; + packageName = "sver-compat"; + version = "1.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/sver-compat/-/sver-compat-1.5.0.tgz"; + sha1 = "3cf87dfeb4d07b4a3f14827bc186b3fd0c645cd8"; + }; + }; + "table-5.4.6" = { + name = "table"; + packageName = "table"; + version = "5.4.6"; + src = fetchurl { + url = "https://registry.npmjs.org/table/-/table-5.4.6.tgz"; + sha512 = "wmEc8m4fjnob4gt5riFRtTu/6+4rSe12TpAELNSqHMfF3IqnA+CH37USM6/YR3qRZv7e56kAEAtd6nKZaxe0Ug=="; + }; + }; + "tar-stream-1.6.2" = { + name = "tar-stream"; + packageName = "tar-stream"; + version = "1.6.2"; + src = fetchurl { + url = "https://registry.npmjs.org/tar-stream/-/tar-stream-1.6.2.tgz"; + sha512 = "rzS0heiNf8Xn7/mpdSVVSMAWAoy9bfb1WOTYC78Z0UQKeKa/CWS8FOq0lKGNa8DWKAn9gxjCvMLYc5PGXYlK2A=="; + }; + }; + "text-table-0.2.0" = { + name = "text-table"; + packageName = "text-table"; + version = "0.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz"; + sha1 = "7f5ee823ae805207c00af2df4a84ec3fcfa570b4"; + }; + }; + "through-2.3.8" = { + name = "through"; + packageName = "through"; + version = "2.3.8"; + src = fetchurl { + url = "https://registry.npmjs.org/through/-/through-2.3.8.tgz"; + sha1 = "0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5"; + }; + }; + "through2-0.6.5" = { + name = "through2"; + packageName = "through2"; + version = "0.6.5"; + src = fetchurl { + url = "https://registry.npmjs.org/through2/-/through2-0.6.5.tgz"; + sha1 = "41ab9c67b29d57209071410e1d7a7a968cd3ad48"; + }; + }; + "through2-2.0.5" = { + name = "through2"; + packageName = "through2"; + version = "2.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/through2/-/through2-2.0.5.tgz"; + sha512 = "/mrRod8xqpA+IHSLyGCQ2s8SPHiCDEeQJSep1jqLYeEUClOFG2Qsh+4FU6G9VeqpZnGW/Su8LQGc4YKni5rYSQ=="; + }; + }; + "through2-filter-2.0.0" = { + name = "through2-filter"; + packageName = "through2-filter"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/through2-filter/-/through2-filter-2.0.0.tgz"; + sha1 = "60bc55a0dacb76085db1f9dae99ab43f83d622ec"; + }; + }; + "through2-filter-3.0.0" = { + name = "through2-filter"; + packageName = "through2-filter"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/through2-filter/-/through2-filter-3.0.0.tgz"; + sha512 = "jaRjI2WxN3W1V8/FMZ9HKIBXixtiqs3SQSX4/YGIiP3gL6djW48VoZq9tDqeCWs3MT8YY5wb/zli8VW8snY1CA=="; + }; + }; + "time-stamp-1.1.0" = { + name = "time-stamp"; + packageName = "time-stamp"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/time-stamp/-/time-stamp-1.1.0.tgz"; + sha1 = "764a5a11af50561921b133f3b44e618687e0f5c3"; + }; + }; + "timed-out-4.0.1" = { + name = "timed-out"; + packageName = "timed-out"; + version = "4.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz"; + sha1 = "f32eacac5a175bea25d7fab565ab3ed8741ef56f"; + }; + }; + "timers-ext-0.1.7" = { + name = "timers-ext"; + packageName = "timers-ext"; + version = "0.1.7"; + src = fetchurl { + url = "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz"; + sha512 = "b85NUNzTSdodShTIbky6ZF02e8STtVVfD+fu4aXXShEELpozH+bCpJLYMPZbsABN2wDH7fJpqIoXxJpzbf0NqQ=="; + }; + }; + "tmp-0.0.30" = { + name = "tmp"; + packageName = "tmp"; + version = "0.0.30"; + src = fetchurl { + url = "https://registry.npmjs.org/tmp/-/tmp-0.0.30.tgz"; + sha1 = "72419d4a8be7d6ce75148fd8b324e593a711c2ed"; + }; + }; + "tmp-0.0.33" = { + name = "tmp"; + packageName = "tmp"; + version = "0.0.33"; + src = fetchurl { + url = "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz"; + sha512 = "jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw=="; + }; + }; + "to-absolute-glob-0.1.1" = { + name = "to-absolute-glob"; + packageName = "to-absolute-glob"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/to-absolute-glob/-/to-absolute-glob-0.1.1.tgz"; + sha1 = "1cdfa472a9ef50c239ee66999b662ca0eb39937f"; + }; + }; + "to-absolute-glob-2.0.2" = { + name = "to-absolute-glob"; + packageName = "to-absolute-glob"; + version = "2.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/to-absolute-glob/-/to-absolute-glob-2.0.2.tgz"; + sha1 = "1865f43d9e74b0822db9f145b78cff7d0f7c849b"; + }; + }; + "to-buffer-1.1.1" = { + name = "to-buffer"; + packageName = "to-buffer"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/to-buffer/-/to-buffer-1.1.1.tgz"; + sha512 = "lx9B5iv7msuFYE3dytT+KE5tap+rNYw+K4jVkb9R/asAb+pbBSM17jtunHplhBe6RRJdZx3Pn2Jph24O32mOVg=="; + }; + }; + "to-object-path-0.3.0" = { + name = "to-object-path"; + packageName = "to-object-path"; + version = "0.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/to-object-path/-/to-object-path-0.3.0.tgz"; + sha1 = "297588b7b0e7e0ac08e04e672f85c1f4999e17af"; + }; + }; + "to-regex-3.0.2" = { + name = "to-regex"; + packageName = "to-regex"; + version = "3.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/to-regex/-/to-regex-3.0.2.tgz"; + sha512 = "FWtleNAtZ/Ki2qtqej2CXTOayOH9bHDQF+Q48VpWyDXjbYxA4Yz8iDB31zXOBUlOHHKidDbqGVrTUvQMPmBGBw=="; + }; + }; + "to-regex-range-2.1.1" = { + name = "to-regex-range"; + packageName = "to-regex-range"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/to-regex-range/-/to-regex-range-2.1.1.tgz"; + sha1 = "7c80c17b9dfebe599e27367e0d4dd5590141db38"; + }; + }; + "to-regex-range-5.0.1" = { + name = "to-regex-range"; + packageName = "to-regex-range"; + version = "5.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz"; + sha512 = "65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ=="; + }; + }; + "to-through-2.0.0" = { + name = "to-through"; + packageName = "to-through"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/to-through/-/to-through-2.0.0.tgz"; + sha1 = "fc92adaba072647bc0b67d6b03664aa195093af6"; + }; + }; + "touch-0.0.3" = { + name = "touch"; + packageName = "touch"; + version = "0.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/touch/-/touch-0.0.3.tgz"; + sha1 = "51aef3d449571d4f287a5d87c9c8b49181a0db1d"; + }; + }; + "tough-cookie-2.5.0" = { + name = "tough-cookie"; + packageName = "tough-cookie"; + version = "2.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz"; + sha512 = "nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g=="; + }; + }; + "traverse-0.3.9" = { + name = "traverse"; + packageName = "traverse"; + version = "0.3.9"; + src = fetchurl { + url = "https://registry.npmjs.org/traverse/-/traverse-0.3.9.tgz"; + sha1 = "717b8f220cc0bb7b44e40514c22b2e8bbc70d8b9"; + }; + }; + "tree-kill-1.2.2" = { + name = "tree-kill"; + packageName = "tree-kill"; + version = "1.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.2.tgz"; + sha512 = "L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A=="; + }; + }; + "trim-repeated-1.0.0" = { + name = "trim-repeated"; + packageName = "trim-repeated"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/trim-repeated/-/trim-repeated-1.0.0.tgz"; + sha1 = "e3646a2ea4e891312bf7eace6cfb05380bc01c21"; + }; + }; + "tslib-1.14.1" = { + name = "tslib"; + packageName = "tslib"; + version = "1.14.1"; + src = fetchurl { + url = "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz"; + sha512 = "Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="; + }; + }; + "tunnel-agent-0.6.0" = { + name = "tunnel-agent"; + packageName = "tunnel-agent"; + version = "0.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz"; + sha1 = "27a5dea06b36b04a0a9966774b290868f0fc40fd"; + }; + }; + "tweetnacl-0.14.5" = { + name = "tweetnacl"; + packageName = "tweetnacl"; + version = "0.14.5"; + src = fetchurl { + url = "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz"; + sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64"; + }; + }; + "type-1.2.0" = { + name = "type"; + packageName = "type"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/type/-/type-1.2.0.tgz"; + sha512 = "+5nt5AAniqsCnu2cEQQdpzCAh33kVx8n0VoFidKpB1dVVLAN/F+bgVOqOJqOnEnrhp222clB5p3vUlD+1QAnfg=="; + }; + }; + "type-2.5.0" = { + name = "type"; + packageName = "type"; + version = "2.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/type/-/type-2.5.0.tgz"; + sha512 = "180WMDQaIMm3+7hGXWf12GtdniDEy7nYcyFMKJn/eZz/6tSLXrUN9V0wKSbMjej0I1WHWbpREDEKHtqPQa9NNw=="; + }; + }; + "type-check-0.3.2" = { + name = "type-check"; + packageName = "type-check"; + version = "0.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz"; + sha1 = "5884cab512cf1d355e3fb784f30804b2b520db72"; + }; + }; + "type-detect-4.0.8" = { + name = "type-detect"; + packageName = "type-detect"; + version = "4.0.8"; + src = fetchurl { + url = "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz"; + sha512 = "0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g=="; + }; + }; + "type-fest-0.21.3" = { + name = "type-fest"; + packageName = "type-fest"; + version = "0.21.3"; + src = fetchurl { + url = "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz"; + sha512 = "t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w=="; + }; + }; + "type-fest-0.8.1" = { + name = "type-fest"; + packageName = "type-fest"; + version = "0.8.1"; + src = fetchurl { + url = "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz"; + sha512 = "4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA=="; + }; + }; + "typedarray-0.0.6" = { + name = "typedarray"; + packageName = "typedarray"; + version = "0.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz"; + sha1 = "867ac74e3864187b1d3d47d996a78ec5c8830777"; + }; + }; + "unbzip2-stream-1.4.3" = { + name = "unbzip2-stream"; + packageName = "unbzip2-stream"; + version = "1.4.3"; + src = fetchurl { + url = "https://registry.npmjs.org/unbzip2-stream/-/unbzip2-stream-1.4.3.tgz"; + sha512 = "mlExGW4w71ebDJviH16lQLtZS32VKqsSfk80GCfUlwT/4/hNRFsoscrF/c++9xinkMzECL1uL9DDwXqFWkruPg=="; + }; + }; + "unc-path-regex-0.1.2" = { + name = "unc-path-regex"; + packageName = "unc-path-regex"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/unc-path-regex/-/unc-path-regex-0.1.2.tgz"; + sha1 = "e73dd3d7b0d7c5ed86fbac6b0ae7d8c6a69d50fa"; + }; + }; + "undertaker-1.3.0" = { + name = "undertaker"; + packageName = "undertaker"; + version = "1.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/undertaker/-/undertaker-1.3.0.tgz"; + sha512 = "/RXwi5m/Mu3H6IHQGww3GNt1PNXlbeCuclF2QYR14L/2CHPz3DFZkvB5hZ0N/QUkiXWCACML2jXViIQEQc2MLg=="; + }; + }; + "undertaker-registry-1.0.1" = { + name = "undertaker-registry"; + packageName = "undertaker-registry"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/undertaker-registry/-/undertaker-registry-1.0.1.tgz"; + sha1 = "5e4bda308e4a8a2ae584f9b9a4359a499825cc50"; + }; + }; + "union-value-1.0.1" = { + name = "union-value"; + packageName = "union-value"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/union-value/-/union-value-1.0.1.tgz"; + sha512 = "tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg=="; + }; + }; + "unique-stream-2.3.1" = { + name = "unique-stream"; + packageName = "unique-stream"; + version = "2.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/unique-stream/-/unique-stream-2.3.1.tgz"; + sha512 = "2nY4TnBE70yoxHkDli7DMazpWiP7xMdCYqU2nBRO0UB+ZpEkGsSija7MvmvnZFUeC+mrgiUfcHSr3LmRFIg4+A=="; + }; + }; + "universalify-0.1.2" = { + name = "universalify"; + packageName = "universalify"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz"; + sha512 = "rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg=="; + }; + }; + "unset-value-1.0.0" = { + name = "unset-value"; + packageName = "unset-value"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/unset-value/-/unset-value-1.0.0.tgz"; + sha1 = "8376873f7d2335179ffb1e6fc3a8ed0dfc8ab559"; + }; + }; + "untildify-3.0.3" = { + name = "untildify"; + packageName = "untildify"; + version = "3.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/untildify/-/untildify-3.0.3.tgz"; + sha512 = "iSk/J8efr8uPT/Z4eSUywnqyrQU7DSdMfdqK4iWEaUVVmcP5JcnpRqmVMwcwcnmI1ATFNgC5V90u09tBynNFKA=="; + }; + }; + "unzip-response-2.0.1" = { + name = "unzip-response"; + packageName = "unzip-response"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/unzip-response/-/unzip-response-2.0.1.tgz"; + sha1 = "d2f0f737d16b0615e72a6935ed04214572d56f97"; + }; + }; + "upath-1.2.0" = { + name = "upath"; + packageName = "upath"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/upath/-/upath-1.2.0.tgz"; + sha512 = "aZwGpamFO61g3OlfT7OQCHqhGnW43ieH9WZeP7QxN/G/jS4jfqUkZxoryvJgVPEcrl5NL/ggHsSmLMHuH64Lhg=="; + }; + }; + "uri-js-4.4.1" = { + name = "uri-js"; + packageName = "uri-js"; + version = "4.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz"; + sha512 = "7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg=="; + }; + }; + "urix-0.1.0" = { + name = "urix"; + packageName = "urix"; + version = "0.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/urix/-/urix-0.1.0.tgz"; + sha1 = "da937f7a62e21fec1fd18d49b35c2935067a6c72"; + }; + }; + "url-parse-lax-1.0.0" = { + name = "url-parse-lax"; + packageName = "url-parse-lax"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-1.0.0.tgz"; + sha1 = "7af8f303645e9bd79a272e7a14ac68bc0609da73"; + }; + }; + "url-to-options-1.0.1" = { + name = "url-to-options"; + packageName = "url-to-options"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/url-to-options/-/url-to-options-1.0.1.tgz"; + sha1 = "1505a03a289a48cbd7a434efbaeec5055f5633a9"; + }; + }; + "use-3.1.1" = { + name = "use"; + packageName = "use"; + version = "3.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/use/-/use-3.1.1.tgz"; + sha512 = "cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ=="; + }; + }; + "util-deprecate-1.0.2" = { + name = "util-deprecate"; + packageName = "util-deprecate"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz"; + sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf"; + }; + }; + "uuid-2.0.3" = { + name = "uuid"; + packageName = "uuid"; + version = "2.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/uuid/-/uuid-2.0.3.tgz"; + sha1 = "67e2e863797215530dff318e5bf9dcebfd47b21a"; + }; + }; + "uuid-3.4.0" = { + name = "uuid"; + packageName = "uuid"; + version = "3.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz"; + sha512 = "HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A=="; + }; + }; + "v8-compile-cache-2.3.0" = { + name = "v8-compile-cache"; + packageName = "v8-compile-cache"; + version = "2.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.3.0.tgz"; + sha512 = "l8lCEmLcLYZh4nbunNZvQCJc5pv7+RCwa8q/LdUx8u7lsWvPDKmpodJAJNwkAhJC//dFY48KuIEmjtd4RViDrA=="; + }; + }; + "v8flags-3.2.0" = { + name = "v8flags"; + packageName = "v8flags"; + version = "3.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/v8flags/-/v8flags-3.2.0.tgz"; + sha512 = "mH8etigqMfiGWdeXpaaqGfs6BndypxusHHcv2qSHyZkGEznCd/qAXCWWRzeowtL54147cktFOC4P5y+kl8d8Jg=="; + }; + }; + "vali-date-1.0.0" = { + name = "vali-date"; + packageName = "vali-date"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/vali-date/-/vali-date-1.0.0.tgz"; + sha1 = "1b904a59609fb328ef078138420934f6b86709a6"; + }; + }; + "validate-npm-package-license-3.0.4" = { + name = "validate-npm-package-license"; + packageName = "validate-npm-package-license"; + version = "3.0.4"; + src = fetchurl { + url = "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz"; + sha512 = "DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew=="; + }; + }; + "value-or-function-3.0.0" = { + name = "value-or-function"; + packageName = "value-or-function"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/value-or-function/-/value-or-function-3.0.0.tgz"; + sha1 = "1c243a50b595c1be54a754bfece8563b9ff8d813"; + }; + }; + "verror-1.10.0" = { + name = "verror"; + packageName = "verror"; + version = "1.10.0"; + src = fetchurl { + url = "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz"; + sha1 = "3a105ca17053af55d6e270c1f8288682e18da400"; + }; + }; + "vinyl-0.4.6" = { + name = "vinyl"; + packageName = "vinyl"; + version = "0.4.6"; + src = fetchurl { + url = "https://registry.npmjs.org/vinyl/-/vinyl-0.4.6.tgz"; + sha1 = "2f356c87a550a255461f36bbeb2a5ba8bf784847"; + }; + }; + "vinyl-1.2.0" = { + name = "vinyl"; + packageName = "vinyl"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/vinyl/-/vinyl-1.2.0.tgz"; + sha1 = "5c88036cf565e5df05558bfc911f8656df218884"; + }; + }; + "vinyl-2.2.1" = { + name = "vinyl"; + packageName = "vinyl"; + version = "2.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/vinyl/-/vinyl-2.2.1.tgz"; + sha512 = "LII3bXRFBZLlezoG5FfZVcXflZgWP/4dCwKtxd5ky9+LOtM4CS3bIRQsmR1KMnMW07jpE8fqR2lcxPZ+8sJIcw=="; + }; + }; + "vinyl-assign-1.2.1" = { + name = "vinyl-assign"; + packageName = "vinyl-assign"; + version = "1.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/vinyl-assign/-/vinyl-assign-1.2.1.tgz"; + sha1 = "4d198891b5515911d771a8cd9c5480a46a074a45"; + }; + }; + "vinyl-fs-2.4.4" = { + name = "vinyl-fs"; + packageName = "vinyl-fs"; + version = "2.4.4"; + src = fetchurl { + url = "https://registry.npmjs.org/vinyl-fs/-/vinyl-fs-2.4.4.tgz"; + sha1 = "be6ff3270cb55dfd7d3063640de81f25d7532239"; + }; + }; + "vinyl-fs-3.0.3" = { + name = "vinyl-fs"; + packageName = "vinyl-fs"; + version = "3.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/vinyl-fs/-/vinyl-fs-3.0.3.tgz"; + sha512 = "vIu34EkyNyJxmP0jscNzWBSygh7VWhqun6RmqVfXePrOwi9lhvRs//dOaGOTRUQr4tx7/zd26Tk5WeSVZitgng=="; + }; + }; + "vinyl-sourcemap-1.1.0" = { + name = "vinyl-sourcemap"; + packageName = "vinyl-sourcemap"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/vinyl-sourcemap/-/vinyl-sourcemap-1.1.0.tgz"; + sha1 = "92a800593a38703a8cdb11d8b300ad4be63b3e16"; + }; + }; + "which-1.3.1" = { + name = "which"; + packageName = "which"; + version = "1.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/which/-/which-1.3.1.tgz"; + sha512 = "HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ=="; + }; + }; + "which-2.0.2" = { + name = "which"; + packageName = "which"; + version = "2.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/which/-/which-2.0.2.tgz"; + sha512 = "BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA=="; + }; + }; + "which-module-1.0.0" = { + name = "which-module"; + packageName = "which-module"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/which-module/-/which-module-1.0.0.tgz"; + sha1 = "bba63ca861948994ff307736089e3b96026c2a4f"; + }; + }; + "wide-align-1.1.3" = { + name = "wide-align"; + packageName = "wide-align"; + version = "1.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/wide-align/-/wide-align-1.1.3.tgz"; + sha512 = "QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA=="; + }; + }; + "window-size-0.1.4" = { + name = "window-size"; + packageName = "window-size"; + version = "0.1.4"; + src = fetchurl { + url = "https://registry.npmjs.org/window-size/-/window-size-0.1.4.tgz"; + sha1 = "f8e1aa1ee5a53ec5bf151ffa09742a6ad7697876"; + }; + }; + "winreg-1.2.4" = { + name = "winreg"; + packageName = "winreg"; + version = "1.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/winreg/-/winreg-1.2.4.tgz"; + sha1 = "ba065629b7a925130e15779108cf540990e98d1b"; + }; + }; + "word-wrap-1.2.3" = { + name = "word-wrap"; + packageName = "word-wrap"; + version = "1.2.3"; + src = fetchurl { + url = "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz"; + sha512 = "Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ=="; + }; + }; + "workerpool-6.1.0" = { + name = "workerpool"; + packageName = "workerpool"; + version = "6.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/workerpool/-/workerpool-6.1.0.tgz"; + sha512 = "toV7q9rWNYha963Pl/qyeZ6wG+3nnsyvolaNUS8+R5Wtw6qJPTxIlOP1ZSvcGhEJw+l3HMMmtiNo9Gl61G4GVg=="; + }; + }; + "wrap-ansi-2.1.0" = { + name = "wrap-ansi"; + packageName = "wrap-ansi"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz"; + sha1 = "d8fc3d284dd05794fe84973caecdd1cf824fdd85"; + }; + }; + "wrap-ansi-7.0.0" = { + name = "wrap-ansi"; + packageName = "wrap-ansi"; + version = "7.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz"; + sha512 = "YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="; + }; + }; + "wrappy-1.0.2" = { + name = "wrappy"; + packageName = "wrappy"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz"; + sha1 = "b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"; + }; + }; + "write-1.0.3" = { + name = "write"; + packageName = "write"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/write/-/write-1.0.3.tgz"; + sha512 = "/lg70HAjtkUgWPVZhZcm+T4hkL8Zbtp1nFNOn3lRrxnlv50SRBv7cR7RqR+GMsd3hUXy9hWBo4CHTbFTcOYwig=="; + }; + }; + "xml2js-0.4.23" = { + name = "xml2js"; + packageName = "xml2js"; + version = "0.4.23"; + src = fetchurl { + url = "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz"; + sha512 = "ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug=="; + }; + }; + "xmlbuilder-11.0.1" = { + name = "xmlbuilder"; + packageName = "xmlbuilder"; + version = "11.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz"; + sha512 = "fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA=="; + }; + }; + "xtend-4.0.2" = { + name = "xtend"; + packageName = "xtend"; + version = "4.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz"; + sha512 = "LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ=="; + }; + }; + "y18n-3.2.2" = { + name = "y18n"; + packageName = "y18n"; + version = "3.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/y18n/-/y18n-3.2.2.tgz"; + sha512 = "uGZHXkHnhF0XeeAPgnKfPv1bgKAYyVvmNL1xlKsPYZPaIHxGti2hHqvOCQv71XMsLxu1QjergkqogUnms5D3YQ=="; + }; + }; + "y18n-5.0.8" = { + name = "y18n"; + packageName = "y18n"; + version = "5.0.8"; + src = fetchurl { + url = "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz"; + sha512 = "0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA=="; + }; + }; + "yargs-16.2.0" = { + name = "yargs"; + packageName = "yargs"; + version = "16.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz"; + sha512 = "D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw=="; + }; + }; + "yargs-3.32.0" = { + name = "yargs"; + packageName = "yargs"; + version = "3.32.0"; + src = fetchurl { + url = "https://registry.npmjs.org/yargs/-/yargs-3.32.0.tgz"; + sha1 = "03088e9ebf9e756b69751611d2a5ef591482c995"; + }; + }; + "yargs-7.1.2" = { + name = "yargs"; + packageName = "yargs"; + version = "7.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/yargs/-/yargs-7.1.2.tgz"; + sha512 = "ZEjj/dQYQy0Zx0lgLMLR8QuaqTihnxirir7EwUHp1Axq4e3+k8jXU5K0VLbNvedv1f4EWtBonDIZm0NUr+jCcA=="; + }; + }; + "yargs-parser-20.2.4" = { + name = "yargs-parser"; + packageName = "yargs-parser"; + version = "20.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz"; + sha512 = "WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA=="; + }; + }; + "yargs-parser-20.2.9" = { + name = "yargs-parser"; + packageName = "yargs-parser"; + version = "20.2.9"; + src = fetchurl { + url = "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz"; + sha512 = "y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w=="; + }; + }; + "yargs-parser-5.0.1" = { + name = "yargs-parser"; + packageName = "yargs-parser"; + version = "5.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.1.tgz"; + sha512 = "wpav5XYiddjXxirPoCTUPbqM0PXvJ9hiBMvuJgInvo4/lAOTZzUprArw17q2O1P2+GHhbBr18/iQwjL5Z9BqfA=="; + }; + }; + "yargs-unparser-2.0.0" = { + name = "yargs-unparser"; + packageName = "yargs-unparser"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz"; + sha512 = "7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA=="; + }; + }; + "yauzl-2.10.0" = { + name = "yauzl"; + packageName = "yauzl"; + version = "2.10.0"; + src = fetchurl { + url = "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz"; + sha1 = "c7eb17c93e112cb1086fa6d8e51fb0667b79a5f9"; + }; + }; + "yocto-queue-0.1.0" = { + name = "yocto-queue"; + packageName = "yocto-queue"; + version = "0.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz"; + sha512 = "rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q=="; + }; + }; + }; +in +{ + "onlykey-git://github.com/trustcrypto/OnlyKey-App.git#v5.3.3" = nodeEnv.buildNodePackage { + name = "OnlyKey"; + packageName = "OnlyKey"; + version = "5.3.3"; + src = fetchgit { + url = "git://github.com/trustcrypto/OnlyKey-App.git"; + rev = "0bd08ef5828d9493cd4c5f4909e9a4fc4c59a494"; + sha256 = "d2386369fd9d9b7d5ea5d389434848c33fa34e26d713d439e8e2f2e447237bb0"; + }; + dependencies = [ + sources."@babel/code-frame-7.14.5" + sources."@babel/helper-validator-identifier-7.14.9" + (sources."@babel/highlight-7.14.5" // { + dependencies = [ + sources."ansi-styles-3.2.1" + sources."chalk-2.4.2" + sources."supports-color-5.5.0" + ]; + }) + (sources."@gulp-sourcemaps/identity-map-1.0.2" // { + dependencies = [ + sources."acorn-5.7.4" + sources."source-map-0.6.1" + sources."through2-2.0.5" + ]; + }) + (sources."@gulp-sourcemaps/map-sources-1.0.0" // { + dependencies = [ + sources."through2-2.0.5" + ]; + }) + sources."@ungap/promise-all-settled-1.1.2" + sources."abbrev-1.1.1" + sources."acorn-7.4.1" + sources."acorn-jsx-5.3.2" + sources."ajv-6.12.6" + sources."ansi-colors-1.1.0" + (sources."ansi-escapes-4.3.2" // { + dependencies = [ + sources."type-fest-0.21.3" + ]; + }) + sources."ansi-gray-0.1.1" + sources."ansi-regex-2.1.1" + sources."ansi-styles-2.2.1" + sources."ansi-wrap-0.1.0" + (sources."anymatch-2.0.0" // { + dependencies = [ + sources."arr-diff-4.0.0" + sources."array-unique-0.3.2" + (sources."braces-2.3.2" // { + dependencies = [ + sources."extend-shallow-2.0.1" + ]; + }) + sources."debug-2.6.9" + (sources."expand-brackets-2.1.4" // { + dependencies = [ + sources."define-property-0.2.5" + sources."extend-shallow-2.0.1" + sources."is-extendable-0.1.1" + ]; + }) + sources."extend-shallow-3.0.2" + (sources."extglob-2.0.4" // { + dependencies = [ + sources."define-property-1.0.0" + sources."extend-shallow-2.0.1" + sources."is-extendable-0.1.1" + ]; + }) + (sources."fill-range-4.0.0" // { + dependencies = [ + sources."extend-shallow-2.0.1" + ]; + }) + (sources."is-accessor-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-data-descriptor-0.1.4" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-5.1.0" + ]; + }) + sources."is-extendable-1.0.1" + (sources."is-number-3.0.0" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + sources."isobject-3.0.1" + sources."kind-of-6.0.3" + sources."micromatch-3.1.10" + sources."ms-2.0.0" + ]; + }) + sources."append-buffer-1.0.2" + sources."applescript-1.0.0" + sources."archy-1.0.0" + sources."argparse-1.0.10" + sources."arr-diff-2.0.0" + sources."arr-filter-1.1.2" + sources."arr-flatten-1.1.0" + sources."arr-map-2.0.2" + sources."arr-union-3.1.0" + sources."array-each-1.0.1" + (sources."array-initial-1.1.0" // { + dependencies = [ + sources."is-number-4.0.0" + ]; + }) + (sources."array-last-1.3.0" // { + dependencies = [ + sources."is-number-4.0.0" + ]; + }) + sources."array-slice-1.1.0" + (sources."array-sort-1.0.0" // { + dependencies = [ + sources."kind-of-5.1.0" + ]; + }) + sources."array-unique-0.2.1" + sources."asn1-0.2.4" + sources."assert-plus-1.0.0" + sources."assertion-error-1.1.0" + sources."assign-symbols-1.0.0" + sources."astral-regex-1.0.0" + sources."async-done-1.3.2" + sources."async-each-1.0.3" + sources."async-settle-1.0.0" + sources."asynckit-0.4.0" + sources."atob-2.1.2" + sources."auto-launch-5.0.5" + sources."aws-sign2-0.7.0" + sources."aws4-1.11.0" + sources."bach-1.2.0" + sources."balanced-match-1.0.2" + (sources."base-0.11.2" // { + dependencies = [ + sources."define-property-1.0.0" + sources."isobject-3.0.1" + ]; + }) + sources."base64-js-1.5.1" + sources."bcrypt-pbkdf-1.0.2" + sources."binary-0.3.0" + sources."binary-extensions-1.13.1" + sources."bindings-1.5.0" + sources."bl-1.2.3" + sources."brace-expansion-1.1.11" + sources."braces-1.8.5" + sources."browser-stdout-1.3.1" + sources."buffer-5.7.1" + sources."buffer-alloc-1.2.0" + sources."buffer-alloc-unsafe-1.1.0" + sources."buffer-crc32-0.2.13" + sources."buffer-equal-1.0.0" + sources."buffer-fill-1.0.0" + sources."buffer-from-1.1.2" + sources."buffer-to-vinyl-1.1.0" + sources."buffers-0.1.1" + (sources."cache-base-1.0.1" // { + dependencies = [ + sources."isobject-3.0.1" + ]; + }) + sources."call-bind-1.0.2" + sources."callsites-3.1.0" + sources."camelcase-2.1.1" + sources."capture-stack-trace-1.0.1" + sources."caseless-0.12.0" + sources."caw-2.0.1" + sources."chai-4.3.4" + sources."chai-as-promised-7.1.1" + sources."chainsaw-0.1.0" + sources."chalk-1.1.3" + sources."chardet-0.7.0" + sources."charm-0.1.2" + sources."check-error-1.0.2" + (sources."chokidar-2.1.8" // { + dependencies = [ + sources."array-unique-0.3.2" + sources."braces-2.3.2" + sources."fill-range-4.0.0" + sources."is-glob-4.0.1" + sources."is-number-3.0.0" + sources."isobject-3.0.1" + sources."normalize-path-3.0.0" + ]; + }) + (sources."class-utils-0.3.6" // { + dependencies = [ + sources."define-property-0.2.5" + (sources."is-accessor-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-data-descriptor-0.1.4" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + sources."is-descriptor-0.1.6" + sources."isobject-3.0.1" + sources."kind-of-5.1.0" + ]; + }) + sources."cli-cursor-3.1.0" + sources."cli-width-3.0.0" + sources."cliui-3.2.0" + sources."clone-1.0.4" + sources."clone-buffer-1.0.0" + sources."clone-stats-0.0.1" + sources."cloneable-readable-1.1.3" + sources."code-point-at-1.1.0" + (sources."collection-map-1.0.0" // { + dependencies = [ + sources."for-own-1.0.0" + ]; + }) + sources."collection-visit-1.0.0" + sources."color-convert-1.9.3" + sources."color-name-1.1.3" + sources."color-support-1.1.3" + sources."combined-stream-1.0.8" + sources."commander-2.20.3" + sources."component-emitter-1.3.0" + sources."concat-map-0.0.1" + sources."concat-stream-1.6.2" + sources."config-chain-1.1.13" + sources."convert-source-map-1.8.0" + sources."copy-descriptor-0.1.1" + (sources."copy-props-2.0.5" // { + dependencies = [ + sources."is-plain-object-5.0.0" + ]; + }) + sources."core-util-is-1.0.2" + sources."create-error-class-3.0.2" + sources."cross-spawn-6.0.5" + (sources."css-2.2.4" // { + dependencies = [ + sources."source-map-0.6.1" + ]; + }) + sources."d-1.0.1" + sources."dashdash-1.14.1" + sources."debounce-1.2.1" + sources."debug-4.3.2" + (sources."debug-fabulous-1.1.0" // { + dependencies = [ + sources."debug-3.2.7" + sources."object-assign-4.1.1" + ]; + }) + sources."decamelize-1.2.0" + sources."decode-uri-component-0.2.0" + sources."decompress-3.0.0" + (sources."decompress-tar-3.1.0" // { + dependencies = [ + sources."clone-0.2.0" + sources."vinyl-0.4.6" + ]; + }) + (sources."decompress-tarbz2-3.1.0" // { + dependencies = [ + sources."clone-0.2.0" + sources."vinyl-0.4.6" + ]; + }) + (sources."decompress-targz-3.1.0" // { + dependencies = [ + sources."clone-0.2.0" + sources."vinyl-0.4.6" + ]; + }) + (sources."decompress-unzip-3.4.0" // { + dependencies = [ + sources."through2-2.0.5" + ]; + }) + (sources."decompress-zip-0.3.3" // { + dependencies = [ + sources."isarray-0.0.1" + sources."readable-stream-1.1.14" + sources."string_decoder-0.10.31" + ]; + }) + sources."deep-eql-3.0.1" + sources."deep-is-0.1.3" + (sources."default-compare-1.0.0" // { + dependencies = [ + sources."kind-of-5.1.0" + ]; + }) + sources."default-resolution-2.0.0" + sources."define-properties-1.1.3" + (sources."define-property-2.0.2" // { + dependencies = [ + sources."isobject-3.0.1" + ]; + }) + sources."delayed-stream-1.0.0" + sources."detect-file-1.0.0" + sources."detect-newline-2.1.0" + sources."diff-5.0.0" + sources."doctrine-3.0.0" + (sources."download-5.0.3" // { + dependencies = [ + sources."decompress-4.2.1" + sources."decompress-tar-4.1.1" + (sources."decompress-tarbz2-4.1.1" // { + dependencies = [ + sources."file-type-6.2.0" + ]; + }) + sources."decompress-targz-4.1.1" + (sources."decompress-unzip-4.0.1" // { + dependencies = [ + sources."file-type-3.9.0" + sources."get-stream-2.3.1" + ]; + }) + sources."file-type-5.2.0" + sources."is-natural-number-4.0.1" + sources."object-assign-4.1.1" + sources."strip-dirs-2.1.0" + ]; + }) + sources."duplexer2-0.1.4" + sources."duplexer3-0.1.4" + sources."duplexify-3.7.1" + sources."each-props-1.3.2" + sources."ecc-jsbn-0.1.2" + sources."emoji-regex-8.0.0" + sources."end-of-stream-1.4.4" + sources."error-ex-1.3.2" + sources."es5-ext-0.10.53" + sources."es6-iterator-2.0.3" + sources."es6-symbol-3.1.3" + sources."es6-weak-map-2.0.3" + sources."escalade-3.1.1" + sources."escape-string-regexp-1.0.5" + (sources."eslint-6.8.0" // { + dependencies = [ + sources."ansi-regex-4.1.0" + sources."ansi-styles-3.2.1" + sources."chalk-2.4.2" + sources."glob-parent-5.1.2" + sources."is-glob-4.0.1" + sources."semver-6.3.0" + sources."strip-ansi-5.2.0" + sources."supports-color-5.5.0" + ]; + }) + sources."eslint-scope-5.1.1" + sources."eslint-utils-1.4.3" + sources."eslint-visitor-keys-1.3.0" + sources."espree-6.2.1" + sources."esprima-4.0.1" + (sources."esquery-1.4.0" // { + dependencies = [ + sources."estraverse-5.2.0" + ]; + }) + (sources."esrecurse-4.3.0" // { + dependencies = [ + sources."estraverse-5.2.0" + ]; + }) + sources."estraverse-4.3.0" + sources."esutils-2.0.3" + sources."event-emitter-0.3.5" + sources."expand-brackets-0.1.5" + sources."expand-range-1.8.2" + sources."expand-tilde-2.0.2" + (sources."ext-1.4.0" // { + dependencies = [ + sources."type-2.5.0" + ]; + }) + sources."extend-3.0.2" + sources."extend-shallow-2.0.1" + sources."external-editor-3.1.0" + (sources."extglob-0.3.2" // { + dependencies = [ + sources."is-extglob-1.0.0" + ]; + }) + sources."extsprintf-1.3.0" + sources."fancy-log-1.3.3" + sources."fast-deep-equal-3.1.3" + sources."fast-json-stable-stringify-2.1.0" + sources."fast-levenshtein-2.0.6" + sources."fd-slicer-1.1.0" + sources."figures-3.2.0" + sources."file-entry-cache-5.0.1" + sources."file-exists-2.0.0" + sources."file-type-3.9.0" + sources."file-uri-to-path-1.0.0" + sources."filename-regex-2.0.1" + sources."filename-reserved-regex-2.0.0" + sources."filenamify-2.1.0" + sources."fill-range-2.2.4" + sources."find-up-1.1.2" + (sources."findup-sync-3.0.0" // { + dependencies = [ + sources."arr-diff-4.0.0" + sources."array-unique-0.3.2" + (sources."braces-2.3.2" // { + dependencies = [ + sources."extend-shallow-2.0.1" + ]; + }) + sources."debug-2.6.9" + sources."define-property-1.0.0" + (sources."expand-brackets-2.1.4" // { + dependencies = [ + sources."define-property-0.2.5" + sources."extend-shallow-2.0.1" + sources."is-extendable-0.1.1" + ]; + }) + sources."extend-shallow-3.0.2" + (sources."extglob-2.0.4" // { + dependencies = [ + sources."extend-shallow-2.0.1" + sources."is-extendable-0.1.1" + ]; + }) + (sources."fill-range-4.0.0" // { + dependencies = [ + sources."extend-shallow-2.0.1" + ]; + }) + (sources."is-accessor-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-data-descriptor-0.1.4" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-5.1.0" + ]; + }) + sources."is-extendable-1.0.1" + sources."is-glob-4.0.1" + (sources."is-number-3.0.0" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + sources."isobject-3.0.1" + sources."kind-of-6.0.3" + sources."micromatch-3.1.10" + sources."ms-2.0.0" + ]; + }) + sources."fined-1.2.0" + sources."first-chunk-stream-1.0.0" + sources."flagged-respawn-1.0.1" + sources."flat-5.0.2" + (sources."flat-cache-2.0.1" // { + dependencies = [ + sources."glob-7.1.7" + sources."rimraf-2.6.3" + ]; + }) + sources."flatted-2.0.2" + sources."flush-write-stream-1.1.1" + sources."for-in-1.0.2" + sources."for-own-0.1.5" + sources."forever-agent-0.6.1" + sources."form-data-2.3.3" + sources."fragment-cache-0.2.1" + sources."fs-constants-1.0.0" + sources."fs-extra-7.0.1" + sources."fs-jetpack-4.1.1" + (sources."fs-mkdirp-stream-1.0.0" // { + dependencies = [ + sources."through2-2.0.5" + ]; + }) + sources."fs.realpath-1.0.0" + sources."fsevents-1.2.13" + sources."function-bind-1.1.1" + sources."functional-red-black-tree-1.0.1" + sources."get-caller-file-1.0.3" + sources."get-func-name-2.0.0" + sources."get-intrinsic-1.1.1" + sources."get-proxy-2.1.0" + sources."get-stdin-4.0.1" + sources."get-stream-3.0.0" + sources."get-value-2.0.6" + sources."getpass-0.1.7" + sources."glob-5.0.15" + (sources."glob-base-0.3.0" // { + dependencies = [ + sources."glob-parent-2.0.0" + sources."is-extglob-1.0.0" + sources."is-glob-2.0.1" + ]; + }) + sources."glob-parent-3.1.0" + sources."glob-stream-5.3.5" + (sources."glob-watcher-5.0.5" // { + dependencies = [ + sources."normalize-path-3.0.0" + ]; + }) + sources."global-modules-1.0.0" + sources."global-prefix-1.0.2" + sources."globals-12.4.0" + sources."glogg-1.0.2" + sources."got-6.7.1" + sources."graceful-fs-4.2.8" + sources."growl-1.10.5" + (sources."gulp-4.0.2" // { + dependencies = [ + sources."clone-2.1.2" + sources."clone-stats-1.0.0" + sources."glob-7.1.7" + sources."glob-stream-6.1.0" + sources."is-absolute-1.0.0" + sources."is-relative-1.0.0" + sources."is-valid-glob-1.0.0" + sources."ordered-read-streams-1.0.1" + sources."replace-ext-1.0.1" + sources."through2-2.0.5" + sources."to-absolute-glob-2.0.2" + sources."vinyl-2.2.1" + sources."vinyl-fs-3.0.3" + ]; + }) + (sources."gulp-cli-2.3.0" // { + dependencies = [ + sources."camelcase-3.0.0" + sources."isobject-3.0.1" + sources."yargs-7.1.2" + ]; + }) + (sources."gulp-sourcemaps-2.6.5" // { + dependencies = [ + sources."acorn-5.7.4" + sources."source-map-0.6.1" + sources."through2-2.0.5" + ]; + }) + sources."gulplog-1.0.0" + sources."har-schema-2.0.0" + sources."har-validator-5.1.5" + sources."has-1.0.3" + sources."has-ansi-2.0.0" + sources."has-flag-3.0.0" + sources."has-symbol-support-x-1.4.2" + sources."has-symbols-1.0.2" + sources."has-to-string-tag-x-1.4.1" + (sources."has-value-1.0.0" // { + dependencies = [ + sources."isobject-3.0.1" + ]; + }) + (sources."has-values-1.0.0" // { + dependencies = [ + (sources."is-number-3.0.0" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + sources."kind-of-4.0.0" + ]; + }) + sources."he-1.2.0" + sources."homedir-polyfill-1.0.3" + sources."hosted-git-info-2.8.9" + sources."http-signature-1.2.0" + sources."iconv-lite-0.4.24" + sources."ieee754-1.2.1" + sources."ignore-4.0.6" + sources."immediate-3.0.6" + sources."import-fresh-3.3.0" + sources."imurmurhash-0.1.4" + sources."inflight-1.0.6" + sources."inherits-2.0.4" + sources."ini-1.3.8" + (sources."inquirer-7.3.3" // { + dependencies = [ + sources."ansi-regex-5.0.0" + sources."ansi-styles-4.3.0" + sources."chalk-4.1.2" + sources."color-convert-2.0.1" + sources."color-name-1.1.4" + sources."has-flag-4.0.0" + sources."is-fullwidth-code-point-3.0.0" + sources."string-width-4.2.2" + sources."strip-ansi-6.0.0" + sources."supports-color-7.2.0" + ]; + }) + sources."interpret-1.4.0" + sources."invert-kv-1.0.0" + sources."is-absolute-0.1.7" + (sources."is-accessor-descriptor-1.0.0" // { + dependencies = [ + sources."kind-of-6.0.3" + ]; + }) + sources."is-arrayish-0.2.1" + sources."is-binary-path-1.0.1" + sources."is-buffer-1.1.6" + sources."is-bzip2-1.0.0" + sources."is-core-module-2.6.0" + (sources."is-data-descriptor-1.0.0" // { + dependencies = [ + sources."kind-of-6.0.3" + ]; + }) + (sources."is-descriptor-1.0.2" // { + dependencies = [ + sources."kind-of-6.0.3" + ]; + }) + sources."is-dotfile-1.0.3" + sources."is-equal-shallow-0.1.3" + sources."is-extendable-0.1.1" + sources."is-extglob-2.1.1" + sources."is-fullwidth-code-point-1.0.0" + sources."is-glob-3.1.0" + sources."is-gzip-1.0.0" + sources."is-natural-number-2.1.1" + sources."is-negated-glob-1.0.0" + sources."is-number-2.1.0" + sources."is-object-1.0.2" + sources."is-plain-obj-2.1.0" + (sources."is-plain-object-2.0.4" // { + dependencies = [ + sources."isobject-3.0.1" + ]; + }) + sources."is-posix-bracket-0.1.1" + sources."is-primitive-2.0.0" + sources."is-promise-2.2.2" + sources."is-redirect-1.0.0" + sources."is-relative-0.1.3" + sources."is-retry-allowed-1.2.0" + sources."is-stream-1.1.0" + sources."is-tar-1.0.0" + sources."is-typedarray-1.0.0" + sources."is-unc-path-1.0.0" + sources."is-utf8-0.2.1" + sources."is-valid-glob-0.3.0" + sources."is-windows-1.0.2" + sources."is-zip-1.0.0" + sources."isarray-1.0.0" + sources."isexe-2.0.0" + sources."isobject-2.1.0" + sources."isstream-0.1.2" + sources."isurl-1.0.0" + sources."js-tokens-4.0.0" + sources."js-yaml-3.14.1" + sources."jsbn-0.1.1" + sources."json-10.0.0" + sources."json-schema-0.2.3" + sources."json-schema-traverse-0.4.1" + sources."json-stable-stringify-without-jsonify-1.0.1" + sources."json-stringify-safe-5.0.1" + sources."jsonfile-4.0.0" + sources."jsprim-1.4.1" + sources."jszip-3.7.1" + sources."just-debounce-1.1.0" + sources."kind-of-3.2.2" + sources."last-run-1.1.1" + sources."lazystream-1.0.0" + sources."lcid-1.0.0" + sources."lead-1.0.0" + sources."levn-0.3.0" + sources."lie-3.3.0" + sources."liftoff-3.1.0" + sources."load-json-file-1.1.0" + sources."locate-path-6.0.0" + sources."lodash-4.17.21" + sources."lodash.isequal-4.5.0" + (sources."log-symbols-4.0.0" // { + dependencies = [ + sources."ansi-styles-4.3.0" + sources."chalk-4.1.2" + sources."color-convert-2.0.1" + sources."color-name-1.1.4" + sources."has-flag-4.0.0" + sources."supports-color-7.2.0" + ]; + }) + sources."lowercase-keys-1.0.1" + sources."lru-queue-0.1.0" + (sources."make-dir-1.3.0" // { + dependencies = [ + sources."pify-3.0.0" + ]; + }) + (sources."make-iterator-1.0.1" // { + dependencies = [ + sources."kind-of-6.0.3" + ]; + }) + sources."map-cache-0.2.2" + sources."map-visit-1.0.0" + (sources."matchdep-2.0.0" // { + dependencies = [ + sources."arr-diff-4.0.0" + sources."array-unique-0.3.2" + (sources."braces-2.3.2" // { + dependencies = [ + sources."extend-shallow-2.0.1" + ]; + }) + sources."debug-2.6.9" + sources."define-property-1.0.0" + (sources."expand-brackets-2.1.4" // { + dependencies = [ + sources."define-property-0.2.5" + sources."extend-shallow-2.0.1" + sources."is-extendable-0.1.1" + ]; + }) + sources."extend-shallow-3.0.2" + (sources."extglob-2.0.4" // { + dependencies = [ + sources."extend-shallow-2.0.1" + sources."is-extendable-0.1.1" + ]; + }) + (sources."fill-range-4.0.0" // { + dependencies = [ + sources."extend-shallow-2.0.1" + ]; + }) + sources."findup-sync-2.0.0" + (sources."is-accessor-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-data-descriptor-0.1.4" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-5.1.0" + ]; + }) + sources."is-extendable-1.0.1" + (sources."is-number-3.0.0" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + sources."isobject-3.0.1" + sources."kind-of-6.0.3" + sources."micromatch-3.1.10" + sources."ms-2.0.0" + ]; + }) + sources."math-random-1.0.4" + (sources."memoizee-0.4.15" // { + dependencies = [ + sources."next-tick-1.1.0" + ]; + }) + sources."merge-1.2.1" + sources."merge-stream-1.0.1" + (sources."micromatch-2.3.11" // { + dependencies = [ + sources."is-extglob-1.0.0" + sources."is-glob-2.0.1" + ]; + }) + sources."mime-db-1.49.0" + sources."mime-types-2.1.32" + sources."mimic-fn-2.1.0" + sources."minimatch-3.0.4" + sources."minimist-1.2.5" + (sources."mixin-deep-1.3.2" // { + dependencies = [ + sources."is-extendable-1.0.1" + ]; + }) + sources."mkdirp-0.5.5" + sources."mkpath-0.1.0" + (sources."mocha-8.4.0" // { + dependencies = [ + sources."ansi-colors-4.1.1" + sources."anymatch-3.1.2" + sources."argparse-2.0.1" + sources."binary-extensions-2.2.0" + sources."braces-3.0.2" + sources."chokidar-3.5.1" + (sources."debug-4.3.1" // { + dependencies = [ + sources."ms-2.1.2" + ]; + }) + sources."escape-string-regexp-4.0.0" + sources."fill-range-7.0.1" + sources."find-up-5.0.0" + sources."fsevents-2.3.2" + sources."glob-7.1.6" + sources."glob-parent-5.1.2" + sources."has-flag-4.0.0" + sources."is-binary-path-2.1.0" + sources."is-glob-4.0.1" + sources."is-number-7.0.0" + sources."js-yaml-4.0.0" + sources."ms-2.1.3" + sources."normalize-path-3.0.0" + sources."path-exists-4.0.0" + sources."readdirp-3.5.0" + sources."supports-color-8.1.1" + sources."to-regex-range-5.0.1" + sources."which-2.0.2" + sources."yargs-parser-20.2.4" + ]; + }) + sources."ms-2.1.2" + sources."multimeter-0.1.1" + sources."mute-stdout-1.0.1" + sources."mute-stream-0.0.8" + sources."nan-2.15.0" + sources."nanoid-3.1.20" + (sources."nanomatch-1.2.13" // { + dependencies = [ + sources."arr-diff-4.0.0" + sources."array-unique-0.3.2" + sources."extend-shallow-3.0.2" + sources."is-extendable-1.0.1" + sources."kind-of-6.0.3" + ]; + }) + sources."natural-compare-1.4.0" + sources."next-tick-1.0.0" + sources."nice-try-1.0.5" + sources."nopt-3.0.6" + sources."normalize-package-data-2.5.0" + sources."normalize-path-2.1.1" + sources."now-and-later-2.0.1" + (sources."npm-conf-1.1.3" // { + dependencies = [ + sources."pify-3.0.0" + ]; + }) + sources."number-is-nan-1.0.1" + (sources."nw-0.36.4" // { + dependencies = [ + sources."yargs-3.32.0" + ]; + }) + (sources."nw-autoupdater-1.1.11" // { + dependencies = [ + sources."decompress-4.2.1" + sources."decompress-tar-4.1.1" + (sources."decompress-tarbz2-4.1.1" // { + dependencies = [ + sources."file-type-6.2.0" + ]; + }) + sources."decompress-targz-4.1.1" + (sources."decompress-unzip-4.0.1" // { + dependencies = [ + sources."file-type-3.9.0" + ]; + }) + sources."file-type-5.2.0" + sources."get-stream-2.3.1" + sources."is-natural-number-4.0.1" + sources."object-assign-4.1.1" + sources."strip-dirs-2.1.0" + ]; + }) + (sources."nw-dev-3.0.1" // { + dependencies = [ + sources."anymatch-1.3.2" + sources."chokidar-1.7.0" + sources."glob-parent-2.0.0" + sources."is-extglob-1.0.0" + sources."is-glob-2.0.1" + ]; + }) + sources."oauth-sign-0.9.0" + sources."object-assign-2.1.1" + (sources."object-copy-0.1.0" // { + dependencies = [ + sources."define-property-0.2.5" + sources."is-accessor-descriptor-0.1.6" + sources."is-data-descriptor-0.1.4" + (sources."is-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-5.1.0" + ]; + }) + ]; + }) + sources."object-keys-1.1.1" + (sources."object-visit-1.0.1" // { + dependencies = [ + sources."isobject-3.0.1" + ]; + }) + sources."object.assign-4.1.2" + (sources."object.defaults-1.1.0" // { + dependencies = [ + sources."for-own-1.0.0" + sources."isobject-3.0.1" + ]; + }) + (sources."object.map-1.0.1" // { + dependencies = [ + sources."for-own-1.0.0" + ]; + }) + sources."object.omit-2.0.1" + (sources."object.pick-1.3.0" // { + dependencies = [ + sources."isobject-3.0.1" + ]; + }) + (sources."object.reduce-1.0.1" // { + dependencies = [ + sources."for-own-1.0.0" + ]; + }) + sources."once-1.4.0" + sources."onetime-5.1.2" + sources."optionator-0.8.3" + sources."ordered-read-streams-0.3.0" + sources."os-locale-1.4.0" + sources."os-tmpdir-1.0.2" + sources."p-limit-3.1.0" + sources."p-locate-5.0.0" + sources."pako-1.0.11" + sources."parent-module-1.0.1" + (sources."parse-filepath-1.0.2" // { + dependencies = [ + sources."is-absolute-1.0.0" + sources."is-relative-1.0.0" + ]; + }) + (sources."parse-glob-3.0.4" // { + dependencies = [ + sources."is-extglob-1.0.0" + sources."is-glob-2.0.1" + ]; + }) + sources."parse-json-2.2.0" + sources."parse-node-version-1.0.1" + sources."parse-passwd-1.0.0" + sources."pascalcase-0.1.1" + sources."path-dirname-1.0.2" + sources."path-exists-2.1.0" + sources."path-is-absolute-1.0.1" + sources."path-key-2.0.1" + sources."path-parse-1.0.7" + sources."path-root-0.1.1" + sources."path-root-regex-0.1.2" + sources."path-type-1.1.0" + sources."pathval-1.1.1" + sources."pend-1.2.0" + sources."performance-now-2.1.0" + sources."picomatch-2.3.0" + sources."pify-2.3.0" + sources."pinkie-2.0.4" + sources."pinkie-promise-2.0.1" + sources."posix-character-classes-0.1.1" + sources."prelude-ls-1.1.2" + sources."prepend-http-1.0.4" + sources."preserve-0.2.0" + sources."pretty-hrtime-1.0.3" + sources."process-nextick-args-2.0.1" + sources."progress-2.0.3" + sources."proto-list-1.2.4" + sources."psl-1.8.0" + sources."pump-2.0.1" + sources."pumpify-1.5.1" + sources."punycode-2.1.1" + sources."q-1.5.1" + sources."qs-6.5.2" + (sources."randomatic-3.1.1" // { + dependencies = [ + sources."is-number-4.0.0" + sources."kind-of-6.0.3" + ]; + }) + sources."randombytes-2.1.0" + sources."read-all-stream-3.1.0" + sources."read-pkg-1.1.0" + sources."read-pkg-up-1.0.1" + sources."readable-stream-2.3.7" + (sources."readdirp-2.2.1" // { + dependencies = [ + sources."arr-diff-4.0.0" + sources."array-unique-0.3.2" + (sources."braces-2.3.2" // { + dependencies = [ + sources."extend-shallow-2.0.1" + ]; + }) + sources."debug-2.6.9" + sources."define-property-1.0.0" + (sources."expand-brackets-2.1.4" // { + dependencies = [ + sources."define-property-0.2.5" + sources."extend-shallow-2.0.1" + sources."is-extendable-0.1.1" + ]; + }) + sources."extend-shallow-3.0.2" + (sources."extglob-2.0.4" // { + dependencies = [ + sources."extend-shallow-2.0.1" + sources."is-extendable-0.1.1" + ]; + }) + (sources."fill-range-4.0.0" // { + dependencies = [ + sources."extend-shallow-2.0.1" + ]; + }) + (sources."is-accessor-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-data-descriptor-0.1.4" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-5.1.0" + ]; + }) + sources."is-extendable-1.0.1" + (sources."is-number-3.0.0" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + sources."isobject-3.0.1" + sources."kind-of-6.0.3" + sources."micromatch-3.1.10" + sources."ms-2.0.0" + ]; + }) + sources."rechoir-0.6.2" + sources."regex-cache-0.4.4" + (sources."regex-not-1.0.2" // { + dependencies = [ + sources."extend-shallow-3.0.2" + sources."is-extendable-1.0.1" + ]; + }) + sources."regexpp-2.0.1" + sources."remove-bom-buffer-3.0.0" + (sources."remove-bom-stream-1.2.0" // { + dependencies = [ + sources."through2-2.0.5" + ]; + }) + sources."remove-trailing-separator-1.1.0" + sources."repeat-element-1.1.4" + sources."repeat-string-1.6.1" + sources."replace-ext-0.0.1" + (sources."replace-homedir-1.0.0" // { + dependencies = [ + sources."is-absolute-1.0.0" + sources."is-relative-1.0.0" + ]; + }) + (sources."request-2.88.2" // { + dependencies = [ + sources."uuid-3.4.0" + ]; + }) + sources."require-directory-2.1.1" + sources."require-main-filename-1.0.1" + sources."resolve-1.20.0" + sources."resolve-dir-1.0.1" + sources."resolve-from-4.0.0" + sources."resolve-options-1.1.0" + sources."resolve-url-0.2.1" + sources."restore-cursor-3.1.0" + sources."ret-0.1.15" + (sources."rimraf-2.7.1" // { + dependencies = [ + sources."glob-7.1.7" + ]; + }) + sources."run-async-2.4.1" + sources."rxjs-6.6.7" + sources."safe-buffer-5.1.2" + sources."safe-regex-1.1.0" + sources."safer-buffer-2.1.2" + sources."sax-1.2.4" + sources."seek-bzip-1.0.6" + (sources."selenium-webdriver-3.6.0" // { + dependencies = [ + sources."tmp-0.0.30" + ]; + }) + sources."semver-5.7.1" + sources."semver-greatest-satisfied-range-1.1.0" + sources."serialize-javascript-5.0.1" + sources."set-blocking-2.0.0" + sources."set-immediate-shim-1.0.1" + sources."set-value-2.0.1" + sources."shebang-command-1.2.0" + sources."shebang-regex-1.0.0" + sources."signal-exit-3.0.3" + (sources."slice-ansi-2.1.0" // { + dependencies = [ + sources."ansi-styles-3.2.1" + sources."is-fullwidth-code-point-2.0.0" + ]; + }) + (sources."snapdragon-0.8.2" // { + dependencies = [ + sources."debug-2.6.9" + sources."define-property-0.2.5" + (sources."is-accessor-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-data-descriptor-0.1.4" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + sources."is-descriptor-0.1.6" + sources."kind-of-5.1.0" + sources."ms-2.0.0" + ]; + }) + (sources."snapdragon-node-2.1.1" // { + dependencies = [ + sources."define-property-1.0.0" + sources."isobject-3.0.1" + ]; + }) + sources."snapdragon-util-3.0.1" + sources."source-map-0.5.7" + sources."source-map-resolve-0.5.3" + sources."source-map-url-0.4.1" + sources."sparkles-1.0.1" + sources."spdx-correct-3.1.1" + sources."spdx-exceptions-2.3.0" + sources."spdx-expression-parse-3.0.1" + sources."spdx-license-ids-3.0.10" + (sources."split-string-3.1.0" // { + dependencies = [ + sources."extend-shallow-3.0.2" + sources."is-extendable-1.0.1" + ]; + }) + sources."sprintf-js-1.0.3" + sources."sshpk-1.16.1" + sources."stack-trace-0.0.10" + sources."stat-mode-0.2.2" + (sources."static-extend-0.1.2" // { + dependencies = [ + sources."define-property-0.2.5" + (sources."is-accessor-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-data-descriptor-0.1.4" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + sources."is-descriptor-0.1.6" + sources."kind-of-5.1.0" + ]; + }) + sources."stream-combiner2-1.1.1" + sources."stream-exhaust-1.0.2" + sources."stream-shift-1.0.1" + sources."string-width-1.0.2" + sources."string_decoder-1.1.1" + sources."strip-ansi-3.0.1" + sources."strip-bom-2.0.0" + sources."strip-bom-stream-1.0.0" + sources."strip-bom-string-1.0.0" + sources."strip-dirs-1.1.1" + sources."strip-json-comments-3.1.1" + sources."strip-outer-1.0.1" + sources."sum-up-1.0.3" + sources."supports-color-2.0.0" + sources."sver-compat-1.5.0" + (sources."table-5.4.6" // { + dependencies = [ + sources."ansi-regex-4.1.0" + sources."emoji-regex-7.0.3" + sources."is-fullwidth-code-point-2.0.0" + sources."string-width-3.1.0" + sources."strip-ansi-5.2.0" + ]; + }) + sources."tar-stream-1.6.2" + sources."text-table-0.2.0" + sources."through-2.3.8" + (sources."through2-0.6.5" // { + dependencies = [ + sources."isarray-0.0.1" + sources."readable-stream-1.0.34" + sources."string_decoder-0.10.31" + ]; + }) + (sources."through2-filter-2.0.0" // { + dependencies = [ + sources."through2-2.0.5" + ]; + }) + sources."time-stamp-1.1.0" + sources."timed-out-4.0.1" + sources."timers-ext-0.1.7" + sources."tmp-0.0.33" + sources."to-absolute-glob-0.1.1" + sources."to-buffer-1.1.1" + sources."to-object-path-0.3.0" + (sources."to-regex-3.0.2" // { + dependencies = [ + sources."extend-shallow-3.0.2" + sources."is-extendable-1.0.1" + ]; + }) + (sources."to-regex-range-2.1.1" // { + dependencies = [ + sources."is-number-3.0.0" + ]; + }) + (sources."to-through-2.0.0" // { + dependencies = [ + sources."through2-2.0.5" + ]; + }) + (sources."touch-0.0.3" // { + dependencies = [ + sources."nopt-1.0.10" + ]; + }) + sources."tough-cookie-2.5.0" + sources."traverse-0.3.9" + sources."tree-kill-1.2.2" + sources."trim-repeated-1.0.0" + sources."tslib-1.14.1" + sources."tunnel-agent-0.6.0" + sources."tweetnacl-0.14.5" + sources."type-1.2.0" + sources."type-check-0.3.2" + sources."type-detect-4.0.8" + sources."type-fest-0.8.1" + sources."typedarray-0.0.6" + sources."unbzip2-stream-1.4.3" + sources."unc-path-regex-0.1.2" + (sources."undertaker-1.3.0" // { + dependencies = [ + sources."fast-levenshtein-1.1.4" + ]; + }) + sources."undertaker-registry-1.0.1" + sources."union-value-1.0.1" + (sources."unique-stream-2.3.1" // { + dependencies = [ + sources."through2-2.0.5" + sources."through2-filter-3.0.0" + ]; + }) + sources."universalify-0.1.2" + (sources."unset-value-1.0.0" // { + dependencies = [ + (sources."has-value-0.3.1" // { + dependencies = [ + sources."isobject-2.1.0" + ]; + }) + sources."has-values-0.1.4" + sources."isobject-3.0.1" + ]; + }) + sources."untildify-3.0.3" + sources."unzip-response-2.0.1" + sources."upath-1.2.0" + sources."uri-js-4.4.1" + sources."urix-0.1.0" + sources."url-parse-lax-1.0.0" + sources."url-to-options-1.0.1" + sources."use-3.1.1" + sources."util-deprecate-1.0.2" + sources."uuid-2.0.3" + sources."v8-compile-cache-2.3.0" + sources."v8flags-3.2.0" + sources."vali-date-1.0.0" + sources."validate-npm-package-license-3.0.4" + sources."value-or-function-3.0.0" + sources."verror-1.10.0" + sources."vinyl-1.2.0" + (sources."vinyl-assign-1.2.1" // { + dependencies = [ + sources."object-assign-4.1.1" + ]; + }) + (sources."vinyl-fs-2.4.4" // { + dependencies = [ + sources."gulp-sourcemaps-1.6.0" + sources."object-assign-4.1.1" + sources."through2-2.0.5" + ]; + }) + (sources."vinyl-sourcemap-1.1.0" // { + dependencies = [ + sources."clone-2.1.2" + sources."clone-stats-1.0.0" + sources."replace-ext-1.0.1" + sources."vinyl-2.2.1" + ]; + }) + sources."which-1.3.1" + sources."which-module-1.0.0" + sources."wide-align-1.1.3" + sources."window-size-0.1.4" + sources."winreg-1.2.4" + sources."word-wrap-1.2.3" + sources."workerpool-6.1.0" + sources."wrap-ansi-2.1.0" + sources."wrappy-1.0.2" + sources."write-1.0.3" + sources."xml2js-0.4.23" + sources."xmlbuilder-11.0.1" + sources."xtend-4.0.2" + sources."y18n-3.2.2" + (sources."yargs-16.2.0" // { + dependencies = [ + sources."ansi-regex-5.0.0" + sources."ansi-styles-4.3.0" + sources."cliui-7.0.4" + sources."color-convert-2.0.1" + sources."color-name-1.1.4" + sources."get-caller-file-2.0.5" + sources."is-fullwidth-code-point-3.0.0" + sources."string-width-4.2.2" + sources."strip-ansi-6.0.0" + sources."wrap-ansi-7.0.0" + sources."y18n-5.0.8" + sources."yargs-parser-20.2.9" + ]; + }) + (sources."yargs-parser-5.0.1" // { + dependencies = [ + sources."camelcase-3.0.0" + ]; + }) + (sources."yargs-unparser-2.0.0" // { + dependencies = [ + sources."camelcase-6.2.0" + sources."decamelize-4.0.0" + ]; + }) + sources."yauzl-2.10.0" + sources."yocto-queue-0.1.0" + ]; + buildInputs = globalBuildInputs; + meta = { + description = "Setup and configure OnlyKey"; + homepage = "https://github.com/trustcrypto/OnlyKey-App#readme"; + license = "Apache-2.0"; + }; + production = false; + bypassCache = true; + reconstructLock = true; + }; +} diff --git a/nixpkgs/pkgs/tools/security/onlykey/onlykey.nix b/nixpkgs/pkgs/tools/security/onlykey/onlykey.nix new file mode 100644 index 000000000000..f9a1999f36d7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/onlykey/onlykey.nix @@ -0,0 +1,17 @@ +# This file has been generated by node2nix 1.9.0. Do not edit! + +{pkgs ? import <nixpkgs> { + inherit system; + }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-14_x"}: + +let + nodeEnv = import ../../../development/node-packages/node-env.nix { + inherit (pkgs) stdenv lib python2 runCommand writeTextFile writeShellScript; + inherit pkgs nodejs; + libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; + }; +in +import ./node-packages.nix { + inherit (pkgs) fetchurl nix-gitignore stdenv lib fetchgit; + inherit nodeEnv; +} diff --git a/nixpkgs/pkgs/tools/security/onlykey/package.json b/nixpkgs/pkgs/tools/security/onlykey/package.json new file mode 100644 index 000000000000..d9a1a72c4297 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/onlykey/package.json @@ -0,0 +1,3 @@ +[ + {"onlykey": "git://github.com/trustcrypto/OnlyKey-App.git#v5.3.3"} +] diff --git a/nixpkgs/pkgs/tools/security/open-ecard/default.nix b/nixpkgs/pkgs/tools/security/open-ecard/default.nix new file mode 100644 index 000000000000..470e5f6530fc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/open-ecard/default.nix @@ -0,0 +1,63 @@ +{ lib, stdenv, fetchurl, jre, pcsclite, makeDesktopItem, makeWrapper }: + +let + version = "1.2.4"; + srcs = { + richclient = fetchurl { + url = "https://jnlp.openecard.org/richclient-${version}-20171212-0958.jar"; + sha256 = "1ckhyhszp4zhfb5mn67lz603b55z814jh0sz0q5hriqzx017j7nr"; + }; + cifs = fetchurl { + url = "https://jnlp.openecard.org/cifs-${version}-20171212-0958.jar"; + sha256 = "0rc862lx3y6sw87r1v5xjmqqpysyr1x6yqhycqmcdrwz0j3wykrr"; + }; + logo = fetchurl { + url = "https://raw.githubusercontent.com/ecsec/open-ecard/1.2.3/gui/graphics/src/main/ext/oec_logo_bg-transparent.svg"; + sha256 = "0rpmyv10vjx2yfpm03mqliygcww8af2wnrnrppmsazdplksaxkhs"; + }; + }; +in stdenv.mkDerivation rec { + pname = "open-ecard"; + inherit version; + + src = srcs.richclient; + + dontUnpack = true; + + nativeBuildInputs = [ makeWrapper ]; + + desktopItem = makeDesktopItem { + name = pname; + desktopName = "Open eCard App"; + genericName = "eCard App"; + comment = "Client side implementation of the eCard-API-Framework"; + icon = "oec_logo_bg-transparent.svg"; + exec = pname; + categories = "Utility;Security;"; + }; + + installPhase = '' + mkdir -p $out/share/java + cp ${srcs.richclient} $out/share/java/richclient-${version}.jar + cp ${srcs.cifs} $out/share/java/cifs-${version}.jar + + mkdir -p $out/share/applications $out/share/pixmaps + cp $desktopItem/share/applications/* $out/share/applications + cp ${srcs.logo} $out/share/pixmaps/oec_logo_bg-transparent.svg + + mkdir -p $out/bin + makeWrapper ${jre}/bin/java $out/bin/${pname} \ + --add-flags "-cp $out/share/java/cifs-${version}.jar" \ + --add-flags "-jar $out/share/java/richclient-${version}.jar" \ + --suffix LD_LIBRARY_PATH ':' ${lib.getLib pcsclite}/lib + ''; + + meta = with lib; { + description = "Client side implementation of the eCard-API-Framework (BSI + TR-03112) and related international standards, such as ISO/IEC 24727"; + homepage = "https://www.openecard.org/"; + license = licenses.gpl3; + maintainers = with maintainers; [ sephalon ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/opencryptoki/default.nix b/nixpkgs/pkgs/tools/security/opencryptoki/default.nix new file mode 100644 index 000000000000..0825708f71fd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/opencryptoki/default.nix @@ -0,0 +1,41 @@ +{ lib, stdenv, fetchFromGitHub, openssl, trousers, autoreconfHook, libtool, bison, flex }: + +stdenv.mkDerivation rec { + pname = "opencryptoki"; + version = "3.8.2"; + + src = fetchFromGitHub { + owner = "opencryptoki"; + repo = "opencryptoki"; + rev = "v${version}"; + sha256 = "1rf7cmibmx636vzv7p54g212478a8wim2lfjf2861hfd0m96nv4l"; + }; + + nativeBuildInputs = [ autoreconfHook libtool bison flex ]; + buildInputs = [ openssl trousers ]; + + postPatch = '' + substituteInPlace configure.ac \ + --replace "usermod" "true" \ + --replace "groupadd" "true" \ + --replace "chmod" "true" \ + --replace "chgrp" "true" + substituteInPlace usr/lib/Makefile.am --replace "DESTDIR" "out" + ''; + + configureFlags = [ + "--prefix=$(out)" + "--disable-ccatok" + "--disable-icatok" + ]; + + enableParallelBuilding = true; + + meta = with lib; { + description = "PKCS#11 implementation for Linux"; + homepage = "https://github.com/opencryptoki/opencryptoki"; + license = licenses.cpl10; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/opensc/default.nix b/nixpkgs/pkgs/tools/security/opensc/default.nix new file mode 100644 index 000000000000..15231c945316 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/opensc/default.nix @@ -0,0 +1,65 @@ +{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, zlib, readline, openssl +, libiconv, pcsclite, libassuan, libXt +, docbook_xsl, libxslt, docbook_xml_dtd_412 +, Carbon, PCSC, buildPackages +, withApplePCSC ? stdenv.isDarwin +}: + +stdenv.mkDerivation rec { + pname = "opensc"; + version = "0.22.0"; + + src = fetchFromGitHub { + owner = "OpenSC"; + repo = "OpenSC"; + rev = version; + sha256 = "sha256-0IFpiG1SJq4cpS5z6kwpWSPVWjO0q0SHs+doD2vbUKs="; + }; + + nativeBuildInputs = [ pkg-config autoreconfHook ]; + buildInputs = [ + zlib readline openssl libassuan + libXt libxslt libiconv docbook_xml_dtd_412 + ] + ++ lib.optional stdenv.isDarwin Carbon + ++ (if withApplePCSC then [ PCSC ] else [ pcsclite ]); + + NIX_CFLAGS_COMPILE = "-Wno-error"; + + configureFlags = [ + "--enable-zlib" + "--enable-readline" + "--enable-openssl" + "--enable-pcsc" + "--enable-sm" + "--enable-man" + "--enable-doc" + "--localstatedir=/var" + "--sysconfdir=/etc" + "--with-xsl-stylesheetsdir=${docbook_xsl}/xml/xsl/docbook" + "--with-pcsc-provider=${ + if withApplePCSC then + "${PCSC}/Library/Frameworks/PCSC.framework/PCSC" + else + "${lib.getLib pcsclite}/lib/libpcsclite${stdenv.hostPlatform.extensions.sharedLibrary}" + }" + (lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) + "XSLTPROC=${buildPackages.libxslt}/bin/xsltproc") + ]; + + PCSC_CFLAGS = lib.optionalString withApplePCSC + "-I${PCSC}/Library/Frameworks/PCSC.framework/Headers"; + + installFlags = [ + "sysconfdir=$(out)/etc" + "completiondir=$(out)/etc" + ]; + + meta = with lib; { + description = "Set of libraries and utilities to access smart cards"; + homepage = "https://github.com/OpenSC/OpenSC/wiki"; + license = licenses.lgpl21Plus; + platforms = platforms.all; + maintainers = [ maintainers.michaeladler ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/orjail/default.nix b/nixpkgs/pkgs/tools/security/orjail/default.nix new file mode 100644 index 000000000000..adcbf5ae4f9f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/orjail/default.nix @@ -0,0 +1,55 @@ +{ lib +, stdenv +, fetchFromGitHub +, tor +, firejail +, iptables +, makeWrapper +}: + +stdenv.mkDerivation rec { + pname = "orjail"; + version = "1.1"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + sha256 = "06bwqb3l7syy4c1d8xynxwakmdxvm3qfm8r834nidsknvpdckd9z"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + postPatch = '' + patchShebangs make-helper.bsh + mkdir bin + mv usr/sbin/orjail bin/orjail + rm -r usr + ''; + + makeFlags = [ + "DESTDIR=${placeholder "out"}" + ]; + + postInstall = '' + # Specify binary paths: tor, firejail, iptables + # mktemp fails with /tmp path prefix, will work without it anyway + # https://github.com/orjail/orjail/issues/78 + # firejail will fail reading /etc/hosts, therefore remove --hostname arg + # https://github.com/netblue30/firejail/issues/2758 + substituteInPlace $out/bin/orjail \ + --replace ''$'TORBIN=\n' ''$'TORBIN=${tor}/bin/tor\n' \ + --replace ''$'FIREJAILBIN=\n' ''$'FIREJAILBIN=${firejail}/bin/firejail\n' \ + --replace 'iptables -' '${iptables}/bin/iptables -' \ + --replace 'mktemp /tmp/' 'mktemp ' \ + --replace '--hostname=host ' "" + ''; + + meta = with lib; { + description = "Force programs to exclusively use tor network"; + homepage = "https://github.com/orjail/orjail"; + license = licenses.wtfpl; + maintainers = with maintainers; [ onny ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ossec/default.nix b/nixpkgs/pkgs/tools/security/ossec/default.nix new file mode 100644 index 000000000000..b86cb57bbde0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ossec/default.nix @@ -0,0 +1,39 @@ +{ lib, stdenv, fetchurl, which }: + +stdenv.mkDerivation rec { + pname = "ossec-client"; + version = "2.6"; + + src = fetchurl { + url = "https://www.ossec.net/files/ossec-hids-${version}.tar.gz"; + sha256 = "0k1b59wdv9h50gbyy88qw3cnpdm8hv0nrl0znm92h9a11i5b39ip"; + }; + + buildInputs = [ which ]; + + patches = [ ./no-root.patch ]; + + buildPhase = '' + echo "en + +agent +$out +no +127.0.0.1 +yes +yes +yes + + +" | ./install.sh + ''; + + meta = with lib; { + description = "Open source host-based instrusion detection system"; + homepage = "https://www.ossec.net"; + license = licenses.gpl2; + maintainers = with maintainers; [ ]; + platforms = platforms.linux; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/ossec/no-root.patch b/nixpkgs/pkgs/tools/security/ossec/no-root.patch new file mode 100644 index 000000000000..ea6e9c54a9ae --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ossec/no-root.patch @@ -0,0 +1,176 @@ +diff -Naur ossec-hids-2.6-orig/install.sh ossec-hids-2.6/install.sh +--- ossec-hids-2.6-orig/install.sh 2011-07-11 15:36:58.000000000 -0400 ++++ ossec-hids-2.6/install.sh 2012-07-09 09:58:57.970692818 -0400 +@@ -119,14 +119,14 @@ + # Generate the /etc/ossec-init.conf + VERSION_FILE="./src/VERSION" + VERSION=`cat ${VERSION_FILE}` +- chmod 700 ${OSSEC_INIT} > /dev/null 2>&1 +- echo "DIRECTORY=\"${INSTALLDIR}\"" > ${OSSEC_INIT} +- echo "VERSION=\"${VERSION}\"" >> ${OSSEC_INIT} +- echo "DATE=\"`date`\"" >> ${OSSEC_INIT} +- echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT} +- chmod 600 ${OSSEC_INIT} +- cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT} +- chmod 644 ${INSTALLDIR}${OSSEC_INIT} ++ echo chmod 700 ${OSSEC_INIT} > /dev/null 2>&1 ++ echo "DIRECTORY=\"${INSTALLDIR}\"" > ${INSTALLDIR}${OSSEC_INIT} ++ echo "VERSION=\"${VERSION}\"" >> ${INSTALLDIR}${OSSEC_INIT} ++ echo "DATE=\"`date`\"" >> ${INSTALLDIR}${OSSEC_INIT} ++ echo "TYPE=\"${INSTYPE}\"" >> ${INSTALLDIR}${OSSEC_INIT} ++ echo chmod 600 ${OSSEC_INIT} ++ echo cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT} ++ echo chmod 644 ${INSTALLDIR}${OSSEC_INIT} + + + # If update_rules is set, we need to tweak +@@ -926,11 +926,6 @@ + catError "0x1-location"; + fi + +- # Must be root +- if [ ! "X$ME" = "Xroot" ]; then +- catError "0x2-beroot"; +- fi +- + # Checking dependencies + checkDependencies + +diff -Naur ossec-hids-2.6-orig/src/InstallAgent.sh ossec-hids-2.6/src/InstallAgent.sh +--- ossec-hids-2.6-orig/src/InstallAgent.sh 2011-07-11 15:36:58.000000000 -0400 ++++ ossec-hids-2.6/src/InstallAgent.sh 2012-07-09 09:56:12.061870552 -0400 +@@ -80,7 +80,7 @@ + else + grep "^${USER}" /etc/passwd > /dev/null 2>&1 + if [ ! $? = 0 ]; then +- /usr/sbin/groupadd ${GROUP} ++ echo /usr/sbin/groupadd ${GROUP} + + # We first check if /sbin/nologin is present. If it is not, + # we look for bin/false. If none of them is present, we +@@ -93,7 +93,7 @@ + OSMYSHELL="/bin/false" + fi + fi +- /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER} ++ echo /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER} + fi + fi + +@@ -105,31 +105,31 @@ + done + + # Default for all directories +-chmod -R 550 ${DIR} +-chown -R root:${GROUP} ${DIR} ++echo chmod -R 550 ${DIR} ++echo chown -R root:${GROUP} ${DIR} + + # To the ossec queue (default for agentd to read) +-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec +-chmod -R 770 ${DIR}/queue/ossec ++echo chown -R ${USER}:${GROUP} ${DIR}/queue/ossec ++echo chmod -R 770 ${DIR}/queue/ossec + + # For the logging user +-chown -R ${USER}:${GROUP} ${DIR}/logs +-chmod -R 750 ${DIR}/logs +-chmod -R 775 ${DIR}/queue/rids +-touch ${DIR}/logs/ossec.log +-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log +-chmod 664 ${DIR}/logs/ossec.log +- +-chown -R ${USER}:${GROUP} ${DIR}/queue/diff +-chmod -R 750 ${DIR}/queue/diff +-chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 ++echo chown -R ${USER}:${GROUP} ${DIR}/logs ++echo chmod -R 750 ${DIR}/logs ++echo chmod -R 775 ${DIR}/queue/rids ++echo touch ${DIR}/logs/ossec.log ++echo chown ${USER}:${GROUP} ${DIR}/logs/ossec.log ++echo chmod 664 ${DIR}/logs/ossec.log ++ ++echo chown -R ${USER}:${GROUP} ${DIR}/queue/diff ++echo chmod -R 750 ${DIR}/queue/diff ++echo chmod 740 ${DIR}/queue/diff/* "> /dev/null 2>&1" + + + + + # For the etc dir +-chmod 550 ${DIR}/etc +-chown -R root:${GROUP} ${DIR}/etc ++echo chmod 550 ${DIR}/etc ++echo chown -R root:${GROUP} ${DIR}/etc + + ls /etc/localtime > /dev/null 2>&1 + if [ $? = 0 ]; then +@@ -167,25 +167,25 @@ + cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 + cp -pr agentlessd/scripts/* ${DIR}/agentless/ + +-chown root:${GROUP} ${DIR}/etc/internal_options.conf +-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 +-chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1 +-chown root:${GROUP} ${DIR}/agentless/* +-chown ${USER}:${GROUP} ${DIR}/.ssh +-chown -R root:${GROUP} ${DIR}/etc/shared +- +-chmod 550 ${DIR}/etc +-chmod 440 ${DIR}/etc/internal_options.conf +-chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 +-chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1 +-chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it +-chmod 550 ${DIR}/agentless/* +-chmod 700 ${DIR}/.ssh ++echo chown root:${GROUP} ${DIR}/etc/internal_options.conf ++echo chown root:${GROUP} ${DIR}/etc/local_internal_options.conf "> /dev/null 2>&1" ++echo chown root:${GROUP} ${DIR}/etc/client.keys "> /dev/null 2>&1" ++echo chown root:${GROUP} ${DIR}/agentless/* ++echo chown ${USER}:${GROUP} ${DIR}/.ssh ++echo chown -R root:${GROUP} ${DIR}/etc/shared ++ ++echo chmod 550 ${DIR}/etc ++echo chmod 440 ${DIR}/etc/internal_options.conf ++echo chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 ++echo chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1 ++echo chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it ++echo chmod 550 ${DIR}/agentless/* ++echo chmod 700 ${DIR}/.ssh + + + # For the /var/run +-chmod 770 ${DIR}/var/run +-chown root:${GROUP} ${DIR}/var/run ++echo chmod 770 ${DIR}/var/run ++echo chown root:${GROUP} ${DIR}/var/run + + + # Moving the binary files +@@ -201,11 +201,11 @@ + sh ./init/fw-check.sh execute > /dev/null + cp -pr ../active-response/*.sh ${DIR}/active-response/bin/ + cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ +-chmod 755 ${DIR}/active-response/bin/* +-chown root:${GROUP} ${DIR}/active-response/bin/* ++echo chmod 755 ${DIR}/active-response/bin/* ++echo chown root:${GROUP} ${DIR}/active-response/bin/* + +-chown root:${GROUP} ${DIR}/bin/* +-chmod 550 ${DIR}/bin/* ++echo chown root:${GROUP} ${DIR}/bin/* ++echo chmod 550 ${DIR}/bin/* + + + # Moving the config file +@@ -221,8 +221,8 @@ + else + cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf + fi +-chown root:${GROUP} ${DIR}/etc/ossec.conf +-chmod 440 ${DIR}/etc/ossec.conf ++echo chown root:${GROUP} ${DIR}/etc/ossec.conf ++echo chmod 440 ${DIR}/etc/ossec.conf + + + diff --git a/nixpkgs/pkgs/tools/security/otpauth/default.nix b/nixpkgs/pkgs/tools/security/otpauth/default.nix new file mode 100644 index 000000000000..e4c42a83f045 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/otpauth/default.nix @@ -0,0 +1,26 @@ +{ lib +, fetchFromGitHub +, buildGoModule +}: + +buildGoModule rec { + pname = "otpauth"; + version = "0.4.2"; + + src = fetchFromGitHub { + owner = "dim13"; + repo = "otpauth"; + rev = "v${version}"; + sha256 = "sha256-qSu0kGRi1es9OciN1s9Eh1Z3JkxbcKO8W5cAC7c7n0k="; + }; + + vendorSha256 = "sha256-TU5crhmQAhSfURdfPe/xaa3RgGyc+UFn2E+jJ0flNsg="; + doCheck = true; + + meta = with lib; { + description = "Google Authenticator migration decoder"; + homepage = "https://github.com/dim13/otpauth"; + license = licenses.isc; + maintainers = with maintainers; [ ereslibre ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/p0f/default.nix b/nixpkgs/pkgs/tools/security/p0f/default.nix new file mode 100644 index 000000000000..84221fbd566c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/p0f/default.nix @@ -0,0 +1,41 @@ +{ lib, stdenv, fetchurl, libpcap, bash }: + +stdenv.mkDerivation rec { + pname = "p0f"; + version = "3.09b"; + + src = fetchurl { + url = "http://lcamtuf.coredump.cx/p0f3/releases/${pname}-${version}.tgz"; + sha256 = "0zqfq3gdnha29ckvlqmyp36c0jhj7f69bhqqx31yb6vkirinhfsl"; + }; + + buildInputs = [ libpcap ]; + + buildPhase = '' + substituteInPlace config.h --replace "p0f.fp" "$out/etc/p0f.fp" + substituteInPlace build.sh --replace "/bin/bash" "${bash}/bin/bash" + ./build.sh + cd tools && make && cd .. + ''; + + installPhase = '' + mkdir -p $out/sbin $out/etc + + cp ./p0f $out/sbin + cp ./p0f.fp $out/etc + + cp ./tools/p0f-client $out/sbin + cp ./tools/p0f-sendsyn $out/sbin + cp ./tools/p0f-sendsyn6 $out/sbin + ''; + + hardeningDisable = [ "format" ]; + + meta = { + description = "Passive network reconnaissance and fingerprinting tool"; + homepage = "https://lcamtuf.coredump.cx/p0f3/"; + license = lib.licenses.lgpl21; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pamtester/default.nix b/nixpkgs/pkgs/tools/security/pamtester/default.nix new file mode 100644 index 000000000000..face92a00af3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pamtester/default.nix @@ -0,0 +1,21 @@ +{ lib, stdenv, fetchurl, pam }: + +stdenv.mkDerivation rec { + pname = "pamtester"; + version = "0.1.2"; + + src = fetchurl { + url = "mirror://sourceforge/pamtester/pamtester-${version}.tar.gz"; + sha256 = "1mdj1wj0adcnx354fs17928yn2xfr1hj5mfraq282dagi873sqw3"; + }; + + buildInputs = [ pam ]; + + meta = with lib; { + description = "Utility program to test the PAM facility"; + homepage = "http://pamtester.sourceforge.net/"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/paperkey/default.nix b/nixpkgs/pkgs/tools/security/paperkey/default.nix new file mode 100644 index 000000000000..766b570a074e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/paperkey/default.nix @@ -0,0 +1,34 @@ +{ fetchurl, lib, stdenv }: + +stdenv.mkDerivation rec { + pname = "paperkey"; + version = "1.6"; + + src = fetchurl { + url = "https://www.jabberwocky.com/software/paperkey/${pname}-${version}.tar.gz"; + sha256 = "1xq5gni6gksjkd5avg0zpd73vsr97appksfx0gx2m38s4w9zsid2"; + }; + + postPatch = '' + for a in checks/*.sh ; do + substituteInPlace $a \ + --replace /bin/echo echo + done + ''; + + enableParallelBuilding = true; + + meta = with lib; { + description = "Store OpenPGP or GnuPG on paper"; + longDescription = '' + A reasonable way to achieve a long term backup of OpenPGP (GnuPG, PGP, etc) + keys is to print them out on paper. Paper and ink have amazingly long + retention qualities - far longer than the magnetic or optical means that + are generally used to back up computer data. + ''; + homepage = "https://www.jabberwocky.com/software/paperkey/"; + license = licenses.gpl2; + platforms = platforms.unix; + maintainers = with maintainers; [ skeidel ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/default.nix b/nixpkgs/pkgs/tools/security/pass/default.nix new file mode 100644 index 000000000000..7468b5dcc8d3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/default.nix @@ -0,0 +1,168 @@ +{ stdenv, lib, pkgs, fetchurl, buildEnv +, coreutils, findutils, gnugrep, gnused, getopt, git, tree, gnupg, openssl +, which, procps , qrencode , makeWrapper, pass, symlinkJoin + +, xclip ? null, xdotool ? null, dmenu ? null +, x11Support ? !stdenv.isDarwin , dmenuSupport ? (x11Support || waylandSupport) +, waylandSupport ? false, wl-clipboard ? null +, ydotool ? null, dmenu-wayland ? null + +# For backwards-compatibility +, tombPluginSupport ? false +}: + +with lib; + +assert x11Support -> xclip != null; +assert waylandSupport -> wl-clipboard != null; + +assert dmenuSupport -> x11Support || waylandSupport; +assert dmenuSupport && x11Support + -> dmenu != null && xdotool != null; +assert dmenuSupport && waylandSupport + -> dmenu-wayland != null && ydotool != null; + + +let + passExtensions = import ./extensions { inherit pkgs; }; + + env = extensions: + let + selected = [ pass ] ++ extensions passExtensions + ++ lib.optional tombPluginSupport passExtensions.tomb; + in buildEnv { + name = "pass-extensions-env"; + paths = selected; + buildInputs = [ makeWrapper ] ++ concatMap (x: x.buildInputs) selected; + + postBuild = '' + files=$(find $out/bin/ -type f -exec readlink -f {} \;) + if [ -L $out/bin ]; then + rm $out/bin + mkdir $out/bin + fi + + for i in $files; do + if ! [ "$(readlink -f "$out/bin/$(basename $i)")" = "$i" ]; then + ln -sf $i $out/bin/$(basename $i) + fi + done + + wrapProgram $out/bin/pass \ + --set SYSTEM_EXTENSION_DIR "$out/lib/password-store/extensions" + ''; + }; +in + +stdenv.mkDerivation rec { + version = "1.7.4"; + pname = "password-store"; + + src = fetchurl { + url = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz"; + sha256 = "1h4k6w7g8pr169p5w9n6mkdhxl3pw51zphx7www6pvgjb7vgmafg"; + }; + + patches = [ + ./set-correct-program-name-for-sleep.patch + ./extension-dir.patch + ] ++ lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; + + nativeBuildInputs = [ makeWrapper ]; + + installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; + + postInstall = '' + # Install Emacs Mode. NOTE: We can't install the necessary + # dependencies (s.el) here. The user has to do this themselves. + mkdir -p "$out/share/emacs/site-lisp" + cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/" + '' + optionalString dmenuSupport '' + cp "contrib/dmenu/passmenu" "$out/bin/" + ''; + + wrapperPath = with lib; makeBinPath ([ + coreutils + findutils + getopt + git + gnugrep + gnupg + gnused + tree + which + qrencode + procps + ] ++ optional stdenv.isDarwin openssl + ++ optional x11Support xclip + ++ optional waylandSupport wl-clipboard + ++ optionals (waylandSupport && dmenuSupport) [ ydotool dmenu-wayland ] + ++ optionals (x11Support && dmenuSupport) [ xdotool dmenu ] + ); + + postFixup = '' + # Fix program name in --help + substituteInPlace $out/bin/pass \ + --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass" + + # Ensure all dependencies are in PATH + wrapProgram $out/bin/pass \ + --prefix PATH : "${wrapperPath}" + '' + lib.optionalString dmenuSupport '' + # We just wrap passmenu with the same PATH as pass. It doesn't + # need all the tools in there but it doesn't hurt either. + wrapProgram $out/bin/passmenu \ + --prefix PATH : "$out/bin:${wrapperPath}" + ''; + + # Turn "check" into "installcheck", since we want to test our pass, + # not the one before the fixup. + postPatch = '' + patchShebangs tests + + substituteInPlace src/password-store.sh \ + --replace "@out@" "$out" + + # the turning + sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \ + -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \ + -e '/which gpg/ d' \ + tests/setup.sh + '' + lib.optionalString stdenv.isDarwin '' + # 'pass edit' uses hdid, which is not available from the sandbox. + rm -f tests/t0200-edit-tests.sh + rm -f tests/t0010-generate-tests.sh + rm -f tests/t0020-show-tests.sh + rm -f tests/t0050-mv-tests.sh + rm -f tests/t0100-insert-tests.sh + rm -f tests/t0300-reencryption.sh + rm -f tests/t0400-grep.sh + ''; + + doCheck = false; + + doInstallCheck = true; + installCheckInputs = [ git ]; + installCheckTarget = "test"; + + passthru = { + extensions = passExtensions; + withExtensions = env; + }; + + meta = with lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = "https://www.passwordstore.org/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher globin ma27 ]; + platforms = platforms.unix; + + longDescription = '' + pass is a very simple password store that keeps passwords inside gpg2 + encrypted files inside a simple directory tree residing at + ~/.password-store. The pass utility provides a series of commands for + manipulating the password store, allowing the user to add, remove, edit, + synchronize, generate, and manipulate passwords. + ''; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extension-dir.patch b/nixpkgs/pkgs/tools/security/pass/extension-dir.patch new file mode 100644 index 000000000000..028da31c4617 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extension-dir.patch @@ -0,0 +1,32 @@ +diff --git a/Makefile b/Makefile +index eac2291..1b1df0a 100644 +--- a/Makefile ++++ b/Makefile +@@ -46,12 +46,12 @@ install: install-common + @install -v -d "$(DESTDIR)$(LIBDIR)/password-store" && install -m 0644 -v "$(PLATFORMFILE)" "$(DESTDIR)$(LIBDIR)/password-store/platform.sh" + @install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions" + @install -v -d "$(DESTDIR)$(BINDIR)/" +- @trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \ ++ @trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;' src/password-store.sh > src/.pass && \ + install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass" + else + install: install-common + @install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions" +- @trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \ ++ @trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;' src/password-store.sh > src/.pass && \ + install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass" + endif + +diff --git a/src/password-store.sh b/src/password-store.sh +index 68551a4..2f3b5b7 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -656,7 +656,7 @@ cmd_extension_or_show() { + fi + } + +-SYSTEM_EXTENSION_DIR="" ++SYSTEM_EXTENSION_DIR="${SYSTEM_EXTENSION_DIR:-@out@/lib/password-store/extensions}" + cmd_extension() { + check_sneaky_paths "$1" + local user_extension system_extension extension diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch b/nixpkgs/pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch new file mode 100644 index 000000000000..ce6849d677f8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch @@ -0,0 +1,43 @@ +From a2d5d973f53efb11bdcaecbd0099df9714bc287f Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Tue, 8 Feb 2022 19:35:35 +0100 +Subject: [PATCH] Set `base` to an empty value + +`DESTDIR` ensures that everything lands in the correct location (i.e. +the target store-path on Nix), within this path, everything should be +moved into `/lib` and `/share`. +--- + setup.py | 17 ++--------------- + 1 file changed, 2 insertions(+), 15 deletions(-) + +diff --git a/setup.py b/setup.py +index 1f0a58b..f7baa41 100644 +--- a/setup.py ++++ b/setup.py +@@ -8,21 +8,8 @@ from pathlib import Path + + from setuptools import setup + +-share = Path(sys.prefix, 'share') +-base = '/usr' +-if os.uname().sysname == 'Darwin': +- base = '/usr/local' +-lib = Path(base, 'lib', 'password-store', 'extensions') +- +-if '--user' in sys.argv: +- if 'PASSWORD_STORE_EXTENSIONS_DIR' in os.environ: +- lib = Path(os.environ['PASSWORD_STORE_EXTENSIONS_DIR']) +- else: +- lib = Path.home() / '.password-store' / '.extensions' +- if 'XDG_DATA_HOME' in os.environ: +- share = Path(os.environ['XDG_DATA_HOME']) +- else: +- share = Path.home() / '.local' / 'share' ++share = Path('share') ++lib = Path('lib', 'password-store', 'extensions') + + setup( + data_files=[ +-- +2.33.1 + diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch b/nixpkgs/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch new file mode 100644 index 000000000000..5703f3c1f652 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch @@ -0,0 +1,28 @@ +From 8f76b32946430737f97f2702afd828b09536afd2 Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Sun, 15 Mar 2020 20:10:11 +0100 +Subject: [PATCH 2/2] Fix audit.bash setup + +This sets PASSWORD_STORE_DIR (needed by the python-code) to +PASSWORD_STORE_DIR and properly falls back to `~/.password-store` if +it's not set. +--- + audit.bash | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/audit.bash b/audit.bash +index 7a973dc..c40ff76 100755 +--- a/audit.bash ++++ b/audit.bash +@@ -17,7 +17,7 @@ + # + + cmd_audit() { +- export PASSWORD_STORE_DIR=$PREFIX GIT_DIR PASSWORD_STORE_GPG_OPTS ++ export PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR:-$HOME/.password-store} GIT_DIR PASSWORD_STORE_GPG_OPTS + export X_SELECTION CLIP_TIME PASSWORD_STORE_UMASK GENERATED_LENGTH + export CHARACTER_SET CHARACTER_SET_NO_SYMBOLS EXTENSIONS PASSWORD_STORE_KEY + export PASSWORD_STORE_ENABLE_EXTENSIONS PASSWORD_STORE_SIGNING_KEY +-- +2.25.0 + diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix b/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix new file mode 100644 index 000000000000..c4c16b8ff848 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix @@ -0,0 +1,55 @@ +{ lib, stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper, gnupg }: + +let + pythonEnv = pythonPackages.python.withPackages (p: [ p.requests p.setuptools p.zxcvbn ]); + +in stdenv.mkDerivation rec { + pname = "pass-audit"; + version = "1.2"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-audit"; + rev = "v${version}"; + sha256 = "sha256-xigP8LxRXITLF3X21zhWx6ooFNSTKGv46yFSt1dd4vs="; + }; + + patches = [ + ./0001-Set-base-to-an-empty-value.patch + ./0002-Fix-audit.bash-setup.patch + ]; + + postPatch = '' + substituteInPlace audit.bash \ + --replace 'python3' "${pythonEnv}/bin/python3" + substituteInPlace Makefile \ + --replace "install --root" "install --prefix ''' --root" + ''; + + outputs = [ "out" "man" ]; + + buildInputs = [ pythonEnv ]; + nativeBuildInputs = [ makeWrapper ]; + + # Tests freeze on darwin with: pass-audit-1.1 (checkPhase): EOFError + doCheck = !stdenv.isDarwin; + checkInputs = [ pythonPackages.green pass gnupg ]; + checkPhase = '' + ${pythonEnv}/bin/python3 setup.py green -q + ''; + + installFlags = [ "DESTDIR=${placeholder "out"}" "PREFIX=" ]; + postInstall = '' + wrapProgram $out/lib/password-store/extensions/audit.bash \ + --prefix PYTHONPATH : "$out/lib/${pythonEnv.libPrefix}/site-packages" \ + --run "export COMMAND" + ''; + + meta = with lib; { + description = "Pass extension for auditing your password repository."; + homepage = "https://github.com/roddhjav/pass-audit"; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ ma27 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/checkup.nix b/nixpkgs/pkgs/tools/security/pass/extensions/checkup.nix new file mode 100644 index 000000000000..5ae846d4a4b3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/checkup.nix @@ -0,0 +1,42 @@ +{ lib, stdenv, fetchFromGitHub +, curl, findutils, gnugrep, gnused, shellcheck }: + +let + pname = "pass-checkup"; + version = "0.2.1"; +in stdenv.mkDerivation { + inherit pname version; + + src = fetchFromGitHub { + owner = "etu"; + repo = pname; + rev = version; + sha256 = "18b6rx59r7g0hvqs2affvw0g0jyifyzhanwgz2q2b8nhjgqgnar2"; + }; + + nativeBuildInputs = [ shellcheck ]; + + postPatch = '' + substituteInPlace checkup.bash \ + --replace curl ${curl}/bin/curl \ + --replace find ${findutils}/bin/find \ + --replace grep ${gnugrep}/bin/grep \ + --replace sed ${gnused}/bin/sed + ''; + + installPhase = '' + runHook preInstall + + install -D -m755 checkup.bash $out/lib/password-store/extensions/checkup.bash + + runHook postInstall + ''; + + meta = with lib; { + description = "A pass extension to check against the Have I been pwned API to see if your passwords are publicly leaked or not"; + homepage = "https://github.com/etu/pass-checkup"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ etu ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/default.nix b/nixpkgs/pkgs/tools/security/pass/extensions/default.nix new file mode 100644 index 000000000000..96c252156de8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/default.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: + +with pkgs; + +{ + pass-audit = callPackage ./audit { + pythonPackages = python3Packages; + }; + pass-checkup = callPackage ./checkup.nix {}; + pass-import = callPackage ./import.nix {}; + pass-otp = callPackage ./otp.nix {}; + pass-tomb = callPackage ./tomb.nix {}; + pass-update = callPackage ./update.nix {}; + pass-genphrase = callPackage ./genphrase.nix {}; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix b/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix new file mode 100644 index 000000000000..dff64d7f1855 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "pass-genphrase"; + version = "0.3"; + + src = fetchFromGitHub { + owner = "congma"; + repo = "pass-genphrase"; + rev = version; + sha256 = "01dff2jlp111y7vlmp1wbgijzphhlzc19m02fs8nzmn5vxyffanx"; + }; + + dontBuild = true; + + installTargets = [ "globalinstall" ]; + + installFlags = [ "PREFIX=$(out)" ]; + + postFixup = '' + substituteInPlace $out/lib/password-store/extensions/genphrase.bash \ + --replace '$EXTENSIONS' "$out/lib/password-store/extensions/" + ''; + + meta = with lib; { + description = "Pass extension that generates memorable passwords"; + homepage = "https://github.com/congma/pass-genphrase"; + license = licenses.gpl3; + maintainers = with maintainers; [ seqizz ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix new file mode 100644 index 000000000000..60775be180c8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix @@ -0,0 +1,62 @@ +{ lib +, fetchFromGitHub +, fetchpatch +, python3Packages +, gnupg +, pass +, makeWrapper +}: + +python3Packages.buildPythonApplication rec { + pname = "pass-import"; + version = "3.2"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-import"; + rev = "v${version}"; + sha256 = "0hrpg7yiv50xmbajfy0zdilsyhbj5iv0qnlrgkfv99q1dvd5qy56"; + }; + + propagatedBuildInputs = with python3Packages; [ + cryptography + defusedxml + pyaml + pykeepass + python_magic # similar API to "file-magic", but already in nixpkgs. + secretstorage + ]; + + checkInputs = [ + gnupg + pass + python3Packages.pytestCheckHook + ]; + + disabledTests = [ + "test_import_gnome_keyring" # requires dbus, which pytest doesn't support + ]; + + postInstall = '' + mkdir -p $out/lib/password-store/extensions + cp ${src}/import.bash $out/lib/password-store/extensions/import.bash + wrapProgram $out/lib/password-store/extensions/import.bash \ + --prefix PATH : "${python3Packages.python.withPackages (_: propagatedBuildInputs)}/bin" \ + --prefix PYTHONPATH : "$out/${python3Packages.python.sitePackages}" \ + --run "export PREFIX" + cp -r ${src}/share $out/ + ''; + + postCheck = '' + $out/bin/pimport --list-exporters --list-importers + ''; + + meta = with lib; { + description = "Pass extension for importing data from existing password managers"; + homepage = "https://github.com/roddhjav/pass-import"; + changelog = "https://github.com/roddhjav/pass-import/blob/v${version}/CHANGELOG.rst"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix b/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix new file mode 100644 index 000000000000..8d9b350543dc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix @@ -0,0 +1,33 @@ +{ lib, stdenv, fetchFromGitHub, oathToolkit }: + +stdenv.mkDerivation rec { + pname = "pass-otp"; + version = "1.2.0"; + + src = fetchFromGitHub { + owner = "tadfisher"; + repo = "pass-otp"; + rev = "v${version}"; + sha256 = "0cpqrf3939hcvwg7sd8055ghc8x964ilimlri16czzx188a9jx9v"; + }; + + buildInputs = [ oathToolkit ]; + + dontBuild = true; + + patchPhase = '' + sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash + ''; + + installFlags = [ "PREFIX=$(out)" + "BASHCOMPDIR=$(out)/share/bash-completion/completions" + ]; + + meta = with lib; { + description = "A pass extension for managing one-time-password (OTP) tokens"; + homepage = "https://github.com/tadfisher/pass-otp"; + license = licenses.gpl3; + maintainers = with maintainers; [ jwiegley tadfisher toonn ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix b/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix new file mode 100644 index 000000000000..58630c4ec9f3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, fetchFromGitHub, tomb }: + +stdenv.mkDerivation rec { + pname = "pass-tomb"; + version = "1.3"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-tomb"; + rev = "v${version}"; + sha256 = "sha256-kbbMHmYmeyt7HM8YiNhknePm1vUaXWWXPWePKGpbU+o="; + }; + + buildInputs = [ tomb ]; + + dontBuild = true; + + installFlags = [ "PREFIX=$(out)" ]; + + postFixup = '' + substituteInPlace $out/lib/password-store/extensions/tomb.bash \ + --replace 'TOMB="''${PASSWORD_STORE_TOMB:-tomb}"' 'TOMB="''${PASSWORD_STORE_TOMB:-${tomb}/bin/tomb}"' + ''; + + meta = with lib; { + description = "Pass extension that keeps the password store encrypted inside a tomb"; + homepage = "https://github.com/roddhjav/pass-tomb"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/update.nix b/nixpkgs/pkgs/tools/security/pass/extensions/update.nix new file mode 100644 index 000000000000..50a4c49b90d1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/update.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "pass-update"; + version = "2.1"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-update"; + rev = "v${version}"; + sha256 = "0yx8w97jcp6lv7ad5jxqnj04csbrn2hhc4pskssxknw2sbvg4g6c"; + }; + + postPatch = '' + substituteInPlace Makefile \ + --replace "BASHCOMPDIR ?= /etc/bash_completion.d" "BASHCOMPDIR ?= $out/share/bash-completion/completions" + ''; + + dontBuild = true; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with lib; { + description = "Pass extension that provides an easy flow for updating passwords"; + homepage = "https://github.com/roddhjav/pass-update"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/no-darwin-getopt.patch b/nixpkgs/pkgs/tools/security/pass/no-darwin-getopt.patch new file mode 100644 index 000000000000..7e8b66dd7f1a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/no-darwin-getopt.patch @@ -0,0 +1,11 @@ +diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh +index f6cc471..e2e8bba 100644 +--- a/src/platform/darwin.sh ++++ b/src/platform/darwin.sh +@@ -39,6 +39,5 @@ qrcode() { + fi + } + +-GETOPT="$({ test -x /usr/local/opt/gnu-getopt/bin/getopt && echo /usr/local/opt/gnu-getopt; } || brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt" + SHRED="srm -f -z" + BASE64="openssl base64" diff --git a/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix b/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix new file mode 100644 index 000000000000..3b5aedf81a80 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix @@ -0,0 +1,56 @@ +{ lib, stdenv, fetchFromGitHub, pass, rofi, coreutils, util-linux, xdotool, gnugrep +, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper +}: + +stdenv.mkDerivation rec { + pname = "rofi-pass"; + version = "2.0.2"; + + src = fetchFromGitHub { + owner = "carnager"; + repo = "rofi-pass"; + rev = version; + sha256 = "131jpcwyyzgzjn9lx4k1zn95pd68pjw4i41jfzcp9z9fnazyln5n"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin + cp -a rofi-pass $out/bin/rofi-pass + + mkdir -p $out/share/doc/rofi-pass/ + cp -a config.example $out/share/doc/rofi-pass/config.example + ''; + + wrapperPath = with lib; makeBinPath [ + coreutils + findutils + gawk + gnugrep + gnused + libnotify + (pass.withExtensions (ext: [ ext.pass-otp ])) + pwgen + rofi + util-linux + xclip + xdotool + ]; + + fixupPhase = '' + patchShebangs $out/bin + + wrapProgram $out/bin/rofi-pass \ + --prefix PATH : "${wrapperPath}" + ''; + + meta = { + description = "A script to make rofi work with password-store"; + homepage = "https://github.com/carnager/rofi-pass"; + license = lib.licenses.gpl3; + platforms = with lib.platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch b/nixpkgs/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch new file mode 100644 index 000000000000..a71a279c1ef7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch @@ -0,0 +1,50 @@ +From d11261c2ad184daf6e9edd777bc8a3372c277b4b Mon Sep 17 00:00:00 2001 +From: Johannes Frankenau <johannes@frankenau.net> +Date: Fri, 10 Aug 2018 09:49:57 +0200 +Subject: [PATCH] Patch the clip() function to work even when using + single-binary coreutils + +--- + src/platform/cygwin.sh | 4 ++-- + src/platform/darwin.sh | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh +index 5a8d5ea..423e0ce 100644 +--- a/src/platform/cygwin.sh ++++ b/src/platform/cygwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$($BASE64 < /dev/clipboard)" + echo -n "$1" > /dev/clipboard + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$($BASE64 < /dev/clipboard)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + echo "$before" | $BASE64 -d > /dev/clipboard +diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh +index 342ecce..9e12837 100644 +--- a/src/platform/darwin.sh ++++ b/src/platform/darwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep for user $(id -u)" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(pbpaste | $BASE64)" + echo -n "$1" | pbcopy + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(pbpaste | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + echo "$before" | $BASE64 -d | pbcopy +-- +2.16.4 + diff --git a/nixpkgs/pkgs/tools/security/pass2csv/default.nix b/nixpkgs/pkgs/tools/security/pass2csv/default.nix new file mode 100644 index 000000000000..1817d63f1ee6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass2csv/default.nix @@ -0,0 +1,30 @@ +{ buildPythonApplication +, fetchPypi +, lib +, python-gnupg +}: + +buildPythonApplication rec { + pname = "pass2csv"; + version = "0.3.2"; + format = "pyproject"; + + src = fetchPypi { + inherit pname version; + sha256 = "03a11bd0b0905737f4adb21d87aa1653d84cc1d9b5dcfdfb8a29092245d65db8"; + }; + + propagatedBuildInputs = [ + python-gnupg + ]; + + # Project has no tests. + doCheck = false; + + meta = with lib; { + description = "Export pass(1), \"the standard unix password manager\", to CSV"; + homepage = "https://github.com/reinefjord/pass2csv"; + license = licenses.mit; + maintainers = with maintainers; [ wolfangaukang ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/passff-host/default.nix b/nixpkgs/pkgs/tools/security/passff-host/default.nix new file mode 100644 index 000000000000..4eb615b79032 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/passff-host/default.nix @@ -0,0 +1,48 @@ +{ lib, stdenv, fetchFromGitHub, python3, pass }: + +stdenv.mkDerivation rec { + pname = "passff-host"; + version = "1.2.3"; + + src = fetchFromGitHub { + owner = "passff"; + repo = pname; + rev = version; + sha256 = "sha256-1JPToJF/ruu69TEZAAvV3Zl0qcTpEyMb2qQDAWWgKNw="; + }; + + buildInputs = [ python3 ]; + makeFlags = [ "VERSION=${version}" ]; + + patchPhase = '' + sed -i 's#COMMAND = "pass"#COMMAND = "${pass}/bin/pass"#' src/passff.py + ''; + + installPhase = '' + substituteInPlace bin/${version}/passff.json \ + --replace PLACEHOLDER $out/share/passff-host/passff.py + + install -Dt $out/share/passff-host \ + bin/${version}/passff.{py,json} + + nativeMessagingPaths=( + /lib/mozilla/native-messaging-hosts + /etc/opt/chrome/native-messaging-hosts + /etc/chromium/native-messaging-hosts + /etc/vivaldi/native-messaging-hosts + /lib/librewolf/native-messaging-hosts + ) + + for manifestDir in "''${nativeMessagingPaths[@]}"; do + install -d $out$manifestDir + ln -s $out/share/passff-host/passff.json $out$manifestDir/ + done + ''; + + meta = with lib; { + description = "Host app for the WebExtension PassFF"; + homepage = "https://github.com/passff/passff-host"; + license = licenses.gpl2; + maintainers = with maintainers; [ ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/passphrase2pgp/default.nix b/nixpkgs/pkgs/tools/security/passphrase2pgp/default.nix new file mode 100644 index 000000000000..f1dce116a6d3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/passphrase2pgp/default.nix @@ -0,0 +1,27 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "passphrase2pgp"; + version = "1.2.0"; + + src = fetchFromGitHub { + owner = "skeeto"; + repo = pname; + rev = "v${version}"; + hash = "sha256-VNOoYYnHsSgiSbVxlBwYUq0JsLa4BwZQSvMVSiyB6rg="; + }; + + vendorSha256 = "sha256-7q5nwkj4TP7VgHmV9YBbCB11yTPL7tK4gD+uN4Vw3Cs="; + + postInstall = '' + mkdir -p $out/share/doc/$name + cp README.md $out/share/doc/$name + ''; + + meta = with lib; { + description = "Predictable, passphrase-based PGP key generator"; + homepage = "https://github.com/skeeto/passphrase2pgp"; + license = licenses.unlicense; + maintainers = with maintainers; [ kaction ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pbis/default.nix b/nixpkgs/pkgs/tools/security/pbis/default.nix new file mode 100644 index 000000000000..acd1fc5607bc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pbis/default.nix @@ -0,0 +1,70 @@ +{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, perl, flex, bison, curl, + pam, popt, libiconv, libuuid, openssl_1_0_2, cyrus_sasl, sqlite, tdb, libxml2 }: + +stdenv.mkDerivation rec { + pname = "pbis-open"; + version = "9.1.0"; + + src = fetchFromGitHub { + owner = "BeyondTrust"; + repo = pname; + rev = version; + sha256 = "081jm34sf488nwz5wzs55d6rxx3sv566x6p4h1yqcjaw36174m8v"; + }; + + nativeBuildInputs = [ + autoconf automake libtool perl flex bison + ]; + + # curl must be placed after openssl_1_0_2, because it pulls openssl 1.1 dependency. + buildInputs = [ + pam popt libiconv libuuid openssl_1_0_2 cyrus_sasl + curl sqlite popt tdb libxml2 + ]; + + postPatch = '' + patchShebangs . + sed -i -e 's/legacy//g' lwupgrade/MakeKitBuild # disable /opt/ symlinks + sed -i -e 's/tdb.h//g' samba-interop/MakeKitBuild #include <tdb.h> fails but it won't affect the build + ''; + preConfigure = '' + mkdir release + cd release + if [ $CC = gcc ]; then + NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -Wno-error=format-overflow -Wno-error=address-of-packed-member" + fi + NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -isystem ${lib.getDev libxml2}/include/libxml2 -Wno-error=array-bounds -Wno-error=pointer-sign -Wno-error=deprecated-declarations -Wno-error=unused-variable" + ''; + configureScript = "../configure"; + configureFlags = [ + "CFLAGS=-O" + "--docdir=${placeholder "prefix"}/share/doc" + "--mandir=${placeholder "prefix"}/share/doc/man" + "--datadir=${placeholder "prefix"}/share" + "--lw-initdir=${placeholder "prefix"}/etc/init.d" + "--selinux=no" # NixOS does not support SELinux + "--build-isas=x86_64" # [lwbase] endianness (host/x86_32): [lwbase] ERROR: could not determine endianness + "--fail-on-warn=no" + # "--debug=yes" + ]; # ^ See https://github.com/BeyondTrust/pbis-open/issues/124 + configureFlagsArray = [ "--lw-bundled-libs=linenoise-mob tomlc99 opensoap krb5 cyrus-sasl curl openldap ${ if libuuid == null then "libuuid" else "" }" ]; + # ^ it depends on old krb5 version 1.9 (issue #228) + # linenoise-mod, tomlc99, opensoap is not in nixpkgs. + # krb5 must be old one, and cyrus-sasl and openldap have dependency to newer libkrb5 that cause runtime error + enableParallelBuilding = true; + makeFlags = "SHELL="; + hardeningDisable = [ "format" ]; # -Werror=format-security + installPhase = '' + mkdir $sys + mv stage/{lib,var} $sys + mv stage$out $out + ''; + outputs = [ "out" "sys" ]; + + meta = with lib; { + description = "BeyondTrust AD Bridge Open simplifies the process of joining non-Microsoft hosts to Active Directory domains"; + homepage = "https://github.com/BeyondTrust/pbis-open"; + license = with licenses; [ gpl2 lgpl21 ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix b/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix new file mode 100644 index 000000000000..40736cdc86ba --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix @@ -0,0 +1,42 @@ +{ lib, stdenv, fetchurl, autoreconfHook, pkg-config, libusb1, pcsclite }: + +let + version = "3.99.5"; + suffix = "SP13"; + tarBall = "${version}final.${suffix}"; + +in stdenv.mkDerivation rec { + pname = "pcsc-cyberjack"; + inherit version; + + src = fetchurl { + url = + "http://support.reiner-sct.de/downloads/LINUX/V${version}_${suffix}/${pname}_${tarBall}.tar.gz"; + sha256 = "1lx4bfz4riz7j77sl65akyxzww0ygm63w0c1b75knr1pijlv8d3b"; + }; + + outputs = [ "out" "tools" ]; + + nativeBuildInputs = [ autoreconfHook pkg-config ]; + + buildInputs = [ libusb1 pcsclite ]; + + enableParallelBuilding = true; + + NIX_CFLAGS_COMPILE = "-Wno-error=narrowing"; + + configureFlags = [ + "--with-usbdropdir=${placeholder "out"}/pcsc/drivers" + "--bindir=${placeholder "tools"}/bin" + ]; + + postInstall = "make -C tools/cjflash install"; + + meta = with lib; { + description = "REINER SCT cyberJack USB chipcard reader user space driver"; + homepage = "https://www.reiner-sct.com/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ aszlig ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pcsc-safenet/default.nix b/nixpkgs/pkgs/tools/security/pcsc-safenet/default.nix new file mode 100644 index 000000000000..3610343fc273 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsc-safenet/default.nix @@ -0,0 +1,96 @@ +{ stdenv +, lib +, fetchurl +, autoPatchelfHook +, dpkg +, gtk2 +, openssl +, pcsclite +}: + +stdenv.mkDerivation rec { + pname = "pcsc-safenet"; + version = "10.0.37-0"; + + # https://aur.archlinux.org/packages/sac-core/ + src = fetchurl { + url = "https://storage.spidlas.cz/public/soft/safenet/SafenetAuthenticationClient-core-${version}_amd64.deb"; + sha256 = "1r9739bhal7ramj1rpawaqvik45xbs1c756l1da96din638gzy5l"; + }; + + dontBuild = true; + dontConfigure = true; + + unpackPhase = '' + dpkg-deb -x $src . + ''; + + buildInputs = [ + gtk2 + openssl + pcsclite + ]; + + runtimeDependencies = [ + openssl + ]; + + nativeBuildInputs = [ + autoPatchelfHook + dpkg + ]; + + installPhase = '' + # Set up for pcsc drivers + mkdir -p pcsc/drivers + mv usr/share/eToken/drivers/* pcsc/drivers/ + rm -r usr/share/eToken/drivers + + # Move binaries out + mv usr/bin bin + + # Move UI to bin + mv usr/share/SAC/SACUIProcess bin/ + rm -r usr/share/SAC + + mkdir $out + cp -r {bin,etc,lib,pcsc,usr,var} $out/ + + cd "$out/lib/" + ln -sf libeToken.so.10.0.37 libeTPkcs11.so + ln -sf libeToken.so.10.0.37 libeToken.so.10.0 + ln -sf libeToken.so.10.0.37 libeToken.so.10 + ln -sf libeToken.so.10.0.37 libeToken.so + ln -sf libcardosTokenEngine.so.10.0.37 libcardosTokenEngine.so.10.0 + ln -sf libcardosTokenEngine.so.10.0.37 libcardosTokenEngine.so.10 + ln -sf libcardosTokenEngine.so.10.0.37 libcardosTokenEngine.so + + cd $out/pcsc/drivers/aks-ifdh.bundle/Contents/Linux/ + ln -sf libAksIfdh.so.10.0 libAksIfdh.so + ln -sf libAksIfdh.so.10.0 libAksIfdh.so.10 + + ln -sf ${openssl.out}/lib/libcrypto.so $out/lib/libcrypto.so.1.0.0 + ''; + + dontAutoPatchelf = true; + + # Patch DYN shared libraries (autoPatchElfHook only patches EXEC | INTERP). + postFixup = '' + autoPatchelf "$out" + + runtime_rpath="${lib.makeLibraryPath runtimeDependencies}" + + for mod in $(find "$out" -type f -name '*.so.*'); do + mod_rpath="$(patchelf --print-rpath "$mod")" + patchelf --set-rpath "$runtime_rpath:$mod_rpath" "$mod" + done; + ''; + + meta = with lib; { + homepage = "https://safenet.gemalto.com/multi-factor-authentication/security-applications/authentication-client-token-management"; + description = "Safenet Authentication Client"; + platforms = [ "x86_64-linux" ]; + license = licenses.unfree; + maintainers = with maintainers; [ wldhx ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix new file mode 100644 index 000000000000..aa1580e24598 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix @@ -0,0 +1,48 @@ +{ lib, stdenv, fetchurl, unzip, libusb-compat-0_1 }: + +let + arch = if stdenv.hostPlatform.system == "i686-linux" then "32" + else if stdenv.hostPlatform.system == "x86_64-linux" then "64" + else throw "Unsupported system: ${stdenv.hostPlatform.system}"; +in +stdenv.mkDerivation rec { + pname = "pcsc-scm-scl"; + version = "2.09"; + + src = fetchurl { + url = "http://files.identiv.com/products/smart-card-readers/contactless/scl010-011/Linux_Driver_Ver${version}.zip"; + sha256 = "0ik26sxgqgsqplksl87z61vwmx51k7plaqmrkdid7xidgfhfxr42"; + }; + + nativeBuildInputs = [ unzip ]; + + unpackPhase = '' + unzip $src + tar xf "Linux Driver Ver${version}/sclgeneric_${version}_linux_${arch}bit.tar.gz" + export sourceRoot=$(readlink -e sclgeneric_${version}_linux_${arch}bit) + ''; + + # Add support for SCL011 nPA (subsidized model for German eID) + patches = [ ./eid.patch ]; + + installPhase = '' + mkdir -p $out/pcsc/drivers + cp -r proprietary/*.bundle $out/pcsc/drivers + ''; + + libPath = lib.makeLibraryPath [ libusb-compat-0_1 ]; + + fixupPhase = '' + patchelf --set-rpath $libPath \ + $out/pcsc/drivers/SCLGENERIC.bundle/Contents/Linux/libSCLGENERIC.so.${version}; + ''; + + meta = with lib; { + description = "SCM Microsystems SCL011 chipcard reader user space driver"; + homepage = "https://www.scm-pc-card.de/index.php?lang=en&page=product&function=show_product&product_id=630"; + downloadPage = "https://support.identiv.com/scl010-scl011/"; + license = licenses.unfreeRedistributable; + maintainers = with maintainers; [ sephalon ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/eid.patch b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/eid.patch new file mode 100644 index 000000000000..6e7ffd60f72f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/eid.patch @@ -0,0 +1,28 @@ +diff --git a/proprietary/SCLGENERIC.bundle/Contents/Info.plist b/proprietary/SCLGENERIC.bundle/Contents/Info.plist +index 412d6b9..5d1c6cc 100755 +--- a/proprietary/SCLGENERIC.bundle/Contents/Info.plist ++++ b/proprietary/SCLGENERIC.bundle/Contents/Info.plist +@@ -34,6 +34,7 @@ + <string>0x04E6</string> + <string>0x04E6</string> + <string>0x04E6</string> ++ <string>0x04E6</string> + </array> + + <key>ifdProductID</key> +@@ -42,6 +43,7 @@ + <string>0x5291</string> + <string>0x5290</string> + <string>0x5293</string> ++ <string>0x5292</string> + </array> + + <key>ifdFriendlyName</key> +@@ -50,6 +52,7 @@ + <string>SCL010 Contactless Reader</string> + <string>SCR331CL-NTTCom</string> + <string>SCL011G Contactless Reader</string> ++ <string>SCM Microsystems, Inc. SCL011 RFID reader</string> + </array> + + </dict> diff --git a/nixpkgs/pkgs/tools/security/pcsclite/default.nix b/nixpkgs/pkgs/tools/security/pcsclite/default.nix new file mode 100644 index 000000000000..db3ddd167a60 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsclite/default.nix @@ -0,0 +1,71 @@ +{ stdenv +, lib +, fetchurl +, autoreconfHook +, autoconf-archive +, pkg-config +, perl +, python3 +, dbus +, polkit +, systemd +, IOKit +}: + +stdenv.mkDerivation rec { + pname = "pcsclite"; + version = "1.9.5"; + + outputs = [ "bin" "out" "dev" "doc" "man" ]; + + src = fetchurl { + url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2"; + sha256 = "sha256:024x0hadn0kc0m9yz3l2pqzc5mdqyza9lmckg0bn4xak6frzkqwy"; + }; + + patches = [ ./no-dropdir-literals.patch ]; + + postPatch = '' + sed -i configure.ac \ + -e "s@polkit_policy_dir=.*@polkit_policy_dir=$bin/share/polkit-1/actions@" + ''; + + configureFlags = [ + "--enable-confdir=/etc" + # The OS should care on preparing the drivers into this location + "--enable-usbdropdir=/var/lib/pcsc/drivers" + ] + ++ (if stdenv.isLinux then [ + "--enable-ipcdir=/run/pcscd" + "--enable-polkit" + "--with-systemdsystemunitdir=${placeholder "bin"}/lib/systemd/system" + ] else [ + "--disable-libsystemd" + ]); + + postConfigure = '' + sed -i -re '/^#define *PCSCLITE_HP_DROPDIR */ { + s/(DROPDIR *)(.*)/\1(getenv("PCSCLITE_HP_DROPDIR") ? : \2)/ + }' config.h + ''; + + postInstall = '' + # pcsc-spy is a debugging utility and it drags python into the closure + moveToOutput bin/pcsc-spy "$dev" + ''; + + enableParallelBuilding = true; + + nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config perl ]; + + buildInputs = [ python3 ] + ++ lib.optionals stdenv.isLinux [ dbus polkit systemd ] + ++ lib.optionals stdenv.isDarwin [ IOKit ]; + + meta = with lib; { + description = "Middleware to access a smart card using SCard API (PC/SC)"; + homepage = "https://pcsclite.apdu.fr/"; + license = licenses.bsd3; + platforms = with platforms; unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pcsclite/no-dropdir-literals.patch b/nixpkgs/pkgs/tools/security/pcsclite/no-dropdir-literals.patch new file mode 100644 index 000000000000..4c6d5554d77a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsclite/no-dropdir-literals.patch @@ -0,0 +1,47 @@ +diff --git a/src/hotplug_libudev.c b/src/hotplug_libudev.c +index 51bd95f..84f959b 100644 +--- a/src/hotplug_libudev.c ++++ b/src/hotplug_libudev.c +@@ -120,7 +120,8 @@ static LONG HPReadBundleValues(void) + + if (NULL == hpDir) + { +- Log1(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_ERROR, "Disabling USB support for pcscd."); + return -1; + } +@@ -741,7 +742,7 @@ ULONG HPRegisterForHotplugEvents(void) + + if (driverSize <= 0) + { +- Log1(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: " ++ Log2(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: %s", + PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_INFO, "Disabling USB support for pcscd"); + return 0; +diff --git a/src/hotplug_libusb.c b/src/hotplug_libusb.c +index 0ada9f5..d49a407 100644 +--- a/src/hotplug_libusb.c ++++ b/src/hotplug_libusb.c +@@ -142,7 +142,8 @@ static LONG HPReadBundleValues(void) + + if (hpDir == NULL) + { +- Log1(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_ERROR, "Disabling USB support for pcscd."); + return -1; + } +@@ -282,7 +283,8 @@ static LONG HPReadBundleValues(void) + + if (driverSize == 0) + { +- Log1(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_INFO, "Disabling USB support for pcscd"); + } + #ifdef DEBUG_HOTPLUG diff --git a/nixpkgs/pkgs/tools/security/pcsctools/default.nix b/nixpkgs/pkgs/tools/security/pcsctools/default.nix new file mode 100644 index 000000000000..d5fe8c4faa44 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsctools/default.nix @@ -0,0 +1,54 @@ +{ stdenv +, lib +, fetchurl +, makeWrapper +, pkg-config +, systemd +, dbus +, pcsclite +, wget +, coreutils +, perlPackages +}: + +stdenv.mkDerivation rec { + pname = "pcsc-tools"; + version = "1.6.0"; + + src = fetchurl { + url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${pname}-${version}.tar.bz2"; + sha256 = "sha256-ZRyN10vLM9tMFpNc5dgN0apusgup1cS5YxoJgybvi58="; + }; + + postPatch = '' + substituteInPlace ATR_analysis \ + --replace /usr/local/pcsc /etc/pcsc \ + --replace /usr/share/pcsc $out/share/pcsc + ''; + + buildInputs = [ dbus perlPackages.perl pcsclite ] + ++ lib.optional stdenv.isLinux systemd; + + nativeBuildInputs = [ makeWrapper pkg-config ]; + + postInstall = '' + wrapProgram $out/bin/scriptor \ + --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl ]}" + wrapProgram $out/bin/gscriptor \ + --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl GlibObjectIntrospection Glib Gtk3 Pango Cairo CairoGObject ]}" + wrapProgram $out/bin/ATR_analysis \ + --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl ]}" + wrapProgram $out/bin/pcsc_scan \ + --prefix PATH : "$out/bin:${lib.makeBinPath [ coreutils wget ]}" + + install -Dm444 -t $out/share/pcsc smartcard_list.txt + ''; + + meta = with lib; { + description = "Tools used to test a PC/SC driver, card or reader"; + homepage = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ peterhoeg ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pdfcrack/default.nix b/nixpkgs/pkgs/tools/security/pdfcrack/default.nix new file mode 100644 index 000000000000..451cdd5591bd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pdfcrack/default.nix @@ -0,0 +1,23 @@ +{ stdenv, lib, fetchurl }: + +stdenv.mkDerivation rec { + pname = "pdfcrack"; + version = "0.19"; + + src = fetchurl { + url = "mirror://sourceforge/pdfcrack/pdfcrack/pdfcrack-${version}.tar.gz"; + sha256 = "1vf0l83xk627fg0a3b10wabgqxy08q4vbm0xjw9xzkdpk1lj059i"; + }; + + installPhase = '' + install -Dt $out/bin pdfcrack + ''; + + meta = with lib; { + homepage = "http://pdfcrack.sourceforge.net/"; + description = "Small command line driven tool for recovering passwords and content from PDF files"; + license = with licenses; [ gpl2 ]; + platforms = platforms.all; + maintainers = with maintainers; [ qoelet ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pgpdump/default.nix b/nixpkgs/pkgs/tools/security/pgpdump/default.nix new file mode 100644 index 000000000000..f6fade16b868 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pgpdump/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchFromGitHub +, supportCompressedPackets ? true, zlib, bzip2 +}: + +stdenv.mkDerivation rec { + pname = "pgpdump"; + version = "0.34"; + + src = fetchFromGitHub { + owner = "kazu-yamamoto"; + repo = "pgpdump"; + rev = "v${version}"; + sha256 = "1vvxhbz8nqzw9gf7cdmas2shzziznsqj84w6w74h8zzgb4m3byzz"; + }; + + buildInputs = lib.optionals supportCompressedPackets [ zlib bzip2 ]; + + meta = with lib; { + description = "A PGP packet visualizer"; + longDescription = '' + pgpdump is a PGP packet visualizer which displays the packet format of + OpenPGP (RFC 4880) and PGP version 2 (RFC 1991). + ''; + homepage = "http://www.mew.org/~kazu/proj/pgpdump/en/"; + license = licenses.bsd3; + platforms = platforms.unix; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix b/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix new file mode 100644 index 000000000000..7e8c87f6e82c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix @@ -0,0 +1,28 @@ +{ lib, stdenv, fetchurl, openssl, libssh2, gpgme }: + +stdenv.mkDerivation rec { + pname = "phrasendrescher"; + version = "1.2.2c"; + + src = fetchurl { + url = "http://leidecker.info/projects/${pname}/${pname}-${version}.tar.gz"; + sha256 = "18vg6h294219v14x5zqm8ddmq5amxlbz7pw81lcmpz8v678kwyph"; + }; + + postPatch = '' + substituteInPlace configure \ + --replace 'SSL_LIB="ssl"' 'SSL_LIB="crypto"' + ''; + + buildInputs = [ openssl libssh2 gpgme ]; + + configureFlags = [ "--with-plugins" ]; + + meta = with lib; { + description = "A modular and multi processing pass phrase cracking tool"; + homepage = "https://leidecker.info/projects/phrasendrescher/index.shtml"; + license = licenses.gpl2Plus; + platforms = platforms.all; + maintainers = with maintainers; [ bjornfor ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pinentry-bemenu/default.nix b/nixpkgs/pkgs/tools/security/pinentry-bemenu/default.nix new file mode 100644 index 000000000000..0cc3f9bcf047 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pinentry-bemenu/default.nix @@ -0,0 +1,25 @@ +{ lib, stdenv, fetchFromGitHub, meson, ninja, pkg-config, libassuan +, libgpg-error, popt, bemenu }: + +stdenv.mkDerivation rec { + pname = "pinentry-bemenu"; + version = "0.10.0"; + + src = fetchFromGitHub { + owner = "t-8ch"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-2Q8hN7AbuGqm7pfNHlJlSi1Op/OpJBun/AIDhUDnGvU="; + }; + + nativeBuildInputs = [ meson ninja pkg-config ]; + buildInputs = [ libassuan libgpg-error popt bemenu ]; + + meta = with lib; { + description = "Pinentry implementation based on bemenu"; + homepage = "https://github.com/t-8ch/pinentry-bemenu"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ jc ]; + platforms = with platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pinentry/autoconf-ar.patch b/nixpkgs/pkgs/tools/security/pinentry/autoconf-ar.patch new file mode 100644 index 000000000000..6f531cfce325 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pinentry/autoconf-ar.patch @@ -0,0 +1,35 @@ +diff -ur a/configure.ac b/configure.ac +--- a/configure.ac 2019-09-14 11:30:11.584847746 +0000 ++++ b/configure.ac 2019-09-14 11:31:26.692355265 +0000 +@@ -81,6 +81,7 @@ + AC_PROG_CPP + AC_PROG_INSTALL + AC_PROG_RANLIB ++AC_CHECK_TOOL(AR, ar) + # We need to check for cplusplus here because we may not do the test + # for Qt and autoconf does does not allow that. + AC_PROG_CXX +diff -ur a/pinentry/Makefile.in b/pinentry/Makefile.in +--- a/pinentry/Makefile.in 2017-12-03 17:43:23.000000000 +0000 ++++ b/pinentry/Makefile.in 2019-09-14 11:32:02.532000236 +0000 +@@ -113,7 +113,7 @@ + CONFIG_CLEAN_FILES = + CONFIG_CLEAN_VPATH_FILES = + LIBRARIES = $(noinst_LIBRARIES) +-AR = ar ++AR = @AR@ + ARFLAGS = cru + AM_V_AR = $(am__v_AR_@AM_V@) + am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@) +diff -ur a/secmem/Makefile.in b/secmem/Makefile.in +--- a/secmem/Makefile.in 2017-12-03 17:43:23.000000000 +0000 ++++ b/secmem/Makefile.in 2019-09-14 11:31:58.764934552 +0000 +@@ -113,7 +113,7 @@ + CONFIG_CLEAN_FILES = + CONFIG_CLEAN_VPATH_FILES = + LIBRARIES = $(noinst_LIBRARIES) +-AR = ar ++AR = @AR@ + ARFLAGS = cru + AM_V_AR = $(am__v_AR_@AM_V@) + am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@) diff --git a/nixpkgs/pkgs/tools/security/pinentry/default.nix b/nixpkgs/pkgs/tools/security/pinentry/default.nix new file mode 100644 index 000000000000..ca9a5862cc59 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pinentry/default.nix @@ -0,0 +1,112 @@ +{ fetchurl, mkDerivation, fetchpatch, stdenv, lib, pkg-config, autoreconfHook, wrapGAppsHook +, libgpg-error, libassuan, qtbase, wrapQtAppsHook +, ncurses, gtk2, gcr, libcap, libsecret +, enabledFlavors ? [ "curses" "tty" "gtk2" "emacs" ] + ++ lib.optionals stdenv.isLinux [ "gnome3" ] + ++ lib.optionals (!stdenv.isDarwin) [ "qt" ] +}: + +with lib; + +assert isList enabledFlavors && enabledFlavors != []; + +let + pinentryMkDerivation = + if (builtins.elem "qt" enabledFlavors) + then mkDerivation + else stdenv.mkDerivation; + + mkFlag = pfxTrue: pfxFalse: cond: name: + "--${if cond then pfxTrue else pfxFalse}-${name}"; + mkEnable = mkFlag "enable" "disable"; + mkWith = mkFlag "with" "without"; + + mkEnablePinentry = f: + let + info = flavorInfo.${f}; + flag = flavorInfo.${f}.flag or null; + in + optionalString (flag != null) + (mkEnable (elem f enabledFlavors) ("pinentry-" + flag)); + + flavorInfo = { + curses = { bin = "curses"; flag = "curses"; buildInputs = [ ncurses ]; }; + tty = { bin = "tty"; flag = "tty"; }; + gtk2 = { bin = "gtk-2"; flag = "gtk2"; buildInputs = [ gtk2 ]; }; + gnome3 = { bin = "gnome3"; flag = "gnome3"; buildInputs = [ gcr ]; nativeBuildInputs = [ wrapGAppsHook ]; }; + qt = { bin = "qt"; flag = "qt"; buildInputs = [ qtbase ]; nativeBuildInputs = [ wrapQtAppsHook ]; }; + emacs = { bin = "emacs"; flag = "emacs"; buildInputs = []; }; + }; + +in + +pinentryMkDerivation rec { + pname = "pinentry"; + version = "1.2.0"; + + src = fetchurl { + url = "mirror://gnupg/pinentry/${pname}-${version}.tar.bz2"; + sha256 = "sha256-EAcgRaPgQ9BYH5HNVnb8rH/+6VehZjat7apPWDphZHA="; + }; + + nativeBuildInputs = [ pkg-config autoreconfHook ] + ++ concatMap(f: flavorInfo.${f}.nativeBuildInputs or []) enabledFlavors; + buildInputs = [ libgpg-error libassuan libsecret ] + ++ lib.optional (!stdenv.isDarwin) libcap + ++ concatMap(f: flavorInfo.${f}.buildInputs or []) enabledFlavors; + + dontWrapGApps = true; + dontWrapQtApps = true; + + patches = [ + ./autoconf-ar.patch + + # Fix floating behaviour of Qt windows. + (fetchpatch { + url = "https://dev.gnupg.org/D549?download=true"; + sha256 = "sha256-je1ee1LcNrDeQ04wMt33cQqucxhlb1B1SCtmnd8wYSU="; + extraPrefix = ""; + }) + ] ++ optionals (elem "gtk2" enabledFlavors) [ + (fetchpatch { + url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch"; + sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd"; + }) + ]; + + configureFlags = [ + (mkWith (libcap != null) "libcap") + (mkEnable (libsecret != null) "libsecret") + ] ++ (map mkEnablePinentry (attrNames flavorInfo)); + + postInstall = + concatStrings (flip map enabledFlavors (f: + let + binary = "pinentry-" + flavorInfo.${f}.bin; + in '' + moveToOutput bin/${binary} ${placeholder f} + ln -sf ${placeholder f}/bin/${binary} ${placeholder f}/bin/pinentry + '' + optionalString (f == "gnome3") '' + wrapGApp ${placeholder f}/bin/${binary} + '' + optionalString (f == "qt") '' + wrapQtApp ${placeholder f}/bin/${binary} + '')) + '' + ln -sf ${placeholder (head enabledFlavors)}/bin/pinentry-${flavorInfo.${head enabledFlavors}.bin} $out/bin/pinentry + ''; + + outputs = [ "out" ] ++ enabledFlavors; + + passthru = { flavors = enabledFlavors; }; + + meta = with lib; { + homepage = "http://gnupg.org/aegypten2/"; + description = "GnuPG’s interface to passphrase input"; + license = licenses.gpl2Plus; + platforms = platforms.all; + longDescription = '' + Pinentry provides a console and (optional) GTK and Qt GUIs allowing users + to enter a passphrase when `gpg' or `gpg2' is run and needs it. + ''; + maintainers = with maintainers; [ ttuegel fpletz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pinentry/mac.nix b/nixpkgs/pkgs/tools/security/pinentry/mac.nix new file mode 100644 index 000000000000..27917ffbbf17 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pinentry/mac.nix @@ -0,0 +1,38 @@ +{ lib, stdenv, fetchFromGitHub, xcbuildHook, libiconv, ncurses, Cocoa }: + +stdenv.mkDerivation { + pname = "pinentry-mac"; + version = "0.9.4"; + + src = fetchFromGitHub { + owner = "matthewbauer"; + repo = "pinentry-mac"; + rev = "6dfef256c8ea32d642fea847f27d800f024cf51e"; + sha256 = "0g75302697gqcxyf2hyqzvcbd5pyss1bl2xvfd40wqav7dlyvj83"; + }; + + nativeBuildInputs = [ xcbuildHook ]; + buildInputs = [ libiconv ncurses Cocoa ]; + + preBuild = '' + # Only build for what we care about (also allows arm64) + substituteInPlace pinentry-mac.xcodeproj/project.pbxproj \ + --replace "i386 x86_64 ppc" "${stdenv.targetPlatform.darwinArch}" + ''; + + installPhase = '' + mkdir -p $out/Applications + mv Products/Release/pinentry-mac.app $out/Applications + ''; + + passthru = { + binaryPath = "Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac"; + }; + + meta = { + description = "Pinentry for GPG on Mac"; + license = lib.licenses.gpl2Plus; + homepage = "https://github.com/GPGTools/pinentry-mac"; + platforms = lib.platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pius/default.nix b/nixpkgs/pkgs/tools/security/pius/default.nix new file mode 100644 index 000000000000..3612caa196c2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pius/default.nix @@ -0,0 +1,41 @@ +{ fetchFromGitHub, lib, python3Packages, gnupg, perl }: + +let version = "3.0.0"; in +python3Packages.buildPythonApplication { + pname = "pius"; + namePrefix = ""; + inherit version; + + src = fetchFromGitHub { + owner = "jaymzh"; + repo = "pius"; + rev = "v${version}"; + sha256 = "0l87dx7n6iwy8alxnhvval8h1kl4da6a59hsilbi65c6bpj4dh3y"; + }; + + patchPhase = '' + for file in libpius/constants.py pius-keyring-mgr; do + sed -i "$file" -E -e's|/usr/bin/gpg2?|${gnupg}/bin/gpg|g' + done + ''; + + buildInputs = [ perl ]; + + meta = { + homepage = "https://www.phildev.net/pius/"; + + description = "PGP Individual UID Signer (PIUS), quickly and easily sign UIDs on a set of PGP keys"; + + longDescription = + '' This software will allow you to quickly and easily sign each UID on + a set of PGP keys. It is designed to take the pain out of the + sign-all-the-keys part of PGP Keysigning Party while adding security + to the process. + ''; + + license = lib.licenses.gpl2; + + platforms = lib.platforms.gnu ++ lib.platforms.linux; + maintainers = with lib.maintainers; [ kierdavis ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/plasma-pass/default.nix b/nixpkgs/pkgs/tools/security/plasma-pass/default.nix new file mode 100644 index 000000000000..20f64b725f11 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/plasma-pass/default.nix @@ -0,0 +1,41 @@ +{ mkDerivation, lib, fetchFromGitLab, cmake, extra-cmake-modules +, ki18n +, kitemmodels +, oathToolkit +, qgpgme +, plasma-framework +, qt5 }: + +mkDerivation rec { + pname = "plasma-pass"; + version = "1.2.0"; + + src = fetchFromGitLab { + domain = "invent.kde.org"; + owner = "plasma"; + repo = "plasma-pass"; + rev = "v${version}"; + sha256 = "1w2mzxyrh17x7da62b6sg1n85vnh1q77wlrfxwfb1pk77y59rlf1"; + }; + + buildInputs = [ + ki18n + kitemmodels + oathToolkit + qgpgme + plasma-framework + qt5.qtbase + qt5.qtdeclarative + ]; + + nativeBuildInputs = [ cmake extra-cmake-modules ]; + + meta = with lib; { + description = "A Plasma applet to access passwords from pass, the standard UNIX password manager"; + homepage = "https://invent.kde.org/plasma/plasma-pass"; + license = licenses.lgpl21Plus; + maintainers = with maintainers; [ matthiasbeyer ]; + platforms = platforms.unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/polkit-gnome/default.nix b/nixpkgs/pkgs/tools/security/polkit-gnome/default.nix new file mode 100644 index 000000000000..e0d57d9bde23 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/polkit-gnome/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchurl, polkit, gtk3, pkg-config, intltool }: +stdenv.mkDerivation rec { + pname = "polkit-gnome"; + version = "0.105"; + + src = fetchurl { + url = "mirror://gnome/sources/polkit-gnome/${version}/${pname}-${version}.tar.xz"; + sha256 = "0sckmcbxyj6sbrnfc5p5lnw27ccghsid6v6wxq09mgxqcd4lk10p"; + }; + + buildInputs = [ polkit gtk3 ]; + nativeBuildInputs = [ pkg-config intltool ]; + + configureFlags = [ "--disable-introspection" ]; + + # Desktop file from Debian + postInstall = '' + mkdir -p $out/etc/xdg/autostart + substituteAll ${./polkit-gnome-authentication-agent-1.desktop} $out/etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop + ''; + + meta = { + homepage = "https://gitlab.gnome.org/Archive/policykit-gnome"; + description = "A dbus session bus service that is used to bring up authentication dialogs"; + license = lib.licenses.lgpl2Plus; + maintainers = with lib.maintainers; [ ]; + platforms = lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop b/nixpkgs/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop new file mode 100644 index 000000000000..5ddda50cb015 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop @@ -0,0 +1,88 @@ +[Desktop Entry] +Name=PolicyKit Authentication Agent +Name[ar]=مدير الاستيثاق PolicyKit +Name[be]=PolicyKit - аґент аўтэнтыфікацыі +Name[bn_IN]=PolicyKit অনুমোদনের এজেন্ট +Name[ca]=Agent d'autenticació del PolicyKit +Name[cs]=Ověřovací agent PolicyKit +Name[da]=Godkendelsesprogrammet PolicyKit +Name[de]=Legitimationsdienst von PolicyKit +Name[el]=Πράκτορας πιστοποίησης PolicyKit +Name[en_GB]=PolicyKit Authentication Agent +Name[es]=Agente de autenticación de PolicyKit +Name[eu]=PolicyKit autentifikatzeko agentea +Name[fi]=PolicytKit-tunnistautumisohjelma +Name[fr]=Agent d'authentification de PolicyKit +Name[gl]=Axente de autenticación PolicyKit +Name[gu]=PolicyKit સત્તાધિકરણ એજન્ટ +Name[hi]=PolicyKit प्रमाणीकरण प्रतिनिधि +Name[hu]=PolicyKit hitelesítési ügynök +Name[it]=Agente di autenticazione per PolicyKit +Name[ja]=PolicyKit 認証エージェント +Name[kn]=PolicyKit ದೃಢೀಕರಣ ಮಧ್ಯವರ್ತಿ +Name[lt]=PolicyKit tapatybės nustatymo agentas +Name[ml]=പോളിസിക്കിറ്റ് ഓഥന്റിക്കേഷന് ഏജന്റ് +Name[mr]=PolicyKit ऑथेंटीकेशन एजेंट +Name[or]=PolicyKit ବୈଧିକରଣ ସଦସ୍ୟ +Name[pa]=ਪਾਲਸੀਕਿੱਟ ਪਰਮਾਣਕਿਤਾ ਏਜੰਟ +Name[pl]=Agent uwierzytelniania PolicyKit +Name[pt]=Agente de Autenticação PolicyKit +Name[pt_BR]=Agente de autenticação PolicyKit +Name[ro]=Agent de autentificare PolicyKit +Name[sk]=Agent PolicyKit na overovanie totožnosti +Name[sl]=PolicyKit program overjanja +Name[sv]=Autentiseringsagent för PolicyKit +Name[ta]=PolicyKit அங்கீகார முகவர் +Name[te]=పాలసీకిట్ ధృవీకరణ ప్రతినిధి +Name[th]=ตัวกลางสำหรับยืนยันตัวบุคคล PolicyKit +Name[uk]=Агент автентифікації PolicyKit +Name[zh_CN]=PolicyKit 认证代理 +Name[zh_HK]=PolicyKit 驗證代理程式 +Name[zh_TW]=PolicyKit 驗證代理程式 +Comment=PolicyKit Authentication Agent +Comment[ar]=مدير الاستيثاق PolicyKit +Comment[be]=PolicyKit - аґент аўтэнтыфікацыі +Comment[bn_IN]=PolicyKit অনুমোদনের এজেন্ট +Comment[ca]=Agent d'autenticació del PolicyKit +Comment[cs]=Ověřovací agent PolicyKit +Comment[da]=Godkendelsesprogrammet PolicyKit +Comment[de]=Legitimationsdienst von PolicyKit +Comment[el]=Πράκτορας πιστοποίησης PolicyKit +Comment[en_GB]=PolicyKit Authentication Agent +Comment[es]=Agente de autenticación de PolicyKit +Comment[eu]=PolicyKit autentifikatzeko agentea +Comment[fi]=PolicytKit-tunnistautumisohjelma +Comment[fr]=Agent d'authentification de PolicyKit +Comment[gl]=Axente de autenticación PolicyKit +Comment[gu]=PolicyKit સત્તાધિકરણ એજન્ટ +Comment[hi]=PolicyKit प्रमाणीकरण प्रतिनिधि +Comment[hu]=PolicyKit hitelesítési ügynök +Comment[it]=Agente di autenticazione per PolicyKit +Comment[ja]=PolicyKit 認証エージェント +Comment[kn]=PolicyKit ದೃಢೀಕರಣ ಮಧ್ಯವರ್ತಿ +Comment[lt]=PolicyKit tapatybės nustatymo agentas +Comment[ml]=പോളിസിക്കിറ്റ് ഓഥന്റിക്കേഷന് ഏജന്റ് +Comment[mr]=PolicyKit ऑथेंटीकेशन एजेंट +Comment[or]=PolicyKit ବୈଧିକରଣ ସଦସ୍ୟ +Comment[pa]=ਪਾਲਸੀਕਿੱਟ ਪਰਮਾਣਕਿਤਾ ਏਜੰਟ +Comment[pl]=Agent uwierzytelniania PolicyKit +Comment[pt]=Agente de Autenticação PolicyKit +Comment[pt_BR]=Agente de autenticação PolicyKit +Comment[ro]=Agent de autentificare PolicyKit +Comment[sk]=Agent PolicyKit na overovanie totožnosti +Comment[sl]=PolicyKit program overjanja +Comment[sv]=Autentiseringsagent för PolicyKit +Comment[ta]=PolicyKit அங்கீகார முகவர் +Comment[te]=పాలసీకిట్ ధృవీకరణ ప్రతినిధి +Comment[th]=ตัวกลางสำหรับยืนยันตัวบุคคล PolicyKit +Comment[uk]=Агент автентифікації PolicyKit +Comment[zh_CN]=PolicyKit 认证代理 +Comment[zh_HK]=PolicyKit 驗證代理程式 +Comment[zh_TW]=PolicyKit 驗證代理程式 +Exec=@out@/libexec/polkit-gnome-authentication-agent-1 +Terminal=false +Type=Application +Categories= +NoDisplay=true +OnlyShowIn=GNOME;XFCE;Unity; +AutostartCondition=GNOME3 unless-session gnome diff --git a/nixpkgs/pkgs/tools/security/proxmark3/default.nix b/nixpkgs/pkgs/tools/security/proxmark3/default.nix new file mode 100644 index 000000000000..b52e7279fa98 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/proxmark3/default.nix @@ -0,0 +1,61 @@ +{ lib, stdenv, fetchFromGitHub, pkg-config, ncurses, readline, pcsclite, qt5 +, gcc-arm-embedded }: + +let + generic = { pname, version, rev, sha256 }: + stdenv.mkDerivation rec { + inherit pname version; + + src = fetchFromGitHub { + owner = "Proxmark"; + repo = "proxmark3"; + inherit rev sha256; + }; + + nativeBuildInputs = [ pkg-config gcc-arm-embedded ]; + buildInputs = [ ncurses readline pcsclite qt5.qtbase ]; + + dontWrapQtApps = true; + + postPatch = '' + substituteInPlace client/Makefile --replace '-ltermcap' ' ' + substituteInPlace liblua/Makefile --replace '-ltermcap' ' ' + substituteInPlace client/flasher.c \ + --replace 'armsrc/obj/fullimage.elf' \ + '${placeholder "out"}/firmware/fullimage.elf' + ''; + + buildPhase = '' + make bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf client + ''; + + installPhase = '' + install -Dt $out/bin client/proxmark3 + install -T client/flasher $out/bin/proxmark3-flasher + install -Dt $out/firmware bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf + ''; + + meta = with lib; { + description = "Client for proxmark3, powerful general purpose RFID tool"; + homepage = "http://www.proxmark.org"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ fpletz ]; + }; + }; +in + +{ + proxmark3 = generic rec { + pname = "proxmark3"; + version = "3.1.0"; + rev = "v${version}"; + sha256 = "1qw28n1bhhl91ix77lv50qcr919fq3hjc8zhhqphwxal2svgx2jf"; + }; + + proxmark3-unstable = generic { + pname = "proxmark3-unstable"; + version = "2019-12-28"; + rev = "a4ff62be63ca2a81071e9aa2b882bd3ff57f13ad"; + sha256 = "067lp28xqx61n3i2a2fy489r5frwxqrcfj8cpv3xdzi3gb3vk5c3"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/proxmark3/proxmark3-rrg.nix b/nixpkgs/pkgs/tools/security/proxmark3/proxmark3-rrg.nix new file mode 100644 index 000000000000..c473ccf02a5c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/proxmark3/proxmark3-rrg.nix @@ -0,0 +1,38 @@ +{ lib, mkDerivation, fetchFromGitHub, pkg-config, gcc-arm-embedded, bluez5 +, readline + +, hardwarePlatform ? "PM3RDV4" + +, hardwarePlatformExtras ? "" }: + +mkDerivation rec { + pname = "proxmark3-rrg"; + version = "4.14831"; + + src = fetchFromGitHub { + owner = "RfidResearchGroup"; + repo = "proxmark3"; + rev = "v${version}"; + sha256 = "sha256-s0D04V6vlGW7SVkJwzMKaVfXQoT3Wi0lu7RC61Es89A="; + }; + + nativeBuildInputs = [ pkg-config gcc-arm-embedded ]; + buildInputs = [ bluez5 readline ]; + + makeFlags = [ + "PLATFORM=${hardwarePlatform}" + "PLATFORM_EXTRAS=${hardwarePlatformExtras}" + ]; + + installPhase = '' + install -Dt $out/bin client/proxmark3 + install -Dt $out/firmware bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf + ''; + + meta = with lib; { + description = "Client for proxmark3, powerful general purpose RFID tool"; + homepage = "https://rfidresearchgroup.com/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ nyanotech ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/prs/default.nix b/nixpkgs/pkgs/tools/security/prs/default.nix new file mode 100644 index 000000000000..5a020dde9cc4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/prs/default.nix @@ -0,0 +1,63 @@ +{ lib +, rustPlatform +, fetchFromGitLab +, installShellFiles +, pkg-config +, python3 +, dbus +, glib +, gpgme +, gtk3 +, libxcb +, libxkbcommon +}: + +rustPlatform.buildRustPackage rec { + pname = "prs"; + version = "0.3.2"; + + src = fetchFromGitLab { + owner = "timvisee"; + repo = "prs"; + rev = "v${version}"; + sha256 = "sha256-90Ed/mafACSJvH+DjCbdXs3eeyT+pGflRzDD9l3b0/s="; + }; + + cargoSha256 = "sha256-5teiF8s11Ml8UtbVn6fXur2OQzE52JZnsgyDihbEFTQ="; + + postPatch = '' + # The GPGME backend is recommended + for f in "gtk3/Cargo.toml" "cli/Cargo.toml"; do + substituteInPlace "$f" --replace \ + 'default = ["backend-gnupg-bin"' 'default = ["backend-gpgme"' + done + ''; + + nativeBuildInputs = [ gpgme installShellFiles pkg-config python3 ]; + + buildInputs = [ + dbus + glib + gpgme + gtk3 + libxcb + libxkbcommon + ]; + + postInstall = '' + for shell in bash fish zsh; do + installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) + done + ''; + + meta = with lib; { + description = "Secure, fast & convenient password manager CLI using GPG and git to sync"; + homepage = "https://gitlab.com/timvisee/prs"; + changelog = "https://gitlab.com/timvisee/prs/-/blob/v${version}/CHANGELOG.md"; + license = with licenses; [ + lgpl3Only # lib + gpl3Only # everything else + ]; + maintainers = with maintainers; [ dotlambda ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pwdsafety/default.nix b/nixpkgs/pkgs/tools/security/pwdsafety/default.nix new file mode 100644 index 000000000000..2a6ed328e49e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pwdsafety/default.nix @@ -0,0 +1,25 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "pwdsafety"; + version = "0.1.4"; + + src = fetchFromGitHub { + owner = "edoardottt"; + repo = pname; + rev = "v${version}"; + sha256 = "1qnkabgc2924qg9x1ij51jq7lnxzcj1ygdp3x4mzi9gl532i191w"; + }; + + vendorSha256 = "0avm4zwwqv476yrraaf5xkc1lac0mwnmzav5wckifws6r4x3xrsb"; + + meta = with lib; { + description = "Command line tool checking password safety"; + homepage = "https://github.com/edoardottt/pwdsafety"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pwgen-secure/default.nix b/nixpkgs/pkgs/tools/security/pwgen-secure/default.nix new file mode 100644 index 000000000000..c3141676b370 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pwgen-secure/default.nix @@ -0,0 +1,36 @@ +{ lib, python3Packages, fetchFromGitHub }: + +with python3Packages; + +buildPythonApplication rec { + pname = "pwgen-secure"; + version = "0.9.1"; + + # it needs `secrets` which was introduced in 3.6 + disabled = pythonOlder "3.6"; + + # GH is newer than Pypi and contains both library *and* the actual program + # whereas Pypi only has the library + src = fetchFromGitHub { + owner = "mjmunger"; + repo = "pwgen_secure"; + rev = "v${version}"; + sha256 = "15md5606hzy1xfhj2lxmc0nvynyrcs4vxa5jdi34kfm31rdklj28"; + }; + + propagatedBuildInputs = [ docopt ]; + + postInstall = '' + install -Dm755 spwgen.py $out/bin/spwgen + ''; + + # there are no checks + doCheck = false; + + meta = with lib; { + description = "Secure password generation library to replace pwgen"; + homepage = "https://github.com/mjmunger/pwgen_secure/"; + license = licenses.mit; + maintainers = with maintainers; [ peterhoeg ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pwgen/default.nix b/nixpkgs/pkgs/tools/security/pwgen/default.nix new file mode 100644 index 000000000000..7870add420b0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pwgen/default.nix @@ -0,0 +1,29 @@ +{ lib +, stdenv +, autoreconfHook +, fetchFromGitHub +}: + +stdenv.mkDerivation rec { + pname = "pwgen"; + version = "2.08"; + + src = fetchFromGitHub { + owner = "tytso"; + repo = pname; + rev = "v${version}"; + sha256 = "1j6c6m9fcy24jn8mk989x49yk765xb26lpr8yhpiaqk206wlss2z"; + }; + + nativeBuildInputs = [ + autoreconfHook + ]; + + meta = with lib; { + description = "Password generator which creates passwords which can be easily memorized by a human"; + homepage = "https://github.com/tytso/pwgen"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ fab ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pwncat/default.nix b/nixpkgs/pkgs/tools/security/pwncat/default.nix new file mode 100644 index 000000000000..398132c4cee7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pwncat/default.nix @@ -0,0 +1,24 @@ +{ lib +, buildPythonApplication +, fetchPypi +}: + +buildPythonApplication rec { + pname = "pwncat"; + version = "0.1.2"; + + src = fetchPypi { + inherit pname version; + sha256 = "1230fdn5mx3wwr3a3nn6z2vwh973n248m11hnx9y3fjq7bgpky67"; + }; + + # Tests requires to start containers + doCheck = false; + + meta = with lib; { + description = "TCP/UDP communication suite"; + homepage = "https://pwncat.org/"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pynitrokey/default.nix b/nixpkgs/pkgs/tools/security/pynitrokey/default.nix new file mode 100644 index 000000000000..b50550e74368 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pynitrokey/default.nix @@ -0,0 +1,44 @@ +{ python3Packages, lib }: + +with python3Packages; + +buildPythonApplication rec { + pname = "pynitrokey"; + version = "0.4.9"; + format = "flit"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-mhH6mVgLRX87PSGTFkj1TE75jU1lwcaRZWbC67T+vWo="; + }; + + propagatedBuildInputs = [ + click + cryptography + ecdsa + fido2 + intelhex + pyserial + pyusb + requests + pygments + python-dateutil + urllib3 + cffi + cbor + nkdfu + ]; + + # no tests + doCheck = false; + + pythonImportsCheck = [ "pynitrokey" ]; + + meta = with lib; { + description = "Python client for Nitrokey devices"; + homepage = "https://github.com/Nitrokey/pynitrokey"; + license = with licenses; [ asl20 mit ]; + maintainers = with maintainers; [ frogamic ]; + mainProgram = "nitropy"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/qdigidoc/default.nix b/nixpkgs/pkgs/tools/security/qdigidoc/default.nix new file mode 100644 index 000000000000..b47a2455b672 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/qdigidoc/default.nix @@ -0,0 +1,50 @@ +{ lib, mkDerivation, fetchurl, cmake, darkhttpd, gettext, makeWrapper +, pkg-config, libdigidocpp, opensc, openldap, openssl, pcsclite, qtbase +, qttranslations, qtsvg }: + +mkDerivation rec { + pname = "qdigidoc"; + version = "4.2.9"; + + src = fetchurl { + url = + "https://github.com/open-eid/DigiDoc4-Client/releases/download/v${version}/qdigidoc4-${version}.tar.gz"; + sha256 = "1rhd3mvj6ld16zgfscj81f1vhs2nvifsizky509l1av7dsjfbbzr"; + }; + + tsl = fetchurl { + url = "https://ec.europa.eu/tools/lotl/eu-lotl-pivot-300.xml"; + sha256 = "1cikz36w9phgczcqnwk4k3mx3kk919wy2327jksmfa4cjfjq4a8d"; + }; + + nativeBuildInputs = [ cmake darkhttpd gettext makeWrapper pkg-config ]; + + postPatch = '' + substituteInPlace client/CMakeLists.txt \ + --replace $\{TSL_URL} file://${tsl} + ''; + + buildInputs = [ + libdigidocpp + opensc + openldap + openssl + pcsclite + qtbase + qtsvg + qttranslations + ]; + + postInstall = '' + wrapProgram $out/bin/qdigidoc4 \ + --prefix LD_LIBRARY_PATH : ${opensc}/lib/pkcs11/ + ''; + + meta = with lib; { + description = "Qt-based UI for signing and verifying DigiDoc documents"; + homepage = "https://www.id.ee/"; + license = licenses.lgpl21Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ mmahut yana ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/quark-engine/default.nix b/nixpkgs/pkgs/tools/security/quark-engine/default.nix new file mode 100644 index 000000000000..4db3ce4167f3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/quark-engine/default.nix @@ -0,0 +1,51 @@ +{ lib +, fetchFromGitHub +, gitMinimal +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "quark-engine"; + version = "21.10.2"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + sha256 = "0992wsy3plxpcqmq8cnnl0by1vkmkfb4lq2vb5rsj89wj900ci2n"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + androguard + click + colorama + gitMinimal + graphviz + pandas + plotly + prettytable + prompt-toolkit + rzpipe + tqdm + ]; + + postPatch = '' + substituteInPlace setup.py \ + --replace "prompt-toolkit==3.0.19" "prompt-toolkit>=3.0.19" + ''; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "quark" + ]; + + meta = with lib; { + description = "Android malware (analysis and scoring) system"; + homepage = "https://quark-engine.readthedocs.io/"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/quill-qr/default.nix b/nixpkgs/pkgs/tools/security/quill-qr/default.nix new file mode 100644 index 000000000000..55c2f45cc683 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/quill-qr/default.nix @@ -0,0 +1,45 @@ +{ coreutils +, fetchFromGitHub +, gzip +, jq +, lib +, makeWrapper +, qrencode +, stdenvNoCC +}: + +stdenvNoCC.mkDerivation rec { + pname = "quill-qr"; + version = "0.1.0"; + + src = fetchFromGitHub { + owner = "IvanMalison"; + repo = "quill-qr"; + rev = "v${version}"; + sha256 = "1kdsq6csmxfvs2wy31bc9r92l5pkmzlzkyqrangvrf4pbk3sk0r6"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin + cp -a quill-qr.sh $out/bin/quill-qr.sh + patchShebangs $out/bin + + wrapProgram $out/bin/quill-qr.sh --prefix PATH : "${lib.makeBinPath [ + qrencode + coreutils + jq + gzip + ]}" + ''; + + meta = with lib; { + description = "Print QR codes for use with https://p5deo-6aaaa-aaaab-aaaxq-cai.raw.ic0.app/"; + homepage = "https://github.com/IvanMalison/quill-qr"; + maintainers = with maintainers; [ imalison ]; + platforms = with platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/quill/default.nix b/nixpkgs/pkgs/tools/security/quill/default.nix new file mode 100644 index 000000000000..9cf0f2f0c09c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/quill/default.nix @@ -0,0 +1,46 @@ +{ lib, stdenv, rustPlatform, fetchFromGitHub, openssl, Security, libiconv, pkg-config, protobuf, which, buildPackages }: + +rustPlatform.buildRustPackage rec { + pname = "quill"; + version = "0.2.7"; + + src = fetchFromGitHub { + owner = "dfinity"; + repo = "quill"; + rev = "v${version}"; + sha256 = "sha256-3OlsCRpxRDKlfC0sa9MlFCupyRbDuqJQzDb9SQob1O0="; + }; + + ic = fetchFromGitHub { + owner = "dfinity"; + repo = "ic"; + rev = "779549eccfcf61ac702dfc2ee6d76ffdc2db1f7f"; + sha256 = "1r31d5hab7k1n60a7y8fw79fjgfq04cgj9krwa6r9z4isi3919v6"; + }; + + registry = "file://local-registry"; + + preBuild = '' + export REGISTRY_TRANSPORT_PROTO_INCLUDES=${ic}/rs/registry/transport/proto + export IC_BASE_TYPES_PROTO_INCLUDES=${ic}/rs/types/base_types/proto + export IC_PROTOBUF_PROTO_INCLUDES=${ic}/rs/protobuf/def + export IC_NNS_COMMON_PROTO_INCLUDES=${ic}/rs/nns/common/proto + export PROTOC=${buildPackages.protobuf}/bin/protoc + export OPENSSL_DIR=${openssl.dev} + export OPENSSL_LIB_DIR=${openssl.out}/lib + ''; + + cargoSha256 = "sha256-YxuBABGaZ+ti31seEYR6bB+OMgrSvl1lZyu4bqdxPIk="; + + nativeBuildInputs = [ pkg-config protobuf ]; + buildInputs = [ openssl ] + ++ lib.optionals stdenv.isDarwin [ Security libiconv ]; + + meta = with lib; { + homepage = "https://github.com/dfinity/quill"; + changelog = "https://github.com/dfinity/quill/releases/tag/v${version}"; + description = "Minimalistic ledger and governance toolkit for cold wallets on the Internet Computer."; + license = licenses.asl20; + maintainers = with maintainers; [ imalison ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/radamsa/default.nix b/nixpkgs/pkgs/tools/security/radamsa/default.nix new file mode 100644 index 000000000000..2ddbc4034926 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/radamsa/default.nix @@ -0,0 +1,43 @@ +{ lib, stdenv, fetchurl, fetchFromGitLab, bash }: + +let + # Fetch explicitly, otherwise build will try to do so + owl = fetchurl { + name = "ol.c.gz"; + url = "https://gitlab.com/owl-lisp/owl/uploads/0d0730b500976348d1e66b4a1756cdc3/ol-0.1.19.c.gz"; + sha256 = "0kdmzf60nbpvdn8j3l51i9lhcwfi4aw1zj4lhbp4adyg8n8pp4c6"; + }; +in +stdenv.mkDerivation rec { + pname = "radamsa"; + version = "0.6"; + + src = fetchFromGitLab { + owner = "akihe"; + repo = pname; + rev = "v${version}"; + sha256 = "0mi1mwvfnlpblrbmp0rcyf5p74m771z6nrbsly6cajyn4mlpmbaq"; + }; + + patchPhase = '' + substituteInPlace ./tests/bd.sh \ + --replace "/bin/echo" echo + + ln -s ${owl} ol.c.gz + + patchShebangs tests + ''; + + makeFlags = [ "PREFIX=${placeholder "out"}" "BINDIR=" ]; + + checkInputs = [ bash ]; + doCheck = true; + + meta = { + description = "A general purpose fuzzer"; + longDescription = "Radamsa is a general purpose data fuzzer. It reads data from given sample files, or standard input if none are given, and outputs modified data. It is usually used to generate malformed data for testing programs."; + homepage = "https://gitlab.com/akihe/radamsa"; + maintainers = [ lib.maintainers.markWot ]; + platforms = lib.platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rage/default.nix b/nixpkgs/pkgs/tools/security/rage/default.nix new file mode 100644 index 000000000000..589a56adc329 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rage/default.nix @@ -0,0 +1,45 @@ +{ lib, stdenv, rustPlatform, fetchFromGitHub, installShellFiles +, Foundation, Security, libiconv }: + +rustPlatform.buildRustPackage rec { + pname = "rage"; + version = "0.7.1"; + + src = fetchFromGitHub { + owner = "str4d"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-0OQnYc1IWYscvSw5YZH54Fh8cBasLlcVqrQcQ4MAsU8="; + }; + + cargoSha256 = "sha256-31s70pgEQDw3uifmhv1iWQuzKQVc2q+f76PPnGKIYdc="; + + nativeBuildInputs = [ installShellFiles ]; + + buildInputs = lib.optionals stdenv.isDarwin [ + Foundation + Security + libiconv + ]; + + # cargo test has an x86-only dependency + doCheck = stdenv.hostPlatform.isx86; + + postBuild = '' + cargo run --example generate-docs + cargo run --example generate-completions + ''; + + postInstall = '' + installManPage target/manpages/* + installShellCompletion target/completions/*.{bash,fish,zsh} + ''; + + meta = with lib; { + description = "A simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability"; + homepage = "https://github.com/str4d/rage"; + changelog = "https://github.com/str4d/rage/raw/v${version}/rage/CHANGELOG.md"; + license = with licenses; [ asl20 mit ]; # either at your option + maintainers = with maintainers; [ marsam ryantm ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rarcrack/default.nix b/nixpkgs/pkgs/tools/security/rarcrack/default.nix new file mode 100644 index 000000000000..3745a9520f1c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rarcrack/default.nix @@ -0,0 +1,40 @@ +{lib, stdenv, fetchFromGitHub, libxml2, file, p7zip, unrar, unzip}: + +stdenv.mkDerivation { + pname = "rarcrack"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "jaredsburrows"; + repo = "Rarcrack"; + rev = "35ead64cd2b967eec3e3e3a4c328b89b11ff32a0"; + sha256 = "134fq84896w5vp8vg4qg0ybpb466njibigyd7bqqm1xydr07qrgn"; + }; + + nativeBuildInputs = [ unzip ]; + buildInputs = [ libxml2 file p7zip unrar ]; + buildFlags = lib.optional stdenv.cc.isClang "CC=clang"; + installFlags = [ "PREFIX=\${out}" ]; + + patchPhase = '' + substituteInPlace rarcrack.c --replace "file -i" "${file}/bin/file -i" + ''; + + preInstall = '' + mkdir -p $out/bin + ''; + + meta = with lib; { + description = "This program can crack zip,7z and rar file passwords"; + longDescription = '' + If you forget your password for compressed archive (rar, 7z, zip), this program is the solution. + This program uses bruteforce algorithm to find correct password. You can specify wich characters will be used in password generations. + Warning: Please don't use this program for any illegal things! + ''; + homepage = "https://github.com/jaredsburrows/Rarcrack"; + license = licenses.gpl2; + maintainers = with maintainers; [ davidak ]; + platforms = with platforms; unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/rbw/default.nix b/nixpkgs/pkgs/tools/security/rbw/default.nix new file mode 100644 index 000000000000..9e3f0523473a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rbw/default.nix @@ -0,0 +1,93 @@ +{ lib +, stdenv +, rustPlatform +, fetchCrate +, openssl +, pkg-config +, makeWrapper +, installShellFiles +, Security +, libiconv + + # rbw-fzf +, withFzf ? false +, fzf +, perl + + # rbw-rofi +, withRofi ? false +, rofi +, xclip + + # pass-import +, withPass ? false +, pass +}: + +rustPlatform.buildRustPackage rec { + pname = "rbw"; + version = "1.4.3"; + + src = fetchCrate { + inherit version; + crateName = pname; + sha256 = "sha256-teeGKQNf+nuUcF9BcdiTV/ycENTbcGvPZZ34FdOO31k="; + }; + + cargoSha256 = "sha256-Soquc3OuGlDsGSwNCvYOWQeraYpkzX1oJwmM03Rc3Jg="; + + nativeBuildInputs = [ + pkg-config + makeWrapper + installShellFiles + ]; + + buildInputs = lib.optionals stdenv.isDarwin [ Security libiconv ]; + + postPatch = '' + patchShebangs bin/git-credential-rbw + substituteInPlace bin/git-credential-rbw \ + --replace rbw $out/bin/rbw + '' + lib.optionalString withFzf '' + patchShebangs bin/rbw-fzf + substituteInPlace bin/rbw-fzf \ + --replace fzf ${fzf}/bin/fzf \ + --replace perl ${perl}/bin/perl + '' + lib.optionalString withRofi '' + patchShebangs bin/rbw-rofi + substituteInPlace bin/rbw-rofi \ + --replace rofi ${rofi}/bin/rofi \ + --replace xclip ${xclip}/bin/xclip + '' + lib.optionalString withRofi '' + patchShebangs bin/pass-import + substituteInPlace bin/pass-import \ + --replace pass ${pass}/bin/pass + ''; + + preConfigure = '' + export OPENSSL_INCLUDE_DIR="${openssl.dev}/include" + export OPENSSL_LIB_DIR="${openssl.out}/lib" + ''; + + postInstall = '' + for shell in bash zsh fish; do + $out/bin/rbw gen-completions $shell > rbw.$shell + installShellCompletion rbw.$shell + done + cp bin/git-credential-rbw $out/bin + '' + lib.optionalString withFzf '' + cp bin/rbw-fzf $out/bin + '' + lib.optionalString withRofi '' + cp bin/rbw-rofi $out/bin + '' + lib.optionalString withPass '' + cp bin/pass-import $out/bin + ''; + + meta = with lib; { + description = "Unofficial command line client for Bitwarden"; + homepage = "https://crates.io/crates/rbw"; + changelog = "https://git.tozt.net/rbw/plain/CHANGELOG.md?id=${version}"; + license = licenses.mit; + maintainers = with maintainers; [ albakham luc65r marsam ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/regexploit/default.nix b/nixpkgs/pkgs/tools/security/regexploit/default.nix new file mode 100644 index 000000000000..be09c34254bb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/regexploit/default.nix @@ -0,0 +1,35 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "regexploit"; + version = "1.0.0"; + + disabled = python3.pythonOlder "3.8"; + + src = fetchFromGitHub { + owner = "doyensec"; + repo = pname; + rev = "v${version}"; + sha256 = "0z3fghsyw0ll36in7ihc0qi3gy7mqi6cw1mi8m8c8xb1nlwpfr0y"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + pyyaml + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + ]; + + pythonImportsCheck = [ "regexploit" ]; + + meta = with lib; { + description = "Tool to find regular expressions which are vulnerable to ReDoS"; + homepage = "https://github.com/doyensec/regexploit"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rekor/default.nix b/nixpkgs/pkgs/tools/security/rekor/default.nix new file mode 100644 index 000000000000..663cc38291cb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rekor/default.nix @@ -0,0 +1,50 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: + +let + generic = { pname, packageToBuild, description }: + buildGoModule rec { + inherit pname; + version = "0.5.0"; + + src = fetchFromGitHub { + owner = "sigstore"; + repo = "rekor"; + rev = "v${version}"; + sha256 = "sha256-y8klkb0hyITxLhcNWF7RYRVwF8rclDKzQF/MJs6y//Y="; + }; + + vendorSha256 = "sha256-0PPdnE3ND/YNIk50XkgBROpe5OhFiFre5Lwsml02DQU="; + + nativeBuildInputs = [ installShellFiles ]; + + subPackages = [ packageToBuild ]; + + ldflags = [ "-s" "-w" "-X github.com/sigstore/rekor/pkg/api.GitVersion=v${version}" ]; + + postInstall = '' + installShellCompletion --cmd ${pname} \ + --bash <($out/bin/${pname} completion bash) \ + --fish <($out/bin/${pname} completion fish) \ + --zsh <($out/bin/${pname} completion zsh) + ''; + + meta = with lib; { + inherit description; + homepage = "https://github.com/sigstore/rekor"; + changelog = "https://github.com/sigstore/rekor/releases/tag/v${version}"; + license = licenses.asl20; + maintainers = with maintainers; [ lesuisse jk ]; + }; + }; +in { + rekor-cli = generic { + pname = "rekor-cli"; + packageToBuild = "cmd/rekor-cli"; + description = "CLI client for Sigstore, the Signature Transparency Log"; + }; + rekor-server = generic { + pname = "rekor-server"; + packageToBuild = "cmd/rekor-server"; + description = "Sigstore server, the Signature Transparency Log"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rhash/default.nix b/nixpkgs/pkgs/tools/security/rhash/default.nix new file mode 100644 index 000000000000..e82052d961b8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rhash/default.nix @@ -0,0 +1,59 @@ +{ lib +, stdenv +, fetchFromGitHub +, fetchpatch +, which +, enableStatic ? stdenv.hostPlatform.isStatic +}: + +stdenv.mkDerivation rec { + version = "1.4.2"; + pname = "rhash"; + + src = fetchFromGitHub { + owner = "rhash"; + repo = "RHash"; + rev = "v${version}"; + sha256 = "sha256-HkDgWwHoRWCNtWyfP4sj3veEd+KT5J7yL4J4Z/hJcrE="; + }; + + patches = [ + # Fix clang configuration; remove with next release + (fetchpatch { + url = "https://github.com/rhash/RHash/commit/4dc506066cf1727b021e6352535a8bb315c3f8dc.patch"; + sha256 = "0i5jz2s37h278c8d36pzphhp8rjy660zmhpg2cqlp960f6ny8wwj"; + }) + ]; + + nativeBuildInputs = [ which ]; + + # configure script is not autotools-based, doesn't support these options + dontAddStaticConfigureFlags = true; + + configurePlatforms = [ ]; + + configureFlags = [ + "--ar=${stdenv.cc.targetPrefix}ar" + (lib.enableFeature enableStatic "static") + (lib.enableFeature enableStatic "lib-static") + ]; + + doCheck = true; + + checkTarget = "test-full"; + + installTargets = [ + "install" + "install-lib-headers" + ] ++ lib.optional (!enableStatic) [ + "install-lib-so-link" + ]; + + meta = with lib; { + homepage = "http://rhash.sourceforge.net/"; + description = "Console utility and library for computing and verifying hash sums of files"; + license = licenses.bsd0; + platforms = platforms.all; + maintainers = with maintainers; [ andrewrk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ripasso/cursive.nix b/nixpkgs/pkgs/tools/security/ripasso/cursive.nix new file mode 100644 index 000000000000..1a2ed1374611 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ripasso/cursive.nix @@ -0,0 +1,41 @@ +{ stdenv, lib, rustPlatform, fetchFromGitHub, pkg-config, ncurses, python3, openssl, libgpg-error, gpgme, xorg, AppKit, Security, installShellFiles }: + +with rustPlatform; +buildRustPackage rec { + version = "0.5.2"; + pname = "ripasso-cursive"; + + src = fetchFromGitHub { + owner = "cortex"; + repo = "ripasso"; + rev = "release-${version}"; + sha256 = "sha256-De/xCDzdRHCslD0j6vT8bwjcMTf5R8KZ32aaB3i+Nig="; + }; + + patches = [ ./fix-tests.patch ]; + + cargoSha256 = "sha256-ZmHzxHV4uIxPlLkkOLJApPNLo0GGVj9EopoIwi/j6DE="; + + cargoBuildFlags = [ "-p ripasso-cursive" ]; + + nativeBuildInputs = [ pkg-config gpgme python3 installShellFiles ]; + buildInputs = [ + ncurses openssl libgpg-error gpgme xorg.libxcb + ] ++ lib.optionals stdenv.isDarwin [ AppKit Security ]; + + preCheck = '' + export HOME=$TMPDIR + ''; + + postInstall = '' + installManPage target/man-page/cursive/ripasso-cursive.1 + ''; + + meta = with lib; { + description = "A simple password manager written in Rust"; + homepage = "https://github.com/cortex/ripasso"; + license = licenses.gpl3; + maintainers = with maintainers; [ sgo ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ripasso/fix-tests.patch b/nixpkgs/pkgs/tools/security/ripasso/fix-tests.patch new file mode 100644 index 000000000000..85b1714e5c29 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ripasso/fix-tests.patch @@ -0,0 +1,82 @@ +--- a/src/pass/test.rs ++++ a/src/pass/test.rs +@@ -83,6 +83,7 @@ + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let home: PathBuf = base_path.clone(); +@@ -114,6 +115,7 @@ + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let home: PathBuf = base_path.clone(); +@@ -144,6 +146,7 @@ + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let home: PathBuf = base_path.clone(); +@@ -185,6 +188,7 @@ + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let home: PathBuf = base_path.clone(); +@@ -220,6 +224,7 @@ + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let home: PathBuf = base_path.clone(); +@@ -267,6 +272,7 @@ + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let home: PathBuf = base_path.clone(); +@@ -298,6 +304,7 @@ + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let home: PathBuf = base_path.clone(); +@@ -337,6 +344,7 @@ + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let home: PathBuf = base_path.clone(); +@@ -828,6 +836,7 @@ + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let home: PathBuf = base_path.clone(); +@@ -860,6 +869,7 @@ + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.pop(); + base_path.push("testres"); + diff --git a/nixpkgs/pkgs/tools/security/rng-tools/default.nix b/nixpkgs/pkgs/tools/security/rng-tools/default.nix new file mode 100644 index 000000000000..f77417aaaa45 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rng-tools/default.nix @@ -0,0 +1,81 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, libtool +, pkg-config +, psmisc +, argp-standalone ? null +, openssl +, jitterentropy ? null, withJitterEntropy ? true + # WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS + # https://www.nist.gov/programs-projects/nist-randomness-beacon +, curl ? null, jansson ? null, libxml2 ? null, withNistBeacon ? false +, libp11 ? null, opensc ? null, withPkcs11 ? true +, librtlsdr ? null, withRtlsdr ? true +}: + +assert (stdenv.hostPlatform.isMusl) -> argp-standalone != null; +assert (withJitterEntropy) -> jitterentropy != null; +assert (withNistBeacon) -> curl != null && jansson != null && libxml2 != null; +assert (withPkcs11) -> libp11 != null && opensc != null; +assert (withRtlsdr) -> librtlsdr != null; + +with lib; + +stdenv.mkDerivation rec { + pname = "rng-tools"; + version = "6.15"; + + src = fetchFromGitHub { + owner = "nhorman"; + repo = pname; + rev = "v${version}"; + hash = "sha256-km+MEng3VWZF07sdvGLbAG/vf8/A1DxhA/Xa2Y+LAEQ="; + }; + + nativeBuildInputs = [ autoreconfHook libtool pkg-config ]; + + configureFlags = [ + (enableFeature (withJitterEntropy) "jitterentropy") + (withFeature (withNistBeacon) "nistbeacon") + (withFeature (withPkcs11) "pkcs11") + (withFeature (withRtlsdr) "rtlsdr") + ]; + + buildInputs = [ openssl ] + ++ optionals (stdenv.hostPlatform.isMusl) [ argp-standalone ] + ++ optionals (withJitterEntropy) [ jitterentropy ] + ++ optionals (withNistBeacon) [ curl jansson libxml2 ] + ++ optionals (withPkcs11) [ libp11 openssl ] + ++ optionals (withRtlsdr) [ librtlsdr ]; + + enableParallelBuilding = true; + + makeFlags = [ + "AR:=$(AR)" # For cross-compilation + ] ++ optionals (withPkcs11) [ + "PKCS11_ENGINE=${opensc}/lib/opensc-pkcs11.so" # Overrides configure script paths + ]; + + doCheck = true; + preCheck = "patchShebangs tests/*.sh"; + checkInputs = [ psmisc ]; # rngtestjitter.sh needs killall + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + set -o pipefail + $out/bin/rngtest --version | grep $version + runHook postInstallCheck + ''; + + meta = { + description = "A random number generator daemon"; + homepage = "https://github.com/nhorman/rng-tools"; + changelog = "https://github.com/nhorman/rng-tools/releases/tag/v${version}"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ johnazoidberg c0bw3b ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rnp/default.nix b/nixpkgs/pkgs/tools/security/rnp/default.nix new file mode 100644 index 000000000000..a18571c80404 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rnp/default.nix @@ -0,0 +1,56 @@ +{ lib +, stdenv +, asciidoctor +, botan2 +, bzip2 +, cmake +, fetchFromGitHub +, gnupg +, gtest +, json_c +, pkg-config +, python3 +, zlib +}: + +stdenv.mkDerivation rec { + pname = "rnp"; + version = "0.16.0"; + + src = fetchFromGitHub { + owner = "rnpgp"; + repo = "rnp"; + rev = "v${version}"; + sha256 = "u0etVslTBF9fBqnpVBofYsm0uC/eR6gO3lhwzqua5Qw="; + }; + + buildInputs = [ zlib bzip2 json_c botan2 ]; + + cmakeFlags = [ + "-DCMAKE_INSTALL_PREFIX=${placeholder "out"}" + "-DBUILD_SHARED_LIBS=on" + "-DBUILD_TESTING=on" + "-DDOWNLOAD_GTEST=off" + "-DDOWNLOAD_RUBYRNP=off" + ]; + + nativeBuildInputs = [ asciidoctor cmake gnupg gtest pkg-config python3 ]; + + # NOTE: check-only inputs should ideally be moved to checkInputs, but it + # would fail during buildPhase. + # checkInputs = [ gtest python3 ]; + + outputs = [ "out" "lib" "dev" ]; + + preConfigure = '' + echo "v${version}" > version.txt + ''; + + meta = with lib; { + homepage = "https://github.com/rnpgp/rnp"; + description = "High performance C++ OpenPGP library, fully compliant to RFC 4880"; + license = licenses.bsd2; + platforms = platforms.all; + maintainers = with maintainers; [ ribose-jeffreylau ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rucredstash/default.nix b/nixpkgs/pkgs/tools/security/rucredstash/default.nix new file mode 100644 index 000000000000..14ecfa085fbd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rucredstash/default.nix @@ -0,0 +1,30 @@ +{ lib, rustPlatform, fetchFromGitHub, pkg-config, openssl, stdenv, Security }: + +rustPlatform.buildRustPackage rec { + pname = "rucredstash"; + version = "0.9.0"; + + src = fetchFromGitHub { + owner = "psibi"; + repo = "rucredstash"; + rev = "v${version}"; + sha256 = "1jwsj2y890nxpgmlfbr9hms2raspp5h89ykzsh014mf7lb3yxzwg"; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ openssl ] + ++ lib.optional stdenv.isDarwin Security; + + # Disable tests since it requires network access and relies on the + # presence of certain AWS infrastructure + doCheck = false; + + cargoSha256 = "0qnfrwpdvjksc97iiwn1r6fyqaqn0q3ckbdzswf9flvwshqzb6ih"; + + meta = with lib; { + description = "Rust port for credstash. Manages credentials securely in AWS cloud"; + homepage = "https://github.com/psibi/rucredstash"; + license = licenses.mit; + maintainers = with maintainers; [ psibi ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rustscan/default.nix b/nixpkgs/pkgs/tools/security/rustscan/default.nix new file mode 100644 index 000000000000..adf514006b15 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rustscan/default.nix @@ -0,0 +1,38 @@ +{ lib, stdenv, fetchFromGitHub, rustPlatform, nmap, Security }: + +rustPlatform.buildRustPackage rec { + pname = "rustscan"; + version = "2.0.1"; + + src = fetchFromGitHub { + owner = "RustScan"; + repo = pname; + rev = version; + sha256 = "0fdbsz1v7bb5dm3zqjs1qf73lb1m4qzkqyb3h3hbyrp9vklgxsgw"; + }; + + cargoSha256 = "0658jbx59qrsgpfczzlfrbp2qm7kh0c5561bsxzmgiri7fcz9w0n"; + + postPatch = '' + substituteInPlace src/main.rs \ + --replace 'Command::new("nmap")' 'Command::new("${nmap}/bin/nmap")' + ''; + + buildInputs = lib.optional stdenv.isDarwin Security; + + checkFlags = [ + "--skip=infer_ulimit_lowering_no_panic" + "--skip=google_dns_runs" + "--skip=parse_correct_host_addresses" + "--skip=parse_hosts_file_and_incorrect_hosts" + "--skip=run_perl_script" + "--skip=run_python_script" + ]; + + meta = with lib; { + description = "Faster Nmap Scanning with Rust"; + homepage = "https://github.com/RustScan/RustScan"; + license = licenses.gpl3Only; + maintainers = [ maintainers.SuperSandro2000 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/safe/default.nix b/nixpkgs/pkgs/tools/security/safe/default.nix new file mode 100644 index 000000000000..6b5160e7e753 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/safe/default.nix @@ -0,0 +1,31 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "safe"; + version = "1.6.1"; + + src = fetchFromGitHub { + owner = "starkandwayne"; + repo = "safe"; + rev = "v${version}"; + sha256 = "sha256-ankX4BeMvBEd0e01mQHfaPg4z1z+IZqELaSEJ5deF8Y="; + }; + + vendorSha256 = "sha256-7hX35FfFxfoiI/dSxWhZH8iJoRWa4slAJF0lULq8KL4="; + + subPackages = [ "." ]; + + ldflags = [ + "-X main.Version=${version}" + ]; + + meta = with lib; { + description = "A Vault CLI"; + homepage = "https://github.com/starkandwayne/safe"; + license = licenses.mit; + maintainers = with maintainers; [ eonpatapon ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/saml2aws/default.nix b/nixpkgs/pkgs/tools/security/saml2aws/default.nix new file mode 100644 index 000000000000..2f1127fd68a2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/saml2aws/default.nix @@ -0,0 +1,33 @@ +{ lib, stdenv, buildGoModule, fetchFromGitHub, AppKit }: + +buildGoModule rec { + pname = "saml2aws"; + version = "2.34.0"; + + src = fetchFromGitHub { + owner = "Versent"; + repo = "saml2aws"; + rev = "v${version}"; + sha256 = "sha256-JRJjuVF0MkV7KVmbAZhiWPWVwDORByCsZqPwdTuVRoA="; + }; + + vendorSha256 = "sha256-/N/RYqt+lhhECK+uq99vkm3Mg7PWpdE0GYLXkIYthNw="; + + buildInputs = lib.optionals stdenv.isDarwin [ AppKit ]; + + doCheck = false; + + subPackages = [ "." "cmd/saml2aws" ]; + + ldflags = [ + "-X main.Version=${version}" + ]; + + meta = with lib; { + description = "CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP"; + homepage = "https://github.com/Versent/saml2aws"; + license = licenses.mit; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.pmyjavec ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sammler/default.nix b/nixpkgs/pkgs/tools/security/sammler/default.nix new file mode 100644 index 000000000000..083422cf9919 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sammler/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "sammler"; + version = "20210523-${lib.strings.substring 0 7 rev}"; + rev = "259b9fc6155f40758e5fa480683467c35df746e7"; + + src = fetchFromGitHub { + owner = "redcode-labs"; + repo = "Sammler"; + inherit rev; + sha256 = "1gsv83sbqc9prkigbjvkhh547w12l3ynbajpnbqyf8sz4bd1nj5c"; + }; + + vendorSha256 = "sha256-0ZBPLONUZyazZ22oLO097hdX5xuHx2G6rZCAsCwqq4s="; + + subPackages = [ "." ]; + + meta = with lib; { + description = "Tool to extract useful data from documents"; + homepage = "https://github.com/redcode-labs/Sammler"; + license = licenses.mit; + maintainers = with maintainers; [ fab ] ++ teams.redcodelabs.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch b/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch new file mode 100644 index 000000000000..f436a73bca72 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch @@ -0,0 +1,29 @@ +--- sbsigntools/configure.ac 2018-09-25 10:30:00.878766256 -0500 ++++ configure.ac.new 2018-09-25 10:34:56.231277375 -0500 +@@ -71,15 +71,16 @@ + # no consistent view of where gnu-efi should dump the efi stuff, so find it + ## + for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi; do +- if test -e $path/crt0-efi-$EFI_ARCH.o; then +- CRTPATH=$path ++ if test -e @@NIX_GNUEFI@@/$path/crt0-efi-$EFI_ARCH.o; then ++ CRTPATH=@@NIX_GNUEFI@@/$path ++ break + fi + done + if test -z "$CRTPATH"; then + AC_MSG_ERROR([cannot find the gnu-efi crt path]) + fi + +-EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ ++EFI_CPPFLAGS="-I@@NIX_GNUEFI@@/include/efi -I@@NIX_GNUEFI@@/include/efi/$EFI_ARCH \ + -DEFI_FUNCTION_WRAPPER" + CPPFLAGS_save="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $EFI_CPPFLAGS" +@@ -90,5 +91,5 @@ + AC_SUBST(CRTPATH, $CRTPATH) + + AC_CONFIG_FILES([Makefile src/Makefile lib/ccan/Makefile] +- [docs/Makefile tests/Makefile]) ++ [docs/Makefile]) + AC_OUTPUT diff --git a/nixpkgs/pkgs/tools/security/sbsigntool/default.nix b/nixpkgs/pkgs/tools/security/sbsigntool/default.nix new file mode 100644 index 000000000000..7a0bb37d4a4c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sbsigntool/default.nix @@ -0,0 +1,53 @@ +{ lib, stdenv +, fetchgit, autoconf, automake, pkg-config, help2man +, openssl, libuuid, gnu-efi, libbfd +}: + +stdenv.mkDerivation { + pname = "sbsigntool"; + version = "0.9.1"; + + src = fetchgit { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git"; + rev = "v0.9.1"; + sha256 = "098gxmhjn8acxjw5bq59wq4xhgkpx1xn8kjvxwdzpqkwq9ivrsbp"; + }; + + patches = [ ./autoconf.patch ]; + + prePatch = "patchShebangs ."; + + nativeBuildInputs = [ autoconf automake pkg-config help2man ]; + buildInputs = [ openssl libuuid libbfd gnu-efi ]; + + configurePhase = '' + substituteInPlace configure.ac --replace "@@NIX_GNUEFI@@" "${gnu-efi}" + + lib/ccan.git/tools/create-ccan-tree --build-type=automake lib/ccan "talloc read_write_all build_assert array_size endian" + touch AUTHORS + touch ChangeLog + + echo "SUBDIRS = lib/ccan src docs" >> Makefile.am + + aclocal + autoheader + autoconf + automake --add-missing -Wno-portability + + ./configure --prefix=$out + ''; + + installPhase = '' + mkdir -p $out + make install + ''; + + meta = with lib; { + description = "Tools for maintaining UEFI signature databases"; + homepage = "http://jk.ozlabs.org/docs/sbkeysync-maintaing-uefi-key-databases"; + maintainers = [ maintainers.tstrobel ]; + platforms = [ "x86_64-linux" ]; # Broken on i686 + license = licenses.gpl3; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/scilla/default.nix b/nixpkgs/pkgs/tools/security/scilla/default.nix new file mode 100644 index 000000000000..ab31624c6c96 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/scilla/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "scilla"; + version = "1.2.1"; + + src = fetchFromGitHub { + owner = "edoardottt"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-1gSuKxNpls7B+pSGnGj3k/E93lnj2FPNtAAciPPNAeM="; + }; + + vendorSha256 = "sha256-gHZj8zpc7yFthCCBM8WGw4WwoW46bdQWe4yWjOkkQE8="; + + meta = with lib; { + description = "Information gathering tool for DNS, ports and more"; + homepage = "https://github.com/edoardottt/scilla"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/scorecard/default.nix b/nixpkgs/pkgs/tools/security/scorecard/default.nix new file mode 100644 index 000000000000..a865e441f1ea --- /dev/null +++ b/nixpkgs/pkgs/tools/security/scorecard/default.nix @@ -0,0 +1,75 @@ +{ lib, buildGoModule, fetchFromGitHub, fetchgit, installShellFiles }: + +buildGoModule rec { + pname = "scorecard"; + version = "4.0.1"; + + src = fetchFromGitHub { + owner = "ossf"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-xZBK2gIIxuvO2fuSYyWitO1xT8ItfBVqt2JRJoyH+gg="; + # populate values otherwise taken care of by goreleaser, + # unfortunately these require us to use git. By doing + # this in postFetch we can delete .git afterwards and + # maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + + commit="$(git rev-parse HEAD)" + source_date_epoch=$(git log --date=iso8601-strict -1 --pretty=%ct) + + substituteInPlace "$out/pkg/scorecard_version.go" \ + --replace 'gitCommit = "unknown"' "gitCommit = \"$commit\"" \ + --replace 'buildDate = "unknown"' "buildDate = \"$source_date_epoch\"" + + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; + }; + vendorSha256 = "sha256-NSV7mDn1efQAO4jm6bJm12ExDFTN76TkmD4r61V6D2Q="; + + # Install completions post-install + nativeBuildInputs = [ installShellFiles ]; + + subPackages = [ "." ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/ossf/scorecard/v${lib.versions.major version}/pkg.gitVersion=v${version}" + "-X github.com/ossf/scorecard/v${lib.versions.major version}/pkg.gitTreeState=clean" + ]; + + preCheck = '' + # Feed in all but the e2e tests for testing + # This is because subPackages above limits what is built to just what we + # want but also limits the tests + getGoDirs() { + go list ./... | grep -v e2e + } + ''; + + postInstall = '' + installShellCompletion --cmd scorecard \ + --bash <($out/bin/scorecard completion bash) \ + --fish <($out/bin/scorecard completion fish) \ + --zsh <($out/bin/scorecard completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/scorecard --help + $out/bin/scorecard version | grep "v${version}" + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://github.com/ossf/scorecard"; + changelog = "https://github.com/ossf/scorecard/releases/tag/v${version}"; + description = "Security health metrics for Open Source"; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/scrypt/default.nix b/nixpkgs/pkgs/tools/security/scrypt/default.nix new file mode 100644 index 000000000000..5a3ab9cb68b4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/scrypt/default.nix @@ -0,0 +1,45 @@ +{ lib +, stdenv +, fetchurl +, openssl +, getconf +, util-linux +}: + +stdenv.mkDerivation rec { + pname = "scrypt"; + version = "1.3.1"; + + src = fetchurl { + url = "https://www.tarsnap.com/scrypt/${pname}-${version}.tgz"; + sha256 = "1hnl0r6pmyxiy4dmafmqk1db7wpc0x9rqpzqcwr9d2cmghcj6byz"; + }; + + outputs = [ "out" "lib" "dev" ]; + + configureFlags = [ "--enable-libscrypt-kdf" ]; + + buildInputs = [ openssl ]; + + nativeBuildInputs = [ getconf ]; + + patchPhase = '' + for f in Makefile.in autotools/Makefile.am libcperciva/cpusupport/Build/cpusupport.sh configure ; do + substituteInPlace $f --replace "command -p " "" + done + + patchShebangs tests/test_scrypt.sh + ''; + + doCheck = true; + checkTarget = "test"; + checkInputs = lib.optionals stdenv.isLinux [ util-linux ]; + + meta = with lib; { + description = "Encryption utility"; + homepage = "https://www.tarsnap.com/scrypt.html"; + license = licenses.bsd2; + platforms = platforms.all; + maintainers = with maintainers; [ thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/seccure/default.nix b/nixpkgs/pkgs/tools/security/seccure/default.nix new file mode 100644 index 000000000000..07c8d0382ca5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/seccure/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchurl, libgcrypt }: + +stdenv.mkDerivation rec { + pname = "seccure"; + version = "0.5"; + + src = fetchurl { + url = "http://point-at-infinity.org/seccure/${pname}-${version}.tar.gz"; + sha256 = "0nwnk3hfhgvf5xr0xipbh6smfnya22wphc5rj0vgi5d0zr5cwrk5"; + }; + + buildInputs = [ libgcrypt ]; + + preConfigure = '' + sed -e s@/usr/@$out/@g -i Makefile + sed -e 's@ln -f@ln -sf@g' -i Makefile + mkdir -p $out/bin $out/share/man/man1 + ''; + + meta = { + homepage = "http://point-at-infinity.org/seccure/"; + description = "Zero-configuration elliptic curve cryptography utility"; + platforms = lib.platforms.unix; + license = lib.licenses.lgpl3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/secp256k1/default.nix b/nixpkgs/pkgs/tools/security/secp256k1/default.nix new file mode 100644 index 000000000000..890518126d84 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/secp256k1/default.nix @@ -0,0 +1,47 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +}: + +stdenv.mkDerivation { + pname = "secp256k1"; + + version = "unstable-2022-02-06"; + + src = fetchFromGitHub { + owner = "bitcoin-core"; + repo = "secp256k1"; + rev = "5dcc6f8dbdb1850570919fc9942d22f728dbc0af"; + sha256 = "x9qG2S6tBSRseWaFIN9N2fRpY1vkv8idT3d3rfJnmaU="; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + configureFlags = [ + "--enable-benchmark=no" + "--enable-exhaustive-tests=no" + "--enable-experimental" + "--enable-module-ecdh" + "--enable-module-recovery" + "--enable-module-schnorrsig" + "--enable-tests=yes" + ]; + + doCheck = true; + + checkPhase = "./tests"; + + meta = with lib; { + description = "Optimized C library for EC operations on curve secp256k1"; + longDescription = '' + Optimized C library for EC operations on curve secp256k1. Part of + Bitcoin Core. This library is a work in progress and is being used + to research best practices. Use at your own risk. + ''; + homepage = "https://github.com/bitcoin-core/secp256k1"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ ]; + platforms = with platforms; unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/secretscanner/default.nix b/nixpkgs/pkgs/tools/security/secretscanner/default.nix new file mode 100644 index 000000000000..93d440009f3f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/secretscanner/default.nix @@ -0,0 +1,37 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, hyperscan +, pkg-config +}: + +buildGoModule rec { + pname = "secretscanner"; + version = "20210214-${lib.strings.substring 0 7 rev}"; + rev = "42a38f9351352bf6240016b5b93d971be35cad46"; + + src = fetchFromGitHub { + owner = "deepfence"; + repo = "SecretScanner"; + inherit rev; + sha256 = "0yga71f7bx5a3hj5agr88pd7j8jnxbwqm241fhrvv8ic4sx0mawg"; + }; + + vendorSha256 = "0b7qa83iqnigihgwlqsxi28n7d9h0dk3wx1bqvhn4k01483cipsd"; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ hyperscan ]; + + postInstall = '' + mv $out/bin/SecretScanner $out/bin/$pname + ''; + + meta = with lib; { + description = "Tool to find secrets and passwords in container images and file systems"; + homepage = "https://github.com/deepfence/SecretScanner"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/sedutil/default.nix b/nixpkgs/pkgs/tools/security/sedutil/default.nix new file mode 100644 index 000000000000..cb0e367fa2cc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sedutil/default.nix @@ -0,0 +1,34 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +}: + +stdenv.mkDerivation rec { + pname = "sedutil"; + version = "1.20.0"; + + src = fetchFromGitHub { + owner = "Drive-Trust-Alliance"; + repo = "sedutil"; + rev = version; + sha256 = "sha256-NG/7aqe48ShHWW5hW8axYWV4+zX0dBE7Wy9q58l0S3E="; + }; + + postPatch = '' + patchShebangs . + ''; + + nativeBuildInputs = [ + autoreconfHook + ]; + + enableParallelBuilding = true; + + meta = with lib; { + description = "DTA sedutil Self encrypting drive software"; + homepage = "https://www.drivetrust.com"; + license = licenses.gpl3Plus; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sequoia/default.nix b/nixpkgs/pkgs/tools/security/sequoia/default.nix new file mode 100644 index 000000000000..18db48dfb249 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sequoia/default.nix @@ -0,0 +1,108 @@ +{ stdenv +, fetchFromGitLab +, lib +, darwin +, git +, nettle +# Use the same llvmPackages version as Rust +, llvmPackages_10 +, cargo +, rustc +, rustPlatform +, pkg-config +, glib +, openssl +, sqlite +, capnproto +, ensureNewerSourcesForZipFilesHook +, pythonSupport ? true +, pythonPackages ? null +}: + +assert pythonSupport -> pythonPackages != null; + +rustPlatform.buildRustPackage rec { + pname = "sequoia"; + # Upstream has separate version numbering for the library and the CLI frontend. + # This derivation provides the CLI frontend, and thus uses its version number. + version = "0.25.0"; + + src = fetchFromGitLab { + owner = "sequoia-pgp"; + repo = "sequoia"; + rev = "sq/v${version}"; + sha256 = "13f582g10vba0cpbdmqkkfzgd5jgagb640jaz1w425wf5nbh6q50"; + }; + + cargoSha256 = "sha256-qIGP48uj2iQ6MVgy5anKI9QrX9vnuKh46Fmmcczda4w="; + + nativeBuildInputs = [ + pkg-config + cargo + rustc + git + llvmPackages_10.libclang.lib + llvmPackages_10.clang + ensureNewerSourcesForZipFilesHook + capnproto + ] ++ + lib.optionals pythonSupport [ pythonPackages.setuptools ] + ; + + checkInputs = lib.optionals pythonSupport [ + pythonPackages.pytest + pythonPackages.pytest-runner + ]; + + buildInputs = [ + openssl + sqlite + nettle + ] ++ lib.optionals pythonSupport [ pythonPackages.python pythonPackages.cffi ] + ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security ] + ; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + # Defaults to "ginstall" from some reason, although upstream's Makefiles check uname + "INSTALL=install" + ]; + + buildFlags = [ + "build-release" + ]; + + LIBCLANG_PATH = "${llvmPackages_10.libclang.lib}/lib"; + + # Sometimes, tests fail on CI (ofborg) & hydra without this + CARGO_TEST_ARGS = "--workspace --exclude sequoia-store"; + + # Without this, the examples won't build + postPatch = '' + substituteInPlace openpgp-ffi/examples/Makefile \ + --replace '-O0 -g -Wall -Werror' '-g' + substituteInPlace ffi/examples/Makefile \ + --replace '-O0 -g -Wall -Werror' '-g' + ''; + + + preInstall = lib.optionalString pythonSupport '' + export installFlags="PYTHONPATH=$PYTHONPATH:$out/${pythonPackages.python.sitePackages}" + '' + lib.optionalString (!pythonSupport) '' + export makeFlags="PYTHON=disable" + ''; + + # Don't use buildRustPackage phases, only use it for rust deps setup + configurePhase = null; + buildPhase = null; + doCheck = true; + checkPhase = null; + installPhase = null; + + meta = with lib; { + description = "A cool new OpenPGP implementation"; + homepage = "https://sequoia-pgp.org/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ minijackson doronbehar ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sha1collisiondetection/default.nix b/nixpkgs/pkgs/tools/security/sha1collisiondetection/default.nix new file mode 100644 index 000000000000..07c9ed9b2408 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sha1collisiondetection/default.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchFromGitHub, libtool, which }: + +stdenv.mkDerivation rec { + pname = "sha1collisiondetection"; + version = "1.0.3"; + + src = fetchFromGitHub { + owner = "cr-marcstevens"; + repo = "sha1collisiondetection"; + rev = "stable-v${version}"; + sha256 = "0xn31hkkqs0kj9203rzx6w4nr0lq8fnrlm5i76g0px3q4v2dzw1s"; + }; + + makeFlags = [ "PREFIX=$(out)" ]; + + doCheck = true; + + nativeBuildInputs = [ libtool which ]; + + meta = with lib; { + description = "Library and command line tool to detect SHA-1 collision"; + longDescription = '' + This library and command line tool were designed as near drop-in + replacements for common SHA-1 libraries and sha1sum. They will + compute the SHA-1 hash of any given file and additionally will + detect cryptanalytic collision attacks against SHA-1 present in + each file. It is very fast and takes less than twice the amount + of time as regular SHA-1. + ''; + platforms = platforms.all; + maintainers = with maintainers; [ leenaars ]; + license = licenses.mit; + }; +} diff --git a/nixpkgs/pkgs/tools/security/shc/default.nix b/nixpkgs/pkgs/tools/security/shc/default.nix new file mode 100644 index 000000000000..0c1bf93ed1c6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/shc/default.nix @@ -0,0 +1,21 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "shc"; + version = "4.0.3"; + rev = version; + + src = fetchFromGitHub { + inherit rev; + owner = "neurobin"; + repo = "shc"; + sha256 = "0bfn404plsssa14q89k9l3s5lxq3df0sny5lis4j2w75qrkqx694"; + }; + + meta = with lib; { + homepage = "https://neurobin.org/projects/softwares/unix/shc/"; + description = "Shell Script Compiler"; + platforms = lib.platforms.all; + license = licenses.gpl3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sheesy-cli/default.nix b/nixpkgs/pkgs/tools/security/sheesy-cli/default.nix new file mode 100644 index 000000000000..4be2189e2935 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sheesy-cli/default.nix @@ -0,0 +1,41 @@ +{ lib, stdenv, rustPlatform, fetchCrate, installShellFiles +, libgpg-error, gpgme, gettext, openssl, Security +}: + +rustPlatform.buildRustPackage rec { + pname = "sheesy-cli"; + version = "4.0.11"; + + src = fetchCrate { + inherit version pname; + sha256 = "1l21ji9zqy8x1g2gvqwdhya505max07ibx1hh88s36k0jbvdb7xc"; + }; + + cargoSha256 = "159a5ph1gxwcgahyr8885lq3c1w76nxzfrfdpyqixqrr7jzx2rd3"; + cargoDepsName = pname; + + nativeBuildInputs = [ libgpg-error gpgme gettext installShellFiles ]; + + buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ Security ]; + + buildFeatures = [ "vault" "extract" "completions" "substitute" "process" ]; + + checkFeatures = [ ]; + + cargoBuildFlags = [ "--bin" "sy" ]; + + postInstall = '' + installShellCompletion --cmd sy \ + --bash <($out/bin/sy completions bash) \ + --fish <($out/bin/sy completions fish) \ + --zsh <($out/bin/sy completions zsh) + ''; + + meta = with lib; { + description = "The 'share-secrets-safely' CLI to interact with GPG/pass-like vaults"; + homepage = "https://share-secrets-safely.github.io/cli/"; + changelog = "https://github.com/share-secrets-safely/cli/releases/tag/${version}"; + license = with licenses; [ lgpl21Only ]; + maintainers = with maintainers; [ devhell ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/shellz/default.nix b/nixpkgs/pkgs/tools/security/shellz/default.nix new file mode 100644 index 000000000000..b34986b2f7fb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/shellz/default.nix @@ -0,0 +1,30 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "shellz"; + version = "1.6.0"; + + src = fetchFromGitHub { + owner = "evilsocket"; + repo = pname; + rev = "v${version}"; + sha256 = "1mhl1y0jkycyl1hgwxavxkm1f6kdx1sz3bvpmkr46sdijji06imi"; + }; + + vendorSha256 = "14rd9xd7s5sfmxgv5p9ka8x12xcimv5hrq7hzy0d1c3ddf50rr7n"; + + ldflags = [ + "-s" + "-w" + ]; + + meta = with lib; { + description = "Utility to manage your SSH, telnet, kubernetes, winrm, web or any custom shell"; + homepage = "https://github.com/evilsocket/shellz"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/shhgit/default.nix b/nixpkgs/pkgs/tools/security/shhgit/default.nix new file mode 100644 index 000000000000..a05eba1282c1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/shhgit/default.nix @@ -0,0 +1,26 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "shhgit"; + version = "0.4-${lib.strings.substring 0 7 rev}"; + rev = "7e55062d10d024f374882817692aa2afea02ff84"; + + src = fetchFromGitHub { + owner = "eth0izzle"; + repo = pname; + inherit rev; + sha256 = "1b7r4ivfplm4crlvx571nyz2rc6djy0xvl14nz7m0ngh6206df9k"; + }; + + vendorSha256 = "0isa9faaknm8c9mbyj5dvf1dfnyv44d1pjd2nbkyfi6b22hcci3d"; + + meta = with lib; { + description = "Tool to detect secrets in repositories"; + homepage = "https://github.com/eth0izzle/shhgit"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/signify/default.nix b/nixpkgs/pkgs/tools/security/signify/default.nix new file mode 100644 index 000000000000..fb3df51167b4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/signify/default.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchFromGitHub, libbsd, pkg-config }: + +stdenv.mkDerivation rec { + pname = "signify"; + version = "30"; + + src = fetchFromGitHub { + owner = "aperezdc"; + repo = "signify"; + rev = "v${version}"; + sha256 = "02xh6x6rszkvk3rf6zai7n3ivchmw0d8mwllpinjxc7k6sd415c3"; + }; + + doCheck = true; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ libbsd ]; + + preInstall = '' + export PREFIX=$out + ''; + + meta = with lib; { + description = "OpenBSD signing tool"; + longDescription = '' + OpenBSDs signing tool, which uses the Ed25519 public key signature system + for fast signing and verification of messages using small public keys. + ''; + homepage = "https://www.tedunangst.com/flak/post/signify"; + license = licenses.isc; + maintainers = [ maintainers.rlupton20 ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/signing-party/default.nix b/nixpkgs/pkgs/tools/security/signing-party/default.nix new file mode 100644 index 000000000000..ee099b704aaa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/signing-party/default.nix @@ -0,0 +1,226 @@ +{ lib, stdenv, fetchFromGitLab, autoconf, automake, makeWrapper +, python3, perl, perlPackages +, libmd, gnupg, which, getopt, libpaper, nettools, qprint +, sendmailPath ? "/run/wrappers/bin/sendmail" }: + +let + # All runtime dependencies from the CPAN graph: + # https://widgets.stratopan.com/wheel?q=GnuPG-Interface-0.52&runtime=1&fs=1 + GnuPGInterfaceRuntimeDependencies = with perlPackages; [ + strictures ClassMethodModifiers DataPerl DevelGlobalDestruction ExporterTiny + GnuPGInterface ListMoreUtils ModuleRuntime Moo MooXHandlesVia MooXlate + RoleTiny SubExporterProgressive SubQuote TypeTiny + ]; +in stdenv.mkDerivation rec { + pname = "signing-party"; + version = "2.11"; + + src = fetchFromGitLab { + domain = "salsa.debian.org"; + owner = "signing-party-team"; + repo = "signing-party"; + rev = "v${version}"; + sha256 = "1aig5ssabzbk4mih7xd04vgr931bw0flbi8dz902wlr610gyv5s5"; + }; + + # TODO: Get this patch upstream... + patches = [ ./gpgwrap_makefile.patch ]; + + postPatch = '' + substituteInPlace gpg-mailkeys/gpg-mailkeys --replace \ + "/usr/sbin/sendmail" "${sendmailPath}" + ''; + + # One can use the following command to find all relevant Makefiles: + # grep -R '$(DESTDIR)/usr' | cut -d: -f1 | sort -u | grep -v 'debian/rules' + preBuild = '' + substituteInPlace gpgsigs/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace keyanalyze/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace keylookup/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace sig2dot/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace springgraph/Makefile --replace '$(DESTDIR)/usr' "$out" + ''; + + # Perl is required for it's pod2man. + # Python and Perl are required for patching the script interpreter paths. + nativeBuildInputs = [ autoconf automake makeWrapper ]; + buildInputs = [ python3 perl perlPackages.GnuPGInterface libmd gnupg ]; + + postInstall = '' + # Install all tools which aren't handled by 'make install'. + # TODO: Fix upstream...! + + # caff: CA - Fire and Forget signs and mails a key + install -D -m555 caff/caff $out/bin/caff; + install -D -m444 caff/caff.1 $out/share/man/man1/caff.1; + + # pgp-clean: removes all non-self signatures from key + install -D -m555 caff/pgp-clean $out/bin/pgp-clean; + install -D -m444 caff/pgp-clean.1 $out/share/man/man1/pgp-clean.1; + + # pgp-fixkey: removes broken packets from keys + install -D -m555 caff/pgp-fixkey $out/bin/pgp-fixkey; + install -D -m444 caff/pgp-fixkey.1 $out/share/man/man1/pgp-fixkey.1; + + # gpg-mailkeys: simply mail out a signed key to its owner + install -D -m555 gpg-mailkeys/gpg-mailkeys $out/bin/gpg-mailkeys; + install -D -m444 gpg-mailkeys/gpg-mailkeys.1 $out/share/man/man1/gpg-mailkeys.1; + + # gpg-key2ps: generate PostScript file with fingerprint paper slips + install -D -m555 gpg-key2ps/gpg-key2ps $out/bin/gpg-key2ps; + install -D -m444 gpg-key2ps/gpg-key2ps.1 $out/share/man/man1/gpg-key2ps.1; + + # gpgdir: recursive directory encryption tool + install -D -m555 gpgdir/gpgdir $out/bin/gpgdir; + install -D -m444 gpgdir/gpgdir.1 $out/share/man/man1/gpgdir.1; + + # gpglist: show who signed which of your UIDs + install -D -m555 gpglist/gpglist $out/bin/gpglist; + install -D -m444 gpglist/gpglist.1 $out/share/man/man1/gpglist.1; + + # gpgsigs: annotates list of GnuPG keys with already done signatures + # The manual page is not handled by 'make install' + install -D -m444 gpgsigs/gpgsigs.1 $out/share/man/man1/gpgsigs.1; + + # gpgparticipants: create list of party participants for the organiser + install -D -m555 gpgparticipants/gpgparticipants $out/bin/gpgparticipants; + install -D -m444 gpgparticipants/gpgparticipants.1 $out/share/man/man1/gpgparticipants.1; + install -D -m555 gpgparticipants/gpgparticipants-prefill $out/bin/gpgparticipants-prefill; + install -D -m444 gpgparticipants/gpgparticipants-prefill.1 $out/share/man/man1/gpgparticipants-prefill.1; + install -D -m555 gpgparticipants/gpgparticipants-filter $out/bin/gpgparticipants-filter; + install -D -m444 gpgparticipants/gpgparticipants-filter.1 $out/share/man/man1/gpgparticipants-filter.1; + + # gpgwrap: a passphrase wrapper + install -D -m555 gpgwrap/bin/gpgwrap $out/bin/gpgwrap; + install -D -m444 gpgwrap/doc/gpgwrap.1 $out/share/man/man1/gpgwrap.1; + + # keyanalyze: minimum signing distance (MSD) analysis on keyrings + # Only the binaries are handled by 'make install' + install -D -m444 keyanalyze/keyanalyze.1 $out/share/man/man1/keyanalyze.1; + install -D -m444 keyanalyze/pgpring/pgpring.1 $out/share/man/man1/pgpring.1; + install -D -m444 keyanalyze/process_keys.1 $out/share/man/man1/process_keys.1; + + # keylookup: ncurses wrapper around gpg --search + # Handled by 'make install' + + # sig2dot: converts a list of GnuPG signatures to a .dot file + # Handled by 'make install' + + # springgraph: creates a graph from a .dot file + # Handled by 'make install' + + # keyart: creates a random ASCII art of a PGP key file + install -D -m555 keyart/keyart $out/bin/keyart; + install -D -m444 keyart/doc/keyart.1 $out/share/man/man1/keyart.1; + + # gpg-key2latex: generate LaTeX file with fingerprint paper slips + install -D -m555 gpg-key2latex/gpg-key2latex $out/bin/gpg-key2latex; + install -D -m444 gpg-key2latex/gpg-key2latex.1 $out/share/man/man1/gpg-key2latex.1; + ''; + + postFixup = '' + # Add the runtime dependencies for all programs (but mainly for the Perl + # scripts) + + wrapProgram $out/bin/caff --set PERL5LIB \ + ${with perlPackages; makePerlPath ([ + TextTemplate MIMETools MailTools TimeDate NetIDNEncode ] + ++ GnuPGInterfaceRuntimeDependencies)} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ nettools gnupg ]}" + + wrapProgram $out/bin/gpg-key2latex --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg libpaper ]}" + + wrapProgram $out/bin/gpg-key2ps --prefix PATH ":" \ + "${lib.makeBinPath [ which gnupg libpaper ]}" + + wrapProgram $out/bin/gpg-mailkeys --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg qprint ]}" + + wrapProgram $out/bin/gpgdir --set PERL5LIB \ + ${with perlPackages; makePerlPath ([ + TermReadKey ] + ++ GnuPGInterfaceRuntimeDependencies)} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpglist --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgparticipants --prefix PATH ":" \ + "${lib.makeBinPath [ getopt gnupg ]}" + +# wrapProgram $out/bin/gpgparticipants-prefill + + wrapProgram $out/bin/gpgparticipants-filter --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgsigs --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgwrap --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + +# wrapProgram $out/bin/keyanalyze --set PERL5LIB \ + + wrapProgram $out/bin/keyart --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/keylookup --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/pgp-clean --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/pgp-fixkey --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + +# wrapProgram $out/bin/pgpring + +# wrapProgram $out/bin/process_keys + + # Upstream-Bug: Seems like sig2dot doesn't work with 2.1 (modern) anymore, + # please use 2.0 (stable) instead. +# wrapProgram $out/bin/sig2dot + + wrapProgram $out/bin/springgraph --set PERL5LIB \ + ${with perlPackages; makePerlPath [ GD ]} + ''; + + meta = with lib; { + homepage = "https://salsa.debian.org/signing-party-team/signing-party"; + description = "A collection of several projects relating to OpenPGP"; + longDescription = '' + This is a collection of several projects relating to OpenPGP. + + * caff: CA - Fire and Forget signs and mails a key + * pgp-clean: removes all non-self signatures from key + * pgp-fixkey: removes broken packets from keys + * gpg-mailkeys: simply mail out a signed key to its owner + * gpg-key2ps: generate PostScript file with fingerprint paper slips + * gpgdir: recursive directory encryption tool + * gpglist: show who signed which of your UIDs + * gpgsigs: annotates list of GnuPG keys with already done signatures + * gpgparticipants: create list of party participants for the organiser + * gpgwrap: a passphrase wrapper + * keyanalyze: minimum signing distance (MSD) analysis on keyrings + * keylookup: ncurses wrapper around gpg --search + * sig2dot: converts a list of GnuPG signatures to a .dot file + * springgraph: creates a graph from a .dot file + * keyart: creates a random ASCII art of a PGP key file + * gpg-key2latex: generate LaTeX file with fingerprint paper slips + ''; + license = with licenses; [ bsd2 bsd3 gpl2 gpl2Plus gpl3Plus ]; + maintainers = with maintainers; [ fpletz primeos ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch b/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch new file mode 100644 index 000000000000..4beaf5b80887 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch @@ -0,0 +1,16 @@ +--- a/gpgwrap/Makefile 2015-06-03 16:24:48.723129144 +0200 ++++ b/gpgwrap/Makefile 2015-06-03 16:24:11.639744346 +0200 +@@ -1,9 +1,12 @@ + MAKE=make + +-.PHONY: all clean ++.PHONY: all clean install + + all: + cd src && ${MAKE} all DIET="${DIET}" + ++install: ++ ++ + clean: + cd src && ${MAKE} clean diff --git a/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix b/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix new file mode 100644 index 000000000000..4d5c020ad422 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchFromGitHub, trousers, openssl, opencryptoki, autoreconfHook, libtool }: + +stdenv.mkDerivation rec { + pname = "simple-tpm-pk11"; + version = "0.06"; + + src = fetchFromGitHub { + owner = "ThomasHabets"; + repo = "simple-tpm-pk11"; + rev = version; + sha256 = "0vpbaklr4r1a2am0pqcm6m41ph22mkcrq33y8ab5h8qkhkvhd6a6"; + }; + + nativeBuildInputs = [ autoreconfHook libtool ]; + buildInputs = [ trousers openssl opencryptoki ]; + + enableParallelBuilding = true; + + meta = with lib; { + description = "Simple PKCS11 provider for TPM chips"; + longDescription = '' + A simple library for using the TPM chip to secure SSH keys. + ''; + homepage = "https://github.com/ThomasHabets/simple-tpm-pk11"; + license = licenses.asl20; + maintainers = with maintainers; [ tstrobel ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sipvicious/default.nix b/nixpkgs/pkgs/tools/security/sipvicious/default.nix new file mode 100644 index 000000000000..1167d40e4327 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sipvicious/default.nix @@ -0,0 +1,27 @@ +{ lib +, buildPythonApplication +, fetchFromGitHub +}: + +buildPythonApplication rec { + pname = "sipvicious"; + version = "0.3.4"; + + src = fetchFromGitHub { + owner = "EnableSecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-O8/9Vz/u8BoF1dfGceOJdzPPYLfkdBp2DkwA5WQ3dgo="; + }; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "sipvicious" ]; + + meta = with lib; { + description = " Set of tools to audit SIP based VoIP systems"; + homepage = "https://github.com/EnableSecurity/sipvicious"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/slowhttptest/default.nix b/nixpkgs/pkgs/tools/security/slowhttptest/default.nix new file mode 100644 index 000000000000..5dce5d5439ac --- /dev/null +++ b/nixpkgs/pkgs/tools/security/slowhttptest/default.nix @@ -0,0 +1,26 @@ +{ lib +, stdenv +, fetchFromGitHub +, openssl +}: + +stdenv.mkDerivation rec { + pname = "slowhttptest"; + version = "1.8.2"; + + src = fetchFromGitHub { + owner = "shekyan"; + repo = pname; + rev = "v${version}"; + sha256 = "1xv2j3hl4zj0s2cxcsvlwgridh9ap4g84g7c4918d03id15wydcx"; + }; + + buildInputs = [ openssl ]; + + meta = with lib; { + description = "Application Layer DoS attack simulator"; + homepage = "https://github.com/shekyan/slowhttptest"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sn0int/default.nix b/nixpkgs/pkgs/tools/security/sn0int/default.nix new file mode 100644 index 000000000000..b2d812d521af --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sn0int/default.nix @@ -0,0 +1,44 @@ +{ lib +, fetchFromGitHub +, rustPlatform +, libsodium +, libseccomp +, sqlite +, pkg-config +}: + +rustPlatform.buildRustPackage rec { + pname = "sn0int"; + version = "0.24.1"; + + src = fetchFromGitHub { + owner = "kpcyrd"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-AP/3QCol2qOvRqNW9F/m9JpiZrqtfXvr//Ku2XE3vqY="; + }; + + cargoSha256 = "sha256-gdDQjYU8hJdkQCh1Iswn5KlPW2BT/J5vCSOS/KHvbH4="; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + libsodium + libseccomp + sqlite + ]; + + # One of the dependencies (chrootable-https) tries to read "/etc/resolv.conf" + # in "checkPhase", hence fails in sandbox of "nix". + doCheck = false; + + meta = with lib; { + description = "Semi-automatic OSINT framework and package manager"; + homepage = "https://github.com/kpcyrd/sn0int"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ xrelkd ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/snallygaster/default.nix b/nixpkgs/pkgs/tools/security/snallygaster/default.nix new file mode 100644 index 000000000000..e469e4b004e6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/snallygaster/default.nix @@ -0,0 +1,38 @@ +{ lib +, python3Packages +, fetchFromGitHub +}: + +python3Packages.buildPythonApplication rec { + pname = "snallygaster"; + version = "0.0.12"; + + src = fetchFromGitHub { + owner = "hannob"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-JXuRCUWpoGhBbU38XMEQovCiVfbyBMJ+SIrt3iqFuAo="; + }; + + propagatedBuildInputs = with python3Packages; [ + urllib3 + beautifulsoup4 + dnspython + ]; + + checkInputs = with python3Packages; [ + pytestCheckHook + ]; + + pytestFlagsArray = [ + # we are not interested in linting the project + "--ignore=tests/test_codingstyle.py" + ]; + + meta = with lib; { + description = "Tool to scan for secret files on HTTP servers"; + homepage = "https://github.com/hannob/snallygaster"; + license = licenses.cc0; + maintainers = with maintainers; [ hexa ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/snow/default.nix b/nixpkgs/pkgs/tools/security/snow/default.nix new file mode 100644 index 000000000000..6dce95f8cf0f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/snow/default.nix @@ -0,0 +1,25 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "snow"; + version = "20130616"; + + src = fetchurl { + url = "https://web.archive.org/web/20200304125913if_/http://darkside.com.au/snow/snow-${version}.tar.gz"; + sha256 = "0r9q45y55z4i0askkxmxrx0jr1620ypd870vz0hx2a6n9skimdy0"; + }; + + makeFlags = [ "CFLAGS=-O2" ]; + + installPhase = '' + install -Dm755 snow -t $out/bin + ''; + + meta = with lib; { + description = "Conceal messages in ASCII text by appending whitespace to the end of lines"; + homepage = "http://www.darkside.com.au/snow/"; + license = licenses.asl20; + maintainers = with maintainers; [ siraben ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/snowcat/default.nix b/nixpkgs/pkgs/tools/security/snowcat/default.nix new file mode 100644 index 000000000000..e6211caec556 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/snowcat/default.nix @@ -0,0 +1,33 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "snowcat"; + version = "0.1.3"; + + src = fetchFromGitHub { + owner = "praetorian-inc"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-EulQYGOMIh952e4Xp13hT/HMW3qP1QXYtt5PEej1VTY="; + }; + vendorSha256 = "sha256-D6ipwGMxT0B3uYUzg6Oo2TYnsOVBY0mYO5lC7vtVPc0="; + + ldflags = [ "-s" "-w" ]; + + meta = with lib; { + homepage = "https://github.com/praetorian-inc/snowcat"; + changelog = "https://github.com/praetorian-inc/snowcat/releases/tag/v${version}"; + description = "A tool to audit the istio service mesh"; + longDescription = '' + Snowcat gathers and analyzes the configuration of an Istio cluster and + audits it for potential violations of security best practices. + + There are two main modes of operation for Snowcat. With no positional + argument, Snowcat will assume it is running inside of a cluster enabled + with Istio, and begin to enumerate the required data. Optionally, you can + point snowcat at a directory containing Kubernets YAML files. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/snowcrash/default.nix b/nixpkgs/pkgs/tools/security/snowcrash/default.nix new file mode 100644 index 000000000000..bce05ed8f2e9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/snowcrash/default.nix @@ -0,0 +1,32 @@ +{ lib +, stdenv +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "snowcrash"; + version = "unstable-2021-04-29"; + + src = fetchFromGitHub { + owner = "redcode-labs"; + repo = "SNOWCRASH"; + rev = "514cceea1ca82f44e0c8a8744280f3a16abb6745"; + sha256 = "16p1nfi9zdlcffjyrk1phrippjqrdzf3cpc51dgdy3bfr7pds2ld"; + }; + + vendorSha256 = "sha256-YryQKLHwUDhR/Z7eWfCdL86Z83GrqBTvdGGj+dGKvjI"; + + subPackages = [ "." ]; + + postFixup = lib.optionals (!stdenv.isDarwin) '' + mv $out/bin/SNOWCRASH $out/bin/${pname} + ''; + + meta = with lib; { + description = "Polyglot payload generator"; + homepage = "https://github.com/redcode-labs/SNOWCRASH"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ] ++ teams.redcodelabs.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/softhsm/default.nix b/nixpkgs/pkgs/tools/security/softhsm/default.nix new file mode 100644 index 000000000000..873cfdbbb056 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/softhsm/default.nix @@ -0,0 +1,45 @@ +{ lib, stdenv, fetchurl, botan2, libobjc, Security }: + +stdenv.mkDerivation rec { + + pname = "softhsm"; + version = "2.6.1"; + + src = fetchurl { + url = "https://dist.opendnssec.org/source/${pname}-${version}.tar.gz"; + hash = "sha256:1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"; + }; + + configureFlags = [ + "--with-crypto-backend=botan" + "--with-botan=${botan2}" + "--sysconfdir=$out/etc" + "--localstatedir=$out/var" + ]; + + propagatedBuildInputs = + lib.optionals stdenv.isDarwin [ libobjc Security ]; + + buildInputs = [ botan2 ]; + + postInstall = "rm -rf $out/var"; + + meta = with lib; { + homepage = "https://www.opendnssec.org/softhsm"; + description = "Cryptographic store accessible through a PKCS #11 interface"; + longDescription = " + SoftHSM provides a software implementation of a generic + cryptographic device with a PKCS#11 interface, which is of + course especially useful in environments where a dedicated hardware + implementation of such a device - for instance a Hardware + Security Module (HSM) or smartcard - is not available. + + SoftHSM follows the OASIS PKCS#11 standard, meaning it should be + able to work with many cryptographic products. SoftHSM is a + programme of The Commons Conservancy. + "; + license = licenses.bsd2; + maintainers = [ maintainers.leenaars ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/solo2-cli/default.nix b/nixpkgs/pkgs/tools/security/solo2-cli/default.nix new file mode 100644 index 000000000000..eaa2bc659a56 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/solo2-cli/default.nix @@ -0,0 +1,49 @@ +{ lib +, stdenv +, rustPlatform +, fetchFromGitHub +, installShellFiles +, pkg-config +, pcsclite +, udev +, PCSC +, IOKit +, CoreFoundation +, AppKit +}: + +rustPlatform.buildRustPackage rec { + pname = "solo2-cli"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "solokeys"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-3GIK0boxGD4Xa5OskP1535zCQyhMQ/oXbgThRivJzww="; + }; + + cargoSha256 = "sha256-MYxVegXUVeZ4AzDz+Si5TtTjUDEPTO0Nh008rgLtsLw="; + + nativeBuildInputs = [ installShellFiles pkg-config ]; + + buildInputs = [ ] + ++ lib.optionals stdenv.isLinux [ pcsclite udev ] + ++ lib.optionals stdenv.isDarwin [ PCSC IOKit CoreFoundation AppKit ]; + + postInstall = '' + install -D 70-solo2.rules $out/lib/udev/rules.d/70-solo2.rules + installShellCompletion target/*/release/solo2.{bash,fish,zsh} + ''; + + doCheck = true; + + buildFeatures = [ "cli" ]; + + meta = with lib; { + description = "A CLI tool for managing SoloKeys' Solo2 USB security keys."; + homepage = "https://github.com/solokeys/solo2-cli"; + license = with licenses; [ asl20 mit ]; # either at your option + maintainers = with maintainers; [ lukegb ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sonar-scanner-cli/default.nix b/nixpkgs/pkgs/tools/security/sonar-scanner-cli/default.nix new file mode 100644 index 000000000000..95db01370b44 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sonar-scanner-cli/default.nix @@ -0,0 +1,47 @@ +{ stdenv, lib, fetchurl, unzip, jre }: + +let + + version = "4.5.0.2216"; + + sonarScannerArchPackage = { + "x86_64-linux" = { + url = "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${version}-linux.zip"; + sha256 = "sha256-rmvDb5l2BGV8j94Uhu2kJXwoDAHA3VncAahqGvLY3I0="; + }; + "x86_64-darwin" = { + url = "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${version}-macosx.zip"; + sha256 = "1g3lldpkrjlvwld9h82hlwclyplxpbk4q3nq59ylw4dhp26kb993"; + }; + }; + +in stdenv.mkDerivation rec { + inherit version; + pname = "sonar-scanner-cli"; + + src = fetchurl sonarScannerArchPackage.${stdenv.hostPlatform.system}; + + nativeBuildInputs = [ unzip ]; + + installPhase = '' + mkdir -p $out/lib + cp -r lib/* $out/lib/ + mkdir -p $out/bin + cp bin/* $out/bin/ + mkdir -p $out/conf + cp conf/* $out/conf/ + ''; + + fixupPhase = '' + substituteInPlace $out/bin/sonar-scanner \ + --replace "\$sonar_scanner_home/jre" "${lib.getBin jre}" + ''; + + meta = with lib; { + homepage = "https://github.com/SonarSource/sonar-scanner-cli"; + description = "SonarQube Scanner used to start code analysis"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ peterromfeldhk ]; + platforms = builtins.attrNames sonarScannerArchPackage; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sops/default.nix b/nixpkgs/pkgs/tools/security/sops/default.nix new file mode 100644 index 000000000000..1cf89143925a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sops/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "sops"; + version = "3.7.1"; + + src = fetchFromGitHub { + rev = "v${version}"; + owner = "mozilla"; + repo = pname; + sha256 = "0z3jcyl245yjszzjf2h6l1dwa092vxzvfmnivmwi6jvpsdcv33h1"; + }; + + vendorSha256 = "1mnwgsbpi56ql0lbpn7dkaps96x9b1lmhlk5cd6d40da7xj616n7"; + + doCheck = false; + + meta = with lib; { + homepage = "https://github.com/mozilla/sops"; + description = "Mozilla sops (Secrets OPerationS) is an editor of encrypted files"; + changelog = "https://github.com/mozilla/sops/raw/v${version}/CHANGELOG.rst"; + maintainers = [ maintainers.marsam ]; + license = licenses.mpl20; + }; +} diff --git a/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix b/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix new file mode 100644 index 000000000000..49aa4a2a4ca5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix @@ -0,0 +1,38 @@ +{ lib, stdenv, fetchFromGitHub, makeWrapper, coreutils, binutils-unwrapped }: + +stdenv.mkDerivation rec { + pname = "spectre-meltdown-checker"; + version = "0.44"; + + src = fetchFromGitHub { + owner = "speed47"; + repo = "spectre-meltdown-checker"; + rev = "v${version}"; + sha256 = "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"; + }; + + prePatch = '' + substituteInPlace spectre-meltdown-checker.sh \ + --replace /bin/echo ${coreutils}/bin/echo + ''; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = with lib; '' + runHook preInstall + + install -Dm755 spectre-meltdown-checker.sh $out/bin/spectre-meltdown-checker + wrapProgram $out/bin/spectre-meltdown-checker \ + --prefix PATH : ${makeBinPath [ binutils-unwrapped ]} + + runHook postInstall + ''; + + meta = with lib; { + description = "Spectre & Meltdown vulnerability/mitigation checker for Linux"; + homepage = "https://github.com/speed47/spectre-meltdown-checker"; + license = licenses.gpl3; + maintainers = with maintainers; [ dotlambda ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/spire/default.nix b/nixpkgs/pkgs/tools/security/spire/default.nix new file mode 100644 index 000000000000..bb165c41d07b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/spire/default.nix @@ -0,0 +1,36 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "spire"; + version = "1.2.0"; + + outputs = [ "out" "agent" "server" ]; + + src = fetchFromGitHub { + owner = "spiffe"; + repo = pname; + rev = "v${version}"; + sha256 = "01ph9jzh18bnidrsbnnxm3gxh0cgfllnjvf7a5haqz51lm6a9pny"; + }; + + vendorSha256 = "1fd1k5by4wcjmzfgi3gnrwnb38b0wa3w67kzjlx8s0nwapyfgx0b"; + + subPackages = [ "cmd/spire-agent" "cmd/spire-server" ]; + + # Usually either the agent or server is needed for a given use case, but not both + postInstall = '' + mkdir -vp $agent/bin $server/bin + mv -v $out/bin/spire-agent $agent/bin/ + mv -v $out/bin/spire-server $server/bin/ + + ln -vs $agent/bin/spire-agent $out/bin/spire-agent + ln -vs $server/bin/spire-server $out/bin/spire-server + ''; + + meta = with lib; { + description = "The SPIFFE Runtime Environment"; + homepage = "github.com/spiffe/spire"; + license = licenses.asl20; + maintainers = with maintainers; [ jonringer fkautz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/spyre/default.nix b/nixpkgs/pkgs/tools/security/spyre/default.nix new file mode 100644 index 000000000000..e74d8bc9a6ec --- /dev/null +++ b/nixpkgs/pkgs/tools/security/spyre/default.nix @@ -0,0 +1,35 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, pkg-config +, yara +}: + +buildGoModule rec { + pname = "spyre"; + version = "1.2.4"; + + src = fetchFromGitHub { + owner = "spyre-project"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-408UOY7kvukMYOVqQfpugk6Z+LNQV9XyfJirKyBRWd4="; + }; + + vendorSha256 = "sha256-qZkt5WwicDXrExwMT0tCO+FZgClIHhrVtMR8xNsdAaQ="; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + yara + ]; + + meta = with lib; { + description = "YARA-based IOC scanner"; + homepage = "https://github.com/spyre-project/spyre"; + license = with licenses; [ lgpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/srm/default.nix b/nixpkgs/pkgs/tools/security/srm/default.nix new file mode 100644 index 000000000000..8e4b3e697312 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/srm/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "srm"; + version = "1.2.15"; + + src = fetchurl { + url = "mirror://sourceforge/project/srm/${version}/srm-${version}.tar.gz"; + sha256 = "10sjarhprs6s4zandndg720528rcnd4xk8dl48pjj7li1q9c30vm"; + }; + + meta = with lib; { + description = "Delete files securely"; + longDescription = '' + srm (secure rm) is a command-line compatible rm(1) which + overwrites file contents before unlinking. The goal is to + provide drop in security for users who wish to prevent recovery + of deleted information, even if the machine is compromised. + ''; + homepage = "http://srm.sourceforge.net"; + license = licenses.mit; + maintainers = with maintainers; [ edwtjo ]; + platforms = platforms.unix; + }; + +} diff --git a/nixpkgs/pkgs/tools/security/ssb/default.nix b/nixpkgs/pkgs/tools/security/ssb/default.nix new file mode 100644 index 000000000000..d6305e4cf4a4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssb/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "ssb"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "kitabisa"; + repo = pname; + rev = "v${version}"; + sha256 = "0dkd02l30461cwn5hsssnjyb9s8ww179wll3l7z5hy1hv3x6h9g1"; + }; + + vendorSha256 = "1q3dxizyz9bcdfs5j2bzhl2aadhd00cvzhj202wlls0zrlb9pp4f"; + + meta = with lib; { + description = "Tool to bruteforce SSH server"; + homepage = "https://github.com/kitabisa/ssb"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ssdeep/default.nix b/nixpkgs/pkgs/tools/security/ssdeep/default.nix new file mode 100644 index 000000000000..acc617103d71 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssdeep/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchFromGitHub, autoreconfHook }: + +stdenv.mkDerivation rec { + pname = "ssdeep"; + version = "2.14.1"; + + src = fetchFromGitHub { + owner = "ssdeep-project"; + repo = "ssdeep"; + rev = "release-${version}"; + sha256 = "1yx6yjkggshw5yl89m4kvyzarjdg2l3hs0bbjbrfzwp1lkfd8i0c"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + # Hack to avoid TMPDIR in RPATHs. + preFixup = ''rm -rf "$(pwd)" ''; + + meta = { + description = "A program for calculating fuzzy hashes"; + homepage = "http://www.ssdeep.sf.net"; + license = lib.licenses.gpl2; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ssh-audit/default.nix b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix new file mode 100644 index 000000000000..34d39390b438 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix @@ -0,0 +1,25 @@ +{ lib, fetchFromGitHub, python3Packages }: + +python3Packages.buildPythonApplication rec { + pname = "ssh-audit"; + version = "2.5.0"; + + src = fetchFromGitHub { + owner = "jtesta"; + repo = pname; + rev = "v${version}"; + sha256 = "0ks1zr0ksma285sm2dyy0nsbrkpssdk4mdzc3srr4mcyd6v927jd"; + }; + + checkInputs = with python3Packages; [ + pytestCheckHook + ]; + + meta = with lib; { + description = "Tool for ssh server auditing"; + homepage = "https://github.com/jtesta/ssh-audit"; + license = licenses.mit; + platforms = platforms.all; + maintainers = with maintainers; [ tv SuperSandro2000 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ssh-to-age/default.nix b/nixpkgs/pkgs/tools/security/ssh-to-age/default.nix new file mode 100644 index 000000000000..7342c34ee367 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssh-to-age/default.nix @@ -0,0 +1,31 @@ +{ lib, fetchFromGitHub, buildGoModule }: + +buildGoModule rec { + pname = "ssh-to-age"; + version = "1.0.1"; + + src = fetchFromGitHub { + owner = "Mic92"; + repo = "ssh-to-age"; + rev = version; + sha256 = "sha256-ccwCHu6RlWqMnt5nBy54bVEzfE9/3PEL4C5LnYTtnwU="; + }; + + vendorSha256 = "sha256-jiFPcdWnAk54RJv4mHB3A+5tqKzqitfsiRXYZLa3Gu0="; + + checkPhase = '' + runHook preCheck + go test ./... + runHook postCheck + ''; + + doCheck = true; + + meta = with lib; { + description = "Convert ssh private keys in ed25519 format to age keys"; + homepage = "https://github.com/Mic92/ssh-to-age"; + license = licenses.mit; + maintainers = with maintainers; [ mic92 ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix b/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix new file mode 100644 index 000000000000..fc07714b55b0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix @@ -0,0 +1,29 @@ +{ lib, fetchFromGitHub, buildGoModule, gnupg }: + +buildGoModule rec { + pname = "ssh-to-pgp"; + version = "1.0.1"; + + src = fetchFromGitHub { + owner = "Mic92"; + repo = "ssh-to-pgp"; + rev = version; + sha256 = "sha256-5Wg0ItAkAb0zlhzcuDT9o0XIIbG9kqk4mIYb6hSJlsI="; + }; + + vendorSha256 = "sha256-OMWiJ1n8ynvIGcmotjuGGsRuAidYgVo5Y5JjrAw8fpc="; + + checkInputs = [ gnupg ]; + checkPhase = '' + HOME=$TMPDIR go test . + ''; + + doCheck = true; + + meta = with lib; { + description = "Convert ssh private keys to PGP"; + homepage = "https://github.com/Mic92/ssh-to-pgp"; + license = licenses.mit; + maintainers = with maintainers; [ mic92 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sshchecker/default.nix b/nixpkgs/pkgs/tools/security/sshchecker/default.nix new file mode 100644 index 000000000000..5dfc37dcf6cf --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sshchecker/default.nix @@ -0,0 +1,29 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "sshchecker"; + version = "1.0"; + + src = fetchFromGitHub { + owner = "lazytools"; + repo = pname; + rev = "v${version}"; + sha256 = "139b850h1w0392k8jcgj22jscsl2l60b5kk0n8378b6g57ikmis0"; + }; + + vendorSha256 = "19hdaf7d6lvwrl5rc1srrjsjx57g25cy4lvw0vvs6j52impdk6ak"; + + meta = with lib; { + description = "Dedicated SSH brute-forcing tool"; + longDescription = '' + sshchecker is a fast dedicated SSH brute-forcing tool to check + SSH login on the giving IP list. + ''; + homepage = "https://github.com/lazytools/sshchecker"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sshguard/default.nix b/nixpkgs/pkgs/tools/security/sshguard/default.nix new file mode 100644 index 000000000000..a45a57eff0bf --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sshguard/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchurl, autoreconfHook, bison, flex}: + +stdenv.mkDerivation rec { + version = "2.4.2"; + pname = "sshguard"; + + src = fetchurl { + url = "mirror://sourceforge/sshguard/${pname}-${version}.tar.gz"; + sha256 = "1s1prqdbxjrd1n3j4x8ggy9gl2j0ax6xhkzcvyzajw7awmvbfw17"; + }; + + doCheck = true; + + nativeBuildInputs = [ autoreconfHook bison flex ]; + + configureFlags = [ "--sysconfdir=/etc" ]; + + meta = with lib; { + description = "Protects hosts from brute-force attacks"; + longDescription = '' + SSHGuard can read log messages from various input sources. Log messages are parsed, line-by-line, for recognized patterns. + If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. + ''; + homepage = "https://sshguard.net"; + license = licenses.bsd3; + maintainers = with maintainers; [ sargon ]; + platforms = with platforms; linux ++ darwin ++ freebsd ++ netbsd ++ openbsd; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sshuttle/default.nix b/nixpkgs/pkgs/tools/security/sshuttle/default.nix new file mode 100644 index 000000000000..959712488a20 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sshuttle/default.nix @@ -0,0 +1,50 @@ +{ lib +, stdenv +, python3Packages +, makeWrapper +, coreutils +, iptables +, nettools +, openssh +, procps +}: + +python3Packages.buildPythonApplication rec { + pname = "sshuttle"; + version = "1.0.5"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "fd8c691aac2cb80933aae7f94d9d9e271a820efc5c48e73408f1a90da426a1bd"; + }; + + patches = [ ./sudo.patch ]; + + postPatch = '' + substituteInPlace setup.cfg \ + --replace '--cov=sshuttle --cov-branch --cov-report=term-missing' "" + ''; + + nativeBuildInputs = [ makeWrapper python3Packages.setuptools-scm ]; + + propagatedBuildInputs = [ python3Packages.psutil ]; + + checkInputs = with python3Packages; [ mock pytestCheckHook flake8 ]; + + postInstall = '' + wrapProgram $out/bin/sshuttle \ + --prefix PATH : "${lib.makeBinPath ([ coreutils openssh procps ] ++ lib.optionals stdenv.isLinux [ iptables nettools ])}" \ + ''; + + meta = with lib; { + homepage = "https://github.com/sshuttle/sshuttle/"; + description = "Transparent proxy server that works as a poor man's VPN"; + longDescription = '' + Forward connections over SSH, without requiring administrator access to the + target network (though it does require Python 2.7, Python 3.5 or later at both ends). + Works with Linux and Mac OS and supports DNS tunneling. + ''; + license = licenses.lgpl21; + maintainers = with maintainers; [ domenkozar carlosdagos ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch b/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch new file mode 100644 index 000000000000..6e8634bd4a1f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch @@ -0,0 +1,13 @@ +diff --git a/sshuttle/client.py b/sshuttle/client.py +index cab5b1c..e89f8a6 100644 +--- a/sshuttle/client.py ++++ b/sshuttle/client.py +@@ -192,7 +192,7 @@ class FirewallClient: + + self.auto_nets = [] + python_path = os.path.dirname(os.path.dirname(__file__)) +- argvbase = ([sys.executable, sys.argv[0]] + ++ argvbase = ([sys.argv[0]] + + ['-v'] * (helpers.verbose or 0) + + ['--method', method_name] + + ['--firewall']) diff --git a/nixpkgs/pkgs/tools/security/sslscan/default.nix b/nixpkgs/pkgs/tools/security/sslscan/default.nix new file mode 100644 index 000000000000..1c9dfc36107a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sslscan/default.nix @@ -0,0 +1,28 @@ +{ lib +, stdenv +, fetchFromGitHub +, openssl +}: + +stdenv.mkDerivation rec { + pname = "sslscan"; + version = "2.0.11"; + + src = fetchFromGitHub { + owner = "rbsec"; + repo = "sslscan"; + rev = version; + sha256 = "sha256-ROdi1pU2VeswmItHOSZimOkPYlgdqEMg2b7zt0f9WrM="; + }; + + buildInputs = [ openssl ]; + + makeFlags = [ "PREFIX=$(out)" "CC=${stdenv.cc.targetPrefix}cc" ]; + + meta = with lib; { + description = "Tests SSL/TLS services and discover supported cipher suites"; + homepage = "https://github.com/rbsec/sslscan"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ fpletz globin ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ssss/default.nix b/nixpkgs/pkgs/tools/security/ssss/default.nix new file mode 100644 index 000000000000..61d10111120e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssss/default.nix @@ -0,0 +1,45 @@ +{ lib +, stdenv +, fetchFromGitHub +, gmp +, installShellFiles +}: + +stdenv.mkDerivation rec { + pname = "ssss"; + version = "0.5.7"; + + src = fetchFromGitHub { + owner = "MrJoy"; + repo = pname; + rev = "releases%2Fv${version}"; + sha256 = "18r1hwch6nq6gjijavr4pvrxz2plrlrvdx8ssqhdj2vmqvlqwbvd"; + }; + + nativeBuildInputs = [ + installShellFiles + ]; + + buildInputs = [ + gmp + ]; + + preBuild = '' + sed -e s@/usr/@$out/@g -i Makefile + cp ssss.manpage.xml ssss.1 + mkdir -p $out/bin + echo -e 'install:\n\tcp ssss-combine ssss-split '"$out"'/bin' >>Makefile + ''; + + postInstall = '' + installManPage ssss.1 + ''; + + meta = with lib; { + description = "Shamir Secret Sharing Scheme"; + homepage = "http://point-at-infinity.org/ssss/"; + license = licenses.gpl2Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/stacs/default.nix b/nixpkgs/pkgs/tools/security/stacs/default.nix new file mode 100644 index 000000000000..352c217b76a4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/stacs/default.nix @@ -0,0 +1,42 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "stacs"; + version = "0.2.0"; + + src = fetchFromGitHub { + owner = "stacscan"; + repo = pname; + rev = version; + sha256 = "00ZYdpJktqUXdzPcouHyZcOQyFm7jdFNVuDqsufOviE="; + }; + + nativeBuildInputs = with python3.pkgs; [ + setupmeta + ]; + + propagatedBuildInputs = with python3.pkgs; [ + click + pydantic + typing-extensions + yara-python + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "stacs" + ]; + + meta = with lib; { + description = "Static token and credential scanner"; + homepage = "https://github.com/stacscan/stacs"; + license = with licenses; [ bsd3 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/stegseek/default.nix b/nixpkgs/pkgs/tools/security/stegseek/default.nix new file mode 100644 index 000000000000..f898b5eab0e6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/stegseek/default.nix @@ -0,0 +1,44 @@ +{ lib, stdenv +, cmake +, fetchFromGitHub +, libjpeg +, libmcrypt +, libmhash +, libtool +, zlib +}: + +stdenv.mkDerivation rec { + pname = "stegseek"; + version = "0.6"; + + src = fetchFromGitHub { + owner = "RickdeJager"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-B5oJffYOYfsH0YRq/Bq0ciIlCsCONyScFBjP7a1lIzo="; + }; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ + libjpeg + libmcrypt + libmhash + libtool + zlib + ]; + + doCheck = true; + + meta = with lib; { + description = "Tool to crack steganography"; + longDescription = '' + Stegseek is a lightning fast steghide cracker that can be + used to extract hidden data from files. + ''; + homepage = "https://github.com/RickdeJager/stegseek"; + license = with licenses; [ gpl2Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/step-ca/default.nix b/nixpkgs/pkgs/tools/security/step-ca/default.nix new file mode 100644 index 000000000000..97a42646312e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/step-ca/default.nix @@ -0,0 +1,59 @@ +{ stdenv +, lib +, fetchFromGitHub +, buildGoModule +, coreutils +, pcsclite +, PCSC +, pkg-config +, hsmSupport ? true +, nixosTests +}: + +buildGoModule rec { + pname = "step-ca"; + version = "0.18.1"; + + src = fetchFromGitHub { + owner = "smallstep"; + repo = "certificates"; + rev = "v${version}"; + sha256 = "sha256-oebmJ+xrJTV5gXH3U1lWCSQMHiVnUTa0ZTp39sVB7KM="; + }; + + vendorSha256 = "sha256-IJXJS+Z93Hw1I1CAeRv4mq8as9DKebqNFa0IMgZ+Kic="; + + ldflags = [ "-buildid=" ]; + + nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ]; + + buildInputs = + lib.optionals (hsmSupport && stdenv.isLinux) [ pcsclite ] + ++ lib.optionals (hsmSupport && stdenv.isDarwin) [ PCSC ]; + + postPatch = '' + substituteInPlace systemd/step-ca.service --replace "/bin/kill" "${coreutils}/bin/kill" + ''; + + preBuild = '' + ${lib.optionalString (!hsmSupport) "export CGO_ENABLED=0"} + ''; + + postInstall = '' + install -Dm444 -t $out/lib/systemd/system systemd/step-ca.service + ''; + + # Tests start http servers which need to bind to local addresses: + # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted + __darwinAllowLocalNetworking = true; + + passthru.tests.step-ca = nixosTests.step-ca; + + meta = with lib; { + description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH"; + homepage = "https://smallstep.com/certificates/"; + license = licenses.asl20; + maintainers = with maintainers; [ cmcdragonkai mohe2015 ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/step-cli/default.nix b/nixpkgs/pkgs/tools/security/step-cli/default.nix new file mode 100644 index 000000000000..e91a35b808ce --- /dev/null +++ b/nixpkgs/pkgs/tools/security/step-cli/default.nix @@ -0,0 +1,38 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "step-cli"; + version = "0.18.1"; + + src = fetchFromGitHub { + owner = "smallstep"; + repo = "cli"; + rev = "v${version}"; + sha256 = "sha256-gMJFzfqQsxOXPRdRj48c3FKhXsPLEmegiENa2OHWEGo="; + }; + + ldflags = [ + "-w" + "-s" + "-X main.Version=${version}" + ]; + + preCheck = '' + # Tries to connect to smallstep.com + rm command/certificate/remote_test.go + ''; + + vendorSha256 = "sha256-wnMQPnL8M57BOY9QmawLpqtWv+n3GdfIadJ3PwuicOU="; + + meta = with lib; { + description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc"; + homepage = "https://smallstep.com/cli/"; + license = licenses.asl20; + maintainers = with maintainers; [ xfix ]; + platforms = platforms.linux ++ platforms.darwin; + mainProgram = "step"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/stoken/default.nix b/nixpkgs/pkgs/tools/security/stoken/default.nix new file mode 100644 index 000000000000..04e47dcb8409 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/stoken/default.nix @@ -0,0 +1,36 @@ +{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, pkg-config +, libxml2, nettle +, withGTK3 ? true, gtk3 }: + +stdenv.mkDerivation rec { + pname = "stoken"; + version = "0.92"; + src = fetchFromGitHub { + owner = "cernekee"; + repo = pname; + rev = "v${version}"; + sha256 = "0q7cv8vy5b2cslm57maqb6jsm7s4rwacjyv6gplwp26yhm38hw7y"; + }; + + preConfigure = '' + aclocal + libtoolize --automake --copy + autoheader + automake --add-missing --copy + autoconf + ''; + + strictDeps = true; + nativeBuildInputs = [ pkg-config autoconf automake libtool ]; + buildInputs = [ + libxml2 nettle + ] ++ lib.optional withGTK3 gtk3; + + meta = with lib; { + description = "Software Token for Linux/UNIX"; + homepage = "https://github.com/cernekee/stoken"; + license = licenses.lgpl21Plus; + maintainers = [ ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/stricat/default.nix b/nixpkgs/pkgs/tools/security/stricat/default.nix new file mode 100644 index 000000000000..bdd7d18923f1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/stricat/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "stricat"; + version = "20140609100300"; + + src = fetchurl { + url = "http://www.stribob.com/dist/${pname}-${version}.tgz"; + sha256 = "1axg8r4g5n5kdqj5013pgck80nni3z172xkg506vz4zx1zcmrm4r"; + }; + + buildFlags = [ "CC=${stdenv.cc.targetPrefix}cc" ]; + + installPhase = '' + mkdir -p $out/bin + mv stricat $out/bin + ''; + + meta = { + description = "Multi-use cryptographic tool based on the STRIBOB algorithm"; + homepage = "https://www.stribob.com/stricat/"; + license = lib.licenses.bsd3; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/su-exec/default.nix b/nixpkgs/pkgs/tools/security/su-exec/default.nix new file mode 100644 index 000000000000..0e26d2430cb1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/su-exec/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "su-exec"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "ncopa"; + repo = "su-exec"; + rev = "v${version}"; + sha256 = "12vqlnpv48cjfh25sn98k1myc7h2wiv5qw2y2awgp6sipzv88abv"; + }; + + installPhase = '' + mkdir -p $out/bin + cp -a su-exec $out/bin/su-exec + ''; + + meta = with lib; { + description = "switch user and group id and exec"; + homepage = "https://github.com/ncopa/su-exec"; + license = licenses.mit; + maintainers = with maintainers; [ zimbatm ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/subjs/default.nix b/nixpkgs/pkgs/tools/security/subjs/default.nix new file mode 100644 index 000000000000..65d3f18be794 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/subjs/default.nix @@ -0,0 +1,32 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "subjs"; + version = "1.0.1"; + + src = fetchFromGitHub { + owner = "lc"; + repo = pname; + rev = "v${version}"; + sha256 = "01cip5rf35dnh3l325p03y6axyqdpf48ry4zcwiyd7hlfsglbk3j"; + }; + + vendorSha256 = "1y01k8pvv7y9zb15wbk068cvkx0g83484jak2dvcvghqcf5j1fr1"; + + ldflags = [ "-s" "-w" "-X main.AppVersion=${version}" ]; + + meta = with lib; { + description = "Fetcher for Javascript files"; + longDescription = '' + subjs fetches Javascript files from a list of URLs or subdomains. + Analyzing Javascript files can help you find undocumented endpoints, + secrets and more. + ''; + homepage = "https://github.com/lc/subjs"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sudo/default.nix b/nixpkgs/pkgs/tools/security/sudo/default.nix new file mode 100644 index 000000000000..7baf1cf6b815 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sudo/default.nix @@ -0,0 +1,93 @@ +{ lib +, stdenv +, fetchurl +, buildPackages +, coreutils +, pam +, groff +, sssd +, nixosTests +, sendmailPath ? "/run/wrappers/bin/sendmail" +, withInsults ? false +, withSssd ? false +}: + +stdenv.mkDerivation rec { + pname = "sudo"; + version = "1.9.9"; + + src = fetchurl { + url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; + sha256 = "sha256-bW7oY6O8Jsh2YQk6dOxj4Q/QMc66cUZC0hY23+JePgA="; + }; + + prePatch = '' + # do not set sticky bit in nix store + substituteInPlace src/Makefile.in --replace 04755 0755 + ''; + + configureFlags = [ + "--with-env-editor" + "--with-editor=/run/current-system/sw/bin/nano" + "--with-rundir=/run/sudo" + "--with-vardir=/var/db/sudo" + "--with-logpath=/var/log/sudo.log" + "--with-iologdir=/var/log/sudo-io" + "--with-sendmail=${sendmailPath}" + "--enable-tmpfiles.d=no" + ] ++ lib.optional withInsults [ + "--with-insults" + "--with-all-insults" + ] ++ lib.optional withSssd [ + "--with-sssd" + "--with-sssd-lib=${sssd}/lib" + ]; + + configureFlagsArray = [ + "--with-passprompt=[sudo] password for %p: " # intentional trailing space + ]; + + postConfigure = + '' + cat >> pathnames.h <<'EOF' + #undef _PATH_MV + #define _PATH_MV "${coreutils}/bin/mv" + EOF + makeFlags="install_uid=$(id -u) install_gid=$(id -g)" + installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/" + ''; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ groff ]; + buildInputs = [ pam ]; + + enableParallelBuilding = true; + + doCheck = false; # needs root + + postInstall = '' + rm $out/share/doc/sudo/ChangeLog + ''; + + passthru.tests = { inherit (nixosTests) sudo; }; + + meta = { + description = "A command to run commands as root"; + + longDescription = + '' + Sudo (su "do") allows a system administrator to delegate + authority to give certain users (or groups of users) the ability + to run some (or all) commands as root or another user while + providing an audit trail of the commands and their arguments. + ''; + + homepage = "https://www.sudo.ws/"; + + license = "https://www.sudo.ws/sudo/license.html"; + + maintainers = with lib.maintainers; [ eelco delroth ]; + + platforms = lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix b/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix new file mode 100644 index 000000000000..242da1a67bb4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix @@ -0,0 +1,31 @@ +# This file was generated by go2nix, then modified by hand for Darwin support. +{ lib, buildGoPackage, fetchFromGitHub, darwin }: + +buildGoPackage rec { + pname = "sudolikeaboss-unstable"; + version = "20161127-${lib.strings.substring 0 7 rev}"; + rev = "2d9afe19f872c9f433d476e57ee86169781b164c"; + + goPackagePath = "github.com/ravenac95/sudolikeaboss"; + + src = fetchFromGitHub { + owner = "ravenac95"; + repo = "sudolikeaboss"; + inherit rev; + sha256 = "0ni3v4kanxfzxzjd48f5dgv62jbfrw7kdmq0snj09hw7ciw55yg6"; + }; + + goDeps = ./deps.nix; + + buildInputs = with darwin.apple_sdk.frameworks; [ + Cocoa + ]; + + meta = with lib; { + inherit (src.meta) homepage; + description = "Get 1password access from iterm2"; + license = licenses.mit; + maintainers = [ maintainers.grahamc ]; + platforms = platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix b/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix new file mode 100644 index 000000000000..350306a24f4b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix @@ -0,0 +1,39 @@ +# This file was generated by go2nix. +[ + { + goPackagePath = "github.com/Sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/Sirupsen/logrus"; + rev = "881bee4e20a5d11a6a88a5667c6f292072ac1963"; + sha256 = "176a09lp20f0qfhwwlh2xg0vk7z1g7gq8k2wr3sg1fd8m86wrzzg"; + }; + } + { + goPackagePath = "github.com/satori/go.uuid"; + fetch = { + type = "git"; + url = "https://github.com/satori/go.uuid"; + rev = "b061729afc07e77a8aa4fad0a2fd840958f1942a"; + sha256 = "0q87n5an7ha2d8kl6gn9wi41rq0whsxq68w5x3nxz7w9vgkfnq1k"; + }; + } + { + goPackagePath = "github.com/urfave/cli"; + fetch = { + type = "git"; + url = "https://github.com/urfave/cli"; + rev = "0bdeddeeb0f650497d603c4ad7b20cfe685682f6"; + sha256 = "1ny63c7bfwfrsp7vfkvb4i0xhq4v7yxqnwxa52y4xlfxs4r6v6fg"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "0c96df335ed3f17f758cba1a2c71b7849dd828e3"; + sha256 = "02zn1f539y5yc1sx82ym8c3pp3z371d1ldhl20skwjwbdw1ln8hm"; + }; + } +] diff --git a/nixpkgs/pkgs/tools/security/super/0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch b/nixpkgs/pkgs/tools/security/super/0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch new file mode 100644 index 000000000000..048486caafd7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/super/0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch @@ -0,0 +1,51 @@ +From 86e37c1c09c23924c4e055a3d4b8c79f19cd0599 Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Mon, 10 Aug 2020 21:33:39 +0200 +Subject: [PATCH] Remove references to dropped `sys_nerr` & `sys_errlist` for + `glibc-2.32` compat + +According to the release-notes[1], `strerror(3)` should be used. This is +already the case, however the source tries to be backwards-compatible by +supporting `sys_nerr` & `sys_errlist` which breaks compilation +unfortunately. + +Simply using `strerror` fixes the problems. + +[1] https://sourceware.org/pipermail/libc-announce/2020/000029.html +--- + utils.c | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +diff --git a/utils.c b/utils.c +index 3ec70b6..430f027 100644 +--- a/utils.c ++++ b/utils.c +@@ -2003,7 +2003,6 @@ int n; + + #ifdef HAVE_SYS_ERRLIST + extern char *sys_errlist[]; +- extern int sys_nerr; + #endif + + /* +@@ -2019,16 +2018,7 @@ int errnum; + sprintf(buf, "Error %d", errnum); + return buf; + #else +- if (errnum < 0 || errnum > sys_nerr) { +- sprintf(buf, "Error %d (!)", errnum); +- return buf; +- } else { +-#ifdef HAVE_STRERROR +- return strerror(errnum); +-#else +- return sys_errlist[errnum]; +-#endif +- } ++ return strerror(errnum); + #endif + } + +-- +2.25.4 + diff --git a/nixpkgs/pkgs/tools/security/super/default.nix b/nixpkgs/pkgs/tools/security/super/default.nix new file mode 100644 index 000000000000..d87580975f19 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/super/default.nix @@ -0,0 +1,50 @@ +{ lib, stdenv, fetchurl, fetchpatch }: + +stdenv.mkDerivation rec { + pname = "super"; + version = "3.30.0"; + + src = fetchurl { + name = "super-${version}.tar.gz"; + url = "https://www.ucolick.org/~will/RUE/super/super-${version}-tar.gz"; + sha256 = "0k476f83w7f45y9jpyxwr00ikv1vhjiq0c26fgjch9hnv18icvwy"; + }; + + prePatch = '' + # do not set sticky bit in nix store + substituteInPlace Makefile.in \ + --replace "-o root" "" \ + --replace 04755 755 + ''; + + patches = [ + ./0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch + (fetchpatch { + name = "CVE-2014-0470.patch"; + url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch"; + sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; + }) + ]; + + NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE"; + + configureFlags = [ + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(TMPDIR)" ]; + + meta = { + homepage = "https://www.ucolick.org/~will/#super"; + description = "Allows users to execute scripts as if they were root"; + longDescription = + '' + This package provides two commands: 1) “super”, which allows + users to execute commands under a different uid/gid (specified + in /etc/super.tab); and 2) “setuid”, which allows root to + execute a command under a different uid. + ''; + platforms = lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/swtpm/default.nix b/nixpkgs/pkgs/tools/security/swtpm/default.nix new file mode 100644 index 000000000000..648165d8262e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/swtpm/default.nix @@ -0,0 +1,77 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, pkg-config +, libtasn1, openssl, fuse, glib, libseccomp, json-glib +, libtpms +, unixtools, expect, socat +, gnutls +, perl + +# Tests +, python3, which +, nixosTests +}: + +stdenv.mkDerivation rec { + pname = "swtpm"; + version = "0.7.1"; + + src = fetchFromGitHub { + owner = "stefanberger"; + repo = "swtpm"; + rev = "v${version}"; + sha256 = "sha256-LJQF8PlRkhCJ8rjZzDetg1BFuTb7GBJ8lW6u5hO134k="; + }; + + nativeBuildInputs = [ + pkg-config unixtools.netstat expect socat + perl # for pod2man + autoreconfHook + ]; + + checkInputs = [ + python3 which + ]; + + buildInputs = [ + libtpms + openssl libtasn1 libseccomp + fuse glib json-glib + gnutls + ]; + + configureFlags = [ + "--with-cuse" + "--localstatedir=/var" + ]; + + postPatch = '' + patchShebangs tests/* + + # Makefile tries to create the directory /var/lib/swtpm-localca, which fails + substituteInPlace samples/Makefile.am \ + --replace 'install-data-local:' 'do-not-execute:' + + # Use the correct path to the certtool binary + # instead of relying on it being in the environment + substituteInPlace src/swtpm_localca/swtpm_localca.c --replace \ + '# define CERTTOOL_NAME "certtool"' \ + '# define CERTTOOL_NAME "${gnutls}/bin/certtool"' + ''; + + doCheck = true; + enableParallelBuilding = true; + + outputs = [ "out" "man" ]; + + passthru.tests = { inherit (nixosTests) systemd-cryptenroll; }; + + meta = with lib; { + description = "Libtpms-based TPM emulator"; + homepage = "https://github.com/stefanberger/swtpm"; + license = licenses.bsd3; + maintainers = [ maintainers.baloo ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sx-go/default.nix b/nixpkgs/pkgs/tools/security/sx-go/default.nix new file mode 100644 index 000000000000..c9dbb6559857 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sx-go/default.nix @@ -0,0 +1,35 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, libpcap +}: + +buildGoModule rec { + pname = "sx-go"; + version = "0.4.0"; + + src = fetchFromGitHub { + owner = "v-byte-cpu"; + repo = "sx"; + rev = "v${version}"; + sha256 = "0djpwy40wj5asky8a16i7a117816p8g94p5y0wkl74jp07cybmrl"; + }; + + vendorSha256 = "0n1h9jch0zfafli8djjr6wkgfxxpnh4q873d5mr1xg8a25qhlifr"; + + buildInputs = [ + libpcap + ]; + + postFixup = '' + # Rename binary to avoid conflict with sx + mv $out/bin/sx $out/bin/${pname} + ''; + + meta = with lib; { + description = "Command-line network scanner"; + homepage = "https://github.com/v-byte-cpu/sx"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tboot/default.nix b/nixpkgs/pkgs/tools/security/tboot/default.nix new file mode 100644 index 000000000000..d11426a2b48c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tboot/default.nix @@ -0,0 +1,35 @@ +{ lib, stdenv, fetchurl, openssl, perl, trousers, zlib }: + +stdenv.mkDerivation rec { + pname = "tboot"; + version = "1.10.3"; + + src = fetchurl { + url = "mirror://sourceforge/tboot/${pname}-${version}.tar.gz"; + sha256 = "sha256-ixFs9Bd6VNT1n5RU6n38hFR+m4+SBNzwrCNXRmCHgOQ="; + }; + + buildInputs = [ openssl trousers zlib ]; + + enableParallelBuilding = true; + + preConfigure = '' + substituteInPlace tboot/Makefile --replace /usr/bin/perl ${perl}/bin/perl + + for a in lcptools-v2 tb_polgen utils; do + substituteInPlace "$a/Makefile" --replace /usr/sbin /sbin + done + substituteInPlace docs/Makefile --replace /usr/share /share + ''; + + installFlags = [ "DESTDIR=$(out)" ]; + + meta = with lib; { + description = "A pre-kernel/VMM module that uses Intel(R) TXT to perform a measured and verified launch of an OS kernel/VMM"; + homepage = "https://sourceforge.net/projects/tboot/"; + changelog = "https://sourceforge.net/p/tboot/code/ci/v${version}/tree/CHANGELOG"; + license = licenses.bsd3; + maintainers = with maintainers; [ ak ]; + platforms = [ "x86_64-linux" "i686-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix b/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix new file mode 100644 index 000000000000..eb889cfef165 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchFromGitHub, autoreconfHook +, openssl +, libcap, libpcap, libnfnetlink, libnetfilter_conntrack, libnetfilter_queue +}: + +with lib; + +stdenv.mkDerivation rec { + pname = "tcpcrypt"; + version = "0.5"; + + src = fetchFromGitHub { + repo = "tcpcrypt"; + owner = "scslab"; + rev = "v${version}"; + sha256 = "0a015rlyvagz714pgwr85f8gjq1fkc0il7d7l39qcgxrsp15b96w"; + }; + + postUnpack = "mkdir -vp $sourceRoot/m4"; + + outputs = [ "bin" "dev" "out" ]; + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ openssl libpcap ] + ++ optionals stdenv.isLinux [ libcap libnfnetlink libnetfilter_conntrack libnetfilter_queue ]; + + enableParallelBuilding = true; + + meta = { + homepage = "http://tcpcrypt.org/"; + description = "Fast TCP encryption"; + platforms = platforms.all; + license = licenses.bsd2; + }; +} diff --git a/nixpkgs/pkgs/tools/security/teler/default.nix b/nixpkgs/pkgs/tools/security/teler/default.nix new file mode 100644 index 000000000000..ffcab3a41877 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/teler/default.nix @@ -0,0 +1,37 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "teler"; + version = "1.2.2"; + + src = fetchFromGitHub { + owner = "kitabisa"; + repo = "teler"; + rev = "v${version}"; + sha256 = "sha256-i4106PtoCJt5CY9ahczZYe9GufBkaZS+9Peh0IY9r1M="; + }; + + vendorSha256 = "sha256-TQjwPem+RMuoF5T02CL/CTvBS6W7Q786gTvYUFIvxjE="; + + ldflags = [ + "-s" "-w" "-X ktbs.dev/teler/common.Version=${version}" + ]; + + # test require internet access + doCheck = false; + + meta = with lib; { + description = "Real-time HTTP Intrusion Detection"; + longDescription = '' + teler is an real-time intrusion detection and threat alert + based on web log that runs in a terminal with resources that + we collect and provide by the community. + ''; + homepage = "https://github.com/kitabisa/teler"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/terrascan/default.nix b/nixpkgs/pkgs/tools/security/terrascan/default.nix new file mode 100644 index 000000000000..ea431f7272d7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/terrascan/default.nix @@ -0,0 +1,33 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "terrascan"; + version = "1.13.1"; + + src = fetchFromGitHub { + owner = "accurics"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-GIonoedad/ruKN8DaFfFdW4l3ZWIM1NI5DtgBYPw+38="; + }; + + vendorSha256 = "sha256-h/mSF4hJ3TS+4b3CCUEXVin8MRcPg8qEe90Mcxk0uVo="; + + # Tests want to download a vulnerable Terraform project + doCheck = false; + + meta = with lib; { + description = "Detect compliance and security violations across Infrastructure"; + longDescription = '' + Detect compliance and security violations across Infrastructure as Code to + mitigate risk before provisioning cloud native infrastructure. It contains + 500+ polices and support for Terraform and Kubernetes. + ''; + homepage = "https://github.com/accurics/terrascan"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/thc-hydra/default.nix b/nixpkgs/pkgs/tools/security/thc-hydra/default.nix new file mode 100644 index 000000000000..b6e3056e0232 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/thc-hydra/default.nix @@ -0,0 +1,50 @@ +{ stdenv, lib, fetchFromGitHub, zlib, openssl, ncurses, libidn, pcre, libssh, libmysqlclient, postgresql +, withGUI ? false, makeWrapper, pkg-config, gtk2 }: + +stdenv.mkDerivation rec { + pname = "thc-hydra"; + version = "9.3"; + + src = fetchFromGitHub { + owner = "vanhauser-thc"; + repo = "thc-hydra"; + rev = "v${version}"; + sha256 = "sha256-SzbaU52IXw5+ztN/GKD6Ki6/cx2icoZEzLHBu/J8sk0="; + }; + + postPatch = let + makeDirs = output: subDir: lib.concatStringsSep " " (map (path: lib.getOutput output path + "/" + subDir) buildInputs); + in '' + substituteInPlace configure \ + --replace '$LIBDIRS' "${makeDirs "lib" "lib"}" \ + --replace '$INCDIRS' "${makeDirs "dev" "include"}" \ + --replace "/usr/include/math.h" "${lib.getDev stdenv.cc.libc}/include/math.h" \ + --replace "libcurses.so" "libncurses.so" \ + --replace "-lcurses" "-lncurses" + ''; + + nativeBuildInputs = lib.optionals withGUI [ pkg-config makeWrapper ]; + + buildInputs = [ + zlib openssl ncurses libidn pcre libssh libmysqlclient postgresql + ] ++ lib.optional withGUI gtk2; + + enableParallelBuilding = true; + + DATADIR = "/share/${pname}"; + + postInstall = lib.optionalString withGUI '' + wrapProgram $out/bin/xhydra \ + --add-flags --hydra-path --add-flags "$out/bin/hydra" + ''; + + meta = with lib; { + description = "A very fast network logon cracker which support many different services"; + homepage = "https://github.com/vanhauser-thc/thc-hydra"; # https://www.thc.org/ + changelog = "https://github.com/vanhauser-thc/thc-hydra/raw/v${version}/CHANGES"; + license = licenses.agpl3Plus; + maintainers = with maintainers; [ offline ]; + platforms = platforms.unix; + badPlatforms = platforms.darwin; # fails to build since v9.3 + }; +} diff --git a/nixpkgs/pkgs/tools/security/thc-ipv6/default.nix b/nixpkgs/pkgs/tools/security/thc-ipv6/default.nix new file mode 100644 index 000000000000..6e7f4fb2891a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/thc-ipv6/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchFromGitHub, libpcap, openssl, libnetfilter_queue, libnfnetlink }: +stdenv.mkDerivation rec { + pname = "thc-ipv6"; + version = "3.8"; + + src = fetchFromGitHub { + owner = "vanhauser-thc"; + repo = pname; + rev = "v${version}"; + sha256 = "07kwika1zdq62s5p5z94xznm77dxjxdg8k0hrg7wygz50151nzmx"; + }; + + buildInputs = [ + libpcap + openssl + libnetfilter_queue + libnfnetlink + ]; + + makeFlags = [ + "PREFIX=$(out)" + ]; + + meta = with lib; { + description = "IPv6 attack toolkit"; + homepage = "https://github.com/vanhauser-thc/thc-ipv6"; + maintainers = with maintainers; [ ajs124 ]; + platforms = platforms.linux; + license = licenses.agpl3Only; + }; +} diff --git a/nixpkgs/pkgs/tools/security/theharvester/default.nix b/nixpkgs/pkgs/tools/security/theharvester/default.nix new file mode 100644 index 000000000000..81bcd66948f3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/theharvester/default.nix @@ -0,0 +1,67 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "theharvester"; + version = "4.0.3"; + + src = fetchFromGitHub { + owner = "laramies"; + repo = pname; + rev = version; + sha256 = "sha256-Ckouhe/Uq6Dv9p/LRpPQkiKuYrwrl/Z7KkYYamDHav8="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + aiodns + aiofiles + aiohttp + aiomultiprocess + aiosqlite + beautifulsoup4 + censys + certifi + dnspython + fastapi + lxml + netaddr + orjson + plotly + pyppeteer + pyyaml + requests + retrying + shodan + slowapi + starlette + uvicorn + uvloop + ]; + + checkInputs = with python3.pkgs; [ + pytest + pytest-asyncio + ]; + + # We don't run other tests (discovery modules) because they require network access + checkPhase = '' + runHook preCheck + pytest tests/test_myparser.py + runHook postCheck + ''; + + meta = with lib; { + description = "Gather E-mails, subdomains and names from different public sources"; + longDescription = '' + theHarvester is a very simple, yet effective tool designed to be used in the early + stages of a penetration test. Use it for open source intelligence gathering and + helping to determine an entity's external threat landscape on the internet. The tool + gathers emails, names, subdomains, IPs, and URLs using multiple public data sources. + ''; + homepage = "https://github.com/laramies/theHarvester"; + maintainers = with maintainers; [ c0bw3b treemo ]; + license = licenses.gpl2Only; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tor/default.nix b/nixpkgs/pkgs/tools/security/tor/default.nix new file mode 100644 index 000000000000..76bfee421968 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tor/default.nix @@ -0,0 +1,119 @@ +{ lib, stdenv, fetchurl, pkg-config, libevent, openssl, zlib, torsocks +, libseccomp, systemd, libcap, xz, zstd, scrypt, nixosTests +, writeShellScript + +# for update.nix +, writeScript +, common-updater-scripts +, bash +, coreutils +, curl +, gnugrep +, gnupg +, gnused +, nix +}: +let + tor-client-auth-gen = writeShellScript "tor-client-auth-gen" '' + PATH="${lib.makeBinPath [coreutils gnugrep openssl]}" + pem="$(openssl genpkey -algorithm x25519)" + + printf private_key=descriptor:x25519: + echo "$pem" | grep -v " PRIVATE KEY" | + base64 -d | tail --bytes=32 | base32 | tr -d = + + printf public_key=descriptor:x25519: + echo "$pem" | openssl pkey -in /dev/stdin -pubout | + grep -v " PUBLIC KEY" | + base64 -d | tail --bytes=32 | base32 | tr -d = + ''; +in +stdenv.mkDerivation rec { + pname = "tor"; + version = "0.4.6.9"; + + src = fetchurl { + url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; + sha256 = "1ad99k4wysxrnlaprv7brxr2nc0h5zdnrh0rma10pqlck2037sf7"; + }; + + outputs = [ "out" "geoip" ]; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ libevent openssl zlib xz zstd scrypt ] ++ + lib.optionals stdenv.isLinux [ libseccomp systemd libcap ]; + + patches = [ ./disable-monotonic-timer-tests.patch ]; + + # cross compiles correctly but needs the following + configureFlags = lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) + "--disable-tool-name-check"; + + NIX_CFLAGS_LINK = lib.optionalString stdenv.cc.isGNU "-lgcc_s"; + + postPatch = '' + substituteInPlace contrib/client-tools/torify \ + --replace 'pathfind torsocks' true \ + --replace 'exec torsocks' 'exec ${torsocks}/bin/torsocks' + + patchShebangs ./scripts/maint/checkShellScripts.sh + ''; + + enableParallelBuilding = true; + + # disable tests on aarch64-darwin, the following tests fail there: + # oom/circbuf: [forking] + # FAIL src/test/test_oom.c:187: assert(c1->marked_for_close) + # [circbuf FAILED] + # oom/streambuf: [forking] + # FAIL src/test/test_oom.c:287: assert(x_ OP_GE 500 - 5): 0 vs 495 + # [streambuf FAILED] + doCheck = !(stdenv.isDarwin && stdenv.isAarch64); + + postInstall = '' + mkdir -p $geoip/share/tor + mv $out/share/tor/geoip{,6} $geoip/share/tor + rm -rf $out/share/tor + ln -s ${tor-client-auth-gen} $out/bin/tor-client-auth-gen + ''; + + passthru = { + tests.tor = nixosTests.tor; + updateScript = import ./update.nix { + inherit lib; + inherit + writeScript + common-updater-scripts + bash + coreutils + curl + gnupg + gnugrep + gnused + nix + ; + }; + }; + + meta = with lib; { + homepage = "https://www.torproject.org/"; + repositories.git = "https://git.torproject.org/git/tor"; + description = "Anonymizing overlay network"; + + longDescription = '' + Tor helps improve your privacy by bouncing your communications around a + network of relays run by volunteers all around the world: it makes it + harder for somebody watching your Internet connection to learn what sites + you visit, and makes it harder for the sites you visit to track you. Tor + works with many of your existing applications, including web browsers, + instant messaging clients, remote login, and other applications based on + the TCP protocol. + ''; + + license = licenses.bsd3; + + maintainers = with maintainers; + [ thoughtpolice joachifm prusnak ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tor/disable-monotonic-timer-tests.patch b/nixpkgs/pkgs/tools/security/tor/disable-monotonic-timer-tests.patch new file mode 100644 index 000000000000..bb124c394f25 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tor/disable-monotonic-timer-tests.patch @@ -0,0 +1,48 @@ +diff --git a/src/test/test_util.c b/src/test/test_util.c +index 0d86a5ab5..e93c6ba89 100644 +--- a/src/test/test_util.c ++++ b/src/test/test_util.c +@@ -6490,13 +6490,9 @@ test_util_monotonic_time(void *arg) + /* We need to be a little careful here since we don't know the system load. + */ + tt_i64_op(monotime_diff_msec(&mt1, &mt2), OP_GE, 175); +- tt_i64_op(monotime_diff_msec(&mt1, &mt2), OP_LT, 1000); + tt_i64_op(monotime_coarse_diff_msec(&mtc1, &mtc2), OP_GE, 125); +- tt_i64_op(monotime_coarse_diff_msec(&mtc1, &mtc2), OP_LT, 1000); + tt_u64_op(nsec2-nsec1, OP_GE, 175000000); +- tt_u64_op(nsec2-nsec1, OP_LT, 1000000000); + tt_u64_op(nsecc2-nsecc1, OP_GE, 125000000); +- tt_u64_op(nsecc2-nsecc1, OP_LT, 1000000000); + + tt_u64_op(msec1, OP_GE, nsec1 / 1000000); + tt_u64_op(usec1, OP_GE, nsec1 / 1000); +@@ -6509,8 +6509,6 @@ test_util_monotonic_time(void *arg) + + uint64_t coarse_stamp_diff = + monotime_coarse_stamp_units_to_approx_msec(stamp2-stamp1); +- tt_u64_op(coarse_stamp_diff, OP_GE, 120); +- tt_u64_op(coarse_stamp_diff, OP_LE, 1200); + + { + uint64_t units = monotime_msec_to_approx_coarse_stamp_units(5000); +@@ -6515,8 +6515,8 @@ test_util_monotonic_time(void *arg) + { + uint64_t units = monotime_msec_to_approx_coarse_stamp_units(5000); + uint64_t ms = monotime_coarse_stamp_units_to_approx_msec(units); +- tt_u64_op(ms, OP_GE, 4950); +- tt_u64_op(ms, OP_LT, 5050); ++ tt_u64_op(ms, OP_GE, 4000); ++ tt_u64_op(ms, OP_LT, 6000); + } + + done: +@@ -6640,9 +6640,6 @@ test_util_monotonic_time_add_msec(void *arg) + monotime_coarse_add_msec(&ct2, &ct1, 1337); + tt_i64_op(monotime_diff_msec(&t1, &t2), OP_EQ, 1337); + tt_i64_op(monotime_coarse_diff_msec(&ct1, &ct2), OP_EQ, 1337); +- // The 32-bit variant must be within 1% of the regular one. +- tt_int_op(monotime_coarse_diff_msec32_(&ct1, &ct2), OP_GT, 1323); +- tt_int_op(monotime_coarse_diff_msec32_(&ct1, &ct2), OP_LT, 1350); + + /* Add 1337 msec twice more; make sure that any second rollover issues + * worked. */ diff --git a/nixpkgs/pkgs/tools/security/tor/torsocks.nix b/nixpkgs/pkgs/tools/security/tor/torsocks.nix new file mode 100644 index 000000000000..399afe7f75cb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tor/torsocks.nix @@ -0,0 +1,43 @@ +{ lib, stdenv, fetchgit, fetchurl, autoreconfHook, libcap }: + +stdenv.mkDerivation rec { + pname = "torsocks"; + version = "2.3.0"; + + src = fetchgit { + url = meta.repositories.git; + rev = "refs/tags/v${version}"; + sha256 = "0x0wpcigf22sjxg7bm0xzqihmsrz51hl4v8xf91qi4qnmr4ny1hb"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + patches = lib.optional stdenv.isDarwin + (fetchurl { + url = "https://trac.torproject.org/projects/tor/raw-attachment/ticket/28538/0001-Fix-macros-for-accept4-2.patch"; + sha256 = "97881f0b59b3512acc4acb58a0d6dfc840d7633ead2f400fad70dda9b2ba30b0"; + }); + + postPatch = '' + # Patch torify_app() + sed -i \ + -e 's,\(local app_path\)=`which $1`,\1=`type -P $1`,' \ + src/bin/torsocks.in + '' + lib.optionalString stdenv.isLinux '' + sed -i \ + -e 's,\(local getcap\)=.*,\1=${libcap}/bin/getcap,' \ + src/bin/torsocks.in + ''; + + doInstallCheck = true; + installCheckTarget = "check-recursive"; + + meta = { + description = "Wrapper to safely torify applications"; + homepage = "https://github.com/dgoulet/torsocks"; + repositories.git = "https://git.torproject.org/torsocks.git"; + license = lib.licenses.gpl2; + platforms = lib.platforms.unix; + maintainers = with lib.maintainers; [ thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tor/update.nix b/nixpkgs/pkgs/tools/security/tor/update.nix new file mode 100644 index 000000000000..c944883d4178 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tor/update.nix @@ -0,0 +1,71 @@ +{ lib +, writeScript +, common-updater-scripts +, bash +, coreutils +, curl +, gnugrep +, gnupg +, gnused +, nix +}: + +with lib; + +let + downloadPageUrl = "https://dist.torproject.org"; + + # See https://www.torproject.org/docs/signing-keys.html + signingKeys = [ + # Roger Dingledine + "B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5" + "F65C E37F 04BA 5B36 0AE6 EE17 C218 5258 19F7 8451" + # Nick Mathewson + "2133 BC60 0AB1 33E1 D826 D173 FE43 009C 4607 B1FB" + "B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5" + ]; +in + +writeScript "update-tor" '' +#! ${bash}/bin/bash + +set -eu -o pipefail + +export PATH=${makeBinPath [ + common-updater-scripts + coreutils + curl + gnugrep + gnupg + gnused + nix +]} + +srcBase=$(curl -L --list-only -- "${downloadPageUrl}" \ + | grep -Eo 'tor-([[:digit:]]+\.?)+\.tar\.gz' \ + | sort -Vu \ + | tail -n1) +srcFile=$srcBase +srcUrl=${downloadPageUrl}/$srcBase + +srcName=''${srcBase/.tar.gz/} +srcVers=(''${srcName//-/ }) +version=''${srcVers[1]} + +sigUrl=$srcUrl.asc +sigFile=''${sigUrl##*/} + +# upstream does not support byte ranges ... +[[ -e "$srcFile" ]] || curl -L -o "$srcFile" -- "$srcUrl" +[[ -e "$sigFile" ]] || curl -L -o "$sigFile" -- "$sigUrl" + +export GNUPGHOME=$PWD/gnupg +mkdir -m 700 -p "$GNUPGHOME" + +gpg --batch --recv-keys ${concatStringsSep " " (map (x: "'${x}'") signingKeys)} +gpg --batch --verify "$sigFile" "$srcFile" + +sha256=$(nix-hash --type sha256 --flat --base32 "$srcFile") + +update-source-version tor "$version" "$sha256" +'' diff --git a/nixpkgs/pkgs/tools/security/tpm-luks/default.nix b/nixpkgs/pkgs/tools/security/tpm-luks/default.nix new file mode 100644 index 000000000000..4aab72cb5dfc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-luks/default.nix @@ -0,0 +1,36 @@ +{ lib, stdenv, fetchgit, autoreconfHook, gawk, trousers, cryptsetup, openssl }: + +stdenv.mkDerivation { + pname = "tpm-luks"; + version = "unstable-2015-07-11"; + + src = fetchgit { + url = "https://github.com/momiji/tpm-luks"; + rev = "c9c5b7fdddbcdac1cd4d2ea6baddd0617cc88ffa"; + sha256 = "1ms2v57f13r9km6mvf9rha5ndmlmjvrz3mcikai6nzhpj0nrjz0w"; + }; + + patches = [ + ./openssl-1.1.patch + ./signed-ptr.patch + ]; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ gawk trousers cryptsetup openssl ]; + + installPhase = '' + mkdir -p $out + make install DESTDIR=$out + mv $out/$out/sbin $out/bin + rm -r $out/nix + ''; + + meta = with lib; { + description = "LUKS key storage in TPM NVRAM"; + homepage = "https://github.com/shpedoikal/tpm-luks/"; + maintainers = [ maintainers.tstrobel ]; + license = with licenses; [ gpl2Only ]; + platforms = platforms.linux; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/tpm-luks/openssl-1.1.patch b/nixpkgs/pkgs/tools/security/tpm-luks/openssl-1.1.patch new file mode 100644 index 000000000000..10132242b345 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-luks/openssl-1.1.patch @@ -0,0 +1,63 @@ +diff --git a/swtpm-utils/lib/hmac.c b/swtpm-utils/lib/hmac.c +index 5545375..f9bedea 100644 +--- a/swtpm-utils/lib/hmac.c ++++ b/swtpm-utils/lib/hmac.c +@@ -381,15 +381,19 @@ uint32_t TSS_authhmac(unsigned char *digest, unsigned char *key, unsigned int ke + /****************************************************************************/ + uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...) + { +- HMAC_CTX hmac; ++ HMAC_CTX* hmac; + unsigned int dlen; + unsigned char *data; + va_list argp; +- +-#ifdef HAVE_HMAC_CTX_CLEANUP +- HMAC_CTX_init(&hmac); +-#endif +- HMAC_Init(&hmac,key,keylen,EVP_sha1()); ++ ++ hmac = HMAC_CTX_new(); ++ ++ if (hmac == NULL) ++ { ++ return ERR_MEM_ERR; ++ } ++ ++ HMAC_Init_ex(hmac,key,keylen,EVP_sha1(),NULL); + + va_start(argp,keylen); + for (;;) +@@ -398,15 +402,11 @@ uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned i + if (dlen == 0) break; + data = (unsigned char *)va_arg(argp,unsigned char *); + if (data == NULL) return ERR_NULL_ARG; +- HMAC_Update(&hmac,data,dlen); ++ HMAC_Update(hmac,data,dlen); + } +- HMAC_Final(&hmac,digest,&dlen); ++ HMAC_Final(hmac,digest,&dlen); + +-#ifdef HAVE_HMAC_CTX_CLEANUP +- HMAC_CTX_cleanup(&hmac); +-#else +- HMAC_cleanup(&hmac); +-#endif ++ HMAC_CTX_free(hmac); + va_end(argp); + return 0; + } +diff --git a/swtpm-utils/lib/keys.c b/swtpm-utils/lib/keys.c +index 99691b6..6627a1f 100644 +--- a/swtpm-utils/lib/keys.c ++++ b/swtpm-utils/lib/keys.c +@@ -1249,8 +1249,7 @@ RSA *TSS_convpubkey(pubkeydata *k) + exp); + } + /* set up the RSA public key structure */ +- rsa->n = mod; +- rsa->e = exp; ++ RSA_set0_key(rsa, mod, exp, NULL); + return rsa; + } + diff --git a/nixpkgs/pkgs/tools/security/tpm-luks/signed-ptr.patch b/nixpkgs/pkgs/tools/security/tpm-luks/signed-ptr.patch new file mode 100644 index 000000000000..83e356a4ef9e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-luks/signed-ptr.patch @@ -0,0 +1,15 @@ +diff --git a/swtpm-utils/getcapability.c b/swtpm-utils/getcapability.c +index 7359ba3..17b4324 100644 +--- a/swtpm-utils/getcapability.c ++++ b/swtpm-utils/getcapability.c +@@ -480,7 +480,8 @@ int main(int argc, char *argv[]) + } + + if (c) { +- char pcrmap[4], *pf; ++ char pcrmap[4]; ++ unsigned char *pf; + + memcpy(pcrmap, ndp.pcrInfoRead.pcrSelection.pcrSelect, + ndp.pcrInfoRead.pcrSelection.sizeOfSelect); + diff --git a/nixpkgs/pkgs/tools/security/tpm-quote-tools/default.nix b/nixpkgs/pkgs/tools/security/tpm-quote-tools/default.nix new file mode 100644 index 000000000000..938d0a6f2946 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-quote-tools/default.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, fetchurl, trousers, openssl }: + +stdenv.mkDerivation rec { + pname = "tpm-quote-tools"; + version = "1.0.4"; + + src = fetchurl { + url = "mirror://sourceforge/project/tpmquotetools/${version}/${pname}-${version}.tar.gz"; + sha256 = "1qjs83xb4np4yn1bhbjfhvkiika410v8icwnjix5ad96w2nlxp0h"; + }; + + buildInputs = [ trousers openssl ]; + + postFixup = '' + patchelf \ + --set-rpath "${lib.makeLibraryPath [ openssl ]}:$(patchelf --print-rpath $out/bin/tpm_mkaik)" \ + $out/bin/tpm_mkaik + ''; + + meta = with lib; { + description = "A collection of programs that provide support for TPM based attestation using the TPM quote mechanism"; + longDescription = '' + The TPM Quote Tools is a collection of programs that provide support + for TPM based attestation using the TPM quote mechanism. The manual + page for tpm_quote_tools provides a usage overview. + ''; + homepage = "http://tpmquotetools.sourceforge.net/"; + license = licenses.bsd3; + maintainers = with maintainers; [ ak ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tpm-tools/default.nix b/nixpkgs/pkgs/tools/security/tpm-tools/default.nix new file mode 100644 index 000000000000..c0e2941323a6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-tools/default.nix @@ -0,0 +1,40 @@ +{ lib, stdenv, fetchurl, trousers, openssl, opencryptoki, perl }: + +let + version = "1.3.9.1"; +in +stdenv.mkDerivation rec { + pname = "tpm-tools"; + inherit version; + + src = fetchurl { + url = "mirror://sourceforge/trousers/tpm-tools/${version}/${pname}-${version}.tar.gz"; + sha256 = "0s7srgghykxnlb1g4izabzf2gfb1knxc0nzn6bly49h8cpi19dww"; + }; + + sourceRoot = "."; + + patches = [ + (fetchurl { + url = "https://sources.debian.org/data/main/t/tpm-tools/1.3.9.1-0.1/debian/patches/05-openssl1.1_fix_data_mgmt.patch"; + sha256 = "161yysw4wgy3spsz6p1d0ib0h5pnrqm8bdh1l71c4hz6a6wpcyxj"; + }) + ]; + + nativeBuildInputs = [ perl ]; + buildInputs = [ trousers openssl opencryptoki ]; + + meta = with lib; { + description = "Management tools for TPM hardware"; + longDescription = '' + tpm-tools is an open-source package designed to enable user and + application enablement of Trusted Computing using a Trusted Platform + Module (TPM), similar to a smart card environment. + ''; + homepage = "https://sourceforge.net/projects/trousers/files/tpm-tools/"; + license = licenses.cpl10; + maintainers = [ maintainers.ak ]; + platforms = platforms.unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix b/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix new file mode 100644 index 000000000000..a3352c5abfdc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix @@ -0,0 +1,49 @@ +{ stdenv, lib, fetchFromGitHub +, autoreconfHook, pkg-config, autoconf-archive, makeWrapper, which +, tpm2-tss, glib, dbus +, cmocka +}: + +stdenv.mkDerivation rec { + pname = "tpm2-abrmd"; + version = "2.3.3"; + + src = fetchFromGitHub { + owner = "tpm2-software"; + repo = pname; + rev = version; + sha256 = "17nv50w1yh6fg7393vfvys9y13lp0gvxx9vcw2pb87ky551d7xkf"; + }; + + nativeBuildInputs = [ pkg-config makeWrapper autoreconfHook autoconf-archive which ]; + buildInputs = [ tpm2-tss glib dbus ]; + checkInputs = [ cmocka ]; + + enableParallelBuilding = true; + + # Emulate the required behavior of ./bootstrap in the original + # package + preAutoreconf = '' + echo "${version}" > VERSION + ''; + + # Unit tests are currently broken as the check phase attempts to start a dbus daemon etc. + #configureFlags = [ "--enable-unit" ]; + doCheck = false; + + # Even though tpm2-tss is in the RUNPATH, starting from 2.3.0 abrmd + # seems to require the path to the device TCTI (used for accessing + # /dev/tpm0) in it's LD_LIBRARY_PATH + postFixup = '' + wrapProgram $out/bin/tpm2-abrmd \ + --suffix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ tpm2-tss ]}" + ''; + + meta = with lib; { + description = "TPM2 resource manager, accessible via D-Bus"; + homepage = "https://github.com/tpm2-software/tpm2-tools"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ matthiasbeyer ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix b/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix new file mode 100644 index 000000000000..3a2e62d4b595 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, lib +, pandoc, pkg-config, makeWrapper, curl, openssl, tpm2-tss, libuuid +, abrmdSupport ? true, tpm2-abrmd ? null }: + +stdenv.mkDerivation rec { + pname = "tpm2-tools"; + version = "5.2"; + + src = fetchurl { + url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; + sha256 = "sha256-wLQC9qezRW6OskRSEeLUHEbH52ngX+TYkJ/2QRn3pjA="; + }; + + nativeBuildInputs = [ pandoc pkg-config makeWrapper ]; + buildInputs = [ + curl openssl tpm2-tss libuuid + ]; + + preFixup = let + ldLibraryPath = lib.makeLibraryPath ([ + tpm2-tss + ] ++ (lib.optional abrmdSupport tpm2-abrmd)); + in '' + wrapProgram $out/bin/tpm2 --suffix LD_LIBRARY_PATH : "${ldLibraryPath}" + wrapProgram $out/bin/tss2 --suffix LD_LIBRARY_PATH : "${ldLibraryPath}" + ''; + + + # Unit tests disabled, as they rely on a dbus session + #configureFlags = [ "--enable-unit" ]; + doCheck = false; + + meta = with lib; { + description = "Command line tools that provide access to a TPM 2.0 compatible device"; + homepage = "https://github.com/tpm2-software/tpm2-tools"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ delroth ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/traitor/default.nix b/nixpkgs/pkgs/tools/security/traitor/default.nix new file mode 100644 index 000000000000..8132364298b6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/traitor/default.nix @@ -0,0 +1,30 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "traitor"; + version = "0.0.9"; + + src = fetchFromGitHub { + owner = "liamg"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-SHfAPPVq5OmS0yPaSXGsMjskQdosoBN4XRLSzkrviJM="; + }; + + vendorSha256 = null; + + meta = with lib; { + description = "Automatic Linux privilege escalation"; + longDescription = '' + Automatically exploit low-hanging fruit to pop a root shell. Traitor packages + up a bunch of methods to exploit local misconfigurations and vulnerabilities + (including most of GTFOBins) in order to pop a root shell. + ''; + homepage = "https://github.com/liamg/traitor"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch b/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch new file mode 100644 index 000000000000..391eb1ad589d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch @@ -0,0 +1,19 @@ +diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/tcsd_conf.c +--- trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c 2013-07-12 18:27:37.000000000 +0200 ++++ trousers-0.3.11.2/src/tcsd/tcsd_conf.c 2013-08-21 14:29:42.917231648 +0200 +@@ -763,6 +763,7 @@ + return TCSERR(TSS_E_INTERNAL_ERROR); + } + ++#ifndef ALLOW_NON_TSS_CONFIG_FILE + /* make sure user/group TSS owns the conf file */ + if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) { + LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file, +@@ -775,6 +776,7 @@ + LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file); + return TCSERR(TSS_E_INTERNAL_ERROR); + } ++#endif + #endif /* SOLARIS */ + + if ((f = fopen(tcsd_config_file, "r")) == NULL) { diff --git a/nixpkgs/pkgs/tools/security/trousers/default.nix b/nixpkgs/pkgs/tools/security/trousers/default.nix new file mode 100644 index 000000000000..16536409b5e6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/trousers/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchurl, openssl, pkg-config, autoreconfHook }: + +stdenv.mkDerivation rec { + pname = "trousers"; + version = "0.3.15"; + + src = fetchurl { + url = "mirror://sourceforge/trousers/trousers/${version}/${pname}-${version}.tar.gz"; + sha256 = "0zy7r9cnr2gvwr2fb1q4fc5xnvx405ymcbrdv7qsqwl3a4zfjnqy"; + }; + + nativeBuildInputs = [ pkg-config autoreconfHook ]; + buildInputs = [ openssl ]; + + patches = [ ./allow-non-tss-config-file-owner.patch ]; + + configureFlags = [ "--disable-usercheck" ]; + + NIX_CFLAGS_COMPILE = [ "-DALLOW_NON_TSS_CONFIG_FILE" ]; + enableParallelBuilding = true; + + meta = with lib; { + description = "Trusted computing software stack"; + homepage = "http://trousers.sourceforge.net/"; + license = licenses.bsd3; + maintainers = [ maintainers.ak ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/truecrack/default.nix b/nixpkgs/pkgs/tools/security/truecrack/default.nix new file mode 100644 index 000000000000..cf64b234c66f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/truecrack/default.nix @@ -0,0 +1,40 @@ +{ lib, gccStdenv, fetchFromGitLab, cudatoolkit +, cudaSupport ? false +, pkg-config }: + +gccStdenv.mkDerivation rec { + pname = "truecrack"; + version = "3.6"; + + src = fetchFromGitLab { + owner = "kalilinux"; + repo = "packages/truecrack"; + rev = "debian/${version}+git20150326-0kali1"; + sha256 = "+Rw9SfaQtO1AJO6UVVDMCo8DT0dYEbv7zX8SI+pHCRQ="; + }; + + configureFlags = (if cudaSupport then [ + "--with-cuda=${cudatoolkit}" + ] else [ + "--enable-cpu" + ]); + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = lib.optionals cudaSupport [ + cudatoolkit + ]; + + installFlags = [ "prefix=$(out)" ]; + enableParallelBuilding = true; + + meta = with lib; { + description = "TrueCrack is a brute-force password cracker for TrueCrypt volumes. It works on Linux and it is optimized for Nvidia Cuda technology."; + homepage = "https://gitlab.com/kalilinux/packages/truecrack"; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ ethancedwards8 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/trufflehog/default.nix b/nixpkgs/pkgs/tools/security/trufflehog/default.nix new file mode 100644 index 000000000000..57f49988e75b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/trufflehog/default.nix @@ -0,0 +1,38 @@ +{ lib, python3Packages }: + +let + truffleHogRegexes = python3Packages.buildPythonPackage rec { + pname = "truffleHogRegexes"; + version = "0.0.7"; + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "b81dfc60c86c1e353f436a0e201fd88edb72d5a574615a7858485c59edf32405"; + }; + }; +in + python3Packages.buildPythonApplication rec { + pname = "truffleHog"; + version = "2.2.1"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "sha256-fw0JyM2iqQrkL4FAXllEozJdkKWELS3eAURx5NZcceQ="; + }; + + # Relax overly restricted version constraint + postPatch = '' + substituteInPlace setup.py --replace "GitPython ==" "GitPython >= " + ''; + + propagatedBuildInputs = [ python3Packages.GitPython truffleHogRegexes ]; + + # Test cases run git clone and require network access + doCheck = false; + + meta = { + homepage = "https://github.com/dxa4481/truffleHog"; + description = "Searches through git repositories for high entropy strings and secrets, digging deep into commit history"; + license = with lib.licenses; [ gpl2 ]; + maintainers = with lib.maintainers; [ bhipple ]; + }; + } diff --git a/nixpkgs/pkgs/tools/security/uddup/default.nix b/nixpkgs/pkgs/tools/security/uddup/default.nix new file mode 100644 index 000000000000..5cde218bacfe --- /dev/null +++ b/nixpkgs/pkgs/tools/security/uddup/default.nix @@ -0,0 +1,36 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "uddup"; + version = "0.9.3"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "rotemreiss"; + repo = pname; + rev = "v${version}"; + sha256 = "1f5dm3772hiik9irnyvbs7wygcafbwi7czw3b47cwhb90b8fi5hg"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + colorama + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "uddup" + ]; + + meta = with lib; { + description = "Tool for de-duplication URLs"; + homepage = "https://github.com/rotemreiss/uddup"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/urlhunter/default.nix b/nixpkgs/pkgs/tools/security/urlhunter/default.nix new file mode 100644 index 000000000000..ebc628e563c6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/urlhunter/default.nix @@ -0,0 +1,29 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "urlhunter"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "utkusen"; + repo = pname; + rev = "v${version}"; + sha256 = "0ph0pwfd8bb5499bsx3bd8sqhn69y00zk32ayc3n61gpcc6rmvn7"; + }; + + vendorSha256 = "165kplaqigis0anafvzfqzwc3jjhsn2mwgf4phb4ck75n3yf85ys"; + + meta = with lib; { + description = "Recon tool that allows searching shortened URLs"; + longDescription = '' + urlhunter is a recon tool that allows searching on URLs that are + exposed via shortener services such as bit.ly and goo.gl. + ''; + homepage = "https://github.com/utkusen/urlhunter"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/usbrip/default.nix b/nixpkgs/pkgs/tools/security/usbrip/default.nix new file mode 100644 index 000000000000..aa09d759b8e4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/usbrip/default.nix @@ -0,0 +1,45 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "usbrip"; + version = "unstable-2021-07-02"; + + disabled = python3.pythonOlder "3.6"; + + src = fetchFromGitHub { + owner = "snovvcrash"; + repo = pname; + rev = "0f3701607ba13212ebefb4bbd9e68ec0e22d76ac"; + sha256 = "1vws8ybhv7szpqvlbmv0hrkys2fhhaa5bj9dywv3q2y1xmljl0py"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + termcolor + terminaltables + tqdm + ]; + + postPatch = '' + # Remove install helpers which we don't need + substituteInPlace setup.py \ + --replace "parse_requirements('requirements.txt')," "[]," \ + --replace "resolve('wheel')" "" \ + --replace "'install': LocalInstallCommand," "" + ''; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ "usbrip" ]; + + meta = with lib; { + description = "Tool to track the history of USB events"; + homepage = "https://github.com/snovvcrash/usbrip"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/vault/default.nix b/nixpkgs/pkgs/tools/security/vault/default.nix new file mode 100644 index 000000000000..6f1de7b45a94 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vault/default.nix @@ -0,0 +1,51 @@ +{ stdenv, lib, fetchFromGitHub, buildGoModule, installShellFiles, nixosTests +, makeWrapper +, gawk +, glibc +}: + +buildGoModule rec { + pname = "vault"; + version = "1.9.3"; + + src = fetchFromGitHub { + owner = "hashicorp"; + repo = "vault"; + rev = "v${version}"; + sha256 = "sha256-2pysQsJynuedqX9Yi4BjTnWuJZ5XTq11UEgkSh7eZyw="; + }; + + vendorSha256 = "sha256-LNN0u48B6xGjrUasxGF+4sw1HxiR22hj8H2/mSyh1SI="; + + subPackages = [ "." ]; + + nativeBuildInputs = [ installShellFiles makeWrapper ]; + + tags = [ "vault" ]; + + ldflags = [ + "-s" "-w" + "-X github.com/hashicorp/vault/sdk/version.GitCommit=${src.rev}" + "-X github.com/hashicorp/vault/sdk/version.Version=${version}" + "-X github.com/hashicorp/vault/sdk/version.VersionPrerelease=" + ]; + + postInstall = '' + echo "complete -C $out/bin/vault vault" > vault.bash + installShellCompletion vault.bash + '' + lib.optionalString stdenv.isLinux '' + wrapProgram $out/bin/vault \ + --prefix PATH ${lib.makeBinPath [ gawk glibc ]} + ''; + + passthru.tests = { inherit (nixosTests) vault vault-postgresql; }; + + meta = with lib; { + homepage = "https://www.vaultproject.io/"; + description = "A tool for managing secrets"; + changelog = "https://github.com/hashicorp/vault/blob/v${version}/CHANGELOG.md"; + platforms = platforms.linux ++ platforms.darwin; + license = licenses.mpl20; + maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri Chili-Man ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix new file mode 100644 index 000000000000..1ffd793be8b2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix @@ -0,0 +1,63 @@ +{ lib, stdenv, fetchurl, unzip, makeWrapper, gawk, glibc }: + +let + version = "1.9.1"; + + sources = let + base = "https://releases.hashicorp.com/vault/${version}"; + in { + x86_64-linux = fetchurl { + url = "${base}/vault_${version}_linux_amd64.zip"; + sha256 = "sha256-kP1wLbkktVCTZopVaT0h/WKqAG3Pd9g7qeruk4MIWJM="; + }; + i686-linux = fetchurl { + url = "${base}/vault_${version}_linux_386.zip"; + sha256 = "sha256-cTZ/hek8wQo9FxIRQ/cc23h7Nqjfonvprf492/lSzLw="; + }; + x86_64-darwin = fetchurl { + url = "${base}/vault_${version}_darwin_amd64.zip"; + sha256 = "sha256-uKW9Yl4PjxWJ886OVAHl1sbPhgYWoL6IJK44vczLQsY="; + }; + aarch64-darwin = fetchurl { + url = "${base}/vault_${version}_darwin_arm64.zip"; + sha256 = "sha256-J0qwUBcnZRZU5TTQB3K8wNE6rdQC1Boy/gKNQRvUYEI="; + }; + aarch64-linux = fetchurl { + url = "${base}/vault_${version}_linux_arm64.zip"; + sha256 = "sha256-eU5s15tBuZFThJGNtnjOV07tiBoVjSSHMS9sY2WqO1o="; + }; + }; + +in stdenv.mkDerivation { + pname = "vault-bin"; + inherit version; + + src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}"); + + nativeBuildInputs = [ makeWrapper unzip ]; + + sourceRoot = "."; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin $out/share/bash-completion/completions + mv vault $out/bin + echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault + '' + lib.optionalString stdenv.isLinux '' + wrapProgram $out/bin/vault \ + --prefix PATH : ${lib.makeBinPath [ gawk glibc ]} + + runHook postInstall + ''; + + dontStrip = stdenv.isDarwin; + + meta = with lib; { + homepage = "https://www.vaultproject.io"; + description = "A tool for managing secrets, this binary includes the UI"; + platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ]; + license = licenses.mpl20; + maintainers = with maintainers; teams.serokell.members ++ [ offline psyanticy Chili-Man ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/default.nix b/nixpkgs/pkgs/tools/security/vaultwarden/default.nix new file mode 100644 index 000000000000..49e02a4e1c26 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vaultwarden/default.nix @@ -0,0 +1,45 @@ +{ lib, stdenv, rustPlatform, fetchFromGitHub, fetchurl, nixosTests +, pkg-config, openssl +, libiconv, Security, CoreServices +, dbBackend ? "sqlite", libmysqlclient, postgresql }: + +rustPlatform.buildRustPackage rec { + pname = "vaultwarden"; + version = "1.24.0"; + + src = fetchFromGitHub { + owner = "dani-garcia"; + repo = pname; + rev = version; + sha256 = "sha256-zeMVdsTSp1z8cwebU2N6w7436N8CcI7PzNedDOSvEx4="; + }; + + cargoSha256 = "sha256-Sn6DuzV2OfaywE0W2afRG0h8PfOprqMtZtYM/exGEww="; + + postPatch = '' + # Upstream specifies 1.57; nixpkgs has 1.56 which also produces a working + # vaultwarden when using RUSTC_BOOTSTRAP=1 + sed -ri 's/^rust-version = .*//g' Cargo.toml + ''; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = with lib; [ openssl ] + ++ optionals stdenv.isDarwin [ libiconv Security CoreServices ] + ++ optional (dbBackend == "mysql") libmysqlclient + ++ optional (dbBackend == "postgresql") postgresql; + + # vaultwarden depends on rocket v0.5.0-dev, which requires nightly features. + # This may be removed if https://github.com/dani-garcia/vaultwarden/issues/712 is fixed. + RUSTC_BOOTSTRAP = 1; + + buildFeatures = dbBackend; + + passthru.tests = nixosTests.vaultwarden; + + meta = with lib; { + description = "Unofficial Bitwarden compatible server written in Rust"; + homepage = "https://github.com/dani-garcia/vaultwarden"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ msteen ivan ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/vault.nix b/nixpkgs/pkgs/tools/security/vaultwarden/vault.nix new file mode 100644 index 000000000000..5ec014de9593 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vaultwarden/vault.nix @@ -0,0 +1,28 @@ +{ lib, stdenv, fetchurl, nixosTests }: + +stdenv.mkDerivation rec { + pname = "vaultwarden-vault"; + version = "2.25.0"; + + src = fetchurl { + url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; + sha256 = "sha256-0uxkHz/oHWl4MdzV7zRVKgkEqOkrl7Fd405TOf472gw="; + }; + + buildCommand = '' + mkdir -p $out/share/vaultwarden/ + cd $out/share/vaultwarden/ + tar xf $src + mv web-vault vault + ''; + + passthru.tests = nixosTests.vaultwarden; + + meta = with lib; { + description = "Integrates the web vault into vaultwarden"; + homepage = "https://github.com/dani-garcia/bw_web_builds"; + platforms = platforms.all; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ msteen mic92 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/verifpal/default.nix b/nixpkgs/pkgs/tools/security/verifpal/default.nix new file mode 100644 index 000000000000..821118f598c5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/verifpal/default.nix @@ -0,0 +1,36 @@ +{ lib +, fetchgit +, buildGoModule +, pigeon +}: + +buildGoModule rec { + pname = "verifpal"; + version = "0.26.1"; + + src = fetchgit { + url = "https://source.symbolic.software/verifpal/verifpal.git"; + rev = "v${version}"; + sha256 = "sha256-y07RXv2QSyUJpGuFsLJ2sGNo4YzhoCYQr3PkUj4eIOY="; + }; + + vendorSha256 = "sha256-gUpgnd/xiLqRNl1bPzVp+0GM/J5GEx0VhUfo6JsX8N8="; + + nativeBuildInputs = [ pigeon ]; + + subPackages = [ "cmd/verifpal" ]; + + # goversioninfo is for Windows only and can be skipped during go generate + preBuild = '' + substituteInPlace cmd/verifpal/main.go --replace "go:generate goversioninfo" "(disabled goversioninfo)" + go generate verifpal.com/cmd/verifpal + ''; + + meta = { + homepage = "https://verifpal.com/"; + description = "Cryptographic protocol analysis for students and engineers"; + maintainers = with lib.maintainers; [ zimbatm ]; + license = with lib.licenses; [ gpl3 ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/volatility/default.nix b/nixpkgs/pkgs/tools/security/volatility/default.nix new file mode 100644 index 000000000000..9c73f8a00195 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/volatility/default.nix @@ -0,0 +1,24 @@ +{ lib, fetchFromGitHub, python2Packages }: + +python2Packages.buildPythonApplication rec { + pname = "volatility"; + version = "2.6.1"; + + src = fetchFromGitHub { + owner = "volatilityfoundation"; + repo = pname; + rev = version; + sha256 = "1v92allp3cv3akk71kljcwxr27h1k067dsq7j9h8jnlwk9jxh6rf"; + }; + + doCheck = false; + + propagatedBuildInputs = with python2Packages; [ pycrypto distorm3 pillow ]; + + meta = with lib; { + homepage = "https://www.volatilityfoundation.org/"; + description = "Advanced memory forensics framework"; + maintainers = with maintainers; [ bosu ]; + license = lib.licenses.gpl2Plus; + }; +} diff --git a/nixpkgs/pkgs/tools/security/volatility3/default.nix b/nixpkgs/pkgs/tools/security/volatility3/default.nix new file mode 100644 index 000000000000..393ac90d3164 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/volatility3/default.nix @@ -0,0 +1,46 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "volatility3"; + version = "2.0.0"; + + disabled = python3.pythonOlder "3.6"; + + src = fetchFromGitHub { + owner = "volatilityfoundation"; + repo = pname; + rev = "v${version}"; + sha256 = "141n09cdc17pfdhs01aw8l4cvsqpcz8ji5l4gi7r88cyf4ix2lnz"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + capstone + jsonschema + pefile + pycryptodome + yara-python + ]; + + preBuild = '' + export HOME=$(mktemp -d); + ''; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ "volatility3" ]; + + meta = with lib; { + description = "Volatile memory extraction frameworks"; + homepage = "https://www.volatilityfoundation.org/"; + license = { + # Volatility Software License 1.0 + free = false; + url = "https://www.volatilityfoundation.org/license/vsl-v1.0"; + }; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/vulnix/default.nix b/nixpkgs/pkgs/tools/security/vulnix/default.nix new file mode 100644 index 000000000000..90d4e0f509b9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vulnix/default.nix @@ -0,0 +1,57 @@ +{ lib +, python3Packages +, nix +, ronn +}: + +python3Packages.buildPythonApplication rec { + pname = "vulnix"; + version = "1.10.1"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "07v3ddvvhi3bslwrlin45kz48i3va2lzd6ny0blj5i2z8z40qcfm"; + }; + + outputs = [ "out" "doc" "man" ]; + nativeBuildInputs = [ ronn ]; + + checkInputs = with python3Packages; [ + freezegun + pytest + pytest-cov + pytest-flake8 + ]; + + propagatedBuildInputs = [ + nix + ] ++ (with python3Packages; [ + click + colorama + pyyaml + requests + setuptools + toml + zodb + ]); + + postBuild = "make -C doc"; + + checkPhase = "py.test src/vulnix"; + + postInstall = '' + install -D -t $doc/share/doc/vulnix README.rst CHANGES.rst + gzip $doc/share/doc/vulnix/*.rst + install -D -t $man/share/man/man1 doc/vulnix.1 + install -D -t $man/share/man/man5 doc/vulnix-whitelist.5 + ''; + + dontStrip = true; + + meta = with lib; { + description = "NixOS vulnerability scanner"; + homepage = "https://github.com/flyingcircusio/vulnix"; + license = licenses.bsd3; + maintainers = with maintainers; [ ckauhaus ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wad/default.nix b/nixpkgs/pkgs/tools/security/wad/default.nix new file mode 100644 index 000000000000..9b284a42a018 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wad/default.nix @@ -0,0 +1,44 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "wad"; + version = "0.4.6"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "CERN-CERT"; + repo = "WAD"; + rev = "v${version}"; + hash = "sha256-/mlmOzFkyKpmK/uk4813Wk0cf/+ynX3Qxafnd1mGR5k="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + six + ]; + + checkInputs = with python3.pkgs; [ + mock + pytestCheckHook + ]; + + pythonImportsCheck = [ + "wad" + ]; + + meta = with lib; { + description = "Tool for detecting technologies used by web applications"; + longDescription = '' + WAD lets you analyze given URL(s) and detect technologies used by web + application behind that URL, from the OS and web server level, to the + programming platform and frameworks, as well as server- and client-side + applications, tools and libraries. + ''; + homepage = "https://github.com/CERN-CERT/WAD"; + # wad is GPLv3+, wappalyzer source is MIT + license = with licenses; [ gpl3Plus mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wafw00f/default.nix b/nixpkgs/pkgs/tools/security/wafw00f/default.nix new file mode 100644 index 000000000000..0e363b608fd4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wafw00f/default.nix @@ -0,0 +1,36 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "wafw00f"; + version = "2.1.0"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "EnableSecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "0526kz6ypww9nxc2vddkhpn1gqvn25mzj3wmi91wwxwxjjb6w4qj"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + requests + pluginbase + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "wafw00f" + ]; + + meta = with lib; { + description = "Tool to identify and fingerprint Web Application Firewalls (WAF)"; + homepage = "https://github.com/EnableSecurity/wafw00f"; + license = with licenses; [ bsd3 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wapiti/default.nix b/nixpkgs/pkgs/tools/security/wapiti/default.nix new file mode 100644 index 000000000000..e27851f618d6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wapiti/default.nix @@ -0,0 +1,143 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "wapiti"; + version = "3.0.9"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "wapiti-scanner"; + repo = pname; + rev = version; + sha256 = "sha256-olqPM8EQ8LxQQM7kqcjbT9RMdBeYdhfn6Qp6BUu8K5Q="; + }; + + nativeBuildInputs = with python3.pkgs; [ + pytest-runner + ]; + + propagatedBuildInputs = with python3.pkgs; [ + aiocache + aiosqlite + beautifulsoup4 + brotli + browser-cookie3 + cryptography + dnspython + httpx + httpx-ntlm + httpx-socks + humanize + loguru + Mako + markupsafe + pysocks + six + sslyze + sqlalchemy + tld + yaswfp + ] ++ lib.optionals (python3.pythonOlder "3.8") [ + importlib-metadata + ]; + + checkInputs = with python3.pkgs; [ + respx + pytest-asyncio + pytestCheckHook + ]; + + postPatch = '' + # Ignore pinned versions + substituteInPlace setup.py \ + --replace "httpx-socks[asyncio] == 0.6.0" "httpx-socks[asyncio]" + sed -i -e "s/==[0-9.]*//" setup.py + substituteInPlace setup.cfg \ + --replace " --cov --cov-report=xml" "" + ''; + + preCheck = '' + export HOME=$(mktemp -d); + ''; + + disabledTests = [ + # Tests requires network access + "test_attr" + "test_bad_separator_used" + "test_blind" + "test_chunked_timeout" + "test_cookies" + "test_drop_cookies" + "test_save_and_restore_state" + "test_explorer_extract_links" + "test_cookies_detection" + "test_csrf_cases" + "test_detection" + "test_direct" + "test_escape_with_style" + "test_explorer_filtering" + "test_false" + "test_frame" + "test_headers_detection" + "test_html_detection" + "test_implies_detection" + "test_inclusion_detection" + "test_meta_detection" + "test_no_crash" + "test_options" + "test_out_of_band" + "test_multi_detection" + "test_vulnerabilities" + "test_partial_tag_name_escape" + "test_prefix_and_suffix_detection" + "test_qs_limit" + "test_rare_tag_and_event" + "test_redirect_detection" + "test_request_object" + "test_script" + "test_ssrf" + "test_merge_with_and_without_redirection" + "test_tag_name_escape" + "test_timeout" + "test_title_false_positive" + "test_title_positive" + "test_true_positive_request_count" + "test_unregistered_cname" + "test_url_detection" + "test_warning" + "test_whole" + "test_xss_inside_tag_input" + "test_xss_inside_tag_link" + "test_xss_uppercase_no_script" + "test_xss_with_strong_csp" + "test_xss_with_weak_csp" + "test_xxe" + # Requires a PHP installation + "test_timesql" + "test_cookies" + # TypeError: Expected bytes or bytes-like object got: <class 'str'> + "test_persister_upload" + ]; + + pythonImportsCheck = [ + "wapitiCore" + ]; + + meta = with lib; { + description = "Web application vulnerability scanner"; + longDescription = '' + Wapiti allows you to audit the security of your websites or web applications. + It performs "black-box" scans (it does not study the source code) of the web + application by crawling the webpages of the deployed webapp, looking for + scripts and forms where it can inject data. Once it gets the list of URLs, + forms and their inputs, Wapiti acts like a fuzzer, injecting payloads to see + if a script is vulnerable. + ''; + homepage = "https://wapiti-scanner.github.io/"; + license = with licenses; [ gpl2Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/whispers/default.nix b/nixpkgs/pkgs/tools/security/whispers/default.nix new file mode 100644 index 000000000000..07c1f1e707e4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/whispers/default.nix @@ -0,0 +1,52 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "whispers"; + version = "1.5.3"; + + src = fetchFromGitHub { + owner = "Skyscanner"; + repo = pname; + rev = version; + sha256 = "sha256-jruUGyoZCyMu015QKtlvfx5WRMfxo/eYUue9wUIWb6o="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + astroid + beautifulsoup4 + jproperties + luhn + lxml + python-Levenshtein + pyyaml + ]; + + checkInputs = with python3.pkgs; [ + pytest-mock + pytestCheckHook + ]; + + postPatch = '' + substituteInPlace setup.py \ + --replace '"pytest-runner"' "" + ''; + + preCheck = '' + # Some tests need the binary available in PATH + export PATH=$out/bin:$PATH + ''; + + pythonImportsCheck = [ + "whispers" + ]; + + meta = with lib; { + description = "Tool to identify hardcoded secrets in static structured text"; + homepage = "https://github.com/Skyscanner/whispers"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wipe/default.nix b/nixpkgs/pkgs/tools/security/wipe/default.nix new file mode 100644 index 000000000000..5b0f079e5a60 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wipe/default.nix @@ -0,0 +1,21 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "wipe"; + version = "2.3.1"; + + src = fetchurl { + url = "mirror://sourceforge/wipe/${version}/${pname}-${version}.tar.bz2"; + sha256 = "180snqvh6k6il6prb19fncflf2jcvkihlb4w84sbndcv1wvicfa6"; + }; + + patches = [ ./fix-install.patch ]; + + meta = with lib; { + description = "Secure file wiping utility"; + homepage = "http://wipe.sourceforge.net/"; + license = licenses.gpl2; + platforms = platforms.all; + maintainers = [ maintainers.abbradar ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wipe/fix-install.patch b/nixpkgs/pkgs/tools/security/wipe/fix-install.patch new file mode 100644 index 000000000000..2df3a1eec6a0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wipe/fix-install.patch @@ -0,0 +1,18 @@ +diff -ru3 wipe-2.3.1/Makefile.in wipe-2.3.1-new/Makefile.in +--- wipe-2.3.1/Makefile.in 2009-11-02 00:11:30.000000000 +0300 ++++ wipe-2.3.1-new/Makefile.in 2014-10-18 02:51:10.088966232 +0400 +@@ -60,12 +60,12 @@ + $(INSTALL_BIN) -d $(bindir) + $(INSTALL_BIN) -s $(BIN_OUT) $(bindir) + $(INSTALL) -d $(mandir)/man1 +- $(INSTALL) -o root -m 0644 wipe.1 $(mandir)/man1/ ++ $(INSTALL) -m 0644 wipe.1 $(mandir)/man1/ + rm -rf $(datadir)/doc/wipe* + $(INSTALL) -d $(datadir)/doc/wipe + + for file in $(DOCS); do \ +- $(INSTALL) -o root -m 0644 $$file $(datadir)/doc/wipe/; \ ++ $(INSTALL) -m 0644 $$file $(datadir)/doc/wipe/; \ + done + + install_home: $(BIN_OUT) diff --git a/nixpkgs/pkgs/tools/security/witness/default.nix b/nixpkgs/pkgs/tools/security/witness/default.nix new file mode 100644 index 000000000000..571685afb400 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/witness/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "witness"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "testifysec"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-NnDsiDUTCdjsHVA/mHnB8WRnvwFTzETkWUOd7IgMIWE="; + }; + + vendorSha256 = "sha256-zkLparWJsuqrhOQxxV37dBqt6fwpSinTO+paJkbl+sM="; + + # We only want the witness binary, not the helper utilities for generating docs. + subPackages = [ "cmd/witness" ]; + + meta = with lib; { + description = "A pluggable framework for software supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target"; + homepage = "https://github.com/testifysec/witness"; + license = licenses.asl20; + maintainers = with maintainers; [ fkautz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wprecon/default.nix b/nixpkgs/pkgs/tools/security/wprecon/default.nix new file mode 100644 index 000000000000..bd343a5f1b12 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wprecon/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "wprecon"; + version = "1.6.3a"; + + src = fetchFromGitHub { + owner = "blackbinn"; + repo = pname; + rev = version; + sha256 = "0gqi4799ha3mf8r7ini0wj4ilkfsh80vnnxijfv9a343r6z5w0dn"; + }; + + vendorSha256 = "1sab58shspll96rqy1rp659s0yikqdcx59z9b88d6p4w8a98ns87"; + + meta = with lib; { + description = "WordPress vulnerability recognition tool"; + homepage = "https://github.com/blackbinn/wprecon"; + # License Zero Noncommercial Public License 2.0.1 + # https://github.com/blackbinn/wprecon/blob/master/LICENSE + license = with licenses; [ unfree ]; + maintainers = with maintainers; [ fab ]; + broken = true; # build fails, missing tag + }; +} diff --git a/nixpkgs/pkgs/tools/security/wpscan/Gemfile b/nixpkgs/pkgs/tools/security/wpscan/Gemfile new file mode 100644 index 000000000000..5d76cd24f3ea --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wpscan/Gemfile @@ -0,0 +1,2 @@ +source 'https://rubygems.org' +gem 'wpscan' diff --git a/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock b/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock new file mode 100644 index 000000000000..9fd526674365 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock @@ -0,0 +1,61 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (6.1.4.1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + addressable (2.8.0) + public_suffix (>= 2.0.2, < 5.0) + cms_scanner (0.13.6) + ethon (~> 0.14.0) + get_process_mem (~> 0.2.5) + nokogiri (>= 1.11.4, < 1.13.0) + opt_parse_validator (~> 1.9.5) + public_suffix (~> 4.0.3) + ruby-progressbar (>= 1.10, < 1.12) + sys-proctable (~> 1.2.2) + typhoeus (>= 1.3, < 1.5) + xmlrpc (~> 0.3) + yajl-ruby (~> 1.4.1) + concurrent-ruby (1.1.9) + ethon (0.14.0) + ffi (>= 1.15.0) + ffi (1.15.4) + get_process_mem (0.2.7) + ffi (~> 1.0) + i18n (1.8.11) + concurrent-ruby (~> 1.0) + minitest (5.14.4) + nokogiri (1.12.5-x86_64-linux) + racc (~> 1.4) + opt_parse_validator (1.9.5) + activesupport (>= 5.2, < 6.2.0) + addressable (>= 2.5, < 2.9) + public_suffix (4.0.6) + racc (1.6.0) + ruby-progressbar (1.11.0) + sys-proctable (1.2.6) + ffi + typhoeus (1.4.0) + ethon (>= 0.9.0) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) + webrick (1.7.0) + wpscan (3.8.20) + cms_scanner (~> 0.13.6) + xmlrpc (0.3.2) + webrick + yajl-ruby (1.4.1) + zeitwerk (2.5.1) + +PLATFORMS + x86_64-linux + +DEPENDENCIES + wpscan + +BUNDLED WITH + 2.2.24 diff --git a/nixpkgs/pkgs/tools/security/wpscan/default.nix b/nixpkgs/pkgs/tools/security/wpscan/default.nix new file mode 100644 index 000000000000..965c48b304fe --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wpscan/default.nix @@ -0,0 +1,30 @@ +{ lib +, bundlerApp +, makeWrapper +, curl +}: + +bundlerApp { + pname = "wpscan"; + gemdir = ./.; + exes = [ "wpscan" ]; + + buildInputs = [ + makeWrapper + ]; + + postBuild = '' + wrapProgram "$out/bin/wpscan" \ + --prefix PATH : ${lib.makeBinPath [ curl ]} + ''; + + passthru.updateScript = ./update.sh; + + meta = with lib; { + description = "Black box WordPress vulnerability scanner"; + homepage = "https://wpscan.org/"; + license = licenses.unfreeRedistributable; + maintainers = with maintainers; [ nyanloutre manveru ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wpscan/gemset.nix b/nixpkgs/pkgs/tools/security/wpscan/gemset.nix new file mode 100644 index 000000000000..0c882a313312 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wpscan/gemset.nix @@ -0,0 +1,245 @@ +{ + activesupport = { + dependencies = ["concurrent-ruby" "i18n" "minitest" "tzinfo" "zeitwerk"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19gx1jcq46x9d1pi1w8xq0bgvvfw239y4lalr8asm291gj3q3ds4"; + type = "gem"; + }; + version = "6.1.4.1"; + }; + addressable = { + dependencies = ["public_suffix"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "022r3m9wdxljpbya69y2i3h9g3dhhfaqzidf95m6qjzms792jvgp"; + type = "gem"; + }; + version = "2.8.0"; + }; + cms_scanner = { + dependencies = ["ethon" "get_process_mem" "nokogiri" "opt_parse_validator" "public_suffix" "ruby-progressbar" "sys-proctable" "typhoeus" "xmlrpc" "yajl-ruby"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1kpp3598xs79irb9g2wkcxjwlszj37sb7lp3xmvf6s5s40p0ccwf"; + type = "gem"; + }; + version = "0.13.6"; + }; + concurrent-ruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nwad3211p7yv9sda31jmbyw6sdafzmdi2i2niaz6f0wk5nq9h0f"; + type = "gem"; + }; + version = "1.1.9"; + }; + ethon = { + dependencies = ["ffi"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1bby4hbq96vnzcdbbybcbddin8dxdnj1ns758kcr4akykningqhh"; + type = "gem"; + }; + version = "0.14.0"; + }; + ffi = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ssxcywmb3flxsjdg13is6k01807zgzasdhj4j48dm7ac59cmksn"; + type = "gem"; + }; + version = "1.15.4"; + }; + get_process_mem = { + dependencies = ["ffi"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1fkyyyxjcx4iigm8vhraa629k2lxa1npsv4015y82snx84v3rzaa"; + type = "gem"; + }; + version = "0.2.7"; + }; + i18n = { + dependencies = ["concurrent-ruby"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0vdd1kii40qhbr9n8qx71k2gskq6rkl8ygy8hw5hfj8bb5a364xf"; + type = "gem"; + }; + version = "1.8.11"; + }; + mini_portile2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1lvxm91hi0pabnkkg47wh1siv56s6slm2mdq1idfm86dyfidfprq"; + type = "gem"; + }; + version = "2.6.1"; + }; + minitest = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19z7wkhg59y8abginfrm2wzplz7py3va8fyngiigngqvsws6cwgl"; + type = "gem"; + }; + version = "5.14.4"; + }; + nokogiri = { + dependencies = ["mini_portile2" "racc"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1v02g7k7cxiwdcahvlxrmizn3avj2q6nsjccgilq1idc89cr081b"; + type = "gem"; + }; + version = "1.12.5"; + }; + opt_parse_validator = { + dependencies = ["activesupport" "addressable"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1jzmn3h9sr7bhjj1fdfvh4yzvqx7d3vsbwbqrf718dh427ifqs9c"; + type = "gem"; + }; + version = "1.9.5"; + }; + public_suffix = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xqcgkl7bwws1qrlnmxgh8g4g9m10vg60bhlw40fplninb3ng6d9"; + type = "gem"; + }; + version = "4.0.6"; + }; + racc = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0la56m0z26j3mfn1a9lf2l03qx1xifanndf9p3vx1azf6sqy7v9d"; + type = "gem"; + }; + version = "1.6.0"; + }; + ruby-progressbar = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "02nmaw7yx9kl7rbaan5pl8x5nn0y4j5954mzrkzi9i3dhsrps4nc"; + type = "gem"; + }; + version = "1.11.0"; + }; + sys-proctable = { + dependencies = ["ffi"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "17zzb1slwhq0j42qh8ywnh4c5ww2wwskl9362ayxf0am86b02zsb"; + type = "gem"; + }; + version = "1.2.6"; + }; + typhoeus = { + dependencies = ["ethon"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1m22yrkmbj81rzhlny81j427qdvz57yk5wbcf3km0nf3bl6qiygz"; + type = "gem"; + }; + version = "1.4.0"; + }; + tzinfo = { + dependencies = ["concurrent-ruby"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "10qp5x7f9hvlc0psv9gsfbxg4a7s0485wsbq1kljkxq94in91l4z"; + type = "gem"; + }; + version = "2.0.4"; + }; + webrick = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1d4cvgmxhfczxiq5fr534lmizkhigd15bsx5719r5ds7k7ivisc7"; + type = "gem"; + }; + version = "1.7.0"; + }; + wpscan = { + dependencies = ["cms_scanner"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "07mzbds1j0a1y6jw4swgc4d7kcflkycdk3ivdw3lxaqaqvbfs35p"; + type = "gem"; + }; + version = "3.8.20"; + }; + xmlrpc = { + dependencies = ["webrick"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xa79ry3976ylap38cr5g6q3m81plm611flqd3dwgnmgbkycb6jp"; + type = "gem"; + }; + version = "0.3.2"; + }; + yajl-ruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16v0w5749qjp13xhjgr2gcsvjv6mf35br7iqwycix1n2h7kfcckf"; + type = "gem"; + }; + version = "1.4.1"; + }; + zeitwerk = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "18l4r6layck0d80ydc692mv1lxak5xbf6w2paj1x7m2ggbggzxgj"; + type = "gem"; + }; + version = "2.5.1"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wpscan/update.sh b/nixpkgs/pkgs/tools/security/wpscan/update.sh new file mode 100755 index 000000000000..4e55a770fd4e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wpscan/update.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p bash bundix bundler + +set -e + +cd "$(dirname "${BASH_SOURCE[0]}")" + +rm -f Gemfile.lock Gemfile.lock +bundler lock +BUNDLE_GEMFILE=Gemfile bundler lock --lockfile=Gemfile.lock +bundix --gemfile=Gemfile --lockfile=Gemfile.lock --gemset=gemset.nix diff --git a/nixpkgs/pkgs/tools/security/xcat/default.nix b/nixpkgs/pkgs/tools/security/xcat/default.nix new file mode 100644 index 000000000000..f5fa23d19007 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/xcat/default.nix @@ -0,0 +1,50 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "xcat"; + version = "1.2.0"; + disabled = python3.pythonOlder "3.7"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "orf"; + repo = pname; + rev = "v${version}"; + sha256 = "01r5998gdvqjdrahpk0ci27lx9yghbddlanqcspr3qp5y5930i0s"; + }; + + nativeBuildInputs = with python3.pkgs; [ + poetry-core + ]; + + propagatedBuildInputs = with python3.pkgs; [ + aiodns + aiohttp + appdirs + cchardet + click + colorama + prompt-toolkit + xpath-expressions + ]; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "xcat" ]; + + meta = with lib; { + description = "XPath injection tool"; + longDescription = '' + xcat is an advanced tool for exploiting XPath injection vulnerabilities, + featuring a comprehensive set of features to read the entire file being + queried as well as other files on the filesystem, environment variables + and directories. + ''; + homepage = "https://github.com/orf/xcat"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/xorex/default.nix b/nixpkgs/pkgs/tools/security/xorex/default.nix new file mode 100644 index 000000000000..84919f548262 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/xorex/default.nix @@ -0,0 +1,38 @@ +{ lib +, python3 +, fetchFromGitHub +}: +python3.pkgs.buildPythonApplication rec { + pname = "xorex"; + version = "0.3.0"; + format = "other"; + + src = fetchFromGitHub { + owner = "Neo23x0"; + repo = "xorex"; + rev = version; + sha256 = "rBsOSXWnHRhpLmq20XBuGx8gGBM8ouMyOISkbzUcvE4="; + }; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin + chmod +x xorex.py + mv xorex.py $out/bin/xorex + + runHook postInstall + ''; + + propagatedBuildInputs = with python3.pkgs; [ + colorama + pefile + ]; + + meta = with lib; { + description = "XOR Key Extractor"; + homepage = "https://github.com/Neo23x0/xorex"; + license = licenses.asl20; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/xortool/default.nix b/nixpkgs/pkgs/tools/security/xortool/default.nix new file mode 100644 index 000000000000..1e8b6aee5d37 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/xortool/default.nix @@ -0,0 +1,35 @@ +{ lib +, buildPythonApplication +, docopt +, fetchFromGitHub +, importlib-metadata +, poetry-core +}: + +buildPythonApplication rec { + pname = "xortool"; + version = "1.0.0"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "hellman"; + repo = pname; + rev = "v${version}"; + sha256 = "19lfadi28r89bl5q8fhrxgjgs3nx3kgjd4rdg7wbvzi1cn29c5n7"; + }; + + nativeBuildInputs = [ poetry-core ]; + + propagatedBuildInputs = [ docopt importlib-metadata ]; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "xortool" ]; + + meta = with lib; { + description = "Tool to analyze multi-byte XOR cipher"; + homepage = "https://github.com/hellman/xortool"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yarGen/default.nix b/nixpkgs/pkgs/tools/security/yarGen/default.nix new file mode 100644 index 000000000000..8a2d51b8e197 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yarGen/default.nix @@ -0,0 +1,58 @@ +{ lib +, python3 +, fetchFromGitHub +, fetchpatch +}: +python3.pkgs.buildPythonApplication rec { + pname = "yarGen"; + version = "0.23.4"; + format = "other"; + + src = fetchFromGitHub { + owner = "Neo23x0"; + repo = "yarGen"; + rev = version; + sha256 = "6PJNAeeLAyUlZcIi0g57sO1Ex6atn7JhbK9kDbNrZ6A="; + }; + + patches = [ + # https://github.com/Neo23x0/yarGen/pull/33 + (fetchpatch { + name = "use-built-in-scandir.patch"; + url = "https://github.com/Neo23x0/yarGen/commit/cae14ac8efeb5536885792cae99d1d0f7fb6fde3.patch"; + sha256 = "0z6925r7n1iysld5c8li5nkm1dbxg8j7pn0626a4vic525vf8ndl"; + }) + # https://github.com/Neo23x0/yarGen/pull/34 + (fetchpatch { + name = "use-cwd-for-abspath.patch"; + url = "https://github.com/Neo23x0/yarGen/commit/441dafb702149f5728c2c6736fc08741a46deb26.patch"; + sha256 = "lNp3oC2BM7tBzN4AetvPr+xJLz6KkZxQmsldeZaxJQU="; + }) + ]; + + postPatch = '' + substituteInPlace yarGen.py \ + --replace "./3rdparty/strings.xml" "$out/share/yarGen/3rdparty/strings.xml" + ''; + + installPhase = '' + runHook preInstall + + install -Dt "$out/bin" yarGen.py + install -Dt "$out/share/yarGen/3rdparty" 3rdparty/strings.xml + + runHook postInstall + ''; + + propagatedBuildInputs = with python3.pkgs; [ + pefile + lxml + ]; + + meta = with lib; { + description = "A generator for YARA rules"; + homepage = "https://github.com/Neo23x0/yarGen"; + license = licenses.bsd3; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yara/default.nix b/nixpkgs/pkgs/tools/security/yara/default.nix new file mode 100644 index 000000000000..a0a06e2906c4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yara/default.nix @@ -0,0 +1,56 @@ +{ lib, stdenv +, fetchFromGitHub +, autoreconfHook +, pcre +, pkg-config +, protobufc +, withCrypto ? true, openssl +, enableCuckoo ? true, jansson +, enableDex ? true +, enableDotNet ? true +, enableMacho ? true +, enableMagic ? true, file +, enableStatic ? false +}: + +stdenv.mkDerivation rec { + version = "4.1.3"; + pname = "yara"; + + src = fetchFromGitHub { + owner = "VirusTotal"; + repo = "yara"; + rev = "v${version}"; + sha256 = "sha256-7t2KksI3l+wFHqUSw2L4FXepMTJfTow/cTFYA47YBqY="; + }; + + nativeBuildInputs = [ autoreconfHook pkg-config ]; + + buildInputs = [ pcre protobufc ] + ++ lib.optionals withCrypto [ openssl ] + ++ lib.optionals enableMagic [ file ] + ++ lib.optionals enableCuckoo [ jansson ] + ; + + preConfigure = "./bootstrap.sh"; + + configureFlags = [ + (lib.withFeature withCrypto "crypto") + (lib.enableFeature enableCuckoo "cuckoo") + (lib.enableFeature enableDex "dex") + (lib.enableFeature enableDotNet "dotnet") + (lib.enableFeature enableMacho "macho") + (lib.enableFeature enableMagic "magic") + (lib.enableFeature enableStatic "static") + ]; + + doCheck = enableStatic; + + meta = with lib; { + description = "The pattern matching swiss knife for malware researchers"; + homepage = "http://Virustotal.github.io/yara/"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix b/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix new file mode 100644 index 000000000000..d2496df94c72 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix @@ -0,0 +1,43 @@ +{ stdenv, lib, fetchFromGitHub, buildGoModule, libnotify, makeWrapper, pcsclite, pkg-config, darwin }: + +buildGoModule rec { + pname = "yubikey-agent"; + version = "0.1.5"; + + src = fetchFromGitHub { + owner = "FiloSottile"; + repo = pname; + rev = "v${version}"; + sha256 = "14s61jgcmpqh70jz0krrai8xg0xqhwmillxkij50vbsagpxjssk6"; + }; + + buildInputs = + lib.optional stdenv.isLinux (lib.getDev pcsclite) + ++ lib.optional stdenv.isDarwin (darwin.apple_sdk.frameworks.PCSC); + + nativeBuildInputs = [ makeWrapper pkg-config ]; + + postPatch = lib.optionalString stdenv.isLinux '' + substituteInPlace main.go --replace 'notify-send' ${libnotify}/bin/notify-send + ''; + + vendorSha256 = "1v4ccn7ysh8ax1nkf1v9fcgsdnz6zjyh6j6ivyljyfvma1lmcrmk"; + + doCheck = false; + + subPackages = [ "." ]; + + postInstall = lib.optionalString stdenv.isLinux '' + mkdir -p $out/lib/systemd/user + substitute contrib/systemd/user/yubikey-agent.service $out/lib/systemd/user/yubikey-agent.service \ + --replace 'ExecStart=yubikey-agent' "ExecStart=$out/bin/yubikey-agent" + ''; + + meta = with lib; { + description = "A seamless ssh-agent for YubiKeys"; + license = licenses.bsd3; + homepage = "https://filippo.io/yubikey-agent"; + maintainers = with lib.maintainers; [ philandstuff rawkode ]; + platforms = platforms.darwin ++ platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yubikey-touch-detector/default.nix b/nixpkgs/pkgs/tools/security/yubikey-touch-detector/default.nix new file mode 100644 index 000000000000..476ea3dbfb50 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yubikey-touch-detector/default.nix @@ -0,0 +1,26 @@ +{ lib, libnotify, buildGoModule, fetchFromGitHub, pkg-config }: + +buildGoModule rec { + pname = "yubikey-touch-detector"; + version = "1.9.3"; + + src = fetchFromGitHub { + owner = "maximbaz"; + repo = "yubikey-touch-detector"; + rev = version; + sha256 = "sha256-f6j+YNYASH0Adg3236QijApALd/yXJjNMYEdP0Pifw0="; + }; + vendorSha256 = "sha256-H05EJwYDdg4lq6+psXiwujQd5g294epdRPjqviHhLWs="; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ libnotify ]; + + meta = with lib; { + description = "A tool to detect when your YubiKey is waiting for a touch (to send notification or display a visual indicator on the screen)."; + homepage = "https://github.com/maximbaz/yubikey-touch-detector"; + maintainers = with maintainers; [ sumnerevans ]; + license = licenses.isc; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zdns/default.nix b/nixpkgs/pkgs/tools/security/zdns/default.nix new file mode 100644 index 000000000000..913735d4cb9f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zdns/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "zdns"; + version = "20210327-${lib.strings.substring 0 7 rev}"; + rev = "8c53210f0b9a4fe16c70a5d854e9413c3d0c1ba2"; + + src = fetchFromGitHub { + owner = "zmap"; + repo = pname; + inherit rev; + sha256 = "0pdfz1489ynpw72flalnlkwybp683v826icjx7ljys45xvagdvck"; + }; + + vendorSha256 = "0b8h5n01xmhar1a09svb35ah48k9zdy1mn5balq0h2l0jxr05z78"; + + subPackages = [ "zdns" ]; + + meta = with lib; { + description = "CLI DNS lookup tool"; + homepage = "https://github.com/zmap/zdns"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zgrab2/default.nix b/nixpkgs/pkgs/tools/security/zgrab2/default.nix new file mode 100644 index 000000000000..b8863a6a94e4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zgrab2/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "zgrab2"; + version = "20210327-${lib.strings.substring 0 7 rev}"; + rev = "17a5257565c758e2b817511d15476d330be0a17a"; + + src = fetchFromGitHub { + owner = "zmap"; + repo = pname; + inherit rev; + sha256 = "1hxk2jggj8lww97lwmks46i001p5ycnxnck8yya6d0fd3ayxvw2w"; + }; + + vendorSha256 = "1s0azy5b5hi5h24vs6a9f1n70l980vkid28ihqh10zq6ajmds2z3"; + + subPackages = [ "cmd/zgrab2" ]; + + meta = with lib; { + description = "Web application scanner"; + homepage = "https://github.com/zmap/zgrab2"; + license = with licenses; [ asl20 isc ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zmap/cmake-json-0.14-fix.patch b/nixpkgs/pkgs/tools/security/zmap/cmake-json-0.14-fix.patch new file mode 100644 index 000000000000..1c132948af6a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zmap/cmake-json-0.14-fix.patch @@ -0,0 +1,13 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 8bd825f..694d9b2 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -72,6 +72,8 @@ if(WITH_JSON) + endif() + + add_definitions("-DJSON") ++ # JSON_CFLAGS is a list, i.e. semicolon-separated, convert it to space-separated ++ string(REPLACE ";" " " JSON_CFLAGS "${JSON_CFLAGS}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${JSON_CFLAGS}") + endif() + diff --git a/nixpkgs/pkgs/tools/security/zmap/default.nix b/nixpkgs/pkgs/tools/security/zmap/default.nix new file mode 100644 index 000000000000..0e37b725db49 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zmap/default.nix @@ -0,0 +1,37 @@ +{ lib, stdenv, fetchFromGitHub, cmake, pkg-config, libjson, json_c, gengetopt, flex, byacc, gmp +, libpcap +}: + +stdenv.mkDerivation rec { + pname = "zmap"; + version = "2.1.1"; + + src = fetchFromGitHub { + owner = "zmap"; + repo = pname; + rev = "v${version}"; + sha256 = "0yaahaiawkjk020hvsb8pndbrk8k10wxkfba1irp12a4sj6rywcs"; + }; + + patches = [ + # fix build with json-c 0.14 https://github.com/zmap/zmap/pull/609 + ./cmake-json-0.14-fix.patch + ]; + + cmakeFlags = [ "-DRESPECT_INSTALL_PREFIX_CONFIG=ON" ]; + dontUseCmakeBuildDir = true; + + nativeBuildInputs = [ cmake pkg-config gengetopt flex byacc ]; + buildInputs = [ libjson json_c gmp libpcap ]; + + outputs = [ "out" "man" ]; + + meta = with lib; { + homepage = "https://zmap.io/"; + license = licenses.asl20; + description = "Fast single packet network scanner designed for Internet-wide network surveys"; + maintainers = with maintainers; [ ma27 ]; + platforms = platforms.unix; + broken = stdenv.isDarwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zsteg/Gemfile b/nixpkgs/pkgs/tools/security/zsteg/Gemfile new file mode 100644 index 000000000000..814e5fe8ad4e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zsteg/Gemfile @@ -0,0 +1,2 @@ +source 'https://rubygems.org' +gem 'zsteg' diff --git a/nixpkgs/pkgs/tools/security/zsteg/Gemfile.lock b/nixpkgs/pkgs/tools/security/zsteg/Gemfile.lock new file mode 100644 index 000000000000..b611fb93f5a9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zsteg/Gemfile.lock @@ -0,0 +1,19 @@ +GEM + remote: https://rubygems.org/ + specs: + iostruct (0.0.4) + rainbow (3.0.0) + zpng (0.3.1) + rainbow + zsteg (0.2.2) + iostruct + zpng (>= 0.3.1) + +PLATFORMS + ruby + +DEPENDENCIES + zsteg + +BUNDLED WITH + 2.1.4 diff --git a/nixpkgs/pkgs/tools/security/zsteg/default.nix b/nixpkgs/pkgs/tools/security/zsteg/default.nix new file mode 100644 index 000000000000..e47f285de70a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zsteg/default.nix @@ -0,0 +1,16 @@ +{ lib, bundlerApp }: + +bundlerApp { + pname = "zsteg"; + + gemdir = ./.; + + exes = [ "zsteg" ]; + + meta = with lib; { + description = "Detect stegano-hidden data in PNG & BMP."; + homepage = "http://zed.0xff.me/"; + license = licenses.mit; + maintainers = with maintainers; [ applePrincess ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zsteg/gemset.nix b/nixpkgs/pkgs/tools/security/zsteg/gemset.nix new file mode 100644 index 000000000000..4f5bd79ce44c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zsteg/gemset.nix @@ -0,0 +1,44 @@ +{ + iostruct = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0kwp6ryis32j3z7myw8g7v1yszwrwyl04g2c7flr42pwxga1afxc"; + type = "gem"; + }; + version = "0.0.4"; + }; + rainbow = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0bb2fpjspydr6x0s8pn1pqkzmxszvkfapv0p4627mywl7ky4zkhk"; + type = "gem"; + }; + version = "3.0.0"; + }; + zpng = { + dependencies = ["rainbow"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ciyab7qxqsxjhfvr6rbpdzg655fi1zygqg9sd9m6wmgc037dj74"; + type = "gem"; + }; + version = "0.3.1"; + }; + zsteg = { + dependencies = ["iostruct" "zpng"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mwajlsgs27449n2yf2f9hz8g46qv9bz9f58i9cz1jg58spvpxpk"; + type = "gem"; + }; + version = "0.2.2"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zzuf/default.nix b/nixpkgs/pkgs/tools/security/zzuf/default.nix new file mode 100644 index 000000000000..f8f7bece3a59 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zzuf/default.nix @@ -0,0 +1,25 @@ +{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, pkg-config }: + +stdenv.mkDerivation rec { + pname = "zzuf"; + version = "0.15"; + + src = fetchFromGitHub { + owner = "samhocevar"; + repo = "zzuf"; + rev = "v${version}"; + sha256 = "0li1s11xf32dafxq1jbnc8c63313hy9ry09dja2rymk9mza4x2n9"; + }; + + buildInputs = [ autoconf automake libtool pkg-config ]; + + preConfigure = "./bootstrap"; + + meta = with lib; { + description = "Transparent application input fuzzer"; + homepage = "http://caca.zoy.org/wiki/zzuf"; + license = licenses.wtfpl; + platforms = platforms.linux; + maintainers = with maintainers; [ lihop ]; + }; +} |