diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
272 files changed, 14178 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/2fa/default.nix b/nixpkgs/pkgs/tools/security/2fa/default.nix new file mode 100644 index 000000000000..68b9194015b1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/2fa/default.nix @@ -0,0 +1,23 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + version = "1.1.0"; + name = "2fa-${version}"; + + goPackagePath = "rsc.io/2fa"; + + src = fetchFromGitHub { + owner = "rsc"; + repo = "2fa"; + rev = "v${version}"; + sha256 = "0827vl2bxd6m2rbj00x7857cs7cic3mlg5nlhqzd0n73dm5vk2za"; + }; + + meta = with stdenv.lib; { + homepage = https://rsc.io/2fa; + description = "Two-factor authentication on the command line"; + platforms = platforms.all; + maintainers = with maintainers; [ rvolosatovs ]; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/acsccid/default.nix b/nixpkgs/pkgs/tools/security/acsccid/default.nix new file mode 100644 index 000000000000..246a2c5d9917 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/acsccid/default.nix @@ -0,0 +1,54 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, gettext, flex, perl, pkgconfig, pcsclite, libusb }: + +stdenv.mkDerivation rec { + version = "1.1.6"; + name = "acsccid-${version}"; + + src = fetchFromGitHub { + owner = "acshk"; + repo = "acsccid"; + rev = "26bc84c738d12701e6a7289ed578671d71cbf3cb"; + sha256 = "09k7hvcay092wkyf0hjsvimg1h4qzss1nk7m5yanlib4ldhw5g5c"; + }; + + doCheck = true; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ pcsclite libusb autoconf automake libtool gettext flex perl ]; + + postPatch = '' + sed -e s_/bin/echo_echo_g -i src/Makefile.am + patchShebangs src/convert_version.pl + patchShebangs src/create_Info_plist.pl + ''; + + preConfigure = '' + libtoolize --force + aclocal + autoheader + automake --force-missing --add-missing + autoconf + configureFlags="$configureFlags --enable-usbdropdir=$out/pcsc/drivers" + ''; + + meta = with stdenv.lib; { + description = "acsccid is a PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card readers."; + longDescription = '' + acsccid is a PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card + readers. This library provides a PC/SC IFD handler implementation and + communicates with the readers through the PC/SC Lite resource manager (pcscd). + + acsccid is based on ccid. See CCID free software driver for more + information: + https://ccid.apdu.fr/ + + It can be enabled in /etc/nixos/configuration.nix by adding: + services.pcscd.enable = true; + services.pcscd.plugins = [ pkgs.acsccid ]; + ''; + homepage = src.meta.homepage; + license = licenses.lgpl2Plus; + maintainers = with maintainers; [ roberth ]; + platforms = with platforms; unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aespipe/default.nix b/nixpkgs/pkgs/tools/security/aespipe/default.nix new file mode 100644 index 000000000000..c67c758b933d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aespipe/default.nix @@ -0,0 +1,19 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "aespipe-${version}"; + version = "2.4e"; + + src = fetchurl { + url = "mirror://sourceforge/loop-aes/aespipe/aespipe-v${version}.tar.bz2"; + sha256 = "0fmr0vk408bf13jydhdmcdhqw31yc9qk329bs9i60alccywapmds"; + }; + + meta = { + description = "AES encrypting or decrypting pipe"; + homepage = http://loop-aes.sourceforge.net/aespipe.README; + license = stdenv.lib.licenses.gpl2; + maintainers = [ stdenv.lib.maintainers.goibhniu ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/afl/README.md b/nixpkgs/pkgs/tools/security/afl/README.md new file mode 100644 index 000000000000..0b0d4e80fbca --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/README.md @@ -0,0 +1,19 @@ +Updating the QEMU patches +========================= + +When updating to the latest American Fuzzy Lop, make sure to check for +any new patches to qemu for binary fuzzing support: + +https://github.com/mirrorer/afl/tree/master/qemu_mode + +Be sure to check the build script and make sure it's also using the +right QEMU version and options in `qemu.nix`: + +https://github.com/mirrorer/afl/blob/master/qemu_mode/build_qemu_support.sh + +`afl-config.h`, `afl-types.h`, and `afl-qemu-cpu-inl.h` are part of +the afl source code, and copied from `config.h`, `types.h` and +`afl-qemu-cpu-inl.h` appropriately. These files and the QEMU patches +need to be slightly adjusted to fix their `#include`s (the patches +try to otherwise include files like `../../config.h` which causes the +build to fail). diff --git a/nixpkgs/pkgs/tools/security/afl/default.nix b/nixpkgs/pkgs/tools/security/afl/default.nix new file mode 100644 index 000000000000..2ee0c478212c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/default.nix @@ -0,0 +1,75 @@ +{ stdenv, fetchurl, callPackage, makeWrapper +, clang, llvm, which, libcgroup +}: + +let + afl-qemu = callPackage ./qemu.nix { inherit afl; }; + qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64" + else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386" + else throw "afl: no support for ${stdenv.hostPlatform.system}!"; + afl = stdenv.mkDerivation rec { + name = "afl-${version}"; + version = "2.52b"; + + src = fetchurl { + url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; + sha256 = "0ig0ij4n1pwry5dw1hk4q88801jzzy2cric6y2gd6560j55lnqa3"; + }; + enableParallelBuilding = true; + + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + nativeBuildInputs = [ makeWrapper which ]; + buildInputs = [ llvm ]; + + makeFlags = [ "PREFIX=$(out)" ]; + postBuild = '' + make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES + ''; + postInstall = '' + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # Install the cgroups wrapper for asan-based fuzzing. + cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + # Patch shebangs before wrapping + patchShebangs $out/bin + + # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it + # has totally different semantics in that case(?) - and also set a + # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out + # of $PATH. + for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do + wrapProgram $x \ + --prefix AFL_PATH : "$out/lib/afl" \ + --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' + done + ''; + + passthru.qemu = afl-qemu; + + meta = { + description = "Powerful fuzzer via genetic algorithms and instrumentation"; + longDescription = '' + American fuzzy lop is a fuzzer that employs a novel type of + compile-time instrumentation and genetic algorithms to + automatically discover clean, interesting test cases that + trigger new internal states in the targeted binary. This + substantially improves the functional coverage for the fuzzed + code. The compact synthesized corpora produced by the tool are + also useful for seeding other, more labor or resource-intensive + testing regimes down the road. + ''; + homepage = "http://lcamtuf.coredump.cx/afl/"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = with stdenv.lib.maintainers; [ thoughtpolice ris ]; + }; + }; +in afl diff --git a/nixpkgs/pkgs/tools/security/afl/libdislocator.nix b/nixpkgs/pkgs/tools/security/afl/libdislocator.nix new file mode 100644 index 000000000000..c5844702ef38 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/libdislocator.nix @@ -0,0 +1,34 @@ +{ stdenv, afl}: + +stdenv.mkDerivation rec { + version = (builtins.parseDrvName afl.name).version; + name = "libdislocator-${version}"; + + src = afl.src; + sourceRoot = "${afl.name}/libdislocator"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libdislocator-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libdislocator.so + END + chmod +x $out/bin/get-libdislocator-so + ''; + + meta = with stdenv.lib; { + homepage = "http://lcamtuf.coredump.cx/afl/"; + description = '' + Drop-in replacement for the libc allocator which improves + the odds of bumping into heap-related security bugs in + several ways. + ''; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch b/nixpkgs/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch new file mode 100644 index 000000000000..5dfbfd780f1c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index d6b9dc1..ce7c493 100644 +--- a/Makefile ++++ b/Makefile +@@ -601,7 +601,7 @@ install-localstatedir: + endif + + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir ++install: all $(if $(BUILD_DOCS),install-doc) install-datadir + ifneq ($(TOOLS),) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) + endif diff --git a/nixpkgs/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch b/nixpkgs/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch new file mode 100644 index 000000000000..6cc663dc1fb9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/qemu-patches/qemu-2.10.0-glibc-2.27.patch @@ -0,0 +1,28 @@ +A modified version of qemu commit 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 +diff --git a/configure b/configure +index 9c8aa5a..99ccc17 100755 +--- a/configure ++++ b/configure +@@ -3855,7 +3855,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include <sys/memfd.h> ++#include <sys/mman.h> + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1a..412e94a 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include <sys/memfd.h> +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include <sys/syscall.h> + #include <asm/unistd.h> diff --git a/nixpkgs/pkgs/tools/security/afl/qemu.nix b/nixpkgs/pkgs/tools/security/afl/qemu.nix new file mode 100644 index 000000000000..9e0f19361fb0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/afl/qemu.nix @@ -0,0 +1,77 @@ +{ stdenv, fetchurl, afl, python2, zlib, pkgconfig, glib, perl +, texinfo, libuuid, flex, bison, pixman, autoconf +}: + +with stdenv.lib; + +let + qemuName = "qemu-2.10.0"; + aflName = afl.name; + cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user" + else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user" + else throw "afl: no support for ${stdenv.hostPlatform.system}!"; +in +stdenv.mkDerivation rec { + name = "afl-${qemuName}"; + + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy"; + }) + afl.src + ]; + + sourceRoot = qemuName; + + postUnpack = '' + cp ${aflName}/types.h $sourceRoot/afl-types.h + substitute ${aflName}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${aflName}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \ + --replace "../../config.h" "afl-config.h" + substituteInPlace ${aflName}/qemu_mode/patches/cpu-exec.diff \ + --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h" + ''; + + nativeBuildInputs = [ + python2 perl pkgconfig flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman libuuid + ]; + + enableParallelBuilding = true; + + patches = [ + # patches extracted from afl source + "../${aflName}/qemu_mode/patches/cpu-exec.diff" + "../${aflName}/qemu_mode/patches/elfload.diff" + "../${aflName}/qemu_mode/patches/syscall.diff" + # nix-specific patches to make installation more well-behaved + ./qemu-patches/no-etc-install.patch + ./qemu-patches/qemu-2.10.0-glibc-2.27.patch + ]; + + configureFlags = + [ "--disable-system" + "--enable-linux-user" + "--disable-gtk" + "--disable-sdl" + "--disable-vnc" + "--disable-kvm" + "--target-list=${cpuTarget}" + "--enable-pie" + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + meta = with stdenv.lib; { + homepage = http://www.qemu.org/; + description = "Fork of QEMU with AFL instrumentation support"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ thoughtpolice ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aide/default.nix b/nixpkgs/pkgs/tools/security/aide/default.nix new file mode 100644 index 000000000000..1513ae58a0b6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aide/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl, flex, bison, libmhash, zlib, acl, attr, libselinux, pcre }: + +stdenv.mkDerivation rec { + name = "aide-${version}"; + version = "0.16.2"; + + src = fetchurl { + url = "https://github.com/aide/aide/releases/download/v${version}/${name}.tar.gz"; + sha256 = "15xp47sz7kk1ciffw3f5xw2jg2mb2lqrbr3q6p4bkbz5dap9iy8p"; + }; + + buildInputs = [ flex bison libmhash zlib acl attr libselinux pcre ]; + + + configureFlags = [ + "--with-posix-acl" + "--with-selinux" + "--with-xattr" + ]; + + meta = with stdenv.lib; { + homepage = http://aide.sourceforge.net/; + description = "A file and directory integrity checker"; + license = licenses.free; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/apg/apg.patch b/nixpkgs/pkgs/tools/security/apg/apg.patch new file mode 100644 index 000000000000..abc22647d52f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/apg/apg.patch @@ -0,0 +1,44 @@ +diff -rc apg-2.2.3/Makefile apg-2.2.3-new/Makefile +*** apg-2.2.3/Makefile 2003-08-07 17:40:30.000000000 +0200 +--- apg-2.2.3-new/Makefile 2013-07-24 12:25:31.159938436 +0200 +*************** +*** 113,131 **** + if test -x ./apg; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_MAN_DIR}; \ +! ./install-sh -c -m 0755 -o root -g ${FIND_GROUP} ./apg ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apg.1 ${INSTALL_PREFIX}${APG_MAN_DIR}; \ + fi + if test -x ./apgd; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APGD_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APGD_MAN_DIR}; \ +! ./install-sh -c -m 0755 -o root -g ${FIND_GROUP} ./apgd ${INSTALL_PREFIX}${APGD_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apgd.8 ${INSTALL_PREFIX}${APGD_MAN_DIR}; \ + fi + if test -x ./apgbfm; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_MAN_DIR}; \ +! ./install-sh -c -m 0755 -o root -g ${FIND_GROUP} ./apgbfm ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apgbfm.1 ${INSTALL_PREFIX}${APG_MAN_DIR}; \ + fi + +--- 113,131 ---- + if test -x ./apg; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_MAN_DIR}; \ +! ./install-sh -c -m 0755 ./apg ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apg.1 ${INSTALL_PREFIX}${APG_MAN_DIR}; \ + fi + if test -x ./apgd; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APGD_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APGD_MAN_DIR}; \ +! ./install-sh -c -m 0755 ./apgd ${INSTALL_PREFIX}${APGD_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apgd.8 ${INSTALL_PREFIX}${APGD_MAN_DIR}; \ + fi + if test -x ./apgbfm; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_MAN_DIR}; \ +! ./install-sh -c -m 0755 ./apgbfm ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apgbfm.1 ${INSTALL_PREFIX}${APG_MAN_DIR}; \ + fi + diff --git a/nixpkgs/pkgs/tools/security/apg/default.nix b/nixpkgs/pkgs/tools/security/apg/default.nix new file mode 100644 index 000000000000..db490c7822f8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/apg/default.nix @@ -0,0 +1,72 @@ +{ stdenv, fetchurl, openssl }: +stdenv.mkDerivation rec { + name = "apg-2.3.0b"; + src = fetchurl { + url = "http://www.adel.nursat.kz/apg/download/${name}.tar.gz"; + sha256 = "14lbq81xrcsmpk1b9qmqyz7n6ypf08zcxvcvp6f7ybcyf0lj1rfi"; + }; + configurePhase = '' + substituteInPlace Makefile --replace /usr/local "$out" + ''; + makeFlags = stdenv.lib.optionals stdenv.isDarwin ["CC=cc"]; + + patches = [ + ./apg.patch + ./phony-install-target.patch + ]; + + postPatch = stdenv.lib.optionalString stdenv.isDarwin '' + sed -i -e 's|APG_CLIBS += -lcrypt|APG_CLIBS += -L${openssl.out}/lib -lcrypto|' Makefile + ''; + + meta = { + description = "Tools for random password generation"; + longDescription = '' + APG (Automated Password Generator) is the tool set for random + password generation. + + Standalone version + + Generates some random words of required type and prints them + to standard output. + + Network version + + APG server: When client's request is arrived generates some + random words of predefined type and send them to client over + the network (according to RFC0972). + + APG client: Sends the password generation request to the APG + server, wait for generated Passwords arrival and then prints + them to the standard output. + + Advantages + + * Built-in ANSI X9.17 RNG (Random Number Generator) (CAST/SHA1) + * Built-in password quality checking system (it has support for + Bloom filter for faster access) + * Two Password Generation Algorithms: + 1. Pronounceable Password Generation Algorithm (according to + NIST FIPS 181) + 2. Random Character Password Generation Algorithm with 35 + configurable modes of operation + * Configurable password length parameters + * Configurable amount of generated passwords + * Ability to initialize RNG with user string + * Support for /dev/random + * Ability to crypt() generated passwords and print them as + additional output + * Special parameters to use APG in script + * Ability to log password generation requests for network version + * Ability to control APG service access using tcpd + * Ability to use password generation service from any type of box + (Mac, WinXX, etc.) that connected to network + * Ability to enforce remote users to use only allowed type of + password generation + ''; + homepage = http://www.adel.nursat.kz/apg/; + license = stdenv.lib.licenses.bsd3; + maintainers = with stdenv.lib.maintainers; [ astsmtl ]; + platforms = stdenv.lib.platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/apg/phony-install-target.patch b/nixpkgs/pkgs/tools/security/apg/phony-install-target.patch new file mode 100644 index 000000000000..9edf50b4b599 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/apg/phony-install-target.patch @@ -0,0 +1,11 @@ +diff -ur a/Makefile b/Makefile +--- a/Makefile 2003-08-08 00:40:39.000000000 +0900 ++++ b/Makefile 2018-04-05 22:29:39.284191020 +0900 +@@ -142,6 +142,7 @@ + strip ${CS_PROGNAME} + strip ${BFM_PROGNAME} + ++.PHONY: install + install: + if test -x ./apg; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_BIN_DIR}; \ diff --git a/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix b/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix new file mode 100644 index 000000000000..ca2ea67e7881 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchFromGitHub, imagemagick, qrencode +, testQR ? false, zbar ? null +}: + +assert testQR -> zbar != false; + +stdenv.mkDerivation rec { + name = "asc-key-to-qr-code-gif-${version}"; + version = "20180613"; + + src = fetchFromGitHub { + owner = "yishilin14"; + repo = "asc-key-to-qr-code-gif"; + rev = "5b7b239a0089a5269444cbe8a651c99dd43dce3f"; + sha256 = "0yrc302a2fhbzryb10718ky4fymfcps3lk67ivis1qab5kbp6z8r"; + }; + + buildInputs = [ imagemagick qrencode ] ++ stdenv.lib.optional testQR zbar; + dontBuild = true; + dontStrip = true; + dontPatchELF = true; + + preInstall = '' + substituteInPlace asc-to-gif.sh \ + --replace "convert" "${imagemagick}/bin/convert" \ + --replace "qrencode" "${qrencode.bin}/bin/qrencode" + ''; + + installPhase = '' + mkdir -p $out/bin + cp * $out/bin/ + ''; + + meta = with stdenv.lib; { + homepage = https://github.com/yishilin14/asc-key-to-qr-code-gif; + description = "Convert ASCII-armored PGP keys to animated QR code"; + platforms = platforms.linux; + maintainers = with maintainers; [ asymmetric ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix new file mode 100644 index 000000000000..44282d5f9643 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix @@ -0,0 +1,22 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "aws-iam-authenticator"; + version = "0.4.0"; + + goPackagePath = "github.com/kubernetes-sigs/aws-iam-authenticator"; + + src = fetchFromGitHub { + owner = "kubernetes-sigs"; + repo = pname; + rev = "v${version}"; + sha256 = "1ghl2vms9wmvczdl2raqhy0gffxmk24h158gjb5mlw7rggzvb7bg"; + }; + + meta = with stdenv.lib; { + homepage = "https://github.com/kubernetes-sigs/aws-iam-authenticator"; + description = "AWS IAM credentials for Kubernetes authentication"; + license = licenses.asl20; + maintainers = [ maintainers.srhb ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aws-okta/default.nix b/nixpkgs/pkgs/tools/security/aws-okta/default.nix new file mode 100644 index 000000000000..36b6a5767a1e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aws-okta/default.nix @@ -0,0 +1,33 @@ +{ buildGoPackage, fetchFromGitHub, libusb1, pkgconfig, stdenv }: + +buildGoPackage rec { + name = "aws-okta-${version}"; + version = "0.20.1"; + + goPackagePath = "github.com/segmentio/aws-okta"; + + src = fetchFromGitHub { + owner = "segmentio"; + repo = "aws-okta"; + rev = "v${version}"; + sha256 = "084lb9rp04vbpzmvsb2l92a4gp7c8g28x4xsagzwkqqpwi3fd15d"; + }; + + goDeps = ./deps.nix; + + buildFlags = "--tags release"; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libusb1 ]; + + meta = with stdenv.lib; { + inherit version; + description = "aws-vault like tool for Okta authentication"; + license = licenses.mit; + maintainers = [maintainers.imalsogreg]; + broken = stdenv.isDarwin; # test with CoreFoundation 10.11 + platforms = platforms.all; + homepage = https://github.com/segmentio/aws-okta; + downloadPage = "https://github.com/segmentio/aws-okta"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aws-okta/deps.nix b/nixpkgs/pkgs/tools/security/aws-okta/deps.nix new file mode 100644 index 000000000000..180aa69d56c5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aws-okta/deps.nix @@ -0,0 +1,29 @@ +[ + { + goPackagePath = "github.com/sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/sirupsen/logrus.git"; + rev = "a437dfd2463eaedbec3dfe443e477d3b0a810b3f"; + sha256 = "1904s2bbc7p88anzjp6fyj3jrbm5p6wbb8j4490674dq10kkcfbj"; + }; + } + { + goPackagePath = "golang.org/x/sys/unix"; + fetch = { + type = "git"; + url = "https://github.com/golang/sys.git"; + rev = "b699b7032584f0953262cb2788a0ca19bb494703"; + sha256 = "172sw1bm581qwal9pbf9qj1sgivr74nabbj8qq4q4fhgpzams9ix"; + }; + } + { + goPackagePath = "github.com/marshallbrekka/go-u2fhost"; + fetch = { + type = "git"; + url = "https://github.com/marshallbrekka/go-u2fhost"; + rev = "72b0e7a3f583583996b3b382d2dfaa81fdc4b82c"; + sha256 = "0apzmf0bjpr58ynw55agyjsl74zyg5qjk19nyyy4zhip3s9b1d0h"; + }; + } +] diff --git a/nixpkgs/pkgs/tools/security/b2sum/default.nix b/nixpkgs/pkgs/tools/security/b2sum/default.nix new file mode 100644 index 000000000000..16811d8f8897 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/b2sum/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchzip, openmp ? null }: + +with stdenv.lib; + +stdenv.mkDerivation rec { + name = "b2sum-${version}"; + version = "unstable-2018-06-11"; + + src = fetchzip { + url = "https://github.com/BLAKE2/BLAKE2/archive/320c325437539ae91091ce62efec1913cd8093c2.tar.gz"; + sha256 = "0agmc515avdpr64bsgv87wby2idm0d3wbndxzkhdfjgzhgv0rb8k"; + }; + + sourceRoot = "source/b2sum"; + + buildInputs = [ openmp ]; + + buildFlags = [ (optional (openmp == null) "NO_OPENMP=1") ]; + installFlags = [ "PREFIX=$(out)" ]; + + meta = { + description = "The b2sum utility is similar to the md5sum or shasum utilities but for BLAKE2"; + homepage = "https://blake2.net"; + license = with licenses; [ asl20 cc0 openssl ]; + maintainers = with maintainers; [ kirelagin ]; + # "This code requires at least SSE2." + platforms = with platforms; [ "x86_64-linux" "i686-linux" ] ++ darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix b/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix new file mode 100644 index 000000000000..59be6ed0ec26 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchFromGitHub, makeWrapper, openssl, coreutils, gnugrep }: + +stdenv.mkDerivation rec { + name = "bash-supergenpass-unstable-${version}"; + version = "2018-04-18"; + + nativeBuildInputs = [ makeWrapper ]; + + src = fetchFromGitHub { + owner = "lanzz"; + repo = "bash-supergenpass"; + rev = "ece772b9ec095946ac4ea985cda5561b211e56f0"; + sha256 = "1gkbrycyyl7y3klbfx7xjvvfw5df1h4fj6x1f73gglfy6nk8ffnd"; + }; + + installPhase = '' + install -m755 -D supergenpass.sh "$out/bin/supergenpass" + wrapProgram "$out/bin/supergenpass" --prefix PATH : "${stdenv.lib.makeBinPath [ openssl coreutils gnugrep ]}" + ''; + + meta = with stdenv.lib; { + description = "Bash shell-script implementation of SuperGenPass password generation"; + longDescription = '' + Bash shell-script implementation of SuperGenPass password generation + Usage: ./supergenpass.sh <domain> [ <length> ] + + Default <length> is 10, which is also the original SuperGenPass default length. + + The <domain> parameter is also optional, but it does not make much sense to omit it. + + supergenpass will ask for your master password interactively, and it will not be displayed on your terminal. + ''; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ fgaz ]; + homepage = https://github.com/lanzz/bash-supergenpass; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/bettercap/default.nix b/nixpkgs/pkgs/tools/security/bettercap/default.nix new file mode 100644 index 000000000000..c72bc6d8b9e8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bettercap/default.nix @@ -0,0 +1,31 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, pkgconfig, libpcap, libnfnetlink, libnetfilter_queue, libusb1 }: + +buildGoPackage rec { + pname = "bettercap"; + version = "2.24"; + + goPackagePath = "github.com/bettercap/bettercap"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + sha256 = "1f8bzxbcyf0bpyqj6hz4l8dp5xknnb537xy9y5skcznp03i44h55"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libpcap libnfnetlink libnetfilter_queue libusb1 ]; + + goDeps = ./deps.nix; + + meta = with stdenv.lib; { + description = "A man in the middle tool"; + longDescription = '' + BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more. + '' ; + homepage = https://www.bettercap.org/; + license = with licenses; gpl3; + maintainers = with maintainers; [ y0no ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bettercap/deps.nix b/nixpkgs/pkgs/tools/security/bettercap/deps.nix new file mode 100644 index 000000000000..ef09a821317e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bettercap/deps.nix @@ -0,0 +1,336 @@ +# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix) +[ + { + goPackagePath = "github.com/adrianmo/go-nmea"; + fetch = { + type = "git"; + url = "https://github.com/adrianmo/go-nmea"; + rev = "a32116e4989e2b0e17c057ee378b4d5246add74e"; + sha256 = "167iwpwdwfbyghqfrzdfvfpvsmj92x7qqy6sx6yngdw21wd0m44f"; + }; + } + { + goPackagePath = "github.com/antchfx/jsonquery"; + fetch = { + type = "git"; + url = "https://github.com/antchfx/jsonquery"; + rev = "a2896be8c82bb2229d1cf26204863180e34b2b31"; + sha256 = "0mh6v21i3v3sxqjln7vph6wx3sm79p99010in9am1wh7k30rrjl5"; + }; + } + { + goPackagePath = "github.com/antchfx/xpath"; + fetch = { + type = "git"; + url = "https://github.com/antchfx/xpath"; + rev = "ce1d48779e67a1ddfb380995fe532b2e0015919c"; + sha256 = "0brd75mhd5ix7rz1ijhbggyp53v6g8kz9bc2n7g6zwavzxarfj5p"; + }; + } + { + goPackagePath = "github.com/bettercap/gatt"; + fetch = { + type = "git"; + url = "https://github.com/bettercap/gatt"; + rev = "fac16c0ad797bbccae1fe4acf49761b98f7516e7"; + sha256 = "08pyg4caw7lzb230l3k4rwgvn68zz6kmrlsdapaf3wa216pphyd9"; + }; + } + { + goPackagePath = "github.com/bettercap/nrf24"; + fetch = { + type = "git"; + url = "https://github.com/bettercap/nrf24"; + rev = "aa37e6d0e0eb125cee9ec71ed694db2ad58b509a"; + sha256 = "1y6ffcj94hk7slajqw3lqpdxzx6iqpj2i2zpsvggg6kfaa1iklnj"; + }; + } + { + goPackagePath = "github.com/bettercap/readline"; + fetch = { + type = "git"; + url = "https://github.com/bettercap/readline"; + rev = "62c6fe6193755f722b8b8788aa7357be55a50ff1"; + sha256 = "1qd2qhjps26x4pin2614w732giy89p22b2qww4wg15zz5g2365nk"; + }; + } + { + goPackagePath = "github.com/bettercap/recording"; + fetch = { + type = "git"; + url = "https://github.com/bettercap/recording"; + rev = "3ce1dcf032e391eb321311b34cdf31c6fc9523f5"; + sha256 = "1arh12iz15anyrqr4q496lpd0gx5nf2cwyr5rv17rawqqz8ydg23"; + }; + } + { + goPackagePath = "github.com/chifflier/nfqueue-go"; + fetch = { + type = "git"; + url = "https://github.com/chifflier/nfqueue-go"; + rev = "61ca646babef3bd4dea1deb610bfb0005c0a1298"; + sha256 = "1i1q2xl86f3s9x3j2ffxprwqhcrkh4w23hh4ib7jksxvaq36v33l"; + }; + } + { + goPackagePath = "github.com/dustin/go-humanize"; + fetch = { + type = "git"; + url = "https://github.com/dustin/go-humanize"; + rev = "9f541cc9db5d55bce703bd99987c9d5cb8eea45e"; + sha256 = "1kqf1kavdyvjk7f8kx62pnm7fbypn9z1vbf8v2qdh3y7z7a0cbl3"; + }; + } + { + goPackagePath = "github.com/elazarl/goproxy"; + fetch = { + type = "git"; + url = "https://github.com/elazarl/goproxy"; + rev = "9d40249d3c2f14d1a9d75e070a738362adeb5a83"; + sha256 = "0hpzna9dvs2ff0bj8baz3sc5gg49vqmb0cbi6p061lmwl09cd00i"; + }; + } + { + goPackagePath = "github.com/evilsocket/islazy"; + fetch = { + type = "git"; + url = "https://github.com/evilsocket/islazy"; + rev = "c5c7a41bb1c20e6df409825ed24af8de5fb7fb70"; + sha256 = "1ayc4di6584yajybh724mcmng069q38j1dpljgi8fhsyhb4sila3"; + }; + } + { + goPackagePath = "github.com/gobwas/glob"; + fetch = { + type = "git"; + url = "https://github.com/gobwas/glob"; + rev = "e7a84e9525fe90abcda167b604e483cc959ad4aa"; + sha256 = "1v6vjklq06wqddv46ihajahaj1slv0imgaivlxr8bsx59i90js5q"; + }; + } + { + goPackagePath = "github.com/google/go-github"; + fetch = { + type = "git"; + url = "https://github.com/google/go-github"; + rev = "e48060a28fac52d0f1cb758bc8b87c07bac4a87d"; + sha256 = "0a15gsqpshcipd4vmm0dzxgi99pfk0c5b60n3czfw2px864mg7x9"; + }; + } + { + goPackagePath = "github.com/google/go-querystring"; + fetch = { + type = "git"; + url = "https://github.com/google/go-querystring"; + rev = "44c6ddd0a2342c386950e880b658017258da92fc"; + sha256 = "0xl12bqyvmn4xcnf8p9ksj9rmnr7s40pvppsdmy8n9bzw1db0iwz"; + }; + } + { + goPackagePath = "github.com/google/gopacket"; + fetch = { + type = "git"; + url = "https://github.com/google/gopacket"; + rev = "v1.1.16"; + sha256 = "1vnjgjz52l1bzrhx70qpvmwandf8v13zhiaj3rdljsphdp5cgadi"; + }; + } + { + goPackagePath = "github.com/google/gousb"; + fetch = { + type = "git"; + url = "https://github.com/google/gousb"; + rev = "64d82086770b8b671e1e7f162372dd37f1f5efba"; + sha256 = "1kjgg8cdp8wz9rck4nh48pcia741p7a8w2nikhzxsscn0ld33109"; + }; + } + { + goPackagePath = "github.com/gorilla/mux"; + fetch = { + type = "git"; + url = "https://github.com/gorilla/mux"; + rev = "c5c6c98bc25355028a63748a498942a6398ccd22"; + sha256 = "0im4da3hqxb6zr8g3m640qz234f5gs0a8hqhcz35mkvfqlv48f62"; + }; + } + { + goPackagePath = "github.com/gorilla/websocket"; + fetch = { + type = "git"; + url = "https://github.com/gorilla/websocket"; + rev = "66b9c49e59c6c48f0ffce28c2d8b8a5678502c6d"; + sha256 = "00i4vb31nsfkzzk7swvx3i75r2d960js3dri1875vypk3v2s0pzk"; + }; + } + { + goPackagePath = "github.com/hashicorp/mdns"; + fetch = { + type = "git"; + url = "https://github.com/hashicorp/mdns"; + rev = "06dd1a31b32c42d4d6c2cf8dbce70597d1118f54"; + sha256 = "185zpyj1jf1jm7hihg73gqnspr0a359aqwv11v4a6mwd5bkdh19j"; + }; + } + { + goPackagePath = "github.com/inconshreveable/go-vhost"; + fetch = { + type = "git"; + url = "https://github.com/inconshreveable/go-vhost"; + rev = "06d84117953b22058c096b49a429ebd4f3d3d97b"; + sha256 = "0wliilsybm7xf5h685a23rsm8bnlhkr332pkdkhf32q16sr1a9rk"; + }; + } + { + goPackagePath = "github.com/jpillora/go-tld"; + fetch = { + type = "git"; + url = "https://github.com/jpillora/go-tld"; + rev = "f16ca3b7b383d3f0373109cac19147de3e8ae2d1"; + sha256 = "19v8bj14w0lcvysaw84klf5dg6ka351ixz9r6cd9mksdd80nvzcq"; + }; + } + { + goPackagePath = "github.com/kr/binarydist"; + fetch = { + type = "git"; + url = "https://github.com/kr/binarydist"; + rev = "88f551ae580780cc79d12ab4c218ba1ca346b83a"; + sha256 = "0hz1yqlxmkdib8xsdkkvn4ian4i69jmfapadim9fhj632d6jpi7w"; + }; + } + { + goPackagePath = "github.com/malfunkt/iprange"; + fetch = { + type = "git"; + url = "https://github.com/malfunkt/iprange"; + rev = "3a31f5ed42d2d8a1fc46f1be91fd693bdef2dd52"; + sha256 = "0gv5w678r74jval675xp0y1hzpf7mm5m9apa1rz9krxc9zd0ycr8"; + }; + } + { + goPackagePath = "github.com/mattn/go-colorable"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-colorable"; + rev = "3a70a971f94a22f2fa562ffcc7a0eb45f5daf045"; + sha256 = "0l640974j804c1yyjfgyxqlsivz0yrzmbql4mhcw2azryigkp08p"; + }; + } + { + goPackagePath = "github.com/mattn/go-isatty"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-isatty"; + rev = "c2a7a6ca930a4cd0bc33a3f298eb71960732a3a7"; + sha256 = "1i77aq4gf9as03m8fpfh8fq49n4z9j7548blrcsidm1xhslzk5xd"; + }; + } + { + goPackagePath = "github.com/mdlayher/dhcp6"; + fetch = { + type = "git"; + url = "https://github.com/mdlayher/dhcp6"; + rev = "2a67805d7d0b0bad6c1103058981afdea583b459"; + sha256 = "0xn7canpik3lrz73dcz4jzapq1bfxpnashvjvnvshcpa2n1lh8yw"; + }; + } + { + goPackagePath = "github.com/mdlayher/raw"; + fetch = { + type = "git"; + url = "https://github.com/mdlayher/raw"; + rev = "480b93709cce56651807d3fdeb260a5a7c4e2d5f"; + sha256 = "0a0zlznk67nhpmgp21hxsbhyl5lvlkmwy5xvm3d3q0yaq0rqnh2x"; + }; + } + { + goPackagePath = "github.com/mgutz/ansi"; + fetch = { + type = "git"; + url = "https://github.com/mgutz/ansi"; + rev = "9520e82c474b0a04dd04f8a40959027271bab992"; + sha256 = "00bz22314j26736w1f0q4jy9d9dfaml17vn890n5zqy3cmvmww1j"; + }; + } + { + goPackagePath = "github.com/mgutz/logxi"; + fetch = { + type = "git"; + url = "https://github.com/mgutz/logxi"; + rev = "aebf8a7d67ab4625e0fd4a665766fef9a709161b"; + sha256 = "1f8sqibkzz9wfplvvblz9s0xvvmhkd2af8ghcsmjw8818gcrzsqx"; + }; + } + { + goPackagePath = "github.com/miekg/dns"; + fetch = { + type = "git"; + url = "https://github.com/miekg/dns"; + rev = "8aa92d4e02c501ba21e26fb92cf2fb9f23f56917"; + sha256 = "1niymj11xv82ghif3p7i60bgj0lqskwm7fmrzfjchd8wxwbk4bbi"; + }; + } + { + goPackagePath = "github.com/pkg/errors"; + fetch = { + type = "git"; + url = "https://github.com/pkg/errors"; + rev = "ba968bfe8b2f7e042a574c888954fccecfa385b4"; + sha256 = "0g5qcb4d4fd96midz0zdk8b9kz8xkzwfa8kr1cliqbg8sxsy5vd1"; + }; + } + { + goPackagePath = "github.com/robertkrimen/otto"; + fetch = { + type = "git"; + url = "https://github.com/robertkrimen/otto"; + rev = "15f95af6e78dcd2030d8195a138bd88d4f403546"; + sha256 = "07j7l340lmqwpfscwyb8llk3k37flvs20a4a8vzc85f16xyd9npf"; + }; + } + { + goPackagePath = "github.com/tarm/serial"; + fetch = { + type = "git"; + url = "https://github.com/tarm/serial"; + rev = "98f6abe2eb07edd42f6dfa2a934aea469acc29b7"; + sha256 = "1yj4jiv2f3x3iawxdflrlmdan0k9xsbnccgc9yz658rmif1ag3pb"; + }; + } + { + goPackagePath = "golang.org/x/crypto"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/crypto"; + rev = "a29dc8fdc73485234dbef99ebedb95d2eced08de"; + sha256 = "07f0jj4haqs0ywc1akk1qjwn5msl2j0pry1rxjkkbfcq4r6ihc1p"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "9ce7a6920f093fc0b908c4a5f66ae049110f417e"; + sha256 = "1kbs85jsqbv4v89ii2zam4b8dhmllhsrf46njmi09x0w6s0b9cbk"; + }; + } + { + goPackagePath = "golang.org/x/sys"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/sys"; + rev = "d89cdac9e8725f2aefce25fcbfef41134c9ad412"; + sha256 = "0iazr13ir6i267nb2w81lc3pr740wdjs86nsliwpf90kkgzn853f"; + }; + } + { + goPackagePath = "gopkg.in/sourcemap.v1"; + fetch = { + type = "git"; + url = "https://github.com/go-sourcemap/sourcemap"; + rev = "6e83acea0053641eff084973fee085f0c193c61a"; + sha256 = "08rf2dl13hbnm3fq2cm0nnsspy9fhf922ln23cz5463cv7h62as4"; + }; + } +] \ No newline at end of file diff --git a/nixpkgs/pkgs/tools/security/bitwarden-cli/default.nix b/nixpkgs/pkgs/tools/security/bitwarden-cli/default.nix new file mode 100644 index 000000000000..5c60eb9f4e2f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bitwarden-cli/default.nix @@ -0,0 +1,18 @@ +{ stdenv, pkgs }: + +let + # node-packages*.nix generated via: + # + # % node2nix --input node-packages.json \ + # --output node-packages-generated.nix \ + # --composition node-packages.nix \ + # --node-env ./../../../development/node-packages/node-env.nix + # + nodePackages = import ./node-packages.nix { + inherit pkgs; + inherit (stdenv.hostPlatform) system; + }; +in pkgs.lib.overrideDerivation nodePackages."@bitwarden/cli" (drv: { + # This defaults to "node-_at_bitwarden_slash_cli-1.7.0" + name = "bitwarden-cli-${drv.version}"; +}) diff --git a/nixpkgs/pkgs/tools/security/bitwarden-cli/generate.sh b/nixpkgs/pkgs/tools/security/bitwarden-cli/generate.sh new file mode 100755 index 000000000000..5bcee4c0513a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bitwarden-cli/generate.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nodePackages.node2nix + +exec node2nix -8 \ + --input node-packages.json \ + --output node-packages-generated.nix \ + --composition node-packages.nix \ + --node-env ./../../../development/node-packages/node-env.nix diff --git a/nixpkgs/pkgs/tools/security/bitwarden-cli/node-packages-generated.nix b/nixpkgs/pkgs/tools/security/bitwarden-cli/node-packages-generated.nix new file mode 100644 index 000000000000..e258571a6207 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bitwarden-cli/node-packages-generated.nix @@ -0,0 +1,1406 @@ +# This file has been generated by node2nix 1.6.0. Do not edit! + +{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}: + +let + sources = { + "abab-2.0.0" = { + name = "abab"; + packageName = "abab"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/abab/-/abab-2.0.0.tgz"; + sha512 = "sY5AXXVZv4Y1VACTtR11UJCPHHudgY5i26Qj5TypE6DKlIApbwb5uqhXcJ5UUGbvZNRh7EeIoW+LrJumBsKp7w=="; + }; + }; + "acorn-6.1.1" = { + name = "acorn"; + packageName = "acorn"; + version = "6.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/acorn/-/acorn-6.1.1.tgz"; + sha512 = "jPTiwtOxaHNaAPg/dmrJ/beuzLRnXtB0kQPQ8JpotKJgTB6rX6c8mlf315941pyjBSaPg8NHXS9fhP4u17DpGA=="; + }; + }; + "acorn-globals-4.3.0" = { + name = "acorn-globals"; + packageName = "acorn-globals"; + version = "4.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/acorn-globals/-/acorn-globals-4.3.0.tgz"; + sha512 = "hMtHj3s5RnuhvHPowpBYvJVj3rAar82JiDQHvGs1zO0l10ocX/xEdBShNHTJaboucJUsScghp74pH3s7EnHHQw=="; + }; + }; + "acorn-walk-6.1.1" = { + name = "acorn-walk"; + packageName = "acorn-walk"; + version = "6.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/acorn-walk/-/acorn-walk-6.1.1.tgz"; + sha512 = "OtUw6JUTgxA2QoqqmrmQ7F2NYqiBPi/L2jqHyFtllhOUvXYQXf0Z1CYUinIfyT4bTCGmrA7gX9FvHA81uzCoVw=="; + }; + }; + "ajv-6.10.0" = { + name = "ajv"; + packageName = "ajv"; + version = "6.10.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ajv/-/ajv-6.10.0.tgz"; + sha512 = "nffhOpkymDECQyR0mnsUtoCE8RlX38G0rYP+wgLWFyZuUyuuojSSvi/+euOiQBIn63whYwYVIIH1TvE3tu4OEg=="; + }; + }; + "ansi-escapes-3.2.0" = { + name = "ansi-escapes"; + packageName = "ansi-escapes"; + version = "3.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-3.2.0.tgz"; + sha512 = "cBhpre4ma+U0T1oM5fXg7Dy1Jw7zzwv7lt/GoCpr+hDQJoYnKVPLL4dCvSEFMmQurOQvSrwT7SL/DAlhBI97RQ=="; + }; + }; + "ansi-regex-3.0.0" = { + name = "ansi-regex"; + packageName = "ansi-regex"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz"; + sha1 = "ed0317c322064f79466c02966bddb605ab37d998"; + }; + }; + "ansi-styles-3.2.1" = { + name = "ansi-styles"; + packageName = "ansi-styles"; + version = "3.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz"; + sha512 = "VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA=="; + }; + }; + "array-equal-1.0.0" = { + name = "array-equal"; + packageName = "array-equal"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/array-equal/-/array-equal-1.0.0.tgz"; + sha1 = "8c2a5ef2472fd9ea742b04c77a75093ba2757c93"; + }; + }; + "asn1-0.2.4" = { + name = "asn1"; + packageName = "asn1"; + version = "0.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz"; + sha512 = "jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg=="; + }; + }; + "assert-plus-1.0.0" = { + name = "assert-plus"; + packageName = "assert-plus"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"; + sha1 = "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"; + }; + }; + "async-limiter-1.0.0" = { + name = "async-limiter"; + packageName = "async-limiter"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.0.tgz"; + sha512 = "jp/uFnooOiO+L211eZOoSyzpOITMXx1rBITauYykG3BRYPu8h0UcxsPNB04RR5vo4Tyz3+ay17tR6JVf9qzYWg=="; + }; + }; + "asynckit-0.4.0" = { + name = "asynckit"; + packageName = "asynckit"; + version = "0.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz"; + sha1 = "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"; + }; + }; + "aws-sign2-0.7.0" = { + name = "aws-sign2"; + packageName = "aws-sign2"; + version = "0.7.0"; + src = fetchurl { + url = "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz"; + sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"; + }; + }; + "aws4-1.8.0" = { + name = "aws4"; + packageName = "aws4"; + version = "1.8.0"; + src = fetchurl { + url = "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz"; + sha512 = "ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ=="; + }; + }; + "bcrypt-pbkdf-1.0.2" = { + name = "bcrypt-pbkdf"; + packageName = "bcrypt-pbkdf"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz"; + sha1 = "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"; + }; + }; + "big-integer-1.6.36" = { + name = "big-integer"; + packageName = "big-integer"; + version = "1.6.36"; + src = fetchurl { + url = "https://registry.npmjs.org/big-integer/-/big-integer-1.6.36.tgz"; + sha512 = "t70bfa7HYEA1D9idDbmuv7YbsbVkQ+Hp+8KFSul4aE5e/i1bjCNIRYJZlA8Q8p0r9T8cF/RVvwUgRA//FydEyg=="; + }; + }; + "browser-process-hrtime-0.1.3" = { + name = "browser-process-hrtime"; + packageName = "browser-process-hrtime"; + version = "0.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/browser-process-hrtime/-/browser-process-hrtime-0.1.3.tgz"; + sha512 = "bRFnI4NnjO6cnyLmOV/7PVoDEMJChlcfN0z4s1YMBY989/SvlfMI1lgCnkFUs53e9gQF+w7qu7XdllSTiSl8Aw=="; + }; + }; + "caseless-0.12.0" = { + name = "caseless"; + packageName = "caseless"; + version = "0.12.0"; + src = fetchurl { + url = "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz"; + sha1 = "1b681c21ff84033c826543090689420d187151dc"; + }; + }; + "chalk-2.4.1" = { + name = "chalk"; + packageName = "chalk"; + version = "2.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/chalk/-/chalk-2.4.1.tgz"; + sha512 = "ObN6h1v2fTJSmUXoS3nMQ92LbDK9be4TV+6G+omQlGJFdcUX5heKi1LZ1YnRMIgwTLEj3E24bT6tYni50rlCfQ=="; + }; + }; + "chardet-0.7.0" = { + name = "chardet"; + packageName = "chardet"; + version = "0.7.0"; + src = fetchurl { + url = "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz"; + sha512 = "mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA=="; + }; + }; + "cli-cursor-2.1.0" = { + name = "cli-cursor"; + packageName = "cli-cursor"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/cli-cursor/-/cli-cursor-2.1.0.tgz"; + sha1 = "b35dac376479facc3e94747d41d0d0f5238ffcb5"; + }; + }; + "cli-width-2.2.0" = { + name = "cli-width"; + packageName = "cli-width"; + version = "2.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/cli-width/-/cli-width-2.2.0.tgz"; + sha1 = "ff19ede8a9a5e579324147b0c11f0fbcbabed639"; + }; + }; + "color-convert-1.9.3" = { + name = "color-convert"; + packageName = "color-convert"; + version = "1.9.3"; + src = fetchurl { + url = "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz"; + sha512 = "QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg=="; + }; + }; + "color-name-1.1.3" = { + name = "color-name"; + packageName = "color-name"; + version = "1.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz"; + sha1 = "a7d0558bd89c42f795dd42328f740831ca53bc25"; + }; + }; + "combined-stream-1.0.6" = { + name = "combined-stream"; + packageName = "combined-stream"; + version = "1.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz"; + sha1 = "723e7df6e801ac5613113a7e445a9b69cb632818"; + }; + }; + "commander-2.18.0" = { + name = "commander"; + packageName = "commander"; + version = "2.18.0"; + src = fetchurl { + url = "https://registry.npmjs.org/commander/-/commander-2.18.0.tgz"; + sha512 = "6CYPa+JP2ftfRU2qkDK+UTVeQYosOg/2GbcjIcKPHfinyOLPVGXu/ovN86RP49Re5ndJK1N0kuiidFFuepc4ZQ=="; + }; + }; + "core-util-is-1.0.2" = { + name = "core-util-is"; + packageName = "core-util-is"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz"; + sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7"; + }; + }; + "cssom-0.3.6" = { + name = "cssom"; + packageName = "cssom"; + version = "0.3.6"; + src = fetchurl { + url = "https://registry.npmjs.org/cssom/-/cssom-0.3.6.tgz"; + sha512 = "DtUeseGk9/GBW0hl0vVPpU22iHL6YB5BUX7ml1hB+GMpo0NX5G4voX3kdWiMSEguFtcW3Vh3djqNF4aIe6ne0A=="; + }; + }; + "cssstyle-1.2.2" = { + name = "cssstyle"; + packageName = "cssstyle"; + version = "1.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/cssstyle/-/cssstyle-1.2.2.tgz"; + sha512 = "43wY3kl1CVQSvL7wUY1qXkxVGkStjpkDmVjiIKX8R97uhajy8Bybay78uOtqvh7Q5GK75dNPfW0geWjE6qQQow=="; + }; + }; + "dashdash-1.14.1" = { + name = "dashdash"; + packageName = "dashdash"; + version = "1.14.1"; + src = fetchurl { + url = "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz"; + sha1 = "853cfa0f7cbe2fed5de20326b8dd581035f6e2f0"; + }; + }; + "data-urls-1.1.0" = { + name = "data-urls"; + packageName = "data-urls"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/data-urls/-/data-urls-1.1.0.tgz"; + sha512 = "YTWYI9se1P55u58gL5GkQHW4P6VJBJ5iBT+B5a7i2Tjadhv52paJG0qHX4A0OR6/t52odI64KP2YvFpkDOi3eQ=="; + }; + }; + "deep-is-0.1.3" = { + name = "deep-is"; + packageName = "deep-is"; + version = "0.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz"; + sha1 = "b369d6fb5dbc13eecf524f91b070feedc357cf34"; + }; + }; + "delayed-stream-1.0.0" = { + name = "delayed-stream"; + packageName = "delayed-stream"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz"; + sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619"; + }; + }; + "domexception-1.0.1" = { + name = "domexception"; + packageName = "domexception"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/domexception/-/domexception-1.0.1.tgz"; + sha512 = "raigMkn7CJNNo6Ihro1fzG7wr3fHuYVytzquZKX5n0yizGsTcYgzdIUwj1X9pK0VvjeihV+XiclP+DjwbsSKug=="; + }; + }; + "ecc-jsbn-0.1.2" = { + name = "ecc-jsbn"; + packageName = "ecc-jsbn"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz"; + sha1 = "3a83a904e54353287874c564b7549386849a98c9"; + }; + }; + "escape-string-regexp-1.0.5" = { + name = "escape-string-regexp"; + packageName = "escape-string-regexp"; + version = "1.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz"; + sha1 = "1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"; + }; + }; + "escodegen-1.11.1" = { + name = "escodegen"; + packageName = "escodegen"; + version = "1.11.1"; + src = fetchurl { + url = "https://registry.npmjs.org/escodegen/-/escodegen-1.11.1.tgz"; + sha512 = "JwiqFD9KdGVVpeuRa68yU3zZnBEOcPs0nKW7wZzXky8Z7tffdYUHbe11bPCV5jYlK6DVdKLWLm0f5I/QlL0Kmw=="; + }; + }; + "esprima-3.1.3" = { + name = "esprima"; + packageName = "esprima"; + version = "3.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/esprima/-/esprima-3.1.3.tgz"; + sha1 = "fdca51cee6133895e3c88d535ce49dbff62a4633"; + }; + }; + "estraverse-4.2.0" = { + name = "estraverse"; + packageName = "estraverse"; + version = "4.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/estraverse/-/estraverse-4.2.0.tgz"; + sha1 = "0dee3fed31fcd469618ce7342099fc1afa0bdb13"; + }; + }; + "esutils-2.0.2" = { + name = "esutils"; + packageName = "esutils"; + version = "2.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz"; + sha1 = "0abf4f1caa5bcb1f7a9d8acc6dea4faaa04bac9b"; + }; + }; + "extend-3.0.2" = { + name = "extend"; + packageName = "extend"; + version = "3.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz"; + sha512 = "fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="; + }; + }; + "external-editor-3.0.3" = { + name = "external-editor"; + packageName = "external-editor"; + version = "3.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/external-editor/-/external-editor-3.0.3.tgz"; + sha512 = "bn71H9+qWoOQKyZDo25mOMVpSmXROAsTJVVVYzrrtol3d4y+AsKjf4Iwl2Q+IuT0kFSQ1qo166UuIwqYq7mGnA=="; + }; + }; + "extsprintf-1.3.0" = { + name = "extsprintf"; + packageName = "extsprintf"; + version = "1.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz"; + sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05"; + }; + }; + "fast-deep-equal-2.0.1" = { + name = "fast-deep-equal"; + packageName = "fast-deep-equal"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz"; + sha1 = "7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49"; + }; + }; + "fast-json-stable-stringify-2.0.0" = { + name = "fast-json-stable-stringify"; + packageName = "fast-json-stable-stringify"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz"; + sha1 = "d5142c0caee6b1189f87d3a76111064f86c8bbf2"; + }; + }; + "fast-levenshtein-2.0.6" = { + name = "fast-levenshtein"; + packageName = "fast-levenshtein"; + version = "2.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz"; + sha1 = "3d8a5c66883a16a30ca8643e851f19baa7797917"; + }; + }; + "figures-2.0.0" = { + name = "figures"; + packageName = "figures"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/figures/-/figures-2.0.0.tgz"; + sha1 = "3ab1a2d2a62c8bfb431a0c94cb797a2fce27c962"; + }; + }; + "forever-agent-0.6.1" = { + name = "forever-agent"; + packageName = "forever-agent"; + version = "0.6.1"; + src = fetchurl { + url = "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz"; + sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"; + }; + }; + "form-data-2.3.2" = { + name = "form-data"; + packageName = "form-data"; + version = "2.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz"; + sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099"; + }; + }; + "getpass-0.1.7" = { + name = "getpass"; + packageName = "getpass"; + version = "0.1.7"; + src = fetchurl { + url = "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz"; + sha1 = "5eff8e3e684d569ae4cb2b1282604e8ba62149fa"; + }; + }; + "graceful-fs-4.1.15" = { + name = "graceful-fs"; + packageName = "graceful-fs"; + version = "4.1.15"; + src = fetchurl { + url = "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.15.tgz"; + sha512 = "6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA=="; + }; + }; + "har-schema-2.0.0" = { + name = "har-schema"; + packageName = "har-schema"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz"; + sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92"; + }; + }; + "har-validator-5.1.3" = { + name = "har-validator"; + packageName = "har-validator"; + version = "5.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz"; + sha512 = "sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g=="; + }; + }; + "has-flag-3.0.0" = { + name = "has-flag"; + packageName = "has-flag"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz"; + sha1 = "b5d454dc2199ae225699f3467e5a07f3b955bafd"; + }; + }; + "html-encoding-sniffer-1.0.2" = { + name = "html-encoding-sniffer"; + packageName = "html-encoding-sniffer"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-1.0.2.tgz"; + sha512 = "71lZziiDnsuabfdYiUeWdCVyKuqwWi23L8YeIgV9jSSZHCtb6wB1BKWooH7L3tn4/FuZJMVWyNaIDr4RGmaSYw=="; + }; + }; + "http-signature-1.2.0" = { + name = "http-signature"; + packageName = "http-signature"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz"; + sha1 = "9aecd925114772f3d95b65a60abb8f7c18fbace1"; + }; + }; + "iconv-lite-0.4.24" = { + name = "iconv-lite"; + packageName = "iconv-lite"; + version = "0.4.24"; + src = fetchurl { + url = "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz"; + sha512 = "v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA=="; + }; + }; + "inquirer-6.2.0" = { + name = "inquirer"; + packageName = "inquirer"; + version = "6.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/inquirer/-/inquirer-6.2.0.tgz"; + sha512 = "QIEQG4YyQ2UYZGDC4srMZ7BjHOmNk1lR2JQj5UknBapklm6WHA+VVH7N+sUdX3A7NeCfGF8o4X1S3Ao7nAcIeg=="; + }; + }; + "is-fullwidth-code-point-2.0.0" = { + name = "is-fullwidth-code-point"; + packageName = "is-fullwidth-code-point"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz"; + sha1 = "a3b30a5c4f199183167aaab93beefae3ddfb654f"; + }; + }; + "is-promise-2.1.0" = { + name = "is-promise"; + packageName = "is-promise"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-promise/-/is-promise-2.1.0.tgz"; + sha1 = "79a2a9ece7f096e80f36d2b2f3bc16c1ff4bf3fa"; + }; + }; + "is-typedarray-1.0.0" = { + name = "is-typedarray"; + packageName = "is-typedarray"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz"; + sha1 = "e479c80858df0c1b11ddda6940f96011fcda4a9a"; + }; + }; + "isstream-0.1.2" = { + name = "isstream"; + packageName = "isstream"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz"; + sha1 = "47e63f7af55afa6f92e1500e690eb8b8529c099a"; + }; + }; + "jsbn-0.1.1" = { + name = "jsbn"; + packageName = "jsbn"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz"; + sha1 = "a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"; + }; + }; + "jsdom-13.2.0" = { + name = "jsdom"; + packageName = "jsdom"; + version = "13.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/jsdom/-/jsdom-13.2.0.tgz"; + sha512 = "cG1NtMWO9hWpqRNRR3dSvEQa8bFI6iLlqU2x4kwX51FQjp0qus8T9aBaAO6iGp3DeBrhdwuKxckknohkmfvsFw=="; + }; + }; + "json-schema-0.2.3" = { + name = "json-schema"; + packageName = "json-schema"; + version = "0.2.3"; + src = fetchurl { + url = "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz"; + sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13"; + }; + }; + "json-schema-traverse-0.4.1" = { + name = "json-schema-traverse"; + packageName = "json-schema-traverse"; + version = "0.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz"; + sha512 = "xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="; + }; + }; + "json-stringify-safe-5.0.1" = { + name = "json-stringify-safe"; + packageName = "json-stringify-safe"; + version = "5.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz"; + sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"; + }; + }; + "jsprim-1.4.1" = { + name = "jsprim"; + packageName = "jsprim"; + version = "1.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz"; + sha1 = "313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"; + }; + }; + "levn-0.3.0" = { + name = "levn"; + packageName = "levn"; + version = "0.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz"; + sha1 = "3b09924edf9f083c0490fdd4c0bc4421e04764ee"; + }; + }; + "lodash-4.17.11" = { + name = "lodash"; + packageName = "lodash"; + version = "4.17.11"; + src = fetchurl { + url = "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz"; + sha512 = "cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg=="; + }; + }; + "lodash.sortby-4.7.0" = { + name = "lodash.sortby"; + packageName = "lodash.sortby"; + version = "4.7.0"; + src = fetchurl { + url = "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz"; + sha1 = "edd14c824e2cc9c1e0b0a1b42bb5210516a42438"; + }; + }; + "lowdb-1.0.0" = { + name = "lowdb"; + packageName = "lowdb"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/lowdb/-/lowdb-1.0.0.tgz"; + sha512 = "2+x8esE/Wb9SQ1F9IHaYWfsC9FIecLOPrK4g17FGEayjUWH172H6nwicRovGvSE2CPZouc2MCIqCI7h9d+GftQ=="; + }; + }; + "lunr-2.3.3" = { + name = "lunr"; + packageName = "lunr"; + version = "2.3.3"; + src = fetchurl { + url = "https://registry.npmjs.org/lunr/-/lunr-2.3.3.tgz"; + sha512 = "rlAEsgU9Bnavca2w1WJ6+6cdeHMXNyadcersyk3ZpuhgWb5HBNj8l4WwJz9PjksAhYDlpQffCVXPctOn+wCIVA=="; + }; + }; + "mime-db-1.38.0" = { + name = "mime-db"; + packageName = "mime-db"; + version = "1.38.0"; + src = fetchurl { + url = "https://registry.npmjs.org/mime-db/-/mime-db-1.38.0.tgz"; + sha512 = "bqVioMFFzc2awcdJZIzR3HjZFX20QhilVS7hytkKrv7xFAn8bM1gzc/FOX2awLISvWe0PV8ptFKcon+wZ5qYkg=="; + }; + }; + "mime-types-2.1.22" = { + name = "mime-types"; + packageName = "mime-types"; + version = "2.1.22"; + src = fetchurl { + url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.22.tgz"; + sha512 = "aGl6TZGnhm/li6F7yx82bJiBZwgiEa4Hf6CNr8YO+r5UHr53tSTYZb102zyU50DOWWKeOv0uQLRL0/9EiKWCog=="; + }; + }; + "mimic-fn-1.2.0" = { + name = "mimic-fn"; + packageName = "mimic-fn"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/mimic-fn/-/mimic-fn-1.2.0.tgz"; + sha512 = "jf84uxzwiuiIVKiOLpfYk7N46TSy8ubTonmneY9vrpHNAnp0QBt2BxWV9dO3/j+BoVAb+a5G6YDPW3M5HOdMWQ=="; + }; + }; + "mute-stream-0.0.7" = { + name = "mute-stream"; + packageName = "mute-stream"; + version = "0.0.7"; + src = fetchurl { + url = "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.7.tgz"; + sha1 = "3075ce93bc21b8fab43e1bc4da7e8115ed1e7bab"; + }; + }; + "node-fetch-2.2.0" = { + name = "node-fetch"; + packageName = "node-fetch"; + version = "2.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/node-fetch/-/node-fetch-2.2.0.tgz"; + sha512 = "OayFWziIxiHY8bCUyLX6sTpDH8Jsbp4FfYd1j1f7vZyfgkcOnAyM4oQR16f8a0s7Gl/viMGRey8eScYk4V4EZA=="; + }; + }; + "node-forge-0.7.6" = { + name = "node-forge"; + packageName = "node-forge"; + version = "0.7.6"; + src = fetchurl { + url = "https://registry.npmjs.org/node-forge/-/node-forge-0.7.6.tgz"; + sha512 = "sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw=="; + }; + }; + "nwsapi-2.1.3" = { + name = "nwsapi"; + packageName = "nwsapi"; + version = "2.1.3"; + src = fetchurl { + url = "https://registry.npmjs.org/nwsapi/-/nwsapi-2.1.3.tgz"; + sha512 = "RowAaJGEgYXEZfQ7tvvdtAQUKPyTR6T6wNu0fwlNsGQYr/h3yQc6oI8WnVZh3Y/Sylwc+dtAlvPqfFZjhTyk3A=="; + }; + }; + "oauth-sign-0.9.0" = { + name = "oauth-sign"; + packageName = "oauth-sign"; + version = "0.9.0"; + src = fetchurl { + url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz"; + sha512 = "fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="; + }; + }; + "onetime-2.0.1" = { + name = "onetime"; + packageName = "onetime"; + version = "2.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/onetime/-/onetime-2.0.1.tgz"; + sha1 = "067428230fd67443b2794b22bba528b6867962d4"; + }; + }; + "optionator-0.8.2" = { + name = "optionator"; + packageName = "optionator"; + version = "0.8.2"; + src = fetchurl { + url = "https://registry.npmjs.org/optionator/-/optionator-0.8.2.tgz"; + sha1 = "364c5e409d3f4d6301d6c0b4c05bba50180aeb64"; + }; + }; + "os-tmpdir-1.0.2" = { + name = "os-tmpdir"; + packageName = "os-tmpdir"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz"; + sha1 = "bbe67406c79aa85c5cfec766fe5734555dfa1274"; + }; + }; + "papaparse-4.6.0" = { + name = "papaparse"; + packageName = "papaparse"; + version = "4.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/papaparse/-/papaparse-4.6.0.tgz"; + sha512 = "ylm8pmgyz9rkS3Ng/ru5tHUF3JxWwKYP0aZZWZ8eCGdSxoqgYiDUXLNQei73mUJOjHw8QNu5ZNCsLoDpkMA6sg=="; + }; + }; + "parse5-5.1.0" = { + name = "parse5"; + packageName = "parse5"; + version = "5.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/parse5/-/parse5-5.1.0.tgz"; + sha512 = "fxNG2sQjHvlVAYmzBZS9YlDp6PTSSDwa98vkD4QgVDDCAo84z5X1t5XyJQ62ImdLXx5NdIIfihey6xpum9/gRQ=="; + }; + }; + "performance-now-2.1.0" = { + name = "performance-now"; + packageName = "performance-now"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz"; + sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"; + }; + }; + "pify-3.0.0" = { + name = "pify"; + packageName = "pify"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz"; + sha1 = "e5a4acd2c101fdf3d9a4d07f0dbc4db49dd28176"; + }; + }; + "pn-1.1.0" = { + name = "pn"; + packageName = "pn"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/pn/-/pn-1.1.0.tgz"; + sha512 = "2qHaIQr2VLRFoxe2nASzsV6ef4yOOH+Fi9FBOVH6cqeSgUnoyySPZkxzLuzd+RYOQTRpROA0ztTMqxROKSb/nA=="; + }; + }; + "prelude-ls-1.1.2" = { + name = "prelude-ls"; + packageName = "prelude-ls"; + version = "1.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz"; + sha1 = "21932a549f5e52ffd9a827f570e04be62a97da54"; + }; + }; + "psl-1.1.31" = { + name = "psl"; + packageName = "psl"; + version = "1.1.31"; + src = fetchurl { + url = "https://registry.npmjs.org/psl/-/psl-1.1.31.tgz"; + sha512 = "/6pt4+C+T+wZUieKR620OpzN/LlnNKuWjy1iFLQ/UG35JqHlR/89MP1d96dUfkf6Dne3TuLQzOYEYshJ+Hx8mw=="; + }; + }; + "punycode-1.4.1" = { + name = "punycode"; + packageName = "punycode"; + version = "1.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz"; + sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e"; + }; + }; + "punycode-2.1.1" = { + name = "punycode"; + packageName = "punycode"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz"; + sha512 = "XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="; + }; + }; + "qs-6.5.2" = { + name = "qs"; + packageName = "qs"; + version = "6.5.2"; + src = fetchurl { + url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz"; + sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="; + }; + }; + "request-2.88.0" = { + name = "request"; + packageName = "request"; + version = "2.88.0"; + src = fetchurl { + url = "https://registry.npmjs.org/request/-/request-2.88.0.tgz"; + sha512 = "NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg=="; + }; + }; + "request-promise-core-1.1.2" = { + name = "request-promise-core"; + packageName = "request-promise-core"; + version = "1.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/request-promise-core/-/request-promise-core-1.1.2.tgz"; + sha512 = "UHYyq1MO8GsefGEt7EprS8UrXsm1TxEvFUX1IMTuSLU2Rh7fTIdFtl8xD7JiEYiWU2dl+NYAjCTksTehQUxPag=="; + }; + }; + "request-promise-native-1.0.7" = { + name = "request-promise-native"; + packageName = "request-promise-native"; + version = "1.0.7"; + src = fetchurl { + url = "https://registry.npmjs.org/request-promise-native/-/request-promise-native-1.0.7.tgz"; + sha512 = "rIMnbBdgNViL37nZ1b3L/VfPOpSi0TqVDQPAvO6U14lMzOLrt5nilxCQqtDKhZeDiW0/hkCXGoQjhgJd/tCh6w=="; + }; + }; + "restore-cursor-2.0.0" = { + name = "restore-cursor"; + packageName = "restore-cursor"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/restore-cursor/-/restore-cursor-2.0.0.tgz"; + sha1 = "9f7ee287f82fd326d4fd162923d62129eee0dfaf"; + }; + }; + "run-async-2.3.0" = { + name = "run-async"; + packageName = "run-async"; + version = "2.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/run-async/-/run-async-2.3.0.tgz"; + sha1 = "0371ab4ae0bdd720d4166d7dfda64ff7a445a6c0"; + }; + }; + "rxjs-6.4.0" = { + name = "rxjs"; + packageName = "rxjs"; + version = "6.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/rxjs/-/rxjs-6.4.0.tgz"; + sha512 = "Z9Yfa11F6B9Sg/BK9MnqnQ+aQYicPLtilXBp2yUtDt2JRCE0h26d33EnfO3ZxoNxG0T92OUucP3Ct7cpfkdFfw=="; + }; + }; + "safe-buffer-5.1.2" = { + name = "safe-buffer"; + packageName = "safe-buffer"; + version = "5.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz"; + sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="; + }; + }; + "safer-buffer-2.1.2" = { + name = "safer-buffer"; + packageName = "safer-buffer"; + version = "2.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz"; + sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="; + }; + }; + "saxes-3.1.9" = { + name = "saxes"; + packageName = "saxes"; + version = "3.1.9"; + src = fetchurl { + url = "https://registry.npmjs.org/saxes/-/saxes-3.1.9.tgz"; + sha512 = "FZeKhJglhJHk7eWG5YM0z46VHmI3KJpMBAQm3xa9meDvd+wevB5GuBB0wc0exPInZiBBHqi00DbS8AcvCGCFMw=="; + }; + }; + "signal-exit-3.0.2" = { + name = "signal-exit"; + packageName = "signal-exit"; + version = "3.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz"; + sha1 = "b5fdc08f1287ea1178628e415e25132b73646c6d"; + }; + }; + "source-map-0.6.1" = { + name = "source-map"; + packageName = "source-map"; + version = "0.6.1"; + src = fetchurl { + url = "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz"; + sha512 = "UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g=="; + }; + }; + "sshpk-1.16.1" = { + name = "sshpk"; + packageName = "sshpk"; + version = "1.16.1"; + src = fetchurl { + url = "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz"; + sha512 = "HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg=="; + }; + }; + "stealthy-require-1.1.1" = { + name = "stealthy-require"; + packageName = "stealthy-require"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/stealthy-require/-/stealthy-require-1.1.1.tgz"; + sha1 = "35b09875b4ff49f26a777e509b3090a3226bf24b"; + }; + }; + "steno-0.4.4" = { + name = "steno"; + packageName = "steno"; + version = "0.4.4"; + src = fetchurl { + url = "https://registry.npmjs.org/steno/-/steno-0.4.4.tgz"; + sha1 = "071105bdfc286e6615c0403c27e9d7b5dcb855cb"; + }; + }; + "string-width-2.1.1" = { + name = "string-width"; + packageName = "string-width"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz"; + sha512 = "nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw=="; + }; + }; + "strip-ansi-4.0.0" = { + name = "strip-ansi"; + packageName = "strip-ansi"; + version = "4.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz"; + sha1 = "a8479022eb1ac368a871389b635262c505ee368f"; + }; + }; + "supports-color-5.5.0" = { + name = "supports-color"; + packageName = "supports-color"; + version = "5.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz"; + sha512 = "QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow=="; + }; + }; + "symbol-tree-3.2.2" = { + name = "symbol-tree"; + packageName = "symbol-tree"; + version = "3.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.2.tgz"; + sha1 = "ae27db38f660a7ae2e1c3b7d1bc290819b8519e6"; + }; + }; + "through-2.3.8" = { + name = "through"; + packageName = "through"; + version = "2.3.8"; + src = fetchurl { + url = "https://registry.npmjs.org/through/-/through-2.3.8.tgz"; + sha1 = "0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5"; + }; + }; + "tldjs-2.3.1" = { + name = "tldjs"; + packageName = "tldjs"; + version = "2.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/tldjs/-/tldjs-2.3.1.tgz"; + sha512 = "W/YVH/QczLUxVjnQhFC61Iq232NWu3TqDdO0S/MtXVz4xybejBov4ud+CIwN9aYqjOecEqIy0PscGkwpG9ZyTw=="; + }; + }; + "tmp-0.0.33" = { + name = "tmp"; + packageName = "tmp"; + version = "0.0.33"; + src = fetchurl { + url = "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz"; + sha512 = "jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw=="; + }; + }; + "tough-cookie-2.4.3" = { + name = "tough-cookie"; + packageName = "tough-cookie"; + version = "2.4.3"; + src = fetchurl { + url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz"; + sha512 = "Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ=="; + }; + }; + "tough-cookie-2.5.0" = { + name = "tough-cookie"; + packageName = "tough-cookie"; + version = "2.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz"; + sha512 = "nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g=="; + }; + }; + "tr46-1.0.1" = { + name = "tr46"; + packageName = "tr46"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz"; + sha1 = "a8b13fd6bfd2489519674ccde55ba3693b706d09"; + }; + }; + "tslib-1.9.3" = { + name = "tslib"; + packageName = "tslib"; + version = "1.9.3"; + src = fetchurl { + url = "https://registry.npmjs.org/tslib/-/tslib-1.9.3.tgz"; + sha512 = "4krF8scpejhaOgqzBEcGM7yDIEfi0/8+8zDRZhNZZ2kjmHJ4hv3zCbQWxoJGz1iw5U0Jl0nma13xzHXcncMavQ=="; + }; + }; + "tunnel-agent-0.6.0" = { + name = "tunnel-agent"; + packageName = "tunnel-agent"; + version = "0.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz"; + sha1 = "27a5dea06b36b04a0a9966774b290868f0fc40fd"; + }; + }; + "tweetnacl-0.14.5" = { + name = "tweetnacl"; + packageName = "tweetnacl"; + version = "0.14.5"; + src = fetchurl { + url = "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz"; + sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64"; + }; + }; + "type-check-0.3.2" = { + name = "type-check"; + packageName = "type-check"; + version = "0.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz"; + sha1 = "5884cab512cf1d355e3fb784f30804b2b520db72"; + }; + }; + "uri-js-4.2.2" = { + name = "uri-js"; + packageName = "uri-js"; + version = "4.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz"; + sha512 = "KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ=="; + }; + }; + "uuid-3.3.2" = { + name = "uuid"; + packageName = "uuid"; + version = "3.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz"; + sha512 = "yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA=="; + }; + }; + "verror-1.10.0" = { + name = "verror"; + packageName = "verror"; + version = "1.10.0"; + src = fetchurl { + url = "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz"; + sha1 = "3a105ca17053af55d6e270c1f8288682e18da400"; + }; + }; + "w3c-hr-time-1.0.1" = { + name = "w3c-hr-time"; + packageName = "w3c-hr-time"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/w3c-hr-time/-/w3c-hr-time-1.0.1.tgz"; + sha1 = "82ac2bff63d950ea9e3189a58a65625fedf19045"; + }; + }; + "w3c-xmlserializer-1.1.2" = { + name = "w3c-xmlserializer"; + packageName = "w3c-xmlserializer"; + version = "1.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-1.1.2.tgz"; + sha512 = "p10l/ayESzrBMYWRID6xbuCKh2Fp77+sA0doRuGn4tTIMrrZVeqfpKjXHY+oDh3K4nLdPgNwMTVP6Vp4pvqbNg=="; + }; + }; + "webidl-conversions-4.0.2" = { + name = "webidl-conversions"; + packageName = "webidl-conversions"; + version = "4.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz"; + sha512 = "YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg=="; + }; + }; + "whatwg-encoding-1.0.5" = { + name = "whatwg-encoding"; + packageName = "whatwg-encoding"; + version = "1.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-1.0.5.tgz"; + sha512 = "b5lim54JOPN9HtzvK9HFXvBma/rnfFeqsic0hSpjtDbVxR3dJKLc+KB4V6GgiGOvl7CY/KNh8rxSo9DKQrnUEw=="; + }; + }; + "whatwg-mimetype-2.3.0" = { + name = "whatwg-mimetype"; + packageName = "whatwg-mimetype"; + version = "2.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz"; + sha512 = "M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g=="; + }; + }; + "whatwg-url-7.0.0" = { + name = "whatwg-url"; + packageName = "whatwg-url"; + version = "7.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/whatwg-url/-/whatwg-url-7.0.0.tgz"; + sha512 = "37GeVSIJ3kn1JgKyjiYNmSLP1yzbpb29jdmwBSgkD9h40/hyrR/OifpVUndji3tmwGgD8qpw7iQu3RSbCrBpsQ=="; + }; + }; + "wordwrap-1.0.0" = { + name = "wordwrap"; + packageName = "wordwrap"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz"; + sha1 = "27584810891456a4171c8d0226441ade90cbcaeb"; + }; + }; + "ws-6.2.1" = { + name = "ws"; + packageName = "ws"; + version = "6.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ws/-/ws-6.2.1.tgz"; + sha512 = "GIyAXC2cB7LjvpgMt9EKS2ldqr0MTrORaleiOno6TweZ6r3TKtoFQWay/2PceJ3RuBasOHzXNn5Lrw1X0bEjqA=="; + }; + }; + "xml-name-validator-3.0.0" = { + name = "xml-name-validator"; + packageName = "xml-name-validator"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-3.0.0.tgz"; + sha512 = "A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw=="; + }; + }; + "xmlchars-1.3.1" = { + name = "xmlchars"; + packageName = "xmlchars"; + version = "1.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/xmlchars/-/xmlchars-1.3.1.tgz"; + sha512 = "tGkGJkN8XqCod7OT+EvGYK5Z4SfDQGD30zAa58OcnAa0RRWgzUEK72tkXhsX1FZd+rgnhRxFtmO+ihkp8LHSkw=="; + }; + }; + "zxcvbn-4.4.2" = { + name = "zxcvbn"; + packageName = "zxcvbn"; + version = "4.4.2"; + src = fetchurl { + url = "https://registry.npmjs.org/zxcvbn/-/zxcvbn-4.4.2.tgz"; + sha1 = "28ec17cf09743edcab056ddd8b1b06262cc73c30"; + }; + }; + }; +in +{ + "@bitwarden/cli" = nodeEnv.buildNodePackage { + name = "_at_bitwarden_slash_cli"; + packageName = "@bitwarden/cli"; + version = "1.7.4"; + src = fetchurl { + url = "https://registry.npmjs.org/@bitwarden/cli/-/cli-1.7.4.tgz"; + sha512 = "WCYARJaSpcItFvxPFdRXTO9s26HbYFazL3wSlZ7HuL4tiML/7AfPD4wO3J7fgBn1ghU5NGJ7YZIL+oPmiuw6+Q=="; + }; + dependencies = [ + sources."abab-2.0.0" + sources."acorn-6.1.1" + sources."acorn-globals-4.3.0" + sources."acorn-walk-6.1.1" + sources."ajv-6.10.0" + sources."ansi-escapes-3.2.0" + sources."ansi-regex-3.0.0" + sources."ansi-styles-3.2.1" + sources."array-equal-1.0.0" + sources."asn1-0.2.4" + sources."assert-plus-1.0.0" + sources."async-limiter-1.0.0" + sources."asynckit-0.4.0" + sources."aws-sign2-0.7.0" + sources."aws4-1.8.0" + sources."bcrypt-pbkdf-1.0.2" + sources."big-integer-1.6.36" + sources."browser-process-hrtime-0.1.3" + sources."caseless-0.12.0" + sources."chalk-2.4.1" + sources."chardet-0.7.0" + sources."cli-cursor-2.1.0" + sources."cli-width-2.2.0" + sources."color-convert-1.9.3" + sources."color-name-1.1.3" + sources."combined-stream-1.0.6" + sources."commander-2.18.0" + sources."core-util-is-1.0.2" + sources."cssom-0.3.6" + sources."cssstyle-1.2.2" + sources."dashdash-1.14.1" + sources."data-urls-1.1.0" + sources."deep-is-0.1.3" + sources."delayed-stream-1.0.0" + sources."domexception-1.0.1" + sources."ecc-jsbn-0.1.2" + sources."escape-string-regexp-1.0.5" + sources."escodegen-1.11.1" + sources."esprima-3.1.3" + sources."estraverse-4.2.0" + sources."esutils-2.0.2" + sources."extend-3.0.2" + sources."external-editor-3.0.3" + sources."extsprintf-1.3.0" + sources."fast-deep-equal-2.0.1" + sources."fast-json-stable-stringify-2.0.0" + sources."fast-levenshtein-2.0.6" + sources."figures-2.0.0" + sources."forever-agent-0.6.1" + sources."form-data-2.3.2" + sources."getpass-0.1.7" + sources."graceful-fs-4.1.15" + sources."har-schema-2.0.0" + sources."har-validator-5.1.3" + sources."has-flag-3.0.0" + sources."html-encoding-sniffer-1.0.2" + sources."http-signature-1.2.0" + sources."iconv-lite-0.4.24" + sources."inquirer-6.2.0" + sources."is-fullwidth-code-point-2.0.0" + sources."is-promise-2.1.0" + sources."is-typedarray-1.0.0" + sources."isstream-0.1.2" + sources."jsbn-0.1.1" + sources."jsdom-13.2.0" + sources."json-schema-0.2.3" + sources."json-schema-traverse-0.4.1" + sources."json-stringify-safe-5.0.1" + sources."jsprim-1.4.1" + sources."levn-0.3.0" + sources."lodash-4.17.11" + sources."lodash.sortby-4.7.0" + sources."lowdb-1.0.0" + sources."lunr-2.3.3" + sources."mime-db-1.38.0" + sources."mime-types-2.1.22" + sources."mimic-fn-1.2.0" + sources."mute-stream-0.0.7" + sources."node-fetch-2.2.0" + sources."node-forge-0.7.6" + sources."nwsapi-2.1.3" + sources."oauth-sign-0.9.0" + sources."onetime-2.0.1" + sources."optionator-0.8.2" + sources."os-tmpdir-1.0.2" + sources."papaparse-4.6.0" + sources."parse5-5.1.0" + sources."performance-now-2.1.0" + sources."pify-3.0.0" + sources."pn-1.1.0" + sources."prelude-ls-1.1.2" + sources."psl-1.1.31" + sources."punycode-2.1.1" + sources."qs-6.5.2" + (sources."request-2.88.0" // { + dependencies = [ + sources."punycode-1.4.1" + sources."tough-cookie-2.4.3" + ]; + }) + sources."request-promise-core-1.1.2" + sources."request-promise-native-1.0.7" + sources."restore-cursor-2.0.0" + sources."run-async-2.3.0" + sources."rxjs-6.4.0" + sources."safe-buffer-5.1.2" + sources."safer-buffer-2.1.2" + sources."saxes-3.1.9" + sources."signal-exit-3.0.2" + sources."source-map-0.6.1" + sources."sshpk-1.16.1" + sources."stealthy-require-1.1.1" + sources."steno-0.4.4" + sources."string-width-2.1.1" + sources."strip-ansi-4.0.0" + sources."supports-color-5.5.0" + sources."symbol-tree-3.2.2" + sources."through-2.3.8" + (sources."tldjs-2.3.1" // { + dependencies = [ + sources."punycode-1.4.1" + ]; + }) + sources."tmp-0.0.33" + sources."tough-cookie-2.5.0" + sources."tr46-1.0.1" + sources."tslib-1.9.3" + sources."tunnel-agent-0.6.0" + sources."tweetnacl-0.14.5" + sources."type-check-0.3.2" + sources."uri-js-4.2.2" + sources."uuid-3.3.2" + sources."verror-1.10.0" + sources."w3c-hr-time-1.0.1" + sources."w3c-xmlserializer-1.1.2" + sources."webidl-conversions-4.0.2" + sources."whatwg-encoding-1.0.5" + sources."whatwg-mimetype-2.3.0" + sources."whatwg-url-7.0.0" + sources."wordwrap-1.0.0" + sources."ws-6.2.1" + sources."xml-name-validator-3.0.0" + sources."xmlchars-1.3.1" + sources."zxcvbn-4.4.2" + ]; + buildInputs = globalBuildInputs; + meta = { + description = "A secure and free password manager for all of your devices."; + homepage = https://bitwarden.com/; + license = "GPL-3.0"; + }; + production = true; + bypassCache = true; + }; +} \ No newline at end of file diff --git a/nixpkgs/pkgs/tools/security/bitwarden-cli/node-packages.json b/nixpkgs/pkgs/tools/security/bitwarden-cli/node-packages.json new file mode 100644 index 000000000000..624aa87bcbea --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bitwarden-cli/node-packages.json @@ -0,0 +1,3 @@ +[ + "@bitwarden/cli" +] diff --git a/nixpkgs/pkgs/tools/security/bitwarden-cli/node-packages.nix b/nixpkgs/pkgs/tools/security/bitwarden-cli/node-packages.nix new file mode 100644 index 000000000000..6fb6421eb2db --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bitwarden-cli/node-packages.nix @@ -0,0 +1,17 @@ +# This file has been generated by node2nix 1.6.0. Do not edit! + +{pkgs ? import <nixpkgs> { + inherit system; + }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-8_x"}: + +let + nodeEnv = import ../../../development/node-packages/node-env.nix { + inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; + inherit nodejs; + libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; + }; +in +import ./node-packages-generated.nix { + inherit (pkgs) fetchurl fetchgit; + inherit nodeEnv; +} \ No newline at end of file diff --git a/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix b/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix new file mode 100644 index 000000000000..d22a2773fd9d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix @@ -0,0 +1,28 @@ +{ stdenv, rustPlatform, fetchFromGitHub, pkgconfig, openssl, Security, CoreServices }: + +rustPlatform.buildRustPackage rec { + pname = "bitwarden_rs"; + version = "1.9.0"; + + src = fetchFromGitHub { + owner = "dani-garcia"; + repo = pname; + rev = version; + sha256 = "14c2blzkmdd9s0gpf6b7y141yx9s2v2gmwy5l1lgqjhi3h6jpcqr"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ openssl ] ++ stdenv.lib.optionals stdenv.isDarwin [ Security CoreServices ]; + + RUSTC_BOOTSTRAP = 1; + + cargoSha256 = "038l6alcdc0g4avpbzxgd2k09nr3wrsbry763bq2c77qqgwldj8r"; + + meta = with stdenv.lib; { + description = "An unofficial lightweight implementation of the Bitwarden server API using Rust and SQLite"; + homepage = https://github.com/dani-garcia/bitwarden_rs; + license = licenses.gpl3; + maintainers = with maintainers; [ msteen ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix b/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix new file mode 100644 index 000000000000..44c8047684fd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "bitwarden_rs-vault"; + version = "2.10.1"; + + src = fetchurl { + url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; + sha256 = "1avgxlsxi7mb8zpqai3j1qb43qq09ya5ngb7l4q7mj0d89lxrzhb"; + }; + + buildCommand = '' + mkdir -p $out/share/bitwarden_rs/vault + cd $out/share/bitwarden_rs/vault + tar xf $src + ''; + + meta = with stdenv.lib; { + description = "Integrates the web vault into bitwarden_rs"; + homepage = https://github.com/dani-garcia/bw_web_builds; + platforms = platforms.all; + license = licenses.gpl3; + maintainers = with maintainers; [ msteen ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bmrsa/11.nix b/nixpkgs/pkgs/tools/security/bmrsa/11.nix new file mode 100644 index 000000000000..9faedf0c7ef9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bmrsa/11.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + name = "bmrsa-${version}"; + version = "11"; + + src = fetchurl { + url = "mirror://sourceforge/bmrsa/bmrsa${version}.zip"; + sha256 = "0ksd9xkvm9lkvj4yl5sl0zmydp1wn3xhc55b28gj70gi4k75kcl4"; + }; + + buildInputs = [ unzip ]; + + unpackPhase = '' + mkdir bmrsa + cd bmrsa + unzip ${src} + sed -e 's/gcc/g++/' -i Makefile + mkdir -p $out/bin + echo -e 'install:\n\tcp bmrsa '$out'/bin' >> Makefile + ''; + + meta = with stdenv.lib; { + description = "RSA utility"; + homepage = http://bmrsa.sourceforge.net/; + license = licenses.gpl1; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/browserpass/default.nix b/nixpkgs/pkgs/tools/security/browserpass/default.nix new file mode 100644 index 000000000000..966383163e60 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/browserpass/default.nix @@ -0,0 +1,54 @@ +{ lib, buildGoModule, fetchFromGitHub, makeWrapper, gnupg }: +buildGoModule rec { + pname = "browserpass"; + version = "3.0.6"; + + src = fetchFromGitHub { + owner = "browserpass"; + repo = "browserpass-native"; + rev = version; + sha256 = "0q3bsla07zjl6i69nj1axbkg2ia89pvh0jg6nlqgbm2kpzzbn0pz"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + modSha256 = "13yw7idgw8l48yvm4jjha0kbx6q22m2zp13y006mikavynqsr5kj"; + + postPatch = '' + # Because this Makefile will be installed to be used by the user, patch + # variables to be valid by default + substituteInPlace Makefile \ + --replace "PREFIX ?= /usr" "" + sed -i -e 's/SED :=.*/SED := sed/' Makefile + sed -i -e 's/INSTALL :=.*/INSTALL := install/' Makefile + ''; + + DESTDIR = placeholder "out"; + + postConfigure = '' + make configure + ''; + + buildPhase = '' + make + ''; + + installPhase = '' + make install + + wrapProgram $out/bin/browserpass \ + --suffix PATH : ${lib.makeBinPath [ gnupg ]} + + # This path is used by our firefox wrapper for finding native messaging hosts + mkdir -p $out/lib/mozilla/native-messaging-hosts + ln -s $out/lib/browserpass/hosts/firefox/*.json $out/lib/mozilla/native-messaging-hosts + ''; + + meta = with lib; { + description = "Browserpass native client app"; + homepage = https://github.com/browserpass/browserpass-native; + license = licenses.isc; + platforms = platforms.all; + maintainers = with maintainers; [ rvolosatovs infinisil ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bruteforce-luks/default.nix b/nixpkgs/pkgs/tools/security/bruteforce-luks/default.nix new file mode 100644 index 000000000000..69444d1612e8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bruteforce-luks/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, cryptsetup }: + +stdenv.mkDerivation rec { + name = "bruteforce-luks-${version}"; + version = "1.3.2"; + + src = fetchFromGitHub { + sha256 = "0ws5bm5pczhvqrlhl60h8a9rdwk6xlh9wr5ndnkyxvv7m90qpy9b"; + rev = version; + repo = "bruteforce-luks"; + owner = "glv2"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ cryptsetup ]; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with stdenv.lib; { + inherit (src.meta) homepage; + description = "Cracks passwords of LUKS encrypted volumes"; + longDescription = '' + The program tries to decrypt at least one of the key slots by trying + all the possible passwords. It is especially useful if you know + something about the password (i.e. you forgot a part of your password but + still remember most of it). Finding the password of a volume without + knowing anything about it would take way too much time (unless the + password is really short and/or weak). It can also use a dictionary. + ''; + license = licenses.gpl3Plus; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile new file mode 100644 index 000000000000..f9fb0e329bd4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile @@ -0,0 +1,2 @@ +source 'https://rubygems.org' +gem 'bundler-audit' diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock new file mode 100644 index 000000000000..28cbcf5a9a66 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock @@ -0,0 +1,16 @@ +GEM + remote: https://rubygems.org/ + specs: + bundler-audit (0.6.1) + bundler (>= 1.2.0, < 3) + thor (~> 0.18) + thor (0.20.3) + +PLATFORMS + ruby + +DEPENDENCIES + bundler-audit + +BUNDLED WITH + 1.14.6 diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/default.nix b/nixpkgs/pkgs/tools/security/bundler-audit/default.nix new file mode 100644 index 000000000000..8b19b6103d4a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bundler-audit/default.nix @@ -0,0 +1,26 @@ +{ bundlerEnv, ruby, lib }: + +bundlerEnv rec { + name = "${pname}-${version}"; + pname = "bundler-audit"; + version = (import ./gemset.nix).bundler-audit.version; + + inherit ruby; + gemdir = ./.; + + meta = with lib; { + description = "Patch-level verification for Bundler"; + longDescription = '' + Features: + - Checks for vulnerable versions of gems in Gemfile.lock. + - Checks for insecure gem sources (http://). + - Allows ignoring certain advisories that have been manually worked around. + - Prints advisory information. + - Does not require a network connection. + ''; + homepage = https://github.com/rubysec/bundler-audit; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ primeos ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix new file mode 100644 index 000000000000..56d78b3e8f16 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix @@ -0,0 +1,19 @@ +{ + bundler-audit = { + dependencies = ["thor"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pm22xpn3xyymsainixnrk8v3l3xi9bzwkjkspx00cfzp84xvxbq"; + type = "gem"; + }; + version = "0.6.1"; + }; + thor = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1yhrnp9x8qcy5vc7g438amd5j9sw83ih7c30dr6g6slgw9zj3g29"; + type = "gem"; + }; + version = "0.20.3"; + }; +} \ No newline at end of file diff --git a/nixpkgs/pkgs/tools/security/ccid/default.nix b/nixpkgs/pkgs/tools/security/ccid/default.nix new file mode 100644 index 000000000000..6fbcffdae290 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ccid/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchurl, pcsclite, pkgconfig, libusb1, perl }: + +stdenv.mkDerivation rec { + version = "1.4.30"; + name = "ccid-${version}"; + + src = fetchurl { + url = "https://ccid.apdu.fr/files/${name}.tar.bz2"; + sha256 = "0z7zafdg75fr1adlv2x0zz34s07gljcjg2lsz76s1048w1xhh5xc"; + }; + + postPatch = '' + patchShebangs . + substituteInPlace src/Makefile.in --replace /bin/echo echo + ''; + + preConfigure = '' + configureFlagsArray+=("--enable-usbdropdir=$out/pcsc/drivers") + ''; + + nativeBuildInputs = [ pkgconfig perl ]; + buildInputs = [ pcsclite libusb1 ]; + + meta = with stdenv.lib; { + description = "ccid drivers for pcsclite"; + homepage = https://ccid.apdu.fr/; + license = licenses.gpl2Plus; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ccrypt/default.nix b/nixpkgs/pkgs/tools/security/ccrypt/default.nix new file mode 100644 index 000000000000..77a15e2f27c7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ccrypt/default.nix @@ -0,0 +1,22 @@ +{stdenv, fetchurl, perl}: + +stdenv.mkDerivation { + name = "ccrypt-1.11"; + + src = fetchurl { + url = mirror://sourceforge/ccrypt/ccrypt-1.11.tar.gz; + sha256 = "0kx4a5mhmp73ljknl2lcccmw9z3f5y8lqw0ghaymzvln1984g75i"; + }; + + nativeBuildInputs = [ perl ]; + + hardeningDisable = [ "format" ]; + + meta = { + homepage = http://ccrypt.sourceforge.net/; + description = "Utility for encrypting and decrypting files and streams with AES-256"; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = with stdenv.lib.maintainers; [viric]; + platforms = with stdenv.lib.platforms; all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/certmgr/default.nix b/nixpkgs/pkgs/tools/security/certmgr/default.nix new file mode 100644 index 000000000000..a025c69b7381 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/certmgr/default.nix @@ -0,0 +1,43 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }: + +let + generic = { patches ? [] }: + buildGoPackage rec { + version = "1.6.4"; + name = "certmgr-${version}"; + + goPackagePath = "github.com/cloudflare/certmgr/"; + + src = fetchFromGitHub { + owner = "cloudflare"; + repo = "certmgr"; + rev = "v${version}"; + sha256 = "0glvyp61ya21pdm2bsvq3vfhmmxc2998vxc6hiyc79ijsv9n6jqi"; + }; + + inherit patches; + + meta = with stdenv.lib; { + homepage = https://cfssl.org/; + description = "Cloudflare's certificate manager"; + platforms = platforms.linux; + license = licenses.bsd2; + maintainers = with maintainers; [ johanot srhb ]; + }; + }; +in +{ + certmgr = generic {}; + + certmgr-selfsigned = generic { + # The following patch makes it possible to use a self-signed x509 cert + # for the cfssl apiserver. + # TODO: remove patch when PR is merged. + patches = [ + (fetchpatch { + url = "https://github.com/cloudflare/certmgr/pull/51.patch"; + sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs"; + }) + ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/certstrap/default.nix b/nixpkgs/pkgs/tools/security/certstrap/default.nix new file mode 100644 index 000000000000..e0935f0f7606 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/certstrap/default.nix @@ -0,0 +1,23 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "certstrap-${version}"; + version = "1.1.1"; + + goPackagePath = "github.com/square/certstrap"; + + src = fetchFromGitHub { + owner = "square"; + repo = "certstrap"; + rev = "v${version}"; + sha256 = "0j7gi2nzykny7i0gjax9vixw72l9jcm4wnwxgm72hh1pji0ysa8n"; + }; + + meta = with stdenv.lib; { + inherit (src.meta) homepage; + description = "Tools to bootstrap CAs, certificate requests, and signed certificates"; + platforms = platforms.all; + license = licenses.asl20; + maintainers = with maintainers; [ volth ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cfssl/default.nix b/nixpkgs/pkgs/tools/security/cfssl/default.nix new file mode 100644 index 000000000000..750539b3ace8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cfssl/default.nix @@ -0,0 +1,34 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }: + +buildGoPackage rec { + name = "cfssl-${version}"; + version = "1.3.2"; + + goPackagePath = "github.com/cloudflare/cfssl"; + + src = fetchFromGitHub { + owner = "cloudflare"; + repo = "cfssl"; + rev = version; + sha256 = "0j2gz2vl2pf7ir7sc7jrwmjnr67hk4qhxw09cjx132jbk337jc9x"; + }; + + # The following patch ensures that the auth-key decoder doesn't break, + # if the auth-key file contains leading or trailing whitespaces. + # https://github.com/cloudflare/cfssl/pull/923 is merged + # remove patch when it becomes part of a release. + patches = [ + (fetchpatch { + url = "https://github.com/cloudflare/cfssl/commit/7e13f60773c96644db9dd8d342d42fe3a4d26f36.patch"; + sha256 = "1z2v2i8yj7qpj8zj5f2q739nhrr9s59jwzfzk52wfgssl4vv5mn5"; + }) + ]; + + meta = with stdenv.lib; { + homepage = https://cfssl.org/; + description = "Cloudflare's PKI and TLS toolkit"; + license = licenses.bsd2; + maintainers = with maintainers; [ mbrgm ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chaps/default.nix b/nixpkgs/pkgs/tools/security/chaps/default.nix new file mode 100644 index 000000000000..3c6f52a4c7f6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chaps/default.nix @@ -0,0 +1,84 @@ +{ stdenv, fetchgit, fetchurl, trousers, leveldb, unzip, scons, pkgconfig +, glib, dbus_cplusplus, dbus, protobuf, openssl, snappy, pam }: + +let + src_chromebase = fetchgit { + url = "https://chromium.googlesource.com/chromium/src/base.git"; + rev = "2dfe404711e15e24e79799516400c61b2719d7af"; + sha256 = "2bd93a3ace4b6767db2c1bd1e16f426c97b8d2133a9cb15f8372b2516cfa65c5"; + }; + + src_gmock = fetchurl { + url = "https://googlemock.googlecode.com/files/gmock-1.7.0.zip"; + sha256 = "0nq98cpnv2jsx2byp4ilam6kydcnziflkc16ikydajmp4mcvpz16"; + }; + + src_platform2 = fetchgit { + url = "https://chromium.googlesource.com/chromiumos/platform2"; + rev = "e999e989eaa71c3db7314fc7b4e20829b2b5473b"; + sha256 = "15n1bsv6r7cny7arx0hdb223xzzbk7vkxg2r7xajhl4nsj39adjh"; + }; + +in + +stdenv.mkDerivation rec { + name = "chaps-0.42-6812"; + version = "0.42-6812"; + + src = fetchgit { + url = "https://github.com/google/chaps-linux"; + rev = "989aadc45cdb216ca35b0c97d13fc691576fa1d7"; + sha256 = "0chk6pnn365d5kcz6vfqx1d0383ksk97icc0lzg0vvb0kvyj0ff1"; + }; + + # readdir_r(3) is deprecated in glibc >= 2.24 + NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + + patches = [ ./fix_absolute_path.patch ./fix_environment_variables.patch ./fix_scons.patch ./insert_prefetches.patch ]; + + postPatch = '' + substituteInPlace makefile --replace @@NIXOS_SRC_CHROMEBASE@@ ${src_chromebase} + substituteInPlace makefile --replace @@NIXOS_SRC_GMOCK@@ ${src_gmock} + substituteInPlace makefile --replace @@NIXOS_SRC_PLATFORM2@@ ${src_platform2} + substituteInPlace makefile --replace @@NIXOS_LEVELDB@@ ${leveldb} + ''; + + nativeBuildInputs = [ unzip scons pkgconfig ]; + + buildInputs = [ trousers glib dbus_cplusplus dbus protobuf openssl snappy leveldb pam ]; + + buildPhase = '' + make build + ''; + + installPhase = '' + mkdir -p $out/bin + cp ${name}/out/chapsd $out/bin/. + cp ${name}/out/chaps_client $out/bin/. + + mkdir -p $out/lib + cp ${name}/out/libchaps.so.* $out/lib/. + mkdir -p $out/lib/security + cp ${name}/out/pam_chaps.so $out/lib/security/. + + mkdir -p $out/include + cp -r ${name}/out/chaps $out/include/. + + mkdir -p $out/etc/dbus-1/system.d + cp ${name}/out/org.chromium.Chaps.conf $out/etc/dbus-1/system.d/. + mkdir -p $out/etc/dbus-1/system-services + cp ${name}/platform2/chaps/org.chromium.Chaps.service $out/etc/dbus-1/system-services/. + + mkdir -p $out/usr/share/pam-configs/chaps + mkdir -p $out/usr/share/man/man8 + cp ${name}/man/* $out/usr/share/man/man8/. + ''; + + meta = with stdenv.lib; { + description = "PKCS #11 implementation based on trusted platform module (TPM)"; + homepage = https://www.chromium.org/developers/design-documents/chaps-technical-design; + maintainers = [ maintainers.tstrobel ]; + platforms = [ "x86_64-linux" ]; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch b/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch new file mode 100644 index 000000000000..7dbd60c73c42 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch @@ -0,0 +1,18 @@ +diff --git a/patches/platform2/fix_echo.patch b/patches/platform2/fix_echo.patch +new file mode 100644 +index 0000000..d2272f6 +--- /dev/null ++++ b/patches/platform2/fix_echo.patch +@@ -0,0 +1,12 @@ ++diff -uNr platform2/common-mk/common.mk platform2-new/common-mk/common.mk ++--- platform2/common-mk/common.mk 2015-07-03 12:07:47.482745292 +0200 +++++ platform2-new/common-mk/common.mk 2015-07-03 12:08:16.868600569 +0200 ++@@ -263,7 +263,7 @@ ++ $(eval $(call override_var,STRIP,strip)) ++ ++ RMDIR ?= rmdir ++-ECHO = /bin/echo -e +++ECHO = echo -e ++ ++ ifeq ($(lastword $(subst /, ,$(CC))),clang) ++ CDRIVER = clang diff --git a/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch b/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch new file mode 100644 index 000000000000..2d7ee0d9a734 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch @@ -0,0 +1,42 @@ +diff --git a/extrasrc/Makefile b/extrasrc/Makefile +index fb95845..77125c0 100644 +--- a/extrasrc/Makefile ++++ b/extrasrc/Makefile +@@ -10,11 +10,11 @@ OUTDIR=$(SRCDIR)/out + GMOCK_DIR=$(SRCDIR)/gmock-$(GMOCK_VER) + GTEST_DIR=$(GMOCK_DIR)/gtest + +-INCLUDES="-I$(SRCDIR)/include -I$(SRCDIR)/platform2/libchromeos -isystem $(GTEST_DIR)/include -I$(GMOCK_DIR)/include -I$(SRCDIR)/leveldb/include" ++INCLUDES="-I$(SRCDIR)/include -I$(SRCDIR)/platform2/libchromeos -isystem $(GTEST_DIR)/include -I$(GMOCK_DIR)/include -I$(SRCDIR)/leveldb/include $(NIX_LDFLAG) $(NIX_CFLAGS_COMPILE)" + + # To build Chaps, defer to platform2/chaps/Makefile + all: libchrome-$(BASE_VER).a libchromeos-$(BASE_VER).a | out +- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) ++ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) + + # To build required Chromium components, defer to scons file. + libchrome-$(BASE_VER).a: +@@ -38,7 +38,7 @@ out/libgmock.a: out/gmock-all.o + ar -rv $@ $< + + test: out/libgtest.a out/libgmock.a libchrome-$(BASE_VER).a libchromeos-$(BASE_VER).a | out +- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) LDLIBS="-L$(OUTDIR)" OUT=$(OUTDIR) $(MAKE) tests ++ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) LDLIBS="-L$(OUTDIR)" OUT=$(OUTDIR) $(MAKE) tests + + clean: clean_chaps clean_chromeos clean_chromebase clean_gmock clean_debian + clean_gmock: +@@ -49,7 +49,7 @@ clean_chromebase: + clean_chromeos: + -BASE_VER=$(BASE_VER) scons -f Sconstruct.libchromeos -c + clean_chaps: +- -cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) $(MAKE) clean ++ -cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) $(MAKE) clean + rm -rf out + clean_debian: + dh_clean +@@ -64,4 +64,4 @@ install_man: + $(INSTALL) -m 0644 -D man/chapsd.8 $(MANDIR)/man8/chapsd.8 + $(INSTALL) -m 0644 -D man/chaps_client.8 $(MANDIR)/man8/chaps_client.8 + install: install_man +- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) install_files ++ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) install_files diff --git a/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch b/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch new file mode 100644 index 000000000000..54843453c868 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch @@ -0,0 +1,26 @@ +diff --git a/extrasrc/Sconstruct.libchrome b/extrasrc/Sconstruct.libchrome +index 4feb76d..311fe8a 100644 +--- a/extrasrc/Sconstruct.libchrome ++++ b/extrasrc/Sconstruct.libchrome +@@ -103,7 +103,7 @@ base_lib = { + 'pc_libs' : 'glib-2.0', + } + +-env = Environment() ++env = Environment(ENV = os.environ) + + BASE_VER = os.environ.get('BASE_VER', '0') + GTEST_DIR = os.environ.get('GTEST_DIR', '0') +diff --git a/extrasrc/Sconstruct.libchromeos b/extrasrc/Sconstruct.libchromeos +index 1da6001..66f9acb 100644 +--- a/extrasrc/Sconstruct.libchromeos ++++ b/extrasrc/Sconstruct.libchromeos +@@ -18,7 +18,7 @@ base_lib = { + 'pc_libs' : 'dbus-c++-1', + } + +-env = Environment() ++env = Environment(ENV = os.environ) + + PKG_CONFIG = os.environ.get('PKG_CONFIG', 'pkg-config') + BASE_VER = os.environ.get('BASE_VER', '0') diff --git a/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch b/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch new file mode 100644 index 000000000000..8b8449a6e661 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch @@ -0,0 +1,51 @@ +diff --git a/makefile b/makefile +index b6865f3..c14f5ec 100644 +--- a/makefile ++++ b/makefile +@@ -53,8 +53,8 @@ $(SRCDIR)/include/trousers/scoped_tss_type.h: extrasrc/scoped_tss_type.h | $(SRC + cp $< $@ + # Chromium includes <leveldb/memenv.h>. This requires an install of libleveldb-dev that has + # memenv support included; move this into a local leveldb/ subdirectory +-$(SRCDIR)/include/leveldb/memenv.h: /usr/include/leveldb/helpers/memenv.h | $(SRCDIR)/include/leveldb +- cp $< $@ ++$(SRCDIR)/include/leveldb/memenv.h: $(SRCDIR)/include/leveldb ++ cp @@NIXOS_LEVELDB@@/include/leveldb/helpers/memenv.h $@ + # Chromium includes <include/testing/gtest/include/gtest/gtest_prod.h>, so have a local copy. + $(SRCDIR)/include/testing/gtest/include/gtest/gtest_prod.h: extrasrc/gtest_prod.h | $(SRCDIR)/include/testing/gtest/include/gtest + cp $< $@ +@@ -80,7 +80,7 @@ GMOCK_DIR=$(SRCDIR)/gmock-$(GMOCK_VERSION) + GTEST_DIR=$(GMOCK_DIR)/gtest + src_gmock: $(GMOCK_DIR)/LICENSE + $(GMOCK_DIR)/LICENSE: | $(SRCDIR) +- cd $(SRCDIR) && wget $(GMOCK_URL) ++ cd $(SRCDIR) && cp @@NIXOS_SRC_GMOCK@@ gmock-$(GMOCK_VERSION).zip && chmod +w gmock-$(GMOCK_VERSION).zip + cd $(SRCDIR) && unzip -q gmock-$(GMOCK_VERSION).zip + rm $(SRCDIR)/gmock-$(GMOCK_VERSION).zip + touch $@ +@@ -107,8 +107,7 @@ src_chromebase: $(SRCDIR)/base/base64.h + $(SRCDIR)/base: | $(SRCDIR) + mkdir -p $@ + $(SRCDIR)/base/base64.h: | $(SRCDIR)/base +- git clone $(CHROMEBASE_GIT) $(SRCDIR)/base +- cd $(SRCDIR)/base && git checkout $(CHROMEBASE_COMMIT) ++ cp -r @@NIXOS_SRC_CHROMEBASE@@/. $(SRCDIR)/base && chmod -R +w $(SRCDIR)/base + + # We need two subdirectories from the platform2 repository from ChromiumOS: + # - chaps/ for the Chaps source code +@@ -119,14 +118,8 @@ $(SRCDIR)/platform2: + PLATFORM2_GIT=https://chromium.googlesource.com/chromiumos/platform2 + PATCHES=$(wildcard $(CURDIR)/patches/platform2/*.patch) + $(SRCDIR)/platform2/chaps/Makefile: | $(SRCDIR)/platform2 +- cd $(SRCDIR)/platform2 && git init . && git remote add -f origin $(PLATFORM2_GIT) +- cd $(SRCDIR)/platform2 && git config core.sparsecheckout true +- cd $(SRCDIR)/platform2 && echo "chaps" > .git/info/sparse-checkout +- cd $(SRCDIR)/platform2 && echo "libchromeos/chromeos" >> .git/info/sparse-checkout +- cd $(SRCDIR)/platform2 && echo "common-mk/common.mk" >> .git/info/sparse-checkout +- cd $(SRCDIR)/platform2 && git pull origin master +- cd $(SRCDIR)/platform2 && git checkout $(CROS_BRANCH) +- cd $(SRCDIR)/platform2 && if [ ! -z "$(PATCHES)" ]; then git am $(PATCHES); fi ++ cd $(SRCDIR)/platform2 && cp -r @@NIXOS_SRC_PLATFORM2@@/. . && chmod -R +w $(SRCDIR)/platform2 ++ cd $(SRCDIR)/platform2 && if [ ! -z "$(PATCHES)" ]; then patch -p1 < $(PATCHES); fi + + + # Copy man pages diff --git a/nixpkgs/pkgs/tools/security/chipsec/default.nix b/nixpkgs/pkgs/tools/security/chipsec/default.nix new file mode 100644 index 000000000000..a32752f8b231 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chipsec/default.nix @@ -0,0 +1,40 @@ +{ stdenv, lib, fetchFromGitHub, python27Packages, nasm, libelf +, kernel ? null, withDriver ? false }: +python27Packages.buildPythonApplication rec { + name = "chipsec-${version}"; + version = "1.3.7"; + + src = fetchFromGitHub { + owner = "chipsec"; + repo = "chipsec"; + rev = version; + sha256 = "00hwhi5f24y429zazhm77l1pp31q7fmx7ks3sfm6d16v89zbcp9a"; + }; + + nativeBuildInputs = [ + nasm libelf + ]; + + setupPyBuildFlags = lib.optional (!withDriver) "--skip-driver"; + + checkPhase = "python setup.py build " + + lib.optionalString (!withDriver) "--skip-driver " + + "test"; + + KERNEL_SRC_DIR = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + + meta = with stdenv.lib; { + description = "Platform Security Assessment Framework"; + longDescription = '' + CHIPSEC is a framework for analyzing the security of PC platforms + including hardware, system firmware (BIOS/UEFI), and platform components. + It includes a security test suite, tools for accessing various low level + interfaces, and forensic capabilities. It can be run on Windows, Linux, + Mac OS X and UEFI shell. + ''; + license = licenses.gpl2; + homepage = https://github.com/chipsec/chipsec; + maintainers = with maintainers; [ johnazoidberg ]; + platforms = if withDriver then [ "x86_64-linux" ] else platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chkrootkit/default.nix b/nixpkgs/pkgs/tools/security/chkrootkit/default.nix new file mode 100644 index 000000000000..1d85ba0b5669 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chkrootkit/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "chkrootkit-0.53"; + + src = fetchurl { + url = "ftp://ftp.pangeia.com.br/pub/seg/pac/${name}.tar.gz"; + sha256 = "1da5ry3p7jb6xs6xlfml1ly09q2rs5q6n5axif17d29k7gixlqkj"; + }; + + # TODO: a lazy work-around for linux build failure ... + makeFlags = [ "STATIC=" ]; + + postPatch = '' + substituteInPlace chkrootkit \ + --replace " ./" " $out/bin/" + ''; + + installPhase = '' + mkdir -p $out/sbin + cp check_wtmpx chkdirs chklastlog chkproc chkrootkit chkutmp chkwtmp ifpromisc strings-static $out/sbin + ''; + + meta = with stdenv.lib; { + description = "Locally checks for signs of a rootkit"; + homepage = http://www.chkrootkit.org/; + license = licenses.bsd2; + platforms = with platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch b/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch new file mode 100644 index 000000000000..9c379adb7dfb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch @@ -0,0 +1,25 @@ +diff -urN chntpw-140201.orig/Makefile chntpw-140201/Makefile +--- chntpw-140201.orig/Makefile 2014-02-01 20:54:37.000000000 +0400 ++++ chntpw-140201/Makefile 2014-08-03 20:26:56.497161881 +0400 +@@ -12,14 +12,13 @@ + + CC=gcc + +-# Force 32 bit +-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 +-OSSLLIB=$(OSSLPATH)/lib +- +-# 64 bit if default for compiler setup +-#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall +-#OSSLLIB=$(OSSLPATH)/lib64 +- ++ifeq '$(shell gcc -dumpmachine)' 'x86_64-unknown-linux-gnu' ++ CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall ++ OSSLLIB=$(OSSLPATH)/lib64 ++else ifeq '$(shell gcc -dumpmachine)' 'i686-unknown-linux-gnu' ++ CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 ++ OSSLLIB=$(OSSLPATH)/lib ++endif + + # This is to link with whatever we have, SSL crypto lib we put in static + #LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a diff --git a/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch b/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch new file mode 100644 index 000000000000..d3163a026f91 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch @@ -0,0 +1,26 @@ +diff -urN chntpw-140201.orig/Makefile chntpw-140201/Makefile +--- chntpw-140201.orig/Makefile 2014-08-03 20:26:56.497161881 +0400 ++++ chntpw-140201/Makefile 2014-08-04 12:57:16.563818342 +0400 +@@ -10,6 +10,8 @@ + OSSLPATH=/usr + OSSLINC=$(OSSLPATH)/include + ++PREFIX ?= /usr ++ + CC=gcc + + ifeq '$(shell gcc -dumpmachine)' 'x86_64-unknown-linux-gnu' +@@ -24,8 +26,12 @@ + #LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a + LIBS=-L$(OSSLLIB) + ++BINARIES := chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static + +-all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static ++all: $(BINARIES) ++install: $(BINARIES) ++ mkdir -p $(PREFIX)/bin ++ cp $^ $(PREFIX)/bin + + chntpw: chntpw.o ntreg.o edlib.o libsam.o + $(CC) $(CFLAGS) -o chntpw chntpw.o ntreg.o edlib.o libsam.o $(LIBS) diff --git a/nixpkgs/pkgs/tools/security/chntpw/default.nix b/nixpkgs/pkgs/tools/security/chntpw/default.nix new file mode 100644 index 000000000000..602c0d60a5f1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chntpw/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + name = "chntpw-${version}"; + + version = "140201"; + + src = fetchurl { + url = "http://pogostick.net/~pnh/ntpasswd/chntpw-source-${version}.zip"; + sha256 = "1k1cxsj0221dpsqi5yibq2hr7n8xywnicl8yyaicn91y8h2hkqln"; + }; + + buildInputs = [ unzip ] + ++ stdenv.lib.optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; + + patches = [ + ./00-chntpw-build-arch-autodetect.patch + ./01-chntpw-install-target.patch + ]; + + installPhase = '' + make install PREFIX=$out + ''; + + meta = with stdenv.lib; { + homepage = http://pogostick.net/~pnh/ntpasswd/; + description = "An utility to reset the password of any user that has a valid local account on a Windows system"; + maintainers = with stdenv.lib.maintainers; [ deepfire ]; + license = licenses.gpl2; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix b/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix new file mode 100644 index 000000000000..2dc9336bb329 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub, qmake, pcsclite, pkgconfig, opensc }: + +stdenv.mkDerivation rec { + name = "chrome-token-signing-${version}"; + version = "1.0.7"; + + src = fetchFromGitHub { + owner = "open-eid"; + repo = "chrome-token-signing"; + rev = "v${version}"; + sha256 = "1icbr5gyf7qqk1qjgcrf6921ws84j5h8zrpzw5mirq4582l5gsav"; + }; + + buildInputs = [ qmake pcsclite pkgconfig ]; + dontUseQmakeConfigure = true; + + patchPhase = '' + substituteInPlace host-linux/ee.ria.esteid.json --replace /usr $out + # TODO: macos + substituteInPlace host-shared/PKCS11Path.cpp \ + --replace opensc-pkcs11.so ${opensc}/lib/pkcs11/opensc-pkcs11.so + ''; + + installPhase = '' + install -D -t $out/bin host-linux/chrome-token-signing + # TODO: wire these up + install -D -t $out/etc/chromium/native-messaging-hosts host-linux/ee.ria.esteid.json + install -D -t $out/lib/mozilla/native-messaging-hosts host-linux/ff/ee.ria.esteid.json + ''; +} diff --git a/nixpkgs/pkgs/tools/security/cipherscan/default.nix b/nixpkgs/pkgs/tools/security/cipherscan/default.nix new file mode 100644 index 000000000000..a4afa772d10e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cipherscan/default.nix @@ -0,0 +1,41 @@ +{ stdenv, lib, fetchFromGitHub, openssl, makeWrapper, python, coreutils }: + +stdenv.mkDerivation rec { + name = "cipherscan-${version}"; + version = "2016-08-16"; + + src = fetchFromGitHub { + owner = "mozilla"; + repo = "cipherscan"; + rev = "74dd82e8ad994a140daf79489d3bd1c5ad928d38"; + sha256 = "16azhlmairnvdz7xmwgvfpn2pzw1p8z7c9b27m07fngqjkpx0mhh"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ python ]; + + buildPhase = '' + substituteInPlace cipherscan --replace '$0' 'cipherscan' + ''; + + installPhase = '' + mkdir -p $out/bin + + cp cipherscan $out/bin + cp openssl.cnf $out/bin + cp analyze.py $out/bin/cipherscan-analyze + + wrapProgram $out/bin/cipherscan \ + --set NOAUTODETECT 1 \ + --set TIMEOUTBIN "${coreutils}/bin/timeout" \ + --set OPENSSLBIN "${openssl}/bin/openssl" + ''; + + meta = with lib; { + inherit (src.meta) homepage; + description = "Very simple way to find out which SSL ciphersuites are supported by a target"; + license = licenses.mpl20; + platforms = platforms.all; + maintainers = with maintainers; [ cstrahan fpletz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/clamav/default.nix b/nixpkgs/pkgs/tools/security/clamav/default.nix new file mode 100644 index 000000000000..4d9beb654ece --- /dev/null +++ b/nixpkgs/pkgs/tools/security/clamav/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchurl, pkgconfig +, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2 +, libmspack, systemd +}: + +stdenv.mkDerivation rec { + name = "clamav-${version}"; + version = "0.101.2"; + + src = fetchurl { + url = "https://www.clamav.net/downloads/production/${name}.tar.gz"; + sha256 = "0d3n4y8i5q594h4cjglmvpk4jd73r9ajpp1bvq5lr9zpdzgyn4ha"; + }; + + # don't install sample config files into the absolute sysconfdir folder + postPatch = '' + substituteInPlace Makefile.in --replace ' etc ' ' ' + ''; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack + systemd + ]; + + configureFlags = [ + "--libdir=$(out)/lib" + "--sysconfdir=/etc/clamav" + "--with-systemdsystemunitdir=$(out)/lib/systemd" + "--disable-llvm" # enabling breaks the build at the moment + "--with-zlib=${zlib.dev}" + "--with-xml=${libxml2.dev}" + "--with-openssl=${openssl.dev}" + "--with-libcurl=${curl.dev}" + "--with-system-libmspack" + "--enable-milter" + ]; + + postInstall = '' + mkdir $out/etc + cp etc/*.sample $out/etc + ''; + + meta = with stdenv.lib; { + homepage = https://www.clamav.net; + description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats"; + license = licenses.gpl2; + maintainers = with maintainers; [ phreedom robberer qknight fpletz ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cowpatty/default.nix b/nixpkgs/pkgs/tools/security/cowpatty/default.nix new file mode 100644 index 000000000000..c5ace5d2e8c4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cowpatty/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl, openssl, libpcap +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + name = "cowpatty-${version}"; + version = "4.6"; + + buildInputs = [ openssl libpcap ]; + + src = fetchurl { + url = "http://www.willhackforsushi.com/code/cowpatty/${version}/${name}.tgz"; + sha256 = "1hivh3bq2maxvqzwfw06fr7h8bbpvxzah6mpibh3wb85wl9w2gyd"; + }; + + installPhase = "make DESTDIR=$out BINDIR=/bin install"; + + meta = { + description = "Offline dictionary attack against WPA/WPA2 networks"; + license = licenses.gpl2; + homepage = https://www.willhackforsushi.com/?page_id=50; + maintainers = with maintainers; [ nico202 ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/crackxls/default.nix b/nixpkgs/pkgs/tools/security/crackxls/default.nix new file mode 100644 index 000000000000..2a88e4462b6d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/crackxls/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchgit, pkgconfig, autoconf, automake, openssl, libgsf, gmp }: + +stdenv.mkDerivation rec { + + name = "crackxls-${version}"; + version = "0.4"; + + src = fetchgit { + url = https://github.com/GavinSmith0123/crackxls2003.git; + rev = "refs/tags/v${version}"; + sha256 = "0q5jl7hcds3f0rhly3iy4fhhbyh9cdrfaw7zdrazzf1wswwhyssz"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ autoconf automake openssl libgsf gmp ]; + + installPhase = + '' + mkdir -p $out/bin + cp crackxls2003 $out/bin/ + ''; + + meta = with stdenv.lib; { + homepage = https://github.com/GavinSmith0123/crackxls2003/; + description = "Used to break the encryption on old Microsoft Excel and Microsoft Word files"; + platforms = platforms.linux; + license = licenses.gpl3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/crunch/default.nix b/nixpkgs/pkgs/tools/security/crunch/default.nix new file mode 100644 index 000000000000..3e94d52fc5fc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/crunch/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, which }: + +stdenv.mkDerivation rec { + name = "crunch-${version}"; + version = "3.6"; + + src = fetchurl { + url = "mirror://sourceforge/crunch-wordlist/${name}.tgz"; + sha256 = "0mgy6ghjvzr26yrhj1bn73qzw6v9qsniskc5wqq1kk0hfhy6r3va"; + }; + + buildInputs = [ which ]; + + preBuild = '' + substituteInPlace Makefile \ + --replace '-g root -o root' "" \ + --replace '-g wheel -o root' "" \ + --replace 'sudo ' "" + ''; + + makeFlags = "PREFIX=$(out)"; + + meta = with stdenv.lib; { + description = "Wordlist generator"; + homepage = https://sourceforge.net/projects/crunch-wordlist/; + platforms = platforms.unix; + maintainers = with maintainers; [ lethalman lnl7 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ctmg/default.nix b/nixpkgs/pkgs/tools/security/ctmg/default.nix new file mode 100644 index 000000000000..1e0618412210 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ctmg/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchzip }: + +stdenv.mkDerivation rec { + name = "ctmg-${version}"; + version = "1.2"; + + src = fetchzip { + url = "https://git.zx2c4.com/ctmg/snapshot/ctmg-${version}.tar.xz"; + sha256 = "1i4v8sriwjrmj3yizbl1ysckb711yl9qsn9x45jq0ij1apsydhyc"; + }; + + installPhase = "install -D ctmg.sh $out/bin/ctmg"; + + meta = with stdenv.lib; { + description = "An encrypted container manager for Linux using cryptsetup"; + homepage = https://git.zx2c4.com/ctmg/about/; + license = licenses.isc; + maintainers = with maintainers; [ mrVanDalo ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/default.nix b/nixpkgs/pkgs/tools/security/default.nix new file mode 100644 index 000000000000..c5987d37889c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/default.nix @@ -0,0 +1,28 @@ +{ stdenv, pkgs }: + +stdenv.mkDerivation rec { + version = "0.0.1"; + name = "ecdsatool-${version}"; + + src = pkgs.fetchFromGitHub { + owner = "kaniini"; + repo = "ecdsatool"; + rev = "7c0b2c51e2e64d1986ab1dc2c57c2d895cc00ed1"; + sha256 = "08z9309znkhrjpwqd4ygvm7cd1ha1qbrnlzw64fr8704jrmx762k"; + }; + + configurePhase = '' + ./autogen.sh + ./configure --prefix=$out + ''; + + nativeBuildInputs = with pkgs; [openssl autoconf automake]; + buildInputs = with pkgs; [libuecc]; + + meta = with stdenv.lib; { + description = "Create and manipulate ECC NISTP256 keypairs."; + homepage = https://github.com/kaniini/ecdsatool/; + license = with licenses; [free]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/diceware/default.nix b/nixpkgs/pkgs/tools/security/diceware/default.nix new file mode 100644 index 000000000000..1c3d5f1d465f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/diceware/default.nix @@ -0,0 +1,31 @@ +{ lib +, pythonPackages +}: + +with pythonPackages; + +buildPythonApplication rec { + pname = "diceware"; + version = "0.9.6"; + + src = fetchPypi { + inherit pname version; + sha256 = "0klb0ysybzlh2wihvir82hgq62v0jjmlcqklwajyms7c0p529yby"; + }; + + nativeBuildInputs = [ pytestrunner ]; + + checkInputs = [ coverage pytest ]; + + # see https://github.com/ulif/diceware/commit/a7d844df76cd4b95a717f21ef5aa6167477b6733 + checkPhase = '' + py.test -m 'not packaging' + ''; + + meta = with lib; { + description = "Generates passphrases by concatenating words randomly picked from wordlists"; + homepage = https://github.com/ulif/diceware; + license = licenses.gpl3; + maintainers = with maintainers; [ asymmetric ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dirmngr/default.nix b/nixpkgs/pkgs/tools/security/dirmngr/default.nix new file mode 100644 index 000000000000..ee97bda19064 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dirmngr/default.nix @@ -0,0 +1,17 @@ +{ stdenv, fetchurl, libgpgerror, libgcrypt, libassuan, libksba, pth, openldap +, libiconv}: + +stdenv.mkDerivation rec { + name = "dirmngr-1.1.1"; + src = fetchurl { + url = "mirror://gnupg/dirmngr/${name}.tar.bz2"; + sha256 = "1zz6m87ca55nq5f59hzm6qs48d37h93il881y7d0rf2d6660na6j"; + }; + buildInputs = [ libgpgerror libgcrypt libassuan libksba + pth openldap libiconv ]; + + meta = { + platforms = stdenv.lib.platforms.unix; + license = stdenv.lib.licenses.gpl2Plus; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dnsenum/default.nix b/nixpkgs/pkgs/tools/security/dnsenum/default.nix new file mode 100644 index 000000000000..d764e8a71ae6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dnsenum/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, makeWrapper, perl, perlPackages }: + +stdenv.mkDerivation rec { + pname = "dnsenum"; + version = "1.2.4.2"; + + src = fetchFromGitHub { + owner = "fwaeytens"; + repo = pname; + rev = version; + sha256 = "1bg1ljv6klic13wq4r53bg6inhc74kqwm3w210865b1v1n8wj60v"; + }; + + propagatedBuildInputs = with perlPackages; [ + perl NetDNS NetIP NetNetmask StringRandom XMLWriter NetWhoisIP WWWMechanize + ]; + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + install -vD dnsenum.pl $out/bin/dnsenum + install -vD dns.txt -t $out/share + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/fwaeytens/dnsenum"; + description = "A tool to enumerate DNS information"; + maintainers = with maintainers; [ c0bw3b globin ]; + license = licenses.gpl2Plus; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dnsrecon/default.nix b/nixpkgs/pkgs/tools/security/dnsrecon/default.nix new file mode 100644 index 000000000000..06270723f4d0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dnsrecon/default.nix @@ -0,0 +1,44 @@ +{ stdenv, fetchFromGitHub, python3 }: + +python3.pkgs.buildPythonApplication rec { + pname = "dnsrecon"; + version = "0.9.1"; + + src = fetchFromGitHub { + owner = "darkoperator"; + repo = pname; + rev = version; + sha256 = "1ysf8wx287psfk89r0i2vgnrjvxdj44s6nhf6sva59jbwvr9lghy"; + }; + + format = "other"; + + pythonPath = with python3.pkgs; [ + dns netaddr lxml + ]; + + postPatch = '' + substituteInPlace dnsrecon.py \ + --replace "namelist.txt" "../share/namelist.txt" \ + --replace "0.9.0" "${version}" + ''; + + installPhase = '' + runHook preInstall + + install -vD dnsrecon.py $out/bin/dnsrecon + install -vD namelist.txt subdomains-*.txt -t $out/share + install -vd $out/${python3.sitePackages}/ + cp -R lib tools msf_plugin $out/${python3.sitePackages} + + runHook postInstall + ''; + + meta = with stdenv.lib; { + description = "DNS Enumeration Script"; + homepage = "https://github.com/darkoperator/dnsrecon"; + license = licenses.gpl2; + platforms = platforms.all; + maintainers = with maintainers; [ c0bw3b globin ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/doas/default.nix b/nixpkgs/pkgs/tools/security/doas/default.nix new file mode 100644 index 000000000000..55335927b36a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/doas/default.nix @@ -0,0 +1,31 @@ +{ stdenv, lib, fetchFromGitHub, bison, pam }: + +stdenv.mkDerivation rec { + name = "doas-${version}"; + + version = "6.0"; + + src = fetchFromGitHub { + owner = "Duncaen"; + repo = "OpenDoas"; + rev = "v${version}"; + sha256 = "1j50l3jvbgvg8vmp1nx6vrjxkbj5bvfh3m01bymzfn25lkwwhz1x"; + }; + + # otherwise confuses ./configure + dontDisableStatic = true; + + postPatch = '' + sed -i '/\(chown\|chmod\)/d' bsd.prog.mk + ''; + + buildInputs = [ bison pam ]; + + meta = with lib; { + description = "Executes the given command as another user"; + homepage = "https://github.com/Duncaen/OpenDoas"; + license = licenses.isc; + platforms = platforms.linux; + maintainers = with maintainers; [ cstrahan ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/duo-unix/default.nix b/nixpkgs/pkgs/tools/security/duo-unix/default.nix new file mode 100644 index 000000000000..10e2138494e5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/duo-unix/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl, pam, openssl, zlib }: + +stdenv.mkDerivation rec { + name = "duo-unix-${version}"; + version = "1.11.2"; + + src = fetchurl { + url = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz"; + sha256 = "11467kk8blg777vss0hsgz6k8f5m43p50zqs7yhx2sgbh9ygnn6y"; + }; + + buildInputs = [ pam openssl zlib ]; + configureFlags = + [ "--with-pam=$(out)/lib/security" + "--prefix=$(out)" + "--sysconfdir=$(out)/etc/duo" + "--with-openssl=${openssl.dev}" + "--enable-lib64=no" + ]; + + meta = { + description = "Duo Security Unix login integration"; + homepage = "https://duosecurity.com"; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ecdsautils/default.nix b/nixpkgs/pkgs/tools/security/ecdsautils/default.nix new file mode 100644 index 000000000000..48a713287b8b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ecdsautils/default.nix @@ -0,0 +1,24 @@ +{ stdenv, pkgs }: + +stdenv.mkDerivation rec { + version = "0.4.0"; + name = "ecdsautils-${version}"; + + src = pkgs.fetchFromGitHub { + owner = "freifunk-gluon"; + repo = "ecdsautils"; + rev = "07538893fb6c2a9539678c45f9dbbf1e4f222b46"; + sha256 = "18sr8x3qiw8s9l5pfi7r9i3ayplz4jqdml75ga9y933vj7vs0k4d"; + }; + + nativeBuildInputs = with pkgs; [ cmake pkgconfig doxygen ]; + buildInputs = with pkgs; [ libuecc ]; + + meta = with stdenv.lib; { + description = "Tiny collection of programs used for ECDSA (keygen, sign, verify)"; + homepage = https://github.com/tcatm/ecdsautils/; + license = with licenses; [ mit bsd2 ]; + maintainers = with maintainers; [ andir ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ecryptfs/default.nix b/nixpkgs/pkgs/tools/security/ecryptfs/default.nix new file mode 100644 index 000000000000..d0d01761c246 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ecryptfs/default.nix @@ -0,0 +1,60 @@ +{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python2, pam +, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }: + +stdenv.mkDerivation rec { + name = "ecryptfs-${version}"; + version = "111"; + + src = fetchurl { + url = "https://launchpad.net/ecryptfs/trunk/${version}/+download/ecryptfs-utils_${version}.orig.tar.gz"; + sha256 = "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i"; + }; + + # TODO: replace wrapperDir below with from <nixos> config.security.wrapperDir; + wrapperDir = "/run/wrappers/bin"; + + postPatch = '' + FILES="$(grep -r '/bin/sh' src/utils -l; find src -name \*.c)" + for file in $FILES; do + substituteInPlace "$file" \ + --replace /bin/mount ${utillinux}/bin/mount \ + --replace /bin/umount ${utillinux}/bin/umount \ + --replace /sbin/mount.ecryptfs_private ${wrapperDir}/mount.ecryptfs_private \ + --replace /sbin/umount.ecryptfs_private ${wrapperDir}/umount.ecryptfs_private \ + --replace /sbin/mount.ecryptfs $out/sbin/mount.ecryptfs \ + --replace /sbin/umount.ecryptfs $out/sbin/umount.ecryptfs \ + --replace /usr/bin/ecryptfs-rewrite-file $out/bin/ecryptfs-rewrite-file \ + --replace /usr/bin/ecryptfs-mount-private $out/bin/ecryptfs-mount-private \ + --replace /usr/bin/ecryptfs-setup-private $out/bin/ecryptfs-setup-private \ + --replace /sbin/cryptsetup ${cryptsetup}/sbin/cryptsetup \ + --replace /sbin/dmsetup ${lvm2}/sbin/dmsetup \ + --replace /sbin/unix_chkpwd ${wrapperDir}/unix_chkpwd \ + --replace /bin/bash ${bash}/bin/bash + done + ''; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ perl nss nspr python2 pam intltool makeWrapper ]; + propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ]; + + postInstall = '' + FILES="$(grep -r '/bin/sh' $out/bin -l)" + for file in $FILES; do + wrapProgram $file \ + --prefix PATH ":" "${coreutils}/bin" \ + --prefix PATH ":" "${gettext}/bin" \ + --prefix PATH ":" "${rsync}/bin" \ + --prefix PATH ":" "${keyutils}/bin" \ + --prefix PATH ":" "${which}/bin" \ + --prefix PATH ":" "${lsof}/bin" \ + --prefix PATH ":" "$out/bin" + done + ''; + + meta = with stdenv.lib; { + description = "Enterprise-class stacked cryptographic filesystem"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ obadz ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix b/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix new file mode 100644 index 000000000000..40a728f6cb1a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix @@ -0,0 +1,35 @@ +{ stdenv +, fetchurl +, makeWrapper +, python2 +}: + +stdenv.mkDerivation rec { + name = pname + "-" + version; + pname = "ecryptfs-helper"; + version = "20160722"; + + src = fetchurl { + url = "https://gist.githubusercontent.com/obadz/ec053fdb00dcb48441d8313169874e30/raw/4b657a4b7c3dc684e4d5e3ffaf46ced1b7675163/ecryptfs-helper.py"; + sha256 = "0gp4m22zc80814ng80s38hp930aa8r4zqihr7jr23m0m2iq4pdpg"; + }; + + phases = [ "installPhase" ]; + + buildInputs = [ makeWrapper ]; + + # Do not hardcode PATH to ${ecryptfs} as we need the script to invoke executables from /run/wrappers/bin + installPhase = '' + mkdir -p $out/bin $out/libexec + cp $src $out/libexec/ecryptfs-helper.py + makeWrapper "${python2.interpreter}" "$out/bin/ecryptfs-helper" --add-flags "$out/libexec/ecryptfs-helper.py" + ''; + + meta = with stdenv.lib; { + description = "Helper script to create/mount/unemount encrypted directories using eCryptfs without needing root permissions"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ obadz ]; + platforms = platforms.linux; + hydraPlatforms = []; + }; +} diff --git a/nixpkgs/pkgs/tools/security/efitools/default.nix b/nixpkgs/pkgs/tools/security/efitools/default.nix new file mode 100644 index 000000000000..1d983cb8599a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/efitools/default.nix @@ -0,0 +1,39 @@ +{ stdenv, gnu-efi, openssl, sbsigntool, perl, perlPackages, +help2man, fetchgit }: +stdenv.mkDerivation rec { + name = "efitools-${version}"; + version = "1.9.2"; + + buildInputs = [ + gnu-efi + openssl + sbsigntool + ]; + + nativeBuildInputs = [ + perl + perlPackages.FileSlurp + help2man + ]; + + src = fetchgit { + url = "git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git"; + rev = "v${version}"; + sha256 = "0jabgl2pxvfl780yvghq131ylpf82k7banjz0ksjhlm66ik8gb1i"; + }; + + postPatch = '' + sed -i -e 's#/usr/include/efi#${gnu-efi}/include/efi/#g' Make.rules + sed -i -e 's#/usr/lib64/gnuefi#${gnu-efi}/lib/#g' Make.rules + sed -i -e 's#$(DESTDIR)/usr#$(out)#g' Make.rules + patchShebangs . + ''; + + meta = with stdenv.lib; { + description = "Tools for manipulating UEFI secure boot platforms"; + homepage = "https://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git"; + license = licenses.gpl2; + maintainers = [ maintainers.grahamc ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/eid-mw/default.nix b/nixpkgs/pkgs/tools/security/eid-mw/default.nix new file mode 100644 index 000000000000..155c63c87e13 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/eid-mw/default.nix @@ -0,0 +1,88 @@ +{ stdenv, fetchFromGitHub +, autoreconfHook, pkgconfig +, gtk3, nssTools, pcsclite +, libxml2, libproxy +, openssl, curl +, makeWrapper +, substituteAll }: + +stdenv.mkDerivation rec { + name = "eid-mw-${version}"; + version = "4.4.16"; + + src = fetchFromGitHub { + sha256 = "1q82fw63xzrnrgh1wyh457hal6vfdl6swqfq7l6kviywiwlzx7kd"; + rev = "v${version}"; + repo = "eid-mw"; + owner = "Fedict"; + }; + + nativeBuildInputs = [ autoreconfHook pkgconfig makeWrapper ]; + buildInputs = [ gtk3 pcsclite libxml2 libproxy curl openssl ]; + preConfigure = '' + mkdir openssl + ln -s ${openssl.out}/lib openssl + ln -s ${openssl.bin}/bin openssl + ln -s ${openssl.dev}/include openssl + export SSL_PREFIX=$(realpath openssl) + ''; + + postPatch = '' + sed 's@m4_esyscmd_s(.*,@[${version}],@' -i configure.ac + ''; + + configureFlags = [ "--enable-dialogs=yes" ]; + + postInstall = + let + eid-nssdb-in = substituteAll { + inherit (stdenv) shell; + isExecutable = true; + src = ./eid-nssdb.in; + }; + in + '' + install -D ${eid-nssdb-in} $out/bin/eid-nssdb + substituteInPlace $out/bin/eid-nssdb \ + --replace "modutil" "${nssTools}/bin/modutil" + + rm $out/bin/about-eid-mw + wrapProgram $out/bin/eid-viewer --prefix XDG_DATA_DIRS : "$out/share/gsettings-schemas/$name" + ''; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with stdenv.lib; { + description = "Belgian electronic identity card (eID) middleware"; + homepage = http://eid.belgium.be/en/using_your_eid/installing_the_eid_software/linux/; + license = licenses.lgpl3; + longDescription = '' + Allows user authentication and digital signatures with Belgian ID cards. + Also requires a running pcscd service and compatible card reader. + + eid-viewer is also installed. + + **TO FIX:** + The procedure below did not work for me, I had to install the .so directly in firefox as instructed at + https://eid.belgium.be/en/log-eid#7507 + and specify + /run/current-system/sw/lib/libbeidpkcs11.so + as the path to the module. + + This package only installs the libraries. To use eIDs in Firefox or + Chromium, the eID Belgium add-on must be installed. + This package only installs the libraries. To use eIDs in NSS-compatible + browsers like Chrom{e,ium} or Firefox, each user must first execute: + ~$ eid-nssdb add + (Running the script once as root with the --system option enables eID + support for all users, but will *not* work when using Chrom{e,ium}!) + Before uninstalling this package, it is a very good idea to run + ~$ eid-nssdb [--system] remove + and remove all ~/.pki and/or /etc/pki directories no longer needed. + ''; + platforms = platforms.linux; + maintainers = with maintainers; [ bfortz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in b/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in new file mode 100644 index 000000000000..636b4c1ee118 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in @@ -0,0 +1,83 @@ +#!@shell@ + +rootdb="/etc/pki/nssdb" +userdb="$HOME/.pki/nssdb" +dbentry="Belgium eID" +libfile="/run/current-system/sw/lib/libbeidpkcs11.so" + +dbdir="$userdb" + +while true; do + case "$1" in + --help|"") cat << EOF +(Un)register $dbentry with NSS-compatible browsers. + +Usage: `basename "$0"` [OPTION] ACTION [LIBRARY] + +Options: + --db PATH use custom NSS database directory PATH + --user use user NSS database $userdb (default) + --system use global NSS database $rootdb + --help show this message + +Actions: + add add $dbentry to NSS database + remove remove $dbentry from NSS database + show show $dbentry NSS database entry + +Default arguments if unspecified: + LIBRARY $libfile +EOF + exit ;; + --db) dbdir="$2" + shift 2 ;; + --user) dbdir="$userdb" + shift ;; + --system) + dbdir="$rootdb" + shift ;; + -*) echo "$0: unknown option: '$1'" >&2 + echo "Try --help for usage information." + exit 1 ;; + *) break ;; + esac +done + +if [ "$2" ]; then + libfile="$2" + if ! [ -f "$libfile" ]; then + echo "$0: error: '$libfile' not found" >&2 + exit 1 + fi +fi + +mkdir -p "$dbdir" +if ! [ -d "$dbdir" ]; then + echo "$0: error: '$dbdir' must be a writable directory" >&2 + exit 1 +fi + +dbdir="sql:$dbdir" + +echo "NSS database: $dbdir" +echo "BEID library: $libfile" + +case "$1" in +add) echo "Adding $dbentry to database:" + modutil -dbdir "$dbdir" -add "$dbentry" -libfile "$libfile" || + echo "Tip: try removing the module before adding it again." ;; +remove) echo "Removing $dbentry from database:" + modutil -dbdir "$dbdir" -delete "$dbentry" ;; +show) echo "Displaying $dbentry database entry, if any:" + echo "Note: this may fail if you don't have the correct permissions." ;; +'') exec "$0" --help ;; +*) echo "$0: unknown action: '$1'" >&2 + echo "Try --help for usage information." + exit 1 ;; +esac + +ret=$? + +modutil -dbdir "$dbdir" -list "$dbentry" 2>/dev/null + +exit $ret diff --git a/nixpkgs/pkgs/tools/security/enchive/default.nix b/nixpkgs/pkgs/tools/security/enchive/default.nix new file mode 100644 index 000000000000..8d4cc6ec3ca6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/enchive/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "enchive-${version}"; + version = "3.4"; + src = fetchFromGitHub { + owner = "skeeto"; + repo = "enchive"; + rev = version; + sha256 = "0ssxbnsjx4mvaqimp5nzfixpxinhmi12z8lxdd8cj2361wbb54yk"; + }; + + makeFlags = ["PREFIX=$(out)"]; + + postInstall = '' + mkdir -p $out/share/emacs/site-lisp/ + cp -v "$src/enchive-mode.el" "$out/share/emacs/site-lisp/" + ''; + + meta = { + description = "Encrypted personal archives"; + homepage = https://github.com/skeeto/enchive; + license = stdenv.lib.licenses.unlicense; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.nico202 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/encryptr/default.nix b/nixpkgs/pkgs/tools/security/encryptr/default.nix new file mode 100644 index 000000000000..8d0c78764319 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/encryptr/default.nix @@ -0,0 +1,57 @@ +{ stdenv, fetchurl, glib, nss, nspr, gconf, fontconfig, freetype +, pango , cairo, libX11 , libXi, libXcursor, libXext, libXfixes +, libXrender, libXcomposite , alsaLib, libXdamage, libXtst, libXrandr +, expat, libcap, systemd , dbus, gtk2 , gdk_pixbuf, libnotify +}: + +let + arch = if stdenv.hostPlatform.system == "x86_64-linux" then "amd" + else if stdenv.hostPlatform.system == "i686-linux" then "i386" + else throw "Encryptr for ${stdenv.hostPlatform.system} not supported!"; + + sha256 = if stdenv.hostPlatform.system == "x86_64-linux" then "1j3g467g7ar86hpnh6q9mf7mh2h4ia94mwhk1283zh739s2g53q2" + else if stdenv.hostPlatform.system == "i686-linux" then "02j9hg9b1jlv25q1sjfhv8d46mii33f94dj0ccn83z9z18q4y2cm" + else throw "Encryptr for ${stdenv.hostPlatform.system} not supported!"; + +in stdenv.mkDerivation rec { + name = "encryptr-${version}"; + version = "2.0.0"; + + src = fetchurl { + url = "https://spideroak.com/dist/encryptr/signed/linux/targz/encryptr-${version}_${arch}.tar.gz"; + inherit sha256; + }; + + dontBuild = true; + + rpath = stdenv.lib.makeLibraryPath [ + glib nss nspr gconf fontconfig freetype pango cairo libX11 libXi + libXcursor libXext libXfixes libXrender libXcomposite alsaLib + libXdamage libXtst libXrandr expat libcap dbus gtk2 gdk_pixbuf + libnotify stdenv.cc.cc + ]; + + installPhase = '' + mkdir -pv $out/bin $out/lib + cp -v {encryptr-bin,icudtl.dat,nw.pak} $out/bin + mv -v $out/bin/encryptr{-bin,} + cp -v lib* $out/lib + ln -sv ${systemd.lib}/lib/libudev.so.1 $out/lib/libudev.so.0 + + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + --set-rpath $out/lib:${rpath} \ + $out/bin/encryptr + ''; + + # If stripping, node-webkit does not find + # its application and shows a generic page + dontStrip = true; + + meta = with stdenv.lib; { + homepage = https://spideroak.com/solutions/encryptr; + description = "Free, private and secure password management tool and e-wallet"; + license = licenses.unfree; + maintainers = with maintainers; [ guillaumekoenig ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/enpass/data.json b/nixpkgs/pkgs/tools/security/enpass/data.json new file mode 100644 index 000000000000..a4a3b919e648 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/enpass/data.json @@ -0,0 +1,12 @@ +{ + "amd64": { + "path": "pool/main/e/enpass/enpass_6.0.1.239_amd64.deb", + "sha256": "408a2bb318564307607f13b52fec7667f425c01ac40cbe345ebfa191ab1479ba", + "version": "6.0.1.239" + }, + "i386": { + "path": "pool/main/e/enpass/enpass_5.6.9_i386.deb", + "sha256": "3f699ac3e2ecfd4afee1505d8d364d4f6b6b94c55ba989d0a80bd678ff66cb2c", + "version": "5.6.9" + } +} \ No newline at end of file diff --git a/nixpkgs/pkgs/tools/security/enpass/default.nix b/nixpkgs/pkgs/tools/security/enpass/default.nix new file mode 100644 index 000000000000..c33e433448f5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/enpass/default.nix @@ -0,0 +1,94 @@ +{ stdenv, fetchurl, dpkg, xorg +, glib, libGLU_combined, libpulseaudio, zlib, dbus, fontconfig, freetype +, gtk3, pango +, makeWrapper , python, pythonPackages, lib +, lsof, curl, libuuid, cups, mesa +}: + +let + all_data = builtins.fromJSON (builtins.readFile ./data.json); + system_map = { + # i686-linux = "i386"; Uncomment if enpass 6 becomes available on i386 + x86_64-linux = "amd64"; + }; + + data = all_data.${system_map.${stdenv.hostPlatform.system} or (throw "Unsupported platform")}; + + baseUrl = http://repo.sinew.in; + + # used of both wrappers and libpath + libPath = lib.makeLibraryPath (with xorg; [ + mesa.drivers + libGLU_combined + fontconfig + freetype + libpulseaudio + zlib + dbus + libX11 + libXi + libSM + libICE + libXrender + libXScrnSaver + libxcb + glib + gtk3 + pango + curl + libuuid + cups + ]); + package = stdenv.mkDerivation rec { + + inherit (data) version; + name = "enpass-${version}"; + + src = fetchurl { + inherit (data) sha256; + url = "${baseUrl}/${data.path}"; + }; + + meta = { + description = "a well known password manager"; + homepage = https://www.enpass.io/; + license = lib.licenses.unfree; + platforms = [ "x86_64-linux" "i686-linux"]; + }; + + buildInputs = [makeWrapper dpkg]; + phases = [ "unpackPhase" "installPhase" ]; + + unpackPhase = "dpkg -X $src ."; + installPhase='' + mkdir -p $out/bin + cp -r opt/enpass/* $out/bin + cp -r usr/* $out + + sed \ + -i s@/opt/enpass/Enpass@$out/bin/Enpass@ \ + $out/share/applications/enpass.desktop + + for i in $out/bin/{Enpass,importer_enpass}; do + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) $i + done + + # lsof must be in PATH for proper operation + wrapProgram $out/bin/Enpass \ + --set LD_LIBRARY_PATH "${libPath}" \ + --prefix PATH : ${lsof}/bin + ''; + }; + updater = { + update = stdenv.mkDerivation rec { + name = "enpass-update-script"; + SCRIPT =./update_script.py; + + buildInputs = with pythonPackages; [python requests pathlib2 six attrs ]; + shellHook = '' + exec python $SCRIPT --target pkgs/tools/security/enpass/data.json --repo ${baseUrl} + ''; + + }; + }; +in (package // {refresh = updater;}) diff --git a/nixpkgs/pkgs/tools/security/enpass/update_script.py b/nixpkgs/pkgs/tools/security/enpass/update_script.py new file mode 100644 index 000000000000..f8ec715cb5e4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/enpass/update_script.py @@ -0,0 +1,95 @@ +from __future__ import print_function + + +import argparse +import bz2 +import email +import json +import logging + +from itertools import product +from operator import itemgetter + +import attr +import pkg_resources + +from pathlib2 import Path +from requests import Session +from six.moves.urllib_parse import urljoin + + +@attr.s +class ReleaseElement(object): + sha256 = attr.ib(repr=False) + size = attr.ib(convert=int) + path = attr.ib() + +log = logging.getLogger('enpass.updater') + + +parser = argparse.ArgumentParser() +parser.add_argument('--repo') +parser.add_argument('--target', type=Path) + + +session = Session() + + +def parse_bz2_msg(msg): + msg = bz2.decompress(msg) + if '\n\n' in msg: + parts = msg.split('\n\n') + return list(map(email.message_from_string, parts)) + return email.message_from_string(msg) + + +def fetch_meta(repo, name, parse=email.message_from_string, split=False): + url = urljoin(repo, 'dists/stable', name) + response = session.get("{repo}/dists/stable/{name}".format(**locals())) + return parse(response.content) + + +def fetch_filehashes(repo, path): + meta = fetch_meta(repo, path, parse=parse_bz2_msg) + for item in meta: + yield { + 'version': pkg_resources.parse_version(str(item['Version'])), + 'path': item['Filename'], + 'sha256': item['sha256'], + } + + +def fetch_archs(repo): + m = fetch_meta(repo, 'Release') + + architectures = m['Architectures'].split() + elements = [ReleaseElement(*x.split()) for x in m['SHA256'].splitlines()] + elements = [x for x in elements if x.path.endswith('bz2')] + + for arch, elem in product(architectures, elements): + if arch in elem.path: + yield arch, max(fetch_filehashes(repo, elem.path), + key=itemgetter('version')) + + +class OurVersionEncoder(json.JSONEncoder): + def default(self, obj): + # the other way around to avoid issues with + # newer setuptools having strict/legacy versions + if not isinstance(obj, (dict, str)): + return str(obj) + return json.JSONEncoder.default(self, obj) + + +def main(repo, target): + logging.basicConfig(level=logging.DEBUG) + with target.open(mode='wb') as fp: + json.dump( + dict(fetch_archs(repo)), fp, + cls=OurVersionEncoder, + indent=2, + sort_keys=True) + + +opts = parser.parse_args() +main(opts.repo, opts.target) diff --git a/nixpkgs/pkgs/tools/security/eschalot/default.nix b/nixpkgs/pkgs/tools/security/eschalot/default.nix new file mode 100644 index 000000000000..d628a28023a4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/eschalot/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchFromGitHub, openssl }: + +stdenv.mkDerivation rec { + pname = "eschalot"; + version = "2018-01-19"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "ReclaimYourPrivacy"; + repo = pname; + rev = "56a967b62631cfd3c7ef68541263dbd54cbbc2c4"; + sha256 = "1iw1jrydasm9dmgpcdimd8dy9n281ys9krvf3fd3dlymkgsj604d"; + }; + + buildInputs = [ openssl ]; + + installPhase = '' + install -D -t $out/bin eschalot worgen + ''; + + meta = with stdenv.lib; { + description = "Tor hidden service name generator"; + homepage = src.meta.homepage; + license = licenses.isc; + platforms = platforms.unix; + maintainers = with maintainers; [ dotlambda ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fail2ban/default.nix b/nixpkgs/pkgs/tools/security/fail2ban/default.nix new file mode 100644 index 000000000000..6b1d8e6c4f88 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fail2ban/default.nix @@ -0,0 +1,49 @@ +{ stdenv, fetchFromGitHub, python, pythonPackages, gamin }: + +let version = "0.10.4"; in + +pythonPackages.buildPythonApplication { + name = "fail2ban-${version}"; + + src = fetchFromGitHub { + owner = "fail2ban"; + repo = "fail2ban"; + rev = version; + sha256 = "07ik6rm856q0ic2r7vbg6j3hsdcdgkv44hh5ck0c2y21fqwrck3l"; + }; + + propagatedBuildInputs = [ gamin ] + ++ (stdenv.lib.optional stdenv.isLinux pythonPackages.systemd); + + preConfigure = '' + for i in config/action.d/sendmail*.conf; do + substituteInPlace $i \ + --replace /usr/sbin/sendmail sendmail \ + --replace /usr/bin/whois whois + done + ''; + + doCheck = false; + + preInstall = '' + substituteInPlace setup.py --replace /usr/share/doc/ share/doc/ + + # see https://github.com/NixOS/nixpkgs/issues/4968 + ${python}/bin/${python.executable} setup.py install_data --install-dir=$out --root=$out + ''; + + postInstall = let + sitePackages = "$out/lib/${python.libPrefix}/site-packages"; + in '' + # see https://github.com/NixOS/nixpkgs/issues/4968 + rm -rf ${sitePackages}/etc ${sitePackages}/usr ${sitePackages}/var; + ''; + + meta = with stdenv.lib; { + homepage = http://www.fail2ban.org/; + description = "A program that scans log files for repeated failing login attempts and bans IP addresses"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ eelco lovek323 fpletz ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fcrackzip/default.nix b/nixpkgs/pkgs/tools/security/fcrackzip/default.nix new file mode 100644 index 000000000000..5d2e515c3277 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fcrackzip/default.nix @@ -0,0 +1,26 @@ +{stdenv, fetchurl}: + +stdenv.mkDerivation rec { + name = "fcrackzip-${version}"; + version = "1.0"; + src = fetchurl { + url = "http://oldhome.schmorp.de/marc/data/${name}.tar.gz"; + sha256 = "0l1qsk949vnz18k4vjf3ppq8p497966x4c7f2yx18x8pk35whn2a"; + }; + + # 'fcrackzip --use-unzip' cannot deal with file names containing a single quote + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430387 + patches = [ ./fcrackzip_forkexec.patch ]; + + # Do not clash with unizp/zipinfo + postInstall = "mv $out/bin/zipinfo $out/bin/fcrackzip-zipinfo"; + + meta = with stdenv.lib; { + description = "zip password cracker, similar to fzc, zipcrack and others"; + homepage = http://oldhome.schmorp.de/marc/fcrackzip.html; + license = licenses.gpl2; + maintainers = with maintainers; [ nico202 ]; + platforms = with platforms; unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch b/nixpkgs/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch new file mode 100644 index 000000000000..8e508ec1f596 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch @@ -0,0 +1,105 @@ +--- origin/main.c 2016-12-12 12:53:38.344285376 +0100 ++++ main.c 2016-12-12 13:01:41.134548824 +0100 +@@ -26,11 +26,13 @@ + #include <string.h> + + #ifdef USE_UNIX_REDIRECTION +-#define DEVNULL ">/dev/null 2>&1" ++#define DEVNULL "/dev/null" + #else +-#define DEVNULL ">NUL 2>&1" ++#define DEVNULL "NUL" + #endif + ++#include <errno.h> ++ + #include "crack.h" + + int use_unzip; +@@ -47,21 +49,77 @@ + int REGPARAM + check_unzip (const char *pw) + { +- char buff[1024]; +- int status; ++pid_t cpid; ++cpid = fork (); ++if (cpid == -1) ++ { ++ perror ("fork"); ++ exit (EXIT_FAILURE); ++ } ++ ++if (cpid == 0) ++ { ++ // Redirect STDERR/STDOUT to /dev/null ++ int oldfd_stderr, oldfd_stdout; ++ oldfd_stdout = dup (fileno (stdout)); ++ if (oldfd_stdout == -1) ++ { ++ perror ("dup for stdout"); ++ _exit (127); ++ } ++ oldfd_stderr = dup (fileno (stderr)); ++ if (oldfd_stderr == -1) ++ { ++ perror ("dup for stderr"); ++ _exit (127); ++ } ++ if (freopen (DEVNULL, "w", stdout) == NULL) ++ { ++ perror ("freopen " DEVNULL " for stdout"); ++ _exit (127); ++ } ++ if (freopen (DEVNULL, "w", stderr) == NULL) ++ { ++ perror ("freopen " DEVNULL " for stderr"); ++ _exit (127); ++ } ++ execlp ("unzip", "unzip", "-qqtP", pw, file_path[0], NULL); ++ ++ // When execlp failed. ++ // Restores the stderr/stdout redirection to print an error. ++ int errno_saved = errno; ++ dup2 (oldfd_stderr, fileno (stderr)); ++ dup2 (oldfd_stdout, fileno (stdout)); ++ close (oldfd_stderr); ++ close (oldfd_stdout); ++ errno = errno_saved; ++ perror ("execlp for unzip"); ++ _exit (127); // Returns 127 on error as system(3) does ++ } + +- sprintf (buff, "unzip -qqtP \"%s\" %s " DEVNULL, pw, file_path[0]); +- status = system (buff); +- +-#undef REDIR ++ int status; + +- if (status == EXIT_SUCCESS) ++ if (waitpid (cpid, &status, 0) == -1) + { +- printf("\n\nPASSWORD FOUND!!!!: pw == %s\n", pw); ++ perror ("waitpid"); ++ exit (EXIT_FAILURE); ++ } ++ ++ // The child process does not terminated normally, OR returns the exit status 127. ++ if (!WIFEXITED (status) ++ || (WIFEXITED (status) && (WEXITSTATUS (status) == 127))) ++ { ++ fprintf (stderr, "Executing unzip failed.\n"); ++ exit (EXIT_FAILURE); ++ } ++// unzip exited normally with the exit status 0 then... ++ if (WIFEXITED (status) && (WEXITSTATUS (status) == EXIT_SUCCESS)) ++ { ++ printf ("\n\nPASSWORD FOUND!!!!: pw == %s\n", pw); + exit (EXIT_SUCCESS); + } + +- return !status; ++ return 0; + } + + /* misc. callbacks. */ diff --git a/nixpkgs/pkgs/tools/security/fierce/default.nix b/nixpkgs/pkgs/tools/security/fierce/default.nix new file mode 100644 index 000000000000..abc1bacd212b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fierce/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchFromGitHub, python3 }: + +python3.pkgs.buildPythonApplication rec { + pname = "fierce"; + version = "1.3.0"; + + src = fetchFromGitHub { + owner = "mschwager"; + repo = pname; + rev = version; + sha256 = "0cdp9rpabazyfnks30rsf3qfdi40z1bkspxk4ds9bm82kpq33jxy"; + }; + + propagatedBuildInputs = [ python3.pkgs.dns ]; + + meta = with stdenv.lib; { + homepage = "https://github.com/mschwager/fierce"; + description = "DNS reconnaissance tool for locating non-contiguous IP space"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ c0bw3b globin ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fpm2/default.nix b/nixpkgs/pkgs/tools/security/fpm2/default.nix new file mode 100644 index 000000000000..66a50e268a53 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fpm2/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl, pkgconfig, gnupg, gtk2 +, libxml2, intltool +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + name = "fpm2-${version}"; + version = "0.79"; + + src = fetchurl { + url = "https://als.regnet.cz/fpm2/download/fpm2-${version}.tar.bz2"; + sha256 = "d55e9ce6be38a44fc1053d82db2d117cf3991a51898bd86d7913bae769f04da7"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ gnupg gtk2 libxml2 intltool ]; + + meta = { + description = "FPM2 is GTK2 port from Figaro's Password Manager originally developed by John Conneely, with some new enhancements."; + homepage = https://als.regnet.cz/fpm2/; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ hce ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fprintd/default.nix b/nixpkgs/pkgs/tools/security/fprintd/default.nix new file mode 100644 index 000000000000..84727f55b933 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fprintd/default.nix @@ -0,0 +1,33 @@ +{ thinkpad ? false +, stdenv, fetchurl, pkgconfig, intltool, libfprint-thinkpad ? null +, libfprint ? null, glib, dbus-glib, polkit, nss, pam, systemd }: + +stdenv.mkDerivation rec { + pname = "fprintd" + stdenv.lib.optionalString thinkpad "-thinkpad"; + version = "0.8.1"; + + src = fetchurl { + url = "https://gitlab.freedesktop.org/libfprint/fprintd/uploads/bdd9f91909f535368b7c21f72311704a/fprintd-${version}.tar.xz"; + sha256 = "124s0g9syvglgsmqnavp2a8c0zcq8cyaph8p8iyvbla11vfizs9l"; + }; + + buildInputs = [ glib dbus-glib polkit nss pam systemd ] + ++ stdenv.lib.optional thinkpad libfprint-thinkpad + ++ stdenv.lib.optional (!thinkpad) libfprint; + + nativeBuildInputs = [ pkgconfig intltool ]; + + configureFlags = [ + "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" + "--localstatedir=/var" + "--sysconfdir=${placeholder "out"}/etc" + ]; + + meta = with stdenv.lib; { + homepage = https://fprint.freedesktop.org/; + description = "D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fprot/default.nix b/nixpkgs/pkgs/tools/security/fprot/default.nix new file mode 100644 index 000000000000..14a4c985d502 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fprot/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + + name = "f-prot-${version}"; + version = "6.2.1"; + + src = fetchurl { + url = http://files.f-prot.com/files/unix-trial/fp-Linux.x86.32-ws.tar.gz; + sha256 = "0qlsrkanf0inplwv1i6hqbimdg91syf5ggd1vahsm9lhivmnr0v5"; + }; + + installPhase = '' + mkdir -p $out/bin + cp fpscan $out/bin + + mkdir -p $out/opt/f-prot + cp fpupdate $out/opt/f-prot + cp product.data.default $out/opt/f-prot/product.data + cp license.key $out/opt/f-prot/ + cp f-prot.conf.default $out/opt/f-prot/f-prot.conf + ln -s $out/opt/f-prot/fpupdate $out/bin/fpupdate + + patchelf --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/opt/f-prot/fpupdate + + mkdir -p $out/share/man/ + mkdir -p $out/share/man/man1 + cp doc/man/fpscan.1 $out/share/man/man1 + mkdir -p $out/share/man/man5 + cp doc/man/f-prot.conf.5 $out/share/man/man5 + mkdir -p $out/share/man/man8 + cp doc/man/fpupdate.8 $out/share/man/man8 + ''; + + meta = with stdenv.lib; { + homepage = http://www.f-prot.com; + description = "A popular proprietary antivirus program"; + license = licenses.unfree; + maintainers = [ maintainers.phreedom ]; + platforms = platforms.linux; + }; +} \ No newline at end of file diff --git a/nixpkgs/pkgs/tools/security/fwknop/default.nix b/nixpkgs/pkgs/tools/security/fwknop/default.nix new file mode 100644 index 000000000000..812c032230c1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/fwknop/default.nix @@ -0,0 +1,63 @@ +{ stdenv, fetchFromGitHub, autoreconfHook +, libpcap, texinfo +, iptables +, gnupgSupport ? true, gnupg, gpgme # Increases dependencies! +, wgetSupport ? true, wget +, buildServer ? true +, buildClient ? true }: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "fwknop"; + version = "2.6.10"; + + src = fetchFromGitHub { + owner = "mrash"; + repo = pname; + rev = version; + sha256 = "05kvqhmxj9p2y835w75f3jvhr38bb96cd58mvfd7xil9dhmhn9ra"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ libpcap texinfo ] + ++ stdenv.lib.optional gnupgSupport [ gnupg gpgme.dev ] + ++ stdenv.lib.optional wgetSupport [ wget ]; + + configureFlags = [ + "--sysconfdir=/etc" + "--localstatedir=/run" + "--with-iptables=${iptables}/sbin/iptables" + (stdenv.lib.enableFeature buildServer "server") + (stdenv.lib.enableFeature buildClient "client") + (stdenv.lib.withFeatureAs wgetSupport "wget" "${wget}/bin/wget") + ] ++ stdenv.lib.optionalString gnupgSupport [ + "--with-gpgme" + "--with-gpgme-prefix=${gpgme.dev}" + "--with-gpg=${gnupg}" + ]; + + # Temporary hack to copy the example configuration files into the nix-store, + # this'll probably be helpful until there's a NixOS module for that (feel free + # to ping me (@primeos) if you want to help). + preInstall = '' + substituteInPlace Makefile --replace\ + "sysconfdir = /etc"\ + "sysconfdir = $out/etc" + substituteInPlace server/Makefile --replace\ + "wknopddir = /etc/fwknop"\ + "wknopddir = $out/etc/fwknop" + ''; + + meta = with stdenv.lib; { + description = + "Single Packet Authorization (and Port Knocking) server/client"; + longDescription = '' + fwknop stands for the "FireWall KNock OPerator", and implements an + authorization scheme called Single Packet Authorization (SPA). + ''; + homepage = https://www.cipherdyne.org/fwknop/; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix b/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix new file mode 100644 index 000000000000..ca7793281ef9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix @@ -0,0 +1,42 @@ +{ coreutils, fetchFromGitHub, libcaca, makeWrapper, python, openssl, qrencode, stdenv, yubikey-manager }: + +stdenv.mkDerivation rec { + name = "gen-oath-safe-${version}"; + version = "0.11.0"; + src = fetchFromGitHub { + owner = "mcepl"; + repo = "gen-oath-safe"; + rev = version; + sha256 = "1914z0jgj7lni0nf3hslkjgkv87mhxdr92cmhmbzhpjgjgr23ydp"; + }; + + buildInputs = [ makeWrapper ]; + + buildPhase = ":"; + + installPhase = + let + path = stdenv.lib.makeBinPath [ + coreutils + libcaca.bin + openssl.bin + python + qrencode + yubikey-manager + ]; + in + '' + mkdir -p $out/bin + cp gen-oath-safe $out/bin/ + wrapProgram $out/bin/gen-oath-safe \ + --prefix PATH : ${path} + ''; + meta = with stdenv.lib; { + homepage = https://github.com/mcepl/gen-oath-safe; + description = "Script for generating HOTP/TOTP keys (and QR code)"; + platforms = platforms.unix; + license = licenses.mit; + maintainers = [ maintainers.makefu ]; + }; + +} diff --git a/nixpkgs/pkgs/tools/security/gencfsm/default.nix b/nixpkgs/pkgs/tools/security/gencfsm/default.nix new file mode 100644 index 000000000000..27bdc51c7688 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gencfsm/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchurl, autoconf, automake, intltool, libtool, pkgconfig, encfs +, glib , gnome3, gtk3, libgnome-keyring, vala, wrapGAppsHook, xorg, gobject-introspection +}: + +stdenv.mkDerivation rec { + version = "1.8.19"; + name = "gnome-encfs-manager-${version}"; + + src = fetchurl { + url = "https://launchpad.net/gencfsm/trunk/1.8/+download/gnome-encfs-manager_${version}.tar.xz"; + sha256 = "1h6x8dyp1fvxvr8fwki98ppf4sa20qf7g59jc9797b2vrgm60h1i"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ autoconf automake intltool libtool vala glib encfs + gtk3 libgnome-keyring gnome3.libgee xorg.libSM xorg.libICE + wrapGAppsHook gobject-introspection ]; + + patches = [ ./makefile-mkdir.patch ]; + + preConfigure = '' + ./autogen.sh + ''; + + configureFlags = [ "--disable-appindicator" ]; + + preFixup = ''gappsWrapperArgs+=(--prefix PATH : ${encfs}/bin)''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + homepage = http://www.libertyzero.com/GEncfsM/; + downloadPage = https://launchpad.net/gencfsm/; + description = "EncFS manager and mounter with GNOME3 integration"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = [ maintainers.spacefrogg ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gencfsm/makefile-mkdir.patch b/nixpkgs/pkgs/tools/security/gencfsm/makefile-mkdir.patch new file mode 100644 index 000000000000..49c7b0b4d9d1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gencfsm/makefile-mkdir.patch @@ -0,0 +1,14 @@ +--- a/dist/Makefile.am ++++ b/dist/Makefile.am +@@ -10,9 +10,9 @@ install-data-hook: + chmod 0755 $(shell find $(dist) -type d) + chmod 0644 $(shell find $(dist) -type f) + chmod 0755 $(shell find "scripts" -type f) +- test -z "$(DESTDIR)$(datadir)/dbus-1/services/" || /bin/mkdir -p "$(DESTDIR)$(datadir)/dbus-1/services/" ++ test -z "$(DESTDIR)$(datadir)/dbus-1/services/" || $(MKDIR_P) "$(DESTDIR)$(datadir)/dbus-1/services/" + cp "extra/com.libertyzero.gnome-encfs-manager.service" "$(DESTDIR)$(datadir)/dbus-1/services/" +- test -z "$(gencfsmdir)" || /bin/mkdir -p "$(gencfsmdir)" ++ test -z "$(gencfsmdir)" || $(MKDIR_P) "$(gencfsmdir)" + cp --parent -rf $(dist) "$(gencfsmdir)" + cp --parent -rf $(icons) $(DESTDIR)$(datadir) + diff --git a/nixpkgs/pkgs/tools/security/ghidra/default.nix b/nixpkgs/pkgs/tools/security/ghidra/default.nix new file mode 100644 index 000000000000..71cda94d5f8a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ghidra/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchurl, unzip, lib, makeWrapper, autoPatchelfHook +, openjdk11, pam +}: let + + pkg_path = "$out/lib/ghidra"; + +in stdenv.mkDerivation { + + name = "ghidra-9.0"; + + src = fetchurl { + url = https://ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip; + sha256 = "3b65d29024b9decdbb1148b12fe87bcb7f3a6a56ff38475f5dc9dd1cfc7fd6b2"; + }; + + nativeBuildInputs = [ + makeWrapper + autoPatchelfHook + unzip + ]; + + buildInputs = [ + stdenv.cc.cc.lib + pam + ]; + + dontStrip = true; + + installPhase = '' + mkdir -p "${pkg_path}" + cp -a * "${pkg_path}" + ''; + + postFixup = '' + mkdir -p "$out/bin" + makeWrapper "${pkg_path}/ghidraRun" "$out/bin/ghidra" \ + --prefix PATH : ${lib.makeBinPath [ openjdk11 ]} + ''; + + meta = with lib; { + description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; + homepage = "https://ghidra-sre.org/"; + platforms = [ "x86_64-linux" ]; + license = licenses.asl20; + maintainers = [ maintainers.ck3d ]; + }; + +} diff --git a/nixpkgs/pkgs/tools/security/gnu-pw-mgr/default.nix b/nixpkgs/pkgs/tools/security/gnu-pw-mgr/default.nix new file mode 100644 index 000000000000..2139b7c84afc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnu-pw-mgr/default.nix @@ -0,0 +1,20 @@ +{ stdenv, lib, fetchurl, gnulib }: + +stdenv.mkDerivation rec { + name = "gnu-pw-mgr-${version}"; + version = "2.4.2"; + src = fetchurl { + url = "https://ftp.gnu.org/gnu/gnu-pw-mgr/${name}.tar.xz"; + sha256 = "1yvdzc5w37qrjrkby5699ygj9bhkvgi3zk9k9jcjry1j6b7wdl17"; + }; + + buildInputs = [ gnulib ]; + + meta = with lib; { + homepage = https://www.gnu.org/software/gnu-pw-mgr/; + description = "A password manager designed to make it easy to reconstruct difficult passwords"; + license = with licenses; [ gpl3Plus lgpl3Plus ]; + platforms = stdenv.lib.platforms.linux; + maintainers = with maintainers; [ qoelet ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch b/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch new file mode 100644 index 000000000000..061fb0e8de9c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch @@ -0,0 +1,34 @@ +From 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Sun, 30 Jun 2019 11:54:35 -0400 +Subject: [PATCH] dirmngr: Only use SKS pool CA for SKS pool + +* dirmngr/http.c (http_session_new): when checking whether the +keyserver is the HKPS pool, check specifically against the pool name, +as ./configure might have been used to select a different default +keyserver. It makes no sense to apply Kristian's certificate +authority to anything other than the literal host +hkps.pool.sks-keyservers.net. + +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +GnuPG-Bug-Id: 4593 +--- + dirmngr/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dirmngr/http.c b/dirmngr/http.c +index 384f2569d..8e5d53939 100644 +--- a/dirmngr/http.c ++++ b/dirmngr/http.c +@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session, + + is_hkps_pool = (intended_hostname + && !ascii_strcasecmp (intended_hostname, +- get_default_keyserver (1))); ++ "hkps.pool.sks-keyservers.net")); + + /* If the user has not specified a CA list, and they are looking + * for the hkps pool from sks-keyservers.net, then default to +-- +2.22.0 + diff --git a/nixpkgs/pkgs/tools/security/gnupg/1.nix b/nixpkgs/pkgs/tools/security/gnupg/1.nix new file mode 100644 index 000000000000..b86bb1a221c6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/1.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl, readline, bzip2 }: + +stdenv.mkDerivation rec { + name = "gnupg-1.4.23"; + + src = fetchurl { + url = "mirror://gnupg/gnupg/${name}.tar.bz2"; + sha256 = "1fkq4sqldvf6a25mm2qz95swv1qjg464736091w51djiwqbjyin9"; + }; + + buildInputs = [ readline bzip2 ]; + + doCheck = true; + + meta = with stdenv.lib; { + homepage = https://gnupg.org; + description = "Classic (1.4) release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "classic" (1.4) is the old standalone version which is most suitable for + older or embedded platforms. GnuPG allows to encrypt and sign your data + and communication, features a versatile key management system as well as + access modules for all kind of public key directories. GnuPG, also known + as GPG, is a command line tool with features for easy integration with + other applications. A wealth of frontend applications and libraries are + available. + ''; + platforms = platforms.gnu ++ platforms.linux; # arbitrary choice + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnupg/1compat.nix b/nixpkgs/pkgs/tools/security/gnupg/1compat.nix new file mode 100644 index 000000000000..371a7ca67afd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/1compat.nix @@ -0,0 +1,30 @@ +{ stdenv, gnupg, coreutils, writeScript }: + +stdenv.mkDerivation { + name = "gnupg1compat-${gnupg.version}"; + + builder = writeScript "gnupg1compat-builder" '' + PATH=${coreutils}/bin + # First symlink all top-level dirs + mkdir -p $out + ln -s "${gnupg}/"* $out + + # Replace bin with directory and symlink it contents + rm $out/bin + mkdir -p $out/bin + ln -s "${gnupg}/bin/"* $out/bin + + # Add symlinks for any executables that end in 2 and lack any non-*2 version + for f in $out/bin/*2; do + [[ -x $f ]] || continue # ignore failed globs and non-executable files + [[ -e ''${f%2} ]] && continue # ignore commands that already have non-*2 versions + ln -s -- "''${f##*/}" "''${f%2}" + done + ''; + + meta = gnupg.meta // { + description = gnupg.meta.description + + " with symbolic links for gpg and gpgv"; + priority = -1; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnupg/20.nix b/nixpkgs/pkgs/tools/security/gnupg/20.nix new file mode 100644 index 000000000000..6ae2bbc436ed --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/20.nix @@ -0,0 +1,66 @@ +{ fetchurl, stdenv, readline, zlib, libgpgerror, pth, libgcrypt, libassuan +, libksba, coreutils, libiconv, pcsclite + +# Each of the dependencies below are optional. +# Gnupg can be built without them at the cost of reduced functionality. +, pinentry ? null, guiSupport ? true +, openldap ? null, bzip2 ? null, libusb ? null, curl ? null +}: + +with stdenv.lib; + +assert guiSupport -> pinentry != null; + +stdenv.mkDerivation rec { + name = "gnupg-${version}"; + version = "2.0.30"; + + src = fetchurl { + url = "mirror://gnupg/gnupg/${name}.tar.bz2"; + sha256 = "0wax4cy14hh0h7kg9hj0hjn9424b71z8lrrc5kbsasrn9xd7hag3"; + }; + + buildInputs + = [ readline zlib libgpgerror libgcrypt libassuan libksba pth + openldap bzip2 libusb curl libiconv ]; + + patches = [ ./gpgkey2ssh-20.patch ]; + + prePatch = '' + find tests -type f | xargs sed -e 's@/bin/pwd@${coreutils}&@g' -i + '' + stdenv.lib.optionalString stdenv.isLinux '' + sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c + '' + stdenv.lib.optionalString stdenv.isDarwin '' + find . -name pcsc-wrapper.c | xargs sed -i 's/typedef unsinged int pcsc_dword_t/typedef unsigned int pcsc_dword_t/' + '' + '' + patch gl/stdint_.h < ${./clang.patch} + ''; + + pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; + configureFlags = optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; + + postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c"; + + checkPhase="GNUPGHOME=`pwd` ./agent/gpg-agent --daemon make check"; + + doCheck = true; + + meta = with stdenv.lib; { + homepage = https://gnupg.org; + description = "Stable (2.0) release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "stable" (2.0) is the current stable version for general use. This is + what most users are still using. GnuPG allows to encrypt and sign your + data and communication, features a versatile key management system as well + as access modules for all kind of public key directories. GnuPG, also + known as GPG, is a command line tool with features for easy integration + with other applications. A wealth of frontend applications and libraries + are available. Version 2 of GnuPG also provides support for S/MIME. + ''; + maintainers = with maintainers; [ roconnor ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnupg/22.nix b/nixpkgs/pkgs/tools/security/gnupg/22.nix new file mode 100644 index 000000000000..ecb1df73e397 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/22.nix @@ -0,0 +1,82 @@ +{ fetchurl, fetchpatch, stdenv, pkgconfig, libgcrypt, libassuan, libksba +, libgpgerror, libiconv, npth, gettext, texinfo, pcsclite, sqlite +, buildPackages + +# Each of the dependencies below are optional. +# Gnupg can be built without them at the cost of reduced functionality. +, pinentry ? null, guiSupport ? true +, adns ? null, gnutls ? null, libusb ? null, openldap ? null +, readline ? null, zlib ? null, bzip2 ? null +}: + +with stdenv.lib; + +assert guiSupport -> pinentry != null; + +stdenv.mkDerivation rec { + name = "gnupg-${version}"; + + version = "2.2.16"; + + src = fetchurl { + url = "mirror://gnupg/gnupg/${name}.tar.bz2"; + sha256 = "1jqlzp9b3kpfp1dkjqskm67jjrhvf9nh3lzf45321p7m9d2qvgkc"; + }; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + libgcrypt libassuan libksba libiconv npth gettext texinfo + readline libusb gnutls adns openldap zlib bzip2 sqlite + ]; + + patches = [ + ./fix-libusb-include-path.patch + ./0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch + ]; + postPatch = '' + sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' \ + configure doc/dirmngr.texi doc/gnupg.info-1 + '' + stdenv.lib.optionalString stdenv.isLinux '' + sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c + ''; #" fix Emacs syntax highlighting :-( + + pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; + configureFlags = [ + "--with-libgpg-error-prefix=${libgpgerror.dev}" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + "--with-ksba-prefix=${libksba.dev}" + "--with-npth-prefix=${npth}" + ] ++ optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; + + postInstall = '' + mkdir -p $out/lib/systemd/user + for f in doc/examples/systemd-user/*.{service,socket} ; do + substitute $f $out/lib/systemd/user/$(basename $f) \ + --replace /usr/bin $out/bin + done + + # add gpg2 symlink to make sure git does not break when signing commits + ln -s $out/bin/gpg $out/bin/gpg2 + ''; + + meta = with stdenv.lib; { + homepage = https://gnupg.org; + description = "Modern (2.1) release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "modern" (2.1) is the latest development with a lot of new features. + GnuPG allows to encrypt and sign your data and communication, features a + versatile key management system as well as access modules for all kind of + public key directories. GnuPG, also known as GPG, is a command line tool + with features for easy integration with other applications. A wealth of + frontend applications and libraries are available. Version 2 of GnuPG + also provides support for S/MIME. + ''; + maintainers = with maintainers; [ peti fpletz vrthra ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnupg/clang.patch b/nixpkgs/pkgs/tools/security/gnupg/clang.patch new file mode 100644 index 000000000000..842785e5c932 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/clang.patch @@ -0,0 +1,13 @@ +diff --git a/gl/stdint_.h b/gl/stdint_.h +index bc27595..303e81a 100644 +--- a/gl/stdint_.h ++++ b/gl/stdint_.h +@@ -62,7 +62,7 @@ + int{8,16,32,64}_t, uint{8,16,32,64}_t and __BIT_TYPES_DEFINED__. + <inttypes.h> also defines intptr_t and uintptr_t. */ + # define _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H +-# include <inttypes.h> ++// # include <inttypes.h> + # undef _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H + #elif @HAVE_SYS_INTTYPES_H@ + /* Solaris 7 <sys/inttypes.h> has the types except the *_fast*_t types, and diff --git a/nixpkgs/pkgs/tools/security/gnupg/fix-libusb-include-path.patch b/nixpkgs/pkgs/tools/security/gnupg/fix-libusb-include-path.patch new file mode 100644 index 000000000000..a5432f8e3d95 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/fix-libusb-include-path.patch @@ -0,0 +1,12 @@ +--- a/configure ++++ b/configure +@@ -8987,8 +8987,7 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking libusb include dir" >&5 + $as_echo_n "checking libusb include dir... " >&6; } + usb_incdir_found="no" +- for _incdir in "" "/usr/include/libusb-1.0" \ +- "/usr/local/include/libusb-1.0" "/usr/pkg/include/libusb-1.0"; do ++ for _incdir in "$($PKG_CONFIG --variable=includedir libusb-1.0)/libusb-1.0"; do + _libusb_save_cppflags=$CPPFLAGS + if test -n "${_incdir}"; then + CPPFLAGS="-I${_incdir} ${CPPFLAGS}" diff --git a/nixpkgs/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch b/nixpkgs/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch new file mode 100644 index 000000000000..65804bac7642 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch @@ -0,0 +1,14 @@ +diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c +index 903fb5b..d5611dc 100644 +--- a/tools/gpgkey2ssh.c ++++ b/tools/gpgkey2ssh.c +@@ -268,7 +268,7 @@ main (int argc, char **argv) + keyid = argv[1]; + + ret = asprintf (&command, +- "gpg --list-keys --with-colons --with-key-data '%s'", ++ "@out@/bin/gpg --list-keys --with-colons --with-key-data '%s'", + keyid); + assert (ret > 0); + + diff --git a/nixpkgs/pkgs/tools/security/gopass/default.nix b/nixpkgs/pkgs/tools/security/gopass/default.nix new file mode 100644 index 000000000000..b8be17e49967 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gopass/default.nix @@ -0,0 +1,56 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, git, gnupg, xclip, makeWrapper }: + +buildGoPackage rec { + pname = "gopass"; + version = "1.8.5"; + + goPackagePath = "github.com/gopasspw/gopass"; + + nativeBuildInputs = [ makeWrapper ]; + + src = fetchFromGitHub { + owner = "gopasspw"; + repo = pname; + rev = "v${version}"; + sha256 = "1mgc77j5b9pjf2ayd5c09ym6d8n1yia8yg87zw0b8fsh5wac41sl"; + }; + + wrapperPath = with stdenv.lib; makeBinPath ([ + git + gnupg + xclip + ]); + + postInstall = '' + mkdir -p \ + $bin/share/bash-completion/completions \ + $bin/share/zsh/site-functions \ + $bin/share/fish/vendor_completions.d + $bin/bin/gopass completion bash > $bin/share/bash-completion/completions/_gopass + $bin/bin/gopass completion zsh > $bin/share/zsh/site-functions/_gopass + $bin/bin/gopass completion fish > $bin/share/fish/vendor_completions.d/gopass.fish + ''; + + postFixup = '' + wrapProgram $bin/bin/gopass \ + --prefix PATH : "${wrapperPath}" + ''; + + meta = with stdenv.lib; { + description = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go."; + homepage = https://www.gopass.pw/; + license = licenses.mit; + maintainers = with maintainers; [ andir ]; + platforms = platforms.unix; + + longDescription = '' + gopass is a rewrite of the pass password manager in Go with the aim of + making it cross-platform and adding additional features. Our target + audience are professional developers and sysadmins (and especially teams + of those) who are well versed with a command line interface. One explicit + goal for this project is to make it more approachable to non-technical + users. We go by the UNIX philosophy and try to do one thing and do it + well, providing a stellar user experience and a sane, simple interface. + ''; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix b/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix new file mode 100644 index 000000000000..152ff40e7a22 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix @@ -0,0 +1,41 @@ +{ fetchurl, makeWrapper, patchelf, stdenv, libXft, libX11, freetype, fontconfig, libXrender, libXScrnSaver, libXext }: + +stdenv.mkDerivation rec { + name = "gorilla-bin-${version}"; + version = "1.5.3.7"; + + src = fetchurl { + name = "gorilla1537_64.bin"; + url = "http://gorilla.dp100.com/downloads/gorilla1537_64.bin"; + sha256 = "19ir6x4c01825hpx2wbbcxkk70ymwbw4j03v8b2xc13ayylwzx0r"; + }; + + nativeBuildInputs = [ patchelf makeWrapper ]; + phases = [ "unpackPhase" "installPhase" ]; + + unpackCmd = '' + mkdir gorilla; + cp $curSrc gorilla/gorilla-${version}; + ''; + + installPhase = let + interpreter = "$(< \"$NIX_CC/nix-support/dynamic-linker\")"; + libPath = stdenv.lib.makeLibraryPath [ libXft libX11 freetype fontconfig libXrender libXScrnSaver libXext ]; + in '' + mkdir -p $out/opt/password-gorilla + mkdir -p $out/bin + cp gorilla-${version} $out/opt/password-gorilla + chmod ugo+x $out/opt/password-gorilla/gorilla-${version} + patchelf --set-interpreter "${interpreter}" "$out/opt/password-gorilla/gorilla-${version}" + makeWrapper "$out/opt/password-gorilla/gorilla-${version}" "$out/bin/gorilla" \ + --prefix LD_LIBRARY_PATH : "${libPath}" + ''; + + meta = { + description = "Password Gorilla is a Tk based password manager"; + homepage = https://github.com/zdia/gorilla/wiki; + maintainers = [ stdenv.lib.maintainers.namore ]; + platforms = [ "x86_64-linux" ]; + license = stdenv.lib.licenses.gpl2; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gpgstats/default.nix b/nixpkgs/pkgs/tools/security/gpgstats/default.nix new file mode 100644 index 000000000000..c095b77129cc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gpgstats/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchurl, ncurses, gpgme }: + +stdenv.mkDerivation rec { + name = "gpgstats-${version}"; + version = "0.5"; + + src = fetchurl { + url = "https://www.vanheusden.com/gpgstats/${name}.tgz"; + sha256 = "1n3njqhjwgfllcxs0xmk89dzgirrpfpfzkj71kqyvq97gc1wbcxy"; + }; + + buildInputs = [ ncurses gpgme ]; + + installPhase = '' + mkdir -p $out/bin + cp gpgstats $out/bin + ''; + + NIX_CFLAGS_COMPILE = stdenv.lib.optionals (!stdenv.is64bit) + [ "-D_FILE_OFFSET_BITS=64" "-DLARGEFILE_SOURCE=1" ]; + + meta = with stdenv.lib; { + description = "Calculates statistics on the keys in your gpg key-ring"; + longDescription = '' + GPGstats calculates statistics on the keys in your key-ring. + ''; + homepage = http://www.vanheusden.com/gpgstats/; + license = licenses.gpl2; + maintainers = with maintainers; [ davidak ]; + platforms = platforms.unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/haka/default.nix b/nixpkgs/pkgs/tools/security/haka/default.nix new file mode 100644 index 000000000000..2b1708c9243c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/haka/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchurl, cmake, swig, wireshark, check, rsync, libpcap, gawk, libedit, pcre }: + +let version = "0.3.0"; in + +stdenv.mkDerivation rec { + name = "haka-${version}"; + + src = fetchurl { + name = "haka_${version}_source.tar.gz"; + url = "https://github.com/haka-security/haka/releases/download/v${version}/haka_${version}_source.tar.gz"; + sha256 = "0dm39g3k77sa70zrjsqadidg27a6iqq61jzfdxazpllnrw4mjy4w"; + }; + + NIX_CFLAGS_COMPILE = "-Wno-error"; + + preConfigure = '' + sed -i 's,/etc,'$out'/etc,' src/haka/haka.c + sed -i 's,/etc,'$out'/etc,' src/haka/CMakeLists.txt + sed -i 's,/opt/haka/etc,$out/opt/haka/etc,' src/haka/haka.1 + sed -i 's,/etc,'$out'/etc,' doc/user/tool_suite_haka.rst + ''; + + buildInputs = [ cmake swig wireshark check rsync libpcap gawk libedit pcre ]; + + enableParallelBuilding = true; + + meta = { + description = "A collection of tools that allows capturing TCP/IP packets and filtering them based on Lua policy files"; + homepage = http://www.haka-security.org/; + license = stdenv.lib.licenses.mpl20; + maintainers = [ stdenv.lib.maintainers.tvestelind ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hash-slinger/default.nix b/nixpkgs/pkgs/tools/security/hash-slinger/default.nix new file mode 100644 index 000000000000..385a201d88b0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hash-slinger/default.nix @@ -0,0 +1,46 @@ +{ stdenv, fetchFromGitHub, pythonPackages, unbound, libreswan }: + +let + inherit (pythonPackages) python; +in stdenv.mkDerivation rec { + pname = "hash-slinger"; + name = "${pname}-${version}"; + version = "2.7"; + + src = fetchFromGitHub { + owner = "letoams"; + repo = "${pname}"; + rev = "${version}"; + sha256 = "05wn744ydclpnpyah6yfjqlfjlasrrhzj48lqmm5a91nyps5yqyn"; + }; + + pythonPath = with pythonPackages; [ dnspython m2crypto ipaddr python-gnupg + pyunbound ]; + + buildInputs = [ pythonPackages.wrapPython ]; + propagatedBuildInputs = [ unbound libreswan ] ++ pythonPath; + propagatedUserEnvPkgs = [ unbound libreswan ]; + + patchPhase = '' + substituteInPlace Makefile \ + --replace "$(DESTDIR)/usr" "$out" + substituteInPlace ipseckey \ + --replace "/usr/sbin/ipsec" "${libreswan}/sbin/ipsec" + substituteInPlace tlsa \ + --replace "/var/lib/unbound/root" "${pythonPackages.pyunbound}/etc/pyunbound/root" + patchShebangs * + ''; + + installPhase = '' + mkdir -p $out/bin $out/man $out/${python.sitePackages}/ + make install + wrapPythonPrograms + ''; + + meta = { + description = "Various tools to generate special DNS records"; + homepage = "https://github.com/letoams/hash-slinger"; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = [ stdenv.lib.maintainers.leenaars ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hash_extender/default.nix b/nixpkgs/pkgs/tools/security/hash_extender/default.nix new file mode 100644 index 000000000000..0c5691a1e106 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hash_extender/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub, openssl }: + +stdenv.mkDerivation rec { + name = "hash_extender-${version}"; + version = "2017-04-10"; + + src = fetchFromGitHub { + owner = "iagox86"; + repo = "hash_extender"; + rev = "d27581e062dd0b534074e11d7d311f65a6d7af21"; + sha256 = "1npwbgqaynjh5x39halw43i116v89sxkpa1g1bbvc1lpi8hkhhcb"; + }; + + buildInputs = [ openssl ]; + + installPhase = '' + mkdir -p $out/bin + cp hash_extender $out/bin + ''; + + meta = with stdenv.lib; { + description = "Tool to automate hash length extension attacks"; + homepage = https://github.com/iagox86/hash_extender; + license = licenses.bsd3; + maintainers = with maintainers; [ geistesk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hashcash/default.nix b/nixpkgs/pkgs/tools/security/hashcash/default.nix new file mode 100644 index 000000000000..a28822ecd951 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hashcash/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchurl, openssl }: + +stdenv.mkDerivation rec { + pname = "hashcash"; + version = "1.22"; + + buildInputs = [ openssl ]; + + src = fetchurl { + url = "http://www.hashcash.org/source/hashcash-${version}.tgz"; + sha256 = "15kqaimwb2y8wvzpn73021bvay9mz1gqqfc40gk4hj6f84nz34h1"; + }; + + makeFlags = [ + "generic-openssl" + "LIBCRYPTO=-lcrypto" + ]; + + installFlags = [ + "INSTALL_PATH=${placeholder "out"}/bin" + "MAN_INSTALL_PATH=${placeholder "out"}/share/man/man1" + "DOC_INSTALL_PATH=${placeholder "out"}/share/doc/hashcash-$(version)" + ]; + + meta = with stdenv.lib; { + description = "Proof-of-work algorithm used as spam and denial-of-service counter measure"; + homepage = http://hashcash.org; + license = licenses.gpl2; + maintainers = with maintainers; [ kisonecat ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix b/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix new file mode 100644 index 000000000000..50508cfc4941 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "hashcat-utils"; + version = "1.9"; + + src = fetchFromGitHub { + owner = "hashcat"; + repo = pname; + rev = "v${version}"; + sha256 = "0wgc6wv7i6cs95rgzzx3zqm14xxbjyajvcqylz8w97d8kk4x4wjr"; + }; + + sourceRoot = "source/src"; + + installPhase = '' + runHook preInstall + install -Dm0555 *.bin -t $out/bin + install -Dm0555 *.pl -t $out/bin + runHook postInstall + ''; + + meta = with stdenv.lib; { + description = "Small utilities that are useful in advanced password cracking"; + homepage = https://github.com/hashcat/hashcat-utils; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ fadenb ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hashcat/default.nix b/nixpkgs/pkgs/tools/security/hashcat/default.nix new file mode 100644 index 000000000000..72a13c0f259e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hashcat/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchurl, makeWrapper, opencl-headers, ocl-icd, xxHash }: + +stdenv.mkDerivation rec { + pname = "hashcat"; + version = "5.1.0"; + + src = fetchurl { + url = "https://hashcat.net/files/hashcat-${version}.tar.gz"; + sha256 = "0f73y4cg8c7a6q7x34qvpfi4g3lw6j9bnn0a13g43aqyiskflfr8"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ opencl-headers xxHash ]; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + "COMPTIME=1337" + "VERSION_TAG=${version}" + "USE_SYSTEM_OPENCL=1" + "USE_SYSTEM_XXHASH=1" + ]; + + postFixup = '' + wrapProgram $out/bin/hashcat --prefix LD_LIBRARY_PATH : ${ocl-icd}/lib + ''; + + meta = with stdenv.lib; { + description = "Fast password cracker"; + homepage = https://hashcat.net/hashcat/; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ kierdavis zimbatm ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/haveged/default.nix b/nixpkgs/pkgs/tools/security/haveged/default.nix new file mode 100644 index 000000000000..81f627179a25 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/haveged/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "haveged-${version}"; + version = "1.9.2"; + + src = fetchurl { + url = "http://www.issihosts.com/haveged/haveged-${version}.tar.gz"; + sha256 = "0w5ypz6451msckivjriwyw8djydlwffam7x23xh626s2vzdrlzgp"; + }; + + meta = { + description = "A simple entropy daemon"; + longDescription = '' + The haveged project is an attempt to provide an easy-to-use, unpredictable + random number generator based upon an adaptation of the HAVEGE algorithm. + Haveged was created to remedy low-entropy conditions in the Linux random device + that can occur under some workloads, especially on headless servers. Current development + of haveged is directed towards improving overall reliability and adaptability while minimizing + the barriers to using haveged for other tasks. + ''; + homepage = http://www.issihosts.com/haveged/; + license = stdenv.lib.licenses.gpl3; + maintainers = [ stdenv.lib.maintainers.domenkozar ]; + platforms = stdenv.lib.platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hcxtools/default.nix b/nixpkgs/pkgs/tools/security/hcxtools/default.nix new file mode 100644 index 000000000000..20ad5bbc0b27 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hcxtools/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub, curl, openssl, zlib }: + +stdenv.mkDerivation rec { + pname = "hcxtools"; + version = "5.1.6"; + + src = fetchFromGitHub { + owner = "ZerBea"; + repo = pname; + rev = version; + sha256 = "05sjbmv2wq3nlmammrwxqc62c4sagjjgczzddr1jcqkf6kywzkl8"; + }; + + buildInputs = [ curl openssl zlib ]; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + ]; + + meta = with stdenv.lib; { + description = "Tools for capturing wlan traffic and conversion to hashcat and John the Ripper formats"; + homepage = https://github.com/ZerBea/hcxtools; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ dywedir ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hologram/default.nix b/nixpkgs/pkgs/tools/security/hologram/default.nix new file mode 100644 index 000000000000..e6c375599a92 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hologram/default.nix @@ -0,0 +1,29 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "hologram-2018-03-19"; + rev = "a7bab58642b530edb75b9cf6c1d834c85822ceac"; + + src = fetchFromGitHub { + owner = "AdRoll"; + repo = "hologram"; + inherit rev; + sha256 = "00scryz8js6gbw8lp2y23qikbazz2dd992r97rqh0l1q4baa0ckn"; + }; + + goPackagePath = "github.com/AdRoll/hologram"; + + goDeps = ./deps.nix; + + preConfigure = '' + sed -i 's|cacheTimeout != 3600|cacheTimeout != 0|' cmd/hologram-server/main.go + ''; + + meta = with stdenv.lib; { + homepage = https://github.com/AdRoll/hologram/; + description = "Easy, painless AWS credentials on developer laptops."; + maintainers = with maintainers; [ nand0p ]; + platforms = platforms.all; + license = licenses.asl20; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hologram/deps.nix b/nixpkgs/pkgs/tools/security/hologram/deps.nix new file mode 100644 index 000000000000..a9b66da2a9c0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hologram/deps.nix @@ -0,0 +1,110 @@ +[ + { + goPackagePath = "golang.org/x/crypto"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/crypto"; + rev = "575fdbe86e5dd89229707ebec0575ce7d088a4a6"; + sha256 = "1kgv1mkw9y404pk3lcwbs0vgl133mwyp294i18jg9hp10s5d56xa"; + }; + } + { + goPackagePath = "github.com/golang/protobuf"; + fetch = { + type = "git"; + url = "https://github.com/golang/protobuf"; + rev = "59b73b37c1e45995477aae817e4a653c89a858db"; + sha256 = "1dx22jvhvj34ivpr7gw01fncg9yyx35mbpal4mpgnqka7ajmgjsa"; + }; + } + { + goPackagePath = "github.com/howeyc/gopass"; + fetch = { + type = "git"; + url = "https://github.com/howeyc/gopass"; + rev = "2c70fa70727c953c51695f800f25d6b44abb368e"; + sha256 = "152lrkfxk205rlxiign0w5wb0fmfh910yz4jhlv4f4l1qr1h2lx8"; + }; + } + { + goPackagePath = "github.com/aybabtme/rgbterm"; + fetch = { + type = "git"; + url = "https://github.com/aybabtme/rgbterm"; + rev = "c07e2f009ed2311e9c35bca12ec00b38ccd48283"; + sha256 = "1qph7drds44jzx1whqlrh1hs58k0wv0v58zyq2a81hmm72gsgzam"; + }; + } + { + goPackagePath = "github.com/vaughan0/go-ini"; + fetch = { + type = "git"; + url = "https://github.com/vaughan0/go-ini"; + rev = "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1"; + sha256 = "1l1isi3czis009d9k5awsj4xdxgbxn4n9yqjc1ac7f724x6jacfa"; + }; + } + { + goPackagePath = "github.com/mitchellh/go-homedir"; + fetch = { + type = "git"; + url = "https://github.com/mitchellh/go-homedir"; + rev = "1f6da4a72e57d4e7edd4a7295a585e0a3999a2d4"; + sha256 = "1l5lrsjrnwxn299mhvyxvz8hd0spkx0d31gszm4cyx21bg1xsiy9"; + }; + } + { + goPackagePath = "github.com/goamz/goamz"; + fetch = { + type = "git"; + url = "https://github.com/goamz/goamz"; + rev = "2a8fed5e89ab9e16210fc337d1aac780e8c7bbb7"; + sha256 = "0rlinp0cvgw66qjndg4padr5s0wd3n7kjfggkx6czqj9bqaxcz4b"; + }; + } + { + goPackagePath = "github.com/nmcclain/asn1-ber"; + fetch = { + type = "git"; + url = "https://github.com/go-asn1-ber/asn1-ber"; + rev = "f4b6f4a84f5cde443d1925b5ec185ee93c2bdc72"; + sha256 = "0qdyax6yw3hvplzqc2ykpihi3m5y4nii581ay0mxy9c54bzs2nk9"; + }; + } + { + goPackagePath = "gopkg.in/asn1-ber.v1"; + fetch = { + type = "git"; + url = "https://github.com/go-asn1-ber/asn1-ber"; + rev = "f4b6f4a84f5cde443d1925b5ec185ee93c2bdc72"; + sha256 = "0qdyax6yw3hvplzqc2ykpihi3m5y4nii581ay0mxy9c54bzs2nk9"; + }; + } + { + goPackagePath = "github.com/peterbourgon/g2s"; + fetch = { + type = "git"; + url = "https://github.com/peterbourgon/g2s"; + rev = "ec76db4c1ac16400ac0e17ca9c4840e1d23da5dc"; + sha256 = "1p4p8755v2nrn54rik7yifpg9szyg44y5rpp0kryx4ycl72307rj"; + }; + } + { + goPackagePath = "github.com/nmcclain/ldap"; + fetch = { + type = "git"; + url = "https://github.com/go-ldap/ldap"; + rev = "83e65426fd1c06626e88aa8a085e5bfed0208e29"; + sha256 = "179lwaf0hvczl8g4xzkpcpzq25p1b23f7399bx5zl55iin62d8yz"; + }; + } + { + goPackagePath = "github.com/aws/aws-sdk-go"; + fetch = { + type = "git"; + url = "https://github.com/aws/aws-sdk-go"; + rev = "3f8f870ec9939e32b3372abf74d24e468bcd285d"; + sha256 = "0a4hycs3d87s50z4prf5h6918r0fa2rvrrwlbffs430ilc4y8ghv"; + }; + } +] diff --git a/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix b/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix new file mode 100644 index 000000000000..cec31cec3771 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchurl, lib, openssl }: + +stdenv.mkDerivation rec { + pname = "ibm-sw-tpm2"; + version = "1332"; + + src = fetchurl { + url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz"; + sha256 = "1zdhi8acd4jfp1v7ibd86hcv0g39yk8qrnhxjmmgzn8i7npr70cf"; + }; + + buildInputs = [ openssl ]; + + sourceRoot = "src"; + + prePatch = '' + # Fix hardcoded path to GCC. + substituteInPlace makefile --replace /usr/bin/gcc "${stdenv.cc}/bin/cc" + + # Remove problematic default CFLAGS. + substituteInPlace makefile \ + --replace -Werror "" \ + --replace -O0 "" \ + --replace -ggdb "" + ''; + + installPhase = '' + mkdir -p $out/bin + cp tpm_server $out/bin + ''; + + meta = with lib; { + description = "IBM's Software TPM 2.0, an implementation of the TCG TPM 2.0 specification"; + homepage = https://sourceforge.net/projects/ibmswtpm2/; + platforms = platforms.linux; + maintainers = with maintainers; [ delroth ]; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ifdnfc/default.nix b/nixpkgs/pkgs/tools/security/ifdnfc/default.nix new file mode 100644 index 000000000000..5731f3ef8bb6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ifdnfc/default.nix @@ -0,0 +1,45 @@ +{ stdenv, fetchFromGitHub , pkgconfig +, pcsclite +, autoreconfHook +, libnfc +}: + +stdenv.mkDerivation rec { + name = "ifdnfc-${version}"; + version = "2016-03-01"; + + src = fetchFromGitHub { + owner = "nfc-tools"; + repo = "ifdnfc"; + rev = "0e48e8e"; + sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg"; + }; + nativeBuildInputs = [ pkgconfig autoreconfHook ]; + buildInputs = [ pcsclite libnfc ]; + + configureFlags = [ "--prefix=$(out)" ]; + makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ]; + + meta = with stdenv.lib; { + description = "PC/SC IFD Handler based on libnfc"; + longDescription = + '' libnfc Interface Plugin to be used in <code>services.pcscd.plugins</code>. + It provides support for all readers which are not supported by ccid but by libnfc. + + For activating your reader you need to run + <code>ifdnfc-activate yes<code> with this package in your + <code>environment.systemPackages</code> + + To use your reader you may need to blacklist your reader kernel modules: + <code>boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ];</code> + + Supports the pn533 smart-card reader chip which is for example used in + the SCM SCL3711. + ''; + homepage = https://github.com/nfc-tools/ifdnfc; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ makefu ]; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/jd-gui/default.nix b/nixpkgs/pkgs/tools/security/jd-gui/default.nix new file mode 100644 index 000000000000..2eda19088376 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/jd-gui/default.nix @@ -0,0 +1,102 @@ +{ stdenv, fetchurl, gradle_2_5, perl, makeWrapper, jre, makeDesktopItem, writeText, runtimeShell }: + +let + version = "1.4.0"; + name = "jd-gui-${version}"; + + src = fetchurl { + url = "https://github.com/java-decompiler/jd-gui/archive/v${version}.tar.gz"; + sha256 = "0anz7szlr5kgmsmkyv34jdynsnk8v6kvibcyz98jsd96fh725lax"; + }; + + deps = stdenv.mkDerivation { + name = "${name}-deps"; + inherit src; + nativeBuildInputs = [ gradle_2_5 perl ]; + + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d); + gradle --no-daemon build + ''; + + # Mavenize dependency paths + # e.g. org.codehaus.groovy/groovy/2.4.0/{hash}/groovy-2.4.0.jar -> org/codehaus/groovy/groovy/2.4.0/groovy-2.4.0.jar + installPhase = '' + find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \ + | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \ + | sh + ''; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "1apmqiphnav79m4rdii58h7f4qslpfig4qybyyl2fr7zk92gv3l9"; + }; + + # Point to our local deps repo + gradleInit = writeText "init.gradle" '' + logger.lifecycle 'Replacing Maven repositories with ${deps}...' + + gradle.projectsLoaded { + rootProject.allprojects { + buildscript { + repositories { + clear() + maven { url '${deps}' } + } + } + repositories { + clear() + maven { url '${deps}' } + } + } + } + ''; + + desktopItem = launcher: makeDesktopItem { + name = "jd-gui"; + exec = "${launcher} %F"; + icon = "jd-gui"; + comment = "Java Decompiler JD-GUI"; + desktopName = "JD-GUI"; + genericName = "Java Decompiler"; + mimeType = "application/x-java-archive;application/x-java"; + categories = "Development;Debugger;"; + }; + +in stdenv.mkDerivation rec { + inherit name version src; + + nativeBuildInputs = [ gradle_2_5 perl makeWrapper ]; + + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d) + gradle --offline --no-daemon --info --init-script ${gradleInit} jar + ''; + + installPhase = let + jar = "$out/share/jd-gui/${name}.jar"; + in '' + mkdir -p $out/bin $out/share/{jd-gui,icons/hicolor/128x128/apps} + cp build/libs/${name}.jar ${jar} + cp src/linux/resources/jd_icon_128.png $out/share/icons/hicolor/128x128/apps/jd-gui.png + + cat > $out/bin/jd-gui <<EOF + #!${runtimeShell} + export JAVA_HOME=${jre} + ${jre}/bin/java -jar ${jar} $@ + EOF + chmod +x $out/bin/jd-gui + + ${(desktopItem "$out/bin/jd-gui").buildCommand} + ''; + + dontStrip = true; + + meta = with stdenv.lib; { + description = "Fast Java Decompiler with powerful GUI"; + homepage = "http://jd.benow.ca/"; + license = licenses.gpl3; + platforms = platforms.unix; + maintainers = [ maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/john/default.nix b/nixpkgs/pkgs/tools/security/john/default.nix new file mode 100644 index 000000000000..d4db02cc9ed1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/john/default.nix @@ -0,0 +1,72 @@ +{ stdenv, fetchurl, openssl, nss, nspr, kerberos, gmp, zlib, libpcap, re2 +, gcc, pythonPackages, perl, perlPackages, makeWrapper +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + name = "john-${version}"; + version = "1.9.0-jumbo-1"; + + src = fetchurl { + url = "http://www.openwall.com/john/k/${name}.tar.xz"; + sha256 = "0fvz3v41hnaiv1ggpxanfykyfjq79cwp9qcqqn63vic357w27lgm"; + }; + + postPatch = '' + sed -ri -e ' + s!^(#define\s+CFG_[A-Z]+_NAME\s+).*/!\1"'"$out"'/etc/john/! + /^#define\s+JOHN_SYSTEMWIDE/s!/usr!'"$out"'! + ' src/params.h + sed -ri -e '/^\.include/ { + s!\$JOHN!'"$out"'/etc/john! + s!^(\.include\s*)<([^./]+\.conf)>!\1"'"$out"'/etc/john/\2"! + }' run/*.conf + ''; + + preConfigure = '' + cd src + # Makefile.in depends on AS and LD being set to CC, which is set by default in configure.ac. + # This ensures we override the environment variables set in cc-wrapper/setup-hook.sh + export AS=$CC + export LD=$CC + ''; + configureFlags = [ "--disable-native-macro" ]; + + buildInputs = [ openssl nss nspr kerberos gmp zlib libpcap re2 gcc pythonPackages.wrapPython perl makeWrapper ]; + propagatedBuildInputs = (with pythonPackages; [ dpkt scapy lxml ]) ++ # For pcap2john.py + (with perlPackages; [ DigestMD4 DigestSHA1 GetoptLong # For pass_gen.pl + perlldap ]); # For sha-dump.pl + # TODO: Get dependencies for radius2john.pl and lion2john-alt.pl + + # gcc -DAC_BUILT -Wall vncpcap2john.o memdbg.o -g -lpcap -fopenmp -o ../run/vncpcap2john + # gcc: error: memdbg.o: No such file or directory + enableParallelBuilding = false; + + NIX_CFLAGS_COMPILE = [ "-DJOHN_SYSTEMWIDE=1" ]; + + postInstall = '' + mkdir -p "$out/bin" "$out/etc/john" "$out/share/john" "$out/share/doc/john" + find -L ../run -mindepth 1 -maxdepth 1 -type f -executable \ + -exec cp -d {} "$out/bin" \; + cp -vt "$out/etc/john" ../run/*.conf + cp -vt "$out/share/john" ../run/*.chr ../run/password.lst + cp -vrt "$out/share/doc/john" ../doc/* + ''; + + postFixup = '' + wrapPythonPrograms + + for i in $out/bin/*.pl; do + wrapProgram "$i" --prefix PERL5LIB : $PERL5LIB + done + ''; + + meta = { + description = "John the Ripper password cracker"; + license = licenses.gpl2; + homepage = https://github.com/magnumripper/JohnTheRipper/; + maintainers = with maintainers; [ offline ]; + platforms = [ "x86_64-linux" "x86_64-darwin"]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/keybase/default.nix b/nixpkgs/pkgs/tools/security/keybase/default.nix new file mode 100644 index 000000000000..8b832bf00d65 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/keybase/default.nix @@ -0,0 +1,35 @@ +{ stdenv, lib, buildGoPackage, fetchFromGitHub, cf-private +, AVFoundation, AudioToolbox, ImageIO, CoreMedia +, Foundation, CoreGraphics, MediaToolbox +}: + +buildGoPackage rec { + name = "keybase-${version}"; + version = "4.1.0"; + + goPackagePath = "github.com/keybase/client"; + subPackages = [ "go/keybase" ]; + + dontRenameImports = true; + + src = fetchFromGitHub { + owner = "keybase"; + repo = "client"; + rev = "v${version}"; + sha256 = "00mxyy4jhdbcvbwabf4yvq4h5mpnlfp2z93gy2266kz6gkd5myzk"; + }; + + buildInputs = lib.optionals stdenv.isDarwin [ + AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox + # Needed for OBJC_CLASS_$_NSData symbols. + cf-private + ]; + buildFlags = [ "-tags production" ]; + + meta = with stdenv.lib; { + homepage = https://www.keybase.io/; + description = "The Keybase official command-line utility and service."; + platforms = platforms.linux ++ platforms.darwin; + maintainers = with maintainers; [ carlsverre np rvolosatovs ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/keybase/gui.nix b/nixpkgs/pkgs/tools/security/keybase/gui.nix new file mode 100644 index 000000000000..f84f0039347e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/keybase/gui.nix @@ -0,0 +1,112 @@ +{ stdenv, fetchurl, alsaLib, atk, cairo, cups, udev +, dbus, expat, fontconfig, freetype, gdk_pixbuf, glib, gtk3 +, libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook +, runtimeShell, gsettings-desktop-schemas }: + +let + versionSuffix = "20190612201656.952fee6c59"; +in + +stdenv.mkDerivation rec { + name = "keybase-gui-${version}"; + version = "4.1.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + + src = fetchurl { + url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; + sha256 = "0jwxw75yz7sbvfqw2aksa3p7jlcv817743fl59qk6rq1x9ag6qpx"; + }; + + nativeBuildInputs = [ + autoPatchelfHook + wrapGAppsHook + ]; + + buildInputs = [ + alsaLib + atk + cairo + cups + dbus + expat + fontconfig + freetype + gdk_pixbuf + glib + gsettings-desktop-schemas + gtk3 + libnotify + nspr + nss + pango + systemd + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libxcb + ]; + + runtimeDependencies = [ + udev.lib + ]; + + dontBuild = true; + dontConfigure = true; + dontPatchElf = true; + + unpackPhase = '' + ar xf $src + tar xf data.tar.xz + ''; + + installPhase = '' + mkdir -p $out/bin + mv usr/share $out/share + mv opt/keybase $out/share/ + + cat > $out/bin/keybase-gui <<EOF + #!${runtimeShell} + + checkFailed() { + if [ "\$NIX_SKIP_KEYBASE_CHECKS" = "1" ]; then + return + fi + echo "Set NIX_SKIP_KEYBASE_CHECKS=1 if you want to skip this check." >&2 + exit 1 + } + + if [ ! -S "\$XDG_RUNTIME_DIR/keybase/keybased.sock" ]; then + echo "Keybase service doesn't seem to be running." >&2 + echo "You might need to run: keybase service" >&2 + checkFailed + fi + + if [ -z "\$(keybase status | grep kbfsfuse)" ]; then + echo "Could not find kbfsfuse client in keybase status." >&2 + echo "You might need to run: kbfsfuse" >&2 + checkFailed + fi + + exec $out/share/keybase/Keybase "\$@" + EOF + chmod +x $out/bin/keybase-gui + + substituteInPlace $out/share/applications/keybase.desktop \ + --replace run_keybase $out/bin/keybase-gui + ''; + + meta = with stdenv.lib; { + homepage = https://www.keybase.io/; + description = "The Keybase official GUI"; + platforms = platforms.linux; + maintainers = with maintainers; [ rvolosatovs puffnfresh np ]; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/keybase/kbfs.nix b/nixpkgs/pkgs/tools/security/keybase/kbfs.nix new file mode 100644 index 000000000000..302e996213dd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/keybase/kbfs.nix @@ -0,0 +1,22 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, keybase }: + +buildGoPackage rec { + pname = "kbfs"; + + inherit (keybase) src version; + + goPackagePath = "github.com/keybase/client"; + subPackages = [ "go/kbfs/kbfsfuse" "go/kbfs/kbfsgit/git-remote-keybase" ]; + + dontRenameImports = true; + + buildFlags = [ "-tags production" ]; + + meta = with stdenv.lib; { + homepage = "https://keybase.io/docs/kbfs"; + description = "The Keybase filesystem"; + platforms = platforms.unix; + maintainers = with maintainers; [ rvolosatovs bennofs np ]; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/knockknock/default.nix b/nixpkgs/pkgs/tools/security/knockknock/default.nix new file mode 100644 index 000000000000..ce7663b18cf9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/knockknock/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchFromGitHub, python2Packages, hping }: + +python2Packages.buildPythonApplication rec { + rev = "bf14bbff"; + name = "knockknock-r${rev}"; + + src = fetchFromGitHub { + inherit rev; + owner = "moxie0"; + repo = "knockknock"; + sha256 = "1chpfs3w2vkjrgay69pbdr116z1jldv53fi768a1i05fdqhy1px4"; + }; + + propagatedBuildInputs = [ python2Packages.pycrypto ]; + + # No tests + doCheck = false; + + patchPhase = '' + sed -i '/build\//d' setup.py + substituteInPlace setup.py --replace "/etc" "$out/etc" + substituteInPlace knockknock.py --replace 'existsInPath("hping3")' '"${hping}/bin/hping3"' + ''; + + meta = with stdenv.lib; { + description = "Simple, secure port knocking daemon and client written in Python"; + homepage = "http://www.thoughtcrime.org/software/knockknock/"; + license = licenses.gpl3; + maintainers = with maintainers; [ copumpkin ]; + platforms = platforms.linux; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/kpcli/default.nix b/nixpkgs/pkgs/tools/security/kpcli/default.nix new file mode 100644 index 000000000000..350d0e66dc7d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kpcli/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchurl, makeWrapper, perl, perlPackages }: + +stdenv.mkDerivation rec { + version = "3.2"; + name = "kpcli-${version}"; + + src = fetchurl { + url = "mirror://sourceforge/kpcli/${name}.pl"; + sha256 = "11z6zbnsmqgjw73ai4nrq4idr83flrib22d8fqh1637d36p1nnk1"; + }; + + buildInputs = [ makeWrapper perl ]; + + phases = [ "installPhase" "fixupPhase" ]; + + installPhase = '' + mkdir -p $out/{bin,share} + cp ${src} $out/share/kpcli.pl + chmod +x $out/share/kpcli.pl + + makeWrapper $out/share/kpcli.pl $out/bin/kpcli --set PERL5LIB \ + "${with perlPackages; makePerlPath ([ + CaptureTiny Clipboard Clone CryptRijndael SortNaturally TermReadKey TermShellUI FileKeePass TermReadLineGnu XMLParser + ] ++ stdenv.lib.optional stdenv.isDarwin MacPasteboard)}" + ''; + + + meta = with stdenv.lib; { + description = "KeePass Command Line Interface"; + longDescription = '' + KeePass Command Line Interface (CLI) / interactive shell. + Use this program to access and manage your KeePass 1.x or 2.x databases from a Unix-like command line. + ''; + license = licenses.artistic1; + homepage = http://kpcli.sourceforge.net; + platforms = platforms.all; + maintainers = [ maintainers.j-keck ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/krunner-pass/default.nix b/nixpkgs/pkgs/tools/security/krunner-pass/default.nix new file mode 100644 index 000000000000..57174148160d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/krunner-pass/default.nix @@ -0,0 +1,43 @@ +{ mkDerivation, lib, fetchFromGitHub, fetchpatch, cmake, extra-cmake-modules +, kauth, krunner +, pass, pass-otp ? null }: + +mkDerivation rec { + pname = "krunner-pass"; + version = "1.3.0"; + + src = fetchFromGitHub { + owner = "akermu"; + repo = "krunner-pass"; + rev = "v${version}"; + sha256 = "032fs2174ls545kjixbhzyd65wgxkw4s5vg8b20irc5c9ak3pxm0"; + }; + + buildInputs = [ + kauth krunner + pass pass-otp + ]; + + nativeBuildInputs = [ cmake extra-cmake-modules ]; + + patches = [ + (fetchpatch { + url = https://github.com/peterhoeg/krunner-pass/commit/be2695f4ae74b0cccec8294defcc92758583d96b.patch; + sha256 = "098dqnal57994p51p2srfzg4lgcd6ybp29h037llr9cdv02hdxvl"; + name = "fix_build.patch"; + }) + ./pass-path.patch + ]; + + CXXFLAGS = [ + ''-DNIXPKGS_PASS=\"${lib.getBin pass}/bin/pass\"'' + ]; + + meta = with lib; { + description = "Integrates krunner with pass the unix standard password manager (https://www.passwordstore.org/)"; + homepage = https://github.com/akermu/krunner-pass; + license = licenses.gpl3; + maintainers = with maintainers; [ ysndr ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/krunner-pass/pass-path.patch b/nixpkgs/pkgs/tools/security/krunner-pass/pass-path.patch new file mode 100644 index 000000000000..4ceb3c5d92da --- /dev/null +++ b/nixpkgs/pkgs/tools/security/krunner-pass/pass-path.patch @@ -0,0 +1,13 @@ +diff --git a/pass.cpp b/pass.cpp +index c02f9d0..85c5b99 100644 +--- a/pass.cpp ++++ b/pass.cpp +@@ -193,7 +193,7 @@ void Pass::run(const Plasma::RunnerContext &context, const Plasma::QueryMatch &m + } else { + args << "show" << match.text(); + } +- pass->start("pass", args); ++ pass->start(NIXPKGS_PASS, args); + + connect(pass, static_cast<void(QProcess::*)(int, QProcess::ExitStatus)>(&QProcess::finished), + [=](int exitCode, QProcess::ExitStatus exitStatus) { diff --git a/nixpkgs/pkgs/tools/security/kwalletcli/default.nix b/nixpkgs/pkgs/tools/security/kwalletcli/default.nix new file mode 100644 index 000000000000..fedf3421fb1c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kwalletcli/default.nix @@ -0,0 +1,49 @@ +{ mkDerivation, fetchFromGitHub, lib, makeWrapper, pkgconfig +, kcoreaddons, ki18n, kwallet, mksh, pinentry_qt5 }: + +mkDerivation rec { + pname = "kwalletcli"; + version = "3.02"; + + src = fetchFromGitHub { + owner = "MirBSD"; + repo = pname; + rev = "${pname}-${lib.replaceStrings [ "." ] [ "_" ] version}"; + sha256 = "1gq45afb5nmmjfqxglv7wvcxcjd9822pc7nysq0350jmmmqwb474"; + }; + + postPatch = '' + substituteInPlace GNUmakefile \ + --replace -I/usr/include/KF5/KCoreAddons -I${kcoreaddons.dev}/include/KF5/KCoreAddons \ + --replace -I/usr/include/KF5/KI18n -I${ki18n.dev}/include/KF5/KI18n \ + --replace -I/usr/include/KF5/KWallet -I${kwallet.dev}/include/KF5/KWallet \ + --replace /usr/bin $out/bin \ + --replace /usr/share/man $out/share/man + + substituteInPlace pinentry-kwallet \ + --replace '/usr/bin/env mksh' ${mksh}/bin/mksh + ''; + + makeFlags = [ "KDE_VER=5" ]; + + nativeBuildInputs = [ makeWrapper pkgconfig ]; + # if using just kwallet, cmake will be added as a buildInput and fail the build + propagatedBuildInputs = [ kcoreaddons ki18n (lib.getLib kwallet) ]; + + preInstall = '' + mkdir -p $out/bin $out/share/man/man1 + ''; + + postInstall = '' + wrapProgram $out/bin/pinentry-kwallet \ + --prefix PATH : $out/bin:${lib.makeBinPath [ pinentry_qt5 ]} \ + --set-default PINENTRY pinentry-qt + ''; + + meta = with lib; { + description = "Command-Line Interface to the KDE Wallet"; + homepage = https://www.mirbsd.org/kwalletcli.htm; + license = licenses.miros; + maintainers = with maintainers; [ peterhoeg ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix b/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix new file mode 100644 index 000000000000..37da20225205 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix @@ -0,0 +1,37 @@ +{ stdenv, lib, fetchFromGitHub, asciidoc, cmake, docbook_xsl, pkgconfig +, bash-completion, openssl, curl, libxml2, libxslt }: + +stdenv.mkDerivation rec { + pname = "lastpass-cli"; + version = "1.3.3"; + + src = fetchFromGitHub { + owner = "lastpass"; + repo = pname; + rev = "v${version}"; + sha256 = "168jg8kjbylfgalhicn0llbykd7kdc9id2989gg0nxlgmnvzl58a"; + }; + + nativeBuildInputs = [ asciidoc cmake docbook_xsl pkgconfig ]; + + buildInputs = [ + bash-completion curl openssl libxml2 libxslt + ]; + + enableParallelBuilding = true; + + installTargets = [ "install" "install-doc" ]; + + postInstall = '' + install -Dm644 -T ../contrib/lpass_zsh_completion $out/share/zsh/site-functions/_lpass + install -Dm644 -T ../contrib/completions-lpass.fish $out/share/fish/vendor_completions.d/lpass.fish + ''; + + meta = with lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = "https://github.com/lastpass/lastpass-cli"; + license = licenses.gpl2Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ cstrahan ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/libacr38u/default.nix b/nixpkgs/pkgs/tools/security/libacr38u/default.nix new file mode 100644 index 000000000000..d858ed3fd6d3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/libacr38u/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, pkgconfig, pcsclite , libusb }: + +stdenv.mkDerivation rec { + version = "1.7.11"; + name = "libacr38u-${version}"; + + src = fetchurl { + url = "http://http.debian.net/debian/pool/main/a/acr38/acr38_1.7.11.orig.tar.bz2"; + sha256 = "0lxbq17y51cablx6bcd89klwnyigvkz0rsf9nps1a97ggnllyzkx"; + }; + + doCheck = true; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ pcsclite libusb ]; + + preBuild = '' + makeFlagsArray=(usbdropdir="$out/pcsc/drivers"); + ''; + + meta = with stdenv.lib; { + description = "ACR38U smartcard reader driver for pcsclite"; + longDescription = '' + A PC/SC IFD handler implementation for the ACS ACR38U + smartcard readers. This driver is for the non-CCID version only. + + This package is needed to communicate with the ACR38U smartcard readers through + the PC/SC Lite resource manager (pcscd). + + It can be enabled in /etc/nixos/configuration.nix by adding: + services.pcscd.enable = true; + services.pcscd.plugins = [ libacr38u ]; + + The package is based on the debian package libacr38u. + ''; + homepage = https://www.acs.com.hk; + license = licenses.lgpl2Plus; + maintainers = with maintainers; [ berce ]; + platforms = with platforms; unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix b/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix new file mode 100644 index 000000000000..b3dc1270fb9c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig +, doxygen, perl, valgrind +, curl, geoip, libxml2, lmdb, lua, pcre, yajl }: + +stdenv.mkDerivation rec { + name = "libmodsecurity-${version}"; + version = "3.0.3"; + + src = fetchFromGitHub { + owner = "SpiderLabs"; + repo = "ModSecurity"; + fetchSubmodules = true; + rev = "v${version}"; + sha256 = "00g2407g2679zv73q67zd50z0f1g1ij734ssv2pp77z4chn5dzib"; + }; + + nativeBuildInputs = [ autoreconfHook pkgconfig doxygen ]; + + buildInputs = [ perl valgrind curl geoip libxml2 lmdb lua pcre yajl ]; + + configureFlags = [ + "--enable-static" + "--with-curl=${curl.dev}" + "--with-libxml=${libxml2.dev}" + "--with-pcre=${pcre.dev}" + "--with-yajl=${yajl}" + ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = '' + ModSecurity v3 library component. + ''; + longDescription = '' + Libmodsecurity is one component of the ModSecurity v3 project. The + library codebase serves as an interface to ModSecurity Connectors taking + in web traffic and applying traditional ModSecurity processing. In + general, it provides the capability to load/interpret rules written in + the ModSecurity SecRules format and apply them to HTTP content provided + by your application via Connectors. + ''; + homepage = https://modsecurity.org/; + license = licenses.asl20; + platforms = platforms.all; + maintainers = with maintainers; [ izorkin ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/logkeys/default.nix b/nixpkgs/pkgs/tools/security/logkeys/default.nix new file mode 100644 index 000000000000..8a73d056b1ed --- /dev/null +++ b/nixpkgs/pkgs/tools/security/logkeys/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, which, procps, kbd }: + +stdenv.mkDerivation rec { + name = "logkeys-${version}"; + version = "2018-01-22"; + + src = fetchFromGitHub { + owner = "kernc"; + repo = "logkeys"; + rev = "7a9f19fb6b152d9f00a0b3fe29ab266ff1f88129"; + sha256 = "1k6kj0913imwh53lh6hrhqmrpygqg2h462raafjsn7gbd3vkgx8n"; + }; + + buildInputs = [ autoconf automake which procps kbd ]; + + postPatch = '' + substituteInPlace src/Makefile.am --replace 'root' '$(id -u)' + substituteInPlace configure.ac --replace '/dev/input' '/tmp' + sed -i '/chmod u+s/d' src/Makefile.am + ''; + + preConfigure = "./autogen.sh"; + + meta = with stdenv.lib; { + description = "A GNU/Linux keylogger that works!"; + license = licenses.gpl3; + homepage = https://github.com/kernc/logkeys; + maintainers = with maintainers; [mikoim offline]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/lynis/default.nix b/nixpkgs/pkgs/tools/security/lynis/default.nix new file mode 100644 index 000000000000..7579636cfbf5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/lynis/default.nix @@ -0,0 +1,35 @@ +{ stdenv, makeWrapper, fetchFromGitHub, gawk }: + +stdenv.mkDerivation rec { + pname = "lynis"; + version = "2.7.5"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "CISOfy"; + repo = "${pname}"; + rev = "${version}"; + sha256 = "1lkkbvxm0rgrrlx0szaxmf8ghc3d26wal96sgqk84m37mvs1f7p0"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + postPatch = '' + grep -rl '/usr/local/lynis' ./ | xargs sed -i "s@/usr/local/lynis@$out/share/lynis@g" + ''; + + installPhase = '' + install -d $out/bin $out/share/lynis/plugins + cp -r include db default.prf $out/share/lynis/ + cp -a lynis $out/bin + wrapProgram "$out/bin/lynis" --prefix PATH : ${stdenv.lib.makeBinPath [ gawk ]} + ''; + + meta = with stdenv.lib; { + description = "Security auditing tool for Linux, macOS, and UNIX-based systems"; + homepage = "https://cisofy.com/lynis/"; + license = licenses.gpl3; + platforms = platforms.unix; + maintainers = [ maintainers.ryneeverett ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/masscan/default.nix b/nixpkgs/pkgs/tools/security/masscan/default.nix new file mode 100644 index 000000000000..e33681c45e0e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/masscan/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchFromGitHub, makeWrapper, libpcap }: + +stdenv.mkDerivation rec { + name = "masscan-${version}"; + version = "1.0.5"; + + src = fetchFromGitHub { + owner = "robertdavidgraham"; + repo = "masscan"; + rev = "${version}"; + sha256 = "0q0c7bsf0pbl8napry1qyg0gl4pd8wn872h4mz9b56dx4rx90vqg"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + makeFlags = [ "PREFIX=$(out)" "GITVER=${version}" "CC=cc" ]; + + preInstall = '' + mkdir -p $out/bin + ''; + + postInstall = '' + mkdir -p $out/share/man/man8 + mkdir -p $out/share/{doc,licenses}/masscan + mkdir -p $out/etc/masscan + + cp data/exclude.conf $out/etc/masscan + cp -t $out/share/doc/masscan doc/algorithm.js doc/howto-afl.md doc/bot.html + cp doc/masscan.8 $out/share/man/man8/masscan.8 + cp LICENSE $out/share/licenses/masscan/LICENSE + + wrapProgram $out/bin/masscan --prefix LD_LIBRARY_PATH : "${libpcap}/lib" + ''; + + meta = with stdenv.lib; { + description = "Fast scan of the Internet"; + homepage = https://github.com/robertdavidgraham/masscan; + license = licenses.agpl3; + platforms = platforms.unix; + maintainers = with maintainers; [ rnhmjoj ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mbox/default.nix b/nixpkgs/pkgs/tools/security/mbox/default.nix new file mode 100644 index 000000000000..24a7ea51a82c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mbox/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchFromGitHub, openssl, which }: + +stdenv.mkDerivation { + name = "mbox-20140526"; + + src = fetchFromGitHub { + owner = "tsgates"; + repo = "mbox"; + rev = "a131424b6cb577e1c916bd0e8ffb2084a5f73048"; + sha256 = "06qggqxnzcxnc34m6sbafxwr2p64x65m9zm5wp7pwyarcckhh2hd"; + }; + + buildInputs = [ openssl which ]; + + preConfigure = '' + cd src + cp {.,}configsbox.h + ''; + + doCheck = true; + checkPhase = '' + rm tests/test-*vim.sh tests/test-pip.sh + + patchShebangs ./; dontPatchShebags=1 + sed -i 's|^/bin/||' tests/test-fileops.sh + + ./testall.sh + ''; + + meta = with stdenv.lib; + { description = "Lightweight sandboxing mechanism that any user can use without special privileges"; + homepage = http://pdos.csail.mit.edu/mbox/; + maintainers = with maintainers; [ ehmry ]; + license = licenses.bsd3; + platforms = [ "x86_64-linux" ]; + }; + +} diff --git a/nixpkgs/pkgs/tools/security/meo/default.nix b/nixpkgs/pkgs/tools/security/meo/default.nix new file mode 100644 index 000000000000..308b94231e76 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/meo/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchhg, openssl, pcre-cpp, qt4, boost, pkcs11helper }: + +stdenv.mkDerivation { + name = "meo-20121113"; + + src = fetchhg { + url = http://oss.stamfest.net/hg/meo; + rev = "b48e5f16cff8"; + sha256 = "0ifg7y28s89i9gwda6fyj1jbrykbcvq8bf1m6rxmdcv5afi3arbq"; + }; + + buildFlags = "QMAKE=qmake"; + + buildInputs = [ openssl pcre-cpp qt4 boost pkcs11helper ]; + + preConfigure = '' + sed -i s,-mt$,, meo-gui/meo-gui.pro + ''; + + installPhase = '' + mkdir -p $out/bin + cp tools/{meo,p11} $out/bin + cp meo-gui/meo-gui $out/bin + cp meo-gui/meo-gui $out/bin + ''; + + meta = { + homepage = http://oss.stamfest.net/wordpress/meo-multiple-eyepairs-only; + description = "Tools to use cryptography for things like four-eyes principles"; + license = stdenv.lib.licenses.agpl3Plus; + maintainers = with stdenv.lib.maintainers; [viric]; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile b/nixpkgs/pkgs/tools/security/metasploit/Gemfile new file mode 100644 index 000000000000..99d7556db2db --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile @@ -0,0 +1,4 @@ +# frozen_string_literal: true +source "https://rubygems.org" + +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/4.16.1" diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock new file mode 100644 index 000000000000..a84e3d08f438 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock @@ -0,0 +1,295 @@ +GIT + remote: https://github.com/rapid7/metasploit-framework + revision: dbec1c2d2ae4bd77276cbfb3c6ee2902048b9453 + ref: refs/tags/4.16.1 + specs: + metasploit-framework (4.16.1) + actionpack (~> 4.2.6) + activerecord (~> 4.2.6) + activesupport (~> 4.2.6) + backports + bcrypt + bcrypt_pbkdf + bit-struct + dnsruby + filesize + jsobfu + json + metasm + metasploit-concern + metasploit-credential + metasploit-model + metasploit-payloads (= 1.3.1) + metasploit_data_models + metasploit_payloads-mettle (= 0.2.0) + msgpack + nessus_rest + net-ssh + network_interface + nexpose + nokogiri + octokit + openssl-ccm + openvas-omp + packetfu + patch_finder + pcaprub + pdf-reader + pg (= 0.20.0) + railties + rb-readline + rbnacl (< 5.0.0) + rbnacl-libsodium + recog + redcarpet + rex-arch + rex-bin_tools + rex-core + rex-encoder + rex-exploitation + rex-java + rex-mime + rex-nop + rex-ole + rex-powershell (< 0.1.73) + rex-random_identifier + rex-registry + rex-rop_builder + rex-socket + rex-sslscan + rex-struct2 + rex-text + rex-zip + robots + ruby_smb + rubyntlm + rubyzip + sqlite3 + sshkey + tzinfo + tzinfo-data + windows_error + xdr + xmlrpc + +GEM + remote: https://rubygems.org/ + specs: + Ascii85 (1.0.2) + actionpack (4.2.9) + actionview (= 4.2.9) + activesupport (= 4.2.9) + rack (~> 1.6) + rack-test (~> 0.6.2) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (4.2.9) + activesupport (= 4.2.9) + builder (~> 3.1) + erubis (~> 2.7.0) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activemodel (4.2.9) + activesupport (= 4.2.9) + builder (~> 3.1) + activerecord (4.2.9) + activemodel (= 4.2.9) + activesupport (= 4.2.9) + arel (~> 6.0) + activesupport (4.2.9) + i18n (~> 0.7) + minitest (~> 5.1) + thread_safe (~> 0.3, >= 0.3.4) + tzinfo (~> 1.1) + addressable (2.5.1) + public_suffix (~> 2.0, >= 2.0.2) + afm (0.2.2) + arel (6.0.4) + arel-helpers (2.4.0) + activerecord (>= 3.1.0, < 6) + backports (3.8.0) + bcrypt (3.1.11) + bcrypt_pbkdf (1.0.0) + bindata (2.4.0) + bit-struct (0.16) + builder (3.2.3) + dnsruby (1.60.2) + erubis (2.7.0) + faraday (0.13.1) + multipart-post (>= 1.2, < 3) + ffi (1.9.18) + filesize (0.1.1) + hashery (2.1.2) + i18n (0.8.6) + jsobfu (0.4.2) + rkelly-remix + json (2.1.0) + loofah (2.0.3) + nokogiri (>= 1.5.9) + metasm (1.0.3) + metasploit-concern (2.0.5) + activemodel (~> 4.2.6) + activesupport (~> 4.2.6) + railties (~> 4.2.6) + metasploit-credential (2.0.12) + metasploit-concern + metasploit-model + metasploit_data_models + pg + railties + rex-socket + rubyntlm + rubyzip + metasploit-model (2.0.4) + activemodel (~> 4.2.6) + activesupport (~> 4.2.6) + railties (~> 4.2.6) + metasploit-payloads (1.3.1) + metasploit_data_models (2.0.15) + activerecord (~> 4.2.6) + activesupport (~> 4.2.6) + arel-helpers + metasploit-concern + metasploit-model + pg + postgres_ext + railties (~> 4.2.6) + recog (~> 2.0) + metasploit_payloads-mettle (0.2.0) + mini_portile2 (2.2.0) + minitest (5.10.3) + msgpack (1.1.0) + multipart-post (2.0.0) + nessus_rest (0.1.6) + net-ssh (4.1.0) + network_interface (0.0.1) + nexpose (6.1.1) + nokogiri (1.8.0) + mini_portile2 (~> 2.2.0) + octokit (4.7.0) + sawyer (~> 0.8.0, >= 0.5.3) + openssl-ccm (1.2.1) + openvas-omp (0.0.4) + packetfu (1.1.13) + pcaprub + patch_finder (1.0.2) + pcaprub (0.12.4) + pdf-reader (2.0.0) + Ascii85 (~> 1.0.0) + afm (~> 0.2.1) + hashery (~> 2.0) + ruby-rc4 + ttfunk + pg (0.20.0) + pg_array_parser (0.0.9) + postgres_ext (3.0.0) + activerecord (>= 4.0.0) + arel (>= 4.0.1) + pg_array_parser (~> 0.0.9) + public_suffix (2.0.5) + rack (1.6.11) + rack-test (0.6.3) + rack (>= 1.0) + rails-deprecated_sanitizer (1.0.3) + activesupport (>= 4.2.0.alpha) + rails-dom-testing (1.0.8) + activesupport (>= 4.2.0.beta, < 5.0) + nokogiri (~> 1.6) + rails-deprecated_sanitizer (>= 1.0.1) + rails-html-sanitizer (1.0.3) + loofah (~> 2.0) + railties (4.2.9) + actionpack (= 4.2.9) + activesupport (= 4.2.9) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (12.0.0) + rb-readline (0.5.5) + rbnacl (4.0.2) + ffi + rbnacl-libsodium (1.0.13) + rbnacl (>= 3.0.1) + recog (2.1.12) + nokogiri + redcarpet (3.4.0) + rex-arch (0.1.11) + rex-text + rex-bin_tools (0.1.4) + metasm + rex-arch + rex-core + rex-struct2 + rex-text + rex-core (0.1.12) + rex-encoder (0.1.4) + metasm + rex-arch + rex-text + rex-exploitation (0.1.14) + jsobfu + metasm + rex-arch + rex-encoder + rex-text + rex-java (0.1.5) + rex-mime (0.1.5) + rex-text + rex-nop (0.1.1) + rex-arch + rex-ole (0.1.6) + rex-text + rex-powershell (0.1.72) + rex-random_identifier + rex-text + rex-random_identifier (0.1.2) + rex-text + rex-registry (0.1.3) + rex-rop_builder (0.1.3) + metasm + rex-core + rex-text + rex-socket (0.1.8) + rex-core + rex-sslscan (0.1.5) + rex-core + rex-socket + rex-text + rex-struct2 (0.1.2) + rex-text (0.2.15) + rex-zip (0.1.3) + rex-text + rkelly-remix (0.0.7) + robots (0.10.1) + ruby-rc4 (0.1.5) + ruby_smb (0.0.18) + bindata + rubyntlm + windows_error + rubyntlm (0.6.2) + rubyzip (1.2.1) + sawyer (0.8.1) + addressable (>= 2.3.5, < 2.6) + faraday (~> 0.8, < 1.0) + sqlite3 (1.3.13) + sshkey (1.9.0) + thor (0.20.0) + thread_safe (0.3.6) + ttfunk (1.5.1) + tzinfo (1.2.3) + thread_safe (~> 0.1) + tzinfo-data (1.2017.2) + tzinfo (>= 1.0.0) + windows_error (0.1.2) + xdr (2.0.0) + activemodel (>= 4.2.7) + activesupport (>= 4.2.7) + xmlrpc (0.3.0) + +PLATFORMS + ruby + +DEPENDENCIES + metasploit-framework! + +BUNDLED WITH + 1.16.4 diff --git a/nixpkgs/pkgs/tools/security/metasploit/default.nix b/nixpkgs/pkgs/tools/security/metasploit/default.nix new file mode 100644 index 000000000000..37796fef1747 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/default.nix @@ -0,0 +1,55 @@ +{ stdenv, fetchFromGitHub, makeWrapper, ruby, bundlerEnv }: + +# Maintainer notes for updating: +# 1. increment version number in expression and in Gemfile +# 2. run $ nix-shell --command "bundler install && bundix" +# in metasploit in nixpkgs +# 3. run $ sed -i '/[ ]*dependencies =/d' gemset.nix +# 4. run $ nix-build -A metasploit ../../../../ +# 5. update sha256sum in expression +# 6. run step 3 again + +let + env = bundlerEnv { + inherit ruby; + name = "metasploit-bundler-env"; + gemdir = ./.; + }; +in stdenv.mkDerivation rec { + name = "metasploit-framework-${version}"; + version = "4.16.1"; + + src = fetchFromGitHub { + owner = "rapid7"; + repo = "metasploit-framework"; + rev = version; + sha256 = "1vilyy0dqzp8kbbpvs2zrv2ac7s39w2vv7mrbzgcjgh2bj7c6bg1"; + }; + + buildInputs = [ makeWrapper ]; + + dontPatchelf = true; # stay away from exploit executables + + installPhase = '' + mkdir -p $out/{bin,share/msf} + + cp -r * $out/share/msf + + ( + cd $out/share/msf/ + for i in msf*; do + makeWrapper ${env}/bin/bundle $out/bin/$i \ + --add-flags "exec ${ruby}/bin/ruby $out/share/msf/$i" + done + ) + + ''; + + meta = with stdenv.lib; { + description = "Metasploit Framework - a collection of exploits"; + homepage = https://github.com/rapid7/metasploit-framework/wiki; + platforms = platforms.unix; + license = licenses.bsd3; + maintainers = [ maintainers.makefu ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix new file mode 100644 index 000000000000..938817cb64f6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix @@ -0,0 +1,858 @@ +{ + actionpack = { + dependencies = ["actionview" "activesupport" "rack" "rack-test" "rails-dom-testing" "rails-html-sanitizer"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1kgrq74gp2czzxr0f2sqrc98llz03lgq498300z2z5n4khgznwc4"; + type = "gem"; + }; + version = "4.2.9"; + }; + actionview = { + dependencies = ["activesupport" "builder" "erubis" "rails-dom-testing" "rails-html-sanitizer"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "04kgp4gmahw31miz8xdq1pns14qmvvzd14fgfv7fg9klkw3bxyyp"; + type = "gem"; + }; + version = "4.2.9"; + }; + activemodel = { + dependencies = ["activesupport" "builder"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1qxmivny0ka5s3iyap08sn9bp2bd9wrhqp2njfw26hr9wsjk5kfv"; + type = "gem"; + }; + version = "4.2.9"; + }; + activerecord = { + dependencies = ["activemodel" "activesupport" "arel"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "18i790dfhi4ndypd1pj9pv08knpxr2sayvvwfq7axj5jfwgpmrqb"; + type = "gem"; + }; + version = "4.2.9"; + }; + activesupport = { + dependencies = ["i18n" "minitest" "thread_safe" "tzinfo"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1d0a362p3m2m2kljichar2pwq0qm4vblc3njy1rdzm09ckzd45sp"; + type = "gem"; + }; + version = "4.2.9"; + }; + addressable = { + dependencies = ["public_suffix"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1i8q32a4gr0zghxylpyy7jfqwxvwrivsxflg9mks6kx92frh75mh"; + type = "gem"; + }; + version = "2.5.1"; + }; + afm = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06kj9hgd0z8pj27bxp2diwqh6fv7qhwwm17z64rhdc4sfn76jgn8"; + type = "gem"; + }; + version = "0.2.2"; + }; + arel = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nfcrdiys6q6ylxiblky9jyssrw2xj96fmxmal7f4f0jj3417vj4"; + type = "gem"; + }; + version = "6.0.4"; + }; + arel-helpers = { + dependencies = ["activerecord"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1sx4qbzhld3a99175p2krz3hv1npc42rv3sd8x4awzkgplg3zy9c"; + type = "gem"; + }; + version = "2.4.0"; + }; + Ascii85 = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0j95sbxd18kc8rhcnvl1w37kflqpax1r12h1x47gh4xxn3mz4m7q"; + type = "gem"; + }; + version = "1.0.2"; + }; + backports = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "17pcz0z6jms5jydr1r95kf1bpk3ms618hgr26c62h34icy9i1dpm"; + type = "gem"; + }; + version = "3.8.0"; + }; + bcrypt = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1d254sdhdj6mzak3fb5x3jam8b94pvl1srladvs53j05a89j5z50"; + type = "gem"; + }; + version = "3.1.11"; + }; + bcrypt_pbkdf = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0cj4k13c7qvvck7y25i3xarvyqq8d27vl61jddifkc7llnnap1hv"; + type = "gem"; + }; + version = "1.0.0"; + }; + bindata = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "10sii2chgnkp2jw830sbr2wb20p8p1wcwrl9jhadkw94f505qcyg"; + type = "gem"; + }; + version = "2.4.0"; + }; + bit-struct = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1w7x1fh4a6inpb46imhdf4xrq0z4d6zdpg7sdf8n98pif2hx50sx"; + type = "gem"; + }; + version = "0.16"; + }; + builder = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qibi5s67lpdv1wgcj66wcymcr04q6j4mzws6a479n0mlrmh5wr1"; + type = "gem"; + }; + version = "3.2.3"; + }; + dnsruby = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qfvpkka69f8vnmda3zhkr54fjpf7pwgmbx0gcsxg3jd6c7sjs1d"; + type = "gem"; + }; + version = "1.60.2"; + }; + erubis = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1fj827xqjs91yqsydf0zmfyw9p4l2jz5yikg3mppz6d7fi8kyrb3"; + type = "gem"; + }; + version = "2.7.0"; + }; + faraday = { + dependencies = ["multipart-post"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1gyqsj7vlqynwvivf9485zwmcj04v1z7gq362z0b8zw2zf4ag0hw"; + type = "gem"; + }; + version = "0.13.1"; + }; + ffi = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "034f52xf7zcqgbvwbl20jwdyjwznvqnwpbaps9nk18v9lgb1dpx0"; + type = "gem"; + }; + version = "1.9.18"; + }; + filesize = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "061qmg82mm9xnmnq3b7gbi24g28xk62w0b0nw86gybd07m1jn989"; + type = "gem"; + }; + version = "0.1.1"; + }; + hashery = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qj8815bf7q6q7llm5rzdz279gzmpqmqqicxnzv066a020iwqffj"; + type = "gem"; + }; + version = "2.1.2"; + }; + i18n = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1i3aqvzfsj786kwjj70jsjpxm6ffw5pwhalzr2abjfv2bdc7k9kw"; + type = "gem"; + }; + version = "0.8.6"; + }; + jsobfu = { + dependencies = ["rkelly-remix"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hchns89cfj0gggm2zbr7ghb630imxm2x2d21ffx2jlasn9xbkyk"; + type = "gem"; + }; + version = "0.4.2"; + }; + json = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01v6jjpvh3gnq6sgllpfqahlgxzj50ailwhj9b3cd20hi2dx0vxp"; + type = "gem"; + }; + version = "2.1.0"; + }; + loofah = { + dependencies = ["nokogiri"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "109ps521p0sr3kgc460d58b4pr1z4mqggan2jbsf0aajy9s6xis8"; + type = "gem"; + }; + version = "2.0.3"; + }; + metasm = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gss57q4lv6l0jkih77zffrpjjzgkdcsy7b9nvvawyzknis9w4s5"; + type = "gem"; + }; + version = "1.0.3"; + }; + metasploit-concern = { + dependencies = ["activemodel" "activesupport" "railties"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0v9lm225fhzhnbjcc0vwb38ybikxwzlv8116rrrkndzs8qy79297"; + type = "gem"; + }; + version = "2.0.5"; + }; + metasploit-credential = { + dependencies = ["metasploit-concern" "metasploit-model" "metasploit_data_models" "pg" "railties" "rex-socket" "rubyntlm" "rubyzip"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1flahrcl5hf4bncqs40mry6pkffvmir85kqzkad22x3dh6crw50i"; + type = "gem"; + }; + version = "2.0.12"; + }; + metasploit-framework = { + dependencies = ["actionpack" "activerecord" "activesupport" "backports" "bcrypt" "bcrypt_pbkdf" "bit-struct" "dnsruby" "filesize" "jsobfu" "json" "metasm" "metasploit-concern" "metasploit-credential" "metasploit-model" "metasploit-payloads" "metasploit_data_models" "metasploit_payloads-mettle" "msgpack" "nessus_rest" "net-ssh" "network_interface" "nexpose" "nokogiri" "octokit" "openssl-ccm" "openvas-omp" "packetfu" "patch_finder" "pcaprub" "pdf-reader" "pg" "railties" "rb-readline" "rbnacl" "rbnacl-libsodium" "recog" "redcarpet" "rex-arch" "rex-bin_tools" "rex-core" "rex-encoder" "rex-exploitation" "rex-java" "rex-mime" "rex-nop" "rex-ole" "rex-powershell" "rex-random_identifier" "rex-registry" "rex-rop_builder" "rex-socket" "rex-sslscan" "rex-struct2" "rex-text" "rex-zip" "robots" "ruby_smb" "rubyntlm" "rubyzip" "sqlite3" "sshkey" "tzinfo" "tzinfo-data" "windows_error" "xdr" "xmlrpc"]; + source = { + fetchSubmodules = false; + rev = "dbec1c2d2ae4bd77276cbfb3c6ee2902048b9453"; + sha256 = "06a2dc64wl8w02zimf44hch4cap7ckw42kg1x01lmcwaa8d5q09w"; + type = "git"; + url = "https://github.com/rapid7/metasploit-framework"; + }; + version = "4.16.1"; + }; + metasploit-model = { + dependencies = ["activemodel" "activesupport" "railties"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "05pnai1cv00xw87rrz38dz4s3ss45s90290d0knsy1mq6rp8yvmw"; + type = "gem"; + }; + version = "2.0.4"; + }; + metasploit-payloads = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0icha08z4c5rnyp66xcyn9c8lbv43gx7hgs9rsm3539gj8c40znx"; + type = "gem"; + }; + version = "1.3.1"; + }; + metasploit_data_models = { + dependencies = ["activerecord" "activesupport" "arel-helpers" "metasploit-concern" "metasploit-model" "pg" "postgres_ext" "railties" "recog"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0j3ijxn6n3ack9572a74cwknijymy41c8rx34njyhg25lx4hbvah"; + type = "gem"; + }; + version = "2.0.15"; + }; + metasploit_payloads-mettle = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1y2nfzgs17pq3xvlw14jgjcksr4h8p4miypxk9a87l1h7xv7dcgn"; + type = "gem"; + }; + version = "0.2.0"; + }; + mini_portile2 = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0g5bpgy08q0nc0anisg3yvwc1gc3inl854fcrg48wvg7glqd6dpm"; + type = "gem"; + }; + version = "2.2.0"; + }; + minitest = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "05521clw19lrksqgvg2kmm025pvdhdaniix52vmbychrn2jm7kz2"; + type = "gem"; + }; + version = "5.10.3"; + }; + msgpack = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ck7w17d6b4jbb8inh1q57bghi9cjkiaxql1d3glmj1yavbpmlh7"; + type = "gem"; + }; + version = "1.1.0"; + }; + multipart-post = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09k0b3cybqilk1gwrwwain95rdypixb2q9w65gd44gfzsd84xi1x"; + type = "gem"; + }; + version = "2.0.0"; + }; + nessus_rest = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1allyrd4rll333zbmsi3hcyg6cw1dhc4bg347ibsw191nswnp8ci"; + type = "gem"; + }; + version = "0.1.6"; + }; + net-ssh = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "013p5jb4wy0cq7x7036piw2a3s1i9p752ki1srx2m289mpz4ml3q"; + type = "gem"; + }; + version = "4.1.0"; + }; + network_interface = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ir4c1vbz1y0gxyih024262i7ig1nji1lkylcrn9pjzx3798p97a"; + type = "gem"; + }; + version = "0.0.1"; + }; + nexpose = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jnyvj09z8r3chhj930fdnashbfcfv0vw2drjvsrcnm7firdhdzb"; + type = "gem"; + }; + version = "6.1.1"; + }; + nokogiri = { + dependencies = ["mini_portile2"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1nffsyx1xjg6v5n9rrbi8y1arrcx2i5f21cp6clgh9iwiqkr7rnn"; + type = "gem"; + }; + version = "1.8.0"; + }; + octokit = { + dependencies = ["sawyer"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h6cm7bi0y7ysjgwws3paaipqdld6c0m0niazrjahhpz88qqq1g4"; + type = "gem"; + }; + version = "4.7.0"; + }; + openssl-ccm = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "18h5lxv0zh4j2f0wnhdmfz63x02vbzbq2k1clz6kzr0q83h8kj9c"; + type = "gem"; + }; + version = "1.2.1"; + }; + openvas-omp = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14xf614vd76qjdjxjv14mmjar6s64fwp4cwb7bv5g1wc29srg28x"; + type = "gem"; + }; + version = "0.0.4"; + }; + packetfu = { + dependencies = ["pcaprub"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16ppq9wfxq4x2hss61l5brs3s6fmi8gb50mnp1nnnzb1asq4g8ll"; + type = "gem"; + }; + version = "1.1.13"; + }; + patch_finder = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1md9scls55n1riw26vw1ak0ajq38dfygr36l0h00wqhv51cq745m"; + type = "gem"; + }; + version = "1.0.2"; + }; + pcaprub = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pl4lqy7308185pfv0197n8b4v20fhd0zb3wlpz284rk8ssclkvz"; + type = "gem"; + }; + version = "0.12.4"; + }; + pdf-reader = { + dependencies = ["Ascii85" "afm" "hashery" "ruby-rc4" "ttfunk"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nlammdpjy3padmzxhsql7mw31jyqp88n6bdffiarv5kzl4s3y7p"; + type = "gem"; + }; + version = "2.0.0"; + }; + pg = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03xcgwjs6faxis81jxf2plnlalg55dhhafqv3kvjxfr8ic7plpw5"; + type = "gem"; + }; + version = "0.20.0"; + }; + pg_array_parser = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1034dhg8h53j48sfm373js54skg4vpndjga6hzn2zylflikrrf3s"; + type = "gem"; + }; + version = "0.0.9"; + }; + postgres_ext = { + dependencies = ["activerecord" "arel" "pg_array_parser"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1lbp1qf5s1addhznm7d4bzks9adh7jpilgcsr8k7mbd0a1ailcgc"; + type = "gem"; + }; + version = "3.0.0"; + }; + public_suffix = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "040jf98jpp6w140ghkhw2hvc1qx41zvywx5gj7r2ylr1148qnj7q"; + type = "gem"; + }; + version = "2.0.5"; + }; + rack = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1g9926ln2lw12lfxm4ylq1h6nl0rafl10za3xvjzc87qvnqic87f"; + type = "gem"; + }; + version = "1.6.11"; + }; + rack-test = { + dependencies = ["rack"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h6x5jq24makgv2fq5qqgjlrk74dxfy62jif9blk43llw8ib2q7z"; + type = "gem"; + }; + version = "0.6.3"; + }; + rails-deprecated_sanitizer = { + dependencies = ["activesupport"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qxymchzdxww8bjsxj05kbf86hsmrjx40r41ksj0xsixr2gmhbbj"; + type = "gem"; + }; + version = "1.0.3"; + }; + rails-dom-testing = { + dependencies = ["activesupport" "nokogiri" "rails-deprecated_sanitizer"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ny7mbjxhq20rzg4pivvyvk14irmc7cn20kxfk3vc0z2r2c49p8r"; + type = "gem"; + }; + version = "1.0.8"; + }; + rails-html-sanitizer = { + dependencies = ["loofah"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "138fd86kv073zqfx0xifm646w6bgw2lr8snk16lknrrfrss8xnm7"; + type = "gem"; + }; + version = "1.0.3"; + }; + railties = { + dependencies = ["actionpack" "activesupport" "rake" "thor"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1g5jnk1zllm2fr06lixq7gv8l2cwqc99akv7886gz6lshijpfyxd"; + type = "gem"; + }; + version = "4.2.9"; + }; + rake = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01j8fc9bqjnrsxbppncai05h43315vmz9fwg28qdsgcjw9ck1d7n"; + type = "gem"; + }; + version = "12.0.0"; + }; + rb-readline = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14w79a121czmvk1s953qfzww30mqjb2zc0k9qhi0ivxxk3hxg6wy"; + type = "gem"; + }; + version = "0.5.5"; + }; + rbnacl = { + dependencies = ["ffi"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08dkigw8wdx53hviw1zqrs7rcrzqcwh9jd3dvwr72013z9fmyp48"; + type = "gem"; + }; + version = "4.0.2"; + }; + rbnacl-libsodium = { + dependencies = ["rbnacl"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1323fli41m01af13xz5xvabsjnz09si1b9l4qd2p802kq0dr61gd"; + type = "gem"; + }; + version = "1.0.13"; + }; + recog = { + dependencies = ["nokogiri"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h023ykrrra74bpbibkyg083kafaswvraw4naw9p1ghcjzn9ggj3"; + type = "gem"; + }; + version = "2.1.12"; + }; + redcarpet = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h9qz2hik4s9knpmbwrzb3jcp3vc5vygp9ya8lcpl7f1l9khmcd7"; + type = "gem"; + }; + version = "3.4.0"; + }; + rex-arch = { + dependencies = ["rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1izzalmjwdyib8y0xlgys8qb60di6xyjk485ylgh14p47wkyc6yp"; + type = "gem"; + }; + version = "0.1.11"; + }; + rex-bin_tools = { + dependencies = ["metasm" "rex-arch" "rex-core" "rex-struct2" "rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01hi1cjr68adp47nxbjfprvn0r3b72r4ib82x9j33bf2pny6nvaw"; + type = "gem"; + }; + version = "0.1.4"; + }; + rex-core = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16dwf4pw7bpx8xvlv241imxvwhvjfv0cw9kl7ipsv40yazy5lzpk"; + type = "gem"; + }; + version = "0.1.12"; + }; + rex-encoder = { + dependencies = ["metasm" "rex-arch" "rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1zm5jdxgyyp8pkfqwin34izpxdrmglx6vmk20ifnvcsm55c9m70z"; + type = "gem"; + }; + version = "0.1.4"; + }; + rex-exploitation = { + dependencies = ["jsobfu" "metasm" "rex-arch" "rex-encoder" "rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gbj28jqaaldpk4qzysgcl6m0wcqx3gcldarqdk55p5z9zasrk19"; + type = "gem"; + }; + version = "0.1.14"; + }; + rex-java = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0j58k02p5g9snkpak64sb4aymkrvrh9xpqh8wsnya4w7b86w2y6i"; + type = "gem"; + }; + version = "0.1.5"; + }; + rex-mime = { + dependencies = ["rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15a14kz429h7pn81ysa6av3qijxjmxagjff6dyss5v394fxzxf4a"; + type = "gem"; + }; + version = "0.1.5"; + }; + rex-nop = { + dependencies = ["rex-arch"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0aigf9qsqsmiraa6zvfy1a7cyvf7zc3iyhzxi6fjv5sb8f64d6ny"; + type = "gem"; + }; + version = "0.1.1"; + }; + rex-ole = { + dependencies = ["rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1pnzbqfnvbs0vc0z0ryszk3fxhgxrjd6gzwqa937rhlphwp5jpww"; + type = "gem"; + }; + version = "0.1.6"; + }; + rex-powershell = { + dependencies = ["rex-random_identifier" "rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nl60fdd1rlckk95d3s3y873w84vb0sgwvwxdzv414qxz8icpjnm"; + type = "gem"; + }; + version = "0.1.72"; + }; + rex-random_identifier = { + dependencies = ["rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0cksrljaw61mdjvbmj9vqqhd8nra7jv466w5nim47n73rj72jc19"; + type = "gem"; + }; + version = "0.1.2"; + }; + rex-registry = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wv812ghnz143vx10ixmv32ypj1xrzr4rh4kgam8d8wwjwxsgw1q"; + type = "gem"; + }; + version = "0.1.3"; + }; + rex-rop_builder = { + dependencies = ["metasm" "rex-core" "rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xjd3d6wnbq4ym0d0m268md8fb16f2hbwrahvxnl14q63fj9i3wy"; + type = "gem"; + }; + version = "0.1.3"; + }; + rex-socket = { + dependencies = ["rex-core"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0bkr64qrfy2mcv6cpp2z2rn9npgn9s0yyagzjh7kawbm80ldwf2h"; + type = "gem"; + }; + version = "0.1.8"; + }; + rex-sslscan = { + dependencies = ["rex-core" "rex-socket" "rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06gbx45q653ajcx099p0yxdqqxazfznbrqshd4nwiwg1p498lmyx"; + type = "gem"; + }; + version = "0.1.5"; + }; + rex-struct2 = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1nbdn53264a20cr2m2nq2v4mg0n33dvrd1jj1sixl37qjzw2k452"; + type = "gem"; + }; + version = "0.1.2"; + }; + rex-text = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "024miva867h4wv4y1lnxxrw2d7p51va32ismxqf3fsz4s9cqc88m"; + type = "gem"; + }; + version = "0.2.15"; + }; + rex-zip = { + dependencies = ["rex-text"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mbfryyhcw47i7jb8cs8vilbyqgyiyjkfl1ngl6wdbf7d87dwdw7"; + type = "gem"; + }; + version = "0.1.3"; + }; + rkelly-remix = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1g7hjl9nx7f953y7lncmfgp0xgxfxvgfm367q6da9niik6rp1y3j"; + type = "gem"; + }; + version = "0.0.7"; + }; + robots = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "141gvihcr2c0dpzl3dqyh8kqc9121prfdql2iamaaw0mf9qs3njs"; + type = "gem"; + }; + version = "0.10.1"; + }; + ruby-rc4 = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "00vci475258mmbvsdqkmqadlwn6gj9m01sp7b5a3zd90knil1k00"; + type = "gem"; + }; + version = "0.1.5"; + }; + ruby_smb = { + dependencies = ["bindata" "rubyntlm" "windows_error"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1jby5wlppxhc2jlqldic05aqd5l57171lsxqv86702grk665n612"; + type = "gem"; + }; + version = "0.0.18"; + }; + rubyntlm = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1p6bxsklkbcqni4bcq6jajc2n57g0w5rzn4r49c3lb04wz5xg0dy"; + type = "gem"; + }; + version = "0.6.2"; + }; + rubyzip = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06js4gznzgh8ac2ldvmjcmg9v1vg9llm357yckkpylaj6z456zqz"; + type = "gem"; + }; + version = "1.2.1"; + }; + sawyer = { + dependencies = ["addressable" "faraday"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0sv1463r7bqzvx4drqdmd36m7rrv6sf1v3c6vswpnq3k6vdw2dvd"; + type = "gem"; + }; + version = "0.8.1"; + }; + sqlite3 = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01ifzp8nwzqppda419c9wcvr8n82ysmisrs0hph9pdmv1lpa4f5i"; + type = "gem"; + }; + version = "1.3.13"; + }; + sshkey = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0g02lh50jd5z4l9bp7xirnfn3n1dh9lr06dv3xh0kr3yhsny059h"; + type = "gem"; + }; + version = "1.9.0"; + }; + thor = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nmqpyj642sk4g16nkbq6pj856adpv91lp4krwhqkh2iw63aszdl"; + type = "gem"; + }; + version = "0.20.0"; + }; + thread_safe = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nmhcgq6cgz44srylra07bmaw99f5271l0dpsvl5f75m44l0gmwy"; + type = "gem"; + }; + version = "0.3.6"; + }; + ttfunk = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mgrnqla5n51v4ivn844albsajkck7k6lviphfqa8470r46c58cd"; + type = "gem"; + }; + version = "1.5.1"; + }; + tzinfo = { + dependencies = ["thread_safe"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "05r81lk7q7275rdq7xipfm0yxgqyd2ggh73xpc98ypngcclqcscl"; + type = "gem"; + }; + version = "1.2.3"; + }; + tzinfo-data = { + dependencies = ["tzinfo"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1n83rmy476d4qmzq74qx0j7lbcpskbvrj1bmy3np4d5pydyw2yky"; + type = "gem"; + }; + version = "1.2017.2"; + }; + windows_error = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0kbcv9j5sc7pvjzf1dkp6h69i6lmj205zyy2arxcfgqg11bsz2kp"; + type = "gem"; + }; + version = "0.1.2"; + }; + xdr = { + dependencies = ["activemodel" "activesupport"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0c5cp1k4ij3xq1q6fb0f6xv5b65wy18y7bhwvsdx8wd0zyg3x96m"; + type = "gem"; + }; + version = "2.0.0"; + }; + xmlrpc = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1s744iwblw262gj357pky3d9fcx9hisvla7rnw29ysn5zsb6i683"; + type = "gem"; + }; + version = "0.3.0"; + }; +} \ No newline at end of file diff --git a/nixpkgs/pkgs/tools/security/metasploit/shell.nix b/nixpkgs/pkgs/tools/security/metasploit/shell.nix new file mode 100644 index 000000000000..cd7a01214c6a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/metasploit/shell.nix @@ -0,0 +1,16 @@ +# Env to update Gemfile.lock / gemset.nix +with import <nixpkgs> {}; +stdenv.mkDerivation { + name = "env"; + buildInputs = [ + ruby.devEnv + git + sqlite + libpcap + postgresql + libxml2 + libxslt + pkgconfig + bundix + ]; +} diff --git a/nixpkgs/pkgs/tools/security/mfcuk/default.nix b/nixpkgs/pkgs/tools/security/mfcuk/default.nix new file mode 100644 index 000000000000..3d4bdd2edf17 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mfcuk/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchurl, pkgconfig, libnfc }: + +stdenv.mkDerivation rec { + name = "mfcuk-${version}"; + version = "0.3.8"; + + src = fetchurl { + url = "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/mfcuk/mfcuk-0.3.8.tar.gz"; + sha256 = "0m9sy61rsbw63xk05jrrmnyc3xda0c3m1s8pg3sf8ijbbdv9axcp"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libnfc ]; + + meta = with stdenv.lib; { + description = "MiFare Classic Universal toolKit"; + license = licenses.gpl2; + homepage = https://github.com/nfc-tools/mfcuk; + maintainers = with maintainers; [ offline ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mfoc/default.nix b/nixpkgs/pkgs/tools/security/mfoc/default.nix new file mode 100644 index 000000000000..1ae18e343537 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mfoc/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, pkgconfig, libnfc }: + +stdenv.mkDerivation rec { + pname = "mfoc"; + version = "0.10.7"; + + src = fetchFromGitHub { + owner = "nfc-tools"; + repo = pname; + rev = "${pname}-${version}"; + sha256 = "0hbg1fn4000qdg1cfc7y8l0vh1mxlxcz7gapkcq54xp2l6kk1z65"; + }; + + patches = [ + (fetchpatch { + url = "https://github.com/nfc-tools/mfoc/commit/f13efb0a6deb1d97ba945d555a6a5d6be89b593f.patch"; + sha256 = "109gqzp8rdsjvj0nra686vy0dpd2bl6q5v9m4v98cpxkbz496450"; + }) + (fetchpatch { + url = "https://github.com/nfc-tools/mfoc/commit/00eae36f891bc4580103e3b54f0bb5228af2cdef.patch"; + sha256 = "1w56aj96g776f37j53jmf3hk21x4mqik3l2bmghrdp8drixc8bzk"; + }) + ]; + + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ libnfc ]; + + meta = with stdenv.lib; { + description = "Mifare Classic Offline Cracker"; + license = licenses.gpl2; + homepage = https://github.com/nfc-tools/mfoc; + maintainers = with maintainers; [ offline ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/minisign/default.nix b/nixpkgs/pkgs/tools/security/minisign/default.nix new file mode 100644 index 000000000000..f5bc7a60839e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/minisign/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub, cmake, libsodium }: + +stdenv.mkDerivation rec { + name = "minisign-${version}"; + version = "0.8"; + + src = fetchFromGitHub { + repo = "minisign"; + owner = "jedisct1"; + rev = version; + sha256 = "0rgg9jb5108hd5psivlrfd8cxnjylawm0glcry8ba6zlmkv949r8"; + }; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ libsodium ]; + + meta = with stdenv.lib; { + description = "A simple tool for signing files and verifying signatures"; + longDescription = '' + minisign uses public key cryptography to help facilitate secure (but not + necessarily private) file transfer, e.g., of software artefacts. minisign + is similar to and compatible with OpenBSD's signify. + ''; + homepage = https://jedisct1.github.io/minisign/; + license = licenses.isc; + maintainers = with maintainers; [ joachifm ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mkp224o/default.nix b/nixpkgs/pkgs/tools/security/mkp224o/default.nix new file mode 100644 index 000000000000..0c927b7501b6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mkp224o/default.nix @@ -0,0 +1,47 @@ +{ stdenv, lib, fetchFromGitHub, autoreconfHook, libsodium }: + +stdenv.mkDerivation rec { + name = "mkp224o-${version}"; + version = "1.3.0"; + + src = fetchFromGitHub { + owner = "cathugger"; + repo = "mkp224o"; + rev = "v${version}"; + sha256 = "1il12ahcs5pj52hxn4xvpjfz801xcg31zk2jnkl80frzlwq040qi"; + }; + + buildCommand = + let + # compile few variants with different implementation of crypto + # the fastest depends on a particular cpu + variants = [ + { suffix = "ref10"; configureFlags = ["--enable-ref10"]; } + { suffix = "donna"; configureFlags = ["--enable-donna"]; } + ] ++ lib.optionals (stdenv.isi686 || stdenv.isx86_64) [ + { suffix = "donna-sse2"; configureFlags = ["--enable-donna-sse2"]; } + ] ++ lib.optionals stdenv.isx86_64 [ + { suffix = "amd64-51-30k"; configureFlags = ["--enable-amd64-51-30k"]; } + { suffix = "amd64-64-20k"; configureFlags = ["--enable-amd64-64-24k"]; } + ]; + in + lib.concatMapStrings ({suffix, configureFlags}: '' + install -D ${ + stdenv.mkDerivation { + name = "mkp224o-${suffix}-${version}"; + inherit version src configureFlags; + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ libsodium ]; + installPhase = "install -D mkp224o $out"; + } + } $out/bin/mkp224o-${suffix} + '') variants; + + meta = with lib; { + description = "Vanity address generator for tor onion v3 (ed25519) hidden services"; + homepage = http://cathug2kyi4ilneggumrenayhuhsvrgn6qv2y47bgeet42iivkpynqad.onion/; + license = licenses.cc0; + platforms = platforms.linux; + maintainers = with maintainers; [ volth ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mkpasswd/default.nix b/nixpkgs/pkgs/tools/security/mkpasswd/default.nix new file mode 100644 index 000000000000..3d30fef02e29 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mkpasswd/default.nix @@ -0,0 +1,21 @@ +{ stdenv, whois, perl }: + +stdenv.mkDerivation { + name = "mkpasswd-${whois.version}"; + + src = whois.src; + + nativeBuildInputs = [ perl ]; + + preConfigure = whois.preConfigure; + buildPhase = "make mkpasswd"; + installPhase = "make install-mkpasswd"; + + meta = with stdenv.lib; { + homepage = https://packages.qa.debian.org/w/whois.html; + description = "Overfeatured front-end to crypt, from the Debian whois package"; + license = licenses.gpl2; + maintainers = with maintainers; [ cstrahan fpletz ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mkrand/default.nix b/nixpkgs/pkgs/tools/security/mkrand/default.nix new file mode 100644 index 000000000000..5d1cfdd40232 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mkrand/default.nix @@ -0,0 +1,20 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "mkrand-0.1.0"; + + src = fetchurl { + url = "https://github.com/mknight-tag/MKRAND/releases/download/v0.1.0/mkrand-0.1.0.tar.gz"; + sha256 = "1irwyv2j5c3606k3qbq77yrd65y27rcq3jdlp295rz875q8iq9fs"; + }; + + doCheck = true; + + meta = { + description = "A Digital Random Bit Generator"; + longDescription = "MKRAND is a utility for generating random information."; + homepage = https://github.com/mknight-tag/MKRAND/; + license = stdenv.lib.licenses.mit; + platforms = stdenv.lib.platforms.all; + }; + } diff --git a/nixpkgs/pkgs/tools/security/mktemp/default.nix b/nixpkgs/pkgs/tools/security/mktemp/default.nix new file mode 100644 index 000000000000..71bdd3af55de --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mktemp/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchurl, groff }: + +stdenv.mkDerivation { + name = "mktemp-1.7"; + + # Have `configure' avoid `/usr/bin/nroff' in non-chroot builds. + NROFF = "${groff}/bin/nroff"; + + # Don't use "install -s" + postPatch = '' + substituteInPlace Makefile.in --replace " 0555 -s " " 0555 " + ''; + + src = fetchurl { + url = ftp://ftp.mktemp.org/pub/mktemp/mktemp-1.7.tar.gz; + sha256 = "0x969152znxxjbj7387xb38waslr4yv6bnj5jmhb4rpqxphvk54f"; + }; + + meta = with stdenv.lib; { + description = "Simple tool to make temporary file handling in shells scripts safe and simple"; + homepage = https://www.mktemp.org; + license = licenses.isc; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/modsecurity/Makefile.in.patch b/nixpkgs/pkgs/tools/security/modsecurity/Makefile.in.patch new file mode 100644 index 000000000000..98384c754ce7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/modsecurity/Makefile.in.patch @@ -0,0 +1,17 @@ +--- a/apache2/Makefile.in 2017-10-10 09:45:51.000000000 -0400 ++++ b/apache2/Makefile.in 2017-10-10 09:46:04.000000000 -0400 +@@ -1208,14 +1208,12 @@ + @LINUX_TRUE@ for m in $(pkglib_LTLIBRARIES); do \ + @LINUX_TRUE@ base=`echo $$m | sed 's/\..*//'`; \ + @LINUX_TRUE@ rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \ +-@LINUX_TRUE@ install -D -m444 $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES)/$$base.so; \ + @LINUX_TRUE@ done + @LINUX_FALSE@install-exec-hook: $(pkglib_LTLIBRARIES) + @LINUX_FALSE@ @echo "Removing unused static libraries..."; \ + @LINUX_FALSE@ for m in $(pkglib_LTLIBRARIES); do \ + @LINUX_FALSE@ base=`echo $$m | sed 's/\..*//'`; \ + @LINUX_FALSE@ rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \ +-@LINUX_FALSE@ cp -p $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES); \ + @LINUX_FALSE@ done + + # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/nixpkgs/pkgs/tools/security/modsecurity/default.nix b/nixpkgs/pkgs/tools/security/modsecurity/default.nix new file mode 100644 index 000000000000..6ec90cd15a85 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/modsecurity/default.nix @@ -0,0 +1,54 @@ +{ stdenv, lib, fetchurl, pkgconfig +, curl, apacheHttpd, pcre, apr, aprutil, libxml2 +, luaSupport ? false, lua5 +}: + +with lib; + +let luaValue = if luaSupport then lua5 else "no"; + optional = stdenv.lib.optional; +in + +stdenv.mkDerivation rec { + name = "modsecurity-${version}"; + version = "2.9.3"; + + src = fetchurl { + url = "https://www.modsecurity.org/tarball/${version}/${name}.tar.gz"; + sha256 = "0611nskd2y6yagrciqafxdn4rxbdk2v4swf45kc1sgwx2sfh34j1"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ curl apacheHttpd pcre apr aprutil libxml2 ] ++ + optional luaSupport lua5; + + configureFlags = [ + "--enable-standalone-module" + "--enable-static" + "--with-curl=${curl.dev}" + "--with-apxs=${apacheHttpd.dev}/bin/apxs" + "--with-pcre=${pcre.dev}" + "--with-apr=${apr.dev}" + "--with-apu=${aprutil.dev}/bin/apu-1-config" + "--with-libxml=${libxml2.dev}" + "--with-lua=${luaValue}" + ]; + + outputs = ["out" "nginx"]; + # by default modsecurity's install script copies compiled output to httpd's modules folder + # this patch removes those lines + patches = [ ./Makefile.in.patch ]; + + postInstall = '' + mkdir -p $nginx + cp -R * $nginx + ''; + + meta = { + description = "Open source, cross-platform web application firewall (WAF)"; + license = licenses.asl20; + homepage = https://www.modsecurity.org/; + maintainers = with maintainers; [offline]; + platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/monkeysphere/default.nix b/nixpkgs/pkgs/tools/security/monkeysphere/default.nix new file mode 100644 index 000000000000..e1a134ec5d18 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/monkeysphere/default.nix @@ -0,0 +1,103 @@ +{ stdenv, fetchurl, makeWrapper +, perl, libassuan, libgcrypt +, perlPackages, lockfileProgs, gnupg, coreutils +# For the tests: +, openssh, which, socat, cpio, hexdump, procps, openssl +}: + +let + # A patch is needed to run the tests inside the Nix sandbox: + # /etc/passwd: "nixbld:x:1000:100:Nix build user:/build:/noshell" + # sshd: "User nixbld not allowed because shell /noshell does not exist" + opensshUnsafe = openssh.overrideAttrs (oldAttrs: { + patches = oldAttrs.patches ++ [ ./openssh-nixos-sandbox.patch ]; + }); +in stdenv.mkDerivation rec { + name = "monkeysphere-${version}"; + version = "0.44"; + + # The patched OpenSSH binary MUST NOT be used (except in the check phase): + disallowedRequisites = [ opensshUnsafe ]; + + src = fetchurl { + url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz"; + sha256 = "1ah7hy8r9gj96pni8azzjb85454qky5l17m3pqn37854l6grgika"; + }; + + patches = [ ./monkeysphere.patch ]; + + postPatch = '' + sed -i "s,/usr/bin/env,${coreutils}/bin/env," src/share/ma/update_users + ''; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ perl libassuan libgcrypt ] + ++ stdenv.lib.optional doCheck + ([ gnupg opensshUnsafe which socat cpio hexdump procps lockfileProgs ] ++ + (with perlPackages; [ CryptOpenSSLRSA CryptOpenSSLBignum ])); + + makeFlags = '' + PREFIX=/ + DESTDIR=$(out) + ''; + + # The tests should be run (and succeed) when making changes to this package + # but they aren't enabled by default because they "drain" entropy (GnuPG + # still uses /dev/random). + doCheck = false; + preCheck = stdenv.lib.optionalString doCheck '' + patchShebangs tests/ + patchShebangs src/ + sed -i \ + -e "s,/usr/sbin/sshd,${opensshUnsafe}/bin/sshd," \ + -e "s,/bin/true,${coreutils}/bin/true," \ + -e "s,/bin/false,${coreutils}/bin/false," \ + -e "s,openssl\ req,${openssl}/bin/openssl req," \ + tests/basic + sed -i "s/<(hd/<(hexdump/" tests/keytrans + ''; + + postFixup = + let wrapperArgs = runtimeDeps: + "--prefix PERL5LIB : " + + (with perlPackages; makePerlPath [ # Optional (only required for keytrans) + CryptOpenSSLRSA + CryptOpenSSLBignum + ]) + + stdenv.lib.optionalString + (builtins.length runtimeDeps > 0) + " --prefix PATH : ${stdenv.lib.makeBinPath runtimeDeps}"; + wrapMonkeysphere = runtimeDeps: program: + "wrapProgram $out/bin/${program} ${wrapperArgs runtimeDeps}\n"; + wrapPrograms = runtimeDeps: programs: stdenv.lib.concatMapStrings + (wrapMonkeysphere runtimeDeps) + programs; + in wrapPrograms [ gnupg ] [ "monkeysphere-authentication" "monkeysphere-host" ] + + wrapPrograms [ gnupg lockfileProgs ] [ "monkeysphere" ] + + '' + # These 4 programs depend on the program name ($0): + for program in openpgp2pem openpgp2spki openpgp2ssh pem2openpgp; do + rm $out/bin/$program + ln -sf keytrans $out/share/monkeysphere/$program + makeWrapper $out/share/monkeysphere/$program $out/bin/$program \ + ${wrapperArgs [ ]} + done + ''; + + meta = with stdenv.lib; { + homepage = http://web.monkeysphere.info/; + description = "Leverage the OpenPGP web of trust for SSH and TLS authentication"; + longDescription = '' + The Monkeysphere project's goal is to extend OpenPGP's web of + trust to new areas of the Internet to help us securely identify + servers we connect to, as well as each other while we work online. + The suite of Monkeysphere utilities provides a framework to + transparently leverage the web of trust for authentication of + TLS/SSL communications through the normal use of tools you are + familiar with, such as your web browser0 or secure shell. + ''; + license = licenses.gpl3Plus; + platforms = platforms.all; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/monkeysphere/monkeysphere.patch b/nixpkgs/pkgs/tools/security/monkeysphere/monkeysphere.patch new file mode 100644 index 000000000000..8cdd85017b93 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/monkeysphere/monkeysphere.patch @@ -0,0 +1,23 @@ +diff --git a/Makefile b/Makefile +--- a/Makefile ++++ b/Makefile +@@ -52,7 +52,7 @@ clean: + replaced/%: % + mkdir -p $(dir $@) + sed < $< > $@ \ +- -e 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' \ ++ -e 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' \ + -e 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' \ + -e 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' + +diff --git a/src/share/keytrans b/src/share/keytrans +--- a/src/share/keytrans ++++ b/src/share/keytrans +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -T ++#!/usr/bin/perl + + # keytrans: this is an RSA key translation utility; it is capable of + # transforming RSA keys (both public keys and secret keys) between +-- +2.16.3 diff --git a/nixpkgs/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch b/nixpkgs/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch new file mode 100644 index 000000000000..2a9a1fc8dfa9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch @@ -0,0 +1,17 @@ +diff --git a/auth.c b/auth.c +index d2a8cd65..811a129f 100644 +--- a/auth.c ++++ b/auth.c +@@ -580,6 +580,12 @@ getpwnamallow(const char *user) + #endif + + pw = getpwnam(user); ++ if (pw != NULL) { ++ // This is only for testing purposes, ++ // DO NOT USE THIS PATCH IN PRODUCTION! ++ char *shell = "/bin/sh"; ++ pw->pw_shell = shell; ++ } + + #if defined(_AIX) && defined(HAVE_SETAUTHDB) + aix_restoreauthdb(); diff --git a/nixpkgs/pkgs/tools/security/mpw/default.nix b/nixpkgs/pkgs/tools/security/mpw/default.nix new file mode 100644 index 000000000000..4cff17ef8495 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mpw/default.nix @@ -0,0 +1,62 @@ +{ stdenv, cmake, fetchFromGitLab +, json_c, libsodium, libxml2, ncurses }: + +let + rev = "22796663dcad81684ab24308d9db570f6781ba2c"; + +in stdenv.mkDerivation rec { + name = "mpw-${version}-${builtins.substring 0 8 rev}"; + version = "2.6"; + + src = fetchFromGitLab { + owner = "MasterPassword"; + repo = "MasterPassword"; + sha256 = "1f2vqacgbyam1mazawrfim8zwp38gnwf5v3xkkficsfnv789g6fw"; + inherit rev; + }; + + sourceRoot = "./source/platform-independent/c/cli"; + + postPatch = '' + rm build + substituteInPlace mpw-cli-tests \ + --replace '/usr/bin/env bash' ${stdenv.shell} \ + --replace ./mpw ./build/mpw + ''; + + cmakeFlags = [ + "-Dmpw_version=${version}" + "-DBUILD_MPW_TESTS=ON" + ]; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ json_c libxml2 libsodium ncurses ]; + + installPhase = '' + runHook preInstall + + install -Dm755 mpw $out/bin/mpw + install -Dm644 ../mpw.completion.bash $out/share/bash-completion/completions/_mpw + install -Dm644 ../../../../README.md $out/share/doc/mpw/README.md + + runHook postInstall + ''; + + doCheck = true; + + checkPhase = '' + runHook preCheck + + ../mpw-cli-tests + + runHook postCheck + ''; + + meta = with stdenv.lib; { + description = "A stateless password management solution"; + homepage = https://masterpasswordapp.com/; + license = licenses.gpl3; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/munge/default.nix b/nixpkgs/pkgs/tools/security/munge/default.nix new file mode 100644 index 000000000000..2e83c691dc7f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/munge/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, gawk, gnused, libgcrypt, zlib, bzip2 }: + +stdenv.mkDerivation rec { + name = "munge-0.5.13"; + + src = fetchFromGitHub { + owner = "dun"; + repo = "munge"; + rev = "${name}"; + sha256 = "1c4ff3d8ad3inbliszr4slym3b4cn19bn6mxm13mzy20jyi2rm70"; + }; + + nativeBuildInputs = [ autoreconfHook gawk gnused ]; + buildInputs = [ libgcrypt zlib bzip2 ]; + + preAutoreconf = '' + # Remove the install-data stuff, since it tries to write to /var + substituteInPlace src/Makefile.am --replace "etc \\" "\\" + ''; + + configureFlags = [ + "--localstatedir=/var" + ]; + + meta = with stdenv.lib; { + description = '' + An authentication service for creating and validating credentials + ''; + license = licenses.lgpl3; + platforms = platforms.unix; + maintainers = [ maintainers.rickynils ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nasty/default.nix b/nixpkgs/pkgs/tools/security/nasty/default.nix new file mode 100644 index 000000000000..84b738a21092 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nasty/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl, gpgme }: + +stdenv.mkDerivation rec { + name = "nasty-${version}"; + version = "0.6"; + + src = fetchurl { + url = "https://www.vanheusden.com/nasty/${name}.tgz"; + sha256 = "1dznlxr728k1pgy1kwmlm7ivyl3j3rlvkmq34qpwbwbj8rnja1vn"; + }; + + # does not apply cleanly with patchPhase/fetchpatch + # https://sources.debian.net/src/nasty/0.6-3/debian/patches/02_add_largefile_support.patch + CFLAGS = "-D_FILE_OFFSET_BITS=64"; + + buildInputs = [ gpgme ]; + + installPhase = '' + mkdir -p $out/bin + cp nasty $out/bin + ''; + + meta = with stdenv.lib; { + description = "Recover the passphrase of your PGP or GPG-key"; + longDescription = '' + Nasty is a program that helps you to recover the passphrase of your PGP or GPG-key + in case you forget or lost it. It is mostly a proof-of-concept: with a different implementation + this program could be at least 100x faster. + ''; + homepage = http://www.vanheusden.com/nasty/; + license = licenses.gpl2; + maintainers = with maintainers; [ davidak ]; + platforms = platforms.unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/neopg/default.nix b/nixpkgs/pkgs/tools/security/neopg/default.nix new file mode 100644 index 000000000000..88494e8dbdf7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/neopg/default.nix @@ -0,0 +1,48 @@ +{ stdenv +, fetchFromGitHub +, cmake +, sqlite +, botan2 +, boost +, curl +, gettext +, pkgconfig +, libusb +, gnutls }: + +stdenv.mkDerivation rec { + name = "neopg-${version}"; + version = "0.0.6"; + + src = fetchFromGitHub { + owner = "das-labor"; + repo = "neopg"; + rev = "v${version}"; + sha256 = "15xp5w046ix59cfrhh8ka4camr0d8qqw643g184sqrcqwpk7nbrx"; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ pkgconfig ]; + + buildInputs = [ cmake sqlite botan2 boost curl gettext libusb gnutls ]; + + doCheck = true; + checkTarget = "test"; + dontUseCmakeBuildDir = true; + + preCheck = '' + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg + ''; + + meta = with stdenv.lib; { + homepage = https://neopg.io/; + description = "Modern replacement for GnuPG 2"; + license = licenses.gpl3; + longDescription = '' + NeoPG starts as an opiniated fork of GnuPG 2 to clean up the code and make it easier to develop. + It is written in C++11. + ''; + maintainers = with maintainers; [ erictapen ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix b/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix new file mode 100644 index 000000000000..e7f7547e4ad9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix @@ -0,0 +1,53 @@ +{ stdenv, makeWrapper, bash-completion, cmake, fetchFromGitHub, hidapi, libusb1, pkgconfig +, qtbase, qttranslations, qtsvg }: + +stdenv.mkDerivation rec { + name = "nitrokey-app-${version}"; + version = "1.3.2"; + + src = fetchFromGitHub { + owner = "Nitrokey"; + repo = "nitrokey-app"; + rev = "v${version}"; + sha256 = "193kzlz3qn9il56h78faiqkgv749hdils1nn1iw6g3wphgx5fjs2"; + fetchSubmodules = true; + }; + + postPatch = '' + substituteInPlace libnitrokey/CMakeLists.txt \ + --replace '/data/41-nitrokey.rules' '/libnitrokey/data/41-nitrokey.rules' + ''; + + buildInputs = [ + bash-completion + hidapi + libusb1 + qtbase + qttranslations + qtsvg + ]; + nativeBuildInputs = [ + cmake + pkgconfig + makeWrapper + ]; + cmakeFlags = "-DCMAKE_BUILD_TYPE=Release"; + + postFixup = '' + wrapProgram $out/bin/nitrokey-app \ + --prefix QT_PLUGIN_PATH : "${qtbase}/${qtbase.qtPluginPrefix}" + ''; + + meta = with stdenv.lib; { + description = "Provides extra functionality for the Nitrokey Pro and Storage"; + longDescription = '' + The nitrokey-app provides a QT system tray widget with wich you can + access the extra functionality of a Nitrokey Storage or Nitrokey Pro. + See https://www.nitrokey.com/ for more information. + ''; + homepage = https://github.com/Nitrokey/nitrokey-app; + repositories.git = https://github.com/Nitrokey/nitrokey-app.git; + license = licenses.gpl3; + maintainers = with maintainers; [ kaiha fpletz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nitrokey-app/udev-rules.nix b/nixpkgs/pkgs/tools/security/nitrokey-app/udev-rules.nix new file mode 100644 index 000000000000..a89fa7238269 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nitrokey-app/udev-rules.nix @@ -0,0 +1,25 @@ +{ stdenv, nitrokey-app +, group ? "nitrokey" +}: + +stdenv.mkDerivation { + name = "nitrokey-udev-rules-${stdenv.lib.getVersion nitrokey-app}"; + + inherit (nitrokey-app) src; + + dontBuild = true; + + patchPhase = '' + substituteInPlace libnitrokey/data/41-nitrokey.rules --replace plugdev "${group}" + ''; + + installPhase = '' + mkdir -p $out/etc/udev/rules.d + cp libnitrokey/data/41-nitrokey.rules $out/etc/udev/rules.d + ''; + + meta = { + description = "udev rules for Nitrokeys"; + inherit (nitrokey-app.meta) homepage license maintainers; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nmap/default.nix b/nixpkgs/pkgs/tools/security/nmap/default.nix new file mode 100644 index 000000000000..3bc5758aad44 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nmap/default.nix @@ -0,0 +1,84 @@ +{ stdenv, fetchurl, fetchpatch, libpcap, pkgconfig, openssl, lua5_3 +, graphicalSupport ? false +, libX11 ? null +, gtk2 ? null +, withPython ? false # required for the `ndiff` binary +, python2Packages ? null +, makeWrapper ? null +, withLua ? true +}: + +assert withPython -> python2Packages != null; + +with stdenv.lib; + +let + + # Zenmap (the graphical program) also requires Python, + # so automatically enable pythonSupport if graphicalSupport is requested. + pythonSupport = withPython || graphicalSupport; + +in stdenv.mkDerivation rec { + name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; + version = "7.70"; + + src = fetchurl { + url = "https://nmap.org/dist/nmap-${version}.tar.bz2"; + sha256 = "063fg8adx23l4irrh5kn57hsmi1xvjkar4vm4k6g94ppan4hcyw4"; + }; + + patches = [ ./zenmap.patch ] + ++ optionals stdenv.cc.isClang [( + # Fixes a compile error due an ambiguous reference to bind(2) in + # nping/EchoServer.cc, which is otherwise resolved to std::bind. + # Also fixes a missing include. + # https://github.com/nmap/nmap/pull/1363 + fetchpatch { + url = "https://github.com/nmap/nmap/commit/5bbe66f1bd8cbd3718f5805139e2e8139e6849bb.diff"; + sha256 = "088r8ylpc9hachsxs4r17cqfa1ncyspbjvkc573lill7rk1r9m0s"; + } + )]; + + prePatch = optionalString stdenv.isDarwin '' + substituteInPlace libz/configure \ + --replace /usr/bin/libtool ar \ + --replace 'AR="libtool"' 'AR="ar"' \ + --replace 'ARFLAGS="-o"' 'ARFLAGS="-r"' + ''; + + configureFlags = [ + (if withLua then "--with-liblua=${lua5_3}" else "--without-liblua") + ] + ++ optional (!pythonSupport) "--without-ndiff" + ++ optional (!graphicalSupport) "--without-zenmap" + ; + + makeFlags = optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ + "AR=${stdenv.cc.bintools.targetPrefix}ar" + "RANLIB=${stdenv.cc.bintools.targetPrefix}ranlib" + "CC=${stdenv.cc.targetPrefix}gcc" + ]; + + postInstall = optionalString pythonSupport '' + wrapProgram $out/bin/ndiff --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" + '' + optionalString graphicalSupport '' + wrapProgram $out/bin/zenmap --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" --prefix PYTHONPATH : $(toPythonPath $pygtk)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pygobject)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pycairo)/gtk-2.0 + ''; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = with python2Packages; [ libpcap openssl ] + ++ optionals pythonSupport [ makeWrapper python ] + ++ optionals graphicalSupport [ + libX11 gtk2 pygtk pysqlite pygobject2 pycairo + ]; + + doCheck = false; # fails 3 tests, probably needs the net + + meta = { + description = "A free and open source utility for network discovery and security auditing"; + homepage = http://www.nmap.org; + license = licenses.gpl2; + platforms = platforms.all; + maintainers = with maintainers; [ thoughtpolice fpletz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nmap/qt.nix b/nixpkgs/pkgs/tools/security/nmap/qt.nix new file mode 100644 index 000000000000..c0b7a72d18e0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nmap/qt.nix @@ -0,0 +1,54 @@ +{ stdenv, fetchFromGitHub, cmake, pkgconfig, makeWrapper +, dnsutils, nmap +, qtbase, qtscript, qtwebengine }: + +stdenv.mkDerivation rec { + name = "nmapsi4-${version}"; + version = "0.4.80-20180430"; + + src = fetchFromGitHub { + owner = "nmapsi4"; + repo = "nmapsi4"; + rev = "d7f18e4c1e38dcf9c29cb4496fe14f9ff172861a"; + sha256 = "10wqyrjzmad1g7lqa65rymbkna028xbp4xcpj442skw8gyrs3994"; + }; + + nativeBuildInputs = [ cmake makeWrapper pkgconfig ]; + + buildInputs = [ qtbase qtscript qtwebengine ]; + + enableParallelBuilding = true; + + postPatch = '' + substituteInPlace src/platform/digmanager.cpp \ + --replace '"dig"' '"${dnsutils}/bin/dig"' + substituteInPlace src/platform/discover.cpp \ + --replace '"nping"' '"${nmap}/bin/nping"' + for f in \ + src/platform/monitor/monitor.cpp \ + src/platform/nsemanager.cpp ; do + + substituteInPlace $f \ + --replace '"nmap"' '"${nmap}/bin/nmap"' + done + ''; + + postInstall = '' + mv $out/share/applications/kde4/*.desktop $out/share/applications + rmdir $out/share/applications/kde4 + + for f in $out/share/applications/* ; do + substituteInPlace $f \ + --replace Qt4 Qt5 \ + --replace Exec=nmapsi4 Exec=$out/bin/nmapsi4 \ + --replace "Exec=kdesu nmapsi4" "Exec=kdesu $out/bin/nmapsi4" + done + ''; + + meta = with stdenv.lib; { + description = "Qt frontend for nmap"; + license = licenses.gpl2; + maintainers = with maintainers; [ peterhoeg ]; + inherit (src.meta) homepage; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nmap/zenmap.patch b/nixpkgs/pkgs/tools/security/nmap/zenmap.patch new file mode 100644 index 000000000000..3cd39750c881 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nmap/zenmap.patch @@ -0,0 +1,15 @@ +diff -ruN nmap-5.50.orig/zenmap/zenmapCore/Paths.py nmap-5.50/zenmap/zenmapCore/Paths.py +--- nmap-5.50.orig/zenmap/zenmapCore/Paths.py 2013-06-06 05:52:10.723087428 +0000 ++++ nmap-5.50/zenmap/zenmapCore/Paths.py 2013-06-06 07:07:25.481261761 +0000 +@@ -115,7 +115,10 @@ + else: + # Normal script execution. Look in the current directory to allow + # running from the distribution. +- return os.path.abspath(os.path.dirname(fs_dec(sys.argv[0]))) ++ # ++ # Grrwlf: No,no,dear. That's not a script, thats Nixos wrapper. Go add ++ # those '..' to substract /bin part. ++ return os.path.abspath(os.path.join(os.path.dirname(fs_dec(sys.argv[0])), "..")) + + prefix = get_prefix() + diff --git a/nixpkgs/pkgs/tools/security/notary/default.nix b/nixpkgs/pkgs/tools/security/notary/default.nix new file mode 100644 index 000000000000..221817b004df --- /dev/null +++ b/nixpkgs/pkgs/tools/security/notary/default.nix @@ -0,0 +1,65 @@ +{ stdenv, fetchFromGitHub, buildGoPackage, libtool }: + +buildGoPackage rec { + name = "notary-${version}"; + version = "0.6.1"; + gitcommit = "d6e1431f"; + + src = fetchFromGitHub { + owner = "theupdateframework"; + repo = "notary"; + rev = "v${version}"; + sha256 = "1ak9dk6vjny5069hp3w36dbjawcnaq82l3i2qvf7mn7zfglbsnf9"; + }; + + patches = [ ./no-git-usage.patch ]; + + buildInputs = [ libtool ]; + buildPhase = '' + runHook preBuild + cd go/src/github.com/theupdateframework/notary + make client GITCOMMIT=${gitcommit} + runHook postBuild + ''; + + goPackagePath = "github.com/theupdateframework/notary"; + + installPhase = '' + runHook preInstall + install -D bin/notary $bin/bin/notary + runHook postInstall + ''; + + #doCheck = true; # broken by tzdata: 2018g -> 2019a + checkPhase = '' + make test PKGS=github.com/theupdateframework/notary/cmd/notary + ''; + + meta = with stdenv.lib; { + description = "Notary is a project that allows anyone to have trust over arbitrary collections of data"; + longDescription = '' + The Notary project comprises a server and a client for running and + interacting with trusted collections. See the service architecture + documentation for more information. + + Notary aims to make the internet more secure by making it easy for people + to publish and verify content. We often rely on TLS to secure our + communications with a web server which is inherently flawed, as any + compromise of the server enables malicious content to be substituted for + the legitimate content. + + With Notary, publishers can sign their content offline using keys kept + highly secure. Once the publisher is ready to make the content available, + they can push their signed trusted collection to a Notary Server. + + Consumers, having acquired the publisher's public key through a secure + channel, can then communicate with any notary server or (insecure) mirror, + relying only on the publisher's key to determine the validity and + integrity of the received content. + ''; + license = licenses.asl20; + homepage = https://github.com/theupdateframework/notary; + maintainers = with maintainers; [ vdemeester ma27 ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/notary/no-git-usage.patch b/nixpkgs/pkgs/tools/security/notary/no-git-usage.patch new file mode 100644 index 000000000000..363eefe36921 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/notary/no-git-usage.patch @@ -0,0 +1,15 @@ +diff --git a/Makefile b/Makefile +index ab794165..0cbd047f 100644 +--- a/Makefile ++++ b/Makefile +@@ -5,8 +5,8 @@ PREFIX?=$(shell pwd) + # Add to compile time flags + NOTARY_PKG := github.com/theupdateframework/notary + NOTARY_VERSION := $(shell cat NOTARY_VERSION) +-GITCOMMIT := $(shell git rev-parse --short HEAD) +-GITUNTRACKEDCHANGES := $(shell git status --porcelain --untracked-files=no) ++GITCOMMIT ?= $(shell git rev-parse --short HEAD) ++GITUNTRACKEDCHANGES := + ifneq ($(GITUNTRACKEDCHANGES),) + GITCOMMIT := $(GITCOMMIT)-dirty + endif diff --git a/nixpkgs/pkgs/tools/security/nsjail/default.nix b/nixpkgs/pkgs/tools/security/nsjail/default.nix new file mode 100644 index 000000000000..f88156285ca7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nsjail/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkgconfig, which +, libnl, protobuf, protobufc, shadow +}: + +stdenv.mkDerivation rec { + name = "nsjail-${version}"; + version = "2.8"; + + src = fetchFromGitHub { + owner = "google"; + repo = "nsjail"; + rev = version; + fetchSubmodules = true; + sha256 = "0cgycj0cz74plmz4asxryqprg6mkzpmnxzqbfsp1wwackinxq5fq"; + }; + + postPatch = '' + substituteInPlace user.cc \ + --replace "/usr/bin/newgidmap" "${shadow}/bin/newgidmap" \ + --replace "/usr/bin/newuidmap" "${shadow}/bin/newuidmap" + ''; + + nativeBuildInputs = [ autoconf bison flex libtool pkgconfig which ]; + buildInputs = [ libnl protobuf protobufc ]; + enableParallelBuilding = true; + + installPhase = '' + mkdir -p $out/bin $out/share/man/man1 + install nsjail $out/bin/ + install nsjail.1 $out/share/man/man1/ + ''; + + meta = with stdenv.lib; { + description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters"; + homepage = http://nsjail.com/; + license = licenses.asl20; + maintainers = with maintainers; [ bosu c0bw3b ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nwipe/default.nix b/nixpkgs/pkgs/tools/security/nwipe/default.nix new file mode 100644 index 000000000000..a27ed7bad1a5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nwipe/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchFromGitHub, ncurses, parted, automake, autoconf, pkgconfig }: + +stdenv.mkDerivation rec { + version = "0.25"; + name = "nwipe-${version}"; + src = fetchFromGitHub { + owner = "martijnvanbrummelen"; + repo = "nwipe"; + rev = "v${version}"; + sha256 = "1hx041arw82k814g9r8dqsfi736mj5nlzp2zpi8n2qfqfc1q8nir"; + }; + nativeBuildInputs = [ automake autoconf pkgconfig ]; + buildInputs = [ ncurses parted ]; + preConfigure = "sh init.sh || :"; + meta = with stdenv.lib; { + description = "Securely erase disks"; + homepage = https://github.com/martijnvanbrummelen/nwipe; + license = licenses.gpl2; + maintainers = [ maintainers.woffs ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix b/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix new file mode 100644 index 000000000000..9e154c19a9c0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchFromGitLab, pam, xmlsec, autoreconfHook, pkgconfig, libxml2, gtk-doc, perl, gengetopt, bison, help2man }: + +let + securityDependency = + if stdenv.isDarwin then xmlsec + else pam; + +in stdenv.mkDerivation rec { + name = "oath-toolkit-2.6.2"; + + src = fetchFromGitLab { + owner = "oath-toolkit"; + repo = "oath-toolkit"; + rev = "0dffdec9c5af5c89a5af43add29d8275eefe7414"; + sha256 = "0n2sl444723f1k0sjmc0mzdwslx51yxac39c2cx2bl3ykacgfv74"; + }; + + buildInputs = [ securityDependency libxml2 perl gengetopt bison ]; + + nativeBuildInputs = [ autoreconfHook gtk-doc help2man pkgconfig ]; + + # man file generation fails when true + enableParallelBuilding = false; + + configureFlags = [ "--disable-pskc" ]; + + # Replicate the steps from cfg.mk + preAutoreconf = '' + printf "gdoc_MANS =\ngdoc_TEXINFOS =\n" > liboath/man/Makefile.gdoc + printf "gdoc_MANS =\ngdoc_TEXINFOS =\n" > libpskc/man/Makefile.gdoc + touch ChangeLog + ''; + + meta = with stdenv.lib; { + description = "Components for building one-time password authentication systems"; + homepage = https://www.nongnu.org/oath-toolkit/; + platforms = with platforms; linux ++ darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/omapd/default.nix b/nixpkgs/pkgs/tools/security/omapd/default.nix new file mode 100644 index 000000000000..91df7f3fbb0a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/omapd/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl, qt4, gdb, zlib }: + +stdenv.mkDerivation rec { + name = "omapd-${version}"; + version = "0.9.2"; + + src = fetchurl { + url = "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/omapd/${name}.tgz"; + sha256 = "0d7lgv957jhbsav60j50jhdy3rpcqgql74qsniwnnpm3yqj9p0xc"; + }; + + patches = [ ./zlib.patch ]; + + buildInputs = [ qt4 zlib gdb ]; + + buildPhase = '' + (cd plugins/RAMHashTables; qmake; make) + qmake + make + ''; + + installPhase = '' + install -vD omapd $out/bin/omapd + install -vD omapd.conf $out/etc/omapd.conf + install -vD plugins/libRAMHashTables.so $out/usr/lib/omapd/plugins/libRAMHashTables.so + ln -s $out/usr/lib/omapd/plugins $out/bin/plugins + ''; + + meta = with stdenv.lib; { + homepage = https://code.google.com/archive/p/omapd/; + description = "IF-MAP Server that implements the IF-MAP v1.1 and v2.0 specifications published by the Trusted Computing Group (TCG)"; + license = licenses.gpl3; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/omapd/zlib.patch b/nixpkgs/pkgs/tools/security/omapd/zlib.patch new file mode 100644 index 000000000000..dc0644f2a016 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/omapd/zlib.patch @@ -0,0 +1,9 @@ +diff -uNr omapd-0.9.2-old/omapd.pro omapd-0.9.2/omapd.pro +--- omapd-0.9.2-old/omapd.pro 2015-08-03 09:46:47.463420480 +0200 ++++ omapd-0.9.2/omapd.pro 2015-08-03 09:48:32.238657105 +0200 +@@ -37,4 +37,4 @@ + clientconfiguration.h \ + managementserver.h \ + json.h +-INCLUDEPATH += $$[QT_INSTALL_PREFIX]/src/3rdparty/zlib ++LIBS += -lz diff --git a/nixpkgs/pkgs/tools/security/onioncircuits/default.nix b/nixpkgs/pkgs/tools/security/onioncircuits/default.nix new file mode 100644 index 000000000000..898bfb599a31 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/onioncircuits/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchgit, pythonPackages, intltool, gtk3, gobject-introspection, gnome3 }: + +pythonPackages.buildPythonApplication rec { + name = "onioncircuits-${version}"; + version = "0.5"; + + src = fetchgit { + url = "https://git-tails.immerda.ch/onioncircuits/"; + rev = version; + sha256 = "13mqif9b9iajpkrl9ijspdnvy82kxhprxd5mw3njk68rcn4z2pcm"; + }; + + nativeBuildInputs = [ intltool ]; + buildInputs = [ intltool gtk3 gobject-introspection ]; + propagatedBuildInputs = with pythonPackages; [ stem distutils_extra pygobject3 ]; + + postFixup = '' + wrapProgram "$out/bin/onioncircuits" \ + --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ + --prefix XDG_DATA_DIRS : "$out/share:${gnome3.adwaita-icon-theme}/share" + ''; + + meta = with stdenv.lib; { + homepage = https://tails.boum.org; + description = "GTK application to display Tor circuits and streams"; + license = licenses.gpl3; + maintainers = [ maintainers.phreedom ]; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/open-ecard/default.nix b/nixpkgs/pkgs/tools/security/open-ecard/default.nix new file mode 100644 index 000000000000..98f2e56e7497 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/open-ecard/default.nix @@ -0,0 +1,64 @@ +{ stdenv, fetchurl, jre, pcsclite, makeDesktopItem, makeWrapper }: + +let + version = "1.2.4"; + + srcs = { + richclient = fetchurl { + url = "https://jnlp.openecard.org/richclient-${version}-20171212-0958.jar"; + sha256 = "1ckhyhszp4zhfb5mn67lz603b55z814jh0sz0q5hriqzx017j7nr"; + }; + cifs = fetchurl { + url = "https://jnlp.openecard.org/cifs-${version}-20171212-0958.jar"; + sha256 = "0rc862lx3y6sw87r1v5xjmqqpysyr1x6yqhycqmcdrwz0j3wykrr"; + }; + logo = fetchurl { + url = https://raw.githubusercontent.com/ecsec/open-ecard/1.2.3/gui/graphics/src/main/ext/oec_logo_bg-transparent.svg; + sha256 = "0rpmyv10vjx2yfpm03mqliygcww8af2wnrnrppmsazdplksaxkhs"; + }; + }; +in stdenv.mkDerivation rec { + appName = "open-ecard"; + name = "${appName}-${version}"; + + src = srcs.richclient; + + phases = "installPhase"; + + buildInputs = [ makeWrapper ]; + + desktopItem = makeDesktopItem { + name = appName; + desktopName = "Open eCard App"; + genericName = "eCard App"; + comment = "Client side implementation of the eCard-API-Framework"; + icon = "oec_logo_bg-transparent.svg"; + exec = appName; + categories = "Utility;Security;"; + }; + + installPhase = '' + mkdir -p $out/share/java + cp ${srcs.richclient} $out/share/java/richclient-${version}.jar + cp ${srcs.cifs} $out/share/java/cifs-${version}.jar + + mkdir -p $out/share/applications $out/share/pixmaps + cp $desktopItem/share/applications/* $out/share/applications + cp ${srcs.logo} $out/share/pixmaps/oec_logo_bg-transparent.svg + + mkdir -p $out/bin + makeWrapper ${jre}/bin/java $out/bin/${appName} \ + --add-flags "-cp $out/share/java/cifs-${version}.jar" \ + --add-flags "-jar $out/share/java/richclient-${version}.jar" \ + --suffix LD_LIBRARY_PATH ':' ${stdenv.lib.getLib pcsclite}/lib + ''; + + meta = with stdenv.lib; { + description = "Client side implementation of the eCard-API-Framework (BSI + TR-03112) and related international standards, such as ISO/IEC 24727"; + homepage = https://www.openecard.org/; + license = licenses.gpl3; + maintainers = with maintainers; [ sephalon ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/opencryptoki/default.nix b/nixpkgs/pkgs/tools/security/opencryptoki/default.nix new file mode 100644 index 000000000000..eff2211a71c5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/opencryptoki/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchFromGitHub, openssl, trousers, autoreconfHook, libtool, bison, flex }: + +stdenv.mkDerivation rec { + name = "opencryptoki-${version}"; + version = "3.8.2"; + + src = fetchFromGitHub { + owner = "opencryptoki"; + repo = "opencryptoki"; + rev = "v${version}"; + sha256 = "1rf7cmibmx636vzv7p54g212478a8wim2lfjf2861hfd0m96nv4l"; + }; + + nativeBuildInputs = [ autoreconfHook libtool bison flex ]; + buildInputs = [ openssl trousers ]; + + postPatch = '' + substituteInPlace configure.ac \ + --replace "usermod" "true" \ + --replace "groupadd" "true" \ + --replace "chmod" "true" \ + --replace "chgrp" "true" + substituteInPlace usr/lib/Makefile.am --replace "DESTDIR" "out" + ''; + + configureFlags = [ + "--prefix=$(out)" + "--disable-ccatok" + "--disable-icatok" + ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "PKCS#11 implementation for Linux"; + homepage = https://github.com/opencryptoki/opencryptoki; + license = licenses.cpl10; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/opensc/default.nix b/nixpkgs/pkgs/tools/security/opensc/default.nix new file mode 100644 index 000000000000..769b87fa8d31 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/opensc/default.nix @@ -0,0 +1,73 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, zlib, readline, openssl +, libiconv, pcsclite, libassuan, libXt, fetchpatch +, docbook_xsl, libxslt, docbook_xml_dtd_412 +, Carbon, PCSC, buildPackages +, withApplePCSC ? stdenv.isDarwin +}: + +stdenv.mkDerivation rec { + name = "opensc-${version}"; + version = "0.19.0"; + + src = fetchFromGitHub { + owner = "OpenSC"; + repo = "OpenSC"; + rev = version; + sha256 = "10575gb9l38cskq7swyjp0907wlziyxg4ppq33ndz319dsx69d87"; + }; + + patches = [ + (fetchpatch { + name = "CVE-2019-6502.patch"; + url = "https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9.patch"; + sha256 = "1y42lmz8i9w99hgpakdncnv8f94cqjfabz0v4xg6wfz9akl3ff7d"; + }) + ]; + + nativeBuildInputs = [ pkgconfig autoreconfHook ]; + buildInputs = [ + zlib readline openssl libassuan + libXt libxslt libiconv docbook_xml_dtd_412 + ] + ++ stdenv.lib.optional stdenv.isDarwin Carbon + ++ (if withApplePCSC then [ PCSC ] else [ pcsclite ]); + + NIX_CFLAGS_COMPILE = "-Wno-error"; + + configureFlags = [ + "--enable-zlib" + "--enable-readline" + "--enable-openssl" + "--enable-pcsc" + "--enable-sm" + "--enable-man" + "--enable-doc" + "--localstatedir=/var" + "--sysconfdir=/etc" + "--with-xsl-stylesheetsdir=${docbook_xsl}/xml/xsl/docbook" + "--with-pcsc-provider=${ + if withApplePCSC then + "${PCSC}/Library/Frameworks/PCSC.framework/PCSC" + else + "${stdenv.lib.getLib pcsclite}/lib/libpcsclite${stdenv.hostPlatform.extensions.sharedLibrary}" + }" + (stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) + "XSLTPROC=${buildPackages.libxslt}/bin/xsltproc") + ]; + + PCSC_CFLAGS = stdenv.lib.optionalString withApplePCSC + "-I${PCSC}/Library/Frameworks/PCSC.framework/Headers"; + + installFlags = [ + "sysconfdir=$(out)/etc" + "completiondir=$(out)/etc" + ]; + + meta = with stdenv.lib; { + description = "Set of libraries and utilities to access smart cards"; + homepage = https://github.com/OpenSC/OpenSC/wiki; + license = licenses.lgpl21Plus; + platforms = platforms.all; + maintainers = [ maintainers.erictapen ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ossec/default.nix b/nixpkgs/pkgs/tools/security/ossec/default.nix new file mode 100644 index 000000000000..7231f6821daf --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ossec/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, which }: + +stdenv.mkDerivation { + name = "ossec-client-2.6"; + + src = fetchurl { + url = https://www.ossec.net/files/ossec-hids-2.6.tar.gz; + + sha256 = "0k1b59wdv9h50gbyy88qw3cnpdm8hv0nrl0znm92h9a11i5b39ip"; + }; + + buildInputs = [ which ]; + + phases = [ "unpackPhase" "patchPhase" "buildPhase" ]; + + patches = [ ./no-root.patch ]; + + buildPhase = '' + echo "en + +agent +$out +no +127.0.0.1 +yes +yes +yes + + +" | ./install.sh + ''; + + meta = { + description = "Open soruce host-based instrusion detection system"; + homepage = http://www.ossec.net; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/ossec/no-root.patch b/nixpkgs/pkgs/tools/security/ossec/no-root.patch new file mode 100644 index 000000000000..ea6e9c54a9ae --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ossec/no-root.patch @@ -0,0 +1,176 @@ +diff -Naur ossec-hids-2.6-orig/install.sh ossec-hids-2.6/install.sh +--- ossec-hids-2.6-orig/install.sh 2011-07-11 15:36:58.000000000 -0400 ++++ ossec-hids-2.6/install.sh 2012-07-09 09:58:57.970692818 -0400 +@@ -119,14 +119,14 @@ + # Generate the /etc/ossec-init.conf + VERSION_FILE="./src/VERSION" + VERSION=`cat ${VERSION_FILE}` +- chmod 700 ${OSSEC_INIT} > /dev/null 2>&1 +- echo "DIRECTORY=\"${INSTALLDIR}\"" > ${OSSEC_INIT} +- echo "VERSION=\"${VERSION}\"" >> ${OSSEC_INIT} +- echo "DATE=\"`date`\"" >> ${OSSEC_INIT} +- echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT} +- chmod 600 ${OSSEC_INIT} +- cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT} +- chmod 644 ${INSTALLDIR}${OSSEC_INIT} ++ echo chmod 700 ${OSSEC_INIT} > /dev/null 2>&1 ++ echo "DIRECTORY=\"${INSTALLDIR}\"" > ${INSTALLDIR}${OSSEC_INIT} ++ echo "VERSION=\"${VERSION}\"" >> ${INSTALLDIR}${OSSEC_INIT} ++ echo "DATE=\"`date`\"" >> ${INSTALLDIR}${OSSEC_INIT} ++ echo "TYPE=\"${INSTYPE}\"" >> ${INSTALLDIR}${OSSEC_INIT} ++ echo chmod 600 ${OSSEC_INIT} ++ echo cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT} ++ echo chmod 644 ${INSTALLDIR}${OSSEC_INIT} + + + # If update_rules is set, we need to tweak +@@ -926,11 +926,6 @@ + catError "0x1-location"; + fi + +- # Must be root +- if [ ! "X$ME" = "Xroot" ]; then +- catError "0x2-beroot"; +- fi +- + # Checking dependencies + checkDependencies + +diff -Naur ossec-hids-2.6-orig/src/InstallAgent.sh ossec-hids-2.6/src/InstallAgent.sh +--- ossec-hids-2.6-orig/src/InstallAgent.sh 2011-07-11 15:36:58.000000000 -0400 ++++ ossec-hids-2.6/src/InstallAgent.sh 2012-07-09 09:56:12.061870552 -0400 +@@ -80,7 +80,7 @@ + else + grep "^${USER}" /etc/passwd > /dev/null 2>&1 + if [ ! $? = 0 ]; then +- /usr/sbin/groupadd ${GROUP} ++ echo /usr/sbin/groupadd ${GROUP} + + # We first check if /sbin/nologin is present. If it is not, + # we look for bin/false. If none of them is present, we +@@ -93,7 +93,7 @@ + OSMYSHELL="/bin/false" + fi + fi +- /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER} ++ echo /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER} + fi + fi + +@@ -105,31 +105,31 @@ + done + + # Default for all directories +-chmod -R 550 ${DIR} +-chown -R root:${GROUP} ${DIR} ++echo chmod -R 550 ${DIR} ++echo chown -R root:${GROUP} ${DIR} + + # To the ossec queue (default for agentd to read) +-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec +-chmod -R 770 ${DIR}/queue/ossec ++echo chown -R ${USER}:${GROUP} ${DIR}/queue/ossec ++echo chmod -R 770 ${DIR}/queue/ossec + + # For the logging user +-chown -R ${USER}:${GROUP} ${DIR}/logs +-chmod -R 750 ${DIR}/logs +-chmod -R 775 ${DIR}/queue/rids +-touch ${DIR}/logs/ossec.log +-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log +-chmod 664 ${DIR}/logs/ossec.log +- +-chown -R ${USER}:${GROUP} ${DIR}/queue/diff +-chmod -R 750 ${DIR}/queue/diff +-chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 ++echo chown -R ${USER}:${GROUP} ${DIR}/logs ++echo chmod -R 750 ${DIR}/logs ++echo chmod -R 775 ${DIR}/queue/rids ++echo touch ${DIR}/logs/ossec.log ++echo chown ${USER}:${GROUP} ${DIR}/logs/ossec.log ++echo chmod 664 ${DIR}/logs/ossec.log ++ ++echo chown -R ${USER}:${GROUP} ${DIR}/queue/diff ++echo chmod -R 750 ${DIR}/queue/diff ++echo chmod 740 ${DIR}/queue/diff/* "> /dev/null 2>&1" + + + + + # For the etc dir +-chmod 550 ${DIR}/etc +-chown -R root:${GROUP} ${DIR}/etc ++echo chmod 550 ${DIR}/etc ++echo chown -R root:${GROUP} ${DIR}/etc + + ls /etc/localtime > /dev/null 2>&1 + if [ $? = 0 ]; then +@@ -167,25 +167,25 @@ + cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 + cp -pr agentlessd/scripts/* ${DIR}/agentless/ + +-chown root:${GROUP} ${DIR}/etc/internal_options.conf +-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 +-chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1 +-chown root:${GROUP} ${DIR}/agentless/* +-chown ${USER}:${GROUP} ${DIR}/.ssh +-chown -R root:${GROUP} ${DIR}/etc/shared +- +-chmod 550 ${DIR}/etc +-chmod 440 ${DIR}/etc/internal_options.conf +-chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 +-chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1 +-chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it +-chmod 550 ${DIR}/agentless/* +-chmod 700 ${DIR}/.ssh ++echo chown root:${GROUP} ${DIR}/etc/internal_options.conf ++echo chown root:${GROUP} ${DIR}/etc/local_internal_options.conf "> /dev/null 2>&1" ++echo chown root:${GROUP} ${DIR}/etc/client.keys "> /dev/null 2>&1" ++echo chown root:${GROUP} ${DIR}/agentless/* ++echo chown ${USER}:${GROUP} ${DIR}/.ssh ++echo chown -R root:${GROUP} ${DIR}/etc/shared ++ ++echo chmod 550 ${DIR}/etc ++echo chmod 440 ${DIR}/etc/internal_options.conf ++echo chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 ++echo chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1 ++echo chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it ++echo chmod 550 ${DIR}/agentless/* ++echo chmod 700 ${DIR}/.ssh + + + # For the /var/run +-chmod 770 ${DIR}/var/run +-chown root:${GROUP} ${DIR}/var/run ++echo chmod 770 ${DIR}/var/run ++echo chown root:${GROUP} ${DIR}/var/run + + + # Moving the binary files +@@ -201,11 +201,11 @@ + sh ./init/fw-check.sh execute > /dev/null + cp -pr ../active-response/*.sh ${DIR}/active-response/bin/ + cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ +-chmod 755 ${DIR}/active-response/bin/* +-chown root:${GROUP} ${DIR}/active-response/bin/* ++echo chmod 755 ${DIR}/active-response/bin/* ++echo chown root:${GROUP} ${DIR}/active-response/bin/* + +-chown root:${GROUP} ${DIR}/bin/* +-chmod 550 ${DIR}/bin/* ++echo chown root:${GROUP} ${DIR}/bin/* ++echo chmod 550 ${DIR}/bin/* + + + # Moving the config file +@@ -221,8 +221,8 @@ + else + cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf + fi +-chown root:${GROUP} ${DIR}/etc/ossec.conf +-chmod 440 ${DIR}/etc/ossec.conf ++echo chown root:${GROUP} ${DIR}/etc/ossec.conf ++echo chmod 440 ${DIR}/etc/ossec.conf + + + diff --git a/nixpkgs/pkgs/tools/security/p0f/default.nix b/nixpkgs/pkgs/tools/security/p0f/default.nix new file mode 100644 index 000000000000..11e1f14baf9a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/p0f/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, libpcap, bash }: + +stdenv.mkDerivation rec { + name = "p0f-${version}"; + version = "3.09b"; + + src = fetchurl { + url = "http://lcamtuf.coredump.cx/p0f3/releases/${name}.tgz"; + sha256 = "0zqfq3gdnha29ckvlqmyp36c0jhj7f69bhqqx31yb6vkirinhfsl"; + }; + + buildInputs = [ libpcap ]; + + buildPhase = '' + substituteInPlace config.h --replace "p0f.fp" "$out/etc/p0f.fp" + substituteInPlace build.sh --replace "/bin/bash" "${bash}/bin/bash" + ./build.sh + cd tools && make && cd .. + ''; + + installPhase = '' + mkdir -p $out/sbin $out/etc + + cp ./p0f $out/sbin + cp ./p0f.fp $out/etc + + cp ./tools/p0f-client $out/sbin + cp ./tools/p0f-sendsyn $out/sbin + cp ./tools/p0f-sendsyn6 $out/sbin + ''; + + hardeningDisable = [ "format" ]; + + meta = { + description = "Passive network reconnaissance and fingerprinting tool"; + homepage = "http://lcamtuf.coredump.cx/p0f3/"; + license = stdenv.lib.licenses.lgpl21; + platforms = stdenv.lib.platforms.linux; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pamtester/default.nix b/nixpkgs/pkgs/tools/security/pamtester/default.nix new file mode 100644 index 000000000000..21f58ef517ee --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pamtester/default.nix @@ -0,0 +1,20 @@ +{ stdenv, fetchurl, pam }: + +stdenv.mkDerivation rec { + name = "pamtester-0.1.2"; + + src = fetchurl { + url = "mirror://sourceforge/pamtester/${name}.tar.gz"; + sha256 = "1mdj1wj0adcnx354fs17928yn2xfr1hj5mfraq282dagi873sqw3"; + }; + + buildInputs = [ pam ]; + + meta = with stdenv.lib; { + description = "Utility program to test the PAM facility"; + homepage = http://pamtester.sourceforge.net/; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/paperkey/default.nix b/nixpkgs/pkgs/tools/security/paperkey/default.nix new file mode 100644 index 000000000000..d7d1f1c40d47 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/paperkey/default.nix @@ -0,0 +1,34 @@ +{ fetchurl, stdenv }: + +stdenv.mkDerivation rec { + name = "paperkey-${version}"; + version = "1.6"; + + src = fetchurl { + url = "https://www.jabberwocky.com/software/paperkey/${name}.tar.gz"; + sha256 = "1xq5gni6gksjkd5avg0zpd73vsr97appksfx0gx2m38s4w9zsid2"; + }; + + postPatch = '' + for a in checks/*.sh ; do + substituteInPlace $a \ + --replace /bin/echo echo + done + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Store OpenPGP or GnuPG on paper"; + longDescription = '' + A reasonable way to achieve a long term backup of OpenPGP (GnuPG, PGP, etc) + keys is to print them out on paper. Paper and ink have amazingly long + retention qualities - far longer than the magnetic or optical means that + are generally used to back up computer data. + ''; + homepage = "https://www.jabberwocky.com/software/paperkey/"; + license = licenses.gpl2; + platforms = platforms.unix; + maintainers = with maintainers; [ skeidel ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/default.nix b/nixpkgs/pkgs/tools/security/pass/default.nix new file mode 100644 index 000000000000..8ddbd60a38d1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/default.nix @@ -0,0 +1,140 @@ +{ stdenv, lib, pkgs, fetchurl, buildEnv +, coreutils, gnused, getopt, git, tree, gnupg, openssl, which, procps +, qrencode , makeWrapper + +, xclip ? null, xdotool ? null, dmenu ? null +, x11Support ? !stdenv.isDarwin + +# For backwards-compatibility +, tombPluginSupport ? false +}: + +with lib; + +assert x11Support -> xclip != null + && xdotool != null + && dmenu != null; + +let + passExtensions = import ./extensions { inherit pkgs; }; + + env = extensions: + let + selected = extensions passExtensions + ++ stdenv.lib.optional tombPluginSupport passExtensions.tomb; + in buildEnv { + name = "pass-extensions-env"; + paths = selected; + buildInputs = concatMap (x: x.buildInputs) selected; + }; + + generic = extensionsEnv: extraPassthru: stdenv.mkDerivation rec { + version = "1.7.3"; + name = "password-store-${version}"; + + src = fetchurl { + url = "https://git.zx2c4.com/password-store/snapshot/${name}.tar.xz"; + sha256 = "1x53k5dn3cdmvy8m4fqdld4hji5n676ksl0ql4armkmsds26av1b"; + }; + + patches = [ ./set-correct-program-name-for-sleep.patch + ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; + + nativeBuildInputs = [ makeWrapper ]; + + buildInputs = [ extensionsEnv ]; + + installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; + + postInstall = '' + # Install Emacs Mode. NOTE: We can't install the necessary + # dependencies (s.el and f.el) here. The user has to do this + # himself. + mkdir -p "$out/share/emacs/site-lisp" + cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/" + '' + optionalString x11Support '' + cp "contrib/dmenu/passmenu" "$out/bin/" + ''; + + wrapperPath = with stdenv.lib; makeBinPath ([ + coreutils + getopt + git + gnupg + gnused + tree + which + qrencode + procps + ] ++ optional stdenv.isDarwin openssl + ++ ifEnable x11Support [ dmenu xclip xdotool ]); + + postFixup = '' + # Link extensions env + rmdir $out/lib/password-store/extensions + ln -s ${extensionsEnv}/lib/password-store/extensions $out/lib/password-store/. + for f in ${extensionsEnv}/share/man/man1/*.1.gz; do + ln -s $f $out/share/man/man1/ + done + + # Fix program name in --help + substituteInPlace $out/bin/pass \ + --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass" + + # Ensure all dependencies are in PATH + wrapProgram $out/bin/pass \ + --prefix PATH : "${wrapperPath}" + '' + stdenv.lib.optionalString x11Support '' + # We just wrap passmenu with the same PATH as pass. It doesn't + # need all the tools in there but it doesn't hurt either. + wrapProgram $out/bin/passmenu \ + --prefix PATH : "$out/bin:${wrapperPath}" + ''; + + # Turn "check" into "installcheck", since we want to test our pass, + # not the one before the fixup. + postPatch = '' + patchShebangs tests + + # the turning + sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \ + -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \ + -e '/which gpg/ d' \ + tests/setup.sh + '' + stdenv.lib.optionalString stdenv.isDarwin '' + # 'pass edit' uses hdid, which is not available from the sandbox. + rm -f tests/t0200-edit-tests.sh + ''; + + doCheck = false; + + doInstallCheck = true; + installCheckInputs = [ git ]; + installCheckTarget = "test"; + + passthru = { + extensions = passExtensions; + } // extraPassthru; + + meta = with stdenv.lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = https://www.passwordstore.org/; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + platforms = platforms.unix; + + longDescription = '' + pass is a very simple password store that keeps passwords inside gpg2 + encrypted files inside a simple directory tree residing at + ~/.password-store. The pass utility provides a series of commands for + manipulating the password store, allowing the user to add, remove, edit, + synchronize, generate, and manipulate passwords. + ''; + }; + }; + +in + +generic (env (_: [])) { + withExtensions = extensions: generic (env extensions) {}; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/audit.nix b/nixpkgs/pkgs/tools/security/pass/extensions/audit.nix new file mode 100644 index 000000000000..79dd1fadb01c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/audit.nix @@ -0,0 +1,42 @@ +{ stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper }: + +let + pythonEnv = pythonPackages.python.withPackages (p: [ p.requests ]); + +in stdenv.mkDerivation rec { + name = "pass-audit-${version}"; + version = "0.1"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-audit"; + rev = "v${version}"; + sha256 = "0v0db8bzpcaa7zqz17syn3c78mgvw4mpg8qg1gh5rmbjsjfxw6sm"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + buildInputs = [ pythonEnv ]; + + patchPhase = '' + sed -i -e "s|/usr/lib|$out/lib|" audit.bash + sed -i -e 's|$0|${pass}/bin/pass|' audit.bash + ''; + + dontBuild = true; + + installFlags = [ "PREFIX=$(out)" ]; + + postFixup = '' + wrapProgram $out/lib/password-store/extensions/audit.bash \ + --prefix PATH : "${pythonEnv}/bin" \ + --run "export PREFIX" + ''; + + meta = with stdenv.lib; { + description = "Pass extension for auditing your password repository."; + homepage = https://github.com/roddhjav/pass-audit; + license = licenses.gpl3Plus; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/default.nix b/nixpkgs/pkgs/tools/security/pass/extensions/default.nix new file mode 100644 index 000000000000..96d79a8daceb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: + +with pkgs; + +{ + pass-audit = callPackage ./audit.nix { + pythonPackages = python3Packages; + }; + pass-import = callPackage ./import.nix { + pythonPackages = python3Packages; + }; + pass-otp = callPackage ./otp.nix {}; + pass-tomb = callPackage ./tomb.nix {}; + pass-update = callPackage ./update.nix {}; + pass-genphrase = callPackage ./genphrase.nix {}; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix b/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix new file mode 100644 index 000000000000..ba3f821e88c6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "pass-genphrase-${version}"; + version = "0.1"; + + src = fetchFromGitHub { + owner = "congma"; + repo = "pass-genphrase"; + rev = "${version}"; + sha256 = "0vcg3b79n1r949qfn8ns85bq2mfsmbf4jw2dlzif8425n8ppfsgd"; + }; + + dontBuild = true; + + installTargets = "globalinstall"; + + installFlags = [ "PREFIX=$(out)" ]; + + postFixup = '' + substituteInPlace $out/lib/password-store/extensions/genphrase.bash \ + --replace '$EXTENSIONS' "$out/lib/password-store/extensions/" + ''; + + meta = with stdenv.lib; { + description = "Pass extension that generates memorable passwords"; + homepage = https://github.com/congma/pass-genphrase; + license = licenses.gpl3; + maintainers = with maintainers; [ seqizz ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix new file mode 100644 index 000000000000..0ee775bfbe8b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix @@ -0,0 +1,42 @@ +{ stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper }: + +let + pythonEnv = pythonPackages.python.withPackages (p: [ p.defusedxml ]); + +in stdenv.mkDerivation rec { + name = "pass-import-${version}"; + version = "2.3"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-import"; + rev = "v${version}"; + sha256 = "1209aqkiqqbir5yzwk5jvyk8c1fyrsj9igr3n4banf347rlwmzfv"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + buildInputs = [ pythonEnv ]; + + patchPhase = '' + sed -i -e 's|$0|${pass}/bin/pass|' import.bash + ''; + + dontBuild = true; + + installFlags = [ "PREFIX=$(out)" ]; + + postFixup = '' + wrapProgram $out/lib/password-store/extensions/import.bash \ + --prefix PATH : "${pythonEnv}/bin" \ + --run "export PREFIX" + ''; + + meta = with stdenv.lib; { + description = "Pass extension for importing data from existing password managers"; + homepage = https://github.com/roddhjav/pass-import; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix b/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix new file mode 100644 index 000000000000..6d35c4aa8375 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, oathToolkit }: + +stdenv.mkDerivation rec { + name = "pass-otp-${version}"; + version = "1.1.1"; + + src = fetchFromGitHub { + owner = "tadfisher"; + repo = "pass-otp"; + rev = "v${version}"; + sha256 = "0m8x5dqwcr9jim530685nsq4zn941hhl7ridmmd63b204z141rwa"; + }; + + buildInputs = [ oathToolkit ]; + + dontBuild = true; + + patchPhase = '' + sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash + ''; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with stdenv.lib; { + description = "A pass extension for managing one-time-password (OTP) tokens"; + homepage = https://github.com/tadfisher/pass-otp; + license = licenses.gpl3; + maintainers = with maintainers; [ jwiegley tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix b/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix new file mode 100644 index 000000000000..b9f458cd4e12 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub, tomb }: + +stdenv.mkDerivation rec { + name = "pass-tomb-${version}"; + version = "1.1"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-tomb"; + rev = "v${version}"; + sha256 = "0wxa673yyzasjlkpd5f3yl5zf7bhsw7h1jbhf6sdjz65bypr2596"; + }; + + buildInputs = [ tomb ]; + + dontBuild = true; + + installFlags = [ "PREFIX=$(out)" ]; + + postFixup = '' + substituteInPlace $out/lib/password-store/extensions/tomb.bash \ + --replace 'TOMB="''${PASSWORD_STORE_TOMB:-tomb}"' 'TOMB="''${PASSWORD_STORE_TOMB:-${tomb}/bin/tomb}"' + ''; + + meta = with stdenv.lib; { + description = "Pass extension that keeps the password store encrypted inside a tomb"; + homepage = https://github.com/roddhjav/pass-tomb; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/update.nix b/nixpkgs/pkgs/tools/security/pass/extensions/update.nix new file mode 100644 index 000000000000..dd145b069720 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/update.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "pass-update-${version}"; + version = "2.0"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-update"; + rev = "v${version}"; + sha256 = "0a81q0jfni185zmbislzbcv0qr1rdp0cgr9wf9riygis2xv6rs6k"; + }; + + dontBuild = true; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with stdenv.lib; { + description = "Pass extension that provides an easy flow for updating passwords"; + homepage = https://github.com/roddhjav/pass-update; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/no-darwin-getopt.patch b/nixpkgs/pkgs/tools/security/pass/no-darwin-getopt.patch new file mode 100644 index 000000000000..e8f7e138ff02 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/no-darwin-getopt.patch @@ -0,0 +1,9 @@ +diff -Naur password-store-1.6.5-orig/src/platform/darwin.sh password-store-1.6.5/src/platform/darwin.sh +--- password-store-1.6.5-orig/src/platform/darwin.sh 2015-01-28 16:43:02.000000000 +0000 ++++ password-store-1.6.5/src/platform/darwin.sh 2015-02-15 16:09:02.000000000 +0000 +@@ -31,5 +31,4 @@ + mount -t hfs -o noatime -o nobrowse "$DARWIN_RAMDISK_DEV" "$SECURE_TMPDIR" || die "Error: could not mount filesystem on ramdisk." + } + +-GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt" + SHRED="srm -f -z" diff --git a/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix b/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix new file mode 100644 index 000000000000..6140159dcb50 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix @@ -0,0 +1,57 @@ +{ stdenv, fetchFromGitHub, pass, rofi, coreutils, utillinux, xdotool, gnugrep +, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper +}: + +stdenv.mkDerivation rec { + name = "rofi-pass-${version}"; + version = "2.0.2"; + + src = fetchFromGitHub { + owner = "carnager"; + repo = "rofi-pass"; + rev = version; + sha256 = "131jpcwyyzgzjn9lx4k1zn95pd68pjw4i41jfzcp9z9fnazyln5n"; + }; + + buildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin + cp -a rofi-pass $out/bin/rofi-pass + + mkdir -p $out/share/doc/rofi-pass/ + cp -a config.example $out/share/doc/rofi-pass/config.example + ''; + + wrapperPath = with stdenv.lib; makeBinPath [ + coreutils + findutils + gawk + gnugrep + gnused + libnotify + (pass.withExtensions (ext: [ ext.pass-otp ])) + pwgen + rofi + utillinux + xclip + xdotool + ]; + + fixupPhase = '' + patchShebangs $out/bin + + wrapProgram $out/bin/rofi-pass \ + --prefix PATH : "${wrapperPath}" + ''; + + meta = { + description = "A script to make rofi work with password-store"; + homepage = https://github.com/carnager/rofi-pass; + maintainers = with stdenv.lib.maintainers; [ the-kenny ]; + license = stdenv.lib.licenses.gpl3; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch b/nixpkgs/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch new file mode 100644 index 000000000000..f3a844ad2d6d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch @@ -0,0 +1,69 @@ +From d11261c2ad184daf6e9edd777bc8a3372c277b4b Mon Sep 17 00:00:00 2001 +From: Johannes Frankenau <johannes@frankenau.net> +Date: Fri, 10 Aug 2018 09:49:57 +0200 +Subject: [PATCH] Patch the clip() function to work even when using + single-binary coreutils + +--- + src/password-store.sh | 4 ++-- + src/platform/cygwin.sh | 4 ++-- + src/platform/darwin.sh | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/password-store.sh b/src/password-store.sh +index 7264ffc..68551a4 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -155,11 +155,11 @@ clip() { + # variable. Specifically, it cannot store nulls nor (non-trivally) store + # trailing new lines. + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | $BASE64)" + echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" + ( +- ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" ) ++ ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") ) + local now="$(xclip -o -selection "$X_SELECTION" | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + +diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh +index 5a8d5ea..423e0ce 100644 +--- a/src/platform/cygwin.sh ++++ b/src/platform/cygwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$($BASE64 < /dev/clipboard)" + echo -n "$1" > /dev/clipboard + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$($BASE64 < /dev/clipboard)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + echo "$before" | $BASE64 -d > /dev/clipboard +diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh +index 342ecce..9e12837 100644 +--- a/src/platform/darwin.sh ++++ b/src/platform/darwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep for user $(id -u)" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(pbpaste | $BASE64)" + echo -n "$1" | pbcopy + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(pbpaste | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + echo "$before" | $BASE64 -d | pbcopy +-- +2.16.4 + diff --git a/nixpkgs/pkgs/tools/security/passff-host/default.nix b/nixpkgs/pkgs/tools/security/passff-host/default.nix new file mode 100644 index 000000000000..a97bc57ad45f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/passff-host/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchFromGitHub, python3, pass }: + +stdenv.mkDerivation rec { + name = "passff-host-${version}"; + version = "1.2.1"; + + src = fetchFromGitHub { + owner = "passff"; + repo = "passff-host"; + rev = version; + sha256 = "0ydfwvhgnw5c3ydx2gn5d7ys9g7cxlck57vfddpv6ix890v21451"; + }; + + buildInputs = [ python3 ]; + + patchPhase = '' + sed -i 's#COMMAND = "pass"#COMMAND = "${pass}/bin/pass"#' src/passff.py + ''; + + installPhase = '' + install -D bin/testing/passff.py $out/share/passff-host/passff.py + cp bin/testing/passff.json $out/share/passff-host/passff.json + substituteInPlace $out/share/passff-host/passff.json \ + --replace PLACEHOLDER $out/share/passff-host/passff.py + ''; + + meta = with stdenv.lib; { + description = "Host app for the WebExtension PassFF"; + homepage = https://github.com/passff/passff-host; + license = licenses.gpl2; + maintainers = with maintainers; [ nadrieril ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix b/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix new file mode 100644 index 000000000000..23a744f8e23d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix @@ -0,0 +1,37 @@ +{ stdenv, fetchurl, pkgconfig, libusb, pcsclite }: + +stdenv.mkDerivation rec { + name = "pcsc-cyberjack-${version}"; + version = "3.99.5_SP12"; + + src = with stdenv.lib; let + splittedVer = splitString "_" version; + mainVer = if length splittedVer >= 1 then head splittedVer else version; + spVer = optionalString (length splittedVer >= 1) ("." + last splittedVer); + tarballVersion = "${mainVer}final${spVer}"; + in fetchurl { + url = "http://support.reiner-sct.de/downloads/LINUX/V${version}" + + "/pcsc-cyberjack-${tarballVersion}.tar.bz2"; + sha256 = "04pkmybal56s5xnjld09vl1s1h6qf8mvhm41b758d6hi240kgp1j"; + }; + + outputs = [ "out" "tools" ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libusb pcsclite ]; + + configureFlags = [ + "--with-usbdropdir=${placeholder "out"}/pcsc/drivers" + "--bindir=${placeholder "tools"}/bin" + ]; + + postInstall = "make -C tools/cjflash install"; + + meta = with stdenv.lib; { + description = "REINER SCT cyberJack USB chipcard reader user space driver"; + homepage = https://www.reiner-sct.com/; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ aszlig ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix new file mode 100644 index 000000000000..88ca8a3d1b1a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchurl, unzip, libusb }: + +let + arch = if stdenv.hostPlatform.system == "i686-linux" then "32" + else if stdenv.hostPlatform.system == "x86_64-linux" then "64" + else throw "Unsupported system: ${stdenv.hostPlatform.system}"; +in +stdenv.mkDerivation rec { + name = "pcsc-scm-scl-${version}"; + version = "2.09"; + + src = fetchurl { + url = "http://files.identiv.com/products/smart-card-readers/contactless/scl010-011/Linux_Driver_Ver${version}.zip"; + sha256 = "0ik26sxgqgsqplksl87z61vwmx51k7plaqmrkdid7xidgfhfxr42"; + }; + + buildInputs = [ unzip ]; + + unpackPhase = '' + unzip $src + tar xf "Linux Driver Ver${version}/sclgeneric_${version}_linux_${arch}bit.tar.gz" + export sourceRoot=$(readlink -e sclgeneric_${version}_linux_${arch}bit) + ''; + + # Add support for SCL011 nPA (subsidized model for German eID) + patches = [ ./eid.patch ]; + + installPhase = '' + mkdir -p $out/pcsc/drivers + cp -r proprietary/*.bundle $out/pcsc/drivers + ''; + + libPath = stdenv.lib.makeLibraryPath [ libusb ]; + + fixupPhase = '' + patchelf --set-rpath $libPath \ + $out/pcsc/drivers/SCLGENERIC.bundle/Contents/Linux/libSCLGENERIC.so.${version}; + ''; + + meta = with stdenv.lib; { + description = "SCM Microsystems SCL011 chipcard reader user space driver"; + homepage = http://www.scm-pc-card.de/index.php?lang=en&page=product&function=show_product&product_id=630; + downloadPage = https://support.identiv.com/scl010-scl011/; + license = licenses.unfreeRedistributable; + maintainers = with maintainers; [ sephalon ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/eid.patch b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/eid.patch new file mode 100644 index 000000000000..6e7ffd60f72f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/eid.patch @@ -0,0 +1,28 @@ +diff --git a/proprietary/SCLGENERIC.bundle/Contents/Info.plist b/proprietary/SCLGENERIC.bundle/Contents/Info.plist +index 412d6b9..5d1c6cc 100755 +--- a/proprietary/SCLGENERIC.bundle/Contents/Info.plist ++++ b/proprietary/SCLGENERIC.bundle/Contents/Info.plist +@@ -34,6 +34,7 @@ + <string>0x04E6</string> + <string>0x04E6</string> + <string>0x04E6</string> ++ <string>0x04E6</string> + </array> + + <key>ifdProductID</key> +@@ -42,6 +43,7 @@ + <string>0x5291</string> + <string>0x5290</string> + <string>0x5293</string> ++ <string>0x5292</string> + </array> + + <key>ifdFriendlyName</key> +@@ -50,6 +52,7 @@ + <string>SCL010 Contactless Reader</string> + <string>SCR331CL-NTTCom</string> + <string>SCL011G Contactless Reader</string> ++ <string>SCM Microsystems, Inc. SCL011 RFID reader</string> + </array> + + </dict> diff --git a/nixpkgs/pkgs/tools/security/pcsclite/default.nix b/nixpkgs/pkgs/tools/security/pcsclite/default.nix new file mode 100644 index 000000000000..5c40ccdef584 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsclite/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchurl, pkgconfig, udev, dbus, perl, python2 +, IOKit ? null }: + +stdenv.mkDerivation rec { + name = "pcsclite-${version}"; + version = "1.8.25"; + + outputs = [ "bin" "out" "dev" "doc" "man" ]; + + src = fetchurl { + url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2"; + sha256 = "14l7irs1nsh8b036ag4cfy8wryyysch78scz5dw6xxqwqgnpjvfp"; + }; + + patches = [ ./no-dropdir-literals.patch ]; + + configureFlags = [ + # The OS should care on preparing the drivers into this location + "--enable-usbdropdir=/var/lib/pcsc/drivers" + "--enable-confdir=/etc" + "--enable-ipcdir=/run/pcscd" + ] ++ stdenv.lib.optional stdenv.isLinux + "--with-systemdsystemunitdir=\${out}/etc/systemd/system" + ++ stdenv.lib.optional (!stdenv.isLinux) + "--disable-libsystemd"; + + postConfigure = '' + sed -i -re '/^#define *PCSCLITE_HP_DROPDIR */ { + s/(DROPDIR *)(.*)/\1(getenv("PCSCLITE_HP_DROPDIR") ? : \2)/ + }' config.h + ''; + + postInstall = '' + # pcsc-spy is a debugging utility and it drags python into the closure + moveToOutput bin/pcsc-spy "$dev" + ''; + + nativeBuildInputs = [ pkgconfig perl python2 ]; + buildInputs = stdenv.lib.optionals stdenv.isLinux [ udev dbus ] + ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit ]; + + meta = with stdenv.lib; { + description = "Middleware to access a smart card using SCard API (PC/SC)"; + homepage = https://pcsclite.apdu.fr/; + license = licenses.bsd3; + platforms = with platforms; unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pcsclite/no-dropdir-literals.patch b/nixpkgs/pkgs/tools/security/pcsclite/no-dropdir-literals.patch new file mode 100644 index 000000000000..6e6734c95432 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsclite/no-dropdir-literals.patch @@ -0,0 +1,73 @@ +diff --git a/src/hotplug_libudev.c b/src/hotplug_libudev.c +index a8ba1b8..a53700b 100644 +--- a/src/hotplug_libudev.c ++++ b/src/hotplug_libudev.c +@@ -119,7 +119,8 @@ static LONG HPReadBundleValues(void) + + if (NULL == hpDir) + { +- Log1(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_ERROR, "Disabling USB support for pcscd."); + return -1; + } +@@ -722,7 +723,7 @@ ULONG HPRegisterForHotplugEvents(void) + + if (driverSize <= 0) + { +- Log1(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: " ++ Log2(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: %s", + PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_INFO, "Disabling USB support for pcscd"); + return 0; +diff --git a/src/hotplug_libusb.c b/src/hotplug_libusb.c +index eff8519..8dd496d 100644 +--- a/src/hotplug_libusb.c ++++ b/src/hotplug_libusb.c +@@ -138,7 +138,8 @@ static LONG HPReadBundleValues(void) + + if (hpDir == NULL) + { +- Log1(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_ERROR, "Disabling USB support for pcscd."); + return -1; + } +@@ -265,7 +266,8 @@ static LONG HPReadBundleValues(void) + + if (driverSize == 0) + { +- Log1(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_INFO, "Disabling USB support for pcscd"); + } + #ifdef DEBUG_HOTPLUG +diff --git a/src/hotplug_linux.c b/src/hotplug_linux.c +index bf69af8..64b0ed7 100644 +--- a/src/hotplug_linux.c ++++ b/src/hotplug_linux.c +@@ -130,8 +130,8 @@ static LONG HPReadBundleValues(void) + + if (hpDir == NULL) + { +- Log1(PCSC_LOG_INFO, +- "Cannot open PC/SC drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_INFO, "Cannot open PC/SC drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_INFO, "Disabling USB support for pcscd."); + return -1; + } +@@ -219,8 +219,8 @@ end: + + if (bundleSize == 0) + { +- Log1(PCSC_LOG_INFO, +- "No bundle files in pcsc drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_INFO, "Disabling USB support for pcscd"); + } + diff --git a/nixpkgs/pkgs/tools/security/pcsctools/default.nix b/nixpkgs/pkgs/tools/security/pcsctools/default.nix new file mode 100644 index 000000000000..24519654e9a5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsctools/default.nix @@ -0,0 +1,37 @@ +{ stdenv, lib, fetchurl, makeWrapper, pkgconfig, udev, dbus, pcsclite +, wget, coreutils, perlPackages +}: + +let deps = lib.makeBinPath [ wget coreutils ]; + +in stdenv.mkDerivation rec { + name = "pcsc-tools-1.5.4"; + + src = fetchurl { + url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${name}.tar.bz2"; + sha256 = "14vw6ya8gzyw3lzyrsvfcxx7qm7ry39fbxcdqqh552c1lyxnm7n3"; + }; + + buildInputs = [ udev dbus perlPackages.perl pcsclite ]; + + nativeBuildInputs = [ makeWrapper pkgconfig ]; + + postInstall = '' + wrapProgram $out/bin/scriptor \ + --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl ]}" + wrapProgram $out/bin/gscriptor \ + --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl Glib Gtk2 Pango Cairo ]}" + wrapProgram $out/bin/ATR_analysis \ + --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl ]}" + wrapProgram $out/bin/pcsc_scan \ + --set PATH "$out/bin:${deps}" + ''; + + meta = with lib; { + description = "Tools used to test a PC/SC driver, card or reader"; + homepage = http://ludovic.rousseau.free.fr/softwares/pcsc-tools/; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pdfcrack/default.nix b/nixpkgs/pkgs/tools/security/pdfcrack/default.nix new file mode 100644 index 000000000000..55d2505ed1cb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pdfcrack/default.nix @@ -0,0 +1,23 @@ +{ stdenv, lib, fetchurl }: + +stdenv.mkDerivation rec { + name = "pdfcrack-${version}"; + version = "0.17"; + + src = fetchurl { + url = "mirror://sourceforge/pdfcrack/pdfcrack/pdfcrack-${version}.tar.gz"; + sha256 = "15hfxwr9yfzkx842p0jjdjnjarny6qc5fwcpy2f6lnq047pb26sn"; + }; + + installPhase = '' + install -Dt $out/bin pdfcrack + ''; + + meta = with lib; { + homepage = http://pdfcrack.sourceforge.net/; + description = "Small command line driven tool for recovering passwords and content from PDF files"; + license = with licenses; [ gpl2 ]; + platforms = platforms.linux; + maintainers = with maintainers; [ qoelet ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pgpdump/default.nix b/nixpkgs/pkgs/tools/security/pgpdump/default.nix new file mode 100644 index 000000000000..9c8f47cd2756 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pgpdump/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub +, supportCompressedPackets ? true, zlib, bzip2 +}: + +stdenv.mkDerivation rec { + name = "pgpdump-${version}"; + version = "0.33"; + + src = fetchFromGitHub { + owner = "kazu-yamamoto"; + repo = "pgpdump"; + rev = "v${version}"; + sha256 = "0pi9qdbmcmi58gmljin51ylbi3zkknl8fm26jm67cpl55hvfsn23"; + }; + + buildInputs = stdenv.lib.optionals supportCompressedPackets [ zlib bzip2 ]; + + meta = with stdenv.lib; { + description = "A PGP packet visualizer"; + longDescription = '' + pgpdump is a PGP packet visualizer which displays the packet format of + OpenPGP (RFC 4880) and PGP version 2 (RFC 1991). + ''; + homepage = http://www.mew.org/~kazu/proj/pgpdump/en/; + license = licenses.bsd3; + platforms = platforms.unix; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix b/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix new file mode 100644 index 000000000000..93dc75c1f32d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl, openssl, libssh2, gpgme }: + +stdenv.mkDerivation rec { + pname = "phrasendrescher"; + version = "1.2.2c"; + + src = fetchurl { + url = "http://leidecker.info/projects/${pname}/${pname}-${version}.tar.gz"; + sha256 = "18vg6h294219v14x5zqm8ddmq5amxlbz7pw81lcmpz8v678kwyph"; + }; + + postPatch = '' + substituteInPlace configure \ + --replace 'SSL_LIB="ssl"' 'SSL_LIB="crypto"' + ''; + + buildInputs = [ openssl libssh2 gpgme ]; + + configureFlags = "--with-plugins"; + + meta = with stdenv.lib; { + description = "A modular and multi processing pass phrase cracking tool"; + homepage = "http://leidecker.info/projects/phrasendrescher/index.shtml"; + license = licenses.gpl2Plus; + platforms = platforms.all; + maintainers = with maintainers; [ bjornfor ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pinentry/default.nix b/nixpkgs/pkgs/tools/security/pinentry/default.nix new file mode 100644 index 000000000000..ba7ef7a3cfdd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pinentry/default.nix @@ -0,0 +1,54 @@ +{ fetchurl, fetchpatch, stdenv, lib, pkgconfig +, libgpgerror, libassuan, libcap ? null, libsecret ? null, ncurses ? null, gtk2 ? null, gcr ? null, qt ? null +, enableEmacs ? false +}: + +stdenv.mkDerivation rec { + name = "pinentry-1.1.0"; + + src = fetchurl { + url = "mirror://gnupg/pinentry/${name}.tar.bz2"; + sha256 = "0w35ypl960pczg5kp6km3dyr000m1hf0vpwwlh72jjkjza36c1v8"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libgpgerror libassuan libcap libsecret gtk2 gcr ncurses qt ]; + + prePatch = '' + substituteInPlace pinentry/pinentry-curses.c --replace ncursesw ncurses + ''; + + patches = lib.optionals (gtk2 != null) [ + (fetchpatch { + url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/" + + "0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch"; + sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd"; + }) + ]; + + configureFlags = [ + (stdenv.lib.withFeature (libcap != null) "libcap") + (stdenv.lib.enableFeature (libsecret != null) "libsecret") + (stdenv.lib.enableFeature (ncurses != null) "pinentry-curses") + (stdenv.lib.enableFeature true "pinentry-tty") + (stdenv.lib.enableFeature enableEmacs "pinentry-emacs") + (stdenv.lib.enableFeature (gtk2 != null) "pinentry-gtk2") + (stdenv.lib.enableFeature (gcr != null) "pinentry-gnome3") + (stdenv.lib.enableFeature (qt != null) "pinentry-qt") + + "--with-libassuan-prefix=${libassuan.dev}" + "--with-libgpg-error-prefix=${libgpgerror.dev}" + ]; + + meta = with stdenv.lib; { + homepage = http://gnupg.org/aegypten2/; + description = "GnuPG’s interface to passphrase input"; + license = licenses.gpl2Plus; + platforms = platforms.all; + longDescription = '' + Pinentry provides a console and (optional) GTK+ and Qt GUIs allowing users + to enter a passphrase when `gpg' or `gpg2' is run and needs it. + ''; + maintainers = [ maintainers.ttuegel ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pinentry/mac.nix b/nixpkgs/pkgs/tools/security/pinentry/mac.nix new file mode 100644 index 000000000000..8168aa94b3d2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pinentry/mac.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, xcbuildHook, libiconv, Cocoa, ncurses, cf-private }: + +stdenv.mkDerivation rec { + name = "pinentry-mac-0.9.4"; + + src = fetchFromGitHub { + owner = "matthewbauer"; + repo = "pinentry-mac"; + rev = "6dfef256c8ea32d642fea847f27d800f024cf51e"; + sha256 = "0g75302697gqcxyf2hyqzvcbd5pyss1bl2xvfd40wqav7dlyvj83"; + }; + + nativeBuildInputs = [ xcbuildHook ]; + + buildInputs = [ + libiconv Cocoa ncurses + # Needed for OBJC_CLASS_$_NSArray symbols. + cf-private + ]; + + installPhase = '' + mkdir -p $out/Applications + mv Products/Release/pinentry-mac.app $out/Applications + ''; + + passthru = { + binaryPath = "Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac"; + }; + + meta = { + description = "Pinentry for GPG on Mac"; + license = stdenv.lib.licenses.gpl2Plus; + homepage = https://github.com/GPGTools/pinentry-mac; + platforms = stdenv.lib.platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pius/default.nix b/nixpkgs/pkgs/tools/security/pius/default.nix new file mode 100644 index 000000000000..fba92bd47acb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pius/default.nix @@ -0,0 +1,41 @@ +{ fetchFromGitHub, stdenv, pythonPackages, gnupg, perl }: + +let version = "2.2.7"; in +pythonPackages.buildPythonApplication { + name = "pius-${version}"; + namePrefix = ""; + + src = fetchFromGitHub { + owner = "jaymzh"; + repo = "pius"; + rev = "v${version}"; + sha256 = "1kjj44lf9di4ylvmc949dxncllzd8afp0yknr3152dmxkw1vl127"; + }; + + patchPhase = '' + for file in libpius/constants.py pius-keyring-mgr; do + sed -i "$file" -E -e's|/usr/bin/gpg2?|${gnupg}/bin/gpg|g' + done + ''; + + nativeBuildInputs = [ perl ]; + propagatedBuildInputs = with pythonPackages; [ six ]; + + meta = { + homepage = https://www.phildev.net/pius/; + + description = "PGP Individual UID Signer (PIUS), quickly and easily sign UIDs on a set of PGP keys"; + + longDescription = + '' This software will allow you to quickly and easily sign each UID on + a set of PGP keys. It is designed to take the pain out of the + sign-all-the-keys part of PGP Keysigning Party while adding security + to the process. + ''; + + license = stdenv.lib.licenses.gpl2; + + platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ fuuzetsu kierdavis ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/polkit-gnome/default.nix b/nixpkgs/pkgs/tools/security/polkit-gnome/default.nix new file mode 100644 index 000000000000..559911699680 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/polkit-gnome/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, polkit, gtk3, pkgconfig, intltool }: +stdenv.mkDerivation rec { + pname = "polkit-gnome"; + version = "0.105"; + + src = fetchurl { + url = "mirror://gnome/sources/polkit-gnome/${version}/${pname}-${version}.tar.xz"; + sha256 = "0sckmcbxyj6sbrnfc5p5lnw27ccghsid6v6wxq09mgxqcd4lk10p"; + }; + + buildInputs = [ polkit gtk3 ]; + nativeBuildInputs = [ pkgconfig intltool ]; + + configureFlags = [ "--disable-introspection" ]; + + # Desktop file from Debian + postInstall = '' + mkdir -p $out/etc/xdg/autostart + substituteAll ${./polkit-gnome-authentication-agent-1.desktop} $out/etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop + ''; + + meta = { + homepage = "https://gitlab.gnome.org/Archive/policykit-gnome"; + description = "A dbus session bus service that is used to bring up authentication dialogs"; + license = stdenv.lib.licenses.lgpl2Plus; + maintainers = with stdenv.lib.maintainers; [ phreedom ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop b/nixpkgs/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop new file mode 100644 index 000000000000..5ddda50cb015 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop @@ -0,0 +1,88 @@ +[Desktop Entry] +Name=PolicyKit Authentication Agent +Name[ar]=مدير الاستيثاق PolicyKit +Name[be]=PolicyKit - аґент аўтэнтыфікацыі +Name[bn_IN]=PolicyKit অনুমোদনের এজেন্ট +Name[ca]=Agent d'autenticació del PolicyKit +Name[cs]=Ověřovací agent PolicyKit +Name[da]=Godkendelsesprogrammet PolicyKit +Name[de]=Legitimationsdienst von PolicyKit +Name[el]=Πράκτορας πιστοποίησης PolicyKit +Name[en_GB]=PolicyKit Authentication Agent +Name[es]=Agente de autenticación de PolicyKit +Name[eu]=PolicyKit autentifikatzeko agentea +Name[fi]=PolicytKit-tunnistautumisohjelma +Name[fr]=Agent d'authentification de PolicyKit +Name[gl]=Axente de autenticación PolicyKit +Name[gu]=PolicyKit સત્તાધિકરણ એજન્ટ +Name[hi]=PolicyKit प्रमाणीकरण प्रतिनिधि +Name[hu]=PolicyKit hitelesítési ügynök +Name[it]=Agente di autenticazione per PolicyKit +Name[ja]=PolicyKit 認証エージェント +Name[kn]=PolicyKit ದೃಢೀಕರಣ ಮಧ್ಯವರ್ತಿ +Name[lt]=PolicyKit tapatybės nustatymo agentas +Name[ml]=പോളിസിക്കിറ്റ് ഓഥന്റിക്കേഷന് ഏജന്റ് +Name[mr]=PolicyKit ऑथेंटीकेशन एजेंट +Name[or]=PolicyKit ବୈଧିକରଣ ସଦସ୍ୟ +Name[pa]=ਪਾਲਸੀਕਿੱਟ ਪਰਮਾਣਕਿਤਾ ਏਜੰਟ +Name[pl]=Agent uwierzytelniania PolicyKit +Name[pt]=Agente de Autenticação PolicyKit +Name[pt_BR]=Agente de autenticação PolicyKit +Name[ro]=Agent de autentificare PolicyKit +Name[sk]=Agent PolicyKit na overovanie totožnosti +Name[sl]=PolicyKit program overjanja +Name[sv]=Autentiseringsagent för PolicyKit +Name[ta]=PolicyKit அங்கீகார முகவர் +Name[te]=పాలసీకిట్ ధృవీకరణ ప్రతినిధి +Name[th]=ตัวกลางสำหรับยืนยันตัวบุคคล PolicyKit +Name[uk]=Агент автентифікації PolicyKit +Name[zh_CN]=PolicyKit 认证代理 +Name[zh_HK]=PolicyKit 驗證代理程式 +Name[zh_TW]=PolicyKit 驗證代理程式 +Comment=PolicyKit Authentication Agent +Comment[ar]=مدير الاستيثاق PolicyKit +Comment[be]=PolicyKit - аґент аўтэнтыфікацыі +Comment[bn_IN]=PolicyKit অনুমোদনের এজেন্ট +Comment[ca]=Agent d'autenticació del PolicyKit +Comment[cs]=Ověřovací agent PolicyKit +Comment[da]=Godkendelsesprogrammet PolicyKit +Comment[de]=Legitimationsdienst von PolicyKit +Comment[el]=Πράκτορας πιστοποίησης PolicyKit +Comment[en_GB]=PolicyKit Authentication Agent +Comment[es]=Agente de autenticación de PolicyKit +Comment[eu]=PolicyKit autentifikatzeko agentea +Comment[fi]=PolicytKit-tunnistautumisohjelma +Comment[fr]=Agent d'authentification de PolicyKit +Comment[gl]=Axente de autenticación PolicyKit +Comment[gu]=PolicyKit સત્તાધિકરણ એજન્ટ +Comment[hi]=PolicyKit प्रमाणीकरण प्रतिनिधि +Comment[hu]=PolicyKit hitelesítési ügynök +Comment[it]=Agente di autenticazione per PolicyKit +Comment[ja]=PolicyKit 認証エージェント +Comment[kn]=PolicyKit ದೃಢೀಕರಣ ಮಧ್ಯವರ್ತಿ +Comment[lt]=PolicyKit tapatybės nustatymo agentas +Comment[ml]=പോളിസിക്കിറ്റ് ഓഥന്റിക്കേഷന് ഏജന്റ് +Comment[mr]=PolicyKit ऑथेंटीकेशन एजेंट +Comment[or]=PolicyKit ବୈଧିକରଣ ସଦସ୍ୟ +Comment[pa]=ਪਾਲਸੀਕਿੱਟ ਪਰਮਾਣਕਿਤਾ ਏਜੰਟ +Comment[pl]=Agent uwierzytelniania PolicyKit +Comment[pt]=Agente de Autenticação PolicyKit +Comment[pt_BR]=Agente de autenticação PolicyKit +Comment[ro]=Agent de autentificare PolicyKit +Comment[sk]=Agent PolicyKit na overovanie totožnosti +Comment[sl]=PolicyKit program overjanja +Comment[sv]=Autentiseringsagent för PolicyKit +Comment[ta]=PolicyKit அங்கீகார முகவர் +Comment[te]=పాలసీకిట్ ధృవీకరణ ప్రతినిధి +Comment[th]=ตัวกลางสำหรับยืนยันตัวบุคคล PolicyKit +Comment[uk]=Агент автентифікації PolicyKit +Comment[zh_CN]=PolicyKit 认证代理 +Comment[zh_HK]=PolicyKit 驗證代理程式 +Comment[zh_TW]=PolicyKit 驗證代理程式 +Exec=@out@/libexec/polkit-gnome-authentication-agent-1 +Terminal=false +Type=Application +Categories= +NoDisplay=true +OnlyShowIn=GNOME;XFCE;Unity; +AutostartCondition=GNOME3 unless-session gnome diff --git a/nixpkgs/pkgs/tools/security/prey/default.nix b/nixpkgs/pkgs/tools/security/prey/default.nix new file mode 100644 index 000000000000..b24af50ee7c2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/prey/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchurl, fetchgit, curl, scrot, imagemagick, xawtv, inetutils, makeWrapper, coreutils +, apiKey ? "" +, deviceKey ? "" }: + +# TODO: this should assert keys are set, somehow if set through .override assertion fails +#assert apiKey != ""; +#assert deviceKey != ""; + +let + modulesSrc = fetchgit { + url = "git://github.com/prey/prey-bash-client-modules.git"; + rev = "aba260ef110834cb2e92923a31f50c15970639ee"; + sha256 = "9cb1ad813d052a0a3e3bbdd329a8711ae3272e340379489511f7dd578d911e30"; + }; +in stdenv.mkDerivation rec { + name = "prey-bash-client-${version}"; + version = "0.6.0"; + + src = fetchurl { + url = "https://github.com/prey/prey-bash-client/archive/v${version}.tar.gz"; + sha256 = "09cb15jh4jdwvix9nx048ajkw2r5jaflk68y3rkha541n8n0qwh0"; + }; + + buildInputs = [ curl scrot imagemagick xawtv makeWrapper ]; + + phases = "unpackPhase installPhase"; + + installPhase = '' + substituteInPlace config --replace api_key=\'\' "api_key='${apiKey}'" + substituteInPlace config --replace device_key=\'\' "device_key='${deviceKey}'" + + substituteInPlace prey.sh --replace /bin/bash $(type -Pp bash) + mkdir -p $out/modules + cp -R . $out + cp -R ${modulesSrc}/* $out/modules/ + wrapProgram "$out/prey.sh" \ + --prefix PATH ":" "${stdenv.lib.makeBinPath [ xawtv imagemagick curl scrot inetutils coreutils ]}" \ + --set CURL_CA_BUNDLE "/etc/ssl/certs/ca-certificates.crt" + ''; + + meta = with stdenv.lib; { + homepage = https://preyproject.com; + description = "Proven tracking software that helps you find, lock and recover your devices when stolen or missing"; + maintainers = with maintainers; [ domenkozar ]; + license = licenses.gpl3; + platforms = with platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/proxmark3/default.nix b/nixpkgs/pkgs/tools/security/proxmark3/default.nix new file mode 100644 index 000000000000..afaed796057c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/proxmark3/default.nix @@ -0,0 +1,37 @@ +{ stdenv, fetchFromGitHub, pkgconfig, ncurses, readline }: + +stdenv.mkDerivation rec { + pname = "proxmark3"; + version = "3.1.0"; + + src = fetchFromGitHub { + owner = "Proxmark"; + repo = pname; + rev = "v${version}"; + sha256 = "1qw28n1bhhl91ix77lv50qcr919fq3hjc8zhhqphwxal2svgx2jf"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ ncurses readline ]; + + postPatch = '' + substituteInPlace client/Makefile --replace '-ltermcap' ' ' + substituteInPlace liblua/Makefile --replace '-ltermcap' ' ' + ''; + + preBuild = '' + cd client + ''; + + installPhase = '' + mkdir -p $out/bin + cp proxmark3 $out/bin + ''; + + meta = with stdenv.lib; { + description = "Client for proxmark3, powerful general purpose RFID tool"; + homepage = http://www.proxmark.org; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ fpletz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pwgen/default.nix b/nixpkgs/pkgs/tools/security/pwgen/default.nix new file mode 100644 index 000000000000..79e8fb071b37 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pwgen/default.nix @@ -0,0 +1,16 @@ +{stdenv, fetchurl, autoreconfHook}: +stdenv.mkDerivation { + name = "pwgen-2.08"; + + src = fetchurl { + url = https://github.com/tytso/pwgen/archive/v2.08.tar.gz; + sha256 = "8d6e94f28655e61d6126290e3eafad4d17d7fba0d0d354239522a740a270bb2f"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + meta = { + description = "Password generator which creates passwords which can be easily memorized by a human"; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/qdigidoc/default.nix b/nixpkgs/pkgs/tools/security/qdigidoc/default.nix new file mode 100644 index 000000000000..17bbf982255b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/qdigidoc/default.nix @@ -0,0 +1,50 @@ +{ stdenv, fetchgit, fetchurl, cmake, darkhttpd, gettext, makeWrapper, pkgconfig +, libdigidocpp, opensc, openldap, openssl, pcsclite, qtbase, qttranslations, qtsvg }: + +stdenv.mkDerivation rec { + name = "qdigidoc-${version}"; + version = "4.1.0"; + + src = fetchgit { + url = "https://github.com/open-eid/DigiDoc4-Client"; + rev = "v${version}"; + sha256 = "1iry36h3pfnw2gqjnfhv53i2svybxj8jf18qh486djyai84hjr4d"; + fetchSubmodules = true; + }; + + tsl = fetchurl { + url = "https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml"; + sha256 = "0llr2fj8vd097hcr1d0xmzdy4jydv0b5j5qlksbjffs22rqgal14"; + }; + + nativeBuildInputs = [ cmake darkhttpd gettext makeWrapper pkgconfig ]; + + postPatch = '' + substituteInPlace client/CMakeLists.txt \ + --replace $\{TSL_URL} file://${tsl} + ''; + + buildInputs = [ + libdigidocpp + opensc + openldap + openssl + pcsclite + qtbase + qtsvg + qttranslations + ]; + + postInstall = '' + wrapProgram $out/bin/qdigidoc4 \ + --prefix LD_LIBRARY_PATH : ${opensc}/lib/pkcs11/ + ''; + + meta = with stdenv.lib; { + description = "Qt-based UI for signing and verifying DigiDoc documents"; + homepage = https://www.id.ee/; + license = licenses.lgpl21Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ yegortimoshenko ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/qesteidutil/default.nix b/nixpkgs/pkgs/tools/security/qesteidutil/default.nix new file mode 100644 index 000000000000..f8b110ce2213 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/qesteidutil/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub +, cmake, ccid, qttools, qttranslations +, pkgconfig, pcsclite, hicolor-icon-theme +}: + +stdenv.mkDerivation rec { + version = "2018-08-21"; + name = "qesteidutil-${version}"; + + src = fetchFromGitHub { + owner = "open-eid"; + repo = "qesteidutil"; + # TODO: Switch back to this after next release. + #rev = "v${version}"; + rev = "3bb65ef345aaa0d589b37a5d0d6f5772e95b0cd7"; + sha256 = "13xsw5gh4svp9a5nxcqv72mymivr7w1cyjbv2l6yf96m45bsd9x4"; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ cmake ccid qttools pcsclite qttranslations + hicolor-icon-theme + ]; + + meta = with stdenv.lib; { + description = "UI application for managing smart card PIN/PUK codes and certificates"; + homepage = http://www.id.ee/; + license = licenses.lgpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ jagajaga domenkozar ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/radamsa/default.nix b/nixpkgs/pkgs/tools/security/radamsa/default.nix new file mode 100644 index 000000000000..7a78233dbced --- /dev/null +++ b/nixpkgs/pkgs/tools/security/radamsa/default.nix @@ -0,0 +1,43 @@ +{ stdenv, fetchurl, fetchFromGitLab, bash }: + +let + # Fetch explicitly, otherwise build will try to do so + owl = fetchurl { + name = "ol.c.gz"; + url = "https://gitlab.com/owl-lisp/owl/uploads/0d0730b500976348d1e66b4a1756cdc3/ol-0.1.19.c.gz"; + sha256 = "0kdmzf60nbpvdn8j3l51i9lhcwfi4aw1zj4lhbp4adyg8n8pp4c6"; + }; +in +stdenv.mkDerivation rec { + pname = "radamsa"; + version = "0.6"; + + src = fetchFromGitLab { + owner = "akihe"; + repo = pname; + rev = "v${version}"; + sha256 = "0mi1mwvfnlpblrbmp0rcyf5p74m771z6nrbsly6cajyn4mlpmbaq"; + }; + + patchPhase = '' + substituteInPlace ./tests/bd.sh \ + --replace "/bin/echo" echo + + ln -s ${owl} ol.c.gz + + patchShebangs tests + ''; + + makeFlags = [ "PREFIX=${placeholder "out"}" "BINDIR=" ]; + + checkInputs = [ bash ]; + doCheck = true; + + meta = { + description = "A general purpose fuzzer"; + longDescription = "Radamsa is a general purpose data fuzzer. It reads data from given sample files, or standard input if none are given, and outputs modified data. It is usually used to generate malformed data for testing programs."; + homepage = https://gitlab.com/akihe/radamsa; + maintainers = [ stdenv.lib.maintainers.markWot ]; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rarcrack/default.nix b/nixpkgs/pkgs/tools/security/rarcrack/default.nix new file mode 100644 index 000000000000..3491feccc45c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rarcrack/default.nix @@ -0,0 +1,39 @@ +{stdenv, fetchFromGitHub, libxml2, file, p7zip, unrar, unzip}: + +stdenv.mkDerivation rec { + name = "rarcrack-${version}"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "jaredsburrows"; + repo = "Rarcrack"; + rev = "35ead64cd2b967eec3e3e3a4c328b89b11ff32a0"; + sha256 = "134fq84896w5vp8vg4qg0ybpb466njibigyd7bqqm1xydr07qrgn"; + }; + + buildInputs = [ libxml2 file p7zip unrar unzip ]; + buildFlags = if stdenv.cc.isClang then [ "CC=clang" ] else null; + installFlags = "PREFIX=\${out}"; + + patchPhase = '' + substituteInPlace rarcrack.c --replace "file -i" "${file}/bin/file -i" + ''; + + preInstall = '' + mkdir -p $out/bin + ''; + + meta = with stdenv.lib; { + description = "This program can crack zip,7z and rar file passwords"; + longDescription = '' + If you forget your password for compressed archive (rar, 7z, zip), this program is the solution. + This program uses bruteforce algorithm to find correct password. You can specify wich characters will be used in password generations. + Warning: Please don't use this program for any illegal things! + ''; + homepage = https://github.com/jaredsburrows/Rarcrack; + license = licenses.gpl2; + maintainers = with maintainers; [ davidak ]; + platforms = with platforms; unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/rhash/default.nix b/nixpkgs/pkgs/tools/security/rhash/default.nix new file mode 100644 index 000000000000..5e622cf68f35 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rhash/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, which }: + +stdenv.mkDerivation rec { + version = "1.3.8"; + name = "rhash-${version}"; + + src = fetchFromGitHub { + owner = "rhash"; + repo = "RHash"; + rev = "v${version}"; + sha256 = "0i00wl63hn80g0s9gdi772gchbghwgkvn4nbb5227y2wwy30yyi2"; + }; + + nativeBuildInputs = [ which ]; + + # configure script is not autotools-based, doesn't support these options + configurePlatforms = [ ]; + + doCheck = true; + + checkTarget = "test-full"; + + installTargets = [ "install" "install-lib-shared" "install-lib-so-link" "install-lib-headers" ]; + + meta = with stdenv.lib; { + homepage = http://rhash.anz.ru; + description = "Console utility and library for computing and verifying hash sums of files"; + platforms = platforms.all; + maintainers = [ maintainers.andrewrk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rng-tools/default.nix b/nixpkgs/pkgs/tools/security/rng-tools/default.nix new file mode 100644 index 000000000000..41faa375f83d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rng-tools/default.nix @@ -0,0 +1,66 @@ +{ stdenv, fetchFromGitHub, libtool, autoreconfHook, pkgconfig +, sysfsutils + # WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS + # https://www.nist.gov/programs-projects/nist-randomness-beacon +, curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false + # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source +, libgcrypt ? null, withGcrypt ? true + # Not sure if jitterentropy is safe to use for cryptography + # and thus a default entropy source +, jitterentropy ? null, withJitterEntropy ? false +, libp11 ? null, opensc ? null, withPkcs11 ? true +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + pname = "rng-tools"; + version = "6.7"; + + src = fetchFromGitHub { + owner = "nhorman"; + repo = "rng-tools"; + rev = "v${version}"; + sha256 = "19f75m6mzg8h7b4snzg7d6ypvkz6nq32lrpi9ja95gqz4wsd18a5"; + }; + + postPatch = '' + cp README.md README + + ${optionalString withPkcs11 '' + substituteInPlace rngd.c \ + --replace /usr/lib64/opensc-pkcs11.so ${opensc}/lib/opensc-pkcs11.so + ''} + ''; + + nativeBuildInputs = [ autoreconfHook libtool pkgconfig ]; + + configureFlags = [ + (withFeature withGcrypt "libgcrypt") + (enableFeature withJitterEntropy "jitterentropy") + (withFeature withNistBeacon "nistbeacon") + (withFeature withPkcs11 "pkcs11") + ]; + + buildInputs = [ sysfsutils ] + ++ optionals withGcrypt [ libgcrypt ] + ++ optionals withJitterEntropy [ jitterentropy ] + ++ optionals withNistBeacon [ curl libxml2 openssl ] + ++ optionals withPkcs11 [ libp11 openssl ]; + + # This shouldn't be necessary but is as of 6.7 + NIX_LDFLAGS = optionalString withPkcs11 "-lcrypto"; + + enableParallelBuilding = true; + + # For cross-compilation + makeFlags = [ "AR:=$(AR)" ]; + + meta = { + description = "A random number generator daemon"; + homepage = https://github.com/nhorman/rng-tools; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ johnazoidberg ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/saml2aws/default.nix b/nixpkgs/pkgs/tools/security/saml2aws/default.nix new file mode 100644 index 000000000000..888d3bb4018a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/saml2aws/default.nix @@ -0,0 +1,29 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "saml2aws-${version}"; + pname = "saml2aws"; + version = "2.15.0"; + + goPackagePath = "github.com/versent/saml2aws"; + goDeps = ./deps.nix; + + buildFlagsArray = '' + -ldflags=-X main.Version=${version} + ''; + + src = fetchFromGitHub { + rev = "v${version}"; + owner = "Versent"; + repo = "saml2aws"; + sha256 = "0pn4zdzisgan7vvgi7hp8716wsb2x33gq55c7fw1aa2qwy0bq3gp"; + }; + + meta = with stdenv.lib; { + description = "CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP"; + homepage = https://github.com/Versent/saml2aws; + license = licenses.mit; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.pmyjavec ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/saml2aws/deps.nix b/nixpkgs/pkgs/tools/security/saml2aws/deps.nix new file mode 100644 index 000000000000..08a26db91b10 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/saml2aws/deps.nix @@ -0,0 +1,372 @@ +# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix) +[ + { + goPackagePath = "github.com/99designs/keyring"; + fetch = { + type = "git"; + url = "https://github.com/99designs/keyring"; + rev = "82da6802f65f1ac7963cfc3b7c62ae12dab8ee5d"; + sha256 = "105ddy9vkjr6cmcm85qnxxlnsmkx2svm6bd80rzr9n6zyc5hhk7b"; + }; + } + { + goPackagePath = "github.com/AlecAivazis/survey"; + fetch = { + type = "git"; + url = "https://github.com/AlecAivazis/survey"; + rev = "e752db451e07e09c7d7dc8cada807a44bdb0fd47"; + sha256 = "00fhmsaymrf86pg246cqxvfrivgfkyg3i0aixsp3sn15hg3i0vlq"; + }; + } + { + goPackagePath = "github.com/Azure/go-ntlmssp"; + fetch = { + type = "git"; + url = "https://github.com/Azure/go-ntlmssp"; + rev = "4b934ac9dad38d389d34f0b98d98b2467c422012"; + sha256 = "0pwrax8mih2jgsdifag0346vh0vivgyz45jc4kjy6dhp3qhsy34z"; + }; + } + { + goPackagePath = "github.com/PuerkitoBio/goquery"; + fetch = { + type = "git"; + url = "https://github.com/PuerkitoBio/goquery"; + rev = "dc2ec5c7ca4d9aae063b79b9f581dd3ea6afd2b2"; + sha256 = "11010z9ask21r0dskvm2pbh3z8951bnpcqg8aqa213if4h34gaa2"; + }; + } + { + goPackagePath = "github.com/alecthomas/kingpin"; + fetch = { + type = "git"; + url = "https://github.com/alecthomas/kingpin"; + rev = "947dcec5ba9c011838740e680966fd7087a71d0d"; + sha256 = "0mndnv3hdngr3bxp7yxfd47cas4prv98sqw534mx7vp38gd88n5r"; + }; + } + { + goPackagePath = "github.com/alecthomas/template"; + fetch = { + type = "git"; + url = "https://github.com/alecthomas/template"; + rev = "a0175ee3bccc567396460bf5acd36800cb10c49c"; + sha256 = "0qjgvvh26vk1cyfq9fadyhfgdj36f1iapbmr5xp6zqipldz8ffxj"; + }; + } + { + goPackagePath = "github.com/alecthomas/units"; + fetch = { + type = "git"; + url = "https://github.com/alecthomas/units"; + rev = "2efee857e7cfd4f3d0138cc3cbb1b4966962b93a"; + sha256 = "1j65b91qb9sbrml9cpabfrcf07wmgzzghrl7809hjjhrmbzri5bl"; + }; + } + { + goPackagePath = "github.com/andybalholm/cascadia"; + fetch = { + type = "git"; + url = "https://github.com/andybalholm/cascadia"; + rev = "901648c87902174f774fac311d7f176f8647bdaa"; + sha256 = "09j8cavbhqqdxjqrkwbc40g8p0i49zf3184rpjm5p2rjbprcghcc"; + }; + } + { + goPackagePath = "github.com/aulanov/go.dbus"; + fetch = { + type = "git"; + url = "https://github.com/aulanov/go.dbus"; + rev = "25c3068a42a0b50b877953fb249dbcffc6bd1bca"; + sha256 = "0jh4jyxqhsl1rkzabhln7chw1jkzhqw2nn0mw79cmn8fyafi0rgn"; + }; + } + { + goPackagePath = "github.com/aws/aws-sdk-go"; + fetch = { + type = "git"; + url = "https://github.com/aws/aws-sdk-go"; + rev = "bfc1a07cf158c30c41a3eefba8aae043d0bb5bff"; + sha256 = "0vfpygjhdikmsqn9dgmp965ji5q790gcz9mg49mcpipc9n2lzx0d"; + }; + } + { + goPackagePath = "github.com/beevik/etree"; + fetch = { + type = "git"; + url = "https://github.com/beevik/etree"; + rev = "9d7e8feddccb4ed1b8afb54e368bd323d2ff652c"; + sha256 = "0f3lj7azxd5qq29hqd32211ds7n56i3rgmfll6c1f4css1f3srxg"; + }; + } + { + goPackagePath = "github.com/briandowns/spinner"; + fetch = { + type = "git"; + url = "https://github.com/briandowns/spinner"; + rev = "48dbb65d7bd5c74ab50d53d04c949f20e3d14944"; + sha256 = "1178kn72agihs13ffgm2sz5ad61pqwdmkrh8rhggzbaagch9mc75"; + }; + } + { + goPackagePath = "github.com/danieljoos/wincred"; + fetch = { + type = "git"; + url = "https://github.com/danieljoos/wincred"; + rev = "412b574fb496839b312a75fba146bd32a89001cf"; + sha256 = "1bb1928nnikx5036aw4152p55g8xgwx42rv0n2i5zydh1031f50m"; + }; + } + { + goPackagePath = "github.com/davecgh/go-spew"; + fetch = { + type = "git"; + url = "https://github.com/davecgh/go-spew"; + rev = "346938d642f2ec3594ed81d874461961cd0faa76"; + sha256 = "0d4jfmak5p6lb7n2r6yvf5p1zcw0l8j74kn55ghvr7zr7b7axm6c"; + }; + } + { + goPackagePath = "github.com/dvsekhvalnov/jose2go"; + fetch = { + type = "git"; + url = "https://github.com/dvsekhvalnov/jose2go"; + rev = "f21a8cedbbae609f623613ec8f81125c243212e6"; + sha256 = "1nzwvk6nqi7nm2wq4mr2q6k5p0qzsl0kmwx7kgkqsg1zh53250ld"; + }; + } + { + goPackagePath = "github.com/fatih/color"; + fetch = { + type = "git"; + url = "https://github.com/fatih/color"; + rev = "5b77d2a35fb0ede96d138fc9a99f5c9b6aef11b4"; + sha256 = "0v8msvg38r8d1iiq2i5r4xyfx0invhc941kjrsg5gzwvagv55inv"; + }; + } + { + goPackagePath = "github.com/go-ini/ini"; + fetch = { + type = "git"; + url = "https://github.com/go-ini/ini"; + rev = "06f5f3d67269ccec1fe5fe4134ba6e982984f7f5"; + sha256 = "0fx123601aiqqn0yr9vj6qp1bh8gp240w4qdm76irs73q8dxlk7a"; + }; + } + { + goPackagePath = "github.com/godbus/dbus"; + fetch = { + type = "git"; + url = "https://github.com/godbus/dbus"; + rev = "2ff6f7ffd60f0f2410b3105864bdd12c7894f844"; + sha256 = "1c107893nbdfc297i9y0smljmqs167mw26i24509qd09dmvr998y"; + }; + } + { + goPackagePath = "github.com/gsterjov/go-libsecret"; + fetch = { + type = "git"; + url = "https://github.com/gsterjov/go-libsecret"; + rev = "a6f4afe4910cad8688db3e0e9b9ac92ad22d54e1"; + sha256 = "09zaiadnll83vs22ib89agg7anj0blw5fywvmckxllsgif6ak6v7"; + }; + } + { + goPackagePath = "github.com/headzoo/surf"; + fetch = { + type = "git"; + url = "https://github.com/headzoo/surf"; + rev = "a4a8c16c01dc47ef3a25326d21745806f3e6797a"; + sha256 = "1dzcp0wdh3qmm5s5hixk9vj2s2kcvkpbhjdwz7kh2crvnavdgwh6"; + }; + } + { + goPackagePath = "github.com/jmespath/go-jmespath"; + fetch = { + type = "git"; + url = "https://github.com/jmespath/go-jmespath"; + rev = "0b12d6b5"; + sha256 = "1vv6hph8j6xgv7gwl9vvhlsaaqsm22sxxqmgmldi4v11783pc1ld"; + }; + } + { + goPackagePath = "github.com/keybase/go-keychain"; + fetch = { + type = "git"; + url = "https://github.com/keybase/go-keychain"; + rev = "f1daa725cce4049b1715f1e97d6a51880e401e70"; + sha256 = "0wk2zc5f5i5mhdkbyzd60wzc64vybds6kxlmwc41k8mx6d1hxdm6"; + }; + } + { + goPackagePath = "github.com/mattn/go-colorable"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-colorable"; + rev = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"; + sha256 = "1nwjmsppsjicr7anq8na6md7b1z84l9ppnlr045hhxjvbkqwalvx"; + }; + } + { + goPackagePath = "github.com/mattn/go-isatty"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-isatty"; + rev = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39"; + sha256 = "06w45aqz2a6yrk25axbly2k5wmsccv8cspb94bfmz4izvw8h927n"; + }; + } + { + goPackagePath = "github.com/mgutz/ansi"; + fetch = { + type = "git"; + url = "https://github.com/mgutz/ansi"; + rev = "9520e82c474b0a04dd04f8a40959027271bab992"; + sha256 = "00bz22314j26736w1f0q4jy9d9dfaml17vn890n5zqy3cmvmww1j"; + }; + } + { + goPackagePath = "github.com/mitchellh/go-homedir"; + fetch = { + type = "git"; + url = "https://github.com/mitchellh/go-homedir"; + rev = "3864e76763d94a6df2f9960b16a20a33da9f9a66"; + sha256 = "1n8vya16l60i5jms43yb8fzdgwvqa2q926p5wkg3lbrk8pxy1nv0"; + }; + } + { + goPackagePath = "github.com/pkg/errors"; + fetch = { + type = "git"; + url = "https://github.com/pkg/errors"; + rev = "645ef00459ed84a119197bfb8d8205042c6df63d"; + sha256 = "001i6n71ghp2l6kdl3qq1v2vmghcz3kicv9a5wgcihrzigm75pp5"; + }; + } + { + goPackagePath = "github.com/pmezard/go-difflib"; + fetch = { + type = "git"; + url = "https://github.com/pmezard/go-difflib"; + rev = "792786c7400a136282c1664665ae0a8db921c6c2"; + sha256 = "0c1cn55m4rypmscgf0rrb88pn58j3ysvc2d0432dp3c6fqg6cnzw"; + }; + } + { + goPackagePath = "github.com/robertkrimen/otto"; + fetch = { + type = "git"; + url = "https://github.com/robertkrimen/otto"; + rev = "15f95af6e78dcd2030d8195a138bd88d4f403546"; + sha256 = "07j7l340lmqwpfscwyb8llk3k37flvs20a4a8vzc85f16xyd9npf"; + }; + } + { + goPackagePath = "github.com/sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/sirupsen/logrus"; + rev = "c155da19408a8799da419ed3eeb0cb5db0ad5dbc"; + sha256 = "0g5z7al7kky11ai2dhac6gkp3b5pxsvx72yj3xg4wg3265gbn7yz"; + }; + } + { + goPackagePath = "github.com/stretchr/objx"; + fetch = { + type = "git"; + url = "https://github.com/stretchr/objx"; + rev = "477a77ecc69700c7cdeb1fa9e129548e1c1c393c"; + sha256 = "0iph0qmpyqg4kwv8jsx6a56a7hhqq8swrazv40ycxk9rzr0s8yls"; + }; + } + { + goPackagePath = "github.com/stretchr/testify"; + fetch = { + type = "git"; + url = "https://github.com/stretchr/testify"; + rev = "f35b8ab0b5a2cef36673838d662e249dd9c94686"; + sha256 = "0dlszlshlxbmmfxj5hlwgv3r22x0y1af45gn1vd198nvvs3pnvfs"; + }; + } + { + goPackagePath = "github.com/tidwall/gjson"; + fetch = { + type = "git"; + url = "https://github.com/tidwall/gjson"; + rev = "afaeb9562041a8018c74e006551143666aed08bf"; + sha256 = "1hysk947mrlpaqjq7mab0nnm190fwvfdifaa2cq3sbwfrzx6h1c8"; + }; + } + { + goPackagePath = "github.com/tidwall/match"; + fetch = { + type = "git"; + url = "https://github.com/tidwall/match"; + rev = "1731857f09b1f38450e2c12409748407822dc6be"; + sha256 = "14nv96h0mjki5q685qx8y331h4yga6hlfh3z9nz6acvnv284q578"; + }; + } + { + goPackagePath = "golang.org/x/crypto"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/crypto"; + rev = "a8fb68e7206f8c78be19b432c58eb52a6aa34462"; + sha256 = "1svphap40hy5srcqnb0l207r6wfm9hf0f3fcaq124qp4m91s6vlf"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "db08ff08e8622530d9ed3a0e8ac279f6d4c02196"; + sha256 = "1f6q8kbijnrfy6wjqxrzgjf38ippckc5w34lhqsjs7kq045aar9a"; + }; + } + { + goPackagePath = "golang.org/x/sys"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/sys"; + rev = "8014b7b116a67fea23fbb82cd834c9ad656ea44b"; + sha256 = "1ld5nr0zqjgkny7d5biix9hbnxnlzxxa5nspnal2q2c7wnai8apa"; + }; + } + { + goPackagePath = "golang.org/x/text"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/text"; + rev = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"; + sha256 = "0r6x6zjzhr8ksqlpiwm5gdd7s209kwk5p4lw54xjvz10cs3qlq19"; + }; + } + { + goPackagePath = "gopkg.in/AlecAivazis/survey.v1"; + fetch = { + type = "git"; + url = "https://github.com/AlecAivazis/survey"; + rev = "e752db451e07e09c7d7dc8cada807a44bdb0fd47"; + sha256 = "00fhmsaymrf86pg246cqxvfrivgfkyg3i0aixsp3sn15hg3i0vlq"; + }; + } + { + goPackagePath = "gopkg.in/ini.v1"; + fetch = { + type = "git"; + url = "https://github.com/go-ini/ini"; + rev = "06f5f3d67269ccec1fe5fe4134ba6e982984f7f5"; + sha256 = "0fx123601aiqqn0yr9vj6qp1bh8gp240w4qdm76irs73q8dxlk7a"; + }; + } + { + goPackagePath = "gopkg.in/sourcemap.v1"; + fetch = { + type = "git"; + url = "https://github.com/go-sourcemap/sourcemap"; + rev = "6e83acea0053641eff084973fee085f0c193c61a"; + sha256 = "08rf2dl13hbnm3fq2cm0nnsspy9fhf922ln23cz5463cv7h62as4"; + }; + } +] \ No newline at end of file diff --git a/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch b/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch new file mode 100644 index 000000000000..f436a73bca72 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch @@ -0,0 +1,29 @@ +--- sbsigntools/configure.ac 2018-09-25 10:30:00.878766256 -0500 ++++ configure.ac.new 2018-09-25 10:34:56.231277375 -0500 +@@ -71,15 +71,16 @@ + # no consistent view of where gnu-efi should dump the efi stuff, so find it + ## + for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi; do +- if test -e $path/crt0-efi-$EFI_ARCH.o; then +- CRTPATH=$path ++ if test -e @@NIX_GNUEFI@@/$path/crt0-efi-$EFI_ARCH.o; then ++ CRTPATH=@@NIX_GNUEFI@@/$path ++ break + fi + done + if test -z "$CRTPATH"; then + AC_MSG_ERROR([cannot find the gnu-efi crt path]) + fi + +-EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ ++EFI_CPPFLAGS="-I@@NIX_GNUEFI@@/include/efi -I@@NIX_GNUEFI@@/include/efi/$EFI_ARCH \ + -DEFI_FUNCTION_WRAPPER" + CPPFLAGS_save="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $EFI_CPPFLAGS" +@@ -90,5 +91,5 @@ + AC_SUBST(CRTPATH, $CRTPATH) + + AC_CONFIG_FILES([Makefile src/Makefile lib/ccan/Makefile] +- [docs/Makefile tests/Makefile]) ++ [docs/Makefile]) + AC_OUTPUT diff --git a/nixpkgs/pkgs/tools/security/sbsigntool/default.nix b/nixpkgs/pkgs/tools/security/sbsigntool/default.nix new file mode 100644 index 000000000000..1091b366781d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sbsigntool/default.nix @@ -0,0 +1,53 @@ +{ stdenv +, fetchgit, autoconf, automake, pkgconfig, help2man +, openssl, libuuid, gnu-efi, libbfd +}: + +stdenv.mkDerivation rec { + name = "sbsigntool-${version}"; + version = "0.9.1"; + + src = fetchgit { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git"; + rev = "v0.9.1"; + sha256 = "098gxmhjn8acxjw5bq59wq4xhgkpx1xn8kjvxwdzpqkwq9ivrsbp"; + }; + + patches = [ ./autoconf.patch ]; + + prePatch = "patchShebangs ."; + + nativeBuildInputs = [ autoconf automake pkgconfig help2man ]; + buildInputs = [ openssl libuuid libbfd gnu-efi ]; + + configurePhase = '' + substituteInPlace configure.ac --replace "@@NIX_GNUEFI@@" "${gnu-efi}" + + lib/ccan.git/tools/create-ccan-tree --build-type=automake lib/ccan "talloc read_write_all build_assert array_size endian" + touch AUTHORS + touch ChangeLog + + echo "SUBDIRS = lib/ccan src docs" >> Makefile.am + + aclocal + autoheader + autoconf + automake --add-missing -Wno-portability + + ./configure --prefix=$out + ''; + + installPhase = '' + mkdir -p $out + make install + ''; + + meta = with stdenv.lib; { + description = "Tools for maintaining UEFI signature databases"; + homepage = http://jk.ozlabs.org/docs/sbkeysync-maintaing-uefi-key-databases; + maintainers = [ maintainers.tstrobel ]; + platforms = [ "x86_64-linux" ]; # Broken on i686 + license = licenses.gpl3; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/scallion/default.nix b/nixpkgs/pkgs/tools/security/scallion/default.nix new file mode 100644 index 000000000000..75ea92a786c5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/scallion/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, makeWrapper, mono, openssl, ocl-icd }: + +stdenv.mkDerivation rec { + version = "2.1"; + name = "scallion-${version}"; + + src = fetchFromGitHub { + owner = "lachesis"; + repo = "scallion"; + rev = "v${version}"; + sha256 = "1l9aj101xpsaaa6kmmhmq68m6z8gzli1iaaf8xaxbivq0i7vka9k"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ mono ]; + + buildPhase = '' + xbuild scallion.sln + ''; + + installPhase = '' + mkdir -p $out/share + cp scallion/bin/Debug/* $out/share/ + makeWrapper ${mono}/bin/mono $out/bin/scallion \ + --prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [ openssl ocl-icd ]} \ + --add-flags $out/share/scallion.exe + ''; + + meta = with stdenv.lib; { + description = "GPU-based tor hidden service name generator"; + homepage = src.meta.homepage; + license = licenses.mit; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ volth ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/scrypt/default.nix b/nixpkgs/pkgs/tools/security/scrypt/default.nix new file mode 100644 index 000000000000..352a81b2727a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/scrypt/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchurl, openssl }: + +stdenv.mkDerivation rec { + name = "scrypt-${version}"; + version = "1.2.1"; + + src = fetchurl { + url = "https://www.tarsnap.com/scrypt/${name}.tgz"; + sha256 = "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6"; + }; + + buildInputs = [ openssl ]; + + patchPhase = '' + for f in Makefile.in autotools/Makefile.am libcperciva/cpusupport/Build/cpusupport.sh ; do + substituteInPlace $f --replace "command -p " "" + done + ''; + + meta = with stdenv.lib; { + description = "Encryption utility"; + homepage = https://www.tarsnap.com/scrypt.html; + license = licenses.bsd2; + platforms = platforms.all; + maintainers = with maintainers; [ thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/seccure/default.nix b/nixpkgs/pkgs/tools/security/seccure/default.nix new file mode 100644 index 000000000000..a2ec48d4d270 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/seccure/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl, libgcrypt }: + +stdenv.mkDerivation rec { + name = "seccure-${version}"; + version = "0.5"; + + src = fetchurl { + url = "http://point-at-infinity.org/seccure/${name}.tar.gz"; + sha256 = "0nwnk3hfhgvf5xr0xipbh6smfnya22wphc5rj0vgi5d0zr5cwrk5"; + }; + + buildInputs = [ libgcrypt ]; + + preConfigure = '' + sed -e s@/usr/@$out/@g -i Makefile + sed -e 's@ln -f@ln -sf@g' -i Makefile + mkdir -p $out/bin $out/share/man/man1 + ''; + + meta = { + homepage = http://point-at-infinity.org/seccure/; + description = "Zero-configuration elliptic curve cryptography utility"; + platforms = stdenv.lib.platforms.unix; + license = stdenv.lib.licenses.lgpl3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/secp256k1/default.nix b/nixpkgs/pkgs/tools/security/secp256k1/default.nix new file mode 100644 index 000000000000..fd03e6bebabc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/secp256k1/default.nix @@ -0,0 +1,54 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, jdk + +# Enable ECDSA pubkey recovery module +, enableRecovery ? true + +# Enable ECDH shared secret computation (disabled by default because it is +# experimental) +, enableECDH ? false + +# Enable libsecp256k1_jni (disabled by default because it requires a jdk, +# which is a large dependency) +, enableJNI ? false + +}: + +let inherit (stdenv.lib) optionals; in + +stdenv.mkDerivation rec { + name = "secp256k1-${version}"; + + # I can't find any version numbers, so we're just using the date of the + # last commit. + version = "2017-12-18"; + + src = fetchFromGitHub { + owner = "bitcoin-core"; + repo = "secp256k1"; + rev = "f54c6c5083307b18224c953cf5870ea7ffce070b"; + sha256 = "0bxqmimm627g9klalg1vdbspmn52588v4a6cli3p8bn84ibsnzbm"; + }; + + buildInputs = optionals enableJNI [ jdk ]; + + nativeBuildInputs = [ autoreconfHook ]; + + configureFlags = + [ "--enable-benchmark=no" "--enable-tests=no" "--enable-exhaustive-tests=no" ] ++ + optionals enableECDH [ "--enable-module-ecdh" "--enable-experimental" ] ++ + optionals enableRecovery [ "--enable-module-recovery" ] ++ + optionals enableJNI [ "--enable-jni" ]; + + meta = with stdenv.lib; { + description = "Optimized C library for EC operations on curve secp256k1"; + longDescription = '' + Optimized C library for EC operations on curve secp256k1. Part of + Bitcoin Core. This library is a work in progress and is being used + to research best practices. Use at your own risk. + ''; + homepage = https://github.com/bitcoin-core/secp256k1; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ chris-martin ]; + platforms = with platforms; unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sedutil/default.nix b/nixpkgs/pkgs/tools/security/sedutil/default.nix new file mode 100644 index 000000000000..343992a6322f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sedutil/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchFromGitHub, autoreconfHook }: + +stdenv.mkDerivation rec { + name = "sedutil-${version}"; + version = "1.15.1"; + + src = fetchFromGitHub { + owner = "Drive-Trust-Alliance"; + repo = "sedutil"; + rev = version; + sha256 = "0zg5v27vbrzzl2vqzks91zj48z30qgcshkqkm1g8ycnhi145l0mf"; + }; + + postPatch = '' + patchShebangs . + ''; + + nativeBuildInputs = [ autoreconfHook ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "DTA sedutil Self encrypting drive software"; + homepage = https://www.drivetrust.com; + license = licenses.gpl3; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sha1collisiondetection/default.nix b/nixpkgs/pkgs/tools/security/sha1collisiondetection/default.nix new file mode 100644 index 000000000000..38da14484147 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sha1collisiondetection/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub, libtool, which }: + +stdenv.mkDerivation rec { + name = "sha1collisiondetection-${version}"; + version = "1.0.3"; + + src = fetchFromGitHub { + owner = "cr-marcstevens"; + repo = "sha1collisiondetection"; + rev = "stable-v${version}"; + sha256 = "0xn31hkkqs0kj9203rzx6w4nr0lq8fnrlm5i76g0px3q4v2dzw1s"; + }; + + makeFlags = [ "PREFIX=$(out)" ]; + + doCheck = true; + + nativeBuildInputs = [ libtool which ]; + + meta = with stdenv.lib; { + description = "Library and command line tool to detect SHA-1 collision"; + longDescription = '' + This library and command line tool were designed as near drop-in + replacements for common SHA-1 libraries and sha1sum. They will + compute the SHA-1 hash of any given file and additionally will + detect cryptanalytic collision attacks against SHA-1 present in + each file. It is very fast and takes less than twice the amount + of time as regular SHA-1. + ''; + platforms = platforms.all; + maintainers = with maintainers; [ leenaars ]; + license = licenses.mit; + }; +} diff --git a/nixpkgs/pkgs/tools/security/shc/default.nix b/nixpkgs/pkgs/tools/security/shc/default.nix new file mode 100644 index 000000000000..e3f5f72c1414 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/shc/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "shc-${version}"; + version = "4.0.2"; + rev = "${version}"; + + src = fetchFromGitHub { + inherit rev; + owner = "neurobin"; + repo = "shc"; + sha256 = "1vd9dldm6h234awn5fhpgq4lb85ylcawr2p2108332ffy70kvdix"; + }; + + meta = with stdenv.lib; { + homepage = https://neurobin.org/projects/softwares/unix/shc/; + description = "Shell Script Compiler"; + platforms = stdenv.lib.platforms.linux; + license = licenses.gpl3; + }; +} diff --git a/nixpkgs/pkgs/tools/security/signify/default.nix b/nixpkgs/pkgs/tools/security/signify/default.nix new file mode 100644 index 000000000000..a642a12b0bd0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/signify/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub, libbsd, pkgconfig }: + +stdenv.mkDerivation rec { + name = "signify-${version}"; + version = "25"; + + src = fetchFromGitHub { + owner = "aperezdc"; + repo = "signify"; + rev = "v${version}"; + sha256 = "0zg0rffxwj2a71s1bllhrn491xsmirg9sshpq8f3vl25lv4c2cnq"; + }; + + doCheck = true; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libbsd ]; + + preInstall = '' + export PREFIX=$out + ''; + + meta = with stdenv.lib; { + description = "OpenBSD signing tool"; + longDescription = '' + OpenBSDs signing tool, which uses the Ed25519 public key signature system + for fast signing and verification of messages using small public keys. + ''; + homepage = https://www.tedunangst.com/flak/post/signify; + license = licenses.isc; + maintainers = [ maintainers.rlupton20 ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/signing-party/default.nix b/nixpkgs/pkgs/tools/security/signing-party/default.nix new file mode 100644 index 000000000000..8148692327ef --- /dev/null +++ b/nixpkgs/pkgs/tools/security/signing-party/default.nix @@ -0,0 +1,222 @@ +{ stdenv, fetchFromGitLab, autoconf, automake, makeWrapper +, python3, perl, perlPackages +, libmd, gnupg, which, getopt, libpaper, nettools, qprint +, sendmailPath ? "/run/wrappers/bin/sendmail" }: + +let + # All runtime dependencies from the CPAN graph: + # https://widgets.stratopan.com/wheel?q=GnuPG-Interface-0.52&runtime=1&fs=1 + GnuPGInterfaceRuntimeDependencies = with perlPackages; [ + strictures ClassMethodModifiers DataPerl DevelGlobalDestruction ExporterTiny + GnuPGInterface ListMoreUtils ModuleRuntime Moo MooXHandlesVia MooXlate + RoleTiny SubExporterProgressive SubQuote TypeTiny + ]; +in stdenv.mkDerivation rec { + pname = "signing-party"; + version = "2.10"; + name = "${pname}-${version}"; + + src = fetchFromGitLab { + domain = "salsa.debian.org"; + owner = "signing-party-team"; + repo = "signing-party"; + rev = "v${version}"; + sha256 = "0lq8nmwjmysry0n4jg6vb7bh0lagbyb9pa11ii3s41p1mhzchf2r"; + }; + + # TODO: Get this patch upstream... + patches = [ ./gpgwrap_makefile.patch ]; + + postPatch = '' + substituteInPlace gpg-mailkeys/gpg-mailkeys --replace \ + "/usr/sbin/sendmail" "${sendmailPath}" + ''; + + # One can use the following command to find all relevant Makefiles: + # grep -R '$(DESTDIR)/usr' | cut -d: -f1 | sort -u | grep -v 'debian/rules' + preBuild = '' + substituteInPlace gpgsigs/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace keyanalyze/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace keylookup/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace sig2dot/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace springgraph/Makefile --replace '$(DESTDIR)/usr' "$out" + ''; + + # Perl is required for it's pod2man. + # Python and Perl are required for patching the script interpreter paths. + nativeBuildInputs = [ autoconf automake makeWrapper ]; + buildInputs = [ python3 perl perlPackages.GnuPGInterface libmd gnupg ]; + + postInstall = '' + # Install all tools which aren't handled by 'make install'. + # TODO: Fix upstream...! + + # caff: CA - Fire and Forget signs and mails a key + install -D -m555 caff/caff $out/bin/caff; + install -D -m444 caff/caff.1 $out/share/man/man1/caff.1; + + # pgp-clean: removes all non-self signatures from key + install -D -m555 caff/pgp-clean $out/bin/pgp-clean; + install -D -m444 caff/pgp-clean.1 $out/share/man/man1/pgp-clean.1; + + # pgp-fixkey: removes broken packets from keys + install -D -m555 caff/pgp-fixkey $out/bin/pgp-fixkey; + install -D -m444 caff/pgp-fixkey.1 $out/share/man/man1/pgp-fixkey.1; + + # gpg-mailkeys: simply mail out a signed key to its owner + install -D -m555 gpg-mailkeys/gpg-mailkeys $out/bin/gpg-mailkeys; + install -D -m444 gpg-mailkeys/gpg-mailkeys.1 $out/share/man/man1/gpg-mailkeys.1; + + # gpg-key2ps: generate PostScript file with fingerprint paper slips + install -D -m555 gpg-key2ps/gpg-key2ps $out/bin/gpg-key2ps; + install -D -m444 gpg-key2ps/gpg-key2ps.1 $out/share/man/man1/gpg-key2ps.1; + + # gpgdir: recursive directory encryption tool + install -D -m555 gpgdir/gpgdir $out/bin/gpgdir; + install -D -m444 gpgdir/gpgdir.1 $out/share/man/man1/gpgdir.1; + + # gpglist: show who signed which of your UIDs + install -D -m555 gpglist/gpglist $out/bin/gpglist; + install -D -m444 gpglist/gpglist.1 $out/share/man/man1/gpglist.1; + + # gpgsigs: annotates list of GnuPG keys with already done signatures + # The manual page is not handled by 'make install' + install -D -m444 gpgsigs/gpgsigs.1 $out/share/man/man1/gpgsigs.1; + + # gpgparticipants: create list of party participants for the organiser + install -D -m555 gpgparticipants/gpgparticipants $out/bin/gpgparticipants; + install -D -m444 gpgparticipants/gpgparticipants.1 $out/share/man/man1/gpgparticipants.1; + install -D -m555 gpgparticipants/gpgparticipants-prefill $out/bin/gpgparticipants-prefill; + install -D -m444 gpgparticipants/gpgparticipants-prefill.1 $out/share/man/man1/gpgparticipants-prefill.1; + + # gpgwrap: a passphrase wrapper + install -D -m555 gpgwrap/bin/gpgwrap $out/bin/gpgwrap; + install -D -m444 gpgwrap/doc/gpgwrap.1 $out/share/man/man1/gpgwrap.1; + + # keyanalyze: minimum signing distance (MSD) analysis on keyrings + # Only the binaries are handled by 'make install' + install -D -m444 keyanalyze/keyanalyze.1 $out/share/man/man1/keyanalyze.1; + install -D -m444 keyanalyze/pgpring/pgpring.1 $out/share/man/man1/pgpring.1; + install -D -m444 keyanalyze/process_keys.1 $out/share/man/man1/process_keys.1; + + # keylookup: ncurses wrapper around gpg --search + # Handled by 'make install' + + # sig2dot: converts a list of GnuPG signatures to a .dot file + # Handled by 'make install' + + # springgraph: creates a graph from a .dot file + # Handled by 'make install' + + # keyart: creates a random ASCII art of a PGP key file + install -D -m555 keyart/keyart $out/bin/keyart; + install -D -m444 keyart/doc/keyart.1 $out/share/man/man1/keyart.1; + + # gpg-key2latex: generate LaTeX file with fingerprint paper slips + install -D -m555 gpg-key2latex/gpg-key2latex $out/bin/gpg-key2latex; + install -D -m444 gpg-key2latex/gpg-key2latex.1 $out/share/man/man1/gpg-key2latex.1; + ''; + + postFixup = '' + # Add the runtime dependencies for all programs (but mainly for the Perl + # scripts) + + wrapProgram $out/bin/caff --set PERL5LIB \ + ${with perlPackages; makePerlPath ([ + TextTemplate MIMETools MailTools TimeDate NetIDNEncode ] + ++ GnuPGInterfaceRuntimeDependencies)} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ nettools gnupg ]}" + + wrapProgram $out/bin/gpg-key2latex --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg libpaper ]}" + + wrapProgram $out/bin/gpg-key2ps --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ which gnupg libpaper ]}" + + wrapProgram $out/bin/gpg-mailkeys --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg qprint ]}" + + wrapProgram $out/bin/gpgdir --set PERL5LIB \ + ${with perlPackages; makePerlPath ([ + TermReadKey ] + ++ GnuPGInterfaceRuntimeDependencies)} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpglist --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgparticipants --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ getopt gnupg ]}" + +# wrapProgram $out/bin/gpgparticipants-prefill + + wrapProgram $out/bin/gpgsigs --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgwrap --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + +# wrapProgram $out/bin/keyanalyze --set PERL5LIB \ + + wrapProgram $out/bin/keyart --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/keylookup --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/pgp-clean --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/pgp-fixkey --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + +# wrapProgram $out/bin/pgpring + +# wrapProgram $out/bin/process_keys + + # Upstream-Bug: Seems like sig2dot doesn't work with 2.1 (modern) anymore, + # please use 2.0 (stable) instead. +# wrapProgram $out/bin/sig2dot + + wrapProgram $out/bin/springgraph --set PERL5LIB \ + ${with perlPackages; makePerlPath [ GD ]} + ''; + + meta = with stdenv.lib; { + homepage = https://salsa.debian.org/signing-party-team/signing-party; + description = "A collection of several projects relating to OpenPGP"; + longDescription = '' + This is a collection of several projects relating to OpenPGP. + + * caff: CA - Fire and Forget signs and mails a key + * pgp-clean: removes all non-self signatures from key + * pgp-fixkey: removes broken packets from keys + * gpg-mailkeys: simply mail out a signed key to its owner + * gpg-key2ps: generate PostScript file with fingerprint paper slips + * gpgdir: recursive directory encryption tool + * gpglist: show who signed which of your UIDs + * gpgsigs: annotates list of GnuPG keys with already done signatures + * gpgparticipants: create list of party participants for the organiser + * gpgwrap: a passphrase wrapper + * keyanalyze: minimum signing distance (MSD) analysis on keyrings + * keylookup: ncurses wrapper around gpg --search + * sig2dot: converts a list of GnuPG signatures to a .dot file + * springgraph: creates a graph from a .dot file + * keyart: creates a random ASCII art of a PGP key file + * gpg-key2latex: generate LaTeX file with fingerprint paper slips + ''; + license = with licenses; [ bsd2 bsd3 gpl2 gpl2Plus gpl3Plus ]; + maintainers = with maintainers; [ fpletz primeos ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch b/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch new file mode 100644 index 000000000000..4beaf5b80887 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch @@ -0,0 +1,16 @@ +--- a/gpgwrap/Makefile 2015-06-03 16:24:48.723129144 +0200 ++++ b/gpgwrap/Makefile 2015-06-03 16:24:11.639744346 +0200 +@@ -1,9 +1,12 @@ + MAKE=make + +-.PHONY: all clean ++.PHONY: all clean install + + all: + cd src && ${MAKE} all DIET="${DIET}" + ++install: ++ ++ + clean: + cd src && ${MAKE} clean diff --git a/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix b/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix new file mode 100644 index 000000000000..96565ec84b52 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub, trousers, openssl, opencryptoki, autoreconfHook, libtool }: + +stdenv.mkDerivation rec { + name = "simple-tpm-pk11-${version}"; + version = "0.06"; + + src = fetchFromGitHub { + owner = "ThomasHabets"; + repo = "simple-tpm-pk11"; + rev = version; + sha256 = "0vpbaklr4r1a2am0pqcm6m41ph22mkcrq33y8ab5h8qkhkvhd6a6"; + }; + + nativeBuildInputs = [ autoreconfHook libtool ]; + buildInputs = [ trousers openssl opencryptoki ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Simple PKCS11 provider for TPM chips"; + longDescription = '' + A simple library for using the TPM chip to secure SSH keys. + ''; + homepage = https://github.com/ThomasHabets/simple-tpm-pk11; + license = licenses.asl20; + maintainers = with maintainers; [ tstrobel ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/softhsm/default.nix b/nixpkgs/pkgs/tools/security/softhsm/default.nix new file mode 100644 index 000000000000..ec5eea52a6f8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/softhsm/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchurl, botan, libobjc, Security }: + +stdenv.mkDerivation rec { + + name = "softhsm-${version}"; + version = "2.5.0"; + + src = fetchurl { + url = "https://dist.opendnssec.org/source/${name}.tar.gz"; + sha256 = "1cijq78jr3mzg7jj11r0krawijp99p253f4qdqr94n728p7mdalj"; + }; + + configureFlags = [ + "--with-crypto-backend=botan" + "--with-botan=${botan}" + "--sysconfdir=$out/etc" + "--localstatedir=$out/var" + ]; + + propagatedBuildInputs = + stdenv.lib.optionals stdenv.isDarwin [ libobjc Security ]; + + buildInputs = [ botan ]; + + postInstall = "rm -rf $out/var"; + + meta = with stdenv.lib; { + homepage = https://www.opendnssec.org/softhsm; + description = "Cryptographic store accessible through a PKCS #11 interface"; + license = licenses.bsd2; + maintainers = [ maintainers.leenaars ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sops/default.nix b/nixpkgs/pkgs/tools/security/sops/default.nix new file mode 100644 index 000000000000..fcc455422148 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sops/default.nix @@ -0,0 +1,22 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "sops"; + version = "3.3.1"; + + goPackagePath = "go.mozilla.org/sops"; + + src = fetchFromGitHub { + rev = version; + owner = "mozilla"; + repo = pname; + sha256 = "0jbrz3yz6cj08h8cx6y98m8r0lpclh9367cw5apy6w3v71i3svfi"; + }; + + meta = with stdenv.lib; { + inherit (src.meta) homepage; + description = "Mozilla sops (Secrets OPerationS) is an editor of encrypted files"; + maintainers = [ maintainers.marsam ]; + license = licenses.mpl20; + }; +} diff --git a/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix b/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix new file mode 100644 index 000000000000..a1844668af65 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchFromGitHub, makeWrapper, coreutils, binutils-unwrapped }: + +stdenv.mkDerivation rec { + name = "spectre-meltdown-checker-${version}"; + version = "0.42"; + + src = fetchFromGitHub { + owner = "speed47"; + repo = "spectre-meltdown-checker"; + rev = "v${version}"; + sha256 = "0pppf844i7b72hqnmfvq72w5y7b6dxd16y29l6j84maf22zxbjni"; + }; + + prePatch = '' + substituteInPlace spectre-meltdown-checker.sh \ + --replace /bin/echo ${coreutils}/bin/echo + ''; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = with stdenv.lib; '' + runHook preInstall + + install -Dm755 spectre-meltdown-checker.sh $out/bin/spectre-meltdown-checker + wrapProgram $out/bin/spectre-meltdown-checker \ + --prefix PATH : ${makeBinPath [ binutils-unwrapped ]} + + runHook postInstall + ''; + + meta = with stdenv.lib; { + description = "Spectre & Meltdown vulnerability/mitigation checker for Linux"; + homepage = https://github.com/speed47/spectre-meltdown-checker; + license = licenses.gpl3; + maintainers = with maintainers; [ dotlambda ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/srm/default.nix b/nixpkgs/pkgs/tools/security/srm/default.nix new file mode 100644 index 000000000000..9782d00267f5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/srm/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + + name = "srm-" + version; + version = "1.2.15"; + + src = fetchurl { + url = "mirror://sourceforge/project/srm/${version}/${name}.tar.gz"; + sha256 = "10sjarhprs6s4zandndg720528rcnd4xk8dl48pjj7li1q9c30vm"; + }; + + meta = with stdenv.lib; { + description = "Delete files securely"; + longDescription = '' + srm (secure rm) is a command-line compatible rm(1) which + overwrites file contents before unlinking. The goal is to + provide drop in security for users who wish to prevent recovery + of deleted information, even if the machine is compromised. + ''; + homepage = http://srm.sourceforge.net; + license = licenses.mit; + maintainers = with maintainers; [ edwtjo ]; + platforms = platforms.unix; + }; + +} diff --git a/nixpkgs/pkgs/tools/security/ssdeep/default.nix b/nixpkgs/pkgs/tools/security/ssdeep/default.nix new file mode 100644 index 000000000000..1ff9c73d8b58 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssdeep/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub, autoreconfHook }: + +stdenv.mkDerivation rec { + name = "ssdeep-${version}"; + version = "2.14.1"; + + src = fetchFromGitHub { + owner = "ssdeep-project"; + repo = "ssdeep"; + rev = "release-${version}"; + sha256 = "1yx6yjkggshw5yl89m4kvyzarjdg2l3hs0bbjbrfzwp1lkfd8i0c"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + # Hack to avoid TMPDIR in RPATHs. + preFixup = ''rm -rf "$(pwd)" ''; + + meta = { + description = "A program for calculating fuzzy hashes"; + homepage = "http://www.ssdeep.sf.net"; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ssh-audit/default.nix b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix new file mode 100644 index 000000000000..e615cec945dd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix @@ -0,0 +1,53 @@ +{ fetchFromGitHub, python3Packages, stdenv }: + +python3Packages.buildPythonPackage rec { + pname = "ssh-audit"; + version = "1.7.0"; + + src = fetchFromGitHub { + owner = "arthepsy"; + repo = pname; + rev = "refs/tags/v${version}"; + sha256 = "0akrychkdym9f6830ysq787c9nc0bkyqvy4h72498lyghwvwc2ms"; + }; + + checkInputs = [ + python3Packages.pytest + python3Packages.pytestcov + ]; + + checkPhase = '' + py.test --cov-report= --cov=ssh-audit -v test + ''; + + postPatch = '' + printf %s "$setupPy" > setup.py + mkdir scripts + cp ssh-audit.py scripts/ssh-audit + mkdir ssh_audit + cp ssh-audit.py ssh_audit/__init__.py + ''; + + setupPy = /* py */ '' + from distutils.core import setup + setup( + author='arthepsy', + description='${meta.description}', + license='${meta.license.spdxId}', + name='${pname}', + packages=['ssh_audit'], + scripts=['scripts/ssh-audit'], + url='${meta.homepage}', + version='${version}', + ) + ''; + + meta = { + description = "Tool for ssh server auditing"; + homepage = "https://github.com/arthepsy/ssh-audit"; + license = stdenv.lib.licenses.mit; + maintainers = [ + stdenv.lib.maintainers.tv + ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sshguard/default.nix b/nixpkgs/pkgs/tools/security/sshguard/default.nix new file mode 100644 index 000000000000..18f010ee1ecb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sshguard/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, autoreconfHook, yacc, flex}: + +stdenv.mkDerivation rec { + version = "2.4.0"; + name = "sshguard-${version}"; + + src = fetchurl { + url = "mirror://sourceforge/sshguard/${name}.tar.gz"; + sha256 = "1h6n2xyh58bshplbdqlr9rbnf3lz7nydnq5m2hkq15is3c4s8p06"; + }; + + doCheck = true; + + nativeBuildInputs = [ autoreconfHook yacc flex ]; + + configureFlags = [ "--sysconfdir=/etc" ]; + + meta = with stdenv.lib; { + description = "SSHGuard protects hosts from brute-force attacks"; + longDescription = '' + SSHGuard can read log messages from various input sources. Log messages are parsed, line-by-line, for recognized patterns. + If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. + ''; + homepage = https://sshguard.net; + license = licenses.bsd3; + maintainers = with maintainers; [ sargon ]; + platforms = with platforms; linux ++ darwin ++ freebsd ++ netbsd ++ openbsd; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sshuttle/default.nix b/nixpkgs/pkgs/tools/security/sshuttle/default.nix new file mode 100644 index 000000000000..0e0e8c7ad753 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sshuttle/default.nix @@ -0,0 +1,41 @@ +{ stdenv, python3Packages, fetchurl, makeWrapper +, coreutils, iptables, nettools, openssh, procps }: + +python3Packages.buildPythonApplication rec { + name = "sshuttle-${version}"; + version = "0.78.5"; + + src = fetchurl { + sha256 = "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"; + url = "mirror://pypi/s/sshuttle/${name}.tar.gz"; + }; + + patches = [ ./sudo.patch ]; + + nativeBuildInputs = [ makeWrapper python3Packages.setuptools_scm ]; + buildInputs = + [ coreutils openssh procps nettools ] + ++ stdenv.lib.optionals stdenv.isLinux [ iptables ]; + + checkInputs = with python3Packages; [ mock pytest pytestcov pytestrunner flake8 ]; + + postInstall = let + mapPath = f: x: stdenv.lib.concatStringsSep ":" (map f x); + in '' + wrapProgram $out/bin/sshuttle \ + --prefix PATH : "${mapPath (x: "${x}/bin") buildInputs}" \ + ''; + + meta = with stdenv.lib; { + homepage = https://github.com/sshuttle/sshuttle/; + description = "Transparent proxy server that works as a poor man's VPN"; + longDescription = '' + Forward connections over SSH, without requiring administrator access to the + target network (though it does require Python 2.7, Python 3.5 or later at both ends). + Works with Linux and Mac OS and supports DNS tunneling. + ''; + license = licenses.gpl2; + maintainers = with maintainers; [ domenkozar carlosdagos ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch b/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch new file mode 100644 index 000000000000..6e8634bd4a1f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch @@ -0,0 +1,13 @@ +diff --git a/sshuttle/client.py b/sshuttle/client.py +index cab5b1c..e89f8a6 100644 +--- a/sshuttle/client.py ++++ b/sshuttle/client.py +@@ -192,7 +192,7 @@ class FirewallClient: + + self.auto_nets = [] + python_path = os.path.dirname(os.path.dirname(__file__)) +- argvbase = ([sys.executable, sys.argv[0]] + ++ argvbase = ([sys.argv[0]] + + ['-v'] * (helpers.verbose or 0) + + ['--method', method_name] + + ['--firewall']) diff --git a/nixpkgs/pkgs/tools/security/sslscan/default.nix b/nixpkgs/pkgs/tools/security/sslscan/default.nix new file mode 100644 index 000000000000..d3a8f35d9148 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sslscan/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchFromGitHub, openssl }: + +stdenv.mkDerivation rec { + name = "sslscan-${version}"; + version = "1.11.13"; + + src = fetchFromGitHub { + owner = "rbsec"; + repo = "sslscan"; + rev = "${version}-rbsec"; + sha256 = "0sa8iw91wi3515lw761j84wagab1x9rxr0mn8m08qj300z2044yk"; + }; + + buildInputs = [ openssl ]; + + makeFlags = [ "PREFIX=$(out)" "CC=cc" ]; + + meta = with stdenv.lib; { + description = "Tests SSL/TLS services and discover supported cipher suites"; + homepage = https://github.com/rbsec/sslscan; + license = licenses.gpl3; + maintainers = with maintainers; [ fpletz globin ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ssss/default.nix b/nixpkgs/pkgs/tools/security/ssss/default.nix new file mode 100644 index 000000000000..3bbcdafcdcdd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssss/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl, gmp }: + +stdenv.mkDerivation rec { + name = "ssss-0.5"; + + src = fetchurl { + url = http://point-at-infinity.org/ssss/ssss-0.5.tar.gz; + sha256 = "15grn2fp1x8p92kxkwbmsx8rz16g93y9grl3hfqbh1jn21ama5jx"; + }; + + buildInputs = [ gmp ]; + + preBuild = + '' + sed -e s@/usr/@$out/@g -i Makefile + cp ssss.manpage.xml ssss.1 + cp ssss.manpage.xml ssss.1.html + mkdir -p $out/bin $out/share/man/man1 + echo -e 'install:\n\tcp ssss-combine ssss-split '"$out"'/bin' >>Makefile + ''; + + meta = { + description = "Shamir Secret Sharing Scheme"; + homepage = http://point-at-infinity.org/ssss/; + platforms = stdenv.lib.platforms.unix; + license = stdenv.lib.licenses.gpl2; + }; +} diff --git a/nixpkgs/pkgs/tools/security/steghide/default.nix b/nixpkgs/pkgs/tools/security/steghide/default.nix new file mode 100644 index 000000000000..c8be366066be --- /dev/null +++ b/nixpkgs/pkgs/tools/security/steghide/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchurl, libjpeg, libmcrypt, zlib, libmhash, gettext, libtool}: + +stdenv.mkDerivation rec { + buildInputs = [ libjpeg libmcrypt zlib libmhash gettext libtool ]; + version = "0.5.1"; + name = "steghide-${version}"; + + src = fetchurl { + url = "mirror://sourceforge/steghide/steghide/${version}/steghide-${version}.tar.gz" ; + sha256 = "78069b7cfe9d1f5348ae43f918f06f91d783c2b3ff25af021e6a312cf541b47b"; + }; + + patches = [ + ./patches/steghide-0.5.1-gcc34.patch + ./patches/steghide-0.5.1-gcc4.patch + ./patches/steghide-0.5.1-gcc43.patch + ]; + + # AM_CXXFLAGS needed for automake + preConfigure = '' + export AM_CXXFLAGS="$CXXFLAGS -std=c++0x" + ''; + + meta = with stdenv.lib; { + homepage = http://steghide.sourceforge.net/; + description = "Steganography program that is able to hide data in various kinds of image- and audio-files"; + license = licenses.gpl2; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch b/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch new file mode 100644 index 000000000000..373316c78406 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch @@ -0,0 +1,42 @@ +--- steghide-0.5.1.old/src/Makefile.am ++++ steghide-0.5.1.new/src/Makefile.am 2004-07-16 19:01:39.673947633 +0200 +@@ -33,5 +33,5 @@ + WavPCMSampleValue.cc error.cc main.cc msg.cc SMDConstructionHeuristic.cc + LIBS = @LIBINTL@ @LIBS@ + localedir = $(datadir)/locale +-LIBTOOL = $(SHELL) libtool ++LIBTOOL = $(SHELL) libtool --tag=CXX + MAINTAINERCLEANFILES = Makefile.in +--- steghide-0.5.1.old/src/AuSampleValues.cc ++++ steghide-0.5.1.new/src/AuSampleValues.cc 2004-07-16 18:59:18.934578427 +0200 +@@ -17,21 +17,21 @@ + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ +- ++#include "common.h" + #include "AuSampleValues.h" + + // AuMuLawSampleValue +-const BYTE AuMuLawSampleValue::MinValue = 0 ; +-const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ; ++template<> const BYTE AuMuLawSampleValue::MinValue = 0 ; ++template<> const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ; + + // AuPCM8SampleValue +-const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ; +-const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ; ++template<> const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ; ++template<> const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ; + + // AuPCM16SampleValue +-const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ; +-const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ; ++template<> const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ; ++template<> const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ; + + // AuPCM32SampleValue +-const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ; +-const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ; ++template<> const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ; ++template<> const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ; diff --git a/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch b/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch new file mode 100644 index 000000000000..a8df1735e9d4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch @@ -0,0 +1,46 @@ +diff -Naur steghide-0.5.1-orig/src/AuData.h steghide-0.5.1/src/AuData.h +--- steghide-0.5.1-orig/src/AuData.h 2003-09-28 09:30:29.000000000 -0600 ++++ steghide-0.5.1/src/AuData.h 2007-05-11 22:04:56.000000000 -0600 +@@ -26,22 +26,30 @@ + + // AuMuLawAudioData + typedef AudioDataImpl<AuMuLaw,BYTE> AuMuLawAudioData ; ++template<> + inline BYTE AuMuLawAudioData::readValue (BinaryIO* io) const { return (io->read8()) ; } ++template<> + inline void AuMuLawAudioData::writeValue (BinaryIO* io, BYTE v) const { io->write8(v) ; } + + // AuPCM8AudioData + typedef AudioDataImpl<AuPCM8,SBYTE> AuPCM8AudioData ; ++template<> + inline SBYTE AuPCM8AudioData::readValue (BinaryIO* io) const { return ((SBYTE) io->read8()) ; } ++template<> + inline void AuPCM8AudioData::writeValue (BinaryIO* io, SBYTE v) const { io->write8((BYTE) v) ; } + + // AuPCM16AudioData + typedef AudioDataImpl<AuPCM16,SWORD16> AuPCM16AudioData ; ++template<> + inline SWORD16 AuPCM16AudioData::readValue (BinaryIO* io) const { return ((SWORD16) io->read16_be()) ; } ++template<> + inline void AuPCM16AudioData::writeValue (BinaryIO* io, SWORD16 v) const { io->write16_be((UWORD16) v) ; } + + // AuPCM32AudioData + typedef AudioDataImpl<AuPCM32,SWORD32> AuPCM32AudioData ; ++template<> + inline SWORD32 AuPCM32AudioData::readValue (BinaryIO* io) const { return ((SWORD32) io->read32_be()) ; } ++template<> + inline void AuPCM32AudioData::writeValue (BinaryIO* io, SWORD32 v) const { io->write32_be((UWORD32) v) ; } + + #endif // ndef SH_AUDATA_H +diff -Naur steghide-0.5.1-orig/src/MHashPP.cc steghide-0.5.1/src/MHashPP.cc +--- steghide-0.5.1-orig/src/MHashPP.cc 2003-10-05 04:17:50.000000000 -0600 ++++ steghide-0.5.1/src/MHashPP.cc 2007-05-11 22:07:01.000000000 -0600 +@@ -120,7 +120,7 @@ + + std::string MHashPP::getAlgorithmName (hashid id) + { +- char *name = mhash_get_hash_name (id) ; ++ char *name = (char *) mhash_get_hash_name (id) ; + std::string retval ; + if (name == NULL) { + retval = std::string ("<algorithm not found>") ; diff --git a/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch b/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch new file mode 100644 index 000000000000..ca66b9c544f5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch @@ -0,0 +1,349 @@ +--- steghide-0.5.1.old/configure.in 2003-10-15 09:48:52.000000000 +0200 ++++ steghide-0.5.1.new/configure.in 2008-05-09 19:04:46.000000000 +0200 +@@ -7,27 +7,26 @@ + dnl checks for programs. + AC_PROG_CXX + AC_PROG_INSTALL + AC_PROG_AWK + AC_PROG_LN_S ++AC_CXX_COMPILE_STDCXX_0X + + dnl GNU gettext + AC_CHECK_FUNCS(strchr) + AM_GNU_GETTEXT + AM_CONDITIONAL(USE_INTLDIR, test "$nls_cv_use_gnu_gettext" = yes) + + dnl check if debugging support is requested +-AC_MSG_CHECKING([wether to enable debugging]) ++AC_MSG_CHECKING([whether to enable debugging]) + AC_ARG_ENABLE(debug,[ --enable-debug enable debugging], + if test "$enableval" = yes ; + then + AC_MSG_RESULT([yes]) + AC_DEFINE(DEBUG,1,[enable code used only for debugging]) +- CXXFLAGS="-O2 -Wall -g" + else + AC_MSG_RESULT([no]) +- CXXFLAGS="-O2 -Wall" + fi + , + AC_MSG_RESULT([no]) + CXXFLAGS="-O2 -Wall" + ) +@@ -213,7 +212,18 @@ + echo "libmhash can be downloaded from http://mhash.sourceforge.net/."; + echo "**********"; + AC_MSG_ERROR([[libmhash not found]]) + fi + ++dnl Should we add std=c++0x? ++ ++if test "$ac_cv_cxx_compile_cxx0x_cxx" = yes; ++then ++ CXXFLAGS="${CXXFLAGS} -std=c++0x -Wall -Wextra" ++else ++ CXXFLAGS="${CXXFLAGS} -Wall -Wextra" ++fi ++ ++AC_SUBST(CXXFLAGS) ++ + dnl create Makefiles + AC_OUTPUT([Makefile steghide.spec steghide.doxygen doc/Makefile po/Makefile.in src/Makefile tests/Makefile tests/data/Makefile m4/Makefile intl/Makefile]) +--- steghide-0.5.1.old/m4/ac_cxx_compile_stdcxx_0x.m4 1970-01-01 01:00:00.000000000 +0100 ++++ steghide-0.5.1.new/m4/ac_cxx_compile_stdcxx_0x.m4 2008-05-09 19:04:46.000000000 +0200 +@@ -0,0 +1,107 @@ ++# =========================================================================== ++# http://autoconf-archive.cryp.to/ac_cxx_compile_stdcxx_0x.html ++# =========================================================================== ++# ++# SYNOPSIS ++# ++# AC_CXX_COMPILE_STDCXX_0X ++# ++# DESCRIPTION ++# ++# Check for baseline language coverage in the compiler for the C++0x ++# standard. ++# ++# LAST MODIFICATION ++# ++# 2008-04-17 ++# ++# COPYLEFT ++# ++# Copyright (c) 2008 Benjamin Kosnik <bkoz@redhat.com> ++# ++# Copying and distribution of this file, with or without modification, are ++# permitted in any medium without royalty provided the copyright notice ++# and this notice are preserved. ++ ++AC_DEFUN([AC_CXX_COMPILE_STDCXX_0X], [ ++ AC_CACHE_CHECK(if g++ supports C++0x features without additional flags, ++ ac_cv_cxx_compile_cxx0x_native, ++ [AC_LANG_SAVE ++ AC_LANG_CPLUSPLUS ++ AC_TRY_COMPILE([ ++ template <typename T> ++ struct check ++ { ++ static_assert(sizeof(int) <= sizeof(T), "not big enough"); ++ }; ++ ++ typedef check<check<bool>> right_angle_brackets; ++ ++ int a; ++ decltype(a) b; ++ ++ typedef check<int> check_type; ++ check_type c; ++ check_type&& cr = c;],, ++ ac_cv_cxx_compile_cxx0x_native=yes, ac_cv_cxx_compile_cxx0x_native=no) ++ AC_LANG_RESTORE ++ ]) ++ ++ AC_CACHE_CHECK(if g++ supports C++0x features with -std=c++0x, ++ ac_cv_cxx_compile_cxx0x_cxx, ++ [AC_LANG_SAVE ++ AC_LANG_CPLUSPLUS ++ ac_save_CXXFLAGS="$CXXFLAGS" ++ CXXFLAGS="$CXXFLAGS -std=c++0x" ++ AC_TRY_COMPILE([ ++ template <typename T> ++ struct check ++ { ++ static_assert(sizeof(int) <= sizeof(T), "not big enough"); ++ }; ++ ++ typedef check<check<bool>> right_angle_brackets; ++ ++ int a; ++ decltype(a) b; ++ ++ typedef check<int> check_type; ++ check_type c; ++ check_type&& cr = c;],, ++ ac_cv_cxx_compile_cxx0x_cxx=yes, ac_cv_cxx_compile_cxx0x_cxx=no) ++ CXXFLAGS="$ac_save_CXXFLAGS" ++ AC_LANG_RESTORE ++ ]) ++ ++ AC_CACHE_CHECK(if g++ supports C++0x features with -std=gnu++0x, ++ ac_cv_cxx_compile_cxx0x_gxx, ++ [AC_LANG_SAVE ++ AC_LANG_CPLUSPLUS ++ ac_save_CXXFLAGS="$CXXFLAGS" ++ CXXFLAGS="$CXXFLAGS -std=gnu++0x" ++ AC_TRY_COMPILE([ ++ template <typename T> ++ struct check ++ { ++ static_assert(sizeof(int) <= sizeof(T), "not big enough"); ++ }; ++ ++ typedef check<check<bool>> right_angle_brackets; ++ ++ int a; ++ decltype(a) b; ++ ++ typedef check<int> check_type; ++ check_type c; ++ check_type&& cr = c;],, ++ ac_cv_cxx_compile_cxx0x_gxx=yes, ac_cv_cxx_compile_cxx0x_gxx=no) ++ CXXFLAGS="$ac_save_CXXFLAGS" ++ AC_LANG_RESTORE ++ ]) ++ ++ if test "$ac_cv_cxx_compile_cxx0x_native" = yes || ++ test "$ac_cv_cxx_compile_cxx0x_cxx" = yes || ++ test "$ac_cv_cxx_compile_cxx0x_gxx" = yes; then ++ AC_DEFINE(HAVE_STDCXX_0X,,[Define if g++ supports C++0x features. ]) ++ fi ++]) +--- steghide-0.5.1.old/src/Arguments.cc 2003-10-11 23:25:04.000000000 +0200 ++++ steghide-0.5.1.new/src/Arguments.cc 2008-05-09 19:04:44.000000000 +0200 +@@ -26,10 +26,12 @@ + #include "Terminal.h" + #include "common.h" + #include "error.h" + #include "msg.h" + ++float Arguments::Default_Goal = 100.0 ; ++ + // the global Arguments object + Arguments Args ; + + Arguments::Arguments (int argc, char* argv[]) + { +--- steghide-0.5.1.old/src/Arguments.h 2003-10-11 23:23:57.000000000 +0200 ++++ steghide-0.5.1.new/src/Arguments.h 2008-05-09 19:04:44.000000000 +0200 +@@ -98,11 +98,11 @@ + static const bool Default_EmbedEmbFn = true ; + static const bool Default_Force = false ; + static const VERBOSITY Default_Verbosity = NORMAL ; + static const unsigned long Default_Radius = 0 ; // there is no default radius for all file formats + static const unsigned int Max_Algorithm = 3 ; +- static const float Default_Goal = 100.0 ; ++ static float Default_Goal ; + static const DEBUGCOMMAND Default_DebugCommand = NONE ; + static const bool Default_Check = false ; + static const unsigned int Default_DebugLevel = 0 ; + static const unsigned int Default_GmlGraphRecDepth = 0 ; + static const unsigned int Default_GmlStartVertex = 0 ; +--- steghide-0.5.1.old/src/EncryptionMode.h 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/EncryptionMode.h 2008-05-09 19:04:46.000000000 +0200 +@@ -69,11 +69,11 @@ + static const unsigned int NumValues = 8 ; + IRep Value ; + + typedef struct struct_Translation { + IRep irep ; +- char* srep ; ++ const char* srep ; + } Translation ; + static const Translation Translations[] ; + } ; + + #endif // ndef SH_ENCMODE_H +--- steghide-0.5.1.old/src/Graph.cc 2003-10-11 23:54:26.000000000 +0200 ++++ steghide-0.5.1.new/src/Graph.cc 2008-05-09 19:04:46.000000000 +0200 +@@ -20,10 +20,12 @@ + + #include <ctime> + #include <list> + #include <map> + #include <vector> ++#include <algorithm> ++#include <climits> + + #include "BitString.h" + #include "CvrStgFile.h" + #include "Edge.h" + #include "Graph.h" +--- steghide-0.5.1.old/src/Matching.cc 2003-10-11 23:54:30.000000000 +0200 ++++ steghide-0.5.1.new/src/Matching.cc 2008-05-09 19:04:46.000000000 +0200 +@@ -16,10 +16,11 @@ + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ + ++#include <algorithm> + #include "Edge.h" + #include "Graph.h" + #include "Matching.h" + #include "ProgressOutput.h" + #include "common.h" +--- steghide-0.5.1.old/src/ProgressOutput.cc 2003-10-11 11:20:51.000000000 +0200 ++++ steghide-0.5.1.new/src/ProgressOutput.cc 2008-05-09 19:04:44.000000000 +0200 +@@ -21,10 +21,12 @@ + #include <cmath> + + #include "ProgressOutput.h" + #include "common.h" + ++float ProgressOutput::NoAvgWeight = 1.0 ; ++ + ProgressOutput::ProgressOutput () + : Message("__nomessage__") + { + LastUpdate = time(NULL) - 1 ; // -1 to ensure that message is written first time + } +--- steghide-0.5.1.old/src/ProgressOutput.h 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/ProgressOutput.h 2008-05-09 19:04:44.000000000 +0200 +@@ -60,13 +60,13 @@ + /** + * update the output appending rate, [average edge weight], "done" and a newline + * \param rate the rate of matched vertices + * \param avgweight the average edge weight (is not printed if not given) + **/ +- void done (float rate, float avgweight = NoAvgWeight) const ; ++ void done (float rate, float avgweight = 1.0) const ; + +- static const float NoAvgWeight = -1.0 ; ++ static float NoAvgWeight ; + + protected: + std::string vcompose (const char *msgfmt, va_list ap) const ; + + private: +--- steghide-0.5.1.old/src/SMDConstructionHeuristic.cc 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/SMDConstructionHeuristic.cc 2008-05-09 19:04:46.000000000 +0200 +@@ -16,10 +16,12 @@ + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ + ++#include <algorithm> ++ + #include "Edge.h" + #include "Graph.h" + #include "Matching.h" + #include "SMDConstructionHeuristic.h" + #include "Vertex.h" +--- steghide-0.5.1.old/src/WavFile.cc 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/WavFile.cc 2008-05-09 19:04:46.000000000 +0200 +@@ -19,10 +19,11 @@ + */ + + #include <cstdio> + #include <cstdlib> + #include <cstring> ++#include <algorithm> + + #include "CvrStgFile.h" + #include "DFSAPHeuristic.h" + #include "SampleValueAdjacencyList.h" + #include "SMDConstructionHeuristic.h" +--- steghide-0.5.1.old/src/wrapper_hash_map.h 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/wrapper_hash_map.h 2008-05-09 19:04:46.000000000 +0200 +@@ -25,17 +25,21 @@ + + #ifdef __GNUC__ + # if __GNUC__ < 3 + # include <hash_map.h> + namespace sgi { using ::hash ; using ::hash_map ; } ; +-# else ++# elif __GNUC__ == 3 || ( __GNUC__ == 4 && __GNUC_MINOR__ < 3 ) + # include <ext/hash_map> +-# if __GNUC_MINOR__ == 0 ++# if __GNUC__ == 3 && __GNUC_MINOR__ == 0 + namespace sgi = std ; // GCC 3.0 + # else + namespace sgi = __gnu_cxx ; // GCC 3.1 and later + # endif ++# else ++# include <unordered_map> ++# define hash_map unordered_map ++ namespace sgi = std ; + # endif + #else + namespace sgi = std ; + #endif + +--- steghide-0.5.1.old/src/wrapper_hash_set.h 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/wrapper_hash_set.h 2008-05-09 19:04:46.000000000 +0200 +@@ -26,17 +26,21 @@ + + #ifdef __GNUC__ + # if __GNUC__ < 3 + # include <hash_set.h> + namespace sgi { using ::hash ; using ::hash_set ; } ; +-# else ++# elif __GNUC__ == 3 || ( __GNUC__ == 4 && __GNUC_MINOR__ < 3 ) + # include <ext/hash_set> +-# if __GNUC_MINOR__ == 0 ++# if __GNUC__ == 3 && __GNUC_MINOR__ == 0 + namespace sgi = std ; // GCC 3.0 + # else + namespace sgi = ::__gnu_cxx ; // GCC 3.1 and later + # endif ++# else ++# include <unordered_set> ++# define hash_set unordered_set ++ namespace sgi = std ; + # endif + #else + namespace sgi = std ; + #endif + diff --git a/nixpkgs/pkgs/tools/security/stoken/default.nix b/nixpkgs/pkgs/tools/security/stoken/default.nix new file mode 100644 index 000000000000..d28260ffb8b9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/stoken/default.nix @@ -0,0 +1,37 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, pkgconfig +, libxml2, nettle +, withGTK3 ? true, gtk3 }: + +stdenv.mkDerivation rec { + pname = "stoken"; + version = "0.92"; + name = "${pname}-${version}"; + src = fetchFromGitHub { + owner = "cernekee"; + repo = pname; + rev = "v${version}"; + sha256 = "0q7cv8vy5b2cslm57maqb6jsm7s4rwacjyv6gplwp26yhm38hw7y"; + }; + + preConfigure = '' + aclocal + libtoolize --automake --copy + autoheader + automake --add-missing --copy + autoconf + ''; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + autoconf automake libtool + libxml2 nettle + ] ++ stdenv.lib.optional withGTK3 gtk3; + + meta = with stdenv.lib; { + description = "Software Token for Linux/UNIX"; + homepage = https://github.com/cernekee/stoken; + license = licenses.lgpl21Plus; + maintainers = [ maintainers.fuuzetsu ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/stricat/default.nix b/nixpkgs/pkgs/tools/security/stricat/default.nix new file mode 100644 index 000000000000..ecc34ede556b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/stricat/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "stricat-${version}"; + version = "20140609100300"; + + src = fetchurl { + url = "http://www.stribob.com/dist/${name}.tgz"; + sha256 = "1axg8r4g5n5kdqj5013pgck80nni3z172xkg506vz4zx1zcmrm4r"; + }; + + buildFlags = [ "CC=cc" ]; + + installPhase = '' + mkdir -p $out/bin + mv stricat $out/bin + ''; + + meta = { + description = "Multi-use cryptographic tool based on the STRIBOB algorithm"; + homepage = "https://www.stribob.com/stricat/"; + license = stdenv.lib.licenses.bsd3; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/su-exec/default.nix b/nixpkgs/pkgs/tools/security/su-exec/default.nix new file mode 100644 index 000000000000..56e40d514bb1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/su-exec/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "su-exec-${version}"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "ncopa"; + repo = "su-exec"; + rev = "v${version}"; + sha256 = "12vqlnpv48cjfh25sn98k1myc7h2wiv5qw2y2awgp6sipzv88abv"; + }; + + installPhase = '' + mkdir -p $out/bin + cp -a su-exec $out/bin/su-exec + ''; + + meta = with stdenv.lib; { + description = "switch user and group id and exec"; + homepage = "https://github.com/ncopa/su-exec"; + license = licenses.mit; + maintainers = with maintainers; [ zimbatm ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sudo/default.nix b/nixpkgs/pkgs/tools/security/sudo/default.nix new file mode 100644 index 000000000000..9714943b30d5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sudo/default.nix @@ -0,0 +1,85 @@ +{ stdenv, fetchurl, coreutils, pam, groff, sssd +, sendmailPath ? "/run/wrappers/bin/sendmail" +, withInsults ? false +, withSssd ? false +}: + +stdenv.mkDerivation rec { + name = "sudo-1.8.27"; + + src = fetchurl { + urls = + [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" + "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" + ]; + sha256 = "1h1f7v9pv0rzp14cxzv8kaa8mdd717fbqv83l7c5dvvi8jwnisvv"; + }; + + prePatch = '' + # do not set sticky bit in nix store + substituteInPlace src/Makefile.in --replace 04755 0755 + ''; + + configureFlags = [ + "--with-env-editor" + "--with-editor=/run/current-system/sw/bin/nano" + "--with-rundir=/run/sudo" + "--with-vardir=/var/db/sudo" + "--with-logpath=/var/log/sudo.log" + "--with-iologdir=/var/log/sudo-io" + "--with-sendmail=${sendmailPath}" + "--enable-tmpfiles.d=no" + ] ++ stdenv.lib.optional withInsults [ + "--with-insults" + "--with-all-insults" + ] ++ stdenv.lib.optional withSssd [ + "--with-sssd" + "--with-sssd-lib=${sssd}/lib" + ]; + + configureFlagsArray = [ + "--with-passprompt=[sudo] password for %p: " # intentional trailing space + ]; + + postConfigure = + '' + cat >> pathnames.h <<'EOF' + #undef _PATH_MV + #define _PATH_MV "${coreutils}/bin/mv" + EOF + makeFlags="install_uid=$(id -u) install_gid=$(id -g)" + installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy" + ''; + + nativeBuildInputs = [ groff ]; + buildInputs = [ pam ]; + + enableParallelBuilding = true; + + doCheck = false; # needs root + + postInstall = + '' + rm -f $out/share/doc/sudo/ChangeLog + ''; + + meta = { + description = "A command to run commands as root"; + + longDescription = + '' + Sudo (su "do") allows a system administrator to delegate + authority to give certain users (or groups of users) the ability + to run some (or all) commands as root or another user while + providing an audit trail of the commands and their arguments. + ''; + + homepage = https://www.sudo.ws/; + + license = https://www.sudo.ws/sudo/license.html; + + maintainers = [ stdenv.lib.maintainers.eelco ]; + + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix b/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix new file mode 100644 index 000000000000..15f767415890 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix @@ -0,0 +1,33 @@ +# This file was generated by go2nix, then modified by hand for Darwin support. +{ stdenv, buildGoPackage, fetchFromGitHub, fixDarwinDylibNames, darwin }: + +buildGoPackage rec { + name = "sudolikeaboss-unstable-${version}"; + version = "20161127-${stdenv.lib.strings.substring 0 7 rev}"; + rev = "2d9afe19f872c9f433d476e57ee86169781b164c"; + + goPackagePath = "github.com/ravenac95/sudolikeaboss"; + + src = fetchFromGitHub { + owner = "ravenac95"; + repo = "sudolikeaboss"; + inherit rev; + sha256 = "0ni3v4kanxfzxzjd48f5dgv62jbfrw7kdmq0snj09hw7ciw55yg6"; + }; + + goDeps = ./deps.nix; + + propagatedBuildInputs = with darwin.apple_sdk.frameworks; [ + Cocoa + fixDarwinDylibNames + ]; + + meta = with stdenv.lib; { + inherit version; + inherit (src.meta) homepage; + description = "Get 1password access from iterm2"; + license = licenses.mit; + maintainers = [ maintainers.grahamc ]; + platforms = platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix b/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix new file mode 100644 index 000000000000..350306a24f4b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix @@ -0,0 +1,39 @@ +# This file was generated by go2nix. +[ + { + goPackagePath = "github.com/Sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/Sirupsen/logrus"; + rev = "881bee4e20a5d11a6a88a5667c6f292072ac1963"; + sha256 = "176a09lp20f0qfhwwlh2xg0vk7z1g7gq8k2wr3sg1fd8m86wrzzg"; + }; + } + { + goPackagePath = "github.com/satori/go.uuid"; + fetch = { + type = "git"; + url = "https://github.com/satori/go.uuid"; + rev = "b061729afc07e77a8aa4fad0a2fd840958f1942a"; + sha256 = "0q87n5an7ha2d8kl6gn9wi41rq0whsxq68w5x3nxz7w9vgkfnq1k"; + }; + } + { + goPackagePath = "github.com/urfave/cli"; + fetch = { + type = "git"; + url = "https://github.com/urfave/cli"; + rev = "0bdeddeeb0f650497d603c4ad7b20cfe685682f6"; + sha256 = "1ny63c7bfwfrsp7vfkvb4i0xhq4v7yxqnwxa52y4xlfxs4r6v6fg"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "0c96df335ed3f17f758cba1a2c71b7849dd828e3"; + sha256 = "02zn1f539y5yc1sx82ym8c3pp3z371d1ldhl20skwjwbdw1ln8hm"; + }; + } +] diff --git a/nixpkgs/pkgs/tools/security/super/default.nix b/nixpkgs/pkgs/tools/security/super/default.nix new file mode 100644 index 000000000000..1f00d42f2774 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/super/default.nix @@ -0,0 +1,46 @@ +{ stdenv, fetchurl, fetchpatch }: + +stdenv.mkDerivation rec { + name = "super-3.30.0"; + + src = fetchurl { + name = "${name}.tar.gz"; + url = "https://www.ucolick.org/~will/RUE/super/${name}-tar.gz"; + sha256 = "0k476f83w7f45y9jpyxwr00ikv1vhjiq0c26fgjch9hnv18icvwy"; + }; + + prePatch = '' + # do not set sticky bit in nix store + substituteInPlace Makefile.in \ + --replace "-o root" "" \ + --replace 04755 755 + ''; + + patches = [ + (fetchpatch { url = https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch; + sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; + }) + ]; + + NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE"; + + configureFlags = [ + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + installFlags = "sysconfdir=$(out)/etc localstatedir=$(TMPDIR)"; + + meta = { + homepage = "https://www.ucolick.org/~will/#super"; + description = "Allows users to execute scripts as if they were root"; + longDescription = + '' + This package provides two commands: 1) “super”, which allows + users to execute commands under a different uid/gid (specified + in /etc/super.tab); and 2) “setuid”, which allows root to + execute a command under a different uid. + ''; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tboot/default.nix b/nixpkgs/pkgs/tools/security/tboot/default.nix new file mode 100644 index 000000000000..f159dd27c42a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tboot/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl, trousers, openssl, zlib }: + +stdenv.mkDerivation rec { + name = "tboot-${version}"; + version = "1.9.8"; + + src = fetchurl { + url = "mirror://sourceforge/tboot/${name}.tar.gz"; + sha256 = "06f0ggl6vrb5ghklblvh2ixgmmjv31rkp1vfj9qm497iqwq9ac00"; + }; + + patches = [ ./tboot-add-well-known-secret-option-to-lcp_writepol.patch ]; + + buildInputs = [ trousers openssl zlib ]; + + enableParallelBuilding = true; + + hardeningDisable = [ "pic" "stackprotector" ]; + + configurePhase = '' + for a in lcptools utils tb_polgen; do + substituteInPlace $a/Makefile --replace /usr/sbin /sbin + done + substituteInPlace docs/Makefile --replace /usr/share /share + ''; + + installFlags = "DESTDIR=$(out)"; + + meta = with stdenv.lib; { + description = "A pre-kernel/VMM module that uses Intel(R) TXT to perform a measured and verified launch of an OS kernel/VMM"; + homepage = https://sourceforge.net/projects/tboot/; + license = licenses.bsd3; + maintainers = with maintainers; [ ak ]; + platforms = [ "x86_64-linux" "i686-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch b/nixpkgs/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch new file mode 100644 index 000000000000..a16ba9f4fbab --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch @@ -0,0 +1,50 @@ +diff -urp tboot-1.8.0.orig/lcptools/writepol.c tboot-1.8.0/lcptools/writepol.c +--- tboot-1.8.0.orig/lcptools/writepol.c 2014-01-30 10:34:57.000000000 +0100 ++++ tboot-1.8.0/lcptools/writepol.c 2014-02-12 01:48:51.523581057 +0100 +@@ -40,6 +40,7 @@ + #include <getopt.h> + #include <trousers/tss.h> + #include <trousers/trousers.h> ++#include <tss/tss_defines.h> + + #define PRINT printf + #include "../include/uuid.h" +@@ -51,14 +52,15 @@ static uint32_t index_value = 0; + static char *file_arg=NULL; + static uint32_t fLeng; + static unsigned char *policy_data = NULL; +-static char *password = NULL; ++static const char *password = NULL; + static uint32_t passwd_length = 0; ++static const char well_known_secret[] = TSS_WELL_KNOWN_SECRET; + static int help_input = 0; + static unsigned char empty_pol_data[] = {0}; + +-static const char *short_option = "ehi:f:p:"; ++static const char *short_option = "ehi:f:p:Z"; + static const char *usage_string = "lcp_writepol -i index_value " +- "[-f policy_file] [-e] [-p passwd] [-h]"; ++ "[-f policy_file] [-e] [-p passwd|-Z] [-h]"; + + static const char *option_strings[] = { + "-i index value: uint32/string.\n" +@@ -67,6 +69,7 @@ static const char *option_strings[] = { + "\tINDEX_AUX:0x50000002 or \"aux\"\n", + "-f file_name: string. File name of the policy data is stored. \n", + "-p password: string. \n", ++ "-Z use well known secret as password. \n", + "-e write 0 length data to the index.\n" + "\tIt will be used for some special index.\n" + "\tFor example, the index with permission WRITEDEFINE.\n", +@@ -119,6 +122,11 @@ parse_cmdline(int argc, const char * arg + fLeng = 0; + break; + ++ case 'Z': ++ password = well_known_secret; ++ passwd_length = sizeof(well_known_secret); ++ break; ++ + case 'h': + help_input = 1; + break; diff --git a/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix b/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix new file mode 100644 index 000000000000..4d0feef72c9f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub, autoreconfHook +, openssl +, libcap, libpcap, libnfnetlink, libnetfilter_conntrack, libnetfilter_queue +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + name = "tcpcrypt-${version}"; + version = "0.5"; + + src = fetchFromGitHub { + repo = "tcpcrypt"; + owner = "scslab"; + rev = "v${version}"; + sha256 = "0a015rlyvagz714pgwr85f8gjq1fkc0il7d7l39qcgxrsp15b96w"; + }; + + postUnpack = ''mkdir -vp $sourceRoot/m4''; + + outputs = [ "bin" "dev" "out" ]; + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ openssl libpcap ] + ++ optionals stdenv.isLinux [ libcap libnfnetlink libnetfilter_conntrack libnetfilter_queue ]; + + enableParallelBuilding = true; + + meta = { + homepage = http://tcpcrypt.org/; + description = "Fast TCP encryption"; + platforms = platforms.all; + license = licenses.bsd2; + }; +} diff --git a/nixpkgs/pkgs/tools/security/thc-hydra/default.nix b/nixpkgs/pkgs/tools/security/thc-hydra/default.nix new file mode 100644 index 000000000000..9a7a245b8134 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/thc-hydra/default.nix @@ -0,0 +1,41 @@ +{ stdenv, lib, fetchurl, zlib, openssl, ncurses, libidn, pcre, libssh, mysql, postgresql +, withGUI ? false, makeWrapper, pkgconfig, gtk2 }: + +let + makeDirs = output: subDir: pkgs: lib.concatStringsSep " " (map (path: lib.getOutput output path + "/" + subDir) pkgs); + +in stdenv.mkDerivation rec { + name = "thc-hydra-${version}"; + version = "8.5"; + + src = fetchurl { + url = "http://www.thc.org/releases/hydra-${version}.tar.gz"; + sha256 = "0vfx6xwmw0r7nd0s232y7rckcj58fc1iqjgp4s56rakpz22b4yjm"; + }; + + preConfigure = '' + substituteInPlace configure \ + --replace "\$LIBDIRS" "${makeDirs "lib" "lib" buildInputs}" \ + --replace "\$INCDIRS" "${makeDirs "dev" "include" buildInputs}" \ + --replace "/usr/include/math.h" "${lib.getDev stdenv.cc.libc}/include/math.h" \ + --replace "libcurses.so" "libncurses.so" \ + --replace "-lcurses" "-lncurses" + ''; + + nativeBuildInputs = lib.optionals withGUI [ pkgconfig makeWrapper ]; + buildInputs = [ zlib openssl ncurses libidn pcre libssh mysql.connector-c postgresql ] + ++ lib.optional withGUI gtk2; + + postInstall = lib.optionalString withGUI '' + wrapProgram $out/bin/xhydra \ + --add-flags --hydra-path --add-flags "$out/bin/hydra" + ''; + + meta = with stdenv.lib; { + description = "A very fast network logon cracker which support many different services"; + license = licenses.agpl3; + homepage = https://www.thc.org/thc-hydra/; + maintainers = with maintainers; [offline]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/theharvester/default.nix b/nixpkgs/pkgs/tools/security/theharvester/default.nix new file mode 100644 index 000000000000..4a1e92e6104a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/theharvester/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchFromGitHub, makeWrapper, python3Packages }: + +stdenv.mkDerivation rec { + pname = "theHarvester"; + version = "3.0.6"; + + src = fetchFromGitHub { + owner = "laramies"; + repo = pname; + rev = version; + sha256 = "0f33a7sfb5ih21yp1wspb03fxsls1m14yizgrw0srfirm2a6aa0c"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + # add dependencies + propagatedBuildInputs = with python3Packages; [ requests beautifulsoup4 plotly ]; + + installPhase = '' + # create dirs + mkdir -p $out/share/${pname} $out/bin + + # move project code + mv * $out/share/${pname}/ + + # make project runnable + chmod +x $out/share/${pname}/theHarvester.py + ln -s $out/share/${pname}/theHarvester.py $out/bin + + wrapProgram "$out/bin/theHarvester.py" --prefix PYTHONPATH : $out/share/${pname}:$PYTHONPATH + ''; + + meta = with stdenv.lib; { + description = "Gather E-mails, subdomains and names from different public sources"; + homepage = "https://github.com/laramies/theHarvester"; + platforms = platforms.all; + maintainers = with maintainers; [ treemo ]; + license = licenses.gpl2; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tor/default.nix b/nixpkgs/pkgs/tools/security/tor/default.nix new file mode 100644 index 000000000000..b3b71a16eb88 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tor/default.nix @@ -0,0 +1,86 @@ +{ stdenv, fetchurl, pkgconfig, libevent, openssl, zlib, torsocks +, libseccomp, systemd, libcap, lzma, zstd, scrypt + +# for update.nix +, writeScript +, common-updater-scripts +, bash +, coreutils +, curl +, gnugrep +, gnupg +, gnused +, nix +}: + +stdenv.mkDerivation rec { + pname = "tor"; + version = "0.4.0.5"; + + src = fetchurl { + url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; + sha256 = "0vk9j3ybz5dwwbmqrdj1bjcsxy76pc8frmfvflkdzwfkvkqcp8mm"; + }; + + outputs = [ "out" "geoip" ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libevent openssl zlib lzma zstd scrypt ] ++ + stdenv.lib.optionals stdenv.isLinux [ libseccomp systemd libcap ]; + + NIX_CFLAGS_LINK = stdenv.lib.optionalString stdenv.cc.isGNU "-lgcc_s"; + + postPatch = '' + substituteInPlace contrib/client-tools/torify \ + --replace 'pathfind torsocks' true \ + --replace 'exec torsocks' 'exec ${torsocks}/bin/torsocks' + ''; + + enableParallelBuilding = true; + enableParallelChecking = false; # 4 tests fail randomly + + doCheck = true; + + postInstall = '' + mkdir -p $geoip/share/tor + mv $out/share/tor/geoip{,6} $geoip/share/tor + rm -rf $out/share/tor + ''; + + passthru.updateScript = import ./update.nix { + inherit (stdenv) lib; + inherit + writeScript + common-updater-scripts + bash + coreutils + curl + gnupg + gnugrep + gnused + nix + ; + }; + + meta = with stdenv.lib; { + homepage = https://www.torproject.org/; + repositories.git = https://git.torproject.org/git/tor; + description = "Anonymizing overlay network"; + + longDescription = '' + Tor helps improve your privacy by bouncing your communications around a + network of relays run by volunteers all around the world: it makes it + harder for somebody watching your Internet connection to learn what sites + you visit, and makes it harder for the sites you visit to track you. Tor + works with many of your existing applications, including web browsers, + instant messaging clients, remote login, and other applications based on + the TCP protocol. + ''; + + license = licenses.bsd3; + + maintainers = with maintainers; + [ phreedom doublec thoughtpolice joachifm ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tor/tor-arm.nix b/nixpkgs/pkgs/tools/security/tor/tor-arm.nix new file mode 100644 index 000000000000..170d5c4ff7a4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tor/tor-arm.nix @@ -0,0 +1,55 @@ +{ stdenv, fetchurl, makeWrapper +, python2Packages, ncurses, lsof, nettools +}: + +stdenv.mkDerivation rec { + name = "tor-arm-${version}"; + version = "1.4.5.0"; + + src = fetchurl { + url = "https://www.atagar.com/arm/resources/static/arm-${version}.tar.bz2"; + sha256 = "1yi87gdglkvi1a23hv5c3k7mc18g0rw7b05lfcw81qyxhlapf3pw"; + }; + + nativeBuildInputs = [ makeWrapper python2Packages.python ]; + + outputs = [ "out" "man" ]; + + postPatch = '' + substituteInPlace ./setup.py --replace "/usr/bin" "$out/bin" + substituteInPlace ./src/util/connections.py \ + --replace "lsof -wnPi" "${lsof}/bin/lsof" + substituteInPlace ./src/util/torTools.py \ + --replace "netstat -npl" "${nettools}/bin/netstat -npl" \ + --replace "lsof -wnPi" "${lsof}/bin/lsof" + + substituteInPlace ./arm --replace '"$0" = /usr/bin/arm' 'true' + substituteInPlace ./arm --replace "python" "${python2Packages.python}/bin/python" + + for i in ./install ./arm ./src/gui/controller.py ./src/cli/wizard.py ./src/resources/torrcOverride/override.h ./src/resources/torrcOverride/override.py ./src/resources/arm.1 ./setup.py; do + substituteInPlace $i --replace "/usr/share" "$out/share" + done + + # fixes man page installation + substituteInPlace ./setup.py --replace "src/resoureces" "src/resources" + ''; + + installPhase = '' + mkdir -p $out/share/arm $out/bin $out/libexec + python setup.py install --prefix=$out --docPath $out/share/doc/arm + cp -R src/TorCtl $out/libexec + + wrapProgram $out/bin/arm \ + --prefix PYTHONPATH : "$(toPythonPath $out):$out/libexec:$PYTHONPATH" \ + --set TERMINFO "${ncurses.out}/share/terminfo" \ + --set TERM "xterm" + ''; + + meta = { + description = "A terminal status monitor for Tor relays"; + homepage = "https://www.atagar.com/arm/"; + license = stdenv.lib.licenses.gpl3; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tor/torsocks.nix b/nixpkgs/pkgs/tools/security/tor/torsocks.nix new file mode 100644 index 000000000000..686d03b7c3fa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tor/torsocks.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchgit, autoreconfHook, libcap }: + +stdenv.mkDerivation rec { + name = "torsocks-${version}"; + version = "2.3.0"; + + src = fetchgit { + url = meta.repositories.git; + rev = "refs/tags/v${version}"; + sha256 = "0x0wpcigf22sjxg7bm0xzqihmsrz51hl4v8xf91qi4qnmr4ny1hb"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + postPatch = '' + # Patch torify_app() + sed -i \ + -e 's,\(local app_path\)=`which $1`,\1=`type -P $1`,' \ + -e 's,\(local getcap\)=.*,\1=${libcap}/bin/getcap,' \ + src/bin/torsocks.in + ''; + + doInstallCheck = true; + installCheckTarget = "check-recursive"; + + meta = { + description = "Wrapper to safely torify applications"; + homepage = https://github.com/dgoulet/torsocks; + repositories.git = https://git.torproject.org/torsocks.git; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.unix; + maintainers = with stdenv.lib.maintainers; [ phreedom thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tor/update.nix b/nixpkgs/pkgs/tools/security/tor/update.nix new file mode 100644 index 000000000000..c944883d4178 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tor/update.nix @@ -0,0 +1,71 @@ +{ lib +, writeScript +, common-updater-scripts +, bash +, coreutils +, curl +, gnugrep +, gnupg +, gnused +, nix +}: + +with lib; + +let + downloadPageUrl = "https://dist.torproject.org"; + + # See https://www.torproject.org/docs/signing-keys.html + signingKeys = [ + # Roger Dingledine + "B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5" + "F65C E37F 04BA 5B36 0AE6 EE17 C218 5258 19F7 8451" + # Nick Mathewson + "2133 BC60 0AB1 33E1 D826 D173 FE43 009C 4607 B1FB" + "B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5" + ]; +in + +writeScript "update-tor" '' +#! ${bash}/bin/bash + +set -eu -o pipefail + +export PATH=${makeBinPath [ + common-updater-scripts + coreutils + curl + gnugrep + gnupg + gnused + nix +]} + +srcBase=$(curl -L --list-only -- "${downloadPageUrl}" \ + | grep -Eo 'tor-([[:digit:]]+\.?)+\.tar\.gz' \ + | sort -Vu \ + | tail -n1) +srcFile=$srcBase +srcUrl=${downloadPageUrl}/$srcBase + +srcName=''${srcBase/.tar.gz/} +srcVers=(''${srcName//-/ }) +version=''${srcVers[1]} + +sigUrl=$srcUrl.asc +sigFile=''${sigUrl##*/} + +# upstream does not support byte ranges ... +[[ -e "$srcFile" ]] || curl -L -o "$srcFile" -- "$srcUrl" +[[ -e "$sigFile" ]] || curl -L -o "$sigFile" -- "$sigUrl" + +export GNUPGHOME=$PWD/gnupg +mkdir -m 700 -p "$GNUPGHOME" + +gpg --batch --recv-keys ${concatStringsSep " " (map (x: "'${x}'") signingKeys)} +gpg --batch --verify "$sigFile" "$srcFile" + +sha256=$(nix-hash --type sha256 --flat --base32 "$srcFile") + +update-source-version tor "$version" "$sha256" +'' diff --git a/nixpkgs/pkgs/tools/security/tpm-luks/default.nix b/nixpkgs/pkgs/tools/security/tpm-luks/default.nix new file mode 100644 index 000000000000..7d0ff797336d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-luks/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchgit, autoreconfHook, gawk, trousers, cryptsetup, openssl }: + +stdenv.mkDerivation rec { + name = "tpm-luks-${version}"; + version = "git-2015-07-11"; + + src = fetchgit { + url = "https://github.com/momiji/tpm-luks"; + rev = "c9c5b7fdddbcdac1cd4d2ea6baddd0617cc88ffa"; + sha256 = "1ms2v57f13r9km6mvf9rha5ndmlmjvrz3mcikai6nzhpj0nrjz0w"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ gawk trousers cryptsetup openssl ]; + + installPhase = '' + mkdir -p $out + make install DESTDIR=$out + mv $out/$out/sbin $out/bin + rm -r $out/nix + ''; + + meta = with stdenv.lib; { + description = "LUKS key storage in TPM NVRAM"; + homepage = https://github.com/shpedoikal/tpm-luks/; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/tpm-quote-tools/default.nix b/nixpkgs/pkgs/tools/security/tpm-quote-tools/default.nix new file mode 100644 index 000000000000..1541575aed74 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-quote-tools/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl, trousers, openssl }: + +stdenv.mkDerivation rec { + name = "tpm-quote-tools-${version}"; + version = "1.0.4"; + + src = fetchurl { + url = "mirror://sourceforge/project/tpmquotetools/${version}/${name}.tar.gz"; + sha256 = "1qjs83xb4np4yn1bhbjfhvkiika410v8icwnjix5ad96w2nlxp0h"; + }; + + buildInputs = [ trousers openssl ]; + + postFixup = '' + patchelf \ + --set-rpath "${stdenv.lib.makeLibraryPath [ openssl ]}:$(patchelf --print-rpath $out/bin/tpm_mkaik)" \ + $out/bin/tpm_mkaik + ''; + + meta = with stdenv.lib; { + description = "A collection of programs that provide support for TPM based attestation using the TPM quote mechanism"; + longDescription = '' + The TPM Quote Tools is a collection of programs that provide support + for TPM based attestation using the TPM quote mechanism. The manual + page for tpm_quote_tools provides a usage overview. + ''; + homepage = http://tpmquotetools.sourceforge.net/; + license = licenses.bsd3; + maintainers = with maintainers; [ ak ndowens ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tpm-tools/default.nix b/nixpkgs/pkgs/tools/security/tpm-tools/default.nix new file mode 100644 index 000000000000..1944cf236e1e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm-tools/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl, trousers, openssl, opencryptoki, perl }: + +let + version = "1.3.9.1"; +in +stdenv.mkDerivation rec { + name = "tpm-tools-${version}"; + + src = fetchurl { + url = "mirror://sourceforge/trousers/tpm-tools/${version}/${name}.tar.gz"; + sha256 = "0s7srgghykxnlb1g4izabzf2gfb1knxc0nzn6bly49h8cpi19dww"; + }; + + sourceRoot = "."; + + nativeBuildInputs = [ perl ]; + buildInputs = [ trousers openssl opencryptoki ]; + + meta = with stdenv.lib; { + description = "Management tools for TPM hardware"; + longDescription = '' + tpm-tools is an open-source package designed to enable user and + application enablement of Trusted Computing using a Trusted Platform + Module (TPM), similar to a smart card environment. + ''; + homepage = https://sourceforge.net/projects/trousers/files/tpm-tools/; + license = licenses.cpl10; + maintainers = [ maintainers.ak ]; + platforms = platforms.unix; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix b/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix new file mode 100644 index 000000000000..1a6c8aaaa5d2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchurl, lib +, cmocka, curl, pandoc, pkgconfig, openssl, tpm2-tss }: + +stdenv.mkDerivation rec { + pname = "tpm2-tools"; + version = "3.2.0"; + + src = fetchurl { + url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; + sha256 = "057gg84zly6gjp6ypj6bv6zzmnr77cqsygl8x0147cylwa1ywydd"; + }; + + nativeBuildInputs = [ pandoc pkgconfig ]; + buildInputs = [ + curl openssl tpm2-tss + # For unit tests. + cmocka + ]; + + configureFlags = [ "--enable-unit" ]; + doCheck = true; + + meta = with lib; { + description = "Command line tools that provide access to a TPM 2.0 compatible device"; + homepage = https://github.com/tpm2-software/tpm2-tools; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ delroth ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch b/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch new file mode 100644 index 000000000000..774a14f72bab --- /dev/null +++ b/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch @@ -0,0 +1,19 @@ +diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/tcsd_conf.c +--- trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c 2013-07-12 18:27:37.000000000 +0200 ++++ trousers-0.3.11.2/src/tcsd/tcsd_conf.c 2013-08-21 14:29:42.917231648 +0200 +@@ -763,6 +763,7 @@ + return TCSERR(TSS_E_INTERNAL_ERROR); + } + ++#ifndef ALLOW_NON_TSS_CONFIG_FILE + /* make sure user/group TSS owns the conf file */ + if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { + LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file, +@@ -775,6 +776,7 @@ + LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file); + return TCSERR(TSS_E_INTERNAL_ERROR); + } ++#endif + #endif /* SOLARIS */ + + if ((f = fopen(tcsd_config_file, "r")) == NULL) { diff --git a/nixpkgs/pkgs/tools/security/trousers/default.nix b/nixpkgs/pkgs/tools/security/trousers/default.nix new file mode 100644 index 000000000000..8309390d013b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/trousers/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl, openssl, pkgconfig }: + +stdenv.mkDerivation rec { + name = "trousers-${version}"; + version = "0.3.13"; + + src = fetchurl { + url = "mirror://sourceforge/trousers/trousers/${version}/${name}.tar.gz"; + sha256 = "1lvnla1c1ig2w3xvvrqg2w9qm7a1ygzy1j2gg8j7p8c87i58x45v"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ openssl ]; + + patches = [ ./allow-non-tss-config-file-owner.patch ]; + + configureFlags = [ "--disable-usercheck" ]; + + # Attempt to remove -std=gnu89 when updating if using gcc5 + NIX_CFLAGS_COMPILE = "-std=gnu89 -DALLOW_NON_TSS_CONFIG_FILE"; + NIX_LDFLAGS = "-lgcc_s"; + + # Fix broken libtool file + preFixup = stdenv.lib.optionalString (!stdenv.isDarwin) '' + sed 's,-lcrypto,-L${openssl.out}/lib -lcrypto,' -i $out/lib/libtspi.la + ''; + + meta = with stdenv.lib; { + description = "Trusted computing software stack"; + homepage = http://trousers.sourceforge.net/; + license = licenses.cpl10; + maintainers = [ maintainers.ak ]; + platforms = platforms.linux; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/trufflehog/default.nix b/nixpkgs/pkgs/tools/security/trufflehog/default.nix new file mode 100644 index 000000000000..9492f2bb6eac --- /dev/null +++ b/nixpkgs/pkgs/tools/security/trufflehog/default.nix @@ -0,0 +1,38 @@ +{ lib, pythonPackages }: + +let + truffleHogRegexes = pythonPackages.buildPythonPackage rec { + pname = "truffleHogRegexes"; + version = "0.0.4"; + src = pythonPackages.fetchPypi { + inherit pname version; + sha256 = "09vrscbb4h4w01gmamlzghxx6cvrqdscylrbdcnbjsd05xl7zh4z"; + }; + }; +in + pythonPackages.buildPythonApplication rec { + pname = "truffleHog"; + version = "2.0.97"; + + src = pythonPackages.fetchPypi { + inherit pname version; + sha256 = "034kpv1p4m90286slvc6d4mlrzaf0b5jbd4qaj87hj65wbpcpg8r"; + }; + + # Relax overly restricted version constraint + postPatch = '' + substituteInPlace setup.py --replace "GitPython ==" "GitPython >= " + ''; + + propagatedBuildInputs = [ pythonPackages.GitPython truffleHogRegexes ]; + + # Test cases run git clone and require network access + doCheck = false; + + meta = { + homepage = https://github.com/dxa4481/truffleHog; + description = "Searches through git repositories for high entropy strings and secrets, digging deep into commit history"; + license = with lib.licenses; [ gpl2 ]; + maintainers = with lib.maintainers; [ bhipple ]; + }; + } diff --git a/nixpkgs/pkgs/tools/security/vault/default.nix b/nixpkgs/pkgs/tools/security/vault/default.nix new file mode 100644 index 000000000000..3f366a583204 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vault/default.nix @@ -0,0 +1,44 @@ +{ stdenv, fetchFromGitHub, go, gox, removeReferencesTo }: + +stdenv.mkDerivation rec { + name = "vault-${version}"; + version = "1.1.3"; + + src = fetchFromGitHub { + owner = "hashicorp"; + repo = "vault"; + rev = "v${version}"; + sha256 = "0dylwvs95crvn1p7pbyzib979rxzp4ivzvi5k4f5ivp4ygnp597s"; + }; + + nativeBuildInputs = [ go gox removeReferencesTo ]; + + preBuild = '' + patchShebangs ./ + substituteInPlace scripts/build.sh --replace 'git rev-parse HEAD' 'echo ${src.rev}' + sed -i s/'^GIT_DIRTY=.*'/'GIT_DIRTY="+NixOS"'/ scripts/build.sh + + mkdir -p .git/hooks src/github.com/hashicorp + ln -s $(pwd) src/github.com/hashicorp/vault + + export GOPATH=$(pwd) + export GOCACHE="$TMPDIR/go-cache" + ''; + + installPhase = '' + mkdir -p $out/bin $out/share/bash-completion/completions + + cp pkg/*/* $out/bin/ + find $out/bin -type f -exec remove-references-to -t ${go} '{}' + + + echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault + ''; + + meta = with stdenv.lib; { + homepage = https://www.vaultproject.io; + description = "A tool for managing secrets"; + platforms = platforms.linux ++ platforms.darwin; + license = licenses.mpl20; + maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/volatility/default.nix b/nixpkgs/pkgs/tools/security/volatility/default.nix new file mode 100644 index 000000000000..e3b7fb643a26 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/volatility/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchurl, pythonPackages }: + +pythonPackages.buildPythonApplication rec { + version = "2.6"; + name = "volatility-${version}"; + + src = fetchurl { + url = "https://downloads.volatilityfoundation.org/releases/${version}/${name}.zip"; + sha256 = "15cjrx31nnqa3bpjkv0x05j7f2sb7pq46a72zh7qg55zf86hawsv"; + }; + + doCheck = false; + + propagatedBuildInputs = [ pythonPackages.pycrypto pythonPackages.distorm3 ]; + + meta = with stdenv.lib; { + homepage = https://www.volatilityfoundation.org/; + description = "Advanced memory forensics framework"; + maintainers = with maintainers; [ bosu ]; + license = stdenv.lib.licenses.gpl2Plus; + }; +} diff --git a/nixpkgs/pkgs/tools/security/vulnix/default.nix b/nixpkgs/pkgs/tools/security/vulnix/default.nix new file mode 100644 index 000000000000..2f7986c128b5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vulnix/default.nix @@ -0,0 +1,53 @@ +{ stdenv, pythonPackages, nix, ronn }: + +pythonPackages.buildPythonApplication rec { + pname = "vulnix"; + version = "1.8.2"; + + src = pythonPackages.fetchPypi { + inherit pname version; + sha256 = "0zn21j15vd1z7s40s45zr5wri3r770yvazxqmm60fqpzc5sg552y"; + }; + + outputs = [ "out" "doc" "man" ]; + nativeBuildInputs = [ ronn ]; + + checkInputs = with pythonPackages; [ + freezegun + pytest + pytestcov + pytest-flake8 + ]; + + propagatedBuildInputs = [ + nix + ] ++ (with pythonPackages; [ + click + colorama + lxml + pyyaml + requests + toml + zodb + ]); + + postBuild = "make -C doc"; + + checkPhase = "py.test src/vulnix"; + + postInstall = '' + install -D -t $doc/share/doc/vulnix README.rst CHANGES.rst + gzip $doc/share/doc/vulnix/*.rst + install -D -t $man/share/man/man1 doc/vulnix.1 + install -D -t $man/share/man/man5 doc/vulnix-whitelist.5 + ''; + + dontStrip = true; + + meta = with stdenv.lib; { + description = "NixOS vulnerability scanner"; + homepage = https://github.com/flyingcircusio/vulnix; + license = licenses.bsd3; + maintainers = with maintainers; [ ckauhaus plumps ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wipe/default.nix b/nixpkgs/pkgs/tools/security/wipe/default.nix new file mode 100644 index 000000000000..a7c337dc1222 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wipe/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "wipe-${version}"; + version = "2.3.1"; + + src = fetchurl { + url = "mirror://sourceforge/wipe/${version}/${name}.tar.bz2"; + sha256 = "180snqvh6k6il6prb19fncflf2jcvkihlb4w84sbndcv1wvicfa6"; + }; + + patches = [ ./fix-install.patch ]; + + meta = with stdenv.lib; { + description = "Secure file wiping utility"; + homepage = http://wipe.sourceforge.net/; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = [ maintainers.abbradar ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wipe/fix-install.patch b/nixpkgs/pkgs/tools/security/wipe/fix-install.patch new file mode 100644 index 000000000000..2df3a1eec6a0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wipe/fix-install.patch @@ -0,0 +1,18 @@ +diff -ru3 wipe-2.3.1/Makefile.in wipe-2.3.1-new/Makefile.in +--- wipe-2.3.1/Makefile.in 2009-11-02 00:11:30.000000000 +0300 ++++ wipe-2.3.1-new/Makefile.in 2014-10-18 02:51:10.088966232 +0400 +@@ -60,12 +60,12 @@ + $(INSTALL_BIN) -d $(bindir) + $(INSTALL_BIN) -s $(BIN_OUT) $(bindir) + $(INSTALL) -d $(mandir)/man1 +- $(INSTALL) -o root -m 0644 wipe.1 $(mandir)/man1/ ++ $(INSTALL) -m 0644 wipe.1 $(mandir)/man1/ + rm -rf $(datadir)/doc/wipe* + $(INSTALL) -d $(datadir)/doc/wipe + + for file in $(DOCS); do \ +- $(INSTALL) -o root -m 0644 $$file $(datadir)/doc/wipe/; \ ++ $(INSTALL) -m 0644 $$file $(datadir)/doc/wipe/; \ + done + + install_home: $(BIN_OUT) diff --git a/nixpkgs/pkgs/tools/security/wpscan/Gemfile b/nixpkgs/pkgs/tools/security/wpscan/Gemfile new file mode 100644 index 000000000000..5d76cd24f3ea --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wpscan/Gemfile @@ -0,0 +1,2 @@ +source 'https://rubygems.org' +gem 'wpscan' diff --git a/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock b/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock new file mode 100644 index 000000000000..bf03aba14181 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock @@ -0,0 +1,51 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (5.2.3) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + addressable (2.6.0) + public_suffix (>= 2.0.2, < 4.0) + cms_scanner (0.5.1) + nokogiri (~> 1.10.0) + opt_parse_validator (~> 1.7.2) + public_suffix (~> 3.0.0) + ruby-progressbar (~> 1.10.0) + typhoeus (~> 1.3.0) + xmlrpc (~> 0.3) + yajl-ruby (~> 1.4.1) + concurrent-ruby (1.1.5) + ethon (0.12.0) + ffi (>= 1.3.0) + ffi (1.10.0) + i18n (1.6.0) + concurrent-ruby (~> 1.0) + mini_portile2 (2.4.0) + minitest (5.11.3) + nokogiri (1.10.3) + mini_portile2 (~> 2.4.0) + opt_parse_validator (1.7.2) + activesupport (>= 4.2, < 5.3.0) + addressable (>= 2.5, < 2.7) + public_suffix (3.0.3) + ruby-progressbar (1.10.0) + thread_safe (0.3.6) + typhoeus (1.3.1) + ethon (>= 0.9.0) + tzinfo (1.2.5) + thread_safe (~> 0.1) + wpscan (3.5.3) + cms_scanner (~> 0.5.0) + xmlrpc (0.3.0) + yajl-ruby (1.4.1) + +PLATFORMS + ruby + +DEPENDENCIES + wpscan + +BUNDLED WITH + 1.17.2 diff --git a/nixpkgs/pkgs/tools/security/wpscan/default.nix b/nixpkgs/pkgs/tools/security/wpscan/default.nix new file mode 100644 index 000000000000..85455325f695 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wpscan/default.nix @@ -0,0 +1,21 @@ +{ bundlerApp, lib, makeWrapper, curl }: + +bundlerApp { + pname = "wpscan"; + gemdir = ./.; + exes = [ "wpscan" ]; + + buildInputs = [ makeWrapper ]; + postBuild = '' + wrapProgram "$out/bin/wpscan" \ + --prefix PATH : ${lib.makeBinPath [ curl ]} + ''; + + meta = with lib; { + description = "Black box WordPress vulnerability scanner"; + homepage = https://wpscan.org/; + license = licenses.unfreeRedistributable; + maintainers = with maintainers; [ nyanloutre manveru ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wpscan/gemset.nix b/nixpkgs/pkgs/tools/security/wpscan/gemset.nix new file mode 100644 index 000000000000..c0ad80bd99b1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wpscan/gemset.nix @@ -0,0 +1,202 @@ +{ + activesupport = { + dependencies = ["concurrent-ruby" "i18n" "minitest" "tzinfo"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "110vp4frgkw3mpzlmshg2f2ig09cknls2w68ym1r1s39d01v0mi8"; + type = "gem"; + }; + version = "5.2.3"; + }; + addressable = { + dependencies = ["public_suffix"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0bcm2hchn897xjhqj9zzsxf3n9xhddymj4lsclz508f4vw3av46l"; + type = "gem"; + }; + version = "2.6.0"; + }; + cms_scanner = { + dependencies = ["nokogiri" "opt_parse_validator" "public_suffix" "ruby-progressbar" "typhoeus" "xmlrpc" "yajl-ruby"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03hvvqq0s35a6l7lx9zpagv0gcdzhw7jvhzssiaiy6y81cx4z9pn"; + type = "gem"; + }; + version = "0.5.1"; + }; + concurrent-ruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1x07r23s7836cpp5z9yrlbpljcxpax14yw4fy4bnp6crhr6x24an"; + type = "gem"; + }; + version = "1.1.5"; + }; + ethon = { + dependencies = ["ffi"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gggrgkcq839mamx7a8jbnp2h7x2ykfn34ixwskwb0lzx2ak17g9"; + type = "gem"; + }; + version = "0.12.0"; + }; + ffi = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0j8pzj8raxbir5w5k6s7a042sb5k02pg0f8s4na1r5lan901j00p"; + type = "gem"; + }; + version = "1.10.0"; + }; + i18n = { + dependencies = ["concurrent-ruby"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hfxnlyr618s25xpafw9mypa82qppjccbh292c4l3bj36az7f6wl"; + type = "gem"; + }; + version = "1.6.0"; + }; + mini_portile2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15zplpfw3knqifj9bpf604rb3wc1vhq6363pd6lvhayng8wql5vy"; + type = "gem"; + }; + version = "2.4.0"; + }; + minitest = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0icglrhghgwdlnzzp4jf76b0mbc71s80njn5afyfjn4wqji8mqbq"; + type = "gem"; + }; + version = "5.11.3"; + }; + nokogiri = { + dependencies = ["mini_portile2"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "02bjydih0j515szfv9mls195cvpyidh6ixm7dwbl3s2sbaxxk5s4"; + type = "gem"; + }; + version = "1.10.3"; + }; + opt_parse_validator = { + dependencies = ["activesupport" "addressable"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14zp0260x652pf75maq9ydvqsqgv8ji9w85gjk8f0vwjykf1151n"; + type = "gem"; + }; + version = "1.7.2"; + }; + public_suffix = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08q64b5br692dd3v0a9wq9q5dvycc6kmiqmjbdxkxbfizggsvx6l"; + type = "gem"; + }; + version = "3.0.3"; + }; + ruby-progressbar = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1cv2ym3rl09svw8940ny67bav7b2db4ms39i4raaqzkf59jmhglk"; + type = "gem"; + }; + version = "1.10.0"; + }; + thread_safe = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nmhcgq6cgz44srylra07bmaw99f5271l0dpsvl5f75m44l0gmwy"; + type = "gem"; + }; + version = "0.3.6"; + }; + typhoeus = { + dependencies = ["ethon"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0cni8b1idcp0dk8kybmxydadhfpaj3lbs99w5kjibv8bsmip2zi5"; + type = "gem"; + }; + version = "1.3.1"; + }; + tzinfo = { + dependencies = ["thread_safe"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1fjx9j327xpkkdlxwmkl3a8wqj7i4l4jwlrv3z13mg95z9wl253z"; + type = "gem"; + }; + version = "1.2.5"; + }; + wpscan = { + dependencies = ["cms_scanner"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0j4v24iwy35q7qy3l8zr5r8mjn7nc7ahdiq13dpgjwrprvrw1jk2"; + type = "gem"; + }; + version = "3.5.3"; + }; + xmlrpc = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1s744iwblw262gj357pky3d9fcx9hisvla7rnw29ysn5zsb6i683"; + type = "gem"; + }; + version = "0.3.0"; + }; + yajl-ruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16v0w5749qjp13xhjgr2gcsvjv6mf35br7iqwycix1n2h7kfcckf"; + type = "gem"; + }; + version = "1.4.1"; + }; +} \ No newline at end of file diff --git a/nixpkgs/pkgs/tools/security/yara/default.nix b/nixpkgs/pkgs/tools/security/yara/default.nix new file mode 100644 index 000000000000..7fcb9fc10bd1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yara/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, pcre +, withCrypto ? true, openssl +, enableMagic ? true, file +, enableCuckoo ? true, jansson +}: + +stdenv.mkDerivation rec { + version = "3.10.0"; + name = "yara-${version}"; + + src = fetchFromGitHub { + owner = "VirusTotal"; + repo = "yara"; + rev = "v${version}"; + sha256 = "1qxqk324cyvi4n09s79786ciig1gdyhs9dnsm07hf95a3kh6w5z2"; + }; + + buildInputs = [ autoconf automake libtool pcre] + ++ stdenv.lib.optionals withCrypto [ openssl ] + ++ stdenv.lib.optionals enableMagic [ file ] + ++ stdenv.lib.optionals enableCuckoo [ jansson ] + ; + + preConfigure = "./bootstrap.sh"; + + configureFlags = [ + (stdenv.lib.withFeature withCrypto "crypto") + (stdenv.lib.enableFeature enableMagic "magic") + (stdenv.lib.enableFeature enableCuckoo "cuckoo") + ]; + + meta = with stdenv.lib; { + description = "The pattern matching swiss knife for malware researchers"; + homepage = http://Virustotal.github.io/yara/; + license = licenses.asl20; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zmap/default.nix b/nixpkgs/pkgs/tools/security/zmap/default.nix new file mode 100644 index 000000000000..f98b4295e9e6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zmap/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub, cmake, pkgconfig, libjson, json_c, gengetopt, flex, byacc, gmp +, libpcap +}: + +stdenv.mkDerivation rec { + pname = "zmap"; + version = "2.1.1"; + + src = fetchFromGitHub { + owner = "zmap"; + repo = pname; + rev = "v${version}"; + sha256 = "0yaahaiawkjk020hvsb8pndbrk8k10wxkfba1irp12a4sj6rywcs"; + }; + + cmakeFlags = [ "-DRESPECT_INSTALL_PREFIX_CONFIG=ON" ]; + dontUseCmakeBuildDir = true; + + nativeBuildInputs = [ cmake pkgconfig gengetopt flex byacc ]; + buildInputs = [ libjson json_c gmp libpcap ]; + + outputs = [ "out" "man" ]; + + meta = with stdenv.lib; { + homepage = https://zmap.io/; + license = licenses.asl20; + description = "Fast single packet network scanner designed for Internet-wide network surveys"; + maintainers = with maintainers; [ ma27 ]; + platforms = platforms.unix; + broken = stdenv.isDarwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zzuf/default.nix b/nixpkgs/pkgs/tools/security/zzuf/default.nix new file mode 100644 index 000000000000..dc2cfe81746a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zzuf/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, pkgconfig }: + +stdenv.mkDerivation rec { + pname = "zzuf"; + version = "0.15"; + + src = fetchFromGitHub { + owner = "samhocevar"; + repo = "zzuf"; + rev = "v${version}"; + sha256 = "0li1s11xf32dafxq1jbnc8c63313hy9ry09dja2rymk9mza4x2n9"; + }; + + buildInputs = [ autoconf automake libtool pkgconfig ]; + + preConfigure = "./bootstrap"; + + meta = with stdenv.lib; { + description = "Transparent application input fuzzer."; + homepage = http://caca.zoy.org/wiki/zzuf; + license = licenses.wtfpl; + platforms = platforms.linux; + maintainers = with maintainers; [ lihop ]; + }; +} |