diff options
Diffstat (limited to 'pkgs/tools/security')
44 files changed, 637 insertions, 328 deletions
diff --git a/pkgs/tools/security/bmrsa/11.nix b/pkgs/tools/security/bmrsa/11.nix index 745f2a04cd37..343d48f91d72 100644 --- a/pkgs/tools/security/bmrsa/11.nix +++ b/pkgs/tools/security/bmrsa/11.nix @@ -1,38 +1,28 @@ -args @ {unzip, ... } : -let - lib = args.lib; - fetchurl = args.fetchurl; - fullDepEntry = args.fullDepEntry; +{ stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + name = "bmrsa-${version}"; + version = "11"; - version = "11"; - buildInputs = with args; [ - unzip - ]; -in -rec { src = fetchurl { url = "mirror://sourceforge/bmrsa/bmrsa${version}.zip"; sha256 = "0ksd9xkvm9lkvj4yl5sl0zmydp1wn3xhc55b28gj70gi4k75kcl4"; }; - inherit buildInputs; - configureFlags = []; - - /* doConfigure should be specified separately */ - phaseNames = ["doMakeInstall"]; + buildInputs = [ unzip ]; - doUnpack = fullDepEntry ('' + unpackPhase = '' mkdir bmrsa - cd bmrsa + cd bmrsa unzip ${src} sed -e 's/gcc/g++/' -i Makefile mkdir -p $out/bin echo -e 'install:\n\tcp bmrsa '$out'/bin' >> Makefile - '') ["minInit" "addInputs" "defEnsureDir"]; - - name = "bmrsa-"+version; - meta = { + ''; + + meta = with stdenv.lib; { description = "RSA utility"; + homepage = http://bmrsa.sourceforge.net/; + license = licenses.gpl1; }; } - diff --git a/pkgs/tools/security/bruteforce-luks/default.nix b/pkgs/tools/security/bruteforce-luks/default.nix new file mode 100644 index 000000000000..a28f949c7fdd --- /dev/null +++ b/pkgs/tools/security/bruteforce-luks/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, cryptsetup }: + +stdenv.mkDerivation rec { + name = "bruteforce-luks-${version}"; + version = "1.2.0"; + + src = fetchFromGitHub { + sha256 = "0d01rn45dg7ysa75r8z0b31hj1z7w47vv5vr359pl71zxgzngjd2"; + rev = version; + repo = "bruteforce-luks"; + owner = "glv2"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ cryptsetup ]; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with stdenv.lib; { + inherit (src.meta) homepage; + description = "Cracks passwords of LUKS encrypted volumes"; + longDescription = '' + The program tries to decrypt at least one of the key slots by trying + all the possible passwords. It is especially useful if you know + something about the password (i.e. you forgot a part of your password but + still remember most of it). Finding the password of a volume without + knowing anything about it would take way too much time (unless the + password is really short and/or weak). It can also use a dictionary. + ''; + license = licenses.gpl3Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ nckx ]; + }; +} diff --git a/pkgs/tools/security/cipherscan/default.nix b/pkgs/tools/security/cipherscan/default.nix new file mode 100644 index 000000000000..bde9756ee1a0 --- /dev/null +++ b/pkgs/tools/security/cipherscan/default.nix @@ -0,0 +1,43 @@ +{ stdenv, lib, fetchFromGitHub, pkgconfig, openssl, makeWrapper, python, coreutils }: + +stdenv.mkDerivation rec { + name = "cipherscan-${version}"; + version = "2015-12-17"; + src = fetchFromGitHub { + owner = "jvehent"; + repo = "cipherscan"; + rev = "18b0d1b952d027d20e38f07329817873ec077d26"; + sha256 = "0b6fkfm2y8w04am4krspmapcc5ngn603n5rlwyjly92z2dawc7h8"; + }; + buildInputs = [ makeWrapper python ]; + patches = [ ./path.patch ]; + buildPhase = '' + substituteInPlace cipherscan \ + --replace "@OPENSSLBIN@" \ + "${openssl}/bin/openssl" \ + --replace "@TIMEOUTBIN@" \ + "${coreutils}/bin/timeout" \ + --replace "@READLINKBIN@" \ + "${coreutils}/bin/readlink" + + substituteInPlace analyze.py \ + --replace "@OPENSSLBIN@" \ + "${openssl}/bin/openssl" + ''; + installPhase = '' + mkdir -p $out/bin + + cp cipherscan $out/bin + cp openssl.cnf $out/bin + cp analyze.py $out/bin + + wrapProgram $out/bin/analyze.py --set PYTHONPATH "$PYTHONPATH" + ''; + meta = with lib; { + description = "Very simple way to find out which SSL ciphersuites are supported by a target"; + homepage = "https://github.com/jvehent/cipherscan"; + license = licenses.mpl20; + platforms = platforms.all; + maintainers = with maintainers; [ cstrahan ]; + }; +} diff --git a/pkgs/tools/security/cipherscan/path.patch b/pkgs/tools/security/cipherscan/path.patch new file mode 100644 index 000000000000..3b6d8ef80509 --- /dev/null +++ b/pkgs/tools/security/cipherscan/path.patch @@ -0,0 +1,93 @@ +diff --git a/analyze.py b/analyze.py +index bb62af8..e929253 100755 +--- a/analyze.py ++++ b/analyze.py +@@ -418,13 +418,7 @@ def build_ciphers_lists(opensslbin): + + # use system openssl if not on linux 64 + if not opensslbin: +- if platform.system() == 'Linux' and platform.architecture()[0] == '64bit': +- opensslbin = mypath + '/openssl' +- elif platform.system() == 'Darwin' and platform.architecture()[0] == '64bit': +- opensslbin = mypath + '/openssl-darwin64' +- else: +- opensslbin='openssl' +- print("warning: analyze.py is using system's openssl, which may limit the tested ciphers and recommendations") ++ opensslbin = "@OPENSSLBIN@" + + logging.debug('Loading all ciphers: ' + allC) + all_ciphers = subprocess.Popen([opensslbin, 'ciphers', allC], +diff --git a/cipherscan b/cipherscan +index 236b34f..a240d13 100755 +--- a/cipherscan ++++ b/cipherscan +@@ -30,43 +30,12 @@ if [[ -n $NOAUTODETECT ]]; then + else + case "$(uname -s)" in + Darwin) +- opensslbin_name="openssl-darwin64" +- +- READLINKBIN=$(which greadlink 2>/dev/null) +- if [[ -z $READLINKBIN ]]; then +- echo "greadlink not found. (try: brew install coreutils)" 1>&2 +- exit 1 +- fi +- TIMEOUTBIN=$(which gtimeout 2>/dev/null) +- if [[ -z $TIMEOUTBIN ]]; then +- echo "gtimeout not found. (try: brew install coreutils)" 1>&2 +- exit 1 +- fi ++ READLINKBIN="@READLINKBIN@" ++ TIMEOUTBIN="@TIMEOUTBIN@" + ;; + *) +- opensslbin_name="openssl" +- +- # test that readlink or greadlink (darwin) are present +- READLINKBIN="$(which readlink)" +- +- if [[ -z $READLINKBIN ]]; then +- READLINKBIN="$(which greadlink)" +- if [[ -z $READLINKBIN ]]; then +- echo "neither readlink nor greadlink are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2 +- exit 1 +- fi +- fi +- +- # test that timeout or gtimeout (darwin) are present +- TIMEOUTBIN="$(which timeout)" +- +- if [[ -z $TIMEOUTBIN ]]; then +- TIMEOUTBIN="$(which gtimeout)" +- if [[ -z $TIMEOUTBIN ]]; then +- echo "neither timeout nor gtimeout are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2 +- exit 1 +- fi +- fi ++ READLINKBIN="@READLINKBIN@" ++ TIMEOUTBIN="@TIMEOUTBIN@" + + # Check for busybox, which has different arguments + TIMEOUTOUTPUT="$($TIMEOUTBIN --help 2>&1)" +@@ -1944,20 +1913,7 @@ do + done + + if [[ -z $OPENSSLBIN ]]; then +- readlink_result=$("$READLINKBIN" -f "$0") +- if [[ -z $readlink_result ]]; then +- echo "$READLINKBIN -f $0 failed, aborting." 1>&2 +- exit 1 +- fi +- REALPATH=$(dirname "$readlink_result") +- if [[ -z $REALPATH ]]; then +- echo "dirname $REALPATH failed, aborting." 1>&2 +- exit 1 +- fi +- OPENSSLBIN="${REALPATH}/${opensslbin_name}" +- if ! [[ -x "${OPENSSLBIN}" ]]; then +- OPENSSLBIN="$(which openssl)" # fallback to generic openssl +- fi ++ OPENSSLBIN="@OPENSSLBIN@" + fi + # use custom config file to enable GOST ciphers + if [[ -e $DIRNAMEPATH/openssl.cnf ]]; then diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index 5e06d2f32e29..32cf4f9a4e2c 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -1,24 +1,26 @@ -{ stdenv, fetchFromGitHub, autoreconfHook, gtk2, nssTools, pcsclite +{ stdenv, fetchFromGitHub, autoreconfHook, gtk3, nssTools, pcsclite , pkgconfig }: -let version = "4.1.8"; in -stdenv.mkDerivation { +stdenv.mkDerivation rec { name = "eid-mw-${version}"; + version = "4.1.13"; src = fetchFromGitHub { - sha256 = "1nmw4c2gvbpkrgjxyd2g0lbh85lb2czbgqplqrv69fr6azaddyyk"; + sha256 = "1fkazhw6gs191w789fnp6mwnxrx9p38b3kh5bngb1ir0zhkgghkq"; rev = "v${version}"; repo = "eid-mw"; owner = "Fedict"; }; - buildInputs = [ gtk2 pcsclite ]; + buildInputs = [ gtk3 pcsclite ]; nativeBuildInputs = [ autoreconfHook pkgconfig ]; postPatch = '' sed 's@m4_esyscmd_s(.*,@[${version}],@' -i configure.ac ''; + configureFlags = [ "--enable-dialogs=yes" ]; + enableParallelBuilding = true; doCheck = true; @@ -33,7 +35,6 @@ stdenv.mkDerivation { ''; meta = with stdenv.lib; { - inherit version; description = "Belgian electronic identity card (eID) middleware"; homepage = http://eid.belgium.be/en/using_your_eid/installing_the_eid_software/linux/; license = licenses.lgpl3; diff --git a/pkgs/tools/security/eid-viewer/default.nix b/pkgs/tools/security/eid-viewer/default.nix index c96632537615..d1b29e137df9 100644 --- a/pkgs/tools/security/eid-viewer/default.nix +++ b/pkgs/tools/security/eid-viewer/default.nix @@ -1,16 +1,12 @@ -{ stdenv, fetchurl, jre, makeWrapper, pcsclite }: - -let - # TODO: find out what the version components actually mean, if anything: - major = "4.1.4-v4.1.4"; - minor = "tcm406-270732"; - version = "${major}-${minor}"; -in stdenv.mkDerivation rec { +{ stdenv, fetchurl, makeWrapper, jre, pcsclite }: + +stdenv.mkDerivation rec { name = "eid-viewer-${version}"; + version = "4.1.9"; src = fetchurl { - url = "http://eid.belgium.be/en/binaries/eid-viewer-${major}.src.tar_${minor}.gz"; - sha256 = "06kda45y7c3wvvqby153zcasgz4jibjypv8gvfwvrwvn4ag2z934"; + url = "https://downloads.services.belgium.be/eid/eid-viewer-${version}-v${version}.src.tar.gz"; + sha256 = "0bq9jl4kl97j0dfhz4crcb1wqhn420z5vpg510zadvrmqjhy1x4g"; }; buildInputs = [ jre pcsclite ]; @@ -33,7 +29,6 @@ in stdenv.mkDerivation rec { doCheck = true; meta = with stdenv.lib; { - inherit version; description = "Belgian electronic identity card (eID) viewer"; homepage = http://eid.belgium.be/en/using_your_eid/installing_the_eid_software/linux/; license = licenses.lgpl3; diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index 184f8a59d28c..9443eac01da7 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -1,31 +1,23 @@ -{ stdenv, fetchzip, python, pythonPackages, unzip, systemd, gamin }: +{ stdenv, fetchzip, python, pythonPackages, unzip, gamin }: -let version = "0.9.1"; in +let version = "0.9.3"; in -pythonPackages.buildPythonPackage { +pythonPackages.buildPythonApplication { name = "fail2ban-${version}"; namePrefix = ""; src = fetchzip { name = "fail2ban-${version}-src"; url = "https://github.com/fail2ban/fail2ban/archive/${version}.tar.gz"; - sha256 = "111xvy2gxwn868kn0zy2fmdfa423z6fk57i7wsfrc0l74p1cdvs5"; + sha256 = "1pwgr56i6l6wh2ap8b5vknxgsscfzjqy2nmd1c3vzdii5kf72j0f"; }; buildInputs = [ unzip ]; - pythonPath = (stdenv.lib.optional stdenv.isLinux systemd) - ++ [ python.modules.sqlite3 gamin ]; + propagatedBuildInputs = [ python.modules.sqlite3 gamin ] + ++ (stdenv.lib.optional stdenv.isLinux pythonPackages.systemd); preConfigure = '' - substituteInPlace setup.cfg \ - --replace /usr $out - - substituteInPlace setup.py \ - --replace /usr $out \ - --replace /etc $out/etc \ - --replace /var $TMPDIR/var \ - for i in fail2ban-client fail2ban-regex fail2ban-server; do substituteInPlace $i \ --replace /usr/share/fail2ban $out/share/fail2ban @@ -40,6 +32,18 @@ pythonPackages.buildPythonPackage { doCheck = false; + preInstall = '' + # see https://github.com/NixOS/nixpkgs/issues/4968 + ${python}/bin/${python.executable} setup.py install_data --install-dir=$out --root=$out + ''; + + postInstall = let + sitePackages = "$out/lib/${python.libPrefix}/site-packages"; + in '' + # see https://github.com/NixOS/nixpkgs/issues/4968 + rm -rf ${sitePackages}/etc ${sitePackages}/usr ${sitePackages}/var; + ''; + meta = with stdenv.lib; { homepage = http://www.fail2ban.org/; description = "A program that scans log files for repeated failing login attempts and bans IP addresses"; diff --git a/pkgs/tools/security/gencfsm/default.nix b/pkgs/tools/security/gencfsm/default.nix index ff55411f32a5..fb9030036200 100644 --- a/pkgs/tools/security/gencfsm/default.nix +++ b/pkgs/tools/security/gencfsm/default.nix @@ -2,12 +2,12 @@ , glib , gnome3, gtk3, libgnome_keyring, vala, wrapGAppsHook, xorg }: stdenv.mkDerivation rec { - version = "1.8.15"; + version = "1.8.16"; name = "gnome-encfs-manager-${version}"; src = fetchurl { url = "https://launchpad.net/gencfsm/trunk/1.8/+download/gnome-encfs-manager_${version}.tar.gz"; - sha256 = "1iryli6fgw6a45abkrjacfac7dwjhbrhw652rqf0s183373db0mx"; + sha256 = "06sz6zcmvxkqww5gx4brcqs4hlpy9d8sal9nmw0pdsvh8k5vmpgn"; }; buildInputs = [ autoconf automake intltool libtool pkgconfig vala glib encfs diff --git a/pkgs/tools/security/gnupg/1.nix b/pkgs/tools/security/gnupg/1.nix index d5045806e0c9..8593fe69733a 100644 --- a/pkgs/tools/security/gnupg/1.nix +++ b/pkgs/tools/security/gnupg/1.nix @@ -1,15 +1,13 @@ { stdenv, fetchurl, readline, bzip2 }: stdenv.mkDerivation rec { - name = "gnupg-1.4.19"; + name = "gnupg-1.4.20"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "7f09319d044b0f6ee71fe3587bb873be701723ac0952cff5069046a78de8fd86"; + sha256 = "1k7d6zi0zznqsmcjic0yrgfhqklqz3qgd3yac7wxsa7s6088p604"; }; - patches = [ ./remove-debug-message.patch ]; - buildInputs = [ readline bzip2 ]; doCheck = true; diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix index 36c877620f19..117fc41c1abe 100644 --- a/pkgs/tools/security/gnupg/20.nix +++ b/pkgs/tools/security/gnupg/20.nix @@ -23,7 +23,9 @@ stdenv.mkDerivation rec { = [ readline zlib libgpgerror libgcrypt libassuan libksba pth openldap bzip2 libusb curl libiconv ]; - patchPhase = '' + patches = [ ./gpgkey2ssh-20.patch ]; + + prePatch = '' find tests -type f | xargs sed -e 's@/bin/pwd@${coreutils}&@g' -i '' + stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c @@ -35,6 +37,8 @@ stdenv.mkDerivation rec { configureFlags = optional x11Support "--with-pinentry-pgm=${pinentry}/bin/pinentry"; + postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c"; + checkPhase="GNUPGHOME=`pwd` ./agent/gpg-agent --daemon make check"; doCheck = true; diff --git a/pkgs/tools/security/gnupg/21.nix b/pkgs/tools/security/gnupg/21.nix index 5fbd6e83970c..dc86c6e420ef 100644 --- a/pkgs/tools/security/gnupg/21.nix +++ b/pkgs/tools/security/gnupg/21.nix @@ -13,16 +13,18 @@ with stdenv.lib; assert x11Support -> pinentry != null; stdenv.mkDerivation rec { - name = "gnupg-2.1.9"; + name = "gnupg-2.1.11"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "1dpp555glln6fldk72ad7lkrn8h3cr2bg714z5kfn2qrawx67dqw"; + sha256 = "06mn2viiwsyq991arh5i5fhr9jyxq2bi0jkdj7ndfisxihngpc5p"; }; postPatch = stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c - ''; + ''; #" fix Emacs syntax highlighting :-( + + postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c"; buildInputs = [ pkgconfig libgcrypt libassuan libksba libiconv npth diff --git a/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch b/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch new file mode 100644 index 000000000000..b536a4fe50e3 --- /dev/null +++ b/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch @@ -0,0 +1,14 @@ +diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c +index 903fb5b..d5611dc 100644 +--- a/tools/gpgkey2ssh.c ++++ b/tools/gpgkey2ssh.c +@@ -266,7 +266,7 @@ main (int argc, char **argv) + keyid = argv[1]; + + ret = asprintf (&command, +- "gpg --list-keys --with-colons --with-key-data '%s'", ++ "@out@/bin/gpg2 --list-keys --with-colons --with-key-data '%s'", + keyid); + assert (ret > 0); + + diff --git a/pkgs/tools/security/gnupg/remove-debug-message.patch b/pkgs/tools/security/gnupg/remove-debug-message.patch deleted file mode 100644 index 92fc6f2cfcac..000000000000 --- a/pkgs/tools/security/gnupg/remove-debug-message.patch +++ /dev/null @@ -1,22 +0,0 @@ -commit 936416690e6c889505d84fe96983a66983beae5e -Author: Werner Koch <wk@gnupg.org> -Date: Thu Feb 26 09:38:58 2015 +0100 - - gpg: Remove left-over debug message. - - * g10/armor.c (check_input): Remove log_debug. - -diff --git a/g10/armor.c b/g10/armor.c -index 6c0013d..de1726d 100644 ---- a/g10/armor.c -+++ b/g10/armor.c -@@ -534,9 +534,6 @@ check_input( armor_filter_context_t *afx, IOBUF a ) - /* This is probably input from a keyserver helper and we - have not yet seen an error line. */ - afx->key_failed_code = parse_key_failed_line (line+4, len-4); -- log_debug ("armor-keys-failed (%.*s) ->%d\n", -- (int)len, line, -- afx->key_failed_code); - } - if( i >= 0 && !(afx->only_keyblocks && i != 1 && i != 5 && i != 6 )) { - hdr_line = i; diff --git a/pkgs/tools/security/haka/default.nix b/pkgs/tools/security/haka/default.nix new file mode 100644 index 000000000000..d040aaa6aea8 --- /dev/null +++ b/pkgs/tools/security/haka/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchurl, cmake, swig, wireshark, check, rsync, libpcap, gawk, libedit, pcre }: + +let version = "0.3.0"; in + +stdenv.mkDerivation rec { + name = "haka-${version}"; + + src = fetchurl { + name = "haka_${version}_source.tar.gz"; + url = "https://github.com/haka-security/haka/releases/download/v${version}/haka_${version}_source.tar.gz"; + + # https://github.com/haka-security/haka/releases/download/v${version}/haka_${version}_source.tar.gz.sha1.txt + sha1 = "87625ed32841cc0b3aa92aa49397ce71ce434bc2"; + }; + + preConfigure = '' + sed -i 's,/etc,'$out'/etc,' src/haka/haka.c + sed -i 's,/etc,'$out'/etc,' src/haka/CMakeLists.txt + sed -i 's,/opt/haka/etc,$out/opt/haka/etc,' src/haka/haka.1 + sed -i 's,/etc,'$out'/etc,' doc/user/tool_suite_haka.rst + ''; + + buildInputs = [ cmake swig wireshark check rsync libpcap gawk libedit pcre ]; + + enableParallelBuilding = true; + + meta = { + dscription = "A collection of tools that allows capturing TCP/IP packets and filtering them based on Lua policy files"; + homepage = http://www.haka-security.org/; + license = stdenv.lib.licenses.mpl20; + maintaineres = [ stdenv.lib.maintainers.tvestelind ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/pkgs/tools/security/knockknock/default.nix b/pkgs/tools/security/knockknock/default.nix index 6258f2315904..089dd0de2bda 100644 --- a/pkgs/tools/security/knockknock/default.nix +++ b/pkgs/tools/security/knockknock/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchFromGitHub, buildPythonPackage, python, pycrypto, hping }: +{ stdenv, fetchFromGitHub, buildPythonApplication, python, pycrypto, hping }: -buildPythonPackage rec { +buildPythonApplication rec { rev = "bf14bbff"; name = "knockknock-r${rev}"; diff --git a/pkgs/tools/security/kpcli/default.nix b/pkgs/tools/security/kpcli/default.nix index 58ea52bc4c08..7303db34649d 100644 --- a/pkgs/tools/security/kpcli/default.nix +++ b/pkgs/tools/security/kpcli/default.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { wrapProgram $out/bin/kpcli --set PERL5LIB \ "${with perlPackages; stdenv.lib.makePerlPath [ - Clone CryptRijndael SortNaturally TermReadKey TermShellUI FileKeePass TermReadLineGnu XMLParser + CaptureTiny Clipboard Clone CryptRijndael SortNaturally TermReadKey TermShellUI FileKeePass TermReadLineGnu XMLParser ]}" ''; diff --git a/pkgs/tools/security/lastpass-cli/default.nix b/pkgs/tools/security/lastpass-cli/default.nix index 92c7a027d69f..01495156810b 100644 --- a/pkgs/tools/security/lastpass-cli/default.nix +++ b/pkgs/tools/security/lastpass-cli/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { name = "lastpass-cli-${version}"; - version = "0.5.1"; + version = "0.7.0"; src = fetchFromGitHub { owner = "lastpass"; repo = "lastpass-cli"; rev = "v${version}"; - sha256 = "0k2dbfizd6gwd4s8badm50qg2djrh22szd932l1a96mn79q8zb70"; + sha256 = "18dn4sx173666w6aaqhwcya5x2z3q0fmhg8h76lgdmx8adrhzdzc"; }; buildInputs = [ diff --git a/pkgs/tools/security/logkeys/default.nix b/pkgs/tools/security/logkeys/default.nix index ba875c04e2ba..b856308712f8 100644 --- a/pkgs/tools/security/logkeys/default.nix +++ b/pkgs/tools/security/logkeys/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { name = "logkeys-${version}"; - version = "5ef6b0dcb9e3"; + version = "2015-11-10"; src = fetchgit { url = https://github.com/kernc/logkeys; - rev = "5ef6b0dcb9e38e6137ad1579d624ec12107c56c3"; - sha256 = "02p0l92l0fq069g31ks6xbqavzxa9njj9460vw2jsa7livcn2z9d"; + rev = "78321c6e70f61c1e7e672fa82daa664017c9e69d"; + sha256 = "1b1fa1rblyfsg6avqyls03y0rq0favipn5fha770rsirzg4r637q"; }; buildInputs = [ which procps kbd ]; diff --git a/pkgs/tools/security/mbox/default.nix b/pkgs/tools/security/mbox/default.nix index 732cf7046610..24a7ea51a82c 100644 --- a/pkgs/tools/security/mbox/default.nix +++ b/pkgs/tools/security/mbox/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation { meta = with stdenv.lib; { description = "Lightweight sandboxing mechanism that any user can use without special privileges"; homepage = http://pdos.csail.mit.edu/mbox/; - maintainers = with maintainers; [ emery ]; + maintainers = with maintainers; [ ehmry ]; license = licenses.bsd3; platforms = [ "x86_64-linux" ]; }; diff --git a/pkgs/tools/security/metasploit/3.1.nix b/pkgs/tools/security/metasploit/3.1.nix deleted file mode 100644 index c3aab9b709e3..000000000000 --- a/pkgs/tools/security/metasploit/3.1.nix +++ /dev/null @@ -1,31 +0,0 @@ -args @ { makeWrapper, ... }: with args; -rec { - src = fetchurl { - url = http://www.packetstormsecurity.nl/UNIX/utilities/framework-3.1.tar.gz; - sha256 = "114znq9dfcyh9gcj57p3zsc0d0amlzhwidmg8qjcgxpjh28h1afx"; - }; - - buildInputs = [makeWrapper]; - configureFlags = []; - - doInstall = fullDepEntry('' - mkdir -p $out/share/msf - mkdir -p $out/bin - - cp -r * $out/share/msf - - for i in $out/share/msf/msf*; do - makeWrapper $i $out/bin/$(basename $i) --prefix RUBYLIB : $out/share/msf/lib - done - '') ["minInit" "defEnsureDir" "doUnpack" "addInputs"]; - - /* doConfigure should be specified separately */ - phaseNames = ["doInstall" (doPatchShebangs "$out/share/msf")]; - - name = "metasploit-framework-3.1"; - meta = { - description = "Metasploit Framework - a collection of exploits"; - homepage = "http://framework.metasploit.org/"; - }; -} - diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix new file mode 100644 index 000000000000..7a9dcdb8d89a --- /dev/null +++ b/pkgs/tools/security/metasploit/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchurl, makeWrapper, ruby }: + +stdenv.mkDerivation rec { + name = "metasploit-framework-${version}"; + version = "3.3.1"; + + src = fetchurl { + url = "http://downloads.metasploit.com/data/releases/archive/framework-${version}.tar.bz2"; + sha256 = "07clzw1zfnqjhyydsc4mza238isai58p7aygh653qxsqb9a0j7qw"; + }; + + buildInputs = [makeWrapper]; + + installPhase = '' + mkdir -p $out/share/msf + mkdir -p $out/bin + + cp -r * $out/share/msf + + for i in $out/share/msf/msf*; do + makeWrapper $i $out/bin/$(basename $i) --prefix RUBYLIB : $out/share/msf/lib + done + ''; + + postInstall = '' + patchShebangs $out/share/msf + ''; + + meta = { + description = "Metasploit Framework - a collection of exploits"; + homepage = https://github.com/rapid7/metasploit-framework/wiki; + }; +} diff --git a/pkgs/tools/security/minisign/default.nix b/pkgs/tools/security/minisign/default.nix index 48de14ddce6c..781ca6ca6005 100644 --- a/pkgs/tools/security/minisign/default.nix +++ b/pkgs/tools/security/minisign/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "minisign-${version}"; - version = "0.4"; + version = "0.6"; src = fetchurl { url = "https://github.com/jedisct1/minisign/archive/${version}.tar.gz"; - sha256 = "1k1dk6piaz8pw4b9zg55n4wcpyc301mkxb873njm8mki7r8raxnw"; + sha256 = "029g8ian72fy07k73nf451dw1yggav6crjjc2x6kv4nfpq3pl9pj"; }; buildInputs = [ cmake libsodium ]; diff --git a/pkgs/tools/security/muscleframework/default.nix b/pkgs/tools/security/muscleframework/default.nix deleted file mode 100644 index c1b9dad91ff4..000000000000 --- a/pkgs/tools/security/muscleframework/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -# The tarball has different plugins in it, and as I don't need all of them, -# I only build one of those in this derivation -# This is an arbitrary decision, and this simplicity fit my needs. -# Anyone can extend the extension to build all the plugins, or to make -# different derivations for each plugin. - -{stdenv, fetchurl, libmusclecard, pkgconfig, pcsclite}: -stdenv.mkDerivation { - name = "muscleframework-mcardplugin-1.1.7"; - - src = fetchurl { - url = https://alioth.debian.org/frs/download.php/3056/muscleframework-1.1.7.tar.gz; - sha256 = "081sq25fa3k1gz0asq2995krx7pzxbfq5vx1ahsd5sbmwnplv94v"; - }; - - preConfigure = '' - cd MCardPlugin - configureFlags="$configureFlags --enable-muscledropdir=$out/pcsc/services" - ''; - - buildInputs = [ libmusclecard pkgconfig pcsclite]; - - meta = with stdenv.lib; { - description = "MUSCLE smart card framework - mcard plugin"; - homepage = http://muscleplugins.alioth.debian.org/; - license = licenses.bsd3; - maintainers = with maintainers; [viric]; - # XXX: don't build before libmusclecard is fixed - # platforms = with stdenv.lib.platforms; linux; - }; -} diff --git a/pkgs/tools/security/muscletool/default.nix b/pkgs/tools/security/muscletool/default.nix deleted file mode 100644 index 34f75609e4ff..000000000000 --- a/pkgs/tools/security/muscletool/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{stdenv, fetchurl, libmusclecard, pcsclite, pkgconfig }: -stdenv.mkDerivation { - name = "muscletool-2.1.1"; - - src = fetchurl { - url = https://alioth.debian.org/frs/download.php/3180/muscletool-2.1.1.tar.bz2; - sha256 = "11d812ijvhsaxwkr05hzxfl0n6ji9hwl5j1kv56f9gv8kyy3b9kw"; - }; - - buildInputs = [ libmusclecard pcsclite pkgconfig ]; - - meta = with stdenv.lib; { - description = "Smart card applications for use with MUSCLE plugins"; - homepage = http://muscleapps.alioth.debian.org/; - license = licenses.bsd3; - maintainers = with maintainers; [viric]; - # XXX: don't build before libmusclecard is fixed - # platforms = with stdenv.lib.platforms; linux; - }; -} diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index faba4037d3dd..351654b60326 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -13,11 +13,11 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; - version = "6.49BETA4"; + version = "7.01"; src = fetchurl { url = "http://nmap.org/dist/nmap-${version}.tar.bz2"; - sha256 = "042fg73w7596b3h6ha9y62ckc0hd352zv1shwip3dx14v5igrsna"; + sha256 = "01bpc820fmjl1vd08a3j9fpa84psaa7c3cxc8wpzabms8ckcs7yg"; }; patches = ./zenmap.patch; diff --git a/pkgs/tools/security/opensc-dnie-wrapper/default.nix b/pkgs/tools/security/opensc-dnie-wrapper/default.nix deleted file mode 100644 index 8003073159a9..000000000000 --- a/pkgs/tools/security/opensc-dnie-wrapper/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{stdenv, makeWrapper, ed, libopensc_dnie}: - -let - opensc = libopensc_dnie.opensc; -in -stdenv.mkDerivation rec { - name = "${opensc.name}-dnie-wrapper"; - - buildInputs = [ makeWrapper ]; - - phases = [ "installPhase" ]; - - installPhase = '' - mkdir -p $out/etc - cp ${opensc}/etc/opensc.conf $out/etc - chmod +w $out/etc/opensc.conf - - # NOTE: The libopensc-dnie.so driver requires /usr/bin/pinentry available, to sign - - ${ed}/bin/ed $out/etc/opensc.conf << EOF - /card_drivers - a - card_drivers = dnie; - card_driver dnie { - module = ${libopensc_dnie}/lib/libopensc-dnie.so; - } - . - w - q - EOF - - # Disable pkcs15 file caching, otherwise the card does not work - sed -i 's/use_caching = true/use_caching = false/' $out/etc/opensc.conf - - for a in ${opensc}/bin/*; do - makeWrapper $a $out/bin/`basename $a` \ - --set OPENSC_CONF $out/etc/opensc.conf - done - - # Special wrapper for pkcs11-tool, which needs an additional parameter - rm $out/bin/pkcs11-tool - makeWrapper ${opensc}/bin/pkcs11-tool $out/bin/pkcs11-tool \ - --set OPENSC_CONF $out/etc/opensc.conf \ - --add-flags "--module ${opensc}/lib/opensc-pkcs11.so" - - # Add, as bonus, a wrapper for the firefox in the PATH, that loads the - # proper opensc configuration. - cat > $out/bin/firefox-dnie << EOF - #!${stdenv.shell} - export OPENSC_CONF=$out/etc/opensc.conf - exec firefox - EOF - chmod +x $out/bin/firefox-dnie - ''; - - meta = { - description = "Access to the opensc tools and firefox using the Spanish national ID SmartCard"; - longDescription = '' - Opensc needs a special configuration and special drivers to use the SmartCard - the Spanish government provides to the citizens as ID card. - Some wrapper scripts take care for the proper opensc configuration to be used, in order - to access the certificates in the SmartCard through the opensc tools or firefox. - Opensc will require a pcscd daemon running, managing the access to the card reader. - ''; - maintainers = with stdenv.lib.maintainers; [viric]; - }; -} diff --git a/pkgs/tools/security/pamtester/default.nix b/pkgs/tools/security/pamtester/default.nix new file mode 100644 index 000000000000..cdafed534085 --- /dev/null +++ b/pkgs/tools/security/pamtester/default.nix @@ -0,0 +1,20 @@ +{ stdenv, fetchurl, pam }: + +stdenv.mkDerivation rec { + name = "pamtester-0.1.2"; + + src = fetchurl { + url = "mirror://sourceforge/pamtester/${name}.tar.gz"; + sha256 = "1mdj1wj0adcnx354fs17928yn2xfr1hj5mfraq282dagi873sqw3"; + }; + + buildInputs = [ pam ]; + + meta = with stdenv.lib; { + description = "Utility program to test the PAM facility."; + homepage = http://pamtester.sourceforge.net/; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 3315683967cc..56e20726793d 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -19,13 +19,15 @@ stdenv.mkDerivation rec { sha256 = "05bk3lrp5jwg0v338lvylp7glpliydzz4jf5pjr6k3kagrv3jyik"; }; - patches = if stdenv.isDarwin then [ ./no-darwin-getopt.patch ] else null; + patches = + [ ./program-name.patch ] ++ + stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; buildInputs = [ makeWrapper ]; meta = with stdenv.lib; { description = "Stores, retrieves, generates, and synchronizes passwords securely"; - homepage = http://zx2c4.com/projects/password-store/; + homepage = http://www.passwordstore.org/; license = licenses.gpl2Plus; maintainers = with maintainers; [ lovek323 the-kenny ]; platforms = platforms.unix; diff --git a/pkgs/tools/security/pass/program-name.patch b/pkgs/tools/security/pass/program-name.patch new file mode 100644 index 000000000000..db01942f638d --- /dev/null +++ b/pkgs/tools/security/pass/program-name.patch @@ -0,0 +1,13 @@ +diff --git a/src/password-store.sh b/src/password-store.sh +index 6313384..6607a98 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -573,7 +573,7 @@ cmd_git() { + # END subcommand functions + # + +-PROGRAM="${0##*/}" ++PROGRAM="pass" + COMMAND="$1" + + case "$1" in diff --git a/pkgs/tools/security/pass/rofi-pass.nix b/pkgs/tools/security/pass/rofi-pass.nix new file mode 100644 index 000000000000..94dca5dca680 --- /dev/null +++ b/pkgs/tools/security/pass/rofi-pass.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchgit +, pass, rofi, coreutils, utillinux, xdotool, gnugrep, pwgen, findutils +, makeWrapper }: + +stdenv.mkDerivation rec { + name = "rofi-pass-${version}"; + version = "1.3.1"; + + src = fetchgit { + url = "https://github.com/carnager/rofi-pass"; + rev = "refs/tags/${version}"; + sha256 = "1r206fq96avhlgkf2fzf8j2a25dav0s945qv66hwvqwhxq74frrv"; + }; + + buildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin + cp -a $src/rofi-pass $out/bin/rofi-pass + + mkdir -p $out/share/doc/rofi-pass/ + cp -a $src/config.example $out/share/doc/rofi-pass/config.example + ''; + + wrapperPath = with stdenv.lib; makeSearchPath "bin/" [ + coreutils + findutils + gnugrep + pass + pwgen + rofi + utillinux + xdotool + ]; + + fixupPhase = '' + patchShebangs $out/bin + + wrapProgram $out/bin/rofi-pass \ + --prefix PATH : "${wrapperPath}" + ''; + + meta = { + description = "A script to make rofi work with password-store"; + homepage = https://github.com/carnager/rofi-pass; + maintainers = with stdenv.lib.maintainers; [ hiberno the-kenny ]; + license = stdenv.lib.licenses.gpl3; + }; +} diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index 4c96c947f57a..41c106854351 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -11,18 +11,18 @@ stdenv.mkDerivation rec { configureFlags = [ # The OS should care on preparing the drivers into this location "--enable-usbdropdir=/var/lib/pcsc/drivers" - "--with-systemdsystemunitdir=\${out}/etc/systemd/system" "--enable-confdir=/etc" - ]; + ] ++ stdenv.lib.optional stdenv.isLinux + "--with-systemdsystemunitdir=\${out}/etc/systemd/system"; nativeBuildInputs = [ pkgconfig perl python2 ]; - buildInputs = [ udev dbus_libs ]; + buildInputs = stdenv.lib.optionals stdenv.isLinux [ udev dbus_libs ]; meta = with stdenv.lib; { description = "Middleware to access a smart card using SCard API (PC/SC)"; homepage = http://pcsclite.alioth.debian.org/; license = licenses.bsd3; maintainers = with maintainers; [ viric wkennington ]; - platforms = platforms.linux; + platforms = with platforms; unix; }; } diff --git a/pkgs/tools/security/pinentry-mac/default.nix b/pkgs/tools/security/pinentry-mac/default.nix new file mode 100644 index 000000000000..faf8c613ea83 --- /dev/null +++ b/pkgs/tools/security/pinentry-mac/default.nix @@ -0,0 +1,26 @@ +{ fetchurl, stdenv }: + +stdenv.mkDerivation rec { + name = "pinentry-mac-0.9.4"; + + src = fetchurl { + url = "https://github.com/GPGTools/pinentry-mac/archive/v0.9.4.tar.gz"; + sha256 = "037ebb010377d3a3879ae2a832cefc4513f5c397d7d887d7b86b4e5d9a628271"; + }; + + postPatch = '' + substituteInPlace ./Makefile --replace "xcodebuild" "/usr/bin/xcodebuild" + ''; + + installPhase = '' + mkdir -p $out/Applications + mv build/Release/pinentry-mac.app $out/Applications + ''; + + meta = { + description = "Pinentry for GPG on Mac"; + license = stdenv.lib.licenses.gpl2Plus; + homepage = "https://github.com/GPGTools/pinentry-mac"; + platforms = stdenv.lib.platforms.darwin; + }; +} diff --git a/pkgs/tools/security/pinentry/default.nix b/pkgs/tools/security/pinentry/default.nix index 30d717c7bc11..97e66a250d7c 100644 --- a/pkgs/tools/security/pinentry/default.nix +++ b/pkgs/tools/security/pinentry/default.nix @@ -10,11 +10,11 @@ let in with stdenv.lib; stdenv.mkDerivation rec { - name = "pinentry-0.9.5"; + name = "pinentry-0.9.7"; src = fetchurl { url = "mirror://gnupg/pinentry/${name}.tar.bz2"; - sha256 = "1338hj1h3sh34897120y30x12b64wyj3xjzzk5asm2hdzhxgsmva"; + sha256 = "1cp7wjqr6nx31mdclr61s2h84ijqjl0ph99kgj4vyawpjj1j1633"; }; buildInputs = [ libgpgerror libassuan libcap gtk2 ncurses qt4 ]; diff --git a/pkgs/tools/security/pinentry/qt5.nix b/pkgs/tools/security/pinentry/qt5.nix new file mode 100644 index 000000000000..d0811cdd11af --- /dev/null +++ b/pkgs/tools/security/pinentry/qt5.nix @@ -0,0 +1,47 @@ +{ fetchurl, stdenv, pkgconfig +, libgpgerror, libassuan +, qtbase +, libcap ? null +}: + +let + mkFlag = pfxTrue: pfxFalse: cond: name: "--${if cond then pfxTrue else pfxFalse}-${name}"; + mkEnable = mkFlag "enable" "disable"; + mkWith = mkFlag "with" "without"; +in +with stdenv.lib; +stdenv.mkDerivation rec { + name = "pinentry-0.9.6"; + + src = fetchurl { + url = "mirror://gnupg/pinentry/${name}.tar.bz2"; + sha256 = "0rhyw1vk28kgasjp22myf7m2q8kycw82d65pr9kgh93z17lj849a"; + }; + + buildInputs = [ libgpgerror libassuan libcap qtbase ]; + + # configure cannot find moc on its own + preConfigure = '' + export QTDIR="${qtbase}" + export MOC="${qtbase}/bin/moc" + ''; + + configureFlags = [ + (mkWith (libcap != null) "libcap") + (mkEnable true "pinentry-qt") + ]; + + nativeBuildInputs = [ pkgconfig ]; + + meta = { + homepage = "http://gnupg.org/aegypten2/"; + description = "GnuPG's interface to passphrase input"; + license = stdenv.lib.licenses.gpl2Plus; + platforms = stdenv.lib.platforms.all; + longDescription = '' + Pinentry provides a console and (optional) GTK+ and Qt GUIs allowing users + to enter a passphrase when `gpg' or `gpg2' is run and needs it. + ''; + maintainers = [ stdenv.lib.maintainers.ttuegel ]; + }; +} diff --git a/pkgs/tools/security/polkit-gnome/default.nix b/pkgs/tools/security/polkit-gnome/default.nix index c06aac204a1c..38d47e742a29 100644 --- a/pkgs/tools/security/polkit-gnome/default.nix +++ b/pkgs/tools/security/polkit-gnome/default.nix @@ -1,17 +1,20 @@ { stdenv, fetchurl, polkit, gtk3, pkgconfig, intltool }: -stdenv.mkDerivation { - name = "polkit-gnome-0.105"; +let + version = "0.105"; + +in stdenv.mkDerivation rec { + name = "polkit-gnome-${version}"; src = fetchurl { - url = mirror://gnome/sources/polkit-gnome/0.105/polkit-gnome-0.105.tar.xz; + url = "mirror://gnome/sources/polkit-gnome/${version}/${name}.tar.xz"; sha256 = "0sckmcbxyj6sbrnfc5p5lnw27ccghsid6v6wxq09mgxqcd4lk10p"; }; buildInputs = [ polkit gtk3 ]; nativeBuildInputs = [ pkgconfig intltool ]; - configureFlags = "--disable-introspection"; + configureFlags = [ "--disable-introspection" ]; # Desktop file from Debian postInstall = '' @@ -24,5 +27,6 @@ stdenv.mkDerivation { description = "A dbus session bus service that is used to bring up authentication dialogs"; license = stdenv.lib.licenses.gpl2; maintainers = with stdenv.lib.maintainers; [ urkud phreedom ]; + platforms = stdenv.lib.platforms.linux; }; } diff --git a/pkgs/tools/security/radamsa/default.nix b/pkgs/tools/security/radamsa/default.nix new file mode 100644 index 000000000000..4a770f86e5cb --- /dev/null +++ b/pkgs/tools/security/radamsa/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "radamsa-${version}"; + version = "0.4"; + + src = fetchurl { + url = "http://haltp.org/download/${name}.tar.gz"; + sha256 = "1xs9dsrq6qrf104yi9x21scpr73crfikbi8q9njimiw5c1y6alrv"; + }; + + patchPhase = '' + substituteInPlace ./tests/bd.sh \ + --replace "/bin/echo" echo + substituteInPlace ./Makefile \ + --replace "PREFIX=/usr" "PREFIX=$out" \ + --replace "BINDIR=/bin" "BINDIR=" + ''; + + meta = { + description = "A general purpose fuzzer"; + longDescription = "Radamsa is a general purpose data fuzzer. It reads data from given sample files, or standard input if none are given, and outputs modified data. It is usually used to generate malformed data for testing programs."; + homepage = http://github.com/aoh/radamsa; + maintainers = [ stdenv.lib.maintainers.markWot ]; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/pkgs/tools/security/rarcrack/default.nix b/pkgs/tools/security/rarcrack/default.nix new file mode 100644 index 000000000000..3491feccc45c --- /dev/null +++ b/pkgs/tools/security/rarcrack/default.nix @@ -0,0 +1,39 @@ +{stdenv, fetchFromGitHub, libxml2, file, p7zip, unrar, unzip}: + +stdenv.mkDerivation rec { + name = "rarcrack-${version}"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "jaredsburrows"; + repo = "Rarcrack"; + rev = "35ead64cd2b967eec3e3e3a4c328b89b11ff32a0"; + sha256 = "134fq84896w5vp8vg4qg0ybpb466njibigyd7bqqm1xydr07qrgn"; + }; + + buildInputs = [ libxml2 file p7zip unrar unzip ]; + buildFlags = if stdenv.cc.isClang then [ "CC=clang" ] else null; + installFlags = "PREFIX=\${out}"; + + patchPhase = '' + substituteInPlace rarcrack.c --replace "file -i" "${file}/bin/file -i" + ''; + + preInstall = '' + mkdir -p $out/bin + ''; + + meta = with stdenv.lib; { + description = "This program can crack zip,7z and rar file passwords"; + longDescription = '' + If you forget your password for compressed archive (rar, 7z, zip), this program is the solution. + This program uses bruteforce algorithm to find correct password. You can specify wich characters will be used in password generations. + Warning: Please don't use this program for any illegal things! + ''; + homepage = https://github.com/jaredsburrows/Rarcrack; + license = licenses.gpl2; + maintainers = with maintainers; [ davidak ]; + platforms = with platforms; unix; + }; +} + diff --git a/pkgs/tools/security/signing-party/default.nix b/pkgs/tools/security/signing-party/default.nix index 21e0bb4c4a97..dfd5cd6c7d7c 100644 --- a/pkgs/tools/security/signing-party/default.nix +++ b/pkgs/tools/security/signing-party/default.nix @@ -1,12 +1,12 @@ {stdenv, fetchurl, gnupg, perl, automake111x, autoconf}: stdenv.mkDerivation rec { - version = "2.0"; + version = "2.1"; basename = "signing-party"; name = "${basename}-${version}"; src = fetchurl { url = "mirror://debian/pool/main/s/${basename}/${basename}_${version}.orig.tar.gz"; - sha256 = "0vn15sb2yyzd57xdblw48p5hi6fnpvgy83mqyz5ygph65y5y88yc"; + sha256 = "0pcni3mf92503bqknwlsvv1f5gz23dmzwas2j8g2fk7afjd891ya"; }; sourceRoot = "."; diff --git a/pkgs/tools/security/sshuttle/default.nix b/pkgs/tools/security/sshuttle/default.nix index e085bfaaa91a..b78eb43782ed 100644 --- a/pkgs/tools/security/sshuttle/default.nix +++ b/pkgs/tools/security/sshuttle/default.nix @@ -1,59 +1,32 @@ -{ stdenv, fetchFromGitHub, fetchpatch, makeWrapper, pandoc -, coreutils, iptables, nettools, openssh, procps, pythonPackages }: +{ stdenv, pythonPackages, fetchurl, makeWrapper, pandoc +, coreutils, iptables, nettools, openssh, procps }: -let version = "0.71"; in -stdenv.mkDerivation rec { +pythonPackages.buildPythonApplication rec { name = "sshuttle-${version}"; + version = "0.76"; - src = fetchFromGitHub { - sha256 = "0yr8nih97jg6azfj3k7064lfbh3g36l6vwyjlngl4ph6mgcki1cm"; - rev = name; - repo = "sshuttle"; - owner = "sshuttle"; + src = fetchurl { + sha256 = "1q0hr0vhdvv23cw5dqndsmf61283mvs6b14662ci00xj6zp5v48b"; + url = "https://pypi.python.org/packages/source/s/sshuttle/${name}.tar.gz"; }; - patches = [ - (fetchpatch { - sha256 = "1yrjyvdz6k6zk020dmbagf8w49w8vhfbzgfpsq9jqdh2hbykv3m3"; - url = https://github.com/sshuttle/sshuttle/commit/3cf5002b62650c26a50e18af8d8c5c91d754bab9.patch; - }) - (fetchpatch { - sha256 = "091gg28cnmx200q46bcnxpp9ih9p5qlq0r3bxfm0f4qalg8rmp2g"; - url = https://github.com/sshuttle/sshuttle/commit/d70b5f2b89e593506834cf8ea10785d96c801dfc.patch; - }) - (fetchpatch { - sha256 = "17l9h8clqlbyxdkssavxqpb902j7b3yabrrdalybfpkhj69x8ghk"; - url = https://github.com/sshuttle/sshuttle/commit/a38963301e9c29fbe3232f0a41ea080b642c5ad2.patch; - }) - ]; + patches = [ ./sudo.patch ]; - nativeBuildInputs = [ makeWrapper pandoc ]; + propagatedBuildInputs = with pythonPackages; [ PyXAPI mock pytest ]; + nativeBuildInputs = [ makeWrapper pandoc pythonPackages.setuptools_scm ]; buildInputs = - [ coreutils iptables nettools openssh procps pythonPackages.python ]; - pythonPaths = with pythonPackages; [ PyXAPI ]; + [ coreutils openssh ] ++ + stdenv.lib.optionals stdenv.isLinux [ iptables nettools procps ]; - preConfigure = '' - cd src - ''; - - installPhase = let + postInstall = let mapPath = f: x: stdenv.lib.concatStringsSep ":" (map f x); in '' - mkdir -p $out/share/sshuttle - cp -R sshuttle *.py compat $out/share/sshuttle - - mkdir -p $out/bin - ln -s $out/share/sshuttle/sshuttle $out/bin - wrapProgram $out/bin/sshuttle \ - --prefix PATH : "${mapPath (x: "${x}/bin") buildInputs}" \ - --prefix PYTHONPATH : "${mapPath (x: "$(toPythonPath ${x})") pythonPaths}" - - install -Dm644 sshuttle.8 $out/share/man/man8/sshuttle.8 + wrapProgram $out/bin/sshuttle \ + --prefix PATH : "${mapPath (x: "${x}/bin") buildInputs}" \ ''; meta = with stdenv.lib; { - inherit version; - inherit (src.meta) homepage; + homepage = https://github.com/sshuttle/sshuttle/; description = "Transparent proxy server that works as a poor man's VPN"; longDescription = '' Forward connections over SSH, without requiring administrator access to the diff --git a/pkgs/tools/security/sshuttle/sudo.patch b/pkgs/tools/security/sshuttle/sudo.patch new file mode 100644 index 000000000000..761bfaef8525 --- /dev/null +++ b/pkgs/tools/security/sshuttle/sudo.patch @@ -0,0 +1,13 @@ +diff --git a/sshuttle/client.py b/sshuttle/client.py +index 7a7b6d7..8dde615 100644 +--- a/sshuttle/client.py ++++ b/sshuttle/client.py +@@ -158,7 +158,7 @@ class FirewallClient: + def __init__(self, method_name): + self.auto_nets = [] + python_path = os.path.dirname(os.path.dirname(__file__)) +- argvbase = ([sys.executable, sys.argv[0]] + ++ argvbase = ([sys.argv[0]] + + ['-v'] * (helpers.verbose or 0) + + ['--method', method_name] + + ['--firewall']) diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index 34e1731778f5..df8024e040e3 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -4,14 +4,14 @@ }: stdenv.mkDerivation rec { - name = "sudo-1.8.14p3"; + name = "sudo-1.8.15"; src = fetchurl { urls = [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" ]; - sha256 = "0dqj1bq2jr4jxqfrd5yg0i42a6268scd0l28jic9118kn75rg9m8"; + sha256 = "0263gi6i19fyzzc488n0qw3m518i39f6a7qmrfvahk9j10bkh5j3"; }; configureFlags = [ @@ -20,6 +20,7 @@ stdenv.mkDerivation rec { "--with-rundir=/run/sudo" "--with-vardir=/var/db/sudo" "--with-logpath=/var/log/sudo.log" + "--with-iologdir=/var/log/sudo-io" "--with-sendmail=${sendmailPath}" ] ++ stdenv.lib.optional withInsults [ "--with-insults" diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 525259bdb029..7ff1cd9cca56 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -1,17 +1,18 @@ { stdenv, fetchurl, libevent, openssl, zlib, torsocks, libseccomp }: stdenv.mkDerivation rec { - name = "tor-0.2.6.10"; + name = "tor-0.2.7.6"; src = fetchurl { url = "https://archive.torproject.org/tor-package-archive/${name}.tar.gz"; - sha256 = "0542c0efe43b86619337862fa7eb02c7a74cb23a79d587090628a5f0f1224b8d"; + sha256 = "0p8hjlfi8dwghlyjif5s0q98cmpgz9kn9jja25430l04z5wqcfj9"; }; # Note: torsocks is specified as a dependency, as the distributed # 'torify' wrapper attempts to use it; although there is no # ./configure time check for any of this. - buildInputs = [ libevent openssl zlib torsocks libseccomp ]; + buildInputs = [ libevent openssl zlib torsocks ] ++ + stdenv.lib.optional stdenv.isLinux libseccomp; NIX_CFLAGS_LINK = stdenv.lib.optionalString stdenv.cc.isGNU "-lgcc_s"; diff --git a/pkgs/tools/security/tor/torbrowser.nix b/pkgs/tools/security/tor/torbrowser.nix index 3ff4ce724b80..dfde2b57aa69 100644 --- a/pkgs/tools/security/tor/torbrowser.nix +++ b/pkgs/tools/security/tor/torbrowser.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, buildEnv +{ stdenv, fetchurl, buildEnv, makeDesktopItem , xorg, alsaLib, dbus, dbus_glib, glib, gtk, atk, pango, freetype, fontconfig , gdk_pixbuf, cairo, zlib}: let @@ -16,13 +16,23 @@ let in stdenv.mkDerivation rec { name = "tor-browser-${version}"; - version = "5.0.4"; + version = "5.5.2"; src = fetchurl { url = "https://archive.torproject.org/tor-package-archive/torbrowser/${version}/tor-browser-linux${if stdenv.is64bit then "64" else "32"}-${version}_en-US.tar.xz"; sha256 = if stdenv.is64bit then - "03vn1wkkpgr6wzd6iiyqs7zv7yxl9q99j755n8l2579bd10w1xcn" else - "1yc13cykr4fafz6r8hnjccl0s33sk297c779cknbdbhj3z3yn163"; + "1zb5fssy9c37cb0ab083f2jifw47wnck32nc6zpijmqm059yccxc" else + "1gjc6prx3n769nj4gzhfjrb2qpw3ypvsb3pp0a130db1ssgnzqqr"; + }; + + desktopItem = makeDesktopItem { + name = "torbrowser"; + exec = "tor-browser"; + icon = "torbrowser"; + desktopName = "Tor Browser"; + genericName = "Tor Browser"; + comment = meta.description; + categories = "Network;WebBrowser;Security;"; }; patchPhase = '' @@ -46,25 +56,31 @@ in stdenv.mkDerivation rec { cp -R * $out/share/tor-browser cat > "$out/bin/tor-browser" << EOF - export HOME="\$HOME/.torbrowser4" - if [ ! -d \$HOME ]; then - mkdir -p \$HOME && cp -R $out/share/tor-browser/Browser/TorBrowser/Data \$HOME/ && chmod -R +w \$HOME - echo "pref(\"extensions.torlauncher.tordatadir_path\", \"\$HOME/Data/Tor/\");" >> \ - ~/Data/Browser/profile.default/preferences/extension-overrides.js - fi - export LD_LIBRARY_PATH=${ldLibraryPath}:$out/share/tor-browser/Browser/TorBrowser/Tor - $out/share/tor-browser/Browser/firefox -no-remote -profile ~/Data/Browser/profile.default "$@" + #!${stdenv.shell} + export HOME="\$HOME/.torbrowser4" + if [ ! -d \$HOME ]; then + mkdir -p \$HOME && cp -R $out/share/tor-browser/Browser/TorBrowser/Data \$HOME/ && chmod -R +w \$HOME + echo "pref(\"extensions.torlauncher.tordatadir_path\", \"\$HOME/Data/Tor/\");" >> \ + ~/Data/Browser/profile.default/preferences/extension-overrides.js + fi + export LD_LIBRARY_PATH=${ldLibraryPath}:$out/share/tor-browser/Browser/TorBrowser/Tor + $out/share/tor-browser/Browser/firefox -no-remote -profile ~/Data/Browser/profile.default "$@" EOF chmod +x $out/bin/tor-browser + + mkdir -p $out/share/applications + cp $desktopItem/share/applications"/"* $out/share/applications + + mkdir -p $out/share/pixmaps + cp Browser/browser/icons/mozicon128.png $out/share/pixmaps/torbrowser.png ''; buildInputs = [ stdenv ]; - meta = { + meta = with stdenv.lib; { description = "Tor Browser Bundle"; homepage = https://www.torproject.org/; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; - [ offline matejc doublec thoughtpolice ]; + platforms = platforms.linux; + maintainers = with maintainers; [ offline matejc doublec thoughtpolice ]; }; } diff --git a/pkgs/tools/security/volatility/default.nix b/pkgs/tools/security/volatility/default.nix index 6aa3a9d5ea11..bed7d5369579 100644 --- a/pkgs/tools/security/volatility/default.nix +++ b/pkgs/tools/security/volatility/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchurl, buildPythonPackage, pycrypto }: +{ stdenv, fetchurl, buildPythonApplication, pycrypto }: -buildPythonPackage rec { +buildPythonApplication rec { namePrefix = ""; name = "volatility-2.4"; |