diff options
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/aide/default.nix | 27 | ||||
-rw-r--r-- | pkgs/tools/security/opencryptoki/default.nix | 38 | ||||
-rw-r--r-- | pkgs/tools/security/simple-tpm-pk11/default.nix | 27 | ||||
-rw-r--r-- | pkgs/tools/security/tpm-tools/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/wipe/default.nix | 21 | ||||
-rw-r--r-- | pkgs/tools/security/wipe/fix-install.patch | 18 |
6 files changed, 133 insertions, 2 deletions
diff --git a/pkgs/tools/security/aide/default.nix b/pkgs/tools/security/aide/default.nix new file mode 100644 index 000000000000..c1b6fe197a15 --- /dev/null +++ b/pkgs/tools/security/aide/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchurl, flex, bison, libmhash, zlib, acl, attr, libselinux }: +stdenv.mkDerivation rec { + name = "aide-${version}"; + version = "0.16a2"; + + src = fetchurl { + url = "mirror://sourceforge/aide/devel/0.16a2/aide-${version}.tar.gz"; + sha256 = "11qvp6l2x4ajq9485lmg722gfdikh8r2wqfw17m0jm68df0m295m"; + }; + + buildInputs = [ flex bison libmhash zlib acl attr libselinux ]; + + + configureFlags = [ + "--with-posix-acl" + "--with-selinux" + "--with-xattr" + ]; + + meta = with stdenv.lib; { + homepage = "http://aide.sourceforge.net/"; + description = "Advanced Intrusion Detection Environment (AIDE) is a file and directory integrity checker"; + license = licenses.free; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/opencryptoki/default.nix b/pkgs/tools/security/opencryptoki/default.nix new file mode 100644 index 000000000000..9ea9c2f4892b --- /dev/null +++ b/pkgs/tools/security/opencryptoki/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchurl, openssl, trousers, automake, autoconf, libtool, bison, flex }: + +stdenv.mkDerivation rec { + version = "3.2"; + name = "opencryptoki-${version}"; + + src = fetchurl { + url = "mirror://sourceforge/opencryptoki/opencryptoki/v${version}/opencryptoki-v${version}.tgz"; + sha256 = "06r6zp299vxdspl6k65myzgjv0bihg7kc500v7s4jd3mcrkngd6h"; + }; + + buildInputs = [ automake autoconf libtool openssl trousers bison flex ]; + + preConfigure = '' + substituteInPlace configure.in --replace "chown" "true" + substituteInPlace configure.in --replace "chgrp" "true" + sh bootstrap.sh --prefix=$out + ''; + + configureFlags = [ "--disable-ccatok" "--disable-icatok" ]; + + makeFlags = "DESTDIR=$(out)"; + + # work around the build script of opencryptoki + postInstall = '' + cp -r $out/$out/* $out + rm -r $out/nix + ''; + + meta = with stdenv.lib; { + description = "PKCS#11 implementation for Linux"; + homepage = http://opencryptoki.sourceforge.net/; + license = licenses.cpl10; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.unix; + }; +} + diff --git a/pkgs/tools/security/simple-tpm-pk11/default.nix b/pkgs/tools/security/simple-tpm-pk11/default.nix new file mode 100644 index 000000000000..811618d66028 --- /dev/null +++ b/pkgs/tools/security/simple-tpm-pk11/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchgit, trousers, openssl, opencryptoki, automake, autoconf, libtool }: + +stdenv.mkDerivation rec { + name = "simple-tpm-pk11-2014-09-25"; + + src = fetchgit { + url = "https://github.com/ThomasHabets/simple-tpm-pk11"; + rev = "f26f10e11344560ff6e1479e6795dc0e5dc49a26"; + sha256 = "8c9501ceed0557113ce3facf7b22b8baf6f32ebb092008c089b80334ed03cec9"; + }; + + buildInputs = [ trousers openssl opencryptoki automake autoconf libtool ]; + + preConfigure = "sh bootstrap.sh"; + + meta = with stdenv.lib; { + description = "Simple PKCS11 provider for TPM chips"; + longDescription = '' + A simple library for using the TPM chip to secure SSH keys. + ''; + homepage = https://github.com/ThomasHabets/simple-tpm-pk11; + license = stdenv.lib.licenses.asl20; + maintainers = with stdenv.lib; [ maintainers.tstrobel ]; + platforms = platforms.unix; + }; +} + diff --git a/pkgs/tools/security/tpm-tools/default.nix b/pkgs/tools/security/tpm-tools/default.nix index 6e7ff75a6a48..a17bff9e32c8 100644 --- a/pkgs/tools/security/tpm-tools/default.nix +++ b/pkgs/tools/security/tpm-tools/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, trousers, openssl }: +{ stdenv, fetchurl, trousers, openssl, opencryptoki }: let version = "1.3.8"; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "10za1gi89vi9m2lmm7jfzs281h55x1sbbm2bdgdh692ljpq4zsv6"; }; - buildInputs = [ trousers openssl ]; + buildInputs = [ trousers openssl opencryptoki ]; meta = with stdenv.lib; { description = "Management tools for TPM hardware"; diff --git a/pkgs/tools/security/wipe/default.nix b/pkgs/tools/security/wipe/default.nix new file mode 100644 index 000000000000..a7c337dc1222 --- /dev/null +++ b/pkgs/tools/security/wipe/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "wipe-${version}"; + version = "2.3.1"; + + src = fetchurl { + url = "mirror://sourceforge/wipe/${version}/${name}.tar.bz2"; + sha256 = "180snqvh6k6il6prb19fncflf2jcvkihlb4w84sbndcv1wvicfa6"; + }; + + patches = [ ./fix-install.patch ]; + + meta = with stdenv.lib; { + description = "Secure file wiping utility"; + homepage = http://wipe.sourceforge.net/; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = [ maintainers.abbradar ]; + }; +} diff --git a/pkgs/tools/security/wipe/fix-install.patch b/pkgs/tools/security/wipe/fix-install.patch new file mode 100644 index 000000000000..2df3a1eec6a0 --- /dev/null +++ b/pkgs/tools/security/wipe/fix-install.patch @@ -0,0 +1,18 @@ +diff -ru3 wipe-2.3.1/Makefile.in wipe-2.3.1-new/Makefile.in +--- wipe-2.3.1/Makefile.in 2009-11-02 00:11:30.000000000 +0300 ++++ wipe-2.3.1-new/Makefile.in 2014-10-18 02:51:10.088966232 +0400 +@@ -60,12 +60,12 @@ + $(INSTALL_BIN) -d $(bindir) + $(INSTALL_BIN) -s $(BIN_OUT) $(bindir) + $(INSTALL) -d $(mandir)/man1 +- $(INSTALL) -o root -m 0644 wipe.1 $(mandir)/man1/ ++ $(INSTALL) -m 0644 wipe.1 $(mandir)/man1/ + rm -rf $(datadir)/doc/wipe* + $(INSTALL) -d $(datadir)/doc/wipe + + for file in $(DOCS); do \ +- $(INSTALL) -o root -m 0644 $$file $(datadir)/doc/wipe/; \ ++ $(INSTALL) -m 0644 $$file $(datadir)/doc/wipe/; \ + done + + install_home: $(BIN_OUT) |