6 files changed, 133 insertions, 2 deletions

diff --git a/pkgs/tools/security/aide/default.nix b/pkgs/tools/security/aide/default.nix
new file mode 100644
index 000000000000..c1b6fe197a15
--- /dev/null
+++ b/pkgs/tools/security/aide/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, fetchurl, flex, bison, libmhash, zlib, acl, attr, libselinux }:
+stdenv.mkDerivation rec {
+  name = "aide-${version}";
+  version = "0.16a2";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/aide/devel/0.16a2/aide-${version}.tar.gz";
+    sha256 = "11qvp6l2x4ajq9485lmg722gfdikh8r2wqfw17m0jm68df0m295m";
+  };
+
+  buildInputs = [ flex bison libmhash zlib acl attr libselinux ];
+
+
+  configureFlags = [
+    "--with-posix-acl"
+    "--with-selinux"
+    "--with-xattr"
+    ];
+
+  meta = with stdenv.lib; {
+    homepage = "http://aide.sourceforge.net/";
+    description = "Advanced Intrusion Detection Environment (AIDE) is a file and directory integrity checker";
+    license = licenses.free;
+    maintainers = [ maintainers.tstrobel ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/security/opencryptoki/default.nix b/pkgs/tools/security/opencryptoki/default.nix
new file mode 100644
index 000000000000..9ea9c2f4892b
--- /dev/null
+++ b/pkgs/tools/security/opencryptoki/default.nix
@@ -0,0 +1,38 @@
+{ stdenv, fetchurl, openssl, trousers, automake, autoconf, libtool, bison, flex }:
+
+stdenv.mkDerivation rec {
+  version = "3.2";
+  name = "opencryptoki-${version}";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/opencryptoki/opencryptoki/v${version}/opencryptoki-v${version}.tgz";
+    sha256 = "06r6zp299vxdspl6k65myzgjv0bihg7kc500v7s4jd3mcrkngd6h";
+  };
+
+  buildInputs = [ automake autoconf libtool openssl trousers bison flex ];
+
+  preConfigure = ''
+    substituteInPlace configure.in --replace "chown" "true"
+    substituteInPlace configure.in --replace "chgrp" "true"
+    sh bootstrap.sh --prefix=$out
+  '';
+
+  configureFlags = [ "--disable-ccatok" "--disable-icatok" ];
+
+  makeFlags = "DESTDIR=$(out)";
+
+  # work around the build script of opencryptoki
+  postInstall = ''
+    cp -r $out/$out/* $out
+    rm -r $out/nix
+    '';
+
+  meta = with stdenv.lib; {
+    description = "PKCS#11 implementation for Linux";
+    homepage    = http://opencryptoki.sourceforge.net/;
+    license     = licenses.cpl10;
+    maintainers = [ maintainers.tstrobel ];
+    platforms   = platforms.unix;
+  };
+}
+
diff --git a/pkgs/tools/security/simple-tpm-pk11/default.nix b/pkgs/tools/security/simple-tpm-pk11/default.nix
new file mode 100644
index 000000000000..811618d66028
--- /dev/null
+++ b/pkgs/tools/security/simple-tpm-pk11/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, fetchgit, trousers, openssl, opencryptoki, automake, autoconf, libtool }:
+
+stdenv.mkDerivation rec {
+  name = "simple-tpm-pk11-2014-09-25";
+
+  src = fetchgit {
+    url = "https://github.com/ThomasHabets/simple-tpm-pk11";
+    rev = "f26f10e11344560ff6e1479e6795dc0e5dc49a26";
+    sha256 = "8c9501ceed0557113ce3facf7b22b8baf6f32ebb092008c089b80334ed03cec9";
+  };
+
+  buildInputs = [ trousers openssl opencryptoki automake autoconf libtool ];
+
+  preConfigure = "sh bootstrap.sh";
+
+  meta = with stdenv.lib; {
+    description = "Simple PKCS11 provider for TPM chips";
+    longDescription = ''
+      A simple library for using the TPM chip to secure SSH keys.
+      '';
+    homepage    = https://github.com/ThomasHabets/simple-tpm-pk11;
+    license     = stdenv.lib.licenses.asl20;
+    maintainers = with stdenv.lib; [ maintainers.tstrobel ];
+    platforms   = platforms.unix;
+  };
+}
+
diff --git a/pkgs/tools/security/tpm-tools/default.nix b/pkgs/tools/security/tpm-tools/default.nix
index 6e7ff75a6a48..a17bff9e32c8 100644
--- a/pkgs/tools/security/tpm-tools/default.nix
+++ b/pkgs/tools/security/tpm-tools/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, trousers, openssl }:
+{ stdenv, fetchurl, trousers, openssl, opencryptoki }:
 
 let
   version = "1.3.8";
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
     sha256 = "10za1gi89vi9m2lmm7jfzs281h55x1sbbm2bdgdh692ljpq4zsv6";
   };
 
-  buildInputs = [ trousers openssl ];
+  buildInputs = [ trousers openssl opencryptoki ];
 
   meta = with stdenv.lib; {
     description = "Management tools for TPM hardware";
diff --git a/pkgs/tools/security/wipe/default.nix b/pkgs/tools/security/wipe/default.nix
new file mode 100644
index 000000000000..a7c337dc1222
--- /dev/null
+++ b/pkgs/tools/security/wipe/default.nix
@@ -0,0 +1,21 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+  name = "wipe-${version}";
+  version = "2.3.1";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/wipe/${version}/${name}.tar.bz2";
+    sha256 = "180snqvh6k6il6prb19fncflf2jcvkihlb4w84sbndcv1wvicfa6";
+  };
+
+  patches = [ ./fix-install.patch ];
+
+  meta = with stdenv.lib; {
+    description = "Secure file wiping utility";
+    homepage    = http://wipe.sourceforge.net/;
+    license     = licenses.gpl2;
+    platforms   = platforms.linux;
+    maintainers = [ maintainers.abbradar ];
+  };
+}
diff --git a/pkgs/tools/security/wipe/fix-install.patch b/pkgs/tools/security/wipe/fix-install.patch
new file mode 100644
index 000000000000..2df3a1eec6a0
--- /dev/null
+++ b/pkgs/tools/security/wipe/fix-install.patch
@@ -0,0 +1,18 @@
+diff -ru3 wipe-2.3.1/Makefile.in wipe-2.3.1-new/Makefile.in
+--- wipe-2.3.1/Makefile.in	2009-11-02 00:11:30.000000000 +0300
++++ wipe-2.3.1-new/Makefile.in	2014-10-18 02:51:10.088966232 +0400
+@@ -60,12 +60,12 @@
+ 	$(INSTALL_BIN) -d $(bindir)
+ 	$(INSTALL_BIN) -s $(BIN_OUT) $(bindir)
+ 	$(INSTALL) -d $(mandir)/man1
+-	$(INSTALL) -o root -m 0644 wipe.1 $(mandir)/man1/
++	$(INSTALL) -m 0644 wipe.1 $(mandir)/man1/
+ 	rm -rf $(datadir)/doc/wipe*
+ 	$(INSTALL) -d $(datadir)/doc/wipe
+ 
+ 	for file in $(DOCS); do \
+-		$(INSTALL) -o root -m 0644 $$file $(datadir)/doc/wipe/; \
++		$(INSTALL) -m 0644 $$file $(datadir)/doc/wipe/; \
+ 	done
+ 
+ install_home: $(BIN_OUT)