diff options
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/clamav/default.nix | 13 | ||||
-rw-r--r-- | pkgs/tools/security/gnu-pw-mgr/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/20.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/22.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/gui.nix | 7 | ||||
-rw-r--r-- | pkgs/tools/security/libmodsecurity/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/nitrokey-app/default.nix | 23 | ||||
-rw-r--r-- | pkgs/tools/security/nitrokey-app/udev-rules.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/open-ecard/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/opensc/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/pcsclite/default.nix | 11 | ||||
-rw-r--r-- | pkgs/tools/security/pcsctools/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/sshguard/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/tor/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/vault/default.nix | 4 |
15 files changed, 57 insertions, 33 deletions
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index c3aa92bf4b01..79644d357745 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -1,14 +1,15 @@ { stdenv, fetchurl, fetchpatch, pkgconfig -, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre +, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2 +, libmspack, systemd }: stdenv.mkDerivation rec { name = "clamav-${version}"; - version = "0.99.4"; + version = "0.100.1"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${name}.tar.gz"; - sha256 = "0q94iwi729id9pyc72w6zlllbaz37qvpi6gc51g2x3fy7ckw6anp"; + sha256 = "17x5b2gh84b167h6ip9hw05w809p009yx13i4gkps92ja5jjdq44"; }; # don't install sample config files into the absolute sysconfdir folder @@ -18,16 +19,20 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; buildInputs = [ - zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre + zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack + systemd ]; configureFlags = [ + "--libdir=$(out)/lib" "--sysconfdir=/etc/clamav" + "--with-systemdsystemunitdir=$(out)/lib/systemd" "--disable-llvm" # enabling breaks the build at the moment "--with-zlib=${zlib.dev}" "--with-xml=${libxml2.dev}" "--with-openssl=${openssl.dev}" "--with-libcurl=${curl.dev}" + "--with-system-libmspack" "--enable-milter" ]; diff --git a/pkgs/tools/security/gnu-pw-mgr/default.nix b/pkgs/tools/security/gnu-pw-mgr/default.nix index 23aec604d2d1..e71d313e20ab 100644 --- a/pkgs/tools/security/gnu-pw-mgr/default.nix +++ b/pkgs/tools/security/gnu-pw-mgr/default.nix @@ -2,10 +2,10 @@ stdenv.mkDerivation rec { name = "gnu-pw-mgr-${version}"; - version = "2.3.2"; + version = "2.3.3"; src = fetchurl { url = "http://ftp.gnu.org/gnu/gnu-pw-mgr/${name}.tar.xz"; - sha256 = "0x60g0syqpd107l8w4bl213imy2lspm4kz1j18yr1sh10rdxlgxd"; + sha256 = "04xh38j7l0sfnb01kp05xc908pvqfc0lph94k7n9bi46zy3qy7ma"; }; buildInputs = [ gnulib ]; diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix index fdef447193d8..9404cb1d0655 100644 --- a/pkgs/tools/security/gnupg/20.nix +++ b/pkgs/tools/security/gnupg/20.nix @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { prePatch = '' find tests -type f | xargs sed -e 's@/bin/pwd@${coreutils}&@g' -i '' + stdenv.lib.optionalString stdenv.isLinux '' - sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c + sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c '' + stdenv.lib.optionalString stdenv.isDarwin '' find . -name pcsc-wrapper.c | xargs sed -i 's/typedef unsinged int pcsc_dword_t/typedef unsigned int pcsc_dword_t/' '' + '' diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index f28d57fa62bd..b0381b32bcfe 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { ./fix-libusb-include-path.patch ]; postPatch = stdenv.lib.optionalString stdenv.isLinux '' - sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c + sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix index b53860e406d2..1a7cf30b9528 100644 --- a/pkgs/tools/security/keybase/gui.nix +++ b/pkgs/tools/security/keybase/gui.nix @@ -70,10 +70,9 @@ stdenv.mkDerivation rec { checkFailed fi - ${utillinuxMinimal}/bin/mountpoint /keybase &>/dev/null - if [ "\$?" -ne "0" ]; then - echo "Keybase is not mounted to /keybase." >&2 - echo "You might need to run: kbfsfuse /keybase" >&2 + if [ -z "\$(keybase status | grep kbfsfuse)" ]; then + echo "Could not find kbfsfuse client in keybase status." >&2 + echo "You might need to run: kbfsfuse" >&2 checkFailed fi diff --git a/pkgs/tools/security/libmodsecurity/default.nix b/pkgs/tools/security/libmodsecurity/default.nix index f746e8c8ffd9..3bf906fb4c12 100644 --- a/pkgs/tools/security/libmodsecurity/default.nix +++ b/pkgs/tools/security/libmodsecurity/default.nix @@ -4,14 +4,14 @@ stdenv.mkDerivation rec { name = "libmodsecurity-${version}"; - version = "3.0.0"; + version = "3.0.2"; src = fetchFromGitHub { owner = "SpiderLabs"; repo = "ModSecurity"; fetchSubmodules = true; rev = "v${version}"; - sha256 = "1y9nxbf5vgip4zl948a27xpw4mpimqd7xmskfi40k6g0cmmsx1x1"; + sha256 = "0jhyqsvcjxq9ybndcinc08awknrg3sbkaby5w3qw03aqbfjkpywc"; }; nativeBuildInputs = [ autoreconfHook pkgconfig ]; diff --git a/pkgs/tools/security/nitrokey-app/default.nix b/pkgs/tools/security/nitrokey-app/default.nix index 4407d5abbfa1..67e388d5728b 100644 --- a/pkgs/tools/security/nitrokey-app/default.nix +++ b/pkgs/tools/security/nitrokey-app/default.nix @@ -1,29 +1,42 @@ -{ stdenv, bash-completion, cmake, fetchgit, hidapi, libusb1, pkgconfig, qt5 }: +{ stdenv, makeWrapper, bash-completion, cmake, fetchgit, hidapi, libusb1, pkgconfig +, qtbase, qttranslations, qtsvg }: stdenv.mkDerivation rec { name = "nitrokey-app-${version}"; - version = "1.2"; + version = "1.3.1"; # We use fetchgit instead of fetchFromGitHub because of necessary git submodules src = fetchgit { url = "https://github.com/Nitrokey/nitrokey-app.git"; rev = "v${version}"; - sha256 = "0mm6vlgxlmpahmmcn4awnfpx5rx5bj8m44cywhgxlmz012x73hzi"; + sha256 = "0zf2f7g5scqd5xfzvmmpvfc7d1w66rf22av0qv6s37875c61j9r9"; }; + postPatch = '' + substituteInPlace libnitrokey/CMakeLists.txt \ + --replace '/data/41-nitrokey.rules' '/libnitrokey/data/41-nitrokey.rules' + ''; + buildInputs = [ bash-completion hidapi libusb1 - qt5.qtbase - qt5.qttranslations + qtbase + qttranslations + qtsvg ]; nativeBuildInputs = [ cmake pkgconfig + makeWrapper ]; cmakeFlags = "-DCMAKE_BUILD_TYPE=Release"; + postFixup = '' + wrapProgram $out/bin/nitrokey-app \ + --prefix QT_PLUGIN_PATH : "${qtbase}/${qtbase.qtPluginPrefix}" + ''; + meta = with stdenv.lib; { description = "Provides extra functionality for the Nitrokey Pro and Storage"; longDescription = '' diff --git a/pkgs/tools/security/nitrokey-app/udev-rules.nix b/pkgs/tools/security/nitrokey-app/udev-rules.nix index 33d2dd1c8fa7..a89fa7238269 100644 --- a/pkgs/tools/security/nitrokey-app/udev-rules.nix +++ b/pkgs/tools/security/nitrokey-app/udev-rules.nix @@ -10,12 +10,12 @@ stdenv.mkDerivation { dontBuild = true; patchPhase = '' - substituteInPlace data/41-nitrokey.rules --replace plugdev "${group}" + substituteInPlace libnitrokey/data/41-nitrokey.rules --replace plugdev "${group}" ''; installPhase = '' mkdir -p $out/etc/udev/rules.d - cp data/41-nitrokey.rules $out/etc/udev/rules.d + cp libnitrokey/data/41-nitrokey.rules $out/etc/udev/rules.d ''; meta = { diff --git a/pkgs/tools/security/open-ecard/default.nix b/pkgs/tools/security/open-ecard/default.nix index a0af51186edf..98f2e56e7497 100644 --- a/pkgs/tools/security/open-ecard/default.nix +++ b/pkgs/tools/security/open-ecard/default.nix @@ -50,7 +50,7 @@ in stdenv.mkDerivation rec { makeWrapper ${jre}/bin/java $out/bin/${appName} \ --add-flags "-cp $out/share/java/cifs-${version}.jar" \ --add-flags "-jar $out/share/java/richclient-${version}.jar" \ - --suffix LD_LIBRARY_PATH ':' ${pcsclite}/lib + --suffix LD_LIBRARY_PATH ':' ${stdenv.lib.getLib pcsclite}/lib ''; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index 819c01a0893f..7624e6cfa39e 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { "--localstatedir=/var" "--sysconfdir=/etc" "--with-xsl-stylesheetsdir=${docbook_xsl}/xml/xsl/docbook" - "--with-pcsc-provider=${pcsclite}/lib/libpcsclite.so" + "--with-pcsc-provider=${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so" ]; installFlags = [ diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index bf5856aec357..84072fd2840e 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -1,10 +1,12 @@ -{ stdenv, fetchurl, pkgconfig, udev, dbus_libs, perl, python2 +{ stdenv, fetchurl, pkgconfig, udev, dbus, perl, python2 , IOKit ? null }: stdenv.mkDerivation rec { name = "pcsclite-${version}"; version = "1.8.23"; + outputs = [ "bin" "out" "dev" "doc" "man" ]; + src = fetchurl { url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2"; sha256 = "1jc9ws5ra6v3plwraqixin0w0wfxj64drahrbkyrrwzghqjjc9ss"; @@ -28,8 +30,13 @@ stdenv.mkDerivation rec { }' config.h ''; + postInstall = '' + # pcsc-spy is a debugging utility and it drags python into the closure + moveToOutput bin/pcsc-spy "$dev" + ''; + nativeBuildInputs = [ pkgconfig perl python2 ]; - buildInputs = stdenv.lib.optionals stdenv.isLinux [ udev dbus_libs ] + buildInputs = stdenv.lib.optionals stdenv.isLinux [ udev dbus ] ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/pcsctools/default.nix b/pkgs/tools/security/pcsctools/default.nix index 585e089b8af4..d9e68c77d25c 100644 --- a/pkgs/tools/security/pcsctools/default.nix +++ b/pkgs/tools/security/pcsctools/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, makeWrapper, pkgconfig, udev, dbus_libs, pcsclite +{ stdenv, lib, fetchurl, makeWrapper, pkgconfig, udev, dbus, pcsclite , wget, coreutils , perl, pcscperl, Glib, Gtk2, Pango, Cairo }: @@ -13,7 +13,7 @@ in stdenv.mkDerivation rec { sha256 = "0iqcy28pb963ds4pjrpi37577vm6nkgf3i0b3rr978jy9qi1bix9"; }; - buildInputs = [ udev dbus_libs perl pcsclite ]; + buildInputs = [ udev dbus perl pcsclite ]; makeFlags = [ "DESTDIR=$(out)" ]; diff --git a/pkgs/tools/security/sshguard/default.nix b/pkgs/tools/security/sshguard/default.nix index 6db16c95fc88..facbfcad4cfd 100644 --- a/pkgs/tools/security/sshguard/default.nix +++ b/pkgs/tools/security/sshguard/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, autoreconfHook, yacc, flex}: stdenv.mkDerivation rec { - version = "2.1.0"; + version = "2.2.0"; name = "sshguard-${version}"; src = fetchurl { url = "mirror://sourceforge/sshguard/${name}.tar.gz"; - sha256 = "12h2rx40lf3p3kgazmgakkgajjk2d3sdvr2f73ghi15d6i42l991"; + sha256 = "1hjn6smd6kc3yg2xm1kvszqpm5w9a6vic6a1spzy8czcwvz0gzra"; }; doCheck = true; diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 3efba58ea11d..4923a9019ed3 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -15,11 +15,11 @@ }: stdenv.mkDerivation rec { - name = "tor-0.3.3.7"; + name = "tor-0.3.3.9"; src = fetchurl { url = "https://dist.torproject.org/${name}.tar.gz"; - sha256 = "036ybfvldj7yfci9ipjki8smpzyxdg8c5r12bghc9yxdqh9basza"; + sha256 = "0vyf5z0dn5jghp2qjp076aq62lsz9g32qv9jiqf08skf096nnd45"; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 02c0b27a5648..2c422d516046 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -9,13 +9,13 @@ let }; in stdenv.mkDerivation rec { name = "vault-${version}"; - version = "0.9.5"; + version = "0.10.3"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "1ddki3bnp6yrajc0cxxjkbdlfp0xqx407nxvvv611lsnlbr2sz5g"; + sha256 = "16sndzbfciw4bccxm7sc83y2pma2bgsmc1kqyb2hp0jsdy4rl3k4"; }; nativeBuildInputs = [ go gox removeReferencesTo ]; |