summary refs log tree commit diff
path: root/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r--pkgs/tools/security/clamav/default.nix13
-rw-r--r--pkgs/tools/security/gnu-pw-mgr/default.nix4
-rw-r--r--pkgs/tools/security/gnupg/20.nix2
-rw-r--r--pkgs/tools/security/gnupg/22.nix2
-rw-r--r--pkgs/tools/security/keybase/gui.nix7
-rw-r--r--pkgs/tools/security/libmodsecurity/default.nix4
-rw-r--r--pkgs/tools/security/nitrokey-app/default.nix23
-rw-r--r--pkgs/tools/security/nitrokey-app/udev-rules.nix4
-rw-r--r--pkgs/tools/security/open-ecard/default.nix2
-rw-r--r--pkgs/tools/security/opensc/default.nix2
-rw-r--r--pkgs/tools/security/pcsclite/default.nix11
-rw-r--r--pkgs/tools/security/pcsctools/default.nix4
-rw-r--r--pkgs/tools/security/sshguard/default.nix4
-rw-r--r--pkgs/tools/security/tor/default.nix4
-rw-r--r--pkgs/tools/security/vault/default.nix4
15 files changed, 57 insertions, 33 deletions
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix
index c3aa92bf4b01..79644d357745 100644
--- a/pkgs/tools/security/clamav/default.nix
+++ b/pkgs/tools/security/clamav/default.nix
@@ -1,14 +1,15 @@
 { stdenv, fetchurl, fetchpatch, pkgconfig
-, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre
+, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2
+, libmspack, systemd
 }:
 
 stdenv.mkDerivation rec {
   name = "clamav-${version}";
-  version = "0.99.4";
+  version = "0.100.1";
 
   src = fetchurl {
     url = "https://www.clamav.net/downloads/production/${name}.tar.gz";
-    sha256 = "0q94iwi729id9pyc72w6zlllbaz37qvpi6gc51g2x3fy7ckw6anp";
+    sha256 = "17x5b2gh84b167h6ip9hw05w809p009yx13i4gkps92ja5jjdq44";
   };
 
   # don't install sample config files into the absolute sysconfdir folder
@@ -18,16 +19,20 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [
-    zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre
+    zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack
+    systemd
   ];
 
   configureFlags = [
+    "--libdir=$(out)/lib"
     "--sysconfdir=/etc/clamav"
+    "--with-systemdsystemunitdir=$(out)/lib/systemd"
     "--disable-llvm" # enabling breaks the build at the moment
     "--with-zlib=${zlib.dev}"
     "--with-xml=${libxml2.dev}"
     "--with-openssl=${openssl.dev}"
     "--with-libcurl=${curl.dev}"
+    "--with-system-libmspack"
     "--enable-milter"
   ];
 
diff --git a/pkgs/tools/security/gnu-pw-mgr/default.nix b/pkgs/tools/security/gnu-pw-mgr/default.nix
index 23aec604d2d1..e71d313e20ab 100644
--- a/pkgs/tools/security/gnu-pw-mgr/default.nix
+++ b/pkgs/tools/security/gnu-pw-mgr/default.nix
@@ -2,10 +2,10 @@
 
 stdenv.mkDerivation rec {
   name = "gnu-pw-mgr-${version}";
-  version = "2.3.2";
+  version = "2.3.3";
   src = fetchurl {
     url = "http://ftp.gnu.org/gnu/gnu-pw-mgr/${name}.tar.xz";
-    sha256 = "0x60g0syqpd107l8w4bl213imy2lspm4kz1j18yr1sh10rdxlgxd";
+    sha256 = "04xh38j7l0sfnb01kp05xc908pvqfc0lph94k7n9bi46zy3qy7ma";
   };
 
   buildInputs = [ gnulib ];
diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix
index fdef447193d8..9404cb1d0655 100644
--- a/pkgs/tools/security/gnupg/20.nix
+++ b/pkgs/tools/security/gnupg/20.nix
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
   prePatch = ''
     find tests -type f | xargs sed -e 's@/bin/pwd@${coreutils}&@g' -i
   '' + stdenv.lib.optionalString stdenv.isLinux ''
-    sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
+    sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
   '' + stdenv.lib.optionalString stdenv.isDarwin ''
     find . -name pcsc-wrapper.c | xargs sed -i 's/typedef unsinged int pcsc_dword_t/typedef unsigned int pcsc_dword_t/'
   '' + ''
diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix
index f28d57fa62bd..b0381b32bcfe 100644
--- a/pkgs/tools/security/gnupg/22.nix
+++ b/pkgs/tools/security/gnupg/22.nix
@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
     ./fix-libusb-include-path.patch
   ];
   postPatch = stdenv.lib.optionalString stdenv.isLinux ''
-    sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
+    sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
   ''; #" fix Emacs syntax highlighting :-(
 
   pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry";
diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix
index b53860e406d2..1a7cf30b9528 100644
--- a/pkgs/tools/security/keybase/gui.nix
+++ b/pkgs/tools/security/keybase/gui.nix
@@ -70,10 +70,9 @@ stdenv.mkDerivation rec {
       checkFailed
     fi
 
-    ${utillinuxMinimal}/bin/mountpoint /keybase &>/dev/null
-    if [ "\$?" -ne "0" ]; then
-      echo "Keybase is not mounted to /keybase." >&2
-      echo "You might need to run: kbfsfuse /keybase" >&2
+    if [ -z "\$(keybase status | grep kbfsfuse)" ]; then
+      echo "Could not find kbfsfuse client in keybase status." >&2
+      echo "You might need to run: kbfsfuse" >&2
       checkFailed
     fi
 
diff --git a/pkgs/tools/security/libmodsecurity/default.nix b/pkgs/tools/security/libmodsecurity/default.nix
index f746e8c8ffd9..3bf906fb4c12 100644
--- a/pkgs/tools/security/libmodsecurity/default.nix
+++ b/pkgs/tools/security/libmodsecurity/default.nix
@@ -4,14 +4,14 @@
 
 stdenv.mkDerivation rec {
   name = "libmodsecurity-${version}";
-  version = "3.0.0";
+  version = "3.0.2";
 
   src = fetchFromGitHub {
     owner = "SpiderLabs";
     repo = "ModSecurity";
     fetchSubmodules = true;
     rev = "v${version}";
-    sha256 = "1y9nxbf5vgip4zl948a27xpw4mpimqd7xmskfi40k6g0cmmsx1x1";
+    sha256 = "0jhyqsvcjxq9ybndcinc08awknrg3sbkaby5w3qw03aqbfjkpywc";
   };
 
   nativeBuildInputs = [ autoreconfHook pkgconfig ];
diff --git a/pkgs/tools/security/nitrokey-app/default.nix b/pkgs/tools/security/nitrokey-app/default.nix
index 4407d5abbfa1..67e388d5728b 100644
--- a/pkgs/tools/security/nitrokey-app/default.nix
+++ b/pkgs/tools/security/nitrokey-app/default.nix
@@ -1,29 +1,42 @@
-{ stdenv, bash-completion, cmake, fetchgit, hidapi, libusb1, pkgconfig, qt5 }:
+{ stdenv, makeWrapper, bash-completion, cmake, fetchgit, hidapi, libusb1, pkgconfig
+, qtbase, qttranslations, qtsvg }:
 
 stdenv.mkDerivation rec {
   name = "nitrokey-app-${version}";
-  version = "1.2";
+  version = "1.3.1";
 
   # We use fetchgit instead of fetchFromGitHub because of necessary git submodules
   src = fetchgit {
     url = "https://github.com/Nitrokey/nitrokey-app.git";
     rev = "v${version}";
-    sha256 = "0mm6vlgxlmpahmmcn4awnfpx5rx5bj8m44cywhgxlmz012x73hzi";
+    sha256 = "0zf2f7g5scqd5xfzvmmpvfc7d1w66rf22av0qv6s37875c61j9r9";
   };
 
+  postPatch = ''
+    substituteInPlace libnitrokey/CMakeLists.txt \
+      --replace '/data/41-nitrokey.rules' '/libnitrokey/data/41-nitrokey.rules'
+  '';
+
   buildInputs = [
     bash-completion
     hidapi
     libusb1
-    qt5.qtbase
-    qt5.qttranslations
+    qtbase
+    qttranslations
+    qtsvg
   ];
   nativeBuildInputs = [
     cmake
     pkgconfig
+    makeWrapper
   ];
   cmakeFlags = "-DCMAKE_BUILD_TYPE=Release";
 
+  postFixup = ''
+    wrapProgram $out/bin/nitrokey-app \
+      --prefix QT_PLUGIN_PATH : "${qtbase}/${qtbase.qtPluginPrefix}"
+  '';
+
   meta = with stdenv.lib; {
     description      = "Provides extra functionality for the Nitrokey Pro and Storage";
     longDescription  = ''
diff --git a/pkgs/tools/security/nitrokey-app/udev-rules.nix b/pkgs/tools/security/nitrokey-app/udev-rules.nix
index 33d2dd1c8fa7..a89fa7238269 100644
--- a/pkgs/tools/security/nitrokey-app/udev-rules.nix
+++ b/pkgs/tools/security/nitrokey-app/udev-rules.nix
@@ -10,12 +10,12 @@ stdenv.mkDerivation {
   dontBuild = true;
 
   patchPhase = ''
-    substituteInPlace data/41-nitrokey.rules --replace plugdev "${group}"
+    substituteInPlace libnitrokey/data/41-nitrokey.rules --replace plugdev "${group}"
   '';
 
   installPhase = ''
     mkdir -p $out/etc/udev/rules.d
-    cp data/41-nitrokey.rules $out/etc/udev/rules.d
+    cp libnitrokey/data/41-nitrokey.rules $out/etc/udev/rules.d
   '';
 
   meta = {
diff --git a/pkgs/tools/security/open-ecard/default.nix b/pkgs/tools/security/open-ecard/default.nix
index a0af51186edf..98f2e56e7497 100644
--- a/pkgs/tools/security/open-ecard/default.nix
+++ b/pkgs/tools/security/open-ecard/default.nix
@@ -50,7 +50,7 @@ in stdenv.mkDerivation rec {
     makeWrapper ${jre}/bin/java $out/bin/${appName} \
       --add-flags "-cp $out/share/java/cifs-${version}.jar" \
       --add-flags "-jar $out/share/java/richclient-${version}.jar" \
-      --suffix LD_LIBRARY_PATH ':' ${pcsclite}/lib
+      --suffix LD_LIBRARY_PATH ':' ${stdenv.lib.getLib pcsclite}/lib
   '';
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix
index 819c01a0893f..7624e6cfa39e 100644
--- a/pkgs/tools/security/opensc/default.nix
+++ b/pkgs/tools/security/opensc/default.nix
@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
     "--localstatedir=/var"
     "--sysconfdir=/etc"
     "--with-xsl-stylesheetsdir=${docbook_xsl}/xml/xsl/docbook"
-    "--with-pcsc-provider=${pcsclite}/lib/libpcsclite.so"
+    "--with-pcsc-provider=${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so"
   ];
 
   installFlags = [
diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix
index bf5856aec357..84072fd2840e 100644
--- a/pkgs/tools/security/pcsclite/default.nix
+++ b/pkgs/tools/security/pcsclite/default.nix
@@ -1,10 +1,12 @@
-{ stdenv, fetchurl, pkgconfig, udev, dbus_libs, perl, python2
+{ stdenv, fetchurl, pkgconfig, udev, dbus, perl, python2
 , IOKit ? null }:
 
 stdenv.mkDerivation rec {
   name = "pcsclite-${version}";
   version = "1.8.23";
 
+  outputs = [ "bin" "out" "dev" "doc" "man" ];
+
   src = fetchurl {
     url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2";
     sha256 = "1jc9ws5ra6v3plwraqixin0w0wfxj64drahrbkyrrwzghqjjc9ss";
@@ -28,8 +30,13 @@ stdenv.mkDerivation rec {
     }' config.h
   '';
 
+  postInstall = ''
+    # pcsc-spy is a debugging utility and it drags python into the closure
+    moveToOutput bin/pcsc-spy "$dev"
+  '';
+
   nativeBuildInputs = [ pkgconfig perl python2 ];
-  buildInputs = stdenv.lib.optionals stdenv.isLinux [ udev dbus_libs ]
+  buildInputs = stdenv.lib.optionals stdenv.isLinux [ udev dbus ]
              ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit ];
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/security/pcsctools/default.nix b/pkgs/tools/security/pcsctools/default.nix
index 585e089b8af4..d9e68c77d25c 100644
--- a/pkgs/tools/security/pcsctools/default.nix
+++ b/pkgs/tools/security/pcsctools/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchurl, makeWrapper, pkgconfig, udev, dbus_libs, pcsclite
+{ stdenv, lib, fetchurl, makeWrapper, pkgconfig, udev, dbus, pcsclite
 , wget, coreutils
 , perl, pcscperl, Glib, Gtk2, Pango, Cairo
 }:
@@ -13,7 +13,7 @@ in stdenv.mkDerivation rec {
     sha256 = "0iqcy28pb963ds4pjrpi37577vm6nkgf3i0b3rr978jy9qi1bix9";
   };
 
-  buildInputs = [ udev dbus_libs perl pcsclite ];
+  buildInputs = [ udev dbus perl pcsclite ];
 
   makeFlags = [ "DESTDIR=$(out)" ];
 
diff --git a/pkgs/tools/security/sshguard/default.nix b/pkgs/tools/security/sshguard/default.nix
index 6db16c95fc88..facbfcad4cfd 100644
--- a/pkgs/tools/security/sshguard/default.nix
+++ b/pkgs/tools/security/sshguard/default.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchurl, autoreconfHook, yacc, flex}:
 
 stdenv.mkDerivation rec {
-  version = "2.1.0";
+  version = "2.2.0";
   name = "sshguard-${version}";
 
   src = fetchurl {
     url = "mirror://sourceforge/sshguard/${name}.tar.gz";
-    sha256 = "12h2rx40lf3p3kgazmgakkgajjk2d3sdvr2f73ghi15d6i42l991";
+    sha256 = "1hjn6smd6kc3yg2xm1kvszqpm5w9a6vic6a1spzy8czcwvz0gzra";
   };
 
   doCheck = true;
diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix
index 3efba58ea11d..4923a9019ed3 100644
--- a/pkgs/tools/security/tor/default.nix
+++ b/pkgs/tools/security/tor/default.nix
@@ -15,11 +15,11 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "tor-0.3.3.7";
+  name = "tor-0.3.3.9";
 
   src = fetchurl {
     url = "https://dist.torproject.org/${name}.tar.gz";
-    sha256 = "036ybfvldj7yfci9ipjki8smpzyxdg8c5r12bghc9yxdqh9basza";
+    sha256 = "0vyf5z0dn5jghp2qjp076aq62lsz9g32qv9jiqf08skf096nnd45";
   };
 
   outputs = [ "out" "geoip" ];
diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix
index 02c0b27a5648..2c422d516046 100644
--- a/pkgs/tools/security/vault/default.nix
+++ b/pkgs/tools/security/vault/default.nix
@@ -9,13 +9,13 @@ let
   };
 in stdenv.mkDerivation rec {
   name = "vault-${version}";
-  version = "0.9.5";
+  version = "0.10.3";
 
   src = fetchFromGitHub {
     owner = "hashicorp";
     repo = "vault";
     rev = "v${version}";
-    sha256 = "1ddki3bnp6yrajc0cxxjkbdlfp0xqx407nxvvv611lsnlbr2sz5g";
+    sha256 = "16sndzbfciw4bccxm7sc83y2pma2bgsmc1kqyb2hp0jsdy4rl3k4";
   };
 
   nativeBuildInputs = [ go gox removeReferencesTo ];
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-04 23:05:39 +0000