summary refs log tree commit diff
path: root/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r--pkgs/tools/security/clamav/default.nix4
-rw-r--r--pkgs/tools/security/opensc/default.nix5
-rw-r--r--pkgs/tools/security/paperkey/default.nix4
-rw-r--r--pkgs/tools/security/rng-tools/default.nix50
-rw-r--r--pkgs/tools/security/signify/default.nix34
-rw-r--r--pkgs/tools/security/sslscan/default.nix4
-rw-r--r--pkgs/tools/security/trufflehog/default.nix4
-rw-r--r--pkgs/tools/security/yara/default.nix22
8 files changed, 85 insertions, 42 deletions
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix
index 825993937246..5ab46a1d5e16 100644
--- a/pkgs/tools/security/clamav/default.nix
+++ b/pkgs/tools/security/clamav/default.nix
@@ -5,11 +5,11 @@
 
 stdenv.mkDerivation rec {
   name = "clamav-${version}";
-  version = "0.100.1";
+  version = "0.100.2";
 
   src = fetchurl {
     url = "https://www.clamav.net/downloads/production/${name}.tar.gz";
-    sha256 = "17x5b2gh84b167h6ip9hw05w809p009yx13i4gkps92ja5jjdq44";
+    sha256 = "1mkd41sxbjkfjinpx5b9kb85q529gj2s3d0klysssqhysh64ybja";
   };
 
   # don't install sample config files into the absolute sysconfdir folder
diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix
index 70a1beb8ce7c..c23827842f23 100644
--- a/pkgs/tools/security/opensc/default.nix
+++ b/pkgs/tools/security/opensc/default.nix
@@ -6,13 +6,13 @@
 
 stdenv.mkDerivation rec {
   name = "opensc-${version}";
-  version = "0.18.0";
+  version = "0.19.0";
 
   src = fetchFromGitHub {
     owner = "OpenSC";
     repo = "OpenSC";
     rev = version;
-    sha256 = "1shwx1rkmnygk2dp0q8pbvnxcg96bn570vch9yq34gs42ryskihf";
+    sha256 = "10575gb9l38cskq7swyjp0907wlziyxg4ppq33ndz319dsx69d87";
   };
 
   nativeBuildInputs = [ pkgconfig ];
@@ -37,6 +37,7 @@ stdenv.mkDerivation rec {
 
   installFlags = [
     "sysconfdir=$(out)/etc"
+    "completiondir=$(out)/etc"
   ];
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/security/paperkey/default.nix b/pkgs/tools/security/paperkey/default.nix
index 44cee21bc497..03af1b8a101a 100644
--- a/pkgs/tools/security/paperkey/default.nix
+++ b/pkgs/tools/security/paperkey/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "paperkey-${version}";
-  version = "1.5";
+  version = "1.6";
 
   src = fetchurl {
     url = "http://www.jabberwocky.com/software/paperkey/${name}.tar.gz";
-    sha256 = "1prd2jaf4zjad3xhv160hmi5n408ssljfg7iz90jxs9w111pjwy4";
+    sha256 = "1xq5gni6gksjkd5avg0zpd73vsr97appksfx0gx2m38s4w9zsid2";
   };
 
   postPatch = ''
diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix
index d2326c7e8c38..86a5a1b7c396 100644
--- a/pkgs/tools/security/rng-tools/default.nix
+++ b/pkgs/tools/security/rng-tools/default.nix
@@ -1,24 +1,50 @@
-{ stdenv, fetchurl }:
-
+{ stdenv, fetchFromGitHub, libtool, autoconf, automake, pkgconfig
+, sysfsutils
+  # WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS
+  # https://www.nist.gov/programs-projects/nist-randomness-beacon
+, curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false
+  # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source
+, libgcrypt ? null, withGcrypt ? true
+  # Not sure if jitterentropy is safe to use for cryptography
+  # and thus a default entropy source
+, jitterentropy ? null, withJitterEntropy ? false
+}:
+with stdenv.lib;
 stdenv.mkDerivation rec {
-  name = "rng-tools-5";
+  name = "rng-tools-${version}";
+  version = "6.6";
+
+  src = fetchFromGitHub {
+    owner = "nhorman";
+    repo = "rng-tools";
+    rev = "v${version}";
+    sha256 = "0c32sxfvngdjzfmxn5ngc5yxwi8ij3yl216nhzyz9r31qi3m14v7";
+  };
 
-  src = fetchurl {
-    url = "mirror://sourceforge/gkernel/${name}.tar.gz";
+  nativeBuildInputs = [ libtool autoconf automake pkgconfig ];
 
-    sha256 = "13h7lc8wl9khhvkr0i3bl5j9bapf8anhqis1lcnwxg1vc2v058b0";
-  };
+  preConfigure = "./autogen.sh";
+
+  configureFlags =
+       optional (!withJitterEntropy) "--disable-jitterentropy"
+    ++ optional (!withNistBeacon) "--without-nistbeacon"
+    ++ optional (!withGcrypt) "--without-libgcrypt";
+
+  buildInputs = [ sysfsutils ]
+    ++ optional withJitterEntropy [ jitterentropy ]
+    ++ optional withGcrypt [ libgcrypt.dev ]
+    ++ optional withNistBeacon [ openssl.dev curl.dev libxml2.dev ];
+
+  enableParallelBuilding = true;
 
   # For cross-compilation
   makeFlags = [ "AR:=$(AR)" ];
 
   meta = {
     description = "A random number generator daemon";
-
-    homepage = https://sourceforge.net/projects/gkernel;
-
-    license = stdenv.lib.licenses.gpl2;
-
+    homepage = https://github.com/nhorman/rng-tools;
+    license = stdenv.lib.licenses.gpl2Plus;
     platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ johnazoidberg ];
   };
 }
diff --git a/pkgs/tools/security/signify/default.nix b/pkgs/tools/security/signify/default.nix
new file mode 100644
index 000000000000..68db242f40af
--- /dev/null
+++ b/pkgs/tools/security/signify/default.nix
@@ -0,0 +1,34 @@
+{ stdenv, fetchFromGitHub, libbsd, pkgconfig }:
+
+stdenv.mkDerivation rec {
+  name = "signify-${version}";
+  version = "24";
+
+  src = fetchFromGitHub {
+    owner = "aperezdc";
+    repo = "signify";
+    rev = "v${version}";
+    sha256 = "0grdlrpxcflzmzzc30r8rvsmamvbsgqyni59flzzk4w5hpjh464w";
+  };
+
+  doCheck = true;
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ libbsd ];
+
+  preInstall = ''
+    export PREFIX=$out
+  '';
+
+  meta = with stdenv.lib; {
+    description = "OpenBSD signing tool";
+    longDescription = ''
+      OpenBSDs signing tool, which uses the Ed25519 public key signature system
+      for fast signing and verification of messages using small public keys.
+    '';
+    homepage = https://www.tedunangst.com/flak/post/signify;
+    license = licenses.isc;
+    maintainers = [ maintainers.rlupton20 ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/security/sslscan/default.nix b/pkgs/tools/security/sslscan/default.nix
index 6c89b0defa66..0484e8e069ab 100644
--- a/pkgs/tools/security/sslscan/default.nix
+++ b/pkgs/tools/security/sslscan/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   name = "sslscan-${version}";
-  version = "1.11.11";
+  version = "1.11.12";
 
   src = fetchFromGitHub {
     owner = "rbsec";
     repo = "sslscan";
     rev = "${version}-rbsec";
-    sha256 = "0k1agdz52pdgihwfwbygp0mlwkf757vcwhvwc0mrz606l2wbmwmr";
+    sha256 = "0wa0z6my6aqjp8si6x522ivk0yy55izbs3ch298gxjw5r15f4jb1";
   };
 
   buildInputs = [ openssl ];
diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix
index f805670a5d5e..9492f2bb6eac 100644
--- a/pkgs/tools/security/trufflehog/default.nix
+++ b/pkgs/tools/security/trufflehog/default.nix
@@ -12,11 +12,11 @@ let
 in
   pythonPackages.buildPythonApplication rec {
     pname = "truffleHog";
-    version = "2.0.91";
+    version = "2.0.97";
 
     src = pythonPackages.fetchPypi {
       inherit pname version;
-      sha256 = "0r4c9ihy6wjh5cwli7lb6cr2yfvxrh7r6cgznql1src5gzlnkymx";
+      sha256 = "034kpv1p4m90286slvc6d4mlrzaf0b5jbd4qaj87hj65wbpcpg8r";
     };
 
     # Relax overly restricted version constraint
diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix
index e273b2c19091..460474a7bb3b 100644
--- a/pkgs/tools/security/yara/default.nix
+++ b/pkgs/tools/security/yara/default.nix
@@ -5,34 +5,16 @@
 }:
 
 stdenv.mkDerivation rec {
-  version = "3.7.1";
+  version = "3.8.1";
   name = "yara-${version}";
 
   src = fetchFromGitHub {
     owner = "VirusTotal";
     repo = "yara";
     rev = "v${version}";
-    sha256 = "05smkn4ii8irx6ccnzrhwa39pkmrjyxjmfrwh6mhdd8iz51v5cgz";
+    sha256 = "1ys2y5f2cif3g42daq646jcrn2na19zkx7fds2gnavj5c1rk7463";
   };
 
-  # FIXME: this is probably not the right way to make it work
-  # make[2]: *** No rule to make target 'libyara/.libs/libyara.a', needed by 'yara'.  Stop.
-  prePatch = ''
-    cat >staticlibrary.patch <<EOF
-    --- a/Makefile.am 2015-11-01 11:39:12.000000000 +0100
-    +++ b/Makefile.am 2015-11-01 11:45:32.000000000 +0100
-    @@ -12 +12 @@
-    -yara_LDADD = libyara/.libs/libyara.a
-    +yara_LDADD = libyara/.libs/libyara${stdenv.hostPlatform.extensions.sharedLibrary}
-    @@ -15 +15 @@
-    -yarac_LDADD = libyara/.libs/libyara.a
-    +yarac_LDADD = libyara/.libs/libyara${stdenv.hostPlatform.extensions.sharedLibrary}
-    EOF
-  '';
-  patches = [
-    "staticlibrary.patch"
-  ];
-
   buildInputs = [ autoconf automake libtool pcre]
     ++ stdenv.lib.optionals withCrypto [ openssl ]
     ++ stdenv.lib.optionals enableMagic [ file ]
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-15 13:53:25 +0000