diff options
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/clamav/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/opensc/default.nix | 5 | ||||
-rw-r--r-- | pkgs/tools/security/paperkey/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/rng-tools/default.nix | 50 | ||||
-rw-r--r-- | pkgs/tools/security/signify/default.nix | 34 | ||||
-rw-r--r-- | pkgs/tools/security/sslscan/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/trufflehog/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/yara/default.nix | 22 |
8 files changed, 85 insertions, 42 deletions
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 825993937246..5ab46a1d5e16 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { name = "clamav-${version}"; - version = "0.100.1"; + version = "0.100.2"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${name}.tar.gz"; - sha256 = "17x5b2gh84b167h6ip9hw05w809p009yx13i4gkps92ja5jjdq44"; + sha256 = "1mkd41sxbjkfjinpx5b9kb85q529gj2s3d0klysssqhysh64ybja"; }; # don't install sample config files into the absolute sysconfdir folder diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index 70a1beb8ce7c..c23827842f23 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { name = "opensc-${version}"; - version = "0.18.0"; + version = "0.19.0"; src = fetchFromGitHub { owner = "OpenSC"; repo = "OpenSC"; rev = version; - sha256 = "1shwx1rkmnygk2dp0q8pbvnxcg96bn570vch9yq34gs42ryskihf"; + sha256 = "10575gb9l38cskq7swyjp0907wlziyxg4ppq33ndz319dsx69d87"; }; nativeBuildInputs = [ pkgconfig ]; @@ -37,6 +37,7 @@ stdenv.mkDerivation rec { installFlags = [ "sysconfdir=$(out)/etc" + "completiondir=$(out)/etc" ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/paperkey/default.nix b/pkgs/tools/security/paperkey/default.nix index 44cee21bc497..03af1b8a101a 100644 --- a/pkgs/tools/security/paperkey/default.nix +++ b/pkgs/tools/security/paperkey/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "paperkey-${version}"; - version = "1.5"; + version = "1.6"; src = fetchurl { url = "http://www.jabberwocky.com/software/paperkey/${name}.tar.gz"; - sha256 = "1prd2jaf4zjad3xhv160hmi5n408ssljfg7iz90jxs9w111pjwy4"; + sha256 = "1xq5gni6gksjkd5avg0zpd73vsr97appksfx0gx2m38s4w9zsid2"; }; postPatch = '' diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix index d2326c7e8c38..86a5a1b7c396 100644 --- a/pkgs/tools/security/rng-tools/default.nix +++ b/pkgs/tools/security/rng-tools/default.nix @@ -1,24 +1,50 @@ -{ stdenv, fetchurl }: - +{ stdenv, fetchFromGitHub, libtool, autoconf, automake, pkgconfig +, sysfsutils + # WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS + # https://www.nist.gov/programs-projects/nist-randomness-beacon +, curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false + # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source +, libgcrypt ? null, withGcrypt ? true + # Not sure if jitterentropy is safe to use for cryptography + # and thus a default entropy source +, jitterentropy ? null, withJitterEntropy ? false +}: +with stdenv.lib; stdenv.mkDerivation rec { - name = "rng-tools-5"; + name = "rng-tools-${version}"; + version = "6.6"; + + src = fetchFromGitHub { + owner = "nhorman"; + repo = "rng-tools"; + rev = "v${version}"; + sha256 = "0c32sxfvngdjzfmxn5ngc5yxwi8ij3yl216nhzyz9r31qi3m14v7"; + }; - src = fetchurl { - url = "mirror://sourceforge/gkernel/${name}.tar.gz"; + nativeBuildInputs = [ libtool autoconf automake pkgconfig ]; - sha256 = "13h7lc8wl9khhvkr0i3bl5j9bapf8anhqis1lcnwxg1vc2v058b0"; - }; + preConfigure = "./autogen.sh"; + + configureFlags = + optional (!withJitterEntropy) "--disable-jitterentropy" + ++ optional (!withNistBeacon) "--without-nistbeacon" + ++ optional (!withGcrypt) "--without-libgcrypt"; + + buildInputs = [ sysfsutils ] + ++ optional withJitterEntropy [ jitterentropy ] + ++ optional withGcrypt [ libgcrypt.dev ] + ++ optional withNistBeacon [ openssl.dev curl.dev libxml2.dev ]; + + enableParallelBuilding = true; # For cross-compilation makeFlags = [ "AR:=$(AR)" ]; meta = { description = "A random number generator daemon"; - - homepage = https://sourceforge.net/projects/gkernel; - - license = stdenv.lib.licenses.gpl2; - + homepage = https://github.com/nhorman/rng-tools; + license = stdenv.lib.licenses.gpl2Plus; platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ johnazoidberg ]; }; } diff --git a/pkgs/tools/security/signify/default.nix b/pkgs/tools/security/signify/default.nix new file mode 100644 index 000000000000..68db242f40af --- /dev/null +++ b/pkgs/tools/security/signify/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub, libbsd, pkgconfig }: + +stdenv.mkDerivation rec { + name = "signify-${version}"; + version = "24"; + + src = fetchFromGitHub { + owner = "aperezdc"; + repo = "signify"; + rev = "v${version}"; + sha256 = "0grdlrpxcflzmzzc30r8rvsmamvbsgqyni59flzzk4w5hpjh464w"; + }; + + doCheck = true; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libbsd ]; + + preInstall = '' + export PREFIX=$out + ''; + + meta = with stdenv.lib; { + description = "OpenBSD signing tool"; + longDescription = '' + OpenBSDs signing tool, which uses the Ed25519 public key signature system + for fast signing and verification of messages using small public keys. + ''; + homepage = https://www.tedunangst.com/flak/post/signify; + license = licenses.isc; + maintainers = [ maintainers.rlupton20 ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/sslscan/default.nix b/pkgs/tools/security/sslscan/default.nix index 6c89b0defa66..0484e8e069ab 100644 --- a/pkgs/tools/security/sslscan/default.nix +++ b/pkgs/tools/security/sslscan/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "sslscan-${version}"; - version = "1.11.11"; + version = "1.11.12"; src = fetchFromGitHub { owner = "rbsec"; repo = "sslscan"; rev = "${version}-rbsec"; - sha256 = "0k1agdz52pdgihwfwbygp0mlwkf757vcwhvwc0mrz606l2wbmwmr"; + sha256 = "0wa0z6my6aqjp8si6x522ivk0yy55izbs3ch298gxjw5r15f4jb1"; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix index f805670a5d5e..9492f2bb6eac 100644 --- a/pkgs/tools/security/trufflehog/default.nix +++ b/pkgs/tools/security/trufflehog/default.nix @@ -12,11 +12,11 @@ let in pythonPackages.buildPythonApplication rec { pname = "truffleHog"; - version = "2.0.91"; + version = "2.0.97"; src = pythonPackages.fetchPypi { inherit pname version; - sha256 = "0r4c9ihy6wjh5cwli7lb6cr2yfvxrh7r6cgznql1src5gzlnkymx"; + sha256 = "034kpv1p4m90286slvc6d4mlrzaf0b5jbd4qaj87hj65wbpcpg8r"; }; # Relax overly restricted version constraint diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix index e273b2c19091..460474a7bb3b 100644 --- a/pkgs/tools/security/yara/default.nix +++ b/pkgs/tools/security/yara/default.nix @@ -5,34 +5,16 @@ }: stdenv.mkDerivation rec { - version = "3.7.1"; + version = "3.8.1"; name = "yara-${version}"; src = fetchFromGitHub { owner = "VirusTotal"; repo = "yara"; rev = "v${version}"; - sha256 = "05smkn4ii8irx6ccnzrhwa39pkmrjyxjmfrwh6mhdd8iz51v5cgz"; + sha256 = "1ys2y5f2cif3g42daq646jcrn2na19zkx7fds2gnavj5c1rk7463"; }; - # FIXME: this is probably not the right way to make it work - # make[2]: *** No rule to make target 'libyara/.libs/libyara.a', needed by 'yara'. Stop. - prePatch = '' - cat >staticlibrary.patch <<EOF - --- a/Makefile.am 2015-11-01 11:39:12.000000000 +0100 - +++ b/Makefile.am 2015-11-01 11:45:32.000000000 +0100 - @@ -12 +12 @@ - -yara_LDADD = libyara/.libs/libyara.a - +yara_LDADD = libyara/.libs/libyara${stdenv.hostPlatform.extensions.sharedLibrary} - @@ -15 +15 @@ - -yarac_LDADD = libyara/.libs/libyara.a - +yarac_LDADD = libyara/.libs/libyara${stdenv.hostPlatform.extensions.sharedLibrary} - EOF - ''; - patches = [ - "staticlibrary.patch" - ]; - buildInputs = [ autoconf automake libtool pcre] ++ stdenv.lib.optionals withCrypto [ openssl ] ++ stdenv.lib.optionals enableMagic [ file ] |