diff options
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/bruteforce-luks/default.nix | 36 | ||||
-rw-r--r-- | pkgs/tools/security/cipherscan/default.nix | 43 | ||||
-rw-r--r-- | pkgs/tools/security/cipherscan/path.patch | 93 | ||||
-rw-r--r-- | pkgs/tools/security/eid-mw/default.nix | 5 | ||||
-rw-r--r-- | pkgs/tools/security/eid-viewer/default.nix | 3 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/21.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/gpgkey2ssh-21.patch | 13 | ||||
-rw-r--r-- | pkgs/tools/security/pass/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/pass/program-name.patch | 13 | ||||
-rw-r--r-- | pkgs/tools/security/rarcrack/default.nix | 39 | ||||
-rw-r--r-- | pkgs/tools/security/sshuttle/default.nix | 3 | ||||
-rw-r--r-- | pkgs/tools/security/tor/torbrowser.nix | 6 |
12 files changed, 236 insertions, 28 deletions
diff --git a/pkgs/tools/security/bruteforce-luks/default.nix b/pkgs/tools/security/bruteforce-luks/default.nix new file mode 100644 index 000000000000..a28f949c7fdd --- /dev/null +++ b/pkgs/tools/security/bruteforce-luks/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, cryptsetup }: + +stdenv.mkDerivation rec { + name = "bruteforce-luks-${version}"; + version = "1.2.0"; + + src = fetchFromGitHub { + sha256 = "0d01rn45dg7ysa75r8z0b31hj1z7w47vv5vr359pl71zxgzngjd2"; + rev = version; + repo = "bruteforce-luks"; + owner = "glv2"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ cryptsetup ]; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with stdenv.lib; { + inherit (src.meta) homepage; + description = "Cracks passwords of LUKS encrypted volumes"; + longDescription = '' + The program tries to decrypt at least one of the key slots by trying + all the possible passwords. It is especially useful if you know + something about the password (i.e. you forgot a part of your password but + still remember most of it). Finding the password of a volume without + knowing anything about it would take way too much time (unless the + password is really short and/or weak). It can also use a dictionary. + ''; + license = licenses.gpl3Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ nckx ]; + }; +} diff --git a/pkgs/tools/security/cipherscan/default.nix b/pkgs/tools/security/cipherscan/default.nix new file mode 100644 index 000000000000..bde9756ee1a0 --- /dev/null +++ b/pkgs/tools/security/cipherscan/default.nix @@ -0,0 +1,43 @@ +{ stdenv, lib, fetchFromGitHub, pkgconfig, openssl, makeWrapper, python, coreutils }: + +stdenv.mkDerivation rec { + name = "cipherscan-${version}"; + version = "2015-12-17"; + src = fetchFromGitHub { + owner = "jvehent"; + repo = "cipherscan"; + rev = "18b0d1b952d027d20e38f07329817873ec077d26"; + sha256 = "0b6fkfm2y8w04am4krspmapcc5ngn603n5rlwyjly92z2dawc7h8"; + }; + buildInputs = [ makeWrapper python ]; + patches = [ ./path.patch ]; + buildPhase = '' + substituteInPlace cipherscan \ + --replace "@OPENSSLBIN@" \ + "${openssl}/bin/openssl" \ + --replace "@TIMEOUTBIN@" \ + "${coreutils}/bin/timeout" \ + --replace "@READLINKBIN@" \ + "${coreutils}/bin/readlink" + + substituteInPlace analyze.py \ + --replace "@OPENSSLBIN@" \ + "${openssl}/bin/openssl" + ''; + installPhase = '' + mkdir -p $out/bin + + cp cipherscan $out/bin + cp openssl.cnf $out/bin + cp analyze.py $out/bin + + wrapProgram $out/bin/analyze.py --set PYTHONPATH "$PYTHONPATH" + ''; + meta = with lib; { + description = "Very simple way to find out which SSL ciphersuites are supported by a target"; + homepage = "https://github.com/jvehent/cipherscan"; + license = licenses.mpl20; + platforms = platforms.all; + maintainers = with maintainers; [ cstrahan ]; + }; +} diff --git a/pkgs/tools/security/cipherscan/path.patch b/pkgs/tools/security/cipherscan/path.patch new file mode 100644 index 000000000000..3b6d8ef80509 --- /dev/null +++ b/pkgs/tools/security/cipherscan/path.patch @@ -0,0 +1,93 @@ +diff --git a/analyze.py b/analyze.py +index bb62af8..e929253 100755 +--- a/analyze.py ++++ b/analyze.py +@@ -418,13 +418,7 @@ def build_ciphers_lists(opensslbin): + + # use system openssl if not on linux 64 + if not opensslbin: +- if platform.system() == 'Linux' and platform.architecture()[0] == '64bit': +- opensslbin = mypath + '/openssl' +- elif platform.system() == 'Darwin' and platform.architecture()[0] == '64bit': +- opensslbin = mypath + '/openssl-darwin64' +- else: +- opensslbin='openssl' +- print("warning: analyze.py is using system's openssl, which may limit the tested ciphers and recommendations") ++ opensslbin = "@OPENSSLBIN@" + + logging.debug('Loading all ciphers: ' + allC) + all_ciphers = subprocess.Popen([opensslbin, 'ciphers', allC], +diff --git a/cipherscan b/cipherscan +index 236b34f..a240d13 100755 +--- a/cipherscan ++++ b/cipherscan +@@ -30,43 +30,12 @@ if [[ -n $NOAUTODETECT ]]; then + else + case "$(uname -s)" in + Darwin) +- opensslbin_name="openssl-darwin64" +- +- READLINKBIN=$(which greadlink 2>/dev/null) +- if [[ -z $READLINKBIN ]]; then +- echo "greadlink not found. (try: brew install coreutils)" 1>&2 +- exit 1 +- fi +- TIMEOUTBIN=$(which gtimeout 2>/dev/null) +- if [[ -z $TIMEOUTBIN ]]; then +- echo "gtimeout not found. (try: brew install coreutils)" 1>&2 +- exit 1 +- fi ++ READLINKBIN="@READLINKBIN@" ++ TIMEOUTBIN="@TIMEOUTBIN@" + ;; + *) +- opensslbin_name="openssl" +- +- # test that readlink or greadlink (darwin) are present +- READLINKBIN="$(which readlink)" +- +- if [[ -z $READLINKBIN ]]; then +- READLINKBIN="$(which greadlink)" +- if [[ -z $READLINKBIN ]]; then +- echo "neither readlink nor greadlink are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2 +- exit 1 +- fi +- fi +- +- # test that timeout or gtimeout (darwin) are present +- TIMEOUTBIN="$(which timeout)" +- +- if [[ -z $TIMEOUTBIN ]]; then +- TIMEOUTBIN="$(which gtimeout)" +- if [[ -z $TIMEOUTBIN ]]; then +- echo "neither timeout nor gtimeout are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2 +- exit 1 +- fi +- fi ++ READLINKBIN="@READLINKBIN@" ++ TIMEOUTBIN="@TIMEOUTBIN@" + + # Check for busybox, which has different arguments + TIMEOUTOUTPUT="$($TIMEOUTBIN --help 2>&1)" +@@ -1944,20 +1913,7 @@ do + done + + if [[ -z $OPENSSLBIN ]]; then +- readlink_result=$("$READLINKBIN" -f "$0") +- if [[ -z $readlink_result ]]; then +- echo "$READLINKBIN -f $0 failed, aborting." 1>&2 +- exit 1 +- fi +- REALPATH=$(dirname "$readlink_result") +- if [[ -z $REALPATH ]]; then +- echo "dirname $REALPATH failed, aborting." 1>&2 +- exit 1 +- fi +- OPENSSLBIN="${REALPATH}/${opensslbin_name}" +- if ! [[ -x "${OPENSSLBIN}" ]]; then +- OPENSSLBIN="$(which openssl)" # fallback to generic openssl +- fi ++ OPENSSLBIN="@OPENSSLBIN@" + fi + # use custom config file to enable GOST ciphers + if [[ -e $DIRNAMEPATH/openssl.cnf ]]; then diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index ff062ab50946..32cf4f9a4e2c 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -1,9 +1,9 @@ { stdenv, fetchFromGitHub, autoreconfHook, gtk3, nssTools, pcsclite , pkgconfig }: -let version = "4.1.13"; in -stdenv.mkDerivation { +stdenv.mkDerivation rec { name = "eid-mw-${version}"; + version = "4.1.13"; src = fetchFromGitHub { sha256 = "1fkazhw6gs191w789fnp6mwnxrx9p38b3kh5bngb1ir0zhkgghkq"; @@ -35,7 +35,6 @@ stdenv.mkDerivation { ''; meta = with stdenv.lib; { - inherit version; description = "Belgian electronic identity card (eID) middleware"; homepage = http://eid.belgium.be/en/using_your_eid/installing_the_eid_software/linux/; license = licenses.lgpl3; diff --git a/pkgs/tools/security/eid-viewer/default.nix b/pkgs/tools/security/eid-viewer/default.nix index ac6dee4beaa3..d1b29e137df9 100644 --- a/pkgs/tools/security/eid-viewer/default.nix +++ b/pkgs/tools/security/eid-viewer/default.nix @@ -1,8 +1,8 @@ { stdenv, fetchurl, makeWrapper, jre, pcsclite }: -let version = "4.1.9"; in stdenv.mkDerivation rec { name = "eid-viewer-${version}"; + version = "4.1.9"; src = fetchurl { url = "https://downloads.services.belgium.be/eid/eid-viewer-${version}-v${version}.src.tar.gz"; @@ -29,7 +29,6 @@ stdenv.mkDerivation rec { doCheck = true; meta = with stdenv.lib; { - inherit version; description = "Belgian electronic identity card (eID) viewer"; homepage = http://eid.belgium.be/en/using_your_eid/installing_the_eid_software/linux/; license = licenses.lgpl3; diff --git a/pkgs/tools/security/gnupg/21.nix b/pkgs/tools/security/gnupg/21.nix index bafcd88f1b90..dc86c6e420ef 100644 --- a/pkgs/tools/security/gnupg/21.nix +++ b/pkgs/tools/security/gnupg/21.nix @@ -13,15 +13,13 @@ with stdenv.lib; assert x11Support -> pinentry != null; stdenv.mkDerivation rec { - name = "gnupg-2.1.10"; + name = "gnupg-2.1.11"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "1ybcsazjm21i2ys1wh49cz4azmqz7ghx5rb6hm4gm93i2zc5igck"; + sha256 = "06mn2viiwsyq991arh5i5fhr9jyxq2bi0jkdj7ndfisxihngpc5p"; }; - patches = [ ./gpgkey2ssh-21.patch ]; - postPatch = stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( diff --git a/pkgs/tools/security/gnupg/gpgkey2ssh-21.patch b/pkgs/tools/security/gnupg/gpgkey2ssh-21.patch deleted file mode 100644 index 198869423e5c..000000000000 --- a/pkgs/tools/security/gnupg/gpgkey2ssh-21.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c -index f12c5f4..2e3f2ac 100644 ---- a/tools/gpgkey2ssh.c -+++ b/tools/gpgkey2ssh.c -@@ -281,7 +281,7 @@ main (int argc, char **argv) - keyid = argv[1]; - - asprintf (&command, -- "gpg2 --list-keys --with-colons --with-key-data '%s'", -+ "@out@/bin/gpg2 --list-keys --with-colons --with-key-data '%s'", - keyid); - if (! command) - { diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 03720d6abe1a..56e20726793d 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -19,7 +19,9 @@ stdenv.mkDerivation rec { sha256 = "05bk3lrp5jwg0v338lvylp7glpliydzz4jf5pjr6k3kagrv3jyik"; }; - patches = if stdenv.isDarwin then [ ./no-darwin-getopt.patch ] else null; + patches = + [ ./program-name.patch ] ++ + stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; buildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/pass/program-name.patch b/pkgs/tools/security/pass/program-name.patch new file mode 100644 index 000000000000..db01942f638d --- /dev/null +++ b/pkgs/tools/security/pass/program-name.patch @@ -0,0 +1,13 @@ +diff --git a/src/password-store.sh b/src/password-store.sh +index 6313384..6607a98 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -573,7 +573,7 @@ cmd_git() { + # END subcommand functions + # + +-PROGRAM="${0##*/}" ++PROGRAM="pass" + COMMAND="$1" + + case "$1" in diff --git a/pkgs/tools/security/rarcrack/default.nix b/pkgs/tools/security/rarcrack/default.nix new file mode 100644 index 000000000000..3491feccc45c --- /dev/null +++ b/pkgs/tools/security/rarcrack/default.nix @@ -0,0 +1,39 @@ +{stdenv, fetchFromGitHub, libxml2, file, p7zip, unrar, unzip}: + +stdenv.mkDerivation rec { + name = "rarcrack-${version}"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "jaredsburrows"; + repo = "Rarcrack"; + rev = "35ead64cd2b967eec3e3e3a4c328b89b11ff32a0"; + sha256 = "134fq84896w5vp8vg4qg0ybpb466njibigyd7bqqm1xydr07qrgn"; + }; + + buildInputs = [ libxml2 file p7zip unrar unzip ]; + buildFlags = if stdenv.cc.isClang then [ "CC=clang" ] else null; + installFlags = "PREFIX=\${out}"; + + patchPhase = '' + substituteInPlace rarcrack.c --replace "file -i" "${file}/bin/file -i" + ''; + + preInstall = '' + mkdir -p $out/bin + ''; + + meta = with stdenv.lib; { + description = "This program can crack zip,7z and rar file passwords"; + longDescription = '' + If you forget your password for compressed archive (rar, 7z, zip), this program is the solution. + This program uses bruteforce algorithm to find correct password. You can specify wich characters will be used in password generations. + Warning: Please don't use this program for any illegal things! + ''; + homepage = https://github.com/jaredsburrows/Rarcrack; + license = licenses.gpl2; + maintainers = with maintainers; [ davidak ]; + platforms = with platforms; unix; + }; +} + diff --git a/pkgs/tools/security/sshuttle/default.nix b/pkgs/tools/security/sshuttle/default.nix index 62d3d2613cc1..b7cefdd86ea4 100644 --- a/pkgs/tools/security/sshuttle/default.nix +++ b/pkgs/tools/security/sshuttle/default.nix @@ -2,8 +2,8 @@ , coreutils, iptables, nettools, openssh, procps }: pythonPackages.buildPythonPackage rec { - version = "0.76"; name = "sshuttle-${version}"; + version = "0.76"; src = fetchurl { sha256 = "1q0hr0vhdvv23cw5dqndsmf61283mvs6b14662ci00xj6zp5v48b"; @@ -26,7 +26,6 @@ pythonPackages.buildPythonPackage rec { ''; meta = with stdenv.lib; { - inherit version; homepage = https://github.com/sshuttle/sshuttle/; description = "Transparent proxy server that works as a poor man's VPN"; longDescription = '' diff --git a/pkgs/tools/security/tor/torbrowser.nix b/pkgs/tools/security/tor/torbrowser.nix index ca3e3aa10566..ced4d868ee03 100644 --- a/pkgs/tools/security/tor/torbrowser.nix +++ b/pkgs/tools/security/tor/torbrowser.nix @@ -16,13 +16,13 @@ let in stdenv.mkDerivation rec { name = "tor-browser-${version}"; - version = "5.0.7"; + version = "5.5"; src = fetchurl { url = "https://archive.torproject.org/tor-package-archive/torbrowser/${version}/tor-browser-linux${if stdenv.is64bit then "64" else "32"}-${version}_en-US.tar.xz"; sha256 = if stdenv.is64bit then - "0igqh02bcdr0b4m6df46l1l1z38d4nh4pyfn6jqsvahacdl2qbsg" else - "1401j340348rqwd5c1m8hnxw7qkwpzqfa64q01cp08lz9cxxml4r"; + "0glv2zffls1as71idbfg3l34kmsv48f3sk59swl6k8l75nvxlzjk" else + "0xbsixxs1hj0ydmazgi796xgvlsvbrkh8vfgaiyqcvgx4vf4ggwf"; }; desktopItem = makeDesktopItem { |