diff options
Diffstat (limited to 'pkgs/tools/security')
24 files changed, 181 insertions, 69 deletions
diff --git a/pkgs/tools/security/aflplusplus/default.nix b/pkgs/tools/security/aflplusplus/default.nix index f99be6d75758..a0ef58ae8b61 100644 --- a/pkgs/tools/security/aflplusplus/default.nix +++ b/pkgs/tools/security/aflplusplus/default.nix @@ -1,6 +1,6 @@ { stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper -, clang_9, llvm_9, gcc, which, libcgroup, python, perl, gmp -, file, cmocka, wine ? null, fetchpatch +, clang, llvm, gcc, which, libcgroup, python, perl, gmp +, file, wine ? null, fetchpatch }: # wine fuzzing is only known to work for win32 binaries, and using a mixture of @@ -17,38 +17,28 @@ let libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; - version = "2.64c"; + version = "2.65c"; src = fetchFromGitHub { owner = "AFLplusplus"; repo = "AFLplusplus"; rev = version; - sha256 = "0n618pk6nlmkcbv1qm05fny4mnhcprrw0ppmra1phvk1y22iildj"; + sha256 = "1np2a3kypb2m8nyv6qnij18yzn41pl8619jzydci40br4vxial9l"; }; enableParallelBuilding = true; - # build of unsigaction32 broken in 2.64c: - # https://github.com/AFLplusplus/AFLplusplus/commit/079fdbf9bc5be1adba19e4bd08be965bd4dd79dc#commitcomment-38428357 - # The applied patch fixes it. - patches = [ - (fetchpatch { - url = "https://github.com/AFLplusplus/AFLplusplus/commit/5b9928f1a9d4b017ea04365ca8b522fde71236eb.patch"; - sha256 = "1m4w9w4jaxb2mjkwvr6r4qa2j5cdzzpchjphpwd95861h0zvb6hh"; - }) - ]; - # Note: libcgroup isn't needed for building, just for the afl-cgroup # script. - nativeBuildInputs = [ makeWrapper which clang_9 gcc ]; - buildInputs = [ llvm_9 python gmp ] + nativeBuildInputs = [ makeWrapper which clang gcc ]; + buildInputs = [ llvm python gmp ] ++ stdenv.lib.optional (wine != null) python.pkgs.wrapPython; postPatch = '' # Replace the CLANG_BIN variables with the correct path substituteInPlace llvm_mode/afl-clang-fast.c \ - --replace "CLANGPP_BIN" '"${clang_9}/bin/clang++"' \ - --replace "CLANG_BIN" '"${clang_9}/bin/clang"' \ + --replace "CLANGPP_BIN" '"${clang}/bin/clang++"' \ + --replace "CLANG_BIN" '"${clang}/bin/clang"' \ --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" # Replace "gcc" and friends with full paths in afl-gcc @@ -115,7 +105,7 @@ let wrapPythonProgramsIn $out/bin ${python.pkgs.pefile} ''; - installCheckInputs = [ perl file cmocka ]; + installCheckInputs = [ perl file ]; doInstallCheck = true; installCheckPhase = '' # replace references to tools in build directory with references to installed locations @@ -123,7 +113,7 @@ let --replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \ --replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \ --replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`' - perl -pi -e 's|(?<!\.)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh + perl -pi -e 's|(?<!\.)(?<!-I)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh cd test && ./test.sh ''; diff --git a/pkgs/tools/security/bitwarden/default.nix b/pkgs/tools/security/bitwarden/default.nix index f2abc376cd27..2da8840eee1c 100644 --- a/pkgs/tools/security/bitwarden/default.nix +++ b/pkgs/tools/security/bitwarden/default.nix @@ -16,11 +16,11 @@ let pname = "bitwarden"; version = { - x86_64-linux = "1.17.2"; + x86_64-linux = "1.18.0"; }.${system} or ""; sha256 = { - x86_64-linux = "0v7lrwj3sdypnqayknwg0cg9c2gfsxbjic5wswkfxljy652x8izx"; + x86_64-linux = "04rry33jccf65smzpjp1dhcirffdb7y36yn8whqaikhsavsawx3j"; }.${system} or ""; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/bitwarden_rs/default.nix b/pkgs/tools/security/bitwarden_rs/default.nix index 6d3c4bccef9f..f2d0eb9b7d3a 100644 --- a/pkgs/tools/security/bitwarden_rs/default.nix +++ b/pkgs/tools/security/bitwarden_rs/default.nix @@ -8,13 +8,13 @@ let in rustPlatform.buildRustPackage rec { pname = "bitwarden_rs"; - version = "1.14.2"; + version = "1.15.1"; src = fetchFromGitHub { owner = "dani-garcia"; repo = pname; rev = version; - sha256 = "0413yjbnj4k917x48h1gnj64kygbr6c1n55f23qkvj0hgbxpgssz"; + sha256 = "1982bfprixdp8mx2hwidfvsi0zy7wmzf40m9m3cl5r7i2qydznwb"; }; nativeBuildInputs = [ pkgconfig ]; @@ -25,7 +25,7 @@ in rustPlatform.buildRustPackage rec { RUSTC_BOOTSTRAP = 1; - cargoSha256 = "09747f9g7yyq9c8wbfdb3hwxii5xq23ynhba0vc01nhjpjyn0ksd"; + cargoSha256 = "08cygzgv82i10cj8lkjdah0arrdmlfcbdjwc8piwa629rr0584zf"; cargoBuildFlags = [ featuresFlag ]; checkPhase = '' diff --git a/pkgs/tools/security/bundler-audit/Gemfile.lock b/pkgs/tools/security/bundler-audit/Gemfile.lock index 107e425bc579..f130b57912b4 100644 --- a/pkgs/tools/security/bundler-audit/Gemfile.lock +++ b/pkgs/tools/security/bundler-audit/Gemfile.lock @@ -1,10 +1,10 @@ GEM remote: https://rubygems.org/ specs: - bundler-audit (0.6.1) + bundler-audit (0.7.0.1) bundler (>= 1.2.0, < 3) - thor (~> 0.18) - thor (0.20.3) + thor (>= 0.18, < 2) + thor (1.0.1) PLATFORMS ruby diff --git a/pkgs/tools/security/bundler-audit/default.nix b/pkgs/tools/security/bundler-audit/default.nix index 6bcb341a8343..c24831f26b06 100644 --- a/pkgs/tools/security/bundler-audit/default.nix +++ b/pkgs/tools/security/bundler-audit/default.nix @@ -21,6 +21,7 @@ bundlerEnv rec { - Does not require a network connection. ''; homepage = "https://github.com/rubysec/bundler-audit"; + changelog = "https://github.com/rubysec/bundler-audit/blob/v${version}/ChangeLog.md"; license = licenses.gpl3Plus; maintainers = with maintainers; [ primeos nicknovitski ]; platforms = platforms.unix; diff --git a/pkgs/tools/security/bundler-audit/gemset.nix b/pkgs/tools/security/bundler-audit/gemset.nix index 56d78b3e8f16..2121a3c08e55 100644 --- a/pkgs/tools/security/bundler-audit/gemset.nix +++ b/pkgs/tools/security/bundler-audit/gemset.nix @@ -1,19 +1,23 @@ { bundler-audit = { dependencies = ["thor"]; + groups = ["default"]; + platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0pm22xpn3xyymsainixnrk8v3l3xi9bzwkjkspx00cfzp84xvxbq"; + sha256 = "04l9rs56rlvihbr2ybkrigjajgd3swa98lxvmdl8iylj1g5m7n0j"; type = "gem"; }; - version = "0.6.1"; + version = "0.7.0.1"; }; thor = { + groups = ["default"]; + platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1yhrnp9x8qcy5vc7g438amd5j9sw83ih7c30dr6g6slgw9zj3g29"; + sha256 = "1xbhkmyhlxwzshaqa7swy2bx6vd64mm0wrr8g3jywvxy7hg0cwkm"; type = "gem"; }; - version = "0.20.3"; + version = "1.0.1"; }; } \ No newline at end of file diff --git a/pkgs/tools/security/certstrap/default.nix b/pkgs/tools/security/certstrap/default.nix index fb3c00e48f91..4d2e2fe7e950 100644 --- a/pkgs/tools/security/certstrap/default.nix +++ b/pkgs/tools/security/certstrap/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "certstrap"; - version = "1.1.1"; + version = "1.2.0"; goPackagePath = "github.com/square/certstrap"; @@ -10,7 +10,7 @@ buildGoPackage rec { owner = "square"; repo = "certstrap"; rev = "v${version}"; - sha256 = "0j7gi2nzykny7i0gjax9vixw72l9jcm4wnwxgm72hh1pji0ysa8n"; + sha256 = "1ymchnn7c9g3pq7rw4lrwsd6z3wfjx90g7qgrw6r5hssl77mnscj"; }; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/chipsec/default.nix b/pkgs/tools/security/chipsec/default.nix index 387fa4d750bd..5dccf295065c 100644 --- a/pkgs/tools/security/chipsec/default.nix +++ b/pkgs/tools/security/chipsec/default.nix @@ -2,13 +2,13 @@ , kernel ? null, withDriver ? false }: pythonPackages.buildPythonApplication rec { pname = "chipsec"; - version = "1.4.9"; + version = "1.5.1"; src = fetchFromGitHub { owner = "chipsec"; repo = "chipsec"; rev = version; - sha256 = "1p6w8294w5z2f4jwc22mqaggv5qajvmf9iifv7fl7wdz3wsvskrk"; + sha256 = "1rxr9i08a22m15slvlkrhnki30jixi2ds096kmmc2nqzfr9yibmb"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/fprintd/default.nix b/pkgs/tools/security/fprintd/default.nix index 62f5dda17f67..b14aff386aba 100644 --- a/pkgs/tools/security/fprintd/default.nix +++ b/pkgs/tools/security/fprintd/default.nix @@ -40,17 +40,17 @@ stdenv.mkDerivation rec { # https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/50 (fetchpatch { url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/d7fec03f24d10f88d34581c72f0eef201f5eafac.patch"; - sha256 = "QNN05WF4YZ0XiTwm5NkfqZDuQpyXlnrh+RJF9SNsCDk="; + sha256 = "0f88dhizai8jz7hpm5lpki1fx4593zcy89iwi4brsqbqc7jp9ls0"; }) # Fix locating libpam_wrapper for tests (fetchpatch { url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/40.patch"; - sha256 = "43uPihK6HhygHw1Qplwci80Wseq/S77VUp+OdEECHmM="; + sha256 = "0qqy090p93lzabavwjxzxaqidkcb3ifacl0d3yh1q7ms2a58yyz3"; }) (fetchpatch { url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f401f399a85dbeb2de165b9b9162eb552ab6eea7.patch"; - sha256 = "Pga+/QEkln8DOwGZfKM1r2urJX4Y3X0bozWWxKZ5ia0="; + sha256 = "1bc9g6kc95imlcdpvp8qgqjsnsxg6nipr6817c1pz5i407yvw1iy"; }) ]; diff --git a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix index 4d6b97c7192e..e173f66f7483 100644 --- a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix +++ b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix @@ -7,7 +7,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://github.com/alonbl/${pname}/releases/download/${pname}-${version}/${pname}-${version}.tar.bz2"; - sha256 = "sha256:1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx"; + sha256 = "1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx"; }; buildInputs = [ pkcs11helper pkgconfig openssl ]; diff --git a/pkgs/tools/security/hash_extender/default.nix b/pkgs/tools/security/hash_extender/default.nix index 6efa780e1cd3..5bda599f0f0c 100644 --- a/pkgs/tools/security/hash_extender/default.nix +++ b/pkgs/tools/security/hash_extender/default.nix @@ -2,17 +2,20 @@ stdenv.mkDerivation { pname = "hash_extender"; - version = "2017-04-10"; + version = "unstable-2020-03-24"; src = fetchFromGitHub { owner = "iagox86"; repo = "hash_extender"; - rev = "d27581e062dd0b534074e11d7d311f65a6d7af21"; - sha256 = "1npwbgqaynjh5x39halw43i116v89sxkpa1g1bbvc1lpi8hkhhcb"; + rev = "cb8aaee49f93e9c0d2f03eb3cafb429c9eed723d"; + sha256 = "1fj118566hr1wv03az2w0iqknazsqqkak0mvlcvwpgr6midjqi9b"; }; buildInputs = [ openssl ]; + doCheck = true; + checkPhase = "./hash_extender --test"; + installPhase = '' mkdir -p $out/bin cp hash_extender $out/bin diff --git a/pkgs/tools/security/ibm-sw-tpm2/default.nix b/pkgs/tools/security/ibm-sw-tpm2/default.nix index 5e1d460a4634..d6e8a521a2fa 100644 --- a/pkgs/tools/security/ibm-sw-tpm2/default.nix +++ b/pkgs/tools/security/ibm-sw-tpm2/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "ibm-sw-tpm2"; - version = "1563"; + version = "1628"; src = fetchurl { url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz"; - sha256 = "1sfi7drmbm08rgd2414s3sxd7h5g8d4kiwk40xklf7sw67w1ffpw"; + sha256 = "18wywbsdp5sjrapznk2ydbmx0whz513dhybn1lls24xfl7kp9s58"; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index bbc99c2ac410..ee1cfa9d2a41 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -6,7 +6,7 @@ buildGoPackage rec { pname = "keybase"; - version = "5.4.2"; + version = "5.5.1"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/kbnm" "go/keybase" ]; @@ -17,7 +17,7 @@ buildGoPackage rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - sha256 = "08lw5aw962f75xi42bwbgba94hiql2n2jnsxrkx84czi0ijs1wlr"; + sha256 = "03y69zmzbnfay173xkbzvnhh8zjjd2rfnqmpgr0wvh1psn7mgpsh"; }; patches = [ diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix index 054907843909..b745b63ca9d1 100644 --- a/pkgs/tools/security/keybase/gui.nix +++ b/pkgs/tools/security/keybase/gui.nix @@ -107,7 +107,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = "https://www.keybase.io/"; description = "The Keybase official GUI"; - platforms = platforms.linux; + platforms = [ "x86_64-linux" ]; maintainers = with maintainers; [ avaq rvolosatovs puffnfresh np filalex77 ]; license = licenses.bsd3; }; diff --git a/pkgs/tools/security/keycard-cli/default.nix b/pkgs/tools/security/keycard-cli/default.nix index a76c102b2bb9..73eab6c3dec9 100644 --- a/pkgs/tools/security/keycard-cli/default.nix +++ b/pkgs/tools/security/keycard-cli/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "keycard-cli"; - version = "0.0.12"; + version = "0.4.0"; goPackagePath = "github.com/status-im/keycard-cli"; subPackages = [ "." ]; @@ -14,7 +14,7 @@ buildGoPackage rec { owner = "status-im"; repo = pname; rev = version; - sha256 = "1jnbaq57i6i9bad1hcvd28mxfqq6v8rv806c6l74vlb79ff4v1wb"; + sha256 = "0917vl5lw8wgvyn5l8q6xa8bqh342fibaa38syr8hmz8b09qkh38"; }; buildFlagsArray = [ diff --git a/pkgs/tools/security/keysmith/default.nix b/pkgs/tools/security/keysmith/default.nix new file mode 100644 index 000000000000..b9ab7bb0b4aa --- /dev/null +++ b/pkgs/tools/security/keysmith/default.nix @@ -0,0 +1,45 @@ +{ lib +, mkDerivation +, makeWrapper +, fetchFromGitHub +, cmake +, extra-cmake-modules +, qtbase +, qtquickcontrols2 +, qtdeclarative +, qtgraphicaleffects +, kirigami2 +, oathToolkit +}: +mkDerivation rec { + + pname = "keysmith"; + version = "0.1"; + + src = fetchFromGitHub { + owner = "KDE"; + repo = "keysmith"; + rev = "v${version}"; + sha256 = "15fzf0bvarivm32zqa5w71mscpxdac64ykiawc5hx6kplz93bsgx"; + }; + + nativeBuildInputs = [ cmake extra-cmake-modules makeWrapper ]; + + buildInputs = [ oathToolkit kirigami2 qtquickcontrols2 qtbase ]; + + postInstall = '' + mv $out/bin/org.kde.keysmith $out/bin/.org.kde.keysmith-wrapped + makeWrapper $out/bin/.org.kde.keysmith-wrapped $out/bin/org.kde.keysmith \ + --set QML2_IMPORT_PATH "${lib.getLib kirigami2}/lib/qt-5.12.7/qml:${lib.getBin qtquickcontrols2}/lib/qt-5.12.7/qml:${lib.getBin qtdeclarative}/lib/qt-5.12.7/qml:${qtgraphicaleffects}/lib/qt-5.12.7/qml" \ + --set QT_PLUGIN_PATH "${lib.getBin qtbase}/lib/qt-5.12.7/plugins" + ln -s $out/bin/org.kde.keysmith $out/bin/keysmith + ''; + + meta = with lib; { + description = "OTP client for Plasma Mobile and Desktop"; + license = licenses.gpl3; + homepage = "https://github.com/KDE/keysmith"; + maintainers = with maintainers; [ shamilton ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/mkp224o/default.nix b/pkgs/tools/security/mkp224o/default.nix index 5640debf124a..dc17cc602764 100644 --- a/pkgs/tools/security/mkp224o/default.nix +++ b/pkgs/tools/security/mkp224o/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "mkp224o"; - version = "1.4.0"; + version = "1.5.0"; src = fetchFromGitHub { owner = "cathugger"; repo = "mkp224o"; rev = "v${version}"; - sha256 = "0b7xs4gnyfhdkwl8wkb6mazas88ybnlbxck59p4n2mnlndvd8kb7"; + sha256 = "0b2cn96wg4l8jkkqqp8l2295xlmm2jc8nrw6rdqb5g0zkpfmrxbb"; }; buildCommand = diff --git a/pkgs/tools/security/rage/default.nix b/pkgs/tools/security/rage/default.nix index cdba2f2beb01..26ae27dff6b2 100644 --- a/pkgs/tools/security/rage/default.nix +++ b/pkgs/tools/security/rage/default.nix @@ -1,4 +1,4 @@ -{ stdenv, rustPlatform, fetchFromGitHub, Security }: +{ stdenv, rustPlatform, fetchFromGitHub, installShellFiles, Security }: rustPlatform.buildRustPackage rec { pname = "rage"; @@ -13,8 +13,20 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "08njl8irkqkfxj54pz4sx3l9aqb40h10wxb82zza52pqd4zapgn6"; + nativeBuildInputs = [ installShellFiles ]; + buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security ]; + postBuild = '' + cargo run --example generate-docs + cargo run --example generate-completions + ''; + + postInstall = '' + installManPage target/manpages/* + installShellCompletion target/completions/*.{bash,fish,zsh} + ''; + meta = with stdenv.lib; { description = "A simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability"; homepage = "https://github.com/str4d/rage"; diff --git a/pkgs/tools/security/ripasso/cursive.nix b/pkgs/tools/security/ripasso/cursive.nix index c8a55d3f397f..29229bff0028 100644 --- a/pkgs/tools/security/ripasso/cursive.nix +++ b/pkgs/tools/security/ripasso/cursive.nix @@ -12,6 +12,8 @@ buildRustPackage rec { sha256 = "164da20j727p8l7hh37j2r8pai9sj402nhswvg0nrlgj53nr6083"; }; + patches = [ ./fix-tests.patch ]; + cargoSha256 = "1wpn67v0xmxhn1dgzhh1pwz1yc3cizmfxhpb7qv9b27ynx4486ji"; cargoBuildFlags = [ "-p ripasso-cursive -p ripasso-man" ]; diff --git a/pkgs/tools/security/ripasso/fix-tests.patch b/pkgs/tools/security/ripasso/fix-tests.patch new file mode 100644 index 000000000000..433ff933b1f7 --- /dev/null +++ b/pkgs/tools/security/ripasso/fix-tests.patch @@ -0,0 +1,35 @@ +diff --git a/src/pass/test.rs b/src/pass/test.rs +index c980a2f..2e6c8cc 100644 +--- a/src/pass/test.rs ++++ b/src/pass/test.rs +@@ -56,6 +56,7 @@ fn populate_password_list_small_repo() { + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let mut password_dir: PathBuf = base_path.clone(); +@@ -84,6 +85,7 @@ fn populate_password_list_repo_with_deleted_files() { + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let mut password_dir: PathBuf = base_path.clone(); +@@ -112,6 +114,7 @@ fn populate_password_list_directory_without_git() { + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let mut password_dir: PathBuf = base_path.clone(); +@@ -149,4 +152,4 @@ fn parse_signing_keys_empty() { + let result = PasswordStore::parse_signing_keys(&None).unwrap(); + + assert_eq!(result.len(), 0); +-} +\ No newline at end of file ++} diff --git a/pkgs/tools/security/saml2aws/default.nix b/pkgs/tools/security/saml2aws/default.nix index 42845705ff6b..d3157529215b 100644 --- a/pkgs/tools/security/saml2aws/default.nix +++ b/pkgs/tools/security/saml2aws/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "saml2aws"; - version = "2.25.0"; + version = "2.26.1"; src = fetchFromGitHub { owner = "Versent"; repo = "saml2aws"; rev = "v${version}"; - sha256 = "12aidylamrq4rvy2cfdz669lr1p20yqrshigcc5x1hrlhh9y64xc"; + sha256 = "09b217x10mn3y244rwym0fcqr4ly6n83wnykb77488kn960b0pqb"; }; hid = fetchFromGitHub { diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index e6cd74eda4b1..1e033fa31cee 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.2.7"; + version = "0.4.3.5"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "0v82ngwwmmcb7i9563bgsmrjy6xp83xyhqhaljygd0pkvlsxi886"; + sha256 = "0s6qspi102drn1nk3gfxs51x992xarc44gkfsi8y3l48wr50wsk1"; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/security/tpm2-abrmd/default.nix b/pkgs/tools/security/tpm2-abrmd/default.nix index fbebde2e7bf6..6fe116d7015a 100644 --- a/pkgs/tools/security/tpm2-abrmd/default.nix +++ b/pkgs/tools/security/tpm2-abrmd/default.nix @@ -1,24 +1,44 @@ -{ stdenv, fetchurl, lib -, tpm2-tss, pkgconfig, glib, which, dbus, cmocka }: +{ stdenv, lib, fetchFromGitHub +, autoreconfHook, pkg-config, autoconf-archive, makeWrapper, which +, tpm2-tss, glib, dbus +, cmocka +}: stdenv.mkDerivation rec { pname = "tpm2-abrmd"; - version = "2.2.0"; + version = "2.3.2"; - src = fetchurl { - url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "1lbfhyyh9k54r8s1h8ca2czxv4hg0yq984kdh3vqh3990aca0x9a"; + src = fetchFromGitHub { + owner = "tpm2-software"; + repo = pname; + rev = version; + sha256 = "0jzglnlb700clcq6mjhhgvcq29a6893h888wsn9fbrh4f255sw8q"; }; - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ - tpm2-tss glib which dbus cmocka - ]; + nativeBuildInputs = [ pkg-config makeWrapper autoreconfHook autoconf-archive which ]; + buildInputs = [ tpm2-tss glib dbus ]; + checkInputs = [ cmocka ]; + + enableParallelBuilding = true; + + # Emulate the required behavior of ./bootstrap in the original + # package + preAutoreconf = '' + echo "${version}" > VERSION + ''; # Unit tests are currently broken as the check phase attempts to start a dbus daemon etc. #configureFlags = [ "--enable-unit" ]; doCheck = false; + # Even though tpm2-tss is in the RUNPATH, starting from 2.3.0 abrmd + # seems to require the path to the device TCTI (used for accessing + # /dev/tpm0) in it's LD_LIBRARY_PATH + postFixup = '' + wrapProgram $out/bin/tpm2-abrmd \ + --suffix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ tpm2-tss ]}" + ''; + meta = with lib; { description = "TPM2 resource manager, accessible via D-Bus"; homepage = "https://github.com/tpm2-software/tpm2-tools"; diff --git a/pkgs/tools/security/tpm2-tools/default.nix b/pkgs/tools/security/tpm2-tools/default.nix index 282b1df299cf..e6a7621d9877 100644 --- a/pkgs/tools/security/tpm2-tools/default.nix +++ b/pkgs/tools/security/tpm2-tools/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "tpm2-tools"; - version = "4.1.2"; + version = "4.1.3"; src = fetchurl { url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "0di97zmxdh04m2ibyshcgvillwxx6rnd0543scm7q10y7nv74m0p"; + sha256 = "0117r0zzdnblkibv81y71v3limixsw5m7g9xwf7lcx8fc8836pdv"; }; nativeBuildInputs = [ pandoc pkgconfig makeWrapper ]; |