5 files changed, 44 insertions, 4 deletions

diff --git a/pkgs/tools/security/fido2luks/default.nix b/pkgs/tools/security/fido2luks/default.nix
new file mode 100644
index 000000000000..0bb5a91a81a7
--- /dev/null
+++ b/pkgs/tools/security/fido2luks/default.nix
@@ -0,0 +1,32 @@
+{ stdenv
+, rustPlatform
+, fetchFromGitHub
+, cryptsetup
+, pkg-config
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "fido2luks";
+  version = "0.2.2";
+
+  src = fetchFromGitHub {
+    owner = "shimunn";
+    repo = pname;
+    rev = version;
+    sha256 = "018qzbgmgm0f0d0c7i54nqqjbr4k5mzy1xfavi6hpifjll971wci";
+  };
+
+  buildInputs = [ cryptsetup ];
+  nativeBuildInputs = [ pkg-config ];
+
+  cargoSha256 = "1kf757wxxk5h8dfbz588qw1pnyjbg5qzr7rz14i7x8rhmn5xwb74";
+  verifyCargoDeps = true;
+
+  meta = with stdenv.lib; {
+    description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator";
+    homepage = "https://github.com/shimunn/fido2luks";
+    license = licenses.gpl3;
+    maintainers = with maintainers; [ prusnak mmahut ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/security/jwt-cli/default.nix b/pkgs/tools/security/jwt-cli/default.nix
index 7146cc52e9e1..83b630a4f4f6 100644
--- a/pkgs/tools/security/jwt-cli/default.nix
+++ b/pkgs/tools/security/jwt-cli/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, rustPlatform }:
+{ stdenv, fetchFromGitHub, rustPlatform, Security }:
 
 rustPlatform.buildRustPackage rec {
   pname = "jwt-cli";
@@ -13,6 +13,8 @@ rustPlatform.buildRustPackage rec {
 
   cargoSha256 = "005y92acsn5j490jkp23ny7bsjd9ql1glybmbh4cyc8b15hmy618";
 
+  buildInputs = stdenv.lib.optional stdenv.isDarwin Security;
+
   meta = with stdenv.lib; {
     description = "Super fast CLI tool to decode and encode JWTs";
     homepage = "https://github.com/mike-engel/jwt-cli";
diff --git a/pkgs/tools/security/neopg/default.nix b/pkgs/tools/security/neopg/default.nix
index 5e26bcf6759d..c58772346eea 100644
--- a/pkgs/tools/security/neopg/default.nix
+++ b/pkgs/tools/security/neopg/default.nix
@@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
   dontUseCmakeBuildDir = true;
 
   preCheck = ''
-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg
   '';
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix
index 5d0e94bc803e..54a8f4de7d7b 100644
--- a/pkgs/tools/security/pass/default.nix
+++ b/pkgs/tools/security/pass/default.nix
@@ -111,6 +111,12 @@ let
     '' + stdenv.lib.optionalString stdenv.isDarwin ''
       # 'pass edit' uses hdid, which is not available from the sandbox.
       rm -f tests/t0200-edit-tests.sh
+      rm -f tests/t0010-generate-tests.sh
+      rm -f tests/t0020-show-tests.sh
+      rm -f tests/t0050-mv-tests.sh
+      rm -f tests/t0100-insert-tests.sh
+      rm -f tests/t0300-reencryption.sh
+      rm -f tests/t0400-grep.sh
     '';
 
     doCheck = false;
diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix
index 263c308fc3d6..2141f12151fa 100644
--- a/pkgs/tools/security/pcsclite/default.nix
+++ b/pkgs/tools/security/pcsclite/default.nix
@@ -3,13 +3,13 @@
 
 stdenv.mkDerivation rec {
   pname = "pcsclite";
-  version = "1.8.25";
+  version = "1.8.26";
 
   outputs = [ "bin" "out" "dev" "doc" "man" ];
 
   src = fetchurl {
     url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2";
-    sha256 = "14l7irs1nsh8b036ag4cfy8wryyysch78scz5dw6xxqwqgnpjvfp";
+    sha256 = "1ndvvz0fgqwz70pijymsxmx25mzryb0zav1i8jjc067ndryvxdry";
   };
 
   patches = [ ./no-dropdir-literals.patch ];