about summary refs log tree commit diff
path: root/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r--pkgs/tools/security/duo-unix/default.nix4
-rw-r--r--pkgs/tools/security/fprintd/default.nix104
-rw-r--r--pkgs/tools/security/hcxdumptool/default.nix4
-rw-r--r--pkgs/tools/security/tpm2-tools/default.nix4
-rw-r--r--pkgs/tools/security/vault/default.nix4
-rw-r--r--pkgs/tools/security/yara/default.nix28
6 files changed, 97 insertions, 51 deletions
diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix
index 2cf9b92745fd..2c3a7a441afd 100644
--- a/pkgs/tools/security/duo-unix/default.nix
+++ b/pkgs/tools/security/duo-unix/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "duo-unix";
-  version = "1.11.3";
+  version = "1.11.4";
 
   src = fetchurl {
     url    = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz";
-    sha256 = "097i2dsnbndpnyc4nx1j76qkx1bxwwlxnzmp1h3j4raghddgiq0g";
+    sha256 = "1hqklf6jzrxn5hgh69bbl6962hwwgf06dlrb0ry7n5iy8w8imnsg";
   };
 
   buildInputs = [ pam openssl zlib ];
diff --git a/pkgs/tools/security/fprintd/default.nix b/pkgs/tools/security/fprintd/default.nix
index b119a6ed29ff..62f5dda17f67 100644
--- a/pkgs/tools/security/fprintd/default.nix
+++ b/pkgs/tools/security/fprintd/default.nix
@@ -1,42 +1,70 @@
-{ thinkpad ? false
-, stdenv
-, fetchurl
+{ stdenv
+, fetchFromGitLab
 , fetchpatch
 , pkgconfig
-, intltool
-, libfprint-thinkpad ? null
-, libfprint ? null
+, meson
+, ninja
+, perl
+, gettext
+, cairo
+, gtk-doc
+, libxslt
+, docbook-xsl-nons
+, docbook_xml_dtd_412
 , glib
+, dbus
 , dbus-glib
 , polkit
 , nss
 , pam
 , systemd
-, autoreconfHook
-, gtk-doc
+, libfprint
+, python3
 }:
 
 stdenv.mkDerivation rec {
-  pname = "fprintd" + stdenv.lib.optionalString thinkpad "-thinkpad";
-  version = "0.9.0";
+  pname = "fprintd";
+  version = "1.90.1";
+  outputs = [ "out" "devdoc" ];
 
-  src = fetchurl {
-    url = "https://gitlab.freedesktop.org/libfprint/fprintd/uploads/9dec4b63d1f00e637070be1477ce63c0/fprintd-${version}.tar.xz";
-    sha256 = "182gcnwb6zjwmk0dn562rjmpbk7ac7dhipbfdhfic2sn1jzis49p";
+  src = fetchFromGitLab {
+    domain = "gitlab.freedesktop.org";
+    owner = "libfprint";
+    repo = pname;
+    rev = version;
+    sha256 = "0mbzk263x7f58i9cxhs44mrngs7zw5wkm62j5r6xlcidhmfn03cg";
   };
 
   patches = [
+    # Fixes issue with ":" when there is multiple paths (might be the case on NixOS)
+    # https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/50
+    (fetchpatch {
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/d7fec03f24d10f88d34581c72f0eef201f5eafac.patch";
+      sha256 = "QNN05WF4YZ0XiTwm5NkfqZDuQpyXlnrh+RJF9SNsCDk=";
+    })
+
+    # Fix locating libpam_wrapper for tests
+    (fetchpatch {
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/40.patch";
+      sha256 = "43uPihK6HhygHw1Qplwci80Wseq/S77VUp+OdEECHmM=";
+    })
     (fetchpatch {
-      url = "https://gitlab.freedesktop.org/libfprint/fprintd/merge_requests/16.patch";
-      sha256 = "1y39zsmxjll9hip8464qwhq5qg06c13pnafyafgxdph75lvhdll7";
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f401f399a85dbeb2de165b9b9162eb552ab6eea7.patch";
+      sha256 = "Pga+/QEkln8DOwGZfKM1r2urJX4Y3X0bozWWxKZ5ia0=";
     })
   ];
 
   nativeBuildInputs = [
-    intltool
     pkgconfig
-    autoreconfHook # Drop with above patch
-    gtk-doc # Drop with above patch
+    meson
+    ninja
+    perl
+    gettext
+    gtk-doc
+    libxslt
+    dbus
+    docbook-xsl-nons
+    docbook_xml_dtd_412
   ];
 
   buildInputs = [
@@ -46,23 +74,43 @@ stdenv.mkDerivation rec {
     nss
     pam
     systemd
-  ]
-  ++ stdenv.lib.optional thinkpad libfprint-thinkpad
-  ++ stdenv.lib.optional (!thinkpad) libfprint
-  ;
+    libfprint
+  ];
+
+  checkInputs = with python3.pkgs; [
+    python-dbusmock
+    dbus-python
+    pygobject3
+    pycairo
+    pypamtest
+  ];
 
-  configureFlags = [
-    # is hardcoded to /var/lib/fprint, this is for the StateDirectory install target
-    "--localstatedir=${placeholder "out"}/var"
-    "--sysconfdir=${placeholder "out"}/etc"
-    "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
+  mesonFlags = [
+    "-Dgtk_doc=true"
+    "-Dpam_modules_dir=${placeholder "out"}/lib/security"
+    "-Dsysconfdir=${placeholder "out"}/etc"
+    "-Ddbus_service_dir=${placeholder "out"}/share/dbus-1/system-services"
+    "-Dsystemd_system_unit_dir=${placeholder "out"}/lib/systemd/system"
   ];
 
+  PKG_CONFIG_DBUS_1_INTERFACES_DIR = "${placeholder "out"}/share/dbus-1/interfaces";
+  PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions";
+  PKG_CONFIG_DBUS_1_DATADIR = "${placeholder "out"}/share";
+
+  # FIXME: Ugly hack for tests to find libpam_wrapper.so
+  LIBRARY_PATH = stdenv.lib.makeLibraryPath [ python3.pkgs.pypamtest ];
+
+  doCheck = true;
+
+  postPatch = ''
+    patchShebangs po/check-translations.sh
+  '';
+
   meta = with stdenv.lib; {
     homepage = "https://fprint.freedesktop.org/";
     description = "D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus";
     license = licenses.gpl2;
     platforms = platforms.linux;
-    maintainers = with maintainers; [ abbradar ];
+    maintainers = with maintainers; [ abbradar elyhaka ];
   };
 }
diff --git a/pkgs/tools/security/hcxdumptool/default.nix b/pkgs/tools/security/hcxdumptool/default.nix
index 6a2eee471432..c7a5a9985552 100644
--- a/pkgs/tools/security/hcxdumptool/default.nix
+++ b/pkgs/tools/security/hcxdumptool/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "hcxdumptool";
-  version = "6.0.5";
+  version = "6.0.6";
 
   src = fetchFromGitHub {
     owner = "ZerBea";
     repo = "hcxdumptool";
     rev = version;
-    sha256 = "0rh19lblz8wp8q2x123nlwvxq1pjq9zw12w18z83v2l2knjbc524";
+    sha256 = "1b4d543y64ib92w9gcmiyjn5hz2vyjqmxk3f3yr1zk04fhw16gmf";
   };
 
   buildInputs = [ openssl ];
diff --git a/pkgs/tools/security/tpm2-tools/default.nix b/pkgs/tools/security/tpm2-tools/default.nix
index 06826173e340..282b1df299cf 100644
--- a/pkgs/tools/security/tpm2-tools/default.nix
+++ b/pkgs/tools/security/tpm2-tools/default.nix
@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   pname = "tpm2-tools";
-  version = "4.1.1";
+  version = "4.1.2";
 
   src = fetchurl {
     url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz";
-    sha256 = "1cd74nd57wmms2yrnzs64xki29rf4kx61kd30fyd56wlicyjdfa0";
+    sha256 = "0di97zmxdh04m2ibyshcgvillwxx6rnd0543scm7q10y7nv74m0p";
   };
 
   nativeBuildInputs = [ pandoc pkgconfig makeWrapper ];
diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix
index 515b5884999e..e1b6ef808605 100644
--- a/pkgs/tools/security/vault/default.nix
+++ b/pkgs/tools/security/vault/default.nix
@@ -2,13 +2,13 @@
 
 buildGoPackage rec {
   pname = "vault";
-  version = "1.4.1";
+  version = "1.4.2";
 
   src = fetchFromGitHub {
     owner = "hashicorp";
     repo = "vault";
     rev = "v${version}";
-    sha256 = "0fbbvihvlzh95rrk65bwxfcam6y57q0yffq8dzvcbm3i0ap7ndar";
+    sha256 = "0aschysngs6f50plqkqbnhgl6zryd0bpypr50zd45cgww7jvvqd4";
   };
 
   goPackagePath = "github.com/hashicorp/vault";
diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix
index a470ad11caff..8a1195350234 100644
--- a/pkgs/tools/security/yara/default.nix
+++ b/pkgs/tools/security/yara/default.nix
@@ -1,30 +1,28 @@
-{ stdenv, fetchFromGitHub, fetchpatch, autoconf, automake, libtool, pcre
+{ stdenv
+, fetchFromGitHub
+, autoreconfHook
+, pcre
+, pkg-config
+, protobufc
 , withCrypto ? true, openssl
 , enableMagic ? true, file
 , enableCuckoo ? true, jansson
 }:
 
 stdenv.mkDerivation rec {
-  version = "3.11.0";
+  version = "4.0.1";
   pname = "yara";
 
   src = fetchFromGitHub {
     owner = "VirusTotal";
     repo = "yara";
     rev = "v${version}";
-    sha256 = "0mx3xm2a70fx8vlynkavq8gfd9w5yjcix5rx85444i2s1h6kcd0j";
+    sha256 = "0dy8jf0pdn0wilxy1pj6pqjxg7icxkwax09w54np87gl9p00f5rk";
   };
 
-  # See: https://github.com/VirusTotal/yara/issues/1036
-  # TODO: This patch should not be necessary in the next release
-  patches = [
-    (fetchpatch {
-      url = "https://github.com/VirusTotal/yara/commit/04df811fa61fa54390b274bfcf56d7403c184404.patch";
-      sha256 = "0hsbc2k7nmk2kskll971draz0an4rmcs5v0iql47mz596vqvkzmb";
-    })
-  ];
+  nativeBuildInputs = [ autoreconfHook pkg-config ];
 
-  buildInputs = [ autoconf automake libtool pcre ]
+  buildInputs = [ pcre protobufc ]
     ++ stdenv.lib.optionals withCrypto [ openssl ]
     ++ stdenv.lib.optionals enableMagic [ file ]
     ++ stdenv.lib.optionals enableCuckoo [ jansson ]
@@ -40,8 +38,8 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     description = "The pattern matching swiss knife for malware researchers";
-    homepage    = "http://Virustotal.github.io/yara/";
-    license     = licenses.asl20;
-    platforms   = stdenv.lib.platforms.all;
+    homepage = "http://Virustotal.github.io/yara/";
+    license = licenses.asl20;
+    platforms = platforms.all;
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 01:22:16 +0000