diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-09-04 07:26:00 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-09-05 22:50:58 +0200 |
commit | 875c286ba39a93b36274bb8ccecdd33a5af83b00 (patch) | |
tree | bbce0d68e7afd9b830b61c3bdd8c7e8ae284c724 | |
parent | c45bf3c43db26455052d822f7ab5984610d36fa7 (diff) |
cipherscan: 2015-12-17 -> 2016-08-16
-rw-r--r-- | pkgs/tools/security/cipherscan/default.nix | 40 | ||||
-rw-r--r-- | pkgs/tools/security/cipherscan/path.patch | 93 |
2 files changed, 19 insertions, 114 deletions
diff --git a/pkgs/tools/security/cipherscan/default.nix b/pkgs/tools/security/cipherscan/default.nix index eac237f2ff47f..859c1fdf49a07 100644 --- a/pkgs/tools/security/cipherscan/default.nix +++ b/pkgs/tools/security/cipherscan/default.nix @@ -2,42 +2,40 @@ stdenv.mkDerivation rec { name = "cipherscan-${version}"; - version = "2015-12-17"; + version = "2016-08-16"; + src = fetchFromGitHub { - owner = "jvehent"; + owner = "mozilla"; repo = "cipherscan"; - rev = "18b0d1b952d027d20e38f07329817873ec077d26"; - sha256 = "0b6fkfm2y8w04am4krspmapcc5ngn603n5rlwyjly92z2dawc7h8"; + rev = "74dd82e8ad994a140daf79489d3bd1c5ad928d38"; + sha256 = "16azhlmairnvdz7xmwgvfpn2pzw1p8z7c9b27m07fngqjkpx0mhh"; }; - buildInputs = [ makeWrapper python ]; - patches = [ ./path.patch ]; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ python ]; + buildPhase = '' - substituteInPlace cipherscan \ - --replace "@OPENSSLBIN@" \ - "${openssl.bin}/bin/openssl" \ - --replace "@TIMEOUTBIN@" \ - "${coreutils}/bin/timeout" \ - --replace "@READLINKBIN@" \ - "${coreutils}/bin/readlink" - - substituteInPlace analyze.py \ - --replace "@OPENSSLBIN@" \ - "${openssl.bin}/bin/openssl" + substituteInPlace cipherscan --replace '$0' 'cipherscan' ''; + installPhase = '' mkdir -p $out/bin cp cipherscan $out/bin cp openssl.cnf $out/bin - cp analyze.py $out/bin + cp analyze.py $out/bin/cipherscan-analyze - wrapProgram $out/bin/analyze.py --set PYTHONPATH "$PYTHONPATH" + wrapProgram $out/bin/cipherscan \ + --set NOAUTODETECT 1 \ + --set TIMEOUTBIN "${coreutils}/bin/timeout" \ + --set OPENSSLBIN "${openssl}/bin/openssl" ''; + meta = with lib; { + inherit (src.meta) homepage; description = "Very simple way to find out which SSL ciphersuites are supported by a target"; - homepage = "https://github.com/jvehent/cipherscan"; license = licenses.mpl20; platforms = platforms.all; - maintainers = with maintainers; [ cstrahan ]; + maintainers = with maintainers; [ cstrahan fpletz ]; }; } diff --git a/pkgs/tools/security/cipherscan/path.patch b/pkgs/tools/security/cipherscan/path.patch deleted file mode 100644 index 3b6d8ef805098..0000000000000 --- a/pkgs/tools/security/cipherscan/path.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff --git a/analyze.py b/analyze.py -index bb62af8..e929253 100755 ---- a/analyze.py -+++ b/analyze.py -@@ -418,13 +418,7 @@ def build_ciphers_lists(opensslbin): - - # use system openssl if not on linux 64 - if not opensslbin: -- if platform.system() == 'Linux' and platform.architecture()[0] == '64bit': -- opensslbin = mypath + '/openssl' -- elif platform.system() == 'Darwin' and platform.architecture()[0] == '64bit': -- opensslbin = mypath + '/openssl-darwin64' -- else: -- opensslbin='openssl' -- print("warning: analyze.py is using system's openssl, which may limit the tested ciphers and recommendations") -+ opensslbin = "@OPENSSLBIN@" - - logging.debug('Loading all ciphers: ' + allC) - all_ciphers = subprocess.Popen([opensslbin, 'ciphers', allC], -diff --git a/cipherscan b/cipherscan -index 236b34f..a240d13 100755 ---- a/cipherscan -+++ b/cipherscan -@@ -30,43 +30,12 @@ if [[ -n $NOAUTODETECT ]]; then - else - case "$(uname -s)" in - Darwin) -- opensslbin_name="openssl-darwin64" -- -- READLINKBIN=$(which greadlink 2>/dev/null) -- if [[ -z $READLINKBIN ]]; then -- echo "greadlink not found. (try: brew install coreutils)" 1>&2 -- exit 1 -- fi -- TIMEOUTBIN=$(which gtimeout 2>/dev/null) -- if [[ -z $TIMEOUTBIN ]]; then -- echo "gtimeout not found. (try: brew install coreutils)" 1>&2 -- exit 1 -- fi -+ READLINKBIN="@READLINKBIN@" -+ TIMEOUTBIN="@TIMEOUTBIN@" - ;; - *) -- opensslbin_name="openssl" -- -- # test that readlink or greadlink (darwin) are present -- READLINKBIN="$(which readlink)" -- -- if [[ -z $READLINKBIN ]]; then -- READLINKBIN="$(which greadlink)" -- if [[ -z $READLINKBIN ]]; then -- echo "neither readlink nor greadlink are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2 -- exit 1 -- fi -- fi -- -- # test that timeout or gtimeout (darwin) are present -- TIMEOUTBIN="$(which timeout)" -- -- if [[ -z $TIMEOUTBIN ]]; then -- TIMEOUTBIN="$(which gtimeout)" -- if [[ -z $TIMEOUTBIN ]]; then -- echo "neither timeout nor gtimeout are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2 -- exit 1 -- fi -- fi -+ READLINKBIN="@READLINKBIN@" -+ TIMEOUTBIN="@TIMEOUTBIN@" - - # Check for busybox, which has different arguments - TIMEOUTOUTPUT="$($TIMEOUTBIN --help 2>&1)" -@@ -1944,20 +1913,7 @@ do - done - - if [[ -z $OPENSSLBIN ]]; then -- readlink_result=$("$READLINKBIN" -f "$0") -- if [[ -z $readlink_result ]]; then -- echo "$READLINKBIN -f $0 failed, aborting." 1>&2 -- exit 1 -- fi -- REALPATH=$(dirname "$readlink_result") -- if [[ -z $REALPATH ]]; then -- echo "dirname $REALPATH failed, aborting." 1>&2 -- exit 1 -- fi -- OPENSSLBIN="${REALPATH}/${opensslbin_name}" -- if ! [[ -x "${OPENSSLBIN}" ]]; then -- OPENSSLBIN="$(which openssl)" # fallback to generic openssl -- fi -+ OPENSSLBIN="@OPENSSLBIN@" - fi - # use custom config file to enable GOST ciphers - if [[ -e $DIRNAMEPATH/openssl.cnf ]]; then |