Merge master into staging-next

4 files changed, 91 insertions, 8 deletions

diff --git a/pkgs/tools/nix/fh/default.nix b/pkgs/tools/nix/fh/default.nix
index 441d63c2befc8..e4368e58012b2 100644
--- a/pkgs/tools/nix/fh/default.nix
+++ b/pkgs/tools/nix/fh/default.nix
@@ -9,16 +9,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "fh";
-  version = "0.1.2";
+  version = "0.1.3";
 
   src = fetchFromGitHub {
     owner = "DeterminateSystems";
     repo = "fh";
     rev = "v${version}";
-    hash = "sha256-4IpfVkmSTMTZKsm+eXPtcenMgbis12RaPrJpM1kYaE8=";
+    hash = "sha256-9dWd0syDzoyjnhVoOCazRVA4pAAXud+cxggVlxXzJFg=";
   };
 
-  cargoHash = "sha256-RHUMrA+mzvT9xXOt/flGfvK0uBBUnAtgHOrgvYivTGs=";
+  cargoHash = "sha256-GzS/grxiMlrpJ2OG5BSne4RmSMUXXjKiwYyW4Aj69gc=";
 
   nativeBuildInputs = [
     rustPlatform.bindgenHook
diff --git a/pkgs/tools/security/nuclei/default.nix b/pkgs/tools/security/nuclei/default.nix
index 344ba03a361ea..33df3a04656a8 100644
--- a/pkgs/tools/security/nuclei/default.nix
+++ b/pkgs/tools/security/nuclei/default.nix
@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "nuclei";
-  version = "2.9.13";
+  version = "2.9.14";
 
   src = fetchFromGitHub {
     owner = "projectdiscovery";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-mjb7U7F4OZ9nRjtLjZk1s7T+n/VqV/RPMbnGodxRVUE=";
+    hash = "sha256-73MOUzIWA2sO6Y+Xku7f7DlUtsoa0GpfaqJzpEHCV/M=";
   };
 
-  vendorHash = "sha256-/1F2aY3cRLRz06s1KXQ6bt7UgaZgiXEjS/5stGi7xIw=";
+  vendorHash = "sha256-H4QBt00WSvCJi7P6gh4JBDCLSZwt/H5LWcahusdQoRE=";
 
   modRoot = "./v2";
   subPackages = [
diff --git a/pkgs/tools/security/sudo-rs/default.nix b/pkgs/tools/security/sudo-rs/default.nix
new file mode 100644
index 0000000000000..6730cdf1869f1
--- /dev/null
+++ b/pkgs/tools/security/sudo-rs/default.nix
@@ -0,0 +1,83 @@
+{ lib
+, bash
+, fetchFromGitHub
+, fetchpatch
+, installShellFiles
+, pam
+, pandoc
+, rustPlatform
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "sudo-rs";
+  version = "0.2.0";
+
+  src = fetchFromGitHub {
+    owner = "memorysafety";
+    repo = "sudo-rs";
+    rev = "v${version}";
+    hash = "sha256-Kk5D3387hdl6eGWTSV003r+XajuDh6YgHuqYlj9NnaQ=";
+  };
+  cargoHash = "sha256-yeMK37tOgJcs9pW3IclpR5WMXx0gMDJ2wcmInxJYbQ8=";
+
+  nativeBuildInputs = [ installShellFiles pandoc ];
+
+  buildInputs = [ pam ];
+
+  patches = [
+    (fetchpatch {
+      # @R-VdP's patch to work with NixOS' suid wrappers
+      name = "Skip self_check when executed as root.patch";
+      url = "https://github.com/R-VdP/sudo-rs/commit/a44541dcb36b94f938daaed66b3ff06cfc1c2b40.patch";
+      hash = "sha256-PdmOqp/NDjFy8ve4jEOi58e0N9xUnaVKioQwdC5Jf1U=";
+    })
+  ];
+
+  # Don't attempt to generate the docs in a (pan)Docker container
+  postPatch = ''
+    substituteInPlace util/generate-docs.sh \
+      --replace "/usr/bin/env bash" ${lib.getExe bash} \
+      --replace util/pandoc.sh pandoc
+  '';
+
+  postInstall = ''
+    ./util/generate-docs.sh
+    installManPage target/docs/man/*
+  '';
+
+  checkFlags = map (t: "--skip=${t}") [
+    # Those tests make path assumptions
+    "common::command::test::test_build_command_and_args"
+    "common::context::tests::test_build_context"
+    "common::resolve::test::canonicalization"
+    "common::resolve::tests::test_resolve_path"
+    "system::tests::kill_test"
+
+    # Assumes $SHELL is an actual shell
+    "su::context::tests::su_to_root"
+
+    # Attempts to access /etc files from the build sandbox
+    "system::audit::test::secure_open_is_predictable"
+
+    # Assume there is a `daemon` user and group
+    "system::interface::test::test_unix_group"
+    "system::interface::test::test_unix_user"
+    "system::tests::test_get_user_and_group_by_id"
+
+    # This expects some PATH_TZINFO environment var
+    "env::environment::tests::test_tzinfo"
+
+    # Unsure why those are failing
+    "env::tests::test_environment_variable_filtering"
+    "su::context::tests::invalid_shell"
+  ];
+
+  meta = with lib; {
+    description = "A memory safe implementation of sudo and su.";
+    homepage = "https://github.com/memorysafety/sudo-rs";
+    changelog = "${meta.homepage}/blob/v${version}/CHANGELOG.md";
+    license = with licenses; [ asl20 mit ];
+    maintainers = with maintainers; [ nicoo ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/system/ttop/default.nix b/pkgs/tools/system/ttop/default.nix
index 67edfe27274dc..ceccaea7ce3df 100644
--- a/pkgs/tools/system/ttop/default.nix
+++ b/pkgs/tools/system/ttop/default.nix
@@ -2,14 +2,14 @@
 
 nimPackages.buildNimPackage (finalAttrs: {
   pname = "ttop";
-  version = "1.2.0";
+  version = "1.2.1";
   nimBinOnly = true;
 
   src = fetchFromGitHub {
     owner = "inv2004";
     repo = "ttop";
     rev = "v${finalAttrs.version}";
-    hash = "sha256-4Tjf4Qdpiu0ErH3dkff4cwYyw/8F8+VdFV9NZt8p/3o=";
+    hash = "sha256-3wRGeRR1M3jx6GKVd7wSjTdfVlBGF6u3jY3wtK3lAYI=";
   };
 
   buildInputs = with nimPackages; [ asciigraph illwill jsony parsetoml zippy ];