diff options
Diffstat (limited to 'pkgs/tools/security')
62 files changed, 2171 insertions, 480 deletions
diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix index d07396319d8da..252be087675f8 100644 --- a/pkgs/tools/security/afl/default.nix +++ b/pkgs/tools/security/afl/default.nix @@ -9,11 +9,11 @@ let in stdenv.mkDerivation rec { name = "afl-${version}"; - version = "2.35b"; + version = "2.41b"; src = fetchurl { url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; - sha256 = "1smwc3j0mrpnhqq7li2ry42fxcmq3q2kl568dpq9r9npg996fqar"; + sha256 = "13wnjk0rklcjglj7dmpahv67vig9azifxgnggj56hki66lrb2w06"; }; # Note: libcgroup isn't needed for building, just for the afl-cgroup diff --git a/pkgs/tools/security/browserpass/default.nix b/pkgs/tools/security/browserpass/default.nix new file mode 100644 index 0000000000000..edc46fee5828b --- /dev/null +++ b/pkgs/tools/security/browserpass/default.nix @@ -0,0 +1,34 @@ +# This file was generated by https://github.com/kamilchm/go2nix v1.2.0 +{ stdenv, buildGoPackage, fetchgit, fetchhg, fetchbzr, fetchsvn }: + +buildGoPackage rec { + name = "browserpass-${version}"; + version = "2017-04-11"; + rev = "e0fe250ed8fd061125746f5d99a1f9a678d21004"; + + goPackagePath = "github.com/dannyvankooten/browserpass"; + + src = fetchgit { + inherit rev; + url = "https://github.com/dannyvankooten/browserpass"; + sha256 = "0khwlh5agdd2mm2yzklg8r2h084n8j7jbjjxsiaj67zm8zz6b39c"; + }; + + postInstall = '' + host_file="$bin/bin/browserpass" + mkdir -p "$bin/etc" + + sed -e "s!%%replace%%!$host_file!" go/src/${goPackagePath}/chrome/host.json > chrome-host.json + sed -e "s!%%replace%%!$host_file!" go/src/${goPackagePath}/firefox/host.json > firefox-host.json + + install -D chrome-host.json $bin/etc/chrome-host.json + install -D firefox-host.json $bin/lib/mozilla/native-messaging-hosts/com.dannyvankooten.browserpass.json + ''; + + meta = { + description = "A Chrome & Firefox extension for zx2c4's pass"; + homepage = "https://github.com/dannyvankooten/browserpass"; + license = stdenv.lib.licenses.mit; + platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; + }; +} diff --git a/pkgs/tools/security/ccid/default.nix b/pkgs/tools/security/ccid/default.nix index cfa9f69b3869a..914247dcd0b58 100644 --- a/pkgs/tools/security/ccid/default.nix +++ b/pkgs/tools/security/ccid/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, pcsclite, pkgconfig, libusb1, perl }: stdenv.mkDerivation rec { - version = "1.4.23"; + version = "1.4.26"; name = "ccid-${version}"; src = fetchurl { - url = "https://alioth.debian.org/frs/download.php/file/4169/ccid-1.4.23.tar.bz2"; - sha256 = "0s7c2g8idnnh19958aswaa2s51ncr2j7gqrkk5g95qpfnv7asdh8"; + url = "https://alioth.debian.org/frs/download.php/file/4205/ccid-1.4.26.tar.bz2"; + sha256 = "0bxy835c133ajalpj4gx60nqkjvpf9y1n97n04pw105pi9qbyrrj"; }; patchPhase = '' diff --git a/pkgs/tools/security/crunch/default.nix b/pkgs/tools/security/crunch/default.nix index 914d79965c3e1..3e94d52fc5fc6 100644 --- a/pkgs/tools/security/crunch/default.nix +++ b/pkgs/tools/security/crunch/default.nix @@ -11,11 +11,11 @@ stdenv.mkDerivation rec { buildInputs = [ which ]; - configurePhase = "true"; - preBuild = '' - sed 's/sudo //' -i Makefile - sed 's/-g root -o root//' -i Makefile + substituteInPlace Makefile \ + --replace '-g root -o root' "" \ + --replace '-g wheel -o root' "" \ + --replace 'sudo ' "" ''; makeFlags = "PREFIX=$(out)"; @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Wordlist generator"; homepage = https://sourceforge.net/projects/crunch-wordlist/; - platforms = platforms.linux; - maintainers = [ maintainers.lethalman ]; + platforms = platforms.unix; + maintainers = with maintainers; [ lethalman lnl7 ]; }; } diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix index 05ce60a05084b..729f85a73fcef 100644 --- a/pkgs/tools/security/duo-unix/default.nix +++ b/pkgs/tools/security/duo-unix/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "duo-unix-${version}"; - version = "1.9.19"; + version = "1.9.20"; src = fetchurl { url = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz"; - sha256 = "02hvayknj0kvdik4mqm9j9isqzxk0f992i9v274s27891xqgj8rd"; + sha256 = "0zxrpdbgi8k8jbqg5yxjv3b0lz9kpk89pglwb3lqlvzscbxdv5qj"; }; buildInputs = [ pam openssl zlib ]; diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix index 4981d8fa062a3..f8ef409813ccf 100644 --- a/pkgs/tools/security/ecryptfs/default.nix +++ b/pkgs/tools/security/ecryptfs/default.nix @@ -11,12 +11,14 @@ stdenv.mkDerivation rec { }; # TODO: replace wrapperDir below with from <nixos> config.security.wrapperDir; - wrapperDir = "/var/setuid-wrappers"; + wrapperDir = "/run/wrappers/bin"; postPatch = '' FILES="$(grep -r '/bin/sh' src/utils -l; find src -name \*.c)" for file in $FILES; do substituteInPlace "$file" \ + --replace /bin/mount ${utillinux}/bin/mount \ + --replace /bin/umount ${utillinux}/bin/umount \ --replace /sbin/mount.ecryptfs_private ${wrapperDir}/mount.ecryptfs_private \ --replace /sbin/umount.ecryptfs_private ${wrapperDir}/umount.ecryptfs_private \ --replace /sbin/mount.ecryptfs $out/sbin/mount.ecryptfs \ @@ -26,8 +28,6 @@ stdenv.mkDerivation rec { --replace /usr/bin/ecryptfs-setup-private $out/bin/ecryptfs-setup-private \ --replace /sbin/cryptsetup ${cryptsetup}/sbin/cryptsetup \ --replace /sbin/dmsetup ${lvm2}/sbin/dmsetup \ - --replace /bin/mount ${utillinux}/bin/mount \ - --replace /bin/umount ${utillinux}/bin/umount \ --replace /sbin/unix_chkpwd ${wrapperDir}/unix_chkpwd \ --replace /bin/bash ${bash}/bin/bash done diff --git a/pkgs/tools/security/ecryptfs/helper.nix b/pkgs/tools/security/ecryptfs/helper.nix index 0d4b37a8efc05..40a728f6cb1aa 100644 --- a/pkgs/tools/security/ecryptfs/helper.nix +++ b/pkgs/tools/security/ecryptfs/helper.nix @@ -18,11 +18,11 @@ stdenv.mkDerivation rec { buildInputs = [ makeWrapper ]; - # Do not hardcode PATH to ${ecryptfs} as we need the script to invoke executables from /var/setuid-wrappers + # Do not hardcode PATH to ${ecryptfs} as we need the script to invoke executables from /run/wrappers/bin installPhase = '' mkdir -p $out/bin $out/libexec cp $src $out/libexec/ecryptfs-helper.py - makeWrapper "${python2.interpreter} $out/libexec/ecryptfs-helper.py" $out/bin/ecryptfs-helper + makeWrapper "${python2.interpreter}" "$out/bin/ecryptfs-helper" --add-flags "$out/libexec/ecryptfs-helper.py" ''; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/encryptr/default.nix b/pkgs/tools/security/encryptr/default.nix index 95d0299e87332..2cf07c63a84a6 100644 --- a/pkgs/tools/security/encryptr/default.nix +++ b/pkgs/tools/security/encryptr/default.nix @@ -52,6 +52,6 @@ in stdenv.mkDerivation rec { description = "Free, private and secure password management tool and e-wallet"; license = licenses.unfree; maintainers = with maintainers; [ guillaumekoenig ]; - platform = platforms.linux; + platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/enpass/default.nix b/pkgs/tools/security/enpass/default.nix index 257af4645f68d..449a6911a1509 100644 --- a/pkgs/tools/security/enpass/default.nix +++ b/pkgs/tools/security/enpass/default.nix @@ -53,7 +53,6 @@ let meta = { description = "a well known password manager"; homepage = https://www.enpass.io/; - maintainer = lib.maintainers.ronny; license = lib.licenses.unfree; platforms = lib.platforms.linux; }; diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index 695bfcce3a591..e7a052c90f1c3 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -1,16 +1,15 @@ { stdenv, fetchFromGitHub, python, pythonPackages, gamin }: -let version = "0.9.4"; in +let version = "0.9.6"; in pythonPackages.buildPythonApplication { name = "fail2ban-${version}"; - namePrefix = ""; src = fetchFromGitHub { owner = "fail2ban"; repo = "fail2ban"; rev = version; - sha256 = "1m8gqj35kwrn30rqwd488sgakaisz22xa5v9llvz6gwf4f7ps0a9"; + sha256 = "1a75xjjqhn98zd9i51k15vjvcy0ql0gmcv9xf8pbd0bpvblgdah8"; }; propagatedBuildInputs = [ gamin ] diff --git a/pkgs/tools/security/fcrackzip/default.nix b/pkgs/tools/security/fcrackzip/default.nix new file mode 100644 index 0000000000000..5d2e515c3277b --- /dev/null +++ b/pkgs/tools/security/fcrackzip/default.nix @@ -0,0 +1,26 @@ +{stdenv, fetchurl}: + +stdenv.mkDerivation rec { + name = "fcrackzip-${version}"; + version = "1.0"; + src = fetchurl { + url = "http://oldhome.schmorp.de/marc/data/${name}.tar.gz"; + sha256 = "0l1qsk949vnz18k4vjf3ppq8p497966x4c7f2yx18x8pk35whn2a"; + }; + + # 'fcrackzip --use-unzip' cannot deal with file names containing a single quote + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430387 + patches = [ ./fcrackzip_forkexec.patch ]; + + # Do not clash with unizp/zipinfo + postInstall = "mv $out/bin/zipinfo $out/bin/fcrackzip-zipinfo"; + + meta = with stdenv.lib; { + description = "zip password cracker, similar to fzc, zipcrack and others"; + homepage = http://oldhome.schmorp.de/marc/fcrackzip.html; + license = licenses.gpl2; + maintainers = with maintainers; [ nico202 ]; + platforms = with platforms; unix; + }; +} + diff --git a/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch b/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch new file mode 100644 index 0000000000000..8e508ec1f596b --- /dev/null +++ b/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch @@ -0,0 +1,105 @@ +--- origin/main.c 2016-12-12 12:53:38.344285376 +0100 ++++ main.c 2016-12-12 13:01:41.134548824 +0100 +@@ -26,11 +26,13 @@ + #include <string.h> + + #ifdef USE_UNIX_REDIRECTION +-#define DEVNULL ">/dev/null 2>&1" ++#define DEVNULL "/dev/null" + #else +-#define DEVNULL ">NUL 2>&1" ++#define DEVNULL "NUL" + #endif + ++#include <errno.h> ++ + #include "crack.h" + + int use_unzip; +@@ -47,21 +49,77 @@ + int REGPARAM + check_unzip (const char *pw) + { +- char buff[1024]; +- int status; ++pid_t cpid; ++cpid = fork (); ++if (cpid == -1) ++ { ++ perror ("fork"); ++ exit (EXIT_FAILURE); ++ } ++ ++if (cpid == 0) ++ { ++ // Redirect STDERR/STDOUT to /dev/null ++ int oldfd_stderr, oldfd_stdout; ++ oldfd_stdout = dup (fileno (stdout)); ++ if (oldfd_stdout == -1) ++ { ++ perror ("dup for stdout"); ++ _exit (127); ++ } ++ oldfd_stderr = dup (fileno (stderr)); ++ if (oldfd_stderr == -1) ++ { ++ perror ("dup for stderr"); ++ _exit (127); ++ } ++ if (freopen (DEVNULL, "w", stdout) == NULL) ++ { ++ perror ("freopen " DEVNULL " for stdout"); ++ _exit (127); ++ } ++ if (freopen (DEVNULL, "w", stderr) == NULL) ++ { ++ perror ("freopen " DEVNULL " for stderr"); ++ _exit (127); ++ } ++ execlp ("unzip", "unzip", "-qqtP", pw, file_path[0], NULL); ++ ++ // When execlp failed. ++ // Restores the stderr/stdout redirection to print an error. ++ int errno_saved = errno; ++ dup2 (oldfd_stderr, fileno (stderr)); ++ dup2 (oldfd_stdout, fileno (stdout)); ++ close (oldfd_stderr); ++ close (oldfd_stdout); ++ errno = errno_saved; ++ perror ("execlp for unzip"); ++ _exit (127); // Returns 127 on error as system(3) does ++ } + +- sprintf (buff, "unzip -qqtP \"%s\" %s " DEVNULL, pw, file_path[0]); +- status = system (buff); +- +-#undef REDIR ++ int status; + +- if (status == EXIT_SUCCESS) ++ if (waitpid (cpid, &status, 0) == -1) + { +- printf("\n\nPASSWORD FOUND!!!!: pw == %s\n", pw); ++ perror ("waitpid"); ++ exit (EXIT_FAILURE); ++ } ++ ++ // The child process does not terminated normally, OR returns the exit status 127. ++ if (!WIFEXITED (status) ++ || (WIFEXITED (status) && (WEXITSTATUS (status) == 127))) ++ { ++ fprintf (stderr, "Executing unzip failed.\n"); ++ exit (EXIT_FAILURE); ++ } ++// unzip exited normally with the exit status 0 then... ++ if (WIFEXITED (status) && (WEXITSTATUS (status) == EXIT_SUCCESS)) ++ { ++ printf ("\n\nPASSWORD FOUND!!!!: pw == %s\n", pw); + exit (EXIT_SUCCESS); + } + +- return !status; ++ return 0; + } + + /* misc. callbacks. */ diff --git a/pkgs/tools/security/fwknop/default.nix b/pkgs/tools/security/fwknop/default.nix new file mode 100644 index 0000000000000..823bdbbffb5d4 --- /dev/null +++ b/pkgs/tools/security/fwknop/default.nix @@ -0,0 +1,66 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, lib +, libpcap, texinfo +, iptables +, gnupgSupport ? true, gnupg, gpgme # Increases dependencies! +, wgetSupport ? true, wget +, buildServer ? true +, buildClient ? true }: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "fwknop"; + version = "2.6.9"; + + src = fetchFromGitHub { + owner = "mrash"; + repo = pname; + rev = version; + sha256 = "1509d1lzfmhavdwi65dwb0jaglpy8ciccgpcnhx9ks6s7irn923c"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ libpcap texinfo ] + ++ stdenv.lib.optional gnupgSupport [ gnupg gpgme.dev ] + ++ stdenv.lib.optional wgetSupport [ wget ]; + + configureFlags = '' + --sysconfdir=/etc + --localstatedir=/run + --with-iptables=${iptables}/sbin/iptables + ${lib.optionalString (!buildServer) "--disable-server"} + ${lib.optionalString (!buildClient) "--disable-client"} + ${lib.optionalString gnupgSupport '' + --with-gpgme + --with-gpgme-prefix=${gpgme.dev} + --with-gpg=${gnupg} + ''} + ${lib.optionalString wgetSupport '' + --with-wget=${wget}/bin/wget + ''} + ''; + + # Temporary hack to copy the example configuration files into the nix-store, + # this'll probably be helpful until there's a NixOS module for that (feel free + # to ping me (@primeos) if you want to help). + preInstall = '' + substituteInPlace Makefile --replace\ + "sysconfdir = /etc"\ + "sysconfdir = $out/etc" + substituteInPlace server/Makefile --replace\ + "wknopddir = /etc/fwknop"\ + "wknopddir = $out/etc/fwknop" + ''; + + meta = with stdenv.lib; { + description = + "Single Packet Authorization (and Port Knocking) server/client"; + longDescription = '' + fwknop stands for the "FireWall KNock OPerator", and implements an + authorization scheme called Single Packet Authorization (SPA). + ''; + homepage = "https://www.cipherdyne.org/fwknop/"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/pkgs/tools/security/gnupg/1.nix b/pkgs/tools/security/gnupg/1.nix index 0dbea65295978..9c4f98a740bf1 100644 --- a/pkgs/tools/security/gnupg/1.nix +++ b/pkgs/tools/security/gnupg/1.nix @@ -12,10 +12,21 @@ stdenv.mkDerivation rec { doCheck = true; - meta = { - description = "Free implementation of the OpenPGP standard for encrypting and signing data"; - homepage = http://www.gnupg.org/; - license = stdenv.lib.licenses.gpl3Plus; - platforms = stdenv.lib.platforms.gnu; # arbitrary choice + meta = with stdenv.lib; { + homepage = "https://gnupg.org"; + description = "Classic (1.4) release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "classic" (1.4) is the old standalone version which is most suitable for + older or embedded platforms. GnuPG allows to encrypt and sign your data + and communication, features a versatile key management system as well as + access modules for all kind of public key directories. GnuPG, also known + as GPG, is a command line tool with features for easy integration with + other applications. A wealth of frontend applications and libraries are + available. + ''; + platforms = platforms.gnu; # arbitrary choice }; } diff --git a/pkgs/tools/security/gnupg/1compat.nix b/pkgs/tools/security/gnupg/1compat.nix index 0fe294e5a117a..da700fe9f2276 100644 --- a/pkgs/tools/security/gnupg/1compat.nix +++ b/pkgs/tools/security/gnupg/1compat.nix @@ -1,7 +1,7 @@ { stdenv, gnupg, coreutils, writeScript }: stdenv.mkDerivation { - name = "gnupg1compat-0"; + name = "gnupg1compat-${gnupg.version}"; builder = writeScript "gnupg1compat-builder" '' # First symlink all top-level dirs @@ -18,7 +18,9 @@ stdenv.mkDerivation { ${coreutils}/bin/ln -s gpgv2 $out/bin/gpgv ''; - meta = { - platforms = stdenv.lib.platforms.unix; + meta = gnupg.meta // { + description = gnupg.meta.description + + " with symbolic links for gpg and gpgv"; + priority = -1; }; } diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix index fd79419d82ac0..6b011a00eb762 100644 --- a/pkgs/tools/security/gnupg/20.nix +++ b/pkgs/tools/security/gnupg/20.nix @@ -44,24 +44,22 @@ stdenv.mkDerivation rec { doCheck = true; - meta = { - homepage = "http://gnupg.org/"; - description = "Free implementation of the OpenPGP standard for encrypting and signing data"; - license = stdenv.lib.licenses.gpl3Plus; - + meta = with stdenv.lib; { + homepage = "https://gnupg.org"; + description = "Stable (2.0) release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; longDescription = '' - GnuPG is the GNU project's complete and free implementation of - the OpenPGP standard as defined by RFC4880. GnuPG allows to - encrypt and sign your data and communication, features a - versatile key management system as well as access modules for all - kind of public key directories. GnuPG, also known as GPG, is a - command line tool with features for easy integration with other - applications. A wealth of frontend applications and libraries - are available. Version 2 of GnuPG also provides support for - S/MIME. + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "stable" (2.0) is the current stable version for general use. This is + what most users are still using. GnuPG allows to encrypt and sign your + data and communication, features a versatile key management system as well + as access modules for all kind of public key directories. GnuPG, also + known as GPG, is a command line tool with features for easy integration + with other applications. A wealth of frontend applications and libraries + are available. Version 2 of GnuPG also provides support for S/MIME. ''; - - maintainers = with stdenv.lib.maintainers; [ roconnor urkud ]; - platforms = stdenv.lib.platforms.all; + maintainers = with maintainers; [ roconnor ]; + platforms = platforms.all; }; } diff --git a/pkgs/tools/security/gnupg/21.nix b/pkgs/tools/security/gnupg/21.nix index b96226d5c3f81..230ace0782345 100644 --- a/pkgs/tools/security/gnupg/21.nix +++ b/pkgs/tools/security/gnupg/21.nix @@ -1,5 +1,5 @@ -{ fetchurl, stdenv, pkgconfig, libgcrypt, libassuan, libksba, libiconv, npth -, gettext, texinfo, pcsclite, sqlite +{ fetchurl, fetchpatch, stdenv, pkgconfig, libgcrypt, libassuan, libksba +, libiconv, npth, gettext, texinfo, pcsclite, sqlite # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. @@ -15,11 +15,11 @@ assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-${version}"; - version = "2.1.17"; + version = "2.1.20"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "1js308b46ifx1gim0c9nivr5yxhans7iq1yvkf7zl2928gdm9p65"; + sha256 = "03cnd6gz8f4lf69inskssw57idrswcdimhccdyglmrlv6rlrmkr4"; }; buildInputs = [ @@ -29,7 +29,9 @@ stdenv.mkDerivation rec { NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-lintl"; - patches = [ ./fix-libusb-include-path.patch ]; + patches = [ + ./fix-libusb-include-path.patch + ]; postPatch = stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( @@ -37,10 +39,29 @@ stdenv.mkDerivation rec { pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; configureFlags = optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; + postInstall = '' + mkdir -p $out/lib/systemd/user + for f in doc/examples/systemd-user/*.{service,socket} ; do + substitute $f $out/lib/systemd/user/$(basename $f) \ + --replace /usr/bin $out/bin + done + ''; + meta = with stdenv.lib; { - homepage = http://gnupg.org; - description = "A complete and free implementation of the OpenPGP standard"; + homepage = "https://gnupg.org"; + description = "Modern (2.1) release of the GNU Privacy Guard, a GPL OpenPGP implementation"; license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "modern" (2.1) is the latest development with a lot of new features. + GnuPG allows to encrypt and sign your data and communication, features a + versatile key management system as well as access modules for all kind of + public key directories. GnuPG, also known as GPG, is a command line tool + with features for easy integration with other applications. A wealth of + frontend applications and libraries are available. Version 2 of GnuPG + also provides support for S/MIME. + ''; maintainers = with maintainers; [ wkennington peti fpletz vrthra ]; platforms = platforms.all; }; diff --git a/pkgs/tools/security/haka/default.nix b/pkgs/tools/security/haka/default.nix index 6c5247a47bb57..f9c7f4eaf1c7d 100644 --- a/pkgs/tools/security/haka/default.nix +++ b/pkgs/tools/security/haka/default.nix @@ -8,9 +8,7 @@ stdenv.mkDerivation rec { src = fetchurl { name = "haka_${version}_source.tar.gz"; url = "https://github.com/haka-security/haka/releases/download/v${version}/haka_${version}_source.tar.gz"; - - # https://github.com/haka-security/haka/releases/download/v${version}/haka_${version}_source.tar.gz.sha1.txt - sha1 = "87625ed32841cc0b3aa92aa49397ce71ce434bc2"; + sha256 = "0dm39g3k77sa70zrjsqadidg27a6iqq61jzfdxazpllnrw4mjy4w"; }; NIX_CFLAGS_COMPILE = "-Wno-error"; diff --git a/pkgs/tools/security/hologram/default.nix b/pkgs/tools/security/hologram/default.nix index e7673cf58422b..abdcd5d2d3eb0 100644 --- a/pkgs/tools/security/hologram/default.nix +++ b/pkgs/tools/security/hologram/default.nix @@ -2,16 +2,24 @@ buildGoPackage rec { name = "hologram-${version}"; - version = "20160209-${stdenv.lib.strings.substring 0 7 rev}"; - rev = "8d86e3fdcbfd967ba58d8de02f5e8173c101212e"; - - goPackagePath = "github.com/AdRoll/hologram"; + version = "20170130-${stdenv.lib.strings.substring 0 7 rev}"; + rev = "d20d1c30379e7010e8f9c428a5b9e82f54d390e1"; src = fetchgit { inherit rev; url = "https://github.com/AdRoll/hologram"; - sha256 = "0i0p170brdsczfz079mqbc5y7x7mdph04p3wgqsd7xcrddvlkkaf"; + sha256 = "0dg5kfs16kf2gzhpmzsg83qzi2pxgnc9g81lw5zpa6fmzpa9kgsn"; }; + goPackagePath = "github.com/AdRoll/hologram"; + goDeps = ./deps.nix; + + meta = with stdenv.lib; { + homepage = https://github.com/AdRoll/hologram/; + description = "Easy, painless AWS credentials on developer laptops."; + maintainers = with maintainers; [ nand0p ]; + platforms = platforms.all; + license = licenses.asl20; + }; } diff --git a/pkgs/tools/security/hologram/deps.nix b/pkgs/tools/security/hologram/deps.nix index 2c4cdbe84f00d..a9b66da2a9c0a 100644 --- a/pkgs/tools/security/hologram/deps.nix +++ b/pkgs/tools/security/hologram/deps.nix @@ -98,4 +98,13 @@ sha256 = "179lwaf0hvczl8g4xzkpcpzq25p1b23f7399bx5zl55iin62d8yz"; }; } + { + goPackagePath = "github.com/aws/aws-sdk-go"; + fetch = { + type = "git"; + url = "https://github.com/aws/aws-sdk-go"; + rev = "3f8f870ec9939e32b3372abf74d24e468bcd285d"; + sha256 = "0a4hycs3d87s50z4prf5h6918r0fa2rvrrwlbffs430ilc4y8ghv"; + }; + } ] diff --git a/pkgs/tools/security/john/default.nix b/pkgs/tools/security/john/default.nix index c44f144bea689..f5d253af9ff34 100644 --- a/pkgs/tools/security/john/default.nix +++ b/pkgs/tools/security/john/default.nix @@ -30,7 +30,10 @@ stdenv.mkDerivation rec { configureFlags = [ "--disable-native-macro" ]; buildInputs = [ openssl nss nspr kerberos gmp zlib libpcap re2 gcc ]; - enableParallelBuilding = true; + + # gcc -DAC_BUILT -Wall vncpcap2john.o memdbg.o -g -lpcap -fopenmp -o ../run/vncpcap2john + # gcc: error: memdbg.o: No such file or directory + enableParallelBuilding = false; NIX_CFLAGS_COMPILE = [ "-DJOHN_SYSTEMWIDE=1" ]; diff --git a/pkgs/tools/security/kbfs/default.nix b/pkgs/tools/security/kbfs/default.nix index a38e70df63232..e502c296a50ea 100644 --- a/pkgs/tools/security/kbfs/default.nix +++ b/pkgs/tools/security/kbfs/default.nix @@ -1,8 +1,8 @@ { stdenv, buildGoPackage, fetchFromGitHub }: buildGoPackage rec { - name = "kbfs-2016-11-18-git"; - version = "1.0.2"; + name = "kbfs-${version}"; + version = "20170209.d1db463"; goPackagePath = "github.com/keybase/kbfs"; subPackages = [ "kbfsfuse" ]; @@ -12,8 +12,8 @@ buildGoPackage rec { src = fetchFromGitHub { owner = "keybase"; repo = "kbfs"; - rev = "aac615d7c50e7512a51a133c14cb699d9941ba8c"; - sha256 = "0vah6x37g2w1f7mb5x16f1815608mvv2d1mrpkpnhz2gz7qzz6bv"; + rev = "d1db46315d9271f21ca2700a84ca19767e638296"; + sha256 = "12i2m370r27mmn37s55krdkhr5k8kpl3x8y3gzg7w5zn2wiw8i1g"; }; buildFlags = [ "-tags production" ]; diff --git a/pkgs/tools/security/keybase-gui/default.nix b/pkgs/tools/security/keybase-gui/default.nix new file mode 100644 index 0000000000000..636b955ddfc2a --- /dev/null +++ b/pkgs/tools/security/keybase-gui/default.nix @@ -0,0 +1,91 @@ +{ stdenv, fetchurl, buildFHSUserEnv, writeTextFile, alsaLib, atk, cairo, cups +, dbus, expat, fontconfig, freetype, gcc, gdk_pixbuf, glib, gnome2, gtk2, nspr +, nss, pango, systemd, xorg, utillinuxMinimal }: + +let + libPath = stdenv.lib.makeLibraryPath [ + alsaLib + atk + cairo + cups + dbus + expat + fontconfig + freetype + gcc.cc + gdk_pixbuf + glib + gnome2.GConf + gtk2 + nspr + nss + pango + systemd + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + ]; +in +stdenv.mkDerivation rec { + name = "keybase-gui-${version}"; + version = "1.0.23-20170519175207.d6c5e9e"; + src = fetchurl { + url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version}_amd64.deb"; + sha256 = "14nylwpd64ngx1kdb4pk2laghslx9872fb2a9jgkbgbgnan5nkmm"; + }; + phases = ["unpackPhase" "installPhase" "fixupPhase"]; + unpackPhase = '' + ar xf $src + tar xf data.tar.xz + ''; + installPhase = '' + mkdir -p $out/{bin,share} + mv opt/keybase $out/share/ + + cat > $out/bin/keybase-gui <<EOF + #!${stdenv.shell} + + checkFailed() { + if [ "\$NIX_SKIP_KEYBASE_CHECKS" = "1" ]; then + return + fi + echo "Set NIX_SKIP_KEYBASE_CHECKS=1 if you want to skip this check." >&2 + exit 1 + } + + if [ ! -S "\$XDG_RUNTIME_DIR/keybase/keybased.sock" ]; then + echo "Keybase service doesn't seem to be running." >&2 + echo "You might need to run: keybase service" >&2 + checkFailed + fi + + ${utillinuxMinimal}/bin/mountpoint /keybase &>/dev/null + if [ "\$?" -ne "0" ]; then + echo "Keybase is not mounted to /keybase." >&2 + echo "You might need to run: kbfsfuse /keybase" >&2 + checkFailed + fi + + exec $out/share/keybase/Keybase "\$@" + EOF + chmod +x $out/bin/keybase-gui + ''; + postFixup = '' + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) --set-rpath "${libPath}:\$ORIGIN" "$out/share/keybase/Keybase" + ''; + + meta = with stdenv.lib; { + homepage = https://www.keybase.io/; + description = "The Keybase official GUI."; + platforms = platforms.linux; + maintainers = with maintainers; [ puffnfresh ]; + }; +} diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index fbed233b090d8..5d212c0b80f5f 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -2,8 +2,7 @@ buildGoPackage rec { name = "keybase-${version}"; - version = "1.0.18"; - rev = "v${version}"; + version = "1.0.20"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/keybase" ]; @@ -11,10 +10,10 @@ buildGoPackage rec { dontRenameImports = true; src = fetchFromGitHub { - owner = "keybase"; - repo = "client"; - inherit rev; - sha256 = "16n9fwx8v3jradp1l2564872akq6npib794jadfl5d122cll0n7h"; + owner = "keybase"; + repo = "client"; + rev = "v${version}"; + sha256 = "1418x2z1j4bzq29qab8pmqrvg8piycqcabdjmq2inkvlll3s5n3v"; }; buildFlags = [ "-tags production" ]; diff --git a/pkgs/tools/security/ksshaskpass/default.nix b/pkgs/tools/security/ksshaskpass/default.nix deleted file mode 100644 index a668f57c5bbee..0000000000000 --- a/pkgs/tools/security/ksshaskpass/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ stdenv, fetchurl, kdelibs -, automoc4, cmake, perl, pkgconfig -}: - -stdenv.mkDerivation { - name = "ksshaskpass-0.5.3"; - - src = fetchurl { - url = http://kde-apps.org/CONTENT/content-files/50971-ksshaskpass-0.5.3.tar.gz; - sha256 = "0911i8jr0nzqah8xidb8wba55a2skaidj3klv3cw6bm5fjx7x953"; - }; - - nativeBuildInputs = [ automoc4 cmake perl pkgconfig ]; - - buildInputs = [ kdelibs ]; - - patchPhase = '' - sed -i 's@/usr/bin/@@' src/ksshaskpass.desktop - ''; - - meta = { - homepage = http://kde-apps.org/content/show.php?content=50971; - description = "A KDE 4 version of ssh-askpass with KWallet support"; - license = stdenv.lib.licenses.gpl2Plus; - inherit (kdelibs.meta) platforms; - }; -} diff --git a/pkgs/tools/security/lastpass-cli/default.nix b/pkgs/tools/security/lastpass-cli/default.nix index 7b6720a2139bb..e404223990568 100644 --- a/pkgs/tools/security/lastpass-cli/default.nix +++ b/pkgs/tools/security/lastpass-cli/default.nix @@ -1,19 +1,21 @@ -{ stdenv, lib, fetchFromGitHub, pkgconfig, openssl, curl, libxml2, libxslt, asciidoc, docbook_xsl }: +{ stdenv, lib, fetchFromGitHub, cmake, pkgconfig +, openssl, curl, libxml2, libxslt, asciidoc, docbook_xsl }: stdenv.mkDerivation rec { name = "lastpass-cli-${version}"; - version = "1.0.0"; + version = "1.1.1"; src = fetchFromGitHub { owner = "lastpass"; repo = "lastpass-cli"; rev = "v${version}"; - sha256 = "0hidx2qfr52bwjb6as4fbfa34jqh3zwvrcx590vbsji3bq4g7avb"; + sha256 = "1slqrv877c1bhivgd2i9cr1lsd72371dpz6a3h6s56l3qbyk28sa"; }; + nativeBuildInputs = [ cmake pkgconfig ]; buildInputs = [ - openssl curl libxml2 pkgconfig asciidoc docbook_xsl libxslt + openssl curl libxml2 asciidoc docbook_xsl libxslt ]; makeFlags = "PREFIX=$(out)"; diff --git a/pkgs/tools/security/masscan/default.nix b/pkgs/tools/security/masscan/default.nix new file mode 100644 index 0000000000000..46c90481628d6 --- /dev/null +++ b/pkgs/tools/security/masscan/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, libpcap }: + +stdenv.mkDerivation rec { + name = "masscan-${version}"; + version = "2016-11-03"; + + src = fetchFromGitHub { + owner = "robertdavidgraham"; + repo = "masscan"; + rev = "dc88677a11dc3d9a5f6aa55cc1377bc17dba1496"; + sha256 = "1mdjqkn4gnbwr5nci6i6xn7qzkjgq7dx37fzd6gghv87xgw7cdbg"; + }; + + buildInputs = [ libpcap ]; + + makeFlags = [ "PREFIX=$(out)" "CC=cc" "-j" ]; + + postInstall = '' + mkdir -p $out/share/man/man8 + mkdir -p $out/share/{doc,licenses}/masscan + mkdir -p $out/etc/masscan + + cp data/exclude.conf $out/etc/masscan + cp -t $out/share/doc/masscan doc/algorithm.js doc/howto-afl.md doc/bot.hml + cp doc/masscan.8 $out/share/man/man8/masscan.8 + cp LICENSE $out/share/licenses/masscan/LICENSE + ''; + + meta = with stdenv.lib; { + description = "Fast scan of the Internet"; + homepage = https://github.com/robertdavidgraham/masscan; + license = licenses.agpl3; + platforms = with platforms; allBut darwin; + maintainers = with maintainers; [ rnhmjoj ]; + }; +} diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile new file mode 100644 index 0000000000000..52987d4bf8c81 --- /dev/null +++ b/pkgs/tools/security/metasploit/Gemfile @@ -0,0 +1,4 @@ +# frozen_string_literal: true +source "https://rubygems.org" + +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/4.14.17" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock new file mode 100644 index 0000000000000..f19dc8b068e20 --- /dev/null +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -0,0 +1,264 @@ +GIT + remote: https://github.com/rapid7/metasploit-framework + revision: fd3da8f3350d6cf7f0449bf0ead4d51747525c0a + ref: refs/tags/4.14.17 + specs: + metasploit-framework (4.14.17) + actionpack (~> 4.2.6) + activerecord (~> 4.2.6) + activesupport (~> 4.2.6) + bcrypt + bit-struct + filesize + jsobfu + json + metasm + metasploit-concern + metasploit-credential + metasploit-model + metasploit-payloads (= 1.2.29) + metasploit_data_models + metasploit_payloads-mettle (= 0.1.9) + msgpack + nessus_rest + net-ssh + network_interface + nexpose + nokogiri + octokit + openssl-ccm + openvas-omp + packetfu + patch_finder + pcaprub + pg + railties + rb-readline + recog + redcarpet + rex-arch (= 0.1.4) + rex-bin_tools + rex-core + rex-encoder + rex-exploitation + rex-java + rex-mime + rex-nop + rex-ole + rex-powershell + rex-random_identifier + rex-registry + rex-rop_builder + rex-socket + rex-sslscan + rex-struct2 + rex-text + rex-zip + robots + ruby_smb + rubyntlm + rubyzip + sqlite3 + sshkey + tzinfo + tzinfo-data + windows_error + xmlrpc + +GEM + remote: https://rubygems.org/ + specs: + actionpack (4.2.8) + actionview (= 4.2.8) + activesupport (= 4.2.8) + rack (~> 1.6) + rack-test (~> 0.6.2) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (4.2.8) + activesupport (= 4.2.8) + builder (~> 3.1) + erubis (~> 2.7.0) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activemodel (4.2.8) + activesupport (= 4.2.8) + builder (~> 3.1) + activerecord (4.2.8) + activemodel (= 4.2.8) + activesupport (= 4.2.8) + arel (~> 6.0) + activesupport (4.2.8) + i18n (~> 0.7) + minitest (~> 5.1) + thread_safe (~> 0.3, >= 0.3.4) + tzinfo (~> 1.1) + addressable (2.5.1) + public_suffix (~> 2.0, >= 2.0.2) + arel (6.0.4) + arel-helpers (2.3.0) + activerecord (>= 3.1.0, < 6) + bcrypt (3.1.11) + bindata (2.4.0) + bit-struct (0.16) + builder (3.2.3) + erubis (2.7.0) + faraday (0.12.1) + multipart-post (>= 1.2, < 3) + filesize (0.1.1) + i18n (0.8.1) + jsobfu (0.4.2) + rkelly-remix + json (2.1.0) + loofah (2.0.3) + nokogiri (>= 1.5.9) + metasm (1.0.3) + metasploit-concern (2.0.4) + activemodel (~> 4.2.6) + activesupport (~> 4.2.6) + railties (~> 4.2.6) + metasploit-credential (2.0.9) + metasploit-concern + metasploit-model + metasploit_data_models + pg + railties + rubyntlm + rubyzip + metasploit-model (2.0.4) + activemodel (~> 4.2.6) + activesupport (~> 4.2.6) + railties (~> 4.2.6) + metasploit-payloads (1.2.29) + metasploit_data_models (2.0.14) + activerecord (~> 4.2.6) + activesupport (~> 4.2.6) + arel-helpers + metasploit-concern + metasploit-model + pg + postgres_ext + railties (~> 4.2.6) + recog (~> 2.0) + metasploit_payloads-mettle (0.1.9) + mini_portile2 (2.1.0) + minitest (5.10.2) + msgpack (1.1.0) + multipart-post (2.0.0) + nessus_rest (0.1.6) + net-ssh (4.1.0) + network_interface (0.0.1) + nexpose (6.0.0) + nokogiri (1.7.2) + mini_portile2 (~> 2.1.0) + octokit (4.7.0) + sawyer (~> 0.8.0, >= 0.5.3) + openssl-ccm (1.2.1) + openvas-omp (0.0.4) + packetfu (1.1.13) + pcaprub + patch_finder (1.0.2) + pcaprub (0.12.4) + pg (0.20.0) + pg_array_parser (0.0.9) + postgres_ext (3.0.0) + activerecord (>= 4.0.0) + arel (>= 4.0.1) + pg_array_parser (~> 0.0.9) + public_suffix (2.0.5) + rack (1.6.6) + rack-test (0.6.3) + rack (>= 1.0) + rails-deprecated_sanitizer (1.0.3) + activesupport (>= 4.2.0.alpha) + rails-dom-testing (1.0.8) + activesupport (>= 4.2.0.beta, < 5.0) + nokogiri (~> 1.6) + rails-deprecated_sanitizer (>= 1.0.1) + rails-html-sanitizer (1.0.3) + loofah (~> 2.0) + railties (4.2.8) + actionpack (= 4.2.8) + activesupport (= 4.2.8) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (12.0.0) + rb-readline (0.5.4) + recog (2.1.6) + nokogiri + redcarpet (3.4.0) + rex-arch (0.1.4) + rex-text + rex-bin_tools (0.1.3) + metasm + rex-arch + rex-core + rex-struct2 + rex-text + rex-core (0.1.10) + rex-encoder (0.1.4) + metasm + rex-arch + rex-text + rex-exploitation (0.1.14) + jsobfu + metasm + rex-arch + rex-encoder + rex-text + rex-java (0.1.5) + rex-mime (0.1.5) + rex-text + rex-nop (0.1.1) + rex-arch + rex-ole (0.1.6) + rex-text + rex-powershell (0.1.72) + rex-random_identifier + rex-text + rex-random_identifier (0.1.2) + rex-text + rex-registry (0.1.3) + rex-rop_builder (0.1.3) + metasm + rex-core + rex-text + rex-socket (0.1.6) + rex-core + rex-sslscan (0.1.4) + rex-socket + rex-text + rex-struct2 (0.1.2) + rex-text (0.2.15) + rex-zip (0.1.3) + rex-text + rkelly-remix (0.0.7) + robots (0.10.1) + ruby_smb (0.0.12) + bindata + rubyntlm + windows_error + rubyntlm (0.6.2) + rubyzip (1.2.1) + sawyer (0.8.1) + addressable (>= 2.3.5, < 2.6) + faraday (~> 0.8, < 1.0) + sqlite3 (1.3.13) + sshkey (1.9.0) + thor (0.19.4) + thread_safe (0.3.6) + tzinfo (1.2.3) + thread_safe (~> 0.1) + tzinfo-data (1.2017.2) + tzinfo (>= 1.0.0) + windows_error (0.1.2) + xmlrpc (0.3.0) + +PLATFORMS + ruby + +DEPENDENCIES + metasploit-framework! + +BUNDLED WITH + 1.14.6 diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index 41d9934191d75..5e21996caac8a 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -1,34 +1,51 @@ -{ stdenv, fetchurl, makeWrapper, ruby }: - -stdenv.mkDerivation rec { +{ stdenv, fetchFromGitHub, makeWrapper, ruby, bundlerEnv, ncurses }: + +# Maintainer notes for updating: +# 1. increment version number in expression and in Gemfile +# 2. run $ nix-shell --command "bundler install && bundix" +# in metasploit in nixpkgs + +let + env = bundlerEnv { + inherit ruby; + name = "metasploit-bundler-env"; + gemdir = ./.; + }; +in stdenv.mkDerivation rec { name = "metasploit-framework-${version}"; - version = "3.3.1"; + version = "4.14.17"; - src = fetchurl { - url = "http://downloads.metasploit.com/data/releases/archive/framework-${version}.tar.bz2"; - sha256 = "07clzw1zfnqjhyydsc4mza238isai58p7aygh653qxsqb9a0j7qw"; + src = fetchFromGitHub { + owner = "rapid7"; + repo = "metasploit-framework"; + rev = version; + sha256 = "0g666lxin9f0v9vhfh3s913ym8fnh32rpfl1rpj8d8n1azch5fn0"; }; - buildInputs = [makeWrapper]; + buildInputs = [ makeWrapper ]; + + dontPatchelf = true; # stay away from exploit executables installPhase = '' - mkdir -p $out/share/msf - mkdir -p $out/bin + mkdir -p $out/{bin,share/msf} cp -r * $out/share/msf for i in $out/share/msf/msf*; do - makeWrapper $i $out/bin/$(basename $i) --prefix RUBYLIB : $out/share/msf/lib + bin=$out/bin/$(basename $i) + cat > $bin <<EOF +#!/bin/sh -e +exec ${env}/bin/bundle exec ${ruby}/bin/ruby $i "\$@" +EOF + chmod +x $bin done ''; - postInstall = '' - patchShebangs $out/share/msf - ''; - - meta = { + meta = with stdenv.lib; { description = "Metasploit Framework - a collection of exploits"; homepage = https://github.com/rapid7/metasploit-framework/wiki; - platforms = stdenv.lib.platforms.unix; + platforms = platforms.unix; + license = licenses.bsd3; + maintainers = [ maintainers.makefu ]; }; } diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix new file mode 100644 index 0000000000000..f4e4b91fcd99e --- /dev/null +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -0,0 +1,708 @@ +{ + actionpack = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09fbazl0ja80na2wadfp3fzmdmdy1lsb4wd2yg7anbj0zk0ap7a9"; + type = "gem"; + }; + version = "4.2.8"; + }; + actionview = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mg4a8143q2wjhjq4mngl69jkv249z5jvg0jkdribdv4zkg586rp"; + type = "gem"; + }; + version = "4.2.8"; + }; + activemodel = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "11vhh7zmp92880s5sx8r32v2p0b7xg039mfr92pjynpkz4q901ld"; + type = "gem"; + }; + version = "4.2.8"; + }; + activerecord = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1kk4dhn8jfhqfsf1dmb3a183gix6k46xr6cjkxj0rp51w2za1ns0"; + type = "gem"; + }; + version = "4.2.8"; + }; + activesupport = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wibdzd2f5l5rlsw1a1y3j3fhw2imrrbkxggdraa6q9qbdnc66hi"; + type = "gem"; + }; + version = "4.2.8"; + }; + addressable = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1i8q32a4gr0zghxylpyy7jfqwxvwrivsxflg9mks6kx92frh75mh"; + type = "gem"; + }; + version = "2.5.1"; + }; + arel = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nfcrdiys6q6ylxiblky9jyssrw2xj96fmxmal7f4f0jj3417vj4"; + type = "gem"; + }; + version = "6.0.4"; + }; + arel-helpers = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0k8hqa2505b2s3w6gajh2lvi2mn832yqldiy2z4c55phzkmr08sr"; + type = "gem"; + }; + version = "2.3.0"; + }; + bcrypt = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1d254sdhdj6mzak3fb5x3jam8b94pvl1srladvs53j05a89j5z50"; + type = "gem"; + }; + version = "3.1.11"; + }; + bindata = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "10sii2chgnkp2jw830sbr2wb20p8p1wcwrl9jhadkw94f505qcyg"; + type = "gem"; + }; + version = "2.4.0"; + }; + bit-struct = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1w7x1fh4a6inpb46imhdf4xrq0z4d6zdpg7sdf8n98pif2hx50sx"; + type = "gem"; + }; + version = "0.16"; + }; + builder = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qibi5s67lpdv1wgcj66wcymcr04q6j4mzws6a479n0mlrmh5wr1"; + type = "gem"; + }; + version = "3.2.3"; + }; + erubis = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1fj827xqjs91yqsydf0zmfyw9p4l2jz5yikg3mppz6d7fi8kyrb3"; + type = "gem"; + }; + version = "2.7.0"; + }; + faraday = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1wkx9844vacsk2229xbc27djf6zw15kqd60ifr78whf9mp9v6l03"; + type = "gem"; + }; + version = "0.12.1"; + }; + filesize = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "061qmg82mm9xnmnq3b7gbi24g28xk62w0b0nw86gybd07m1jn989"; + type = "gem"; + }; + version = "0.1.1"; + }; + i18n = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1s6971zmjxszdrp59vybns9gzxpdxzdklakc5lp8nl4fx5kpxkbp"; + type = "gem"; + }; + version = "0.8.1"; + }; + jsobfu = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hchns89cfj0gggm2zbr7ghb630imxm2x2d21ffx2jlasn9xbkyk"; + type = "gem"; + }; + version = "0.4.2"; + }; + json = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01v6jjpvh3gnq6sgllpfqahlgxzj50ailwhj9b3cd20hi2dx0vxp"; + type = "gem"; + }; + version = "2.1.0"; + }; + loofah = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "109ps521p0sr3kgc460d58b4pr1z4mqggan2jbsf0aajy9s6xis8"; + type = "gem"; + }; + version = "2.0.3"; + }; + metasm = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gss57q4lv6l0jkih77zffrpjjzgkdcsy7b9nvvawyzknis9w4s5"; + type = "gem"; + }; + version = "1.0.3"; + }; + metasploit-concern = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0kqby5ycxhr0jfzvjqkdgjbqqjrg8jlmcxw8myrm0875hybyl1mq"; + type = "gem"; + }; + version = "2.0.4"; + }; + metasploit-credential = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1y36f1f4nw0imhfbckl213ah7qgfldrkv2fpv2acslb6iqiaa3gk"; + type = "gem"; + }; + version = "2.0.9"; + }; + metasploit-framework = { + source = { + fetchSubmodules = false; + rev = "fd3da8f3350d6cf7f0449bf0ead4d51747525c0a"; + sha256 = "1r04drq34qfbhmhp0mqnm13vrycr7dcq670zk8xqiif5rhbij6qv"; + type = "git"; + url = "https://github.com/rapid7/metasploit-framework"; + }; + version = "4.14.17"; + }; + metasploit-model = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "05pnai1cv00xw87rrz38dz4s3ss45s90290d0knsy1mq6rp8yvmw"; + type = "gem"; + }; + version = "2.0.4"; + }; + metasploit-payloads = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0c6wvnxgwdiryz5skzrp2wcfbxp57icaclckjcaxlw63v09wgjii"; + type = "gem"; + }; + version = "1.2.29"; + }; + metasploit_data_models = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0hb2wsz3d4xgjf6dlf7nzxlv6q7rcdgn1pj79xs3g8al38zi129g"; + type = "gem"; + }; + version = "2.0.14"; + }; + metasploit_payloads-mettle = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "058ijqznh4xqx3d6dph5gwdsmj96z4n46rl1mm85fyxpgpkifqd1"; + type = "gem"; + }; + version = "0.1.9"; + }; + mini_portile2 = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1y25adxb1hgg1wb2rn20g3vl07qziq6fz364jc5694611zz863hb"; + type = "gem"; + }; + version = "2.1.0"; + }; + minitest = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "11my86fnihvpndyknn3c14hc82nhsgggnhlxh8h3bdjpmfsvl0my"; + type = "gem"; + }; + version = "5.10.2"; + }; + msgpack = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ck7w17d6b4jbb8inh1q57bghi9cjkiaxql1d3glmj1yavbpmlh7"; + type = "gem"; + }; + version = "1.1.0"; + }; + multipart-post = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09k0b3cybqilk1gwrwwain95rdypixb2q9w65gd44gfzsd84xi1x"; + type = "gem"; + }; + version = "2.0.0"; + }; + nessus_rest = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1allyrd4rll333zbmsi3hcyg6cw1dhc4bg347ibsw191nswnp8ci"; + type = "gem"; + }; + version = "0.1.6"; + }; + net-ssh = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "013p5jb4wy0cq7x7036piw2a3s1i9p752ki1srx2m289mpz4ml3q"; + type = "gem"; + }; + version = "4.1.0"; + }; + network_interface = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ir4c1vbz1y0gxyih024262i7ig1nji1lkylcrn9pjzx3798p97a"; + type = "gem"; + }; + version = "0.0.1"; + }; + nexpose = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jdhhzzs3b3rav6imx8jn9920cjj83yjvz35q169y0ppla2xzqbg"; + type = "gem"; + }; + version = "6.0.0"; + }; + nokogiri = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jd8q3pr5rkrxx1vklvhcqcgl8kmfv5c8ny36ni3z5mirw6cm70c"; + type = "gem"; + }; + version = "1.7.2"; + }; + octokit = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h6cm7bi0y7ysjgwws3paaipqdld6c0m0niazrjahhpz88qqq1g4"; + type = "gem"; + }; + version = "4.7.0"; + }; + openssl-ccm = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "18h5lxv0zh4j2f0wnhdmfz63x02vbzbq2k1clz6kzr0q83h8kj9c"; + type = "gem"; + }; + version = "1.2.1"; + }; + openvas-omp = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14xf614vd76qjdjxjv14mmjar6s64fwp4cwb7bv5g1wc29srg28x"; + type = "gem"; + }; + version = "0.0.4"; + }; + packetfu = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16ppq9wfxq4x2hss61l5brs3s6fmi8gb50mnp1nnnzb1asq4g8ll"; + type = "gem"; + }; + version = "1.1.13"; + }; + patch_finder = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1md9scls55n1riw26vw1ak0ajq38dfygr36l0h00wqhv51cq745m"; + type = "gem"; + }; + version = "1.0.2"; + }; + pcaprub = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pl4lqy7308185pfv0197n8b4v20fhd0zb3wlpz284rk8ssclkvz"; + type = "gem"; + }; + version = "0.12.4"; + }; + pg = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03xcgwjs6faxis81jxf2plnlalg55dhhafqv3kvjxfr8ic7plpw5"; + type = "gem"; + }; + version = "0.20.0"; + }; + pg_array_parser = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1034dhg8h53j48sfm373js54skg4vpndjga6hzn2zylflikrrf3s"; + type = "gem"; + }; + version = "0.0.9"; + }; + postgres_ext = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1lbp1qf5s1addhznm7d4bzks9adh7jpilgcsr8k7mbd0a1ailcgc"; + type = "gem"; + }; + version = "3.0.0"; + }; + public_suffix = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "040jf98jpp6w140ghkhw2hvc1qx41zvywx5gj7r2ylr1148qnj7q"; + type = "gem"; + }; + version = "2.0.5"; + }; + rack = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "073d6rjgqfb4xjhbshyrflqgbdvxqvx4b907j2d4mi5qgbv8y2ax"; + type = "gem"; + }; + version = "1.6.6"; + }; + rack-test = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h6x5jq24makgv2fq5qqgjlrk74dxfy62jif9blk43llw8ib2q7z"; + type = "gem"; + }; + version = "0.6.3"; + }; + rails-deprecated_sanitizer = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qxymchzdxww8bjsxj05kbf86hsmrjx40r41ksj0xsixr2gmhbbj"; + type = "gem"; + }; + version = "1.0.3"; + }; + rails-dom-testing = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ny7mbjxhq20rzg4pivvyvk14irmc7cn20kxfk3vc0z2r2c49p8r"; + type = "gem"; + }; + version = "1.0.8"; + }; + rails-html-sanitizer = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "138fd86kv073zqfx0xifm646w6bgw2lr8snk16lknrrfrss8xnm7"; + type = "gem"; + }; + version = "1.0.3"; + }; + railties = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0bavl4hj7bnl3ryqi9rvykm410kflplgingkcxasfv1gdilddh4g"; + type = "gem"; + }; + version = "4.2.8"; + }; + rake = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01j8fc9bqjnrsxbppncai05h43315vmz9fwg28qdsgcjw9ck1d7n"; + type = "gem"; + }; + version = "12.0.0"; + }; + rb-readline = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "170m6d2298s9kfbd4y3zzj4irsnd15qlbgi6kk93m88lkh9qzy3a"; + type = "gem"; + }; + version = "0.5.4"; + }; + recog = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08ypzrn40jbjbzwdbbjkcqdm74zlsc0yr2iqs0yn479fa5k8ajw4"; + type = "gem"; + }; + version = "2.1.6"; + }; + redcarpet = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h9qz2hik4s9knpmbwrzb3jcp3vc5vygp9ya8lcpl7f1l9khmcd7"; + type = "gem"; + }; + version = "3.4.0"; + }; + rex-arch = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1y2mzv6wkqgclxl1x65mdq4d0lcgbbny4r1v24c16gi4jg9nsnc1"; + type = "gem"; + }; + version = "0.1.4"; + }; + rex-bin_tools = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0skrbpyal6anh4g1nsaf9ypg5sd2ghxxmghasxw4p1s1i1xbmhwr"; + type = "gem"; + }; + version = "0.1.3"; + }; + rex-core = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09xbslrwbc9d0rp24y1pdgc6650ciwicq4q7skjz74rprr9wj16f"; + type = "gem"; + }; + version = "0.1.10"; + }; + rex-encoder = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1zm5jdxgyyp8pkfqwin34izpxdrmglx6vmk20ifnvcsm55c9m70z"; + type = "gem"; + }; + version = "0.1.4"; + }; + rex-exploitation = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gbj28jqaaldpk4qzysgcl6m0wcqx3gcldarqdk55p5z9zasrk19"; + type = "gem"; + }; + version = "0.1.14"; + }; + rex-java = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0j58k02p5g9snkpak64sb4aymkrvrh9xpqh8wsnya4w7b86w2y6i"; + type = "gem"; + }; + version = "0.1.5"; + }; + rex-mime = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15a14kz429h7pn81ysa6av3qijxjmxagjff6dyss5v394fxzxf4a"; + type = "gem"; + }; + version = "0.1.5"; + }; + rex-nop = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0aigf9qsqsmiraa6zvfy1a7cyvf7zc3iyhzxi6fjv5sb8f64d6ny"; + type = "gem"; + }; + version = "0.1.1"; + }; + rex-ole = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1pnzbqfnvbs0vc0z0ryszk3fxhgxrjd6gzwqa937rhlphwp5jpww"; + type = "gem"; + }; + version = "0.1.6"; + }; + rex-powershell = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nl60fdd1rlckk95d3s3y873w84vb0sgwvwxdzv414qxz8icpjnm"; + type = "gem"; + }; + version = "0.1.72"; + }; + rex-random_identifier = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0cksrljaw61mdjvbmj9vqqhd8nra7jv466w5nim47n73rj72jc19"; + type = "gem"; + }; + version = "0.1.2"; + }; + rex-registry = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wv812ghnz143vx10ixmv32ypj1xrzr4rh4kgam8d8wwjwxsgw1q"; + type = "gem"; + }; + version = "0.1.3"; + }; + rex-rop_builder = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xjd3d6wnbq4ym0d0m268md8fb16f2hbwrahvxnl14q63fj9i3wy"; + type = "gem"; + }; + version = "0.1.3"; + }; + rex-socket = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0r39782f2qpq83wsi72213v344gq4rccch98i376fx8bayh0dygh"; + type = "gem"; + }; + version = "0.1.6"; + }; + rex-sslscan = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0r5cy1kng1ggjycn7a8vpval7clhr0yxhd7rgn2hasxl2p3c7i8v"; + type = "gem"; + }; + version = "0.1.4"; + }; + rex-struct2 = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1nbdn53264a20cr2m2nq2v4mg0n33dvrd1jj1sixl37qjzw2k452"; + type = "gem"; + }; + version = "0.1.2"; + }; + rex-text = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "024miva867h4wv4y1lnxxrw2d7p51va32ismxqf3fsz4s9cqc88m"; + type = "gem"; + }; + version = "0.2.15"; + }; + rex-zip = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mbfryyhcw47i7jb8cs8vilbyqgyiyjkfl1ngl6wdbf7d87dwdw7"; + type = "gem"; + }; + version = "0.1.3"; + }; + rkelly-remix = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1g7hjl9nx7f953y7lncmfgp0xgxfxvgfm367q6da9niik6rp1y3j"; + type = "gem"; + }; + version = "0.0.7"; + }; + robots = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "141gvihcr2c0dpzl3dqyh8kqc9121prfdql2iamaaw0mf9qs3njs"; + type = "gem"; + }; + version = "0.10.1"; + }; + ruby_smb = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1v2acyx6csndb08sidb1pbixn2dlx9s75cpnjv4riwj0qlp8blli"; + type = "gem"; + }; + version = "0.0.12"; + }; + rubyntlm = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1p6bxsklkbcqni4bcq6jajc2n57g0w5rzn4r49c3lb04wz5xg0dy"; + type = "gem"; + }; + version = "0.6.2"; + }; + rubyzip = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06js4gznzgh8ac2ldvmjcmg9v1vg9llm357yckkpylaj6z456zqz"; + type = "gem"; + }; + version = "1.2.1"; + }; + sawyer = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0sv1463r7bqzvx4drqdmd36m7rrv6sf1v3c6vswpnq3k6vdw2dvd"; + type = "gem"; + }; + version = "0.8.1"; + }; + sqlite3 = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01ifzp8nwzqppda419c9wcvr8n82ysmisrs0hph9pdmv1lpa4f5i"; + type = "gem"; + }; + version = "1.3.13"; + }; + sshkey = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0g02lh50jd5z4l9bp7xirnfn3n1dh9lr06dv3xh0kr3yhsny059h"; + type = "gem"; + }; + version = "1.9.0"; + }; + thor = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01n5dv9kql60m6a00zc0r66jvaxx98qhdny3klyj0p3w34pad2ns"; + type = "gem"; + }; + version = "0.19.4"; + }; + thread_safe = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nmhcgq6cgz44srylra07bmaw99f5271l0dpsvl5f75m44l0gmwy"; + type = "gem"; + }; + version = "0.3.6"; + }; + tzinfo = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "05r81lk7q7275rdq7xipfm0yxgqyd2ggh73xpc98ypngcclqcscl"; + type = "gem"; + }; + version = "1.2.3"; + }; + tzinfo-data = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1n83rmy476d4qmzq74qx0j7lbcpskbvrj1bmy3np4d5pydyw2yky"; + type = "gem"; + }; + version = "1.2017.2"; + }; + windows_error = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0kbcv9j5sc7pvjzf1dkp6h69i6lmj205zyy2arxcfgqg11bsz2kp"; + type = "gem"; + }; + version = "0.1.2"; + }; + xmlrpc = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1s744iwblw262gj357pky3d9fcx9hisvla7rnw29ysn5zsb6i683"; + type = "gem"; + }; + version = "0.3.0"; + }; +} diff --git a/pkgs/tools/security/metasploit/shell.nix b/pkgs/tools/security/metasploit/shell.nix new file mode 100644 index 0000000000000..7d1b66ba419ff --- /dev/null +++ b/pkgs/tools/security/metasploit/shell.nix @@ -0,0 +1,14 @@ +# Env to update Gemfile.lock / gemset.nix +with import <nixpkgs> {}; +stdenv.mkDerivation { + name = "env"; + buildInputs = [ + sqlite + libpcap + postgresql + libxml2 + libxslt + pkgconfig + bundix + ]; +} diff --git a/pkgs/tools/security/minisign/default.nix b/pkgs/tools/security/minisign/default.nix index 1a573048aa4e0..6a8f6d79fe1cd 100644 --- a/pkgs/tools/security/minisign/default.nix +++ b/pkgs/tools/security/minisign/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "minisign-${version}"; - version = "0.6"; + version = "0.7"; src = fetchFromGitHub { repo = "minisign"; owner = "jedisct1"; rev = version; - sha256 = "1m71ngxaij3q1dw602kjgj22y5xfjlxrrkjdmx1v4p36y0n6wl92"; + sha256 = "15w8fgplkxiw9757qahwmgnl4bwx9mm0rnwp1izs2jcy1wy35vp8"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/tools/security/nitrokey-app/FixInstallDestination.patch b/pkgs/tools/security/nitrokey-app/FixInstallDestination.patch index 74e466069d93f..7acd7239b392b 100644 --- a/pkgs/tools/security/nitrokey-app/FixInstallDestination.patch +++ b/pkgs/tools/security/nitrokey-app/FixInstallDestination.patch @@ -1,57 +1,11 @@ --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -251,23 +251,23 @@ - # ${CMAKE_SOURCE_DIR}/data/icons/48x48 - # ${CMAKE_SOURCE_DIR}/data/icons/128x128 - ${CMAKE_SOURCE_DIR}/data/icons/ -- DESTINATION usr/share/icons/ -+ DESTINATION share/icons/ - ) - - install(FILES - ${CMAKE_SOURCE_DIR}/data/nitrokey-app.desktop -- DESTINATION usr/share/applications -+ DESTINATION share/applications - ) - - install(FILES - ${CMAKE_SOURCE_DIR}/data/icons/hicolor/128x128/apps/nitrokey-app.png -- DESTINATION usr/share/pixmaps -+ DESTINATION share/pixmaps - ) - - # Install Nitrokey udev rules - install(FILES - ${CMAKE_SOURCE_DIR}/data/40-nitrokey.rules -- DESTINATION usr/lib/udev/rules.d -+ DESTINATION lib/udev/rules.d - ) - +@@ -273,7 +273,7 @@ # Install autocompletion scripts -@@ -278,7 +278,7 @@ - install(FILES - ${CMAKE_SOURCE_DIR}/po/de_DE/nitrokey-app.mo -- DESTINATION usr/share/locale/de_DE/LC_MESSAGES -+ DESTINATION share/locale/de_DE/LC_MESSAGES + ${CMAKE_SOURCE_DIR}/data/bash-autocomplete/nitrokey-app +- DESTINATION /etc/bash_completion.d ++ DESTINATION etc/bash_completion.d ) install(FILES -@@ -286,7 +286,7 @@ - ${CMAKE_SOURCE_DIR}/images/quit.png - ${CMAKE_SOURCE_DIR}/images/safe_zahlenkreis.png - ${CMAKE_SOURCE_DIR}/images/settings.png -- DESTINATION usr/share/nitrokey -+ DESTINATION share/nitrokey - ) - - ENDIF () # NOT WIN32 -@@ -299,7 +299,7 @@ - ${resources_ouput} - ) - --INSTALL(TARGETS nitrokey-app DESTINATION usr/bin) -+INSTALL(TARGETS nitrokey-app DESTINATION bin) - - TARGET_LINK_LIBRARIES(nitrokey-app - ${QT_LIBRARIES} diff --git a/pkgs/tools/security/nitrokey-app/default.nix b/pkgs/tools/security/nitrokey-app/default.nix index 91d5e75272bc8..5e1baa4f57bf2 100644 --- a/pkgs/tools/security/nitrokey-app/default.nix +++ b/pkgs/tools/security/nitrokey-app/default.nix @@ -2,27 +2,29 @@ stdenv.mkDerivation rec { name = "nitrokey-app"; - version = "0.5.1"; + version = "0.6.3"; src = fetchFromGitHub { owner = "Nitrokey"; repo = "nitrokey-app"; rev = "v${version}"; - sha256 = "0acb2502r3wa0mry6h8sz1k16zaa4bgnhxwxqd1vd1y42xc6g9bw"; + sha256 = "1l5l4lwxmyd3jrafw19g12sfc42nd43sv7h7i4krqxnkk6gfx11q"; }; buildInputs = [ - cmake libusb1 - pkgconfig qt5.qtbase ]; + nativeBuildInputs = [ + cmake + pkgconfig + ]; patches = [ ./FixInstallDestination.patch ./HeaderPath.patch ]; cmakeFlags = "-DHAVE_LIBAPPINDICATOR=NO"; - meta = { + meta = with stdenv.lib; { description = "Provides extra functionality for the Nitrokey Pro and Storage"; longDescription = '' The nitrokey-app provides a QT system tray widget with wich you can @@ -31,7 +33,7 @@ stdenv.mkDerivation rec { ''; homepage = https://github.com/Nitrokey/nitrokey-app; repositories.git = https://github.com/Nitrokey/nitrokey-app.git; - license = stdenv.lib.licenses.gpl3; - maintainer = stdenv.lib.maintainers.kaiha; + license = licenses.gpl3; + maintainer = maintainers.kaiha; }; } diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index 9413f99208663..aefa82128ac10 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -1,12 +1,13 @@ { stdenv, fetchurl, libpcap, pkgconfig, openssl , graphicalSupport ? false -, gtk2 ? null , libX11 ? null +, gtk2 ? null , withPython ? false # required for the `ndiff` binary -, python2 ? null +, python2Packages ? null +, makeWrapper ? null }: -assert withPython -> python2 != null; +assert withPython -> python2Packages != null; with stdenv.lib; @@ -16,17 +17,13 @@ let # so automatically enable pythonSupport if graphicalSupport is requested. pythonSupport = withPython || graphicalSupport; - pythonEnv = python2.withPackages(ps: with ps; [] - ++ optionals graphicalSupport [ pycairo pygobject2 pygtk pysqlite ] - ); - in stdenv.mkDerivation rec { name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; - version = "7.31"; + version = "7.40"; src = fetchurl { url = "https://nmap.org/dist/nmap-${version}.tar.bz2"; - sha256 = "0hiqb28950kn4bjsmw0ksfyss7j2qdmgrj3xsjf7073pq01lx7yb"; + sha256 = "121i9mgyc28ra2825akd0ix5qyssv4xc2qlx296mam6hzxgnc54y"; }; patches = ./zenmap.patch; @@ -36,10 +33,17 @@ in stdenv.mkDerivation rec { ++ optional (!graphicalSupport) "--without-zenmap" ; - buildInputs = [ libpcap pkgconfig openssl ] - ++ optional pythonSupport pythonEnv - ++ optionals graphicalSupport [ gtk2 libX11 ] - ; + postInstall = optionalString pythonSupport '' + wrapProgram $out/bin/ndiff --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" + '' + optionalString graphicalSupport '' + wrapProgram $out/bin/zenmap --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" --prefix PYTHONPATH : $(toPythonPath $pygtk)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pygobject)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pycairo)/gtk-2.0 + ''; + + buildInputs = with python2Packages; [ libpcap pkgconfig openssl ] + ++ optionals pythonSupport [ makeWrapper python ] + ++ optionals graphicalSupport [ + libX11 gtk2 pygtk pysqlite pygobject2 pycairo + ]; meta = { description = "A free and open source utility for network discovery and security auditing"; diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index 672b95dec4502..302a5e251b03b 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -14,10 +14,6 @@ stdenv.mkDerivation rec { sha256 = "16y3ryx606nry2li05hm88bllrragdj3sfl3yh7pf71777n4lsk4"; }; - postPatch = '' - sed -i 's,$(DESTDIR),$(out),g' etc/Makefile.am - ''; - buildInputs = [ autoreconfHook pkgconfig zlib readline openssl pcsclite libassuan libXt libxslt libiconv docbook_xml_dtd_412 @@ -38,9 +34,11 @@ stdenv.mkDerivation rec { ]; installFlags = [ - "sysconfdir=\${out}/etc" + "sysconfdir=$(out)/etc" ]; + + meta = with stdenv.lib; { description = "Set of libraries and utilities to access smart cards"; homepage = https://github.com/OpenSC/OpenSC/wiki; diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index b0137619f0c1a..baa53492d3ee9 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -1,54 +1,32 @@ -{ stdenv, fetchurl -, coreutils, gnused, getopt, pwgen, git, tree, gnupg, which, procps +{ stdenv, lib, fetchurl +, coreutils, gnused, getopt, git, tree, gnupg, which, procps, qrencode , makeWrapper , xclip ? null, xdotool ? null, dmenu ? null , x11Support ? !stdenv.isDarwin }: +with lib; + assert x11Support -> xclip != null && xdotool != null && dmenu != null; stdenv.mkDerivation rec { - version = "1.6.5"; + version = "1.7.1"; name = "password-store-${version}"; src = fetchurl { url = "http://git.zx2c4.com/password-store/snapshot/${name}.tar.xz"; - sha256 = "05bk3lrp5jwg0v338lvylp7glpliydzz4jf5pjr6k3kagrv3jyik"; + sha256 = "0scqkpll2q8jhzcgcsh9kqz0gwdpvynivqjmmbzax2irjfaiklpn"; }; - patches = - [ ./program-name.patch - ./set-correct-program-name-for-sleep.patch - ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; - - buildInputs = [ makeWrapper ]; - - meta = with stdenv.lib; { - description = "Stores, retrieves, generates, and synchronizes passwords securely"; - homepage = http://www.passwordstore.org/; - license = licenses.gpl2Plus; - maintainers = with maintainers; [ lovek323 the-kenny ]; - platforms = platforms.unix; - - longDescription = '' - pass is a very simple password store that keeps passwords inside gpg2 - encrypted files inside a simple directory tree residing at - ~/.password-store. The pass utility provides a series of commands for - manipulating the password store, allowing the user to add, remove, edit, - synchronize, generate, and manipulate passwords. - ''; - }; + patches = [ ./set-correct-program-name-for-sleep.patch + ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; - preInstall = '' - mkdir -p "$out/share/bash-completion/completions" - mkdir -p "$out/share/zsh/site-functions" - mkdir -p "$out/share/fish/vendor_completions.d" - ''; + nativeBuildInputs = [ makeWrapper ]; - installFlags = [ "PREFIX=$(out)" ]; + installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; postInstall = '' # Install Emacs Mode. NOTE: We can't install the necessary @@ -56,10 +34,8 @@ stdenv.mkDerivation rec { # himself. mkdir -p "$out/share/emacs/site-lisp" cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/" - - ${if x11Support then '' - cp "contrib/dmenu/passmenu" "$out/bin/" - '' else ""} + '' + optionalString x11Support '' + cp "contrib/dmenu/passmenu" "$out/bin/" ''; wrapperPath = with stdenv.lib; makeBinPath ([ @@ -68,16 +44,16 @@ stdenv.mkDerivation rec { git gnupg gnused - pwgen tree which + qrencode ] ++ stdenv.lib.optional stdenv.isLinux procps ++ ifEnable x11Support [ dmenu xclip xdotool ]); postFixup = '' # Fix program name in --help substituteInPlace $out/bin/pass \ - --replace "\$program" "pass" + --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass" # Ensure all dependencies are in PATH wrapProgram $out/bin/pass \ @@ -88,4 +64,20 @@ stdenv.mkDerivation rec { wrapProgram $out/bin/passmenu \ --prefix PATH : "$out/bin:${wrapperPath}" ''; + + meta = with stdenv.lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = http://www.passwordstore.org/; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ lovek323 the-kenny fpletz ]; + platforms = platforms.unix; + + longDescription = '' + pass is a very simple password store that keeps passwords inside gpg2 + encrypted files inside a simple directory tree residing at + ~/.password-store. The pass utility provides a series of commands for + manipulating the password store, allowing the user to add, remove, edit, + synchronize, generate, and manipulate passwords. + ''; + }; } diff --git a/pkgs/tools/security/pass/program-name.patch b/pkgs/tools/security/pass/program-name.patch deleted file mode 100644 index db01942f638de..0000000000000 --- a/pkgs/tools/security/pass/program-name.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/password-store.sh b/src/password-store.sh -index 6313384..6607a98 100755 ---- a/src/password-store.sh -+++ b/src/password-store.sh -@@ -573,7 +573,7 @@ cmd_git() { - # END subcommand functions - # - --PROGRAM="${0##*/}" -+PROGRAM="pass" - COMMAND="$1" - - case "$1" in diff --git a/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch b/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch index f00307307eb57..782e06e20fd92 100644 --- a/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch +++ b/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch @@ -1,17 +1,20 @@ -From 6ad29ae97263060c9ec95856e0d8ab18409108c0 Mon Sep 17 00:00:00 2001 -From: Franz Pletz <fpletz@fnordicwalking.de> -Date: Sat, 3 Sep 2016 05:45:36 +0200 -Subject: [PATCH] Set correct program name for sleep +From 25b44e00ed5df8ffe2782d38ad5cd9f514379599 Mon Sep 17 00:00:00 2001 +From: "Andrew R. M" <andrewmiller237@gmail.com> +Date: Sat, 8 Apr 2017 13:50:01 -0400 +Subject: [PATCH] Patch the clip() function to work even when using + single-binary coreutils --- - src/password-store.sh | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) + src/password-store.sh | 4 ++-- + src/platform/cygwin.sh | 4 ++-- + src/platform/darwin.sh | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/password-store.sh b/src/password-store.sh -index 63be840..ca47df3 100755 +index 6a4172d..4dbd6b8 100755 --- a/src/password-store.sh +++ b/src/password-store.sh -@@ -133,11 +133,14 @@ clip() { +@@ -155,11 +155,11 @@ clip() { # variable. Specifically, it cannot store nulls nor (non-trivally) store # trailing new lines. local sleep_argv0="password store sleep on display $DISPLAY" @@ -20,14 +23,47 @@ index 63be840..ca47df3 100755 local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)" echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" ( +- ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" ) ++ ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") ) + local now="$(xclip -o -selection "$X_SELECTION" | base64)" + [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + +diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh +index 6e5dd86..f3574c4 100644 +--- a/src/platform/cygwin.sh ++++ b/src/platform/cygwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(base64 < /dev/clipboard)" + echo -n "$1" > /dev/clipboard + ( - ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) -+ # Execute sleep as a child process of bash because it may be -+ # a symlink to a single binary version of coreutils or busybox -+ # which depends on argv0 correctly set to "sleep" + ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) - local now="$(xclip -o -selection "$X_SELECTION" | base64)" + local now="$(base64 < /dev/clipboard)" [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + echo "$before" | base64 -d > /dev/clipboard +diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh +index 86eb325..deb04c4 100644 +--- a/src/platform/darwin.sh ++++ b/src/platform/darwin.sh +@@ -3,11 +3,11 @@ + clip() { + local sleep_argv0="password store sleep for user $(id -u)" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(pbpaste | openssl base64)" + echo -n "$1" | pbcopy + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(pbpaste | openssl base64)" + [[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now" + echo "$before" | openssl base64 -d | pbcopy -- -2.9.3 +2.12.2 diff --git a/pkgs/tools/security/pcsctools/default.nix b/pkgs/tools/security/pcsctools/default.nix index 2932143fa0e10..585e089b8af48 100644 --- a/pkgs/tools/security/pcsctools/default.nix +++ b/pkgs/tools/security/pcsctools/default.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchurl, makeWrapper, pkgconfig, udev, dbus_libs, pcsclite , wget, coreutils -, perl, pcscperl, Glib, Gtk2, Pango +, perl, pcscperl, Glib, Gtk2, Pango, Cairo }: let deps = lib.makeBinPath [ wget coreutils ]; @@ -23,7 +23,7 @@ in stdenv.mkDerivation rec { wrapProgram $out/bin/scriptor \ --set PERL5LIB "${lib.makePerlPath [ pcscperl ]}" wrapProgram $out/bin/gscriptor \ - --set PERL5LIB "${lib.makePerlPath [ pcscperl Glib Gtk2 Pango ]}" + --set PERL5LIB "${lib.makePerlPath [ pcscperl Glib Gtk2 Pango Cairo ]}" wrapProgram $out/bin/ATR_analysis \ --set PERL5LIB "${lib.makePerlPath [ pcscperl ]}" wrapProgram $out/bin/pcsc_scan \ diff --git a/pkgs/tools/security/pinentry-mac/default.nix b/pkgs/tools/security/pinentry-mac/default.nix index 7116d1777d6da..4cba1c7e61723 100644 --- a/pkgs/tools/security/pinentry-mac/default.nix +++ b/pkgs/tools/security/pinentry-mac/default.nix @@ -1,20 +1,22 @@ -{ fetchurl, stdenv }: +{ fetchurl, stdenv, fetchFromGitHub, xcbuild, libiconv, Cocoa, ncurses }: stdenv.mkDerivation rec { name = "pinentry-mac-0.9.4"; - src = fetchurl { - url = "https://github.com/GPGTools/pinentry-mac/archive/v0.9.4.tar.gz"; - sha256 = "037ebb010377d3a3879ae2a832cefc4513f5c397d7d887d7b86b4e5d9a628271"; + src = fetchFromGitHub { + owner = "matthewbauer"; + repo = "pinentry-mac"; + rev = "d60aa902644a1f0126ec50e79937423a3a7c3bc4"; + sha256 = "0xp4rdyj0mw6gg1z1wraggb1qlkjb5845mibrz3nj0l692da52nq"; }; - postPatch = '' - substituteInPlace ./Makefile --replace "xcodebuild" "/usr/bin/xcodebuild" - ''; + buildInputs = [ xcbuild libiconv Cocoa ncurses ]; + + dontUseXcbuild = true; installPhase = '' mkdir -p $out/Applications - mv build/Release/pinentry-mac.app $out/Applications + mv pinentry-mac-*/Build/Products/Release/pinentry-mac.app $out/Applications ''; passthru = { diff --git a/pkgs/tools/security/pinentry/qt5.nix b/pkgs/tools/security/pinentry/qt5.nix index 18648633a0971..375187a51463a 100644 --- a/pkgs/tools/security/pinentry/qt5.nix +++ b/pkgs/tools/security/pinentry/qt5.nix @@ -31,6 +31,8 @@ stdenv.mkDerivation rec { (mkEnable true "pinentry-qt") ]; + NIX_CFLAGS_COMPILE = [ "-std=c++11" ]; + nativeBuildInputs = [ pkgconfig ]; meta = { diff --git a/pkgs/tools/security/polkit-gnome/default.nix b/pkgs/tools/security/polkit-gnome/default.nix index 38d47e742a292..e8709130015f5 100644 --- a/pkgs/tools/security/polkit-gnome/default.nix +++ b/pkgs/tools/security/polkit-gnome/default.nix @@ -26,7 +26,7 @@ in stdenv.mkDerivation rec { homepage = http://hal.freedesktop.org/docs/PolicyKit/; description = "A dbus session bus service that is used to bring up authentication dialogs"; license = stdenv.lib.licenses.gpl2; - maintainers = with stdenv.lib.maintainers; [ urkud phreedom ]; + maintainers = with stdenv.lib.maintainers; [ phreedom ]; platforms = stdenv.lib.platforms.linux; }; } diff --git a/pkgs/tools/security/polkit-kde-agent/default.nix b/pkgs/tools/security/polkit-kde-agent/default.nix deleted file mode 100644 index 6b4bcf7ad637c..0000000000000 --- a/pkgs/tools/security/polkit-kde-agent/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ stdenv, fetchurl, automoc4, cmake, gettext, perl, pkgconfig -, kdelibs, polkit_qt4 }: - -stdenv.mkDerivation rec { - name = "polkit-kde-agent-1-0.99.0"; - - src = fetchurl { - url = "mirror://kde/stable/apps/KDE4.x/admin/${name}.tar.bz2"; - sha256 = "0rxlq6x0vhvha8i6w109zpzzacp4imins55v4p4fq7a3k0kgywg3"; - }; - - buildInputs = [ kdelibs polkit_qt4 ]; - - nativeBuildInputs = [ automoc4 cmake gettext perl pkgconfig ]; - - patchPhase = "sed -e s/KDE4_AUTOSTART/AUTOSTART/ -i CMakeLists.txt"; - - meta = { - platforms = stdenv.lib.platforms.linux; - description = "PolicyKit authentication agent for KDE"; - }; -} diff --git a/pkgs/tools/security/rhash/default.nix b/pkgs/tools/security/rhash/default.nix index 40f5163d89d2f..1f72ca294eb77 100644 --- a/pkgs/tools/security/rhash/default.nix +++ b/pkgs/tools/security/rhash/default.nix @@ -7,6 +7,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://sourceforge/rhash/${name}-src.tar.gz"; sha1 = "0981bdc98ba7ef923b1a6cd7fd8bb0374cff632e"; + sha256 = "0nii6p4m2x8rkaf8r6smgfwb1q4hpf117kkg64yr6gyqgdchnljv"; }; installFlags = [ "DESTDIR=$(out)" "PREFIX=/" ]; diff --git a/pkgs/tools/security/sha1collisiondetection/default.nix b/pkgs/tools/security/sha1collisiondetection/default.nix new file mode 100644 index 0000000000000..de1796f431d35 --- /dev/null +++ b/pkgs/tools/security/sha1collisiondetection/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchFromGitHub, libtool, which }: + +stdenv.mkDerivation rec { + pname = "sha1collisiondetection"; + version = "1.0.1"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "cr-marcstevens"; + repo = pname; + rev = "development-v${version}"; + sha256 = "09vd5mgclcdx7yq3kwzxy1z7pbxcp0xljfly7hy4ixahmnn290h6"; + }; + + makeFlags = [ "PREFIX=$(out)" ]; + + doCheck = true; + + nativeBuildInputs = [ libtool which ]; + + meta = with stdenv.lib; { + description = "Library and command line tool to detect SHA-1 collision"; + longDescription = '' + This library and command line tool were designed as near drop-in + replacements for common SHA-1 libraries and sha1sum. They will + compute the SHA-1 hash of any given file and additionally will + detect cryptanalytic collision attacks against SHA-1 present in + each file. It is very fast and takes less than twice the amount + of time as regular SHA-1. + ''; + platforms = platforms.all; + maintainers = with maintainers; [ leenaars ]; + license = licenses.mit; + }; +} diff --git a/pkgs/tools/security/signing-party/default.nix b/pkgs/tools/security/signing-party/default.nix index ea6b7411c4e70..7be136944c6df 100644 --- a/pkgs/tools/security/signing-party/default.nix +++ b/pkgs/tools/security/signing-party/default.nix @@ -1,73 +1,223 @@ -{ stdenv, fetchurl, makeWrapper, autoconf, automake -, gnupg, perl, python, libmd, qprint, coreutils, gnused, glibc, gnupg1compat -, perlPackages }: +{ stdenv, fetchurl, autoconf, automake, makeWrapper +, python, perl, perlPackages +, libmd, gnupg1, which, getopt, libpaper, nettools, qprint +, sendmailPath ? "/run/wrappers/bin/sendmail" }: +let + # All runtime dependencies from the CPAN graph: + # https://widgets.stratopan.com/wheel?q=GnuPG-Interface-0.52&runtime=1&fs=1 + # TODO: XSLoader seems optional + GnuPGInterfaceRuntimeDependencies = with perlPackages; [ + strictures ClassMethodModifiers DataPerl DevelGlobalDestruction ExporterTiny + GnuPGInterface ListMoreUtils ModuleRuntime Moo MooXHandlesVia MooXlate + RoleTiny SubExporterProgressive SubQuote TypeTiny XSLoader + ]; +in stdenv.mkDerivation rec { + pname = "signing-party"; version = "2.5"; - basename = "signing-party"; - name = "${basename}-${version}"; + name = "${pname}-${version}"; src = fetchurl { - url = "mirror://debian/pool/main/s/${basename}/${basename}_${version}.orig.tar.gz"; + url = "mirror://debian/pool/main/s/${pname}/${pname}_${version}.orig.tar.gz"; sha256 = "1y2bxk01qiwaqaily0s6zi10ssv7l35vksib6fxzyl76pp693nv2"; }; sourceRoot = "."; + # TODO: Get this patch upstream... patches = [ ./gpgwrap_makefile.patch ]; postPatch = '' - substituteInPlace gpg-mailkeys/gpg-mailkeys --replace "/usr/sbin/sendmail" "sendmail" + substituteInPlace gpg-mailkeys/gpg-mailkeys --replace \ + "/usr/sbin/sendmail" "${sendmailPath}" ''; + # One can use the following command to find all relevant Makefiles: + # grep -R '$(DESTDIR)/usr' | cut -d: -f1 | sort -u | grep -v 'debian/rules' preBuild = '' - substituteInPlace sig2dot/Makefile --replace "\$(DESTDIR)/usr" "$out" - substituteInPlace gpgsigs/Makefile --replace "\$(DESTDIR)/usr" "$out" - substituteInPlace keylookup/Makefile --replace "\$(DESTDIR)/usr" "$out" - substituteInPlace springgraph/Makefile --replace "\$(DESTDIR)/usr" "$out" - substituteInPlace keyanalyze/Makefile --replace "\$(DESTDIR)/usr" "$out" + substituteInPlace gpgsigs/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace keyanalyze/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace keylookup/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace sig2dot/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace springgraph/Makefile --replace '$(DESTDIR)/usr' "$out" ''; + # Perl is required for it's pod2man. + # Python and Perl are required for patching the script interpreter paths. nativeBuildInputs = [ autoconf automake makeWrapper ]; - buildInputs = [ gnupg perl python libmd ] ++ - (with perlPackages; [ GnuPGInterface TextTemplate MIMEtools NetIDNEncode MailTools ]); - - installFlags = [ "DESTDIR=\${out}" ]; + buildInputs = [ python perl perlPackages.GnuPGInterface libmd gnupg1 ]; postInstall = '' - install -m 755 \ - caff/caff caff/pgp-clean caff/pgp-fixkey \ - gpglist/gpglist \ - gpgparticipants/gpgparticipants \ - gpgparticipants/gpgparticipants-prefill \ - gpgsigs/gpgsigs \ - gpg-key2ps/gpg-key2ps \ - gpg-mailkeys/gpg-mailkeys \ - keyart/keyart \ - $out/bin - - install -m 644 \ - caff/caff.1 caff/pgp-clean.1 caff/pgp-fixkey.1 \ - gpglist/gpglist.1 \ - gpgparticipants/gpgparticipants-prefill.1 \ - gpgparticipants/gpgparticipants.1 \ - gpgsigs/gpgsigs.1 \ - gpg-key2ps/gpg-key2ps.1 \ - gpg-mailkeys/gpg-mailkeys.1 \ - $out/share/man/man1 - - wrapProgram $out/bin/caff --prefix PERL5LIB ":" "$PERL5LIB" \ - --prefix PATH ":" "${stdenv.lib.makeBinPath [ gnupg1compat ]}" - wrapProgram $out/bin/gpg-mailkeys --prefix PATH ":" "${stdenv.lib.makeBinPath [ qprint coreutils gnused glibc gnupg1compat ]}" + # Install all tools which aren't handled by 'make install'. + # TODO: Fix upstream...! + + # caff: CA - Fire and Forget signs and mails a key + install -D -m555 caff/caff $out/bin/caff; + install -D -m444 caff/caff.1 $out/share/man/man1/caff.1; + + # pgp-clean: removes all non-self signatures from key + install -D -m555 caff/pgp-clean $out/bin/pgp-clean; + install -D -m444 caff/pgp-clean.1 $out/share/man/man1/pgp-clean.1; + + # pgp-fixkey: removes broken packets from keys + install -D -m555 caff/pgp-fixkey $out/bin/pgp-fixkey; + install -D -m444 caff/pgp-fixkey.1 $out/share/man/man1/pgp-fixkey.1; + + # gpg-mailkeys: simply mail out a signed key to its owner + install -D -m555 gpg-mailkeys/gpg-mailkeys $out/bin/gpg-mailkeys; + install -D -m444 gpg-mailkeys/gpg-mailkeys.1 $out/share/man/man1/gpg-mailkeys.1; + + # gpg-key2ps: generate PostScript file with fingerprint paper slips + install -D -m555 gpg-key2ps/gpg-key2ps $out/bin/gpg-key2ps; + install -D -m444 gpg-key2ps/gpg-key2ps.1 $out/share/man/man1/gpg-key2ps.1; + + # gpgdir: recursive directory encryption tool + install -D -m555 gpgdir/gpgdir $out/bin/gpgdir; + install -D -m444 gpgdir/gpgdir.1 $out/share/man/man1/gpgdir.1; + + # gpglist: show who signed which of your UIDs + install -D -m555 gpglist/gpglist $out/bin/gpglist; + install -D -m444 gpglist/gpglist.1 $out/share/man/man1/gpglist.1; + + # gpgsigs: annotates list of GnuPG keys with already done signatures + # The manual page is not handled by 'make install' + install -D -m444 gpgsigs/gpgsigs.1 $out/share/man/man1/gpgsigs.1; + + # gpgparticipants: create list of party participants for the organiser + install -D -m555 gpgparticipants/gpgparticipants $out/bin/gpgparticipants; + install -D -m444 gpgparticipants/gpgparticipants.1 $out/share/man/man1/gpgparticipants.1; + install -D -m555 gpgparticipants/gpgparticipants-prefill $out/bin/gpgparticipants-prefill; + install -D -m444 gpgparticipants/gpgparticipants-prefill.1 $out/share/man/man1/gpgparticipants-prefill.1; + + # gpgwrap: a passphrase wrapper + install -D -m555 gpgwrap/bin/gpgwrap $out/bin/gpgwrap; + install -D -m444 gpgwrap/doc/gpgwrap.1 $out/share/man/man1/gpgwrap.1; + + # keyanalyze: minimum signing distance (MSD) analysis on keyrings + # Only the binaries are handled by 'make install' + install -D -m444 keyanalyze/keyanalyze.1 $out/share/man/man1/keyanalyze.1; + install -D -m444 keyanalyze/pgpring/pgpring.1 $out/share/man/man1/pgpring.1; + install -D -m444 keyanalyze/process_keys.1 $out/share/man/man1/process_keys.1; + + # keylookup: ncurses wrapper around gpg --search + # Handled by 'make install' + + # sig2dot: converts a list of GnuPG signatures to a .dot file + # Handled by 'make install' + + # springgraph: creates a graph from a .dot file + # Handled by 'make install' + + # keyart: creates a random ASCII art of a PGP key file + install -D -m555 keyart/keyart $out/bin/keyart; + install -D -m444 keyart/doc/keyart.1 $out/share/man/man1/keyart.1; + + # gpg-key2latex: generate LaTeX file with fingerprint paper slips + install -D -m555 gpg-key2latex/gpg-key2latex $out/bin/gpg-key2latex; + install -D -m444 gpg-key2latex/gpg-key2latex.1 $out/share/man/man1/gpg-key2latex.1; + ''; + + postFixup = '' + # Add the runtime dependencies for all programs (but mainly for the Perl + # scripts) + + wrapProgram $out/bin/caff --set PERL5LIB \ + ${with perlPackages; stdenv.lib.makePerlPath ([ + TextTemplate MIMEtools MailTools TimeDate NetIDNEncode ] + ++ GnuPGInterfaceRuntimeDependencies)} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ nettools gnupg1 ]}" + + wrapProgram $out/bin/gpg-key2latex --set PERL5LIB \ + ${stdenv.lib.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg1 libpaper ]}" + + wrapProgram $out/bin/gpg-key2ps --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ which gnupg1 libpaper ]}" + + wrapProgram $out/bin/gpg-mailkeys --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg1 qprint ]}" + + wrapProgram $out/bin/gpgdir --set PERL5LIB \ + ${with perlPackages; stdenv.lib.makePerlPath ([ + TermReadKey ] + ++ GnuPGInterfaceRuntimeDependencies)} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg1 ]}" + + wrapProgram $out/bin/gpglist --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg1 ]}" + + wrapProgram $out/bin/gpgparticipants --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ getopt gnupg1 ]}" + +# wrapProgram $out/bin/gpgparticipants-prefill + + wrapProgram $out/bin/gpgsigs --set PERL5LIB \ + ${stdenv.lib.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg1 ]}" + + wrapProgram $out/bin/gpgwrap --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg1 ]}" + +# wrapProgram $out/bin/keyanalyze --set PERL5LIB \ + + wrapProgram $out/bin/keyart --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg1 ]}" + + wrapProgram $out/bin/keylookup --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg1 ]}" + + wrapProgram $out/bin/pgp-clean --set PERL5LIB \ + ${stdenv.lib.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg1 ]}" + + wrapProgram $out/bin/pgp-fixkey --set PERL5LIB \ + ${stdenv.lib.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg1 ]}" + +# wrapProgram $out/bin/pgpring + +# wrapProgram $out/bin/process_keys + + # Upstream-Bug: Seems like sig2dot doesn't work with 2.1 (modern) anymore, + # please use 2.0 (stable) instead. +# wrapProgram $out/bin/sig2dot + + wrapProgram $out/bin/springgraph --set PERL5LIB \ + ${with perlPackages; stdenv.lib.makePerlPath [ GD ]} ''; - doCheck = false; # no tests + meta = with stdenv.lib; { + homepage = "https://pgp-tools.alioth.debian.org/"; + description = "A collection of several projects relating to OpenPGP"; + longDescription = '' + This is a collection of several projects relating to OpenPGP. - meta = { - description = "A collection for all kinds of pgp related things, including signing scripts, party preparation scripts etc"; - homepage = http://pgp-tools.alioth.debian.org; - platforms = gnupg.meta.platforms; - license = stdenv.lib.licenses.gpl2; - maintainers = with stdenv.lib.maintainers; [ fpletz ]; + * caff: CA - Fire and Forget signs and mails a key + * pgp-clean: removes all non-self signatures from key + * pgp-fixkey: removes broken packets from keys + * gpg-mailkeys: simply mail out a signed key to its owner + * gpg-key2ps: generate PostScript file with fingerprint paper slips + * gpgdir: recursive directory encryption tool + * gpglist: show who signed which of your UIDs + * gpgsigs: annotates list of GnuPG keys with already done signatures + * gpgparticipants: create list of party participants for the organiser + * gpgwrap: a passphrase wrapper + * keyanalyze: minimum signing distance (MSD) analysis on keyrings + * keylookup: ncurses wrapper around gpg --search + * sig2dot: converts a list of GnuPG signatures to a .dot file + * springgraph: creates a graph from a .dot file + * keyart: creates a random ASCII art of a PGP key file + * gpg-key2latex: generate LaTeX file with fingerprint paper slips + ''; + license = with licenses; [ bsd2 bsd3 gpl2 gpl2Plus gpl3Plus ]; + maintainers = with maintainers; [ fpletz primeos ]; + platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/softhsm/default.nix b/pkgs/tools/security/softhsm/default.nix index 5f282dd378a5e..42b6024fb2146 100644 --- a/pkgs/tools/security/softhsm/default.nix +++ b/pkgs/tools/security/softhsm/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { name = "softhsm-${version}"; - version = "2.1.0"; + version = "2.2.0"; src = fetchurl { url = "https://dist.opendnssec.org/source/${name}.tar.gz"; - sha256 = "0399b06f196fbfaebe73b4aeff2e2d65d0dc1901161513d0d6a94f031dcd827e"; + sha256 = "1xw53zkv5xb9pxa8q84kh505yd6pkavxd12x2fjgqi6s12p2hsgb"; }; configureFlags = [ diff --git a/pkgs/tools/security/sops/default.nix b/pkgs/tools/security/sops/default.nix new file mode 100644 index 0000000000000..79753305c5927 --- /dev/null +++ b/pkgs/tools/security/sops/default.nix @@ -0,0 +1,21 @@ +{ stdenv, lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "sops-${version}"; + version = "2.0.8"; + + goPackagePath = "go.mozilla.org/sops"; + + src = fetchFromGitHub { + rev = version; + owner = "mozilla"; + repo = "sops"; + sha256 = "0kawnp24i3r981hz6apfwhgp71002vjq7ir54arq0zkssmykms1c"; + }; + + meta = with stdenv.lib; { + description = "Mozilla sops (Secrets OPerationS) is an editor of encrypted files"; + homepage = https://github.com/mozilla/sops; + license = licenses.mpl20; + }; +} diff --git a/pkgs/tools/security/sshguard/0001-Remove-the-unnecessary-from-ipset-cmds.patch b/pkgs/tools/security/sshguard/0001-Remove-the-unnecessary-from-ipset-cmds.patch new file mode 100644 index 0000000000000..f1233a04b7a64 --- /dev/null +++ b/pkgs/tools/security/sshguard/0001-Remove-the-unnecessary-from-ipset-cmds.patch @@ -0,0 +1,27 @@ +From 11f0d238d3149c31c4440b8f6a58fe6a00b82d3a Mon Sep 17 00:00:00 2001 +From: Daniel Aleksandersen <code@daniel.priv.no> +Date: Mon, 13 Mar 2017 16:29:33 +0100 +Subject: [PATCH 1/3] Remove the unnecessary = from ipset cmds + +--- + src/fw/sshg-fw-ipset.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/fw/sshg-fw-ipset.sh b/src/fw/sshg-fw-ipset.sh +index 510bc2c..dc7f86b 100644 +--- a/src/fw/sshg-fw-ipset.sh ++++ b/src/fw/sshg-fw-ipset.sh +@@ -3,8 +3,8 @@ + # This file is part of SSHGuard. + + fw_init() { +- ipset -quiet create -exist sshguard4 hash:ip family=inet +- ipset -quiet create -exist sshguard6 hash:ip family=inet6 ++ ipset -quiet create -exist sshguard4 hash:ip family inet ++ ipset -quiet create -exist sshguard6 hash:ip family inet6 + } + + fw_block() { +-- +2.10.0 + diff --git a/pkgs/tools/security/sshguard/default.nix b/pkgs/tools/security/sshguard/default.nix new file mode 100644 index 0000000000000..bb165e53c73d5 --- /dev/null +++ b/pkgs/tools/security/sshguard/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl, autoreconfHook, yacc, flex}: + + +stdenv.mkDerivation rec { + version = "2.0.0"; + name = "sshguard-${version}"; + + src = fetchurl { + url = "mirror://sourceforge/sshguard/sshguard-2.0.0.tar.gz"; + sha256 = "e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06"; + }; + + doCheck = true; + + nativeBuildInputs = [ autoreconfHook yacc flex ]; + + configureFlags = [ "--sysconfdir=/etc" ]; + + patches = [ ./0001-Remove-the-unnecessary-from-ipset-cmds.patch ]; + + meta = with stdenv.lib; { + description = "SSHGuard protects hosts from brute-force attacks"; + longDescription = '' + SSHGuard can read log messages from various input sources. Log messages are parsed, line-by-line, for recognized patterns. + If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. + ''; + homepage = https://sshguard.net; + license = licenses.bsd3; + maintainers = with maintainers; [ sargon ]; + platforms = with platforms; linux ++ darwin ++ freebsd ++ netbsd ++ openbsd; + }; +} diff --git a/pkgs/tools/security/sslscan/default.nix b/pkgs/tools/security/sslscan/default.nix index 6b205d8453404..90034b641a056 100644 --- a/pkgs/tools/security/sslscan/default.nix +++ b/pkgs/tools/security/sslscan/default.nix @@ -2,20 +2,18 @@ stdenv.mkDerivation rec { name = "sslscan-${version}"; - version = "1.11.7"; + version = "1.11.8"; src = fetchFromGitHub { owner = "rbsec"; repo = "sslscan"; rev = "${version}-rbsec"; - sha256 = "007lf3rxcn9nz6jrki3mavgd9sd2hmm9nzp2g13h0ri51yc3bkp0"; + sha256 = "0vm9r0hmpb6ifix2biqbr7za1rld9yx8hi8vf7j69vcm647z7aas"; }; buildInputs = [ openssl ]; - installFlags = [ - "PREFIX=$(out)" - ]; + installFlags = [ "PREFIX=$(out)" ]; meta = with stdenv.lib; { description = "Tests SSL/TLS services and discover supported cipher suites"; diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index f2fede456d121..b8e0ebaa9bbe9 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -1,17 +1,17 @@ { stdenv, fetchurl, coreutils, pam, groff -, sendmailPath ? "/var/setuid-wrappers/sendmail" +, sendmailPath ? "/run/wrappers/bin/sendmail" , withInsults ? false }: stdenv.mkDerivation rec { - name = "sudo-1.8.19p1"; + name = "sudo-1.8.19p2"; src = fetchurl { urls = [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" ]; - sha256 = "14pwdwl03kdbbyjkvxrfx409x3c1fjqz8aqz2wgwddinhz7v3bxq"; + sha256 = "1q2j3b1xqw66kdd5h8a6j62cz7xhk1qp1dx4rz59xm9agkk1hzi3"; }; configureFlags = [ diff --git a/pkgs/tools/security/tcpcrypt/default.nix b/pkgs/tools/security/tcpcrypt/default.nix index 222b861f937cc..7ffec8c4c8849 100644 --- a/pkgs/tools/security/tcpcrypt/default.nix +++ b/pkgs/tools/security/tcpcrypt/default.nix @@ -7,13 +7,13 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "tcpcrypt-${version}"; - version = "0.4"; + version = "0.5"; src = fetchFromGitHub { repo = "tcpcrypt"; owner = "scslab"; rev = "v${version}"; - sha256 = "04n1qpf4x8x289xa7jndmx99xp0lbxjzjw013kf64i1n70i9wbnp"; + sha256 = "0a015rlyvagz714pgwr85f8gjq1fkc0il7d7l39qcgxrsp15b96w"; }; postUnpack = ''mkdir -vp $sourceRoot/m4''; diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index da52bde56bd6f..6eea70797ab19 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -3,13 +3,15 @@ }: stdenv.mkDerivation rec { - name = "tor-0.2.8.12"; + name = "tor-0.3.0.7"; src = fetchurl { - url = "https://archive.torproject.org/tor-package-archive/${name}.tar.gz"; - sha256 = "1bsagy4gcf6hgq04q949hv45ljb36j3ylxxn22cwxy4whgr4hmxk"; + url = "https://dist.torproject.org/${name}.tar.gz"; + sha256 = "00kxa83bn0axh7479fynp6r8znq5wy26kvb8ghixgjpkir2c8h4n"; }; + outputs = [ "out" "geoip" ]; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ libevent openssl zlib ] ++ stdenv.lib.optionals stdenv.isLinux [ libseccomp systemd libcap ]; @@ -22,9 +24,13 @@ stdenv.mkDerivation rec { --replace 'exec torsocks' 'exec ${torsocks}/bin/torsocks' ''; - # Fails in a sandboxed environment; at some point we want to disable - # just the tests that require networking. - doCheck = false; + postInstall = '' + mkdir -p $geoip/share/tor + mv $out/share/tor/geoip{,6} $geoip/share/tor + rm -rf $out/share/tor + ''; + + doCheck = true; meta = with stdenv.lib; { homepage = https://www.torproject.org/; diff --git a/pkgs/tools/security/tor/torbrowser.nix b/pkgs/tools/security/tor/torbrowser.nix deleted file mode 100644 index f08d741f6938e..0000000000000 --- a/pkgs/tools/security/tor/torbrowser.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ stdenv, fetchurl, makeDesktopItem -, libXrender, libX11, libXext, libXt, alsaLib, dbus, dbus_glib, glib, gtk2 -, atk, pango, freetype, fontconfig, gdk_pixbuf, cairo, zlib -, gstreamer, gst_plugins_base, gst_plugins_good, gst_ffmpeg, gmp, ffmpeg -, libpulseaudio -}: - -let - libPath = stdenv.lib.makeLibraryPath [ - stdenv.cc.cc zlib glib alsaLib dbus dbus_glib gtk2 atk pango freetype - fontconfig gdk_pixbuf cairo libXrender libX11 libXext libXt - gstreamer gst_plugins_base gmp ffmpeg - libpulseaudio - ] ; - - gstPlugins = [ gstreamer gst_plugins_base gst_plugins_good gst_ffmpeg ]; - - gstPluginsPath = stdenv.lib.concatMapStringsSep ":" (x: - "${x}/lib/gstreamer-0.10") gstPlugins; -in - -stdenv.mkDerivation rec { - name = "tor-browser-${version}"; - version = "6.0.8"; - - src = fetchurl { - url = "https://archive.torproject.org/tor-package-archive/torbrowser/${version}/tor-browser-linux${if stdenv.is64bit then "64" else "32"}-${version}_en-US.tar.xz"; - sha256 = if stdenv.is64bit then - "1s2yv72kj4zxba0850fi1jv41c69vcw3inhj9kqhy1d45ql7iw0w" else - "0zvqf444h35ikv1f3nwkh2jx51zj5k9w4zdxx32zcrnxpk5nhn97"; - }; - - preferLocalBuild = true; - - desktopItem = makeDesktopItem { - name = "torbrowser"; - exec = "tor-browser"; - icon = "torbrowser"; - desktopName = "Tor Browser"; - genericName = "Tor Browser"; - comment = meta.description; - categories = "Network;WebBrowser;Security;"; - }; - - patchPhase = '' - patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" Browser/firefox - patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" Browser/TorBrowser/Tor/tor - - sed -e "s,./TorBrowser,$out/share/tor-browser/Browser/TorBrowser,g" -i Browser/TorBrowser/Data/Tor/torrc-defaults - ''; - - doCheck = true; - checkPhase = '' - echo "Checking firefox..." - LD_LIBRARY_PATH=${libPath} Browser/firefox --help 1> /dev/null - echo "Checking tor..." - LD_LIBRARY_PATH=${libPath}:Browser/TorBrowser/Tor Browser/TorBrowser/Tor/tor --help 1> /dev/null - ''; - - installPhase = '' - mkdir -p $out/share/tor-browser - mkdir -p $out/bin - cp -R * $out/share/tor-browser - - cat > "$out/bin/tor-browser" << EOF - #! ${stdenv.shell} - unset SESSION_MANAGER - export HOME="\$HOME/.torbrowser4" - if [ ! -d \$HOME ]; then - mkdir -p \$HOME && cp -R $out/share/tor-browser/Browser/TorBrowser/Data \$HOME/ && chmod -R +w \$HOME - echo "pref(\"extensions.torlauncher.tordatadir_path\", \"\$HOME/Data/Tor/\");" >> \ - ~/Data/Browser/profile.default/preferences/extension-overrides.js - echo "pref(\"extensions.torlauncher.torrc-defaults_path\", \"\$HOME/Data/Tor/torrc-defaults\");" >> \ - ~/Data/Browser/profile.default/preferences/extension-overrides.js - echo "pref(\"extensions.torlauncher.tor_path\", \"$out/share/tor-browser/Browser/TorBrowser/Tor/tor\");" >> \ - ~/Data/Browser/profile.default/preferences/extension-overrides.js - fi - export FONTCONFIG_PATH=\$HOME/Data/fontconfig - export LD_LIBRARY_PATH=${libPath}:$out/share/tor-browser/Browser/TorBrowser/Tor - export GST_PLUGIN_SYSTEM_PATH=${gstPluginsPath} - exec $out/share/tor-browser/Browser/firefox --class "Tor Browser" -no-remote -profile ~/Data/Browser/profile.default "\$@" - EOF - chmod +x $out/bin/tor-browser - - mkdir -p $out/share/applications - cp $desktopItem/share/applications"/"* $out/share/applications - - mkdir -p $out/share/pixmaps - cp Browser/browser/icons/mozicon128.png $out/share/pixmaps/torbrowser.png - ''; - - meta = with stdenv.lib; { - description = "Tor Browser Bundle"; - homepage = https://www.torproject.org/; - platforms = platforms.linux; - maintainers = with maintainers; [ offline matejc doublec thoughtpolice joachifm ]; - }; -} diff --git a/pkgs/tools/security/tpm-quote-tools/default.nix b/pkgs/tools/security/tpm-quote-tools/default.nix index b294c1c9feb82..7ffe8e51eacdd 100644 --- a/pkgs/tools/security/tpm-quote-tools/default.nix +++ b/pkgs/tools/security/tpm-quote-tools/default.nix @@ -1,16 +1,23 @@ { stdenv, fetchurl, trousers, openssl }: -stdenv.mkDerivation { - name = "tpm-quote-tools-1.0.2"; +stdenv.mkDerivation rec { + name = "tpm-quote-tools-${version}"; + version = "1.0.3"; - src = fetchurl { - url = "mirror://sourceforge/project/tpmquotetools/1.0.2/tpm-quote-tools-1.0.2.tar.gz"; - sha256 = "17bf9d1hiiaybx6rgl0sqcb0prjz6d2mv8fwp4bj1c0rsfw5dbk8"; + src = fetchurl { + url = "mirror://sourceforge/project/tpmquotetools/${version}/${name}.tar.gz"; + sha256 = "1d6ry2c78sgv0z4phfrwrbvgag83xnnfri2cdzrd86w4yfgnfwdf"; }; buildInputs = [ trousers openssl ]; - meta = with stdenv.lib; { + postFixup = '' + patchelf \ + --set-rpath "${stdenv.lib.makeLibraryPath [ openssl ]}:$(patchelf --print-rpath $out/bin/tpm_mkaik)" \ + $out/bin/tpm_mkaik + ''; + + meta = with stdenv.lib; { description = "A collection of programs that provide support for TPM based attestation using the TPM quote mechanism"; longDescription = '' The TPM Quote Tools is a collection of programs that provide support @@ -19,7 +26,7 @@ stdenv.mkDerivation { ''; homepage = http://tpmquotetools.sourceforge.net/; license = licenses.bsd3; - maintainers = [ maintainers.ak ]; + maintainers = with maintainers; [ ak ndowens ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 96bb4cd482e90..0344fc0a74ee6 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -4,12 +4,12 @@ let vaultBashCompletions = fetchFromGitHub { owner = "iljaweis"; repo = "vault-bash-completion"; - rev = "62c142e20929f930c893ebe3366350d735e81fbd"; - sha256 = "0nfv10ykjq9751ijdyq728gjlgldm1lxvrar8kf6nz6rdfnnl2n5"; + rev = "e2f59b64be1fa5430fa05c91b6274284de4ea77c"; + sha256 = "10m75rp3hy71wlmnd88grmpjhqy0pwb9m8wm19l0f463xla54frd"; }; in buildGoPackage rec { name = "vault-${version}"; - version = "0.6.3"; + version = "0.6.5"; goPackagePath = "github.com/hashicorp/vault"; @@ -17,7 +17,7 @@ in buildGoPackage rec { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "0cbaws106v5dxqjii1s9rmk55pm6y34jls35iggpx0pp1dd433xy"; + sha256 = "0ci46zn9d9h26flgjf4inmvk4mb1hlixvx5g7vg02raw0cqvknnb"; }; buildFlagsArray = '' @@ -26,14 +26,15 @@ in buildGoPackage rec { ''; postInstall = '' - mkdir -p $bin/share/bash-completion/completions/ + mkdir -p $bin/share/bash-completion/completions/ cp ${vaultBashCompletions}/vault-bash-completion.sh $bin/share/bash-completion/completions/vault ''; meta = with stdenv.lib; { homepage = https://www.vaultproject.io; description = "A tool for managing secrets"; + platforms = platforms.linux ++ platforms.darwin; license = licenses.mpl20; - maintainers = with maintainers; [ rushmorem offline ]; + maintainers = with maintainers; [ rushmorem offline pradeepchhetri ]; }; } diff --git a/pkgs/tools/security/vulnix/default.nix b/pkgs/tools/security/vulnix/default.nix new file mode 100644 index 0000000000000..a058c2ee1a872 --- /dev/null +++ b/pkgs/tools/security/vulnix/default.nix @@ -0,0 +1,42 @@ +{ stdenv, pythonPackages, fetchurl, callPackage, nix, }: + +let + external = callPackage ./requirements.nix { + inherit pythonPackages; + }; +in pythonPackages.buildPythonApplication rec{ + name = "${pname}-${version}"; + pname = "vulnix"; + version = "1.2.2"; + + src = pythonPackages.fetchPypi { + inherit pname version; + sha256 = "1ia9plziwach0bxnlcd33q30kcsf8sv0nf2jc78gsmrqnxjabr12"; + }; + + buildInputs = with pythonPackages; [ flake8 pytest pytestcov ]; + + postPatch = '' + sed -i -e 's/==\([^=]\+\)/>=\1/g' setup.py + ''; + + propagatedBuildInputs = [ + nix + ] ++ (with pythonPackages; [ + click + colorama + lxml + pyyaml + requests + external.zodb + ]); + + checkPhase = "py.test"; + + meta = with stdenv.lib; { + description = "NixOS vulnerability scanner"; + homepage = https://github.com/flyingcircusio/vulnix; + license = licenses.bsd2; + maintainers = with maintainers; [ plumps ]; + }; +} diff --git a/pkgs/tools/security/vulnix/requirements.nix b/pkgs/tools/security/vulnix/requirements.nix new file mode 100644 index 0000000000000..952dc1ce652f7 --- /dev/null +++ b/pkgs/tools/security/vulnix/requirements.nix @@ -0,0 +1,131 @@ +{ pythonPackages, fetchurl, stdenv }: + +rec { + BTrees = pythonPackages.buildPythonPackage { + name = "BTrees-4.3.1"; + src = fetchurl { + url = "https://pypi.python.org/packages/24/76/cd6f225f2180c22af5cdb6656f51aec5fca45e45bdc4fa75c0a32f161a61/BTrees-4.3.1.tar.gz"; + sha256 = "2565b7d35260dfc6b1e2934470fd0a2f9326c58c535a2b4cb396289d1c195a95"; + }; + propagatedBuildInputs = [ + persistent + transaction + zope_interface + ] ++ (with pythonPackages; [ coverage ]); + + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Scalable persistent object containers"; + }; + }; + + ZConfig = pythonPackages.buildPythonPackage { + name = "ZConfig-3.1.0"; + src = fetchurl { + url = "https://pypi.python.org/packages/52/b3/a96d62711a26d8cfbe546519975dc9ed54d2eb50b3238d2e6de045764796/ZConfig-3.1.0.tar.gz"; + sha256 = "c21fa3a073a56925a8098036d46717392994a92cffea1b3cda3176b70c0a842e"; + }; + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Structured Configuration Library"; + }; + }; + + zodb = pythonPackages.buildPythonPackage { + name = "ZODB-5.2.0"; + src = fetchurl { + url = "https://pypi.python.org/packages/1e/47/2f17075ca94a4a537ebd8e195c458456ef49aa67355ec805e478b8ad1959/ZODB-5.2.0.tar.gz"; + sha256 = "11l495lyym2fpvalj18yvcqwnsp8gyp18sgv5v575k4s2035lz0x"; + }; + doCheck = false; + propagatedBuildInputs = [ + BTrees + persistent + transaction + ZConfig + zc.lockfile + zodbpickle + ] ++ (with pythonPackages; [ six wheel zope_interface ]); + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Zope Object Database: object database and persistence"; + }; + }; + + persistent = pythonPackages.buildPythonPackage { + name = "persistent-4.2.2"; + src = fetchurl { + url = "https://pypi.python.org/packages/3d/71/3302512282b606ec4d054e09be24c065915518903b29380b6573bff79c24/persistent-4.2.2.tar.gz"; + sha256 = "52ececc6dbba5ef572d3435189318b4dff07675bafa9620e32f785e147c6563c"; + }; + propagatedBuildInputs = [ + zope_interface + ] ++ (with pythonPackages; [ six wheel ]); + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Translucent persistent objects"; + }; + }; + + transaction = pythonPackages.buildPythonPackage { + name = "transaction-2.0.3"; + src = fetchurl { + url = "https://pypi.python.org/packages/8c/af/3ffafe85bcc93ecb09459f3f2bd8fbe142e9ab34048f9e2774543b470cbd/transaction-2.0.3.tar.gz"; + sha256 = "67bfb81309ba9717edbb2ca2e5717c325b78beec0bf19f44e5b4b9410f82df7f"; + }; + propagatedBuildInputs = [ + zope_interface + ] ++ (with pythonPackages; [ six wheel ]); + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Transaction management for Python"; + }; + }; + + zc.lockfile = pythonPackages.buildPythonPackage { + name = "zc.lockfile-1.2.1"; + src = fetchurl { + url = "https://pypi.python.org/packages/bd/84/0299bbabbc9d3f84f718ba1039cc068030d3ad723c08f82a64337edf901e/zc.lockfile-1.2.1.tar.gz"; + sha256 = "11db91ada7f22fe8aae268d4bfdeae012c4fe655f66bbb315b00822ec00d043e"; + }; + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Basic inter-process locks"; + }; + }; + + zodbpickle = pythonPackages.buildPythonPackage { + name = "zodbpickle-0.6.0"; + src = fetchurl { + url = "https://pypi.python.org/packages/7a/fc/f6f437a5222b330735eaf8f1e67a6845bd1b600e9a9455e552d3c13c4902/zodbpickle-0.6.0.tar.gz"; + sha256 = "ea3248be966159e7791e3db0e35ea992b9235d52e7d39835438686741d196665"; + }; + doCheck = false; + + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Fork of Python 3 pickle module."; + }; + }; + + zope_interface = pythonPackages.buildPythonPackage { + name = "zope.interface-4.3.3"; + src = fetchurl { + url = "https://pypi.python.org/packages/44/af/cea1e18bc0d3be0e0824762d3236f0e61088eeed75287e7b854d65ec9916/zope.interface-4.3.3.tar.gz"; + sha256 = "8780ef68ca8c3fe1abb30c058a59015129d6e04a6b02c2e56b9c7de6078dfa88"; + }; + propagatedBuildInputs = [ ]; + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Interfaces for Python"; + }; + }; +} diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix index 6a5269c03dc51..a3b3c1c0290f2 100644 --- a/pkgs/tools/security/yara/default.nix +++ b/pkgs/tools/security/yara/default.nix @@ -1,18 +1,18 @@ -{ stdenv, fetchurl, fetchFromGitHub, autoconf, automake, libtool, pcre +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, pcre , withCrypto ? true, openssl , enableMagic ? true, file , enableCuckoo ? true, jansson }: stdenv.mkDerivation rec { - version = "3.4.0"; + version = "3.5.0"; name = "yara-${version}"; src = fetchFromGitHub { - owner = "plusvic"; + owner = "VirusTotal"; repo = "yara"; rev = "v${version}"; - sha256 = "1rv1xixbjqx1vkcij8r01rq08ncqgy6nn98xvkrpixwvi4fy956s"; + sha256 = "18hn6acfj0cha9cv70f6hyaqf8qbgj0c0dm9db4v2q8z7cgi1681"; }; # FIXME: this is probably not the right way to make it work @@ -34,10 +34,6 @@ stdenv.mkDerivation rec { EOF ''; patches = [ - (fetchurl { - url = "https://github.com/plusvic/yara/pull/261.diff"; - sha256 = "1fkxnk84ryvrjq7p225xvw9pn5gm2bjia2jz38fclwbsaxdi6p3b"; - }) "staticlibrary.patch" ]; |