diff options
Diffstat (limited to 'pkgs/tools/security')
265 files changed, 2077 insertions, 1690 deletions
diff --git a/pkgs/tools/security/acsccid/default.nix b/pkgs/tools/security/acsccid/default.nix index f471393b2cfc2..dea5c14fc3bce 100644 --- a/pkgs/tools/security/acsccid/default.nix +++ b/pkgs/tools/security/acsccid/default.nix @@ -62,7 +62,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = "A PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card readers"; + description = "PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card readers"; longDescription = '' acsccid is a PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card readers. This library provides a PC/SC IFD handler implementation and diff --git a/pkgs/tools/security/aespipe/default.nix b/pkgs/tools/security/aespipe/default.nix index 9ab8e089f30ba..fe9c1d22f407c 100644 --- a/pkgs/tools/security/aespipe/default.nix +++ b/pkgs/tools/security/aespipe/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "aespipe"; - version = "2.4g"; + version = "2.4h"; src = fetchurl { url = "mirror://sourceforge/loop-aes/aespipe/aespipe-v${version}.tar.bz2"; - sha256 = "sha256-v7l+feFh6NfOETsWO9odGo7HfSwa+rVtzIFT16kBh/w="; + sha256 = "sha256-6rMR/CbqQyibw632YNYnBJJJSWByXSAm7EkXKUoaukk="; }; nativeBuildInputs = [ makeWrapper ]; @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "AES encrypting or decrypting pipe"; homepage = "https://loop-aes.sourceforge.net/aespipe.README"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = [ maintainers.goibhniu ]; platforms = platforms.unix; }; diff --git a/pkgs/tools/security/age-plugin-ledger/default.nix b/pkgs/tools/security/age-plugin-ledger/default.nix index d3e1e49904ef1..516edc55db392 100644 --- a/pkgs/tools/security/age-plugin-ledger/default.nix +++ b/pkgs/tools/security/age-plugin-ledger/default.nix @@ -36,7 +36,7 @@ rustPlatform.buildRustPackage rec { ]; meta = with lib; { - description = "A Ledger Nano plugin for age"; + description = "Ledger Nano plugin for age"; mainProgram = "age-plugin-ledger"; homepage = "https://github.com/Ledger-Donjon/age-plugin-ledger"; license = with licenses; [ mit asl20 ]; diff --git a/pkgs/tools/security/age/default.nix b/pkgs/tools/security/age/default.nix index ea8108fde301c..89acb4d14c334 100644 --- a/pkgs/tools/security/age/default.nix +++ b/pkgs/tools/security/age/default.nix @@ -2,36 +2,16 @@ buildGoModule rec { pname = "age"; - version = "1.1.1"; - vendorHash = "sha256-MumPdRTz840+hoisJ7ADgBhyK3n8P6URobbRJYDFkDY="; + version = "1.2.0"; src = fetchFromGitHub { owner = "FiloSottile"; repo = "age"; rev = "v${version}"; - sha256 = "sha256-LRxxJQLQkzoCNYGS/XBixVmYXoZ1mPHKvFicPGXYLcw="; + hash = "sha256-O0NKDPvr+6ZupakPIpnGgDcdfG3nWR1pvVE+3KkYurY="; }; - # Worked with the upstream to change the way test vectors were sourced from - # another repo at test run time, so we can run test without network access. - # https://github.com/FiloSottile/age/pull/476 - # - # Changes landed after v1.1.1, so we'll patch this one until next release. - patches = [ - # Revert "all: temporarily disable testscript tests" - (fetchpatch { - name = "0001-revert-temporarily-disabled-testscript-tests.patch"; - url = "https://github.com/FiloSottile/age/commit/5471e05672de168766f5f11453fd324c53c264e5.patch"; - sha256 = "sha256-F3oDhRWJqqcF9MDDWPeO9V/wUGXkmUXY87wgokUIoOk="; - }) - - # age: depend on c2sp.org/CCTV/age for TestVectors - (fetchpatch { - name = "0002-depend-on-c2sp_cctv_age__TestVectors.patch"; - url = "https://github.com/FiloSottile/age/commit/edf7388f7731b274b055dcab3ec4006cc4961b68.patch"; - sha256 = "sha256-CloCj/uF3cqTeCfRkV6TeYiovuDQXm1ZIklREWAot1E="; - }) - ]; + vendorHash = "sha256-5We4OYoexzzSF1AkxuGCUwuYJ3Wra+T6mCcT4XYgzhU="; ldflags = [ "-s" "-w" "-X main.Version=${version}" @@ -59,6 +39,7 @@ buildGoModule rec { ]; meta = with lib; { + changelog = "https://github.com/FiloSottile/age/releases/tag/v${version}"; homepage = "https://age-encryption.org/"; description = "Modern encryption tool with small explicit keys"; license = licenses.bsd3; diff --git a/pkgs/tools/security/aide/default.nix b/pkgs/tools/security/aide/default.nix index 104b5d11217ad..a0cbd7da0f961 100644 --- a/pkgs/tools/security/aide/default.nix +++ b/pkgs/tools/security/aide/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "aide"; - version = "0.18.6"; + version = "0.18.8"; src = fetchurl { url = "https://github.com/aide/aide/releases/download/v${version}/${pname}-${version}.tar.gz"; - sha256 = "sha256-j/Ns5H030MyYd2LV2WE0bUdd50u6ihgy/QBttu3TwQ4="; + sha256 = "sha256-FmYtxjLRfixWMLgBdS+XkSqOIml8Bl694XXxzDe4OmA="; }; buildInputs = [ flex bison libmhash zlib acl attr libselinux pcre2 libgcrypt ]; @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://aide.github.io/"; - description = "A file and directory integrity checker"; + description = "File and directory integrity checker"; mainProgram = "aide"; license = licenses.gpl2Plus; maintainers = with maintainers; [ happysalada ]; diff --git a/pkgs/tools/security/amber/default.nix b/pkgs/tools/security/amber/default.nix index 2b64480c4a00a..5cb96596564ce 100644 --- a/pkgs/tools/security/amber/default.nix +++ b/pkgs/tools/security/amber/default.nix @@ -3,16 +3,16 @@ rustPlatform.buildRustPackage rec { # Renaming it to amber-secret because another package named amber exists pname = "amber-secret"; - version = "0.1.5"; + version = "0.1.6"; src = fetchFromGitHub { owner = "fpco"; repo = "amber"; rev = "v${version}"; - sha256 = "sha256-11dqfOi/DdfFrFTeboPyFkixXG+fCJ2jpHM55qsQ1jw="; + sha256 = "sha256-FoERgkyFCZ1nU01LXpzrqz9eJ9a16L/t+9g8jsABHK4="; }; - cargoHash = "sha256-u0vceIurenYnKfF3gWNw304hX4vVFoszZD7AMwffOmc="; + cargoHash = "sha256-Joy+SO1zR78Eh5eK2bxyT0l3hCuLX/J3u/UvN+++6vg="; buildInputs = lib.optionals stdenv.isDarwin [ Security ]; diff --git a/pkgs/tools/security/apkleaks/default.nix b/pkgs/tools/security/apkleaks/default.nix index 29a0b17ccb326..a8be3c4323c81 100644 --- a/pkgs/tools/security/apkleaks/default.nix +++ b/pkgs/tools/security/apkleaks/default.nix @@ -1,23 +1,25 @@ -{ lib -, fetchFromGitHub -, jadx -, python3 +{ + lib, + fetchFromGitHub, + jadx, + python3, }: python3.pkgs.buildPythonApplication rec { pname = "apkleaks"; - version = "2.6.1"; - - disabled = python3.pythonOlder "3.6"; + version = "2.6.2"; + pyproject = true; src = fetchFromGitHub { owner = "dwisiswant0"; - repo = pname; - rev = "v${version}"; - sha256 = "0ysciv643p8gkqw2wp7zy4n07hihdcyil8d20lj86cpgga71rd64"; + repo = "apkleaks"; + rev = "refs/tags/v${version}"; + hash = "sha256-a7zOowvhV9H91RwNDImN2+ecixY8g3WUotlBQVdmLgA="; }; - propagatedBuildInputs = with python3.pkgs; [ + build-system = with python3.pkgs; [ setuptools ]; + + dependencies = with python3.pkgs; [ jadx pyaxmlparser setuptools @@ -31,7 +33,8 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Scanning APK file for URIs, endpoints and secrets"; homepage = "https://github.com/dwisiswant0/apkleaks"; - license = with licenses; [ asl20 ]; + changelog = "https://github.com/dwisiswant0/apkleaks/releases/tag/v${version}"; + license = licenses.asl20; maintainers = with maintainers; [ fab ]; mainProgram = "apkleaks"; }; diff --git a/pkgs/tools/security/argocd-vault-plugin/default.nix b/pkgs/tools/security/argocd-vault-plugin/default.nix index b80a67792e5be..3219d0a74e2b8 100644 --- a/pkgs/tools/security/argocd-vault-plugin/default.nix +++ b/pkgs/tools/security/argocd-vault-plugin/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "argocd-vault-plugin"; - version = "1.17.0"; + version = "1.18.1"; src = fetchFromGitHub { owner = "argoproj-labs"; repo = pname; rev = "v${version}"; - hash = "sha256-YH7yNRaKdYzasaxYSManuiImyxglmIwgLvDKjUg3MR8="; + hash = "sha256-rWNR4GVivuEprdX/xhwk/9SReeJ19UWDWx8Bf8z6CTI="; }; - vendorHash = "sha256-0PrGrcS8Gx0cVImGrlmXlycFgWCTLjg2ISi0OhYoPpw="; + vendorHash = "sha256-iZ3WWM5p0UuKpdLq6wczLtgX01q6Vtx8j/XCAH+4POs="; ldflags = [ "-X=github.com/argoproj-labs/argocd-vault-plugin/version.Version=v${version}" @@ -38,7 +38,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://argocd-vault-plugin.readthedocs.io"; changelog = "https://github.com/argoproj-labs/argocd-vault-plugin/releases/tag/v${version}"; - description = "An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets"; + description = "Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets"; mainProgram = "argocd-vault-plugin"; license = licenses.asl20; maintainers = with maintainers; [ urandom ]; diff --git a/pkgs/tools/security/arti/default.nix b/pkgs/tools/security/arti/default.nix index e410a86855560..8a00d80c0e8a0 100644 --- a/pkgs/tools/security/arti/default.nix +++ b/pkgs/tools/security/arti/default.nix @@ -10,7 +10,7 @@ rustPlatform.buildRustPackage rec { pname = "arti"; - version = "1.2.1"; + version = "1.2.3"; src = fetchFromGitLab { domain = "gitlab.torproject.org"; @@ -18,10 +18,10 @@ rustPlatform.buildRustPackage rec { owner = "core"; repo = "arti"; rev = "arti-v${version}"; - hash = "sha256-Ps1AIvL6hOnSYtvi4wbgJQiuv2eb1XIEPul/WypM9bo="; + hash = "sha256-1+Wt2qhwYrkU50lGuL55UnCpFF+ROV2fzFwFDP1eHjo="; }; - cargoHash = "sha256-2u/8nn/9tz+hlNDz6I/g2cMPWXZSMVNV7FPsKFP8jqo="; + cargoHash = "sha256-vuEs1mtrn4fXwBpvPsQr3z6hTAlggVsPUK3ZZ2DmhEs="; nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; @@ -34,7 +34,7 @@ rustPlatform.buildRustPackage rec { cargoTestFlags = [ "--package" "arti" ]; meta = with lib; { - description = "An implementation of Tor in Rust"; + description = "Implementation of Tor in Rust"; mainProgram = "arti"; homepage = "https://arti.torproject.org/"; changelog = "https://gitlab.torproject.org/tpo/core/arti/-/blob/${src.rev}/CHANGELOG.md"; diff --git a/pkgs/tools/security/aws-iam-authenticator/default.nix b/pkgs/tools/security/aws-iam-authenticator/default.nix index 5af095ae15560..801d364c60269 100644 --- a/pkgs/tools/security/aws-iam-authenticator/default.nix +++ b/pkgs/tools/security/aws-iam-authenticator/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "aws-iam-authenticator"; - version = "0.6.19"; + version = "0.6.20"; src = fetchFromGitHub { owner = "kubernetes-sigs"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-wgMMa1PFKNArI4pk7gA2o8HHgF84Q+rga4j+UC1/Js8="; + hash = "sha256-72l+EgqWy8+7wdTKwXnebZ+wm5VCgYODw4D6lkL4NBA="; }; - vendorHash = "sha256-wJqtIuLiidO3XFkvhSXRZcFR/31rR4U9BXjFilsr5a0="; + vendorHash = "sha256-7FYR8c1Q9SS3prt8yrTzbOqgqG1tGuvzjH42MkY0tAo="; ldflags = let PKG = "sigs.k8s.io/aws-iam-authenticator"; in [ "-s" diff --git a/pkgs/tools/security/b2sum/default.nix b/pkgs/tools/security/b2sum/default.nix index 1ce14a55b079e..0dc8a9b35e83b 100644 --- a/pkgs/tools/security/b2sum/default.nix +++ b/pkgs/tools/security/b2sum/default.nix @@ -31,7 +31,7 @@ stdenv.mkDerivation (finalAttrs: { installFlags = [ "PREFIX=$(out)" ]; meta = with lib; { - description = "The b2sum utility is similar to the md5sum or shasum utilities but for BLAKE2"; + description = "B2sum utility is similar to the md5sum or shasum utilities but for BLAKE2"; mainProgram = "b2sum"; homepage = "https://blake2.net"; license = with licenses; [ asl20 cc0 openssl ]; diff --git a/pkgs/tools/security/bao/default.nix b/pkgs/tools/security/bao/default.nix index 503896885c13f..0a6c615fb5a6b 100644 --- a/pkgs/tools/security/bao/default.nix +++ b/pkgs/tools/security/bao/default.nix @@ -16,7 +16,7 @@ rustPlatform.buildRustPackage rec { cargoHash = "sha256-SNsRN5XgchZq6/BZnMeahIqnkP4Jq6bZxbE5cDVpsQA="; meta = { - description = "An implementation of BLAKE3 verified streaming"; + description = "Implementation of BLAKE3 verified streaming"; homepage = "https://github.com/oconnor663/bao"; maintainers = with lib.maintainers; [ amarshall ]; license = with lib.licenses; [ cc0 asl20 ]; diff --git a/pkgs/tools/security/bash-supergenpass/default.nix b/pkgs/tools/security/bash-supergenpass/default.nix index f2d2aee7146bc..7bf7c36424886 100644 --- a/pkgs/tools/security/bash-supergenpass/default.nix +++ b/pkgs/tools/security/bash-supergenpass/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation { pname = "bash-supergenpass"; - version = "unstable-2024-03-24"; + version = "0-unstable-2024-03-24"; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/bettercap/default.nix b/pkgs/tools/security/bettercap/default.nix index 2ece9ee6e4c40..db11044479515 100644 --- a/pkgs/tools/security/bettercap/default.nix +++ b/pkgs/tools/security/bettercap/default.nix @@ -28,7 +28,7 @@ buildGoModule rec { ++ lib.optionals stdenv.isLinux [ libnfnetlink libnetfilter_queue ]; meta = with lib; { - description = "A man in the middle tool"; + description = "Man in the middle tool"; longDescription = '' BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic diff --git a/pkgs/tools/security/beyond-identity/default.nix b/pkgs/tools/security/beyond-identity/default.nix index 31b3439f0e876..4d535cbb89e1a 100644 --- a/pkgs/tools/security/beyond-identity/default.nix +++ b/pkgs/tools/security/beyond-identity/default.nix @@ -5,7 +5,7 @@ let pname = "beyond-identity"; - version = "2.60.0-0"; + version = "2.97.0-0"; libPath = lib.makeLibraryPath ([ glib glibc openssl tpm2-tss gtk3 gnome.gnome-keyring polkit polkit_gnome ]); meta = with lib; { description = "Passwordless MFA identities for workforces, customers, and developers"; @@ -22,7 +22,7 @@ let src = fetchurl { url = "https://packages.beyondidentity.com/public/linux-authenticator/deb/ubuntu/pool/focal/main/b/be/${pname}_${version}/${pname}_${version}_amd64.deb"; - hash = "sha512-JrHLf7KkJVbJLxx54OTvOSaIzY3+hjX+bpkeBHKX23YriCJssUUvEP6vlbI4r6gjMMFMhW92k0iikAgD1Tr4ug=="; + hash = "sha512-aOQi0hG7AZ3lIAPCDgGAjqVmNCuqFC62CjI9XPLBpvbxBgr2yi7alP952i31MufzzruzVweoQb8SWgNIHq/zIw=="; }; nativeBuildInputs = [ @@ -38,9 +38,6 @@ let rm -rf usr/share/doc - # https://github.com/NixOS/nixpkgs/issues/42117 - sed -i -e 's/auth_self/yes/g' usr/share/polkit-1/actions/com.beyondidentity.endpoint.stepup.policy - cp -ar usr/{bin,share} $out cp -ar opt/beyond-identity/bin $out/opt/beyond-identity @@ -71,8 +68,7 @@ let }; # /usr/bin/pkcheck is hardcoded in binary - we need FHS in buildFHSEnv { - inherit meta; - name = pname; + inherit pname version meta; targetPkgs = pkgs: [ beyond-identity diff --git a/pkgs/tools/security/binbloom/default.nix b/pkgs/tools/security/binbloom/default.nix index ce99de997cc0b..766e40f8f0594 100644 --- a/pkgs/tools/security/binbloom/default.nix +++ b/pkgs/tools/security/binbloom/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "binbloom"; - version = "2.0"; + version = "2.1"; src = fetchFromGitHub { owner = "quarkslab"; repo = pname; rev = "v${version}"; - hash = "sha256-UiKiDey/pHtJDr4UYqt+T/TneKig5tT8YU2u98Ttjmo="; + hash = "sha256-ox4o9RPtqMsme//8dVatNUo+mA/6dM9eI/T5lsuSAus="; }; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/tools/security/bkcrack/default.nix b/pkgs/tools/security/bkcrack/default.nix index afc18759c78d5..5bebb8618b7ea 100644 --- a/pkgs/tools/security/bkcrack/default.nix +++ b/pkgs/tools/security/bkcrack/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "bkcrack"; - version = "1.6.1"; + version = "1.7.0"; src = fetchFromGitHub { owner = "kimci86"; repo = "bkcrack"; rev = "v${finalAttrs.version}"; - hash = "sha256-x7JK7+DcD2uSWZRTJQPGCcF2mHBlu6FwYUbuYzbvD+s="; + hash = "sha256-smDmnqmYuFT3ip3ULQfiiF5YxkwzPwPYBujqq9GUyMs="; }; passthru.updateScript = nix-update-script { }; diff --git a/pkgs/tools/security/buttercup-desktop/default.nix b/pkgs/tools/security/buttercup-desktop/default.nix index 0ee20dbc4f6b6..1464d67dbc3ed 100644 --- a/pkgs/tools/security/buttercup-desktop/default.nix +++ b/pkgs/tools/security/buttercup-desktop/default.nix @@ -2,17 +2,17 @@ let pname = "buttercup-desktop"; - version = "2.26.3"; + version = "2.27.0"; src = fetchurl { url = "https://github.com/buttercup/buttercup-desktop/releases/download/v${version}/Buttercup-linux-x86_64.AppImage"; - sha256 = "sha256-jX8U+DcuoYGfxQgYOIn03Vg/OesMVLHZ1gbGBSlgIbI="; + sha256 = "sha256-zpb5c3qGfBoRX9V1lVRX8607hBEHgjR8ZWJizfYNgUM="; }; appimageContents = appimageTools.extractType2 { inherit pname src version; }; in appimageTools.wrapType2 { inherit pname src version; - extraPkgs = pkgs: (appimageTools.defaultFhsEnvArgs.multiPkgs pkgs) ++ [ pkgs.libsecret ]; + extraPkgs = pkgs: [ pkgs.libsecret ]; extraInstallCommands = '' install -m 444 -D ${appimageContents}/buttercup.desktop -t $out/share/applications @@ -26,7 +26,7 @@ in appimageTools.wrapType2 { mainProgram = "buttercup-desktop"; homepage = "https://buttercup.pw"; license = licenses.gpl3Only; - maintainers = with maintainers; [ wolfangaukang ]; + maintainers = [ ]; platforms = [ "x86_64-linux" ]; }; } diff --git a/pkgs/tools/security/cdk-go/default.nix b/pkgs/tools/security/cdk-go/default.nix index 79040fb2749d3..93c0c1aa49646 100644 --- a/pkgs/tools/security/cdk-go/default.nix +++ b/pkgs/tools/security/cdk-go/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "cdk-go"; - version = "1.5.2"; + version = "1.5.3"; src = fetchFromGitHub { owner = "cdk-team"; repo = "CDK"; rev = "refs/tags/v${version}"; - hash = "sha256-jgGOSlhlLO1MU1mHWZgw+ov4IrZwMo2GdG6L25ah9Z8="; + hash = "sha256-0cg2o98BcE4H6EW/yAkJOJtIJXEq2cFG6pNaRPtQofo="; }; vendorHash = "sha256-aJN/d/BxmleRXKw6++k6e0Vb0Gs5zg1QfakviABYTog="; diff --git a/pkgs/tools/security/cdxgen/default.nix b/pkgs/tools/security/cdxgen/default.nix index c9d962ed47afe..a71b6ba5fef26 100644 --- a/pkgs/tools/security/cdxgen/default.nix +++ b/pkgs/tools/security/cdxgen/default.nix @@ -5,16 +5,16 @@ buildNpmPackage rec { pname = "cdxgen"; - version = "10.4.3"; + version = "10.5.2"; src = fetchFromGitHub { owner = "AppThreat"; repo = pname; rev = "v${version}"; - sha256 = "sha256-m6AtAbsZ7zPu7MlwEt9+RBs11DAHNa3x0Nn7b3TWdAY="; + sha256 = "sha256-CmX19UdmXTbmO+6nFzsFbZspmIWYFtcUVaA0j8iU7GI="; }; - npmDepsHash = "sha256-z7tBghs2bg2eYNRkhe9J8/0rqaAXV5e5ZT9u5fdABe0="; + npmDepsHash = "sha256-Vd+zRExQFmmv9f8uWQFE/nWRs6y86nLFu5HrM6iCf7U="; dontNpmBuild = true; diff --git a/pkgs/tools/security/cewl/default.nix b/pkgs/tools/security/cewl/default.nix index dc1ad37513daa..833c521250792 100644 --- a/pkgs/tools/security/cewl/default.nix +++ b/pkgs/tools/security/cewl/default.nix @@ -29,6 +29,5 @@ stdenv.mkDerivation rec { mainProgram = "cewl"; homepage = "https://digi.ninja/projects/cewl.php/"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ elohmeier ]; }; } diff --git a/pkgs/tools/security/cfripper/default.nix b/pkgs/tools/security/cfripper/default.nix index edacd10e8b050..a1c9f94849810 100644 --- a/pkgs/tools/security/cfripper/default.nix +++ b/pkgs/tools/security/cfripper/default.nix @@ -3,36 +3,32 @@ , python3 }: - -let - python = python3.override { - packageOverrides = self: super: { - pydantic = self.pydantic_1; - }; - }; -in python.pkgs.buildPythonApplication rec { +python3.pkgs.buildPythonApplication rec { pname = "cfripper"; - version = "1.15.6"; + version = "1.15.7"; pyproject = true; src = fetchFromGitHub { owner = "Skyscanner"; repo = "cfripper"; rev = "refs/tags/v${version}"; - hash = "sha256-h/NNTE5u1coyD4owiGjsK6SIuvDq1SQOPW4RM4yJtno="; + hash = "sha256-ymuxZwW3Pwx/CyG2iPoY7LP9e+1K6EUBi/TApg0YvkE="; }; pythonRelaxDeps = [ "pluggy" ]; - nativeBuildInputs = with python.pkgs; [ - pythonRelaxDepsHook + build-system = with python3.pkgs; [ setuptools setuptools-scm ]; - propagatedBuildInputs = with python.pkgs; [ + nativeBuildInputs = with python3.pkgs; [ + pythonRelaxDepsHook + ]; + + dependencies = with python3.pkgs; [ boto3 cfn-flip click @@ -43,7 +39,7 @@ in python.pkgs.buildPythonApplication rec { setuptools ]; - nativeCheckInputs = with python.pkgs; [ + nativeCheckInputs = with python3.pkgs; [ moto pytestCheckHook ]; @@ -65,10 +61,10 @@ in python.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool for analysing CloudFormation templates"; - mainProgram = "cfripper"; homepage = "https://github.com/Skyscanner/cfripper"; changelog = "https://github.com/Skyscanner/cfripper/releases/tag/v${version}"; license = with licenses; [ asl20 ]; maintainers = with maintainers; [ fab ]; + mainProgram = "cfripper"; }; } diff --git a/pkgs/tools/security/chain-bench/default.nix b/pkgs/tools/security/chain-bench/default.nix index 883674951b14f..1fc50d665002a 100644 --- a/pkgs/tools/security/chain-bench/default.nix +++ b/pkgs/tools/security/chain-bench/default.nix @@ -42,7 +42,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://github.com/aquasecurity/chain-bench"; changelog = "https://github.com/aquasecurity/chain-bench/releases/tag/v${version}"; - description = "An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark"; + description = "Open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark"; mainProgram = "chain-bench"; longDescription = '' Chain-bench is an open-source tool for auditing your software supply chain diff --git a/pkgs/tools/security/chainsaw/default.nix b/pkgs/tools/security/chainsaw/default.nix index 0ecd5654cecae..fc1e773ce9aa2 100644 --- a/pkgs/tools/security/chainsaw/default.nix +++ b/pkgs/tools/security/chainsaw/default.nix @@ -8,16 +8,16 @@ rustPlatform.buildRustPackage rec { pname = "chainsaw"; - version = "2.9.0"; + version = "2.9.1"; src = fetchFromGitHub { owner = "WithSecureLabs"; repo = "chainsaw"; rev = "refs/tags/v${version}"; - hash = "sha256-ErDIfLhzCiFm3dZzr6ThjYCplfDKbALAqcu8c0gREH4="; + hash = "sha256-9UmyHf2aH6ODGEbsDBBD8pLRkRtOpc9HGKp9UV7mk0o="; }; - cargoHash = "sha256-IS2gQ6STrS+Msa36I+eM1RPGntX+DbsrKZPVZ1q9eo4="; + cargoHash = "sha256-f4EDtRFjRU62Nuzaq5EbL+/sCKyMMgSOu6MaFsuAFec="; buildInputs = lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.CoreFoundation ]; diff --git a/pkgs/tools/security/cherrybomb/default.nix b/pkgs/tools/security/cherrybomb/default.nix index 6f8fc1d2a8e34..139ac5aea1ad5 100644 --- a/pkgs/tools/security/cherrybomb/default.nix +++ b/pkgs/tools/security/cherrybomb/default.nix @@ -21,7 +21,7 @@ rustPlatform.buildRustPackage rec { ]; meta = with lib; { - description = "A CLI tool that helps you avoid undefined user behavior by validating your API specifications"; + description = "CLI tool that helps you avoid undefined user behavior by validating your API specifications"; mainProgram = "cherrybomb"; homepage = "https://github.com/blst-security/cherrybomb"; changelog = "https://github.com/blst-security/cherrybomb/releases/tag/v${version}"; diff --git a/pkgs/tools/security/chntpw/default.nix b/pkgs/tools/security/chntpw/default.nix index c4463d16d348b..60cbed0f3d3d2 100644 --- a/pkgs/tools/security/chntpw/default.nix +++ b/pkgs/tools/security/chntpw/default.nix @@ -60,9 +60,9 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "http://pogostick.net/~pnh/ntpasswd/"; - description = "An utility to reset the password of any user that has a valid local account on a Windows system"; + description = "Utility to reset the password of any user that has a valid local account on a Windows system"; maintainers = with lib.maintainers; [ deepfire ]; - license = licenses.gpl2; + license = licenses.gpl2Only; platforms = lib.platforms.unix; }; } diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index c9d15351da4ed..be40a271cc926 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "clamav"; - version = "1.3.0"; + version = "1.3.1"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - hash = "sha256-CoamSWMg2RV2A3szEBEZr2/Y1bkQYM0xajqcIp6WBKo="; + hash = "sha256-EqMDW/JvVfceMQalGl+o17dEVy35imOSCpz/h2p9zOQ="; }; patches = [ @@ -36,7 +36,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://www.clamav.net"; description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ robberer qknight globin ]; platforms = platforms.unix; }; diff --git a/pkgs/tools/security/cnquery/default.nix b/pkgs/tools/security/cnquery/default.nix index 9c87dab3f1c6d..cb66250ce7c6d 100644 --- a/pkgs/tools/security/cnquery/default.nix +++ b/pkgs/tools/security/cnquery/default.nix @@ -6,18 +6,18 @@ buildGoModule rec { pname = "cnquery"; - version = "11.1.1"; + version = "11.9.1"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnquery"; rev = "refs/tags/v${version}"; - hash = "sha256-99bkEoAfNfejO/M1V8KmAmyP+klrCtmkf1l6aZynEgQ="; + hash = "sha256-EuYkjVaZmV2/DxrKgrfZraMZs5eVZRbNhCVvRtCoAK8="; }; subPackages = [ "apps/cnquery" ]; - vendorHash = "sha256-Nb2KSTS85//GC4ikYgrNNoKYJYBYvG9q5GF5RPemklE="; + vendorHash = "sha256-VuJlc1qQSGu+9G3PkoE+Qz6UOv524xZPv+lYzK1Y9VY="; ldflags = [ "-w" diff --git a/pkgs/tools/security/cnspec/default.nix b/pkgs/tools/security/cnspec/default.nix index 1c221457a06e5..e3c112127143d 100644 --- a/pkgs/tools/security/cnspec/default.nix +++ b/pkgs/tools/security/cnspec/default.nix @@ -6,18 +6,18 @@ buildGoModule rec { pname = "cnspec"; - version = "11.2.0"; + version = "11.9.1"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnspec"; rev = "refs/tags/v${version}"; - hash = "sha256-KjF1tVeASK+psbcf/ND+SRCXYJog74O3Qm2yRGLN6LI="; + hash = "sha256-8i2oNeFxpxhFxFlJR3ib0M1W9NNtqgGjlnKsqzLkf68="; }; proxyVendor = true; - vendorHash = "sha256-HKqUBtr6qidBx4SoiWkCdwri3dCrxXMPMSb/X7h+WBs="; + vendorHash = "sha256-va23lTCCL/4EpTkBPH+rqZj4f+O4vAg2/nXGMEDNGXU="; subPackages = [ "apps/cnspec" ]; @@ -28,7 +28,7 @@ buildGoModule rec { ]; meta = with lib; { - description = "An open source, cloud-native security and policy project"; + description = "Open source, cloud-native security and policy project"; homepage = "https://github.com/mondoohq/cnspec"; changelog = "https://github.com/mondoohq/cnspec/releases/tag/v${version}"; license = licenses.bsl11; diff --git a/pkgs/tools/security/crowbar/default.nix b/pkgs/tools/security/crowbar/default.nix index 095004ab76df1..114fdca5a85dc 100644 --- a/pkgs/tools/security/crowbar/default.nix +++ b/pkgs/tools/security/crowbar/default.nix @@ -35,7 +35,7 @@ python3Packages.buildPythonApplication rec { meta = with lib; { homepage = "https://github.com/galkan/crowbar"; - description = "A brute forcing tool that can be used during penetration tests"; + description = "Brute forcing tool that can be used during penetration tests"; mainProgram = "crowbar"; license = licenses.mit; maintainers = with maintainers; [ pamplemousse ]; diff --git a/pkgs/tools/security/crowdsec/default.nix b/pkgs/tools/security/crowdsec/default.nix index 06cbecad8474a..d53fbce808008 100644 --- a/pkgs/tools/security/crowdsec/default.nix +++ b/pkgs/tools/security/crowdsec/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "crowdsec"; - version = "1.6.0"; + version = "1.6.2"; src = fetchFromGitHub { owner = "crowdsecurity"; repo = pname; - rev = "v${version}"; - hash = "sha256-5jK+f6IFPhGit+jxkSLTcWN1+nJRQaCZKpWZYId+2bk="; + rev = "refs/tags/v${version}"; + hash = "sha256-3GpSpADtCNvekR7gjbIlqzog7PMog6Sra5tpcnUf/gk="; }; - vendorHash = "sha256-tUvFT+rE58yxNJGhqqwSG0GlGushkUpngxLkmyjjFFY="; + vendorHash = "sha256-kkQYKiOSmFHjhOrYV40YRZX9w6rUue0NSKfw+Bqxb9s="; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/tools/security/cryptomator/default.nix b/pkgs/tools/security/cryptomator/default.nix index 8fb34dbbbcc23..cac3717625e46 100644 --- a/pkgs/tools/security/cryptomator/default.nix +++ b/pkgs/tools/security/cryptomator/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchFromGitHub , autoPatchelfHook , fuse3 -, maven, jdk, makeShellWrapper, glib, wrapGAppsHook +, maven, jdk, makeShellWrapper, glib, wrapGAppsHook3 , libayatana-appindicator }: @@ -86,7 +86,7 @@ mavenJdk.buildMavenPackage rec { nativeBuildInputs = [ autoPatchelfHook makeShellWrapper - wrapGAppsHook + wrapGAppsHook3 jdk ]; buildInputs = [ fuse3 jdk glib libayatana-appindicator ]; diff --git a/pkgs/tools/security/ctmg/default.nix b/pkgs/tools/security/ctmg/default.nix index 81d57513aac37..63c9004bcbc9f 100644 --- a/pkgs/tools/security/ctmg/default.nix +++ b/pkgs/tools/security/ctmg/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { installPhase = "install -D ctmg.sh $out/bin/ctmg"; meta = with lib; { - description = "An encrypted container manager for Linux using cryptsetup"; + description = "Encrypted container manager for Linux using cryptsetup"; homepage = "https://git.zx2c4.com/ctmg/about/"; license = licenses.isc; maintainers = with maintainers; [ mrVanDalo ]; diff --git a/pkgs/tools/security/cve-bin-tool/default.nix b/pkgs/tools/security/cve-bin-tool/default.nix index 88b52da21eb32..b269cd362f2b0 100644 --- a/pkgs/tools/security/cve-bin-tool/default.nix +++ b/pkgs/tools/security/cve-bin-tool/default.nix @@ -1,134 +1,90 @@ { lib , buildPythonApplication , fetchFromGitHub -, fetchpatch + # aiohttp[speedups] +, aiodns +, aiohttp +, beautifulsoup4 +, brotlipy +, cvss +, distro +, filetype +, google-cloud-sdk +, jinja2 , jsonschema +, lib4sbom +, packageurl-python +, packaging , plotly -, beautifulsoup4 +, pytestCheckHook +, python-gnupg , pyyaml -, isort -, py -, jinja2 -, rpmfile -, reportlab -, zstandard , rich -, aiohttp +, rpmfile +, setuptools , toml -, distro - # aiohttp[speedups] -, aiodns -, brotlipy -, faust-cchardet -, pillow -, pytestCheckHook , xmlschema -, setuptools -, packaging -, cvss -, google-cloud-sdk +, zstandard +, reportlab , pip , testers , cve-bin-tool -# pinned packaging -, pyparsing -, fetchPypi -, buildPythonPackage -, pretend -, pythonOlder -, wheel }: -let - # pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2) - packaging_21_3 = buildPythonPackage rec { - inherit (packaging) pname passthru meta; - version = "21.3"; - format = "pyproject"; - disabled = pythonOlder "3.6"; - - src = fetchPypi { - inherit pname version; - sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s="; - }; - nativeBuildInputs = [ - setuptools - wheel - ]; - propagatedBuildInputs = [ - pyparsing - ]; - - nativeCheckInputs = [ - pytestCheckHook - pretend - ]; - - doCheck = false; - }; -in buildPythonApplication rec { pname = "cve-bin-tool"; - version = "3.2"; + version = "3.3"; format = "setuptools"; src = fetchFromGitHub { owner = "intel"; repo = "cve-bin-tool"; rev = "refs/tags/v${version}"; - hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw="; + hash = "sha256-A5w4U5EDX+UZWNMuz8GTOcubo8N2KfDlVV0aRNsO8/E="; }; - patches = [ - # Not needed as python dependency, should just be on the PATH - ./no-gsutil-python-dependency.patch - # Already merged upstream, to be removed post-3.2 - # https://github.com/intel/cve-bin-tool/pull/2524 - (fetchpatch { - name = "cve-bin-tool-version-success.patch"; - url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch"; - hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI="; - }) - ]; - # Wants to open a sqlite database, access the internet, etc doCheck = false; - propagatedNativeBuildInputs = [ - pip - ]; - - propagatedBuildInputs = [ - google-cloud-sdk + dependencies = [ + # aiohttp[speedups] + aiodns + aiohttp + beautifulsoup4 + brotlipy + cvss + distro + filetype + google-cloud-sdk # gsutil + jinja2 jsonschema + lib4sbom + packageurl-python + packaging plotly - beautifulsoup4 + python-gnupg pyyaml - isort - py - jinja2 - rpmfile - reportlab - zstandard rich - aiohttp - toml - distro - # aiohttp[speedups] - aiodns - brotlipy - faust-cchardet - # needed by brotlipy - pillow + rpmfile setuptools + toml xmlschema - cvss - packaging_21_3 + zstandard + ]; + + optional-dependencies = { + pdf = [ + reportlab + ]; + }; + + propagatedBuildInputs = [ + pip ]; nativeCheckInputs = [ pytestCheckHook - ]; + ] ++ lib.flatten (lib.attrValues optional-dependencies); pythonImportsCheck = [ "cve_bin_tool" diff --git a/pkgs/tools/security/cve-bin-tool/no-gsutil-python-dependency.patch b/pkgs/tools/security/cve-bin-tool/no-gsutil-python-dependency.patch deleted file mode 100644 index 9bbac57b5fb4b..0000000000000 --- a/pkgs/tools/security/cve-bin-tool/no-gsutil-python-dependency.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/requirements.txt b/requirements.txt -index 1d4aa9a..c9e9171 100644 ---- a/requirements.txt -+++ b/requirements.txt -@@ -14,6 +14,6 @@ xmlschema - importlib_metadata; python_version < "3.8" - requests - urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs --gsutil -+#gsutil - cvss - packaging diff --git a/pkgs/tools/security/dieharder/default.nix b/pkgs/tools/security/dieharder/default.nix index 716b3266faee1..2cc5f719aa1da 100644 --- a/pkgs/tools/security/dieharder/default.nix +++ b/pkgs/tools/security/dieharder/default.nix @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { }; meta = with lib; { - description = "A Random Number Generator test suite"; + description = "Random Number Generator test suite"; mainProgram = "dieharder"; homepage = "https://webhome.phy.duke.edu/~rgb/General/dieharder.php"; license = licenses.gpl2Plus; diff --git a/pkgs/tools/security/dnsenum/default.nix b/pkgs/tools/security/dnsenum/default.nix index 826ebec015e4e..4fa5c0e26207e 100644 --- a/pkgs/tools/security/dnsenum/default.nix +++ b/pkgs/tools/security/dnsenum/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://github.com/fwaeytens/dnsenum"; - description = "A tool to enumerate DNS information"; + description = "Tool to enumerate DNS information"; mainProgram = "dnsenum"; maintainers = with maintainers; [ c0bw3b ]; license = licenses.gpl2Plus; diff --git a/pkgs/tools/security/doas-sudo-shim/default.nix b/pkgs/tools/security/doas-sudo-shim/default.nix index 80b913d4cc9eb..86f111da9f5e1 100644 --- a/pkgs/tools/security/doas-sudo-shim/default.nix +++ b/pkgs/tools/security/doas-sudo-shim/default.nix @@ -44,7 +44,7 @@ stdenv.mkDerivation rec { }; meta = with lib; { - description = "A shim for the sudo command that utilizes doas"; + description = "Shim for the sudo command that utilizes doas"; homepage = "https://github.com/jirutka/doas-sudo-shim"; license = licenses.isc; mainProgram = "sudo"; diff --git a/pkgs/tools/security/donkey/default.nix b/pkgs/tools/security/donkey/default.nix index ec95715853ec4..f56811cc273f9 100644 --- a/pkgs/tools/security/donkey/default.nix +++ b/pkgs/tools/security/donkey/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { passthru.tests.version = testers.testVersion { package = donkey; }; meta = with lib; { - description = "An alternative for S/KEY's 'key' command"; + description = "Alternative for S/KEY's 'key' command"; longDescription = '' Donkey is an alternative for S/KEY's "key" command. The new feature that the original key doesn't have is print an entry for skeykeys as @@ -47,7 +47,7 @@ the host. The name "Donkey" is an acronym of "Don't Key". ''; homepage = "https://devel.ringlet.net/security/donkey"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ raboof ]; platforms = platforms.all; }; diff --git a/pkgs/tools/security/doona/default.nix b/pkgs/tools/security/doona/default.nix index 2598f2ecbb968..bc890d52abb5a 100644 --- a/pkgs/tools/security/doona/default.nix +++ b/pkgs/tools/security/doona/default.nix @@ -25,13 +25,13 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://github.com/wireghoul/doona"; - description = "A fork of the Bruteforce Exploit Detector Tool (BED)"; + description = "Fork of the Bruteforce Exploit Detector Tool (BED)"; mainProgram = "doona"; longDescription = '' A fork of the Bruteforce Exploit Detector Tool (BED). BED is a program which is designed to check daemons for potential buffer overflows, format string bugs etc. ''; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ pamplemousse ]; }; } diff --git a/pkgs/tools/security/doppler/default.nix b/pkgs/tools/security/doppler/default.nix deleted file mode 100644 index cdeb12f08de2c..0000000000000 --- a/pkgs/tools/security/doppler/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ buildGoModule -, doppler -, fetchFromGitHub -, installShellFiles -, lib -, testers -}: - -buildGoModule rec { - pname = "doppler"; - version = "3.68.0"; - - src = fetchFromGitHub { - owner = "dopplerhq"; - repo = "cli"; - rev = version; - sha256 = "sha256-IKfLoCFJOGE200Mef660CQNMukEmpgIWo6ngOYvX5Hw="; - }; - - vendorHash = "sha256-NUHWKPszQH/pvnA+j65+bJ6t+C0FDRRbTviqkYztpE4="; - - ldflags = [ - "-s -w" - "-X github.com/DopplerHQ/cli/pkg/version.ProgramVersion=v${version}" - ]; - - nativeBuildInputs = [ installShellFiles ]; - - postInstall = '' - mv $out/bin/cli $out/bin/doppler - installShellCompletion --cmd doppler \ - --bash <($out/bin/doppler completion bash) \ - --fish <($out/bin/doppler completion fish) \ - --zsh <($out/bin/doppler completion zsh) - ''; - - passthru.tests.version = testers.testVersion { - package = doppler; - version = "v${version}"; - }; - - meta = with lib; { - description = "The official CLI for interacting with your Doppler Enclave secrets and configuration"; - mainProgram = "doppler"; - homepage = "https://doppler.com"; - license = licenses.asl20; - maintainers = with maintainers; [ lucperkins ]; - }; -} diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix index f0ddb1c0c2aae..1d04cfef35443 100644 --- a/pkgs/tools/security/duo-unix/default.nix +++ b/pkgs/tools/security/duo-unix/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { meta = { description = "Duo Security Unix login integration"; homepage = "https://duosecurity.com"; - license = lib.licenses.gpl2; + license = lib.licenses.gpl2Only; platforms = lib.platforms.unix; maintainers = [ lib.maintainers.thoughtpolice ]; }; diff --git a/pkgs/tools/security/earlybird/default.nix b/pkgs/tools/security/earlybird/default.nix index d5f001fc995aa..46b94e9d708ee 100644 --- a/pkgs/tools/security/earlybird/default.nix +++ b/pkgs/tools/security/earlybird/default.nix @@ -19,7 +19,7 @@ buildGoModule rec { ldflags = [ "-s" "-w" ]; meta = with lib; { - description = "A sensitive data detection tool capable of scanning source code repositories for passwords, key files, and more"; + description = "Sensitive data detection tool capable of scanning source code repositories for passwords, key files, and more"; mainProgram = "earlybird"; homepage = "https://github.com/americanexpress/earlybird"; changelog = "https://github.com/americanexpress/earlybird/releases/tag/v${version}"; diff --git a/pkgs/tools/security/ecdsatool/ctype-header-c99-implicit-function-declaration.patch b/pkgs/tools/security/ecdsatool/ctype-header-c99-implicit-function-declaration.patch new file mode 100644 index 0000000000000..1bbe576e452ed --- /dev/null +++ b/pkgs/tools/security/ecdsatool/ctype-header-c99-implicit-function-declaration.patch @@ -0,0 +1,12 @@ +diff --git a/libecdsaauth/base64.c b/libecdsaauth/base64.c +index 0f9b7a3..84df22a 100644 +--- a/libecdsaauth/base64.c ++++ b/libecdsaauth/base64.c +@@ -45,6 +45,7 @@ + #include <string.h> + #include <unistd.h> + #include <assert.h> ++#include <ctype.h> + + static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; diff --git a/pkgs/tools/security/ecdsatool/default.nix b/pkgs/tools/security/ecdsatool/default.nix index aa55facfd8e04..439ffac563c7a 100644 --- a/pkgs/tools/security/ecdsatool/default.nix +++ b/pkgs/tools/security/ecdsatool/default.nix @@ -16,6 +16,11 @@ stdenv.mkDerivation { ./configure --prefix=$out ''; + patches = [ + ./ctype-header-c99-implicit-function-declaration.patch + ./openssl-header-c99-implicit-function-declaration.patch + ]; + nativeBuildInputs = with pkgs; [openssl autoconf automake]; buildInputs = with pkgs; [libuecc]; diff --git a/pkgs/tools/security/ecdsatool/openssl-header-c99-implicit-function-declaration.patch b/pkgs/tools/security/ecdsatool/openssl-header-c99-implicit-function-declaration.patch new file mode 100644 index 0000000000000..1821743c18038 --- /dev/null +++ b/pkgs/tools/security/ecdsatool/openssl-header-c99-implicit-function-declaration.patch @@ -0,0 +1,33 @@ +diff --git a/libecdsaauth/keypair.c b/libecdsaauth/keypair.c +index 5e098c5..b5dd21e 100644 +--- a/libecdsaauth/keypair.c ++++ b/libecdsaauth/keypair.c +@@ -22,6 +22,7 @@ + + #include <string.h> + #include <stdlib.h> ++#include <openssl/pem.h> + + static inline libecdsaauth_key_t *libecdsaauth_key_alloc(void) + { +diff --git a/tool/main.c b/tool/main.c +index 23d19a3..f88016c 100644 +--- a/tool/main.c ++++ b/tool/main.c +@@ -21,6 +21,7 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> ++#include <openssl/pem.h> + + #include "libecdsaauth/keypair.h" + #include "libecdsaauth/op.h" +@@ -41,7 +42,7 @@ static int tool_keygen(int argc, const char *argv[]) + key = libecdsaauth_key_new(); + + pubout = fopen(argv[1], "w"); +- PEM_write_ECPrivateKey(pubout, key->eckey, NULL, NULL, 0, NULL); ++ PEM_write_ECPrivateKey(pubout, key->eckey, NULL, NULL, 0, NULL, NULL); + fclose(pubout); + + pubkey = libecdsaauth_key_public_key_base64(key); diff --git a/pkgs/tools/security/echidna/default.nix b/pkgs/tools/security/echidna/default.nix index 7f503acd6f0bd..b6c0d652ebb31 100644 --- a/pkgs/tools/security/echidna/default.nix +++ b/pkgs/tools/security/echidna/default.nix @@ -1,9 +1,7 @@ { lib , mkDerivation , fetchFromGitHub -, fetchpatch , haskellPackages -, haskell , slither-analyzer }: diff --git a/pkgs/tools/security/efitools/aarch64.patch b/pkgs/tools/security/efitools/aarch64.patch new file mode 100644 index 0000000000000..89a77aafd3f5e --- /dev/null +++ b/pkgs/tools/security/efitools/aarch64.patch @@ -0,0 +1,16 @@ +diff --git a/Make.rules b/Make.rules +index 903a5a4..59eca2f 100644 +--- a/Make.rules ++++ b/Make.rules +@@ -51,11 +51,6 @@ ifeq ($(ARCH),arm) + FORMAT = -O binary + endif + +-ifeq ($(ARCH),aarch64) +- LDFLAGS += --defsym=EFI_SUBSYSTEM=0x0a +- FORMAT = -O binary +-endif +- + %.efi: %.so + $(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic -j .dynsym \ + -j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \ diff --git a/pkgs/tools/security/efitools/default.nix b/pkgs/tools/security/efitools/default.nix index 70032504f475f..fac59ef8d7737 100644 --- a/pkgs/tools/security/efitools/default.nix +++ b/pkgs/tools/security/efitools/default.nix @@ -21,6 +21,11 @@ stdenv.mkDerivation rec { sha256 = "0jabgl2pxvfl780yvghq131ylpf82k7banjz0ksjhlm66ik8gb1i"; }; + # https://github.com/ncroxon/gnu-efi/issues/7#issuecomment-2122741592 + patches = [ + ./aarch64.patch + ]; + postPatch = '' sed -i -e 's#/usr/include/efi#${gnu-efi}/include/efi/#g' Make.rules sed -i -e 's#/usr/lib64/gnuefi#${gnu-efi}/lib/#g' Make.rules @@ -32,7 +37,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Tools for manipulating UEFI secure boot platforms"; homepage = "https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = [ maintainers.grahamc ]; platforms = platforms.linux; }; diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index 5a330c7126fab..408d40609403c 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -16,19 +16,19 @@ , openssl , p11-kit , pcsclite -, wrapGAppsHook +, wrapGAppsHook3 }: stdenv.mkDerivation rec { pname = "eid-mw"; # NOTE: Don't just blindly update to the latest version/tag. Releases are always for a specific OS. - version = "5.1.16"; + version = "5.1.19"; src = fetchFromGitHub { owner = "Fedict"; repo = "eid-mw"; rev = "v${version}"; - hash = "sha256-UOZVCTXiqYnatS/ZhJZZprqtwtkVt8EJRHZ9XuX5W5o="; + hash = "sha256-SGdM3GJECFZwd4tAQ6YP7H7YB6DngvD4IU9DTXbJEIo="; }; postPatch = '' @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { ''; - nativeBuildInputs = [ wrapGAppsHook autoreconfHook autoconf-archive pkg-config makeWrapper ]; + nativeBuildInputs = [ wrapGAppsHook3 autoreconfHook autoconf-archive pkg-config makeWrapper ]; buildInputs = [ curl gtk3 libassuan libbsd libproxy libxml2 openssl p11-kit pcsclite ]; preConfigure = '' diff --git a/pkgs/tools/security/enc/default.nix b/pkgs/tools/security/enc/default.nix index c5f4d62586c5b..cec98aff11511 100644 --- a/pkgs/tools/security/enc/default.nix +++ b/pkgs/tools/security/enc/default.nix @@ -40,7 +40,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://github.com/life4/enc"; changelog = "https://github.com/life4/enc/releases/tag/v${version}"; - description = "A modern and friendly alternative to GnuPG"; + description = "Modern and friendly alternative to GnuPG"; mainProgram = "enc"; longDescription = '' Enc is a CLI tool for encryption, a modern and friendly alternative to GnuPG. diff --git a/pkgs/tools/security/enpass/default.nix b/pkgs/tools/security/enpass/default.nix index d95ba0baa9bec..7ef13bce43075 100644 --- a/pkgs/tools/security/enpass/default.nix +++ b/pkgs/tools/security/enpass/default.nix @@ -57,7 +57,7 @@ let }; meta = with lib; { - description = "A well known password manager"; + description = "Well known password manager"; homepage = "https://www.enpass.io/"; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; license = licenses.unfree; diff --git a/pkgs/tools/security/enum4linux/default.nix b/pkgs/tools/security/enum4linux/default.nix index dd054b58caa59..4703bae488db9 100644 --- a/pkgs/tools/security/enum4linux/default.nix +++ b/pkgs/tools/security/enum4linux/default.nix @@ -39,7 +39,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = "A tool for enumerating information from Windows and Samba systems"; + description = "Tool for enumerating information from Windows and Samba systems"; mainProgram = "enum4linux"; homepage = "https://labs.portcullis.co.uk/tools/enum4linux/"; license = licenses.gpl2Plus; diff --git a/pkgs/tools/security/evil-winrm/default.nix b/pkgs/tools/security/evil-winrm/default.nix index ab406caafb65c..b8e88e1db9ebd 100644 --- a/pkgs/tools/security/evil-winrm/default.nix +++ b/pkgs/tools/security/evil-winrm/default.nix @@ -42,6 +42,5 @@ stdenv.mkDerivation rec { homepage = "https://github.com/Hackplayers/evil-winrm"; changelog = "https://github.com/Hackplayers/evil-winrm/blob/v${version}/CHANGELOG.md"; license = licenses.lgpl3Plus; - maintainers = with maintainers; [ elohmeier ]; }; } diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index 95733ff5b4bd7..086927a43fcea 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2024-05-02"; + version = "2024-06-15"; src = fetchFromGitLab { owner = "exploit-database"; repo = "exploitdb"; rev = "refs/tags/${version}"; - hash = "sha256-ijfQUvQWEm/657F0GXPBaxEQMkHeU+3N9Lp/om8eB40="; + hash = "sha256-bETNSUv36GobOke1bwE+uTSRqln3kANqfl8UIx7bdjM="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index 0ed0af4e0698b..7526c21d68118 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -73,7 +73,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { homepage = "https://www.fail2ban.org/"; - description = "A program that scans log files for repeated failing login attempts and bans IP addresses"; + description = "Program that scans log files for repeated failing login attempts and bans IP addresses"; license = licenses.gpl2Plus; maintainers = with maintainers; [ eelco lovek323 ]; }; diff --git a/pkgs/tools/security/faraday-agent-dispatcher/default.nix b/pkgs/tools/security/faraday-agent-dispatcher/default.nix index 8c390f2b6f7aa..2a44e8186ed1b 100644 --- a/pkgs/tools/security/faraday-agent-dispatcher/default.nix +++ b/pkgs/tools/security/faraday-agent-dispatcher/default.nix @@ -5,31 +5,34 @@ python3.pkgs.buildPythonApplication rec { pname = "faraday-agent-dispatcher"; - version = "3.3.0"; + version = "3.4.1"; pyproject = true; src = fetchFromGitHub { owner = "infobyte"; repo = "faraday_agent_dispatcher"; rev = "refs/tags/${version}"; - hash = "sha256-rpi8S6pmei8MaACnfmOKFK+nNpljoMglu2uk75zvs9I="; + hash = "sha256-b62WO1+5EWzsTCzeZPX9T+ho8Sig46lH/9dPmGGhPWA="; }; postPatch = '' substituteInPlace setup.py \ - --replace '"pytest-runner",' "" + --replace-fail '"pytest-runner",' "" ''; pythonRelaxDeps = [ "python-socketio" ]; + build-system = with python3.pkgs; [ + setuptools-scm + ]; + nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook - setuptools-scm ]; - propagatedBuildInputs = with python3.pkgs; [ + dependencies = with python3.pkgs; [ aiohttp click faraday-agent-parameters-types @@ -71,10 +74,10 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool to send result from tools to the Faraday Platform"; - mainProgram = "faraday-dispatcher"; homepage = "https://github.com/infobyte/faraday_agent_dispatcher"; changelog = "https://github.com/infobyte/faraday_agent_dispatcher/releases/tag/${version}"; - license = with licenses; [ gpl3Only ]; + license = licenses.gpl3Only; maintainers = with maintainers; [ fab ]; + mainProgram = "faraday-dispatcher"; }; } diff --git a/pkgs/tools/security/fcrackzip/default.nix b/pkgs/tools/security/fcrackzip/default.nix index 31d0b44fb710d..6a60878c88d76 100644 --- a/pkgs/tools/security/fcrackzip/default.nix +++ b/pkgs/tools/security/fcrackzip/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0l1qsk949vnz18k4vjf3ppq8p497966x4c7f2yx18x8pk35whn2a"; }; + CFLAGS = "-std=gnu89"; + # 'fcrackzip --use-unzip' cannot deal with file names containing a single quote # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430387 patches = [ ./fcrackzip_forkexec.patch ]; @@ -18,7 +20,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "zip password cracker, similar to fzc, zipcrack and others"; homepage = "http://oldhome.schmorp.de/marc/fcrackzip.html"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ nico202 ]; platforms = with platforms; unix; }; diff --git a/pkgs/tools/security/feroxbuster/default.nix b/pkgs/tools/security/feroxbuster/default.nix index 0459519c43f76..f4e361332e96e 100644 --- a/pkgs/tools/security/feroxbuster/default.nix +++ b/pkgs/tools/security/feroxbuster/default.nix @@ -5,6 +5,7 @@ , pkg-config , rustPlatform , Security +, SystemConfiguration }: rustPlatform.buildRustPackage rec { @@ -35,6 +36,7 @@ rustPlatform.buildRustPackage rec { openssl ] ++ lib.optionals stdenv.isDarwin [ Security + SystemConfiguration ]; # Tests require network access diff --git a/pkgs/tools/security/firefox_decrypt/default.nix b/pkgs/tools/security/firefox_decrypt/default.nix index 9ade5976e8d81..2799a990975a4 100644 --- a/pkgs/tools/security/firefox_decrypt/default.nix +++ b/pkgs/tools/security/firefox_decrypt/default.nix @@ -38,7 +38,7 @@ buildPythonApplication rec { meta = with lib; { homepage = "https://github.com/unode/firefox_decrypt"; - description = "A tool to extract passwords from profiles of Mozilla Firefox and derivates"; + description = "Tool to extract passwords from profiles of Mozilla Firefox and derivates"; mainProgram = "firefox_decrypt"; license = licenses.gpl3Plus; maintainers = with maintainers; [ schnusch ]; diff --git a/pkgs/tools/security/fpm2/default.nix b/pkgs/tools/security/fpm2/default.nix index 68781d05dc689..e59322a51c9d6 100644 --- a/pkgs/tools/security/fpm2/default.nix +++ b/pkgs/tools/security/fpm2/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { description = "GTK2 port from Figaro's Password Manager originally developed by John Conneely, with some new enhancements"; mainProgram = "fpm2"; homepage = "https://als.regnet.cz/fpm2/"; - license = licenses.gpl2; + license = licenses.gpl2Plus; platforms = platforms.linux; maintainers = with maintainers; [ hce ]; }; diff --git a/pkgs/tools/security/fscan/default.nix b/pkgs/tools/security/fscan/default.nix index 00ce9d8ec78e3..37886995b3614 100644 --- a/pkgs/tools/security/fscan/default.nix +++ b/pkgs/tools/security/fscan/default.nix @@ -2,19 +2,19 @@ buildGoModule rec { pname = "fscan"; - version = "1.8.3-build3"; + version = "1.8.4"; src = fetchFromGitHub { owner = "shadow1ng"; repo = "fscan"; rev = version; - hash = "sha256-GtOCd8JaR6tx8hoB+P9QXrEnN7Wvmv7jddhc2/8hjvQ="; + hash = "sha256-5uFSvEkTBy0veMdeeg9BmSqu+qSqCwuozK0J3kerAdE="; }; - vendorHash = "sha256-hvb2IfypwYauF3ubE36u0bTU+l/FWP/CZt6dFd9zc6s="; + vendorHash = "sha256-FFYqvGEFe7sUEb4G3ApQOuYoiDXeA54P7spmKfRiEF0="; meta = with lib; { - description = "An intranet comprehensive scanning tool"; + description = "Intranet comprehensive scanning tool"; homepage = "https://github.com/shadow1ng/fscan"; license = licenses.mit; maintainers = with maintainers; [ Misaka13514 ]; diff --git a/pkgs/tools/security/fulcio/default.nix b/pkgs/tools/security/fulcio/default.nix index 2681c7126ebe1..934cb4446ae0c 100644 --- a/pkgs/tools/security/fulcio/default.nix +++ b/pkgs/tools/security/fulcio/default.nix @@ -66,7 +66,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://github.com/sigstore/fulcio"; changelog = "https://github.com/sigstore/fulcio/releases/tag/v${version}"; - description = "A Root-CA for code signing certs - issuing certificates based on an OIDC email address"; + description = "Root-CA for code signing certs - issuing certificates based on an OIDC email address"; mainProgram = "fulcio"; longDescription = '' Fulcio is a free code signing Certificate Authority, built to make diff --git a/pkgs/tools/security/gau/default.nix b/pkgs/tools/security/gau/default.nix index dc4676a1c987f..6e04afae53dbb 100644 --- a/pkgs/tools/security/gau/default.nix +++ b/pkgs/tools/security/gau/default.nix @@ -1,24 +1,29 @@ -{ buildGoModule -, fetchFromGitHub -, lib +{ + lib, + buildGoModule, + fetchFromGitHub, }: buildGoModule rec { pname = "gau"; - version = "2.2.1"; + version = "2.2.3"; src = fetchFromGitHub { owner = "lc"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-AtKakeQnxRbFAbK/aQ4OQoEowN753jm4P4M57Oo3x1Y="; + repo = "gau"; + rev = "refs/tags/v${version}"; + hash = "sha256-1sF33uat6nwtTaXbZzO8YF4jewyQJ6HvI2l/zyTrJsg="; }; vendorHash = "sha256-nhsGhuX5AJMHg+zQUt1G1TwVgMCxnuJ2T3uBrx7bJNs="; + ldflags = [ + "-w" + "-s" + ]; + meta = with lib; { description = "Tool to fetch known URLs"; - mainProgram = "gau"; longDescription = '' getallurls (gau) fetches known URLs from various sources for any given domain. @@ -26,5 +31,6 @@ buildGoModule rec { homepage = "https://github.com/lc/gau"; license = licenses.mit; maintainers = with maintainers; [ fab ]; + mainProgram = "gau"; }; } diff --git a/pkgs/tools/security/gencfsm/default.nix b/pkgs/tools/security/gencfsm/default.nix index 537b2caf45b39..42a0b3d9188d6 100644 --- a/pkgs/tools/security/gencfsm/default.nix +++ b/pkgs/tools/security/gencfsm/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl, autoconf, automake, intltool, libtool, pkg-config -, encfs, libsecret , glib , libgee, gtk3, vala, wrapGAppsHook, xorg +, encfs, libsecret , glib , libgee, gtk3, vala, wrapGAppsHook3, xorg , gobject-introspection }: @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { libtool pkg-config vala - wrapGAppsHook + wrapGAppsHook3 gobject-introspection ]; buildInputs = [ diff --git a/pkgs/tools/security/genpass/default.nix b/pkgs/tools/security/genpass/default.nix index 243132bb263dd..da6b5c5bda08b 100644 --- a/pkgs/tools/security/genpass/default.nix +++ b/pkgs/tools/security/genpass/default.nix @@ -20,7 +20,7 @@ rustPlatform.buildRustPackage rec { buildInputs = lib.optionals stdenv.isDarwin [ CoreFoundation libiconv Security ]; meta = with lib; { - description = "A simple yet robust commandline random password generator"; + description = "Simple yet robust commandline random password generator"; mainProgram = "genpass"; homepage = "https://sr.ht/~cyplo/genpass/"; license = licenses.agpl3Only; diff --git a/pkgs/tools/security/ggshield/default.nix b/pkgs/tools/security/ggshield/default.nix index eb0c5c9d2a95e..aba9ce1c22775 100644 --- a/pkgs/tools/security/ggshield/default.nix +++ b/pkgs/tools/security/ggshield/default.nix @@ -1,29 +1,29 @@ -{ lib -, fetchFromGitHub -, git -, python3 +{ + lib, + fetchFromGitHub, + git, + python3, }: python3.pkgs.buildPythonApplication rec { pname = "ggshield"; - version = "1.25.0"; + version = "1.28.0"; pyproject = true; src = fetchFromGitHub { owner = "GitGuardian"; repo = "ggshield"; rev = "refs/tags/v${version}"; - hash = "sha256-D6+0ZYuOiCy5LonP1Ob7PlWmBXvLwU3PODOT6F+70HY="; + hash = "sha256-iayxm234Rvi5O0Vb0RCid0iAvRQ2fCjoKAQVJY/9nbE="; }; pythonRelaxDeps = true; - nativeBuildInputs = with python3.pkgs; [ - pythonRelaxDepsHook - setuptools - ]; + build-system = with python3.pkgs; [ setuptools ]; + + nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook ]; - propagatedBuildInputs = with python3.pkgs; [ + dependencies = with python3.pkgs; [ appdirs charset-normalizer click @@ -40,25 +40,27 @@ python3.pkgs.buildPythonApplication rec { rich ]; - nativeCheckInputs = [ - git - ] ++ (with python3.pkgs; [ - jsonschema - pyfakefs - pytest-mock - pytest-voluptuous - pytestCheckHook - snapshottest - vcrpy - ]); + nativeCheckInputs = + [ git ] + ++ (with python3.pkgs; [ + jsonschema + pyfakefs + pytest-mock + pytest-voluptuous + pytestCheckHook + snapshottest + vcrpy + ]); - pythonImportsCheck = [ - "ggshield" - ]; + pythonImportsCheck = [ "ggshield" ]; disabledTestPaths = [ # Don't run functional tests "tests/functional/" + "tests/unit/cmd/honeytoken" + "tests/unit/cmd/iac" + "tests/unit/cmd/sca/" + "tests/unit/cmd/scan/" ]; disabledTests = [ @@ -77,10 +79,10 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool to find and fix various types of hardcoded secrets and infrastructure-as-code misconfigurations"; - mainProgram = "ggshield"; homepage = "https://github.com/GitGuardian/ggshield"; changelog = "https://github.com/GitGuardian/ggshield/blob/${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ fab ]; + mainProgram = "ggshield"; }; } diff --git a/pkgs/tools/security/ghauri/default.nix b/pkgs/tools/security/ghauri/default.nix index c4d176eb2a276..426cb66b7e6f1 100644 --- a/pkgs/tools/security/ghauri/default.nix +++ b/pkgs/tools/security/ghauri/default.nix @@ -5,17 +5,21 @@ python3.pkgs.buildPythonApplication rec { pname = "ghauri"; - version = "1.3.1"; - format = "setuptools"; + version = "1.3.4"; + pyproject = true; src = fetchFromGitHub { owner = "r0oth3x49"; repo = "ghauri"; rev = "refs/tags/${version}"; - hash = "sha256-QO4/dkJU/uhP1AT1kIxDBIGBfLI1rOhOe/cHC8GwhkA="; + hash = "sha256-1xrswAxavUz3ybmT0E00pjiR8pmHvuBXE4zhAPnz5MQ="; }; - propagatedBuildInputs = with python3.pkgs; [ + build-system = with python3.pkgs; [ + setuptools + ]; + + dependencies = with python3.pkgs; [ chardet colorama requests @@ -31,10 +35,10 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool for detecting and exploiting SQL injection security flaws"; - mainProgram = "ghauri"; homepage = "https://github.com/r0oth3x49/ghauri"; changelog = "https://github.com/r0oth3x49/ghauri/releases/tag/${version}"; license = licenses.mit; maintainers = with maintainers; [ fab ]; + mainProgram = "ghauri"; }; } diff --git a/pkgs/tools/security/ghidra/0002-Load-nix-extensions.patch b/pkgs/tools/security/ghidra/0002-Load-nix-extensions.patch new file mode 100644 index 0000000000000..0e87aa71a4073 --- /dev/null +++ b/pkgs/tools/security/ghidra/0002-Load-nix-extensions.patch @@ -0,0 +1,15 @@ +diff --git a/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java b/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java +index ea12a661f0..da7779b07f 100644 +--- a/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java ++++ b/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java +@@ -36,6 +36,10 @@ public class ApplicationUtilities { + */ + public static Collection<ResourceFile> findDefaultApplicationRootDirs() { + Collection<ResourceFile> applicationRootDirs = new ArrayList<>(); ++ String nixGhidraHome = System.getenv("NIX_GHIDRAHOME"); ++ if (nixGhidraHome != null) { ++ applicationRootDirs.add(new ResourceFile(nixGhidraHome)); ++ }; + ResourceFile applicationRootDir = findPrimaryApplicationRootDir(); + if (applicationRootDir != null) { + applicationRootDirs.add(applicationRootDir); diff --git a/pkgs/tools/security/ghidra/0003-Remove-build-datestamp.patch b/pkgs/tools/security/ghidra/0003-Remove-build-datestamp.patch new file mode 100644 index 0000000000000..0a89487015024 --- /dev/null +++ b/pkgs/tools/security/ghidra/0003-Remove-build-datestamp.patch @@ -0,0 +1,26 @@ +diff --git a/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle b/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle +index bc194f219..94b00fabd 100644 +--- a/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle ++++ b/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle +@@ -82,7 +82,7 @@ dependencies { + helpPath fileTree(dir: ghidraDir + '/Features/Base', include: "**/Base.jar") + } + +-def ZIP_NAME_PREFIX = "${DISTRO_PREFIX}_${RELEASE_NAME}_${getCurrentDate()}" ++def ZIP_NAME_PREFIX = "${DISTRO_PREFIX}_${RELEASE_NAME}" + def DISTRIBUTION_DIR = file("dist") + + def pathInZip = "${project.name}" +diff --git a/gradle/root/distribution.gradle b/gradle/root/distribution.gradle +index f44c8267b..f6231c417 100644 +--- a/gradle/root/distribution.gradle ++++ b/gradle/root/distribution.gradle +@@ -32,7 +32,7 @@ apply from: "$rootProject.projectDir/gradle/support/sbom.gradle" + def currentPlatform = getCurrentPlatformName() + def PROJECT_DIR = file (rootProject.projectDir.absolutePath) + ext.DISTRIBUTION_DIR = file("$buildDir/dist") +-ext.ZIP_NAME_PREFIX = "${rootProject.DISTRO_PREFIX}_${rootProject.BUILD_DATE_SHORT}" ++ext.ZIP_NAME_PREFIX = "${rootProject.DISTRO_PREFIX}" + ext.ZIP_DIR_PREFIX = "${rootProject.DISTRO_PREFIX}" + ext.ALL_REPOS = [rootProject.file('.').getName()] + diff --git a/pkgs/tools/security/ghidra/build-extension.nix b/pkgs/tools/security/ghidra/build-extension.nix new file mode 100644 index 0000000000000..373f35784e546 --- /dev/null +++ b/pkgs/tools/security/ghidra/build-extension.nix @@ -0,0 +1,78 @@ +{ lib +, stdenv +, unzip +, jdk +, gradle +, ghidra +}: + +let + metaCommon = oldMeta: + oldMeta // (with lib; { + maintainers = (oldMeta.maintainers or []) ++ (with maintainers; [ vringar ]); + platforms = oldMeta.platforms or ghidra.meta.platforms; + }); + + buildGhidraExtension = { + pname, nativeBuildInputs ? [], meta ? { }, ... + }@args: + stdenv.mkDerivation (args // { + nativeBuildInputs = nativeBuildInputs ++ [ + unzip + jdk + gradle + ]; + + buildPhase = args.buildPhase or '' + runHook preBuild + + # Set project name, otherwise defaults to directory name + echo -e '\nrootProject.name = "${pname}"' >> settings.gradle + + export GRADLE_USER_HOME=$(mktemp -d) + gradle \ + --offline \ + --no-daemon \ + -PGHIDRA_INSTALL_DIR=${ghidra}/lib/ghidra + + runHook postBuild + ''; + + installPhase = args.installPhase or '' + runHook preInstall + + mkdir -p $out/lib/ghidra/Ghidra/Extensions + unzip -d $out/lib/ghidra/Ghidra/Extensions dist/*.zip + + runHook postInstall + ''; + + meta = metaCommon meta; + }); + + buildGhidraScripts = { pname, meta ? { }, ... }@args: + stdenv.mkDerivation (args // { + installPhase = '' + runHook preInstall + + GHIDRA_HOME=$out/lib/ghidra/Ghidra/Extensions/${pname} + mkdir -p $GHIDRA_HOME + cp -r . $GHIDRA_HOME/ghidra_scripts + + touch $GHIDRA_HOME/Module.manifest + cat <<'EOF' > extension.properties + name=${pname} + description=${meta.description or ""} + author= + createdOn= + version=${lib.getVersion ghidra} + + EOF + + runHook postInstall + ''; + + meta = metaCommon meta; + }); +in + { inherit buildGhidraExtension buildGhidraScripts; } diff --git a/pkgs/tools/security/ghidra/build.nix b/pkgs/tools/security/ghidra/build.nix index cb658615f3047..ba23647c9c2db 100644 --- a/pkgs/tools/security/ghidra/build.nix +++ b/pkgs/tools/security/ghidra/build.nix @@ -1,41 +1,79 @@ { stdenv , fetchFromGitHub , lib +, callPackage , gradle_7 , perl -, makeWrapper +, makeBinaryWrapper , openjdk17 , unzip , makeDesktopItem +, copyDesktopItems +, desktopToDarwinBundle , icoutils , xcbuild , protobuf +, ghidra-extensions }: let pkg_path = "$out/lib/ghidra"; pname = "ghidra"; - version = "11.0.2"; + version = "11.0.3"; + releaseName = "NIX"; + distroPrefix = "ghidra_${version}_${releaseName}"; src = fetchFromGitHub { owner = "NationalSecurityAgency"; repo = "Ghidra"; rev = "Ghidra_${version}_build"; - hash = "sha256-Q5nolgqBG2LFVoEeEtzEPTt/cAHubPlRIFt3SYX9z1Y="; + hash = "sha256-IiLxaJvfJcK275FDZEsUCGp7haJjp8O2fUIoM4F9H30="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + git rev-parse HEAD > $out/COMMIT + # 1970-Jan-01 + date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%b-%d" > $out/SOURCE_DATE_EPOCH + # 19700101 + date -u -d "@$(git log -1 --pretty=%ct)" "+%Y%m%d" > $out/SOURCE_DATE_EPOCH_SHORT + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; }; gradle = gradle_7; - desktopItem = makeDesktopItem { - name = "ghidra"; - exec = "ghidra"; - icon = "ghidra"; - desktopName = "Ghidra"; - genericName = "Ghidra Software Reverse Engineering Suite"; - categories = [ "Development" ]; - }; + patches = [ + # Use our own protoc binary instead of the prebuilt one + ./0001-Use-protobuf-gradle-plugin.patch + + # Override installation directory to allow loading extensions + ./0002-Load-nix-extensions.patch + + # Remove build dates from output filenames for easier reference + ./0003-Remove-build-datestamp.patch + ]; + + postPatch = '' + # Set name of release (eg. PUBLIC, DEV, etc.) + sed -i -e 's/application\.release\.name=.*/application.release.name=${releaseName}/' Ghidra/application.properties + + # Set build date and git revision + echo "application.build.date=$(cat SOURCE_DATE_EPOCH)" >> Ghidra/application.properties + echo "application.build.date.short=$(cat SOURCE_DATE_EPOCH_SHORT)" >> Ghidra/application.properties + echo "application.revision.ghidra=$(cat COMMIT)" >> Ghidra/application.properties + + # Tells ghidra to use our own protoc binary instead of the prebuilt one. + cat >>Ghidra/Debug/Debugger-gadp/build.gradle <<HERE + protobuf { + protoc { + path = '${protobuf}/bin/protoc' + } + } + HERE + ''; - # postPatch scripts. # Adds a gradle step that downloads all the dependencies to the gradle cache. addResolveStep = '' cat >>build.gradle <<HERE @@ -64,13 +102,13 @@ HERE # Taken from mindustry derivation. deps = stdenv.mkDerivation { pname = "${pname}-deps"; - inherit version src; + inherit version src patches; - patches = [ ./0001-Use-protobuf-gradle-plugin.patch ]; postPatch = addResolveStep; nativeBuildInputs = [ gradle perl ] ++ lib.optional stdenv.isDarwin xcbuild; buildPhase = '' + runHook preBuild export HOME="$NIX_BUILD_TOP/home" mkdir -p "$HOME" export JAVA_TOOL_OPTIONS="-Duser.home='$HOME'" @@ -81,33 +119,54 @@ HERE # Then, fetch the maven dependencies. gradle --no-daemon --info -Dorg.gradle.java.home=${openjdk17} resolveDependencies + runHook postBuild ''; # perl code mavenizes pathes (com.squareup.okio/okio/1.13.0/a9283170b7305c8d92d25aff02a6ab7e45d06cbe/okio-1.13.0.jar -> com/squareup/okio/okio/1.13.0/okio-1.13.0.jar) installPhase = '' + runHook preInstall find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \ | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/maven/$x/$3/$4/$5" #e' \ | sh cp -r dependencies $out/dependencies + runHook postInstall ''; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "sha256-nKfJiGoZlDEpbCmYVKNZXz2PYIosCd4nPFdy3MfprHc="; }; -in stdenv.mkDerivation { - inherit pname version src; +in stdenv.mkDerivation (finalAttrs: { + inherit pname version src patches postPatch; + + desktopItems = [ + (makeDesktopItem { + name = "ghidra"; + exec = "ghidra"; + icon = "ghidra"; + desktopName = "Ghidra"; + genericName = "Ghidra Software Reverse Engineering Suite"; + categories = [ "Development" ]; + terminal = false; + }) + ]; nativeBuildInputs = [ - gradle unzip makeWrapper icoutils protobuf - ] ++ lib.optional stdenv.isDarwin xcbuild; + gradle + unzip + makeBinaryWrapper + copyDesktopItems + protobuf + ] ++ lib.optionals stdenv.isDarwin [ + xcbuild + desktopToDarwinBundle + ]; dontStrip = true; - patches = [ - ./0001-Use-protobuf-gradle-plugin.patch - ]; + __darwinAllowLocalNetworking = true; buildPhase = '' + runHook preBuild export HOME="$NIX_BUILD_TOP/home" mkdir -p "$HOME" export JAVA_TOOL_OPTIONS="-Duser.home='$HOME'" @@ -117,9 +176,12 @@ in stdenv.mkDerivation { sed -i "s#mavenLocal()#mavenLocal(); maven { url '${deps}/maven' }#g" build.gradle gradle --offline --no-daemon --info -Dorg.gradle.java.home=${openjdk17} buildGhidra + runHook postBuild ''; installPhase = '' + runHook preInstall + mkdir -p "${pkg_path}" "$out/share/applications" ZIP=build/dist/$(ls build/dist) @@ -129,26 +191,34 @@ in stdenv.mkDerivation { mv "${pkg_path}"/*/* "${pkg_path}" rmdir "''${f[@]}" - ln -s ${desktopItem}/share/applications/* $out/share/applications - - icotool -x "Ghidra/RuntimeScripts/Windows/support/ghidra.ico" - rm ghidra_4_40x40x32.png - for f in ghidra_*.png; do - res=$(basename "$f" ".png" | cut -d"_" -f3 | cut -d"x" -f1-2) - mkdir -pv "$out/share/icons/hicolor/$res/apps" - mv "$f" "$out/share/icons/hicolor/$res/apps/ghidra.png" + for f in Ghidra/Framework/Gui/src/main/resources/images/GhidraIcon*.png; do + res=$(basename "$f" ".png" | cut -d"_" -f3 | cut -c11-) + install -Dm444 "$f" "$out/share/icons/hicolor/''${res}x''${res}/apps/ghidra.png" done; + # improved macOS icon support + install -Dm444 Ghidra/Framework/Gui/src/main/resources/images/GhidraIcon64.png $out/share/icons/hicolor/32x32@2/apps/ghidra.png + + runHook postInstall ''; postFixup = '' mkdir -p "$out/bin" ln -s "${pkg_path}/ghidraRun" "$out/bin/ghidra" wrapProgram "${pkg_path}/support/launch.sh" \ + --set-default NIX_GHIDRAHOME "${pkg_path}/Ghidra" \ --prefix PATH : ${lib.makeBinPath [ openjdk17 ]} ''; + passthru = { + inherit releaseName distroPrefix; + inherit (ghidra-extensions.override { ghidra = finalAttrs.finalPackage; }) buildGhidraExtension buildGhidraScripts; + + withExtensions = callPackage ./with-extensions.nix { ghidra = finalAttrs.finalPackage; }; + }; + meta = with lib; { - description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; + changelog = "https://htmlpreview.github.io/?https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_${finalAttrs.version}_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html"; + description = "Software reverse engineering (SRE) suite of tools"; mainProgram = "ghidra"; homepage = "https://ghidra-sre.org/"; platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; @@ -157,8 +227,8 @@ in stdenv.mkDerivation { binaryBytecode # deps ]; license = licenses.asl20; - maintainers = with maintainers; [ roblabla ]; + maintainers = with maintainers; [ roblabla vringar ]; broken = stdenv.isDarwin && stdenv.isx86_64; }; -} +}) diff --git a/pkgs/tools/security/ghidra/default.nix b/pkgs/tools/security/ghidra/default.nix index 2337b36eb7c8e..2788fe15974ec 100644 --- a/pkgs/tools/security/ghidra/default.nix +++ b/pkgs/tools/security/ghidra/default.nix @@ -69,7 +69,7 @@ in stdenv.mkDerivation rec { ''; meta = with lib; { - description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; + description = "Software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; mainProgram = "ghidra"; homepage = "https://github.com/NationalSecurityAgency/ghidra"; platforms = [ "x86_64-linux" "x86_64-darwin" ]; diff --git a/pkgs/tools/security/ghidra/extensions.nix b/pkgs/tools/security/ghidra/extensions.nix new file mode 100644 index 0000000000000..3f30dd8ab40a6 --- /dev/null +++ b/pkgs/tools/security/ghidra/extensions.nix @@ -0,0 +1,14 @@ +{ lib, newScope, callPackage, ghidra }: + +lib.makeScope newScope (self: { + inherit (callPackage ./build-extension.nix { inherit ghidra; }) buildGhidraExtension buildGhidraScripts; + + ghidraninja-ghidra-scripts = self.callPackage ./extensions/ghidraninja-ghidra-scripts { }; + + gnudisassembler = self.callPackage ./extensions/gnudisassembler { inherit ghidra; }; + + machinelearning = self.callPackage ./extensions/machinelearning { inherit ghidra; }; + + sleighdevtools = self.callPackage ./extensions/sleighdevtools { inherit ghidra; }; + +}) diff --git a/pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix b/pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix new file mode 100644 index 0000000000000..6c5e2ec2ea2af --- /dev/null +++ b/pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix @@ -0,0 +1,36 @@ +{ lib +, fetchFromGitHub +, buildGhidraScripts +, binwalk +, swift +, yara +}: + +buildGhidraScripts { + pname = "ghidraninja-ghidra-scripts"; + version = "unstable-2020-10-07"; + + src = fetchFromGitHub { + owner = "ghidraninja"; + repo = "ghidra_scripts"; + rev = "99f2a8644a29479618f51e2d4e28f10ba5e9ac48"; + sha256 = "aElx0mp66/OHQRfXwTkqdLL0gT2T/yL00bOobYleME8="; + }; + + postPatch = '' + # Replace subprocesses with store versions + substituteInPlace binwalk.py --replace-fail 'subprocess.call(["binwalk"' 'subprocess.call(["${binwalk}/bin/binwalk"' + substituteInPlace swift_demangler.py --replace-fail '"swift"' '"${swift}/bin/swift"' + substituteInPlace yara.py --replace-fail 'subprocess.check_output(["yara"' 'subprocess.check_output(["${yara}/bin/yara"' + substituteInPlace YaraSearch.py --replace-fail '"yara "' '"${yara}/bin/yara "' + ''; + + meta = with lib; { + description = "Scripts for the Ghidra software reverse engineering suite"; + homepage = "https://github.com/ghidraninja/ghidra_scripts"; + license = with licenses; [ + gpl3Only + gpl2Only + ]; + }; +} diff --git a/pkgs/tools/security/ghidra/extensions/gnudisassembler/default.nix b/pkgs/tools/security/ghidra/extensions/gnudisassembler/default.nix new file mode 100644 index 0000000000000..7ca4b056842e9 --- /dev/null +++ b/pkgs/tools/security/ghidra/extensions/gnudisassembler/default.nix @@ -0,0 +1,71 @@ +{ lib +, stdenv +, fetchurl +, buildGhidraExtension +, ghidra +, flex +, bison +, texinfo +, perl +, zlib +, xcbuild +}: + +let + # Incorporates source from binutils + # https://github.com/NationalSecurityAgency/ghidra/blob/7ab9bf6abffb6938d61d072040fc34ad3331332b/GPL/GnuDisassembler/build.gradle#L34-L35 + binutils-version = "2.41"; + binutils-src = fetchurl { + url = "mirror://gnu/binutils/binutils-${binutils-version}.tar.bz2"; + sha256 = "sha256-pMS+wFL3uDcAJOYDieGUN38/SLVmGEGOpRBn9nqqsws="; + }; +in +buildGhidraExtension { + pname = "gnudisassembler"; + version = lib.getVersion ghidra; + + src = "${ghidra}/lib/ghidra/Extensions/Ghidra/${ghidra.distroPrefix}_GnuDisassembler.zip"; + + postPatch = '' + ln -s ${binutils-src} binutils-${binutils-version}.tar.bz2 + ''; + + # Don't modify ELF stub resources + dontPatchELF = true; + dontStrip = true; + + __darwinAllowLocalNetworking = true; + + nativeBuildInputs = [ + flex + bison + texinfo + perl + ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ + xcbuild + ]; + + buildInputs = [ + zlib + ]; + + installPhase = '' + runHook preInstall + + EXTENSIONS_ROOT=$out/lib/ghidra/Ghidra/Extensions + mkdir -p $EXTENSIONS_ROOT + unzip -d $EXTENSIONS_ROOT $src + + mkdir -p $EXTENSIONS_ROOT/GnuDisassembler/build + cp -r build/os $EXTENSIONS_ROOT/GnuDisassembler/build/ + + runHook postInstall + ''; + + meta = with lib; { + description = "Leverage the binutils disassembler capabilities for various processors"; + homepage = "https://ghidra-sre.org/"; + downloadPage = "https://github.com/NationalSecurityAgency/ghidra/tree/master/GPL/GnuDisassembler"; + license = licenses.gpl2Only; + }; +} diff --git a/pkgs/tools/security/ghidra/extensions/machinelearning/default.nix b/pkgs/tools/security/ghidra/extensions/machinelearning/default.nix new file mode 100644 index 0000000000000..ba1e315c75126 --- /dev/null +++ b/pkgs/tools/security/ghidra/extensions/machinelearning/default.nix @@ -0,0 +1,34 @@ +{ lib +, buildGhidraExtension +, ghidra +}: + +buildGhidraExtension { + pname = "machinelearning"; + version = lib.getVersion ghidra; + + src = "${ghidra}/lib/ghidra/Extensions/Ghidra/${ghidra.distroPrefix}_MachineLearning.zip"; + dontUnpack = true; + + # Built as part ghidra + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/ghidra/Ghidra/Extensions + unzip -d $out/lib/ghidra/Ghidra/Extensions $src + + runHook postInstall + ''; + + meta = with lib; { + inherit (ghidra.meta) homepage license; + description = "Finds functions using ML"; + downloadPage = "https://github.com/NationalSecurityAgency/ghidra/tree/master/Ghidra/Extensions/MachineLearning"; + sourceProvenance = with sourceTypes; [ + fromSource + binaryBytecode # deps + ]; + }; +} diff --git a/pkgs/tools/security/ghidra/extensions/sleighdevtools/default.nix b/pkgs/tools/security/ghidra/extensions/sleighdevtools/default.nix new file mode 100644 index 0000000000000..d8fd0182ab9d3 --- /dev/null +++ b/pkgs/tools/security/ghidra/extensions/sleighdevtools/default.nix @@ -0,0 +1,40 @@ +{ lib +, buildGhidraExtension +, ghidra +, python3 +}: + +buildGhidraExtension { + pname = "sleighdevtools"; + version = lib.getVersion ghidra; + + src = "${ghidra}/lib/ghidra/Extensions/Ghidra/${ghidra.distroPrefix}_SleighDevTools.zip"; + dontUnpack = true; + + # Built as part ghidra + dontBuild = true; + buildInputs = [ python3 ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/ghidra/Ghidra/Extensions + unzip -d $out/lib/ghidra/Ghidra/Extensions $src + + runHook postInstall + ''; + + meta = with lib; { + inherit (ghidra.meta) homepage license; + description = "Sleigh language development tools including external disassembler capabilities"; + longDescription = '' + Sleigh language development tools including external disassembler capabilities. + The GnuDisassembler extension may be also be required as a disassembly provider. + ''; + downloadPage = "https://github.com/NationalSecurityAgency/ghidra/tree/master/Ghidra/Extensions/SleighDevTools"; + sourceProvenance = with sourceTypes; [ + fromSource + binaryBytecode # deps + ]; + }; +} diff --git a/pkgs/tools/security/ghidra/with-extensions.nix b/pkgs/tools/security/ghidra/with-extensions.nix new file mode 100644 index 0000000000000..38165ed94f711 --- /dev/null +++ b/pkgs/tools/security/ghidra/with-extensions.nix @@ -0,0 +1,36 @@ +{ lib +, stdenv +, callPackage +, symlinkJoin +, makeBinaryWrapper +, desktopToDarwinBundle +, ghidra +}: + +let + ghidra-extensions = callPackage ./extensions.nix { inherit ghidra; }; + allExtensions = lib.filterAttrs (n: pkg: lib.isDerivation pkg) ghidra-extensions; + + /* Make Ghidra with additional extensions + Example: + pkgs.ghidra.withExtensions (p: with p; [ + ghostrings + ]); + => /nix/store/3yn0rbnz5mbrxf0x70jbjq73wgkszr5c-ghidra-with-extensions-10.2.2 + */ + withExtensions = f: (symlinkJoin { + name = "${ghidra.pname}-with-extensions-${lib.getVersion ghidra}"; + paths = (f allExtensions); + nativeBuildInputs = [ makeBinaryWrapper ] + ++ lib.optional stdenv.hostPlatform.isDarwin desktopToDarwinBundle; + postBuild = '' + makeWrapper '${ghidra}/bin/ghidra' "$out/bin/ghidra" \ + --set NIX_GHIDRAHOME "$out/lib/ghidra/Ghidra" + ln -s ${ghidra}/share $out/share + '' + lib.optionalString stdenv.hostPlatform.isDarwin '' + convertDesktopFiles $prefix + ''; + inherit (ghidra) meta; + }); +in + withExtensions diff --git a/pkgs/tools/security/gitleaks/default.nix b/pkgs/tools/security/gitleaks/default.nix index d5bca2f14f859..207ee746a107c 100644 --- a/pkgs/tools/security/gitleaks/default.nix +++ b/pkgs/tools/security/gitleaks/default.nix @@ -9,16 +9,16 @@ buildGoModule rec { pname = "gitleaks"; - version = "8.18.2"; + version = "8.18.4"; src = fetchFromGitHub { owner = "zricethezav"; repo = "gitleaks"; rev = "refs/tags/v${version}"; - hash = "sha256-+UPlknAwmIeXlosHBXl3qPREV186lfDZGZG/Zx1rxYs="; + hash = "sha256-tAomF5Ym+D/VMYXrsPlUnh3M94Xdx6I8WoU1jMouZag="; }; - vendorHash = "sha256-30IJNP4XuV2YNy1TumPUju+GrHFBYi76coy0bJBqDI4="; + vendorHash = "sha256-DgCtWRo5KNuFCdhGJvzoH2v8n7mIxNk8eHyZFPUPo24="; ldflags = [ "-s" diff --git a/pkgs/tools/security/gnome-keysign/default.nix b/pkgs/tools/security/gnome-keysign/default.nix index c70a86aaf3617..af794097cf552 100644 --- a/pkgs/tools/security/gnome-keysign/default.nix +++ b/pkgs/tools/security/gnome-keysign/default.nix @@ -1,7 +1,7 @@ { lib , fetchFromGitLab , python3 -, wrapGAppsHook +, wrapGAppsHook3 , gobject-introspection , gtk3 , glib @@ -21,7 +21,7 @@ python3.pkgs.buildPythonApplication rec { }; nativeBuildInputs = [ - wrapGAppsHook + wrapGAppsHook3 gobject-introspection ] ++ (with python3.pkgs; [ babel diff --git a/pkgs/tools/security/gnu-pw-mgr/default.nix b/pkgs/tools/security/gnu-pw-mgr/default.nix index 8478c37483662..0e1c8c0f589eb 100644 --- a/pkgs/tools/security/gnu-pw-mgr/default.nix +++ b/pkgs/tools/security/gnu-pw-mgr/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://www.gnu.org/software/gnu-pw-mgr/"; - description = "A password manager designed to make it easy to reconstruct difficult passwords"; + description = "Password manager designed to make it easy to reconstruct difficult passwords"; license = with licenses; [ gpl3Plus lgpl3Plus ]; platforms = lib.platforms.linux; maintainers = with maintainers; [ qoelet ]; diff --git a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix index 76cc2639bf90e..e594fde69dac2 100644 --- a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix +++ b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { ]; meta = with lib; { - description = "A smart-card daemon to enable the use of PKCS#11 tokens with GnuPG"; + description = "Smart-card daemon to enable the use of PKCS#11 tokens with GnuPG"; mainProgram = "gnupg-pkcs11-scd"; longDescription = '' gnupg-pkcs11 is a project to implement a BSD-licensed smart-card diff --git a/pkgs/tools/security/go-cve-search/default.nix b/pkgs/tools/security/go-cve-search/default.nix index 2e521de96ed35..e7eb19729ffb8 100644 --- a/pkgs/tools/security/go-cve-search/default.nix +++ b/pkgs/tools/security/go-cve-search/default.nix @@ -20,7 +20,7 @@ buildGoModule rec { doCheck = false; meta = with lib; { - description = "A lightweight CVE search tool"; + description = "Lightweight CVE search tool"; mainProgram = "go-cve-search"; longDescription = '' go-cve-search is a lightweight tool to search CVE (Common Vulnerabilities diff --git a/pkgs/tools/security/gopass/default.nix b/pkgs/tools/security/gopass/default.nix index 5cc6624b721d9..35961ad0abe1c 100644 --- a/pkgs/tools/security/gopass/default.nix +++ b/pkgs/tools/security/gopass/default.nix @@ -58,7 +58,7 @@ buildGoModule rec { }; meta = with lib; { - description = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go"; + description = "Slightly more awesome Standard Unix Password Manager for Teams. Written in Go"; homepage = "https://www.gopass.pw/"; license = licenses.mit; maintainers = with maintainers; [ rvolosatovs sikmir ]; diff --git a/pkgs/tools/security/gorilla-bin/default.nix b/pkgs/tools/security/gorilla-bin/default.nix index 898abbbd25a44..95ca0b08bf8ef 100644 --- a/pkgs/tools/security/gorilla-bin/default.nix +++ b/pkgs/tools/security/gorilla-bin/default.nix @@ -37,6 +37,6 @@ stdenv.mkDerivation rec { maintainers = [ lib.maintainers.namore ]; platforms = [ "x86_64-linux" ]; sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; - license = lib.licenses.gpl2; + license = lib.licenses.gpl2Plus; }; } diff --git a/pkgs/tools/security/gotestwaf/default.nix b/pkgs/tools/security/gotestwaf/default.nix index a8a759dd1c77f..28305ceb4e8ee 100644 --- a/pkgs/tools/security/gotestwaf/default.nix +++ b/pkgs/tools/security/gotestwaf/default.nix @@ -1,19 +1,20 @@ -{ lib -, buildGoModule -, fetchFromGitHub -, gotestwaf -, testers +{ + lib, + buildGoModule, + fetchFromGitHub, + gotestwaf, + testers, }: buildGoModule rec { pname = "gotestwaf"; - version = "0.4.18"; + version = "0.4.19"; src = fetchFromGitHub { owner = "wallarm"; repo = "gotestwaf"; rev = "refs/tags/v${version}"; - hash = "sha256-+AM+x/jKkoXLeWOhrCALhCDuoGCl5jt0BiCit885K7I="; + hash = "sha256-ax2HPhdaqawpFe2AZg3SVsEJLG7gEgL7632iRADpaa8="; }; vendorHash = null; diff --git a/pkgs/tools/security/gotrue/default.nix b/pkgs/tools/security/gotrue/default.nix index 06b3560dec564..6a9d77ba062a6 100644 --- a/pkgs/tools/security/gotrue/default.nix +++ b/pkgs/tools/security/gotrue/default.nix @@ -24,7 +24,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://github.com/netlify/gotrue"; - description = "An SWT based API for managing users and issuing SWT tokens"; + description = "SWT based API for managing users and issuing SWT tokens"; mainProgram = "gotrue"; changelog = "https://github.com/netlify/gotrue/releases/tag/v${version}"; license = licenses.mit; diff --git a/pkgs/tools/security/gotrue/supabase.nix b/pkgs/tools/security/gotrue/supabase.nix index 9020a0c8c9ba2..92a741167782c 100644 --- a/pkgs/tools/security/gotrue/supabase.nix +++ b/pkgs/tools/security/gotrue/supabase.nix @@ -35,7 +35,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://github.com/supabase/gotrue"; - description = "A JWT based API for managing users and issuing JWT tokens"; + description = "JWT based API for managing users and issuing JWT tokens"; mainProgram = "gotrue"; changelog = "https://github.com/supabase/gotrue/releases/tag/v${version}"; license = licenses.mit; diff --git a/pkgs/tools/security/govulncheck/default.nix b/pkgs/tools/security/govulncheck/default.nix index 166e6dd53963f..9b51c052ed564 100644 --- a/pkgs/tools/security/govulncheck/default.nix +++ b/pkgs/tools/security/govulncheck/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "govulncheck"; - version = "1.1.0"; + version = "1.1.2"; src = fetchFromGitHub { owner = "golang"; repo = "vuln"; rev = "refs/tags/v${version}"; - hash = "sha256-sS58HyrwyRv3zYi8OgiDYnKSbyu2i3KVoSX/0wQbqGw="; + hash = "sha256-kpAk6Gn/uXWPzg6thp2RYrP0kouMmEaVxZSaJpf445Y="; }; patches = [ @@ -23,7 +23,7 @@ buildGoModule rec { }) ]; - vendorHash = "sha256-ZHf//khvBGG+gRBKoKZo4NKoIJCQsbQfe2uT7cAHDcM="; + vendorHash = "sha256-0RtnyeOuvOv8cv4pFjRAR7VJB2FG6hqMML+Vz/FAjFM="; subPackages = [ "cmd/govulncheck" @@ -40,7 +40,8 @@ buildGoModule rec { meta = with lib; { homepage = "https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck"; downloadPage = "https://github.com/golang/vuln"; - description = "The database client and tools for the Go vulnerability database, also known as vuln"; + changelog = "https://github.com/golang/vuln/releases/tag/v${version}"; + description = "Database client and tools for the Go vulnerability database, also known as vuln"; mainProgram = "govulncheck"; longDescription = '' Govulncheck reports known vulnerabilities that affect Go code. It uses diff --git a/pkgs/tools/security/graphw00f/default.nix b/pkgs/tools/security/graphw00f/default.nix index 9edcf7c1f939f..da0bd6b2a3ad2 100644 --- a/pkgs/tools/security/graphw00f/default.nix +++ b/pkgs/tools/security/graphw00f/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "graphw00f"; - version = "1.1.15"; + version = "1.1.17"; format = "other"; src = fetchFromGitHub { owner = "dolevf"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-wAymwT2PRyX7m/yh6BAa8YNkH7pE69bKHKZ15phuUJo="; + hash = "sha256-VeTFwn4PANGoW2Cb/IJ1KJb4YkjjDpaU7DLv0YwRwDU="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/haka/default.nix b/pkgs/tools/security/haka/default.nix index b20abbb8bf20f..c51d582f4c0d5 100644 --- a/pkgs/tools/security/haka/default.nix +++ b/pkgs/tools/security/haka/default.nix @@ -27,7 +27,7 @@ stdenv.mkDerivation { passthru.tests = { inherit (nixosTests) haka; }; meta = { - description = "A collection of tools that allows capturing TCP/IP packets and filtering them based on Lua policy files"; + description = "Collection of tools that allows capturing TCP/IP packets and filtering them based on Lua policy files"; homepage = "http://www.haka-security.org/"; license = lib.licenses.mpl20; maintainers = [ lib.maintainers.tvestelind ]; diff --git a/pkgs/tools/security/hashcash/default.nix b/pkgs/tools/security/hashcash/default.nix index f86684178fcb2..8b1fdea1c935c 100644 --- a/pkgs/tools/security/hashcash/default.nix +++ b/pkgs/tools/security/hashcash/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Proof-of-work algorithm used as spam and denial-of-service counter measure"; homepage = "http://hashcash.org"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ kisonecat ]; }; } diff --git a/pkgs/tools/security/hashdeep/default.nix b/pkgs/tools/security/hashdeep/default.nix index 5bc752eb3611b..c870353d75b5a 100644 --- a/pkgs/tools/security/hashdeep/default.nix +++ b/pkgs/tools/security/hashdeep/default.nix @@ -31,9 +31,9 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; meta = with lib; { - description = "A set of cross-platform tools to compute hashes"; + description = "Set of cross-platform tools to compute hashes"; homepage = "https://github.com/jessek/hashdeep"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = [ maintainers.karantan ]; platforms = platforms.all; }; diff --git a/pkgs/tools/security/haveged/default.nix b/pkgs/tools/security/haveged/default.nix index c30469c3a3d93..63beadffa5646 100644 --- a/pkgs/tools/security/haveged/default.nix +++ b/pkgs/tools/security/haveged/default.nix @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { doCheck = true; meta = with lib; { - description = "A simple entropy daemon"; + description = "Simple entropy daemon"; mainProgram = "haveged"; longDescription = '' The haveged project is an attempt to provide an easy-to-use, unpredictable diff --git a/pkgs/tools/security/himitsu/default.nix b/pkgs/tools/security/himitsu/default.nix index d6bbb8fd69218..d4d6dcb211e47 100644 --- a/pkgs/tools/security/himitsu/default.nix +++ b/pkgs/tools/security/himitsu/default.nix @@ -1,38 +1,34 @@ -{ lib -, stdenv -, fetchFromSourcehut -, hare -, scdoc +{ + fetchFromSourcehut, + hareHook, + lib, + scdoc, + stdenv, }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "himitsu"; - version = "0.6"; + version = "0.7"; src = fetchFromSourcehut { - name = pname + "-src"; owner = "~sircmpwn"; - repo = pname; - rev = version; - hash = "sha256-3x6Lc1rWBtYWVocBuMV5CtoZQjL0Ce+6J2xFjaYaeG4="; + repo = "himitsu"; + rev = finalAttrs.version; + hash = "sha256-jDxQajc8Kyfihm8q3wCpA+WsbAkQEZerLckLQXNhTa8="; }; nativeBuildInputs = [ - hare + hareHook scdoc ]; - preConfigure = '' - export HARECACHE=$(mktemp -d) - ''; - - installFlags = [ "PREFIX=" "DESTDIR=$(out)" ]; + installFlags = [ "PREFIX=${builtins.placeholder "out"}" ]; meta = with lib; { homepage = "https://himitsustore.org/"; - description = "A secret storage manager"; + description = "Secret storage manager"; license = licenses.gpl3Only; maintainers = with maintainers; [ auchter ]; - inherit (hare.meta) platforms badPlatforms; + inherit (hareHook.meta) platforms badPlatforms; }; -} +}) diff --git a/pkgs/tools/security/httpx/default.nix b/pkgs/tools/security/httpx/default.nix index 80a7404be0026..cfc44441820ce 100644 --- a/pkgs/tools/security/httpx/default.nix +++ b/pkgs/tools/security/httpx/default.nix @@ -1,24 +1,23 @@ -{ buildGoModule -, fetchFromGitHub -, lib +{ + lib, + buildGoModule, + fetchFromGitHub, }: buildGoModule rec { pname = "httpx"; - version = "1.6.0"; + version = "1.6.4"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "httpx"; rev = "refs/tags/v${version}"; - hash = "sha256-q8R3X1U2Dma0A9WRWIFPSRQHndNJFE2YdfMyPEM6dr8="; + hash = "sha256-EvpCJx5OtWOM/TIz45+8lvkphnyGiI7P7hvFeuNmGfM="; }; - vendorHash = "sha256-M7oxM0hMaOT78CxbSGyYk0nhGJC8dLWAlzi/b//EiHw="; + vendorHash = "sha256-0e8P6pMvtEj28j7BQlNPkW/XpjSVBnKP/Dli+oU+J10="; - subPackages = [ - "cmd/httpx" - ]; + subPackages = [ "cmd/httpx" ]; ldflags = [ "-s" @@ -30,7 +29,6 @@ buildGoModule rec { meta = with lib; { description = "Fast and multi-purpose HTTP toolkit"; - mainProgram = "httpx"; longDescription = '' httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the @@ -40,5 +38,6 @@ buildGoModule rec { changelog = "https://github.com/projectdiscovery/httpx/releases/tag/v${version}"; license = licenses.mit; maintainers = with maintainers; [ fab ]; + mainProgram = "httpx"; }; } diff --git a/pkgs/tools/security/iaito/default.nix b/pkgs/tools/security/iaito/default.nix index 2ba6dd0aec265..79d9a65136c51 100644 --- a/pkgs/tools/security/iaito/default.nix +++ b/pkgs/tools/security/iaito/default.nix @@ -13,13 +13,13 @@ let pname = "iaito"; - version = "5.9.0"; + version = "5.9.2"; main_src = fetchFromGitHub rec { owner = "radareorg"; repo = pname; - rev = version; - hash = "sha256-Ep3Cbi0qjY4PKG0urr12y0DgX/l/Tsq8w1qlyH0lu3s="; + rev = "refs/tags/${version}"; + hash = "sha256-bq4kaP3BmDprKAxMxO+OvTceEQFeAxJ7aGDnRFHjVDA="; name = repo; }; @@ -31,8 +31,7 @@ let name = repo; }; in - -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { inherit pname version; srcs = [ main_src translations_src ]; @@ -61,9 +60,6 @@ stdenv.mkDerivation rec { radare2 ]; - # the radare2 binary package seems to not install all necessary headers. - env.NIX_CFLAGS_COMPILE = toString [ "-I" "${radare2.src}/shlr/sdb/include/sdb" ]; - postBuild = '' pushd ../../../${translations_src.name} make build -j$NIX_BUILD_CORES PREFIX=$out @@ -86,16 +82,16 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = "An official graphical interface of radare2"; - mainProgram = "iaito"; + description = "Official Qt frontend of radare2"; longDescription = '' - iaito is the official graphical interface of radare2. It's the - continuation of Cutter for radare2 after the Rizin fork. + iaito is the official graphical interface for radare2, a libre reverse + engineering framework. ''; homepage = "https://radare.org/n/iaito.html"; - changelog = "https://github.com/radareorg/iaito/releases/tag/${version}"; - license = licenses.gpl3Plus; + changelog = "https://github.com/radareorg/iaito/releases/tag/${finalAttrs.version}"; + license = licenses.gpl3Only; maintainers = with maintainers; [ azahi ]; + mainProgram = "iaito"; platforms = platforms.linux; }; -} +}) diff --git a/pkgs/tools/security/john/default.nix b/pkgs/tools/security/john/default.nix index 745b027a057e3..b06e0f3ec64ff 100644 --- a/pkgs/tools/security/john/default.nix +++ b/pkgs/tools/security/john/default.nix @@ -1,32 +1,17 @@ { lib, stdenv, fetchFromGitHub, openssl, nss, nspr, libkrb5, gmp, zlib, libpcap, re2 -, gcc, python3Packages, perl, perlPackages, makeWrapper, fetchpatch -}: +, gcc, python3Packages, perl, perlPackages, makeWrapper, }: stdenv.mkDerivation rec { pname = "john"; - version = "1.9.0-jumbo-1"; + version = "rolling-2404"; src = fetchFromGitHub { owner = "openwall"; - repo = pname; - rev = "1.9.0-Jumbo-1"; - sha256 = "sha256-O1iPh5QTMjZ78sKvGbvSpaHFbBuVc1z49UKTbMa24Rs="; + repo = "john"; + rev = "f9fedd238b0b1d69181c1fef033b85c787e96e57"; + hash = "sha256-zvoN+8Sx6qpVg2JeRLOIH1ehfl3tFTv7r5wQZ44Qsbc="; }; - patches = [ - (fetchpatch { - name = "fix-gcc-11-struct-allignment-incompatibility.patch"; - url = "https://github.com/openwall/john/commit/154ee1156d62dd207aff0052b04c61796a1fde3b.patch"; - sha256 = "sha256-3rfS2tu/TF+KW2MQiR+bh4w/FVECciTooDQNTHNw31A="; - }) - (fetchpatch { - name = "improve-apple-clang-pseudo-intrinsics-portability.patch"; - url = "https://github.com/openwall/john/commit/c9825e688d1fb9fdd8942ceb0a6b4457b0f9f9b4.patch"; - excludes = [ "doc/*" ]; - sha256 = "sha256-hgoiz7IgR4f66fMP7bV1F8knJttY8g2Hxyk3QfkTu+g="; - }) - ]; - postPatch = '' sed -ri -e ' s!^(#define\s+CFG_[A-Z]+_NAME\s+).*/!\1"'"$out"'/etc/john/! @@ -85,7 +70,7 @@ stdenv.mkDerivation rec { description = "John the Ripper password cracker"; license = licenses.gpl2Plus; homepage = "https://github.com/openwall/john/"; - maintainers = with maintainers; [ offline matthewbauer ]; + maintainers = with maintainers; [ offline matthewbauer cherrykitten ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/jwt-cli/default.nix b/pkgs/tools/security/jwt-cli/default.nix index 6d970dca9519a..db049b1fa7121 100644 --- a/pkgs/tools/security/jwt-cli/default.nix +++ b/pkgs/tools/security/jwt-cli/default.nix @@ -1,20 +1,29 @@ -{ lib, stdenv, fetchFromGitHub, rustPlatform, Security }: +{ lib, stdenv, fetchFromGitHub, installShellFiles, rustPlatform, Security }: rustPlatform.buildRustPackage rec { pname = "jwt-cli"; - version = "6.0.0"; + version = "6.1.0"; src = fetchFromGitHub { owner = "mike-engel"; repo = pname; rev = version; - sha256 = "sha256-EzXpiJGTAlTDHJwl7FwIsDHMqStj2PLD1PHmv0flBKc="; + sha256 = "sha256-iEZlT0Kyx+z/KYDw/YI3rb4eIi98Q48hEoK+6eRpJbM="; }; - cargoHash = "sha256-l1W+eYuKnMPN2wPhYPXo5ixUz2bX+FZnDazk+FbxquU="; + cargoHash = "sha256-DXyjdwVJUQpOz/Pctl35D00oSgrfehUg8wYyLdttiew="; + + nativeBuildInputs = [ installShellFiles ]; buildInputs = lib.optional stdenv.isDarwin Security; + postInstall = '' + installShellCompletion --cmd jwt \ + --bash <($out/bin/jwt completion bash) \ + --fish <($out/bin/jwt completion fish) \ + --zsh <($out/bin/jwt completion zsh) + ''; + doInstallCheck = true; installCheckPhase = '' $out/bin/jwt --version > /dev/null diff --git a/pkgs/tools/security/jwt-hack/default.nix b/pkgs/tools/security/jwt-hack/default.nix index 4922f67fe576a..2b73d69249aa2 100644 --- a/pkgs/tools/security/jwt-hack/default.nix +++ b/pkgs/tools/security/jwt-hack/default.nix @@ -1,24 +1,31 @@ -{ lib -, buildGoModule -, fetchFromGitHub +{ + lib, + buildGoModule, + fetchFromGitHub, }: buildGoModule rec { pname = "jwt-hack"; - version = "1.1.2"; + version = "1.2.0"; src = fetchFromGitHub { owner = "hahwul"; - repo = pname; - rev = "v${version}"; - hash = "sha256-K0ZtEi0zAKRlIGvorrXmtmkcMvyLIXWPnVMQANZbClk="; + repo = "jwt-hack"; + rev = "refs/tags/v${version}"; + hash = "sha256-IHR+ItI4ToINLpkVc7yrgpNTS17nD02G6x3pNMEfIW4="; }; - vendorHash = "sha256-VYh3oRy8bmtXf6AnLNi/M2kA6t+crW3AXBiGovpdt8U="; + vendorHash = "sha256-YEH+epSvyy1j0s8AIJ5+BdF47H7KqgBRC4t81noOkjo="; + + ldflags = [ + "-w" + "-s" + ]; meta = with lib; { description = "Tool for attacking JWT"; homepage = "https://github.com/hahwul/jwt-hack"; + changelog = "https://github.com/hahwul/jwt-hack/releases/tag/v${version}"; license = licenses.mit; maintainers = with maintainers; [ fab ]; mainProgram = "jwt-hack"; diff --git a/pkgs/tools/security/jwx/default.nix b/pkgs/tools/security/jwx/default.nix index ea8e69fad109b..b1dbc25b0889b 100644 --- a/pkgs/tools/security/jwx/default.nix +++ b/pkgs/tools/security/jwx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "jwx"; - version = "2.0.21"; + version = "2.1.0"; src = fetchFromGitHub { owner = "lestrrat-go"; repo = pname; rev = "v${version}"; - hash = "sha256-Rg3E+7kyyzY8NqfXMH3ENWAuCxx7+3DyyarfGNI9xxE="; + hash = "sha256-In9/RmcqiOFT1QceWls8gzgzgkBoKeUE05j0cHCecTU="; }; - vendorHash = "sha256-HHq4B0MYP2gUtV9ywrXVmWN7OpV6NVb49rVMFblOgPc="; + vendorHash = "sha256-ZS7xliFymXTE8hlc3GEMNonP5sJTZGirw5YQNzPCl3Y="; sourceRoot = "${src.name}/cmd/jwx"; diff --git a/pkgs/tools/security/katana/default.nix b/pkgs/tools/security/katana/default.nix index 98aabba79d3a3..f879f12481d5e 100644 --- a/pkgs/tools/security/katana/default.nix +++ b/pkgs/tools/security/katana/default.nix @@ -26,7 +26,7 @@ buildGoModule rec { ]; meta = with lib; { - description = "A next-generation crawling and spidering framework"; + description = "Next-generation crawling and spidering framework"; mainProgram = "katana"; homepage = "https://github.com/projectdiscovery/katana"; changelog = "https://github.com/projectdiscovery/katana/releases/tag/v${version}"; diff --git a/pkgs/tools/security/kbs2/default.nix b/pkgs/tools/security/kbs2/default.nix index 4c1c23820f5ff..4f193d4ffccb0 100644 --- a/pkgs/tools/security/kbs2/default.nix +++ b/pkgs/tools/security/kbs2/default.nix @@ -46,7 +46,7 @@ rustPlatform.buildRustPackage rec { ''; meta = with lib; { - description = "A secret manager backed by age"; + description = "Secret manager backed by age"; mainProgram = "kbs2"; homepage = "https://github.com/woodruffw/kbs2"; changelog = "https://github.com/woodruffw/kbs2/blob/v${version}/CHANGELOG.md"; diff --git a/pkgs/tools/security/kdigger/default.nix b/pkgs/tools/security/kdigger/default.nix index dc700bc8e84a9..a4f565bb791b4 100644 --- a/pkgs/tools/security/kdigger/default.nix +++ b/pkgs/tools/security/kdigger/default.nix @@ -60,7 +60,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://github.com/quarkslab/kdigger"; changelog = "https://github.com/quarkslab/kdigger/releases/tag/v${version}"; - description = "An in-pod context discovery tool for Kubernetes penetration testing"; + description = "In-pod context discovery tool for Kubernetes penetration testing"; mainProgram = "kdigger"; longDescription = '' kdigger, short for "Kubernetes digger", is a context discovery tool for diff --git a/pkgs/tools/security/kestrel/default.nix b/pkgs/tools/security/kestrel/default.nix index a94b412e67ee9..329a31447daa9 100644 --- a/pkgs/tools/security/kestrel/default.nix +++ b/pkgs/tools/security/kestrel/default.nix @@ -6,16 +6,16 @@ rustPlatform.buildRustPackage rec { pname = "kestrel"; - version = "1.0.0"; + version = "1.0.1"; src = fetchFromGitHub { owner = "finfet"; repo = pname; rev = "v${version}"; - hash = "sha256-n0XIFBCwpc6QTj3PjGp+fYtU4U+RAfA4PRcettFlxVA="; + hash = "sha256-aj8c4Hagdqoi7Q/AM0drjyrGOvqrT35sEjc2TC0ei6M="; }; - cargoHash = "sha256-GZK4IaAolU1up2bYd/2tBahcCP70hO5/shDODUD+aRE="; + cargoHash = "sha256-D3yGIZr6/jaySacdz0yOPQUpKsuYlgBGx0V/4lXuVuw="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index 38b5bf72fd315..6f77eab11323a 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -34,7 +34,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://www.keybase.io/"; - description = "The Keybase official command-line utility and service"; + description = "Keybase official command-line utility and service"; platforms = platforms.linux ++ platforms.darwin; maintainers = with maintainers; [ avaq np rvolosatovs Br1ght0ne shofius ]; license = licenses.bsd3; diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix index 577e91c24e59d..666425e4d3d0f 100644 --- a/pkgs/tools/security/keybase/gui.nix +++ b/pkgs/tools/security/keybase/gui.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchurl, alsa-lib, atk, cairo, cups, udev, libdrm, mesa , dbus, expat, fontconfig, freetype, gdk-pixbuf, glib, gtk3, libappindicator-gtk3 -, libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook +, libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook3 , runtimeShell, gsettings-desktop-schemas }: let @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoPatchelfHook - wrapGAppsHook + wrapGAppsHook3 ]; buildInputs = [ @@ -108,7 +108,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://www.keybase.io/"; - description = "The Keybase official GUI"; + description = "Keybase official GUI"; mainProgram = "keybase-gui"; platforms = [ "x86_64-linux" ]; maintainers = with maintainers; [ avaq rvolosatovs puffnfresh np Br1ght0ne shofius ]; diff --git a/pkgs/tools/security/keybase/kbfs.nix b/pkgs/tools/security/keybase/kbfs.nix index 3c508e86f76f8..b3e2974a0033b 100644 --- a/pkgs/tools/security/keybase/kbfs.nix +++ b/pkgs/tools/security/keybase/kbfs.nix @@ -13,7 +13,7 @@ buildGoModule { meta = with lib; { homepage = "https://keybase.io/docs/kbfs"; - description = "The Keybase filesystem"; + description = "Keybase filesystem"; maintainers = with maintainers; [ avaq rvolosatovs bennofs np shofius ]; license = licenses.bsd3; }; diff --git a/pkgs/tools/security/keycard-cli/default.nix b/pkgs/tools/security/keycard-cli/default.nix index 26c1d7934fbb5..017990084c56a 100644 --- a/pkgs/tools/security/keycard-cli/default.nix +++ b/pkgs/tools/security/keycard-cli/default.nix @@ -19,7 +19,7 @@ buildGoModule rec { ldflags = [ "-s" "-w" "-X main.version=${version}" ]; meta = with lib; { - description = "A command line tool and shell to manage keycards"; + description = "Command line tool and shell to manage keycards"; mainProgram = "keycard-cli"; homepage = "https://keycard.status.im"; license = licenses.mpl20; diff --git a/pkgs/tools/security/keyscope/default.nix b/pkgs/tools/security/keyscope/default.nix index 928daf4b23034..7601f22445792 100644 --- a/pkgs/tools/security/keyscope/default.nix +++ b/pkgs/tools/security/keyscope/default.nix @@ -40,7 +40,7 @@ rustPlatform.buildRustPackage rec { VERGEN_GIT_SEMVER = "v${version}"; meta = with lib; { - description = "A key and secret workflow (validation, invalidation, etc.) tool"; + description = "Key and secret workflow (validation, invalidation, etc.) tool"; mainProgram = "keyscope"; homepage = "https://github.com/spectralops/keyscope"; changelog = "https://github.com/spectralops/keyscope/blob/v${version}/CHANGELOG.md"; diff --git a/pkgs/tools/security/knowsmore/default.nix b/pkgs/tools/security/knowsmore/default.nix index f73ae1032efaa..4c460eabcbe51 100644 --- a/pkgs/tools/security/knowsmore/default.nix +++ b/pkgs/tools/security/knowsmore/default.nix @@ -1,21 +1,33 @@ -{ lib -, fetchFromGitHub -, python3 +{ + lib, + fetchFromGitHub, + python3, }: python3.pkgs.buildPythonApplication rec { pname = "knowsmore"; - version = "0.1.37"; - format = "setuptools"; + version = "0.1.38"; + pyproject = true; src = fetchFromGitHub { owner = "helviojunior"; repo = "knowsmore"; rev = "refs/tags/v${version}"; - hash = "sha256-UxBoWK3L4u9xSQaGGHpzvs/mRlmhF3EqiS/4BYyTKos="; + hash = "sha256-A68JuzlWvq3OAtgq6uAFcTTYKmL7xjKWZ0HQfVXKt4k="; }; - propagatedBuildInputs = with python3.pkgs; [ + pythonRelaxDeps = [ + "neo4j" + "urllib3" + ]; + + pythonRemoveDeps = [ "bs4" ]; + + build-system = with python3.pkgs; [ setuptools ]; + + nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook ]; + + dependencies = with python3.pkgs; [ aioconsole ansi2image beautifulsoup4 @@ -33,24 +45,18 @@ python3.pkgs.buildPythonApplication rec { xmltodict ]; - nativeCheckInputs = with python3.pkgs; [ - pytestCheckHook - ]; + nativeCheckInputs = with python3.pkgs; [ pytestCheckHook ]; - pythonImportsCheck = [ - "knowsmore" - ]; + pythonImportsCheck = [ "knowsmore" ]; - pytestFlagsArray = [ - "tests/tests*" - ]; + pytestFlagsArray = [ "tests/tests*" ]; meta = with lib; { description = "Tool for pentesting Microsoft Active Directory"; - mainProgram = "knowsmore"; homepage = "https://github.com/helviojunior/knowsmore"; changelog = "https://github.com/helviojunior/knowsmore/releases/tag/v${version}"; license = licenses.gpl3Only; maintainers = with maintainers; [ fab ]; + mainProgram = "knowsmore"; }; } diff --git a/pkgs/tools/security/kpcli/default.nix b/pkgs/tools/security/kpcli/default.nix index 0509663af1aab..5a3b0a75862f4 100644 --- a/pkgs/tools/security/kpcli/default.nix +++ b/pkgs/tools/security/kpcli/default.nix @@ -1,12 +1,12 @@ { lib, stdenv, fetchurl, makeWrapper, perl, perlPackages }: stdenv.mkDerivation rec { - version = "4.0"; + version = "4.1"; pname = "kpcli"; src = fetchurl { url = "mirror://sourceforge/kpcli/${pname}-${version}.pl"; - sha256 = "sha256-UYnX2tad3Jg00kdX5WHStI6u2pyts+SZlgj/jv4o/TU="; + sha256 = "sha256-3t8OhvRPj3oanFJKRaUVhGlF0B4E+UAlcfGMIpcet9s="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/kubeclarity/default.nix b/pkgs/tools/security/kubeclarity/default.nix index 38de010dd9319..5a9692af7924e 100644 --- a/pkgs/tools/security/kubeclarity/default.nix +++ b/pkgs/tools/security/kubeclarity/default.nix @@ -4,6 +4,7 @@ , fetchFromGitHub , lvm2 , pkg-config +, stdenv }: buildGoModule rec { @@ -17,19 +18,23 @@ buildGoModule rec { hash = "sha256-buEahr6lr+C/99ANAgYdexPX76ECW6yGMes8u2GZKh4="; }; - vendorHash = "sha256-eAqF0ohZGryRh4u+j/30BObYP23yyrTecPrt+xmn9Sg="; + vendorHash = "sha256-JY64fqzNBpo9Jwo8sWsWTVVAO5zzwxwXy0A2bgqJHuU="; + + proxyVendor = true; nativeBuildInputs = [ pkg-config ]; - buildInputs = [ + buildInputs = lib.optionals stdenv.isLinux [ btrfs-progs lvm2 ]; sourceRoot = "${src.name}/cli"; + CGO_ENABLED = "0"; + ldflags = [ "-s" "-w" diff --git a/pkgs/tools/security/kubescape/default.nix b/pkgs/tools/security/kubescape/default.nix index 2c74013c3ad19..d0f8415cbedbc 100644 --- a/pkgs/tools/security/kubescape/default.nix +++ b/pkgs/tools/security/kubescape/default.nix @@ -1,38 +1,33 @@ -{ lib -, stdenv -, buildGoModule -, fetchFromGitHub -, git -, installShellFiles -, kubescape -, testers +{ + lib, + stdenv, + buildGoModule, + fetchFromGitHub, + git, + installShellFiles, + kubescape, + testers, }: buildGoModule rec { pname = "kubescape"; - version = "3.0.8"; + version = "3.0.11"; src = fetchFromGitHub { owner = "kubescape"; repo = "kubescape"; rev = "refs/tags/v${version}"; - hash = "sha256-ZGDE9go8BmaXE1YFT/z5Nob90MhsKZ6oKrodDMu2npY="; + hash = "sha256-hxHVQ8Ssvwq5lk+b7v1kLrYeGSfJEj/FudSd0V3tUnQ="; fetchSubmodules = true; }; - vendorHash = "sha256-qFJVoWzU9rqpYbb8gzdK33rq///zizxVkWhsNV8OXOM="; + vendorHash = "sha256-iwcwhBX/Kl55G8SrI1mmkP5bj8BrLAGBdk3UnK1Xfag="; - subPackages = [ - "." - ]; + subPackages = [ "." ]; - nativeBuildInputs = [ - installShellFiles - ]; + nativeBuildInputs = [ installShellFiles ]; - nativeCheckInputs = [ - git - ]; + nativeCheckInputs = [ git ]; ldflags = [ "-s" @@ -49,7 +44,6 @@ buildGoModule rec { rm core/cautils/getter/downloadreleasedpolicy_test.go rm core/core/initutils_test.go rm core/core/list_test.go - rm core/pkg/resourcehandler/remotegitutils_test.go # Remove tests that use networking substituteInPlace core/pkg/resourcehandler/repositoryscanner_test.go \ @@ -90,7 +84,10 @@ buildGoModule rec { Jenkins, CircleCI and Github workflows. ''; license = licenses.asl20; - maintainers = with maintainers; [ fab jk ]; + maintainers = with maintainers; [ + fab + jk + ]; mainProgram = "kubescape"; broken = stdenv.isDarwin; }; diff --git a/pkgs/tools/security/kubestroyer/default.nix b/pkgs/tools/security/kubestroyer/default.nix index 8e0922e4dfb07..a3f03e605c42a 100644 --- a/pkgs/tools/security/kubestroyer/default.nix +++ b/pkgs/tools/security/kubestroyer/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "kubestroyer"; - version = "0.2"; + version = "0.3.0"; src = fetchFromGitHub { owner = "Rolix44"; repo = "Kubestroyer"; rev = "refs/tags/v${version}"; - hash = "sha256-M/abb2IT0mXwj8lAitr18VtIgC4NvapPywBwcUWr9i8="; + hash = "sha256-A4kx0Xx3p9rP8OKRLPe9AfX+rqGggtvPb7Hsg+lLkSI="; }; - vendorHash = "sha256-x0lIi4QUuYn0kv0HV4h8k61kRu10LCyELudisqUdTAg="; + vendorHash = "sha256-V6qEvMsX7tdhooW116+0ayT6RYkdjDbz6QwWb8rC4ig="; ldflags = [ "-s" diff --git a/pkgs/tools/security/ldeep/default.nix b/pkgs/tools/security/ldeep/default.nix index 0b3a2b47df4cf..098b811eb3f8d 100644 --- a/pkgs/tools/security/ldeep/default.nix +++ b/pkgs/tools/security/ldeep/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "ldeep"; - version = "1.0.53"; + version = "1.0.58"; pyproject = true; src = fetchFromGitHub { owner = "franc-pentest"; repo = "ldeep"; rev = "refs/tags/${version}"; - hash = "sha256-67jVpzvdjEcjFmTRE2YjPr4AO1iN+PakwoKcjvimt8g="; + hash = "sha256-u8qcihjGZmOAjjVBa6nLruD74zGozHnahShqUUXILcY="; }; pythonRelaxDeps = [ @@ -20,9 +20,12 @@ python3.pkgs.buildPythonApplication rec { ]; build-system = with python3.pkgs; [ + pdm-backend + ]; + + nativeBuildInputs = with python3.pkgs; [ cython pythonRelaxDepsHook - setuptools ]; dependencies = with python3.pkgs; [ @@ -50,7 +53,7 @@ python3.pkgs.buildPythonApplication rec { description = "In-depth LDAP enumeration utility"; homepage = "https://github.com/franc-pentest/ldeep"; changelog = "https://github.com/franc-pentest/ldeep/releases/tag/${version}"; - license = with licenses; [ mit ]; + license = licenses.mit; maintainers = with maintainers; [ fab ]; mainProgram = "ldeep"; }; diff --git a/pkgs/tools/security/libtpms/default.nix b/pkgs/tools/security/libtpms/default.nix index a7249481454ab..5ac368eea9f06 100644 --- a/pkgs/tools/security/libtpms/default.nix +++ b/pkgs/tools/security/libtpms/default.nix @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { ]; meta = with lib; { - description = "The libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0)"; + description = "Libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0)"; homepage = "https://github.com/stefanberger/libtpms"; license = licenses.bsd3; maintainers = [ maintainers.baloo ]; diff --git a/pkgs/tools/security/logkeys/default.nix b/pkgs/tools/security/logkeys/default.nix index 1172250f9c483..ed3180fd7e460 100644 --- a/pkgs/tools/security/logkeys/default.nix +++ b/pkgs/tools/security/logkeys/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation { preConfigure = "./autogen.sh"; meta = with lib; { - description = "A GNU/Linux keylogger that works"; + description = "GNU/Linux keylogger that works"; license = licenses.gpl3; homepage = "https://github.com/kernc/logkeys"; maintainers = with maintainers; [mikoim offline]; diff --git a/pkgs/tools/security/mantra/default.nix b/pkgs/tools/security/mantra/default.nix index 348c0afc32513..5a6b0074b46b1 100644 --- a/pkgs/tools/security/mantra/default.nix +++ b/pkgs/tools/security/mantra/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "mantra"; - version = "1.1"; + version = "2.0"; src = fetchFromGitHub { owner = "MrEmpy"; repo = "Mantra"; - rev = "refs/tags/v.${version}"; - hash = "sha256-wIFZgxl6qULDvdUeq4yiuc5dPDudKsYvVUewSL0ITNM="; + rev = "refs/tags/v${version}"; + hash = "sha256-fBcoKoTBGCyJS8+mzKXLGxcxmRsCcZFZEyMTnA5Rkbw="; }; vendorHash = null; @@ -24,7 +24,7 @@ buildGoModule rec { meta = with lib; { description = "Tool used to hunt down API key leaks in JS files and pages"; homepage = "https://github.com/MrEmpy/Mantra"; - changelog = "https://github.com/MrEmpy/Mantra/releases/tag/v.${version}"; + changelog = "https://github.com/MrEmpy/Mantra/releases/tag/v${version}"; license = licenses.gpl3Only; maintainers = with maintainers; [ fab ]; mainProgram = "mantra"; diff --git a/pkgs/tools/security/medusa/default.nix b/pkgs/tools/security/medusa/default.nix index 3a29f2a6e283e..b33f36bd30f67 100644 --- a/pkgs/tools/security/medusa/default.nix +++ b/pkgs/tools/security/medusa/default.nix @@ -30,9 +30,9 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://github.com/jmk-foofus/medusa"; - description = "A speedy, parallel, and modular, login brute-forcer"; + description = "Speedy, parallel, and modular, login brute-forcer"; mainProgram = "medusa"; - license = licenses.gpl2; + license = licenses.gpl2Plus; maintainers = with maintainers; [ ]; }; } diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile index 6d2752ed93501..55597617ab4d7 100644 --- a/pkgs/tools/security/metasploit/Gemfile +++ b/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.4.6" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.4.14" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index 1da9542ad25b5..877afc8a4f9d0 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,11 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: 55ea82f7d3f98652ea81ab1d29d3be3e55528345 - ref: refs/tags/6.4.6 + revision: 685168ecf3266361a8e7836b2a7889751b7d20b8 + ref: refs/tags/6.4.14 specs: - metasploit-framework (6.4.6) + metasploit-framework (6.4.14) + aarch64 + abbrev actionpack (~> 7.0.0) activerecord (~> 7.0.0) activesupport (~> 7.0.0) @@ -12,12 +14,16 @@ GIT aws-sdk-iam aws-sdk-s3 aws-sdk-ssm + base64 bcrypt bcrypt_pbkdf + bigdecimal bootsnap bson chunky_png + csv dnsruby + drb ed25519 em-http-request eventmachine @@ -26,6 +32,7 @@ GIT faraday-retry faye-websocket filesize + getoptlong hrr_rb_ssh-ed25519 http-cookie irb (~> 1.7.4) @@ -40,6 +47,7 @@ GIT metasploit_payloads-mettle (= 1.0.26) mqtt msgpack (~> 1.6.0) + mutex_m nessus_rest net-imap net-ldap @@ -47,7 +55,7 @@ GIT net-ssh network_interface nexpose - nokogiri (~> 1.14.0) + nokogiri octokit (~> 4.0) openssl-ccm openvas-omp @@ -87,7 +95,7 @@ GIT rubyntlm rubyzip sinatra - sqlite3 (= 1.6.6) + sqlite3 (= 1.7.3) sshkey swagger-blocks thin @@ -105,26 +113,29 @@ GIT GEM remote: https://rubygems.org/ specs: - Ascii85 (1.1.0) - actionpack (7.0.8.1) - actionview (= 7.0.8.1) - activesupport (= 7.0.8.1) + Ascii85 (1.1.1) + aarch64 (2.1.0) + racc (~> 1.6) + abbrev (0.1.2) + actionpack (7.0.8.3) + actionview (= 7.0.8.3) + activesupport (= 7.0.8.3) rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (7.0.8.1) - activesupport (= 7.0.8.1) + actionview (7.0.8.3) + activesupport (= 7.0.8.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activemodel (7.0.8.1) - activesupport (= 7.0.8.1) - activerecord (7.0.8.1) - activemodel (= 7.0.8.1) - activesupport (= 7.0.8.1) - activesupport (7.0.8.1) + activemodel (7.0.8.3) + activesupport (= 7.0.8.3) + activerecord (7.0.8.3) + activemodel (= 7.0.8.3) + activesupport (= 7.0.8.3) + activesupport (7.0.8.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -135,37 +146,37 @@ GEM arel-helpers (2.14.0) activerecord (>= 3.1.0, < 8) aws-eventstream (1.3.0) - aws-partitions (1.916.0) - aws-sdk-core (3.192.1) + aws-partitions (1.933.0) + aws-sdk-core (3.196.1) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.8) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.450.0) - aws-sdk-core (~> 3, >= 3.191.0) + aws-sdk-ec2 (1.457.1) + aws-sdk-core (~> 3, >= 3.193.0) aws-sigv4 (~> 1.1) - aws-sdk-ec2instanceconnect (1.38.0) - aws-sdk-core (~> 3, >= 3.191.0) + aws-sdk-ec2instanceconnect (1.40.0) + aws-sdk-core (~> 3, >= 3.193.0) aws-sigv4 (~> 1.1) - aws-sdk-iam (1.96.0) - aws-sdk-core (~> 3, >= 3.191.0) + aws-sdk-iam (1.98.0) + aws-sdk-core (~> 3, >= 3.193.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.79.0) - aws-sdk-core (~> 3, >= 3.191.0) + aws-sdk-kms (1.82.0) + aws-sdk-core (~> 3, >= 3.193.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.147.0) - aws-sdk-core (~> 3, >= 3.192.0) + aws-sdk-s3 (1.151.0) + aws-sdk-core (~> 3, >= 3.194.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.8) - aws-sdk-ssm (1.166.0) - aws-sdk-core (~> 3, >= 3.191.0) + aws-sdk-ssm (1.169.0) + aws-sdk-core (~> 3, >= 3.193.0) aws-sigv4 (~> 1.1) aws-sigv4 (1.8.0) aws-eventstream (~> 1, >= 1.0.2) base64 (0.2.0) bcrypt (3.1.20) - bcrypt_pbkdf (1.1.0) - bigdecimal (3.1.7) + bcrypt_pbkdf (1.1.1) + bigdecimal (3.1.8) bindata (2.4.15) bootsnap (1.18.3) msgpack (~> 1.2) @@ -175,11 +186,13 @@ GEM concurrent-ruby (1.2.3) cookiejar (0.3.4) crass (1.0.6) + csv (3.3.0) daemons (1.4.1) date (3.3.4) dnsruby (1.72.1) simpleidn (~> 0.2.1) domain_name (0.6.20240107) + drb (2.2.1) ed25519 (1.3.0) em-http-request (1.1.7) addressable (>= 2.3.4) @@ -205,6 +218,7 @@ GEM websocket-driver (>= 0.5.1) ffi (1.16.3) filesize (0.2.0) + getoptlong (0.2.1) gssapi (1.3.1) ffi (>= 1.0.1) gyoku (1.4.0) @@ -219,7 +233,7 @@ GEM domain_name (~> 0.5) http_parser.rb (0.8.0) httpclient (2.8.3) - i18n (1.14.4) + i18n (1.14.5) concurrent-ruby (~> 1.0) io-console (0.7.2) irb (1.7.4) @@ -269,14 +283,15 @@ GEM metasploit_payloads-mettle (1.0.26) method_source (1.1.0) mini_portile2 (2.8.6) - minitest (5.22.3) + minitest (5.23.1) mqtt (0.6.0) msgpack (1.6.1) multi_json (1.15.0) mustermann (3.0.0) ruby2_keywords (~> 0.0.1) + mutex_m (0.2.0) nessus_rest (0.1.6) - net-imap (0.4.10) + net-imap (0.4.11) date net-protocol net-ldap (0.19.0) @@ -287,7 +302,7 @@ GEM net-ssh (7.2.3) network_interface (0.0.4) nexpose (7.3.0) - nio4r (2.7.1) + nio4r (2.7.3) nokogiri (1.14.5) mini_portile2 (~> 2.8.0) racc (~> 1.4) @@ -302,7 +317,7 @@ GEM packetfu (2.0.0) pcaprub (~> 0.13.1) patch_finder (1.0.2) - pcaprub (0.13.1) + pcaprub (0.13.2) pdf-reader (2.12.0) Ascii85 (~> 1.0) afm (~> 0.2.1) @@ -313,7 +328,7 @@ GEM public_suffix (5.0.5) puma (6.4.2) nio4r (~> 2.0) - racc (1.7.3) + racc (1.8.0) rack (2.2.9) rack-protection (3.2.0) base64 (>= 0.1.0) @@ -327,9 +342,9 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.0.8.1) - actionpack (= 7.0.8.1) - activesupport (= 7.0.8.1) + railties (7.0.8.3) + actionpack (= 7.0.8.3) + activesupport (= 7.0.8.3) method_source rake (>= 12.2) thor (~> 1.0) @@ -341,7 +356,7 @@ GEM recog (3.1.5) nokogiri redcarpet (3.6.0) - reline (0.5.2) + reline (0.5.7) io-console (~> 0.5) rex-arch (0.1.15) rex-text @@ -351,7 +366,7 @@ GEM rex-core rex-struct2 rex-text - rex-core (0.1.31) + rex-core (0.1.32) rex-encoder (0.1.7) metasm rex-arch @@ -374,7 +389,7 @@ GEM rex-random_identifier rex-text ruby-rc4 - rex-random_identifier (0.1.11) + rex-random_identifier (0.1.12) rex-text rex-registry (0.1.5) rex-rop_builder (0.1.5) @@ -388,16 +403,17 @@ GEM rex-socket rex-text rex-struct2 (0.1.4) - rex-text (0.2.57) + rex-text (0.2.58) rex-zip (0.1.5) rex-text - rexml (3.2.6) + rexml (3.2.8) + strscan (>= 3.0.9) rkelly-remix (0.0.7) ruby-macho (4.0.1) ruby-mysql (4.1.0) ruby-rc4 (0.1.5) ruby2_keywords (0.0.5) - ruby_smb (3.3.5) + ruby_smb (3.3.8) bindata (= 2.4.15) openssl-ccm openssl-cmac @@ -408,17 +424,17 @@ GEM sawyer (0.9.2) addressable (>= 2.3.5) faraday (>= 0.17.3, < 3) - simpleidn (0.2.1) - unf (~> 0.1.4) + simpleidn (0.2.3) sinatra (3.2.0) mustermann (~> 3.0) rack (~> 2.2, >= 2.2.4) rack-protection (= 3.2.0) tilt (~> 2.0) - sqlite3 (1.6.6) + sqlite3 (1.7.3) mini_portile2 (~> 2.8.0) sshkey (3.0.0) strptime (0.2.5) + strscan (3.1.0) swagger-blocks (3.0.0) thin (1.8.2) daemons (~> 1.0, >= 1.0.9) @@ -433,9 +449,6 @@ GEM concurrent-ruby (~> 1.0) tzinfo-data (1.2024.1) tzinfo (>= 1.0.0) - unf (0.1.4) - unf_ext - unf_ext (0.0.9.1) unix-crypt (1.3.1) warden (1.2.9) rack (>= 2.0.9) @@ -459,7 +472,7 @@ GEM activesupport (>= 4.2, < 8.0) xmlrpc (0.3.3) webrick - zeitwerk (2.6.13) + zeitwerk (2.6.14) PLATFORMS ruby @@ -468,4 +481,4 @@ DEPENDENCIES metasploit-framework! BUNDLED WITH - 2.5.7 + 2.5.9 diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index f2f5ca23e8020..e5844a655017f 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.4.6"; + version = "6.4.14"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = "refs/tags/${version}"; - hash = "sha256-2O/Hl95yd+4va6TGxd5zYdsjcgBwCGOcZ2jvtoOBhBE="; + hash = "sha256-aUxHCeRBlE0CQuroxge9A/O1LA9DfQJwuwWZsPUKz1A="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix index d829b53f6c5c3..ee76850346098 100644 --- a/pkgs/tools/security/metasploit/gemset.nix +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -1,53 +1,73 @@ { + aarch64 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1c0hkbm94prkw0nb76l0il7fhz1xz5dkgzh6wwyrs88lwggv9avh"; + type = "gem"; + }; + version = "2.1.0"; + }; + abbrev = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0hj2qyx7rzpc7awhvqlm597x7qdxwi4kkml4aqnp5jylmsm4w6xd"; + type = "gem"; + }; + version = "0.1.2"; + }; actionpack = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jh83rqd6glys1b2wsihzsln8yk6zdwgiyn9xncyiav9rcwjpkax"; + sha256 = "11c5pm65m46wlqd25glmwpkji1jn1v2n918jmklxp4w9rr43dzi6"; type = "gem"; }; - version = "7.0.8.1"; + version = "7.0.8.3"; }; actionview = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ygpg75f3ffdcbxvf7s14xw3hcjin1nnx1nk3mg9mj2xc1nb60aa"; + sha256 = "0p0w1rl3f5k7m39j9gnyw5wqz6ym18bhcacisqq4zng2k6jf4893"; type = "gem"; }; - version = "7.0.8.1"; + version = "7.0.8.3"; }; activemodel = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0grdpvglh0cj96qhlxjj9bcfqkh13c1pfpcwc9ld3aw0yzvsw5a1"; + sha256 = "0y8w73rdd7x1m1gwswjhpqfbjr95hh7hcnkjqk1wz8x9gjk9njb6"; type = "gem"; }; - version = "7.0.8.1"; + version = "7.0.8.3"; }; activerecord = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0rlky1cr5kcdl0jad3nk5jpim6vjzbgkfhxnk7y492b3j2nznpcf"; + sha256 = "03pqj57md528dgwwplr234hq628allla71i1pxys2inbpp7s7vn8"; type = "gem"; }; - version = "7.0.8.1"; + version = "7.0.8.3"; }; activesupport = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ff3x7q400flzhml131ix8zfwmh13h70rs6yzbzf513g781gbbxh"; + sha256 = "1ybapgiiysxgcjyzifn34ksbwjdjzslbvbcd7v83wiry1qmiyg93"; type = "gem"; }; - version = "7.0.8.1"; + version = "7.0.8.3"; }; addressable = { groups = ["default"]; @@ -84,10 +104,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ds4v9xgsyvijnlflak4dzf1qwmda9yd5bv8jwsb56nngd399rlw"; + sha256 = "1c62cx96r0v265mywnlik43qx0wf6bjbzl54qa47x6dzjg861mvk"; type = "gem"; }; - version = "1.1.0"; + version = "1.1.1"; }; aws-eventstream = { groups = ["default"]; @@ -104,80 +124,80 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1gilrh9fb1576xm2ah0l6d33qkiabz55zpq004qqia9xavl43ylz"; + sha256 = "1axv3iicp4as5dxhmwrxf3rc7389ba94gk11yilw3vwv4hch87yx"; type = "gem"; }; - version = "1.916.0"; + version = "1.933.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1hp8rxk9wl3kmb7xabcz5hbcv7kzsvsx0wyib2fsg9d42kz149n0"; + sha256 = "0f44kp3g9g8v60f7xw769r734b7w6n774jj2njn42444ip3zwsz3"; type = "gem"; }; - version = "3.192.1"; + version = "3.196.1"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "101jjqf912jwca119v86i4inlkf2gldmmhgdm2rdk5hqrwl4yrf4"; + sha256 = "114xd77sb1wzxv1ys2dg7adzyfbfzy3k2x885slgbdwh6q9nby0f"; type = "gem"; }; - version = "1.450.0"; + version = "1.457.1"; }; aws-sdk-ec2instanceconnect = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1mhqk2s8klp8djibrhgmh9lz9nr4rh1yy7y6c86if55r07i1912c"; + sha256 = "1sjjyp90hhgbxmiw9sdscyfgjpy86m10dbr1dmxw3dmq244p3ilq"; type = "gem"; }; - version = "1.38.0"; + version = "1.40.0"; }; aws-sdk-iam = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zcvkal9ahwr84pz1cb3y9ylx3f74m4kgs4n160dfzf51b8m917l"; + sha256 = "0a2kir61jwjpwwk5nld3daxkbc38ivszrxyjs9v320cq6hk6g80v"; type = "gem"; }; - version = "1.96.0"; + version = "1.98.0"; }; aws-sdk-kms = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1cb0006xf5isq5drdwkvd6xz20886x3rzcj5qyly7g8gql5lc8aw"; + sha256 = "0j6wlmn9h8l571ll7pamqxk5b3mg5ms65b85w0r1qjs3v1i5xfcd"; type = "gem"; }; - version = "1.79.0"; + version = "1.82.0"; }; aws-sdk-s3 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ibw2v56k8v2sw92cyliprq1xxfyavnd60yl6ach3f4qbp156xrn"; + sha256 = "023h9xx65dd91z1sk9znhfwp4wr48imnnhdhvczv64m17r7ych4y"; type = "gem"; }; - version = "1.147.0"; + version = "1.151.0"; }; aws-sdk-ssm = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0drad0zka0kjayiy971vcl5dfp6j37wgga4xncya8w8xsrknh9s8"; + sha256 = "1liyqnj8hjyrix96kbbqflr4bh3hg07jjcx5x6bsiiqsixblq4md"; type = "gem"; }; - version = "1.166.0"; + version = "1.169.0"; }; aws-sigv4 = { groups = ["default"]; @@ -214,20 +234,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ndamfaivnkhc6hy0yqyk2gkwr6f3bz6216lh74hsiiyk3axz445"; + sha256 = "04rb3rp9bdxn1y3qiflfpj7ccwb8ghrfbydh5vfz1l9px3fpg41g"; type = "gem"; }; - version = "1.1.0"; + version = "1.1.1"; }; bigdecimal = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cq1c29zbkcxgdihqisirhcw76xc768z2zpd5vbccpq0l1lv76g7"; + sha256 = "1gi7zqgmqwi5lizggs1jhc3zlwaqayy9rx2ah80sxy24bbnng558"; type = "gem"; }; - version = "3.1.7"; + version = "3.1.8"; }; bindata = { groups = ["default"]; @@ -309,6 +329,16 @@ }; version = "1.0.6"; }; + csv = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0zfn40dvgjk1xv1z8l11hr9jfg3jncwsc9yhzsz4l4rivkpivg8b"; + type = "gem"; + }; + version = "3.3.0"; + }; daemons = { groups = ["default"]; platforms = []; @@ -349,6 +379,16 @@ }; version = "0.6.20240107"; }; + drb = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h5kbj9hvg5hb3c7l425zpds0vb42phvln2knab8nmazg2zp5m79"; + type = "gem"; + }; + version = "2.2.1"; + }; ed25519 = { groups = ["default"]; platforms = []; @@ -469,6 +509,16 @@ }; version = "0.2.0"; }; + getoptlong = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "198vy9dxyzibqdbw9jg8p2ljj9iknkyiqlyl229vz55rjxrz08zx"; + type = "gem"; + }; + version = "0.2.1"; + }; gssapi = { groups = ["default"]; platforms = []; @@ -554,10 +604,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0lbm33fpb3w06wd2231sg58dwlwgjsvym93m548ajvl6s3mfvpn7"; + sha256 = "1ffix518y7976qih9k1lgnc17i3v6yrlh0a3mckpxdb4wc2vrp16"; type = "gem"; }; - version = "1.14.4"; + version = "1.14.5"; }; io-console = { groups = ["default"]; @@ -674,12 +724,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "55ea82f7d3f98652ea81ab1d29d3be3e55528345"; - sha256 = "04c4h61vdvv8cyf6623h01r27nv1fggcbim4dcpywxvjvsbwgvyq"; + rev = "685168ecf3266361a8e7836b2a7889751b7d20b8"; + sha256 = "0l6g1bsv1685pdq04za31wnbbwq3pl3wds7a8814v521wh4lfk39"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.4.6"; + version = "6.4.14"; }; metasploit-model = { groups = ["default"]; @@ -746,10 +796,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "07lq26b86giy3ha3fhrywk9r1ajhc2pm2mzj657jnpnbj1i6g17a"; + sha256 = "1gkslxvkhh44s21rbjvka3zsvfxxrf5pcl6f75rv2vyrzzbgis7i"; type = "gem"; }; - version = "5.22.3"; + version = "5.23.1"; }; mqtt = { groups = ["default"]; @@ -791,6 +841,16 @@ }; version = "3.0.0"; }; + mutex_m = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ma093ayps1m92q845hmpk0dmadicvifkbf05rpq9pifhin0rvxn"; + type = "gem"; + }; + version = "0.2.0"; + }; nessus_rest = { groups = ["default"]; platforms = []; @@ -806,10 +866,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zn7j2w0hc622ig0rslk4iy6yp3937dy9ibhyr1mwwx39n7paxaj"; + sha256 = "1y0pzapcasfjayk4nydy04hnx11xmsv8jl8myizxhbpkdmrl10dc"; type = "gem"; }; - version = "0.4.10"; + version = "0.4.11"; }; net-ldap = { groups = ["default"]; @@ -876,10 +936,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15iwbiij52x6jhdbl0rkcldnhfndmsy0sbnsygkr9vhskfqrp72m"; + sha256 = "017nbw87dpr4wyk81cgj8kxkxqgsgblrkxnmmadc77cg9gflrfal"; type = "gem"; }; - version = "2.7.1"; + version = "2.7.3"; }; nokogiri = { dependencies = ["mini_portile2" "racc"]; @@ -967,10 +1027,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0886fcc5bi0kc0rbma5fj3wa3hbg2nl7ivnbi2j995yzg36zq7xy"; + sha256 = "0bwhm5b7f0ncazffxzlyql83khcgydx2ncav9k241gab4knkhb7l"; type = "gem"; }; - version = "0.13.1"; + version = "0.13.2"; }; pdf-reader = { groups = ["default"]; @@ -1017,10 +1077,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "01b9662zd2x9bp4rdjfid07h09zxj7kvn7f5fghbqhzc625ap1dp"; + sha256 = "021s7maw0c4d9a6s07vbmllrzqsj2sgmrwimlh8ffkvwqdjrld09"; type = "gem"; }; - version = "1.7.3"; + version = "1.8.0"; }; rack = { groups = ["default"]; @@ -1077,10 +1137,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "08ga56kz6a37dnlmi7y45r19fcc7jzb62mrc3ifavbzggmhy7r62"; + sha256 = "0sxki005rl1315mp78csayvfdx5zxjvwv8xmcfyjksgq27cimk5r"; type = "gem"; }; - version = "7.0.8.1"; + version = "7.0.8.3"; }; rake = { groups = ["default"]; @@ -1137,10 +1197,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0xwf7i2kvgaxbpdqqkncv9dpfhlj55shig4sdzgy7kgbfj09mm03"; + sha256 = "06rlp3wjcbwbgw3xlawclzzmj6ryn6ap65nh54x5yzgx0c3jlqqz"; type = "gem"; }; - version = "0.5.2"; + version = "0.5.7"; }; rex-arch = { groups = ["default"]; @@ -1167,10 +1227,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0s5fz1fipk2x9grd8rj7n09wfmq78kdhw9fvrmgr9z52zi640xzs"; + sha256 = "0468gxcwhzp5y7lahkf0cg4vyy01wb2fk6w1rx4fgh1l9330a64b"; type = "gem"; }; - version = "0.1.31"; + version = "0.1.32"; }; rex-encoder = { groups = ["default"]; @@ -1247,10 +1307,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1qxc05f0xvradyp50vz8s1h9lzgh9c31nz8yq7r22bph03v71f0c"; + sha256 = "02709z33zcbq2i3ca66b94n3aqbd8r6ib1dgb2fby1vk5nrg18p9"; type = "gem"; }; - version = "0.1.11"; + version = "0.1.12"; }; rex-registry = { groups = ["default"]; @@ -1307,10 +1367,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "08wrqy8sgncsn6kcplw7bl6c2bmyj9fza7x77wrlwh1gza7pcjk4"; + sha256 = "04icj61kn5bnd939km6y49ylv8sbkqb96jld91nbrijahawcf5yz"; type = "gem"; }; - version = "0.2.57"; + version = "0.2.58"; }; rex-zip = { groups = ["default"]; @@ -1327,10 +1387,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "05i8518ay14kjbma550mv0jm8a6di8yp5phzrd8rj44z9qnrlrp0"; + sha256 = "0d8ivcirrrxpkpjc1c835wknc9s2fl54xpw08s177yfrh5ish209"; type = "gem"; }; - version = "3.2.6"; + version = "3.2.8"; }; rkelly-remix = { groups = ["default"]; @@ -1387,10 +1447,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0fwk5hqaph37apa5zf1mg2n2wd5lkz3sgwl0f4ndhkv1vfxbb2ys"; + sha256 = "1hw3hj2q0xkqr90snzrpiqfa7lsc5k4w6bgdj624vxkh7q0nnfw7"; type = "gem"; }; - version = "3.3.5"; + version = "3.3.8"; }; rubyntlm = { groups = ["default"]; @@ -1427,10 +1487,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06f7w6ph3bzzqk212yylfp4jfx275shgp9zg3xszbpv1ny2skp9m"; + sha256 = "0a9c1mdy12y81ck7mcn9f9i2s2wwzjh1nr92ps354q517zq9dkh8"; type = "gem"; }; - version = "0.2.1"; + version = "0.2.3"; }; sinatra = { groups = ["default"]; @@ -1447,10 +1507,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15415lmz69jbzl6nch4q5l2jxv054676nk6y0vgy0g3iklmjrxvc"; + sha256 = "073hd24qwx9j26cqbk0jma0kiajjv9fb8swv9rnz8j4mf0ygcxzs"; type = "gem"; }; - version = "1.6.6"; + version = "1.7.3"; }; sshkey = { groups = ["default"]; @@ -1472,6 +1532,16 @@ }; version = "0.2.5"; }; + strscan = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0mamrl7pxacbc79ny5hzmakc9grbjysm3yy6119ppgsg44fsif01"; + type = "gem"; + }; + version = "3.1.0"; + }; swagger-blocks = { groups = ["default"]; platforms = []; @@ -1552,26 +1622,6 @@ }; version = "1.2024.1"; }; - unf = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0bh2cf73i2ffh4fcpdn9ir4mhq8zi50ik0zqa1braahzadx536a9"; - type = "gem"; - }; - version = "0.1.4"; - }; - unf_ext = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1sf6bxvf6x8gihv6j63iakixmdddgls58cpxpg32chckb2l18qcj"; - type = "gem"; - }; - version = "0.0.9.1"; - }; unix-crypt = { groups = ["default"]; platforms = []; @@ -1677,9 +1727,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1m67qmsak3x8ixs8rb971azl3l7wapri65pmbf5z886h46q63f1d"; + sha256 = "0ayraiqfhhjzpyr4yxp035002lq78ip1zhr0ix87rn3rqpnsrn3h"; type = "gem"; }; - version = "2.6.13"; + version = "2.6.14"; }; } diff --git a/pkgs/tools/security/mfcuk/default.nix b/pkgs/tools/security/mfcuk/default.nix index d6736b5b097ae..74761dd994e89 100644 --- a/pkgs/tools/security/mfcuk/default.nix +++ b/pkgs/tools/security/mfcuk/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation { meta = with lib; { description = "MiFare Classic Universal toolKit"; mainProgram = "mfcuk"; - license = licenses.gpl2; + license = licenses.gpl2Plus; homepage = "https://github.com/nfc-tools/mfcuk"; maintainers = with maintainers; [ offline ]; platforms = platforms.unix; diff --git a/pkgs/tools/security/mfoc/default.nix b/pkgs/tools/security/mfoc/default.nix index 9ede0ffc61577..bc85261305d3a 100644 --- a/pkgs/tools/security/mfoc/default.nix +++ b/pkgs/tools/security/mfoc/default.nix @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Mifare Classic Offline Cracker"; mainProgram = "mfoc"; - license = licenses.gpl2; + license = licenses.gpl2Plus; homepage = "https://github.com/nfc-tools/mfoc"; maintainers = with maintainers; [ offline ]; platforms = platforms.unix; diff --git a/pkgs/tools/security/minica/default.nix b/pkgs/tools/security/minica/default.nix index e7a05412303ee..8c351e1803618 100644 --- a/pkgs/tools/security/minica/default.nix +++ b/pkgs/tools/security/minica/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "minica"; - version = "1.0.2"; + version = "1.1.0"; src = fetchFromGitHub { owner = "jsha"; repo = "minica"; rev = "v${version}"; - sha256 = "sha256-3p6rUFFiWXhX9BBbxqWxRoyRceexvNnqcFCyNi5HoaA="; + sha256 = "sha256-YUeP3xBoZzonJYfEAOWZYCTFwOxFWySW7ezvpMLNZ1I="; }; vendorHash = null; @@ -19,7 +19,7 @@ buildGoModule rec { ldflags = [ "-s" "-w" ]; meta = with lib; { - description = "A simple tool for generating self signed certificates"; + description = "Simple tool for generating self signed certificates"; mainProgram = "minica"; longDescription = '' Minica is a simple CA intended for use in situations where the CA operator diff --git a/pkgs/tools/security/minio-certgen/default.nix b/pkgs/tools/security/minio-certgen/default.nix index fed6bdca2c546..2379de92f430c 100644 --- a/pkgs/tools/security/minio-certgen/default.nix +++ b/pkgs/tools/security/minio-certgen/default.nix @@ -2,19 +2,19 @@ buildGoModule rec { pname = "minio-certgen"; - version = "1.2.1"; + version = "1.3.0"; src = fetchFromGitHub { owner = "minio"; repo = "certgen"; rev = "v${version}"; - sha256 = "sha256-qi+SeNLW/jE2dGar4Lf16TKRT3ZTmWB/j8EsnoyrdxI="; + sha256 = "sha256-bYZfQeqPqroMkqJOqHri3l7xscEK9ml/oNLVPBVSDKk="; }; vendorHash = null; meta = with lib; { - description = "A simple Minio tool to generate self-signed certificates, and provides SAN certificates with DNS and IP entries"; + description = "Simple Minio tool to generate self-signed certificates, and provides SAN certificates with DNS and IP entries"; downloadPage = "https://github.com/minio/certgen"; license = licenses.bsd3; maintainers = with maintainers; [ bryanasdev000 ]; diff --git a/pkgs/tools/security/minisign/default.nix b/pkgs/tools/security/minisign/default.nix index aaa280f40e90b..45886a3803be7 100644 --- a/pkgs/tools/security/minisign/default.nix +++ b/pkgs/tools/security/minisign/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { buildInputs = [ libsodium ]; meta = with lib; { - description = "A simple tool for signing files and verifying signatures"; + description = "Simple tool for signing files and verifying signatures"; longDescription = '' minisign uses public key cryptography to help facilitate secure (but not necessarily private) file transfer, e.g., of software artefacts. minisign diff --git a/pkgs/tools/security/mitm6/default.nix b/pkgs/tools/security/mitm6/default.nix index f3626355fbb1c..980bc703f4abe 100644 --- a/pkgs/tools/security/mitm6/default.nix +++ b/pkgs/tools/security/mitm6/default.nix @@ -1,37 +1,38 @@ -{ lib -, fetchPypi -, python3 +{ + lib, + fetchPypi, + python3, }: python3.pkgs.buildPythonApplication rec { pname = "mitm6"; version = "0.3.0"; - format = "setuptools"; + pyproject = true; src = fetchPypi { inherit pname version; hash = "sha256-g+eFcJdgP7CQ6ntN17guJa4LdkGIb91mr/NKRPIukP8="; }; - propagatedBuildInputs = with python3.pkgs; [ - scapy + build-system = with python3.pkgs; [ setuptools ]; + + dependencies = with python3.pkgs; [ future - twisted netifaces + scapy + twisted ]; # No tests exist for mitm6. doCheck = false; - pythonImportsCheck = [ - "mitm6" - ]; + pythonImportsCheck = [ "mitm6" ]; meta = { description = "DHCPv6 network spoofing application"; - mainProgram = "mitm6"; homepage = "https://github.com/dirkjanm/mitm6"; license = lib.licenses.gpl2Only; - maintainers = with lib.maintainers; [ arcayr ]; + maintainers = with lib.maintainers; [ fab ]; + mainProgram = "mitm6"; }; } diff --git a/pkgs/tools/security/mkpasswd/default.nix b/pkgs/tools/security/mkpasswd/default.nix index 00b1e8a01501d..edbdfdc711c68 100644 --- a/pkgs/tools/security/mkpasswd/default.nix +++ b/pkgs/tools/security/mkpasswd/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation { homepage = "https://packages.qa.debian.org/w/whois.html"; description = "Overfeatured front-end to crypt, from the Debian whois package"; mainProgram = "mkpasswd"; - license = licenses.gpl2; + license = licenses.gpl2Plus; maintainers = with maintainers; [ fpletz ]; platforms = platforms.unix; }; diff --git a/pkgs/tools/security/mkrand/default.nix b/pkgs/tools/security/mkrand/default.nix index b0ebe7e521fa7..38ef22117fa33 100644 --- a/pkgs/tools/security/mkrand/default.nix +++ b/pkgs/tools/security/mkrand/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { doCheck = true; meta = { - description = "A Digital Random Bit Generator"; + description = "Digital Random Bit Generator"; mainProgram = "mkrand"; longDescription = "MKRAND is a utility for generating random information."; homepage = "https://github.com/mknight-tag/MKRAND/"; diff --git a/pkgs/tools/security/mpw/default.nix b/pkgs/tools/security/mpw/default.nix index 25c71eb046db7..4ee765bdbdd1b 100644 --- a/pkgs/tools/security/mpw/default.nix +++ b/pkgs/tools/security/mpw/default.nix @@ -56,7 +56,7 @@ in stdenv.mkDerivation rec { ''; meta = with lib; { - description = "A stateless password management solution"; + description = "Stateless password management solution"; mainProgram = "mpw"; homepage = "https://masterpasswordapp.com/"; license = licenses.gpl3; diff --git a/pkgs/tools/security/munge/default.nix b/pkgs/tools/security/munge/default.nix index 01137be20460d..f21a9e17add38 100644 --- a/pkgs/tools/security/munge/default.nix +++ b/pkgs/tools/security/munge/default.nix @@ -1,42 +1,78 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, libgcrypt, zlib, bzip2 }: +{ + lib, + stdenv, + fetchFromGitHub, + autoreconfHook, + libgcrypt, + zlib, + bzip2, +}: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "munge"; version = "0.5.16"; src = fetchFromGitHub { owner = "dun"; repo = "munge"; - rev = "${pname}-${version}"; + rev = "munge-${finalAttrs.version}"; sha256 = "sha256-fv42RMUAP8Os33/iHXr70i5Pt2JWZK71DN5vFI3q7Ak="; }; - strictDeps = true; nativeBuildInputs = [ autoreconfHook libgcrypt # provides libgcrypt.m4 ]; - buildInputs = [ libgcrypt zlib bzip2 ]; - preAutoreconf = '' - # Remove the install-data stuff, since it tries to write to /var - substituteInPlace src/Makefile.am --replace "etc \\" "\\" - ''; + buildInputs = [ + libgcrypt + zlib + bzip2 + ]; + + strictDeps = true; configureFlags = [ + # Load data from proper global paths "--localstatedir=/var" - "--with-libgcrypt-prefix=${libgcrypt.dev}" + "--sysconfdir=/etc" + "--runstatedir=/run" + "--with-sysconfigdir=/etc/default" + + # Install data to proper directories + "--with-pkgconfigdir=${placeholder "out"}/lib/pkgconfig" + "--with-systemdunitdir=${placeholder "out"}/lib/systemd/system" + + # Cross-compilation hacks + "--with-libgcrypt-prefix=${lib.getDev libgcrypt}" # workaround for cross compilation: https://github.com/dun/munge/issues/103 "ac_cv_file__dev_spx=no" "x_ac_cv_check_fifo_recvfd=no" ]; + installFlags = [ + "localstatedir=${placeholder "out"}/var" + "runstatedir=${placeholder "out"}/run" + "sysconfdir=${placeholder "out"}/etc" + "sysconfigdir=${placeholder "out"}/etc/default" + ]; + + postInstall = '' + # rmdir will notify us if anything new is installed to the directories. + rmdir "$out"/{var{/{lib,log}{/munge,},},etc/munge} + ''; + meta = with lib; { description = '' An authentication service for creating and validating credentials ''; - license = licenses.lgpl3; + license = [ + # MUNGE + licenses.gpl3Plus + # libmunge + licenses.lgpl3Plus + ]; platforms = platforms.unix; maintainers = [ maintainers.rickynils ]; }; -} +}) diff --git a/pkgs/tools/security/naabu/default.nix b/pkgs/tools/security/naabu/default.nix index a10c6601412be..cf82ca531195b 100644 --- a/pkgs/tools/security/naabu/default.nix +++ b/pkgs/tools/security/naabu/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "naabu"; - version = "2.3.0"; + version = "2.3.1"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "naabu"; rev = "refs/tags/v${version}"; - hash = "sha256-4aFr0kSKsNVXmYNYSt6mP4HryyIYvUKdzIYWjgPhG1Y="; + hash = "sha256-BICNSizc5DD538ZUoRUC1jSDCEkyrh7iYOM4a6cBqkQ="; }; - vendorHash = "sha256-QHVB8ovAWECb4n6CKTK4tnGgTrJSFxIV0KZk4PEYInE="; + vendorHash = "sha256-GhnEjlV6b61VH/eswBQ9Lelc0IgGawjDRZHzGt7653Q="; buildInputs = [ libpcap diff --git a/pkgs/tools/security/nasty/default.nix b/pkgs/tools/security/nasty/default.nix index f0bd0d406c337..80b6a2da8e2da 100644 --- a/pkgs/tools/security/nasty/default.nix +++ b/pkgs/tools/security/nasty/default.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { this program could be at least 100x faster. ''; homepage = "http://www.vanheusden.com/nasty/"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ davidak ]; platforms = platforms.unix; }; diff --git a/pkgs/tools/security/networkminer/default.nix b/pkgs/tools/security/networkminer/default.nix index 6e762ef543fef..f83c6b3e2415e 100644 --- a/pkgs/tools/security/networkminer/default.nix +++ b/pkgs/tools/security/networkminer/default.nix @@ -62,7 +62,7 @@ buildDotnetModule rec { ''; meta = with lib; { - description = "The Open Source Network Forensic Analysis Tool (NFAT)"; + description = "Open Source Network Forensic Analysis Tool (NFAT)"; homepage = "https://www.netresec.com/?page=NetworkMiner"; license = licenses.gpl2Only; maintainers = with maintainers; [ emilytrau ]; diff --git a/pkgs/tools/security/nitrokey-app2/default.nix b/pkgs/tools/security/nitrokey-app2/default.nix index 6f392f5d7f530..5477a603d4afd 100644 --- a/pkgs/tools/security/nitrokey-app2/default.nix +++ b/pkgs/tools/security/nitrokey-app2/default.nix @@ -1,59 +1,36 @@ { lib +, stdenv , python3 -, fetchPypi -, rustPlatform , fetchFromGitHub +, wrapQtAppsHook +, qtbase +, qtwayland }: -let - python = python3.override { - packageOverrides = self: super: { - # https://github.com/nxp-mcuxpresso/spsdk/issues/64 - cryptography = super.cryptography.overridePythonAttrs (old: rec { - version = "41.0.7"; - src = fetchPypi { - inherit (old) pname; - inherit version; - hash = "sha256-E/k86b6oAWwlOzSvxr1qdZk+XEBnLtVAWpyDLw1KALw="; - }; - cargoDeps = rustPlatform.fetchCargoTarball { - inherit src; - sourceRoot = "${old.pname}-${version}/${old.cargoRoot}"; - name = "${old.pname}-${version}"; - hash = "sha256-VeZhKisCPDRvmSjGNwCgJJeVj65BZ0Ge+yvXbZw86Rw="; - }; - patches = [ ]; - doCheck = false; # would require overriding cryptography-vectors - }); - }; - }; -in python.pkgs.buildPythonApplication rec { +python3.pkgs.buildPythonApplication rec { pname = "nitrokey-app2"; - version = "2.1.5"; + version = "2.3.0"; pyproject = true; - disabled = python.pythonOlder "3.9"; + disabled = python3.pythonOlder "3.9"; src = fetchFromGitHub { owner = "Nitrokey"; repo = "nitrokey-app2"; rev = "v${version}"; - hash = "sha256-mR13zUgCdNS09EnpGLrnOnoIn3p6ZM/0fHKg0OUMWj4="; + hash = "sha256-BSq3ezNt6btQUO1hMVw9bN3VCyUOUhfRFJcHDGkIm6Q="; }; - # https://github.com/Nitrokey/nitrokey-app2/issues/152 - # - # pythonRelaxDepsHook does not work here, because it runs in postBuild and - # only modifies the dependencies in the built distribution. - postPatch = '' - substituteInPlace pyproject.toml --replace 'pynitrokey = "' 'pynitrokey = ">=' - ''; - - nativeBuildInputs = with python.pkgs; [ + nativeBuildInputs = with python3.pkgs; [ poetry-core + wrapQtAppsHook + ]; + + buildInputs = [ qtbase ] ++ lib.optionals stdenv.isLinux [ + qtwayland ]; - propagatedBuildInputs = with python.pkgs; [ + propagatedBuildInputs = with python3.pkgs; [ pynitrokey pyudev pyside6 diff --git a/pkgs/tools/security/nmap-formatter/default.nix b/pkgs/tools/security/nmap-formatter/default.nix index ade602a65375b..7b2fca55d954e 100644 --- a/pkgs/tools/security/nmap-formatter/default.nix +++ b/pkgs/tools/security/nmap-formatter/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nmap-formatter"; - version = "2.1.6"; + version = "3.0.0"; src = fetchFromGitHub { owner = "vdjagilev"; repo = pname; rev = "v${version}"; - hash = "sha256-40ix4D/f63Q5cqVmBvpSmbK2KNXiYLdv/xXBNPJXfac="; + hash = "sha256-JqSsFEZmmVOnNza9xh+JrlWxE4XdA1GSX9yw2NIPYhQ="; }; - vendorHash = "sha256-OUhvQwC7EJF7CIM7NHCs0TqRTZHTiDupkfYREPaxpXo="; + vendorHash = "sha256-MiBY4kWBZM2ZcW3SMqQ+7gKFnFt78wMI9S3OfCgth5g="; meta = with lib; { description = "Tool that allows you to convert nmap output"; diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index 64dcd4f220bda..9280abbcfb5d0 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -44,9 +44,9 @@ stdenv.mkDerivation rec { doCheck = false; # fails 3 tests, probably needs the net meta = with lib; { - description = "A free and open source utility for network discovery and security auditing"; + description = "Free and open source utility for network discovery and security auditing"; homepage = "http://www.nmap.org"; - license = licenses.gpl2; + license = licenses.gpl2Only; platforms = platforms.all; maintainers = with maintainers; [ thoughtpolice fpletz ]; }; diff --git a/pkgs/tools/security/nmap/qt.nix b/pkgs/tools/security/nmap/qt.nix index 56ebc5db62130..956649088ff38 100644 --- a/pkgs/tools/security/nmap/qt.nix +++ b/pkgs/tools/security/nmap/qt.nix @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Qt frontend for nmap"; mainProgram = "nmapsi4"; - license = licenses.gpl2; + license = licenses.gpl2Plus; maintainers = with maintainers; [ peterhoeg ]; inherit (src.meta) homepage; }; diff --git a/pkgs/tools/security/notary/default.nix b/pkgs/tools/security/notary/default.nix index f1fed4806eb41..be147369ffe29 100644 --- a/pkgs/tools/security/notary/default.nix +++ b/pkgs/tools/security/notary/default.nix @@ -36,7 +36,7 @@ buildGoPackage rec { ''; meta = with lib; { - description = "A project that allows anyone to have trust over arbitrary collections of data"; + description = "Project that allows anyone to have trust over arbitrary collections of data"; mainProgram = "notary"; longDescription = '' The Notary project comprises a server and a client for running and diff --git a/pkgs/tools/security/notation/default.nix b/pkgs/tools/security/notation/default.nix index 07c9ef4997172..3afd7bd27f2ff 100644 --- a/pkgs/tools/security/notation/default.nix +++ b/pkgs/tools/security/notation/default.nix @@ -1,17 +1,21 @@ -{ lib, buildGoModule, fetchFromGitHub, testers, notation }: +{ lib, buildGoModule, fetchFromGitHub, installShellFiles, testers, notation }: buildGoModule rec { pname = "notation"; - version = "1.1.0"; + version = "1.1.1"; src = fetchFromGitHub { owner = "notaryproject"; repo = pname; rev = "v${version}"; - hash = "sha256-MJBFdtx+HkPCN1SIohKOy33BW746GNN2fWkr7TIuBmk="; + hash = "sha256-Pi4Ddlx8G4dRDz79yTiPBf6gf0wsvoE9CuyeVGrHst0="; }; - vendorHash = "sha256-USkufc1dG4eyRfRJHSX4mVZHnvOc5onHenF98Aedac4="; + vendorHash = "sha256-REJPSBLXzIPAmxwzckufTqJvZCWUUkJLBmHTx2nv9QM="; + + nativeBuildInputs = [ + installShellFiles + ]; # This is a Go sub-module and cannot be built directly (e2e tests). excludedPackages = [ "./test" ]; @@ -23,6 +27,13 @@ buildGoModule rec { "-X github.com/notaryproject/notation/internal/version.BuildMetadata=" ]; + postInstall = '' + installShellCompletion --cmd notation \ + --bash <($out/bin/notation completion bash) \ + --fish <($out/bin/notation completion fish) \ + --zsh <($out/bin/notation completion zsh) + ''; + passthru.tests.version = testers.testVersion { package = notation; command = "notation version"; diff --git a/pkgs/tools/security/nsjail/default.nix b/pkgs/tools/security/nsjail/default.nix index 23b938a83f9a9..dbf62872d21fa 100644 --- a/pkgs/tools/security/nsjail/default.nix +++ b/pkgs/tools/security/nsjail/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters"; + description = "Light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters"; homepage = "https://nsjail.dev/"; changelog = "https://github.com/google/nsjail/releases/tag/${version}"; license = licenses.asl20; diff --git a/pkgs/tools/security/nuclei/default.nix b/pkgs/tools/security/nuclei/default.nix index 933b3241d8eec..29b8a5547cfbd 100644 --- a/pkgs/tools/security/nuclei/default.nix +++ b/pkgs/tools/security/nuclei/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "nuclei"; - version = "3.2.5"; + version = "3.2.9"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "nuclei"; rev = "refs/tags/v${version}"; - hash = "sha256-eoTENTqQgBFS/a7hakJh3eugoSrQrYMSnlT0381308Q="; + hash = "sha256-4YfdpM+F2hP88GbB5ct2dla/balbt8uQcJSUyJut99U="; }; - vendorHash = "sha256-+TIovSS13z9NIixEOFDPH3aOEoH7emlTunH9IoG/RWY="; + vendorHash = "sha256-zonoIvDbSHpURKPJoTfL2SrpiIAQkh0oAGEDEQiH35M="; subPackages = [ "cmd/nuclei/" ]; diff --git a/pkgs/tools/security/oauth2c/default.nix b/pkgs/tools/security/oauth2c/default.nix index 292ac255b3a04..1289eb05f2154 100644 --- a/pkgs/tools/security/oauth2c/default.nix +++ b/pkgs/tools/security/oauth2c/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "oauth2c"; - version = "1.13.0"; + version = "1.14.0"; src = fetchFromGitHub { owner = "cloudentity"; repo = pname; rev = "v${version}"; - hash = "sha256-NNVHEV8qnPv+xXFzPsh1V+fSOQZxpADCRPIUsak5M5M="; + hash = "sha256-sxaInCsW3MKOYV3TscJYGwzSncg5TUW9YVheuxoO1h4="; }; - vendorHash = "sha256-x6cb19rKJXm+EIxJeykhpFmUYOPb/VljzCOVjorP5MQ="; + vendorHash = "sha256-PdLh/J0HUvr1JjW/ew5PQe9TJNykI4tJhlRoVjRT/hg="; doCheck = false; # tests want to talk to oauth2c.us.authz.cloudentity.io diff --git a/pkgs/tools/security/onioncircuits/default.nix b/pkgs/tools/security/onioncircuits/default.nix index 95692ef1c188c..048631e2b774d 100644 --- a/pkgs/tools/security/onioncircuits/default.nix +++ b/pkgs/tools/security/onioncircuits/default.nix @@ -5,7 +5,7 @@ , gobject-introspection , intltool , python3 -, wrapGAppsHook +, wrapGAppsHook3 }: python3.pkgs.buildPythonApplication rec { @@ -23,7 +23,7 @@ python3.pkgs.buildPythonApplication rec { nativeBuildInputs = [ gobject-introspection intltool - wrapGAppsHook + wrapGAppsHook3 python3.pkgs.distutils-extra ]; diff --git a/pkgs/tools/security/onlykey/default.nix b/pkgs/tools/security/onlykey/default.nix index c63173d889b2e..a9337be7ac050 100644 --- a/pkgs/tools/security/onlykey/default.nix +++ b/pkgs/tools/security/onlykey/default.nix @@ -5,7 +5,7 @@ , makeDesktopItem , stdenv , writeShellScript -, wrapGAppsHook +, wrapGAppsHook3 }: let @@ -53,7 +53,7 @@ stdenv.mkDerivation { pname = "${onlykey.packageName}"; inherit (onlykey) version; dontUnpack = true; - nativeBuildInputs = [ wrapGAppsHook copyDesktopItems ]; + nativeBuildInputs = [ wrapGAppsHook3 copyDesktopItems ]; desktopItems = [ (makeDesktopItem { name = onlykey.packageName; diff --git a/pkgs/tools/security/openpgp-card-tools/default.nix b/pkgs/tools/security/openpgp-card-tools/default.nix deleted file mode 100644 index 009807058661d..0000000000000 --- a/pkgs/tools/security/openpgp-card-tools/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib -, stdenv -, rustPlatform -, fetchFromGitea -, pkg-config -, pcsclite -, nettle -, PCSC -, testers -, openpgp-card-tools -}: - -rustPlatform.buildRustPackage rec { - pname = "openpgp-card-tools"; - version = "0.10.1"; - - src = fetchFromGitea { - domain = "codeberg.org"; - owner = "openpgp-card"; - repo = "openpgp-card-tools"; - rev = "v${version}"; - hash = "sha256-fasu2XElGk6TB2VNFg43rpa3ZafgGZga9WojyUiXj0k="; - }; - - cargoHash = "sha256-7OauQRG8DhIoANfel45QBm3igGjmtNw9KNAwt1TL5xg="; - - nativeBuildInputs = [ pkg-config rustPlatform.bindgenHook ]; - buildInputs = [ pcsclite nettle ] ++ lib.optionals stdenv.isDarwin [ PCSC ]; - - passthru = { - tests.version = testers.testVersion { - package = openpgp-card-tools; - }; - }; - - meta = with lib; { - description = "A tool for inspecting and configuring OpenPGP cards"; - homepage = "https://codeberg.org/openpgp-card/openpgp-card-tools"; - license = with licenses ;[ asl20 /* OR */ mit ]; - maintainers = with maintainers; [ nickcao ]; - mainProgram = "oct"; - }; -} diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index 8d8246028f7c3..b767261b4e0a8 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -1,6 +1,5 @@ { lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, zlib, readline, openssl , libiconv, pcsclite, libassuan, libXt -, fetchpatch , docbook_xsl, libxslt, docbook_xml_dtd_412 , Carbon, PCSC, buildPackages , withApplePCSC ? stdenv.isDarwin diff --git a/pkgs/tools/security/ospd-openvas/default.nix b/pkgs/tools/security/ospd-openvas/default.nix index 9b20f221447ec..f047958c24929 100644 --- a/pkgs/tools/security/ospd-openvas/default.nix +++ b/pkgs/tools/security/ospd-openvas/default.nix @@ -1,6 +1,7 @@ -{ lib -, fetchFromGitHub -, python3 +{ + lib, + fetchFromGitHub, + python3, }: python3.pkgs.buildPythonApplication rec { @@ -20,13 +21,9 @@ python3.pkgs.buildPythonApplication rec { "python-gnupg" ]; - build-system = with python3.pkgs; [ - poetry-core - ]; + build-system = with python3.pkgs; [ poetry-core ]; - nativeBuildInputs = with python3.pkgs; [ - pythonRelaxDepsHook - ]; + nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook ]; propagatedBuildInputs = with python3.pkgs; [ defusedxml @@ -40,13 +37,9 @@ python3.pkgs.buildPythonApplication rec { sentry-sdk ]; - nativeCheckInputs = with python3.pkgs; [ - pytestCheckHook - ]; + nativeCheckInputs = with python3.pkgs; [ pytestCheckHook ]; - pythonImportsCheck = [ - "ospd_openvas" - ]; + pythonImportsCheck = [ "ospd_openvas" ]; meta = with lib; { description = "OSP server implementation to allow GVM to remotely control an OpenVAS Scanner"; @@ -54,5 +47,6 @@ python3.pkgs.buildPythonApplication rec { changelog = "https://github.com/greenbone/ospd-openvas/releases/tag/v${version}"; license = licenses.agpl3Only; maintainers = with maintainers; [ fab ]; + platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/ossec/agent.nix b/pkgs/tools/security/ossec/agent.nix index 003d2141c567c..c5ba8688123b6 100644 --- a/pkgs/tools/security/ossec/agent.nix +++ b/pkgs/tools/security/ossec/agent.nix @@ -61,7 +61,7 @@ EOF meta = with lib; { description = "Open source host-based instrusion detection system"; homepage = "https://www.ossec.net"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ happysalada ]; platforms = platforms.all; }; diff --git a/pkgs/tools/security/ossec/server.nix b/pkgs/tools/security/ossec/server.nix index 1a7a3e8136758..2c015617176cb 100644 --- a/pkgs/tools/security/ossec/server.nix +++ b/pkgs/tools/security/ossec/server.nix @@ -62,7 +62,7 @@ EOF meta = with lib; { description = "Open source host-based instrusion detection system"; homepage = "https://www.ossec.net"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ happysalada ]; platforms = platforms.all; }; diff --git a/pkgs/tools/security/osv-scanner/default.nix b/pkgs/tools/security/osv-scanner/default.nix index 70393cb9aad8c..32be96f853e72 100644 --- a/pkgs/tools/security/osv-scanner/default.nix +++ b/pkgs/tools/security/osv-scanner/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "osv-scanner"; - version = "1.7.2"; + version = "1.7.4"; src = fetchFromGitHub { owner = "google"; repo = "osv-scanner"; rev = "refs/tags/v${version}"; - hash = "sha256-UE6iCvv/ByODZX+FoLvIw+EeyISWFkHb4xK5L33w1hU="; + hash = "sha256-Z5dRXVbisVoTeS/KVS2tnpaL0i9DMFZYu+vHGWQ1Mvc="; }; - vendorHash = "sha256-c/Wjhpa7upSRMaU+rheGF9dbvK0MQe3ZmPLpR5bRiUI="; + vendorHash = "sha256-6soB9XLh+ez+iGrnDYh1qrz94KQCoUJPiQA8Cv0oz+o="; subPackages = [ "cmd/osv-scanner" diff --git a/pkgs/tools/security/paperkey/default.nix b/pkgs/tools/security/paperkey/default.nix index a22c1617f07bb..3b3a2d81d1068 100644 --- a/pkgs/tools/security/paperkey/default.nix +++ b/pkgs/tools/security/paperkey/default.nix @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { are generally used to back up computer data. ''; homepage = "https://www.jabberwocky.com/software/paperkey/"; - license = licenses.gpl2; + license = licenses.gpl2Plus; platforms = platforms.unix; maintainers = with maintainers; [ AndersonTorres peterhoeg ]; }; diff --git a/pkgs/tools/security/pass/extensions/checkup.nix b/pkgs/tools/security/pass/extensions/checkup.nix index b1cff6a20724b..d275c19166f41 100644 --- a/pkgs/tools/security/pass/extensions/checkup.nix +++ b/pkgs/tools/security/pass/extensions/checkup.nix @@ -33,7 +33,7 @@ in stdenv.mkDerivation { ''; meta = with lib; { - description = "A pass extension to check against the Have I been pwned API to see if your passwords are publicly leaked or not"; + description = "Pass extension to check against the Have I been pwned API to see if your passwords are publicly leaked or not"; homepage = "https://github.com/etu/pass-checkup"; license = licenses.gpl3Plus; maintainers = with maintainers; [ etu ]; diff --git a/pkgs/tools/security/pass/extensions/file.nix b/pkgs/tools/security/pass/extensions/file.nix index 1c07e289ad28b..962ab2bd2a407 100644 --- a/pkgs/tools/security/pass/extensions/file.nix +++ b/pkgs/tools/security/pass/extensions/file.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { installFlags = [ "PREFIX=$(out)" ]; meta = with lib; { - description = "A pass extension that allows to add files to password-store"; + description = "Pass extension that allows to add files to password-store"; homepage = "https://github.com/dvogt23/pass-file"; license = licenses.gpl3Plus; maintainers = with maintainers; [ taranarmo ]; diff --git a/pkgs/tools/security/pass/extensions/import.nix b/pkgs/tools/security/pass/extensions/import.nix index cbba33c1373a6..badc58361d535 100644 --- a/pkgs/tools/security/pass/extensions/import.nix +++ b/pkgs/tools/security/pass/extensions/import.nix @@ -1,6 +1,5 @@ { lib -, fetchFromGitHub -, fetchpatch +, fetchurl , python3Packages , gnupg , pass @@ -8,30 +7,23 @@ python3Packages.buildPythonApplication rec { pname = "pass-import"; - version = "3.2"; + version = "3.5"; - src = fetchFromGitHub { - owner = "roddhjav"; - repo = "pass-import"; - rev = "v${version}"; - sha256 = "0hrpg7yiv50xmbajfy0zdilsyhbj5iv0qnlrgkfv99q1dvd5qy56"; + src = fetchurl { + url = "https://github.com/roddhjav/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz"; + hash = "sha256-+wrff3OxPkAGu1Mn4Kl0KN4FmvIAb+MnaERcD5ScDNc="; }; - patches = [ - (fetchpatch { - name = "support-for-pykeepass-4.0.3.patch"; - url = "https://github.com/roddhjav/pass-import/commit/f1b167578916d971ee4f99be99ba0e86ef49015e.patch"; - hash = "sha256-u6bJbV3/QTfRaPauKSyCWNodpy6CKsreMXUZWKRbee0="; - }) - ]; - propagatedBuildInputs = with python3Packages; [ cryptography defusedxml + jsonpath-ng pyaml pykeepass python-magic # similar API to "file-magic", but already in nixpkgs. + requests secretstorage + zxcvbn ]; nativeCheckInputs = [ @@ -46,12 +38,12 @@ python3Packages.buildPythonApplication rec { postInstall = '' mkdir -p $out/lib/password-store/extensions - cp ${src}/import.bash $out/lib/password-store/extensions/import.bash + cp import.bash $out/lib/password-store/extensions/import.bash wrapProgram $out/lib/password-store/extensions/import.bash \ --prefix PATH : "${python3Packages.python.withPackages (_: propagatedBuildInputs)}/bin" \ --prefix PYTHONPATH : "$out/${python3Packages.python.sitePackages}" \ --run "export PREFIX" - cp -r ${src}/share $out/ + cp -r share $out/ ''; postCheck = '' diff --git a/pkgs/tools/security/pass/extensions/otp.nix b/pkgs/tools/security/pass/extensions/otp.nix index 15f075ccec402..87df97dcde72a 100644 --- a/pkgs/tools/security/pass/extensions/otp.nix +++ b/pkgs/tools/security/pass/extensions/otp.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { ]; meta = with lib; { - description = "A pass extension for managing one-time-password (OTP) tokens"; + description = "Pass extension for managing one-time-password (OTP) tokens"; homepage = "https://github.com/tadfisher/pass-otp"; license = licenses.gpl3; maintainers = with maintainers; [ jwiegley tadfisher toonn ]; diff --git a/pkgs/tools/security/pass/rofi-pass.nix b/pkgs/tools/security/pass/rofi-pass.nix index 9bf6995715924..bd2cdbfbbbab7 100644 --- a/pkgs/tools/security/pass/rofi-pass.nix +++ b/pkgs/tools/security/pass/rofi-pass.nix @@ -29,13 +29,13 @@ assert lib.assertOneOf "backend" backend [ "x11" "wayland" ]; stdenv.mkDerivation { pname = "rofi-pass"; - version = "unstable-2024-02-13"; + version = "2.0.2-unstable-2024-06-16"; src = fetchFromGitHub { owner = "carnager"; repo = "rofi-pass"; - rev = "8aa6b9293a8f0af267425326fa966966ca42085e"; - hash = "sha256-g/AuLYj0yvLCXFR3y9GbMiE6hDCPBeuFM145c2Ukvys="; + rev = "37c4c862deb133a85b7d72989acfdbd2ef16b8ad"; + hash = "sha256-1lPNj47vTPLBK7mVm+PngV8C/ZsjJ2EN4ffXGU2TlQo="; }; nativeBuildInputs = [ makeWrapper ]; @@ -83,7 +83,7 @@ stdenv.mkDerivation { passthru.updateScript = unstableGitUpdater { }; meta = { - description = "A script to make rofi work with password-store"; + description = "Script to make rofi work with password-store"; mainProgram = "rofi-pass"; homepage = "https://github.com/carnager/rofi-pass"; license = lib.licenses.gpl3; diff --git a/pkgs/tools/security/pass/wofi-pass.nix b/pkgs/tools/security/pass/wofi-pass.nix index 9db6a7ffda35e..ef48f335b5fdf 100644 --- a/pkgs/tools/security/pass/wofi-pass.nix +++ b/pkgs/tools/security/pass/wofi-pass.nix @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { ''; meta = { - description = "A script to make wofi work with password-store"; + description = "Script to make wofi work with password-store"; homepage = "https://github.com/schmidtandreas/wofi-pass"; maintainers = with lib.maintainers; [ akechishiro ]; license = lib.licenses.gpl2Plus; diff --git a/pkgs/tools/security/pass2csv/default.nix b/pkgs/tools/security/pass2csv/default.nix index 101af2e7aa947..5a255d201f0cd 100644 --- a/pkgs/tools/security/pass2csv/default.nix +++ b/pkgs/tools/security/pass2csv/default.nix @@ -27,10 +27,10 @@ buildPythonApplication rec { doCheck = false; meta = with lib; { - description = "Export pass(1), \"the standard unix password manager\", to CSV"; + description = "Export pass(1), \"Standard unix password manager\", to CSV"; mainProgram = "pass2csv"; homepage = "https://github.com/reinefjord/pass2csv"; license = licenses.mit; - maintainers = with maintainers; [ wolfangaukang ]; + maintainers = [ ]; }; } diff --git a/pkgs/tools/security/passff-host/default.nix b/pkgs/tools/security/passff-host/default.nix index bc882cb419f6e..3ec277ce273af 100644 --- a/pkgs/tools/security/passff-host/default.nix +++ b/pkgs/tools/security/passff-host/default.nix @@ -42,7 +42,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Host app for the WebExtension PassFF"; homepage = "https://github.com/passff/passff-host"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ ]; }; } diff --git a/pkgs/tools/security/pcsc-tools/default.nix b/pkgs/tools/security/pcsc-tools/default.nix index c479caa0a6137..371a159f8c618 100644 --- a/pkgs/tools/security/pcsc-tools/default.nix +++ b/pkgs/tools/security/pcsc-tools/default.nix @@ -6,9 +6,9 @@ , gobject-introspection , makeWrapper , pkg-config -, wrapGAppsHook -, systemd -, dbus +, wrapGAppsHook3 +, systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd +, dbusSupport ? stdenv.isLinux, dbus , pcsclite , PCSC , wget @@ -16,8 +16,13 @@ , perlPackages , testers , nix-update-script + +# gui does not cross compile properly +, withGui ? stdenv.buildPlatform.canExecute stdenv.hostPlatform }: +assert systemdSupport -> dbusSupport; + stdenv.mkDerivation (finalAttrs: { pname = "pcsc-tools"; version = "1.7.1"; @@ -33,17 +38,21 @@ stdenv.mkDerivation (finalAttrs: { "--datarootdir=${placeholder "out"}/share" ]; - buildInputs = [ dbus perlPackages.perl pcsclite ] - ++ lib.optional stdenv.isDarwin PCSC - ++ lib.optional stdenv.isLinux systemd; + buildInputs = lib.optionals dbusSupport [ + dbus + ] ++ [ + perlPackages.perl pcsclite + ] ++ lib.optional stdenv.isDarwin PCSC + ++ lib.optional systemdSupport systemd; nativeBuildInputs = [ autoconf-archive autoreconfHook - gobject-introspection makeWrapper pkg-config - wrapGAppsHook + ] ++ lib.optionals withGui [ + gobject-introspection + wrapGAppsHook3 ]; preFixup = '' @@ -54,6 +63,7 @@ stdenv.mkDerivation (finalAttrs: { wrapProgram $out/bin/scriptor \ --set PERL5LIB "${with perlPackages; makePerlPath [ ChipcardPCSC libintl-perl ]}" + '' + lib.optionalString withGui '' wrapProgram $out/bin/gscriptor \ ''${makeWrapperArgs[@]} \ --set PERL5LIB "${with perlPackages; makePerlPath [ @@ -66,6 +76,7 @@ stdenv.mkDerivation (finalAttrs: { Cairo CairoGObject ]}" + '' + '' wrapProgram $out/bin/ATR_analysis \ --set PERL5LIB "${with perlPackages; makePerlPath [ ChipcardPCSC libintl-perl ]}" diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index 956bf451c7bfd..e75be683a6f31 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -10,6 +10,11 @@ , dbus , polkit , systemdLibs +, udev +, dbusSupport ? stdenv.isLinux +, systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemdLibs +, udevSupport ? dbusSupport +, libusb1 , IOKit , testers , nix-update-script @@ -17,9 +22,12 @@ , polkitSupport ? false }: +assert polkitSupport -> dbusSupport; +assert systemdSupport -> dbusSupport; + stdenv.mkDerivation (finalAttrs: { inherit pname; - version = "2.0.3"; + version = "2.1.0"; outputs = [ "out" "lib" "dev" "doc" "man" ]; @@ -28,18 +36,20 @@ stdenv.mkDerivation (finalAttrs: { owner = "rousseau"; repo = "PCSC"; rev = "refs/tags/${finalAttrs.version}"; - hash = "sha256-VDQh2PYAMFwgWvZFD20H3JxgKSFrSUoDLv/6fKEoy5Y="; + hash = "sha256-aJKI6pWrZJFmiTxZ9wgCuxKRWRMFVRAkzlo+tSqV8B4="; }; configureFlags = [ "--enable-confdir=/etc" # The OS should care on preparing the drivers into this location "--enable-usbdropdir=/var/lib/pcsc/drivers" - (lib.enableFeature stdenv.isLinux "libsystemd") + (lib.enableFeature systemdSupport "libsystemd") (lib.enableFeature polkitSupport "polkit") - ] ++ lib.optionals stdenv.isLinux [ "--enable-ipcdir=/run/pcscd" + ] ++ lib.optionals systemdSupport [ "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" + ] ++ lib.optionals (!udevSupport) [ + "--disable-libudev" ]; makeFlags = [ @@ -50,8 +60,11 @@ stdenv.mkDerivation (finalAttrs: { # see also: https://github.com/LudovicRousseau/PCSC/issues/25 postPatch = lib.optionalString (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' substituteInPlace src/Makefile.am \ - --replace "noinst_PROGRAMS = testpcsc pcsc-wirecheck pcsc-wirecheck-gen" \ - "noinst_PROGRAMS = testpcsc" + --replace-fail "noinst_PROGRAMS = testpcsc pcsc-wirecheck pcsc-wirecheck-gen" \ + "noinst_PROGRAMS = testpcsc" + '' + '' + substituteInPlace src/libredirect.c src/spy/libpcscspy.c \ + --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1" ''; postInstall = '' @@ -70,25 +83,32 @@ stdenv.mkDerivation (finalAttrs: { ]; buildInputs = [ python3 ] - ++ lib.optionals stdenv.isLinux [ systemdLibs ] + ++ lib.optionals systemdSupport [ systemdLibs ] + ++ lib.optionals (!systemdSupport && udevSupport) [ udev ] ++ lib.optionals stdenv.isDarwin [ IOKit ] - ++ lib.optionals polkitSupport [ dbus polkit ]; + ++ lib.optionals dbusSupport [ dbus ] + ++ lib.optionals polkitSupport [ polkit ] + ++ lib.optionals (!udevSupport) [ libusb1 ]; passthru = { - tests.version = testers.testVersion { - package = finalAttrs.finalPackage; - command = "pcscd --version"; + tests = { + pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; + version = testers.testVersion { + package = finalAttrs.finalPackage; + command = "pcscd --version"; + }; }; updateScript = nix-update-script { }; }; - meta = with lib; { + meta = { description = "Middleware to access a smart card using SCard API (PC/SC)"; homepage = "https://pcsclite.apdu.fr/"; changelog = "https://salsa.debian.org/rousseau/PCSC/-/blob/${finalAttrs.version}/ChangeLog"; - license = licenses.bsd3; + license = lib.licenses.bsd3; mainProgram = "pcscd"; - maintainers = [ maintainers.anthonyroussel ]; - platforms = with platforms; unix; + maintainers = [ lib.maintainers.anthonyroussel ]; + pkgConfigModules = [ "libpcsclite" ]; + platforms = lib.platforms.unix; }; }) diff --git a/pkgs/tools/security/pgpdump/default.nix b/pkgs/tools/security/pgpdump/default.nix index 31a1c506f3295..5a9b0d276e0c6 100644 --- a/pkgs/tools/security/pgpdump/default.nix +++ b/pkgs/tools/security/pgpdump/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { buildInputs = lib.optionals supportCompressedPackets [ zlib bzip2 ]; meta = with lib; { - description = "A PGP packet visualizer"; + description = "PGP packet visualizer"; mainProgram = "pgpdump"; longDescription = '' pgpdump is a PGP packet visualizer which displays the packet format of diff --git a/pkgs/tools/security/phrasendrescher/default.nix b/pkgs/tools/security/phrasendrescher/default.nix index d4f7242b2896f..2f6017fd10ec4 100644 --- a/pkgs/tools/security/phrasendrescher/default.nix +++ b/pkgs/tools/security/phrasendrescher/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-plugins" ]; meta = with lib; { - description = "A modular and multi processing pass phrase cracking tool"; + description = "Modular and multi processing pass phrase cracking tool"; homepage = "https://leidecker.info/projects/phrasendrescher/index.shtml"; license = licenses.gpl2Plus; platforms = platforms.all; diff --git a/pkgs/tools/security/pinentry/default.nix b/pkgs/tools/security/pinentry/default.nix index 10984e489fd4f..bdbbd55e9607c 100644 --- a/pkgs/tools/security/pinentry/default.nix +++ b/pkgs/tools/security/pinentry/default.nix @@ -1,23 +1,27 @@ -{ stdenv -, lib -, fetchurl -, fetchpatch -, pkg-config -, autoreconfHook -, wrapGAppsHook -, libgpg-error -, libassuan -, libsForQt5 -, ncurses -, gtk2 -, gcr -, withLibsecret ? true -, libsecret +{ + stdenv, + lib, + fetchurl, + fetchpatch, + pkg-config, + autoreconfHook, + wrapGAppsHook3, + libgpg-error, + libassuan, + libsForQt5, + qt6, + ncurses, + gtk2, + gcr, + withLibsecret ? true, + libsecret, }: let flavorInfo = { - tty = { flag = "tty"; }; + tty = { + flag = "tty"; + }; curses = { flag = "curses"; buildInputs = [ ncurses ]; @@ -29,54 +33,72 @@ let gnome3 = { flag = "gnome3"; buildInputs = [ gcr ]; - nativeBuildInputs = [ wrapGAppsHook ]; + nativeBuildInputs = [ wrapGAppsHook3 ]; + }; + qt5 = { + flag = "qt5"; + buildInputs = [ + libsForQt5.qtbase + libsForQt5.kwayland + libsForQt5.qtx11extras + ]; + nativeBuildInputs = [ libsForQt5.wrapQtAppsHook ]; }; qt = { flag = "qt"; - buildInputs = [ libsForQt5.qtbase ]; - nativeBuildInputs = [ libsForQt5.wrapQtAppsHook ]; + buildInputs = [ + qt6.qtbase + qt6.qtwayland + ]; + nativeBuildInputs = [ qt6.wrapQtAppsHook ]; + }; + emacs = { + flag = "emacs"; }; - emacs = { flag = "emacs"; }; }; - buildPinentry = pinentryExtraPname: buildFlavors: + buildPinentry = + pinentryExtraPname: buildFlavors: let - enableFeaturePinentry = f: - lib.enableFeature (lib.elem f buildFlavors) ("pinentry-" + flavorInfo.${f}.flag); + enableFeaturePinentry = + f: lib.enableFeature (lib.elem f buildFlavors) ("pinentry-" + flavorInfo.${f}.flag); pinentryMkDerivation = - if (lib.elem "qt" buildFlavors) - then libsForQt5.mkDerivation - else stdenv.mkDerivation; - + if (lib.elem "qt5" buildFlavors) then libsForQt5.mkDerivation else stdenv.mkDerivation; in pinentryMkDerivation rec { pname = "pinentry-${pinentryExtraPname}"; - version = "1.2.1"; + version = "1.3.0"; src = fetchurl { url = "mirror://gnupg/pinentry/pinentry-${version}.tar.bz2"; - hash = "sha256-RXoYXlqFI4+5RalV3GNSq5YtyLSHILYvyfpIx1QKQGc="; + hash = "sha256-mzzVIm51l/L97TmaO8ZZkjNRU2VZ6dsIJpgbyjFklN4="; }; - nativeBuildInputs = [ pkg-config autoreconfHook ] - ++ lib.concatMap (f: flavorInfo.${f}.nativeBuildInputs or [ ]) buildFlavors; + nativeBuildInputs = [ + pkg-config + autoreconfHook + ] ++ lib.concatMap (f: flavorInfo.${f}.nativeBuildInputs or [ ]) buildFlavors; - buildInputs = [ libgpg-error libassuan ] + buildInputs = + [ + libgpg-error + libassuan + ] ++ lib.optional withLibsecret libsecret ++ lib.concatMap (f: flavorInfo.${f}.buildInputs or [ ]) buildFlavors; dontWrapGApps = true; dontWrapQtApps = true; - patches = [ - ./autoconf-ar.patch - ] ++ lib.optionals (lib.elem "gtk2" buildFlavors) [ - (fetchpatch { - url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch"; - sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd"; - }) - ]; + patches = + [ ./autoconf-ar.patch ] + ++ lib.optionals (lib.elem "gtk2" buildFlavors) [ + (fetchpatch { + url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch"; + sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd"; + }) + ]; configureFlags = [ "--with-libgpg-error-prefix=${libgpg-error.dev}" @@ -87,35 +109,76 @@ let postInstall = lib.optionalString (lib.elem "gnome3" buildFlavors) '' wrapGApp $out/bin/pinentry-gnome3 - '' + lib.optionalString (lib.elem "qt" buildFlavors) '' + '' + + lib.optionalString (lib.elem "qt5" buildFlavors) '' + wrapQtApp $out/bin/pinentry-qt5 + ln -sf $out/bin/pinentry-qt5 $out/bin/pinentry-qt + '' + + lib.optionalString (lib.elem "qt" buildFlavors) '' wrapQtApp $out/bin/pinentry-qt ''; - passthru = { flavors = buildFlavors; }; + passthru = { + flavors = buildFlavors; + }; - meta = with lib; { + meta = { homepage = "https://gnupg.org/software/pinentry/index.html"; description = "GnuPG’s interface to passphrase input"; - license = licenses.gpl2Plus; + license = lib.licenses.gpl2Plus; platforms = - if elem "gnome3" buildFlavors then platforms.linux else - if elem "qt" buildFlavors then (remove "aarch64-darwin" platforms.all) else - platforms.all; + if lib.elem "gnome3" buildFlavors then + lib.platforms.linux + else if (lib.elem "qt5" buildFlavors || lib.elem "qt" buildFlavors) then + (lib.remove "aarch64-darwin" lib.platforms.all) + else + lib.platforms.all; longDescription = '' Pinentry provides a console and (optional) GTK and Qt GUIs allowing users to enter a passphrase when `gpg` or `gpg2` is run and needs it. ''; - maintainers = with maintainers; [ fpletz ]; + maintainers = with lib.maintainers; [ fpletz ]; mainProgram = "pinentry"; }; }; in { - pinentry-curses = buildPinentry "curses" [ "curses" "tty" ]; - pinentry-emacs = buildPinentry "emacs" [ "emacs" "curses" "tty" ]; - pinentry-gnome3 = buildPinentry "gnome3" [ "gnome3" "curses" "tty" ]; - pinentry-gtk2 = buildPinentry "gtk2" [ "gtk2" "curses" "tty" ]; - pinentry-qt = buildPinentry "qt" [ "qt" "curses" "tty" ]; + pinentry-curses = buildPinentry "curses" [ + "curses" + "tty" + ]; + pinentry-emacs = buildPinentry "emacs" [ + "emacs" + "curses" + "tty" + ]; + pinentry-gnome3 = buildPinentry "gnome3" [ + "gnome3" + "curses" + "tty" + ]; + pinentry-gtk2 = buildPinentry "gtk2" [ + "gtk2" + "curses" + "tty" + ]; + pinentry-qt5 = buildPinentry "qt5" [ + "qt5" + "curses" + "tty" + ]; + pinentry-qt = buildPinentry "qt" [ + "qt" + "curses" + "tty" + ]; pinentry-tty = buildPinentry "tty" [ "tty" ]; - pinentry-all = buildPinentry "all" [ "curses" "tty" "gtk2" "gnome3" "qt" "emacs" ]; + pinentry-all = buildPinentry "all" [ + "curses" + "tty" + "gtk2" + "gnome3" + "qt" + "emacs" + ]; } diff --git a/pkgs/tools/security/pius/default.nix b/pkgs/tools/security/pius/default.nix index 3612caa196c2f..aa9687ba3a412 100644 --- a/pkgs/tools/security/pius/default.nix +++ b/pkgs/tools/security/pius/default.nix @@ -33,7 +33,7 @@ python3Packages.buildPythonApplication { to the process. ''; - license = lib.licenses.gpl2; + license = lib.licenses.gpl2Only; platforms = lib.platforms.gnu ++ lib.platforms.linux; maintainers = with lib.maintainers; [ kierdavis ]; diff --git a/pkgs/tools/security/plasma-pass/default.nix b/pkgs/tools/security/plasma-pass/default.nix index 9475b2a4a099d..a2b0816dc2386 100644 --- a/pkgs/tools/security/plasma-pass/default.nix +++ b/pkgs/tools/security/plasma-pass/default.nix @@ -31,7 +31,7 @@ mkDerivation rec { nativeBuildInputs = [ cmake extra-cmake-modules ]; meta = with lib; { - description = "A Plasma applet to access passwords from pass, the standard UNIX password manager"; + description = "Plasma applet to access passwords from pass, the standard UNIX password manager"; homepage = "https://invent.kde.org/plasma/plasma-pass"; license = licenses.lgpl21Plus; maintainers = with maintainers; [ matthiasbeyer ]; diff --git a/pkgs/tools/security/please/default.nix b/pkgs/tools/security/please/default.nix index 2ecbc9ab30352..822cdb54cfd34 100644 --- a/pkgs/tools/security/please/default.nix +++ b/pkgs/tools/security/please/default.nix @@ -35,7 +35,7 @@ rustPlatform.buildRustPackage rec { passthru.tests = { inherit (nixosTests) please; }; meta = with lib; { - description = "A polite regex-first sudo alternative"; + description = "Polite regex-first sudo alternative"; longDescription = '' Delegate accurate least privilege access with ease. Express easily with a regex and expose only what is needed and nothing more. Or validate file diff --git a/pkgs/tools/security/polkit-gnome/default.nix b/pkgs/tools/security/polkit-gnome/default.nix deleted file mode 100644 index e0d57d9bde236..0000000000000 --- a/pkgs/tools/security/polkit-gnome/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ lib, stdenv, fetchurl, polkit, gtk3, pkg-config, intltool }: -stdenv.mkDerivation rec { - pname = "polkit-gnome"; - version = "0.105"; - - src = fetchurl { - url = "mirror://gnome/sources/polkit-gnome/${version}/${pname}-${version}.tar.xz"; - sha256 = "0sckmcbxyj6sbrnfc5p5lnw27ccghsid6v6wxq09mgxqcd4lk10p"; - }; - - buildInputs = [ polkit gtk3 ]; - nativeBuildInputs = [ pkg-config intltool ]; - - configureFlags = [ "--disable-introspection" ]; - - # Desktop file from Debian - postInstall = '' - mkdir -p $out/etc/xdg/autostart - substituteAll ${./polkit-gnome-authentication-agent-1.desktop} $out/etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop - ''; - - meta = { - homepage = "https://gitlab.gnome.org/Archive/policykit-gnome"; - description = "A dbus session bus service that is used to bring up authentication dialogs"; - license = lib.licenses.lgpl2Plus; - maintainers = with lib.maintainers; [ ]; - platforms = lib.platforms.linux; - }; -} diff --git a/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop b/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop deleted file mode 100644 index 5ddda50cb0157..0000000000000 --- a/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop +++ /dev/null @@ -1,88 +0,0 @@ -[Desktop Entry] -Name=PolicyKit Authentication Agent -Name[ar]=مدير الاستيثاق PolicyKit -Name[be]=PolicyKit - аґент аўтэнтыфікацыі -Name[bn_IN]=PolicyKit অনুমোদনের এজেন্ট -Name[ca]=Agent d'autenticació del PolicyKit -Name[cs]=Ověřovací agent PolicyKit -Name[da]=Godkendelsesprogrammet PolicyKit -Name[de]=Legitimationsdienst von PolicyKit -Name[el]=Πράκτορας πιστοποίησης PolicyKit -Name[en_GB]=PolicyKit Authentication Agent -Name[es]=Agente de autenticación de PolicyKit -Name[eu]=PolicyKit autentifikatzeko agentea -Name[fi]=PolicytKit-tunnistautumisohjelma -Name[fr]=Agent d'authentification de PolicyKit -Name[gl]=Axente de autenticación PolicyKit -Name[gu]=PolicyKit સત્તાધિકરણ એજન્ટ -Name[hi]=PolicyKit प्रमाणीकरण प्रतिनिधि -Name[hu]=PolicyKit hitelesítési ügynök -Name[it]=Agente di autenticazione per PolicyKit -Name[ja]=PolicyKit 認証エージェント -Name[kn]=PolicyKit ದೃಢೀಕರಣ ಮಧ್ಯವರ್ತಿ -Name[lt]=PolicyKit tapatybės nustatymo agentas -Name[ml]=പോളിസിക്കിറ്റ് ഓഥന്റിക്കേഷന് ഏജന്റ് -Name[mr]=PolicyKit ऑथेंटीकेशन एजेंट -Name[or]=PolicyKit ବୈଧିକରଣ ସଦସ୍ୟ -Name[pa]=ਪਾਲਸੀਕਿੱਟ ਪਰਮਾਣਕਿਤਾ ਏਜੰਟ -Name[pl]=Agent uwierzytelniania PolicyKit -Name[pt]=Agente de Autenticação PolicyKit -Name[pt_BR]=Agente de autenticação PolicyKit -Name[ro]=Agent de autentificare PolicyKit -Name[sk]=Agent PolicyKit na overovanie totožnosti -Name[sl]=PolicyKit program overjanja -Name[sv]=Autentiseringsagent för PolicyKit -Name[ta]=PolicyKit அங்கீகார முகவர் -Name[te]=పాలసీకిట్ ధృవీకరణ ప్రతినిధి -Name[th]=ตัวกลางสำหรับยืนยันตัวบุคคล PolicyKit -Name[uk]=Агент автентифікації PolicyKit -Name[zh_CN]=PolicyKit 认证代理 -Name[zh_HK]=PolicyKit 驗證代理程式 -Name[zh_TW]=PolicyKit 驗證代理程式 -Comment=PolicyKit Authentication Agent -Comment[ar]=مدير الاستيثاق PolicyKit -Comment[be]=PolicyKit - аґент аўтэнтыфікацыі -Comment[bn_IN]=PolicyKit অনুমোদনের এজেন্ট -Comment[ca]=Agent d'autenticació del PolicyKit -Comment[cs]=Ověřovací agent PolicyKit -Comment[da]=Godkendelsesprogrammet PolicyKit -Comment[de]=Legitimationsdienst von PolicyKit -Comment[el]=Πράκτορας πιστοποίησης PolicyKit -Comment[en_GB]=PolicyKit Authentication Agent -Comment[es]=Agente de autenticación de PolicyKit -Comment[eu]=PolicyKit autentifikatzeko agentea -Comment[fi]=PolicytKit-tunnistautumisohjelma -Comment[fr]=Agent d'authentification de PolicyKit -Comment[gl]=Axente de autenticación PolicyKit -Comment[gu]=PolicyKit સત્તાધિકરણ એજન્ટ -Comment[hi]=PolicyKit प्रमाणीकरण प्रतिनिधि -Comment[hu]=PolicyKit hitelesítési ügynök -Comment[it]=Agente di autenticazione per PolicyKit -Comment[ja]=PolicyKit 認証エージェント -Comment[kn]=PolicyKit ದೃಢೀಕರಣ ಮಧ್ಯವರ್ತಿ -Comment[lt]=PolicyKit tapatybės nustatymo agentas -Comment[ml]=പോളിസിക്കിറ്റ് ഓഥന്റിക്കേഷന് ഏജന്റ് -Comment[mr]=PolicyKit ऑथेंटीकेशन एजेंट -Comment[or]=PolicyKit ବୈଧିକରଣ ସଦସ୍ୟ -Comment[pa]=ਪਾਲਸੀਕਿੱਟ ਪਰਮਾਣਕਿਤਾ ਏਜੰਟ -Comment[pl]=Agent uwierzytelniania PolicyKit -Comment[pt]=Agente de Autenticação PolicyKit -Comment[pt_BR]=Agente de autenticação PolicyKit -Comment[ro]=Agent de autentificare PolicyKit -Comment[sk]=Agent PolicyKit na overovanie totožnosti -Comment[sl]=PolicyKit program overjanja -Comment[sv]=Autentiseringsagent för PolicyKit -Comment[ta]=PolicyKit அங்கீகார முகவர் -Comment[te]=పాలసీకిట్ ధృవీకరణ ప్రతినిధి -Comment[th]=ตัวกลางสำหรับยืนยันตัวบุคคล PolicyKit -Comment[uk]=Агент автентифікації PolicyKit -Comment[zh_CN]=PolicyKit 认证代理 -Comment[zh_HK]=PolicyKit 驗證代理程式 -Comment[zh_TW]=PolicyKit 驗證代理程式 -Exec=@out@/libexec/polkit-gnome-authentication-agent-1 -Terminal=false -Type=Application -Categories= -NoDisplay=true -OnlyShowIn=GNOME;XFCE;Unity; -AutostartCondition=GNOME3 unless-session gnome diff --git a/pkgs/tools/security/proxmark3/default.nix b/pkgs/tools/security/proxmark3/default.nix index ee37f938b5d99..94d9d76b92889 100644 --- a/pkgs/tools/security/proxmark3/default.nix +++ b/pkgs/tools/security/proxmark3/default.nix @@ -26,13 +26,13 @@ assert withBlueshark -> stdenv.hostPlatform.isLinux; stdenv.mkDerivation (finalAttrs: { pname = "proxmark3"; - version = "4.18341"; + version = "4.18589"; src = fetchFromGitHub { owner = "RfidResearchGroup"; repo = "proxmark3"; rev = "v${finalAttrs.version}"; - hash = "sha256-YeBrrzCiDgl4WdhWYatm9sOAtBAECIv/f+OzB/RTdeg="; + hash = "sha256-e/FoyaHU/uH2yovEqtkrCXwHMlF94Acxl2lUA422Pig="; }; patches = [ diff --git a/pkgs/tools/security/qdigidoc/default.nix b/pkgs/tools/security/qdigidoc/default.nix index 862249d2ebd10..7e90eca619395 100644 --- a/pkgs/tools/security/qdigidoc/default.nix +++ b/pkgs/tools/security/qdigidoc/default.nix @@ -1,6 +1,7 @@ { lib , mkDerivation , fetchurl +, fetchpatch , cmake , flatbuffers , gettext @@ -17,12 +18,12 @@ mkDerivation rec { pname = "qdigidoc"; - version = "4.4.0"; + version = "4.5.1"; src = fetchurl { url = "https://github.com/open-eid/DigiDoc4-Client/releases/download/v${version}/qdigidoc4-${version}.tar.gz"; - hash = "sha256-5zo0yoY0wufm9DWRIccxJ5g4DXn75nT4fd2h+5QP4oQ="; + hash = "sha256-grhSuexp5yd/s8h5AdmdSLBmQY85l9HKZ15oTTvC6PI="; }; tsl = fetchurl { @@ -30,6 +31,14 @@ mkDerivation rec { sha256 = "1cikz36w9phgczcqnwk4k3mx3kk919wy2327jksmfa4cjfjq4a8d"; }; + patches = [ + # https://github.com/open-eid/DigiDoc4-Client/pull/1251 + (fetchpatch { + url = "https://github.com/open-eid/DigiDoc4-Client/commit/30281d14c5fb5582832eafbc254b56f8d685227d.patch"; + hash = "sha256-nv23NbPUogOhS8No3SMIrAcPChl+d1HkxnePpCKIoUw="; + }) + ]; + nativeBuildInputs = [ cmake gettext pkg-config qttools ]; postPatch = '' @@ -64,6 +73,6 @@ mkDerivation rec { homepage = "https://www.id.ee/"; license = licenses.lgpl21Plus; platforms = platforms.linux; - maintainers = with maintainers; [ mmahut yana ]; + maintainers = with maintainers; [ flokli mmahut yana ]; }; } diff --git a/pkgs/tools/security/quark-engine/default.nix b/pkgs/tools/security/quark-engine/default.nix index 43e9413d125cd..c01704d0add6c 100644 --- a/pkgs/tools/security/quark-engine/default.nix +++ b/pkgs/tools/security/quark-engine/default.nix @@ -1,27 +1,27 @@ -{ lib -, fetchFromGitHub -, gitMinimal -, python3 +{ + lib, + fetchFromGitHub, + gitMinimal, + python3, }: python3.pkgs.buildPythonApplication rec { pname = "quark-engine"; - version = "24.4.1"; + version = "24.6.1"; pyproject = true; src = fetchFromGitHub { - owner = pname; - repo = pname; + owner = "quark-engine"; + repo = "quark-engine"; rev = "refs/tags/v${version}"; - sha256 = "sha256-cWO/avMz9nT9yo10b1ugC0C8NsEp2jAlcR0/+86gFKc="; + hash = "sha256-DDtDNa/QZ5n5ASN6Fu/nnVEQ/9Vu5HSKXKvbrg6Bsjs="; }; - nativeBuildInputs = with python3.pkgs; [ - setuptools - pythonRelaxDepsHook - ]; + build-system = with python3.pkgs; [ setuptools ]; + + nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook ]; - propagatedBuildInputs = with python3.pkgs; [ + dependencies = with python3.pkgs; [ androguard click colorama @@ -37,16 +37,12 @@ python3.pkgs.buildPythonApplication rec { tqdm ]; - pythonRelaxDeps = [ - "r2pipe" - ]; + pythonRelaxDeps = [ "r2pipe" ]; # Project has no tests doCheck = false; - pythonImportsCheck = [ - "quark" - ]; + pythonImportsCheck = [ "quark" ]; meta = with lib; { description = "Android malware (analysis and scoring) system"; diff --git a/pkgs/tools/security/radamsa/default.nix b/pkgs/tools/security/radamsa/default.nix index 1903b435b770a..e619a248137c5 100644 --- a/pkgs/tools/security/radamsa/default.nix +++ b/pkgs/tools/security/radamsa/default.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { doCheck = true; meta = { - description = "A general purpose fuzzer"; + description = "General purpose fuzzer"; mainProgram = "radamsa"; longDescription = "Radamsa is a general purpose data fuzzer. It reads data from given sample files, or standard input if none are given, and outputs modified data. It is usually used to generate malformed data for testing programs."; homepage = "https://gitlab.com/akihe/radamsa"; diff --git a/pkgs/tools/security/rarcrack/default.nix b/pkgs/tools/security/rarcrack/default.nix index 3745a9520f1c2..40043022f278c 100644 --- a/pkgs/tools/security/rarcrack/default.nix +++ b/pkgs/tools/security/rarcrack/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation { Warning: Please don't use this program for any illegal things! ''; homepage = "https://github.com/jaredsburrows/Rarcrack"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ davidak ]; platforms = with platforms; unix; }; diff --git a/pkgs/tools/security/rblake2sum/default.nix b/pkgs/tools/security/rblake2sum/default.nix index 8f2a868363560..9052ffb68a96d 100644 --- a/pkgs/tools/security/rblake2sum/default.nix +++ b/pkgs/tools/security/rblake2sum/default.nix @@ -20,7 +20,7 @@ rustPlatform.buildRustPackage { buildInputs = lib.optionals stdenv.isDarwin [ Security ]; meta = with lib; { - description = "A recursive blake2 digest (hash) of a file-system path"; + description = "Recursive blake2 digest (hash) of a file-system path"; homepage = "https://github.com/crev-dev/rblake2sum"; license = [ licenses.mit ]; maintainers = with maintainers; [ dpc ]; diff --git a/pkgs/tools/security/rblake3sum/default.nix b/pkgs/tools/security/rblake3sum/default.nix index 341dcd06fb6a7..62f290cdf3208 100644 --- a/pkgs/tools/security/rblake3sum/default.nix +++ b/pkgs/tools/security/rblake3sum/default.nix @@ -20,7 +20,7 @@ rustPlatform.buildRustPackage { buildInputs = lib.optionals stdenv.isDarwin [ Security ]; meta = with lib; { - description = "A recursive blake3 digest (hash) of a file-system path"; + description = "Recursive blake3 digest (hash) of a file-system path"; homepage = "https://github.com/rustshop/rblake3sum"; license = [ licenses.mit ]; maintainers = with maintainers; [ dpc ]; diff --git a/pkgs/tools/security/rbw/default.nix b/pkgs/tools/security/rbw/default.nix index 201c86c861629..596257f90c9e8 100644 --- a/pkgs/tools/security/rbw/default.nix +++ b/pkgs/tools/security/rbw/default.nix @@ -25,14 +25,14 @@ rustPlatform.buildRustPackage rec { pname = "rbw"; - version = "1.10.0"; + version = "1.10.2"; src = fetchzip { url = "https://git.tozt.net/rbw/snapshot/rbw-${version}.tar.gz"; - hash = "sha256-uJ1QLEaab/Vb5GiAmbwjve3Y/3SM2XbNTRTvl2vPDYc="; + hash = "sha256-ScVXtNk2QtfAQn6PtQkbDJNLWAu49l55s6Zpf1fiVjM="; }; - cargoHash = "sha256-tDgkANbUmNLe3us+05gD9IS0f+RTQBXTGvuz2cr2zYY="; + cargoHash = "sha256-ii0401TTDm1ySRGOcSmPts/10wTguxsx8h7wA4FsgQk="; nativeBuildInputs = [ installShellFiles @@ -77,5 +77,6 @@ rustPlatform.buildRustPackage rec { changelog = "https://git.tozt.net/rbw/plain/CHANGELOG.md?id=${version}"; license = licenses.mit; maintainers = with maintainers; [ albakham luc65r ]; + mainProgram = "rbw"; }; } diff --git a/pkgs/tools/security/rhash/default.nix b/pkgs/tools/security/rhash/default.nix index e789eeba05394..cdad16bb4b43c 100644 --- a/pkgs/tools/security/rhash/default.nix +++ b/pkgs/tools/security/rhash/default.nix @@ -3,6 +3,7 @@ , fetchFromGitHub , which , enableStatic ? stdenv.hostPlatform.isStatic +, gettext }: stdenv.mkDerivation rec { @@ -16,7 +17,10 @@ stdenv.mkDerivation rec { sha256 = "sha256-3CW41ULdXoID4cOgrcG2j85tgIJ/sz5hU7A83qpuxf4="; }; + patches = [ ./dont-fail-ln.patch ./do-link-so.patch ]; + nativeBuildInputs = [ which ]; + buildInputs = lib.optionals stdenv.hostPlatform.isFreeBSD [ gettext ]; # configure script is not autotools-based, doesn't support these options dontAddStaticConfigureFlags = true; diff --git a/pkgs/tools/security/rhash/do-link-so.patch b/pkgs/tools/security/rhash/do-link-so.patch new file mode 100644 index 0000000000000..d75df2d048cdb --- /dev/null +++ b/pkgs/tools/security/rhash/do-link-so.patch @@ -0,0 +1,22 @@ +From b8c91ea6551e99e10352386cd46ea26973bb4a4d Mon Sep 17 00:00:00 2001 +From: Aleksey Kravchenko <rhash.admin@gmail.com> +Date: Mon, 11 Sep 2023 03:49:20 +0300 +Subject: [PATCH] Fix #238: Build on Unix + +--- + librhash/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/librhash/Makefile b/librhash/Makefile +index e8ee862..34f1263 100644 +--- a/librhash/Makefile ++++ b/librhash/Makefile +@@ -27,7 +27,7 @@ install-lib-static: $(LIBRHASH_STATIC) + install-lib-shared: $(LIBRHASH_SHARED) $(EXTRA_INSTALL_LIBSHARED) + $(INSTALL) -d $(SO_DIR) + $(INSTALL_SHARED) $(LIBRHASH_SHARED) $(SO_DIR)/ +- test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" || ( \ ++ test "x$(LIBRHASH_SO_MAJ)" = "x$(LIBRHASH_SHARED)" || ( \ + rm -f $(LIBDIR)/$(LIBRHASH_SO_MAJ) && \ + ln -s $(LIBRHASH_SHARED) $(LIBDIR)/$(LIBRHASH_SO_MAJ) ) + diff --git a/pkgs/tools/security/rhash/dont-fail-ln.patch b/pkgs/tools/security/rhash/dont-fail-ln.patch new file mode 100644 index 0000000000000..7703db5feb241 --- /dev/null +++ b/pkgs/tools/security/rhash/dont-fail-ln.patch @@ -0,0 +1,59 @@ +From 9ef90b958b7ae50aeeb5c269468034d73d6e2efe Mon Sep 17 00:00:00 2001 +From: Aleksey Kravchenko <rhash.admin@gmail.com> +Date: Mon, 31 Jul 2023 02:48:15 +0300 +Subject: [PATCH] Fix #238: Build on *BSD + +--- + configure | 3 ++- + librhash/Makefile | 8 ++++---- + 2 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/configure b/configure +index dae76d5..39ef8c1 100755 +--- a/configure ++++ b/configure +@@ -567,6 +567,7 @@ qnx() { test "$OS_LC" = "qnx"; } + sunos() { test "$OS_LC" = "sunos"; } + wine() { test "$OS_LC" = "wine"; } + win32() { cygwin || mingw32 || mingw64 || msys || wine; } ++bsd() { dragonfly || freebsd || netbsd || openbsd ; } + posix_make() { aix || bsdos || hpux || irix || qnx || sunos; } + + ##################################################################### +@@ -713,7 +714,7 @@ if win32; then + elif darwin; then + SHARED_EXT=".${RHASH_VERSION_MAJOR}.dylib" + SOLINK_EXT=".dylib" +-elif linux; then ++elif linux || bsd; then + # use the full library version for the library file extension + SHARED_EXT=".so.${RHASH_VERSION}" + fi +diff --git a/librhash/Makefile b/librhash/Makefile +index d48e06e..e8ee862 100644 +--- a/librhash/Makefile ++++ b/librhash/Makefile +@@ -27,9 +27,9 @@ install-lib-static: $(LIBRHASH_STATIC) + install-lib-shared: $(LIBRHASH_SHARED) $(EXTRA_INSTALL_LIBSHARED) + $(INSTALL) -d $(SO_DIR) + $(INSTALL_SHARED) $(LIBRHASH_SHARED) $(SO_DIR)/ +- test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" && \ ++ test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" || ( \ + rm -f $(LIBDIR)/$(LIBRHASH_SO_MAJ) && \ +- ln -s $(LIBRHASH_SHARED) $(LIBDIR)/$(LIBRHASH_SO_MAJ) ++ ln -s $(LIBRHASH_SHARED) $(LIBDIR)/$(LIBRHASH_SO_MAJ) ) + + install-implib: + $(INSTALL) -d $(LIBDIR) +@@ -175,9 +175,9 @@ $(EXPORTS_FILE): $(LIB_HEADERS) + $(LIB_HEADERS) | grep -v "$(EXPORTS_SKIP)" > $@ + + $(LIBRHASH_SOLINK): +- test "x$(LIBRHASH_SO_MAJ)" != "x$(LIBRHASH_SHARED)" && \ ++ test "x$(LIBRHASH_SO_MAJ)" = "x$(LIBRHASH_SHARED)" || ( \ + rm -f $(LIBRHASH_SO_MAJ) && \ +- ln -s $(LIBRHASH_SHARED) $(LIBRHASH_SO_MAJ) ++ ln -s $(LIBRHASH_SHARED) $(LIBRHASH_SO_MAJ) ) + rm -f $(LIBRHASH_SOLINK) + ln -s $(LIBRHASH_SO_MAJ) $(LIBRHASH_SOLINK) + diff --git a/pkgs/tools/security/ripasso/cursive.nix b/pkgs/tools/security/ripasso/cursive.nix index faef4dbff48a2..ac4f176950df3 100644 --- a/pkgs/tools/security/ripasso/cursive.nix +++ b/pkgs/tools/security/ripasso/cursive.nix @@ -72,7 +72,7 @@ rustPlatform.buildRustPackage rec { ''; meta = with lib; { - description = "A simple password manager written in Rust"; + description = "Simple password manager written in Rust"; mainProgram = "ripasso-cursive"; homepage = "https://github.com/cortex/ripasso"; license = licenses.gpl3; diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix index a5470f05613b4..f17615eaa1dd5 100644 --- a/pkgs/tools/security/rng-tools/default.nix +++ b/pkgs/tools/security/rng-tools/default.nix @@ -19,13 +19,13 @@ stdenv.mkDerivation rec { pname = "rng-tools"; - version = "6.16"; + version = "6.17"; src = fetchFromGitHub { owner = "nhorman"; repo = pname; rev = "v${version}"; - hash = "sha256-9pXQhG2nbu6bq4BnBgEOyyUBNkQTI5RhWmJIoLtFU+c="; + hash = "sha256-wqJvLvxmNG2nb5P525w25Y8byUUJi24QIHNJomCKeG8="; }; nativeBuildInputs = [ autoreconfHook libtool pkg-config ]; @@ -77,7 +77,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = "A random number generator daemon"; + description = "Random number generator daemon"; homepage = "https://github.com/nhorman/rng-tools"; changelog = "https://github.com/nhorman/rng-tools/releases/tag/v${version}"; license = licenses.gpl2Plus; diff --git a/pkgs/tools/security/rnp/default.nix b/pkgs/tools/security/rnp/default.nix index 9a3796aeb42e0..2f7a22e59b188 100644 --- a/pkgs/tools/security/rnp/default.nix +++ b/pkgs/tools/security/rnp/default.nix @@ -16,20 +16,18 @@ stdenv.mkDerivation (finalAttrs: { pname = "rnp"; - version = "0.17.0"; + version = "0.17.1"; src = fetchFromGitHub { owner = "rnpgp"; repo = "rnp"; rev = "v${finalAttrs.version}"; - hash = "sha256-4fB7Sl9+ATrJTRnhbNG5BoW3XLxR7IP167RK96+gxj0="; + hash = "sha256-jUh7BxRnB6KePCk1jIvKzXgxSmWdKlQYmxshZZY4SBQ"; }; buildInputs = [ zlib bzip2 json_c botan2 sexpp ]; patches = [ - ./unbundle-sexpp.patch - ./sexp_sexpp_rename.patch ]; cmakeFlags = [ @@ -38,6 +36,7 @@ stdenv.mkDerivation (finalAttrs: { "-DBUILD_TESTING=on" "-DDOWNLOAD_GTEST=off" "-DDOWNLOAD_RUBYRNP=off" + "-DSYSTEM_LIBSEXPP=on" ]; nativeBuildInputs = [ asciidoctor cmake gnupg gtest pkg-config python3 ]; diff --git a/pkgs/tools/security/rnp/sexp_sexpp_rename.patch b/pkgs/tools/security/rnp/sexp_sexpp_rename.patch deleted file mode 100644 index a86d205139f70..0000000000000 --- a/pkgs/tools/security/rnp/sexp_sexpp_rename.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff --git i/src/lib/CMakeLists.txt w/src/lib/CMakeLists.txt -index 086ac57d..2ce59ca1 100755 ---- i/src/lib/CMakeLists.txt -+++ w/src/lib/CMakeLists.txt -@@ -328,7 +328,7 @@ elseif (CRYPTO_BACKEND_OPENSSL) - target_link_libraries(librnp-obj PRIVATE OpenSSL::Crypto) - endif() - --target_link_libraries(librnp-obj PRIVATE sexp) -+target_link_libraries(librnp-obj PRIVATE sexpp) - - set_target_properties(librnp-obj PROPERTIES CXX_VISIBILITY_PRESET hidden) - if (TARGET BZip2::BZip2) -@@ -384,7 +384,7 @@ foreach (prop LINK_LIBRARIES INTERFACE_LINK_LIBRARIES INCLUDE_DIRECTORIES INTERF - get_target_property(val librnp-obj ${prop}) - if (BUILD_SHARED_LIBS) - set_property(TARGET librnp-static PROPERTY ${prop} ${val}) -- list(REMOVE_ITEM val "$<LINK_ONLY:sexp>") -+ list(REMOVE_ITEM val "$<LINK_ONLY:sexpp>") - set_property(TARGET librnp PROPERTY ${prop} ${val}) - else() - set_property(TARGET librnp PROPERTY ${prop} ${val}) -diff --git i/src/librekey/g23_sexp.hpp w/src/librekey/g23_sexp.hpp -index b888680f..b062c52f 100644 ---- i/src/librekey/g23_sexp.hpp -+++ w/src/librekey/g23_sexp.hpp -@@ -27,8 +27,8 @@ - #ifndef RNP_G23_SEXP_HPP - #define RNP_G23_SEXP_HPP - --#include "sexp/sexp.h" --#include "sexp/ext-key-format.h" -+#include "sexpp/sexp.h" -+#include "sexpp/ext-key-format.h" - - #define SXP_MAX_DEPTH 30 - -diff --git i/src/tests/CMakeLists.txt w/src/tests/CMakeLists.txt -index 7d2a6b0c..88aeaf9f 100644 ---- i/src/tests/CMakeLists.txt -+++ w/src/tests/CMakeLists.txt -@@ -176,7 +176,7 @@ target_link_libraries(rnp_tests - PRIVATE - librnp-static - JSON-C::JSON-C -- sexp -+ sexpp - ${GTestMain} - ) - if (CRYPTO_BACKEND_LOWERCASE STREQUAL "openssl") diff --git a/pkgs/tools/security/rnp/unbundle-sexpp.patch b/pkgs/tools/security/rnp/unbundle-sexpp.patch deleted file mode 100644 index dcbf92948a282..0000000000000 --- a/pkgs/tools/security/rnp/unbundle-sexpp.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff --git i/CMakeLists.txt w/CMakeLists.txt -index bb6d40cb..30171e7c 100644 ---- i/CMakeLists.txt -+++ w/CMakeLists.txt -@@ -176,11 +176,6 @@ if (ENABLE_FUZZERS) - endif() - add_subdirectory(src/common) - --set(WITH_SEXP_CLI OFF) --set(WITH_SEXP_TESTS OFF) --set(CMAKE_INSTALL_DEFAULT_COMPONENT_NAME development) --add_subdirectory(src/libsexp EXCLUDE_FROM_ALL) -- - add_subdirectory(src/lib) - add_subdirectory(src/rnp) - add_subdirectory(src/rnpkeys) -diff --git i/src/lib/CMakeLists.txt w/src/lib/CMakeLists.txt -index 086ac57d..b219ef06 100755 ---- i/src/lib/CMakeLists.txt -+++ w/src/lib/CMakeLists.txt -@@ -433,7 +433,7 @@ install(TARGETS librnp - COMPONENT development - ) - -- install(TARGETS librnp-static sexp -+ install(TARGETS librnp-static - EXPORT rnp-targets - ARCHIVE - DESTINATION "${CMAKE_INSTALL_LIBDIR}" -@@ -441,7 +441,7 @@ install(TARGETS librnp - ) - else(BUILD_SHARED_LIBS) - # static libraries only --install(TARGETS librnp sexp -+install(TARGETS librnp - EXPORT rnp-targets - ARCHIVE - DESTINATION "${CMAKE_INSTALL_LIBDIR}" diff --git a/pkgs/tools/security/ronin/default.nix b/pkgs/tools/security/ronin/default.nix index 1bf98ae9eafcc..ab9ec0cda4c98 100644 --- a/pkgs/tools/security/ronin/default.nix +++ b/pkgs/tools/security/ronin/default.nix @@ -23,7 +23,7 @@ bundlerEnv { passthru.updateScript = bundlerUpdateScript "ronin"; meta = with lib; { - description = "A free and Open Source Ruby toolkit for security research and development"; + description = "Free and Open Source Ruby toolkit for security research and development"; homepage = "https://ronin-rb.dev"; license = licenses.gpl3Plus; maintainers = with maintainers; [ Ch1keen ]; diff --git a/pkgs/tools/security/rsign2/default.nix b/pkgs/tools/security/rsign2/default.nix index 86f2d6d843389..10a526a7b2cb5 100644 --- a/pkgs/tools/security/rsign2/default.nix +++ b/pkgs/tools/security/rsign2/default.nix @@ -15,7 +15,7 @@ rustPlatform.buildRustPackage rec { cargoHash = "sha256-xqNFJFNV9mIVxzyQvhv5QwHVcXLuH76VYFAsgp5hW+w="; meta = with lib; { - description = "A command-line tool to sign files and verify signatures"; + description = "Command-line tool to sign files and verify signatures"; homepage = "https://github.com/jedisct1/rsign2"; license = licenses.mit; maintainers = with maintainers; [ figsoda ]; diff --git a/pkgs/tools/security/ruler/default.nix b/pkgs/tools/security/ruler/default.nix index 6389c0eac0418..fe63a73072807 100644 --- a/pkgs/tools/security/ruler/default.nix +++ b/pkgs/tools/security/ruler/default.nix @@ -1,6 +1,7 @@ -{ lib -, buildGoModule -, fetchFromGitHub +{ + lib, + buildGoModule, + fetchFromGitHub, }: buildGoModule rec { @@ -9,17 +10,24 @@ buildGoModule rec { src = fetchFromGitHub { owner = "sensepost"; - repo = pname; - rev = version; + repo = "ruler"; + rev = "refs/tags/${version}"; hash = "sha256-cEYpK1LB9b65xr6MCMax1vUtSWefjJdXNs4sPgx65d0="; }; vendorHash = "sha256-ITd3cvZmRBWK3922dDRvNHNH8KzHoVfIQI6S318ibxA="; + ldflags = [ + "-w" + "-s" + ]; + meta = with lib; { description = "Tool to abuse Exchange services"; homepage = "https://github.com/sensepost/ruler"; + changelog = "https://github.com/sensepost/ruler/releases/tag/${version}"; license = with licenses; [ cc-by-nc-40 ]; maintainers = with maintainers; [ fab ]; + mainProgram = "ruler"; }; } diff --git a/pkgs/tools/security/rustscan/default.nix b/pkgs/tools/security/rustscan/default.nix index 238fa8fcc5e33..588a05ec7eb0e 100644 --- a/pkgs/tools/security/rustscan/default.nix +++ b/pkgs/tools/security/rustscan/default.nix @@ -11,16 +11,16 @@ rustPlatform.buildRustPackage rec { pname = "rustscan"; - version = "2.2.2"; + version = "2.2.3"; src = fetchFromGitHub { owner = "RustScan"; repo = "RustScan"; rev = "refs/tags/${version}"; - hash = "sha256-67XNEKzR72NOYlPbz2E9yf+THa1XN6muFJG2/iJa8AU="; + hash = "sha256-GOoyq2GgVGNUxxy0KQeRvkISb3FJqwWK5XpmoBAw/tk="; }; - cargoHash = "sha256-U9Kn9xAG+emyi8cWUCNP32z7f19MK8AGgGR6vFJd62Q="; + cargoHash = "sha256-K9NFm++jBsrn7U+rZkTOWhrUuL4CA0NR7SlSyhSIwSc="; postPatch = '' substituteInPlace src/scripts/mod.rs \ diff --git a/pkgs/tools/security/safe/default.nix b/pkgs/tools/security/safe/default.nix index 63fe240e5619d..83562ac8f1310 100644 --- a/pkgs/tools/security/safe/default.nix +++ b/pkgs/tools/security/safe/default.nix @@ -23,7 +23,7 @@ buildGoModule rec { ]; meta = with lib; { - description = "A Vault CLI"; + description = "Vault CLI"; mainProgram = "safe"; homepage = "https://github.com/starkandwayne/safe"; license = licenses.mit; diff --git a/pkgs/tools/security/saml2aws/default.nix b/pkgs/tools/security/saml2aws/default.nix index 7c61095cc3a97..dfc2e6f9ce9a6 100644 --- a/pkgs/tools/security/saml2aws/default.nix +++ b/pkgs/tools/security/saml2aws/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "saml2aws"; - version = "2.36.15"; + version = "2.36.16"; src = fetchFromGitHub { owner = "Versent"; repo = "saml2aws"; rev = "v${version}"; - sha256 = "sha256-lfA+D3NsrnYwqX1hfC3TOQKEBW/65QGUjzYxe2RVVSM="; + sha256 = "sha256-qe4a8dmanXRji7hLtlTYrIOuZ8lHwJtDI6dSFVYwcIo="; }; - vendorHash = "sha256-3jne2an651tlyXgmmQ28R/bwsfaQzI4rC+4WJhyDA2E="; + vendorHash = "sha256-OdkgTBsoBjLajx/ueII3o1ldU7+fysTbdTp7tG9eMng="; buildInputs = lib.optionals stdenv.isDarwin [ AppKit ]; diff --git a/pkgs/tools/security/schleuder/Gemfile b/pkgs/tools/security/schleuder/Gemfile index 687c293bac913..41360b7292a88 100644 --- a/pkgs/tools/security/schleuder/Gemfile +++ b/pkgs/tools/security/schleuder/Gemfile @@ -1,3 +1,4 @@ source 'https://rubygems.org' do gem 'schleuder' + gem 'net-smtp' end diff --git a/pkgs/tools/security/schleuder/Gemfile.lock b/pkgs/tools/security/schleuder/Gemfile.lock index 7f15bb7bd7176..96970097b875c 100644 --- a/pkgs/tools/security/schleuder/Gemfile.lock +++ b/pkgs/tools/security/schleuder/Gemfile.lock @@ -4,41 +4,45 @@ GEM GEM remote: https://rubygems.org/ specs: - activemodel (6.1.6) - activesupport (= 6.1.6) - activerecord (6.1.6) - activemodel (= 6.1.6) - activesupport (= 6.1.6) - activesupport (6.1.6) + activemodel (6.1.7.7) + activesupport (= 6.1.7.7) + activerecord (6.1.7.7) + activemodel (= 6.1.7.7) + activesupport (= 6.1.7.7) + activesupport (6.1.7.7) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - bcrypt (3.1.18) + bcrypt (3.1.20) charlock_holmes (0.7.7) - concurrent-ruby (1.1.10) + concurrent-ruby (1.3.1) daemons (1.4.1) eventmachine (1.2.7) - gpgme (2.0.20) - mini_portile2 (~> 2.3) - i18n (1.10.0) + gpgme (2.0.24) + mini_portile2 (~> 2.7) + i18n (1.14.5) concurrent-ruby (~> 1.0) mail (2.7.1) mini_mime (>= 0.1.1) mail-gpg (0.4.4) gpgme (~> 2.0, >= 2.0.2) mail (~> 2.5, >= 2.5.3) - mini_mime (1.1.2) - mini_portile2 (2.8.0) - minitest (5.16.1) + mini_mime (1.1.5) + mini_portile2 (2.8.6) + minitest (5.23.1) multi_json (1.15.0) - mustermann (1.1.1) + mustermann (2.0.2) ruby2_keywords (~> 0.0.1) - rack (2.2.3.1) - rack-protection (2.2.0) + net-protocol (0.2.2) + timeout + net-smtp (0.5.0) + net-protocol + rack (2.2.9) + rack-protection (2.2.4) rack - rake (13.0.6) + rake (13.2.1) ruby2_keywords (0.0.5) schleuder (4.0.3) activerecord (~> 6.1.3) @@ -53,34 +57,35 @@ GEM sqlite3 (~> 1.4.2) thin (~> 1) thor (~> 0) - sinatra (2.2.0) - mustermann (~> 1.0) + sinatra (2.2.4) + mustermann (~> 2.0) rack (~> 2.2) - rack-protection (= 2.2.0) + rack-protection (= 2.2.4) tilt (~> 2.0) - sinatra-contrib (2.2.0) + sinatra-contrib (2.2.4) multi_json - mustermann (~> 1.0) - rack-protection (= 2.2.0) - sinatra (= 2.2.0) + mustermann (~> 2.0) + rack-protection (= 2.2.4) + sinatra (= 2.2.4) tilt (~> 2.0) sqlite3 (1.4.4) - thin (1.8.1) + thin (1.8.2) daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) thor (0.20.3) - tilt (2.0.10) - tzinfo (2.0.4) + tilt (2.3.0) + timeout (0.4.1) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) - zeitwerk (2.6.0) + zeitwerk (2.6.15) PLATFORMS - aarch64-linux x86_64-linux DEPENDENCIES + net-smtp! schleuder! BUNDLED WITH - 2.3.9 + 2.5.9 diff --git a/pkgs/tools/security/schleuder/cli/Gemfile b/pkgs/tools/security/schleuder/cli/Gemfile index 428e856aecc65..12a93f677cfbe 100644 --- a/pkgs/tools/security/schleuder/cli/Gemfile +++ b/pkgs/tools/security/schleuder/cli/Gemfile @@ -1,4 +1,4 @@ source "https://rubygems.org" -gem "schleuder-cli", git: "https://0xacab.org/schleuder/schleuder-cli", tag: "schleuder-cli-0.1.0" +gem "schleuder-cli", git: "https://0xacab.org/schleuder/schleuder-cli", tag: "schleuder-cli-0.2.0" diff --git a/pkgs/tools/security/schleuder/cli/Gemfile.lock b/pkgs/tools/security/schleuder/cli/Gemfile.lock index 3eead9459e054..808bcb8bc4f95 100644 --- a/pkgs/tools/security/schleuder/cli/Gemfile.lock +++ b/pkgs/tools/security/schleuder/cli/Gemfile.lock @@ -1,15 +1,15 @@ GIT remote: https://0xacab.org/schleuder/schleuder-cli - revision: 1de2548695d9a74f47b7868954561b48cbc966f9 - tag: schleuder-cli-0.1.0 + revision: fd010d28b1503504056e714e03abf043b64794ea + tag: schleuder-cli-0.2.0 specs: - schleuder-cli (0.1.0) - thor (~> 0) + schleuder-cli (0.2.0) + thor (~> 1) GEM remote: https://rubygems.org/ specs: - thor (0.20.3) + thor (1.3.1) PLATFORMS aarch64-linux @@ -19,4 +19,4 @@ DEPENDENCIES schleuder-cli! BUNDLED WITH - 2.3.9 + 2.5.9 diff --git a/pkgs/tools/security/schleuder/cli/default.nix b/pkgs/tools/security/schleuder/cli/default.nix index e34afa699f042..ea8e2c5083424 100644 --- a/pkgs/tools/security/schleuder/cli/default.nix +++ b/pkgs/tools/security/schleuder/cli/default.nix @@ -20,7 +20,7 @@ bundlerApp { passthru.updateScript = bundlerUpdateScript "schleuder-cli"; meta = with lib; { - description = "A command line tool to create and manage schleuder-lists"; + description = "Command line tool to create and manage schleuder-lists"; longDescription = '' Schleuder-cli enables creating, configuring, and deleting lists, subscriptions, keys, etc. It uses the Schleuder API, provided by diff --git a/pkgs/tools/security/schleuder/cli/gemset.nix b/pkgs/tools/security/schleuder/cli/gemset.nix index 45ff62f891370..eeb05d82060f7 100644 --- a/pkgs/tools/security/schleuder/cli/gemset.nix +++ b/pkgs/tools/security/schleuder/cli/gemset.nix @@ -5,21 +5,21 @@ platforms = []; source = { fetchSubmodules = false; - rev = "1de2548695d9a74f47b7868954561b48cbc966f9"; - sha256 = "0k4i33w9a0bscw4wbs301vxca367g7pa89y6cr24i0014pbmhs9z"; + rev = "fd010d28b1503504056e714e03abf043b64794ea"; + sha256 = "1r8ayi0d00c14q40247rwjf5s5n3dsy9d9blhf5jzm3kddzpwnbx"; type = "git"; url = "https://0xacab.org/schleuder/schleuder-cli"; }; - version = "0.1.0"; + version = "0.2.0"; }; thor = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1yhrnp9x8qcy5vc7g438amd5j9sw83ih7c30dr6g6slgw9zj3g29"; + sha256 = "1vq1fjp45az9hfp6fxljhdrkv75cvbab1jfrwcw738pnsiqk8zps"; type = "gem"; }; - version = "0.20.3"; + version = "1.3.1"; }; } diff --git a/pkgs/tools/security/schleuder/default.nix b/pkgs/tools/security/schleuder/default.nix index 97173fdc3e190..cce88366a372b 100644 --- a/pkgs/tools/security/schleuder/default.nix +++ b/pkgs/tools/security/schleuder/default.nix @@ -1,6 +1,7 @@ { lib , bundlerApp , ruby +, stdenv , bundlerUpdateScript , nixosTests }: @@ -23,6 +24,7 @@ bundlerApp { }; meta = with lib; { + broken = stdenv.isDarwin; description = "Schleuder is an encrypting mailing list manager with remailing-capabilities"; longDescription = '' Schleuder is a group's email-gateway: subscribers can exchange @@ -32,6 +34,6 @@ bundlerApp { homepage = "https://schleuder.org"; changelog = "https://0xacab.org/schleuder/schleuder/blob/main/CHANGELOG.md"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ hexa lheckemann ]; + maintainers = with maintainers; [ hexa ]; }; } diff --git a/pkgs/tools/security/schleuder/gemset.nix b/pkgs/tools/security/schleuder/gemset.nix index 63cd6a5db81f2..ba22b478b00a5 100644 --- a/pkgs/tools/security/schleuder/gemset.nix +++ b/pkgs/tools/security/schleuder/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1f0ai51icvvx5q0jd1l89k0dlwzpsrkqlj6x43f8qc4bd1ya9glx"; + sha256 = "0zz32997k2fsyd0fzrh8f79yjr6hv3i4j9wykkxncl02j8dhrkay"; type = "gem"; }; - version = "6.1.6"; + version = "6.1.7.7"; }; activerecord = { dependencies = ["activemodel" "activesupport"]; @@ -16,10 +16,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0khjnkvmiyap1g3rvw9hp16mzai4smqcg5hxhq28pll25ljzxdbp"; + sha256 = "0qzymgyrvw2k32ldabp2jr0zgp6z9w8smyb946qgvs9zfs4n2qnn"; type = "gem"; }; - version = "6.1.6"; + version = "6.1.7.7"; }; activesupport = { dependencies = ["concurrent-ruby" "i18n" "minitest" "tzinfo" "zeitwerk"]; @@ -27,20 +27,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "08wzpwgdm03vzb8gqr8bvfdarb89g5ah0skvwqk6qv87p55xqkyw"; + sha256 = "0r2i9b0pm0b1dy8fc7kyls1g7f0bcnyq53v825rykibzdqfqdfgp"; type = "gem"; }; - version = "6.1.6"; + version = "6.1.7.7"; }; bcrypt = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "048z3fvcknqx7ikkhrcrykxlqmf9bzc7l0y5h1cnvrc9n2qf0k8m"; + sha256 = "16a0g2q40biv93i1hch3gw8rbmhp77qnnifj1k0a6m7dng3zh444"; type = "gem"; }; - version = "3.1.18"; + version = "3.1.20"; }; charlock_holmes = { groups = ["default"]; @@ -57,10 +57,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0s4fpn3mqiizpmpy2a24k4v365pv75y50292r8ajrv4i1p5b2k14"; + sha256 = "1kmhr3pz2nmhnq0nqlicqfwfmkzkcl835g7sw1gjjhjvhz8g2sf3"; type = "gem"; }; - version = "1.1.10"; + version = "1.3.1"; }; daemons = { groups = ["default"]; @@ -88,10 +88,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0xbgh9d8nbvsvyzqnd0mzhz0nr9hx4qn025kmz6d837lry4lc6gw"; + sha256 = "0r1vmql7w7ka5xzj1aqf8pk2a4sv0znwj2zkg1fgvd5b89qcvv2k"; type = "gem"; }; - version = "2.0.20"; + version = "2.0.24"; }; i18n = { dependencies = ["concurrent-ruby"]; @@ -99,10 +99,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0b2qyvnk4yynlg17ymkq4g5xgr275637fhl1mjh0valw3cb1fhhg"; + sha256 = "1ffix518y7976qih9k1lgnc17i3v6yrlh0a3mckpxdb4wc2vrp16"; type = "gem"; }; - version = "1.10.0"; + version = "1.14.5"; }; mail = { dependencies = ["mini_mime"]; @@ -131,30 +131,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0lbim375gw2dk6383qirz13hgdmxlan0vc5da2l072j3qw6fqjm5"; + sha256 = "1vycif7pjzkr29mfk4dlqv3disc5dn0va04lkwajlpr1wkibg0c6"; type = "gem"; }; - version = "1.1.2"; + version = "1.1.5"; }; mini_portile2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0rapl1sfmfi3bfr68da4ca16yhc0pp93vjwkj7y3rdqrzy3b41hy"; + sha256 = "149r94xi6b3jbp6bv72f8383b95ndn0p5sxnq11gs1j9jadv0ajf"; type = "gem"; }; - version = "2.8.0"; + version = "2.8.6"; }; minitest = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "08z6rgs1jgbc032843mwg3fayvzn4hihz8bl2gp87pf7z02kw5f3"; + sha256 = "1gkslxvkhh44s21rbjvka3zsvfxxrf5pcl6f75rv2vyrzzbgis7i"; type = "gem"; }; - version = "5.16.1"; + version = "5.23.1"; }; multi_json = { groups = ["default"]; @@ -172,20 +172,42 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ccm54qgshr1lq3pr1dfh7gphkilc19dp63rw6fcx7460pjwy88a"; + sha256 = "0m70qz27mlv2rhk4j1li6pw797gmiwwqg02vcgxcxr1rq2v53rnb"; type = "gem"; }; - version = "1.1.1"; + version = "2.0.2"; + }; + net-protocol = { + dependencies = ["timeout"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1a32l4x73hz200cm587bc29q8q9az278syw3x6fkc9d1lv5y0wxa"; + type = "gem"; + }; + version = "0.2.2"; + }; + net-smtp = { + dependencies = ["net-protocol"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0amlhz8fhnjfmsiqcjajip57ici2xhw089x7zqyhpk51drg43h2z"; + type = "gem"; + }; + version = "0.5.0"; }; rack = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1b1qsg0yfargdhmpapp2d3mlxj82wyygs9nj74w0r03diyi8swlc"; + sha256 = "0hj0rkw2z9r1lcg2wlrcld2n3phwrcgqcp7qd1g9a7hwgalh2qzx"; type = "gem"; }; - version = "2.2.3.1"; + version = "2.2.9"; }; rack-protection = { dependencies = ["rack"]; @@ -193,20 +215,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1hz6h6d67r217qi202qmxq2xkn3643ay3iybhl3dq3qd6j8nm3b2"; + sha256 = "1d6irsigm0i4ig1m47c94kixi3wb8jnxwvwkl8qxvyngmb73srl2"; type = "gem"; }; - version = "2.2.0"; + version = "2.2.4"; }; rake = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15whn7p9nrkxangbs9hh75q585yfn66lv0v2mhj6q6dl6x8bzr2w"; + sha256 = "17850wcwkgi30p7yqh60960ypn7yibacjjha0av78zaxwvd3ijs6"; type = "gem"; }; - version = "13.0.6"; + version = "13.2.1"; }; ruby2_keywords = { groups = ["default"]; @@ -235,10 +257,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1x3rci7k30g96y307hvglpdgm3f7nga3k3n4i8n1v2xxx290800y"; + sha256 = "0wkc079h6hzq737j4wycpnv7c38mhd0rl33pszyy7768zzvyjc9y"; type = "gem"; }; - version = "2.2.0"; + version = "2.2.4"; }; sinatra-contrib = { dependencies = ["multi_json" "mustermann" "rack-protection" "sinatra" "tilt"]; @@ -246,10 +268,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zzckl2n7r18fk3929hgcv8pby6hxwva0rbxw66yq6r96lnwzryb"; + sha256 = "0s6c1k3zzxp3xa7libvlpqaby27124rccyyxcsly04ih904cxk33"; type = "gem"; }; - version = "2.2.0"; + version = "2.2.4"; }; sqlite3 = { groups = ["default"]; @@ -267,10 +289,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "123bh7qlv6shk8bg8cjc84ix8bhlfcilwnn3iy6zq3l57yaplm9l"; + sha256 = "08g1yq6zzvgndj8fd98ah7pp8g2diw28p8bfjgv7rvjvp8d2am8w"; type = "gem"; }; - version = "1.8.1"; + version = "1.8.2"; }; thor = { groups = ["default"]; @@ -287,10 +309,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0rn8z8hda4h41a64l0zhkiwz2vxw9b1nb70gl37h1dg2k874yrlv"; + sha256 = "0p3l7v619hwfi781l3r7ypyv1l8hivp09r18kmkn6g11c4yr1pc2"; + type = "gem"; + }; + version = "2.3.0"; + }; + timeout = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16mvvsmx90023wrhf8dxc1lpqh0m8alk65shb7xcya6a9gflw7vg"; type = "gem"; }; - version = "2.0.10"; + version = "0.4.1"; }; tzinfo = { dependencies = ["concurrent-ruby"]; @@ -298,19 +330,19 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "10qp5x7f9hvlc0psv9gsfbxg4a7s0485wsbq1kljkxq94in91l4z"; + sha256 = "16w2g84dzaf3z13gxyzlzbf748kylk5bdgg3n1ipvkvvqy685bwd"; type = "gem"; }; - version = "2.0.4"; + version = "2.0.6"; }; zeitwerk = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0xjdr2szxvn3zb1sb5l8nfd6k9jr3b4qqbbg1mj9grf68m3fxckc"; + sha256 = "1kr2731z8f6cj23jxh67cdnpkrnnfwbrxj1hfhshls4mp8i8drmj"; type = "gem"; }; - version = "2.6.0"; + version = "2.6.15"; }; } diff --git a/pkgs/tools/security/scorecard/default.nix b/pkgs/tools/security/scorecard/default.nix index 265253bba51be..75b6657fe7e25 100644 --- a/pkgs/tools/security/scorecard/default.nix +++ b/pkgs/tools/security/scorecard/default.nix @@ -8,13 +8,13 @@ buildGoModule rec { pname = "scorecard"; - version = "4.12.0"; + version = "4.13.1"; src = fetchFromGitHub { owner = "ossf"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Ys7uO+xMSlcD8OGw7fV+aR0+Q1UXrxPKVLQbphV4rKk="; + hash = "sha256-xf6HyiZlkU9ifgXr+/O8UeElqwF8c1h/9IRWDVHx2+g="; # populate values otherwise taken care of by goreleaser, # unfortunately these require us to use git. By doing # this in postFetch we can delete .git afterwards and @@ -28,7 +28,7 @@ buildGoModule rec { find "$out" -name .git -print0 | xargs -0 rm -rf ''; }; - vendorHash = "sha256-L6HFZryniy3Gp8NKdjM4SK82ZG5eQPM7blkSE3YFhOw="; + vendorHash = "sha256-ohZcz7fn/YAglLI3YOi0J4FWkCJa2/nsM7T03+BOWkw="; nativeBuildInputs = [ installShellFiles ]; @@ -58,6 +58,11 @@ buildGoModule rec { export SKIP_GINKGO=1 ''; + checkFlags = [ + # https://github.com/ossf/scorecard/pull/4134 + "-skip TestRunScorecard/empty_commits_repos_should_return_repo_details_but_no_checks" + ]; + postInstall = '' installShellCompletion --cmd scorecard \ --bash <($out/bin/scorecard completion bash) \ @@ -69,7 +74,7 @@ buildGoModule rec { installCheckPhase = '' runHook preInstallCheck $out/bin/scorecard --help - # $out/bin/scorecard version 2>&1 | grep "v${version}" + $out/bin/scorecard version 2>&1 | grep "v${version}" runHook postInstallCheck ''; diff --git a/pkgs/tools/security/secp256k1/default.nix b/pkgs/tools/security/secp256k1/default.nix index 5494f8f26c24e..335d9c5c18a54 100644 --- a/pkgs/tools/security/secp256k1/default.nix +++ b/pkgs/tools/security/secp256k1/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "secp256k1"; - version = "0.4.1"; + version = "0.5.0"; src = fetchFromGitHub { owner = "bitcoin-core"; repo = "secp256k1"; rev = "refs/tags/v${version}"; - sha256 = "sha256-atq34GnWkSkWTWxZP4PCSF3hIjGFhQ534E+WUtLRkiM="; + sha256 = "sha256-XcxBzOJngrm1szs48bBS6pcH2yaLfLKPUtyQ51eItaw="; }; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/tools/security/semgrep/common.nix b/pkgs/tools/security/semgrep/common.nix index ee56a4c9d82d6..d51853953bf42 100644 --- a/pkgs/tools/security/semgrep/common.nix +++ b/pkgs/tools/security/semgrep/common.nix @@ -1,9 +1,9 @@ { lib }: rec { - version = "1.70.0"; + version = "1.74.0"; - srcHash = "sha256-+fpXHUqTltS+eHvX5qVSLqJkFZGXJ6fTmezDdkocXmY="; + srcHash = "sha256-PH0fTT6n6o3Jtuq+cyyRb048Tuv3VGNduCZCEKTXMrE="; # submodule dependencies # these are fetched so we: @@ -13,8 +13,8 @@ rec { "cli/src/semgrep/semgrep_interfaces" = { owner = "semgrep"; repo = "semgrep-interfaces"; - rev = "df63c8fe4695d742eb7c027cd5d12ccbb3395dab"; - hash = "sha256-UHF0rGKYCiefU42bk5T3oBW2GYT4HGSmRQYprfneOlY="; + rev = "9f38254957c50c68ea402eebae0f7aa40dd01cbf"; + hash = "sha256-/P8b7nSwNZSrm7dUFkehDaGz+r+bofrlFfuIo4U7tJM="; }; }; @@ -25,19 +25,19 @@ rec { core = { x86_64-linux = { platform = "any"; - hash = "sha256-DjIv5LTOZbjIr8BFqnIpH5h09KtxrggtA3xdCZ+OvZ8="; + hash = "sha256-ZA5KlbSLkC0IJGqyK0XhuDKRx53987vf53vSM0zwD9k="; }; aarch64-linux = { platform = "musllinux_1_0_aarch64.manylinux2014_aarch64"; - hash = "sha256-09zeVoSb61WeKHJZOLIHXHP+m6X5k7x38iU8jlpubBk="; + hash = "sha256-aHq87uzk9TtnlMDfAS6492ocXRJSHdBinng0hu2xLas="; }; x86_64-darwin = { platform = "macosx_10_14_x86_64"; - hash = "sha256-nRpkJEeO8/cQmScg8vNuRLFfKcJZ7vG7pP37FqgcNlQ="; + hash = "sha256-OorDXQ0oYHV8aPu9o1dQAd22u78/EjpUWA2yPYG0S9E="; }; aarch64-darwin = { platform = "macosx_11_0_arm64"; - hash = "sha256-SzqFYyWJFNyW5H5xEcxF1GsuLK9GoaqiAx94X754QpI="; + hash = "sha256-g8sFLh2V9NDIvAZOaDhMpFxKqbS/S1eKep4v1vlOOo8="; }; }; diff --git a/pkgs/tools/security/semgrep/default.nix b/pkgs/tools/security/semgrep/default.nix index 6b62ab80e7ea6..13307d3101027 100644 --- a/pkgs/tools/security/semgrep/default.nix +++ b/pkgs/tools/security/semgrep/default.nix @@ -1,6 +1,5 @@ { lib , fetchFromGitHub -, fetchpatch , semgrep-core , buildPythonApplication , pythonPackages diff --git a/pkgs/tools/security/sequoia-sqop/default.nix b/pkgs/tools/security/sequoia-sqop/default.nix index b9be021608982..2aba6b9043c9e 100644 --- a/pkgs/tools/security/sequoia-sqop/default.nix +++ b/pkgs/tools/security/sequoia-sqop/default.nix @@ -9,7 +9,7 @@ rustPlatform.buildRustPackage rec { pname = "sequoia-sqop"; - version = "0.32.0"; + version = "0.34.0"; src = fetchFromGitLab { owner = "sequoia-pgp"; @@ -17,10 +17,10 @@ rustPlatform.buildRustPackage rec { # generated etc repo = "sequoia-sop"; rev = "v${version}"; - hash = "sha256-6g6JVNlLi++XboU/ewHM7KM0tJlDayCoz1octKloQro="; + hash = "sha256-RpXMF0Q5Dp0zDt1gPl2Z3RKyDa4NI0uZY7kIc230F48="; }; - cargoHash = "sha256-Vci29mnFiRRbI45Qkj6t8aVrEaJdKVB01zTXHQT5ckw="; + cargoHash = "sha256-ccEnZPFUYU5F1PqkX1u7K2xuWYShhzJwEOfBEbi53gg="; nativeBuildInputs = [ pkg-config @@ -49,7 +49,7 @@ rustPlatform.buildRustPackage rec { passthru.updateScript = nix-update-script { }; meta = with lib; { - description = "An implementation of the Stateless OpenPGP Command Line Interface using Sequoia"; + description = "Implementation of the Stateless OpenPGP Command Line Interface using Sequoia"; homepage = "https://docs.sequoia-pgp.org/sqop/"; license = licenses.gpl2Plus; maintainers = with maintainers; [ doronbehar ]; diff --git a/pkgs/tools/security/sequoia-sqv/default.nix b/pkgs/tools/security/sequoia-sqv/default.nix index 1b80e9dd45185..7923b494c17e4 100644 --- a/pkgs/tools/security/sequoia-sqv/default.nix +++ b/pkgs/tools/security/sequoia-sqv/default.nix @@ -51,7 +51,7 @@ rustPlatform.buildRustPackage rec { passthru.updateScript = nix-update-script { }; meta = with lib; { - description = "A command-line OpenPGP signature verification tool"; + description = "Command-line OpenPGP signature verification tool"; homepage = "https://docs.sequoia-pgp.org/sqv/"; license = licenses.gpl2Plus; maintainers = with maintainers; [ doronbehar ]; diff --git a/pkgs/tools/security/sheesy-cli/default.nix b/pkgs/tools/security/sheesy-cli/default.nix index c47e5a2128585..50aee190a763c 100644 --- a/pkgs/tools/security/sheesy-cli/default.nix +++ b/pkgs/tools/security/sheesy-cli/default.nix @@ -32,7 +32,7 @@ rustPlatform.buildRustPackage rec { ''; meta = with lib; { - description = "The 'share-secrets-safely' CLI to interact with GPG/pass-like vaults"; + description = "'share-secrets-safely' CLI to interact with GPG/pass-like vaults"; homepage = "https://share-secrets-safely.github.io/cli/"; changelog = "https://github.com/share-secrets-safely/cli/releases/tag/${version}"; license = with licenses; [ lgpl21Only ]; diff --git a/pkgs/tools/security/shellnoob/default.nix b/pkgs/tools/security/shellnoob/default.nix index f7814b24384bb..ef9488239bd06 100644 --- a/pkgs/tools/security/shellnoob/default.nix +++ b/pkgs/tools/security/shellnoob/default.nix @@ -24,7 +24,7 @@ stdenvNoCC.mkDerivation rec { ''; meta = with lib; { - description = "A shellcode writing toolkit"; + description = "Shellcode writing toolkit"; homepage = "https://github.com/reyammer/shellnoob"; mainProgram = "snoob"; license = licenses.mit; diff --git a/pkgs/tools/security/sherlock/default.nix b/pkgs/tools/security/sherlock/default.nix index e3d6f658aeaff..6ee08c3f3f58c 100644 --- a/pkgs/tools/security/sherlock/default.nix +++ b/pkgs/tools/security/sherlock/default.nix @@ -2,18 +2,19 @@ , fetchFromGitHub , makeWrapper , python3 +, unstableGitUpdater }: python3.pkgs.buildPythonApplication rec { pname = "sherlock"; - version = "unstable-2023-10-06"; + version = "0-unstable-2024-06-04"; format = "other"; src = fetchFromGitHub { owner = "sherlock-project"; - repo = pname; - rev = "7ec56895a37ada47edd6573249c553379254d14a"; - hash = "sha256-bK5yEdh830vgKcsU3gLH7TybLncnX6eRIiYPUiVWM74="; + repo = "sherlock"; + rev = "ef124acf34e90626f4e59ab88bba1ed6141a4126"; + hash = "sha256-haxUKdZuuJrSI4TH8jA1fT+4fhr6tlxnrEgWTuBuIC4="; }; nativeBuildInputs = [ makeWrapper ]; @@ -59,6 +60,10 @@ python3.pkgs.buildPythonApplication rec { runHook postCheck ''; + passthru.updateScript = unstableGitUpdater { + hardcodeZeroVersion = true; + }; + meta = with lib; { homepage = "https://sherlock-project.github.io/"; description = "Hunt down social media accounts by username across social networks"; diff --git a/pkgs/tools/security/sigma-cli/default.nix b/pkgs/tools/security/sigma-cli/default.nix index 897fdfcb2f295..f2854b680dd41 100644 --- a/pkgs/tools/security/sigma-cli/default.nix +++ b/pkgs/tools/security/sigma-cli/default.nix @@ -1,18 +1,19 @@ -{ lib -, fetchFromGitHub -, python3 +{ + lib, + fetchFromGitHub, + python3, }: python3.pkgs.buildPythonApplication rec { pname = "sigma-cli"; - version = "1.0.1"; + version = "1.0.2"; pyproject = true; src = fetchFromGitHub { owner = "SigmaHQ"; repo = "sigma-cli"; rev = "refs/tags/v${version}"; - hash = "sha256-+6+xTc9XGsPxK3OsiA4dj2ORgC0PQtZsZ5a6STwmfcg="; + hash = "sha256-/Nciqf8O/Sq2zniaKid1VkYC/H6hgsVzMtOtFy/CiR8="; }; postPatch = '' @@ -20,11 +21,9 @@ python3.pkgs.buildPythonApplication rec { --replace '= "^' '= ">=' ''; - nativeBuildInputs = with python3.pkgs; [ - poetry-core - ]; + build-system = with python3.pkgs; [ poetry-core ]; - propagatedBuildInputs = with python3.pkgs; [ + dependencies = with python3.pkgs; [ click colorama prettytable @@ -39,9 +38,7 @@ python3.pkgs.buildPythonApplication rec { pysigma-pipeline-windows ]; - nativeCheckInputs = with python3.pkgs; [ - pytestCheckHook - ]; + nativeCheckInputs = with python3.pkgs; [ pytestCheckHook ]; disabledTests = [ "test_plugin_list" @@ -61,15 +58,13 @@ python3.pkgs.buildPythonApplication rec { "test_check_exclude" ]; - pythonImportsCheck = [ - "sigma.cli" - ]; + pythonImportsCheck = [ "sigma.cli" ]; meta = with lib; { description = "Sigma command line interface"; homepage = "https://github.com/SigmaHQ/sigma-cli"; changelog = "https://github.com/SigmaHQ/sigma-cli/releases/tag/v${version}"; - license = with licenses; [ lgpl21Plus ]; + license = licenses.lgpl21Plus; maintainers = with maintainers; [ fab ]; mainProgram = "sigma"; }; diff --git a/pkgs/tools/security/signing-party/default.nix b/pkgs/tools/security/signing-party/default.nix index e08632154385f..d0c50ddad0873 100644 --- a/pkgs/tools/security/signing-party/default.nix +++ b/pkgs/tools/security/signing-party/default.nix @@ -198,7 +198,7 @@ in stdenv.mkDerivation rec { meta = with lib; { homepage = "https://salsa.debian.org/signing-party-team/signing-party"; - description = "A collection of several projects relating to OpenPGP"; + description = "Collection of several projects relating to OpenPGP"; longDescription = '' This is a collection of several projects relating to OpenPGP. @@ -219,7 +219,7 @@ in stdenv.mkDerivation rec { * keyart: creates a random ASCII art of a PGP key file * gpg-key2latex: generate LaTeX file with fingerprint paper slips ''; - license = with licenses; [ bsd2 bsd3 gpl2 gpl2Plus gpl3Plus ]; + license = with licenses; [ bsd2 bsd3 gpl2Only gpl2Plus gpl3Plus ]; maintainers = with maintainers; [ primeos ]; platforms = platforms.linux; }; diff --git a/pkgs/tools/security/sirikali/default.nix b/pkgs/tools/security/sirikali/default.nix deleted file mode 100644 index 6ae689d95fd4c..0000000000000 --- a/pkgs/tools/security/sirikali/default.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ lib -, stdenv -, qtbase -, libpwquality -, hicolor-icon-theme -, fetchFromGitHub -, wrapQtAppsHook -, cmake -, pkg-config -, libgcrypt -, cryfs -, encfs -, fscrypt-experimental -, gocryptfs -, securefs -, sshfs -, libsecret -, kwallet -, withKWallet ? true -, withLibsecret ? true -}: - -stdenv.mkDerivation rec { - pname = "sirikali"; - version = "1.5.1"; - - src = fetchFromGitHub { - owner = "mhogomchungu"; - repo = "sirikali"; - rev = version; - hash = "sha256-1bY8cCMMK4Jie4+9c7eUEBrPEYDaOqFHZ5252TPSotA="; - }; - - buildInputs = [ - qtbase - libpwquality - hicolor-icon-theme - libgcrypt - cryfs - encfs - fscrypt-experimental - gocryptfs - securefs - sshfs - ] - ++ lib.optionals withKWallet [ libsecret ] - ++ lib.optionals withLibsecret [ kwallet ] - ; - - nativeBuildInputs = [ - wrapQtAppsHook - cmake - pkg-config - ]; - - qtWrapperArgs = [ - ''--prefix PATH : ${lib.makeBinPath [ - cryfs - encfs - fscrypt-experimental - gocryptfs - securefs - sshfs - ]}'' - ]; - - postPatch = '' - substituteInPlace "src/engines.cpp" --replace "/sbin/" "/run/wrappers/bin/" - ''; - - doCheck = true; - - cmakeFlags = [ - "-DINTERNAL_LXQT_WALLET=false" - "-DNOKDESUPPORT=${if withKWallet then "false" else "true"}" - "-DNOSECRETSUPPORT=${if withLibsecret then "false" else "true"}" - "-DQT5=true" - ]; - - meta = with lib; { - description = "A Qt/C++ GUI front end to sshfs, ecryptfs-simple, cryfs, gocryptfs, securefs, fscrypt and encfs"; - homepage = "https://github.com/mhogomchungu/sirikali"; - changelog = "https://github.com/mhogomchungu/sirikali/blob/${src.rev}/changelog"; - license = licenses.gpl3Only; - maintainers = with maintainers; [ linuxissuper ]; - }; -} diff --git a/pkgs/tools/security/smbmap/default.nix b/pkgs/tools/security/smbmap/default.nix index 772df0a66ef91..1e91764db6091 100644 --- a/pkgs/tools/security/smbmap/default.nix +++ b/pkgs/tools/security/smbmap/default.nix @@ -1,21 +1,24 @@ -{ lib -, fetchFromGitHub -, python3 +{ + lib, + fetchFromGitHub, + python3, }: python3.pkgs.buildPythonApplication rec { pname = "smbmap"; - version = "1.10.2"; - format = "setuptools"; + version = "1.10.4"; + pyproject = true; src = fetchFromGitHub { owner = "ShawnDEvans"; repo = "smbmap"; rev = "refs/tags/v${version}"; - hash = "sha256-6+kO2Wfz3gGABS4fGxoebCubzvFAaJIGnMPA+k1mckc="; + hash = "sha256-CU0pio+R8JI/vQi13mOmiEeWC+r4EuLwWOQYLnm4Oao="; }; - propagatedBuildInputs = with python3.pkgs; [ + build-system = with python3.pkgs; [ setuptools ]; + + dependencies = with python3.pkgs; [ impacket pyasn1 pycrypto @@ -26,16 +29,14 @@ python3.pkgs.buildPythonApplication rec { # Project has no tests doCheck = false; - pythonImportsCheck = [ - "smbmap" - ]; + pythonImportsCheck = [ "smbmap" ]; meta = with lib; { description = "SMB enumeration tool"; - mainProgram = "smbmap"; homepage = "https://github.com/ShawnDEvans/smbmap"; changelog = "https://github.com/ShawnDEvans/smbmap/releases/tag/v${version}"; license = licenses.gpl3Only; maintainers = with maintainers; [ fab ]; + mainProgram = "smbmap"; }; } diff --git a/pkgs/tools/security/snowcat/default.nix b/pkgs/tools/security/snowcat/default.nix index a08b18edd147b..0054c7a81322e 100644 --- a/pkgs/tools/security/snowcat/default.nix +++ b/pkgs/tools/security/snowcat/default.nix @@ -17,7 +17,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://github.com/praetorian-inc/snowcat"; changelog = "https://github.com/praetorian-inc/snowcat/releases/tag/v${version}"; - description = "A tool to audit the istio service mesh"; + description = "Tool to audit the istio service mesh"; mainProgram = "snowcat"; longDescription = '' Snowcat gathers and analyzes the configuration of an Istio cluster and diff --git a/pkgs/tools/security/softhsm/default.nix b/pkgs/tools/security/softhsm/default.nix index 648a4bc6515b8..e4c428b90b9aa 100644 --- a/pkgs/tools/security/softhsm/default.nix +++ b/pkgs/tools/security/softhsm/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, botan2, libobjc, Security }: +{ lib, stdenv, fetchurl, botan2, sqlite, libobjc, Security }: stdenv.mkDerivation rec { @@ -13,14 +13,15 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-crypto-backend=botan" "--with-botan=${lib.getDev botan2}" + "--with-objectstore-backend-db" "--sysconfdir=$out/etc" "--localstatedir=$out/var" - ]; + ]; propagatedBuildInputs = lib.optionals stdenv.isDarwin [ libobjc Security ]; - buildInputs = [ botan2 ]; + buildInputs = [ botan2 sqlite ]; postInstall = "rm -rf $out/var"; diff --git a/pkgs/tools/security/solo2-cli/default.nix b/pkgs/tools/security/solo2-cli/default.nix index 417afd93a99c3..a241e8780101b 100644 --- a/pkgs/tools/security/solo2-cli/default.nix +++ b/pkgs/tools/security/solo2-cli/default.nix @@ -42,7 +42,7 @@ rustPlatform.buildRustPackage rec { buildFeatures = [ "cli" ]; meta = with lib; { - description = "A CLI tool for managing SoloKeys' Solo2 USB security keys"; + description = "CLI tool for managing SoloKeys' Solo2 USB security keys"; homepage = "https://github.com/solokeys/solo2-cli"; license = with licenses; [ asl20 mit ]; # either at your option maintainers = with maintainers; [ lukegb ]; diff --git a/pkgs/tools/security/sops/default.nix b/pkgs/tools/security/sops/default.nix index 707d4b8c3131e..6ececc3613d3d 100644 --- a/pkgs/tools/security/sops/default.nix +++ b/pkgs/tools/security/sops/default.nix @@ -22,7 +22,7 @@ buildGoModule rec { description = "Simple and flexible tool for managing secrets"; changelog = "https://github.com/getsops/sops/blob/v${version}/CHANGELOG.rst"; mainProgram = "sops"; - maintainers = [ ]; + maintainers = with maintainers; [ Scrumplex mic92 ]; license = licenses.mpl20; }; } diff --git a/pkgs/tools/security/spectre-cli/default.nix b/pkgs/tools/security/spectre-cli/default.nix index f06365de90b55..923046cdad4ae 100644 --- a/pkgs/tools/security/spectre-cli/default.nix +++ b/pkgs/tools/security/spectre-cli/default.nix @@ -63,7 +63,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = "A stateless cryptographic identity algorithm"; + description = "Stateless cryptographic identity algorithm"; homepage = "https://spectre.app"; license = licenses.gpl3Plus; maintainers = with maintainers; [ emmabastas ]; diff --git a/pkgs/tools/security/spire/default.nix b/pkgs/tools/security/spire/default.nix index 9bc7e92a4cfe0..861167c15ae82 100644 --- a/pkgs/tools/security/spire/default.nix +++ b/pkgs/tools/security/spire/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "spire"; - version = "1.9.4"; + version = "1.9.6"; outputs = [ "out" "agent" "server" ]; @@ -10,10 +10,10 @@ buildGoModule rec { owner = "spiffe"; repo = pname; rev = "v${version}"; - sha256 = "sha256-QRLfxTMkoO37ieXtfEvOsS4naR8bvBS4VFOM9lY4rT0="; + sha256 = "sha256-wubrZJBPLA83VB57UVKLuh2cmyXHouwN4BVPiHFl+1s="; }; - vendorHash = "sha256-XWfo6NbADVRaMuemTrDgF2LQSpIe037z8el2CVzOJHI="; + vendorHash = "sha256-tx0zIr9rXuOvt+77Sp6dIdtN21fDX5FdnTxGpHWo7+A="; subPackages = [ "cmd/spire-agent" "cmd/spire-server" ]; @@ -28,7 +28,7 @@ buildGoModule rec { ''; meta = with lib; { - description = "The SPIFFE Runtime Environment"; + description = "SPIFFE Runtime Environment"; homepage = "https://github.com/spiffe/spire"; changelog = "https://github.com/spiffe/spire/releases/tag/v${version}"; license = licenses.asl20; diff --git a/pkgs/tools/security/ssdeep/default.nix b/pkgs/tools/security/ssdeep/default.nix index a7c937f03ee0a..68b8afdf67125 100644 --- a/pkgs/tools/security/ssdeep/default.nix +++ b/pkgs/tools/security/ssdeep/default.nix @@ -19,10 +19,10 @@ stdenv.mkDerivation rec { ''; meta = { - description = "A program for calculating fuzzy hashes"; + description = "Program for calculating fuzzy hashes"; mainProgram = "ssdeep"; homepage = "http://www.ssdeep.sf.net"; - license = lib.licenses.gpl2; + license = lib.licenses.gpl2Plus; platforms = lib.platforms.unix; maintainers = [ lib.maintainers.thoughtpolice ]; }; diff --git a/pkgs/tools/security/ssh-audit/default.nix b/pkgs/tools/security/ssh-audit/default.nix index 0551a7b10b222..ec12b6f4bde54 100644 --- a/pkgs/tools/security/ssh-audit/default.nix +++ b/pkgs/tools/security/ssh-audit/default.nix @@ -1,5 +1,6 @@ { lib , fetchFromGitHub +, installShellFiles , nixosTests , python3Packages }: @@ -8,6 +9,7 @@ python3Packages.buildPythonApplication rec { pname = "ssh-audit"; version = "3.2.0"; format = "setuptools"; + outputs = [ "out" "man" ]; src = fetchFromGitHub { owner = "jtesta"; @@ -16,6 +18,11 @@ python3Packages.buildPythonApplication rec { sha256 = "sha256-g5h0A1BJqzOZaSVUxyi7IsCcrbto4+7+HpiVjFZy50Y="; }; + nativeBuildInputs = [ installShellFiles ]; + postInstall = '' + installManPage $src/ssh-audit.1 + ''; + nativeCheckInputs = with python3Packages; [ pytestCheckHook ]; diff --git a/pkgs/tools/security/ssh-mitm/default.nix b/pkgs/tools/security/ssh-mitm/default.nix index 9d40f86354b59..745090c8e9a1b 100644 --- a/pkgs/tools/security/ssh-mitm/default.nix +++ b/pkgs/tools/security/ssh-mitm/default.nix @@ -1,18 +1,29 @@ -{ lib -, fetchFromGitHub -, python3 +{ + lib, + stdenv, + fetchFromGitHub, + fetchpatch, + installShellFiles, + python3, }: let py = python3.override { packageOverrides = self: super: { paramiko = super.paramiko.overridePythonAttrs (oldAttrs: rec { - version = "3.1.0"; + version = "3.3.1"; src = oldAttrs.src.override { inherit version; - hash = "sha256-aVD6ymgZrNMhnUrmlKI8eofuONCE9wwXJLDA27i3V2k="; + hash = "sha256-ajd3qWGshtvvN1xfW41QAUoaltD9fwVKQ7yIATSw/3c="; }; - patches = [ ]; + patches = [ + (fetchpatch { + name = "Use-pytest-s-setup_method-in-pytest-8-the-nose-method-setup-is-deprecated.patch"; + url = "https://github.com/paramiko/paramiko/pull/2349.diff"; + hash = "sha256-4CTIZ9BmzRdh+HOwxSzfM9wkUGJOnndctK5swqqsIvU="; + }) + + ]; propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ python3.pkgs.icecream ]; }); }; @@ -20,18 +31,24 @@ let in with py.pkgs; + buildPythonApplication rec { pname = "ssh-mitm"; - version = "3.0.2"; - format = "setuptools"; + version = "4.1.1"; + pyproject = true; src = fetchFromGitHub { - owner = pname; - repo = pname; + owner = "ssh-mitm"; + repo = "ssh-mitm"; rev = "refs/tags/${version}"; - hash = "sha256-koV7g6ZmrrXk60rrDP8BwrDZk3shiyJigQgNcb4BASE="; + hash = "sha256-Uf1B7oEZyNWj4TjrLvEfFdxsvsGeMLXFsSdxGLUV4ZU="; }; + build-system = [ + hatchling + hatch-requirements-txt + ]; + propagatedBuildInputs = [ argcomplete colored @@ -39,17 +56,25 @@ buildPythonApplication rec { paramiko pytz pyyaml + python-json-logger rich + tkinter setuptools sshpubkeys - ]; + wrapt + ] ++ lib.optionals stdenv.isDarwin [ setuptools ]; + # fix for darwin users + + nativeBuildInputs = [ installShellFiles ]; # Module has no tests doCheck = false; + # Install man page + postInstall = '' + installManPage man1/* + ''; - pythonImportsCheck = [ - "sshmitm" - ]; + pythonImportsCheck = [ "sshmitm" ]; meta = with lib; { description = "Tool for SSH security audits"; diff --git a/pkgs/tools/security/ssh-to-pgp/default.nix b/pkgs/tools/security/ssh-to-pgp/default.nix index 15067063d328e..c2cc76ef74b73 100644 --- a/pkgs/tools/security/ssh-to-pgp/default.nix +++ b/pkgs/tools/security/ssh-to-pgp/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "ssh-to-pgp"; - version = "1.1.2"; + version = "1.1.3"; src = fetchFromGitHub { owner = "Mic92"; repo = "ssh-to-pgp"; rev = version; - sha256 = "sha256-SoHKBuI3ROfWTI45rFdMNkHVYHa5nX1A0/ljgGpF8NY="; + sha256 = "sha256-EynI4YQ6yjhMIOSoMM7WgLwI//5moFgdhFLX82J+bSA="; }; - vendorHash = "sha256-sHvb6jRSMXIUv1D0dbTJWmETCaFr9BquNmcc8J06m/o="; + vendorHash = "sha256-ww1CDDGo2r8h0ePvU8PS2owzE1vLTz2m7Z9thsQle7s="; nativeCheckInputs = [ gnupg ]; checkPhase = '' diff --git a/pkgs/tools/security/sslscan/default.nix b/pkgs/tools/security/sslscan/default.nix index 43e2b8ace7176..ab699f8f02b77 100644 --- a/pkgs/tools/security/sslscan/default.nix +++ b/pkgs/tools/security/sslscan/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "sslscan"; - version = "2.1.3"; + version = "2.1.4"; src = fetchFromGitHub { owner = "rbsec"; repo = "sslscan"; rev = "refs/tags/${version}"; - hash = "sha256-oLlMeFVicDwr2XjCX/0cBMTXLKB8js50646uAf3tP9k="; + hash = "sha256-we55Oo9sIZ1FQn94xejlCKwlZBDMrQs/1f++blXTTUM="; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix index 72f80c3c79eac..7fb581daf3e17 100644 --- a/pkgs/tools/security/step-ca/default.nix +++ b/pkgs/tools/security/step-ca/default.nix @@ -13,16 +13,21 @@ buildGoModule rec { pname = "step-ca"; - version = "0.26.1"; + version = "0.26.2"; src = fetchFromGitHub { owner = "smallstep"; repo = "certificates"; rev = "refs/tags/v${version}"; - hash = "sha256-yej7gzhaUPbcvqbse7Hh7Im38+DUfC9UZkpjpuG8ctk="; + hash = "sha256-sLHmeF/yh74/qsoF/DrYSAbULG9Nsvd6bvUT4tSVHdQ="; }; - vendorHash = "sha256-XlfdIg8YHCeCvc7kZczUxlxUonyZSQATgsxLTMvNDk4="; + vendorHash = "sha256-TISPM6bYzS0TpmopQLBns/rQqPKLDHK1job003vpFiQ="; + + ldflags = [ + "-w" + "-X main.Version=${version}" + ]; nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ]; @@ -57,13 +62,12 @@ buildGoModule rec { passthru.tests.step-ca = nixosTests.step-ca; meta = with lib; { - description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH"; + description = "Private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH"; homepage = "https://smallstep.com/certificates/"; changelog = "https://github.com/smallstep/certificates/releases/tag/v${version}"; license = licenses.asl20; maintainers = with maintainers; [ cmcdragonkai - mohe2015 techknowlogick ]; }; diff --git a/pkgs/tools/security/step-kms-plugin/default.nix b/pkgs/tools/security/step-kms-plugin/default.nix index 95a3b85fca637..a64f86a31d1ee 100644 --- a/pkgs/tools/security/step-kms-plugin/default.nix +++ b/pkgs/tools/security/step-kms-plugin/default.nix @@ -11,16 +11,16 @@ buildGoModule rec { pname = "step-kms-plugin"; - version = "0.11.1"; + version = "0.11.3"; src = fetchFromGitHub { owner = "smallstep"; repo = pname; rev = "v${version}"; - hash = "sha256-EkLLhHXvh10tfEY6AY6o3n3JcmCXwauHsQ8VJRBpnnY="; + hash = "sha256-Gl/5AExN2/MEoR2HKpw7mDfuc/1Wj0UGSdXPzHl2JdU="; }; - vendorHash = "sha256-kwM5eNeAVtA6DaoFtBhxc7Jnfb7vVkdIGpUxVGjWwC8="; + vendorHash = "sha256-O6orQYrupJdJbx23TXCP0qWyvn6Hv2iDeRYvIgLp1NM="; proxyVendor = true; diff --git a/pkgs/tools/security/sudo-rs/default.nix b/pkgs/tools/security/sudo-rs/default.nix index a1e46c6ee7083..f4ea401e7e10e 100644 --- a/pkgs/tools/security/sudo-rs/default.nix +++ b/pkgs/tools/security/sudo-rs/default.nix @@ -70,7 +70,7 @@ rustPlatform.buildRustPackage rec { }; meta = with lib; { - description = "A memory safe implementation of sudo and su"; + description = "Memory safe implementation of sudo and su"; homepage = "https://github.com/memorysafety/sudo-rs"; changelog = "${meta.homepage}/blob/v${version}/CHANGELOG.md"; license = with licenses; [ asl20 mit ]; diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index 060dbb34f5600..948297df707b9 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -74,7 +74,7 @@ stdenv.mkDerivation (finalAttrs: { passthru.tests = { inherit (nixosTests) sudo; }; meta = with lib; { - description = "A command to run commands as root"; + description = "Command to run commands as root"; longDescription = '' Sudo (su "do") allows a system administrator to delegate @@ -86,7 +86,7 @@ stdenv.mkDerivation (finalAttrs: { # From https://www.sudo.ws/about/license/ license = with licenses; [ sudo bsd2 bsd3 zlib ]; maintainers = with maintainers; [ ]; - platforms = platforms.linux; + platforms = platforms.linux ++ platforms.freebsd; mainProgram = "sudo"; }; }) diff --git a/pkgs/tools/security/tboot/default.nix b/pkgs/tools/security/tboot/default.nix index 62f6b7823e838..e4b16cf9f290e 100644 --- a/pkgs/tools/security/tboot/default.nix +++ b/pkgs/tools/security/tboot/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { installFlags = [ "DESTDIR=$(out)" ]; meta = with lib; { - description = "A pre-kernel/VMM module that uses Intel(R) TXT to perform a measured and verified launch of an OS kernel/VMM"; + description = "Pre-kernel/VMM module that uses Intel(R) TXT to perform a measured and verified launch of an OS kernel/VMM"; homepage = "https://sourceforge.net/projects/tboot/"; changelog = "https://sourceforge.net/p/tboot/code/ci/v${version}/tree/CHANGELOG"; license = licenses.bsd3; diff --git a/pkgs/tools/security/tessen/default.nix b/pkgs/tools/security/tessen/default.nix index 944695e831dcf..961c86753d765 100644 --- a/pkgs/tools/security/tessen/default.nix +++ b/pkgs/tools/security/tessen/default.nix @@ -44,7 +44,7 @@ stdenvNoCC.mkDerivation rec { meta = with lib; { homepage = "https://sr.ht/~ayushnix/tessen"; - description = "An interactive menu to autotype and copy Pass and GoPass data"; + description = "Interactive menu to autotype and copy Pass and GoPass data"; license = licenses.gpl2Plus; platforms = platforms.linux; maintainers = with maintainers; [ monaaraj ]; diff --git a/pkgs/tools/security/thc-hydra/default.nix b/pkgs/tools/security/thc-hydra/default.nix index 7222cc81780e7..6d366fd3e80b4 100644 --- a/pkgs/tools/security/thc-hydra/default.nix +++ b/pkgs/tools/security/thc-hydra/default.nix @@ -41,7 +41,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = "A very fast network logon cracker which support many different services"; + description = "Very fast network logon cracker which support many different services"; homepage = "https://github.com/vanhauser-thc/thc-hydra"; # https://www.thc.org/ changelog = "https://github.com/vanhauser-thc/thc-hydra/raw/v${version}/CHANGES"; license = licenses.agpl3Plus; diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 2f33862fcffe8..30eb8360fe391 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -30,11 +30,11 @@ let in stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.8.11"; + version = "0.4.8.12"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "sha256-jyvfkOYzgHgSNap9YE4VlXDyg+zuZ0Zwhz2LtwUsjgc="; + sha256 = "sha256-ynzHNdmON0e1jy88wU+ATdeJ+g+zM6hNy2vXCtu4yHQ="; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/security/tor/torsocks.nix b/pkgs/tools/security/tor/torsocks.nix index ae1a42a944d32..0ad36688bd6b9 100644 --- a/pkgs/tools/security/tor/torsocks.nix +++ b/pkgs/tools/security/tor/torsocks.nix @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { description = "Wrapper to safely torify applications"; mainProgram = "torsocks"; homepage = "https://gitlab.torproject.org/tpo/core/torsocks"; - license = lib.licenses.gpl2; + license = lib.licenses.gpl2Plus; platforms = lib.platforms.unix; maintainers = with lib.maintainers; [ thoughtpolice ]; }; diff --git a/pkgs/tools/security/tpm-quote-tools/default.nix b/pkgs/tools/security/tpm-quote-tools/default.nix index 938d0a6f29467..58ff7160924c6 100644 --- a/pkgs/tools/security/tpm-quote-tools/default.nix +++ b/pkgs/tools/security/tpm-quote-tools/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = "A collection of programs that provide support for TPM based attestation using the TPM quote mechanism"; + description = "Collection of programs that provide support for TPM based attestation using the TPM quote mechanism"; longDescription = '' The TPM Quote Tools is a collection of programs that provide support for TPM based attestation using the TPM quote mechanism. The manual diff --git a/pkgs/tools/security/tpm2-tools/default.nix b/pkgs/tools/security/tpm2-tools/default.nix index b664eb6f01a3e..2e78257a13e2a 100644 --- a/pkgs/tools/security/tpm2-tools/default.nix +++ b/pkgs/tools/security/tpm2-tools/default.nix @@ -1,24 +1,16 @@ -{ stdenv, fetchurl, lib, fetchpatch +{ stdenv, fetchurl, lib , pandoc, pkg-config, makeWrapper, curl, openssl, tpm2-tss, libuuid , abrmdSupport ? true, tpm2-abrmd ? null }: stdenv.mkDerivation rec { pname = "tpm2-tools"; - version = "5.6"; + version = "5.7"; src = fetchurl { url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "sha256-Usi8uq3KCCq/5et+5JZ9LWMthLFndnXy8HG20uwizsM="; + sha256 = "sha256-OBDTa1B5JW9PL3zlUuIiE9Q7EDHBMVON+KLbw8VwmDo="; }; - patches = [ - # https://github.com/tpm2-software/tpm2-tools/pull/3271 - (fetchpatch { - url = "https://github.com/tpm2-software/tpm2-tools/commit/b98be08f6f88b0cca9e0667760c4e1e5eb417fbd.patch"; - sha256 = "sha256-2sEam9i4gwscJhLwraX2EAjVM8Dh1vmNnG3zYsOF0fc="; - }) - ]; - nativeBuildInputs = [ pandoc pkg-config makeWrapper ]; buildInputs = [ curl openssl tpm2-tss libuuid diff --git a/pkgs/tools/security/truecrack/default.nix b/pkgs/tools/security/truecrack/default.nix index 1c0648f33bcb4..06a0d7e4f6b2e 100644 --- a/pkgs/tools/security/truecrack/default.nix +++ b/pkgs/tools/security/truecrack/default.nix @@ -40,7 +40,7 @@ gccStdenv.mkDerivation rec { enableParallelBuilding = true; meta = with lib; { - description = "A brute-force password cracker for TrueCrypt volumes, optimized for Nvidia Cuda technology"; + description = "Brute-force password cracker for TrueCrypt volumes, optimized for Nvidia Cuda technology"; mainProgram = "truecrack"; homepage = "https://gitlab.com/kalilinux/packages/truecrack"; broken = cudaSupport; diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix index 4c5a536c882f4..4bbd65c09b65c 100644 --- a/pkgs/tools/security/trufflehog/default.nix +++ b/pkgs/tools/security/trufflehog/default.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "trufflehog"; - version = "3.74.0"; + version = "3.78.2"; src = fetchFromGitHub { owner = "trufflesecurity"; repo = "trufflehog"; rev = "refs/tags/v${version}"; - hash = "sha256-smG27WHWGe15Q0XIjeK4C45mEvJuYqsUf0SsaMyYGzs="; + hash = "sha256-s+8l203ntPsp54yZpEX2wz8Dt/p3rokfu6KI8LSwpko="; }; - vendorHash = "sha256-FOFrFmILeONJyKGZ7I+sWd8Di0Ni6P5/buA5QbR41A4="; + vendorHash = "sha256-0YNvqJlSF6TIGSbQrAu47G2oXPY9+2wiZbDP94oAaVA="; proxyVendor = true; diff --git a/pkgs/tools/security/uncover/default.nix b/pkgs/tools/security/uncover/default.nix index f0ee8aa23757f..7bb56ce21451e 100644 --- a/pkgs/tools/security/uncover/default.nix +++ b/pkgs/tools/security/uncover/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "uncover"; - version = "1.0.7"; + version = "1.0.8"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-CJA+rDLubghaQT+yb0zQY3y8hF0/5ISH9YFvIQHwH2Y="; + hash = "sha256-iBZwR4hEd1pmmq4WzY/kfwHmpFj/MG+xGitbIQI8K5I="; }; - vendorHash = "sha256-A7XPsl27Q5CaQXQUEvNB05B2M3mFGz/yZ4sOnOHxhw8="; + vendorHash = "sha256-cf9Itdz1hR74TVoFOsOdUcrvEuT57RZn2tgrEXU4c8E="; meta = with lib; { description = "API wrapper to search for exposed hosts"; diff --git a/pkgs/tools/security/vals/default.nix b/pkgs/tools/security/vals/default.nix index e734893d527ff..0d0d1070bbd7f 100644 --- a/pkgs/tools/security/vals/default.nix +++ b/pkgs/tools/security/vals/default.nix @@ -2,16 +2,18 @@ buildGoModule rec { pname = "vals"; - version = "0.37.0"; + version = "0.37.3"; src = fetchFromGitHub { rev = "v${version}"; owner = "helmfile"; repo = pname; - sha256 = "sha256-R/nTlB8VM41Yah+3sH/J3Y3m9KUFsIZQNQ9kFddo+Mo="; + sha256 = "sha256-RCvqoikROFpFvza24PGocdxFaOI6hZLSy3Jnag7Oz4s="; }; - vendorHash = "sha256-VKJIbsVIIEEGqo+LXfYzhIJLtcj0jbbq/UXVpykgcz8="; + vendorHash = "sha256-iKfNAQRsVUjhUmDH/HevnDnocQm4k9jEfW40+AncojM="; + + proxyVendor = true; ldflags = [ "-s" diff --git a/pkgs/tools/security/vault-medusa/default.nix b/pkgs/tools/security/vault-medusa/default.nix index cd7cf537de587..2995d4b9cd0b3 100644 --- a/pkgs/tools/security/vault-medusa/default.nix +++ b/pkgs/tools/security/vault-medusa/default.nix @@ -2,19 +2,19 @@ buildGoModule rec { pname = "vault-medusa"; - version = "0.7.0"; + version = "0.7.2"; src = fetchFromGitHub { owner = "jonasvinther"; repo = "medusa"; rev = "v${version}"; - sha256 = "sha256-8lbaXcu+o+grbFPJxZ6p/LezxDFCUvOQyX49zX4V/v0="; + sha256 = "sha256-c5ldU54SQQKnKp2xxUiHVOaCRV9ttC24sN8AUMMuWzQ="; }; - vendorHash = "sha256-/8wusZt0BQ//HCokjiSpsgsGb19FggrGrEuhCrwm9L0="; + vendorHash = "sha256-GdQiPeU5SWZlqWkyk8gU9yVTUQxJlurhY3l1xZXKeJY="; meta = with lib; { - description = "A cli tool for importing and exporting Hashicorp Vault secrets"; + description = "Cli tool for importing and exporting Hashicorp Vault secrets"; mainProgram = "medusa"; homepage = "https://github.com/jonasvinther/medusa"; license = licenses.mit; diff --git a/pkgs/tools/security/vault-ssh-plus/default.nix b/pkgs/tools/security/vault-ssh-plus/default.nix index 80cfa8674cb2b..a3a92f7c6a4c4 100644 --- a/pkgs/tools/security/vault-ssh-plus/default.nix +++ b/pkgs/tools/security/vault-ssh-plus/default.nix @@ -8,16 +8,16 @@ }: buildGoModule rec { pname = "vault-ssh-plus"; - version = "0.7.3"; + version = "0.7.4"; src = fetchFromGitHub { owner = "isometry"; repo = pname; rev = "v${version}"; - hash = "sha256-IRmFC5WsLmHfPjS/jW5V7dNF5rNvmsh3YKwW7rGII24="; + hash = "sha256-djS50SBR8HTyEd5Ya2I9w5irBrLTqzekEi5ASmkl6yk="; }; - vendorHash = "sha256-cuU7rEpJrwrbiXLajdv4h6GePbpZclweyB9qZ3SIjP0="; + vendorHash = "sha256-NndIBvW1/EZJ2KwP6HZ6wvhrgtmhTe97l3VxprtWq30="; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 4f748ca1b4251..6efce59221d89 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "vault"; - version = "1.16.1"; + version = "1.17.0"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - hash = "sha256-dafK7PkjWmLbV9fcaR+Vl1CQrpGdo8IQpaSbUwY26Uw="; + hash = "sha256-jnX3sJJIe62y5p5w7xs5IQ5xE/9aWzM02H2x/p7E9gc="; }; - vendorHash = "sha256-hWIIGQb2tZjhQ+XxaUacBgRSFFQIWj728pjKZFi0Wto="; + vendorHash = "sha256-r2tDPAPM8wPWRaArsjf5YcERyy3pwmIM4Wx2HSUdFEg="; proxyVendor = true; @@ -44,7 +44,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://www.vaultproject.io/"; - description = "A tool for managing secrets"; + description = "Tool for managing secrets"; changelog = "https://github.com/hashicorp/vault/blob/v${version}/CHANGELOG.md"; license = licenses.bsl11; mainProgram = "vault"; diff --git a/pkgs/tools/security/vault/vault-bin.nix b/pkgs/tools/security/vault/vault-bin.nix index c80f35a16cbbb..dbdd8d49f76b0 100644 --- a/pkgs/tools/security/vault/vault-bin.nix +++ b/pkgs/tools/security/vault/vault-bin.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "vault-bin"; - version = "1.16.1"; + version = "1.16.2"; src = let @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { aarch64-darwin = "darwin_arm64"; }; sha256 = selectSystem { - x86_64-linux = "sha256-s520fOri0caLMeMmNaGS3+Y9I9dcXtNtiRtwrvj1pvA="; - aarch64-linux = "sha256-12yFC3uPyqv2kQIv2KC+skXMrdU+IZir5z62JRtKBMs="; - i686-linux = "sha256-LGkRnI5rZ8j6Fm1FBKiTUJNK8dUF9154OlNEHIsT36Q="; - x86_64-darwin = "sha256-V7uLlQhsRQ36jtbIsdPfU3LvM41xDO3pj97KOlZWSYg="; - aarch64-darwin = "sha256-QGxg11DR1LbRzRE2CqyGSWvus1IXIECbtamONrqcBVc="; + x86_64-linux = "sha256-fVDHXVI4f/1d6NTgHcURDXAjCkSEwKD3+bhRyvIgfjw="; + aarch64-linux = "sha256-tfRqnroz9W7V3gCataJbm2t97OJUkVe2VyWXPqbeJaw="; + i686-linux = "sha256-l2aYuyxYAOnAOBwtkEkrpqRNWYL7qsaYJ3vMiknhFow="; + x86_64-darwin = "sha256-xX/syRtkJJjmSO36Apq+i/s4kOMMop3De276358hb0c="; + aarch64-darwin = "sha256-I1FpMRsssil0LQe5LBjpX5b7uTATRJOBzbJeLnKCd74="; }; in fetchzip { @@ -52,7 +52,7 @@ stdenv.mkDerivation rec { passthru.updateScript = ./update-bin.sh; meta = with lib; { - description = "A tool for managing secrets, this binary includes the UI"; + description = "Tool for managing secrets, this binary includes the UI"; homepage = "https://www.vaultproject.io"; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; license = licenses.bsl11; diff --git a/pkgs/tools/security/vaultwarden/webvault.nix b/pkgs/tools/security/vaultwarden/webvault.nix index 041b7ae3154a5..bb86f4cb778b3 100644 --- a/pkgs/tools/security/vaultwarden/webvault.nix +++ b/pkgs/tools/security/vaultwarden/webvault.nix @@ -8,13 +8,13 @@ }: let - version = "2024.3.1"; + version = "2024.5.1"; bw_web_builds = fetchFromGitHub { owner = "dani-garcia"; repo = "bw_web_builds"; rev = "v${version}"; - hash = "sha256-oi0H8TIQwtpzxKoQGnKaOY0bcWu7avTtrY+NgNRiq8k="; + hash = "sha256-iNSkvQn3g64pI0uY7M4S7jEiRRDAc0wlPuJevzMJ+dc="; }; in buildNpmPackage rec { @@ -25,10 +25,10 @@ in buildNpmPackage rec { owner = "bitwarden"; repo = "clients"; rev = "web-v${lib.removeSuffix "b" version}"; - hash = "sha256-JBEP4dNGL4rYKl2qNyhB2y/wZunikaGFltGVXLxgMWI="; + hash = "sha256-U/lAt2HfoHGMu6mOki/4+ljhU9FwkodvFBr5zcDO8Wk="; }; - npmDepsHash = "sha256-vNudSHIMmF7oXGz+ZymQahyHebs/CBDc6Oy1g0A5nqA="; + npmDepsHash = "sha256-ui00afmnu77CTT9gh6asc4uT7AhVIuiD60sq/1f9viA="; postPatch = '' ln -s ${bw_web_builds}/{patches,resources} .. diff --git a/pkgs/tools/security/vexctl/default.nix b/pkgs/tools/security/vexctl/default.nix index 1bb56dbb0547e..13086faf73d4c 100644 --- a/pkgs/tools/security/vexctl/default.nix +++ b/pkgs/tools/security/vexctl/default.nix @@ -62,7 +62,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://github.com/chainguard-dev/vex/"; - description = "A tool to attest VEX impact statements"; + description = "Tool to attest VEX impact statements"; mainProgram = "vexctl"; license = licenses.asl20; maintainers = with maintainers; [ jk ]; diff --git a/pkgs/tools/security/volatility3/default.nix b/pkgs/tools/security/volatility3/default.nix index 7f6307687323a..ffc0a0c932804 100644 --- a/pkgs/tools/security/volatility3/default.nix +++ b/pkgs/tools/security/volatility3/default.nix @@ -5,21 +5,21 @@ python3.pkgs.buildPythonApplication rec { pname = "volatility3"; - version = "2.5.2"; + version = "2.7.0"; pyproject = true; src = fetchFromGitHub { owner = "volatilityfoundation"; repo = "volatility3"; rev = "refs/tags/v${version}"; - hash = "sha256-tghwDDfy8TohqTn9WQvmEal3qK0OKKq7GvGnPGTble0="; + hash = "sha256-elTUAvSe91TqpsTXg08SPKaVr6iM7FKcBaVNunv+HfU="; }; - nativeBuildInputs = with python3.pkgs; [ + build-system = with python3.pkgs; [ setuptools ]; - propagatedBuildInputs = with python3.pkgs; [ + dependencies = with python3.pkgs; [ capstone jsonschema pefile diff --git a/pkgs/tools/security/wapiti/default.nix b/pkgs/tools/security/wapiti/default.nix index 13a7e55cc3ec6..1ddfbb703b967 100644 --- a/pkgs/tools/security/wapiti/default.nix +++ b/pkgs/tools/security/wapiti/default.nix @@ -1,57 +1,59 @@ -{ lib -, fetchFromGitHub -, python3 +{ + lib, + fetchFromGitHub, + python3, }: python3.pkgs.buildPythonApplication rec { pname = "wapiti"; version = "3.1.8"; - format = "pyproject"; + pyproject = true; src = fetchFromGitHub { owner = "wapiti-scanner"; - repo = pname; + repo = "wapiti"; rev = "refs/tags/${version}"; hash = "sha256-2ssbczUa4pTA5Fai+sK1hES8skJMIHxa/R2hNIiEVLs="; }; postPatch = '' - # Ignore pinned versions - sed -i -e "s/==[0-9.]*//;s/>=[0-9.]*//" pyproject.toml - # Remove code coverage checking substituteInPlace pyproject.toml \ --replace "--cov --cov-report=xml" "" ''; - nativeBuildInputs = with python3.pkgs; [ - setuptools - wheel - ]; + pythonRelaxDeps = true; + + build-system = with python3.pkgs; [ setuptools ]; - propagatedBuildInputs = with python3.pkgs; [ - aiocache - aiohttp - aiosqlite - arsenic - beautifulsoup4 - browser-cookie3 - dnspython - h11 - httpcore - httpx - httpx-ntlm - loguru - mako - markupsafe - mitmproxy - pyasn1 - six - sqlalchemy - tld - yaswfp - ] ++ httpx.optional-dependencies.brotli - ++ httpx.optional-dependencies.socks; + nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook ]; + + dependencies = + with python3.pkgs; + [ + aiocache + aiohttp + aiosqlite + arsenic + beautifulsoup4 + browser-cookie3 + dnspython + h11 + httpcore + httpx + httpx-ntlm + loguru + mako + markupsafe + mitmproxy + pyasn1 + six + sqlalchemy + tld + yaswfp + ] + ++ httpx.optional-dependencies.brotli + ++ httpx.optional-dependencies.socks; __darwinAllowLocalNetworking = true; @@ -138,9 +140,7 @@ python3.pkgs.buildPythonApplication rec { "tests/attack/test_mod_ssl.py" ]; - pythonImportsCheck = [ - "wapitiCore" - ]; + pythonImportsCheck = [ "wapitiCore" ]; meta = with lib; { description = "Web application vulnerability scanner"; @@ -154,7 +154,7 @@ python3.pkgs.buildPythonApplication rec { ''; homepage = "https://wapiti-scanner.github.io/"; changelog = "https://github.com/wapiti-scanner/wapiti/blob/${version}/doc/ChangeLog_Wapiti"; - license = with licenses; [ gpl2Only ]; + license = licenses.gpl2Only; maintainers = with maintainers; [ fab ]; }; } diff --git a/pkgs/tools/security/web-eid-app/default.nix b/pkgs/tools/security/web-eid-app/default.nix index 067963e1aaffd..e2e09ed0146b3 100644 --- a/pkgs/tools/security/web-eid-app/default.nix +++ b/pkgs/tools/security/web-eid-app/default.nix @@ -10,13 +10,13 @@ mkDerivation rec { pname = "web-eid-app"; - version = "2.4.0"; + version = "2.5.0"; src = fetchFromGitHub { owner = "web-eid"; repo = "web-eid-app"; rev = "v${version}"; - sha256 = "sha256-xWwguxs/121BFF1zhb/HxS9b1vTwQRemhPKOfHEXVZQ="; + sha256 = "sha256-CaMf7cRhZ8K6YAUG38B+ijNOKaOmaACqNabNfHZGT68="; fetchSubmodules = true; }; diff --git a/pkgs/tools/security/whatweb/default.nix b/pkgs/tools/security/whatweb/default.nix index fbe78834c8268..9adf3cde8e478 100644 --- a/pkgs/tools/security/whatweb/default.nix +++ b/pkgs/tools/security/whatweb/default.nix @@ -45,7 +45,7 @@ in stdenv.mkDerivation rec { mainProgram = "whatweb"; homepage = "https://github.com/urbanadventurer/whatweb"; license = licenses.gpl2Only; - maintainers = with maintainers; [ wolfangaukang ]; + maintainers = [ ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/wipe/default.nix b/pkgs/tools/security/wipe/default.nix index 0d9653f27918a..e41e22c3a25db 100644 --- a/pkgs/tools/security/wipe/default.nix +++ b/pkgs/tools/security/wipe/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { description = "Secure file wiping utility"; mainProgram = "wipe"; homepage = "https://wipe.sourceforge.net/"; - license = licenses.gpl2; + license = licenses.gpl2Plus; platforms = platforms.all; maintainers = [ maintainers.abbradar ]; }; diff --git a/pkgs/tools/security/witness/default.nix b/pkgs/tools/security/witness/default.nix index 0b62b31d94e17..1a24742e8a364 100644 --- a/pkgs/tools/security/witness/default.nix +++ b/pkgs/tools/security/witness/default.nix @@ -10,15 +10,15 @@ buildGoModule rec { pname = "witness"; - version = "0.3.1"; + version = "0.6.0"; src = fetchFromGitHub { owner = "in-toto"; repo = "witness"; rev = "v${version}"; - sha256 = "sha256-uv/HxPYOKxZskmlAxUS2I1sW4YsSAmIeNHjoJeR7VWs="; + sha256 = "sha256-ao9mxN5cMGopCRXUkJRTNJemizzibdw0Q+oAhKjUyHA="; }; - vendorHash = "sha256-9IkDBaDRJGWfPRN5+rYU4uH6nAsfnytDkF518rfNpyc="; + vendorHash = "sha256-pDMvtSavifWfxJqfiOef0CyT8KtU8BUjEFwReElkEeM="; nativeBuildInputs = [ installShellFiles ]; @@ -52,7 +52,7 @@ buildGoModule rec { }; meta = with lib; { - description = "A pluggable framework for software supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target"; + description = "Pluggable framework for software supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target"; longDescription = '' Witness prevents tampering of build materials and verifies the integrity of the build process from source to target. It works by wrapping commands diff --git a/pkgs/tools/security/xcrawl3r/default.nix b/pkgs/tools/security/xcrawl3r/default.nix index b714d555bafb7..c12439f49d67b 100644 --- a/pkgs/tools/security/xcrawl3r/default.nix +++ b/pkgs/tools/security/xcrawl3r/default.nix @@ -22,7 +22,7 @@ buildGoModule rec { ]; meta = with lib; { - description = "A CLI utility to recursively crawl webpages"; + description = "CLI utility to recursively crawl webpages"; homepage = "https://github.com/hueristiq/xcrawl3r"; changelog = "https://github.com/hueristiq/xcrawl3r/releases/tag/${version}"; license = licenses.mit; diff --git a/pkgs/tools/security/xsser/default.nix b/pkgs/tools/security/xsser/default.nix index c5fab523166e8..c1d93c03f7e4e 100644 --- a/pkgs/tools/security/xsser/default.nix +++ b/pkgs/tools/security/xsser/default.nix @@ -1,4 +1,4 @@ -{ lib, buildPythonApplication, fetchFromGitHub, wrapGAppsHook, gobject-introspection, gtk3, pango +{ lib, buildPythonApplication, fetchFromGitHub, wrapGAppsHook3, gobject-introspection, gtk3, pango , pillow, pycurl, beautifulsoup4, pygeoip, pygobject3, cairocffi, selenium }: buildPythonApplication rec { @@ -22,7 +22,7 @@ buildPythonApplication rec { substituteInPlace setup.py --replace /usr/share share ''; - nativeBuildInputs = [ wrapGAppsHook gobject-introspection ]; + nativeBuildInputs = [ wrapGAppsHook3 gobject-introspection ]; buildInputs = [ gtk3 diff --git a/pkgs/tools/security/yarGen/default.nix b/pkgs/tools/security/yarGen/default.nix index 12b2567f340ef..d1bc8a864721a 100644 --- a/pkgs/tools/security/yarGen/default.nix +++ b/pkgs/tools/security/yarGen/default.nix @@ -50,7 +50,7 @@ python3.pkgs.buildPythonApplication rec { ]; meta = with lib; { - description = "A generator for YARA rules"; + description = "Generator for YARA rules"; mainProgram = "yarGen.py"; homepage = "https://github.com/Neo23x0/yarGen"; license = licenses.bsd3; diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix index 36a77102eb432..44b1544ab935f 100644 --- a/pkgs/tools/security/yara/default.nix +++ b/pkgs/tools/security/yara/default.nix @@ -1,16 +1,22 @@ -{ lib, stdenv -, fetchFromGitHub -, autoreconfHook -, pcre -, pkg-config -, protobufc -, withCrypto ? true, openssl -, enableCuckoo ? true, jansson -, enableDex ? true -, enableDotNet ? true -, enableMacho ? true -, enableMagic ? true, file -, enableStatic ? false +{ + lib, + stdenv, + fetchFromGitHub, + fetchpatch, + autoreconfHook, + pcre, + pkg-config, + protobufc, + withCrypto ? true, + openssl, + enableCuckoo ? true, + jansson, + enableDex ? true, + enableDotNet ? true, + enableMacho ? true, + enableMagic ? true, + file, + enableStatic ? false, }: stdenv.mkDerivation rec { @@ -19,26 +25,32 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "VirusTotal"; - repo = pname; - rev = "v${version}"; + repo = "yara"; + rev = "refs/tags/v${version}"; hash = "sha256-AecHsUBtBleUkWuYMQ4Tx/PY8cs9j7JwqncBziJD0hA="; }; + patches = [ + (fetchpatch { + name = "LFS64.patch"; + url = "https://github.com/VirusTotal/yara/commit/833a580430abe0fbc9bc17a21fb95bf36dacf367.patch"; + hash = "sha256-EmwyDsxaNd9zfpAOu6ZB9kzg04qB7LAD7UJB3eAuKd8="; + }) + ]; + nativeBuildInputs = [ autoreconfHook pkg-config ]; - buildInputs = [ - pcre - protobufc - ] ++ lib.optionals withCrypto [ - openssl - ] ++ lib.optionals enableMagic [ - file - ] ++ lib.optionals enableCuckoo [ - jansson - ]; + buildInputs = + [ + pcre + protobufc + ] + ++ lib.optionals withCrypto [ openssl ] + ++ lib.optionals enableMagic [ file ] + ++ lib.optionals enableCuckoo [ jansson ]; preConfigure = "./bootstrap.sh"; @@ -55,10 +67,12 @@ stdenv.mkDerivation rec { doCheck = enableStatic; meta = with lib; { - description = "The pattern matching swiss knife for malware researchers"; + description = "Tool to perform pattern matching for malware-related tasks"; homepage = "http://Virustotal.github.io/yara/"; + changelog = "https://github.com/VirusTotal/yara/releases/tag/v${version}"; license = licenses.asl20; maintainers = with maintainers; [ fab ]; + mainProgram = "yara"; platforms = platforms.all; }; } diff --git a/pkgs/tools/security/yaralyzer/default.nix b/pkgs/tools/security/yaralyzer/default.nix index ddfc828741e53..47b5576e7bec8 100644 --- a/pkgs/tools/security/yaralyzer/default.nix +++ b/pkgs/tools/security/yaralyzer/default.nix @@ -3,31 +3,16 @@ , fetchFromGitHub }: -let - python = python3.override { - packageOverrides = self: super: { - yara-python = super.yara-python.overridePythonAttrs (oldAttrs: rec { - version = "4.2.3"; - src = fetchFromGitHub { - owner = "VirusTotal"; - repo = "yara-python"; - rev = "v${version}"; - hash = "sha256-spUQuezQMqaG1hboM0/Gs7siCM6x0b40O+sV7qGGBng="; - }; - }); - }; - }; -in -python.pkgs.buildPythonApplication rec { +python3.pkgs.buildPythonApplication rec { pname = "yaralyzer"; - version = "0.9.3"; + version = "0.9.4"; pyproject = true; src = fetchFromGitHub { owner = "michelcrypt4d4mus"; repo = "yaralyzer"; rev = "refs/tags/v${version}"; - hash = "sha256-KGQNonzAZp8c0a3Rjb1WfsEkx5srgRzZfGR3gfNEdzY="; + hash = "sha256-rDb09XJOGWNARR0hhQQ91KXWepsLyR2a6/o3jagh6nA="; }; pythonRelaxDeps = [ @@ -35,12 +20,12 @@ python.pkgs.buildPythonApplication rec { "rich" ]; - nativeBuildInputs = with python.pkgs; [ + build-system = with python3.pkgs; [ poetry-core pythonRelaxDepsHook ]; - propagatedBuildInputs = with python.pkgs; [ + dependencies = with python3.pkgs; [ chardet python-dotenv rich @@ -52,12 +37,12 @@ python.pkgs.buildPythonApplication rec { "yaralyzer" ]; - meta = with lib; { + meta = { description = "Tool to visually inspect and force decode YARA and regex matches"; homepage = "https://github.com/michelcrypt4d4mus/yaralyzer"; - changelog = "https://github.com/michelcrypt4d4mus/yaralyzer/blob/${version}/CHANGELOG.md"; - license = licenses.gpl3Only; - maintainers = with maintainers; [ fab ]; + changelog = "https://github.com/michelcrypt4d4mus/yaralyzer/blob/v${version}/CHANGELOG.md"; + license = lib.licenses.gpl3Plus; + maintainers = with lib.maintainers; [ fab ]; mainProgram = "yaralyze"; }; } diff --git a/pkgs/tools/security/yersinia/default.nix b/pkgs/tools/security/yersinia/default.nix index ae2ca9babff2c..cc17452a96924 100644 --- a/pkgs/tools/security/yersinia/default.nix +++ b/pkgs/tools/security/yersinia/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, autoreconfHook, pkg-config, fetchpatch +{ stdenv, lib, fetchFromGitHub, autoreconfHook, pkg-config , ncurses, libpcap, libnet # alpha version of GTK interface , withGtk ? false, gtk2 @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { makeFlags = [ "LDFLAGS=-lncurses" ]; meta = with lib; { - description = "A framework for layer 2 attacks"; + description = "Framework for layer 2 attacks"; mainProgram = "yersinia"; homepage = "https://github.com/tomac/yersinia"; license = licenses.gpl2Plus; diff --git a/pkgs/tools/security/yubikey-agent/default.nix b/pkgs/tools/security/yubikey-agent/default.nix index 24cd2d7642678..f43e83e575e79 100644 --- a/pkgs/tools/security/yubikey-agent/default.nix +++ b/pkgs/tools/security/yubikey-agent/default.nix @@ -36,7 +36,7 @@ buildGoModule rec { ''; meta = with lib; { - description = "A seamless ssh-agent for YubiKeys"; + description = "Seamless ssh-agent for YubiKeys"; mainProgram = "yubikey-agent"; license = licenses.bsd3; homepage = "https://filippo.io/yubikey-agent"; diff --git a/pkgs/tools/security/yubikey-touch-detector/default.nix b/pkgs/tools/security/yubikey-touch-detector/default.nix index 36822b6728e60..1cb16d1ca712c 100644 --- a/pkgs/tools/security/yubikey-touch-detector/default.nix +++ b/pkgs/tools/security/yubikey-touch-detector/default.nix @@ -1,4 +1,4 @@ -{ lib, libnotify, gpgme, buildGoModule, fetchFromGitHub, fetchurl, pkg-config }: +{ lib, libnotify, gpgme, buildGoModule, fetchFromGitHub, pkg-config }: buildGoModule rec { pname = "yubikey-touch-detector"; @@ -30,7 +30,7 @@ buildGoModule rec { ''; meta = with lib; { - description = "A tool to detect when your YubiKey is waiting for a touch"; + description = "Tool to detect when your YubiKey is waiting for a touch"; homepage = "https://github.com/maximbaz/yubikey-touch-detector"; maintainers = with maintainers; [ sumnerevans ]; license = with licenses; [ bsd2 isc ]; diff --git a/pkgs/tools/security/zeekscript/default.nix b/pkgs/tools/security/zeekscript/default.nix index eb7d097c5d744..7c652476e79a8 100644 --- a/pkgs/tools/security/zeekscript/default.nix +++ b/pkgs/tools/security/zeekscript/default.nix @@ -31,7 +31,7 @@ python3.pkgs.buildPythonApplication rec { ]; meta = with lib; { - description = "A Zeek script formatter and analyzer"; + description = "Zeek script formatter and analyzer"; homepage = "https://github.com/zeek/zeekscript"; changelog = "https://github.com/zeek/zeekscript/blob/v${version}/CHANGES"; license = licenses.bsd3; diff --git a/pkgs/tools/security/zmap/default.nix b/pkgs/tools/security/zmap/default.nix index de1bc354cf62b..16e58028f3e10 100644 --- a/pkgs/tools/security/zmap/default.nix +++ b/pkgs/tools/security/zmap/default.nix @@ -1,22 +1,22 @@ { lib, stdenv, fetchFromGitHub, cmake, pkg-config, libjson, json_c, gengetopt, flex, byacc, gmp -, libpcap, libunistring +, libpcap, libunistring, judy }: stdenv.mkDerivation rec { pname = "zmap"; - version = "3.0.0"; + version = "4.1.1"; src = fetchFromGitHub { owner = "zmap"; repo = pname; rev = "v${version}"; - sha256 = "sha256-OJZKcnsuBi3z/AI05RMBitgn01bhVTqx2jFYJLuIJk4="; + sha256 = "sha256-ftdjIBAAe+3qUEHoNMAOCmzy+PWD4neIMWvFXFi2JFo="; }; cmakeFlags = [ "-DRESPECT_INSTALL_PREFIX_CONFIG=ON" ]; nativeBuildInputs = [ cmake pkg-config gengetopt flex byacc ]; - buildInputs = [ libjson json_c gmp libpcap libunistring ]; + buildInputs = [ libjson json_c gmp libpcap libunistring judy ]; outputs = [ "out" "man" ]; |