about summary refs log tree commit diff
path: root/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r--pkgs/tools/security/amber/default.nix6
-rw-r--r--pkgs/tools/security/ghidra/build.nix141
-rw-r--r--pkgs/tools/security/notary/default.nix66
-rw-r--r--pkgs/tools/security/notary/no-git-usage.patch15
-rw-r--r--pkgs/tools/security/onlykey-agent/default.nix2
-rw-r--r--pkgs/tools/security/spire/default.nix2
-rw-r--r--pkgs/tools/security/uncover/default.nix6
-rw-r--r--pkgs/tools/security/vals/default.nix6
8 files changed, 97 insertions, 147 deletions
diff --git a/pkgs/tools/security/amber/default.nix b/pkgs/tools/security/amber/default.nix
index 2b64480c4a00a..5cb96596564ce 100644
--- a/pkgs/tools/security/amber/default.nix
+++ b/pkgs/tools/security/amber/default.nix
@@ -3,16 +3,16 @@
 rustPlatform.buildRustPackage rec {
   # Renaming it to amber-secret because another package named amber exists
   pname = "amber-secret";
-  version = "0.1.5";
+  version = "0.1.6";
 
   src = fetchFromGitHub {
     owner = "fpco";
     repo = "amber";
     rev = "v${version}";
-    sha256 = "sha256-11dqfOi/DdfFrFTeboPyFkixXG+fCJ2jpHM55qsQ1jw=";
+    sha256 = "sha256-FoERgkyFCZ1nU01LXpzrqz9eJ9a16L/t+9g8jsABHK4=";
   };
 
-  cargoHash = "sha256-u0vceIurenYnKfF3gWNw304hX4vVFoszZD7AMwffOmc=";
+  cargoHash = "sha256-Joy+SO1zR78Eh5eK2bxyT0l3hCuLX/J3u/UvN+++6vg=";
 
   buildInputs = lib.optionals stdenv.isDarwin [ Security ];
 
diff --git a/pkgs/tools/security/ghidra/build.nix b/pkgs/tools/security/ghidra/build.nix
index ba23647c9c2db..2a3bb65f8a79b 100644
--- a/pkgs/tools/security/ghidra/build.nix
+++ b/pkgs/tools/security/ghidra/build.nix
@@ -1,25 +1,27 @@
-{ stdenv
-, fetchFromGitHub
-, lib
-, callPackage
-, gradle_7
-, perl
-, makeBinaryWrapper
-, openjdk17
-, unzip
-, makeDesktopItem
-, copyDesktopItems
-, desktopToDarwinBundle
-, icoutils
-, xcbuild
-, protobuf
-, ghidra-extensions
+{
+  stdenv,
+  fetchFromGitHub,
+  lib,
+  callPackage,
+  gradle_7,
+  perl,
+  makeBinaryWrapper,
+  openjdk17,
+  unzip,
+  makeDesktopItem,
+  copyDesktopItems,
+  desktopToDarwinBundle,
+  xcbuild,
+  protobuf,
+  ghidra-extensions,
+  python3,
+  python3Packages,
 }:
 
 let
   pkg_path = "$out/lib/ghidra";
   pname = "ghidra";
-  version = "11.0.3";
+  version = "11.1.1";
 
   releaseName = "NIX";
   distroPrefix = "ghidra_${version}_${releaseName}";
@@ -27,7 +29,7 @@ let
     owner = "NationalSecurityAgency";
     repo = "Ghidra";
     rev = "Ghidra_${version}_build";
-    hash = "sha256-IiLxaJvfJcK275FDZEsUCGp7haJjp8O2fUIoM4F9H30=";
+    hash = "sha256-t96FcAK3JwO66dOf4OhpOfU8CQfAczfF61Cg7m+B3fA=";
     # populate values that require us to use git. By doing this in postFetch we
     # can delete .git afterwards and maintain better reproducibility of the src.
     leaveDotGit = true;
@@ -76,26 +78,26 @@ let
 
   # Adds a gradle step that downloads all the dependencies to the gradle cache.
   addResolveStep = ''
-    cat >>build.gradle <<HERE
-task resolveDependencies {
-  doLast {
-    project.rootProject.allprojects.each { subProject ->
-      subProject.buildscript.configurations.each { configuration ->
-        resolveConfiguration(subProject, configuration, "buildscript config \''${configuration.name}")
+        cat >>build.gradle <<HERE
+    task resolveDependencies {
+      doLast {
+        project.rootProject.allprojects.each { subProject ->
+          subProject.buildscript.configurations.each { configuration ->
+            resolveConfiguration(subProject, configuration, "buildscript config \''${configuration.name}")
+          }
+          subProject.configurations.each { configuration ->
+            resolveConfiguration(subProject, configuration, "config \''${configuration.name}")
+          }
+        }
       }
-      subProject.configurations.each { configuration ->
-        resolveConfiguration(subProject, configuration, "config \''${configuration.name}")
+    }
+    void resolveConfiguration(subProject, configuration, name) {
+      if (configuration.canBeResolved) {
+        logger.info("Resolving project {} {}", subProject.name, name)
+        configuration.resolve()
       }
     }
-  }
-}
-void resolveConfiguration(subProject, configuration, name) {
-  if (configuration.canBeResolved) {
-    logger.info("Resolving project {} {}", subProject.name, name)
-    configuration.resolve()
-  }
-}
-HERE
+    HERE
   '';
 
   # fake build to pre-download deps into fixed-output derivation
@@ -106,7 +108,10 @@ HERE
 
     postPatch = addResolveStep;
 
-    nativeBuildInputs = [ gradle perl ] ++ lib.optional stdenv.isDarwin xcbuild;
+    nativeBuildInputs = [
+      gradle
+      perl
+    ] ++ lib.optional stdenv.isDarwin xcbuild;
     buildPhase = ''
       runHook preBuild
       export HOME="$NIX_BUILD_TOP/home"
@@ -132,11 +137,23 @@ HERE
     '';
     outputHashAlgo = "sha256";
     outputHashMode = "recursive";
-    outputHash = "sha256-nKfJiGoZlDEpbCmYVKNZXz2PYIosCd4nPFdy3MfprHc=";
+    outputHash = "sha256-66gL4UFlBUo2JIEOXoF6tFvXtBdEX4b2MeSrV1b6Vg4=";
   };
-
-in stdenv.mkDerivation (finalAttrs: {
-  inherit pname version src patches postPatch;
+in
+stdenv.mkDerivation (finalAttrs: {
+  inherit
+    pname
+    version
+    src
+    patches
+    postPatch
+    ;
+
+  # Don't create .orig files if the patch isn't an exact match.
+  patchFlags = [
+    "--no-backup-if-mismatch"
+    "-p1"
+  ];
 
   desktopItems = [
     (makeDesktopItem {
@@ -150,16 +167,20 @@ in stdenv.mkDerivation (finalAttrs: {
     })
   ];
 
-  nativeBuildInputs = [
-    gradle
-    unzip
-    makeBinaryWrapper
-    copyDesktopItems
-    protobuf
-  ] ++ lib.optionals stdenv.isDarwin [
-    xcbuild
-    desktopToDarwinBundle
-  ];
+  nativeBuildInputs =
+    [
+      gradle
+      unzip
+      makeBinaryWrapper
+      copyDesktopItems
+      protobuf
+      python3
+      python3Packages.pip
+    ]
+    ++ lib.optionals stdenv.isDarwin [
+      xcbuild
+      desktopToDarwinBundle
+    ];
 
   dontStrip = true;
 
@@ -211,7 +232,10 @@ in stdenv.mkDerivation (finalAttrs: {
 
   passthru = {
     inherit releaseName distroPrefix;
-    inherit (ghidra-extensions.override { ghidra = finalAttrs.finalPackage; }) buildGhidraExtension buildGhidraScripts;
+    inherit (ghidra-extensions.override { ghidra = finalAttrs.finalPackage; })
+      buildGhidraExtension
+      buildGhidraScripts
+      ;
 
     withExtensions = callPackage ./with-extensions.nix { ghidra = finalAttrs.finalPackage; };
   };
@@ -221,14 +245,21 @@ in stdenv.mkDerivation (finalAttrs: {
     description = "Software reverse engineering (SRE) suite of tools";
     mainProgram = "ghidra";
     homepage = "https://ghidra-sre.org/";
-    platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+    platforms = [
+      "x86_64-linux"
+      "aarch64-linux"
+      "x86_64-darwin"
+      "aarch64-darwin"
+    ];
     sourceProvenance = with sourceTypes; [
       fromSource
-      binaryBytecode  # deps
+      binaryBytecode # deps
     ];
     license = licenses.asl20;
-    maintainers = with maintainers; [ roblabla vringar ];
+    maintainers = with maintainers; [
+      roblabla
+      vringar
+    ];
     broken = stdenv.isDarwin && stdenv.isx86_64;
   };
-
 })
diff --git a/pkgs/tools/security/notary/default.nix b/pkgs/tools/security/notary/default.nix
deleted file mode 100644
index be147369ffe29..0000000000000
--- a/pkgs/tools/security/notary/default.nix
+++ /dev/null
@@ -1,66 +0,0 @@
-{ lib, fetchFromGitHub, buildGoPackage, libtool }:
-
-buildGoPackage rec {
-  pname = "notary";
-  version = "0.6.1";
-  gitcommit = "d6e1431f";
-
-  src = fetchFromGitHub {
-    owner = "theupdateframework";
-    repo = "notary";
-    rev = "v${version}";
-    sha256 = "1ak9dk6vjny5069hp3w36dbjawcnaq82l3i2qvf7mn7zfglbsnf9";
-  };
-
-  patches = [ ./no-git-usage.patch ];
-
-  buildInputs = [ libtool ];
-  buildPhase = ''
-    runHook preBuild
-    cd go/src/github.com/theupdateframework/notary
-    SKIPENVCHECK=1 make client GITCOMMIT=${gitcommit}
-    runHook postBuild
-  '';
-
-  goPackagePath = "github.com/theupdateframework/notary";
-
-  installPhase = ''
-    runHook preInstall
-    install -D bin/notary $out/bin/notary
-    runHook postInstall
-  '';
-
-  #doCheck = true; # broken by tzdata: 2018g -> 2019a
-  checkPhase = ''
-    make test PKGS=github.com/theupdateframework/notary/cmd/notary
-  '';
-
-  meta = with lib; {
-    description = "Project that allows anyone to have trust over arbitrary collections of data";
-    mainProgram = "notary";
-    longDescription = ''
-      The Notary project comprises a server and a client for running and
-      interacting with trusted collections. See the service architecture
-      documentation for more information.
-
-      Notary aims to make the internet more secure by making it easy for people
-      to publish and verify content. We often rely on TLS to secure our
-      communications with a web server which is inherently flawed, as any
-      compromise of the server enables malicious content to be substituted for
-      the legitimate content.
-
-      With Notary, publishers can sign their content offline using keys kept
-      highly secure. Once the publisher is ready to make the content available,
-      they can push their signed trusted collection to a Notary Server.
-
-      Consumers, having acquired the publisher's public key through a secure
-      channel, can then communicate with any notary server or (insecure) mirror,
-      relying only on the publisher's key to determine the validity and
-      integrity of the received content.
-    '';
-    license = licenses.asl20;
-    homepage = "https://github.com/theupdateframework/notary";
-    maintainers = with maintainers; [ vdemeester ];
-    platforms = platforms.unix;
-  };
-}
diff --git a/pkgs/tools/security/notary/no-git-usage.patch b/pkgs/tools/security/notary/no-git-usage.patch
deleted file mode 100644
index 363eefe36921d..0000000000000
--- a/pkgs/tools/security/notary/no-git-usage.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff --git a/Makefile b/Makefile
-index ab794165..0cbd047f 100644
---- a/Makefile
-+++ b/Makefile
-@@ -5,8 +5,8 @@ PREFIX?=$(shell pwd)
- # Add to compile time flags
- NOTARY_PKG := github.com/theupdateframework/notary
- NOTARY_VERSION := $(shell cat NOTARY_VERSION)
--GITCOMMIT := $(shell git rev-parse --short HEAD)
--GITUNTRACKEDCHANGES := $(shell git status --porcelain --untracked-files=no)
-+GITCOMMIT ?= $(shell git rev-parse --short HEAD)
-+GITUNTRACKEDCHANGES :=
- ifneq ($(GITUNTRACKEDCHANGES),)
- GITCOMMIT := $(GITCOMMIT)-dirty
- endif
diff --git a/pkgs/tools/security/onlykey-agent/default.nix b/pkgs/tools/security/onlykey-agent/default.nix
index c88e1d2b064d9..36a1cb2847596 100644
--- a/pkgs/tools/security/onlykey-agent/default.nix
+++ b/pkgs/tools/security/onlykey-agent/default.nix
@@ -52,7 +52,7 @@ python3Packages.buildPythonApplication rec {
     sha256 = "sha256-SbGb7CjcD7cFPvASZtip56B4uxRiFKZBvbsf6sb8fds=";
   };
 
-  propagatedBuildInputs = with python3Packages; [ lib-agent onlykey-cli ];
+  propagatedBuildInputs = with python3Packages; [ lib-agent onlykey-cli setuptools ];
 
   # move the python library into the sitePackages.
   postInstall = ''
diff --git a/pkgs/tools/security/spire/default.nix b/pkgs/tools/security/spire/default.nix
index 861167c15ae82..82e4d3624d1e6 100644
--- a/pkgs/tools/security/spire/default.nix
+++ b/pkgs/tools/security/spire/default.nix
@@ -32,6 +32,6 @@ buildGoModule rec {
     homepage = "https://github.com/spiffe/spire";
     changelog = "https://github.com/spiffe/spire/releases/tag/v${version}";
     license = licenses.asl20;
-    maintainers = with maintainers; [ jonringer fkautz ];
+    maintainers = with maintainers; [ fkautz ];
   };
 }
diff --git a/pkgs/tools/security/uncover/default.nix b/pkgs/tools/security/uncover/default.nix
index 7bb56ce21451e..70dd968456ad2 100644
--- a/pkgs/tools/security/uncover/default.nix
+++ b/pkgs/tools/security/uncover/default.nix
@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "uncover";
-  version = "1.0.8";
+  version = "1.0.9";
 
   src = fetchFromGitHub {
     owner = "projectdiscovery";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-iBZwR4hEd1pmmq4WzY/kfwHmpFj/MG+xGitbIQI8K5I=";
+    hash = "sha256-avGbawIeh7ZUtacRLo/tLz4D6U7JAlu9BXDYu/xvoa0=";
   };
 
-  vendorHash = "sha256-cf9Itdz1hR74TVoFOsOdUcrvEuT57RZn2tgrEXU4c8E=";
+  vendorHash = "sha256-93iXho+WCQyhw9DoLgo9ZKiPrd88D2ibgp1M9uP7bUU=";
 
   meta = with lib; {
     description = "API wrapper to search for exposed hosts";
diff --git a/pkgs/tools/security/vals/default.nix b/pkgs/tools/security/vals/default.nix
index ff7f8246ef060..0d0d1070bbd7f 100644
--- a/pkgs/tools/security/vals/default.nix
+++ b/pkgs/tools/security/vals/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "vals";
-  version = "0.37.2";
+  version = "0.37.3";
 
   src = fetchFromGitHub {
     rev = "v${version}";
     owner = "helmfile";
     repo = pname;
-    sha256 = "sha256-L0T0Lu5UP/KG2jdJfw5lM6/FagZUpMLGNWyf4tktzmQ=";
+    sha256 = "sha256-RCvqoikROFpFvza24PGocdxFaOI6hZLSy3Jnag7Oz4s=";
   };
 
-  vendorHash = "sha256-7ethl7BL6JBzIbyvpUE2TdvvPWs/CUvJQhjH2P5UCTY=";
+  vendorHash = "sha256-iKfNAQRsVUjhUmDH/HevnDnocQm4k9jEfW40+AncojM=";
 
   proxyVendor = true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 05:49:19 +0000