From 448302d8e99a05560c2f1ca4857a1dddb8a2d00d Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Sun, 9 Dec 2018 18:43:46 -0500 Subject: b2sum: Disable for aarch64-linux --- pkgs/tools/security/b2sum/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'pkgs/tools/security') diff --git a/pkgs/tools/security/b2sum/default.nix b/pkgs/tools/security/b2sum/default.nix index 1679b7fddd072..f9d2855e739fc 100644 --- a/pkgs/tools/security/b2sum/default.nix +++ b/pkgs/tools/security/b2sum/default.nix @@ -23,6 +23,7 @@ stdenv.mkDerivation rec { homepage = "https://blake2.net"; license = with licenses; [ asl20 cc0 openssl ]; maintainers = with maintainers; [ kirelagin ]; - platforms = platforms.all; + # "This code requires at least SSE2." + platforms = with platforms; [ "x86_64-linux" "i686-linux" ] ++ darwin; }; } -- cgit 1.4.1 From ca0c253a8066d32518e015e1befa27879fffcde0 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Thu, 20 Dec 2018 16:41:00 +0100 Subject: monkeysphere: Patch OpenSSH to run the tests in the sandbox --- pkgs/tools/security/monkeysphere/default.nix | 32 ++++++++++++++++------ .../monkeysphere/openssh-nixos-sandbox.patch | 17 ++++++++++++ 2 files changed, 40 insertions(+), 9 deletions(-) create mode 100644 pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch (limited to 'pkgs/tools/security') diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix index b1c36871fe6b9..46be3b98c5503 100644 --- a/pkgs/tools/security/monkeysphere/default.nix +++ b/pkgs/tools/security/monkeysphere/default.nix @@ -2,13 +2,23 @@ , perl, libassuan, libgcrypt , perlPackages, lockfileProgs, gnupg, coreutils # For the tests: -, bash, openssh, which, socat, cpio, hexdump +, bash, openssh, which, socat, cpio, hexdump, openssl }: -stdenv.mkDerivation rec { +let + # A patch is needed to run the tests inside the Nix sandbox: + # /etc/passwd: "nixbld:x:1000:100:Nix build user:/build:/noshell" + # sshd: "User nixbld not allowed because shell /noshell does not exist" + opensshUnsafe = openssh.overrideAttrs (oldAttrs: { + patches = oldAttrs.patches ++ [ ./openssh-nixos-sandbox.patch ]; + }); +in stdenv.mkDerivation rec { name = "monkeysphere-${version}"; version = "0.42"; + # The patched OpenSSH binary MUST NOT be used (except in the check phase): + disallowedRequisites = [ opensshUnsafe ]; + src = fetchurl { url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz"; sha256 = "1haqgjxm8v2xnhc652lx79p2cqggb9gxgaf19w9l9akar2qmdjf1"; @@ -23,7 +33,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ makeWrapper ]; buildInputs = [ perl libassuan libgcrypt ] ++ stdenv.lib.optional doCheck - ([ gnupg openssh which socat cpio hexdump lockfileProgs ] ++ + ([ gnupg opensshUnsafe which socat cpio hexdump lockfileProgs ] ++ (with perlPackages; [ CryptOpenSSLRSA CryptOpenSSLBignum ])); makeFlags = '' @@ -31,15 +41,19 @@ stdenv.mkDerivation rec { DESTDIR=$(out) ''; - # The tests "drain" entropy (GnuPG still uses /dev/random) and they don't run - # inside of the sandbox, because nixbld isn't allowed to login via SSH - # (/etc/passwd: "nixbld:x:1000:100:Nix build user:/build:/noshell", - # sshd: "User nixbld not allowed because shell /noshell does not exist"). + # The tests should be run (and succeed) when making changes to this package + # but they aren't enabled by default because they "drain" entropy (GnuPG + # still uses /dev/random). doCheck = false; - preCheck = '' + preCheck = stdenv.lib.optionalString doCheck '' patchShebangs tests/ patchShebangs src/ - sed -i "s,/usr/sbin/sshd,${openssh}/bin/sshd," tests/basic + sed -i \ + -e "s,/usr/sbin/sshd,${opensshUnsafe}/bin/sshd," \ + -e "s,/bin/true,${coreutils}/bin/true," \ + -e "s,/bin/false,${coreutils}/bin/false," \ + -e "s,openssl\ req,${openssl}/bin/openssl req," \ + tests/basic sed -i "s/<(hd/<(hexdump/" tests/keytrans ''; diff --git a/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch b/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch new file mode 100644 index 0000000000000..2a9a1fc8dfa94 --- /dev/null +++ b/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch @@ -0,0 +1,17 @@ +diff --git a/auth.c b/auth.c +index d2a8cd65..811a129f 100644 +--- a/auth.c ++++ b/auth.c +@@ -580,6 +580,12 @@ getpwnamallow(const char *user) + #endif + + pw = getpwnam(user); ++ if (pw != NULL) { ++ // This is only for testing purposes, ++ // DO NOT USE THIS PATCH IN PRODUCTION! ++ char *shell = "/bin/sh"; ++ pw->pw_shell = shell; ++ } + + #if defined(_AIX) && defined(HAVE_SETAUTHDB) + aix_restoreauthdb(); -- cgit 1.4.1 From 76e7572a1f1c2ccd4840d16af45528789b4d1ee6 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 22 Dec 2018 02:09:02 -0800 Subject: vault: 1.0.0 -> 1.0.1 (#52664) Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/vault/versions --- pkgs/tools/security/vault/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/tools/security') diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index ac79fc8d464cc..4d646cfd332f7 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "vault-${version}"; - version = "1.0.0"; + version = "1.0.1"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "0wqqf9mif6icfl888w2izvml7vqs4hkd5hrq4dhzcyig5w1bp0if"; + sha256 = "17gyl8hb72gwb3vy7nrp3cj9lrj0zgb8xja0bgwqpv511hg1qwwf"; }; nativeBuildInputs = [ go gox removeReferencesTo ]; -- cgit 1.4.1 From 35b6b892f72e939755ef90d18daa33b7aae51449 Mon Sep 17 00:00:00 2001 From: Justin Humm Date: Sun, 23 Dec 2018 22:39:08 +0100 Subject: Revert "neopg: 0.0.4 -> 0.0.5" This broke the build, as the bump introduced test failures. Revert to a working version. This reverts commit 031737126c72c2cdc117dcc42472a8475f835bb8. --- pkgs/tools/security/neopg/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/tools/security') diff --git a/pkgs/tools/security/neopg/default.nix b/pkgs/tools/security/neopg/default.nix index 7cb442bdf6273..cf5f760cda47e 100644 --- a/pkgs/tools/security/neopg/default.nix +++ b/pkgs/tools/security/neopg/default.nix @@ -12,13 +12,13 @@ stdenv.mkDerivation rec { name = "neopg-${version}"; - version = "0.0.5"; + version = "0.0.4"; src = fetchFromGitHub { owner = "das-labor"; repo = "neopg"; rev = "v${version}"; - sha256 = "1ky3pwg6w8kyaa9iksfx6rryva87mbj1h3yi2mrzp2h7jhrfffpp"; + sha256 = "0hhkl326ff6f76k8pwggpzmivbm13fz497nlyy6ybn5bmi9xfblm"; fetchSubmodules = true; }; -- cgit 1.4.1