diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-03-07 18:01:12 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-07 18:01:12 +0000 |
commit | 2fa8dd529ab62044054c3a8fd7fa1b3d693d4fdc (patch) | |
tree | a280f4072f3dffde82305a02a785a2aacbc02399 /pkgs/tools/security | |
parent | 8e0133027705207b242fa673ab6a811a5868cbd3 (diff) | |
parent | 056a71c7912bd911cb17945e1ffba8a4dfc9dac0 (diff) | |
download | nixpkgs-2fa8dd529ab62044054c3a8fd7fa1b3d693d4fdc.tar nixpkgs-2fa8dd529ab62044054c3a8fd7fa1b3d693d4fdc.tar.gz nixpkgs-2fa8dd529ab62044054c3a8fd7fa1b3d693d4fdc.tar.bz2 nixpkgs-2fa8dd529ab62044054c3a8fd7fa1b3d693d4fdc.tar.lz nixpkgs-2fa8dd529ab62044054c3a8fd7fa1b3d693d4fdc.tar.xz nixpkgs-2fa8dd529ab62044054c3a8fd7fa1b3d693d4fdc.tar.zst nixpkgs-2fa8dd529ab62044054c3a8fd7fa1b3d693d4fdc.zip |
Merge master into staging-next
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/cdk-go/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/tor/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/tor/update.nix | 23 | ||||
-rw-r--r-- | pkgs/tools/security/vault/default.nix | 6 |
4 files changed, 20 insertions, 19 deletions
diff --git a/pkgs/tools/security/cdk-go/default.nix b/pkgs/tools/security/cdk-go/default.nix index 14f7e05140e..317f6092718 100644 --- a/pkgs/tools/security/cdk-go/default.nix +++ b/pkgs/tools/security/cdk-go/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "cdk-go"; - version = "1.0.4"; + version = "1.0.5"; src = fetchFromGitHub { owner = "cdk-team"; repo = "CDK"; rev = "v${version}"; - sha256 = "1zz9jaz5nlvs52nqlaisivrnz7lz8g48qii0n2s1783a5jpkk9ml"; + sha256 = "sha256-Ngv+/b9D27ERwjNIC3s3ZBPkV10G+tT8QW8YMOgb8aA="; }; - vendorSha256 = "0sn709mbhfymwwfdqc5xpdz2lgimqx3xycfmq24vbfmlh8wqcs7l"; + vendorSha256 = "sha256-9Q7f3keMUEI2cWal2dvp4b8kvTZVM1Cf4iTvH9yCyX0="; # At least one test is outdated doCheck = false; diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 76bfee42196..571b4e7f4da 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -30,11 +30,11 @@ let in stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.6.9"; + version = "0.4.6.10"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "1ad99k4wysxrnlaprv7brxr2nc0h5zdnrh0rma10pqlck2037sf7"; + sha256 = "lMzWDgTlWPM75zAyvITqJBZg+S9Yz7iHib2miTc54xw="; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/security/tor/update.nix b/pkgs/tools/security/tor/update.nix index c944883d417..50353ce32a6 100644 --- a/pkgs/tools/security/tor/update.nix +++ b/pkgs/tools/security/tor/update.nix @@ -15,14 +15,11 @@ with lib; let downloadPageUrl = "https://dist.torproject.org"; - # See https://www.torproject.org/docs/signing-keys.html + # See https://support.torproject.org/little-t-tor/#fetching-the-tor-developers-key signingKeys = [ - # Roger Dingledine - "B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5" - "F65C E37F 04BA 5B36 0AE6 EE17 C218 5258 19F7 8451" - # Nick Mathewson - "2133 BC60 0AB1 33E1 D826 D173 FE43 009C 4607 B1FB" - "B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5" + "514102454D0A87DB0767A1EBBE6A0531C18A9179" # Alexander Færøy + "B74417EDDF22AC9F9E90F49142E86A2A11F48D36" # David Goulet + "2133BC600AB133E1D826D173FE43009C4607B1FB" # Nick Mathewson ]; in @@ -52,20 +49,24 @@ srcName=''${srcBase/.tar.gz/} srcVers=(''${srcName//-/ }) version=''${srcVers[1]} -sigUrl=$srcUrl.asc +checksumUrl=$srcUrl.sha256sum +checksumFile=''${checksumUrl##*/} + +sigUrl=$checksumUrl.asc sigFile=''${sigUrl##*/} # upstream does not support byte ranges ... [[ -e "$srcFile" ]] || curl -L -o "$srcFile" -- "$srcUrl" +[[ -e "$checksumFile" ]] || curl -L -o "$checksumFile" -- "$checksumUrl" [[ -e "$sigFile" ]] || curl -L -o "$sigFile" -- "$sigUrl" export GNUPGHOME=$PWD/gnupg mkdir -m 700 -p "$GNUPGHOME" gpg --batch --recv-keys ${concatStringsSep " " (map (x: "'${x}'") signingKeys)} -gpg --batch --verify "$sigFile" "$srcFile" +gpg --batch --verify "$sigFile" "$checksumFile" -sha256=$(nix-hash --type sha256 --flat --base32 "$srcFile") +sha256sum -c "$checksumFile" -update-source-version tor "$version" "$sha256" +update-source-version tor "$version" "$(cut -d ' ' "$checksumFile")" '' diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 6f1de7b45a9..458e2a53389 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "vault"; - version = "1.9.3"; + version = "1.9.4"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "sha256-2pysQsJynuedqX9Yi4BjTnWuJZ5XTq11UEgkSh7eZyw="; + sha256 = "sha256-zqtRM2p+RrLrXzDCMtHJZNx/dKWyFqM+3V5eICwWvWs="; }; - vendorSha256 = "sha256-LNN0u48B6xGjrUasxGF+4sw1HxiR22hj8H2/mSyh1SI="; + vendorSha256 = "sha256-EiQ6XmGrw1O2Zd8TM7HSr3sQUd1naQYKbYLKB/vWdXU="; subPackages = [ "." ]; |