diff options
author | Alyssa Ross <hi@alyssa.is> | 2023-09-27 18:40:33 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-09-27 18:40:41 +0000 |
commit | 030c5028b07afcedce7c5956015c629486cc79d9 (patch) | |
tree | 4c3cb9c6cff0e30919a97fc0c1d3203446696f4e /pkgs/tools/security | |
parent | 4b852f7ef3cb92277f212ba7dc168da1073e65cc (diff) | |
parent | 04c0744afbab2369baf4f134c544db3f24164d80 (diff) | |
download | nixpkgs-030c5028b07afcedce7c5956015c629486cc79d9.tar nixpkgs-030c5028b07afcedce7c5956015c629486cc79d9.tar.gz nixpkgs-030c5028b07afcedce7c5956015c629486cc79d9.tar.bz2 nixpkgs-030c5028b07afcedce7c5956015c629486cc79d9.tar.lz nixpkgs-030c5028b07afcedce7c5956015c629486cc79d9.tar.xz nixpkgs-030c5028b07afcedce7c5956015c629486cc79d9.tar.zst nixpkgs-030c5028b07afcedce7c5956015c629486cc79d9.zip |
Rebase onto c1a53897ad4290a1cbfa02fbe6f3869577b93744
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Diffstat (limited to 'pkgs/tools/security')
43 files changed, 167 insertions, 152 deletions
diff --git a/pkgs/tools/security/aflplusplus/default.nix b/pkgs/tools/security/aflplusplus/default.nix index a63f80c68ad..bbadd0d9e5d 100644 --- a/pkgs/tools/security/aflplusplus/default.nix +++ b/pkgs/tools/security/aflplusplus/default.nix @@ -19,13 +19,13 @@ let libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; - version = "4.06c"; + version = "4.08c"; src = fetchFromGitHub { owner = "AFLplusplus"; repo = "AFLplusplus"; - rev = version; - sha256 = "sha256-Gb1nYDBnwLS+m8e1UD0WLIrnp8KRgliGQVvQD22JXrQ="; + rev = "v${version}"; + sha256 = "sha256-r1elJlvGuVrMFLECYCfMsZVEJcCPYRdkljMbF4uRHQY="; }; enableParallelBuilding = true; diff --git a/pkgs/tools/security/aflplusplus/qemu.nix b/pkgs/tools/security/aflplusplus/qemu.nix index 89e537766dd..f412b8e4049 100644 --- a/pkgs/tools/security/aflplusplus/qemu.nix +++ b/pkgs/tools/security/aflplusplus/qemu.nix @@ -24,8 +24,8 @@ stdenv.mkDerivation { src = fetchFromGitHub { owner = "AFLplusplus"; repo = "qemuafl"; - rev = "0569eff8a12dec73642b96757f6b5b51a618a03a"; - sha256 = "sha256-nYWHyRfOH2p9znRxjxsiyw11uZuMBiuJfEc7FHM5X7M="; + rev = "a1321713c7502c152dd7527555e0f8a800d55225"; + sha256 = "sha256-HLlOHqT2vrHjHyu4n83IzVzKv9ErinephLLev1E10nM="; fetchSubmodules = true; }; diff --git a/pkgs/tools/security/agebox/default.nix b/pkgs/tools/security/agebox/default.nix index 9e0c7c48e59..ea50c8779b3 100644 --- a/pkgs/tools/security/agebox/default.nix +++ b/pkgs/tools/security/agebox/default.nix @@ -8,12 +8,14 @@ buildGoModule rec { owner = "slok"; repo = pname; rev = "v${version}"; - sha256 = "1gi6lj3dpckhsx6hdpdnr8rclqgfkbdmkzx966nlxyi52bjfzbsv"; + hash = "sha256-W6/v5BIl+k6tMan/Wdua7mHKMsq23QZN13Cy24akJr4="; }; - vendorSha256 = "1jwzx6hp04y8hfpwfvf9zmhqjj3ghvr3gmgnllpcff1lai78vdrw"; + + vendorHash = "sha256-PLeNTlQ0OMcupfbVN/KGb0iJYf3Jbcevg8gTcKHpn8s="; ldflags = [ - "-s" "-w" + "-s" + "-w" "-X main.Version=${version}" ]; diff --git a/pkgs/tools/security/asnmap/default.nix b/pkgs/tools/security/asnmap/default.nix index 2295d183ea8..b2c58136d9a 100644 --- a/pkgs/tools/security/asnmap/default.nix +++ b/pkgs/tools/security/asnmap/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "asnmap"; - version = "1.0.4"; + version = "1.0.5"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-J5Dn5eDzwj+ApwQ3ibTsMbwCobRAb1Cli+hbf74I9VQ="; + hash = "sha256-JdbKFc374U/MjRiLUbVOqb7qeFYpvMevUdis7GDZz3Y="; }; - vendorHash = "sha256-0vU7YWZKiqi3WsjSTNvtUiskIczADgfRRC7rwCx8ho4="; + vendorHash = "sha256-3/R8dhaJnoAsJgD4pqZ7etTXDFZnhW9sbUrnGp4md5o="; # Tests require network access doCheck = false; diff --git a/pkgs/tools/security/b3sum/default.nix b/pkgs/tools/security/b3sum/default.nix index c7634b790ef..858226fb569 100644 --- a/pkgs/tools/security/b3sum/default.nix +++ b/pkgs/tools/security/b3sum/default.nix @@ -2,14 +2,14 @@ rustPlatform.buildRustPackage rec { pname = "b3sum"; - version = "1.4.1"; + version = "1.5.0"; src = fetchCrate { inherit version pname; - sha256 = "sha256-cVl0thk+ENZEhTRvFvtAnHIWM8LzKDKEVSVyI22fh2I="; + sha256 = "sha256-yjMuXL0eW+6mm26LgIjD22WyTjb+KMjKRI68mpGGAZA="; }; - cargoHash = "sha256-v175TKlCZ9Vdd1L2IHv2YX406ZkxRXJmZFKBIMab2gg="; + cargoHash = "sha256-Ka+5RKRSVQYoLFXE1bEc6fGFQcbrFTVgi6yAoGIDdUI="; meta = { description = "BLAKE3 cryptographic hash function"; diff --git a/pkgs/tools/security/beyond-identity/default.nix b/pkgs/tools/security/beyond-identity/default.nix index 46ed84078c2..31b3439f0e8 100644 --- a/pkgs/tools/security/beyond-identity/default.nix +++ b/pkgs/tools/security/beyond-identity/default.nix @@ -22,7 +22,7 @@ let src = fetchurl { url = "https://packages.beyondidentity.com/public/linux-authenticator/deb/ubuntu/pool/focal/main/b/be/${pname}_${version}/${pname}_${version}_amd64.deb"; - sha512 = "sha512-JrHLf7KkJVbJLxx54OTvOSaIzY3+hjX+bpkeBHKX23YriCJssUUvEP6vlbI4r6gjMMFMhW92k0iikAgD1Tr4ug=="; + hash = "sha512-JrHLf7KkJVbJLxx54OTvOSaIzY3+hjX+bpkeBHKX23YriCJssUUvEP6vlbI4r6gjMMFMhW92k0iikAgD1Tr4ug=="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/bitwarden/cli.nix b/pkgs/tools/security/bitwarden/cli.nix index 22cfca24971..6e4ebb9d098 100644 --- a/pkgs/tools/security/bitwarden/cli.nix +++ b/pkgs/tools/security/bitwarden/cli.nix @@ -12,16 +12,16 @@ let buildNpmPackage' = buildNpmPackage.override { nodejs = nodejs_18; }; in buildNpmPackage' rec { pname = "bitwarden-cli"; - version = "2023.8.2"; + version = "2023.9.0"; src = fetchFromGitHub { owner = "bitwarden"; repo = "clients"; rev = "cli-v${version}"; - hash = "sha256-v9ql01dwWf9kBxw75n9svQousrnbUi8NY1wkJx06teg="; + hash = "sha256-s9jj1qmh4aCvtVY85U4AU7pcc8ABu9essFYqwf64dns="; }; - npmDepsHash = "sha256-RvkauNvt6MZxWMssEtaCjXP1z/3NsReywUgCefV/jjM="; + npmDepsHash = "sha256-0q3XoC87kfC2PYMsNse4DV8M8OXjckiLTdN3LK06lZY="; nativeBuildInputs = [ python3 diff --git a/pkgs/tools/security/bitwarden/default.nix b/pkgs/tools/security/bitwarden/default.nix index fae9848f482..41ce0d7e5e8 100644 --- a/pkgs/tools/security/bitwarden/default.nix +++ b/pkgs/tools/security/bitwarden/default.nix @@ -1,6 +1,7 @@ { lib , applyPatches , buildNpmPackage +, cargo , dbus , electron_24 , fetchFromGitHub @@ -12,11 +13,12 @@ , makeDesktopItem , makeWrapper , moreutils +, napi-rs-cli , nodejs_18 , pkg-config , python3 +, rustc , rustPlatform -, wrapGAppsHook }: let @@ -26,56 +28,6 @@ let buildNpmPackage' = buildNpmPackage.override { nodejs = nodejs_18; }; electron = electron_24; - version = "2023.8.3"; - src = applyPatches { - src = fetchFromGitHub { - owner = "bitwarden"; - repo = "clients"; - rev = "desktop-v${version}"; - hash = "sha256-ZsAc9tC087Em/VzgaVm5fU+JnI4gIsSAphxicdJWztU="; - }; - - patches = [ ]; - }; - - desktop-native = rustPlatform.buildRustPackage { - pname = "bitwarden-desktop-native"; - inherit src version; - sourceRoot = "${src.name}/apps/desktop/desktop_native"; - cargoHash = "sha256-iBZvdBfuZtcoSgyU4B58ARIBplqUuT5bRev9qnk9LpE="; - - nativeBuildInputs = [ - pkg-config - wrapGAppsHook - ]; - - buildInputs = [ - glib - gtk3 - libsecret - ]; - - nativeCheckInputs = [ - dbus - (gnome.gnome-keyring.override { useWrappedDaemon = false; }) - ]; - - checkFlags = [ - "--skip=password::password::tests::test" - ]; - - checkPhase = '' - runHook preCheck - - export HOME=$(mktemp -d) - export -f cargoCheckHook runHook _eval _callImplicitHook - dbus-run-session \ - --config-file=${dbus}/share/dbus-1/session.conf \ - -- bash -e -c cargoCheckHook - runHook postCheck - ''; - }; - desktopItem = makeDesktopItem { name = "bitwarden"; exec = "bitwarden %U"; @@ -84,26 +36,48 @@ let desktopName = "Bitwarden"; categories = [ "Utility" ]; }; - -in - -buildNpmPackage' { +in buildNpmPackage' rec { pname = "bitwarden"; - inherit src version; + version = "2023.9.0"; + + src = fetchFromGitHub { + owner = "bitwarden"; + repo = "clients"; + rev = "desktop-v${version}"; + hash = "sha256-8rNJmDpKLzTre5c2wktle7tthp1owZK5WAQP80/2R0g="; + }; makeCacheWritable = true; - npmBuildFlags = [ - "--workspace apps/desktop" - ]; - npmDepsHash = "sha256-ARq6iYOkL9CMyAX37g8+Wf+UQsH7hU1jCq/52I1qS9A="; + npmWorkspace = "apps/desktop"; + npmDepsHash = "sha256-0q3XoC87kfC2PYMsNse4DV8M8OXjckiLTdN3LK06lZY="; + + cargoDeps = rustPlatform.fetchCargoTarball { + name = "${pname}-${version}"; + inherit src; + sourceRoot = "${src.name}/${cargoRoot}"; + hash = "sha256-YF3UHQWCSuWAg2frE8bo1XrLn44P6+1A7YUh4RZxwo0="; + }; + cargoRoot = "apps/desktop/desktop_native"; - ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; + env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; nativeBuildInputs = [ + cargo jq makeWrapper moreutils + napi-rs-cli + pkg-config python3 + rustc + rustPlatform.cargoCheckHook + rustPlatform.cargoSetupHook + ]; + + buildInputs = [ + glib + gtk3 + libsecret ]; preBuild = '' @@ -111,15 +85,14 @@ buildNpmPackage' { echo 'ERROR: electron version mismatch' exit 1 fi - - jq 'del(.scripts.postinstall)' apps/desktop/package.json | sponge apps/desktop/package.json - jq '.scripts.build = ""' apps/desktop/desktop_native/package.json | sponge apps/desktop/desktop_native/package.json - cp ${desktop-native}/lib/libdesktop_native.so apps/desktop/desktop_native/desktop_native.linux-x64-musl.node ''; postBuild = '' pushd apps/desktop + # desktop_native/index.js loads a file of that name regarldess of the libc being used + mv desktop_native/desktop_native.* desktop_native/desktop_native.linux-x64-musl.node + npm exec electron-builder -- \ --dir \ -c.electronDist=${electron}/libexec/electron \ @@ -128,6 +101,32 @@ buildNpmPackage' { popd ''; + doCheck = true; + + nativeCheckInputs = [ + dbus + (gnome.gnome-keyring.override { useWrappedDaemon = false; }) + ]; + + checkFlags = [ + "--skip=password::password::tests::test" + ]; + + checkPhase = '' + runHook preCheck + + pushd ${cargoRoot} + export HOME=$(mktemp -d) + export -f cargoCheckHook runHook _eval _callImplicitHook + export cargoCheckType=release + dbus-run-session \ + --config-file=${dbus}/share/dbus-1/session.conf \ + -- bash -e -c cargoCheckHook + popd + + runHook postCheck + ''; + installPhase = '' mkdir $out @@ -154,11 +153,12 @@ buildNpmPackage' { popd ''; - meta = with lib; { + meta = { + changelog = "https://github.com/bitwarden/clients/releases/tag/${src.rev}"; inherit description; homepage = "https://bitwarden.com"; license = lib.licenses.gpl3; - maintainers = with maintainers; [ amarshall kiwi ]; + maintainers = with lib.maintainers; [ amarshall kiwi ]; platforms = [ "x86_64-linux" ]; }; } diff --git a/pkgs/tools/security/cloudbrute/default.nix b/pkgs/tools/security/cloudbrute/default.nix index 84a59ec495f..677c1402150 100644 --- a/pkgs/tools/security/cloudbrute/default.nix +++ b/pkgs/tools/security/cloudbrute/default.nix @@ -11,10 +11,10 @@ buildGoModule rec { owner = "0xsha"; repo = "CloudBrute"; rev = "v${version}"; - sha256 = "05b9klddk8wvi78j47jyg9pix6qpxyr01l1m7k1j7598siazfv9g"; + hash = "sha256-L233VdQolSPDPDXQALLvF5seb3peHiLRiZuj2RqdaRU="; }; - vendorSha256 = "0f3n0wrmg9d2qyn8hlnhf9lsfqd9443myzr04p48v68m8n83j6a9"; + vendorHash = "sha256-SRk5kEUVmY3IJSB/XwchqWGnaXLQUoisx6KlVzMHdjg="; meta = with lib; { description = "Cloud enumeration tool"; diff --git a/pkgs/tools/security/deepsea/default.nix b/pkgs/tools/security/deepsea/default.nix index 0befd62e221..2f0a9f175f3 100644 --- a/pkgs/tools/security/deepsea/default.nix +++ b/pkgs/tools/security/deepsea/default.nix @@ -14,7 +14,7 @@ buildGoModule rec { sha256 = "02s03sha8vwp7dsaw3z446pskhb6wmy0hyj0mhpbx58sf147rkig"; }; - vendorSha256 = null; #vendorSha256 = ""; + vendorHash = null; meta = with lib; { description = "Phishing tool for red teams and pentesters"; diff --git a/pkgs/tools/security/der-ascii/default.nix b/pkgs/tools/security/der-ascii/default.nix index 2bfcc9c3709..5fc3b179b3a 100644 --- a/pkgs/tools/security/der-ascii/default.nix +++ b/pkgs/tools/security/der-ascii/default.nix @@ -10,7 +10,7 @@ buildGoModule rec { rev = "v${version}"; sha256 = "1my93m1rx08kn2yms6k8w43byr8k61r1nra4b082j8b393wwxkqc"; }; - vendorSha256 = null; + vendorHash = null; ldflags = [ "-s" "-w" ]; diff --git a/pkgs/tools/security/dnsx/default.nix b/pkgs/tools/security/dnsx/default.nix index bdc84d802bf..e3ff230c1e6 100644 --- a/pkgs/tools/security/dnsx/default.nix +++ b/pkgs/tools/security/dnsx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "dnsx"; - version = "1.1.4"; + version = "1.1.5"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "dnsx"; rev = "refs/tags/v${version}"; - hash = "sha256-FNPAsslKmsLrUtiw+GlXLppsEk/VB02jkZLmrB8zZOI="; + hash = "sha256-hO6m4WsoK50tLBr7I9ui7HE3rxKpOES8IOugi04yeQo="; }; - vendorHash = "sha256-QXmy+Ph0lKguAoIWfc41z7XH7jXGc601DD6v292Hzj0="; + vendorHash = "sha256-c3HHfcWppAUfKjePsB+/CvxJWjp5zV6TJvsm3yKH4cw="; # Tests require network access doCheck = false; diff --git a/pkgs/tools/security/dorkscout/default.nix b/pkgs/tools/security/dorkscout/default.nix index 27cc5a0d4e1..e5b5057c608 100644 --- a/pkgs/tools/security/dorkscout/default.nix +++ b/pkgs/tools/security/dorkscout/default.nix @@ -11,10 +11,10 @@ buildGoModule rec { owner = "R4yGM"; repo = pname; rev = version; - sha256 = "0h2m458jxdm3xg0h2vb8yq1jc28jqwinv1pdqypdsbvsz48s0hxz"; + hash = "sha256-v0OgEfl6L92ux+2GbSPHEgkmA/ZobQHB66O2LlEhVUA="; }; - vendorSha256 = "05vn9hd5r8cy45b3ixjch17v38p08k8di8gclq0i9rkz9bvy1nph"; + vendorHash = "sha256-8Nrg90p/5hQBpuyh2NBE4KKxT4BM9jhWIZ6hXBpMdhc="; meta = with lib; { description = "Tool to automate the work with Google dorks"; diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix index c80c92ffbf4..f0ddb1c0c2a 100644 --- a/pkgs/tools/security/duo-unix/default.nix +++ b/pkgs/tools/security/duo-unix/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "duo-unix"; - version = "2.0.1"; + version = "2.0.2"; src = fetchurl { url = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz"; - sha256 = "sha256-Oi8SPfPaGS3ITgRONt60PLy3B9QICeDDyIsP+iBpQmk="; + sha256 = "sha256-7huWd71SdnTe1ef8OoHgQKjYQKVpE8k/oNT7bA+OJR0="; }; buildInputs = [ pam openssl zlib ]; diff --git a/pkgs/tools/security/gitjacker/default.nix b/pkgs/tools/security/gitjacker/default.nix index 05bdb2b1733..c233032d935 100644 --- a/pkgs/tools/security/gitjacker/default.nix +++ b/pkgs/tools/security/gitjacker/default.nix @@ -16,7 +16,7 @@ buildGoModule rec { sha256 = "sha256-rEn9FpcRfEt2yGepIPEAO9m8JeVb+nMhYMBWhC/barc="; }; - vendorSha256 = null; + vendorHash = null; propagatedBuildInputs = [ git ]; diff --git a/pkgs/tools/security/gopass/default.nix b/pkgs/tools/security/gopass/default.nix index 93b4ff4119b..92c0992c86e 100644 --- a/pkgs/tools/security/gopass/default.nix +++ b/pkgs/tools/security/gopass/default.nix @@ -13,7 +13,7 @@ buildGoModule rec { pname = "gopass"; - version = "1.15.7"; + version = "1.15.8"; nativeBuildInputs = [ installShellFiles makeWrapper ]; @@ -21,10 +21,10 @@ buildGoModule rec { owner = "gopasspw"; repo = "gopass"; rev = "v${version}"; - hash = "sha256-Q3EX5giteIsH5+fXb7n2qpd9kBjaZZ/A5VuCljc72C8="; + hash = "sha256-l8Ce0ioMnSlet+PMrQCMvyH3IvmQaE1MQSJR9myyLB8="; }; - vendorHash = "sha256-crnr5qXlYrhNT3nLlA7U13CaYAmAqcV+MBs/hee9ixU="; + vendorHash = "sha256-xyQTlbTPAC2iG8XQ4oEHBXjfXauwuBhaTbsew23nlVw="; subPackages = [ "." ]; @@ -62,7 +62,7 @@ buildGoModule rec { homepage = "https://www.gopass.pw/"; license = licenses.mit; maintainers = with maintainers; [ rvolosatovs sikmir ]; - changelog = "https://github.com/gopasspw/gopass/raw/v${version}/CHANGELOG.md"; + changelog = "https://github.com/gopasspw/gopass/blob/v${version}/CHANGELOG.md"; longDescription = '' gopass is a rewrite of the pass password manager in Go with the aim of @@ -73,5 +73,6 @@ buildGoModule rec { users. We go by the UNIX philosophy and try to do one thing and do it well, providing a stellar user experience and a sane, simple interface. ''; + mainProgram = "gopass"; }; } diff --git a/pkgs/tools/security/gopass/git-credential.nix b/pkgs/tools/security/gopass/git-credential.nix index 87c1367022f..aac7deb19d5 100644 --- a/pkgs/tools/security/gopass/git-credential.nix +++ b/pkgs/tools/security/gopass/git-credential.nix @@ -37,5 +37,6 @@ buildGoModule rec { changelog = "https://github.com/gopasspw/git-credential-gopass/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ benneti ]; + mainProgram = "git-credential-gopass"; }; } diff --git a/pkgs/tools/security/gopass/hibp.nix b/pkgs/tools/security/gopass/hibp.nix index 1486f8476f2..590b183194e 100644 --- a/pkgs/tools/security/gopass/hibp.nix +++ b/pkgs/tools/security/gopass/hibp.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gopass-hibp"; - version = "1.15.7"; + version = "1.15.8"; src = fetchFromGitHub { owner = "gopasspw"; repo = "gopass-hibp"; rev = "v${version}"; - hash = "sha256-525e2LXQ/Ldrqhxqndwpdo2HeS4xRkbPzfwvWeiEayE="; + hash = "sha256-dNzvC+ubkZPHx40bVwFT2R7TMrPdeD5oJz0lAd0vtw0="; }; - vendorHash = "sha256-jfqxl21euOtOvt+RltVlSjca2o8VuLtWHgpnW4ve5JM="; + vendorHash = "sha256-zaB8xrzqk3moR/ScXdHtqIgA9lZqWFzLWi4NAqbs0XU="; subPackages = [ "." ]; @@ -37,5 +37,6 @@ buildGoModule rec { changelog = "https://github.com/gopasspw/gopass-hibp/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ sikmir ]; + mainProgram = "gopass-hibp"; }; } diff --git a/pkgs/tools/security/gopass/jsonapi.nix b/pkgs/tools/security/gopass/jsonapi.nix index f7c0cd0ebdf..b00b4bf0147 100644 --- a/pkgs/tools/security/gopass/jsonapi.nix +++ b/pkgs/tools/security/gopass/jsonapi.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "gopass-jsonapi"; - version = "1.15.7"; + version = "1.15.8"; src = fetchFromGitHub { owner = "gopasspw"; repo = "gopass-jsonapi"; rev = "v${version}"; - hash = "sha256-lwY5uc6eKqXO8FbvzlrpQY0y5AEcV0RQFvvnE+At6z0="; + hash = "sha256-CL9PcztiFCCy1T7w0v2SzLmwkA6z8aPUx65ye5AJDr4="; }; - vendorHash = "sha256-BKwgP22l4t4jaAHHh+ZD/2nroCtAp/A6DqHt+9HZzKw="; + vendorHash = "sha256-Czlp3MyxRGcIV5uFZzF8t0JrucLzPzxyCUCtjICjPM0="; subPackages = [ "." ]; @@ -38,5 +38,6 @@ buildGoModule rec { changelog = "https://github.com/gopasspw/gopass-jsonapi/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ maxhbr ]; + mainProgram = "gopass-jsonapi"; }; } diff --git a/pkgs/tools/security/gopass/summon.nix b/pkgs/tools/security/gopass/summon.nix index eb264b752d0..848cff91a65 100644 --- a/pkgs/tools/security/gopass/summon.nix +++ b/pkgs/tools/security/gopass/summon.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gopass-summon-provider"; - version = "1.15.7"; + version = "1.15.8"; src = fetchFromGitHub { owner = "gopasspw"; repo = "gopass-summon-provider"; rev = "v${version}"; - hash = "sha256-JoSNWgwTnFQbnrwGIk6L5SwQeNg0RfLMULceqFF/XnA="; + hash = "sha256-7Oj/1h1468zz6r3+Cv5IaIFbkrs0dPteY0SRsOZ8UXI="; }; - vendorHash = "sha256-gb9AZBh5oUAiuCXbsvkmYxcHRNd9KLYq35nMd4iabKw="; + vendorHash = "sha256-IXY8w5TLXA3SIT2Jyjqt+pPtZ35zQnG0wY08OB1spDw="; subPackages = [ "." ]; @@ -37,5 +37,6 @@ buildGoModule rec { changelog = "https://github.com/gopasspw/gopass-summon-provider/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ sikmir ]; + mainProgram = "gopass-summon-provider"; }; } diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix index 3c89a5c0d46..1dd9ed7f8a6 100644 --- a/pkgs/tools/security/grype/default.nix +++ b/pkgs/tools/security/grype/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "grype"; - version = "0.68.0"; + version = "0.69.0"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-im7dEKkWs63AUxLa659ceKremmubK7eM2rSskEEKiww="; + hash = "sha256-70xtemOFrQ4aaEy2iq9Nqp7n8kgwPYAwssPOS+5Qlfg="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -28,7 +28,7 @@ buildGoModule rec { proxyVendor = true; - vendorHash = "sha256-r/1UlU0DU5gSX1aW7Jdk7BR6+rt/4/88eYp5ycLI9Wk="; + vendorHash = "sha256-//zS7i9pxtU1cgWTACWoJ38GVLqVM36LGeggjosL07A="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/tools/security/hologram/default.nix b/pkgs/tools/security/hologram/default.nix index 1a7e45c8024..86bc4293747 100644 --- a/pkgs/tools/security/hologram/default.nix +++ b/pkgs/tools/security/hologram/default.nix @@ -24,7 +24,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://github.com/AdRoll/hologram/"; description = "Easy, painless AWS credentials on developer laptops"; - maintainers = with maintainers; [ aaronjheng ]; + maintainers = with maintainers; [ ]; license = licenses.asl20; }; } diff --git a/pkgs/tools/security/kiterunner/default.nix b/pkgs/tools/security/kiterunner/default.nix index a455c17d717..5f73ba05590 100644 --- a/pkgs/tools/security/kiterunner/default.nix +++ b/pkgs/tools/security/kiterunner/default.nix @@ -11,10 +11,10 @@ buildGoModule rec { owner = "assetnote"; repo = pname; rev = "v${version}"; - sha256 = "084jywgqjj2hpaprdcb9a7i8hihphnfil0sx3wrlvjpa8sk0z1mw"; + hash = "sha256-vIYPpkbqyk0zH10DGp2FF0aI4lFpsZavulBIiR/3kiA="; }; - vendorSha256 = "1nczzzsnh38qi949ki5268y39ggkwncanc1pv7727qpwllzl62vy"; + vendorHash = "sha256-fgtDP6X84iPO2Tcwq5jl8700PDKixJlIihgNaPX/n9k="; ldflags = [ "-s" "-w" "-X github.com/assetnote/kiterunner/cmd/kiterunner/cmd.Version=${version}" diff --git a/pkgs/tools/security/kubeclarity/default.nix b/pkgs/tools/security/kubeclarity/default.nix index 709a4c52bcc..2f026b62f6e 100644 --- a/pkgs/tools/security/kubeclarity/default.nix +++ b/pkgs/tools/security/kubeclarity/default.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "kubeclarity"; - version = "2.19.0"; + version = "2.21.0"; src = fetchFromGitHub { owner = "openclarity"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-ua9BmQh5NacxmcgiwnaJ8avjuR6ZrG3ilx11dF+tDWs="; + hash = "sha256-aTbad1w/8ywBbZKA0PIbY18K1fUikXZ8VLFKsX7JI6g="; }; - vendorHash = "sha256-XXjKkq5bFf8iFhBLJ3xYHuNWctP3Qo5Gqo/gfZQF/n8="; + vendorHash = "sha256-rpP+3x/+e5PxyRL+IR2k3OEOSkm5341oScqRm+EdFUI="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/tools/security/log4j-sniffer/default.nix b/pkgs/tools/security/log4j-sniffer/default.nix index 72cf2fb851b..dec7ce35866 100644 --- a/pkgs/tools/security/log4j-sniffer/default.nix +++ b/pkgs/tools/security/log4j-sniffer/default.nix @@ -15,7 +15,7 @@ buildGoModule rec { sha256 = "sha256-pO6difzNvQvKQtRLyksXmExtQHlnnwyF3iNEmSBgUmU="; }; - vendorSha256 = null; + vendorHash = null; nativeCheckInputs = [ git diff --git a/pkgs/tools/security/log4j-vuln-scanner/default.nix b/pkgs/tools/security/log4j-vuln-scanner/default.nix index a33848b5d48..57e884d37fe 100644 --- a/pkgs/tools/security/log4j-vuln-scanner/default.nix +++ b/pkgs/tools/security/log4j-vuln-scanner/default.nix @@ -14,7 +14,7 @@ buildGoModule rec { sha256 = "sha256-YMD2233EdrrF1SLjwiRcNr53b7Rf5Tu8CZC43QhSY7c="; }; - vendorSha256 = null; + vendorHash = null; postInstall = '' mv $out/bin/scanner $out/bin/$pname diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile index 4aba63848b5..a341df29ae7 100644 --- a/pkgs/tools/security/metasploit/Gemfile +++ b/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.34" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.35" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index c8405ee07c6..d83d4461f1a 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: 1396546689a7d63bf8ab3a831647784843b5065f - ref: refs/tags/6.3.34 + revision: 26857f6f23bbec8d6f1a0b7deaf921a8021a66cd + ref: refs/tags/6.3.35 specs: - metasploit-framework (6.3.34) + metasploit-framework (6.3.35) actionpack (~> 7.0) activerecord (~> 7.0) activesupport (~> 7.0) diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index b4d90b84e73..f489b5650ab 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.3.34"; + version = "6.3.35"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-DXG9OFY0KzH2MhI3lF/0vaFcvqugazpybFpxDehIyYg="; + sha256 = "sha256-gnDIIvk4ASilSnFdMRxZ2em+zRnbBu4iUsTnTKn9YTA="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix index 314836e93c6..d5dc00772aa 100644 --- a/pkgs/tools/security/metasploit/gemset.nix +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -654,12 +654,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "1396546689a7d63bf8ab3a831647784843b5065f"; - sha256 = "126993l0swasdir3lsx0mfz5r8dxyigr8dqj6bv32arlaqwbsw8d"; + rev = "26857f6f23bbec8d6f1a0b7deaf921a8021a66cd"; + sha256 = "0c31znllrry4a8ifw1nv376vxsfrb4f32pbi9ajjh09qz4ichw42"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.3.34"; + version = "6.3.35"; }; metasploit-model = { groups = ["default"]; diff --git a/pkgs/tools/security/minica/default.nix b/pkgs/tools/security/minica/default.nix index 902961e049f..6dd6d1fd5ce 100644 --- a/pkgs/tools/security/minica/default.nix +++ b/pkgs/tools/security/minica/default.nix @@ -14,7 +14,7 @@ buildGoModule rec { sha256 = "sha256-3p6rUFFiWXhX9BBbxqWxRoyRceexvNnqcFCyNi5HoaA="; }; - vendorSha256 = null; + vendorHash = null; ldflags = [ "-s" "-w" ]; diff --git a/pkgs/tools/security/minio-certgen/default.nix b/pkgs/tools/security/minio-certgen/default.nix index ddcd55ef3ff..fed6bdca2c5 100644 --- a/pkgs/tools/security/minio-certgen/default.nix +++ b/pkgs/tools/security/minio-certgen/default.nix @@ -11,7 +11,7 @@ buildGoModule rec { sha256 = "sha256-qi+SeNLW/jE2dGar4Lf16TKRT3ZTmWB/j8EsnoyrdxI="; }; - vendorSha256 = null; + vendorHash = null; meta = with lib; { description = "A simple Minio tool to generate self-signed certificates, and provides SAN certificates with DNS and IP entries"; diff --git a/pkgs/tools/security/naabu/default.nix b/pkgs/tools/security/naabu/default.nix index 9ff500a7fb9..8ed883b8e1b 100644 --- a/pkgs/tools/security/naabu/default.nix +++ b/pkgs/tools/security/naabu/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "naabu"; - version = "2.1.7"; + version = "2.1.8"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "naabu"; rev = "refs/tags/v${version}"; - hash = "sha256-x6TmV8c5p9Uuc9uJG3+FNNpdmzdzgQpsyO29dly7PuU="; + hash = "sha256-/EVlg0NhWJRowHttwYq+i/3BhO5o8w74kRLWIjSI6AQ="; }; - vendorHash = "sha256-9LIPRiLKszfz9Gj26G03TPHOqCXi1s3CYiaadInlD84="; + vendorHash = "sha256-LoYArDsCJCDSI02nFSUVemYNeF+q5xAjV2QyWjMOXIY="; buildInputs = [ libpcap diff --git a/pkgs/tools/security/osv-scanner/default.nix b/pkgs/tools/security/osv-scanner/default.nix index e40d9c4cdab..1397405dd8f 100644 --- a/pkgs/tools/security/osv-scanner/default.nix +++ b/pkgs/tools/security/osv-scanner/default.nix @@ -6,16 +6,16 @@ }: buildGoModule rec { pname = "osv-scanner"; - version = "1.3.6"; + version = "1.4.0"; src = fetchFromGitHub { owner = "google"; repo = pname; rev = "v${version}"; - hash = "sha256-mvR4LqUPtmLBH9RSfVge4anwun1wHJMCuGyHGQvA56s="; + hash = "sha256-UJrqSzJ024IiQwuPOoxNGgTNNfhb00KjtIHQb5qpDPQ="; }; - vendorHash = "sha256-oxAvpiNrdst7Y8EbSTrTEebX6+G/8K5UFwdKG+wiDQE="; + vendorHash = "sha256-oT4pjsEfjlPZyVo7Ic0rpTEK/sSUz1ShWk7fOJq+EQ8="; subPackages = [ "cmd/osv-scanner" diff --git a/pkgs/tools/security/ots/default.nix b/pkgs/tools/security/ots/default.nix index 47d53e741cc..bba9e8e6fb8 100644 --- a/pkgs/tools/security/ots/default.nix +++ b/pkgs/tools/security/ots/default.nix @@ -8,10 +8,10 @@ buildGoModule rec { owner = "sniptt-official"; repo = pname; rev = "v${version}"; - sha256 = "Oxs2ytf0rY9QYzVaLUkqyX15oWjas3ukSkq9D1TYbDE="; + hash = "sha256-Oxs2ytf0rY9QYzVaLUkqyX15oWjas3ukSkq9D1TYbDE="; }; - vendorSha256 = "qYk8T0sYIO0wJ0R0j+0VetCy11w8usIRRdBm/Z6grJE="; + vendorHash = "sha256-qYk8T0sYIO0wJ0R0j+0VetCy11w8usIRRdBm/Z6grJE="; ldflags = [ "-X main.version=${version}" "-X main.buildSource=nix" ]; diff --git a/pkgs/tools/security/pynitrokey/default.nix b/pkgs/tools/security/pynitrokey/default.nix index b9847171616..9c36ceb3c84 100644 --- a/pkgs/tools/security/pynitrokey/default.nix +++ b/pkgs/tools/security/pynitrokey/default.nix @@ -11,7 +11,7 @@ with python3Packages; buildPythonApplication rec { pname = "pynitrokey"; version = "0.4.39"; - format = "flit"; + format = "pyproject"; src = fetchPypi { inherit pname version; @@ -43,9 +43,13 @@ buildPythonApplication rec { ]; nativeBuildInputs = [ + flit-core pythonRelaxDepsHook ]; + # FIXME: does pythonRelaxDepsHook not work for pypaBuildHook + flit-core? + pypaBuildFlags = [ "--skip-dependency-check" ]; + pythonRelaxDeps = [ "click" "cryptography" diff --git a/pkgs/tools/security/shellz/default.nix b/pkgs/tools/security/shellz/default.nix index b34986b2f7f..f1b226c3213 100644 --- a/pkgs/tools/security/shellz/default.nix +++ b/pkgs/tools/security/shellz/default.nix @@ -11,10 +11,10 @@ buildGoModule rec { owner = "evilsocket"; repo = pname; rev = "v${version}"; - sha256 = "1mhl1y0jkycyl1hgwxavxkm1f6kdx1sz3bvpmkr46sdijji06imi"; + hash = "sha256-sUYDopSxaUPyrHev8XXobRoX6uxbdf5goJ75KYEPFNY="; }; - vendorSha256 = "14rd9xd7s5sfmxgv5p9ka8x12xcimv5hrq7hzy0d1c3ddf50rr7n"; + vendorHash = "sha256-9uQMimttsNCA//DgDMuukXUROlIz3bJfr04XfVpPLZM="; ldflags = [ "-s" diff --git a/pkgs/tools/security/ssb/default.nix b/pkgs/tools/security/ssb/default.nix index aed2dd79aeb..725f72e6c7c 100644 --- a/pkgs/tools/security/ssb/default.nix +++ b/pkgs/tools/security/ssb/default.nix @@ -14,7 +14,7 @@ buildGoModule rec { sha256 = "0dkd02l30461cwn5hsssnjyb9s8ww179wll3l7z5hy1hv3x6h9g1"; }; - vendorSha256 = null; #vendorSha256 = ""; + vendorHash = null; meta = with lib; { description = "Tool to bruteforce SSH server"; diff --git a/pkgs/tools/security/sudo-rs/default.nix b/pkgs/tools/security/sudo-rs/default.nix index d4621e22922..3cda1cde832 100644 --- a/pkgs/tools/security/sudo-rs/default.nix +++ b/pkgs/tools/security/sudo-rs/default.nix @@ -4,6 +4,7 @@ , fetchpatch , installShellFiles , nix-update-script +, nixosTests , pam , pandoc , rustPlatform @@ -73,7 +74,10 @@ rustPlatform.buildRustPackage rec { "su::context::tests::invalid_shell" ]; - passthru.updateScript = nix-update-script { }; + passthru = { + updateScript = nix-update-script { }; + tests = nixosTests.sudo-rs; + }; meta = with lib; { description = "A memory safe implementation of sudo and su."; diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 71b22a9706c..d15f5e3d2c8 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -30,11 +30,11 @@ let in stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.8.5"; + version = "0.4.8.6"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "sha256-aVfP0Uop7udVXFL4OHpG8s4vX+fa35NUfxvHSxZX4Rk="; + sha256 = "sha256-VS2JX8r2bHzStQ9avmO3iEsw/tJUEVvnv7kjaAc1UIg="; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/security/traitor/default.nix b/pkgs/tools/security/traitor/default.nix index bbe9553819f..26efa6d68a7 100644 --- a/pkgs/tools/security/traitor/default.nix +++ b/pkgs/tools/security/traitor/default.nix @@ -14,7 +14,7 @@ buildGoModule rec { sha256 = "sha256-LQfKdjZaTm5z8DUt6He/RJHbOUCUwP3CV3Fyt5rJIfU="; }; - vendorSha256 = null; + vendorHash = null; meta = with lib; { description = "Automatic Linux privilege escalation"; diff --git a/pkgs/tools/security/trueseeing/default.nix b/pkgs/tools/security/trueseeing/default.nix index 607a1798452..a9c4f300141 100644 --- a/pkgs/tools/security/trueseeing/default.nix +++ b/pkgs/tools/security/trueseeing/default.nix @@ -6,7 +6,7 @@ python3.pkgs.buildPythonApplication rec { pname = "trueseeing"; version = "2.1.7"; - format = "flit"; + format = "pyproject"; src = fetchFromGitHub { owner = "alterakey"; diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix index f40c6d86bf3..6156b0c9887 100644 --- a/pkgs/tools/security/trufflehog/default.nix +++ b/pkgs/tools/security/trufflehog/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "trufflehog"; - version = "3.56.1"; + version = "3.57.0"; src = fetchFromGitHub { owner = "trufflesecurity"; repo = "trufflehog"; rev = "refs/tags/v${version}"; - hash = "sha256-4FN3FAs6Sc2LLcqaKsSxJS9VVNwp/Zit9gZT+qDXRik="; + hash = "sha256-EzzjtrorfFYO6mEe8F/lYbHP96G04pFIRc6fzLa8eeY="; }; - vendorHash = "sha256-NBwPyA+NuW9RA/dXj+FpTa6RU0WOZRrey7gosDOatG8="; + vendorHash = "sha256-iCCk5ngXsAyVaPeCllIrT1KjoM0KlNlgCiLeASquMco="; ldflags = [ "-s" |