diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-05-13 00:32:00 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-05-13 00:41:26 +0000 |
commit | 439d80fbdcdf6245444e99e3764f233122c86358 (patch) | |
tree | bd769aabc0c8e46d3fdf8f0cc80297463e7d0dba /pkgs/tools/security | |
parent | cc2d9c385f776f38fa37656b8440b5c4a460e9a7 (diff) | |
parent | 9f5e9ef4b71a2a1ea8efef56f5876cdc846d6387 (diff) | |
download | nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.gz nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.bz2 nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.lz nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.xz nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.zst nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.zip |
Merge remote-tracking branch 'nixpkgs/master' into master
Diffstat (limited to 'pkgs/tools/security')
49 files changed, 724 insertions, 340 deletions
diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix index df5e3728943..e32aa034874 100644 --- a/pkgs/tools/security/afl/default.nix +++ b/pkgs/tools/security/afl/default.nix @@ -47,6 +47,11 @@ let # has totally different semantics in that case(?) - and also set a # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out # of $PATH. + # first though we need to replace the afl-clang-fast++ symlink with + # a real copy to prevent wrapProgram skipping the symlink and confusing + # nix's cc wrapper + rm $out/bin/afl-clang-fast++ + cp $out/bin/afl-clang-fast $out/bin/afl-clang-fast++ for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do wrapProgram $x \ --prefix AFL_PATH : "$out/lib/afl" \ @@ -68,7 +73,7 @@ let also useful for seeding other, more labor or resource-intensive testing regimes down the road. ''; - homepage = "http://lcamtuf.coredump.cx/afl/"; + homepage = "https://lcamtuf.coredump.cx/afl/"; license = stdenv.lib.licenses.asl20; platforms = ["x86_64-linux" "i686-linux"]; maintainers = with stdenv.lib.maintainers; [ thoughtpolice ris ]; diff --git a/pkgs/tools/security/afl/libdislocator.nix b/pkgs/tools/security/afl/libdislocator.nix index 953c59e435c..103786d1244 100644 --- a/pkgs/tools/security/afl/libdislocator.nix +++ b/pkgs/tools/security/afl/libdislocator.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation { ''; meta = with stdenv.lib; { - homepage = "http://lcamtuf.coredump.cx/afl/"; + homepage = "https://lcamtuf.coredump.cx/afl/"; description = '' Drop-in replacement for the libc allocator which improves the odds of bumping into heap-related security bugs in diff --git a/pkgs/tools/security/aflplusplus/default.nix b/pkgs/tools/security/aflplusplus/default.nix new file mode 100644 index 00000000000..f99be6d7575 --- /dev/null +++ b/pkgs/tools/security/aflplusplus/default.nix @@ -0,0 +1,146 @@ +{ stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper +, clang_9, llvm_9, gcc, which, libcgroup, python, perl, gmp +, file, cmocka, wine ? null, fetchpatch +}: + +# wine fuzzing is only known to work for win32 binaries, and using a mixture of +# 32 and 64-bit libraries ... complicates things, so it's recommended to build +# a full 32bit version of this package if you want to do wine fuzzing +assert (wine != null) -> (stdenv.targetPlatform.system == "i686-linux"); + +let + aflplusplus-qemu = callPackage ./qemu.nix { inherit aflplusplus; }; + qemu-exe-name = if stdenv.targetPlatform.system == "x86_64-linux" then "qemu-x86_64" + else if stdenv.targetPlatform.system == "i686-linux" then "qemu-i386" + else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; + libdislocator = callPackage ./libdislocator.nix { inherit aflplusplus; }; + libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; + aflplusplus = stdenvNoCC.mkDerivation rec { + pname = "aflplusplus"; + version = "2.64c"; + + src = fetchFromGitHub { + owner = "AFLplusplus"; + repo = "AFLplusplus"; + rev = version; + sha256 = "0n618pk6nlmkcbv1qm05fny4mnhcprrw0ppmra1phvk1y22iildj"; + }; + enableParallelBuilding = true; + + # build of unsigaction32 broken in 2.64c: + # https://github.com/AFLplusplus/AFLplusplus/commit/079fdbf9bc5be1adba19e4bd08be965bd4dd79dc#commitcomment-38428357 + # The applied patch fixes it. + patches = [ + (fetchpatch { + url = "https://github.com/AFLplusplus/AFLplusplus/commit/5b9928f1a9d4b017ea04365ca8b522fde71236eb.patch"; + sha256 = "1m4w9w4jaxb2mjkwvr6r4qa2j5cdzzpchjphpwd95861h0zvb6hh"; + }) + ]; + + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + nativeBuildInputs = [ makeWrapper which clang_9 gcc ]; + buildInputs = [ llvm_9 python gmp ] + ++ stdenv.lib.optional (wine != null) python.pkgs.wrapPython; + + + postPatch = '' + # Replace the CLANG_BIN variables with the correct path + substituteInPlace llvm_mode/afl-clang-fast.c \ + --replace "CLANGPP_BIN" '"${clang_9}/bin/clang++"' \ + --replace "CLANG_BIN" '"${clang_9}/bin/clang"' \ + --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" + + # Replace "gcc" and friends with full paths in afl-gcc + # Prevents afl-gcc picking up any (possibly incorrect) gcc from the path + substituteInPlace src/afl-gcc.c \ + --replace '"gcc"' '"${gcc}/bin/gcc"' \ + --replace '"g++"' '"${gcc}/bin/g++"' \ + --replace '"gcj"' '"gcj-UNSUPPORTED"' \ + --replace '"clang"' '"clang-UNSUPPORTED"' \ + --replace '"clang++"' '"clang++-UNSUPPORTED"' + ''; + + makeFlags = [ "PREFIX=$(out)" ]; + buildPhase = '' + common="$makeFlags -j$NIX_BUILD_CORES" + make all $common + make radamsa $common + make -C gcc_plugin CC=${gcc}/bin/gcc CXX=${gcc}/bin/g++ $common + make -C llvm_mode $common + make -C qemu_mode/libcompcov $common + make -C qemu_mode/unsigaction $common + ''; + + postInstall = '' + # remove afl-clang(++) which are just symlinks to afl-clang-fast + rm $out/bin/afl-clang $out/bin/afl-clang++ + + # the makefile neglects to install unsigaction + cp qemu_mode/unsigaction/unsigaction*.so $out/lib/afl/ + + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${aflplusplus-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # give user a convenient way of accessing libcompconv.so, libdislocator.so, libtokencap.so + cat > $out/bin/get-afl-qemu-libcompcov-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libcompcov.so + END + chmod +x $out/bin/get-afl-qemu-libcompcov-so + cp ${libdislocator}/bin/get-libdislocator-so $out/bin/ + cp ${libtokencap}/bin/get-libtokencap-so $out/bin/ + + # Install the cgroups wrapper for asan-based fuzzing. + cp examples/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + patchShebangs $out/bin + + '' + stdenv.lib.optionalString (wine != null) '' + substitute afl-wine-trace $out/bin/afl-wine-trace \ + --replace "qemu_mode/unsigaction" "$out/lib/afl" + chmod +x $out/bin/afl-wine-trace + + # qemu needs to be fed ELFs, not wrapper scripts, so we have to cheat a bit if we + # detect a wrapped wine + for winePath in ${wine}/bin/.wine ${wine}/bin/wine; do + if [ -x $winePath ]; then break; fi + done + makeWrapperArgs="--set-default 'AFL_WINE_PATH' '$winePath'" \ + wrapPythonProgramsIn $out/bin ${python.pkgs.pefile} + ''; + + installCheckInputs = [ perl file cmocka ]; + doInstallCheck = true; + installCheckPhase = '' + # replace references to tools in build directory with references to installed locations + substituteInPlace test/test.sh \ + --replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \ + --replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \ + --replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`' + perl -pi -e 's|(?<!\.)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh + cd test && ./test.sh + ''; + + passthru = { + inherit libdislocator libtokencap; + qemu = aflplusplus-qemu; + }; + + meta = { + description = '' + AFL++ is a heavily enhanced version of AFL, incorporating many features and + improvements from the community. + ''; + homepage = "https://aflplus.plus"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = with stdenv.lib.maintainers; [ ris mindavi ]; + }; + }; +in aflplusplus diff --git a/pkgs/tools/security/aflplusplus/libdislocator.nix b/pkgs/tools/security/aflplusplus/libdislocator.nix new file mode 100644 index 00000000000..6f947a7280a --- /dev/null +++ b/pkgs/tools/security/aflplusplus/libdislocator.nix @@ -0,0 +1,37 @@ +{ stdenv, aflplusplus}: + +stdenv.mkDerivation { + version = stdenv.lib.getVersion aflplusplus; + pname = "libdislocator"; + + src = aflplusplus.src; + postUnpack = "chmod -R +w ${aflplusplus.src.name}"; + sourceRoot = "${aflplusplus.src.name}/libdislocator"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + # issue is fixed upstream: https://github.com/AFLplusplus/AFLplusplus/commit/2a60ceb6944a7ca273057ddf64dcf837bf7f9521 + sed -i 's/README\.dislocator\.md/README\.md/g' Makefile + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libdislocator-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libdislocator.so + END + chmod +x $out/bin/get-libdislocator-so + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + description = '' + Drop-in replacement for the libc allocator which improves + the odds of bumping into heap-related security bugs in + several ways. + ''; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/pkgs/tools/security/aflplusplus/libtokencap.nix b/pkgs/tools/security/aflplusplus/libtokencap.nix new file mode 100644 index 00000000000..9421ee0d1e2 --- /dev/null +++ b/pkgs/tools/security/aflplusplus/libtokencap.nix @@ -0,0 +1,32 @@ +{ stdenv, aflplusplus}: + +stdenv.mkDerivation { + version = stdenv.lib.getVersion aflplusplus; + pname = "libtokencap"; + + src = aflplusplus.src; + postUnpack = "chmod -R +w ${aflplusplus.src.name}"; + sourceRoot = "${aflplusplus.src.name}/libtokencap"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + mkdir -p $out/share/doc/afl + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libtokencap-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libtokencap.so + END + chmod +x $out/bin/get-libtokencap-so + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + description = "strcmp & memcmp token capture library"; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch b/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch new file mode 100644 index 00000000000..5dfbfd780f1 --- /dev/null +++ b/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index d6b9dc1..ce7c493 100644 +--- a/Makefile ++++ b/Makefile +@@ -601,7 +601,7 @@ install-localstatedir: + endif + + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir ++install: all $(if $(BUILD_DOCS),install-doc) install-datadir + ifneq ($(TOOLS),) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) + endif diff --git a/pkgs/tools/security/aflplusplus/qemu.nix b/pkgs/tools/security/aflplusplus/qemu.nix new file mode 100644 index 00000000000..c51c839afe8 --- /dev/null +++ b/pkgs/tools/security/aflplusplus/qemu.nix @@ -0,0 +1,83 @@ +{ stdenv, fetchurl, aflplusplus, python2, zlib, pkgconfig, glib, perl +, texinfo, libuuid, flex, bison, pixman, autoconf +}: + +with stdenv.lib; + +let + qemuName = "qemu-3.1.0"; + cpuTarget = if stdenv.targetPlatform.system == "x86_64-linux" then "x86_64-linux-user" + else if stdenv.targetPlatform.system == "i686-linux" then "i386-linux-user" + else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; +in +stdenv.mkDerivation { + name = "aflplusplus-${qemuName}"; + + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "08frr1fdjx8qcfh3fafn10kibdwbvkqqvfl7hpqbm7i9dg4f1zlq"; + }) + aflplusplus.src + ]; + + sourceRoot = qemuName; + + postUnpack = '' + chmod -R +w ${aflplusplus.src.name} + for f in ${aflplusplus.src.name}/qemu_mode/patches/* ; do + sed -E -i 's|(\.\./)+patches/([a-z-]+\.h)|\2|g' $f + sed -E -i 's|\.\./\.\./config\.h|afl-config.h|g' $f + sed -E -i 's|\.\./\.\./include/cmplog\.h|afl-cmplog.h|g' $f + done + cp ${aflplusplus.src.name}/qemu_mode/patches/*.h $sourceRoot/ + cp ${aflplusplus.src.name}/types.h $sourceRoot/afl-types.h + substitute ${aflplusplus.src.name}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${aflplusplus.src.name}/include/cmplog.h $sourceRoot/afl-cmplog.h \ + --replace "config.h" "afl-config.h" \ + --replace "forkserver.h" "afl-forkserver.h" + substitute ${aflplusplus.src.name}/include/forkserver.h $sourceRoot/afl-forkserver.h \ + --replace "types.h" "afl-types.h" + + cat ${aflplusplus.src.name}/qemu_mode/patches/*.diff > all.patch + ''; + + nativeBuildInputs = [ + python2 perl pkgconfig flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman libuuid + ]; + + enableParallelBuilding = true; + + patches = [ + # patches extracted from aflplusplus source + "../all.patch" + # nix-specific patches to make installation more well-behaved + ./qemu-no-etc-install.patch + ]; + + configureFlags = + [ "--disable-system" + "--enable-linux-user" + "--disable-gtk" + "--disable-sdl" + "--disable-vnc" + "--disable-kvm" + "--target-list=${cpuTarget}" + "--enable-pie" + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + meta = with stdenv.lib; { + homepage = "https://www.qemu.org/"; + description = "Fork of QEMU with AFL++ instrumentation support"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ ris ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/age/default.nix b/pkgs/tools/security/age/default.nix index bde597ba9f3..c8b4f069f79 100644 --- a/pkgs/tools/security/age/default.nix +++ b/pkgs/tools/security/age/default.nix @@ -2,9 +2,9 @@ buildGoModule rec { pname = "age"; - version = "1.0.0-beta2"; + version = "unstable-2020-03-25"; goPackagePath = "github.com/FiloSottile/age"; - modSha256 = "0kwdwhkxgqjd8h1p7pm4h4xidp2vk840h1j4qya4qz8bjf9vskl9"; + modSha256 = "00yhn1894ni8bvkqm1vr0rqkky52pkhvdzbi2sqx3czlgb5ibw3h"; subPackages = [ "cmd/age" @@ -14,8 +14,8 @@ buildGoModule rec { src = fetchFromGitHub { owner = "FiloSottile"; repo = "age"; - rev = "v${version}"; - sha256 = "1n1ww8yjw0mg00dvnfmggww9kwp1hls0a85iv6vx9k89mzv8mdrq"; + rev = "f0f8092d60bb96737fa096c29ec6d8adb5810390"; + sha256 = "079kfc8d1pr39hr4qnx48kviyzwg4p8m4pz0bdkypns4aq8ppbfk"; }; meta = with lib; { diff --git a/pkgs/tools/security/bitwarden_rs/default.nix b/pkgs/tools/security/bitwarden_rs/default.nix index 6accefa58a4..6d3c4bccef9 100644 --- a/pkgs/tools/security/bitwarden_rs/default.nix +++ b/pkgs/tools/security/bitwarden_rs/default.nix @@ -8,13 +8,13 @@ let in rustPlatform.buildRustPackage rec { pname = "bitwarden_rs"; - version = "1.14.1"; + version = "1.14.2"; src = fetchFromGitHub { owner = "dani-garcia"; repo = pname; rev = version; - sha256 = "10fi5vvckmdbjvlg6mlaqh2dsm33sbkq1z1b6gmz8qjbijc8i7gw"; + sha256 = "0413yjbnj4k917x48h1gnj64kygbr6c1n55f23qkvj0hgbxpgssz"; }; nativeBuildInputs = [ pkgconfig ]; @@ -25,7 +25,7 @@ in rustPlatform.buildRustPackage rec { RUSTC_BOOTSTRAP = 1; - cargoSha256 = "1p8wpndj1aydhcjl15z3xhjf52a0l5rh5cy9qs6w4776crya2jjr"; + cargoSha256 = "09747f9g7yyq9c8wbfdb3hwxii5xq23ynhba0vc01nhjpjyn0ksd"; cargoBuildFlags = [ featuresFlag ]; checkPhase = '' diff --git a/pkgs/tools/security/bitwarden_rs/vault.nix b/pkgs/tools/security/bitwarden_rs/vault.nix index 43d8d3a9b11..0c60ab62106 100644 --- a/pkgs/tools/security/bitwarden_rs/vault.nix +++ b/pkgs/tools/security/bitwarden_rs/vault.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "bitwarden_rs-vault"; - version = "2.13.2"; + version = "2.13.2b"; src = fetchurl { url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - sha256 = "1000iqjr670imm1dlw9r003d8psp5sq0m0p62sjnll7wnycd805r"; + sha256 = "1pba3d04gfnviv8r98anpv7m8r9r417s352r5fz8qzg8lr070540"; }; buildCommand = '' diff --git a/pkgs/tools/security/brutespray/default.nix b/pkgs/tools/security/brutespray/default.nix index be7c99f5252..78dd789047d 100644 --- a/pkgs/tools/security/brutespray/default.nix +++ b/pkgs/tools/security/brutespray/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "brutespray"; - version = "1.6.6"; + version = "1.6.8"; src = fetchFromGitHub { owner = "x90skysn3k"; repo = pname; rev = "brutespray-${version}"; - sha256 = "1rj8fkq1xz4ph1pmldphlsa25mg6xl7i7dranb0qjx00jhfxjxjh"; + sha256 = "1pi4d5vcvvjsby39dq995dlhpxdicmfhqsiw23hr25m38ccfm3rh"; }; postPatch = '' diff --git a/pkgs/tools/security/ccid/default.nix b/pkgs/tools/security/ccid/default.nix index b9cffc7f769..e74e1b61438 100644 --- a/pkgs/tools/security/ccid/default.nix +++ b/pkgs/tools/security/ccid/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "ccid"; - version = "1.4.31"; + version = "1.4.32"; src = fetchurl { url = "https://ccid.apdu.fr/files/${pname}-${version}.tar.bz2"; - sha256 = "1xz8ikr6vk73w3xnwb931yq8lqc1zrj8c3v34n6h63irwjvdfj3b"; + sha256 = "0f8nzk7379ip4x2ii5vn6h67jyx733pq0ywnnsj2llbxi2vllpsl"; }; postPatch = '' diff --git a/pkgs/tools/security/crowbar/default.nix b/pkgs/tools/security/crowbar/default.nix new file mode 100644 index 00000000000..cd4e7db8718 --- /dev/null +++ b/pkgs/tools/security/crowbar/default.nix @@ -0,0 +1,42 @@ +{ fetchFromGitHub +, freerdp +, nmap +, openvpn +, python3Packages +, stdenv +, tigervnc +}: + +python3Packages.buildPythonApplication rec { + pname = "crowbar"; + version = "unstable-2020-04-23"; + + src = fetchFromGitHub { + owner = "galkan"; + repo = pname; + rev = "500d633ff5ddfcbc70eb6d0b4d2181e5b8d3c535"; + sha256 = "05m9vywr9976pc7il0ak8nl26mklzxlcqx0p8rlfyx1q766myqzf"; + }; + + propagatedBuildInputs = [ python3Packages.paramiko ]; + + patchPhase = '' + sed -i 's,/usr/bin/xfreerdp,${freerdp}/bin/xfreerdp,g' lib/main.py + sed -i 's,/usr/bin/vncviewer,${tigervnc}/bin/vncviewer,g' lib/main.py + sed -i 's,/usr/sbin/openvpn,${openvpn}/bin/openvpn,g' lib/main.py + + sed -i 's,/usr/bin/nmap,${nmap}/bin/nmap,g' lib/nmap.py + ''; + + # Sanity check + checkPhase = '' + $out/bin/crowbar --help > /dev/null + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/galkan/crowbar"; + description = "A brute forcing tool that can be used during penetration tests"; + license = licenses.mit; + maintainers = with maintainers; [ pamplemousse ]; + }; +} diff --git a/pkgs/tools/security/doas/default.nix b/pkgs/tools/security/doas/default.nix index ce8b5825647..58ada1086bc 100644 --- a/pkgs/tools/security/doas/default.nix +++ b/pkgs/tools/security/doas/default.nix @@ -1,15 +1,19 @@ -{ stdenv, lib, fetchFromGitHub, bison, pam }: +{ stdenv +, lib +, fetchFromGitHub +, bison +, pam +}: stdenv.mkDerivation rec { pname = "doas"; - - version = "6.0"; + version = "6.6.1"; src = fetchFromGitHub { owner = "Duncaen"; repo = "OpenDoas"; rev = "v${version}"; - sha256 = "1j50l3jvbgvg8vmp1nx6vrjxkbj5bvfh3m01bymzfn25lkwwhz1x"; + sha256 = "07kkc5729p654jrgfsc8zyhiwicgmq38yacmwfvay2b3gmy728zn"; }; # otherwise confuses ./configure @@ -26,6 +30,6 @@ stdenv.mkDerivation rec { homepage = "https://github.com/Duncaen/OpenDoas"; license = licenses.isc; platforms = platforms.linux; - maintainers = with maintainers; [ cstrahan ]; + maintainers = with maintainers; [ cole-h cstrahan ]; }; } diff --git a/pkgs/tools/security/genpass/default.nix b/pkgs/tools/security/genpass/default.nix new file mode 100644 index 00000000000..ee3eebac991 --- /dev/null +++ b/pkgs/tools/security/genpass/default.nix @@ -0,0 +1,25 @@ +{ stdenv +, fetchFromGitHub +, rustPlatform +}: +rustPlatform.buildRustPackage rec { + pname = "genpass"; + version = "0.4.1"; + + src = fetchFromGitHub { + owner = "cyplo"; + repo = pname; + rev = "v${version}"; + sha256 = "1b22m7g55k5ry0vwyd8pakh8rmfkhk37qy5r74cn3n5pv3fcwini"; + }; + + cargoSha256 = "1p6l64s9smhwka8bh3pamqimamxziad859i62nrmxzqc49nq5s7m"; + + meta = with stdenv.lib; { + description = "A simple yet robust commandline random password generator."; + homepage = "https://github.com/cyplo/genpass"; + license = licenses.agpl3; + platforms = platforms.all; + maintainers = with maintainers; [ cyplo ]; + }; +} diff --git a/pkgs/tools/security/ghidra/default.nix b/pkgs/tools/security/ghidra/default.nix index 63fbca8f446..d31e1f2c275 100644 --- a/pkgs/tools/security/ghidra/default.nix +++ b/pkgs/tools/security/ghidra/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, unzip, lib, makeWrapper, autoPatchelfHook +{ stdenv, fetchzip, lib, makeWrapper, autoPatchelfHook , openjdk11, pam, makeDesktopItem, icoutils }: let @@ -16,23 +16,22 @@ in stdenv.mkDerivation { - name = "ghidra-9.1"; + name = "ghidra-9.1.2"; - src = fetchurl { - url = "https://ghidra-sre.org/ghidra_9.1_PUBLIC_20191023.zip"; - sha256 = "0pl7s59008gvgwz4mxp7rz3xr3vaa12a6s5zvx2yr9jxx3gk1l99"; + src = fetchzip { + url = "https://ghidra-sre.org/ghidra_9.1.2_PUBLIC_20200212.zip"; + sha256 = "0j48pijypg44bw06azbrgfqjkigb13ljfdxib70sxwyqia3vkbbm"; }; nativeBuildInputs = [ makeWrapper autoPatchelfHook - unzip + icoutils ]; buildInputs = [ stdenv.cc.cc.lib pam - icoutils ]; dontStrip = true; @@ -42,7 +41,7 @@ in stdenv.mkDerivation { mkdir -p "${pkg_path}" "$out/share/applications" cp -a * "${pkg_path}" ln -s ${desktopItem}/share/applications/* $out/share/applications - + icotool -x "${pkg_path}/support/ghidra.ico" rm ghidra_4_40x40x32.png for f in ghidra_*.png; do diff --git a/pkgs/tools/security/gnome-keysign/default.nix b/pkgs/tools/security/gnome-keysign/default.nix index 9f87684cae3..d430a689524 100644 --- a/pkgs/tools/security/gnome-keysign/default.nix +++ b/pkgs/tools/security/gnome-keysign/default.nix @@ -53,7 +53,7 @@ python3.pkgs.buildPythonApplication rec { gst_all_1.gstreamer gst_all_1.gst-plugins-base (gst_all_1.gst-plugins-good.override { gtkSupport = true; }) - gst_all_1.gst-plugins-bad # for zbar plug-in + (gst_all_1.gst-plugins-bad.override { enableZbar = true; }) # for zbar plug-in ]; propagatedBuildInputs = with python3.pkgs; [ @@ -84,7 +84,7 @@ python3.pkgs.buildPythonApplication rec { description = "GTK/GNOME application to use GnuPG for signing other peoples’ keys"; homepage = "https://wiki.gnome.org/Apps/Keysign"; license = licenses.gpl3Plus; - maintainers = gnome3.maintainers; + maintainers = teams.gnome.members; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix index ea900160752..f5b693fed35 100644 --- a/pkgs/tools/security/gnupg/20.nix +++ b/pkgs/tools/security/gnupg/20.nix @@ -4,7 +4,7 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. , pinentry ? null, guiSupport ? false -, openldap ? null, bzip2 ? null, libusb ? null, curl ? null +, openldap ? null, bzip2 ? null, libusb-compat-0_1 ? null, curl ? null }: with stdenv.lib; @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { buildInputs = [ readline zlib libgpgerror libgcrypt libassuan libksba pth - openldap bzip2 libusb curl libiconv ]; + openldap bzip2 libusb-compat-0_1 curl libiconv ]; patches = [ ./gpgkey2ssh-20.patch ]; diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index f87e985c95a..7c095cffa31 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -4,7 +4,7 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. , guiSupport ? true, enableMinimal ? false -, adns ? null , bzip2 ? null , gnutls ? null , libusb ? null , openldap ? null +, adns ? null , bzip2 ? null , gnutls ? null , libusb1 ? null , openldap ? null , pcsclite ? null , pinentry ? null , readline ? null , sqlite ? null , zlib ? null }: @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig texinfo ]; buildInputs = [ libgcrypt libassuan libksba libiconv npth gettext - readline libusb gnutls adns openldap zlib bzip2 sqlite + readline libusb1 gnutls adns openldap zlib bzip2 sqlite ]; patches = [ diff --git a/pkgs/tools/security/gopass/default.nix b/pkgs/tools/security/gopass/default.nix index 8af24bf7ab5..a16701f48ea 100644 --- a/pkgs/tools/security/gopass/default.nix +++ b/pkgs/tools/security/gopass/default.nix @@ -1,20 +1,29 @@ -{ stdenv, buildGoPackage, fetchFromGitHub, git, gnupg, xclip, wl-clipboard, makeWrapper }: +{ stdenv, makeWrapper +, buildGoModule, fetchFromGitHub, installShellFiles +, git +, gnupg +, xclip +, wl-clipboard +, passAlias ? false +}: -buildGoPackage rec { +buildGoModule rec { pname = "gopass"; - version = "1.8.6"; + version = "1.9.1"; - goPackagePath = "github.com/gopasspw/gopass"; - - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ installShellFiles makeWrapper ]; src = fetchFromGitHub { owner = "gopasspw"; repo = pname; rev = "v${version}"; - sha256 = "0v3sx9hb03bdn4rvsv2r0jzif6p1rx47hrkpsbnwva31k396mck2"; + sha256 = "19xhyyd76r17rwn6s8xgfjnyi7kywagy0i4anqws40w79j3qb1p0"; }; + modSha256 = "0zr4ihpcclw5pfhcdrd4n4qb3i3djcwyvwr4m2kpn99icp55bml8"; + + buildFlagsArray = [ "-ldflags=-s -w -X main.version=${version} -X main.commit=${src.rev}" ]; + wrapperPath = stdenv.lib.makeBinPath ([ git gnupg @@ -22,17 +31,16 @@ buildGoPackage rec { ] ++ stdenv.lib.optional stdenv.isLinux wl-clipboard); postInstall = '' - mkdir -p \ - $bin/share/bash-completion/completions \ - $bin/share/zsh/site-functions \ - $bin/share/fish/vendor_completions.d - $bin/bin/gopass completion bash > $bin/share/bash-completion/completions/_gopass - $bin/bin/gopass completion zsh > $bin/share/zsh/site-functions/_gopass - $bin/bin/gopass completion fish > $bin/share/fish/vendor_completions.d/gopass.fish + for shell in bash fish zsh; do + $out/bin/gopass completion $shell > gopass.$shell + installShellCompletion gopass.$shell + done + '' + stdenv.lib.optionalString passAlias '' + ln -s $out/bin/gopass $out/bin/pass ''; postFixup = '' - wrapProgram $bin/bin/gopass \ + wrapProgram $out/bin/gopass \ --prefix PATH : "${wrapperPath}" ''; @@ -40,7 +48,7 @@ buildGoPackage rec { description = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go."; homepage = "https://www.gopass.pw/"; license = licenses.mit; - maintainers = with maintainers; [ andir ]; + maintainers = with maintainers; [ andir rvolosatovs ]; platforms = platforms.unix; longDescription = '' diff --git a/pkgs/tools/security/hcxdumptool/default.nix b/pkgs/tools/security/hcxdumptool/default.nix new file mode 100644 index 00000000000..6a2eee47143 --- /dev/null +++ b/pkgs/tools/security/hcxdumptool/default.nix @@ -0,0 +1,25 @@ +{ stdenv, lib, fetchFromGitHub, openssl }: + +stdenv.mkDerivation rec { + pname = "hcxdumptool"; + version = "6.0.5"; + + src = fetchFromGitHub { + owner = "ZerBea"; + repo = "hcxdumptool"; + rev = version; + sha256 = "0rh19lblz8wp8q2x123nlwvxq1pjq9zw12w18z83v2l2knjbc524"; + }; + + buildInputs = [ openssl ]; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with stdenv.lib; { + homepage = "https://github.com/ZerBea/hcxdumptool"; + description = "Small tool to capture packets from wlan devices"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ danielfullmer ]; + }; +} diff --git a/pkgs/tools/security/hcxtools/default.nix b/pkgs/tools/security/hcxtools/default.nix index 84517ce2bd8..5634ee6cff0 100644 --- a/pkgs/tools/security/hcxtools/default.nix +++ b/pkgs/tools/security/hcxtools/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hcxtools"; - version = "6.0.1"; + version = "6.0.2"; src = fetchFromGitHub { owner = "ZerBea"; repo = pname; rev = version; - sha256 = "0r7pjz89chgb7zl2pqgw3zb1z8cgwp0nxmqvmkv0jn1m9dw3f44f"; + sha256 = "0a36184igdgs2h83zr4zihc5acps91ipmgph37jakvzwrsn64ma6"; }; buildInputs = [ curl openssl zlib ]; diff --git a/pkgs/tools/security/jadx/default.nix b/pkgs/tools/security/jadx/default.nix new file mode 100644 index 00000000000..961f1e6954a --- /dev/null +++ b/pkgs/tools/security/jadx/default.nix @@ -0,0 +1,103 @@ +{ stdenv, fetchFromGitHub, gradle, jdk, makeWrapper, perl }: + +let + pname = "jadx"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "skylot"; + repo = pname; + rev = "v${version}"; + sha256 = "1dx3g0sm46qy57gggpg8bpmin5glzbxdbf0qzvha9r2dwh4mrwlg"; + }; + + deps = stdenv.mkDerivation { + name = "${pname}-deps"; + inherit src; + + nativeBuildInputs = [ gradle jdk perl ]; + + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d) + export JADX_VERSION=${version} + gradle --no-daemon jar + ''; + + # Mavenize dependency paths + # e.g. org.codehaus.groovy/groovy/2.4.0/{hash}/groovy-2.4.0.jar -> org/codehaus/groovy/groovy/2.4.0/groovy-2.4.0.jar + installPhase = '' + find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \ + | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \ + | sh + ''; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "083r4hg6m9cxzm2m8nckf10awq8kh901v5i39r60x47xk5yw84ps"; + }; +in stdenv.mkDerivation { + inherit pname version src; + + nativeBuildInputs = [ gradle jdk makeWrapper ]; + + buildPhase = '' + # The installDist Gradle build phase tries to copy some dependency .jar + # files multiple times into the build directory. This ends up failing when + # the dependencies are read directly from the Nix store since they are not + # marked as chmod +w. To work around this, get a local copy of the + # dependency store, and give write permissions. + depsDir=$(mktemp -d) + cp -R ${deps}/* $depsDir + chmod -R u+w $depsDir + + gradleInit=$(mktemp) + cat >$gradleInit <<EOF + gradle.projectsLoaded { + rootProject.allprojects { + buildscript { + repositories { + clear() + maven { url '$depsDir' } + } + } + repositories { + clear() + maven { url '$depsDir' } + } + } + } + + settingsEvaluated { settings -> + settings.pluginManagement { + repositories { + maven { url '$depsDir' } + } + } + } + EOF + + export GRADLE_USER_HOME=$(mktemp -d) + export JADX_VERSION=${version} + gradle --offline --no-daemon --info --init-script $gradleInit pack + ''; + + installPhase = '' + mkdir $out $out/bin + cp -R build/jadx/lib $out + for prog in jadx jadx-gui; do + cp build/jadx/bin/$prog $out/bin + wrapProgram $out/bin/$prog --set JAVA_HOME ${jdk.home} + done + ''; + + meta = with stdenv.lib; { + description = "Dex to Java decompiler"; + longDescription = '' + Command line and GUI tools for produce Java source code from Android Dex + and Apk files. + ''; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ delroth ]; + }; +} diff --git a/pkgs/tools/security/jwt-cli/default.nix b/pkgs/tools/security/jwt-cli/default.nix index f2314d7a0e8..2161aa5f1cd 100644 --- a/pkgs/tools/security/jwt-cli/default.nix +++ b/pkgs/tools/security/jwt-cli/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "jwt-cli"; - version = "3.0.1"; + version = "3.1.0"; src = fetchFromGitHub { owner = "mike-engel"; repo = pname; rev = version; - sha256 = "108pwk0h6zcbfmp0k8rhjxaa9yk8rhb78aaql22x48n11fnjl27i"; + sha256 = "0pmxis3m3madwnmswz9hn0i8fz6a9bg11slgrrwql7mx23ijqf6y"; }; - cargoSha256 = "1xh2ylx5fqblhlrs8yhl3zf8kvgrqnwdwmix6yzch9bi5mv5c11w"; + cargoSha256 = "165g1v0c8jxs8ddm8ld0hh7k8mvk3566ig43pf99hnw009fg1yc2"; buildInputs = stdenv.lib.optional stdenv.isDarwin Security; diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index 2d8957a9d54..bbc99c2ac41 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -6,7 +6,7 @@ buildGoPackage rec { pname = "keybase"; - version = "5.3.1"; + version = "5.4.2"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/kbnm" "go/keybase" ]; @@ -17,7 +17,7 @@ buildGoPackage rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - sha256 = "1a1h2c8jr4r20w4gyvyrpsslmh69bl8syl3jbr0fcr2kka7vqnzg"; + sha256 = "08lw5aw962f75xi42bwbgba94hiql2n2jnsxrkx84czi0ijs1wlr"; }; patches = [ @@ -35,7 +35,7 @@ buildGoPackage rec { homepage = "https://www.keybase.io/"; description = "The Keybase official command-line utility and service."; platforms = platforms.linux ++ platforms.darwin; - maintainers = with maintainers; [ carlsverre np rvolosatovs filalex77 ]; + maintainers = with maintainers; [ avaq carlsverre np rvolosatovs filalex77 ]; license = licenses.bsd3; }; } diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix index 9c34d78aee8..05490784390 100644 --- a/pkgs/tools/security/keybase/gui.nix +++ b/pkgs/tools/security/keybase/gui.nix @@ -4,16 +4,16 @@ , runtimeShell, gsettings-desktop-schemas }: let - versionSuffix = "20200320154633.3e235215b3"; + versionSuffix = "20200424214931.7b0bbf1e3c"; in stdenv.mkDerivation rec { pname = "keybase-gui"; - version = "5.3.1"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "5.4.2"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - sha256 = "00k1xg27arbqpa836c55fhkxjvjbhjgkf6jqzprjzz76zksfdcx4"; + sha256 = "06iksmrr959mlzxc3nwd70apmvhij1xarxvvflys5qa31vravizs"; }; nativeBuildInputs = [ @@ -108,7 +108,7 @@ stdenv.mkDerivation rec { homepage = "https://www.keybase.io/"; description = "The Keybase official GUI"; platforms = platforms.linux; - maintainers = with maintainers; [ rvolosatovs puffnfresh np filalex77 ]; + maintainers = with maintainers; [ avaq rvolosatovs puffnfresh np filalex77 ]; license = licenses.bsd3; }; } diff --git a/pkgs/tools/security/keybase/kbfs.nix b/pkgs/tools/security/keybase/kbfs.nix index 20fadee6a40..e9284e7230f 100644 --- a/pkgs/tools/security/keybase/kbfs.nix +++ b/pkgs/tools/security/keybase/kbfs.nix @@ -16,7 +16,7 @@ buildGoPackage { homepage = "https://keybase.io/docs/kbfs"; description = "The Keybase filesystem"; platforms = platforms.unix; - maintainers = with maintainers; [ rvolosatovs bennofs np ]; + maintainers = with maintainers; [ avaq rvolosatovs bennofs np ]; license = licenses.bsd3; }; } diff --git a/pkgs/tools/security/kpcli/default.nix b/pkgs/tools/security/kpcli/default.nix index f56bd59cd9a..09916f85f9e 100644 --- a/pkgs/tools/security/kpcli/default.nix +++ b/pkgs/tools/security/kpcli/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, makeWrapper, perl, perlPackages }: stdenv.mkDerivation rec { - version = "3.3"; + version = "3.4"; pname = "kpcli"; src = fetchurl { url = "mirror://sourceforge/kpcli/${pname}-${version}.pl"; - sha256 = "1z6dy70d3ag16vgzzafcnxb8gap3wahfmy4vd22fpgbrdd6riph4"; + sha256 = "0s46cni16ph93havmkrlai3k13mdppyca1s2bqm751a6rirmsgj0"; }; buildInputs = [ makeWrapper perl ]; diff --git a/pkgs/tools/security/libacr38u/default.nix b/pkgs/tools/security/libacr38u/default.nix index 45d0279099f..b56c15af3d6 100644 --- a/pkgs/tools/security/libacr38u/default.nix +++ b/pkgs/tools/security/libacr38u/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, pcsclite , libusb }: +{ stdenv, fetchurl, pkgconfig, pcsclite , libusb-compat-0_1 }: stdenv.mkDerivation { version = "1.7.11"; @@ -12,7 +12,7 @@ stdenv.mkDerivation { doCheck = true; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ pcsclite libusb ]; + buildInputs = [ pcsclite libusb-compat-0_1 ]; preBuild = '' makeFlagsArray=(usbdropdir="$out/pcsc/drivers"); diff --git a/pkgs/tools/security/notary/default.nix b/pkgs/tools/security/notary/default.nix index 4f0b5f2c954..15797fc8665 100644 --- a/pkgs/tools/security/notary/default.nix +++ b/pkgs/tools/security/notary/default.nix @@ -26,7 +26,7 @@ buildGoPackage rec { installPhase = '' runHook preInstall - install -D bin/notary $bin/bin/notary + install -D bin/notary $out/bin/notary runHook postInstall ''; diff --git a/pkgs/tools/security/p0f/default.nix b/pkgs/tools/security/p0f/default.nix index 1e618cdce1a..02d888b725f 100644 --- a/pkgs/tools/security/p0f/default.nix +++ b/pkgs/tools/security/p0f/default.nix @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { meta = { description = "Passive network reconnaissance and fingerprinting tool"; - homepage = "http://lcamtuf.coredump.cx/p0f3/"; + homepage = "https://lcamtuf.coredump.cx/p0f3/"; license = stdenv.lib.licenses.lgpl21; platforms = stdenv.lib.platforms.linux; maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 46dfafa8151..76b90d5b885 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -144,7 +144,7 @@ stdenv.mkDerivation rec { description = "Stores, retrieves, generates, and synchronizes passwords securely"; homepage = "https://www.passwordstore.org/"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher globin ma27 ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher globin ma27 ]; platforms = platforms.unix; longDescription = '' diff --git a/pkgs/tools/security/pass/extensions/audit/0001-Make-it-possible-to-run-the-tests-offline.patch b/pkgs/tools/security/pass/extensions/audit/0001-Make-it-possible-to-run-the-tests-offline.patch deleted file mode 100644 index 36faf3140cc..00000000000 --- a/pkgs/tools/security/pass/extensions/audit/0001-Make-it-possible-to-run-the-tests-offline.patch +++ /dev/null @@ -1,175 +0,0 @@ -From 37c2b4d2940476555aeec20fe1e5e3fa0492a94e Mon Sep 17 00:00:00 2001 -From: Maximilian Bosch <maximilian@mbosch.me> -Date: Sun, 15 Mar 2020 19:58:53 +0100 -Subject: [PATCH] Make it possible to run the tests offline - -Helpful when developing without network access, also makes sure that -the test actually depend on the API's data like number of breaches -(which will change in time). ---- - tests/commons.py | 25 +++++++++++++++++++++++++ - tests/test_audit.py | 8 +++++--- - tests/test_pass_audit.py | 10 +++++++++- - tests/test_pwned.py | 8 +++++--- - 4 files changed, 44 insertions(+), 7 deletions(-) - -diff --git a/tests/commons.py b/tests/commons.py -index 13c4cb1..4f1ecd8 100644 ---- a/tests/commons.py -+++ b/tests/commons.py -@@ -56,3 +56,28 @@ class TestPass(TestBase): - for path in self.store.list(root): - data[path] = self.store.show(path) - return data -+ -+ -+def mock_request(*args, **kwargs): -+ class MockResponse: -+ def __init__(self): -+ data = [ -+ "D5EE0CB1A41071812CCED2F1930E6E1A5D2:2", -+ "2DC183F740EE76F27B78EB39C8AD972A757:52579", -+ "CF164D7A51A1FD864B1BF9E1CE8A3EC171B:4", -+ "D0B910E7A3028703C0B30039795E908CEB2:7", -+ "AD6438836DBE526AA231ABDE2D0EEF74D42:3", -+ "EBAB0A7CE978E0194608B572E4F9404AA21:3", -+ "17727EAB0E800E62A776C76381DEFBC4145:120", -+ "5370372AC65308F03F6ED75EC6068C8E1BE:1386", -+ "1E4C9B93F3F0682250B6CF8331B7EE68FD8:3730471", -+ "437FAA5A7FCE15D1DDCB9EAEAEA377667B8:123422", -+ "944C22589AC652B0F47918D58CA0CDCCB63:411" -+ ] -+ -+ self.text = "\r\n".join(data) -+ -+ def raise_for_status(self): -+ pass -+ -+ return MockResponse() -diff --git a/tests/test_audit.py b/tests/test_audit.py -index d8c7a9a..5e0a9cf 100644 ---- a/tests/test_audit.py -+++ b/tests/test_audit.py -@@ -17,12 +17,13 @@ - # - - from .. import pass_audit --from tests.commons import TestPass -- -+from tests.commons import TestPass, mock_request -+from unittest import mock - - class TestPassAudit(TestPass): - passwords_nb = 7 - -+ @mock.patch('requests.get', mock_request) - def test_password_notpwned(self): - """Testing: pass audit for password not breached with K-anonymity method.""" - data = self._getdata("Password/notpwned") -@@ -30,9 +31,10 @@ class TestPassAudit(TestPass): - breached = audit.password() - self.assertTrue(len(breached) == 0) - -+ @mock.patch('requests.get', mock_request) - def test_password_pwned(self): - """Testing: pass audit for password breached with K-anonymity method.""" -- ref_counts = [51259, 3, 114, 1352, 3645804, 78773, 396] -+ ref_counts = [52579, 3, 120, 1386, 3730471, 123422, 411] - data = self._getdata("Password/pwned") - audit = pass_audit.PassAudit(data) - breached = audit.password() -diff --git a/tests/test_pass_audit.py b/tests/test_pass_audit.py -index 4c10f87..2c949f7 100644 ---- a/tests/test_pass_audit.py -+++ b/tests/test_pass_audit.py -@@ -19,7 +19,8 @@ - import os - - from .. import pass_audit --from tests.commons import TestPass -+from tests.commons import TestPass, mock_request -+from unittest import mock - - - class TestPassAuditCMD(TestPass): -@@ -47,6 +48,7 @@ class TestPassAuditCMD(TestPass): - cmd = ['--not-an-option', '-q'] - self._passaudit(cmd, 2) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_StoreNotInitialized(self): - """Testing: store not initialized.""" - cmd = ['Password/', '-v'] -@@ -56,6 +58,7 @@ class TestPassAuditCMD(TestPass): - os.rename(os.path.join(self.store.prefix, 'backup.gpg-id'), - os.path.join(self.store.prefix, '.gpg-id')) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_InvalidID(self): - """Testing: invalid user ID.""" - os.rename(os.path.join(self.store.prefix, '.gpg-id'), -@@ -66,26 +69,31 @@ class TestPassAuditCMD(TestPass): - os.rename(os.path.join(self.store.prefix, 'backup.gpg-id'), - os.path.join(self.store.prefix, '.gpg-id')) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_NotAFile(self): - """Testing: pass audit not_a_file.""" - cmd = ['not_a_file'] - self._passaudit(cmd, 1) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_passwords_notpwned(self): - """Testing: pass audit Password/notpwned.""" - cmd = ['Password/notpwned'] - self._passaudit(cmd) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_passwords_pwned(self): - """Testing: pass audit Password/pwned.""" - cmd = ['Password/pwned'] - self._passaudit(cmd) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_passwords_good(self): - """Testing: pass audit Password/good.""" - cmd = ['Password/good'] - self._passaudit(cmd) - -+ @mock.patch('requests.get', mock_request) - def test_pass_audit_passwords_all(self): - """Testing: pass audit .""" - cmd = [''] -diff --git a/tests/test_pwned.py b/tests/test_pwned.py -index 5ce6bc6..c28939a 100644 ---- a/tests/test_pwned.py -+++ b/tests/test_pwned.py -@@ -17,7 +17,8 @@ - # - - from .. import pass_audit --from tests.commons import TestPass -+from tests.commons import TestPass, mock_request -+from unittest import mock - - - class TestPwnedAPI(TestPass): -@@ -25,12 +26,13 @@ class TestPwnedAPI(TestPass): - def setUp(self): - self.api = pass_audit.PwnedAPI() - -+ @mock.patch('requests.get', mock_request) - def test_password_range(self): - """Testing: https://api.haveibeenpwned.com/range API.""" - prefix = '21BD1' - Hash = '21BD12DC183F740EE76F27B78EB39C8AD972A757' - hashes, counts = self.api.password_range(prefix) - self.assertIn(Hash, hashes) -- self.assertTrue(counts[hashes.index(Hash)] == 51259) -+ self.assertTrue(counts[hashes.index(Hash)] == 52579) - self.assertTrue(len(hashes) == len(counts)) -- self.assertTrue(len(hashes) == 527) -+ self.assertTrue(len(hashes) == 11) --- -2.25.0 - diff --git a/pkgs/tools/security/pass/extensions/audit/default.nix b/pkgs/tools/security/pass/extensions/audit/default.nix index 5f8e0f7b1c6..144d13238f2 100644 --- a/pkgs/tools/security/pass/extensions/audit/default.nix +++ b/pkgs/tools/security/pass/extensions/audit/default.nix @@ -5,23 +5,24 @@ let in stdenv.mkDerivation rec { pname = "pass-audit"; - version = "1.0.1"; + version = "1.1"; src = fetchFromGitHub { owner = "roddhjav"; repo = "pass-audit"; rev = "v${version}"; - sha256 = "1mdckw0dwcnv8smp1za96y0zmdnykbkw2606v7mzfnzbz4zjdlwl"; + sha256 = "1vapymgpab91kh798mirgs1nb7j9qln0gm2d3321cmsghhb7xs45"; }; patches = [ - ./0001-Make-it-possible-to-run-the-tests-offline.patch ./0002-Fix-audit.bash-setup.patch ]; postPatch = '' substituteInPlace audit.bash \ - --replace '/usr/bin/env python3' "${pythonEnv}/bin/python3" + --replace 'python3' "${pythonEnv}/bin/python3" + substituteInPlace Makefile \ + --replace "install --root" "install --prefix ''' --root" ''; outputs = [ "out" "man" ]; diff --git a/pkgs/tools/security/pass/extensions/import.nix b/pkgs/tools/security/pass/extensions/import.nix index c2fc2cff881..cc5f0c94e11 100644 --- a/pkgs/tools/security/pass/extensions/import.nix +++ b/pkgs/tools/security/pass/extensions/import.nix @@ -53,7 +53,7 @@ in stdenv.mkDerivation rec { description = "Pass extension for importing data from existing password managers"; homepage = "https://github.com/roddhjav/pass-import"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/pass/extensions/tomb.nix b/pkgs/tools/security/pass/extensions/tomb.nix index f5b61207de6..43c74a9029b 100644 --- a/pkgs/tools/security/pass/extensions/tomb.nix +++ b/pkgs/tools/security/pass/extensions/tomb.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { description = "Pass extension that keeps the password store encrypted inside a tomb"; homepage = "https://github.com/roddhjav/pass-tomb"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/pass/extensions/update.nix b/pkgs/tools/security/pass/extensions/update.nix index 5bc88d394e7..b2f331f1375 100644 --- a/pkgs/tools/security/pass/extensions/update.nix +++ b/pkgs/tools/security/pass/extensions/update.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { description = "Pass extension that provides an easy flow for updating passwords"; homepage = "https://github.com/roddhjav/pass-update"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/pass/rofi-pass.nix b/pkgs/tools/security/pass/rofi-pass.nix index 7daf42ab6c7..b3c08648862 100644 --- a/pkgs/tools/security/pass/rofi-pass.nix +++ b/pkgs/tools/security/pass/rofi-pass.nix @@ -50,7 +50,6 @@ stdenv.mkDerivation rec { meta = { description = "A script to make rofi work with password-store"; homepage = "https://github.com/carnager/rofi-pass"; - maintainers = with stdenv.lib.maintainers; [ the-kenny ]; license = stdenv.lib.licenses.gpl3; platforms = with stdenv.lib.platforms; linux; }; diff --git a/pkgs/tools/security/pcsc-cyberjack/default.nix b/pkgs/tools/security/pcsc-cyberjack/default.nix index 6683caecbe9..7ae062547aa 100644 --- a/pkgs/tools/security/pcsc-cyberjack/default.nix +++ b/pkgs/tools/security/pcsc-cyberjack/default.nix @@ -1,25 +1,28 @@ -{ stdenv, fetchurl, pkgconfig, libusb1, pcsclite }: +{ stdenv, fetchurl, autoreconfHook, pkgconfig, libusb1, pcsclite }: -stdenv.mkDerivation rec { +let + version = "3.99.5"; + suffix = "SP13"; + tarBall = "${version}final.${suffix}"; + +in stdenv.mkDerivation rec { pname = "pcsc-cyberjack"; - version = "3.99.5_SP12"; - - src = with stdenv.lib; let - splittedVer = splitString "_" version; - mainVer = if length splittedVer >= 1 then head splittedVer else version; - spVer = optionalString (length splittedVer >= 1) ("." + last splittedVer); - tarballVersion = "${mainVer}final${spVer}"; - in fetchurl { - url = "http://support.reiner-sct.de/downloads/LINUX/V${version}" - + "/pcsc-cyberjack-${tarballVersion}.tar.bz2"; - sha256 = "04pkmybal56s5xnjld09vl1s1h6qf8mvhm41b758d6hi240kgp1j"; + inherit version; + + src = fetchurl { + url = + "http://support.reiner-sct.de/downloads/LINUX/V${version}_${suffix}/${pname}_${tarBall}.tar.gz"; + sha256 = "1lx4bfz4riz7j77sl65akyxzww0ygm63w0c1b75knr1pijlv8d3b"; }; outputs = [ "out" "tools" ]; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ libusb1 pcsclite ]; + enableParallelBuilding = true; + configureFlags = [ "--with-usbdropdir=${placeholder "out"}/pcsc/drivers" "--bindir=${placeholder "tools"}/bin" @@ -31,7 +34,7 @@ stdenv.mkDerivation rec { description = "REINER SCT cyberJack USB chipcard reader user space driver"; homepage = "https://www.reiner-sct.com/"; license = licenses.gpl2Plus; - platforms = platforms.linux; maintainers = with maintainers; [ aszlig ]; + platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/pcsc-scm-scl011/default.nix b/pkgs/tools/security/pcsc-scm-scl011/default.nix index b400d628fd7..62f4c3e8556 100644 --- a/pkgs/tools/security/pcsc-scm-scl011/default.nix +++ b/pkgs/tools/security/pcsc-scm-scl011/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, unzip, libusb }: +{ stdenv, fetchurl, unzip, libusb-compat-0_1 }: let arch = if stdenv.hostPlatform.system == "i686-linux" then "32" @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { cp -r proprietary/*.bundle $out/pcsc/drivers ''; - libPath = stdenv.lib.makeLibraryPath [ libusb ]; + libPath = stdenv.lib.makeLibraryPath [ libusb-compat-0_1 ]; fixupPhase = '' patchelf --set-rpath $libPath \ diff --git a/pkgs/tools/security/pdfcrack/default.nix b/pkgs/tools/security/pdfcrack/default.nix index 9d05304cf2f..afef0d4c472 100644 --- a/pkgs/tools/security/pdfcrack/default.nix +++ b/pkgs/tools/security/pdfcrack/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pdfcrack"; - version = "0.18"; + version = "0.19"; src = fetchurl { url = "mirror://sourceforge/pdfcrack/pdfcrack/pdfcrack-${version}.tar.gz"; - sha256 = "035s3jzrs3ci0i53x04dzpqp9225c4s52cd722d6zqra5b2sw8w2"; + sha256 = "1vf0l83xk627fg0a3b10wabgqxy08q4vbm0xjw9xzkdpk1lj059i"; }; installPhase = '' diff --git a/pkgs/tools/security/prey/default.nix b/pkgs/tools/security/prey/default.nix deleted file mode 100644 index c6675601231..00000000000 --- a/pkgs/tools/security/prey/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ stdenv, fetchurl, fetchgit, curl, scrot, imagemagick, xawtv, inetutils, makeWrapper, coreutils -, apiKey ? "" -, deviceKey ? "" }: - -# TODO: this should assert keys are set, somehow if set through .override assertion fails -#assert apiKey != ""; -#assert deviceKey != ""; - -let - modulesSrc = fetchgit { - url = "git://github.com/prey/prey-bash-client-modules.git"; - rev = "aba260ef110834cb2e92923a31f50c15970639ee"; - sha256 = "9cb1ad813d052a0a3e3bbdd329a8711ae3272e340379489511f7dd578d911e30"; - }; -in stdenv.mkDerivation rec { - pname = "prey-bash-client"; - version = "0.6.0"; - - src = fetchurl { - url = "https://github.com/prey/prey-bash-client/archive/v${version}.tar.gz"; - sha256 = "09cb15jh4jdwvix9nx048ajkw2r5jaflk68y3rkha541n8n0qwh0"; - }; - - buildInputs = [ curl scrot imagemagick xawtv makeWrapper ]; - - phases = "unpackPhase installPhase"; - - installPhase = '' - substituteInPlace config --replace api_key=\'\' "api_key='${apiKey}'" - substituteInPlace config --replace device_key=\'\' "device_key='${deviceKey}'" - - substituteInPlace prey.sh --replace /bin/bash $(type -Pp bash) - mkdir -p $out/modules - cp -R . $out - cp -R ${modulesSrc}/* $out/modules/ - wrapProgram "$out/prey.sh" \ - --prefix PATH ":" "${stdenv.lib.makeBinPath [ xawtv imagemagick curl scrot inetutils coreutils ]}" \ - --set CURL_CA_BUNDLE "/etc/ssl/certs/ca-certificates.crt" - ''; - - meta = with stdenv.lib; { - homepage = "https://preyproject.com"; - description = "Proven tracking software that helps you find, lock and recover your devices when stolen or missing"; - maintainers = with maintainers; [ domenkozar ]; - license = licenses.gpl3; - platforms = with platforms; linux; - }; -} diff --git a/pkgs/tools/security/pyrit/default.nix b/pkgs/tools/security/pyrit/default.nix new file mode 100644 index 00000000000..93ae86416e1 --- /dev/null +++ b/pkgs/tools/security/pyrit/default.nix @@ -0,0 +1,42 @@ +{ stdenv, lib, fetchFromGitHub, python2Packages, openssl, zlib, libpcap, opencl-headers, ocl-icd }: + +let + version = "2019-12-13"; + src = fetchFromGitHub { + owner = "JPaulMora"; + repo = "Pyrit"; + rev = "f0f1913c645b445dd391fb047b812b5ba511782c"; + sha256 = "1npkvngc4g3g6mpjip2wwhvcd4a75jy3dbddxhxhzrrz4p7259gr"; + }; + + cpyrit_opencl = python2Packages.buildPythonPackage { + pname = "cpyrit-opencl"; + inherit version; + + src = "${src}/modules/cpyrit_opencl"; + + buildInputs = [ opencl-headers ocl-icd openssl zlib ]; + + postInstall = let + python = python2Packages.python; + in '' + # pyrit uses "import _cpyrit_cuda" so put the output in the root site-packages + mv $out/lib/${python.libPrefix}/site-packages/cpyrit/_cpyrit_opencl.so $out/lib/${python.libPrefix}/site-packages/ + ''; + }; +in +python2Packages.buildPythonApplication rec { + pname = "pyrit"; + inherit version src; + + buildInputs = [ openssl zlib libpcap ]; + propagatedBuildInputs = [ cpyrit_opencl ]; + + meta = with stdenv.lib; { + homepage = "https://github.com/JPaulMora/Pyrit"; + description = "GPGPU-driven WPA/WPA2-PSK key cracker"; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ danielfullmer ]; + }; +} diff --git a/pkgs/tools/security/sn0int/default.nix b/pkgs/tools/security/sn0int/default.nix new file mode 100644 index 00000000000..9e9cbe2bb3a --- /dev/null +++ b/pkgs/tools/security/sn0int/default.nix @@ -0,0 +1,32 @@ +{ lib, fetchFromGitHub, rustPlatform, + libsodium, libseccomp, sqlite, pkgconfig }: + +rustPlatform.buildRustPackage rec { + pname = "sn0int"; + version = "0.18.2"; + + src = fetchFromGitHub { + owner = "kpcyrd"; + repo = pname; + rev = "v${version}"; + sha256 = "0b21b0ryq03zrhqailg2iajirn30l358aj3k44lfnravr4h9zwkj"; + }; + + cargoSha256 = "1pvn0sc325b5fh29m2l6cack4qfssa4lp3zhyb1qzkb3fmw3lgcy"; + + nativeBuildInputs = [ pkgconfig ]; + + buildInputs = [ libsodium libseccomp sqlite ]; + + # One of the dependencies (chrootable-https) tries to read "/etc/resolv.conf" + # in "checkPhase", hence fails in sandbox of "nix". + doCheck = false; + + meta = with lib; { + description = "Semi-automatic OSINT framework and package manager"; + homepage = "https://github.com/kpcyrd/sn0int"; + license = licenses.gpl3; + maintainers = with maintainers; [ xrelkd ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/super/default.nix b/pkgs/tools/security/super/default.nix index 73321fd618e..07051731069 100644 --- a/pkgs/tools/security/super/default.nix +++ b/pkgs/tools/security/super/default.nix @@ -17,9 +17,11 @@ stdenv.mkDerivation rec { ''; patches = [ - (fetchpatch { url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch"; - sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; - }) + (fetchpatch { + name = "CVE-2014-0470.patch"; + url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch"; + sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; + }) ]; NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE"; diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 215ab63328f..e6cd74eda4b 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -30,6 +30,10 @@ stdenv.mkDerivation rec { patches = [ ./disable-monotonic-timer-tests.patch ]; + # cross compiles correctly but needs the following + configureFlags = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) + "--disable-tool-name-check"; + NIX_CFLAGS_LINK = stdenv.lib.optionalString stdenv.cc.isGNU "-lgcc_s"; postPatch = '' diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix index a0205970366..353590ed87c 100644 --- a/pkgs/tools/security/trufflehog/default.nix +++ b/pkgs/tools/security/trufflehog/default.nix @@ -1,22 +1,22 @@ -{ lib, pythonPackages }: +{ lib, python3Packages }: let - truffleHogRegexes = pythonPackages.buildPythonPackage rec { + truffleHogRegexes = python3Packages.buildPythonPackage rec { pname = "truffleHogRegexes"; - version = "0.0.4"; - src = pythonPackages.fetchPypi { + version = "0.0.7"; + src = python3Packages.fetchPypi { inherit pname version; - sha256 = "09vrscbb4h4w01gmamlzghxx6cvrqdscylrbdcnbjsd05xl7zh4z"; + sha256 = "b81dfc60c86c1e353f436a0e201fd88edb72d5a574615a7858485c59edf32405"; }; }; in - pythonPackages.buildPythonApplication rec { + python3Packages.buildPythonApplication rec { pname = "truffleHog"; - version = "2.0.97"; + version = "2.1.11"; - src = pythonPackages.fetchPypi { + src = python3Packages.fetchPypi { inherit pname version; - sha256 = "034kpv1p4m90286slvc6d4mlrzaf0b5jbd4qaj87hj65wbpcpg8r"; + sha256 = "53619f0c5be082abd377f987291ace80bc3b88f864972b1a30494780980f769e"; }; # Relax overly restricted version constraint @@ -24,7 +24,7 @@ in substituteInPlace setup.py --replace "GitPython ==" "GitPython >= " ''; - propagatedBuildInputs = [ pythonPackages.GitPython truffleHogRegexes ]; + propagatedBuildInputs = [ python3Packages.GitPython truffleHogRegexes ]; # Test cases run git clone and require network access doCheck = false; diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 54be477cfe2..515b5884999 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -1,28 +1,30 @@ -{ stdenv, fetchFromGitHub, buildGoPackage }: +{ stdenv, fetchFromGitHub, buildGoPackage, installShellFiles }: buildGoPackage rec { pname = "vault"; - version = "1.4.0"; + version = "1.4.1"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "13ycg9shara4ycbi79wj28z6nimnsqgisbf35ca3q9w066ac0ja2"; + sha256 = "0fbbvihvlzh95rrk65bwxfcam6y57q0yffq8dzvcbm3i0ap7ndar"; }; goPackagePath = "github.com/hashicorp/vault"; subPackages = [ "." ]; + nativeBuildInputs = [ installShellFiles ]; + buildFlagsArray = [ "-tags='vault'" "-ldflags=\"-X github.com/hashicorp/vault/sdk/version.GitCommit='v${version}'\"" ]; postInstall = '' - mkdir -p $bin/share/bash-completion/completions - echo "complete -C $bin/bin/vault vault" > $bin/share/bash-completion/completions/vault + echo "complete -C $out/bin/vault vault" > vault.bash + installShellCompletion vault.bash ''; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/verifpal/default.nix b/pkgs/tools/security/verifpal/default.nix index 95afb580d4e..e1e5e100bd1 100644 --- a/pkgs/tools/security/verifpal/default.nix +++ b/pkgs/tools/security/verifpal/default.nix @@ -28,8 +28,8 @@ buildGoPackage rec { ''; installPhase = '' - mkdir -p $bin/bin - cp go/src/$goPackagePath/build/bin/linux/verifpal $bin/bin/ + mkdir -p $out/bin + cp go/src/$goPackagePath/build/bin/linux/verifpal $out/bin/ ''; meta = { |