diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2016-01-19 09:55:31 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2016-01-19 09:55:31 +0100 |
commit | 716aac2519a7571e7f5fd984a886d579a4a051c5 (patch) | |
tree | 53cf89cf764d787f4dc8f08474479892b9733177 /pkgs/tools/security | |
parent | f8472457a440de3c44f6f604142d678b6ae2a762 (diff) | |
parent | 53b389327e34de319dc0dbda2b6bcab1a69db69d (diff) | |
download | nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar.gz nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar.bz2 nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar.lz nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar.xz nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.tar.zst nixpkgs-716aac2519a7571e7f5fd984a886d579a4a051c5.zip |
Merge branch 'staging' into closure-size
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/eid-mw/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/muscleframework/default.nix | 31 | ||||
-rw-r--r-- | pkgs/tools/security/muscletool/default.nix | 20 | ||||
-rw-r--r-- | pkgs/tools/security/opensc-dnie-wrapper/default.nix | 67 | ||||
-rw-r--r-- | pkgs/tools/security/pamtester/default.nix | 20 | ||||
-rw-r--r-- | pkgs/tools/security/pass/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/pinentry-mac/default.nix | 26 | ||||
-rw-r--r-- | pkgs/tools/security/sshuttle/default.nix | 58 | ||||
-rw-r--r-- | pkgs/tools/security/sshuttle/sudo.patch | 13 | ||||
-rw-r--r-- | pkgs/tools/security/sudo/default.nix | 1 | ||||
-rw-r--r-- | pkgs/tools/security/tor/torbrowser.nix | 17 |
11 files changed, 88 insertions, 171 deletions
diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index eba1bef1870..72524291441 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchFromGitHub, autoreconfHook, gtk3, nssTools, pcsclite , pkgconfig }: -let version = "4.1.11"; in +let version = "4.1.12"; in stdenv.mkDerivation { name = "eid-mw-${version}"; src = fetchFromGitHub { - sha256 = "09rp4x1vg0j4rb2dl74f8a7szqx73saacjz09jkih1sz6vwi0j0w"; + sha256 = "12nnzh3idnl5bdjqmm8si5nj7yr42mkxhzq70s760bnfmvbqgbmc"; rev = "v${version}"; repo = "eid-mw"; owner = "Fedict"; diff --git a/pkgs/tools/security/muscleframework/default.nix b/pkgs/tools/security/muscleframework/default.nix deleted file mode 100644 index c1b9dad91ff..00000000000 --- a/pkgs/tools/security/muscleframework/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -# The tarball has different plugins in it, and as I don't need all of them, -# I only build one of those in this derivation -# This is an arbitrary decision, and this simplicity fit my needs. -# Anyone can extend the extension to build all the plugins, or to make -# different derivations for each plugin. - -{stdenv, fetchurl, libmusclecard, pkgconfig, pcsclite}: -stdenv.mkDerivation { - name = "muscleframework-mcardplugin-1.1.7"; - - src = fetchurl { - url = https://alioth.debian.org/frs/download.php/3056/muscleframework-1.1.7.tar.gz; - sha256 = "081sq25fa3k1gz0asq2995krx7pzxbfq5vx1ahsd5sbmwnplv94v"; - }; - - preConfigure = '' - cd MCardPlugin - configureFlags="$configureFlags --enable-muscledropdir=$out/pcsc/services" - ''; - - buildInputs = [ libmusclecard pkgconfig pcsclite]; - - meta = with stdenv.lib; { - description = "MUSCLE smart card framework - mcard plugin"; - homepage = http://muscleplugins.alioth.debian.org/; - license = licenses.bsd3; - maintainers = with maintainers; [viric]; - # XXX: don't build before libmusclecard is fixed - # platforms = with stdenv.lib.platforms; linux; - }; -} diff --git a/pkgs/tools/security/muscletool/default.nix b/pkgs/tools/security/muscletool/default.nix deleted file mode 100644 index 34f75609e4f..00000000000 --- a/pkgs/tools/security/muscletool/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{stdenv, fetchurl, libmusclecard, pcsclite, pkgconfig }: -stdenv.mkDerivation { - name = "muscletool-2.1.1"; - - src = fetchurl { - url = https://alioth.debian.org/frs/download.php/3180/muscletool-2.1.1.tar.bz2; - sha256 = "11d812ijvhsaxwkr05hzxfl0n6ji9hwl5j1kv56f9gv8kyy3b9kw"; - }; - - buildInputs = [ libmusclecard pcsclite pkgconfig ]; - - meta = with stdenv.lib; { - description = "Smart card applications for use with MUSCLE plugins"; - homepage = http://muscleapps.alioth.debian.org/; - license = licenses.bsd3; - maintainers = with maintainers; [viric]; - # XXX: don't build before libmusclecard is fixed - # platforms = with stdenv.lib.platforms; linux; - }; -} diff --git a/pkgs/tools/security/opensc-dnie-wrapper/default.nix b/pkgs/tools/security/opensc-dnie-wrapper/default.nix deleted file mode 100644 index 8003073159a..00000000000 --- a/pkgs/tools/security/opensc-dnie-wrapper/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{stdenv, makeWrapper, ed, libopensc_dnie}: - -let - opensc = libopensc_dnie.opensc; -in -stdenv.mkDerivation rec { - name = "${opensc.name}-dnie-wrapper"; - - buildInputs = [ makeWrapper ]; - - phases = [ "installPhase" ]; - - installPhase = '' - mkdir -p $out/etc - cp ${opensc}/etc/opensc.conf $out/etc - chmod +w $out/etc/opensc.conf - - # NOTE: The libopensc-dnie.so driver requires /usr/bin/pinentry available, to sign - - ${ed}/bin/ed $out/etc/opensc.conf << EOF - /card_drivers - a - card_drivers = dnie; - card_driver dnie { - module = ${libopensc_dnie}/lib/libopensc-dnie.so; - } - . - w - q - EOF - - # Disable pkcs15 file caching, otherwise the card does not work - sed -i 's/use_caching = true/use_caching = false/' $out/etc/opensc.conf - - for a in ${opensc}/bin/*; do - makeWrapper $a $out/bin/`basename $a` \ - --set OPENSC_CONF $out/etc/opensc.conf - done - - # Special wrapper for pkcs11-tool, which needs an additional parameter - rm $out/bin/pkcs11-tool - makeWrapper ${opensc}/bin/pkcs11-tool $out/bin/pkcs11-tool \ - --set OPENSC_CONF $out/etc/opensc.conf \ - --add-flags "--module ${opensc}/lib/opensc-pkcs11.so" - - # Add, as bonus, a wrapper for the firefox in the PATH, that loads the - # proper opensc configuration. - cat > $out/bin/firefox-dnie << EOF - #!${stdenv.shell} - export OPENSC_CONF=$out/etc/opensc.conf - exec firefox - EOF - chmod +x $out/bin/firefox-dnie - ''; - - meta = { - description = "Access to the opensc tools and firefox using the Spanish national ID SmartCard"; - longDescription = '' - Opensc needs a special configuration and special drivers to use the SmartCard - the Spanish government provides to the citizens as ID card. - Some wrapper scripts take care for the proper opensc configuration to be used, in order - to access the certificates in the SmartCard through the opensc tools or firefox. - Opensc will require a pcscd daemon running, managing the access to the card reader. - ''; - maintainers = with stdenv.lib.maintainers; [viric]; - }; -} diff --git a/pkgs/tools/security/pamtester/default.nix b/pkgs/tools/security/pamtester/default.nix new file mode 100644 index 00000000000..cdafed53408 --- /dev/null +++ b/pkgs/tools/security/pamtester/default.nix @@ -0,0 +1,20 @@ +{ stdenv, fetchurl, pam }: + +stdenv.mkDerivation rec { + name = "pamtester-0.1.2"; + + src = fetchurl { + url = "mirror://sourceforge/pamtester/${name}.tar.gz"; + sha256 = "1mdj1wj0adcnx354fs17928yn2xfr1hj5mfraq282dagi873sqw3"; + }; + + buildInputs = [ pam ]; + + meta = with stdenv.lib; { + description = "Utility program to test the PAM facility."; + homepage = http://pamtester.sourceforge.net/; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 3315683967c..03720d6abe1 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Stores, retrieves, generates, and synchronizes passwords securely"; - homepage = http://zx2c4.com/projects/password-store/; + homepage = http://www.passwordstore.org/; license = licenses.gpl2Plus; maintainers = with maintainers; [ lovek323 the-kenny ]; platforms = platforms.unix; diff --git a/pkgs/tools/security/pinentry-mac/default.nix b/pkgs/tools/security/pinentry-mac/default.nix new file mode 100644 index 00000000000..faf8c613ea8 --- /dev/null +++ b/pkgs/tools/security/pinentry-mac/default.nix @@ -0,0 +1,26 @@ +{ fetchurl, stdenv }: + +stdenv.mkDerivation rec { + name = "pinentry-mac-0.9.4"; + + src = fetchurl { + url = "https://github.com/GPGTools/pinentry-mac/archive/v0.9.4.tar.gz"; + sha256 = "037ebb010377d3a3879ae2a832cefc4513f5c397d7d887d7b86b4e5d9a628271"; + }; + + postPatch = '' + substituteInPlace ./Makefile --replace "xcodebuild" "/usr/bin/xcodebuild" + ''; + + installPhase = '' + mkdir -p $out/Applications + mv build/Release/pinentry-mac.app $out/Applications + ''; + + meta = { + description = "Pinentry for GPG on Mac"; + license = stdenv.lib.licenses.gpl2Plus; + homepage = "https://github.com/GPGTools/pinentry-mac"; + platforms = stdenv.lib.platforms.darwin; + }; +} diff --git a/pkgs/tools/security/sshuttle/default.nix b/pkgs/tools/security/sshuttle/default.nix index e085bfaaa91..62d3d2613cc 100644 --- a/pkgs/tools/security/sshuttle/default.nix +++ b/pkgs/tools/security/sshuttle/default.nix @@ -1,59 +1,33 @@ -{ stdenv, fetchFromGitHub, fetchpatch, makeWrapper, pandoc -, coreutils, iptables, nettools, openssh, procps, pythonPackages }: +{ stdenv, pythonPackages, fetchurl, makeWrapper, pandoc +, coreutils, iptables, nettools, openssh, procps }: -let version = "0.71"; in -stdenv.mkDerivation rec { +pythonPackages.buildPythonPackage rec { + version = "0.76"; name = "sshuttle-${version}"; - src = fetchFromGitHub { - sha256 = "0yr8nih97jg6azfj3k7064lfbh3g36l6vwyjlngl4ph6mgcki1cm"; - rev = name; - repo = "sshuttle"; - owner = "sshuttle"; + src = fetchurl { + sha256 = "1q0hr0vhdvv23cw5dqndsmf61283mvs6b14662ci00xj6zp5v48b"; + url = "https://pypi.python.org/packages/source/s/sshuttle/${name}.tar.gz"; }; - patches = [ - (fetchpatch { - sha256 = "1yrjyvdz6k6zk020dmbagf8w49w8vhfbzgfpsq9jqdh2hbykv3m3"; - url = https://github.com/sshuttle/sshuttle/commit/3cf5002b62650c26a50e18af8d8c5c91d754bab9.patch; - }) - (fetchpatch { - sha256 = "091gg28cnmx200q46bcnxpp9ih9p5qlq0r3bxfm0f4qalg8rmp2g"; - url = https://github.com/sshuttle/sshuttle/commit/d70b5f2b89e593506834cf8ea10785d96c801dfc.patch; - }) - (fetchpatch { - sha256 = "17l9h8clqlbyxdkssavxqpb902j7b3yabrrdalybfpkhj69x8ghk"; - url = https://github.com/sshuttle/sshuttle/commit/a38963301e9c29fbe3232f0a41ea080b642c5ad2.patch; - }) - ]; + patches = [ ./sudo.patch ]; - nativeBuildInputs = [ makeWrapper pandoc ]; + propagatedBuildInputs = with pythonPackages; [ PyXAPI mock pytest ]; + nativeBuildInputs = [ makeWrapper pandoc pythonPackages.setuptools_scm ]; buildInputs = - [ coreutils iptables nettools openssh procps pythonPackages.python ]; - pythonPaths = with pythonPackages; [ PyXAPI ]; + [ coreutils openssh ] ++ + stdenv.lib.optionals stdenv.isLinux [ iptables nettools procps ]; - preConfigure = '' - cd src - ''; - - installPhase = let + postInstall = let mapPath = f: x: stdenv.lib.concatStringsSep ":" (map f x); in '' - mkdir -p $out/share/sshuttle - cp -R sshuttle *.py compat $out/share/sshuttle - - mkdir -p $out/bin - ln -s $out/share/sshuttle/sshuttle $out/bin - wrapProgram $out/bin/sshuttle \ - --prefix PATH : "${mapPath (x: "${x}/bin") buildInputs}" \ - --prefix PYTHONPATH : "${mapPath (x: "$(toPythonPath ${x})") pythonPaths}" - - install -Dm644 sshuttle.8 $out/share/man/man8/sshuttle.8 + wrapProgram $out/bin/sshuttle \ + --prefix PATH : "${mapPath (x: "${x}/bin") buildInputs}" \ ''; meta = with stdenv.lib; { inherit version; - inherit (src.meta) homepage; + homepage = https://github.com/sshuttle/sshuttle/; description = "Transparent proxy server that works as a poor man's VPN"; longDescription = '' Forward connections over SSH, without requiring administrator access to the diff --git a/pkgs/tools/security/sshuttle/sudo.patch b/pkgs/tools/security/sshuttle/sudo.patch new file mode 100644 index 00000000000..761bfaef852 --- /dev/null +++ b/pkgs/tools/security/sshuttle/sudo.patch @@ -0,0 +1,13 @@ +diff --git a/sshuttle/client.py b/sshuttle/client.py +index 7a7b6d7..8dde615 100644 +--- a/sshuttle/client.py ++++ b/sshuttle/client.py +@@ -158,7 +158,7 @@ class FirewallClient: + def __init__(self, method_name): + self.auto_nets = [] + python_path = os.path.dirname(os.path.dirname(__file__)) +- argvbase = ([sys.executable, sys.argv[0]] + ++ argvbase = ([sys.argv[0]] + + ['-v'] * (helpers.verbose or 0) + + ['--method', method_name] + + ['--firewall']) diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index 6720c737866..df8024e040e 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -20,6 +20,7 @@ stdenv.mkDerivation rec { "--with-rundir=/run/sudo" "--with-vardir=/var/db/sudo" "--with-logpath=/var/log/sudo.log" + "--with-iologdir=/var/log/sudo-io" "--with-sendmail=${sendmailPath}" ] ++ stdenv.lib.optional withInsults [ "--with-insults" diff --git a/pkgs/tools/security/tor/torbrowser.nix b/pkgs/tools/security/tor/torbrowser.nix index e6ce333cc91..ccfd4ae044d 100644 --- a/pkgs/tools/security/tor/torbrowser.nix +++ b/pkgs/tools/security/tor/torbrowser.nix @@ -46,14 +46,15 @@ in stdenv.mkDerivation rec { cp -R * $out/share/tor-browser cat > "$out/bin/tor-browser" << EOF - export HOME="\$HOME/.torbrowser4" - if [ ! -d \$HOME ]; then - mkdir -p \$HOME && cp -R $out/share/tor-browser/Browser/TorBrowser/Data \$HOME/ && chmod -R +w \$HOME - echo "pref(\"extensions.torlauncher.tordatadir_path\", \"\$HOME/Data/Tor/\");" >> \ - ~/Data/Browser/profile.default/preferences/extension-overrides.js - fi - export LD_LIBRARY_PATH=${ldLibraryPath}:$out/share/tor-browser/Browser/TorBrowser/Tor - $out/share/tor-browser/Browser/firefox -no-remote -profile ~/Data/Browser/profile.default "$@" + #!${stdenv.shell} + export HOME="\$HOME/.torbrowser4" + if [ ! -d \$HOME ]; then + mkdir -p \$HOME && cp -R $out/share/tor-browser/Browser/TorBrowser/Data \$HOME/ && chmod -R +w \$HOME + echo "pref(\"extensions.torlauncher.tordatadir_path\", \"\$HOME/Data/Tor/\");" >> \ + ~/Data/Browser/profile.default/preferences/extension-overrides.js + fi + export LD_LIBRARY_PATH=${ldLibraryPath}:$out/share/tor-browser/Browser/TorBrowser/Tor + $out/share/tor-browser/Browser/firefox -no-remote -profile ~/Data/Browser/profile.default "$@" EOF chmod +x $out/bin/tor-browser ''; |