diff options
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/amber/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/cdk-go/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/dnsx/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/expliot/default.nix | 7 | ||||
-rw-r--r-- | pkgs/tools/security/exploitdb/default.nix | 5 | ||||
-rw-r--r-- | pkgs/tools/security/gitleaks/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/23.nix | 16 | ||||
-rw-r--r-- | pkgs/tools/security/pomerium-cli/default.nix | 58 | ||||
-rw-r--r-- | pkgs/tools/security/sdlookup/default.nix | 25 | ||||
-rw-r--r-- | pkgs/tools/security/sigma-cli/default.nix | 50 | ||||
-rw-r--r-- | pkgs/tools/security/sops/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/swtpm/default.nix | 41 |
12 files changed, 193 insertions, 39 deletions
diff --git a/pkgs/tools/security/amber/default.nix b/pkgs/tools/security/amber/default.nix index 5fb88ca9921..c2196cea686 100644 --- a/pkgs/tools/security/amber/default.nix +++ b/pkgs/tools/security/amber/default.nix @@ -3,16 +3,16 @@ rustPlatform.buildRustPackage rec { # Renaming it to amber-secret because another package named amber exists pname = "amber-secret"; - version = "0.1.2"; + version = "0.1.3"; src = fetchFromGitHub { owner = "fpco"; repo = "amber"; rev = "v${version}"; - sha256 = "sha256-+vipQl/HWoYnOPkQLjeIedpnnqPVYaUWhks9eCgMOxQ="; + sha256 = "sha256-kPDNTwsfI+8nOgsLv2aONrLGSRZhw5YzNntJ2tbE0oI="; }; - cargoSha256 = "sha256-xWEQvCyd8auE0q9rBt9iDgU8Dscf4pq/gsAINH2eQY4="; + cargoSha256 = "sha256-fTdTgbeOQXEpLHq9tHiPLkttvaxS/WJ86h3jRdrfbJM="; buildInputs = lib.optionals stdenv.isDarwin [ Security ]; diff --git a/pkgs/tools/security/cdk-go/default.nix b/pkgs/tools/security/cdk-go/default.nix index 317f6092718..88fd089cb68 100644 --- a/pkgs/tools/security/cdk-go/default.nix +++ b/pkgs/tools/security/cdk-go/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "cdk-go"; - version = "1.0.5"; + version = "1.0.6"; src = fetchFromGitHub { owner = "cdk-team"; repo = "CDK"; rev = "v${version}"; - sha256 = "sha256-Ngv+/b9D27ERwjNIC3s3ZBPkV10G+tT8QW8YMOgb8aA="; + sha256 = "sha256-XzUSiE03ZbP75ewwBJFwZE0aKNlOFprezeD26japLD8="; }; - vendorSha256 = "sha256-9Q7f3keMUEI2cWal2dvp4b8kvTZVM1Cf4iTvH9yCyX0="; + vendorSha256 = "sha256-mP49DmOHvS8ewQG7I1J5OEmAOkHEFJfAsEPeiaRBpWc="; # At least one test is outdated doCheck = false; diff --git a/pkgs/tools/security/dnsx/default.nix b/pkgs/tools/security/dnsx/default.nix index d81e453f692..c316ab35b6d 100644 --- a/pkgs/tools/security/dnsx/default.nix +++ b/pkgs/tools/security/dnsx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "dnsx"; - version = "1.0.9"; + version = "1.1.0"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "dnsx"; rev = "v${version}"; - sha256 = "sha256-8c9gDD/g5oP9GQV1ghb2UN9w5EccvxyDvJUAtgV8q7Y="; + sha256 = "sha256-tcUVJ/qcQGivcAjWkcfv1fZxc9F5cYn1stpCHDoJRps="; }; - vendorSha256 = "sha256-uvquc0bWwYzeeTuKlYaQp9r+O23MMs1Ajz1DPJ2qrnE="; + vendorSha256 = "sha256-hGV44Rx5kX2ZVBsTyeWm5SzpXzlTFNidt7bwzntboQo="; meta = with lib; { description = "Fast and multi-purpose DNS toolkit"; diff --git a/pkgs/tools/security/expliot/default.nix b/pkgs/tools/security/expliot/default.nix index 848ee536380..eb5fd03416f 100644 --- a/pkgs/tools/security/expliot/default.nix +++ b/pkgs/tools/security/expliot/default.nix @@ -26,7 +26,7 @@ buildPythonApplication rec { owner = "expliot_framework"; repo = pname; rev = version; - sha256 = "sha256-7Cuj3YKKwDxP2KKueJR9ZO5Bduv+lw0Y87Rw4b0jbGY="; + hash = "sha256-7Cuj3YKKwDxP2KKueJR9ZO5Bduv+lw0Y87Rw4b0jbGY="; }; propagatedBuildInputs = [ @@ -51,7 +51,10 @@ buildPythonApplication rec { postPatch = '' # https://gitlab.com/expliot_framework/expliot/-/merge_requests/113 substituteInPlace setup.py \ - --replace "pynetdicom>=1.5.1,<2" "pynetdicom>=2,<3" + --replace "pynetdicom>=1.5.1,<2" "pynetdicom>=2,<3" \ + --replace "cryptography>=3.0,<4" "cryptography>=35,<40" \ + --replace "python-can>=3.3.3,<4" "python-can>=3.3.3,<5" \ + --replace "pyparsing>=2.4.7,<3" "pyparsing>=2.4.7,<4" ''; # Project has no tests diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index 14b7d7efab2..a50588fc1f8 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -2,13 +2,14 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2022-03-10"; + version = "2022-03-11"; src = fetchFromGitHub { owner = "offensive-security"; repo = pname; rev = version; - sha256 = "sha256-zKFkPRmA2Hl/NksJTf76RcPr1nvaLdZu2fyBp5PcZ0Y="; + sha256 = "sha256-dW4cLm//4wROsizRQ59sqEGPRZ26yIU5I7mdPEYC3YU="; + }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/gitleaks/default.nix b/pkgs/tools/security/gitleaks/default.nix index ff70782dabe..a574c347629 100644 --- a/pkgs/tools/security/gitleaks/default.nix +++ b/pkgs/tools/security/gitleaks/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "gitleaks"; - version = "8.3.0"; + version = "8.4.0"; src = fetchFromGitHub { owner = "zricethezav"; repo = pname; rev = "v${version}"; - sha256 = "sha256-D6leHpGZNQ9Xt4PSU0Dwte6N3bMge7itkZtcUl0mIrQ="; + sha256 = "sha256-z3YGRDgBGpr2hixIayih4wxGWPtYL0EPAuTYVPByzQc="; }; - vendorSha256 = "sha256-JZOalUOIeV51Nttm6xeBos+/8fleSBpUiXa8ekVuYJA="; + vendorSha256 = "sha256-J1xX+r+Mph1QkqjK87tqGDkYvPZp0lHgdRhd88WZi1c="; ldflags = [ "-s" diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/23.nix index ef7a5cf85e7..e80804cd002 100644 --- a/pkgs/tools/security/gnupg/23.nix +++ b/pkgs/tools/security/gnupg/23.nix @@ -15,11 +15,11 @@ assert guiSupport -> pinentry != null && enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.3.3"; + version = "2.3.4"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "0dz9x0r5021bhk1kjh29m1q13xbslwb8yn9qzcp7b9m1lrnvi2ap"; + sha256 = "sha256-80aOyvsdf5rXtR/R23rr8XzridLvqKBc8vObTUBUAq4="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -34,19 +34,9 @@ stdenv.mkDerivation rec { ./tests-add-test-cases-for-import-without-uid.patch ./allow-import-of-previously-known-keys-even-without-UI.patch ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch - ] ++ lib.optional stdenv.isDarwin [ - # Remove an innocent warning printed on systems without procfs - # https://dev.gnupg.org/T5656 - (fetchpatch { - url = "https://raw.githubusercontent.com/Homebrew/formula-patches/890be5f6af88e7913d177af87a50129049e681bb/gnupg/2.3.3-proc-error.patch"; - sha256 = "sha256-oiTa7Nf+AEmhZ683CJEaCb559PXJ6RpSSgRLpxz4CKU="; - }) ]; postPatch = '' - sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' configure doc/dirmngr.texi doc/gnupg.info-1 - # Fix broken SOURCE_DATE_EPOCH usage - remove on the next upstream update - sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.am - sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.in + sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1 '' + lib.optionalString (stdenv.isLinux && pcsclite != null) '' sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; diff --git a/pkgs/tools/security/pomerium-cli/default.nix b/pkgs/tools/security/pomerium-cli/default.nix new file mode 100644 index 00000000000..7dc7e3a7a90 --- /dev/null +++ b/pkgs/tools/security/pomerium-cli/default.nix @@ -0,0 +1,58 @@ +{ buildGoModule +, fetchFromGitHub +, lib +, pomerium +}: + +let + inherit (lib) concatStringsSep concatMap id mapAttrsToList; +in +buildGoModule rec { + pname = "pomerium-cli"; + version = pomerium.version; + src = fetchFromGitHub { + owner = "pomerium"; + repo = "cli"; + rev = "v${version}"; + hash = "sha256:0230b22xjnpykj8bcdahzzlsvlrd63z2cmg6yb246c5ngjs835q1"; + }; + + vendorSha256 = "sha256:0xx22lmh6wip1d1bjrp4lgab3q9yilw54v4lg24lf3xhbsr5si9b"; + subPackages = [ + "cmd/pomerium-cli" + ]; + + ldflags = let + # Set a variety of useful meta variables for stamping the build with. + setVars = { + "github.com/pomerium/cli/version" = { + Version = "v${version}"; + BuildMeta = "nixpkgs"; + ProjectName = "pomerium-cli"; + ProjectURL = "github.com/pomerium/cli"; + }; + }; + concatStringsSpace = list: concatStringsSep " " list; + mapAttrsToFlatList = fn: list: concatMap id (mapAttrsToList fn list); + varFlags = concatStringsSpace ( + mapAttrsToFlatList (package: packageVars: + mapAttrsToList (variable: value: + "-X ${package}.${variable}=${value}" + ) packageVars + ) setVars); + in [ + "${varFlags}" + ]; + + installPhase = '' + install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli + ''; + + meta = with lib; { + homepage = "https://pomerium.io"; + description = "Client-side helper for Pomerium authenticating reverse proxy"; + license = licenses.asl20; + maintainers = with maintainers; [ lukegb ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/tools/security/sdlookup/default.nix b/pkgs/tools/security/sdlookup/default.nix new file mode 100644 index 00000000000..80b6d3ba688 --- /dev/null +++ b/pkgs/tools/security/sdlookup/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "sdlookup"; + version = "unstable-2022-03-10"; + + src = fetchFromGitHub { + owner = "j3ssie"; + repo = pname; + rev = "8554bfa27284c4764401dbd8da23800d4ae968a2"; + hash = "sha256-c6xAgOxle51waiFsSWvwO9eyt1KXuM0dEeepVsRQHkk="; + }; + + vendorSha256 = "sha256-j0UzucZ6kDwM+6U0ZyIW9u8XG/Bn+VUCO2vV1BbnQo0="; + + meta = with lib; { + description = "IP lookups for open ports and vulnerabilities from internetdb.shodan.io"; + homepage = "https://github.com/j3ssie/sdlookup"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/tools/security/sigma-cli/default.nix b/pkgs/tools/security/sigma-cli/default.nix new file mode 100644 index 00000000000..3bf4e788912 --- /dev/null +++ b/pkgs/tools/security/sigma-cli/default.nix @@ -0,0 +1,50 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "sigma-cli"; + version = "0.3.0"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "SigmaHQ"; + repo = pname; + rev = "v${version}"; + hash = "sha256-Nfd78Y35naDTzwodcdvJr/02CptcHxS717VGsR/QOuI="; + }; + + nativeBuildInputs = with python3.pkgs; [ + poetry-core + ]; + + propagatedBuildInputs = with python3.pkgs; [ + click + prettytable + pysigma + pysigma-backend-splunk + pysigma-pipeline-crowdstrike + pysigma-pipeline-sysmon + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + ]; + + postPatch = '' + substituteInPlace pyproject.toml \ + --replace 'prettytable = "^3.1.1"' 'prettytable = "*"' + ''; + + pythonImportsCheck = [ + "sigma.cli" + ]; + + meta = with lib; { + description = "Sigma command line interface"; + homepage = "https://github.com/SigmaHQ/sigma-cli"; + license = with licenses; [ lgpl21Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/tools/security/sops/default.nix b/pkgs/tools/security/sops/default.nix index 1cf89143925..9752d78a183 100644 --- a/pkgs/tools/security/sops/default.nix +++ b/pkgs/tools/security/sops/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "sops"; - version = "3.7.1"; + version = "3.7.2"; src = fetchFromGitHub { rev = "v${version}"; owner = "mozilla"; repo = pname; - sha256 = "0z3jcyl245yjszzjf2h6l1dwa092vxzvfmnivmwi6jvpsdcv33h1"; + sha256 = "sha256-NMuYMvaBSxKHvpqFkMfnMDvcXxTstqzracuSTT1VB1A="; }; - vendorSha256 = "1mnwgsbpi56ql0lbpn7dkaps96x9b1lmhlk5cd6d40da7xj616n7"; + vendorSha256 = "sha256-00/7O9EcGojUExJPtYWndb16VqrNby/5GsVs8Ak/Isc="; doCheck = false; diff --git a/pkgs/tools/security/swtpm/default.nix b/pkgs/tools/security/swtpm/default.nix index 648165d8262..39128084352 100644 --- a/pkgs/tools/security/swtpm/default.nix +++ b/pkgs/tools/security/swtpm/default.nix @@ -16,35 +16,40 @@ stdenv.mkDerivation rec { pname = "swtpm"; - version = "0.7.1"; + version = "0.7.2"; src = fetchFromGitHub { owner = "stefanberger"; repo = "swtpm"; rev = "v${version}"; - sha256 = "sha256-LJQF8PlRkhCJ8rjZzDetg1BFuTb7GBJ8lW6u5hO134k="; + sha256 = "sha256-qeyPCJTNnwuaCosHzqnrQc0JNznGBfDTLsuDmuKREjU="; }; nativeBuildInputs = [ pkg-config unixtools.netstat expect socat perl # for pod2man + python3 autoreconfHook ]; checkInputs = [ - python3 which + which ]; buildInputs = [ libtpms - openssl libtasn1 libseccomp - fuse glib json-glib + openssl libtasn1 + glib json-glib gnutls + ] ++ lib.optionals stdenv.isLinux [ + fuse + libseccomp ]; configureFlags = [ - "--with-cuse" "--localstatedir=/var" + ] ++ lib.optionals stdenv.isLinux [ + "--with-cuse" ]; postPatch = '' @@ -56,9 +61,31 @@ stdenv.mkDerivation rec { # Use the correct path to the certtool binary # instead of relying on it being in the environment - substituteInPlace src/swtpm_localca/swtpm_localca.c --replace \ + substituteInPlace src/swtpm_localca/swtpm_localca.c \ + --replace \ + '# define CERTTOOL_NAME "gnutls-certtool"' \ + '# define CERTTOOL_NAME "${gnutls}/bin/certtool"' \ + --replace \ '# define CERTTOOL_NAME "certtool"' \ '# define CERTTOOL_NAME "${gnutls}/bin/certtool"' + + substituteInPlace tests/common --replace \ + 'CERTTOOL=gnutls-certtool;;' \ + 'CERTTOOL=certtool;;' + + # Fix error on macOS: + # stat: invalid option -- '%' + # This is caused by the stat program not being the BSD version, + # as is expected by the test + substituteInPlace tests/common --replace \ + 'if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-) ]]; then' \ + 'if [[ "$(uname -s)" =~ (Linux|Darwin|CYGWIN_NT-) ]]; then' + + # Otherwise certtool seems to pick up the system language on macOS, + # which might cause a test to fail + substituteInPlace tests/test_swtpm_setup_create_cert --replace \ + '$CERTTOOL' \ + 'LC_ALL=C.UTF-8 $CERTTOOL' ''; doCheck = true; |