diff options
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/cdk-go/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/expliot/default.nix | 7 | ||||
-rw-r--r-- | pkgs/tools/security/exploitdb/default.nix | 5 | ||||
-rw-r--r-- | pkgs/tools/security/pomerium-cli/default.nix | 58 | ||||
-rw-r--r-- | pkgs/tools/security/sdlookup/default.nix | 25 | ||||
-rw-r--r-- | pkgs/tools/security/sops/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/swtpm/default.nix | 41 |
7 files changed, 131 insertions, 17 deletions
diff --git a/pkgs/tools/security/cdk-go/default.nix b/pkgs/tools/security/cdk-go/default.nix index 317f6092718..88fd089cb68 100644 --- a/pkgs/tools/security/cdk-go/default.nix +++ b/pkgs/tools/security/cdk-go/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "cdk-go"; - version = "1.0.5"; + version = "1.0.6"; src = fetchFromGitHub { owner = "cdk-team"; repo = "CDK"; rev = "v${version}"; - sha256 = "sha256-Ngv+/b9D27ERwjNIC3s3ZBPkV10G+tT8QW8YMOgb8aA="; + sha256 = "sha256-XzUSiE03ZbP75ewwBJFwZE0aKNlOFprezeD26japLD8="; }; - vendorSha256 = "sha256-9Q7f3keMUEI2cWal2dvp4b8kvTZVM1Cf4iTvH9yCyX0="; + vendorSha256 = "sha256-mP49DmOHvS8ewQG7I1J5OEmAOkHEFJfAsEPeiaRBpWc="; # At least one test is outdated doCheck = false; diff --git a/pkgs/tools/security/expliot/default.nix b/pkgs/tools/security/expliot/default.nix index 848ee536380..eb5fd03416f 100644 --- a/pkgs/tools/security/expliot/default.nix +++ b/pkgs/tools/security/expliot/default.nix @@ -26,7 +26,7 @@ buildPythonApplication rec { owner = "expliot_framework"; repo = pname; rev = version; - sha256 = "sha256-7Cuj3YKKwDxP2KKueJR9ZO5Bduv+lw0Y87Rw4b0jbGY="; + hash = "sha256-7Cuj3YKKwDxP2KKueJR9ZO5Bduv+lw0Y87Rw4b0jbGY="; }; propagatedBuildInputs = [ @@ -51,7 +51,10 @@ buildPythonApplication rec { postPatch = '' # https://gitlab.com/expliot_framework/expliot/-/merge_requests/113 substituteInPlace setup.py \ - --replace "pynetdicom>=1.5.1,<2" "pynetdicom>=2,<3" + --replace "pynetdicom>=1.5.1,<2" "pynetdicom>=2,<3" \ + --replace "cryptography>=3.0,<4" "cryptography>=35,<40" \ + --replace "python-can>=3.3.3,<4" "python-can>=3.3.3,<5" \ + --replace "pyparsing>=2.4.7,<3" "pyparsing>=2.4.7,<4" ''; # Project has no tests diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index 14b7d7efab2..a50588fc1f8 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -2,13 +2,14 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2022-03-10"; + version = "2022-03-11"; src = fetchFromGitHub { owner = "offensive-security"; repo = pname; rev = version; - sha256 = "sha256-zKFkPRmA2Hl/NksJTf76RcPr1nvaLdZu2fyBp5PcZ0Y="; + sha256 = "sha256-dW4cLm//4wROsizRQ59sqEGPRZ26yIU5I7mdPEYC3YU="; + }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/pomerium-cli/default.nix b/pkgs/tools/security/pomerium-cli/default.nix new file mode 100644 index 00000000000..7dc7e3a7a90 --- /dev/null +++ b/pkgs/tools/security/pomerium-cli/default.nix @@ -0,0 +1,58 @@ +{ buildGoModule +, fetchFromGitHub +, lib +, pomerium +}: + +let + inherit (lib) concatStringsSep concatMap id mapAttrsToList; +in +buildGoModule rec { + pname = "pomerium-cli"; + version = pomerium.version; + src = fetchFromGitHub { + owner = "pomerium"; + repo = "cli"; + rev = "v${version}"; + hash = "sha256:0230b22xjnpykj8bcdahzzlsvlrd63z2cmg6yb246c5ngjs835q1"; + }; + + vendorSha256 = "sha256:0xx22lmh6wip1d1bjrp4lgab3q9yilw54v4lg24lf3xhbsr5si9b"; + subPackages = [ + "cmd/pomerium-cli" + ]; + + ldflags = let + # Set a variety of useful meta variables for stamping the build with. + setVars = { + "github.com/pomerium/cli/version" = { + Version = "v${version}"; + BuildMeta = "nixpkgs"; + ProjectName = "pomerium-cli"; + ProjectURL = "github.com/pomerium/cli"; + }; + }; + concatStringsSpace = list: concatStringsSep " " list; + mapAttrsToFlatList = fn: list: concatMap id (mapAttrsToList fn list); + varFlags = concatStringsSpace ( + mapAttrsToFlatList (package: packageVars: + mapAttrsToList (variable: value: + "-X ${package}.${variable}=${value}" + ) packageVars + ) setVars); + in [ + "${varFlags}" + ]; + + installPhase = '' + install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli + ''; + + meta = with lib; { + homepage = "https://pomerium.io"; + description = "Client-side helper for Pomerium authenticating reverse proxy"; + license = licenses.asl20; + maintainers = with maintainers; [ lukegb ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/tools/security/sdlookup/default.nix b/pkgs/tools/security/sdlookup/default.nix new file mode 100644 index 00000000000..80b6d3ba688 --- /dev/null +++ b/pkgs/tools/security/sdlookup/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "sdlookup"; + version = "unstable-2022-03-10"; + + src = fetchFromGitHub { + owner = "j3ssie"; + repo = pname; + rev = "8554bfa27284c4764401dbd8da23800d4ae968a2"; + hash = "sha256-c6xAgOxle51waiFsSWvwO9eyt1KXuM0dEeepVsRQHkk="; + }; + + vendorSha256 = "sha256-j0UzucZ6kDwM+6U0ZyIW9u8XG/Bn+VUCO2vV1BbnQo0="; + + meta = with lib; { + description = "IP lookups for open ports and vulnerabilities from internetdb.shodan.io"; + homepage = "https://github.com/j3ssie/sdlookup"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/tools/security/sops/default.nix b/pkgs/tools/security/sops/default.nix index 1cf89143925..9752d78a183 100644 --- a/pkgs/tools/security/sops/default.nix +++ b/pkgs/tools/security/sops/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "sops"; - version = "3.7.1"; + version = "3.7.2"; src = fetchFromGitHub { rev = "v${version}"; owner = "mozilla"; repo = pname; - sha256 = "0z3jcyl245yjszzjf2h6l1dwa092vxzvfmnivmwi6jvpsdcv33h1"; + sha256 = "sha256-NMuYMvaBSxKHvpqFkMfnMDvcXxTstqzracuSTT1VB1A="; }; - vendorSha256 = "1mnwgsbpi56ql0lbpn7dkaps96x9b1lmhlk5cd6d40da7xj616n7"; + vendorSha256 = "sha256-00/7O9EcGojUExJPtYWndb16VqrNby/5GsVs8Ak/Isc="; doCheck = false; diff --git a/pkgs/tools/security/swtpm/default.nix b/pkgs/tools/security/swtpm/default.nix index 648165d8262..39128084352 100644 --- a/pkgs/tools/security/swtpm/default.nix +++ b/pkgs/tools/security/swtpm/default.nix @@ -16,35 +16,40 @@ stdenv.mkDerivation rec { pname = "swtpm"; - version = "0.7.1"; + version = "0.7.2"; src = fetchFromGitHub { owner = "stefanberger"; repo = "swtpm"; rev = "v${version}"; - sha256 = "sha256-LJQF8PlRkhCJ8rjZzDetg1BFuTb7GBJ8lW6u5hO134k="; + sha256 = "sha256-qeyPCJTNnwuaCosHzqnrQc0JNznGBfDTLsuDmuKREjU="; }; nativeBuildInputs = [ pkg-config unixtools.netstat expect socat perl # for pod2man + python3 autoreconfHook ]; checkInputs = [ - python3 which + which ]; buildInputs = [ libtpms - openssl libtasn1 libseccomp - fuse glib json-glib + openssl libtasn1 + glib json-glib gnutls + ] ++ lib.optionals stdenv.isLinux [ + fuse + libseccomp ]; configureFlags = [ - "--with-cuse" "--localstatedir=/var" + ] ++ lib.optionals stdenv.isLinux [ + "--with-cuse" ]; postPatch = '' @@ -56,9 +61,31 @@ stdenv.mkDerivation rec { # Use the correct path to the certtool binary # instead of relying on it being in the environment - substituteInPlace src/swtpm_localca/swtpm_localca.c --replace \ + substituteInPlace src/swtpm_localca/swtpm_localca.c \ + --replace \ + '# define CERTTOOL_NAME "gnutls-certtool"' \ + '# define CERTTOOL_NAME "${gnutls}/bin/certtool"' \ + --replace \ '# define CERTTOOL_NAME "certtool"' \ '# define CERTTOOL_NAME "${gnutls}/bin/certtool"' + + substituteInPlace tests/common --replace \ + 'CERTTOOL=gnutls-certtool;;' \ + 'CERTTOOL=certtool;;' + + # Fix error on macOS: + # stat: invalid option -- '%' + # This is caused by the stat program not being the BSD version, + # as is expected by the test + substituteInPlace tests/common --replace \ + 'if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-) ]]; then' \ + 'if [[ "$(uname -s)" =~ (Linux|Darwin|CYGWIN_NT-) ]]; then' + + # Otherwise certtool seems to pick up the system language on macOS, + # which might cause a test to fail + substituteInPlace tests/test_swtpm_setup_create_cert --replace \ + '$CERTTOOL' \ + 'LC_ALL=C.UTF-8 $CERTTOOL' ''; doCheck = true; |