diff options
Diffstat (limited to 'pkgs/tools/security')
25 files changed, 101 insertions, 69 deletions
diff --git a/pkgs/tools/security/aespipe/default.nix b/pkgs/tools/security/aespipe/default.nix index aefd6b7500c..c67c758b933 100644 --- a/pkgs/tools/security/aespipe/default.nix +++ b/pkgs/tools/security/aespipe/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "aespipe-${version}"; - version = "2.4d"; + version = "2.4e"; src = fetchurl { url = "mirror://sourceforge/loop-aes/aespipe/aespipe-v${version}.tar.bz2"; - sha256 = "03z5i41xv6p3m79lm04d7msda8878lsppv3324zbjjfy19p6bkn5"; + sha256 = "0fmr0vk408bf13jydhdmcdhqw31yc9qk329bs9i60alccywapmds"; }; meta = { diff --git a/pkgs/tools/security/ccid/default.nix b/pkgs/tools/security/ccid/default.nix index e450cf5952e..9eb5858b057 100644 --- a/pkgs/tools/security/ccid/default.nix +++ b/pkgs/tools/security/ccid/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0dyikpmhsph36ndgd61bs4yx437v5y0bmm8ahjacp1k9c1ly4q56"; }; - patchPhase = '' + postPatch = '' patchShebangs . substituteInPlace src/Makefile.in --replace /bin/echo echo ''; diff --git a/pkgs/tools/security/crackxls/default.nix b/pkgs/tools/security/crackxls/default.nix index f4c92ac701f..2a88e4462b6 100644 --- a/pkgs/tools/security/crackxls/default.nix +++ b/pkgs/tools/security/crackxls/default.nix @@ -11,7 +11,8 @@ stdenv.mkDerivation rec { sha256 = "0q5jl7hcds3f0rhly3iy4fhhbyh9cdrfaw7zdrazzf1wswwhyssz"; }; - buildInputs = [ pkgconfig autoconf automake openssl libgsf gmp ]; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ autoconf automake openssl libgsf gmp ]; installPhase = '' diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix index f8ef409813c..91546f1a78f 100644 --- a/pkgs/tools/security/ecryptfs/default.nix +++ b/pkgs/tools/security/ecryptfs/default.nix @@ -33,7 +33,8 @@ stdenv.mkDerivation rec { done ''; - buildInputs = [ pkgconfig perl nss nspr python2 pam intltool makeWrapper ]; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ perl nss nspr python2 pam intltool makeWrapper ]; propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ]; postInstall = '' diff --git a/pkgs/tools/security/enpass/data.json b/pkgs/tools/security/enpass/data.json index b3625d928b5..28d568d30ae 100644 --- a/pkgs/tools/security/enpass/data.json +++ b/pkgs/tools/security/enpass/data.json @@ -1,12 +1,12 @@ { "amd64": { - "path": "pool/main/e/enpass/enpass_5.4.0-4_amd64.deb", - "sha256": "6b460fed2d7d8473e2b5d069dbe60263195b916c8b79a8fc7c2e8cb953134579", - "version": "5.4.0.post4" + "path": "pool/main/e/enpass/enpass_5.6.0_amd64.deb", + "sha256": "129ae4b4bfb8e0b4fa9acdfb3aebac3dd894364f2f31e9cd3bd5d3567e3a13b7", + "version": "5.6.0" }, "i386": { - "path": "pool/main/e/enpass/enpass_5.4.0-4_i386.deb", - "sha256": "1ec8088d5c3b2906d6820f96e1868c473e78dbe882f04e74a7816d19d43e3692", - "version": "5.4.0.post4" + "path": "pool/main/e/enpass/enpass_5.6.0_i386.deb", + "sha256": "c456002194c0be08a2c0da68ecf224425e35c46de5292098208e4e2b1f6d88ae", + "version": "5.6.0" } } \ No newline at end of file diff --git a/pkgs/tools/security/fpm2/default.nix b/pkgs/tools/security/fpm2/default.nix index 8bb3cba15c4..69b4b36fb9b 100644 --- a/pkgs/tools/security/fpm2/default.nix +++ b/pkgs/tools/security/fpm2/default.nix @@ -13,7 +13,8 @@ stdenv.mkDerivation rec { sha256 = "d55e9ce6be38a44fc1053d82db2d117cf3991a51898bd86d7913bae769f04da7"; }; - buildInputs = [ pkgconfig gnupg gtk2 libxml2 intltool ]; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ gnupg gtk2 libxml2 intltool ]; meta = { description = "FPM2 is GTK2 port from Figaro's Password Manager originally developed by John Conneely, with some new enhancements."; diff --git a/pkgs/tools/security/gencfsm/default.nix b/pkgs/tools/security/gencfsm/default.nix index fbd32cdc22d..c180ca6c720 100644 --- a/pkgs/tools/security/gencfsm/default.nix +++ b/pkgs/tools/security/gencfsm/default.nix @@ -11,7 +11,8 @@ stdenv.mkDerivation rec { sha256 = "1rpf683lxa78fmxxb0hnq7vdh3yn7qid2gqq67q9mk65sp9vdhdj"; }; - buildInputs = [ autoconf automake intltool libtool pkgconfig vala glib encfs + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ autoconf automake intltool libtool vala glib encfs gtk3 libgnome_keyring gnome3.libgee xorg.libSM xorg.libICE wrapGAppsHook ]; diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index 87686cd52c1..18d784a59bb 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -22,8 +22,9 @@ stdenv.mkDerivation rec { sha256 = "1yv2pwf3vhv9dpbf51fnm0wy03va1cg5r7qaz7rg75cwbgb0rmrl"; }; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ - pkgconfig libgcrypt libassuan libksba libiconv npth gettext texinfo + libgcrypt libassuan libksba libiconv npth gettext texinfo readline libusb gnutls adns openldap zlib bzip2 sqlite ]; diff --git a/pkgs/tools/security/kbfs/default.nix b/pkgs/tools/security/kbfs/default.nix index 7b3e7d99a43..ba024328ba5 100644 --- a/pkgs/tools/security/kbfs/default.nix +++ b/pkgs/tools/security/kbfs/default.nix @@ -2,18 +2,18 @@ buildGoPackage rec { name = "kbfs-${version}"; - version = "20170922.f76290"; + version = "20171004.40555d"; goPackagePath = "github.com/keybase/kbfs"; - subPackages = [ "kbfsfuse" ]; + subPackages = [ "kbfsfuse" "kbfsgit/git-remote-keybase" ]; dontRenameImports = true; src = fetchFromGitHub { owner = "keybase"; repo = "kbfs"; - rev = "f76290f6e1a8cbaa6046980c67c548fbff9e123a"; - sha256 = "1v086wmc0hly4b91y6xndfdhj981n2yr6nnb3rl6f4kwx291ih54"; + rev = "40555dbc9c93a05f3a82053860df30e45c7bd779"; + sha256 = "08wj8fh1ja8kfzvbza5csy9mpfy39lifnzvfrnbj7vyyv88qc3h0"; }; buildFlags = [ "-tags production" ]; diff --git a/pkgs/tools/security/keybase-gui/default.nix b/pkgs/tools/security/keybase-gui/default.nix index a45a6ea2a04..ce98740e89b 100644 --- a/pkgs/tools/security/keybase-gui/default.nix +++ b/pkgs/tools/security/keybase-gui/default.nix @@ -37,10 +37,10 @@ let in stdenv.mkDerivation rec { name = "keybase-gui-${version}"; - version = "1.0.25-20170714172717.73f9070"; + version = "1.0.33-20171003193427.d9ceb86ac"; src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version}_amd64.deb"; - sha256 = "0yrq18rrc30f7ymajvd71r29z1by7h6abyaxx2gmrg648qgc6zv4"; + sha256 = "0sqani2fy5jzqmz35md1bdw2vwpx91l87b6s3x9z53halzq7vfy6"; }; phases = ["unpackPhase" "installPhase" "fixupPhase"]; unpackPhase = '' diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index 229a45b8731..7f095a3225b 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "keybase-${version}"; - version = "1.0.30"; + version = "1.0.33"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/keybase" ]; @@ -13,13 +13,9 @@ buildGoPackage rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - sha256 = "0vivc71xfi4y3ydd29b17qxzi10r3a1ppmjjws6vrs0gz58bz1j8"; + sha256 = "1zgvriyir2ga0p4ah9ia1sbl9ydnrnw5ggq4c1ya8gcfgn8vzdsf"; }; - postInstall = stdenv.lib.optionalString stdenv.isDarwin '' - install_name_tool -delete_rpath $out/lib $bin/bin/keybase - ''; - buildFlags = [ "-tags production" ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/mfcuk/default.nix b/pkgs/tools/security/mfcuk/default.nix index 9a593907a53..ebd9a6d5e7e 100644 --- a/pkgs/tools/security/mfcuk/default.nix +++ b/pkgs/tools/security/mfcuk/default.nix @@ -9,7 +9,8 @@ stdenv.mkDerivation rec { sha256 = "0m9sy61rsbw63xk05jrrmnyc3xda0c3m1s8pg3sf8ijbbdv9axcp"; }; - buildInputs = [ pkgconfig libnfc ]; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libnfc ]; meta = with stdenv.lib; { description = "MiFare Classic Universal toolKit"; diff --git a/pkgs/tools/security/mfoc/default.nix b/pkgs/tools/security/mfoc/default.nix index a223b3e835a..8a454ca67fd 100644 --- a/pkgs/tools/security/mfoc/default.nix +++ b/pkgs/tools/security/mfoc/default.nix @@ -11,7 +11,8 @@ stdenv.mkDerivation rec { patches = [./mf_mini.patch]; - buildInputs = [ pkgconfig libnfc ]; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libnfc ]; meta = with stdenv.lib; { description = "Mifare Classic Offline Cracker"; diff --git a/pkgs/tools/security/modsecurity/Makefile.in.patch b/pkgs/tools/security/modsecurity/Makefile.in.patch new file mode 100644 index 00000000000..98384c754ce --- /dev/null +++ b/pkgs/tools/security/modsecurity/Makefile.in.patch @@ -0,0 +1,17 @@ +--- a/apache2/Makefile.in 2017-10-10 09:45:51.000000000 -0400 ++++ b/apache2/Makefile.in 2017-10-10 09:46:04.000000000 -0400 +@@ -1208,14 +1208,12 @@ + @LINUX_TRUE@ for m in $(pkglib_LTLIBRARIES); do \ + @LINUX_TRUE@ base=`echo $$m | sed 's/\..*//'`; \ + @LINUX_TRUE@ rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \ +-@LINUX_TRUE@ install -D -m444 $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES)/$$base.so; \ + @LINUX_TRUE@ done + @LINUX_FALSE@install-exec-hook: $(pkglib_LTLIBRARIES) + @LINUX_FALSE@ @echo "Removing unused static libraries..."; \ + @LINUX_FALSE@ for m in $(pkglib_LTLIBRARIES); do \ + @LINUX_FALSE@ base=`echo $$m | sed 's/\..*//'`; \ + @LINUX_FALSE@ rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \ +-@LINUX_FALSE@ cp -p $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES); \ + @LINUX_FALSE@ done + + # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/pkgs/tools/security/modsecurity/default.nix b/pkgs/tools/security/modsecurity/default.nix index a5e03eb3fe1..2c02a5dd473 100644 --- a/pkgs/tools/security/modsecurity/default.nix +++ b/pkgs/tools/security/modsecurity/default.nix @@ -1,35 +1,43 @@ { stdenv, lib, fetchurl, pkgconfig -, curl, apacheHttpd, pcre, apr, aprutil, libxml2 }: +, curl, apacheHttpd, pcre, apr, aprutil, libxml2 +, luaSupport ? false, lua5 +}: with lib; +let luaValue = if luaSupport then lua5 else "no"; + optional = stdenv.lib.optional; +in + stdenv.mkDerivation rec { name = "modsecurity-${version}"; - version = "2.9.0"; + version = "2.9.2"; src = fetchurl { url = "https://www.modsecurity.org/tarball/${version}/${name}.tar.gz"; - sha256 = "e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434"; + sha256 = "41a8f73476ec891f3a9e8736b98b64ea5c2105f1ce15ea57a1f05b4bf2ffaeb5"; }; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ curl apacheHttpd pcre apr aprutil libxml2 ]; - configureFlags = [ - "--enable-standalone-module" - "--enable-static" - "--with-curl=${curl.dev}" - "--with-apxs=${apacheHttpd.dev}/bin/apxs" - "--with-pcre=${pcre.dev}" - "--with-apr=${apr.dev}" - "--with-apu=${aprutil.dev}/bin/apu-1-config" - "--with-libxml=${libxml2.dev}" - ]; + buildInputs = [ curl apacheHttpd pcre apr aprutil libxml2 ] ++ + optional luaSupport lua5; + + configureFlags = '' + --enable-standalone-module + --enable-static + --with-curl=${curl.dev} + --with-apxs=${apacheHttpd.dev}/bin/apxs + --with-pcre=${pcre.dev} + --with-apr=${apr.dev} + --with-apu=${aprutil.dev}/bin/apu-1-config + --with-libxml=${libxml2.dev} + --with-lua=${luaValue} + ''; outputs = ["out" "nginx"]; - - preBuild = '' - substituteInPlace apache2/Makefile.in --replace "install -D " "# install -D" - ''; + # by default modsecurity's install script copies compiled output to httpd's modules folder + # this patch removes those lines + patches = [ ./Makefile.in.patch ]; postInstall = '' mkdir -p $nginx @@ -41,6 +49,6 @@ stdenv.mkDerivation rec { license = licenses.asl20; homepage = https://www.modsecurity.org/; maintainers = with maintainers; [offline]; - platforms = platforms.linux; + platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; }; } diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index b3c1a32f22b..45f995a5935 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -46,7 +46,8 @@ in stdenv.mkDerivation rec { wrapProgram $out/bin/zenmap --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" --prefix PYTHONPATH : $(toPythonPath $pygtk)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pygobject)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pycairo)/gtk-2.0 ''; - buildInputs = with python2Packages; [ libpcap pkgconfig openssl ] + nativeBuildInputs = [ pkgconfig ]; + buildInputs = with python2Packages; [ libpcap openssl ] ++ optionals pythonSupport [ makeWrapper python ] ++ optionals graphicalSupport [ libX11 gtk2 pygtk pysqlite pygobject2 pycairo diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index 2b606d505bd..ce310eec5ae 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -15,8 +15,9 @@ stdenv.mkDerivation rec { sha256 = "16y3ryx606nry2li05hm88bllrragdj3sfl3yh7pf71777n4lsk4"; }; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ - autoreconfHook pkgconfig zlib readline openssl pcsclite libassuan + autoreconfHook zlib readline openssl pcsclite libassuan libXt libxslt libiconv docbook_xml_dtd_412 ] ++ stdenv.lib.optional stdenv.isDarwin Carbon; diff --git a/pkgs/tools/security/qdigidoc/default.nix b/pkgs/tools/security/qdigidoc/default.nix index e4141d1a61b..1e626084ee3 100644 --- a/pkgs/tools/security/qdigidoc/default.nix +++ b/pkgs/tools/security/qdigidoc/default.nix @@ -25,7 +25,8 @@ stdenv.mkDerivation rec { --prefix LD_LIBRARY_PATH : ${opensc}/lib/pkcs11/ ''; - buildInputs = [ cmake ccid qttools pkgconfig pcsclite qttranslations + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ cmake ccid qttools pcsclite qttranslations hicolor_icon_theme libdigidocpp opensc shared_mime_info openldap gettext desktop_file_utils makeWrapper ]; diff --git a/pkgs/tools/security/qesteidutil/default.nix b/pkgs/tools/security/qesteidutil/default.nix index 04f6cbf6d11..f2a997db05f 100644 --- a/pkgs/tools/security/qesteidutil/default.nix +++ b/pkgs/tools/security/qesteidutil/default.nix @@ -17,7 +17,8 @@ stdenv.mkDerivation rec { cd src ''; - buildInputs = [ cmake ccid qttools pkgconfig pcsclite qttranslations + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ cmake ccid qttools pcsclite qttranslations hicolor_icon_theme ]; diff --git a/pkgs/tools/security/sbsigntool/default.nix b/pkgs/tools/security/sbsigntool/default.nix index bca93887bd4..b66564d58ce 100644 --- a/pkgs/tools/security/sbsigntool/default.nix +++ b/pkgs/tools/security/sbsigntool/default.nix @@ -15,7 +15,8 @@ stdenv.mkDerivation rec { prePatch = "patchShebangs ."; - buildInputs = [ autoconf automake utillinux openssl libuuid gnu-efi binutils pkgconfig help2man ]; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ autoconf automake utillinux openssl libuuid gnu-efi binutils help2man ]; configurePhase = '' substituteInPlace configure.ac --replace "@@NIX_GNUEFI@@" "${gnu-efi}" diff --git a/pkgs/tools/security/scrypt/default.nix b/pkgs/tools/security/scrypt/default.nix index 1835dbdb620..352a81b2727 100644 --- a/pkgs/tools/security/scrypt/default.nix +++ b/pkgs/tools/security/scrypt/default.nix @@ -2,27 +2,26 @@ stdenv.mkDerivation rec { name = "scrypt-${version}"; - version = "1.2.0"; + version = "1.2.1"; src = fetchurl { url = "https://www.tarsnap.com/scrypt/${name}.tgz"; - sha256 = "1m39hpfby0fdjam842773i5w7pa0qaj7f0r22jnchxsj824vqm0p"; + sha256 = "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6"; }; buildInputs = [ openssl ]; patchPhase = '' - substituteInPlace Makefile.in \ - --replace "command -p mv" "mv" - substituteInPlace autocrap/Makefile.am \ - --replace "command -p mv" "mv" + for f in Makefile.in autotools/Makefile.am libcperciva/cpusupport/Build/cpusupport.sh ; do + substituteInPlace $f --replace "command -p " "" + done ''; - meta = { + meta = with stdenv.lib; { description = "Encryption utility"; homepage = https://www.tarsnap.com/scrypt.html; - license = stdenv.lib.licenses.bsd2; - platforms = stdenv.lib.platforms.all; - maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + license = licenses.bsd2; + platforms = platforms.all; + maintainers = with maintainers; [ thoughtpolice ]; }; } diff --git a/pkgs/tools/security/stoken/default.nix b/pkgs/tools/security/stoken/default.nix index 17652e220da..464f6d21584 100644 --- a/pkgs/tools/security/stoken/default.nix +++ b/pkgs/tools/security/stoken/default.nix @@ -20,8 +20,10 @@ stdenv.mkDerivation rec { automake --add-missing --copy autoconf ''; + + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ - autoconf automake libtool pkgconfig + autoconf automake libtool libxml2 nettle ] ++ stdenv.lib.optional withGTK3 gtk3; diff --git a/pkgs/tools/security/sudolikeaboss/default.nix b/pkgs/tools/security/sudolikeaboss/default.nix index 066fef39a82..15f76741589 100644 --- a/pkgs/tools/security/sudolikeaboss/default.nix +++ b/pkgs/tools/security/sudolikeaboss/default.nix @@ -22,10 +22,6 @@ buildGoPackage rec { fixDarwinDylibNames ]; - postInstall = '' - install_name_tool -delete_rpath $out/lib -add_rpath $bin $bin/bin/sudolikeaboss - ''; - meta = with stdenv.lib; { inherit version; inherit (src.meta) homepage; diff --git a/pkgs/tools/security/tpm-luks/default.nix b/pkgs/tools/security/tpm-luks/default.nix index 40829df56ca..7d0ff797336 100644 --- a/pkgs/tools/security/tpm-luks/default.nix +++ b/pkgs/tools/security/tpm-luks/default.nix @@ -10,7 +10,8 @@ stdenv.mkDerivation rec { sha256 = "1ms2v57f13r9km6mvf9rha5ndmlmjvrz3mcikai6nzhpj0nrjz0w"; }; - buildInputs = [ autoreconfHook gawk trousers cryptsetup openssl ]; + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ gawk trousers cryptsetup openssl ]; installPhase = '' mkdir -p $out diff --git a/pkgs/tools/security/trousers/default.nix b/pkgs/tools/security/trousers/default.nix index e49f2f8ed0f..8309390d013 100644 --- a/pkgs/tools/security/trousers/default.nix +++ b/pkgs/tools/security/trousers/default.nix @@ -9,7 +9,8 @@ stdenv.mkDerivation rec { sha256 = "1lvnla1c1ig2w3xvvrqg2w9qm7a1ygzy1j2gg8j7p8c87i58x45v"; }; - buildInputs = [ openssl pkgconfig ]; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ openssl ]; patches = [ ./allow-non-tss-config-file-owner.patch ]; |