summary refs log tree commit diff
path: root/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r--pkgs/tools/security/gnupg-pkcs11-scd/default.nix33
-rw-r--r--pkgs/tools/security/keybase/default.nix17
-rw-r--r--pkgs/tools/security/keybase/fix-paths-kbfs.patch48
-rw-r--r--pkgs/tools/security/keybase/fix-paths-keybase.patch16
-rw-r--r--pkgs/tools/security/keybase/gui.nix6
-rw-r--r--pkgs/tools/security/keybase/kbfs.nix9
-rw-r--r--pkgs/tools/security/theharvester/default.nix44
7 files changed, 141 insertions, 32 deletions
diff --git a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix
new file mode 100644
index 00000000000..bc7cff99dc2
--- /dev/null
+++ b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix
@@ -0,0 +1,33 @@
+{ stdenv, fetchurl, libgpgerror, libassuan, libgcrypt, pkcs11helper,
+  pkgconfig, openssl }:
+
+stdenv.mkDerivation rec {
+  pname = "gnupg-pkcs11-scd";
+  version = "0.9.2";
+
+  src = fetchurl {
+    url = "https://github.com/alonbl/${pname}/releases/download/${pname}-${version}/${pname}-${version}.tar.bz2";
+    sha256 = "sha256:1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx";
+  };
+
+  buildInputs = [ pkcs11helper pkgconfig openssl ];
+
+  configureFlags = [
+    "--with-libgpg-error-prefix=${libgpgerror.dev}"
+    "--with-libassuan-prefix=${libassuan.dev}"
+    "--with-libgcrypt-prefix=${libgcrypt.dev}"
+  ];
+
+  meta = with stdenv.lib; {
+    description = "A smart-card daemon to enable the use of PKCS#11 tokens with GnuPG";
+    longDescription = ''
+    gnupg-pkcs11 is a project to implement a BSD-licensed smart-card
+    daemon to enable the use of PKCS#11 tokens with GnuPG.
+    '';
+    homepage = http://gnupg-pkcs11.sourceforge.net/;
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ lschuermann philandstuff ];
+    platforms = platforms.unix;
+  };
+}
+
diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix
index 559ba0383bd..653858d3696 100644
--- a/pkgs/tools/security/keybase/default.nix
+++ b/pkgs/tools/security/keybase/default.nix
@@ -1,11 +1,12 @@
-{ stdenv, lib, buildGoPackage, fetchFromGitHub
+{ stdenv, substituteAll, lib, buildGoPackage, fetchFromGitHub
 , AVFoundation, AudioToolbox, ImageIO, CoreMedia
 , Foundation, CoreGraphics, MediaToolbox
+, gnupg
 }:
 
 buildGoPackage rec {
   pname = "keybase";
-  version = "4.6.0";
+  version = "4.7.2";
 
   goPackagePath = "github.com/keybase/client";
   subPackages = [ "go/keybase" ];
@@ -16,10 +17,18 @@ buildGoPackage rec {
     owner = "keybase";
     repo = "client";
     rev = "v${version}";
-    sha256 = "1aqj5s3vfji1zl7xdzphnsw3b8pnbg22n9rzdxkcdjf7via5wz2k";
+    sha256 = "1ixfq9qv71misg04fvf4892z956w5aydq0r1wk6qk5jjqp6gf4lv";
   };
 
-  buildInputs = lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ];
+  patches = [
+    (substituteAll {
+      src = ./fix-paths-keybase.patch;
+      gpg = "${gnupg}/bin/gpg";
+      gpg2 = "${gnupg}/bin/gpg2";
+    })
+  ];
+
+  buildInputs = stdenv.lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ];
   buildFlags = [ "-tags production" ];
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/security/keybase/fix-paths-kbfs.patch b/pkgs/tools/security/keybase/fix-paths-kbfs.patch
new file mode 100644
index 00000000000..1180f38b865
--- /dev/null
+++ b/pkgs/tools/security/keybase/fix-paths-kbfs.patch
@@ -0,0 +1,48 @@
+diff --git a/go/kbfs/libfuse/mounter.go b/go/kbfs/libfuse/mounter.go
+index d791ffc2..b116ad5d 100644
+--- a/go/kbfs/libfuse/mounter.go
++++ b/go/kbfs/libfuse/mounter.go
+@@ -108,7 +108,7 @@ func (m *mounter) Unmount() (err error) {
+ 	case "darwin":
+ 		_, err = exec.Command("/sbin/umount", dir).Output()
+ 	case "linux":
+-		fusermountOutput, fusermountErr := exec.Command("fusermount", "-u", dir).CombinedOutput()
++		fusermountOutput, fusermountErr := exec.Command("@fusermount@", "-u", dir).CombinedOutput()
+ 		// Only clean up mountdir on a clean unmount.
+ 		if fusermountErr == nil {
+ 			m.log.Info("Successfully unmounted")
+@@ -135,7 +135,7 @@ func (m *mounter) Unmount() (err error) {
+ 				"/usr/sbin/diskutil", "unmountDisk", "force", dir).Output()
+ 		case "linux":
+ 			// Lazy unmount; will unmount when KBFS is no longer in use.
+-			_, err = exec.Command("fusermount", "-u", "-z", dir).Output()
++			_, err = exec.Command("@fusermount@", "-u", "-z", dir).Output()
+ 		default:
+ 			err = errors.New("Forced unmount is not supported on this platform yet")
+ 		}
+diff --git a/go/vendor/bazil.org/fuse/mount_linux.go b/go/vendor/bazil.org/fuse/mount_linux.go
+index ec7fd89c..4d0a9e30 100644
+--- a/go/vendor/bazil.org/fuse/mount_linux.go
++++ b/go/vendor/bazil.org/fuse/mount_linux.go
+@@ -196,7 +196,7 @@ func mount(dir string, conf *mountConfig, ready chan<- struct{}, _ *error) (fuse
+ 	defer readFile.Close()
+ 
+ 	cmd := exec.Command(
+-		"fusermount",
++		"@fusermount@",
+ 		"-o", conf.getOptions(),
+ 		"--",
+ 		dir,
+diff --git a/go/vendor/bazil.org/fuse/unmount_linux.go b/go/vendor/bazil.org/fuse/unmount_linux.go
+index f02448af..6e4c6c23 100644
+--- a/go/vendor/bazil.org/fuse/unmount_linux.go
++++ b/go/vendor/bazil.org/fuse/unmount_linux.go
+@@ -21,7 +21,7 @@ func unmount(dir string) error {
+ 		return sysunix.Unmount(dir, sysunix.MNT_DETACH)
+ 	}
+ 
+-	cmd := exec.Command("fusermount", "-u", dir)
++	cmd := exec.Command("@fusermount@", "-u", dir)
+ 	output, err := cmd.CombinedOutput()
+ 	if err != nil {
+ 		if len(output) > 0 {
diff --git a/pkgs/tools/security/keybase/fix-paths-keybase.patch b/pkgs/tools/security/keybase/fix-paths-keybase.patch
new file mode 100644
index 00000000000..b3de7bbb530
--- /dev/null
+++ b/pkgs/tools/security/keybase/fix-paths-keybase.patch
@@ -0,0 +1,16 @@
+diff --git a/go/libkb/gpg_cli.go b/go/libkb/gpg_cli.go
+index 3c7c6257..ae8f7e2f 100644
+--- a/go/libkb/gpg_cli.go
++++ b/go/libkb/gpg_cli.go
+@@ -54,9 +54,9 @@ func (g *GpgCLI) Configure(mctx MetaContext) (err error) {
+ 	if len(prog) > 0 {
+ 		err = canExec(prog)
+ 	} else {
+-		prog, err = exec.LookPath("gpg2")
++		prog, err = exec.LookPath("@gpg2@")
+ 		if err != nil {
+-			prog, err = exec.LookPath("gpg")
++			prog, err = exec.LookPath("@gpg@")
+ 		}
+ 	}
+ 	if err != nil {
diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix
index aa4db75cef1..1d32f1cc881 100644
--- a/pkgs/tools/security/keybase/gui.nix
+++ b/pkgs/tools/security/keybase/gui.nix
@@ -4,16 +4,16 @@
 , runtimeShell, gsettings-desktop-schemas }:
 
 let
-  versionSuffix = "20191010154240.134c2d892b";
+  versionSuffix = "20191028173732.6fc2e969b4";
 in
 
 stdenv.mkDerivation rec {
   pname = "keybase-gui";
-  version = "4.6.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages
+  version = "4.7.2"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages
 
   src = fetchurl {
     url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb";
-    sha256 = "a25f0c676c00d306859d32e4dad7a23dd4955fa0b352be50c281081f2cf000ae";
+    sha256 = "01slhdxcjs1543rz1khxhzn25g26vm9fd9mcyd5ahp2v4g37b8sd";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/tools/security/keybase/kbfs.nix b/pkgs/tools/security/keybase/kbfs.nix
index 9448182a65a..93c7bd540d8 100644
--- a/pkgs/tools/security/keybase/kbfs.nix
+++ b/pkgs/tools/security/keybase/kbfs.nix
@@ -1,4 +1,4 @@
-{ stdenv, buildGoPackage, fetchFromGitHub, keybase }:
+{ stdenv, substituteAll, buildGoPackage, fetchFromGitHub, fuse, osxfuse, keybase }:
 
 buildGoPackage {
   pname = "kbfs";
@@ -10,6 +10,13 @@ buildGoPackage {
 
   dontRenameImports = true;
 
+  patches = [
+    (substituteAll {
+      src = ./fix-paths-kbfs.patch;
+      fusermount = "${fuse}/bin/fusermount";
+    })
+  ];
+
   buildFlags = [ "-tags production" ];
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/security/theharvester/default.nix b/pkgs/tools/security/theharvester/default.nix
index 4a1e92e6104..4153ddafbf4 100644
--- a/pkgs/tools/security/theharvester/default.nix
+++ b/pkgs/tools/security/theharvester/default.nix
@@ -1,40 +1,36 @@
-{ stdenv, fetchFromGitHub, makeWrapper, python3Packages }:
+{ lib, fetchFromGitHub, python3 }:
 
-stdenv.mkDerivation rec {
+python3.pkgs.buildPythonApplication rec {
   pname = "theHarvester";
-  version = "3.0.6";
+  version = "3.1";
 
   src = fetchFromGitHub {
     owner = "laramies";
     repo = pname;
-    rev = version;
-    sha256 = "0f33a7sfb5ih21yp1wspb03fxsls1m14yizgrw0srfirm2a6aa0c";
+    rev = "V${version}";
+    sha256 = "0lxzxfa9wbzim50d2jmd27i57szd0grm1dfayhnym86jn01qpvn3";
   };
 
-  nativeBuildInputs = [ makeWrapper ];
+  propagatedBuildInputs = with python3.pkgs; [ 
+    aiodns beautifulsoup4 dns grequests netaddr
+    plotly pyyaml requests retrying shodan texttable
+  ];
 
-  # add dependencies
-  propagatedBuildInputs = with python3Packages; [ requests beautifulsoup4 plotly ];
+  checkInputs = [ python3.pkgs.pytest ];
 
-  installPhase = ''
-    # create dirs
-    mkdir -p $out/share/${pname} $out/bin
+  checkPhase = "runHook preCheck ; pytest tests/test_myparser.py ; runHook postCheck";
+  # We don't run other tests (discovery modules) because they require network access
 
-    # move project code
-    mv * $out/share/${pname}/
-
-    # make project runnable
-    chmod +x $out/share/${pname}/theHarvester.py
-    ln -s $out/share/${pname}/theHarvester.py $out/bin
-
-    wrapProgram "$out/bin/theHarvester.py" --prefix PYTHONPATH : $out/share/${pname}:$PYTHONPATH
-  '';
-
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Gather E-mails, subdomains and names from different public sources";
+    longDescription = ''
+      theHarvester is a very simple, yet effective tool designed to be used in the early
+      stages of a penetration test. Use it for open source intelligence gathering and
+      helping to determine an entity's external threat landscape on the internet. The tool
+      gathers emails, names, subdomains, IPs, and URLs using multiple public data sources.
+    '';
     homepage = "https://github.com/laramies/theHarvester";
-    platforms = platforms.all;
-    maintainers = with maintainers; [ treemo ];
+    maintainers = with maintainers; [ c0bw3b treemo ];
     license = licenses.gpl2;
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-01 14:10:35 +0000