diff options
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/gnupg-pkcs11-scd/default.nix | 33 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/default.nix | 17 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/fix-paths-kbfs.patch | 48 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/fix-paths-keybase.patch | 16 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/gui.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/kbfs.nix | 9 | ||||
-rw-r--r-- | pkgs/tools/security/theharvester/default.nix | 44 |
7 files changed, 141 insertions, 32 deletions
diff --git a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix new file mode 100644 index 00000000000..bc7cff99dc2 --- /dev/null +++ b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchurl, libgpgerror, libassuan, libgcrypt, pkcs11helper, + pkgconfig, openssl }: + +stdenv.mkDerivation rec { + pname = "gnupg-pkcs11-scd"; + version = "0.9.2"; + + src = fetchurl { + url = "https://github.com/alonbl/${pname}/releases/download/${pname}-${version}/${pname}-${version}.tar.bz2"; + sha256 = "sha256:1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx"; + }; + + buildInputs = [ pkcs11helper pkgconfig openssl ]; + + configureFlags = [ + "--with-libgpg-error-prefix=${libgpgerror.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + ]; + + meta = with stdenv.lib; { + description = "A smart-card daemon to enable the use of PKCS#11 tokens with GnuPG"; + longDescription = '' + gnupg-pkcs11 is a project to implement a BSD-licensed smart-card + daemon to enable the use of PKCS#11 tokens with GnuPG. + ''; + homepage = http://gnupg-pkcs11.sourceforge.net/; + license = licenses.bsd3; + maintainers = with maintainers; [ lschuermann philandstuff ]; + platforms = platforms.unix; + }; +} + diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index 559ba0383bd..653858d3696 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -1,11 +1,12 @@ -{ stdenv, lib, buildGoPackage, fetchFromGitHub +{ stdenv, substituteAll, lib, buildGoPackage, fetchFromGitHub , AVFoundation, AudioToolbox, ImageIO, CoreMedia , Foundation, CoreGraphics, MediaToolbox +, gnupg }: buildGoPackage rec { pname = "keybase"; - version = "4.6.0"; + version = "4.7.2"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/keybase" ]; @@ -16,10 +17,18 @@ buildGoPackage rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - sha256 = "1aqj5s3vfji1zl7xdzphnsw3b8pnbg22n9rzdxkcdjf7via5wz2k"; + sha256 = "1ixfq9qv71misg04fvf4892z956w5aydq0r1wk6qk5jjqp6gf4lv"; }; - buildInputs = lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ]; + patches = [ + (substituteAll { + src = ./fix-paths-keybase.patch; + gpg = "${gnupg}/bin/gpg"; + gpg2 = "${gnupg}/bin/gpg2"; + }) + ]; + + buildInputs = stdenv.lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ]; buildFlags = [ "-tags production" ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/keybase/fix-paths-kbfs.patch b/pkgs/tools/security/keybase/fix-paths-kbfs.patch new file mode 100644 index 00000000000..1180f38b865 --- /dev/null +++ b/pkgs/tools/security/keybase/fix-paths-kbfs.patch @@ -0,0 +1,48 @@ +diff --git a/go/kbfs/libfuse/mounter.go b/go/kbfs/libfuse/mounter.go +index d791ffc2..b116ad5d 100644 +--- a/go/kbfs/libfuse/mounter.go ++++ b/go/kbfs/libfuse/mounter.go +@@ -108,7 +108,7 @@ func (m *mounter) Unmount() (err error) { + case "darwin": + _, err = exec.Command("/sbin/umount", dir).Output() + case "linux": +- fusermountOutput, fusermountErr := exec.Command("fusermount", "-u", dir).CombinedOutput() ++ fusermountOutput, fusermountErr := exec.Command("@fusermount@", "-u", dir).CombinedOutput() + // Only clean up mountdir on a clean unmount. + if fusermountErr == nil { + m.log.Info("Successfully unmounted") +@@ -135,7 +135,7 @@ func (m *mounter) Unmount() (err error) { + "/usr/sbin/diskutil", "unmountDisk", "force", dir).Output() + case "linux": + // Lazy unmount; will unmount when KBFS is no longer in use. +- _, err = exec.Command("fusermount", "-u", "-z", dir).Output() ++ _, err = exec.Command("@fusermount@", "-u", "-z", dir).Output() + default: + err = errors.New("Forced unmount is not supported on this platform yet") + } +diff --git a/go/vendor/bazil.org/fuse/mount_linux.go b/go/vendor/bazil.org/fuse/mount_linux.go +index ec7fd89c..4d0a9e30 100644 +--- a/go/vendor/bazil.org/fuse/mount_linux.go ++++ b/go/vendor/bazil.org/fuse/mount_linux.go +@@ -196,7 +196,7 @@ func mount(dir string, conf *mountConfig, ready chan<- struct{}, _ *error) (fuse + defer readFile.Close() + + cmd := exec.Command( +- "fusermount", ++ "@fusermount@", + "-o", conf.getOptions(), + "--", + dir, +diff --git a/go/vendor/bazil.org/fuse/unmount_linux.go b/go/vendor/bazil.org/fuse/unmount_linux.go +index f02448af..6e4c6c23 100644 +--- a/go/vendor/bazil.org/fuse/unmount_linux.go ++++ b/go/vendor/bazil.org/fuse/unmount_linux.go +@@ -21,7 +21,7 @@ func unmount(dir string) error { + return sysunix.Unmount(dir, sysunix.MNT_DETACH) + } + +- cmd := exec.Command("fusermount", "-u", dir) ++ cmd := exec.Command("@fusermount@", "-u", dir) + output, err := cmd.CombinedOutput() + if err != nil { + if len(output) > 0 { diff --git a/pkgs/tools/security/keybase/fix-paths-keybase.patch b/pkgs/tools/security/keybase/fix-paths-keybase.patch new file mode 100644 index 00000000000..b3de7bbb530 --- /dev/null +++ b/pkgs/tools/security/keybase/fix-paths-keybase.patch @@ -0,0 +1,16 @@ +diff --git a/go/libkb/gpg_cli.go b/go/libkb/gpg_cli.go +index 3c7c6257..ae8f7e2f 100644 +--- a/go/libkb/gpg_cli.go ++++ b/go/libkb/gpg_cli.go +@@ -54,9 +54,9 @@ func (g *GpgCLI) Configure(mctx MetaContext) (err error) { + if len(prog) > 0 { + err = canExec(prog) + } else { +- prog, err = exec.LookPath("gpg2") ++ prog, err = exec.LookPath("@gpg2@") + if err != nil { +- prog, err = exec.LookPath("gpg") ++ prog, err = exec.LookPath("@gpg@") + } + } + if err != nil { diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix index aa4db75cef1..1d32f1cc881 100644 --- a/pkgs/tools/security/keybase/gui.nix +++ b/pkgs/tools/security/keybase/gui.nix @@ -4,16 +4,16 @@ , runtimeShell, gsettings-desktop-schemas }: let - versionSuffix = "20191010154240.134c2d892b"; + versionSuffix = "20191028173732.6fc2e969b4"; in stdenv.mkDerivation rec { pname = "keybase-gui"; - version = "4.6.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "4.7.2"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - sha256 = "a25f0c676c00d306859d32e4dad7a23dd4955fa0b352be50c281081f2cf000ae"; + sha256 = "01slhdxcjs1543rz1khxhzn25g26vm9fd9mcyd5ahp2v4g37b8sd"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/keybase/kbfs.nix b/pkgs/tools/security/keybase/kbfs.nix index 9448182a65a..93c7bd540d8 100644 --- a/pkgs/tools/security/keybase/kbfs.nix +++ b/pkgs/tools/security/keybase/kbfs.nix @@ -1,4 +1,4 @@ -{ stdenv, buildGoPackage, fetchFromGitHub, keybase }: +{ stdenv, substituteAll, buildGoPackage, fetchFromGitHub, fuse, osxfuse, keybase }: buildGoPackage { pname = "kbfs"; @@ -10,6 +10,13 @@ buildGoPackage { dontRenameImports = true; + patches = [ + (substituteAll { + src = ./fix-paths-kbfs.patch; + fusermount = "${fuse}/bin/fusermount"; + }) + ]; + buildFlags = [ "-tags production" ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/theharvester/default.nix b/pkgs/tools/security/theharvester/default.nix index 4a1e92e6104..4153ddafbf4 100644 --- a/pkgs/tools/security/theharvester/default.nix +++ b/pkgs/tools/security/theharvester/default.nix @@ -1,40 +1,36 @@ -{ stdenv, fetchFromGitHub, makeWrapper, python3Packages }: +{ lib, fetchFromGitHub, python3 }: -stdenv.mkDerivation rec { +python3.pkgs.buildPythonApplication rec { pname = "theHarvester"; - version = "3.0.6"; + version = "3.1"; src = fetchFromGitHub { owner = "laramies"; repo = pname; - rev = version; - sha256 = "0f33a7sfb5ih21yp1wspb03fxsls1m14yizgrw0srfirm2a6aa0c"; + rev = "V${version}"; + sha256 = "0lxzxfa9wbzim50d2jmd27i57szd0grm1dfayhnym86jn01qpvn3"; }; - nativeBuildInputs = [ makeWrapper ]; + propagatedBuildInputs = with python3.pkgs; [ + aiodns beautifulsoup4 dns grequests netaddr + plotly pyyaml requests retrying shodan texttable + ]; - # add dependencies - propagatedBuildInputs = with python3Packages; [ requests beautifulsoup4 plotly ]; + checkInputs = [ python3.pkgs.pytest ]; - installPhase = '' - # create dirs - mkdir -p $out/share/${pname} $out/bin + checkPhase = "runHook preCheck ; pytest tests/test_myparser.py ; runHook postCheck"; + # We don't run other tests (discovery modules) because they require network access - # move project code - mv * $out/share/${pname}/ - - # make project runnable - chmod +x $out/share/${pname}/theHarvester.py - ln -s $out/share/${pname}/theHarvester.py $out/bin - - wrapProgram "$out/bin/theHarvester.py" --prefix PYTHONPATH : $out/share/${pname}:$PYTHONPATH - ''; - - meta = with stdenv.lib; { + meta = with lib; { description = "Gather E-mails, subdomains and names from different public sources"; + longDescription = '' + theHarvester is a very simple, yet effective tool designed to be used in the early + stages of a penetration test. Use it for open source intelligence gathering and + helping to determine an entity's external threat landscape on the internet. The tool + gathers emails, names, subdomains, IPs, and URLs using multiple public data sources. + ''; homepage = "https://github.com/laramies/theHarvester"; - platforms = platforms.all; - maintainers = with maintainers; [ treemo ]; + maintainers = with maintainers; [ c0bw3b treemo ]; license = licenses.gpl2; }; } |