diff options
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/chrome-token-signing/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/diceware/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/fail2ban/default.nix | 15 | ||||
-rw-r--r-- | pkgs/tools/security/fido2luks/default.nix | 32 | ||||
-rw-r--r-- | pkgs/tools/security/jd-gui/default.nix | 23 | ||||
-rw-r--r-- | pkgs/tools/security/jwt-cli/default.nix | 25 | ||||
-rw-r--r-- | pkgs/tools/security/munge/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/nmap/default.nix | 43 | ||||
-rw-r--r-- | pkgs/tools/security/nmap/qt.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/pass/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/pcsctools/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/rage/default.nix | 24 | ||||
-rw-r--r-- | pkgs/tools/security/tor/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/vault/default.nix | 4 |
14 files changed, 132 insertions, 66 deletions
diff --git a/pkgs/tools/security/chrome-token-signing/default.nix b/pkgs/tools/security/chrome-token-signing/default.nix index 5e304f86b4e..76c845e7a99 100644 --- a/pkgs/tools/security/chrome-token-signing/default.nix +++ b/pkgs/tools/security/chrome-token-signing/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchFromGitHub, qmake, pcsclite, pkgconfig, opensc }: +{ mkDerivation, fetchFromGitHub, qmake, pcsclite, pkgconfig, opensc }: -stdenv.mkDerivation rec { +mkDerivation rec { pname = "chrome-token-signing"; version = "1.0.7"; diff --git a/pkgs/tools/security/diceware/default.nix b/pkgs/tools/security/diceware/default.nix index 07682eb22c5..dcd7e853564 100644 --- a/pkgs/tools/security/diceware/default.nix +++ b/pkgs/tools/security/diceware/default.nix @@ -1,8 +1,8 @@ { lib -, pythonPackages +, python3Packages }: -with pythonPackages; +with python3Packages; buildPythonApplication rec { pname = "diceware"; diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index 5ea91854282..4ec84353e4e 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchFromGitHub, fetchpatch, python3, gamin }: +{ stdenv, fetchFromGitHub, python3, gamin }: -let version = "0.10.4"; in +let version = "0.10.5"; in python3.pkgs.buildPythonApplication { pname = "fail2ban"; @@ -10,18 +10,9 @@ python3.pkgs.buildPythonApplication { owner = "fail2ban"; repo = "fail2ban"; rev = version; - sha256 = "07ik6rm856q0ic2r7vbg6j3hsdcdgkv44hh5ck0c2y21fqwrck3l"; + sha256 = "1s8g46vkwhqnagj69v4wvcasypzkmq7awhfbxahffrypcpad5ach"; }; - patches = [ - # 0.10.3 supports Python 3 but somehow this got into the way - # https://github.com/fail2ban/fail2ban/issues/2255 - (fetchpatch { - url = "https://github.com/fail2ban/fail2ban/commit/657b147c0d7830f3600f3dc7feaa4815a7e19fde.patch"; - sha256 = "1hrk2x7ssrfhab1wrjk5xw1sxhiv2735glfcp6qcj8x4dss3q7f7"; - }) - ]; - pythonPath = with python3.pkgs; stdenv.lib.optionals stdenv.isLinux [ systemd diff --git a/pkgs/tools/security/fido2luks/default.nix b/pkgs/tools/security/fido2luks/default.nix new file mode 100644 index 00000000000..0bb5a91a81a --- /dev/null +++ b/pkgs/tools/security/fido2luks/default.nix @@ -0,0 +1,32 @@ +{ stdenv +, rustPlatform +, fetchFromGitHub +, cryptsetup +, pkg-config +}: + +rustPlatform.buildRustPackage rec { + pname = "fido2luks"; + version = "0.2.2"; + + src = fetchFromGitHub { + owner = "shimunn"; + repo = pname; + rev = version; + sha256 = "018qzbgmgm0f0d0c7i54nqqjbr4k5mzy1xfavi6hpifjll971wci"; + }; + + buildInputs = [ cryptsetup ]; + nativeBuildInputs = [ pkg-config ]; + + cargoSha256 = "1kf757wxxk5h8dfbz588qw1pnyjbg5qzr7rz14i7x8rhmn5xwb74"; + verifyCargoDeps = true; + + meta = with stdenv.lib; { + description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator"; + homepage = "https://github.com/shimunn/fido2luks"; + license = licenses.gpl3; + maintainers = with maintainers; [ prusnak mmahut ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/jd-gui/default.nix b/pkgs/tools/security/jd-gui/default.nix index 86b88638bd7..af88fd6270f 100644 --- a/pkgs/tools/security/jd-gui/default.nix +++ b/pkgs/tools/security/jd-gui/default.nix @@ -1,27 +1,25 @@ -{ stdenv, fetchFromGitHub, jre, jdk, makeDesktopItem, perl, writeText, runtimeShell }: +{ stdenv, fetchFromGitHub, jre, jdk, gradle, makeDesktopItem, perl, writeText, runtimeShell }: let pname = "jd-gui"; - version = "1.6.5"; + version = "1.6.6"; src = fetchFromGitHub { owner = "java-decompiler"; repo = pname; rev = "v${version}"; - sha256 = "0yn2xcwznig941pw2f3wi8ixz1wprxcn9wl0g2ggdzx51rfwgzzi"; + sha256 = "010bd3q2m4jy4qz5ahdx86b5f558s068gbjlbpdhq3bhh4yrjy20"; }; deps = stdenv.mkDerivation { name = "${pname}-deps"; inherit src; - nativeBuildInputs = [ jdk perl ]; - - patchPhase = "patchShebangs gradlew"; + nativeBuildInputs = [ jdk perl gradle ]; buildPhase = '' export GRADLE_USER_HOME=$(mktemp -d); - ./gradlew --no-daemon jar + gradle --no-daemon jar ''; # Mavenize dependency paths @@ -30,12 +28,11 @@ let find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \ | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \ | sh - cp -r $GRADLE_USER_HOME/wrapper $out ''; outputHashAlgo = "sha256"; outputHashMode = "recursive"; - outputHash = "1s4p91iiyikrsgvpzkhw3jm5lsm0jpzp7iw7afdhhl9jm18igs70"; + outputHash = "1qil12s0daxpxj5xj5dj6s2k89is0kiir2vcafkm3lasc41acmk3"; }; # Point to our local deps repo @@ -74,15 +71,11 @@ in stdenv.mkDerivation rec { inherit pname version src; name = "${pname}-${version}"; - nativeBuildInputs = [ jdk ]; - - patchPhase = "patchShebangs gradlew"; + nativeBuildInputs = [ jdk gradle ]; buildPhase = '' export GRADLE_USER_HOME=$(mktemp -d) - cp -r ${deps}/wrapper $GRADLE_USER_HOME - chmod u+w $GRADLE_USER_HOME/wrapper/dists/gradle*/*/*.lck - ./gradlew --offline --no-daemon --info --init-script ${gradleInit} jar + gradle --offline --no-daemon --info --init-script ${gradleInit} jar ''; installPhase = let diff --git a/pkgs/tools/security/jwt-cli/default.nix b/pkgs/tools/security/jwt-cli/default.nix new file mode 100644 index 00000000000..83b630a4f4f --- /dev/null +++ b/pkgs/tools/security/jwt-cli/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchFromGitHub, rustPlatform, Security }: + +rustPlatform.buildRustPackage rec { + pname = "jwt-cli"; + version = "2.5.1"; + + src = fetchFromGitHub { + owner = "mike-engel"; + repo = pname; + rev = version; + sha256 = "1p0c4398kwczwvl4krvfdhg1ixp1gj9nmvzqqv2xlmvrw1qsin8w"; + }; + + cargoSha256 = "005y92acsn5j490jkp23ny7bsjd9ql1glybmbh4cyc8b15hmy618"; + + buildInputs = stdenv.lib.optional stdenv.isDarwin Security; + + meta = with stdenv.lib; { + description = "Super fast CLI tool to decode and encode JWTs"; + homepage = "https://github.com/mike-engel/jwt-cli"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ rycee ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/tools/security/munge/default.nix b/pkgs/tools/security/munge/default.nix index 2d758aa2aec..ee1858ad284 100644 --- a/pkgs/tools/security/munge/default.nix +++ b/pkgs/tools/security/munge/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchFromGitHub, autoreconfHook, gawk, gnused, libgcrypt, zlib, bzip2 }: stdenv.mkDerivation rec { - name = "munge-0.5.13"; + name = "munge-0.5.14"; src = fetchFromGitHub { owner = "dun"; repo = "munge"; rev = name; - sha256 = "1c4ff3d8ad3inbliszr4slym3b4cn19bn6mxm13mzy20jyi2rm70"; + sha256 = "15h805rwcb9f89dyrkxfclzs41n3ff8x7cc1dbvs8mb0ds682c4j"; }; nativeBuildInputs = [ autoreconfHook gawk gnused ]; diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index 1b66dab35c8..f88c533d71d 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -1,24 +1,16 @@ { stdenv, fetchurl, fetchpatch, libpcap, pkgconfig, openssl, lua5_3 +, pcre, liblinear, libssh2 , graphicalSupport ? false , libX11 ? null , gtk2 ? null -, withPython ? false # required for the `ndiff` binary -, python2Packages ? null +, python2 ? null , makeWrapper ? null , withLua ? true }: -assert withPython -> python2Packages != null; - with stdenv.lib; -let - - # Zenmap (the graphical program) also requires Python, - # so automatically enable pythonSupport if graphicalSupport is requested. - pythonSupport = withPython || graphicalSupport; - -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; version = "7.80"; @@ -48,10 +40,7 @@ in stdenv.mkDerivation rec { configureFlags = [ (if withLua then "--with-liblua=${lua5_3}" else "--without-liblua") - ] - ++ optional (!pythonSupport) "--without-ndiff" - ++ optional (!graphicalSupport) "--without-zenmap" - ; + ] ++ optionals (!graphicalSupport) [ "--without-ndiff" "--without-zenmap" ]; makeFlags = optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ "AR=${stdenv.cc.bintools.targetPrefix}ar" @@ -59,18 +48,22 @@ in stdenv.mkDerivation rec { "CC=${stdenv.cc.targetPrefix}gcc" ]; - postInstall = optionalString pythonSupport '' - wrapProgram $out/bin/ndiff --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" - '' + optionalString graphicalSupport '' - wrapProgram $out/bin/zenmap --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" --prefix PYTHONPATH : $(toPythonPath $pygtk)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pygobject)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pycairo)/gtk-2.0 + pythonPath = with python2.pkgs; optionals graphicalSupport [ + pygtk pysqlite pygobject2 pycairo + ]; + + nativeBuildInputs = [ pkgconfig ] ++ optionals graphicalSupport [ python2.pkgs.wrapPython ]; + buildInputs = [ pcre liblinear libssh2 libpcap openssl ] ++ optionals graphicalSupport (with python2.pkgs; [ + python2 libX11 gtk2 + ]); + + postInstall = optionalString graphicalSupport '' + buildPythonPath "$out $pythonPath" + patchPythonScript $out/bin/ndiff + patchPythonScript $out/bin/zenmap ''; - nativeBuildInputs = [ pkgconfig ]; - buildInputs = with python2Packages; [ libpcap openssl ] - ++ optionals pythonSupport [ makeWrapper python ] - ++ optionals graphicalSupport [ - libX11 gtk2 pygtk pysqlite pygobject2 pycairo - ]; + enableParallelBuilding = true; doCheck = false; # fails 3 tests, probably needs the net diff --git a/pkgs/tools/security/nmap/qt.nix b/pkgs/tools/security/nmap/qt.nix index f873c475bbf..2dcd7fed0c4 100644 --- a/pkgs/tools/security/nmap/qt.nix +++ b/pkgs/tools/security/nmap/qt.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, cmake, pkgconfig, makeWrapper +{ stdenv, fetchFromGitHub, cmake, pkgconfig, wrapQtAppsHook , dnsutils, nmap , qtbase, qtscript, qtwebengine }: @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { sha256 = "10wqyrjzmad1g7lqa65rymbkna028xbp4xcpj442skw8gyrs3994"; }; - nativeBuildInputs = [ cmake makeWrapper pkgconfig ]; + nativeBuildInputs = [ cmake pkgconfig wrapQtAppsHook ]; buildInputs = [ qtbase qtscript qtwebengine ]; diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 5d0e94bc803..54a8f4de7d7 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -111,6 +111,12 @@ let '' + stdenv.lib.optionalString stdenv.isDarwin '' # 'pass edit' uses hdid, which is not available from the sandbox. rm -f tests/t0200-edit-tests.sh + rm -f tests/t0010-generate-tests.sh + rm -f tests/t0020-show-tests.sh + rm -f tests/t0050-mv-tests.sh + rm -f tests/t0100-insert-tests.sh + rm -f tests/t0300-reencryption.sh + rm -f tests/t0400-grep.sh ''; doCheck = false; diff --git a/pkgs/tools/security/pcsctools/default.nix b/pkgs/tools/security/pcsctools/default.nix index 24519654e9a..fa53b91a02f 100644 --- a/pkgs/tools/security/pcsctools/default.nix +++ b/pkgs/tools/security/pcsctools/default.nix @@ -5,11 +5,11 @@ let deps = lib.makeBinPath [ wget coreutils ]; in stdenv.mkDerivation rec { - name = "pcsc-tools-1.5.4"; + name = "pcsc-tools-1.5.5"; src = fetchurl { url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${name}.tar.bz2"; - sha256 = "14vw6ya8gzyw3lzyrsvfcxx7qm7ry39fbxcdqqh552c1lyxnm7n3"; + sha256 = "01251m8hf7by8rw8fayhjxmcqvi6dp150680fpf89bqycha2vgqv"; }; buildInputs = [ udev dbus perlPackages.perl pcsclite ]; diff --git a/pkgs/tools/security/rage/default.nix b/pkgs/tools/security/rage/default.nix new file mode 100644 index 00000000000..63cc2972a58 --- /dev/null +++ b/pkgs/tools/security/rage/default.nix @@ -0,0 +1,24 @@ +{ stdenv, rustPlatform, fetchFromGitHub, Security }: + +rustPlatform.buildRustPackage rec { + pname = "rage"; + version = "0.2.0"; + + src = fetchFromGitHub { + owner = "str4d"; + repo = pname; + rev = "v${version}"; + sha256 = "0ri4rfhy1wl0cppi2cp97kkiz08x2f072yfahn2kv9r4v1i9f4a7"; + }; + + cargoSha256 = "02adwvcvha83zcvc5n7p88l7wmkg52j2xhznmhabc0zn328as2yd"; + + buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security ]; + + meta = with stdenv.lib; { + description = "A simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability"; + homepage = "https://github.com/str4d/rage"; + license = licenses.asl20; + maintainers = [ maintainers.marsam ]; + }; +} diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 527c8064bac..819b9688924 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.1.6"; + version = "0.4.2.5"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "0wgdid8w7srd218hh4rwslzdx2ickxw1pg18p2wry1r6wi65521a"; + sha256 = "1hnqg6psf7shcmlvfk44mkpaz7v66mify3cnx7mzl23q5s37anad"; }; outputs = [ "out" "geoip" ]; @@ -34,6 +34,8 @@ stdenv.mkDerivation rec { substituteInPlace contrib/client-tools/torify \ --replace 'pathfind torsocks' true \ --replace 'exec torsocks' 'exec ${torsocks}/bin/torsocks' + + patchShebangs ./scripts/maint/checkShellScripts.sh ''; enableParallelBuilding = true; diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 11b0b067ccb..3b209d5c068 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -2,13 +2,13 @@ buildGoPackage rec { pname = "vault"; - version = "1.3.1"; + version = "1.3.2"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "052aj79gwmydc7ph1g567cbssqf8dsmqxad47k5hc5sc58bx7c93"; + sha256 = "17zymmm1r4yxwazn2qx2l01i7g91rn40h7hzgwf0pr6pwmdxvkzg"; }; goPackagePath = "github.com/hashicorp/vault"; |