summary refs log tree commit diff
path: root/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r--pkgs/tools/security/chrome-token-signing/default.nix4
-rw-r--r--pkgs/tools/security/diceware/default.nix4
-rw-r--r--pkgs/tools/security/fail2ban/default.nix15
-rw-r--r--pkgs/tools/security/fido2luks/default.nix32
-rw-r--r--pkgs/tools/security/jd-gui/default.nix23
-rw-r--r--pkgs/tools/security/jwt-cli/default.nix25
-rw-r--r--pkgs/tools/security/munge/default.nix4
-rw-r--r--pkgs/tools/security/nmap/default.nix43
-rw-r--r--pkgs/tools/security/nmap/qt.nix4
-rw-r--r--pkgs/tools/security/pass/default.nix6
-rw-r--r--pkgs/tools/security/pcsctools/default.nix4
-rw-r--r--pkgs/tools/security/rage/default.nix24
-rw-r--r--pkgs/tools/security/tor/default.nix6
-rw-r--r--pkgs/tools/security/vault/default.nix4
14 files changed, 132 insertions, 66 deletions
diff --git a/pkgs/tools/security/chrome-token-signing/default.nix b/pkgs/tools/security/chrome-token-signing/default.nix
index 5e304f86b4e..76c845e7a99 100644
--- a/pkgs/tools/security/chrome-token-signing/default.nix
+++ b/pkgs/tools/security/chrome-token-signing/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, fetchFromGitHub, qmake, pcsclite, pkgconfig, opensc }:
+{ mkDerivation, fetchFromGitHub, qmake, pcsclite, pkgconfig, opensc }:
 
-stdenv.mkDerivation rec {
+mkDerivation rec {
   pname = "chrome-token-signing";
   version = "1.0.7";
 
diff --git a/pkgs/tools/security/diceware/default.nix b/pkgs/tools/security/diceware/default.nix
index 07682eb22c5..dcd7e853564 100644
--- a/pkgs/tools/security/diceware/default.nix
+++ b/pkgs/tools/security/diceware/default.nix
@@ -1,8 +1,8 @@
 { lib
-, pythonPackages
+, python3Packages
 }:
 
-with pythonPackages;
+with python3Packages;
 
 buildPythonApplication rec {
   pname = "diceware";
diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix
index 5ea91854282..4ec84353e4e 100644
--- a/pkgs/tools/security/fail2ban/default.nix
+++ b/pkgs/tools/security/fail2ban/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, fetchFromGitHub, fetchpatch, python3, gamin }:
+{ stdenv, fetchFromGitHub, python3, gamin }:
 
-let version = "0.10.4"; in
+let version = "0.10.5"; in
 
 python3.pkgs.buildPythonApplication {
   pname = "fail2ban";
@@ -10,18 +10,9 @@ python3.pkgs.buildPythonApplication {
     owner  = "fail2ban";
     repo   = "fail2ban";
     rev    = version;
-    sha256 = "07ik6rm856q0ic2r7vbg6j3hsdcdgkv44hh5ck0c2y21fqwrck3l";
+    sha256 = "1s8g46vkwhqnagj69v4wvcasypzkmq7awhfbxahffrypcpad5ach";
   };
 
-  patches = [
-    # 0.10.3 supports Python 3 but somehow this got into the way
-    # https://github.com/fail2ban/fail2ban/issues/2255
-    (fetchpatch {
-      url = "https://github.com/fail2ban/fail2ban/commit/657b147c0d7830f3600f3dc7feaa4815a7e19fde.patch";
-      sha256 = "1hrk2x7ssrfhab1wrjk5xw1sxhiv2735glfcp6qcj8x4dss3q7f7";
-    })
-  ];
-
   pythonPath = with python3.pkgs;
     stdenv.lib.optionals stdenv.isLinux [
       systemd
diff --git a/pkgs/tools/security/fido2luks/default.nix b/pkgs/tools/security/fido2luks/default.nix
new file mode 100644
index 00000000000..0bb5a91a81a
--- /dev/null
+++ b/pkgs/tools/security/fido2luks/default.nix
@@ -0,0 +1,32 @@
+{ stdenv
+, rustPlatform
+, fetchFromGitHub
+, cryptsetup
+, pkg-config
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "fido2luks";
+  version = "0.2.2";
+
+  src = fetchFromGitHub {
+    owner = "shimunn";
+    repo = pname;
+    rev = version;
+    sha256 = "018qzbgmgm0f0d0c7i54nqqjbr4k5mzy1xfavi6hpifjll971wci";
+  };
+
+  buildInputs = [ cryptsetup ];
+  nativeBuildInputs = [ pkg-config ];
+
+  cargoSha256 = "1kf757wxxk5h8dfbz588qw1pnyjbg5qzr7rz14i7x8rhmn5xwb74";
+  verifyCargoDeps = true;
+
+  meta = with stdenv.lib; {
+    description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator";
+    homepage = "https://github.com/shimunn/fido2luks";
+    license = licenses.gpl3;
+    maintainers = with maintainers; [ prusnak mmahut ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/security/jd-gui/default.nix b/pkgs/tools/security/jd-gui/default.nix
index 86b88638bd7..af88fd6270f 100644
--- a/pkgs/tools/security/jd-gui/default.nix
+++ b/pkgs/tools/security/jd-gui/default.nix
@@ -1,27 +1,25 @@
-{ stdenv, fetchFromGitHub, jre, jdk, makeDesktopItem, perl, writeText, runtimeShell }:
+{ stdenv, fetchFromGitHub, jre, jdk, gradle, makeDesktopItem, perl, writeText, runtimeShell }:
 
 let
   pname = "jd-gui";
-  version = "1.6.5";
+  version = "1.6.6";
 
   src = fetchFromGitHub {
     owner = "java-decompiler";
     repo = pname;
     rev = "v${version}";
-    sha256 = "0yn2xcwznig941pw2f3wi8ixz1wprxcn9wl0g2ggdzx51rfwgzzi";
+    sha256 = "010bd3q2m4jy4qz5ahdx86b5f558s068gbjlbpdhq3bhh4yrjy20";
   };
 
   deps = stdenv.mkDerivation {
     name = "${pname}-deps";
     inherit src;
 
-    nativeBuildInputs = [ jdk perl ];
-
-    patchPhase = "patchShebangs gradlew";
+    nativeBuildInputs = [ jdk perl gradle ];
 
     buildPhase = ''
       export GRADLE_USER_HOME=$(mktemp -d);
-      ./gradlew --no-daemon jar
+      gradle --no-daemon jar
     '';
 
     # Mavenize dependency paths
@@ -30,12 +28,11 @@ let
       find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \
         | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \
         | sh
-      cp -r $GRADLE_USER_HOME/wrapper $out
     '';
 
     outputHashAlgo = "sha256";
     outputHashMode = "recursive";
-    outputHash = "1s4p91iiyikrsgvpzkhw3jm5lsm0jpzp7iw7afdhhl9jm18igs70";
+    outputHash = "1qil12s0daxpxj5xj5dj6s2k89is0kiir2vcafkm3lasc41acmk3";
   };
 
   # Point to our local deps repo
@@ -74,15 +71,11 @@ in stdenv.mkDerivation rec {
   inherit pname version src;
   name = "${pname}-${version}";
 
-  nativeBuildInputs = [ jdk ];
-
-  patchPhase = "patchShebangs gradlew";
+  nativeBuildInputs = [ jdk gradle ];
 
   buildPhase = ''
     export GRADLE_USER_HOME=$(mktemp -d)
-    cp -r ${deps}/wrapper $GRADLE_USER_HOME
-    chmod u+w $GRADLE_USER_HOME/wrapper/dists/gradle*/*/*.lck
-    ./gradlew --offline --no-daemon --info --init-script ${gradleInit} jar
+    gradle --offline --no-daemon --info --init-script ${gradleInit} jar
   '';
 
   installPhase = let
diff --git a/pkgs/tools/security/jwt-cli/default.nix b/pkgs/tools/security/jwt-cli/default.nix
new file mode 100644
index 00000000000..83b630a4f4f
--- /dev/null
+++ b/pkgs/tools/security/jwt-cli/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, fetchFromGitHub, rustPlatform, Security }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "jwt-cli";
+  version = "2.5.1";
+
+  src = fetchFromGitHub {
+    owner = "mike-engel";
+    repo = pname;
+    rev = version;
+    sha256 = "1p0c4398kwczwvl4krvfdhg1ixp1gj9nmvzqqv2xlmvrw1qsin8w";
+  };
+
+  cargoSha256 = "005y92acsn5j490jkp23ny7bsjd9ql1glybmbh4cyc8b15hmy618";
+
+  buildInputs = stdenv.lib.optional stdenv.isDarwin Security;
+
+  meta = with stdenv.lib; {
+    description = "Super fast CLI tool to decode and encode JWTs";
+    homepage = "https://github.com/mike-engel/jwt-cli";
+    license = with licenses; [ mit ];
+    maintainers = with maintainers; [ rycee ];
+    platforms = platforms.all;
+  };
+}
diff --git a/pkgs/tools/security/munge/default.nix b/pkgs/tools/security/munge/default.nix
index 2d758aa2aec..ee1858ad284 100644
--- a/pkgs/tools/security/munge/default.nix
+++ b/pkgs/tools/security/munge/default.nix
@@ -1,13 +1,13 @@
 { stdenv, fetchFromGitHub, autoreconfHook, gawk, gnused, libgcrypt, zlib, bzip2 }:
 
 stdenv.mkDerivation rec {
-  name = "munge-0.5.13";
+  name = "munge-0.5.14";
 
   src = fetchFromGitHub {
     owner = "dun";
     repo = "munge";
     rev = name;
-    sha256 = "1c4ff3d8ad3inbliszr4slym3b4cn19bn6mxm13mzy20jyi2rm70";
+    sha256 = "15h805rwcb9f89dyrkxfclzs41n3ff8x7cc1dbvs8mb0ds682c4j";
   };
 
   nativeBuildInputs = [ autoreconfHook gawk gnused ];
diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix
index 1b66dab35c8..f88c533d71d 100644
--- a/pkgs/tools/security/nmap/default.nix
+++ b/pkgs/tools/security/nmap/default.nix
@@ -1,24 +1,16 @@
 { stdenv, fetchurl, fetchpatch, libpcap, pkgconfig, openssl, lua5_3
+, pcre, liblinear, libssh2
 , graphicalSupport ? false
 , libX11 ? null
 , gtk2 ? null
-, withPython ? false # required for the `ndiff` binary
-, python2Packages ? null
+, python2 ? null
 , makeWrapper ? null
 , withLua ? true
 }:
 
-assert withPython -> python2Packages != null;
-
 with stdenv.lib;
 
-let
-
-  # Zenmap (the graphical program) also requires Python,
-  # so automatically enable pythonSupport if graphicalSupport is requested.
-  pythonSupport = withPython || graphicalSupport;
-
-in stdenv.mkDerivation rec {
+stdenv.mkDerivation rec {
   name = "nmap${optionalString graphicalSupport "-graphical"}-${version}";
   version = "7.80";
 
@@ -48,10 +40,7 @@ in stdenv.mkDerivation rec {
 
   configureFlags = [
     (if withLua then "--with-liblua=${lua5_3}" else "--without-liblua")
-  ]
-    ++ optional (!pythonSupport) "--without-ndiff"
-    ++ optional (!graphicalSupport) "--without-zenmap"
-    ;
+  ] ++ optionals (!graphicalSupport) [ "--without-ndiff" "--without-zenmap" ];
 
   makeFlags = optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
     "AR=${stdenv.cc.bintools.targetPrefix}ar"
@@ -59,18 +48,22 @@ in stdenv.mkDerivation rec {
     "CC=${stdenv.cc.targetPrefix}gcc"
   ];
 
-  postInstall = optionalString pythonSupport ''
-      wrapProgram $out/bin/ndiff --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH"
-  '' + optionalString graphicalSupport ''
-      wrapProgram $out/bin/zenmap --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" --prefix PYTHONPATH : $(toPythonPath $pygtk)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pygobject)/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath $pycairo)/gtk-2.0
+  pythonPath = with python2.pkgs; optionals graphicalSupport  [
+    pygtk pysqlite pygobject2 pycairo
+  ];
+
+  nativeBuildInputs = [ pkgconfig ] ++ optionals graphicalSupport [ python2.pkgs.wrapPython ];
+  buildInputs = [ pcre liblinear libssh2 libpcap openssl ] ++ optionals graphicalSupport (with python2.pkgs; [
+    python2 libX11 gtk2
+  ]);
+
+  postInstall = optionalString graphicalSupport ''
+    buildPythonPath "$out $pythonPath"
+    patchPythonScript $out/bin/ndiff
+    patchPythonScript $out/bin/zenmap
   '';
 
-  nativeBuildInputs = [ pkgconfig ];
-  buildInputs = with python2Packages; [ libpcap openssl ]
-    ++ optionals pythonSupport [ makeWrapper python ]
-    ++ optionals graphicalSupport [
-      libX11 gtk2 pygtk pysqlite pygobject2 pycairo
-    ];
+  enableParallelBuilding = true;
 
   doCheck = false; # fails 3 tests, probably needs the net
 
diff --git a/pkgs/tools/security/nmap/qt.nix b/pkgs/tools/security/nmap/qt.nix
index f873c475bbf..2dcd7fed0c4 100644
--- a/pkgs/tools/security/nmap/qt.nix
+++ b/pkgs/tools/security/nmap/qt.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, cmake, pkgconfig, makeWrapper
+{ stdenv, fetchFromGitHub, cmake, pkgconfig, wrapQtAppsHook
 , dnsutils, nmap
 , qtbase, qtscript, qtwebengine }:
 
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
     sha256 = "10wqyrjzmad1g7lqa65rymbkna028xbp4xcpj442skw8gyrs3994";
   };
 
-  nativeBuildInputs = [ cmake makeWrapper pkgconfig ];
+  nativeBuildInputs = [ cmake pkgconfig wrapQtAppsHook ];
 
   buildInputs = [ qtbase qtscript qtwebengine ];
 
diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix
index 5d0e94bc803..54a8f4de7d7 100644
--- a/pkgs/tools/security/pass/default.nix
+++ b/pkgs/tools/security/pass/default.nix
@@ -111,6 +111,12 @@ let
     '' + stdenv.lib.optionalString stdenv.isDarwin ''
       # 'pass edit' uses hdid, which is not available from the sandbox.
       rm -f tests/t0200-edit-tests.sh
+      rm -f tests/t0010-generate-tests.sh
+      rm -f tests/t0020-show-tests.sh
+      rm -f tests/t0050-mv-tests.sh
+      rm -f tests/t0100-insert-tests.sh
+      rm -f tests/t0300-reencryption.sh
+      rm -f tests/t0400-grep.sh
     '';
 
     doCheck = false;
diff --git a/pkgs/tools/security/pcsctools/default.nix b/pkgs/tools/security/pcsctools/default.nix
index 24519654e9a..fa53b91a02f 100644
--- a/pkgs/tools/security/pcsctools/default.nix
+++ b/pkgs/tools/security/pcsctools/default.nix
@@ -5,11 +5,11 @@
 let deps = lib.makeBinPath [ wget coreutils ];
 
 in stdenv.mkDerivation rec {
-  name = "pcsc-tools-1.5.4";
+  name = "pcsc-tools-1.5.5";
 
   src = fetchurl {
     url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${name}.tar.bz2";
-    sha256 = "14vw6ya8gzyw3lzyrsvfcxx7qm7ry39fbxcdqqh552c1lyxnm7n3";
+    sha256 = "01251m8hf7by8rw8fayhjxmcqvi6dp150680fpf89bqycha2vgqv";
   };
 
   buildInputs = [ udev dbus perlPackages.perl pcsclite ];
diff --git a/pkgs/tools/security/rage/default.nix b/pkgs/tools/security/rage/default.nix
new file mode 100644
index 00000000000..63cc2972a58
--- /dev/null
+++ b/pkgs/tools/security/rage/default.nix
@@ -0,0 +1,24 @@
+{ stdenv, rustPlatform, fetchFromGitHub, Security }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "rage";
+  version = "0.2.0";
+
+  src = fetchFromGitHub {
+    owner = "str4d";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0ri4rfhy1wl0cppi2cp97kkiz08x2f072yfahn2kv9r4v1i9f4a7";
+  };
+
+  cargoSha256 = "02adwvcvha83zcvc5n7p88l7wmkg52j2xhznmhabc0zn328as2yd";
+
+  buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security ];
+
+  meta = with stdenv.lib; {
+    description = "A simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability";
+    homepage = "https://github.com/str4d/rage";
+    license = licenses.asl20;
+    maintainers = [ maintainers.marsam ];
+  };
+}
diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix
index 527c8064bac..819b9688924 100644
--- a/pkgs/tools/security/tor/default.nix
+++ b/pkgs/tools/security/tor/default.nix
@@ -15,11 +15,11 @@
 
 stdenv.mkDerivation rec {
   pname = "tor";
-  version = "0.4.1.6";
+  version = "0.4.2.5";
 
   src = fetchurl {
     url = "https://dist.torproject.org/${pname}-${version}.tar.gz";
-    sha256 = "0wgdid8w7srd218hh4rwslzdx2ickxw1pg18p2wry1r6wi65521a";
+    sha256 = "1hnqg6psf7shcmlvfk44mkpaz7v66mify3cnx7mzl23q5s37anad";
   };
 
   outputs = [ "out" "geoip" ];
@@ -34,6 +34,8 @@ stdenv.mkDerivation rec {
     substituteInPlace contrib/client-tools/torify \
       --replace 'pathfind torsocks' true          \
       --replace 'exec torsocks' 'exec ${torsocks}/bin/torsocks'
+
+    patchShebangs ./scripts/maint/checkShellScripts.sh
   '';
 
   enableParallelBuilding = true;
diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix
index 11b0b067ccb..3b209d5c068 100644
--- a/pkgs/tools/security/vault/default.nix
+++ b/pkgs/tools/security/vault/default.nix
@@ -2,13 +2,13 @@
 
 buildGoPackage rec {
   pname = "vault";
-  version = "1.3.1";
+  version = "1.3.2";
 
   src = fetchFromGitHub {
     owner = "hashicorp";
     repo = "vault";
     rev = "v${version}";
-    sha256 = "052aj79gwmydc7ph1g567cbssqf8dsmqxad47k5hc5sc58bx7c93";
+    sha256 = "17zymmm1r4yxwazn2qx2l01i7g91rn40h7hzgwf0pr6pwmdxvkzg";
   };
 
   goPackagePath = "github.com/hashicorp/vault";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-29 01:37:56 +0000