From a6ddcd45da2105b1b8b43f92756cbd07db973699 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Wed, 24 Jul 2019 21:26:13 +0200 Subject: checksec: 1.5 -> 2.0.1 --- pkgs/os-specific/linux/checksec/default.nix | 50 +++++++++++++---------------- 1 file changed, 23 insertions(+), 27 deletions(-) (limited to 'pkgs/os-specific/linux/checksec/default.nix') diff --git a/pkgs/os-specific/linux/checksec/default.nix b/pkgs/os-specific/linux/checksec/default.nix index 6c927ae93af..dc704dc167e 100644 --- a/pkgs/os-specific/linux/checksec/default.nix +++ b/pkgs/os-specific/linux/checksec/default.nix @@ -1,43 +1,39 @@ -{ stdenv, fetchurl, file, findutils, binutils-unwrapped, glibc, coreutils, sysctl }: +{ stdenv, fetchFromGitHub, makeWrapper, file, findutils +, binutils-unwrapped, glibc, coreutils, sysctl, openssl +}: stdenv.mkDerivation rec { - name = "checksec-${version}"; - version = "1.5"; + pname = "checksec"; + version = "2.0.1"; - src = fetchurl { - url = "https://www.trapkit.de/tools/checksec.sh"; - sha256 = "0iq9v568mk7g7ksa1939g5f5sx7ffq8s8n2ncvphvlckjgysgf3p"; + src = fetchFromGitHub { + owner = "slimm609"; + repo = "checksec.sh"; + rev = version; + sha256 = "04lzwm24d576h425rgvgjj2wim29i3961jrj35r43wrswmrsc3r2"; }; patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch ]; + nativeBuildInputs = [ makeWrapper ]; - unpackPhase = '' - mkdir ${name} - cp $src ${name}/checksec.sh - cd ${name} - ''; - - installPhase = '' + installPhase = let + path = stdenv.lib.makeBinPath [ + findutils file binutils-unwrapped sysctl openssl + ]; + in '' mkdir -p $out/bin - cp checksec.sh $out/bin/checksec - chmod +x $out/bin/checksec - substituteInPlace $out/bin/checksec --replace /bin/bash ${stdenv.shell} + install checksec $out/bin substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6 - substituteInPlace $out/bin/checksec --replace find ${findutils}/bin/find - substituteInPlace $out/bin/checksec --replace "file $" "${file}/bin/file $" - substituteInPlace $out/bin/checksec --replace "xargs file" "xargs ${file}/bin/file" - substituteInPlace $out/bin/checksec --replace " readelf -" " ${binutils-unwrapped}/bin/readelf -" - substituteInPlace $out/bin/checksec --replace "(readelf -" "(${binutils-unwrapped}/bin/readelf -" - substituteInPlace $out/bin/checksec --replace "command_exists readelf" "command_exists ${binutils-unwrapped}/bin/readelf" - substituteInPlace $out/bin/checksec --replace "/sbin/sysctl -" "${sysctl}/bin/sysctl -" substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -" + wrapProgram $out/bin/checksec \ + --prefix PATH : ${path} ''; - meta = { + meta = with stdenv.lib; { description = "A tool for checking security bits on executables"; homepage = "http://www.trapkit.de/tools/checksec.html"; - license = stdenv.lib.licenses.bsd3; - platforms = stdenv.lib.platforms.linux; - maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ thoughtpolice globin ]; }; } -- cgit 1.4.1