diff options
Diffstat (limited to 'pkgs/tools/security')
27 files changed, 524 insertions, 64 deletions
diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix index 582b5ceae119..4981d8fa062a 100644 --- a/pkgs/tools/security/ecryptfs/default.nix +++ b/pkgs/tools/security/ecryptfs/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python, pam +{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python2, pam , intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }: stdenv.mkDerivation rec { @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { done ''; - buildInputs = [ pkgconfig perl nss nspr python pam intltool makeWrapper ]; + buildInputs = [ pkgconfig perl nss nspr python2 pam intltool makeWrapper ]; propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ]; postInstall = '' diff --git a/pkgs/tools/security/ecryptfs/helper.nix b/pkgs/tools/security/ecryptfs/helper.nix index 40e6771251ab..0d4b37a8efc0 100644 --- a/pkgs/tools/security/ecryptfs/helper.nix +++ b/pkgs/tools/security/ecryptfs/helper.nix @@ -1,7 +1,7 @@ { stdenv , fetchurl , makeWrapper -, python +, python2 }: stdenv.mkDerivation rec { @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { installPhase = '' mkdir -p $out/bin $out/libexec cp $src $out/libexec/ecryptfs-helper.py - makeWrapper "${python.interpreter} $out/libexec/ecryptfs-helper.py" $out/bin/ecryptfs-helper + makeWrapper "${python2.interpreter} $out/libexec/ecryptfs-helper.py" $out/bin/ecryptfs-helper ''; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/enpass/data.json b/pkgs/tools/security/enpass/data.json new file mode 100644 index 000000000000..4e245d1c80fc --- /dev/null +++ b/pkgs/tools/security/enpass/data.json @@ -0,0 +1,12 @@ +{ + "amd64": { + "path": "pool/main/e/enpass/enpass_5.3.0_amd64.deb", + "sha256": "d9da061c6456281da836bdd78bdb7baeced4b7f1805bb2495e4f1d15038cf86b", + "version": "5.3.0" + }, + "i386": { + "path": "pool/main/e/enpass/enpass_5.3.0_i386.deb", + "sha256": "58d9f3b83c2da477c13976e1826d112236eabd46a389de7e8767ee99ac41f469", + "version": "5.3.0" + } +}
\ No newline at end of file diff --git a/pkgs/tools/security/enpass/default.nix b/pkgs/tools/security/enpass/default.nix new file mode 100644 index 000000000000..b7f7282d2929 --- /dev/null +++ b/pkgs/tools/security/enpass/default.nix @@ -0,0 +1,106 @@ +{stdenv, system, fetchurl, dpkg, openssl, xorg +, glib, mesa, libpulseaudio, zlib, dbus, fontconfig, freetype +, gtk2, pango, atk, cairo, gdk_pixbuf, jasper, xkeyboardconfig +, makeWrapper , makeDesktopItem, python, pythonPackages, lib}: +assert system == "i686-linux" || system == "x86_64-linux"; +let + all_data = (with builtins; fromJSON (readFile ./data.json)); + system_map = { + i686-linux = "i386"; + x86_64-linux = "amd64"; + }; + + data = (with builtins; getAttr (getAttr system system_map) all_data); + + baseUrl = http://repo.sinew.in; + + # used of both wrappers and libpath + libPath = lib.makeLibraryPath (with xorg; [ + openssl + mesa + fontconfig + freetype + libpulseaudio + zlib + dbus + libX11 + libXi + libSM + libICE + libXext + libXrender + libXScrnSaver + glib + gtk2 + pango + cairo + atk + gdk_pixbuf + jasper + stdenv.cc.cc + ]); + package = stdenv.mkDerivation rec { + + inherit (data) version; + name = "enpass-${version}"; + + desktopItem = makeDesktopItem { + name = "Enpass"; + exec = "$out/bin/Enpass"; + #icon = "Enpass"; + desktopName = "Enpass"; + genericName = "Password manager"; + categories = "Application;Security;"; + }; + + + src = fetchurl { + inherit (data) sha256; + url = "${baseUrl}/${data.path}"; + }; + + meta = { + description = "a well known password manager"; + homepage = https://www.enpass.io/; + maintainer = lib.maintainers.ronny; + license = lib.licenses.unfree; + platforms = lib.platforms.linux; + }; + + buildInputs = [makeWrapper dpkg]; + phases = [ "unpackPhase" "installPhase" ]; + + unpackPhase = "dpkg -X $src ."; + installPhase='' + mkdir $out + cp -r opt/Enpass/* $out + + # Make desktop item + mkdir -p "$out"/share/applications + cp "$desktopItem"/share/applications/* "$out"/share/applications/ + mkdir -p "$out"/share/icons + + patchelf \ + --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + $out/bin/Enpass + + wrapProgram $out/bin/Enpass \ + --set LD_LIBRARY_PATH "${libPath}:$out/lib:$out/plugins/sqldrivers" \ + --set QT_PLUGIN_PATH "$out/plugins" \ + --set QT_QPA_PLATFORM_PLUGIN_PATH "$out/plugins/platforms" \ + --set QT_XKB_CONFIG_ROOT "${xkeyboardconfig}/share/X11/xkb" + ''; + }; + updater = { + update = stdenv.mkDerivation rec { + name = "enpass-update-script"; + SCRIPT =./update_script.py; + + buildInputs = with pythonPackages; [python requests pathlib2 six attrs ]; + shellHook = '' + exec python $SCRIPT --target pkgs/tools/security/enpass/data.json --repo ${baseUrl} + ''; + + }; + }; +in (package // {refresh = updater;}) diff --git a/pkgs/tools/security/enpass/update_script.py b/pkgs/tools/security/enpass/update_script.py new file mode 100644 index 000000000000..f8ec715cb5e4 --- /dev/null +++ b/pkgs/tools/security/enpass/update_script.py @@ -0,0 +1,95 @@ +from __future__ import print_function + + +import argparse +import bz2 +import email +import json +import logging + +from itertools import product +from operator import itemgetter + +import attr +import pkg_resources + +from pathlib2 import Path +from requests import Session +from six.moves.urllib_parse import urljoin + + +@attr.s +class ReleaseElement(object): + sha256 = attr.ib(repr=False) + size = attr.ib(convert=int) + path = attr.ib() + +log = logging.getLogger('enpass.updater') + + +parser = argparse.ArgumentParser() +parser.add_argument('--repo') +parser.add_argument('--target', type=Path) + + +session = Session() + + +def parse_bz2_msg(msg): + msg = bz2.decompress(msg) + if '\n\n' in msg: + parts = msg.split('\n\n') + return list(map(email.message_from_string, parts)) + return email.message_from_string(msg) + + +def fetch_meta(repo, name, parse=email.message_from_string, split=False): + url = urljoin(repo, 'dists/stable', name) + response = session.get("{repo}/dists/stable/{name}".format(**locals())) + return parse(response.content) + + +def fetch_filehashes(repo, path): + meta = fetch_meta(repo, path, parse=parse_bz2_msg) + for item in meta: + yield { + 'version': pkg_resources.parse_version(str(item['Version'])), + 'path': item['Filename'], + 'sha256': item['sha256'], + } + + +def fetch_archs(repo): + m = fetch_meta(repo, 'Release') + + architectures = m['Architectures'].split() + elements = [ReleaseElement(*x.split()) for x in m['SHA256'].splitlines()] + elements = [x for x in elements if x.path.endswith('bz2')] + + for arch, elem in product(architectures, elements): + if arch in elem.path: + yield arch, max(fetch_filehashes(repo, elem.path), + key=itemgetter('version')) + + +class OurVersionEncoder(json.JSONEncoder): + def default(self, obj): + # the other way around to avoid issues with + # newer setuptools having strict/legacy versions + if not isinstance(obj, (dict, str)): + return str(obj) + return json.JSONEncoder.default(self, obj) + + +def main(repo, target): + logging.basicConfig(level=logging.DEBUG) + with target.open(mode='wb') as fp: + json.dump( + dict(fetch_archs(repo)), fp, + cls=OurVersionEncoder, + indent=2, + sort_keys=True) + + +opts = parser.parse_args() +main(opts.repo, opts.target) diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index 70dfb9e82c6b..695bfcce3a59 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -13,7 +13,7 @@ pythonPackages.buildPythonApplication { sha256 = "1m8gqj35kwrn30rqwd488sgakaisz22xa5v9llvz6gwf4f7ps0a9"; }; - propagatedBuildInputs = [ python.modules.sqlite3 gamin ] + propagatedBuildInputs = [ gamin ] ++ (stdenv.lib.optional stdenv.isLinux pythonPackages.systemd); preConfigure = '' diff --git a/pkgs/tools/security/fpm2/default.nix b/pkgs/tools/security/fpm2/default.nix new file mode 100644 index 000000000000..8bb3cba15c46 --- /dev/null +++ b/pkgs/tools/security/fpm2/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchurl, pkgconfig, gnupg, gtk2 +, libxml2, intltool +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + name = "fpm2-${version}"; + version = "0.79"; + + src = fetchurl { + url = "http://als.regnet.cz/fpm2/download/fpm2-${version}.tar.bz2"; + sha256 = "d55e9ce6be38a44fc1053d82db2d117cf3991a51898bd86d7913bae769f04da7"; + }; + + buildInputs = [ pkgconfig gnupg gtk2 libxml2 intltool ]; + + meta = { + description = "FPM2 is GTK2 port from Figaro's Password Manager originally developed by John Conneely, with some new enhancements."; + homepage = http://als.regnet.cz/fpm2/; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ hce ]; + }; +} diff --git a/pkgs/tools/security/gencfsm/default.nix b/pkgs/tools/security/gencfsm/default.nix index 8441fbbb7613..871ba1d8b854 100644 --- a/pkgs/tools/security/gencfsm/default.nix +++ b/pkgs/tools/security/gencfsm/default.nix @@ -1,5 +1,7 @@ { stdenv, fetchurl, autoconf, automake, intltool, libtool, pkgconfig, encfs -, glib , gnome3, gtk3, libgnome_keyring, vala_0_23, wrapGAppsHook, xorg }: +, glib , gnome3, gtk3, libgnome_keyring, vala_0_23, wrapGAppsHook, xorg +, libgee_0_6 +}: stdenv.mkDerivation rec { version = "1.8.16"; @@ -11,7 +13,7 @@ stdenv.mkDerivation rec { }; buildInputs = [ autoconf automake intltool libtool pkgconfig vala_0_23 glib encfs - gtk3 libgnome_keyring gnome3.libgee_1 xorg.libSM xorg.libICE + gtk3 libgnome_keyring libgee_0_6 xorg.libSM xorg.libICE wrapGAppsHook ]; patches = [ ./makefile-mkdir.patch ]; @@ -30,5 +32,6 @@ stdenv.mkDerivation rec { license = licenses.gpl2Plus; platforms = platforms.linux; maintainers = [ maintainers.spacefrogg ]; + broken = true; }; } diff --git a/pkgs/tools/security/gnupg/20.nix b/pkgs/tools/security/gnupg/20.nix index 932bf508c2fa..fd79419d82ac 100644 --- a/pkgs/tools/security/gnupg/20.nix +++ b/pkgs/tools/security/gnupg/20.nix @@ -3,13 +3,13 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. -, pinentry ? null, x11Support ? true +, pinentry ? null, guiSupport ? true , openldap ? null, bzip2 ? null, libusb ? null, curl ? null }: with stdenv.lib; -assert x11Support -> pinentry != null; +assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-2.0.30"; @@ -35,7 +35,8 @@ stdenv.mkDerivation rec { patch gl/stdint_.h < ${./clang.patch} ''; - configureFlags = optional x11Support "--with-pinentry-pgm=${pinentry}/bin/pinentry"; + pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; + configureFlags = optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c"; diff --git a/pkgs/tools/security/gnupg/21.nix b/pkgs/tools/security/gnupg/21.nix index 34042d802ccb..b7a71332e772 100644 --- a/pkgs/tools/security/gnupg/21.nix +++ b/pkgs/tools/security/gnupg/21.nix @@ -3,14 +3,14 @@ # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. -, pinentry ? null, x11Support ? true +, pinentry ? null, guiSupport ? true , adns ? null, gnutls ? null, libusb ? null, openldap ? null , readline ? null, zlib ? null, bzip2 ? null }: with stdenv.lib; -assert x11Support -> pinentry != null; +assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-${version}"; @@ -27,11 +27,13 @@ stdenv.mkDerivation rec { readline libusb gnutls adns openldap zlib bzip2 ]; + patches = [ ./fix-libusb-include-path.patch ]; postPatch = stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( - configureFlags = optional x11Support "--with-pinentry-pgm=${pinentry}/bin/pinentry"; + pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; + configureFlags = optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; meta = with stdenv.lib; { homepage = http://gnupg.org; diff --git a/pkgs/tools/security/gnupg/fix-libusb-include-path.patch b/pkgs/tools/security/gnupg/fix-libusb-include-path.patch new file mode 100644 index 000000000000..18c4f1107388 --- /dev/null +++ b/pkgs/tools/security/gnupg/fix-libusb-include-path.patch @@ -0,0 +1,11 @@ +--- a/configure ++++ b/configure +@@ -8872,7 +8872,7 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking libusb include dir" >&5 + $as_echo_n "checking libusb include dir... " >&6; } + usb_incdir_found="no" +- for _incdir in "" "/usr/include/libusb-1.0" "/usr/local/include/libusb-1.0"; do ++ for _incdir in "$($PKG_CONFIG --variable=includedir libusb-1.0)/libusb-1.0"; do + _libusb_save_cppflags=$CPPFLAGS + if test -n "${_incdir}"; then + CPPFLAGS="-I${_incdir} ${CPPFLAGS}" diff --git a/pkgs/tools/security/knockknock/default.nix b/pkgs/tools/security/knockknock/default.nix index 5ff93ae6a033..ce7663b18cf9 100644 --- a/pkgs/tools/security/knockknock/default.nix +++ b/pkgs/tools/security/knockknock/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchFromGitHub, pythonPackages, hping }: +{ stdenv, fetchFromGitHub, python2Packages, hping }: -pythonPackages.buildPythonApplication rec { +python2Packages.buildPythonApplication rec { rev = "bf14bbff"; name = "knockknock-r${rev}"; @@ -11,7 +11,10 @@ pythonPackages.buildPythonApplication rec { sha256 = "1chpfs3w2vkjrgay69pbdr116z1jldv53fi768a1i05fdqhy1px4"; }; - propagatedBuildInputs = [ pythonPackages.pycrypto ]; + propagatedBuildInputs = [ python2Packages.pycrypto ]; + + # No tests + doCheck = false; patchPhase = '' sed -i '/build\//d' setup.py diff --git a/pkgs/tools/security/mpw/default.nix b/pkgs/tools/security/mpw/default.nix index 813c7e5c06cd..e30866021da6 100644 --- a/pkgs/tools/security/mpw/default.nix +++ b/pkgs/tools/security/mpw/default.nix @@ -1,37 +1,41 @@ -{ stdenv, fetchurl, autoconf, automake, openssl, libxml2 }: +{ stdenv, fetchzip, autoconf, automake, openssl, libxml2, fetchFromGitHub, ncurses }: let - scrypt_src = fetchurl { - url = "http://masterpasswordapp.com/libscrypt-b12b554.tar.gz"; - sha256 = "02vz4i66v1acd15xjgki4ilmmp28m6a5603gi4hf8id3d3ndl9n7"; + scrypt_src = fetchzip { + url = "http://www.tarsnap.com/scrypt/scrypt-1.2.0.tgz"; + sha256 = "0ahylib2pimlhjcm566kpim6n16jci5v749xwdkr9ivgfjrv3xn4"; }; in stdenv.mkDerivation { - name = "mpw-2.1-cli4"; + name = "mpw-2.1-6834f36"; - srcs = [ - (fetchurl { - url = "https://ssl.masterpasswordapp.com/mpw-2.1-cli4-0-gf6b2287.tar.gz"; - sha256 = "141bzb3nj18rbnbpdvsri8cdwwwxz4d6akyhfa834542xf96b9vf"; - }) - scrypt_src - ]; - - sourceRoot = "."; + src = fetchFromGitHub { + owner = "Lyndir"; + repo = "MasterPassword"; + rev = "6834f3689f5dfd4e59ad6959961d349c224977ee"; + sha256 = "0zlpx3hb1y2l60hg961h05lb9yf3xb5phnyycvazah2674gkwb2p"; + }; postUnpack = '' - cp -R libscrypt-b12b554/* lib/scrypt + sourceRoot+=/MasterPassword/C ''; prePatch = '' patchShebangs . + mkdir lib/scrypt/src + cp -R --no-preserve=ownership ${scrypt_src}/* lib/scrypt/src + chmod +w -R lib/scrypt/src + substituteInPlace lib/scrypt/src/libcperciva/cpusupport/Build/cpusupport.sh \ + --replace dirname "$(type -P dirname)" + substituteInPlace lib/scrypt/src/Makefile.in --replace "command -p mv" "mv" ''; NIX_CFLAGS_COMPILE = "-I${libxml2.dev}/include/libxml2"; - buildInputs = [ autoconf automake openssl libxml2 ]; + buildInputs = [ autoconf automake openssl libxml2 ncurses ]; buildPhase = '' + substituteInPlace build --replace '"curses"' '"ncurses"' targets="mpw mpw-tests" ./build ''; diff --git a/pkgs/tools/security/nitrokey-app/FixInstallDestination.patch b/pkgs/tools/security/nitrokey-app/FixInstallDestination.patch new file mode 100644 index 000000000000..74e466069d93 --- /dev/null +++ b/pkgs/tools/security/nitrokey-app/FixInstallDestination.patch @@ -0,0 +1,57 @@ +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -251,23 +251,23 @@ + # ${CMAKE_SOURCE_DIR}/data/icons/48x48 + # ${CMAKE_SOURCE_DIR}/data/icons/128x128 + ${CMAKE_SOURCE_DIR}/data/icons/ +- DESTINATION usr/share/icons/ ++ DESTINATION share/icons/ + ) + + install(FILES + ${CMAKE_SOURCE_DIR}/data/nitrokey-app.desktop +- DESTINATION usr/share/applications ++ DESTINATION share/applications + ) + + install(FILES + ${CMAKE_SOURCE_DIR}/data/icons/hicolor/128x128/apps/nitrokey-app.png +- DESTINATION usr/share/pixmaps ++ DESTINATION share/pixmaps + ) + + # Install Nitrokey udev rules + install(FILES + ${CMAKE_SOURCE_DIR}/data/40-nitrokey.rules +- DESTINATION usr/lib/udev/rules.d ++ DESTINATION lib/udev/rules.d + ) + + # Install autocompletion scripts +@@ -278,7 +278,7 @@ + + install(FILES + ${CMAKE_SOURCE_DIR}/po/de_DE/nitrokey-app.mo +- DESTINATION usr/share/locale/de_DE/LC_MESSAGES ++ DESTINATION share/locale/de_DE/LC_MESSAGES + ) + + install(FILES +@@ -286,7 +286,7 @@ + ${CMAKE_SOURCE_DIR}/images/quit.png + ${CMAKE_SOURCE_DIR}/images/safe_zahlenkreis.png + ${CMAKE_SOURCE_DIR}/images/settings.png +- DESTINATION usr/share/nitrokey ++ DESTINATION share/nitrokey + ) + + ENDIF () # NOT WIN32 +@@ -299,7 +299,7 @@ + ${resources_ouput} + ) + +-INSTALL(TARGETS nitrokey-app DESTINATION usr/bin) ++INSTALL(TARGETS nitrokey-app DESTINATION bin) + + TARGET_LINK_LIBRARIES(nitrokey-app + ${QT_LIBRARIES} diff --git a/pkgs/tools/security/nitrokey-app/HeaderPath.patch b/pkgs/tools/security/nitrokey-app/HeaderPath.patch new file mode 100644 index 000000000000..695b7559116c --- /dev/null +++ b/pkgs/tools/security/nitrokey-app/HeaderPath.patch @@ -0,0 +1,13 @@ +diff --git a/src/utils/hid_libusb.c b/src/utils/hid_libusb.c +index bd8c14e..537292d 100644 +--- a/src/utils/hid_libusb.c ++++ b/src/utils/hid_libusb.c +@@ -44,7 +44,7 @@ + #include <wchar.h> + + /* GNU / LibUSB */ +-#include "libusb.h" ++#include "libusb-1.0/libusb.h" + #include "iconv.h" + + #include "hidapi.h" diff --git a/pkgs/tools/security/nitrokey-app/default.nix b/pkgs/tools/security/nitrokey-app/default.nix new file mode 100644 index 000000000000..91d5e75272bc --- /dev/null +++ b/pkgs/tools/security/nitrokey-app/default.nix @@ -0,0 +1,37 @@ +{ stdenv, cmake, fetchFromGitHub, libusb1, pkgconfig, qt5 }: + +stdenv.mkDerivation rec { + name = "nitrokey-app"; + version = "0.5.1"; + + src = fetchFromGitHub { + owner = "Nitrokey"; + repo = "nitrokey-app"; + rev = "v${version}"; + sha256 = "0acb2502r3wa0mry6h8sz1k16zaa4bgnhxwxqd1vd1y42xc6g9bw"; + }; + + buildInputs = [ + cmake + libusb1 + pkgconfig + qt5.qtbase + ]; + patches = [ + ./FixInstallDestination.patch + ./HeaderPath.patch + ]; + cmakeFlags = "-DHAVE_LIBAPPINDICATOR=NO"; + meta = { + description = "Provides extra functionality for the Nitrokey Pro and Storage"; + longDescription = '' + The nitrokey-app provides a QT system tray widget with wich you can + access the extra functionality of a Nitrokey Storage or Nitrokey Pro. + See https://www.nitrokey.com/ for more information. + ''; + homepage = https://github.com/Nitrokey/nitrokey-app; + repositories.git = https://github.com/Nitrokey/nitrokey-app.git; + license = stdenv.lib.licenses.gpl3; + maintainer = stdenv.lib.maintainers.kaiha; + }; +} diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index 3bc5d4158346..9413f9920866 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -1,38 +1,45 @@ { stdenv, fetchurl, libpcap, pkgconfig, openssl , graphicalSupport ? false -, libX11 ? null , gtk2 ? null -, pythonPackages -, makeWrapper ? null +, libX11 ? null +, withPython ? false # required for the `ndiff` binary +, python2 ? null }: +assert withPython -> python2 != null; + with stdenv.lib; let - inherit (pythonPackages) python pygtk pygobject2 pycairo pysqlite; + + # Zenmap (the graphical program) also requires Python, + # so automatically enable pythonSupport if graphicalSupport is requested. + pythonSupport = withPython || graphicalSupport; + + pythonEnv = python2.withPackages(ps: with ps; [] + ++ optionals graphicalSupport [ pycairo pygobject2 pygtk pysqlite ] + ); + in stdenv.mkDerivation rec { name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; - version = "7.12"; + version = "7.31"; src = fetchurl { - url = "http://nmap.org/dist/nmap-${version}.tar.bz2"; - sha256 = "014vagh9ak10hidwzp9s6g30y5h5fhsh8wykcnc1hnn9hwm0ipv3"; + url = "https://nmap.org/dist/nmap-${version}.tar.bz2"; + sha256 = "0hiqb28950kn4bjsmw0ksfyss7j2qdmgrj3xsjf7073pq01lx7yb"; }; patches = ./zenmap.patch; - configureFlags = optionalString (!graphicalSupport) "--without-zenmap"; - - postInstall = '' - wrapProgram $out/bin/ndiff --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" - '' + optionalString graphicalSupport '' - wrapProgram $out/bin/zenmap --prefix PYTHONPATH : "$(toPythonPath $out)" --prefix PYTHONPATH : "$PYTHONPATH" --prefix PYTHONPATH : $(toPythonPath ${pygtk})/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath ${pygobject2})/gtk-2.0 --prefix PYTHONPATH : $(toPythonPath ${pycairo})/gtk-2.0 - ''; + configureFlags = [] + ++ optional (!pythonSupport) "--without-ndiff" + ++ optional (!graphicalSupport) "--without-zenmap" + ; - buildInputs = [ libpcap pkgconfig openssl makeWrapper python ] - ++ optionals graphicalSupport [ - libX11 gtk2 pygtk pysqlite pygobject2 pycairo - ]; + buildInputs = [ libpcap pkgconfig openssl ] + ++ optional pythonSupport pythonEnv + ++ optionals graphicalSupport [ gtk2 libX11 ] + ; meta = { description = "A free and open source utility for network discovery and security auditing"; diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 01d5dff4d751..b0137619f0c1 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -68,11 +68,11 @@ stdenv.mkDerivation rec { git gnupg gnused - procps pwgen tree which - ] ++ ifEnable x11Support [ dmenu xclip xdotool ]); + ] ++ stdenv.lib.optional stdenv.isLinux procps + ++ ifEnable x11Support [ dmenu xclip xdotool ]); postFixup = '' # Fix program name in --help diff --git a/pkgs/tools/security/pgpdump/default.nix b/pkgs/tools/security/pgpdump/default.nix new file mode 100644 index 000000000000..1e33c18753a6 --- /dev/null +++ b/pkgs/tools/security/pgpdump/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "pgpdump-${version}"; + version = "0.31"; + + src = fetchFromGitHub { + owner = "kazu-yamamoto"; + repo = "pgpdump"; + rev = "v${version}"; + sha256 = "05ywdgxzq3976dsy95vgdx3nnhd9i9vypzyrkabpmnxphfnjfrb4"; + }; + + meta = with stdenv.lib; { + description = "A PGP packet visualizer"; + longDescription = '' + pgpdump is a PGP packet visualizer which displays the packet format of + OpenPGP (RFC 4880) and PGP version 2 (RFC 1991). + ''; + homepage = "http://www.mew.org/~kazu/proj/pgpdump/en/"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} + diff --git a/pkgs/tools/security/pinentry-mac/default.nix b/pkgs/tools/security/pinentry-mac/default.nix index faf8c613ea83..7116d1777d6d 100644 --- a/pkgs/tools/security/pinentry-mac/default.nix +++ b/pkgs/tools/security/pinentry-mac/default.nix @@ -17,6 +17,10 @@ stdenv.mkDerivation rec { mv build/Release/pinentry-mac.app $out/Applications ''; + passthru = { + binaryPath = "Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac"; + }; + meta = { description = "Pinentry for GPG on Mac"; license = stdenv.lib.licenses.gpl2Plus; diff --git a/pkgs/tools/security/ssdeep/default.nix b/pkgs/tools/security/ssdeep/default.nix index 4f2cf551816b..b581d8007947 100644 --- a/pkgs/tools/security/ssdeep/default.nix +++ b/pkgs/tools/security/ssdeep/default.nix @@ -9,8 +9,6 @@ stdenv.mkDerivation rec { sha256 = "1igqy0j7jrklb8fdlrm6ald4cyl1fda5ipfl8crzyl6bax2ajk3f"; }; - buildInputs = stdenv.lib.optional (!stdenv.isDarwin) [ patchelf ]; - # For some reason (probably a build system bug), the binary isn't # properly linked to $out/lib to find libfuzzy.so postFixup = stdenv.lib.optionalString (!stdenv.isDarwin) '' diff --git a/pkgs/tools/security/sslscan/default.nix b/pkgs/tools/security/sslscan/default.nix index f6777a0e979f..6b205d845340 100644 --- a/pkgs/tools/security/sslscan/default.nix +++ b/pkgs/tools/security/sslscan/default.nix @@ -1,12 +1,14 @@ -{ stdenv, fetchurl, openssl }: +{ stdenv, fetchFromGitHub, openssl }: stdenv.mkDerivation rec { name = "sslscan-${version}"; version = "1.11.7"; - src = fetchurl { - url = "https://github.com/rbsec/sslscan/archive/${version}-rbsec.tar.gz"; - sha256 = "0wygz2gm9asvhpfy44333y4pkdja1sbr41hc6mhkxg7a4ys8f9qs"; + src = fetchFromGitHub { + owner = "rbsec"; + repo = "sslscan"; + rev = "${version}-rbsec"; + sha256 = "007lf3rxcn9nz6jrki3mavgd9sd2hmm9nzp2g13h0ri51yc3bkp0"; }; buildInputs = [ openssl ]; @@ -23,4 +25,3 @@ stdenv.mkDerivation rec { platforms = platforms.all; }; } - diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index b31d60247d8d..b430fd8aad09 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -4,14 +4,14 @@ }: stdenv.mkDerivation rec { - name = "sudo-1.8.18"; + name = "sudo-1.8.18p1"; src = fetchurl { urls = [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" ]; - sha256 = "04xywg2f9x2kfw81abdf8gsraldaz5v0w0x2zi8aqlgsjygfj6c5"; + sha256 = "0d4l6y03khmzdd8vhfnq8lrb8gcxplzf7gav0a9sd08jf8f4g875"; }; configureFlags = [ diff --git a/pkgs/tools/security/sudolikeaboss/default.nix b/pkgs/tools/security/sudolikeaboss/default.nix new file mode 100644 index 000000000000..6e2d6888f2e7 --- /dev/null +++ b/pkgs/tools/security/sudolikeaboss/default.nix @@ -0,0 +1,33 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, fixDarwinDylibNames, darwin }: +buildGoPackage rec { + name = "sudolikeaboss-${version}"; + version = "0.2.1"; + + goPackagePath = "github.com/ravenac95/sudolikeaboss"; + src = fetchFromGitHub { + owner = "ravenac95"; + repo = "sudolikeaboss"; + rev = "v${version}"; + sha256 = "1zsmy67d334nax76sq0g2sczp4zi19d94d3xfwgadzk7sxvw1z0m"; + }; + goDeps = ./deps.nix; + + propagatedBuildInputs = with darwin.apple_sdk.frameworks; [ + Cocoa + fixDarwinDylibNames + ]; + + postInstall = '' + install_name_tool -delete_rpath $out/lib -add_rpath $bin $bin/bin/sudolikeaboss + ''; + + meta = with stdenv.lib; { + inherit version; + inherit (src.meta) homepage; + description = "Get 1password access from iterm2"; + license = licenses.mit; + maintainers = [ maintainers.grahamc ]; + platforms = platforms.darwin; + }; + +} diff --git a/pkgs/tools/security/sudolikeaboss/deps.nix b/pkgs/tools/security/sudolikeaboss/deps.nix new file mode 100644 index 000000000000..04f831675fac --- /dev/null +++ b/pkgs/tools/security/sudolikeaboss/deps.nix @@ -0,0 +1,22 @@ +# This file was generated by go2nix: https://github.com/kamilchm/go2nix +# v1.1.0 or 1.1.1, not 100% sure +[ + { + goPackagePath = "github.com/urfave/cli"; + fetch = { + type = "git"; + url = "https://github.com/urfave/cli"; + rev = "55f715e28c46073d0e217e2ce8eb46b0b45e3db6"; + sha256 = "0fvqxh1dx4f189y90fhrjapb4g51d7cp203jahxfb19k1k8c3942"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "2a824cf9226006580a06d9fa8f10901c17b49ed5"; + sha256 = "19hc83dsa8k1zbzb16v9yc44grscl9r4fxlpwqi3f6zqfrv0qk4n"; + }; + } +] diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 0e69729a2262..8fbf35caf1d2 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -3,11 +3,11 @@ }: stdenv.mkDerivation rec { - name = "tor-0.2.8.8"; + name = "tor-0.2.8.9"; src = fetchurl { url = "https://archive.torproject.org/tor-package-archive/${name}.tar.gz"; - sha256 = "1pp3h0a1cl25fv04b3j6wp8aw1sfpbd2lmag397dpp2k2b305bxi"; + sha256 = "3f5c273bb887be4aff11f4d99b9e2e52d293b81ff4f6302b730161ff16dc5316"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/tools/security/tor/tor-arm.nix b/pkgs/tools/security/tor/tor-arm.nix index 1857cfcbe22e..432b1cbfceee 100644 --- a/pkgs/tools/security/tor/tor-arm.nix +++ b/pkgs/tools/security/tor/tor-arm.nix @@ -40,7 +40,7 @@ stdenv.mkDerivation rec { cp -R src/TorCtl $out/libexec wrapProgram $out/bin/arm \ - --prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pythonPackages.curses}):$out/libexec:$PYTHONPATH" \ + --prefix PYTHONPATH : "$(toPythonPath $out):$out/libexec:$PYTHONPATH" \ --set TERMINFO "${ncurses.out}/share/terminfo" \ --set TERM "xterm" ''; |