1 files changed, 39 insertions, 0 deletions

diff --git a/infra/libkookie/nixpkgs/pkgs/os-specific/linux/checksec/default.nix b/infra/libkookie/nixpkgs/pkgs/os-specific/linux/checksec/default.nix
new file mode 100644
index 000000000000..5a66e536956f
--- /dev/null
+++ b/infra/libkookie/nixpkgs/pkgs/os-specific/linux/checksec/default.nix
@@ -0,0 +1,39 @@
+{ stdenv, fetchFromGitHub, makeWrapper, file, findutils
+, binutils-unwrapped, glibc, coreutils, sysctl, openssl
+}:
+
+stdenv.mkDerivation rec {
+  pname = "checksec";
+  version = "2.2.3";
+
+  src = fetchFromGitHub {
+    owner = "slimm609";
+    repo = "checksec.sh";
+    rev = version;
+    sha256 = "0hw8bd7dj71m1ml9zvfab2j87jacs542z7a89nziapckmg6kmh6f";
+  };
+
+  patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch ];
+  nativeBuildInputs = [ makeWrapper ];
+
+  installPhase = let
+    path = stdenv.lib.makeBinPath [
+      findutils file binutils-unwrapped sysctl openssl
+    ];
+  in ''
+    mkdir -p $out/bin
+    install checksec $out/bin
+    substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6
+    substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -"
+    wrapProgram $out/bin/checksec \
+      --prefix PATH : ${path}
+  '';
+
+  meta = with stdenv.lib; {
+    description = "A tool for checking security bits on executables";
+    homepage    = "http://www.trapkit.de/tools/checksec.html";
+    license     = licenses.bsd3;
+    platforms   = platforms.linux;
+    maintainers = with maintainers; [ thoughtpolice globin ];
+  };
+}