diff options
Diffstat (limited to 'infra/libkookie/nixpkgs/pkgs/tools/security')
339 files changed, 17486 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/1password-gui/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/1password-gui/default.nix new file mode 100644 index 000000000000..777e7292fde0 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/1password-gui/default.nix @@ -0,0 +1,70 @@ +{ stdenv +, fetchurl +, appimageTools +, makeWrapper +, electron_11 +, openssl +}: + +stdenv.mkDerivation rec { + pname = "1password"; + version = "0.9.6"; + + src = fetchurl { + url = "https://onepassword.s3.amazonaws.com/linux/appimage/${pname}-${version}.AppImage"; + sha256 = "0464a5d39g20hif3dz3qr78dqb0cmxbazy0q48j9gkawhxm30c1h"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + appimageContents = appimageTools.extractType2 { + name = "${pname}-${version}"; + inherit src; + }; + + dontUnpack = true; + dontConfigure = true; + dontBuild = true; + + installPhase = let + runtimeLibs = [ + openssl.out + stdenv.cc.cc + ]; + in '' + mkdir -p $out/bin $out/share/1password + + # Applications files. + cp -a ${appimageContents}/{locales,resources} $out/share/${pname} + + # Desktop file. + install -Dt $out/share/applications ${appimageContents}/${pname}.desktop + substituteInPlace $out/share/applications/${pname}.desktop \ + --replace 'Exec=AppRun' 'Exec=${pname}' + + # Icons. + cp -a ${appimageContents}/usr/share/icons $out/share + + # Wrap the application with Electron. + makeWrapper "${electron_11}/bin/electron" "$out/bin/${pname}" \ + --add-flags "$out/share/${pname}/resources/app.asar" \ + --prefix LD_LIBRARY_PATH : "${stdenv.lib.makeLibraryPath runtimeLibs}" + ''; + + passthru.updateScript = ./update.sh; + + meta = with stdenv.lib; { + description = "Multi-platform password manager"; + longDescription = '' + 1Password is a multi-platform package manager. + + The Linux version is currently a development preview and can + only be used to search, view, and copy items. However items + cannot be created or edited. + ''; + homepage = "https://1password.com/"; + license = licenses.unfree; + maintainers = with maintainers; [ danieldk timstott ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/1password-gui/update.sh b/infra/libkookie/nixpkgs/pkgs/tools/security/1password-gui/update.sh new file mode 100755 index 000000000000..7703aba99847 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/1password-gui/update.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl gnused common-updater-scripts + +version="$(curl -sL https://onepassword.s3.amazonaws.com/linux/debian/dists/edge/main/binary-amd64/Packages | sed -r -n 's/^Version: (.*)-[0-9]+/\1/p' | head -n1)" +update-source-version _1password-gui "$version" diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/2fa/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/2fa/default.nix new file mode 100644 index 000000000000..7b6048660c45 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/2fa/default.nix @@ -0,0 +1,22 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + version = "1.1.0"; + pname = "2fa"; + + goPackagePath = "rsc.io/2fa"; + + src = fetchFromGitHub { + owner = "rsc"; + repo = "2fa"; + rev = "v${version}"; + sha256 = "0827vl2bxd6m2rbj00x7857cs7cic3mlg5nlhqzd0n73dm5vk2za"; + }; + + meta = with stdenv.lib; { + homepage = "https://rsc.io/2fa"; + description = "Two-factor authentication on the command line"; + maintainers = with maintainers; [ rvolosatovs ]; + license = licenses.bsd3; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/acsccid/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/acsccid/default.nix new file mode 100644 index 000000000000..53842cbb1fc4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/acsccid/default.nix @@ -0,0 +1,83 @@ +{ stdenv +, fetchFromGitHub +, autoconf +, automake +, libtool +, gettext +, flex +, perl +, pkgconfig +, pcsclite +, libusb1 +, libiconv +}: + +stdenv.mkDerivation rec { + version = "1.1.8"; + pname = "acsccid"; + + src = fetchFromGitHub { + owner = "acshk"; + repo = pname; + rev = "v${version}"; + sha256 = "12aahrvsk21qgpjwcrr01s742ixs44nmjkvcvqyzhqb307x1rrn3"; + }; + + nativeBuildInputs = [ + pkgconfig + autoconf + automake + libtool + gettext + flex + perl + ]; + + buildInputs = [ + pcsclite + libusb1 + ] ++ stdenv.lib.optionals stdenv.isDarwin [ + libiconv + ]; + + configureFlags = [ + "--enable-usbdropdir=${placeholder "out"}/pcsc/drivers" + ]; + + doCheck = true; + + postPatch = '' + sed -e s_/bin/echo_echo_g -i src/Makefile.am + patchShebangs src/convert_version.pl + patchShebangs src/create_Info_plist.pl + ''; + + preConfigure = '' + libtoolize --force + aclocal + autoheader + automake --force-missing --add-missing + autoconf + ''; + + meta = with stdenv.lib; { + description = "A PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card readers"; + longDescription = '' + acsccid is a PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card + readers. This library provides a PC/SC IFD handler implementation and + communicates with the readers through the PC/SC Lite resource manager (pcscd). + + acsccid is based on ccid. See CCID free software driver for more + information: + https://ccid.apdu.fr/ + + It can be enabled in /etc/nixos/configuration.nix by adding: + services.pcscd.enable = true; + services.pcscd.plugins = [ pkgs.acsccid ]; + ''; + homepage = src.meta.homepage; + license = licenses.lgpl2Plus; + maintainers = with maintainers; [ roberth ]; + platforms = with platforms; unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/aespipe/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/aespipe/default.nix new file mode 100644 index 000000000000..e25416e55b88 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/aespipe/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, sharutils, makeWrapper }: + +stdenv.mkDerivation rec { + pname = "aespipe"; + version = "2.4f"; + + src = fetchurl { + url = "mirror://sourceforge/loop-aes/aespipe/aespipe-v${version}.tar.bz2"; + sha256 = "15pg9j27mjzl78mpzkdqd84kdafj0g6j72f8wgjrpp2qkxjy2ddi"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + configureFlags = [ "--enable-padlock" "--enable-intelaes" ]; + + postInstall = '' + cp bz2aespipe $out/bin + wrapProgram $out/bin/bz2aespipe \ + --prefix PATH : $out/bin:${stdenv.lib.makeBinPath [ sharutils ]} + ''; + + meta = with stdenv.lib; { + description = "AES encrypting or decrypting pipe"; + homepage = "http://loop-aes.sourceforge.net/aespipe.README"; + license = licenses.gpl2; + maintainers = [ maintainers.goibhniu ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/afl/README.md b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/README.md new file mode 100644 index 000000000000..180cad6bc4ca --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/README.md @@ -0,0 +1,19 @@ +Updating the QEMU patches +========================= + +When updating to the latest American Fuzzy Lop, make sure to check for +any new patches to qemu for binary fuzzing support: + +https://github.com/google/AFL/tree/master/qemu_mode + +Be sure to check the build script and make sure it's also using the +right QEMU version and options in `qemu.nix`: + +https://github.com/google/AFL/blob/master/qemu_mode/build_qemu_support.sh + +`afl-config.h`, `afl-types.h`, and `afl-qemu-cpu-inl.h` are part of +the afl source code, and copied from `config.h`, `types.h` and +`afl-qemu-cpu-inl.h` appropriately. These files and the QEMU patches +need to be slightly adjusted to fix their `#include`s (the patches +try to otherwise include files like `../../config.h` which causes the +build to fail). diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/afl/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/default.nix new file mode 100644 index 000000000000..091b52bfcf04 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/default.nix @@ -0,0 +1,82 @@ +{ stdenv, fetchFromGitHub, callPackage, makeWrapper +, clang, llvm, which, libcgroup +}: + +let + afl-qemu = callPackage ./qemu.nix { inherit afl; }; + qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64" + else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386" + else throw "afl: no support for ${stdenv.hostPlatform.system}!"; + afl = stdenv.mkDerivation rec { + pname = "afl"; + version = "2.57b"; + + src = fetchFromGitHub { + owner = "google"; + repo = pname; + rev = "v${version}"; + sha256 = "0fqj3g6ds1f21kxz7m9mc1fspi9r4jg9jcmi60inwxijrc5ncvr6"; + }; + enableParallelBuilding = true; + + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + nativeBuildInputs = [ makeWrapper which ]; + buildInputs = [ llvm ]; + + makeFlags = [ "PREFIX=$(out)" ]; + postBuild = '' + make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES + ''; + postInstall = '' + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # Install the cgroups wrapper for asan-based fuzzing. + cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + # Patch shebangs before wrapping + patchShebangs $out/bin + + # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it + # has totally different semantics in that case(?) - and also set a + # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out + # of $PATH. + # first though we need to replace the afl-clang-fast++ symlink with + # a real copy to prevent wrapProgram skipping the symlink and confusing + # nix's cc wrapper + rm $out/bin/afl-clang-fast++ + cp $out/bin/afl-clang-fast $out/bin/afl-clang-fast++ + for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do + wrapProgram $x \ + --prefix AFL_PATH : "$out/lib/afl" \ + --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' + done + ''; + + passthru.qemu = afl-qemu; + + meta = { + description = "Powerful fuzzer via genetic algorithms and instrumentation"; + longDescription = '' + American fuzzy lop is a fuzzer that employs a novel type of + compile-time instrumentation and genetic algorithms to + automatically discover clean, interesting test cases that + trigger new internal states in the targeted binary. This + substantially improves the functional coverage for the fuzzed + code. The compact synthesized corpora produced by the tool are + also useful for seeding other, more labor or resource-intensive + testing regimes down the road. + ''; + homepage = "https://lcamtuf.coredump.cx/afl/"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = with stdenv.lib.maintainers; [ thoughtpolice ris ]; + }; + }; +in afl diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/afl/libdislocator.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/libdislocator.nix new file mode 100644 index 000000000000..103786d12441 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/libdislocator.nix @@ -0,0 +1,34 @@ +{ stdenv, afl}: + +stdenv.mkDerivation { + version = stdenv.lib.getVersion afl; + pname = "libdislocator"; + + src = afl.src; + sourceRoot = "${afl.src.name}/libdislocator"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libdislocator-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libdislocator.so + END + chmod +x $out/bin/get-libdislocator-so + ''; + + meta = with stdenv.lib; { + homepage = "https://lcamtuf.coredump.cx/afl/"; + description = '' + Drop-in replacement for the libc allocator which improves + the odds of bumping into heap-related security bugs in + several ways. + ''; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch new file mode 100644 index 000000000000..5dfbfd780f1c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index d6b9dc1..ce7c493 100644 +--- a/Makefile ++++ b/Makefile +@@ -601,7 +601,7 @@ install-localstatedir: + endif + + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir ++install: all $(if $(BUILD_DOCS),install-doc) install-datadir + ifneq ($(TOOLS),) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) + endif diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff new file mode 100644 index 000000000000..aa2950bf157c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff @@ -0,0 +1,51 @@ +--- qemu-2.10.0-clean/linux-user/syscall.c 2020-03-12 18:47:47.898592169 +0100 ++++ qemu-2.10.0/linux-user/syscall.c 2020-03-13 09:13:42.461809699 +0100 +@@ -34,6 +34,7 @@ + #include <sys/resource.h> + #include <sys/swap.h> + #include <linux/capability.h> ++#include <linux/sockios.h> // https://lkml.org/lkml/2019/6/3/988 + #include <sched.h> + #include <sys/timex.h> + #ifdef __ia64__ +@@ -256,7 +257,9 @@ static type name (type1 arg1,type2 arg2, + #endif + + #ifdef __NR_gettid +-_syscall0(int, gettid) ++// taken from https://patchwork.kernel.org/patch/10862231/ ++#define __NR_sys_gettid __NR_gettid ++_syscall0(int, sys_gettid) + #else + /* This is a replacement for the host gettid() and must return a host + errno. */ +@@ -6219,7 +6222,7 @@ static void *clone_func(void *arg) + cpu = ENV_GET_CPU(env); + thread_cpu = cpu; + ts = (TaskState *)cpu->opaque; +- info->tid = gettid(); ++ info->tid = sys_gettid(); + task_settid(ts); + if (info->child_tidptr) + put_user_u32(info->tid, info->child_tidptr); +@@ -6363,9 +6366,9 @@ static int do_fork(CPUArchState *env, un + mapping. We can't repeat the spinlock hack used above because + the child process gets its own copy of the lock. */ + if (flags & CLONE_CHILD_SETTID) +- put_user_u32(gettid(), child_tidptr); ++ put_user_u32(sys_gettid(), child_tidptr); + if (flags & CLONE_PARENT_SETTID) +- put_user_u32(gettid(), parent_tidptr); ++ put_user_u32(sys_gettid(), parent_tidptr); + ts = (TaskState *)cpu->opaque; + if (flags & CLONE_SETTLS) + cpu_set_tls (env, newtls); +@@ -11402,7 +11405,7 @@ abi_long do_syscall(void *cpu_env, int n + break; + #endif + case TARGET_NR_gettid: +- ret = get_errno(gettid()); ++ ret = get_errno(sys_gettid()); + break; + #ifdef TARGET_NR_readahead + case TARGET_NR_readahead: diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/afl/qemu.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/qemu.nix new file mode 100644 index 000000000000..3af44763a8a6 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/afl/qemu.nix @@ -0,0 +1,79 @@ +{ stdenv, fetchurl, afl, python2, zlib, pkgconfig, glib, perl +, texinfo, libuuid, flex, bison, pixman, autoconf +}: + +with stdenv.lib; + +let + qemuName = "qemu-2.10.0"; + cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user" + else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user" + else throw "afl: no support for ${stdenv.hostPlatform.system}!"; +in +stdenv.mkDerivation { + name = "afl-${qemuName}"; + + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy"; + }) + afl.src + ]; + + sourceRoot = qemuName; + + postUnpack = '' + cp ${afl.src.name}/types.h $sourceRoot/afl-types.h + substitute ${afl.src.name}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${afl.src.name}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \ + --replace "../../config.h" "afl-config.h" + substituteInPlace ${afl.src.name}/qemu_mode/patches/cpu-exec.diff \ + --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h" + ''; + + nativeBuildInputs = [ + python2 perl pkgconfig flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman libuuid + ]; + + enableParallelBuilding = true; + + patches = [ + # patches extracted from afl source + "../${afl.src.name}/qemu_mode/patches/cpu-exec.diff" + "../${afl.src.name}/qemu_mode/patches/elfload.diff" + "../${afl.src.name}/qemu_mode/patches/syscall.diff" + "../${afl.src.name}/qemu_mode/patches/configure.diff" + "../${afl.src.name}/qemu_mode/patches/memfd.diff" + # nix-specific patches to make installation more well-behaved + ./qemu-patches/no-etc-install.patch + # patch for fixing qemu build on glibc >= 2.30 + ./qemu-patches/syscall-glibc2_30.diff + ]; + + configureFlags = + [ "--disable-system" + "--enable-linux-user" + "--disable-gtk" + "--disable-sdl" + "--disable-vnc" + "--disable-kvm" + "--target-list=${cpuTarget}" + "--enable-pie" + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + meta = with stdenv.lib; { + homepage = "http://www.qemu.org/"; + description = "Fork of QEMU with AFL instrumentation support"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ thoughtpolice ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/default.nix new file mode 100644 index 000000000000..8e5db3cd22c9 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/default.nix @@ -0,0 +1,136 @@ +{ stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper +, clang, llvm, gcc, which, libcgroup, python, perl, gmp +, file, wine ? null, fetchpatch +}: + +# wine fuzzing is only known to work for win32 binaries, and using a mixture of +# 32 and 64-bit libraries ... complicates things, so it's recommended to build +# a full 32bit version of this package if you want to do wine fuzzing +assert (wine != null) -> (stdenv.targetPlatform.system == "i686-linux"); + +let + aflplusplus-qemu = callPackage ./qemu.nix { inherit aflplusplus; }; + qemu-exe-name = if stdenv.targetPlatform.system == "x86_64-linux" then "qemu-x86_64" + else if stdenv.targetPlatform.system == "i686-linux" then "qemu-i386" + else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; + libdislocator = callPackage ./libdislocator.nix { inherit aflplusplus; }; + libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; + aflplusplus = stdenvNoCC.mkDerivation rec { + pname = "aflplusplus"; + version = "2.65c"; + + src = fetchFromGitHub { + owner = "AFLplusplus"; + repo = "AFLplusplus"; + rev = version; + sha256 = "1np2a3kypb2m8nyv6qnij18yzn41pl8619jzydci40br4vxial9l"; + }; + enableParallelBuilding = true; + + # Note: libcgroup isn't needed for building, just for the afl-cgroup + # script. + nativeBuildInputs = [ makeWrapper which clang gcc ]; + buildInputs = [ llvm python gmp ] + ++ stdenv.lib.optional (wine != null) python.pkgs.wrapPython; + + + postPatch = '' + # Replace the CLANG_BIN variables with the correct path + substituteInPlace llvm_mode/afl-clang-fast.c \ + --replace "CLANGPP_BIN" '"${clang}/bin/clang++"' \ + --replace "CLANG_BIN" '"${clang}/bin/clang"' \ + --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" + + # Replace "gcc" and friends with full paths in afl-gcc + # Prevents afl-gcc picking up any (possibly incorrect) gcc from the path + substituteInPlace src/afl-gcc.c \ + --replace '"gcc"' '"${gcc}/bin/gcc"' \ + --replace '"g++"' '"${gcc}/bin/g++"' \ + --replace '"gcj"' '"gcj-UNSUPPORTED"' \ + --replace '"clang"' '"clang-UNSUPPORTED"' \ + --replace '"clang++"' '"clang++-UNSUPPORTED"' + ''; + + makeFlags = [ "PREFIX=$(out)" ]; + buildPhase = '' + common="$makeFlags -j$NIX_BUILD_CORES" + make all $common + make radamsa $common + make -C gcc_plugin CC=${gcc}/bin/gcc CXX=${gcc}/bin/g++ $common + make -C llvm_mode $common + make -C qemu_mode/libcompcov $common + make -C qemu_mode/unsigaction $common + ''; + + postInstall = '' + # remove afl-clang(++) which are just symlinks to afl-clang-fast + rm $out/bin/afl-clang $out/bin/afl-clang++ + + # the makefile neglects to install unsigaction + cp qemu_mode/unsigaction/unsigaction*.so $out/lib/afl/ + + # Install the custom QEMU emulator for binary blob fuzzing. + cp ${aflplusplus-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace + + # give user a convenient way of accessing libcompconv.so, libdislocator.so, libtokencap.so + cat > $out/bin/get-afl-qemu-libcompcov-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libcompcov.so + END + chmod +x $out/bin/get-afl-qemu-libcompcov-so + cp ${libdislocator}/bin/get-libdislocator-so $out/bin/ + cp ${libtokencap}/bin/get-libtokencap-so $out/bin/ + + # Install the cgroups wrapper for asan-based fuzzing. + cp examples/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + chmod +x $out/bin/afl-cgroup + substituteInPlace $out/bin/afl-cgroup \ + --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ + --replace "cgexec" "${libcgroup}/bin/cgexec" \ + --replace "cgdelete" "${libcgroup}/bin/cgdelete" + + patchShebangs $out/bin + + '' + stdenv.lib.optionalString (wine != null) '' + substitute afl-wine-trace $out/bin/afl-wine-trace \ + --replace "qemu_mode/unsigaction" "$out/lib/afl" + chmod +x $out/bin/afl-wine-trace + + # qemu needs to be fed ELFs, not wrapper scripts, so we have to cheat a bit if we + # detect a wrapped wine + for winePath in ${wine}/bin/.wine ${wine}/bin/wine; do + if [ -x $winePath ]; then break; fi + done + makeWrapperArgs="--set-default 'AFL_WINE_PATH' '$winePath'" \ + wrapPythonProgramsIn $out/bin ${python.pkgs.pefile} + ''; + + installCheckInputs = [ perl file ]; + doInstallCheck = true; + installCheckPhase = '' + # replace references to tools in build directory with references to installed locations + substituteInPlace test/test.sh \ + --replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \ + --replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \ + --replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`' + perl -pi -e 's|(?<!\.)(?<!-I)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh + cd test && ./test.sh + ''; + + passthru = { + inherit libdislocator libtokencap; + qemu = aflplusplus-qemu; + }; + + meta = { + description = '' + A heavily enhanced version of AFL, incorporating many features + and improvements from the community + ''; + homepage = "https://aflplus.plus"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux" "i686-linux"]; + maintainers = with stdenv.lib.maintainers; [ ris mindavi ]; + }; + }; +in aflplusplus diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix new file mode 100644 index 000000000000..6f947a7280af --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/libdislocator.nix @@ -0,0 +1,37 @@ +{ stdenv, aflplusplus}: + +stdenv.mkDerivation { + version = stdenv.lib.getVersion aflplusplus; + pname = "libdislocator"; + + src = aflplusplus.src; + postUnpack = "chmod -R +w ${aflplusplus.src.name}"; + sourceRoot = "${aflplusplus.src.name}/libdislocator"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + # issue is fixed upstream: https://github.com/AFLplusplus/AFLplusplus/commit/2a60ceb6944a7ca273057ddf64dcf837bf7f9521 + sed -i 's/README\.dislocator\.md/README\.md/g' Makefile + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libdislocator-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libdislocator.so + END + chmod +x $out/bin/get-libdislocator-so + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + description = '' + Drop-in replacement for the libc allocator which improves + the odds of bumping into heap-related security bugs in + several ways. + ''; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix new file mode 100644 index 000000000000..9421ee0d1e2b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/libtokencap.nix @@ -0,0 +1,32 @@ +{ stdenv, aflplusplus}: + +stdenv.mkDerivation { + version = stdenv.lib.getVersion aflplusplus; + pname = "libtokencap"; + + src = aflplusplus.src; + postUnpack = "chmod -R +w ${aflplusplus.src.name}"; + sourceRoot = "${aflplusplus.src.name}/libtokencap"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + mkdir -p $out/share/doc/afl + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libtokencap-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libtokencap.so + END + chmod +x $out/bin/get-libtokencap-so + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + description = "strcmp & memcmp token capture library"; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch new file mode 100644 index 000000000000..5dfbfd780f1c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index d6b9dc1..ce7c493 100644 +--- a/Makefile ++++ b/Makefile +@@ -601,7 +601,7 @@ install-localstatedir: + endif + + +-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir ++install: all $(if $(BUILD_DOCS),install-doc) install-datadir + ifneq ($(TOOLS),) + $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) + endif diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix new file mode 100644 index 000000000000..c51c839afe85 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/aflplusplus/qemu.nix @@ -0,0 +1,83 @@ +{ stdenv, fetchurl, aflplusplus, python2, zlib, pkgconfig, glib, perl +, texinfo, libuuid, flex, bison, pixman, autoconf +}: + +with stdenv.lib; + +let + qemuName = "qemu-3.1.0"; + cpuTarget = if stdenv.targetPlatform.system == "x86_64-linux" then "x86_64-linux-user" + else if stdenv.targetPlatform.system == "i686-linux" then "i386-linux-user" + else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; +in +stdenv.mkDerivation { + name = "aflplusplus-${qemuName}"; + + srcs = [ + (fetchurl { + url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2"; + sha256 = "08frr1fdjx8qcfh3fafn10kibdwbvkqqvfl7hpqbm7i9dg4f1zlq"; + }) + aflplusplus.src + ]; + + sourceRoot = qemuName; + + postUnpack = '' + chmod -R +w ${aflplusplus.src.name} + for f in ${aflplusplus.src.name}/qemu_mode/patches/* ; do + sed -E -i 's|(\.\./)+patches/([a-z-]+\.h)|\2|g' $f + sed -E -i 's|\.\./\.\./config\.h|afl-config.h|g' $f + sed -E -i 's|\.\./\.\./include/cmplog\.h|afl-cmplog.h|g' $f + done + cp ${aflplusplus.src.name}/qemu_mode/patches/*.h $sourceRoot/ + cp ${aflplusplus.src.name}/types.h $sourceRoot/afl-types.h + substitute ${aflplusplus.src.name}/config.h $sourceRoot/afl-config.h \ + --replace "types.h" "afl-types.h" + substitute ${aflplusplus.src.name}/include/cmplog.h $sourceRoot/afl-cmplog.h \ + --replace "config.h" "afl-config.h" \ + --replace "forkserver.h" "afl-forkserver.h" + substitute ${aflplusplus.src.name}/include/forkserver.h $sourceRoot/afl-forkserver.h \ + --replace "types.h" "afl-types.h" + + cat ${aflplusplus.src.name}/qemu_mode/patches/*.diff > all.patch + ''; + + nativeBuildInputs = [ + python2 perl pkgconfig flex bison autoconf texinfo + ]; + + buildInputs = [ + zlib glib pixman libuuid + ]; + + enableParallelBuilding = true; + + patches = [ + # patches extracted from aflplusplus source + "../all.patch" + # nix-specific patches to make installation more well-behaved + ./qemu-no-etc-install.patch + ]; + + configureFlags = + [ "--disable-system" + "--enable-linux-user" + "--disable-gtk" + "--disable-sdl" + "--disable-vnc" + "--disable-kvm" + "--target-list=${cpuTarget}" + "--enable-pie" + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + meta = with stdenv.lib; { + homepage = "https://www.qemu.org/"; + description = "Fork of QEMU with AFL++ instrumentation support"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ ris ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/age/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/age/default.nix new file mode 100644 index 000000000000..4eb88211d6d0 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/age/default.nix @@ -0,0 +1,21 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "age"; + version = "1.0.0-beta5"; + vendorSha256 = "0km7a2826j3fk2nrkmgc990chrkcfz006wfw14yilsa4p2hmfl7m"; + + src = fetchFromGitHub { + owner = "FiloSottile"; + repo = "age"; + rev = "v${version}"; + sha256 = "1hdbxd359z8zvnz7h8c4pa16nc7r8db36lx3gpks38lpi0r8hzqk"; + }; + + meta = with lib; { + homepage = "https://age-encryption.org/"; + description = "Modern encryption tool with small explicit keys"; + license = licenses.bsd3; + maintainers = with maintainers; [ tazjin ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/aide/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/aide/default.nix new file mode 100644 index 000000000000..59b723207583 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/aide/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl, flex, bison, libmhash, zlib, acl, attr, libselinux, pcre }: + +stdenv.mkDerivation rec { + pname = "aide"; + version = "0.16.2"; + + src = fetchurl { + url = "https://github.com/aide/aide/releases/download/v${version}/${pname}-${version}.tar.gz"; + sha256 = "15xp47sz7kk1ciffw3f5xw2jg2mb2lqrbr3q6p4bkbz5dap9iy8p"; + }; + + buildInputs = [ flex bison libmhash zlib acl attr libselinux pcre ]; + + + configureFlags = [ + "--with-posix-acl" + "--with-selinux" + "--with-xattr" + ]; + + meta = with stdenv.lib; { + homepage = "https://aide.github.io/"; + description = "A file and directory integrity checker"; + license = licenses.gpl2Plus; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/apg/apg.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/apg/apg.patch new file mode 100644 index 000000000000..abc22647d52f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/apg/apg.patch @@ -0,0 +1,44 @@ +diff -rc apg-2.2.3/Makefile apg-2.2.3-new/Makefile +*** apg-2.2.3/Makefile 2003-08-07 17:40:30.000000000 +0200 +--- apg-2.2.3-new/Makefile 2013-07-24 12:25:31.159938436 +0200 +*************** +*** 113,131 **** + if test -x ./apg; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_MAN_DIR}; \ +! ./install-sh -c -m 0755 -o root -g ${FIND_GROUP} ./apg ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apg.1 ${INSTALL_PREFIX}${APG_MAN_DIR}; \ + fi + if test -x ./apgd; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APGD_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APGD_MAN_DIR}; \ +! ./install-sh -c -m 0755 -o root -g ${FIND_GROUP} ./apgd ${INSTALL_PREFIX}${APGD_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apgd.8 ${INSTALL_PREFIX}${APGD_MAN_DIR}; \ + fi + if test -x ./apgbfm; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_MAN_DIR}; \ +! ./install-sh -c -m 0755 -o root -g ${FIND_GROUP} ./apgbfm ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apgbfm.1 ${INSTALL_PREFIX}${APG_MAN_DIR}; \ + fi + +--- 113,131 ---- + if test -x ./apg; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_MAN_DIR}; \ +! ./install-sh -c -m 0755 ./apg ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apg.1 ${INSTALL_PREFIX}${APG_MAN_DIR}; \ + fi + if test -x ./apgd; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APGD_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APGD_MAN_DIR}; \ +! ./install-sh -c -m 0755 ./apgd ${INSTALL_PREFIX}${APGD_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apgd.8 ${INSTALL_PREFIX}${APGD_MAN_DIR}; \ + fi + if test -x ./apgbfm; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_MAN_DIR}; \ +! ./install-sh -c -m 0755 ./apgbfm ${INSTALL_PREFIX}${APG_BIN_DIR}; \ + ./install-sh -c -m 0444 ./doc/man/apgbfm.1 ${INSTALL_PREFIX}${APG_MAN_DIR}; \ + fi + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/apg/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/apg/default.nix new file mode 100644 index 000000000000..1dcdeae832d5 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/apg/default.nix @@ -0,0 +1,72 @@ +{ stdenv, fetchurl, openssl }: +stdenv.mkDerivation rec { + name = "apg-2.3.0b"; + src = fetchurl { + url = "http://www.adel.nursat.kz/apg/download/${name}.tar.gz"; + sha256 = "14lbq81xrcsmpk1b9qmqyz7n6ypf08zcxvcvp6f7ybcyf0lj1rfi"; + }; + configurePhase = '' + substituteInPlace Makefile --replace /usr/local "$out" + ''; + makeFlags = stdenv.lib.optionals stdenv.isDarwin ["CC=cc"]; + + patches = [ + ./apg.patch + ./phony-install-target.patch + ]; + + postPatch = stdenv.lib.optionalString stdenv.isDarwin '' + sed -i -e 's|APG_CLIBS += -lcrypt|APG_CLIBS += -L${openssl.out}/lib -lcrypto|' Makefile + ''; + + meta = { + description = "Tools for random password generation"; + longDescription = '' + APG (Automated Password Generator) is the tool set for random + password generation. + + Standalone version + + Generates some random words of required type and prints them + to standard output. + + Network version + + APG server: When client's request is arrived generates some + random words of predefined type and send them to client over + the network (according to RFC0972). + + APG client: Sends the password generation request to the APG + server, wait for generated Passwords arrival and then prints + them to the standard output. + + Advantages + + * Built-in ANSI X9.17 RNG (Random Number Generator) (CAST/SHA1) + * Built-in password quality checking system (it has support for + Bloom filter for faster access) + * Two Password Generation Algorithms: + 1. Pronounceable Password Generation Algorithm (according to + NIST FIPS 181) + 2. Random Character Password Generation Algorithm with 35 + configurable modes of operation + * Configurable password length parameters + * Configurable amount of generated passwords + * Ability to initialize RNG with user string + * Support for /dev/random + * Ability to crypt() generated passwords and print them as + additional output + * Special parameters to use APG in script + * Ability to log password generation requests for network version + * Ability to control APG service access using tcpd + * Ability to use password generation service from any type of box + (Mac, WinXX, etc.) that connected to network + * Ability to enforce remote users to use only allowed type of + password generation + ''; + homepage = "http://www.adel.nursat.kz/apg/"; + license = stdenv.lib.licenses.bsd3; + maintainers = with stdenv.lib.maintainers; [ astsmtl ]; + platforms = stdenv.lib.platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/apg/phony-install-target.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/apg/phony-install-target.patch new file mode 100644 index 000000000000..9edf50b4b599 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/apg/phony-install-target.patch @@ -0,0 +1,11 @@ +diff -ur a/Makefile b/Makefile +--- a/Makefile 2003-08-08 00:40:39.000000000 +0900 ++++ b/Makefile 2018-04-05 22:29:39.284191020 +0900 +@@ -142,6 +142,7 @@ + strip ${CS_PROGNAME} + strip ${BFM_PROGNAME} + ++.PHONY: install + install: + if test -x ./apg; then \ + ./mkinstalldirs ${INSTALL_PREFIX}${APG_BIN_DIR}; \ diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix new file mode 100644 index 000000000000..ee5fa924cb6f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix @@ -0,0 +1,45 @@ +{ stdenv, fetchFromGitHub, imagemagick, qrencode +, testQR ? false, zbar ? null +}: + +assert testQR -> zbar != false; + +stdenv.mkDerivation { + pname = "asc-key-to-qr-code-gif"; + version = "20180613"; + + src = fetchFromGitHub { + owner = "yishilin14"; + repo = "asc-key-to-qr-code-gif"; + rev = "5b7b239a0089a5269444cbe8a651c99dd43dce3f"; + sha256 = "0yrc302a2fhbzryb10718ky4fymfcps3lk67ivis1qab5kbp6z8r"; + }; + + dontBuild = true; + dontStrip = true; + dontPatchELF = true; + + preInstall = let + substitutions = [ + ''--replace "convert" "${imagemagick}/bin/convert"'' + ''--replace "qrencode" "${qrencode.bin}/bin/qrencode"'' + ] ++ stdenv.lib.optional testQR [ + ''--replace "hash zbarimg" "true"'' # hash does not work on NixOS + ''--replace "$(zbarimg --raw" "$(${zbar.out}/bin/zbarimg --raw"'' + ]; + in '' + substituteInPlace asc-to-gif.sh ${stdenv.lib.concatStringsSep " " substitutions} + ''; + + installPhase = '' + mkdir -p $out/bin + cp * $out/bin/ + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/yishilin14/asc-key-to-qr-code-gif"; + description = "Convert ASCII-armored PGP keys to animated QR code"; + platforms = platforms.linux; + maintainers = with maintainers; [ asymmetric ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix new file mode 100644 index 000000000000..44282d5f9643 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix @@ -0,0 +1,22 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "aws-iam-authenticator"; + version = "0.4.0"; + + goPackagePath = "github.com/kubernetes-sigs/aws-iam-authenticator"; + + src = fetchFromGitHub { + owner = "kubernetes-sigs"; + repo = pname; + rev = "v${version}"; + sha256 = "1ghl2vms9wmvczdl2raqhy0gffxmk24h158gjb5mlw7rggzvb7bg"; + }; + + meta = with stdenv.lib; { + homepage = "https://github.com/kubernetes-sigs/aws-iam-authenticator"; + description = "AWS IAM credentials for Kubernetes authentication"; + license = licenses.asl20; + maintainers = [ maintainers.srhb ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/aws-okta/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/aws-okta/default.nix new file mode 100644 index 000000000000..340c2cd971c6 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/aws-okta/default.nix @@ -0,0 +1,31 @@ +{ buildGoPackage, fetchFromGitHub, libusb1, pkgconfig, stdenv, libiconv }: + +buildGoPackage rec { + pname = "aws-okta"; + version = "1.0.8"; + + goPackagePath = "github.com/segmentio/aws-okta"; + + src = fetchFromGitHub { + owner = "segmentio"; + repo = "aws-okta"; + rev = "v${version}"; + sha256 = "14bg9rdfxkpw00phc8faz4ghiyb0j7a9qai74lidrzplzl139bzf"; + }; + + buildFlags = [ "--tags" "release" ]; + + buildFlagsArray = [ "-ldflags=-X main.Version=${version}" ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libusb1 libiconv ]; + + meta = with stdenv.lib; { + inherit version; + description = "aws-vault like tool for Okta authentication"; + license = licenses.mit; + maintainers = with maintainers; [imalsogreg Chili-Man]; + homepage = "https://github.com/segmentio/aws-okta"; + downloadPage = "https://github.com/segmentio/aws-okta"; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/b2sum/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/b2sum/default.nix new file mode 100644 index 000000000000..fdd4f2c73fd4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/b2sum/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchzip, openmp ? null }: + +with stdenv.lib; + +stdenv.mkDerivation { + pname = "b2sum"; + version = "unstable-2018-06-11"; + + src = fetchzip { + url = "https://github.com/BLAKE2/BLAKE2/archive/320c325437539ae91091ce62efec1913cd8093c2.tar.gz"; + sha256 = "0agmc515avdpr64bsgv87wby2idm0d3wbndxzkhdfjgzhgv0rb8k"; + }; + + sourceRoot = "source/b2sum"; + + buildInputs = [ openmp ]; + + buildFlags = [ (optional (openmp == null) "NO_OPENMP=1") ]; + installFlags = [ "PREFIX=$(out)" ]; + + meta = { + description = "The b2sum utility is similar to the md5sum or shasum utilities but for BLAKE2"; + homepage = "https://blake2.net"; + license = with licenses; [ asl20 cc0 openssl ]; + maintainers = with maintainers; [ kirelagin ]; + # "This code requires at least SSE2." + platforms = with platforms; [ "x86_64-linux" "i686-linux" ] ++ darwin; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/b3sum/cargo-lock.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/b3sum/cargo-lock.patch new file mode 100644 index 000000000000..1f8494089477 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/b3sum/cargo-lock.patch @@ -0,0 +1,513 @@ +diff --git a/Cargo.lock b/Cargo.lock +new file mode 100644 +index 0000000..1dff162 +--- /dev/null ++++ b/Cargo.lock +@@ -0,0 +1,507 @@ ++# This file is automatically @generated by Cargo. ++# It is not intended for manual editing. ++[[package]] ++name = "ansi_term" ++version = "0.11.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" ++dependencies = [ ++ "winapi", ++] ++ ++[[package]] ++name = "anyhow" ++version = "1.0.34" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "bf8dcb5b4bbaa28653b647d8c77bd4ed40183b48882e130c1f1ffb73de069fd7" ++ ++[[package]] ++name = "arrayref" ++version = "0.3.6" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544" ++ ++[[package]] ++name = "arrayvec" ++version = "0.5.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b" ++ ++[[package]] ++name = "atty" ++version = "0.2.14" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" ++dependencies = [ ++ "hermit-abi", ++ "libc", ++ "winapi", ++] ++ ++[[package]] ++name = "autocfg" ++version = "1.0.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" ++ ++[[package]] ++name = "b3sum" ++version = "0.3.7" ++dependencies = [ ++ "anyhow", ++ "blake3", ++ "clap", ++ "duct", ++ "hex", ++ "memmap", ++ "rayon", ++ "tempfile", ++ "wild", ++] ++ ++[[package]] ++name = "bitflags" ++version = "1.2.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" ++ ++[[package]] ++name = "blake3" ++version = "0.3.7" ++dependencies = [ ++ "arrayref", ++ "arrayvec", ++ "cc", ++ "cfg-if 0.1.10", ++ "constant_time_eq", ++ "crypto-mac", ++ "digest", ++ "rayon", ++] ++ ++[[package]] ++name = "cc" ++version = "1.0.62" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "f1770ced377336a88a67c473594ccc14eca6f4559217c34f64aac8f83d641b40" ++ ++[[package]] ++name = "cfg-if" ++version = "0.1.10" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" ++ ++[[package]] ++name = "cfg-if" ++version = "1.0.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" ++ ++[[package]] ++name = "clap" ++version = "2.33.3" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "37e58ac78573c40708d45522f0d80fa2f01cc4f9b4e2bf749807255454312002" ++dependencies = [ ++ "ansi_term", ++ "atty", ++ "bitflags", ++ "strsim", ++ "textwrap", ++ "unicode-width", ++ "vec_map", ++] ++ ++[[package]] ++name = "const_fn" ++version = "0.4.3" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "c478836e029dcef17fb47c89023448c64f781a046e0300e257ad8225ae59afab" ++ ++[[package]] ++name = "constant_time_eq" ++version = "0.1.5" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" ++ ++[[package]] ++name = "crossbeam-channel" ++version = "0.5.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "dca26ee1f8d361640700bde38b2c37d8c22b3ce2d360e1fc1c74ea4b0aa7d775" ++dependencies = [ ++ "cfg-if 1.0.0", ++ "crossbeam-utils", ++] ++ ++[[package]] ++name = "crossbeam-deque" ++version = "0.8.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "94af6efb46fef72616855b036a624cf27ba656ffc9be1b9a3c931cfc7749a9a9" ++dependencies = [ ++ "cfg-if 1.0.0", ++ "crossbeam-epoch", ++ "crossbeam-utils", ++] ++ ++[[package]] ++name = "crossbeam-epoch" ++version = "0.9.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "ec0f606a85340376eef0d6d8fec399e6d4a544d648386c6645eb6d0653b27d9f" ++dependencies = [ ++ "cfg-if 1.0.0", ++ "const_fn", ++ "crossbeam-utils", ++ "lazy_static", ++ "memoffset", ++ "scopeguard", ++] ++ ++[[package]] ++name = "crossbeam-utils" ++version = "0.8.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "ec91540d98355f690a86367e566ecad2e9e579f230230eb7c21398372be73ea5" ++dependencies = [ ++ "autocfg", ++ "cfg-if 1.0.0", ++ "const_fn", ++ "lazy_static", ++] ++ ++[[package]] ++name = "crypto-mac" ++version = "0.8.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab" ++dependencies = [ ++ "generic-array", ++ "subtle", ++] ++ ++[[package]] ++name = "digest" ++version = "0.9.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" ++dependencies = [ ++ "generic-array", ++] ++ ++[[package]] ++name = "duct" ++version = "0.13.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "f90a9c3a25aafbd538c7d40a53f83c4487ee8216c12d1c8ef2c01eb2f6ea1553" ++dependencies = [ ++ "libc", ++ "once_cell", ++ "os_pipe", ++ "shared_child", ++] ++ ++[[package]] ++name = "either" ++version = "1.6.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" ++ ++[[package]] ++name = "generic-array" ++version = "0.14.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "501466ecc8a30d1d3b7fc9229b122b2ce8ed6e9d9223f1138d4babb253e51817" ++dependencies = [ ++ "typenum", ++ "version_check", ++] ++ ++[[package]] ++name = "getrandom" ++version = "0.1.15" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "fc587bc0ec293155d5bfa6b9891ec18a1e330c234f896ea47fbada4cadbe47e6" ++dependencies = [ ++ "cfg-if 0.1.10", ++ "libc", ++ "wasi", ++] ++ ++[[package]] ++name = "glob" ++version = "0.3.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" ++ ++[[package]] ++name = "hermit-abi" ++version = "0.1.17" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "5aca5565f760fb5b220e499d72710ed156fdb74e631659e99377d9ebfbd13ae8" ++dependencies = [ ++ "libc", ++] ++ ++[[package]] ++name = "hex" ++version = "0.4.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "644f9158b2f133fd50f5fb3242878846d9eb792e445c893805ff0e3824006e35" ++ ++[[package]] ++name = "lazy_static" ++version = "1.4.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" ++ ++[[package]] ++name = "libc" ++version = "0.2.80" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "4d58d1b70b004888f764dfbf6a26a3b0342a1632d33968e4a179d8011c760614" ++ ++[[package]] ++name = "memmap" ++version = "0.7.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "6585fd95e7bb50d6cc31e20d4cf9afb4e2ba16c5846fc76793f11218da9c475b" ++dependencies = [ ++ "libc", ++ "winapi", ++] ++ ++[[package]] ++name = "memoffset" ++version = "0.5.6" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "043175f069eda7b85febe4a74abbaeff828d9f8b448515d3151a14a3542811aa" ++dependencies = [ ++ "autocfg", ++] ++ ++[[package]] ++name = "num_cpus" ++version = "1.13.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "05499f3756671c15885fee9034446956fff3f243d6077b91e5767df161f766b3" ++dependencies = [ ++ "hermit-abi", ++ "libc", ++] ++ ++[[package]] ++name = "once_cell" ++version = "1.5.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "13bd41f508810a131401606d54ac32a467c97172d74ba7662562ebba5ad07fa0" ++ ++[[package]] ++name = "os_pipe" ++version = "0.9.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "fb233f06c2307e1f5ce2ecad9f8121cffbbee2c95428f44ea85222e460d0d213" ++dependencies = [ ++ "libc", ++ "winapi", ++] ++ ++[[package]] ++name = "ppv-lite86" ++version = "0.2.10" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857" ++ ++[[package]] ++name = "rand" ++version = "0.7.3" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" ++dependencies = [ ++ "getrandom", ++ "libc", ++ "rand_chacha", ++ "rand_core", ++ "rand_hc", ++] ++ ++[[package]] ++name = "rand_chacha" ++version = "0.2.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" ++dependencies = [ ++ "ppv-lite86", ++ "rand_core", ++] ++ ++[[package]] ++name = "rand_core" ++version = "0.5.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" ++dependencies = [ ++ "getrandom", ++] ++ ++[[package]] ++name = "rand_hc" ++version = "0.2.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" ++dependencies = [ ++ "rand_core", ++] ++ ++[[package]] ++name = "rayon" ++version = "1.5.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "8b0d8e0819fadc20c74ea8373106ead0600e3a67ef1fe8da56e39b9ae7275674" ++dependencies = [ ++ "autocfg", ++ "crossbeam-deque", ++ "either", ++ "rayon-core", ++] ++ ++[[package]] ++name = "rayon-core" ++version = "1.9.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "9ab346ac5921dc62ffa9f89b7a773907511cdfa5490c572ae9be1be33e8afa4a" ++dependencies = [ ++ "crossbeam-channel", ++ "crossbeam-deque", ++ "crossbeam-utils", ++ "lazy_static", ++ "num_cpus", ++] ++ ++[[package]] ++name = "redox_syscall" ++version = "0.1.57" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "41cc0f7e4d5d4544e8861606a285bb08d3e70712ccc7d2b84d7c0ccfaf4b05ce" ++ ++[[package]] ++name = "remove_dir_all" ++version = "0.5.3" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" ++dependencies = [ ++ "winapi", ++] ++ ++[[package]] ++name = "scopeguard" ++version = "1.1.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" ++ ++[[package]] ++name = "shared_child" ++version = "0.3.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "8cebcf3a403e4deafaf34dc882c4a1b6a648b43e5670aa2e4bb985914eaeb2d2" ++dependencies = [ ++ "libc", ++ "winapi", ++] ++ ++[[package]] ++name = "strsim" ++version = "0.8.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" ++ ++[[package]] ++name = "subtle" ++version = "2.3.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "343f3f510c2915908f155e94f17220b19ccfacf2a64a2a5d8004f2c3e311e7fd" ++ ++[[package]] ++name = "tempfile" ++version = "3.1.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "7a6e24d9338a0a5be79593e2fa15a648add6138caa803e2d5bc782c371732ca9" ++dependencies = [ ++ "cfg-if 0.1.10", ++ "libc", ++ "rand", ++ "redox_syscall", ++ "remove_dir_all", ++ "winapi", ++] ++ ++[[package]] ++name = "textwrap" ++version = "0.11.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" ++dependencies = [ ++ "unicode-width", ++] ++ ++[[package]] ++name = "typenum" ++version = "1.12.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "373c8a200f9e67a0c95e62a4f52fbf80c23b4381c05a17845531982fa99e6b33" ++ ++[[package]] ++name = "unicode-width" ++version = "0.1.8" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "9337591893a19b88d8d87f2cec1e73fad5cdfd10e5a6f349f498ad6ea2ffb1e3" ++ ++[[package]] ++name = "vec_map" ++version = "0.8.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" ++ ++[[package]] ++name = "version_check" ++version = "0.9.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "b5a972e5669d67ba988ce3dc826706fb0a8b01471c088cb0b6110b805cc36aed" ++ ++[[package]] ++name = "wasi" ++version = "0.9.0+wasi-snapshot-preview1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" ++ ++[[package]] ++name = "wild" ++version = "2.0.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "035793abb854745033f01a07647a79831eba29ec0be377205f2a25b0aa830020" ++dependencies = [ ++ "glob", ++] ++ ++[[package]] ++name = "winapi" ++version = "0.3.9" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" ++dependencies = [ ++ "winapi-i686-pc-windows-gnu", ++ "winapi-x86_64-pc-windows-gnu", ++] ++ ++[[package]] ++name = "winapi-i686-pc-windows-gnu" ++version = "0.4.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" ++ ++[[package]] ++name = "winapi-x86_64-pc-windows-gnu" ++version = "0.4.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/b3sum/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/b3sum/default.nix new file mode 100644 index 000000000000..d36dfc8e18cb --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/b3sum/default.nix @@ -0,0 +1,26 @@ +{ lib, fetchFromGitHub, rustPlatform }: + +rustPlatform.buildRustPackage rec { + pname = "b3sum"; + version = "0.3.7"; + + src = fetchFromGitHub { + owner = "BLAKE3-team"; + repo = "BLAKE3"; + rev = version; + sha256 = "0r3nj7jbrpb2gkkfa9h6nv6blrbv6dlrhxg131qnh340q1ysh0x7"; + }; + + sourceRoot = "source/b3sum"; + + cargoSha256 = "0n8hp83hw7g260vmf4qcicpca75faam7k0zmb0k4cdzsar96gdrr"; + + cargoPatches = [ ./cargo-lock.patch ]; + + meta = { + description = "BLAKE3 cryptographic hash function"; + homepage = "https://github.com/BLAKE3-team/BLAKE3/"; + maintainers = with lib.maintainers; [ fpletz ivan ]; + license = with lib.licenses; [ cc0 asl20 ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/b3sum/update-cargo-lock.sh b/infra/libkookie/nixpkgs/pkgs/tools/security/b3sum/update-cargo-lock.sh new file mode 100755 index 000000000000..8c52ad5cf6c0 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/b3sum/update-cargo-lock.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +# This updates cargo-lock.patch for the b3sum version listed in default.nix. + +set -eu -o verbose + +here=$PWD +version=$(cat default.nix | grep '^ version = "' | cut -d '"' -f 2) +checkout=$(mktemp -d) +git clone -b "$version" --depth=1 https://github.com/BLAKE3-team/BLAKE3 "$checkout" +cd "$checkout" + +(cd b3sum && cargo generate-lockfile) +mv b3sum/Cargo.lock ./ +git add -f Cargo.lock +git diff HEAD -- Cargo.lock > "$here"/cargo-lock.patch + +cd "$here" +rm -rf "$checkout" diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix new file mode 100644 index 000000000000..53bc45acf8f7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix @@ -0,0 +1,46 @@ +{ stdenv +, fetchFromGitHub +, unstableGitUpdater +, makeWrapper +, openssl +, coreutils +, gnugrep }: + +stdenv.mkDerivation { + pname = "bash-supergenpass"; + version = "unstable-2018-04-18"; + + nativeBuildInputs = [ makeWrapper ]; + + src = fetchFromGitHub { + owner = "lanzz"; + repo = "bash-supergenpass"; + rev = "ece772b9ec095946ac4ea985cda5561b211e56f0"; + sha256 = "1gkbrycyyl7y3klbfx7xjvvfw5df1h4fj6x1f73gglfy6nk8ffnd"; + }; + + installPhase = '' + install -m755 -D supergenpass.sh "$out/bin/supergenpass" + wrapProgram "$out/bin/supergenpass" --prefix PATH : "${stdenv.lib.makeBinPath [ openssl coreutils gnugrep ]}" + ''; + + passthru.updateScript = unstableGitUpdater { }; + + meta = with stdenv.lib; { + description = "Bash shell-script implementation of SuperGenPass password generation"; + longDescription = '' + Bash shell-script implementation of SuperGenPass password generation + Usage: ./supergenpass.sh <domain> [ <length> ] + + Default <length> is 10, which is also the original SuperGenPass default length. + + The <domain> parameter is also optional, but it does not make much sense to omit it. + + supergenpass will ask for your master password interactively, and it will not be displayed on your terminal. + ''; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ fgaz ]; + homepage = "https://github.com/lanzz/bash-supergenpass"; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bettercap/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/bettercap/default.nix new file mode 100644 index 000000000000..17cb0308a168 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bettercap/default.nix @@ -0,0 +1,39 @@ +{ stdenv +, buildGoModule +, fetchFromGitHub +, pkg-config +, libpcap +, libnfnetlink +, libnetfilter_queue +, libusb1 +}: + +buildGoModule rec { + pname = "bettercap"; + version = "2.28"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + sha256 = "0aihinn3i3jj350l2rqph7nv3wy4nh4f8syidf77zybjcp9nmcys"; + }; + + vendorSha256 = "0yfs1f18d8frbkrshsajzzbj4wh2azd89g2h35wm6wqknvlipwr0"; + + doCheck = false; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ libpcap libusb1 ] + ++ stdenv.lib.optionals stdenv.isLinux [ libnfnetlink libnetfilter_queue ]; + + meta = with stdenv.lib; { + description = "A man in the middle tool"; + longDescription = '' + BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more. + ''; + homepage = "https://www.bettercap.org/"; + license = with licenses; gpl3; + maintainers = with maintainers; [ y0no ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bitwarden/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/bitwarden/default.nix new file mode 100644 index 000000000000..c35a4d60e9e7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bitwarden/default.nix @@ -0,0 +1,88 @@ +{ atomEnv +, autoPatchelfHook +, dpkg +, fetchurl +, libsecret +, makeDesktopItem +, makeWrapper +, stdenv +, lib +, udev +, wrapGAppsHook +}: + +let + inherit (stdenv.hostPlatform) system; + + pname = "bitwarden"; + + version = { + x86_64-linux = "1.23.0"; + }.${system} or ""; + + sha256 = { + x86_64-linux = "1z1r8327xymqf2h98wb2fb02s41pxc6fh5w4bxmdgpx7k1jx5kvg"; + }.${system} or ""; + + meta = with stdenv.lib; { + description = "A secure and free password manager for all of your devices"; + homepage = "https://bitwarden.com"; + license = licenses.gpl3; + maintainers = with maintainers; [ kiwi ]; + platforms = [ "x86_64-linux" ]; + }; + + linux = stdenv.mkDerivation rec { + inherit pname version meta; + + src = fetchurl { + url = "https://github.com/bitwarden/desktop/releases/download/" + + "v${version}/Bitwarden-${version}-amd64.deb"; + inherit sha256; + }; + + desktopItem = makeDesktopItem { + name = "bitwarden"; + exec = "bitwarden %U"; + icon = "bitwarden"; + comment = "A secure and free password manager for all of your devices"; + desktopName = "Bitwarden"; + categories = "Utility"; + }; + + dontBuild = true; + dontConfigure = true; + dontPatchELF = true; + dontWrapGApps = true; + + buildInputs = [ libsecret ] ++ atomEnv.packages; + + nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook wrapGAppsHook ]; + + unpackPhase = "dpkg-deb -x $src ."; + + installPhase = '' + mkdir -p "$out/bin" + cp -R "opt" "$out" + cp -R "usr/share" "$out/share" + chmod -R g-w "$out" + + # Desktop file + mkdir -p "$out/share/applications" + cp "${desktopItem}/share/applications/"* "$out/share/applications" + ''; + + runtimeDependencies = [ + (lib.getLib udev) + ]; + + postFixup = '' + makeWrapper $out/opt/Bitwarden/bitwarden $out/bin/bitwarden \ + --prefix LD_LIBRARY_PATH : "${stdenv.lib.makeLibraryPath [ libsecret stdenv.cc.cc ] }" \ + "''${gappsWrapperArgs[@]}" + ''; + }; + +in if stdenv.isDarwin +then throw "Bitwarden has not been packaged for macOS yet" +else linux diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix new file mode 100644 index 000000000000..57e865ef596a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix @@ -0,0 +1,46 @@ +{ stdenv, rustPlatform, fetchFromGitHub, nixosTests +, pkgconfig, openssl +, Security, CoreServices +, dbBackend ? "sqlite", libmysqlclient, postgresql }: + +let + featuresFlag = "--features ${dbBackend}"; + +in rustPlatform.buildRustPackage rec { + pname = "bitwarden_rs"; + version = "1.17.0"; + + src = fetchFromGitHub { + owner = "dani-garcia"; + repo = pname; + rev = version; + sha256 = "0hi29vy23a5r23pgzdssd2gvim8vw2vmykck5cl5phq11a3az31p"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = with stdenv.lib; [ openssl ] + ++ optionals stdenv.isDarwin [ Security CoreServices ] + ++ optional (dbBackend == "mysql") libmysqlclient + ++ optional (dbBackend == "postgresql") postgresql; + + RUSTC_BOOTSTRAP = 1; + + cargoSha256 = "0hv3k5l85nz4syzamranhi237fiwkjnda8v5ssnm2nsmcm7ih9k8"; + cargoBuildFlags = [ featuresFlag ]; + + checkPhase = '' + runHook preCheck + echo "Running cargo cargo test ${featuresFlag} -- ''${checkFlags} ''${checkFlagsArray+''${checkFlagsArray[@]}}" + cargo test ${featuresFlag} -- ''${checkFlags} ''${checkFlagsArray+"''${checkFlagsArray[@]}"} + runHook postCheck + ''; + + passthru.tests = nixosTests.bitwarden; + + meta = with stdenv.lib; { + description = "Unofficial Bitwarden compatible server written in Rust"; + homepage = "https://github.com/dani-garcia/bitwarden_rs"; + license = licenses.gpl3; + maintainers = with maintainers; [ msteen ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix new file mode 100644 index 000000000000..786ff5784557 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl, nixosTests }: + +stdenv.mkDerivation rec { + pname = "bitwarden_rs-vault"; + version = "2.16.1"; + + src = fetchurl { + url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; + sha256 = "1c4fcf8jzgd6636wv903r5msc9z5l56l2i4k93kvb2zvg7qj014w"; + }; + + buildCommand = '' + mkdir -p $out/share/bitwarden_rs/ + cd $out/share/bitwarden_rs/ + tar xf $src + mv web-vault vault + ''; + + passthru.tests = nixosTests.bitwarden; + + meta = with stdenv.lib; { + description = "Integrates the web vault into bitwarden_rs"; + homepage = "https://github.com/dani-garcia/bw_web_builds"; + platforms = platforms.all; + license = licenses.gpl3; + maintainers = with maintainers; [ msteen ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bmrsa/11.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/bmrsa/11.nix new file mode 100644 index 000000000000..c7d4c4d01741 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bmrsa/11.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + pname = "bmrsa"; + version = "11"; + + src = fetchurl { + url = "mirror://sourceforge/bmrsa/bmrsa${version}.zip"; + sha256 = "0ksd9xkvm9lkvj4yl5sl0zmydp1wn3xhc55b28gj70gi4k75kcl4"; + }; + + buildInputs = [ unzip ]; + + unpackPhase = '' + mkdir bmrsa + cd bmrsa + unzip ${src} + sed -e 's/gcc/g++/' -i Makefile + mkdir -p $out/bin + echo -e 'install:\n\tcp bmrsa '$out'/bin' >> Makefile + ''; + + meta = with stdenv.lib; { + description = "RSA utility"; + homepage = "http://bmrsa.sourceforge.net/"; + license = licenses.gpl1; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/browserpass/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/browserpass/default.nix new file mode 100644 index 000000000000..9aec14e0a418 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/browserpass/default.nix @@ -0,0 +1,55 @@ +{ lib, buildGoModule, fetchFromGitHub, makeWrapper, gnupg }: +buildGoModule rec { + pname = "browserpass"; + version = "3.0.6"; + + src = fetchFromGitHub { + owner = "browserpass"; + repo = "browserpass-native"; + rev = version; + sha256 = "0q3bsla07zjl6i69nj1axbkg2ia89pvh0jg6nlqgbm2kpzzbn0pz"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + vendorSha256 = "1wcbn0ip596f2dp68y6jmxgv20l0dgrcxg5cwclkawigj05416zj"; + + doCheck = false; + + postPatch = '' + # Because this Makefile will be installed to be used by the user, patch + # variables to be valid by default + substituteInPlace Makefile \ + --replace "PREFIX ?= /usr" "" + sed -i -e 's/SED :=.*/SED := sed/' Makefile + sed -i -e 's/INSTALL :=.*/INSTALL := install/' Makefile + ''; + + DESTDIR = placeholder "out"; + + postConfigure = '' + make configure + ''; + + buildPhase = '' + make + ''; + + installPhase = '' + make install + + wrapProgram $out/bin/browserpass \ + --suffix PATH : ${lib.makeBinPath [ gnupg ]} + + # This path is used by our firefox wrapper for finding native messaging hosts + mkdir -p $out/lib/mozilla/native-messaging-hosts + ln -s $out/lib/browserpass/hosts/firefox/*.json $out/lib/mozilla/native-messaging-hosts + ''; + + meta = with lib; { + description = "Browserpass native client app"; + homepage = "https://github.com/browserpass/browserpass-native"; + license = licenses.isc; + maintainers = with maintainers; [ rvolosatovs infinisil ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bruteforce-luks/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/bruteforce-luks/default.nix new file mode 100644 index 000000000000..cfa27a5c6865 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bruteforce-luks/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, cryptsetup }: + +stdenv.mkDerivation rec { + pname = "bruteforce-luks"; + version = "1.4.0"; + + src = fetchFromGitHub { + sha256 = "0yyrda077avdapq1mvavgv5mvj2r94d6p01q56bbnaq4a3h5kfd6"; + rev = version; + repo = "bruteforce-luks"; + owner = "glv2"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ cryptsetup ]; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with stdenv.lib; { + inherit (src.meta) homepage; + description = "Cracks passwords of LUKS encrypted volumes"; + longDescription = '' + The program tries to decrypt at least one of the key slots by trying + all the possible passwords. It is especially useful if you know + something about the password (i.e. you forgot a part of your password but + still remember most of it). Finding the password of a volume without + knowing anything about it would take way too much time (unless the + password is really short and/or weak). It can also use a dictionary. + ''; + license = licenses.gpl3Plus; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/brutespray/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/brutespray/default.nix new file mode 100644 index 000000000000..78dd789047d0 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/brutespray/default.nix @@ -0,0 +1,40 @@ +{ stdenv, python3, fetchFromGitHub, makeWrapper, medusa }: + +stdenv.mkDerivation rec { + pname = "brutespray"; + version = "1.6.8"; + + src = fetchFromGitHub { + owner = "x90skysn3k"; + repo = pname; + rev = "brutespray-${version}"; + sha256 = "1pi4d5vcvvjsby39dq995dlhpxdicmfhqsiw23hr25m38ccfm3rh"; + }; + + postPatch = '' + substituteInPlace brutespray.py \ + --replace "/usr/share/brutespray" "$out/share/brutespray" + ''; + + dontBuild = true; + nativeBuildInputs = [ python3.pkgs.wrapPython makeWrapper ]; + buildInputs = [ python3 ]; + + installPhase = '' + install -Dm0755 brutespray.py $out/bin/brutespray + patchShebangs $out/bin + patchPythonScript $out/bin/brutespray + wrapProgram $out/bin/brutespray \ + --prefix PATH : ${stdenv.lib.makeBinPath [ medusa ]} + + mkdir -p $out/share/brutespray + cp -r wordlist/ $out/share/brutespray/wordlist + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/x90skysn3k/brutespray"; + description = "Brute-Forcing from Nmap output - Automatically attempts default creds on found services"; + license = licenses.mit; + maintainers = with maintainers; [ ma27 ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile b/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile new file mode 100644 index 000000000000..f9fb0e329bd4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile @@ -0,0 +1,2 @@ +source 'https://rubygems.org' +gem 'bundler-audit' diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock b/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock new file mode 100644 index 000000000000..f130b57912b4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock @@ -0,0 +1,16 @@ +GEM + remote: https://rubygems.org/ + specs: + bundler-audit (0.7.0.1) + bundler (>= 1.2.0, < 3) + thor (>= 0.18, < 2) + thor (1.0.1) + +PLATFORMS + ruby + +DEPENDENCIES + bundler-audit + +BUNDLED WITH + 2.1.4 diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/default.nix new file mode 100644 index 000000000000..c24831f26b06 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/default.nix @@ -0,0 +1,29 @@ +{ bundlerEnv, ruby, lib, bundlerUpdateScript }: + +bundlerEnv rec { + name = "${pname}-${version}"; + pname = "bundler-audit"; + version = (import ./gemset.nix).bundler-audit.version; + + inherit ruby; + gemdir = ./.; + + passthru.updateScript = bundlerUpdateScript "bundler-audit"; + + meta = with lib; { + description = "Patch-level verification for Bundler"; + longDescription = '' + Features: + - Checks for vulnerable versions of gems in Gemfile.lock. + - Checks for insecure gem sources (http://). + - Allows ignoring certain advisories that have been manually worked around. + - Prints advisory information. + - Does not require a network connection. + ''; + homepage = "https://github.com/rubysec/bundler-audit"; + changelog = "https://github.com/rubysec/bundler-audit/blob/v${version}/ChangeLog.md"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ primeos nicknovitski ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix new file mode 100644 index 000000000000..2121a3c08e55 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix @@ -0,0 +1,23 @@ +{ + bundler-audit = { + dependencies = ["thor"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "04l9rs56rlvihbr2ybkrigjajgd3swa98lxvmdl8iylj1g5m7n0j"; + type = "gem"; + }; + version = "0.7.0.1"; + }; + thor = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xbhkmyhlxwzshaqa7swy2bx6vd64mm0wrr8g3jywvxy7hg0cwkm"; + type = "gem"; + }; + version = "1.0.1"; + }; +}
\ No newline at end of file diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ccid/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ccid/default.nix new file mode 100644 index 000000000000..b7f408e748fd --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ccid/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchurl, pcsclite, pkgconfig, libusb1, perl }: + +stdenv.mkDerivation rec { + pname = "ccid"; + version = "1.4.33"; + + src = fetchurl { + url = "https://ccid.apdu.fr/files/${pname}-${version}.tar.bz2"; + sha256 = "0974h2v9wq0j0ajw3c7yckaw8wqcppb2npfhfhmv9phijy9xlmjj"; + }; + + postPatch = '' + patchShebangs . + substituteInPlace src/Makefile.in --replace /bin/echo echo + ''; + + preConfigure = '' + configureFlagsArray+=("--enable-usbdropdir=$out/pcsc/drivers") + ''; + + nativeBuildInputs = [ pkgconfig perl ]; + buildInputs = [ pcsclite libusb1 ]; + + meta = with stdenv.lib; { + description = "ccid drivers for pcsclite"; + homepage = "https://ccid.apdu.fr/"; + license = licenses.gpl2Plus; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ccrypt/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ccrypt/default.nix new file mode 100644 index 000000000000..a3210b2a5987 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ccrypt/default.nix @@ -0,0 +1,22 @@ +{stdenv, fetchurl, perl}: + +stdenv.mkDerivation { + name = "ccrypt-1.11"; + + src = fetchurl { + url = "mirror://sourceforge/ccrypt/ccrypt-1.11.tar.gz"; + sha256 = "0kx4a5mhmp73ljknl2lcccmw9z3f5y8lqw0ghaymzvln1984g75i"; + }; + + nativeBuildInputs = [ perl ]; + + hardeningDisable = [ "format" ]; + + meta = { + homepage = "http://ccrypt.sourceforge.net/"; + description = "Utility for encrypting and decrypting files and streams with AES-256"; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = with stdenv.lib.maintainers; [viric]; + platforms = with stdenv.lib.platforms; all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/certmgr/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/certmgr/default.nix new file mode 100644 index 000000000000..be3f891cc8bb --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/certmgr/default.nix @@ -0,0 +1,43 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }: + +let + generic = { patches ? [] }: + buildGoPackage rec { + version = "1.6.4"; + pname = "certmgr"; + + goPackagePath = "github.com/cloudflare/certmgr/"; + + src = fetchFromGitHub { + owner = "cloudflare"; + repo = "certmgr"; + rev = "v${version}"; + sha256 = "0glvyp61ya21pdm2bsvq3vfhmmxc2998vxc6hiyc79ijsv9n6jqi"; + }; + + inherit patches; + + meta = with stdenv.lib; { + homepage = "https://cfssl.org/"; + description = "Cloudflare's certificate manager"; + platforms = platforms.linux; + license = licenses.bsd2; + maintainers = with maintainers; [ johanot srhb ]; + }; + }; +in +{ + certmgr = generic {}; + + certmgr-selfsigned = generic { + # The following patch makes it possible to use a self-signed x509 cert + # for the cfssl apiserver. + # TODO: remove patch when PR is merged. + patches = [ + (fetchpatch { + url = "https://github.com/cloudflare/certmgr/pull/51.patch"; + sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs"; + }) + ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/certstrap/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/certstrap/default.nix new file mode 100644 index 000000000000..99ba5c9e29b7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/certstrap/default.nix @@ -0,0 +1,22 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "certstrap"; + version = "1.2.0"; + + goPackagePath = "github.com/square/certstrap"; + + src = fetchFromGitHub { + owner = "square"; + repo = "certstrap"; + rev = "v${version}"; + sha256 = "1ymchnn7c9g3pq7rw4lrwsd6z3wfjx90g7qgrw6r5hssl77mnscj"; + }; + + meta = with stdenv.lib; { + inherit (src.meta) homepage; + description = "Tools to bootstrap CAs, certificate requests, and signed certificates"; + license = licenses.asl20; + maintainers = with maintainers; [ volth ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/cfssl/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/cfssl/default.nix new file mode 100644 index 000000000000..d926aaca68fb --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/cfssl/default.nix @@ -0,0 +1,49 @@ +{ stdenv, buildGoModule, fetchFromGitHub, go-rice }: + +buildGoModule rec { + pname = "cfssl"; + version = "1.5.0"; + + src = fetchFromGitHub { + owner = "cloudflare"; + repo = "cfssl"; + rev = "v${version}"; + sha256 = "1yzxz2l7h2d3f8j6l9xlm7g9659gsa17zf4q0883s0jh3l3xgs5n"; + }; + + subPackages = [ + "cmd/cfssl" + "cmd/cfssljson" + "cmd/cfssl-bundle" + "cmd/cfssl-certinfo" + "cmd/cfssl-newkey" + "cmd/cfssl-scan" + "cmd/multirootca" + "cmd/mkbundle" + ]; + + vendorSha256 = null; + + doCheck = false; + + nativeBuildInputs = [ go-rice ]; + + preBuild = '' + pushd cli/serve + rice embed-go + popd + ''; + + buildFlagsArray = '' + -ldflags= + -s -w + -X github.com/cloudflare/cfssl/cli/version.version=v${version} + ''; + + meta = with stdenv.lib; { + homepage = "https://cfssl.org/"; + description = "Cloudflare's PKI and TLS toolkit"; + license = licenses.bsd2; + maintainers = with maintainers; [ mbrgm ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/default.nix new file mode 100644 index 000000000000..decc9ba31268 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/default.nix @@ -0,0 +1,91 @@ +{ stdenv, fetchFromGitiles, fetchFromGitHub, fetchurl, trousers, leveldb, unzip +, scons, pkgconfig, glib, dbus_cplusplus, dbus, protobuf, openssl, snappy, pam +}: + +let + src_chromebase = fetchFromGitiles { + url = "https://chromium.googlesource.com/chromium/src/base"; + rev = "2dfe404711e15e24e79799516400c61b2719d7af"; + sha256 = "2bd93a3ace4b6767db2c1bd1e16f426c97b8d2133a9cb15f8372b2516cfa65c5"; + }; + + src_gmock = fetchurl { + url = "https://googlemock.googlecode.com/files/gmock-1.7.0.zip"; + sha256 = "0nq98cpnv2jsx2byp4ilam6kydcnziflkc16ikydajmp4mcvpz16"; + }; + + src_platform2 = fetchFromGitiles { + url = "https://chromium.googlesource.com/chromiumos/platform2"; + rev = "e999e989eaa71c3db7314fc7b4e20829b2b5473b"; + sha256 = "15n1bsv6r7cny7arx0hdb223xzzbk7vkxg2r7xajhl4nsj39adjh"; + }; + +in + +stdenv.mkDerivation rec { + name = "chaps-0.42-6812"; + version = "0.42-6812"; + + src = fetchFromGitHub { + owner = "google"; + repo = "chaps-linux"; + rev = "989aadc45cdb216ca35b0c97d13fc691576fa1d7"; + sha256 = "0chk6pnn365d5kcz6vfqx1d0383ksk97icc0lzg0vvb0kvyj0ff1"; + }; + + NIX_CFLAGS_COMPILE = [ + # readdir_r(3) is deprecated in glibc >= 2.24 + "-Wno-error=deprecated-declarations" + # gcc8 catching polymorphic type error + "-Wno-error=catch-value" + ]; + + patches = [ ./fix_absolute_path.patch ./fix_environment_variables.patch ./fix_scons.patch ./insert_prefetches.patch ]; + + postPatch = '' + substituteInPlace makefile --replace @@NIXOS_SRC_CHROMEBASE@@ ${src_chromebase} + substituteInPlace makefile --replace @@NIXOS_SRC_GMOCK@@ ${src_gmock} + substituteInPlace makefile --replace @@NIXOS_SRC_PLATFORM2@@ ${src_platform2} + substituteInPlace makefile --replace @@NIXOS_LEVELDB@@ ${leveldb} + ''; + + nativeBuildInputs = [ unzip scons pkgconfig ]; + + buildInputs = [ trousers glib dbus_cplusplus dbus protobuf openssl snappy leveldb pam ]; + + buildPhase = '' + make build + ''; + + installPhase = '' + mkdir -p $out/bin + cp ${name}/out/chapsd $out/bin/. + cp ${name}/out/chaps_client $out/bin/. + + mkdir -p $out/lib + cp ${name}/out/libchaps.so.* $out/lib/. + mkdir -p $out/lib/security + cp ${name}/out/pam_chaps.so $out/lib/security/. + + mkdir -p $out/include + cp -r ${name}/out/chaps $out/include/. + + mkdir -p $out/etc/dbus-1/system.d + cp ${name}/out/org.chromium.Chaps.conf $out/etc/dbus-1/system.d/. + mkdir -p $out/etc/dbus-1/system-services + cp ${name}/platform2/chaps/org.chromium.Chaps.service $out/etc/dbus-1/system-services/. + + mkdir -p $out/usr/share/pam-configs/chaps + mkdir -p $out/usr/share/man/man8 + cp ${name}/man/* $out/usr/share/man/man8/. + ''; + + meta = with stdenv.lib; { + description = "PKCS #11 implementation based on trusted platform module (TPM)"; + homepage = "https://www.chromium.org/developers/design-documents/chaps-technical-design"; + maintainers = [ maintainers.tstrobel ]; + platforms = [ "x86_64-linux" ]; + license = licenses.bsd3; + broken = true; # build failure withn openssl 1.1 + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch new file mode 100644 index 000000000000..7dbd60c73c42 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch @@ -0,0 +1,18 @@ +diff --git a/patches/platform2/fix_echo.patch b/patches/platform2/fix_echo.patch +new file mode 100644 +index 0000000..d2272f6 +--- /dev/null ++++ b/patches/platform2/fix_echo.patch +@@ -0,0 +1,12 @@ ++diff -uNr platform2/common-mk/common.mk platform2-new/common-mk/common.mk ++--- platform2/common-mk/common.mk 2015-07-03 12:07:47.482745292 +0200 +++++ platform2-new/common-mk/common.mk 2015-07-03 12:08:16.868600569 +0200 ++@@ -263,7 +263,7 @@ ++ $(eval $(call override_var,STRIP,strip)) ++ ++ RMDIR ?= rmdir ++-ECHO = /bin/echo -e +++ECHO = echo -e ++ ++ ifeq ($(lastword $(subst /, ,$(CC))),clang) ++ CDRIVER = clang diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch new file mode 100644 index 000000000000..2d7ee0d9a734 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch @@ -0,0 +1,42 @@ +diff --git a/extrasrc/Makefile b/extrasrc/Makefile +index fb95845..77125c0 100644 +--- a/extrasrc/Makefile ++++ b/extrasrc/Makefile +@@ -10,11 +10,11 @@ OUTDIR=$(SRCDIR)/out + GMOCK_DIR=$(SRCDIR)/gmock-$(GMOCK_VER) + GTEST_DIR=$(GMOCK_DIR)/gtest + +-INCLUDES="-I$(SRCDIR)/include -I$(SRCDIR)/platform2/libchromeos -isystem $(GTEST_DIR)/include -I$(GMOCK_DIR)/include -I$(SRCDIR)/leveldb/include" ++INCLUDES="-I$(SRCDIR)/include -I$(SRCDIR)/platform2/libchromeos -isystem $(GTEST_DIR)/include -I$(GMOCK_DIR)/include -I$(SRCDIR)/leveldb/include $(NIX_LDFLAG) $(NIX_CFLAGS_COMPILE)" + + # To build Chaps, defer to platform2/chaps/Makefile + all: libchrome-$(BASE_VER).a libchromeos-$(BASE_VER).a | out +- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) ++ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) + + # To build required Chromium components, defer to scons file. + libchrome-$(BASE_VER).a: +@@ -38,7 +38,7 @@ out/libgmock.a: out/gmock-all.o + ar -rv $@ $< + + test: out/libgtest.a out/libgmock.a libchrome-$(BASE_VER).a libchromeos-$(BASE_VER).a | out +- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) LDLIBS="-L$(OUTDIR)" OUT=$(OUTDIR) $(MAKE) tests ++ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) LDLIBS="-L$(OUTDIR)" OUT=$(OUTDIR) $(MAKE) tests + + clean: clean_chaps clean_chromeos clean_chromebase clean_gmock clean_debian + clean_gmock: +@@ -49,7 +49,7 @@ clean_chromebase: + clean_chromeos: + -BASE_VER=$(BASE_VER) scons -f Sconstruct.libchromeos -c + clean_chaps: +- -cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) $(MAKE) clean ++ -cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) $(MAKE) clean + rm -rf out + clean_debian: + dh_clean +@@ -64,4 +64,4 @@ install_man: + $(INSTALL) -m 0644 -D man/chapsd.8 $(MANDIR)/man8/chapsd.8 + $(INSTALL) -m 0644 -D man/chaps_client.8 $(MANDIR)/man8/chaps_client.8 + install: install_man +- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) install_files ++ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) install_files diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch new file mode 100644 index 000000000000..54843453c868 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch @@ -0,0 +1,26 @@ +diff --git a/extrasrc/Sconstruct.libchrome b/extrasrc/Sconstruct.libchrome +index 4feb76d..311fe8a 100644 +--- a/extrasrc/Sconstruct.libchrome ++++ b/extrasrc/Sconstruct.libchrome +@@ -103,7 +103,7 @@ base_lib = { + 'pc_libs' : 'glib-2.0', + } + +-env = Environment() ++env = Environment(ENV = os.environ) + + BASE_VER = os.environ.get('BASE_VER', '0') + GTEST_DIR = os.environ.get('GTEST_DIR', '0') +diff --git a/extrasrc/Sconstruct.libchromeos b/extrasrc/Sconstruct.libchromeos +index 1da6001..66f9acb 100644 +--- a/extrasrc/Sconstruct.libchromeos ++++ b/extrasrc/Sconstruct.libchromeos +@@ -18,7 +18,7 @@ base_lib = { + 'pc_libs' : 'dbus-c++-1', + } + +-env = Environment() ++env = Environment(ENV = os.environ) + + PKG_CONFIG = os.environ.get('PKG_CONFIG', 'pkg-config') + BASE_VER = os.environ.get('BASE_VER', '0') diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch new file mode 100644 index 000000000000..8b8449a6e661 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch @@ -0,0 +1,51 @@ +diff --git a/makefile b/makefile +index b6865f3..c14f5ec 100644 +--- a/makefile ++++ b/makefile +@@ -53,8 +53,8 @@ $(SRCDIR)/include/trousers/scoped_tss_type.h: extrasrc/scoped_tss_type.h | $(SRC + cp $< $@ + # Chromium includes <leveldb/memenv.h>. This requires an install of libleveldb-dev that has + # memenv support included; move this into a local leveldb/ subdirectory +-$(SRCDIR)/include/leveldb/memenv.h: /usr/include/leveldb/helpers/memenv.h | $(SRCDIR)/include/leveldb +- cp $< $@ ++$(SRCDIR)/include/leveldb/memenv.h: $(SRCDIR)/include/leveldb ++ cp @@NIXOS_LEVELDB@@/include/leveldb/helpers/memenv.h $@ + # Chromium includes <include/testing/gtest/include/gtest/gtest_prod.h>, so have a local copy. + $(SRCDIR)/include/testing/gtest/include/gtest/gtest_prod.h: extrasrc/gtest_prod.h | $(SRCDIR)/include/testing/gtest/include/gtest + cp $< $@ +@@ -80,7 +80,7 @@ GMOCK_DIR=$(SRCDIR)/gmock-$(GMOCK_VERSION) + GTEST_DIR=$(GMOCK_DIR)/gtest + src_gmock: $(GMOCK_DIR)/LICENSE + $(GMOCK_DIR)/LICENSE: | $(SRCDIR) +- cd $(SRCDIR) && wget $(GMOCK_URL) ++ cd $(SRCDIR) && cp @@NIXOS_SRC_GMOCK@@ gmock-$(GMOCK_VERSION).zip && chmod +w gmock-$(GMOCK_VERSION).zip + cd $(SRCDIR) && unzip -q gmock-$(GMOCK_VERSION).zip + rm $(SRCDIR)/gmock-$(GMOCK_VERSION).zip + touch $@ +@@ -107,8 +107,7 @@ src_chromebase: $(SRCDIR)/base/base64.h + $(SRCDIR)/base: | $(SRCDIR) + mkdir -p $@ + $(SRCDIR)/base/base64.h: | $(SRCDIR)/base +- git clone $(CHROMEBASE_GIT) $(SRCDIR)/base +- cd $(SRCDIR)/base && git checkout $(CHROMEBASE_COMMIT) ++ cp -r @@NIXOS_SRC_CHROMEBASE@@/. $(SRCDIR)/base && chmod -R +w $(SRCDIR)/base + + # We need two subdirectories from the platform2 repository from ChromiumOS: + # - chaps/ for the Chaps source code +@@ -119,14 +118,8 @@ $(SRCDIR)/platform2: + PLATFORM2_GIT=https://chromium.googlesource.com/chromiumos/platform2 + PATCHES=$(wildcard $(CURDIR)/patches/platform2/*.patch) + $(SRCDIR)/platform2/chaps/Makefile: | $(SRCDIR)/platform2 +- cd $(SRCDIR)/platform2 && git init . && git remote add -f origin $(PLATFORM2_GIT) +- cd $(SRCDIR)/platform2 && git config core.sparsecheckout true +- cd $(SRCDIR)/platform2 && echo "chaps" > .git/info/sparse-checkout +- cd $(SRCDIR)/platform2 && echo "libchromeos/chromeos" >> .git/info/sparse-checkout +- cd $(SRCDIR)/platform2 && echo "common-mk/common.mk" >> .git/info/sparse-checkout +- cd $(SRCDIR)/platform2 && git pull origin master +- cd $(SRCDIR)/platform2 && git checkout $(CROS_BRANCH) +- cd $(SRCDIR)/platform2 && if [ ! -z "$(PATCHES)" ]; then git am $(PATCHES); fi ++ cd $(SRCDIR)/platform2 && cp -r @@NIXOS_SRC_PLATFORM2@@/. . && chmod -R +w $(SRCDIR)/platform2 ++ cd $(SRCDIR)/platform2 && if [ ! -z "$(PATCHES)" ]; then patch -p1 < $(PATCHES); fi + + + # Copy man pages diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chipsec/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/chipsec/default.nix new file mode 100644 index 000000000000..0f162347cc83 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chipsec/default.nix @@ -0,0 +1,42 @@ +{ stdenv, lib, fetchFromGitHub, pythonPackages, nasm, libelf +, kernel ? null, withDriver ? false }: +pythonPackages.buildPythonApplication rec { + pname = "chipsec"; + version = "1.5.1"; + + src = fetchFromGitHub { + owner = "chipsec"; + repo = "chipsec"; + rev = version; + sha256 = "1rxr9i08a22m15slvlkrhnki30jixi2ds096kmmc2nqzfr9yibmb"; + }; + + disabled = !stdenv.isLinux; + + nativeBuildInputs = [ + nasm libelf + ]; + + setupPyBuildFlags = lib.optional (!withDriver) "--skip-driver"; + + checkPhase = "python setup.py build " + + lib.optionalString (!withDriver) "--skip-driver " + + "test"; + + KERNEL_SRC_DIR = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + + meta = with stdenv.lib; { + description = "Platform Security Assessment Framework"; + longDescription = '' + CHIPSEC is a framework for analyzing the security of PC platforms + including hardware, system firmware (BIOS/UEFI), and platform components. + It includes a security test suite, tools for accessing various low level + interfaces, and forensic capabilities. It can be run on Windows, Linux, + Mac OS X and UEFI shell. + ''; + license = licenses.gpl2; + homepage = "https://github.com/chipsec/chipsec"; + maintainers = with maintainers; [ johnazoidberg ]; + platforms = if withDriver then [ "x86_64-linux" ] else platforms.all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chkrootkit/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/chkrootkit/default.nix new file mode 100644 index 000000000000..864d73aaa972 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chkrootkit/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "chkrootkit-0.53"; + + src = fetchurl { + url = "ftp://ftp.pangeia.com.br/pub/seg/pac/${name}.tar.gz"; + sha256 = "1da5ry3p7jb6xs6xlfml1ly09q2rs5q6n5axif17d29k7gixlqkj"; + }; + + # TODO: a lazy work-around for linux build failure ... + makeFlags = [ "STATIC=" ]; + + postPatch = '' + substituteInPlace chkrootkit \ + --replace " ./" " $out/bin/" + ''; + + installPhase = '' + mkdir -p $out/sbin + cp check_wtmpx chkdirs chklastlog chkproc chkrootkit chkutmp chkwtmp ifpromisc strings-static $out/sbin + ''; + + meta = with stdenv.lib; { + description = "Locally checks for signs of a rootkit"; + homepage = "http://www.chkrootkit.org/"; + license = licenses.bsd2; + platforms = with platforms; linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch new file mode 100644 index 000000000000..9c379adb7dfb --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch @@ -0,0 +1,25 @@ +diff -urN chntpw-140201.orig/Makefile chntpw-140201/Makefile +--- chntpw-140201.orig/Makefile 2014-02-01 20:54:37.000000000 +0400 ++++ chntpw-140201/Makefile 2014-08-03 20:26:56.497161881 +0400 +@@ -12,14 +12,13 @@ + + CC=gcc + +-# Force 32 bit +-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 +-OSSLLIB=$(OSSLPATH)/lib +- +-# 64 bit if default for compiler setup +-#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall +-#OSSLLIB=$(OSSLPATH)/lib64 +- ++ifeq '$(shell gcc -dumpmachine)' 'x86_64-unknown-linux-gnu' ++ CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall ++ OSSLLIB=$(OSSLPATH)/lib64 ++else ifeq '$(shell gcc -dumpmachine)' 'i686-unknown-linux-gnu' ++ CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 ++ OSSLLIB=$(OSSLPATH)/lib ++endif + + # This is to link with whatever we have, SSL crypto lib we put in static + #LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch new file mode 100644 index 000000000000..d3163a026f91 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch @@ -0,0 +1,26 @@ +diff -urN chntpw-140201.orig/Makefile chntpw-140201/Makefile +--- chntpw-140201.orig/Makefile 2014-08-03 20:26:56.497161881 +0400 ++++ chntpw-140201/Makefile 2014-08-04 12:57:16.563818342 +0400 +@@ -10,6 +10,8 @@ + OSSLPATH=/usr + OSSLINC=$(OSSLPATH)/include + ++PREFIX ?= /usr ++ + CC=gcc + + ifeq '$(shell gcc -dumpmachine)' 'x86_64-unknown-linux-gnu' +@@ -24,8 +26,12 @@ + #LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a + LIBS=-L$(OSSLLIB) + ++BINARIES := chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static + +-all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static ++all: $(BINARIES) ++install: $(BINARIES) ++ mkdir -p $(PREFIX)/bin ++ cp $^ $(PREFIX)/bin + + chntpw: chntpw.o ntreg.o edlib.o libsam.o + $(CC) $(CFLAGS) -o chntpw chntpw.o ntreg.o edlib.o libsam.o $(LIBS) diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chntpw/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/chntpw/default.nix new file mode 100644 index 000000000000..0a44c463eb70 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chntpw/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + pname = "chntpw"; + + version = "140201"; + + src = fetchurl { + url = "http://pogostick.net/~pnh/ntpasswd/chntpw-source-${version}.zip"; + sha256 = "1k1cxsj0221dpsqi5yibq2hr7n8xywnicl8yyaicn91y8h2hkqln"; + }; + + buildInputs = [ unzip ] + ++ stdenv.lib.optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; + + patches = [ + ./00-chntpw-build-arch-autodetect.patch + ./01-chntpw-install-target.patch + ]; + + installPhase = '' + make install PREFIX=$out + ''; + + meta = with stdenv.lib; { + homepage = "http://pogostick.net/~pnh/ntpasswd/"; + description = "An utility to reset the password of any user that has a valid local account on a Windows system"; + maintainers = with stdenv.lib.maintainers; [ deepfire ]; + license = licenses.gpl2; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix new file mode 100644 index 000000000000..0065758e1c3f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/chrome-token-signing/default.nix @@ -0,0 +1,38 @@ +{ stdenv, mkDerivation, fetchFromGitHub, qmake, pcsclite, pkgconfig, opensc }: + +mkDerivation rec { + pname = "chrome-token-signing"; + version = "1.1.2-1"; + + src = fetchFromGitHub { + owner = "open-eid"; + repo = "chrome-token-signing"; + rev = "v${version}"; + sha256 = "1vbghy12fjmq4m5l7hisq1ylnzy0rdnnd920xwamjamlx38jj3ln"; + }; + + buildInputs = [ qmake pcsclite pkgconfig ]; + dontUseQmakeConfigure = true; + + patchPhase = '' + substituteInPlace host-linux/ee.ria.esteid.json --replace /usr $out + # TODO: macos + substituteInPlace host-shared/PKCS11Path.cpp \ + --replace opensc-pkcs11.so ${opensc}/lib/pkcs11/opensc-pkcs11.so + ''; + + installPhase = '' + install -D -t $out/bin host-linux/chrome-token-signing + # TODO: wire these up + install -D -t $out/etc/chromium/native-messaging-hosts host-linux/ee.ria.esteid.json + install -D -t $out/lib/mozilla/native-messaging-hosts host-linux/ff/ee.ria.esteid.json + ''; + + meta = with stdenv.lib; { + description = "Chrome and Firefox extension for signing with your eID on the web"; + homepage = "https://github.com/open-eid/chrome-token-signing/wiki"; + license = licenses.lgpl21; + maintainers = [ maintainers.mmahut ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/cipherscan/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/cipherscan/default.nix new file mode 100644 index 000000000000..eae5a5256dff --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/cipherscan/default.nix @@ -0,0 +1,41 @@ +{ stdenv, lib, fetchFromGitHub, openssl, makeWrapper, python, coreutils }: + +stdenv.mkDerivation rec { + pname = "cipherscan"; + version = "2016-08-16"; + + src = fetchFromGitHub { + owner = "mozilla"; + repo = "cipherscan"; + rev = "74dd82e8ad994a140daf79489d3bd1c5ad928d38"; + sha256 = "16azhlmairnvdz7xmwgvfpn2pzw1p8z7c9b27m07fngqjkpx0mhh"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ python ]; + + buildPhase = '' + substituteInPlace cipherscan --replace '$0' 'cipherscan' + ''; + + installPhase = '' + mkdir -p $out/bin + + cp cipherscan $out/bin + cp openssl.cnf $out/bin + cp analyze.py $out/bin/cipherscan-analyze + + wrapProgram $out/bin/cipherscan \ + --set NOAUTODETECT 1 \ + --set TIMEOUTBIN "${coreutils}/bin/timeout" \ + --set OPENSSLBIN "${openssl}/bin/openssl" + ''; + + meta = with lib; { + inherit (src.meta) homepage; + description = "Very simple way to find out which SSL ciphersuites are supported by a target"; + license = licenses.mpl20; + platforms = platforms.all; + maintainers = with maintainers; [ cstrahan fpletz ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/clamav/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/clamav/default.nix new file mode 100644 index 000000000000..3c09951f24f8 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/clamav/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchurl, pkgconfig +, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2 +, libmspack, systemd, Foundation +}: + +stdenv.mkDerivation rec { + pname = "clamav"; + version = "0.103.0"; + + src = fetchurl { + url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; + sha256 = "0ih5x1rscg2m64y0z20njj7435q8k7ss575cfw7aipdzfx979a9j"; + }; + + # don't install sample config files into the absolute sysconfdir folder + postPatch = '' + substituteInPlace Makefile.in --replace ' etc ' ' ' + ''; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack + ] ++ stdenv.lib.optional stdenv.isLinux systemd + ++ stdenv.lib.optional stdenv.isDarwin Foundation; + + configureFlags = [ + "--libdir=$(out)/lib" + "--sysconfdir=/etc/clamav" + "--disable-llvm" # enabling breaks the build at the moment + "--with-zlib=${zlib.dev}" + "--with-xml=${libxml2.dev}" + "--with-openssl=${openssl.dev}" + "--with-libcurl=${curl.dev}" + "--with-system-libmspack" + "--enable-milter" + ] ++ stdenv.lib.optional stdenv.isLinux + "--with-systemdsystemunitdir=$(out)/lib/systemd"; + + postInstall = '' + mkdir $out/etc + cp etc/*.sample $out/etc + ''; + + meta = with stdenv.lib; { + homepage = "https://www.clamav.net"; + description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats"; + license = licenses.gpl2; + maintainers = with maintainers; [ phreedom robberer qknight fpletz globin ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/clevis/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/clevis/default.nix new file mode 100644 index 000000000000..0b8f50c11901 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/clevis/default.nix @@ -0,0 +1,27 @@ +{ lib, stdenv, fetchFromGitHub, meson, ninja, pkgconfig, asciidoc +, jansson, jose, cryptsetup, curl, libpwquality, luksmeta +}: + +stdenv.mkDerivation rec { + pname = "clevis"; + version = "15"; + + src = fetchFromGitHub { + owner = "latchset"; + repo = pname; + rev = "v${version}"; + sha256 = "0wfgd2v1r47ckh5qp60b903191fx0fa27zyadxlsb8riqszhmwvz"; + }; + + nativeBuildInputs = [ meson ninja pkgconfig asciidoc ]; + buildInputs = [ jansson jose cryptsetup curl libpwquality luksmeta ]; + + outputs = [ "out" "man" ]; + + meta = { + description = "Automated Encryption Framework"; + homepage = "https://github.com/latchset/clevis"; + maintainers = with lib.maintainers; [ fpletz ]; + license = lib.licenses.gpl3Plus; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/cowpatty/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/cowpatty/default.nix new file mode 100644 index 000000000000..7d58de8553b3 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/cowpatty/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl, openssl, libpcap +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + pname = "cowpatty"; + version = "4.6"; + + buildInputs = [ openssl libpcap ]; + + src = fetchurl { + url = "http://www.willhackforsushi.com/code/cowpatty/${version}/${pname}-${version}.tgz"; + sha256 = "1hivh3bq2maxvqzwfw06fr7h8bbpvxzah6mpibh3wb85wl9w2gyd"; + }; + + installPhase = "make DESTDIR=$out BINDIR=/bin install"; + + meta = { + description = "Offline dictionary attack against WPA/WPA2 networks"; + license = licenses.gpl2; + homepage = "https://www.willhackforsushi.com/?page_id=50"; + maintainers = with maintainers; [ nico202 ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/crackxls/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/crackxls/default.nix new file mode 100644 index 000000000000..aff6bbd028ad --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/crackxls/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub, pkgconfig, autoconf, automake, openssl, libgsf, gmp }: + +stdenv.mkDerivation rec { + + pname = "crackxls"; + version = "0.4"; + + src = fetchFromGitHub { + owner = "GavinSmith0123"; + repo = "crackxls2003"; + rev = "v${version}"; + sha256 = "0q5jl7hcds3f0rhly3iy4fhhbyh9cdrfaw7zdrazzf1wswwhyssz"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ autoconf automake openssl libgsf gmp ]; + + installPhase = + '' + mkdir -p $out/bin + cp crackxls2003 $out/bin/ + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/GavinSmith0123/crackxls2003/"; + description = "Used to break the encryption on old Microsoft Excel and Microsoft Word files"; + platforms = platforms.linux; + license = licenses.gpl3; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/creddump/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/creddump/default.nix new file mode 100644 index 000000000000..ffa2fd2311c1 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/creddump/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchFromGitLab, python2, python2Packages }: + +python2Packages.buildPythonApplication rec { + pname = "creddump"; + version = "0.3"; + + src = fetchFromGitLab { + owner = "kalilinux"; + repo = "packages/creddump"; + rev = "debian/${version}-1kali2"; + sha256 = "0r3rs2hggsvv619l3fh3c0jli6d3ryyj30ni3hz0nz670z5smzcf"; + }; + + # No setup.py is available + dontBuild = true; + doCheck = false; + propagatedBuildInputs = [ python2Packages.pycrypto ]; + + installPhase = '' + mkdir -p ${placeholder "out"}/bin + cp -r framework ${placeholder "out"}/bin/framework + cp pwdump.py ${placeholder "out"}/bin/pwdump + cp cachedump.py ${placeholder "out"}/bin/cachedump + cp lsadump.py ${placeholder "out"}/bin/lsadump + ''; + + meta = with stdenv.lib; { + description = "Python tool to extract various credentials and secrets from Windows registry hives"; + homepage = "https://gitlab.com/kalilinux/packages/creddump"; + license = licenses.gpl3; + platforms = platforms.unix; + maintainers = [ maintainers.fishi0x01 ]; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/crowbar/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/crowbar/default.nix new file mode 100644 index 000000000000..cd4e7db87186 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/crowbar/default.nix @@ -0,0 +1,42 @@ +{ fetchFromGitHub +, freerdp +, nmap +, openvpn +, python3Packages +, stdenv +, tigervnc +}: + +python3Packages.buildPythonApplication rec { + pname = "crowbar"; + version = "unstable-2020-04-23"; + + src = fetchFromGitHub { + owner = "galkan"; + repo = pname; + rev = "500d633ff5ddfcbc70eb6d0b4d2181e5b8d3c535"; + sha256 = "05m9vywr9976pc7il0ak8nl26mklzxlcqx0p8rlfyx1q766myqzf"; + }; + + propagatedBuildInputs = [ python3Packages.paramiko ]; + + patchPhase = '' + sed -i 's,/usr/bin/xfreerdp,${freerdp}/bin/xfreerdp,g' lib/main.py + sed -i 's,/usr/bin/vncviewer,${tigervnc}/bin/vncviewer,g' lib/main.py + sed -i 's,/usr/sbin/openvpn,${openvpn}/bin/openvpn,g' lib/main.py + + sed -i 's,/usr/bin/nmap,${nmap}/bin/nmap,g' lib/nmap.py + ''; + + # Sanity check + checkPhase = '' + $out/bin/crowbar --help > /dev/null + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/galkan/crowbar"; + description = "A brute forcing tool that can be used during penetration tests"; + license = licenses.mit; + maintainers = with maintainers; [ pamplemousse ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/crunch/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/crunch/default.nix new file mode 100644 index 000000000000..b53ead1c8527 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/crunch/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, which }: + +stdenv.mkDerivation rec { + pname = "crunch"; + version = "3.6"; + + src = fetchurl { + url = "mirror://sourceforge/crunch-wordlist/${pname}-${version}.tgz"; + sha256 = "0mgy6ghjvzr26yrhj1bn73qzw6v9qsniskc5wqq1kk0hfhy6r3va"; + }; + + buildInputs = [ which ]; + + preBuild = '' + substituteInPlace Makefile \ + --replace '-g root -o root' "" \ + --replace '-g wheel -o root' "" \ + --replace 'sudo ' "" + ''; + + makeFlags = [ "PREFIX=$(out)" ]; + + meta = with stdenv.lib; { + description = "Wordlist generator"; + homepage = "https://sourceforge.net/projects/crunch-wordlist/"; + platforms = platforms.unix; + maintainers = with maintainers; [ lethalman lnl7 ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ctmg/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ctmg/default.nix new file mode 100644 index 000000000000..a30523c3bbc1 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ctmg/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchzip }: + +stdenv.mkDerivation rec { + pname = "ctmg"; + version = "1.2"; + + src = fetchzip { + url = "https://git.zx2c4.com/ctmg/snapshot/ctmg-${version}.tar.xz"; + sha256 = "1i4v8sriwjrmj3yizbl1ysckb711yl9qsn9x45jq0ij1apsydhyc"; + }; + + installPhase = "install -D ctmg.sh $out/bin/ctmg"; + + meta = with stdenv.lib; { + description = "An encrypted container manager for Linux using cryptsetup"; + homepage = "https://git.zx2c4.com/ctmg/about/"; + license = licenses.isc; + maintainers = with maintainers; [ mrVanDalo ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/dirmngr/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/dirmngr/default.nix new file mode 100644 index 000000000000..ee97bda19064 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/dirmngr/default.nix @@ -0,0 +1,17 @@ +{ stdenv, fetchurl, libgpgerror, libgcrypt, libassuan, libksba, pth, openldap +, libiconv}: + +stdenv.mkDerivation rec { + name = "dirmngr-1.1.1"; + src = fetchurl { + url = "mirror://gnupg/dirmngr/${name}.tar.bz2"; + sha256 = "1zz6m87ca55nq5f59hzm6qs48d37h93il881y7d0rf2d6660na6j"; + }; + buildInputs = [ libgpgerror libgcrypt libassuan libksba + pth openldap libiconv ]; + + meta = { + platforms = stdenv.lib.platforms.unix; + license = stdenv.lib.licenses.gpl2Plus; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/dnsenum/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/dnsenum/default.nix new file mode 100644 index 000000000000..3374c827d756 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/dnsenum/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, makeWrapper, perl, perlPackages }: + +stdenv.mkDerivation rec { + pname = "dnsenum"; + version = "1.2.4.2"; + + src = fetchFromGitHub { + owner = "fwaeytens"; + repo = pname; + rev = version; + sha256 = "1bg1ljv6klic13wq4r53bg6inhc74kqwm3w210865b1v1n8wj60v"; + }; + + propagatedBuildInputs = with perlPackages; [ + perl NetDNS NetIP NetNetmask StringRandom XMLWriter NetWhoisIP WWWMechanize + ]; + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + install -vD dnsenum.pl $out/bin/dnsenum + install -vD dns.txt -t $out/share + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/fwaeytens/dnsenum"; + description = "A tool to enumerate DNS information"; + maintainers = with maintainers; [ c0bw3b ]; + license = licenses.gpl2Plus; + platforms = platforms.all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/dnsrecon/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/dnsrecon/default.nix new file mode 100644 index 000000000000..2575636aeca2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/dnsrecon/default.nix @@ -0,0 +1,44 @@ +{ stdenv, fetchFromGitHub, python3 }: + +python3.pkgs.buildPythonApplication rec { + pname = "dnsrecon"; + version = "0.9.1"; + + src = fetchFromGitHub { + owner = "darkoperator"; + repo = pname; + rev = version; + sha256 = "1ysf8wx287psfk89r0i2vgnrjvxdj44s6nhf6sva59jbwvr9lghy"; + }; + + format = "other"; + + pythonPath = with python3.pkgs; [ + dns netaddr lxml + ]; + + postPatch = '' + substituteInPlace dnsrecon.py \ + --replace "namelist.txt" "../share/namelist.txt" \ + --replace "0.9.0" "${version}" + ''; + + installPhase = '' + runHook preInstall + + install -vD dnsrecon.py $out/bin/dnsrecon + install -vD namelist.txt subdomains-*.txt -t $out/share + install -vd $out/${python3.sitePackages}/ + cp -R lib tools msf_plugin $out/${python3.sitePackages} + + runHook postInstall + ''; + + meta = with stdenv.lib; { + description = "DNS Enumeration Script"; + homepage = "https://github.com/darkoperator/dnsrecon"; + license = licenses.gpl2; + platforms = platforms.all; + maintainers = with maintainers; [ c0bw3b ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch new file mode 100644 index 000000000000..d1a1997ba1f6 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch @@ -0,0 +1,24 @@ +From 9218347b8f833ab05d016dfba5617dcdeb59eb7b Mon Sep 17 00:00:00 2001 +From: Cole Helbling <cole.e.helbling@outlook.com> +Date: Wed, 27 May 2020 08:02:57 -0700 +Subject: [PATCH] add NixOS-specific dirs to safe PATH + +--- + doas.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/doas.c b/doas.c +index e253905..2fdb20f 100644 +--- a/doas.c ++++ b/doas.c +@@ -234,6 +234,7 @@ int + main(int argc, char **argv) + { + const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:" ++ "/run/current-system/sw/bin:/run/current-system/sw/sbin:/run/wrappers/bin:" + "/usr/local/bin:/usr/local/sbin"; + const char *confpath = NULL; + char *shargv[] = { NULL, NULL }; +-- +2.26.2 + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/doas/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/doas/default.nix new file mode 100644 index 000000000000..6867256ea90c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/doas/default.nix @@ -0,0 +1,50 @@ +{ stdenv +, lib +, fetchFromGitHub +, bison +, pam + +, withPAM ? true +, withTimestamp ? true +}: + +stdenv.mkDerivation rec { + pname = "doas"; + version = "6.8"; + + src = fetchFromGitHub { + owner = "Duncaen"; + repo = "OpenDoas"; + rev = "v${version}"; + sha256 = "1dlwnvy8r6slxcy260gfkximp1ms510wdslpfq9y6xvd2qi5izcb"; + }; + + # otherwise confuses ./configure + dontDisableStatic = true; + + configureFlags = [ + (lib.optionalString withTimestamp "--with-timestamp") # to allow the "persist" setting + (lib.optionalString (!withPAM) "--without-pam") + "--pamdir=${placeholder "out"}/etc/pam.d" + ]; + + patches = [ + # Allow doas to discover binaries in /run/current-system/sw/{s,}bin and + # /run/wrappers/bin + ./0001-add-NixOS-specific-dirs-to-safe-PATH.patch + ]; + + postPatch = '' + sed -i '/\(chown\|chmod\)/d' GNUmakefile + ''; + + buildInputs = [ bison pam ]; + + meta = with lib; { + description = "Executes the given command as another user"; + homepage = "https://github.com/Duncaen/OpenDoas"; + license = licenses.isc; + platforms = platforms.linux; + maintainers = with maintainers; [ cole-h cstrahan ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/doona/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/doona/default.nix new file mode 100644 index 000000000000..5e1233f308c3 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/doona/default.nix @@ -0,0 +1,36 @@ +{ fetchFromGitHub +, stdenv +, perl +}: + +stdenv.mkDerivation rec { + pname = "doona"; + version = "unstable-2019-03-08"; + + src = fetchFromGitHub { + owner = "wireghoul"; + repo = pname; + rev = "master"; + sha256 = "0x9irwrw5x2ia6ch6gshadrlqrgdi1ivkadmr7j4m75k04a7nvz1"; + }; + + buildInputs = [ perl ]; + + installPhase = '' + mkdir -p $out/bin + cp -r ${src}/bedmod $out/bin/bedmod + cp ${src}/doona.pl $out/bin/doona + chmod +x $out/bin/doona + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/wireghoul/doona"; + description = "A fork of the Bruteforce Exploit Detector Tool (BED)"; + longDescription = '' + A fork of the Bruteforce Exploit Detector Tool (BED). + BED is a program which is designed to check daemons for potential buffer overflows, format string bugs etc. + ''; + license = licenses.gpl2; + maintainers = with maintainers; [ pamplemousse ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/doppler/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/doppler/default.nix new file mode 100644 index 000000000000..0822828eb90b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/doppler/default.nix @@ -0,0 +1,28 @@ +{ buildGoModule, fetchFromGitHub, lib }: + +buildGoModule rec { + pname = "doppler"; + version = "3.19.0"; + + src = fetchFromGitHub { + owner = "dopplerhq"; + repo = "cli"; + rev = version; + sha256 = "049x8y7zjvpd1gvkrld69dffnf4pawjwm7by71r6z408hwvfqjpa"; + }; + + vendorSha256 = "1s8zwjfk9kcddn8cywr7llh9v5m140kvmi5lmy2glvwh3rwccgxf"; + + buildFlagsArray = "-ldflags=-X github.com/DopplerHQ/cli/pkg/version.ProgramVersion=v${version}"; + + postInstall = '' + mv $out/bin/cli $out/bin/doppler + ''; + + meta = with lib; { + homepage = "https://doppler.com"; + description = "The official CLI for interacting with your Doppler Enclave secrets and configuation"; + license = licenses.asl20; + maintainers = with maintainers; [ lucperkins ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/duo-unix/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/duo-unix/default.nix new file mode 100644 index 000000000000..2c3a7a441afd --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/duo-unix/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl, pam, openssl, zlib }: + +stdenv.mkDerivation rec { + pname = "duo-unix"; + version = "1.11.4"; + + src = fetchurl { + url = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz"; + sha256 = "1hqklf6jzrxn5hgh69bbl6962hwwgf06dlrb0ry7n5iy8w8imnsg"; + }; + + buildInputs = [ pam openssl zlib ]; + configureFlags = + [ "--with-pam=$(out)/lib/security" + "--prefix=$(out)" + "--sysconfdir=$(out)/etc/duo" + "--with-openssl=${openssl.dev}" + "--enable-lib64=no" + ]; + + meta = { + description = "Duo Security Unix login integration"; + homepage = "https://duosecurity.com"; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ecdsatool/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ecdsatool/default.nix new file mode 100644 index 000000000000..b1a86fe7e64a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ecdsatool/default.nix @@ -0,0 +1,28 @@ +{ stdenv, pkgs }: + +stdenv.mkDerivation { + version = "0.0.1"; + pname = "ecdsatool"; + + src = pkgs.fetchFromGitHub { + owner = "kaniini"; + repo = "ecdsatool"; + rev = "7c0b2c51e2e64d1986ab1dc2c57c2d895cc00ed1"; + sha256 = "08z9309znkhrjpwqd4ygvm7cd1ha1qbrnlzw64fr8704jrmx762k"; + }; + + configurePhase = '' + ./autogen.sh + ./configure --prefix=$out + ''; + + nativeBuildInputs = with pkgs; [openssl autoconf automake]; + buildInputs = with pkgs; [libuecc]; + + meta = with stdenv.lib; { + description = "Create and manipulate ECC NISTP256 keypairs"; + homepage = "https://github.com/kaniini/ecdsatool/"; + license = with licenses; [free]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ecdsautils/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ecdsautils/default.nix new file mode 100644 index 000000000000..f5ead317f4ec --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ecdsautils/default.nix @@ -0,0 +1,24 @@ +{ stdenv, pkgs }: + +stdenv.mkDerivation { + version = "0.4.0"; + pname = "ecdsautils"; + + src = pkgs.fetchFromGitHub { + owner = "freifunk-gluon"; + repo = "ecdsautils"; + rev = "07538893fb6c2a9539678c45f9dbbf1e4f222b46"; + sha256 = "18sr8x3qiw8s9l5pfi7r9i3ayplz4jqdml75ga9y933vj7vs0k4d"; + }; + + nativeBuildInputs = with pkgs; [ cmake pkgconfig doxygen ]; + buildInputs = with pkgs; [ libuecc ]; + + meta = with stdenv.lib; { + description = "Tiny collection of programs used for ECDSA (keygen, sign, verify)"; + homepage = "https://github.com/tcatm/ecdsautils/"; + license = with licenses; [ mit bsd2 ]; + maintainers = with maintainers; [ andir ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ecryptfs/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ecryptfs/default.nix new file mode 100644 index 000000000000..1a8329885ba2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ecryptfs/default.nix @@ -0,0 +1,67 @@ +{ stdenv, fetchurl, pkgconfig, perl, util-linux, keyutils, nss, nspr, python2, pam, enablePython ? false +, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }: + +stdenv.mkDerivation rec { + pname = "ecryptfs"; + version = "111"; + + src = fetchurl { + url = "https://launchpad.net/ecryptfs/trunk/${version}/+download/ecryptfs-utils_${version}.orig.tar.gz"; + sha256 = "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i"; + }; + + # TODO: replace wrapperDir below with from <nixos> config.security.wrapperDir; + wrapperDir = "/run/wrappers/bin"; + + postPatch = '' + FILES="$(grep -r '/bin/sh' src/utils -l; find src -name \*.c)" + for file in $FILES; do + substituteInPlace "$file" \ + --replace /bin/mount ${util-linux}/bin/mount \ + --replace /bin/umount ${util-linux}/bin/umount \ + --replace /sbin/mount.ecryptfs_private ${wrapperDir}/mount.ecryptfs_private \ + --replace /sbin/umount.ecryptfs_private ${wrapperDir}/umount.ecryptfs_private \ + --replace /sbin/mount.ecryptfs $out/sbin/mount.ecryptfs \ + --replace /sbin/umount.ecryptfs $out/sbin/umount.ecryptfs \ + --replace /usr/bin/ecryptfs-rewrite-file $out/bin/ecryptfs-rewrite-file \ + --replace /usr/bin/ecryptfs-mount-private $out/bin/ecryptfs-mount-private \ + --replace /usr/bin/ecryptfs-setup-private $out/bin/ecryptfs-setup-private \ + --replace /sbin/cryptsetup ${cryptsetup}/sbin/cryptsetup \ + --replace /sbin/dmsetup ${lvm2}/sbin/dmsetup \ + --replace /sbin/unix_chkpwd ${wrapperDir}/unix_chkpwd \ + --replace /bin/bash ${bash}/bin/bash + done + ''; + + configureFlags = stdenv.lib.optionals (!enablePython) [ "--disable-pywrap" ]; + + nativeBuildInputs = [ pkgconfig ] + # if python2 support is requested, it is needed at builtime as well as runtime. + ++ stdenv.lib.optionals (enablePython) [ python2 ] + ; + buildInputs = [ perl nss nspr pam intltool makeWrapper ] + ++ stdenv.lib.optionals (enablePython) [ python2 ] + ; + propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ]; + + postInstall = '' + FILES="$(grep -r '/bin/sh' $out/bin -l)" + for file in $FILES; do + wrapProgram $file \ + --prefix PATH ":" "${coreutils}/bin" \ + --prefix PATH ":" "${gettext}/bin" \ + --prefix PATH ":" "${rsync}/bin" \ + --prefix PATH ":" "${keyutils}/bin" \ + --prefix PATH ":" "${which}/bin" \ + --prefix PATH ":" "${lsof}/bin" \ + --prefix PATH ":" "$out/bin" + done + ''; + + meta = with stdenv.lib; { + description = "Enterprise-class stacked cryptographic filesystem"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ obadz ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix new file mode 100644 index 000000000000..fcb8d091d933 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix @@ -0,0 +1,34 @@ +{ stdenv +, fetchurl +, makeWrapper +, python2 +}: + +stdenv.mkDerivation { + pname = "ecryptfs-helper"; + version = "20160722"; + + src = fetchurl { + url = "https://gist.githubusercontent.com/obadz/ec053fdb00dcb48441d8313169874e30/raw/4b657a4b7c3dc684e4d5e3ffaf46ced1b7675163/ecryptfs-helper.py"; + sha256 = "0gp4m22zc80814ng80s38hp930aa8r4zqihr7jr23m0m2iq4pdpg"; + }; + + phases = [ "installPhase" ]; + + buildInputs = [ makeWrapper ]; + + # Do not hardcode PATH to ${ecryptfs} as we need the script to invoke executables from /run/wrappers/bin + installPhase = '' + mkdir -p $out/bin $out/libexec + cp $src $out/libexec/ecryptfs-helper.py + makeWrapper "${python2.interpreter}" "$out/bin/ecryptfs-helper" --add-flags "$out/libexec/ecryptfs-helper.py" + ''; + + meta = with stdenv.lib; { + description = "Helper script to create/mount/unemount encrypted directories using eCryptfs without needing root permissions"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ obadz ]; + platforms = platforms.linux; + hydraPlatforms = []; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/efitools/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/efitools/default.nix new file mode 100644 index 000000000000..33b6c3b672da --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/efitools/default.nix @@ -0,0 +1,40 @@ +{ stdenv, gnu-efi, openssl, sbsigntool, perl, perlPackages, +help2man, fetchgit }: +stdenv.mkDerivation rec { + pname = "efitools"; + version = "1.9.2"; + + buildInputs = [ + gnu-efi + openssl + sbsigntool + ]; + + nativeBuildInputs = [ + perl + perlPackages.FileSlurp + help2man + ]; + + src = fetchgit { + url = "git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git"; + rev = "v${version}"; + sha256 = "0jabgl2pxvfl780yvghq131ylpf82k7banjz0ksjhlm66ik8gb1i"; + }; + + postPatch = '' + sed -i -e 's#/usr/include/efi#${gnu-efi}/include/efi/#g' Make.rules + sed -i -e 's#/usr/lib64/gnuefi#${gnu-efi}/lib/#g' Make.rules + sed -i -e 's#$(DESTDIR)/usr#$(out)#g' Make.rules + substituteInPlace lib/console.c --replace "EFI_WARN_UNKOWN_GLYPH" "EFI_WARN_UNKNOWN_GLYPH" + patchShebangs . + ''; + + meta = with stdenv.lib; { + description = "Tools for manipulating UEFI secure boot platforms"; + homepage = "https://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git"; + license = licenses.gpl2; + maintainers = [ maintainers.grahamc ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/eid-mw/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/eid-mw/default.nix new file mode 100644 index 000000000000..a55c1d8db661 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/eid-mw/default.nix @@ -0,0 +1,88 @@ +{ stdenv, fetchFromGitHub +, autoreconfHook, pkgconfig +, gtk3, nssTools, pcsclite +, libxml2, libproxy +, openssl, curl +, makeWrapper +, substituteAll }: + +stdenv.mkDerivation rec { + pname = "eid-mw"; + version = "4.4.27"; + + src = fetchFromGitHub { + rev = "v${version}"; + sha256 = "17lw8iwp7h5cs3db80sysr84ffi333cf2vrhncs9l6hy6glfl2v1"; + repo = "eid-mw"; + owner = "Fedict"; + }; + + nativeBuildInputs = [ autoreconfHook pkgconfig makeWrapper ]; + buildInputs = [ gtk3 pcsclite libxml2 libproxy curl openssl ]; + preConfigure = '' + mkdir openssl + ln -s ${openssl.out}/lib openssl + ln -s ${openssl.bin}/bin openssl + ln -s ${openssl.dev}/include openssl + export SSL_PREFIX=$(realpath openssl) + substituteInPlace plugins_tools/eid-viewer/Makefile.in \ + --replace "c_rehash" "openssl rehash" + ''; + + postPatch = '' + sed 's@m4_esyscmd_s(.*,@[${version}],@' -i configure.ac + ''; + + configureFlags = [ "--enable-dialogs=yes" ]; + + postInstall = + let + eid-nssdb-in = substituteAll { + inherit (stdenv) shell; + isExecutable = true; + src = ./eid-nssdb.in; + }; + in + '' + install -D ${eid-nssdb-in} $out/bin/eid-nssdb + substituteInPlace $out/bin/eid-nssdb \ + --replace "modutil" "${nssTools}/bin/modutil" + + rm $out/bin/about-eid-mw + wrapProgram $out/bin/eid-viewer --prefix XDG_DATA_DIRS : "$out/share/gsettings-schemas/$name" + ''; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with stdenv.lib; { + description = "Belgian electronic identity card (eID) middleware"; + homepage = "https://eid.belgium.be/en/using_your_eid/installing_the_eid_software/linux/"; + license = licenses.lgpl3; + longDescription = '' + Allows user authentication and digital signatures with Belgian ID cards. + Also requires a running pcscd service and compatible card reader. + + eid-viewer is also installed. + + This package only installs the libraries. To use eIDs in Firefox or + Chromium, the eID Belgium add-on must be installed. + This package only installs the libraries. To use eIDs in NSS-compatible + browsers like Chrom{e,ium} or Firefox, each user must first execute: + ~$ eid-nssdb add + (Running the script once as root with the --system option enables eID + support for all users, but will *not* work when using Chrom{e,ium}!) + Before uninstalling this package, it is a very good idea to run + ~$ eid-nssdb [--system] remove + and remove all ~/.pki and/or /etc/pki directories no longer needed. + + The above procedure doesn't seem to work in Firefox. You can override the + firefox wrapper to add this derivation to the PKCS#11 modules, like so: + + firefox.override { pkcs11Modules = [ pkgs.eid-mw ]; } + ''; + platforms = platforms.linux; + maintainers = with maintainers; [ bfortz ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in b/infra/libkookie/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in new file mode 100644 index 000000000000..636b4c1ee118 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in @@ -0,0 +1,83 @@ +#!@shell@ + +rootdb="/etc/pki/nssdb" +userdb="$HOME/.pki/nssdb" +dbentry="Belgium eID" +libfile="/run/current-system/sw/lib/libbeidpkcs11.so" + +dbdir="$userdb" + +while true; do + case "$1" in + --help|"") cat << EOF +(Un)register $dbentry with NSS-compatible browsers. + +Usage: `basename "$0"` [OPTION] ACTION [LIBRARY] + +Options: + --db PATH use custom NSS database directory PATH + --user use user NSS database $userdb (default) + --system use global NSS database $rootdb + --help show this message + +Actions: + add add $dbentry to NSS database + remove remove $dbentry from NSS database + show show $dbentry NSS database entry + +Default arguments if unspecified: + LIBRARY $libfile +EOF + exit ;; + --db) dbdir="$2" + shift 2 ;; + --user) dbdir="$userdb" + shift ;; + --system) + dbdir="$rootdb" + shift ;; + -*) echo "$0: unknown option: '$1'" >&2 + echo "Try --help for usage information." + exit 1 ;; + *) break ;; + esac +done + +if [ "$2" ]; then + libfile="$2" + if ! [ -f "$libfile" ]; then + echo "$0: error: '$libfile' not found" >&2 + exit 1 + fi +fi + +mkdir -p "$dbdir" +if ! [ -d "$dbdir" ]; then + echo "$0: error: '$dbdir' must be a writable directory" >&2 + exit 1 +fi + +dbdir="sql:$dbdir" + +echo "NSS database: $dbdir" +echo "BEID library: $libfile" + +case "$1" in +add) echo "Adding $dbentry to database:" + modutil -dbdir "$dbdir" -add "$dbentry" -libfile "$libfile" || + echo "Tip: try removing the module before adding it again." ;; +remove) echo "Removing $dbentry from database:" + modutil -dbdir "$dbdir" -delete "$dbentry" ;; +show) echo "Displaying $dbentry database entry, if any:" + echo "Note: this may fail if you don't have the correct permissions." ;; +'') exec "$0" --help ;; +*) echo "$0: unknown action: '$1'" >&2 + echo "Try --help for usage information." + exit 1 ;; +esac + +ret=$? + +modutil -dbdir "$dbdir" -list "$dbentry" 2>/dev/null + +exit $ret diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/enchive/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/enchive/default.nix new file mode 100644 index 000000000000..3c7d3144d3b2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/enchive/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "enchive"; + version = "3.5"; + src = fetchFromGitHub { + owner = "skeeto"; + repo = "enchive"; + rev = version; + sha256 = "0fdrfc5l42lj2bvmv9dmkmhmm7qiszwk7cmdvnqad3fs7652g0qa"; + }; + + makeFlags = ["PREFIX=$(out)"]; + + postInstall = '' + mkdir -p $out/share/emacs/site-lisp/ + cp -v "$src/enchive-mode.el" "$out/share/emacs/site-lisp/" + ''; + + meta = { + description = "Encrypted personal archives"; + homepage = "https://github.com/skeeto/enchive"; + license = stdenv.lib.licenses.unlicense; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.nico202 ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/encryptr/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/encryptr/default.nix new file mode 100644 index 000000000000..62311a41da37 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/encryptr/default.nix @@ -0,0 +1,57 @@ +{ stdenv, lib, fetchurl, glib, nss, nspr, gconf, fontconfig, freetype +, pango , cairo, libX11 , libXi, libXcursor, libXext, libXfixes +, libXrender, libXcomposite , alsaLib, libXdamage, libXtst, libXrandr +, expat, libcap, systemd , dbus, gtk2 , gdk-pixbuf, libnotify +}: + +let + arch = if stdenv.hostPlatform.system == "x86_64-linux" then "amd" + else if stdenv.hostPlatform.system == "i686-linux" then "i386" + else throw "Encryptr for ${stdenv.hostPlatform.system} not supported!"; + + sha256 = if stdenv.hostPlatform.system == "x86_64-linux" then "1j3g467g7ar86hpnh6q9mf7mh2h4ia94mwhk1283zh739s2g53q2" + else if stdenv.hostPlatform.system == "i686-linux" then "02j9hg9b1jlv25q1sjfhv8d46mii33f94dj0ccn83z9z18q4y2cm" + else throw "Encryptr for ${stdenv.hostPlatform.system} not supported!"; + +in stdenv.mkDerivation rec { + pname = "encryptr"; + version = "2.0.0"; + + src = fetchurl { + url = "https://spideroak.com/dist/encryptr/signed/linux/targz/encryptr-${version}_${arch}.tar.gz"; + inherit sha256; + }; + + dontBuild = true; + + rpath = stdenv.lib.makeLibraryPath [ + glib nss nspr gconf fontconfig freetype pango cairo libX11 libXi + libXcursor libXext libXfixes libXrender libXcomposite alsaLib + libXdamage libXtst libXrandr expat libcap dbus gtk2 gdk-pixbuf + libnotify stdenv.cc.cc + ]; + + installPhase = '' + mkdir -pv $out/bin $out/lib + cp -v {encryptr-bin,icudtl.dat,nw.pak} $out/bin + mv -v $out/bin/encryptr{-bin,} + cp -v lib* $out/lib + ln -sv ${lib.getLib systemd}/lib/libudev.so.1 $out/lib/libudev.so.0 + + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + --set-rpath $out/lib:${rpath} \ + $out/bin/encryptr + ''; + + # If stripping, node-webkit does not find + # its application and shows a generic page + dontStrip = true; + + meta = with stdenv.lib; { + homepage = "https://spideroak.com/solutions/encryptr"; + description = "Free, private and secure password management tool and e-wallet"; + license = licenses.unfree; + maintainers = with maintainers; [ guillaumekoenig ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/enpass/data.json b/infra/libkookie/nixpkgs/pkgs/tools/security/enpass/data.json new file mode 100644 index 000000000000..a4a3b919e648 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/enpass/data.json @@ -0,0 +1,12 @@ +{ + "amd64": { + "path": "pool/main/e/enpass/enpass_6.0.1.239_amd64.deb", + "sha256": "408a2bb318564307607f13b52fec7667f425c01ac40cbe345ebfa191ab1479ba", + "version": "6.0.1.239" + }, + "i386": { + "path": "pool/main/e/enpass/enpass_5.6.9_i386.deb", + "sha256": "3f699ac3e2ecfd4afee1505d8d364d4f6b6b94c55ba989d0a80bd678ff66cb2c", + "version": "5.6.9" + } +}
\ No newline at end of file diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/enpass/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/enpass/default.nix new file mode 100644 index 000000000000..370282d02d06 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/enpass/default.nix @@ -0,0 +1,94 @@ +{ stdenv, fetchurl, dpkg, xorg +, glib, libGLU, libGL, libpulseaudio, zlib, dbus, fontconfig, freetype +, gtk3, pango +, makeWrapper , python2Packages, lib +, lsof, curl, libuuid, cups, mesa +}: + +let + all_data = builtins.fromJSON (builtins.readFile ./data.json); + system_map = { + # i686-linux = "i386"; Uncomment if enpass 6 becomes available on i386 + x86_64-linux = "amd64"; + }; + + data = all_data.${system_map.${stdenv.hostPlatform.system} or (throw "Unsupported platform")}; + + baseUrl = "http://repo.sinew.in"; + + # used of both wrappers and libpath + libPath = lib.makeLibraryPath (with xorg; [ + mesa.drivers + libGLU libGL + fontconfig + freetype + libpulseaudio + zlib + dbus + libX11 + libXi + libSM + libICE + libXrender + libXScrnSaver + libxcb + glib + gtk3 + pango + curl + libuuid + cups + ]); + package = stdenv.mkDerivation { + + inherit (data) version; + pname = "enpass"; + + src = fetchurl { + inherit (data) sha256; + url = "${baseUrl}/${data.path}"; + }; + + meta = { + description = "a well known password manager"; + homepage = "https://www.enpass.io/"; + license = lib.licenses.unfree; + platforms = [ "x86_64-linux" "i686-linux"]; + }; + + buildInputs = [makeWrapper dpkg]; + phases = [ "unpackPhase" "installPhase" ]; + + unpackPhase = "dpkg -X $src ."; + installPhase='' + mkdir -p $out/bin + cp -r opt/enpass/* $out/bin + cp -r usr/* $out + + sed \ + -i s@/opt/enpass/Enpass@$out/bin/Enpass@ \ + $out/share/applications/enpass.desktop + + for i in $out/bin/{Enpass,importer_enpass}; do + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) $i + done + + # lsof must be in PATH for proper operation + wrapProgram $out/bin/Enpass \ + --set LD_LIBRARY_PATH "${libPath}" \ + --prefix PATH : ${lsof}/bin + ''; + }; + updater = { + update = stdenv.mkDerivation { + name = "enpass-update-script"; + SCRIPT =./update_script.py; + + buildInputs = with python2Packages; [python requests pathlib2 six attrs ]; + shellHook = '' + exec python $SCRIPT --target pkgs/tools/security/enpass/data.json --repo ${baseUrl} + ''; + + }; + }; +in (package // {refresh = updater;}) diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/enpass/update_script.py b/infra/libkookie/nixpkgs/pkgs/tools/security/enpass/update_script.py new file mode 100644 index 000000000000..f8ec715cb5e4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/enpass/update_script.py @@ -0,0 +1,95 @@ +from __future__ import print_function + + +import argparse +import bz2 +import email +import json +import logging + +from itertools import product +from operator import itemgetter + +import attr +import pkg_resources + +from pathlib2 import Path +from requests import Session +from six.moves.urllib_parse import urljoin + + +@attr.s +class ReleaseElement(object): + sha256 = attr.ib(repr=False) + size = attr.ib(convert=int) + path = attr.ib() + +log = logging.getLogger('enpass.updater') + + +parser = argparse.ArgumentParser() +parser.add_argument('--repo') +parser.add_argument('--target', type=Path) + + +session = Session() + + +def parse_bz2_msg(msg): + msg = bz2.decompress(msg) + if '\n\n' in msg: + parts = msg.split('\n\n') + return list(map(email.message_from_string, parts)) + return email.message_from_string(msg) + + +def fetch_meta(repo, name, parse=email.message_from_string, split=False): + url = urljoin(repo, 'dists/stable', name) + response = session.get("{repo}/dists/stable/{name}".format(**locals())) + return parse(response.content) + + +def fetch_filehashes(repo, path): + meta = fetch_meta(repo, path, parse=parse_bz2_msg) + for item in meta: + yield { + 'version': pkg_resources.parse_version(str(item['Version'])), + 'path': item['Filename'], + 'sha256': item['sha256'], + } + + +def fetch_archs(repo): + m = fetch_meta(repo, 'Release') + + architectures = m['Architectures'].split() + elements = [ReleaseElement(*x.split()) for x in m['SHA256'].splitlines()] + elements = [x for x in elements if x.path.endswith('bz2')] + + for arch, elem in product(architectures, elements): + if arch in elem.path: + yield arch, max(fetch_filehashes(repo, elem.path), + key=itemgetter('version')) + + +class OurVersionEncoder(json.JSONEncoder): + def default(self, obj): + # the other way around to avoid issues with + # newer setuptools having strict/legacy versions + if not isinstance(obj, (dict, str)): + return str(obj) + return json.JSONEncoder.default(self, obj) + + +def main(repo, target): + logging.basicConfig(level=logging.DEBUG) + with target.open(mode='wb') as fp: + json.dump( + dict(fetch_archs(repo)), fp, + cls=OurVersionEncoder, + indent=2, + sort_keys=True) + + +opts = parser.parse_args() +main(opts.repo, opts.target) diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/enum4linux/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/enum4linux/default.nix new file mode 100644 index 000000000000..9a7d1861d9bd --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/enum4linux/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchurl, makeWrapper, samba, perl, openldap }: + +stdenv.mkDerivation rec { + pname = "enum4linux"; + version = "0.8.9"; + src = fetchurl { + url = "https://labs.portcullis.co.uk/download/enum4linux-${version}.tar.gz"; + sha256 = "41334df0cb1ba82db9e3212981340372bb355a8160073331d2a1610908a62d85"; + }; + + dontBuild = true; + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ samba perl openldap ]; + + installPhase = '' + mkdir -p $out/bin + cp enum4linux.pl $out/bin/enum4linux + + wrapProgram $out/bin/enum4linux \ + --prefix PATH : ${stdenv.lib.makeBinPath [ samba openldap ]} + ''; + + meta = with stdenv.lib; { + description = "A tool for enumerating information from Windows and Samba systems"; + homepage = "https://labs.portcullis.co.uk/tools/enum4linux/"; + license = licenses.gpl2; + platforms = platforms.unix; + maintainers = [ maintainers.fishi0x01 ]; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/eschalot/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/eschalot/default.nix new file mode 100644 index 000000000000..28df3a284427 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/eschalot/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub, openssl }: + +stdenv.mkDerivation rec { + pname = "eschalot"; + version = "2018-01-19"; + + src = fetchFromGitHub { + owner = "ReclaimYourPrivacy"; + repo = pname; + rev = "56a967b62631cfd3c7ef68541263dbd54cbbc2c4"; + sha256 = "1iw1jrydasm9dmgpcdimd8dy9n281ys9krvf3fd3dlymkgsj604d"; + }; + + buildInputs = [ openssl ]; + + installPhase = '' + install -D -t $out/bin eschalot worgen + ''; + + meta = with stdenv.lib; { + description = "Tor hidden service name generator"; + homepage = src.meta.homepage; + license = licenses.isc; + platforms = platforms.unix; + maintainers = with maintainers; [ dotlambda ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/fail2ban/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/fail2ban/default.nix new file mode 100644 index 000000000000..c27f82d70536 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/fail2ban/default.nix @@ -0,0 +1,59 @@ +{ stdenv, fetchFromGitHub, python3 }: + +let version = "0.11.1"; in + +python3.pkgs.buildPythonApplication { + pname = "fail2ban"; + inherit version; + + src = fetchFromGitHub { + owner = "fail2ban"; + repo = "fail2ban"; + rev = version; + sha256 = "0kqvkxpb72y3kgmxf6g36w67499c6gcd2a9yyblagwx12y05f1sh"; + }; + + pythonPath = with python3.pkgs; + stdenv.lib.optionals stdenv.isLinux [ + systemd + ]; + + preConfigure = '' + for i in config/action.d/sendmail*.conf; do + substituteInPlace $i \ + --replace /usr/sbin/sendmail sendmail \ + --replace /usr/bin/whois whois + done + + substituteInPlace config/filter.d/dovecot.conf \ + --replace dovecot.service dovecot2.service + ''; + + doCheck = false; + + preInstall = '' + substituteInPlace setup.py --replace /usr/share/doc/ share/doc/ + + # see https://github.com/NixOS/nixpkgs/issues/4968 + ${python3.interpreter} setup.py install_data --install-dir=$out --root=$out + ''; + + postPatch = '' + ${stdenv.shell} ./fail2ban-2to3 + ''; + + postInstall = let + sitePackages = "$out/${python3.sitePackages}"; + in '' + # see https://github.com/NixOS/nixpkgs/issues/4968 + rm -rf ${sitePackages}/etc ${sitePackages}/usr ${sitePackages}/var; + ''; + + meta = with stdenv.lib; { + homepage = "https://www.fail2ban.org/"; + description = "A program that scans log files for repeated failing login attempts and bans IP addresses"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ eelco lovek323 fpletz ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/fcrackzip/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/fcrackzip/default.nix new file mode 100644 index 000000000000..15510f7b7096 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/fcrackzip/default.nix @@ -0,0 +1,26 @@ +{stdenv, fetchurl}: + +stdenv.mkDerivation rec { + pname = "fcrackzip"; + version = "1.0"; + src = fetchurl { + url = "http://oldhome.schmorp.de/marc/data/${pname}-${version}.tar.gz"; + sha256 = "0l1qsk949vnz18k4vjf3ppq8p497966x4c7f2yx18x8pk35whn2a"; + }; + + # 'fcrackzip --use-unzip' cannot deal with file names containing a single quote + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430387 + patches = [ ./fcrackzip_forkexec.patch ]; + + # Do not clash with unizp/zipinfo + postInstall = "mv $out/bin/zipinfo $out/bin/fcrackzip-zipinfo"; + + meta = with stdenv.lib; { + description = "zip password cracker, similar to fzc, zipcrack and others"; + homepage = "http://oldhome.schmorp.de/marc/fcrackzip.html"; + license = licenses.gpl2; + maintainers = with maintainers; [ nico202 ]; + platforms = with platforms; unix; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch new file mode 100644 index 000000000000..8e508ec1f596 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/fcrackzip/fcrackzip_forkexec.patch @@ -0,0 +1,105 @@ +--- origin/main.c 2016-12-12 12:53:38.344285376 +0100 ++++ main.c 2016-12-12 13:01:41.134548824 +0100 +@@ -26,11 +26,13 @@ + #include <string.h> + + #ifdef USE_UNIX_REDIRECTION +-#define DEVNULL ">/dev/null 2>&1" ++#define DEVNULL "/dev/null" + #else +-#define DEVNULL ">NUL 2>&1" ++#define DEVNULL "NUL" + #endif + ++#include <errno.h> ++ + #include "crack.h" + + int use_unzip; +@@ -47,21 +49,77 @@ + int REGPARAM + check_unzip (const char *pw) + { +- char buff[1024]; +- int status; ++pid_t cpid; ++cpid = fork (); ++if (cpid == -1) ++ { ++ perror ("fork"); ++ exit (EXIT_FAILURE); ++ } ++ ++if (cpid == 0) ++ { ++ // Redirect STDERR/STDOUT to /dev/null ++ int oldfd_stderr, oldfd_stdout; ++ oldfd_stdout = dup (fileno (stdout)); ++ if (oldfd_stdout == -1) ++ { ++ perror ("dup for stdout"); ++ _exit (127); ++ } ++ oldfd_stderr = dup (fileno (stderr)); ++ if (oldfd_stderr == -1) ++ { ++ perror ("dup for stderr"); ++ _exit (127); ++ } ++ if (freopen (DEVNULL, "w", stdout) == NULL) ++ { ++ perror ("freopen " DEVNULL " for stdout"); ++ _exit (127); ++ } ++ if (freopen (DEVNULL, "w", stderr) == NULL) ++ { ++ perror ("freopen " DEVNULL " for stderr"); ++ _exit (127); ++ } ++ execlp ("unzip", "unzip", "-qqtP", pw, file_path[0], NULL); ++ ++ // When execlp failed. ++ // Restores the stderr/stdout redirection to print an error. ++ int errno_saved = errno; ++ dup2 (oldfd_stderr, fileno (stderr)); ++ dup2 (oldfd_stdout, fileno (stdout)); ++ close (oldfd_stderr); ++ close (oldfd_stdout); ++ errno = errno_saved; ++ perror ("execlp for unzip"); ++ _exit (127); // Returns 127 on error as system(3) does ++ } + +- sprintf (buff, "unzip -qqtP \"%s\" %s " DEVNULL, pw, file_path[0]); +- status = system (buff); +- +-#undef REDIR ++ int status; + +- if (status == EXIT_SUCCESS) ++ if (waitpid (cpid, &status, 0) == -1) + { +- printf("\n\nPASSWORD FOUND!!!!: pw == %s\n", pw); ++ perror ("waitpid"); ++ exit (EXIT_FAILURE); ++ } ++ ++ // The child process does not terminated normally, OR returns the exit status 127. ++ if (!WIFEXITED (status) ++ || (WIFEXITED (status) && (WEXITSTATUS (status) == 127))) ++ { ++ fprintf (stderr, "Executing unzip failed.\n"); ++ exit (EXIT_FAILURE); ++ } ++// unzip exited normally with the exit status 0 then... ++ if (WIFEXITED (status) && (WEXITSTATUS (status) == EXIT_SUCCESS)) ++ { ++ printf ("\n\nPASSWORD FOUND!!!!: pw == %s\n", pw); + exit (EXIT_SUCCESS); + } + +- return !status; ++ return 0; + } + + /* misc. callbacks. */ diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/fido2luks/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/fido2luks/default.nix new file mode 100644 index 000000000000..d2a5d91467a8 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/fido2luks/default.nix @@ -0,0 +1,37 @@ +{ stdenv +, rustPlatform +, fetchFromGitHub +, cryptsetup +, pkg-config +, clang +, llvmPackages +}: + +rustPlatform.buildRustPackage rec { + pname = "fido2luks"; + version = "0.2.15"; + + src = fetchFromGitHub { + owner = "shimunn"; + repo = pname; + rev = version; + sha256 = "1v5gxcz4zbc673i5kbsnjq8bikf7jdbn3wjfz1wppjrgwnkgvsh9"; + }; + + buildInputs = [ cryptsetup ]; + nativeBuildInputs = [ pkg-config clang ]; + + configurePhase = '' + export LIBCLANG_PATH="${llvmPackages.libclang}/lib" + ''; + + cargoSha256 = "19drjql13z8bw257z10kjppxm25jlfgrpc9g1jf68ka5j2b3nx7k"; + + meta = with stdenv.lib; { + description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator"; + homepage = "https://github.com/shimunn/fido2luks"; + license = licenses.gpl3; + maintainers = with maintainers; [ prusnak mmahut ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/fierce/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/fierce/default.nix new file mode 100644 index 000000000000..13146c3373e7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/fierce/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, python3 }: + +python3.pkgs.buildPythonApplication rec { + pname = "fierce"; + version = "1.4.0"; + + src = fetchFromGitHub { + owner = "mschwager"; + repo = pname; + rev = version; + sha256 = "11yaz8ap9swx95j3wpqh0b6jhw6spqgfnsyn1liw9zqi4jwgiax7"; + }; + + postPatch = '' + substituteInPlace requirements.txt --replace 'dnspython==1.16.0' 'dnspython' + ''; + + propagatedBuildInputs = [ python3.pkgs.dns ]; + + # tests require network access + doCheck = false; + pythonImportsCheck = [ "fierce" ]; + + meta = with stdenv.lib; { + homepage = "https://github.com/mschwager/fierce"; + description = "DNS reconnaissance tool for locating non-contiguous IP space"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ c0bw3b ]; + platforms = platforms.all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/fpm2/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/fpm2/default.nix new file mode 100644 index 000000000000..2f297ffd6b79 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/fpm2/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl, pkgconfig, gnupg, gtk2 +, libxml2, intltool +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + pname = "fpm2"; + version = "0.79"; + + src = fetchurl { + url = "https://als.regnet.cz/fpm2/download/fpm2-${version}.tar.bz2"; + sha256 = "d55e9ce6be38a44fc1053d82db2d117cf3991a51898bd86d7913bae769f04da7"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ gnupg gtk2 libxml2 intltool ]; + + meta = { + description = "GTK2 port from Figaro's Password Manager originally developed by John Conneely, with some new enhancements"; + homepage = "https://als.regnet.cz/fpm2/"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ hce ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/fprintd/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/fprintd/default.nix new file mode 100644 index 000000000000..b14aff386aba --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/fprintd/default.nix @@ -0,0 +1,116 @@ +{ stdenv +, fetchFromGitLab +, fetchpatch +, pkgconfig +, meson +, ninja +, perl +, gettext +, cairo +, gtk-doc +, libxslt +, docbook-xsl-nons +, docbook_xml_dtd_412 +, glib +, dbus +, dbus-glib +, polkit +, nss +, pam +, systemd +, libfprint +, python3 +}: + +stdenv.mkDerivation rec { + pname = "fprintd"; + version = "1.90.1"; + outputs = [ "out" "devdoc" ]; + + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "libfprint"; + repo = pname; + rev = version; + sha256 = "0mbzk263x7f58i9cxhs44mrngs7zw5wkm62j5r6xlcidhmfn03cg"; + }; + + patches = [ + # Fixes issue with ":" when there is multiple paths (might be the case on NixOS) + # https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/50 + (fetchpatch { + url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/d7fec03f24d10f88d34581c72f0eef201f5eafac.patch"; + sha256 = "0f88dhizai8jz7hpm5lpki1fx4593zcy89iwi4brsqbqc7jp9ls0"; + }) + + # Fix locating libpam_wrapper for tests + (fetchpatch { + url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/40.patch"; + sha256 = "0qqy090p93lzabavwjxzxaqidkcb3ifacl0d3yh1q7ms2a58yyz3"; + }) + (fetchpatch { + url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f401f399a85dbeb2de165b9b9162eb552ab6eea7.patch"; + sha256 = "1bc9g6kc95imlcdpvp8qgqjsnsxg6nipr6817c1pz5i407yvw1iy"; + }) + ]; + + nativeBuildInputs = [ + pkgconfig + meson + ninja + perl + gettext + gtk-doc + libxslt + dbus + docbook-xsl-nons + docbook_xml_dtd_412 + ]; + + buildInputs = [ + glib + dbus-glib + polkit + nss + pam + systemd + libfprint + ]; + + checkInputs = with python3.pkgs; [ + python-dbusmock + dbus-python + pygobject3 + pycairo + pypamtest + ]; + + mesonFlags = [ + "-Dgtk_doc=true" + "-Dpam_modules_dir=${placeholder "out"}/lib/security" + "-Dsysconfdir=${placeholder "out"}/etc" + "-Ddbus_service_dir=${placeholder "out"}/share/dbus-1/system-services" + "-Dsystemd_system_unit_dir=${placeholder "out"}/lib/systemd/system" + ]; + + PKG_CONFIG_DBUS_1_INTERFACES_DIR = "${placeholder "out"}/share/dbus-1/interfaces"; + PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions"; + PKG_CONFIG_DBUS_1_DATADIR = "${placeholder "out"}/share"; + + # FIXME: Ugly hack for tests to find libpam_wrapper.so + LIBRARY_PATH = stdenv.lib.makeLibraryPath [ python3.pkgs.pypamtest ]; + + doCheck = true; + + postPatch = '' + patchShebangs po/check-translations.sh + ''; + + meta = with stdenv.lib; { + homepage = "https://fprint.freedesktop.org/"; + description = "D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar elyhaka ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/fprot/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/fprot/default.nix new file mode 100644 index 000000000000..12b47694db3c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/fprot/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation { + + pname = "f-prot"; + version = "6.2.1"; + + src = fetchurl { + url = "http://files.f-prot.com/files/unix-trial/fp-Linux.x86.32-ws.tar.gz"; + sha256 = "0qlsrkanf0inplwv1i6hqbimdg91syf5ggd1vahsm9lhivmnr0v5"; + }; + + installPhase = '' + mkdir -p $out/bin + cp fpscan $out/bin + + mkdir -p $out/opt/f-prot + cp fpupdate $out/opt/f-prot + cp product.data.default $out/opt/f-prot/product.data + cp license.key $out/opt/f-prot/ + cp f-prot.conf.default $out/opt/f-prot/f-prot.conf + ln -s $out/opt/f-prot/fpupdate $out/bin/fpupdate + + patchelf --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/opt/f-prot/fpupdate + + mkdir -p $out/share/man/ + mkdir -p $out/share/man/man1 + cp doc/man/fpscan.1 $out/share/man/man1 + mkdir -p $out/share/man/man5 + cp doc/man/f-prot.conf.5 $out/share/man/man5 + mkdir -p $out/share/man/man8 + cp doc/man/fpupdate.8 $out/share/man/man8 + ''; + + meta = with stdenv.lib; { + homepage = "http://www.f-prot.com"; + description = "A popular proprietary antivirus program"; + license = licenses.unfree; + maintainers = [ maintainers.phreedom ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/fwknop/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/fwknop/default.nix new file mode 100644 index 000000000000..0f1c37aa7975 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/fwknop/default.nix @@ -0,0 +1,62 @@ +{ stdenv, fetchFromGitHub, autoreconfHook +, libpcap, texinfo +, iptables +, gnupgSupport ? true, gnupg, gpgme # Increases dependencies! +, wgetSupport ? true, wget +, buildServer ? true +, buildClient ? true }: + +stdenv.mkDerivation rec { + pname = "fwknop"; + version = "2.6.10"; + + src = fetchFromGitHub { + owner = "mrash"; + repo = pname; + rev = version; + sha256 = "05kvqhmxj9p2y835w75f3jvhr38bb96cd58mvfd7xil9dhmhn9ra"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ libpcap texinfo ] + ++ stdenv.lib.optionals gnupgSupport [ gnupg gpgme.dev ] + ++ stdenv.lib.optionals wgetSupport [ wget ]; + + configureFlags = [ + "--sysconfdir=/etc" + "--localstatedir=/run" + "--with-iptables=${iptables}/sbin/iptables" + (stdenv.lib.enableFeature buildServer "server") + (stdenv.lib.enableFeature buildClient "client") + (stdenv.lib.withFeatureAs wgetSupport "wget" "${wget}/bin/wget") + ] ++ stdenv.lib.optionalString gnupgSupport [ + "--with-gpgme" + "--with-gpgme-prefix=${gpgme.dev}" + "--with-gpg=${gnupg}" + ]; + + # Temporary hack to copy the example configuration files into the nix-store, + # this'll probably be helpful until there's a NixOS module for that (feel free + # to ping me (@primeos) if you want to help). + preInstall = '' + substituteInPlace Makefile --replace\ + "sysconfdir = /etc"\ + "sysconfdir = $out/etc" + substituteInPlace server/Makefile --replace\ + "wknopddir = /etc/fwknop"\ + "wknopddir = $out/etc/fwknop" + ''; + + meta = with stdenv.lib; { + description = + "Single Packet Authorization (and Port Knocking) server/client"; + longDescription = '' + fwknop stands for the "FireWall KNock OPerator", and implements an + authorization scheme called Single Packet Authorization (SPA). + ''; + homepage = "https://www.cipherdyne.org/fwknop/"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix new file mode 100644 index 000000000000..68536a519aa3 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix @@ -0,0 +1,43 @@ +{ coreutils, fetchFromGitHub, file, libcaca, makeWrapper, python, openssl, qrencode, stdenv, yubikey-manager }: + +stdenv.mkDerivation rec { + pname = "gen-oath-safe"; + version = "0.11.0"; + src = fetchFromGitHub { + owner = "mcepl"; + repo = "gen-oath-safe"; + rev = version; + sha256 = "1914z0jgj7lni0nf3hslkjgkv87mhxdr92cmhmbzhpjgjgr23ydp"; + }; + + buildInputs = [ makeWrapper ]; + + buildPhase = ":"; + + installPhase = + let + path = stdenv.lib.makeBinPath [ + coreutils + file + libcaca.bin + openssl.bin + python + qrencode + yubikey-manager + ]; + in + '' + mkdir -p $out/bin + cp gen-oath-safe $out/bin/ + wrapProgram $out/bin/gen-oath-safe \ + --prefix PATH : ${path} + ''; + meta = with stdenv.lib; { + homepage = "https://github.com/mcepl/gen-oath-safe"; + description = "Script for generating HOTP/TOTP keys (and QR code)"; + platforms = platforms.unix; + license = licenses.mit; + maintainers = [ maintainers.makefu ]; + }; + +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gencfsm/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gencfsm/default.nix new file mode 100644 index 000000000000..e56c9e20fd43 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gencfsm/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchurl, autoconf, automake, intltool, libtool, pkgconfig, encfs +, glib , gnome3, gtk3, libgnome-keyring, vala, wrapGAppsHook, xorg, gobject-introspection +}: + +stdenv.mkDerivation rec { + version = "1.8.19"; + pname = "gnome-encfs-manager"; + + src = fetchurl { + url = "https://launchpad.net/gencfsm/trunk/1.8/+download/gnome-encfs-manager_${version}.tar.xz"; + sha256 = "1h6x8dyp1fvxvr8fwki98ppf4sa20qf7g59jc9797b2vrgm60h1i"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ autoconf automake intltool libtool vala glib encfs + gtk3 libgnome-keyring gnome3.libgee xorg.libSM xorg.libICE + wrapGAppsHook gobject-introspection ]; + + patches = [ ./makefile-mkdir.patch ]; + + preConfigure = '' + ./autogen.sh + ''; + + configureFlags = [ "--disable-appindicator" ]; + + preFixup = ''gappsWrapperArgs+=(--prefix PATH : ${encfs}/bin)''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + homepage = "http://www.libertyzero.com/GEncfsM/"; + downloadPage = "https://launchpad.net/gencfsm/"; + description = "EncFS manager and mounter with GNOME3 integration"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = [ maintainers.spacefrogg ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gencfsm/makefile-mkdir.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/gencfsm/makefile-mkdir.patch new file mode 100644 index 000000000000..49c7b0b4d9d1 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gencfsm/makefile-mkdir.patch @@ -0,0 +1,14 @@ +--- a/dist/Makefile.am ++++ b/dist/Makefile.am +@@ -10,9 +10,9 @@ install-data-hook: + chmod 0755 $(shell find $(dist) -type d) + chmod 0644 $(shell find $(dist) -type f) + chmod 0755 $(shell find "scripts" -type f) +- test -z "$(DESTDIR)$(datadir)/dbus-1/services/" || /bin/mkdir -p "$(DESTDIR)$(datadir)/dbus-1/services/" ++ test -z "$(DESTDIR)$(datadir)/dbus-1/services/" || $(MKDIR_P) "$(DESTDIR)$(datadir)/dbus-1/services/" + cp "extra/com.libertyzero.gnome-encfs-manager.service" "$(DESTDIR)$(datadir)/dbus-1/services/" +- test -z "$(gencfsmdir)" || /bin/mkdir -p "$(gencfsmdir)" ++ test -z "$(gencfsmdir)" || $(MKDIR_P) "$(gencfsmdir)" + cp --parent -rf $(dist) "$(gencfsmdir)" + cp --parent -rf $(icons) $(DESTDIR)$(datadir) + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/genpass/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/genpass/default.nix new file mode 100644 index 000000000000..6818af194b3a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/genpass/default.nix @@ -0,0 +1,28 @@ +{ stdenv +, fetchgit +, rustPlatform +, CoreFoundation +, libiconv +, Security +}: +rustPlatform.buildRustPackage rec { + pname = "genpass"; + version = "0.4.9"; + + src = fetchgit { + url = "https://git.sr.ht/~cyplo/genpass"; + rev = "v${version}"; + sha256 = "1dpv2iyd48xd8yw9bmymjjrkhsgmpwvsl5b9zx3lpaaq59ypi9g9"; + }; + + cargoSha256 = "1cwxpc3xkw673wiamr4v7clrzwxl8ma1vdr6bw0hixm37gxdxz7x"; + + buildInputs = stdenv.lib.optionals stdenv.isDarwin [ CoreFoundation libiconv Security ]; + + meta = with stdenv.lib; { + description = "A simple yet robust commandline random password generator"; + homepage = "https://sr.ht/~cyplo/genpass/"; + license = licenses.agpl3; + maintainers = with maintainers; [ cyplo ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ghidra/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ghidra/default.nix new file mode 100644 index 000000000000..e11d028f1f8b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ghidra/default.nix @@ -0,0 +1,70 @@ +{ stdenv, fetchzip, lib, makeWrapper, autoPatchelfHook +, openjdk11, pam, makeDesktopItem, icoutils +}: let + + pkg_path = "$out/lib/ghidra"; + + desktopItem = makeDesktopItem { + name = "ghidra"; + exec = "ghidra"; + icon = "ghidra"; + desktopName = "Ghidra"; + genericName = "Ghidra Software Reverse Engineering Suite"; + categories = "Development;"; + }; + + +in stdenv.mkDerivation rec { + + pname = "ghidra"; + version = "9.2"; + versiondate = "20201113"; + + src = fetchzip { + url = "https://www.ghidra-sre.org/ghidra_${version}_PUBLIC_${versiondate}.zip"; + sha256 = "0lcvmbq04qkdsf0bz509frgw79bhyxyixkqg1k712p3576ng3nby"; + }; + + nativeBuildInputs = [ + makeWrapper + autoPatchelfHook + icoutils + ]; + + buildInputs = [ + stdenv.cc.cc.lib + pam + ]; + + dontStrip = true; + + installPhase = '' + mkdir -p "${pkg_path}" + mkdir -p "${pkg_path}" "$out/share/applications" + cp -a * "${pkg_path}" + ln -s ${desktopItem}/share/applications/* $out/share/applications + + icotool -x "${pkg_path}/support/ghidra.ico" + rm ghidra_4_40x40x32.png + for f in ghidra_*.png; do + res=$(basename "$f" ".png" | cut -d"_" -f3 | cut -d"x" -f1-2) + mkdir -pv "$out/share/icons/hicolor/$res/apps" + mv "$f" "$out/share/icons/hicolor/$res/apps/ghidra.png" + done; + ''; + + postFixup = '' + mkdir -p "$out/bin" + makeWrapper "${pkg_path}/ghidraRun" "$out/bin/ghidra" \ + --prefix PATH : ${lib.makeBinPath [ openjdk11 ]} + ''; + + meta = with lib; { + description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; + homepage = "https://ghidra-sre.org/"; + platforms = [ "x86_64-linux" ]; + license = licenses.asl20; + maintainers = with maintainers; [ ck3d govanify ]; + }; + +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix new file mode 100644 index 000000000000..4b9a6fb0e321 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix @@ -0,0 +1,83 @@ +{ stdenv +, fetchFromGitLab +, fetchpatch +, python3 +, wrapGAppsHook +, gobject-introspection +, gtk3 +, glib +, gst_all_1 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "gnome-keysign"; + version = "1.2.0"; + + src = fetchFromGitLab { + domain = "gitlab.gnome.org"; + owner = "GNOME"; + repo = pname; + rev = version; + sha256 = "1sjphi1lsivg9jmc8khbcqa9w6608pkrccz4nz3rlcc54hn0k0sj"; + }; + + patches = [ + # fix build failure due to missing import + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gnome-keysign/commit/216c3677e68960afc517edc00529323e85909323.patch"; + sha256 = "1w410gvcridbq26sry7fxn49v59ss2lc0w5ab7csva8rzs1nc990"; + }) + + # stop requiring lxml (no longer used) + # https://gitlab.gnome.org/GNOME/gnome-keysign/merge_requests/23 + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gnome-keysign/commit/ffc6f40584d7564951e1c8b6d18d4f8a6a3fa09d.patch"; + sha256 = "1hs6mmhi2f21kvy26llzvp37yf0i0dr69d18r641139nr6qg6kwy"; + includes = [ "setup.py" ]; + }) + ]; + + nativeBuildInputs = [ + wrapGAppsHook + gobject-introspection + ] ++ (with python3.pkgs; [ + Babel + babelgladeextractor + ]); + + buildInputs = [ + # TODO: add avahi support + gtk3 + glib + gst_all_1.gstreamer + gst_all_1.gst-plugins-base + (gst_all_1.gst-plugins-good.override { gtkSupport = true; }) + (gst_all_1.gst-plugins-bad.override { enableZbar = true; }) # for zbar plug-in + ]; + + propagatedBuildInputs = with python3.pkgs; [ + dbus-python + future + gpgme + magic-wormhole + pygobject3 + pybluez + qrcode + requests + twisted + ]; + + # https://github.com/NixOS/nixpkgs/issues/56943 + strictDeps = false; + + # bunch of linting + doCheck = false; + + meta = with stdenv.lib; { + description = "GTK/GNOME application to use GnuPG for signing other peoples’ keys"; + homepage = "https://wiki.gnome.org/Apps/Keysign"; + license = licenses.gpl3Plus; + maintainers = teams.gnome.members; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnu-pw-mgr/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gnu-pw-mgr/default.nix new file mode 100644 index 000000000000..af6893b26e86 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnu-pw-mgr/default.nix @@ -0,0 +1,20 @@ +{ stdenv, lib, fetchurl, gnulib }: + +stdenv.mkDerivation rec { + pname = "gnu-pw-mgr"; + version = "2.7.4"; + src = fetchurl { + url = "https://ftp.gnu.org/gnu/gnu-pw-mgr/${pname}-${version}.tar.xz"; + sha256 = "0fhwvsmsqpw0vnivarfg63l8pgwqfv7d5wi6l80jpb41dj6qpjz8"; + }; + + buildInputs = [ gnulib ]; + + meta = with lib; { + homepage = "https://www.gnu.org/software/gnu-pw-mgr/"; + description = "A password manager designed to make it easy to reconstruct difficult passwords"; + license = with licenses; [ gpl3Plus lgpl3Plus ]; + platforms = stdenv.lib.platforms.linux; + maintainers = with maintainers; [ qoelet ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg-pkcs11-scd/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg-pkcs11-scd/default.nix new file mode 100644 index 000000000000..04af88e33352 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg-pkcs11-scd/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchurl, libgpgerror, libassuan, libgcrypt, pkcs11helper, + pkgconfig, openssl }: + +stdenv.mkDerivation rec { + pname = "gnupg-pkcs11-scd"; + version = "0.9.2"; + + src = fetchurl { + url = "https://github.com/alonbl/${pname}/releases/download/${pname}-${version}/${pname}-${version}.tar.bz2"; + sha256 = "1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx"; + }; + + buildInputs = [ pkcs11helper pkgconfig openssl ]; + + configureFlags = [ + "--with-libgpg-error-prefix=${libgpgerror.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + ]; + + meta = with stdenv.lib; { + description = "A smart-card daemon to enable the use of PKCS#11 tokens with GnuPG"; + longDescription = '' + gnupg-pkcs11 is a project to implement a BSD-licensed smart-card + daemon to enable the use of PKCS#11 tokens with GnuPG. + ''; + homepage = "http://gnupg-pkcs11.sourceforge.net/"; + license = licenses.bsd3; + maintainers = with maintainers; [ matthiasbeyer philandstuff ]; + platforms = platforms.unix; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch new file mode 100644 index 000000000000..061fb0e8de9c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch @@ -0,0 +1,34 @@ +From 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Sun, 30 Jun 2019 11:54:35 -0400 +Subject: [PATCH] dirmngr: Only use SKS pool CA for SKS pool + +* dirmngr/http.c (http_session_new): when checking whether the +keyserver is the HKPS pool, check specifically against the pool name, +as ./configure might have been used to select a different default +keyserver. It makes no sense to apply Kristian's certificate +authority to anything other than the literal host +hkps.pool.sks-keyservers.net. + +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +GnuPG-Bug-Id: 4593 +--- + dirmngr/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dirmngr/http.c b/dirmngr/http.c +index 384f2569d..8e5d53939 100644 +--- a/dirmngr/http.c ++++ b/dirmngr/http.c +@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session, + + is_hkps_pool = (intended_hostname + && !ascii_strcasecmp (intended_hostname, +- get_default_keyserver (1))); ++ "hkps.pool.sks-keyservers.net")); + + /* If the user has not specified a CA list, and they are looking + * for the hkps pool from sks-keyservers.net, then default to +-- +2.22.0 + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/1.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/1.nix new file mode 100644 index 000000000000..20ecd7c92fb2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/1.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl, readline, bzip2 }: + +stdenv.mkDerivation rec { + name = "gnupg-1.4.23"; + + src = fetchurl { + url = "mirror://gnupg/gnupg/${name}.tar.bz2"; + sha256 = "1fkq4sqldvf6a25mm2qz95swv1qjg464736091w51djiwqbjyin9"; + }; + + buildInputs = [ readline bzip2 ]; + + doCheck = true; + + meta = with stdenv.lib; { + homepage = "https://gnupg.org"; + description = "Classic (1.4) release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "classic" (1.4) is the old standalone version which is most suitable for + older or embedded platforms. GnuPG allows to encrypt and sign your data + and communication, features a versatile key management system as well as + access modules for all kind of public key directories. GnuPG, also known + as GPG, is a command line tool with features for easy integration with + other applications. A wealth of frontend applications and libraries are + available. + ''; + platforms = platforms.all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/1compat.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/1compat.nix new file mode 100644 index 000000000000..371a7ca67afd --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/1compat.nix @@ -0,0 +1,30 @@ +{ stdenv, gnupg, coreutils, writeScript }: + +stdenv.mkDerivation { + name = "gnupg1compat-${gnupg.version}"; + + builder = writeScript "gnupg1compat-builder" '' + PATH=${coreutils}/bin + # First symlink all top-level dirs + mkdir -p $out + ln -s "${gnupg}/"* $out + + # Replace bin with directory and symlink it contents + rm $out/bin + mkdir -p $out/bin + ln -s "${gnupg}/bin/"* $out/bin + + # Add symlinks for any executables that end in 2 and lack any non-*2 version + for f in $out/bin/*2; do + [[ -x $f ]] || continue # ignore failed globs and non-executable files + [[ -e ''${f%2} ]] && continue # ignore commands that already have non-*2 versions + ln -s -- "''${f##*/}" "''${f%2}" + done + ''; + + meta = gnupg.meta // { + description = gnupg.meta.description + + " with symbolic links for gpg and gpgv"; + priority = -1; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/22.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/22.nix new file mode 100644 index 000000000000..9acd64a2c86e --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/22.nix @@ -0,0 +1,97 @@ +{ fetchurl, fetchpatch, stdenv, pkgconfig, libgcrypt, libassuan, libksba +, libgpgerror, libiconv, npth, gettext, texinfo, buildPackages + +# Each of the dependencies below are optional. +# Gnupg can be built without them at the cost of reduced functionality. +, guiSupport ? true, enableMinimal ? false +, adns ? null , bzip2 ? null , gnutls ? null , libusb1 ? null , openldap ? null +, pcsclite ? null , pinentry ? null , readline ? null , sqlite ? null , zlib ? +null +}: + +with stdenv.lib; + +assert guiSupport -> pinentry != null && enableMinimal == false; + +stdenv.mkDerivation rec { + pname = "gnupg"; + + version = "2.2.24"; + + src = fetchurl { + url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; + sha256 = "0ilcp7m1dvwnri3i7q9wanf5pvhwxk7h106pd62g0d5fz80b944h"; + }; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ pkgconfig texinfo ]; + buildInputs = [ + libgcrypt libassuan libksba libiconv npth gettext + readline libusb1 gnutls adns openldap zlib bzip2 sqlite + ]; + + patches = [ + ./fix-libusb-include-path.patch + ./0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch + ./tests-add-test-cases-for-import-without-uid.patch + ./allow-import-of-previously-known-keys-even-without-UI.patch + ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch + ]; + postPatch = '' + sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' configure doc/dirmngr.texi doc/gnupg.info-1 + # Fix broken SOURCE_DATE_EPOCH usage - remove on the next upstream update + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.am + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.in + '' + stdenv.lib.optionalString ( stdenv.isLinux && pcsclite != null) '' + sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c + ''; #" fix Emacs syntax highlighting :-( + + pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; + configureFlags = [ + "--with-libgpg-error-prefix=${libgpgerror.dev}" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + "--with-ksba-prefix=${libksba.dev}" + "--with-npth-prefix=${npth}" + ] ++ optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; + + postInstall = if enableMinimal + then '' + rm -r $out/{libexec,sbin,share} + for f in `find $out/bin -type f -not -name gpg` + do + rm $f + done + '' else '' + mkdir -p $out/lib/systemd/user + for f in doc/examples/systemd-user/*.{service,socket} ; do + substitute $f $out/lib/systemd/user/$(basename $f) \ + --replace /usr/bin $out/bin + done + + # add gpg2 symlink to make sure git does not break when signing commits + ln -s $out/bin/gpg $out/bin/gpg2 + + # Make libexec tools available in PATH + ln -s -t $out/bin $out/libexec/* + ''; + + meta = with stdenv.lib; { + homepage = "https://gnupg.org"; + description = "Modern (2.1) release of the GNU Privacy Guard, a GPL OpenPGP implementation"; + license = licenses.gpl3Plus; + longDescription = '' + The GNU Privacy Guard is the GNU project's complete and free + implementation of the OpenPGP standard as defined by RFC4880. GnuPG + "modern" (2.1) is the latest development with a lot of new features. + GnuPG allows to encrypt and sign your data and communication, features a + versatile key management system as well as access modules for all kind of + public key directories. GnuPG, also known as GPG, is a command line tool + with features for easy integration with other applications. A wealth of + frontend applications and libraries are available. Version 2 of GnuPG + also provides support for S/MIME. + ''; + maintainers = with maintainers; [ peti fpletz vrthra ]; + platforms = platforms.all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch new file mode 100644 index 000000000000..5cbec92ae683 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch @@ -0,0 +1,32 @@ +From: Vincent Breitmoser <look@my.amazin.horse> +Date: Thu, 13 Jun 2019 21:27:43 +0200 +Subject: gpg: accept subkeys with a good revocation but no self-sig during + import + +* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we +encounter a valid revocation signature. This allows import of subkey +revocation signatures, even in the absence of a corresponding subkey +binding signature. + +-- + +This fixes the remaining test in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + g10/import.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/g10/import.c b/g10/import.c +index 4fdf248..ee2fed8 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -3613,6 +3613,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self) + /* It's valid, so is it newer? */ + if (sig->timestamp >= rsdate) + { ++ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ + if (rsnode) + { + /* Delete the last revocation sig since diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch new file mode 100644 index 000000000000..723a6952044e --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch @@ -0,0 +1,106 @@ +From: Vincent Breitmoser <look@my.amazin.horse> +Date: Thu, 13 Jun 2019 21:27:42 +0200 +Subject: gpg: allow import of previously known keys, even without UIDs + +* g10/import.c (import_one): Accept an incoming OpenPGP certificate that +has no user id, as long as we already have a local variant of the cert +that matches the primary key. + +-- + +This fixes two of the three broken tests in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + g10/import.c | 44 +++++++++++--------------------------------- + 1 file changed, 11 insertions(+), 33 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index 95d419a..4fdf248 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl, + size_t an; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; +- int any_filter = 0; + KEYDB_HANDLE hd = NULL; + + if (r_valid) +@@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl, + log_printf ("\n"); + } + +- +- if (!uidnode ) +- { +- if (!silent) +- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); +- return 0; +- } +- + if (screener && screener (keyblock, screener_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk (pk), +@@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl, + } + } + +- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- { +- if (!silent) +- { +- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet ) +- log_info(_("this may be caused by a missing self-signature\n")); +- } +- stats->no_user_id++; +- return 0; +- } ++ /* Delete invalid parts, and note if we have any valid ones left. ++ * We will later abort import if this key is new but contains ++ * no valid uids. */ ++ delete_inv_parts (ctrl, keyblock, keyid, options); + + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); +@@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl, + { + apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); + commit_kbnode (&keyblock); +- any_filter = 1; + } + if (import_filter.drop_sig) + { + apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); + commit_kbnode (&keyblock); +- any_filter = 1; +- } +- +- /* If we ran any filter we need to check that at least one user id +- * is left in the keyring. Note that we do not use log_error in +- * this case. */ +- if (any_filter && !any_uid_left (keyblock)) +- { +- if (!opt.quiet ) +- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); +- stats->no_user_id++; +- return 0; + } + + /* The keyblock is valid and ready for real import. */ +@@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl, + err = 0; + stats->skipped_new_keys++; + } ++ else if (err && !any_uid_left (keyblock)) ++ { ++ if (!silent) ++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); ++ err = 0; ++ stats->no_user_id++; ++ } + else if (err) /* Insert this key. */ + { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/clang.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/clang.patch new file mode 100644 index 000000000000..842785e5c932 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/clang.patch @@ -0,0 +1,13 @@ +diff --git a/gl/stdint_.h b/gl/stdint_.h +index bc27595..303e81a 100644 +--- a/gl/stdint_.h ++++ b/gl/stdint_.h +@@ -62,7 +62,7 @@ + int{8,16,32,64}_t, uint{8,16,32,64}_t and __BIT_TYPES_DEFINED__. + <inttypes.h> also defines intptr_t and uintptr_t. */ + # define _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H +-# include <inttypes.h> ++// # include <inttypes.h> + # undef _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H + #elif @HAVE_SYS_INTTYPES_H@ + /* Solaris 7 <sys/inttypes.h> has the types except the *_fast*_t types, and diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/fix-libusb-include-path.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/fix-libusb-include-path.patch new file mode 100644 index 000000000000..a5432f8e3d95 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/fix-libusb-include-path.patch @@ -0,0 +1,12 @@ +--- a/configure ++++ b/configure +@@ -8987,8 +8987,7 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking libusb include dir" >&5 + $as_echo_n "checking libusb include dir... " >&6; } + usb_incdir_found="no" +- for _incdir in "" "/usr/include/libusb-1.0" \ +- "/usr/local/include/libusb-1.0" "/usr/pkg/include/libusb-1.0"; do ++ for _incdir in "$($PKG_CONFIG --variable=includedir libusb-1.0)/libusb-1.0"; do + _libusb_save_cppflags=$CPPFLAGS + if test -n "${_incdir}"; then + CPPFLAGS="-I${_incdir} ${CPPFLAGS}" diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch new file mode 100644 index 000000000000..65804bac7642 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch @@ -0,0 +1,14 @@ +diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c +index 903fb5b..d5611dc 100644 +--- a/tools/gpgkey2ssh.c ++++ b/tools/gpgkey2ssh.c +@@ -268,7 +268,7 @@ main (int argc, char **argv) + keyid = argv[1]; + + ret = asprintf (&command, +- "gpg --list-keys --with-colons --with-key-data '%s'", ++ "@out@/bin/gpg --list-keys --with-colons --with-key-data '%s'", + keyid); + assert (ret > 0); + + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/tests-add-test-cases-for-import-without-uid.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/tests-add-test-cases-for-import-without-uid.patch new file mode 100644 index 000000000000..37ddeea22495 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gnupg/tests-add-test-cases-for-import-without-uid.patch @@ -0,0 +1,201 @@ +From: Vincent Breitmoser <look@my.amazin.horse> +Date: Thu, 13 Jun 2019 21:27:41 +0200 +Subject: tests: add test cases for import without uid + +This commit adds a test case that does the following, in order: +- Import of a primary key plus user id +- Check that import of a subkey works, without a user id present in the +imported key +- Check that import of a subkey revocation works, without a user id or +subkey binding signature present in the imported key +- Check that import of a primary key revocation works, without a user id +present in the imported key + +-- + +Note that this test currently fails. The following changesets will +fix gpg so that the tests pass. + +GnuPG-Bug-id: 4393 +Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + tests/openpgp/Makefile.am | 1 + + tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++ + .../import-incomplete/primary+revocation.asc | 9 +++ + .../primary+subkey+sub-revocation.asc | 10 ++++ + .../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++ + .../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++ + tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++ + 7 files changed, 118 insertions(+) + create mode 100755 tests/openpgp/import-incomplete.scm + create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc + +diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am +index f6014c9..6423da1 100644 +--- a/tests/openpgp/Makefile.am ++++ b/tests/openpgp/Makefile.am +@@ -78,6 +78,7 @@ XTESTS = \ + gpgv-forged-keyring.scm \ + armor.scm \ + import.scm \ ++ import-incomplete.scm \ + import-revocation-certificate.scm \ + ecc.scm \ + 4gb-packet.scm \ +diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm +new file mode 100755 +index 0000000..727a027 +--- /dev/null ++++ b/tests/openpgp/import-incomplete.scm +@@ -0,0 +1,68 @@ ++#!/usr/bin/env gpgscm ++ ++;; Copyright (C) 2016 g10 Code GmbH ++;; ++;; This file is part of GnuPG. ++;; ++;; GnuPG is free software; you can redistribute it and/or modify ++;; it under the terms of the GNU General Public License as published by ++;; the Free Software Foundation; either version 3 of the License, or ++;; (at your option) any later version. ++;; ++;; GnuPG is distributed in the hope that it will be useful, ++;; but WITHOUT ANY WARRANTY; without even the implied warranty of ++;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++;; GNU General Public License for more details. ++;; ++;; You should have received a copy of the GNU General Public License ++;; along with this program; if not, see <http://www.gnu.org/licenses/>. ++ ++(load (in-srcdir "tests" "openpgp" "defs.scm")) ++(setup-environment) ++ ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc"))) ++ ++(info "Test import of new subkey, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of a subkey revocation, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:r:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of revocation, from a certificate without uid") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "pub:r:") ++ (string-contains? line "0843DA969AA8DAFB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ +diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc +new file mode 100644 +index 0000000..6b7b608 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+revocation.asc +@@ -0,0 +1,9 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [E] primary key, revocation signature over primary (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ ++EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3 ++XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ== ++=tM90 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +new file mode 100644 +index 0000000..83a51a5 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [D] primary key, subkey, subkey revocation (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ ++3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ= ++=dwx2 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +new file mode 100644 +index 0000000..dc47a02 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [B] primary key, subkey, subkey binding sig (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR ++Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg= ++=xuDu ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc +new file mode 100644 +index 0000000..134607d +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [C] primary key and self-sig expiring in 2024 (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8 ++2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu ++3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN ++9ohXOEBWvdJgVv2YAg== ++=KWIK ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc +new file mode 100644 +index 0000000..055f300 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [A] primary key, user ID, and self-sig expiring in 2021 ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja +++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI ++kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs= ++=1eII ++-----END PGP PUBLIC KEY BLOCK----- diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gobuster/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gobuster/default.nix new file mode 100644 index 000000000000..cc436a16b587 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gobuster/default.nix @@ -0,0 +1,27 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "gobuster"; + version = "3.1.0"; + + src = fetchFromGitHub { + owner = "OJ"; + repo = "gobuster"; + rev = "v${version}"; + sha256 = "0nal2g5c6z46x6337yh0s6mqgnsigp91i7mp1l3sa91p5ihk71wr"; + }; + + vendorSha256 = "1isp2jd6k4ppns5zi9irj09090imnc0xp6vcps135ymgp8qg4163"; + + doCheck = false; + + meta = with lib; { + description = "Tool used to brute-force URIs, DNS subdomains, Virtual Host names on target web servers"; + homepage = "https://github.com/OJ/gobuster"; + license = licenses.asl20; + maintainers = with maintainers; [ pamplemousse ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gopass/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gopass/default.nix new file mode 100644 index 000000000000..80a9c40ebc2e --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gopass/default.nix @@ -0,0 +1,73 @@ +{ stdenv +, makeWrapper +, buildGoModule +, fetchFromGitHub +, installShellFiles +, git +, gnupg +, xclip +, wl-clipboard +, passAlias ? false +}: + +buildGoModule rec { + pname = "gopass"; + version = "1.10.1"; + + nativeBuildInputs = [ installShellFiles makeWrapper ]; + + src = fetchFromGitHub { + owner = "gopasspw"; + repo = pname; + rev = "v${version}"; + sha256 = "0dhh64mxfhk610wr7bpakzgmc4a4iyhfkkl3qhjp6a46g9iygana"; + }; + + vendorSha256 = "07wv6yahx4yzr3h1x93x4r5rvw8wbfk836f04b4r9xjbnpq7lb2a"; + + doCheck = false; + + buildFlagsArray = [ "-ldflags=-s -w -X main.version=${version} -X main.commit=${src.rev}" ]; + + wrapperPath = stdenv.lib.makeBinPath ( + [ + git + gnupg + xclip + ] ++ stdenv.lib.optional stdenv.isLinux wl-clipboard + ); + + postInstall = '' + for shell in bash fish zsh; do + $out/bin/gopass completion $shell > gopass.$shell + installShellCompletion gopass.$shell + done + '' + stdenv.lib.optionalString passAlias '' + ln -s $out/bin/gopass $out/bin/pass + ''; + + postFixup = '' + for bin in $out/bin/*; do + wrapProgram $bin \ + --prefix PATH : "${wrapperPath}" + done + ''; + + meta = with stdenv.lib; { + description = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go"; + homepage = "https://www.gopass.pw/"; + license = licenses.mit; + maintainers = with maintainers; [ andir rvolosatovs ]; + platforms = platforms.unix; + + longDescription = '' + gopass is a rewrite of the pass password manager in Go with the aim of + making it cross-platform and adding additional features. Our target + audience are professional developers and sysadmins (and especially teams + of those) who are well versed with a command line interface. One explicit + goal for this project is to make it more approachable to non-technical + users. We go by the UNIX philosophy and try to do one thing and do it + well, providing a stellar user experience and a sane, simple interface. + ''; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix new file mode 100644 index 000000000000..975976c6a3c1 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix @@ -0,0 +1,41 @@ +{ fetchurl, makeWrapper, patchelf, stdenv, libXft, libX11, freetype, fontconfig, libXrender, libXScrnSaver, libXext }: + +stdenv.mkDerivation rec { + pname = "gorilla-bin"; + version = "1.5.3.7"; + + src = fetchurl { + name = "gorilla1537_64.bin"; + url = "http://gorilla.dp100.com/downloads/gorilla1537_64.bin"; + sha256 = "19ir6x4c01825hpx2wbbcxkk70ymwbw4j03v8b2xc13ayylwzx0r"; + }; + + nativeBuildInputs = [ patchelf makeWrapper ]; + phases = [ "unpackPhase" "installPhase" ]; + + unpackCmd = '' + mkdir gorilla; + cp $curSrc gorilla/gorilla-${version}; + ''; + + installPhase = let + interpreter = "$(< \"$NIX_CC/nix-support/dynamic-linker\")"; + libPath = stdenv.lib.makeLibraryPath [ libXft libX11 freetype fontconfig libXrender libXScrnSaver libXext ]; + in '' + mkdir -p $out/opt/password-gorilla + mkdir -p $out/bin + cp gorilla-${version} $out/opt/password-gorilla + chmod ugo+x $out/opt/password-gorilla/gorilla-${version} + patchelf --set-interpreter "${interpreter}" "$out/opt/password-gorilla/gorilla-${version}" + makeWrapper "$out/opt/password-gorilla/gorilla-${version}" "$out/bin/gorilla" \ + --prefix LD_LIBRARY_PATH : "${libPath}" + ''; + + meta = { + description = "Password Gorilla is a Tk based password manager"; + homepage = "https://github.com/zdia/gorilla/wiki"; + maintainers = [ stdenv.lib.maintainers.namore ]; + platforms = [ "x86_64-linux" ]; + license = stdenv.lib.licenses.gpl2; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/gpgstats/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/gpgstats/default.nix new file mode 100644 index 000000000000..80153b857c4f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/gpgstats/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchurl, ncurses, gpgme }: + +stdenv.mkDerivation rec { + pname = "gpgstats"; + version = "0.5"; + + src = fetchurl { + url = "https://www.vanheusden.com/gpgstats/${pname}-${version}.tgz"; + sha256 = "1n3njqhjwgfllcxs0xmk89dzgirrpfpfzkj71kqyvq97gc1wbcxy"; + }; + + buildInputs = [ ncurses gpgme ]; + + installPhase = '' + mkdir -p $out/bin + cp gpgstats $out/bin + ''; + + NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (!stdenv.is64bit) + "-D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1"; + + meta = with stdenv.lib; { + description = "Calculates statistics on the keys in your gpg key-ring"; + longDescription = '' + GPGstats calculates statistics on the keys in your key-ring. + ''; + homepage = "http://www.vanheusden.com/gpgstats/"; + license = licenses.gpl2; + maintainers = with maintainers; [ davidak ]; + platforms = platforms.unix; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/haka/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/haka/default.nix new file mode 100644 index 000000000000..9468ee2843bd --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/haka/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchurl, cmake, swig, wireshark, check, rsync, libpcap, gawk, libedit, pcre }: + +let version = "0.3.0"; in + +stdenv.mkDerivation { + pname = "haka"; + inherit version; + + src = fetchurl { + name = "haka_${version}_source.tar.gz"; + url = "https://github.com/haka-security/haka/releases/download/v${version}/haka_${version}_source.tar.gz"; + sha256 = "0dm39g3k77sa70zrjsqadidg27a6iqq61jzfdxazpllnrw4mjy4w"; + }; + + NIX_CFLAGS_COMPILE = "-Wno-error"; + + preConfigure = '' + sed -i 's,/etc,'$out'/etc,' src/haka/haka.c + sed -i 's,/etc,'$out'/etc,' src/haka/CMakeLists.txt + sed -i 's,/opt/haka/etc,$out/opt/haka/etc,' src/haka/haka.1 + sed -i 's,/etc,'$out'/etc,' doc/user/tool_suite_haka.rst + ''; + + buildInputs = [ cmake swig wireshark check rsync libpcap gawk libedit pcre ]; + + enableParallelBuilding = true; + + meta = { + description = "A collection of tools that allows capturing TCP/IP packets and filtering them based on Lua policy files"; + homepage = "http://www.haka-security.org/"; + license = stdenv.lib.licenses.mpl20; + maintainers = [ stdenv.lib.maintainers.tvestelind ]; + platforms = [ "x86_64-linux" "i686-linux" ]; # fails on aarch64 + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/hash-slinger/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/hash-slinger/default.nix new file mode 100644 index 000000000000..4fa0499f1dde --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/hash-slinger/default.nix @@ -0,0 +1,45 @@ +{ stdenv, fetchFromGitHub, pythonPackages, unbound, libreswan }: + +let + inherit (pythonPackages) python; +in stdenv.mkDerivation rec { + pname = "hash-slinger"; + version = "2.7"; + + src = fetchFromGitHub { + owner = "letoams"; + repo = pname; + rev = version; + sha256 = "05wn744ydclpnpyah6yfjqlfjlasrrhzj48lqmm5a91nyps5yqyn"; + }; + + pythonPath = with pythonPackages; [ dnspython m2crypto ipaddr python-gnupg + pyunbound ]; + + buildInputs = [ pythonPackages.wrapPython ]; + propagatedBuildInputs = [ unbound libreswan ] ++ pythonPath; + propagatedUserEnvPkgs = [ unbound libreswan ]; + + patchPhase = '' + substituteInPlace Makefile \ + --replace "$(DESTDIR)/usr" "$out" + substituteInPlace ipseckey \ + --replace "/usr/sbin/ipsec" "${libreswan}/sbin/ipsec" + substituteInPlace tlsa \ + --replace "/var/lib/unbound/root" "${pythonPackages.pyunbound}/etc/pyunbound/root" + patchShebangs * + ''; + + installPhase = '' + mkdir -p $out/bin $out/man $out/${python.sitePackages}/ + make install + wrapPythonPrograms + ''; + + meta = { + description = "Various tools to generate special DNS records"; + homepage = "https://github.com/letoams/hash-slinger"; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = [ stdenv.lib.maintainers.leenaars ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/hash_extender/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/hash_extender/default.nix new file mode 100644 index 000000000000..dc8ea8b2c9b4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/hash_extender/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub, openssl }: + +stdenv.mkDerivation { + pname = "hash_extender"; + version = "unstable-2020-03-24"; + + src = fetchFromGitHub { + owner = "iagox86"; + repo = "hash_extender"; + rev = "cb8aaee49f93e9c0d2f03eb3cafb429c9eed723d"; + sha256 = "1fj118566hr1wv03az2w0iqknazsqqkak0mvlcvwpgr6midjqi9b"; + }; + + buildInputs = [ openssl ]; + + doCheck = true; + checkPhase = "./hash_extender --test"; + + installPhase = '' + mkdir -p $out/bin + cp hash_extender $out/bin + ''; + + meta = with stdenv.lib; { + description = "Tool to automate hash length extension attacks"; + homepage = "https://github.com/iagox86/hash_extender"; + license = licenses.bsd3; + maintainers = with maintainers; [ oxzi ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/hashcash/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/hashcash/default.nix new file mode 100644 index 000000000000..bb8fba33e1d4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/hashcash/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchurl, openssl }: + +stdenv.mkDerivation rec { + pname = "hashcash"; + version = "1.22"; + + buildInputs = [ openssl ]; + + src = fetchurl { + url = "http://www.hashcash.org/source/hashcash-${version}.tgz"; + sha256 = "15kqaimwb2y8wvzpn73021bvay9mz1gqqfc40gk4hj6f84nz34h1"; + }; + + makeFlags = [ + "generic-openssl" + "LIBCRYPTO=-lcrypto" + ]; + + installFlags = [ + "INSTALL_PATH=${placeholder "out"}/bin" + "MAN_INSTALL_PATH=${placeholder "out"}/share/man/man1" + "DOC_INSTALL_PATH=${placeholder "out"}/share/doc/hashcash-$(version)" + ]; + + meta = with stdenv.lib; { + description = "Proof-of-work algorithm used as spam and denial-of-service counter measure"; + homepage = "http://hashcash.org"; + license = licenses.gpl2; + maintainers = with maintainers; [ kisonecat ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix new file mode 100644 index 000000000000..7dcfff038a8d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "hashcat-utils"; + version = "1.9"; + + src = fetchFromGitHub { + owner = "hashcat"; + repo = pname; + rev = "v${version}"; + sha256 = "0wgc6wv7i6cs95rgzzx3zqm14xxbjyajvcqylz8w97d8kk4x4wjr"; + }; + + sourceRoot = "source/src"; + + installPhase = '' + runHook preInstall + install -Dm0555 *.bin -t $out/bin + install -Dm0555 *.pl -t $out/bin + runHook postInstall + ''; + + meta = with stdenv.lib; { + description = "Small utilities that are useful in advanced password cracking"; + homepage = "https://github.com/hashcat/hashcat-utils"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ fadenb ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/hashcat/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/hashcat/default.nix new file mode 100644 index 000000000000..b156cda99ac7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/hashcat/default.nix @@ -0,0 +1,40 @@ +{ stdenv +, fetchurl +, makeWrapper +, opencl-headers +, ocl-icd +, xxHash +}: + +stdenv.mkDerivation rec { + pname = "hashcat"; + version = "6.1.1"; + + src = fetchurl { + url = "https://hashcat.net/files/hashcat-${version}.tar.gz"; + sha256 = "104z63m7lqbb0sdrxhf9yi15l4a9zwf9m6zs9dbb3gf0nfxl1h9r"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ opencl-headers xxHash ]; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + "COMPTIME=1337" + "VERSION_TAG=${version}" + "USE_SYSTEM_OPENCL=1" + "USE_SYSTEM_XXHASH=1" + ]; + + postFixup = '' + wrapProgram $out/bin/hashcat --prefix LD_LIBRARY_PATH : ${ocl-icd}/lib + ''; + + meta = with stdenv.lib; { + description = "Fast password cracker"; + homepage = "https://hashcat.net/hashcat/"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ kierdavis zimbatm ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/hashdeep/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/hashdeep/default.nix new file mode 100644 index 000000000000..4ad656462b14 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/hashdeep/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchFromGitHub, autoreconfHook }: + +let version = "4.4"; +in stdenv.mkDerivation { + name = "hashdeep-${version}"; + + src = fetchFromGitHub { + owner = "jessek"; + repo = "hashdeep"; + rev = "release-${version}"; + sha256 = "0m2b042ndikavmplv3qjdhfj44hl1h8car83c192xi9nv5ahi7mf"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + meta = with stdenv.lib; { + description = "A set of cross-platform tools to compute hashes"; + homepage = "https://github.com/jessek/hashdeep"; + license = licenses.gpl2; + platforms = with platforms; linux ++ freebsd ++ openbsd; + maintainers = [ stdenv.lib.maintainers.karantan ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/haveged/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/haveged/default.nix new file mode 100644 index 000000000000..c676a173092d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/haveged/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "haveged"; + version = "1.9.2"; + + src = fetchurl { + url = "http://www.issihosts.com/haveged/haveged-${version}.tar.gz"; + sha256 = "0w5ypz6451msckivjriwyw8djydlwffam7x23xh626s2vzdrlzgp"; + }; + + meta = { + description = "A simple entropy daemon"; + longDescription = '' + The haveged project is an attempt to provide an easy-to-use, unpredictable + random number generator based upon an adaptation of the HAVEGE algorithm. + Haveged was created to remedy low-entropy conditions in the Linux random device + that can occur under some workloads, especially on headless servers. Current development + of haveged is directed towards improving overall reliability and adaptability while minimizing + the barriers to using haveged for other tasks. + ''; + homepage = "http://www.issihosts.com/haveged/"; + license = stdenv.lib.licenses.gpl3; + maintainers = [ stdenv.lib.maintainers.domenkozar ]; + platforms = stdenv.lib.platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix new file mode 100644 index 000000000000..afc08d88a590 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix @@ -0,0 +1,25 @@ +{ stdenv, lib, fetchFromGitHub, openssl }: + +stdenv.mkDerivation rec { + pname = "hcxdumptool"; + version = "6.1.4"; + + src = fetchFromGitHub { + owner = "ZerBea"; + repo = "hcxdumptool"; + rev = version; + sha256 = "14rwcchqpsxyzvk086d7wbi5qlcxj4jcmafzgvkwzrpbspqh8p24"; + }; + + buildInputs = [ openssl ]; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with stdenv.lib; { + homepage = "https://github.com/ZerBea/hcxdumptool"; + description = "Small tool to capture packets from wlan devices"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ danielfullmer ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/hcxtools/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/hcxtools/default.nix new file mode 100644 index 000000000000..a81c1ef75cf0 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/hcxtools/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub, curl, openssl, zlib }: + +stdenv.mkDerivation rec { + pname = "hcxtools"; + version = "6.0.3"; + + src = fetchFromGitHub { + owner = "ZerBea"; + repo = pname; + rev = version; + sha256 = "0s9l5mvzcv6hnj7h28piabnm66b09hk2l57vb85ny35w99hzpkc0"; + }; + + buildInputs = [ curl openssl zlib ]; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + ]; + + meta = with stdenv.lib; { + description = "Tools for capturing wlan traffic and conversion to hashcat and John the Ripper formats"; + homepage = "https://github.com/ZerBea/hcxtools"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ dywedir ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/hologram/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/hologram/default.nix new file mode 100644 index 000000000000..9a8722ac2639 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/hologram/default.nix @@ -0,0 +1,26 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "hologram-2018-03-19"; + rev = "a7bab58642b530edb75b9cf6c1d834c85822ceac"; + + src = fetchFromGitHub { + owner = "AdRoll"; + repo = "hologram"; + inherit rev; + sha256 = "00scryz8js6gbw8lp2y23qikbazz2dd992r97rqh0l1q4baa0ckn"; + }; + + goPackagePath = "github.com/AdRoll/hologram"; + + preConfigure = '' + sed -i 's|cacheTimeout != 3600|cacheTimeout != 0|' cmd/hologram-server/main.go + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/AdRoll/hologram/"; + description = "Easy, painless AWS credentials on developer laptops"; + maintainers = with maintainers; [ nand0p ]; + license = licenses.asl20; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/honggfuzz/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/honggfuzz/default.nix new file mode 100644 index 000000000000..a46acef81d75 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/honggfuzz/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchFromGitHub, callPackage, makeWrapper +, clang, llvm, libbfd, libopcodes, libunwind, libblocksruntime +}: + +let + honggfuzz = stdenv.mkDerivation rec { + pname = "honggfuzz"; + version = "2.3.1"; + + src = fetchFromGitHub { + owner = "google"; + repo = pname; + rev = version; + sha256 = "0dcl5a5jykgfmnfj42vl7kah9k26wg38l2g6yfh5pssmlf0nax33"; + }; + + postPatch = '' + substituteInPlace hfuzz_cc/hfuzz-cc.c \ + --replace '"clang' '"${clang}/bin/clang' + ''; + + enableParallelBuilding = true; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ llvm ]; + propagatedBuildInputs = [ libbfd libopcodes libunwind libblocksruntime ]; + + makeFlags = [ "PREFIX=$(out)" ]; + + meta = { + description = "A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer"; + longDescription = '' + Honggfuzz is a security oriented, feedback-driven, evolutionary, + easy-to-use fuzzer with interesting analysis options. It is + multi-process and multi-threaded, blazingly fast when the persistent + fuzzing mode is used and has a solid track record of uncovered security + bugs. + + Honggfuzz uses low-level interfaces to monitor processes and it will + discover and report hijacked/ignored signals from crashes. Feed it + a simple corpus directory (can even be empty for the feedback-driven + fuzzing), and it will work its way up, expanding it by utilizing + feedback-based coverage metrics. + ''; + homepage = "https://honggfuzz.dev/"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux"]; + maintainers = with stdenv.lib.maintainers; [ cpu ]; + }; + }; +in honggfuzz diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix new file mode 100644 index 000000000000..c177726bbb16 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchurl, lib, openssl }: + +stdenv.mkDerivation rec { + pname = "ibm-sw-tpm2"; + version = "1637"; + + src = fetchurl { + url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz"; + sha256 = "09z3wbv38dc8wnw1q961s6bcd0kvz2xkjp6dxg4kn914fwzlqfnx"; + }; + + buildInputs = [ openssl ]; + + sourceRoot = "src"; + + prePatch = '' + # Fix hardcoded path to GCC. + substituteInPlace makefile --replace /usr/bin/gcc "${stdenv.cc}/bin/cc" + + # Remove problematic default CFLAGS. + substituteInPlace makefile \ + --replace -Werror "" \ + --replace -O0 "" \ + --replace -ggdb "" + ''; + + installPhase = '' + mkdir -p $out/bin + cp tpm_server $out/bin + ''; + + meta = with lib; { + description = "IBM's Software TPM 2.0, an implementation of the TCG TPM 2.0 specification"; + homepage = "https://sourceforge.net/projects/ibmswtpm2/"; + platforms = platforms.linux; + maintainers = with maintainers; [ delroth ]; + license = licenses.bsd3; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ifdnfc/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ifdnfc/default.nix new file mode 100644 index 000000000000..bab6527f4153 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ifdnfc/default.nix @@ -0,0 +1,45 @@ +{ stdenv, fetchFromGitHub , pkgconfig +, pcsclite +, autoreconfHook +, libnfc +}: + +stdenv.mkDerivation { + pname = "ifdnfc"; + version = "2016-03-01"; + + src = fetchFromGitHub { + owner = "nfc-tools"; + repo = "ifdnfc"; + rev = "0e48e8e"; + sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg"; + }; + nativeBuildInputs = [ pkgconfig autoreconfHook ]; + buildInputs = [ pcsclite libnfc ]; + + configureFlags = [ "--prefix=$(out)" ]; + makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ]; + + meta = with stdenv.lib; { + description = "PC/SC IFD Handler based on libnfc"; + longDescription = + '' libnfc Interface Plugin to be used in <code>services.pcscd.plugins</code>. + It provides support for all readers which are not supported by ccid but by libnfc. + + For activating your reader you need to run + <code>ifdnfc-activate yes<code> with this package in your + <code>environment.systemPackages</code> + + To use your reader you may need to blacklist your reader kernel modules: + <code>boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ];</code> + + Supports the pn533 smart-card reader chip which is for example used in + the SCM SCL3711. + ''; + homepage = "https://github.com/nfc-tools/ifdnfc"; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ makefu ]; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ipscan/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ipscan/default.nix new file mode 100644 index 000000000000..4963f5774875 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ipscan/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, jdk, jre, swt, makeWrapper, xorg, dpkg }: + +stdenv.mkDerivation rec { + pname = "ipscan"; + version = "3.7.3"; + + src = fetchurl { + url = "https://github.com/angryip/ipscan/releases/download/${version}/ipscan_${version}_all.deb"; + sha256 = "18vvjqsxkz9g503k983cxdzzz6sdkv6qg3nwf8af9k34ynhhh0m7"; + }; + + sourceRoot = "."; + unpackCmd = "${dpkg}/bin/dpkg-deb -x $src ."; + + buildInputs = [ makeWrapper jdk ]; + + installPhase = '' + mkdir -p $out/share + cp usr/lib/ipscan/ipscan-any-${version}.jar $out/share/${pname}-${version}.jar + + makeWrapper ${jre}/bin/java $out/bin/ipscan \ + --prefix LD_LIBRARY_PATH : "$out/lib/:${stdenv.lib.makeLibraryPath [ swt xorg.libXtst ]}" \ + --add-flags "-Xmx256m -cp $out/share/${pname}-${version}.jar:${swt}/jars/swt.jar net.azib.ipscan.Main" + + mkdir -p $out/share/applications + cp usr/share/applications/ipscan.desktop $out/share/applications/ipscan.desktop + substituteInPlace $out/share/applications/ipscan.desktop --replace "/usr/bin" "$out/bin" + + mkdir -p $out/share/pixmaps + cp usr/share/pixmaps/ipscan.png $out/share/pixmaps/ipscan.png + ''; + + meta = with stdenv.lib; { + description = "Fast and friendly network scanner"; + homepage = "https://angryip.org"; + license = licenses.gpl2; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ kylesferrazza ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/jadx/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/jadx/default.nix new file mode 100644 index 000000000000..770062736bf1 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/jadx/default.nix @@ -0,0 +1,103 @@ +{ stdenv, fetchFromGitHub, gradle, jdk, makeWrapper, perl }: + +let + pname = "jadx"; + version = "1.2.0"; + + src = fetchFromGitHub { + owner = "skylot"; + repo = pname; + rev = "v${version}"; + sha256 = "1w1wc81mkjcsgjbrihbsphxkcmwnfnf555pmlsd2vs2a04nki01y"; + }; + + deps = stdenv.mkDerivation { + name = "${pname}-deps"; + inherit src; + + nativeBuildInputs = [ gradle jdk perl ]; + + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d) + export JADX_VERSION=${version} + gradle --no-daemon jar + ''; + + # Mavenize dependency paths + # e.g. org.codehaus.groovy/groovy/2.4.0/{hash}/groovy-2.4.0.jar -> org/codehaus/groovy/groovy/2.4.0/groovy-2.4.0.jar + installPhase = '' + find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \ + | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \ + | sh + ''; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "05fsycpd90dbak2vgdpd9cz08liq5j78ag9ry9y1s62ld776g0hz"; + }; +in stdenv.mkDerivation { + inherit pname version src; + + nativeBuildInputs = [ gradle jdk makeWrapper ]; + + buildPhase = '' + # The installDist Gradle build phase tries to copy some dependency .jar + # files multiple times into the build directory. This ends up failing when + # the dependencies are read directly from the Nix store since they are not + # marked as chmod +w. To work around this, get a local copy of the + # dependency store, and give write permissions. + depsDir=$(mktemp -d) + cp -R ${deps}/* $depsDir + chmod -R u+w $depsDir + + gradleInit=$(mktemp) + cat >$gradleInit <<EOF + gradle.projectsLoaded { + rootProject.allprojects { + buildscript { + repositories { + clear() + maven { url '$depsDir' } + } + } + repositories { + clear() + maven { url '$depsDir' } + } + } + } + + settingsEvaluated { settings -> + settings.pluginManagement { + repositories { + maven { url '$depsDir' } + } + } + } + EOF + + export GRADLE_USER_HOME=$(mktemp -d) + export JADX_VERSION=${version} + gradle --offline --no-daemon --info --init-script $gradleInit pack + ''; + + installPhase = '' + mkdir $out $out/bin + cp -R build/jadx/lib $out + for prog in jadx jadx-gui; do + cp build/jadx/bin/$prog $out/bin + wrapProgram $out/bin/$prog --set JAVA_HOME ${jdk.home} + done + ''; + + meta = with stdenv.lib; { + description = "Dex to Java decompiler"; + longDescription = '' + Command line and GUI tools for produce Java source code from Android Dex + and Apk files. + ''; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ delroth ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/jd-gui/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/jd-gui/default.nix new file mode 100644 index 000000000000..91c092922f04 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/jd-gui/default.nix @@ -0,0 +1,109 @@ +{ stdenv, fetchFromGitHub, jre, jdk, gradle_5, makeDesktopItem, copyDesktopItems, perl, writeText, runtimeShell }: + +let + pname = "jd-gui"; + version = "1.6.6"; + + src = fetchFromGitHub { + owner = "java-decompiler"; + repo = pname; + rev = "v${version}"; + sha256 = "010bd3q2m4jy4qz5ahdx86b5f558s068gbjlbpdhq3bhh4yrjy20"; + }; + + deps = stdenv.mkDerivation { + name = "${pname}-deps"; + inherit src; + + nativeBuildInputs = [ jdk perl gradle_5 ]; + + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d); + gradle --no-daemon jar + ''; + + # Mavenize dependency paths + # e.g. org.codehaus.groovy/groovy/2.4.0/{hash}/groovy-2.4.0.jar -> org/codehaus/groovy/groovy/2.4.0/groovy-2.4.0.jar + installPhase = '' + find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \ + | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \ + | sh + ''; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "1qil12s0daxpxj5xj5dj6s2k89is0kiir2vcafkm3lasc41acmk3"; + }; + + # Point to our local deps repo + gradleInit = writeText "init.gradle" '' + logger.lifecycle 'Replacing Maven repositories with ${deps}...' + + gradle.projectsLoaded { + rootProject.allprojects { + buildscript { + repositories { + clear() + maven { url '${deps}' } + } + } + repositories { + clear() + maven { url '${deps}' } + } + } + } + ''; + + desktopItem = makeDesktopItem { + name = "jd-gui"; + exec = "jd-gui %F"; + icon = "jd-gui"; + comment = "Java Decompiler JD-GUI"; + desktopName = "JD-GUI"; + genericName = "Java Decompiler"; + mimeType = "application/java;application/java-vm;application/java-archive"; + categories = "Development;Debugger;"; + extraEntries="StartupWMClass=org-jd-gui-App"; + }; + +in stdenv.mkDerivation rec { + inherit pname version src; + name = "${pname}-${version}"; + + nativeBuildInputs = [ jdk gradle_5 copyDesktopItems ]; + + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d) + gradle --offline --no-daemon --info --init-script ${gradleInit} jar + ''; + + installPhase = let + jar = "$out/share/jd-gui/${name}.jar"; + in '' + runHook preInstall + + mkdir -p $out/bin $out/share/{jd-gui,icons/hicolor/128x128/apps} + cp build/libs/${name}.jar ${jar} + cp src/linux/resources/jd_icon_128.png $out/share/icons/hicolor/128x128/apps/jd-gui.png + + cat > $out/bin/jd-gui <<EOF + #!${runtimeShell} + export JAVA_HOME=${jre} + exec ${jre}/bin/java -jar ${jar} "\$@" + EOF + chmod +x $out/bin/jd-gui + + runHook postInstall + ''; + + desktopItems = [ desktopItem ]; + + meta = with stdenv.lib; { + description = "Fast Java Decompiler with powerful GUI"; + homepage = "https://java-decompiler.github.io/"; + license = licenses.gpl3; + platforms = platforms.unix; + maintainers = [ maintainers.thoughtpolice ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/john/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/john/default.nix new file mode 100644 index 000000000000..2fedec48c700 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/john/default.nix @@ -0,0 +1,76 @@ +{ stdenv, fetchurl, openssl, nss, nspr, kerberos, gmp, zlib, libpcap, re2 +, gcc, python3Packages, perl, perlPackages, makeWrapper +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + pname = "john"; + version = "1.9.0-jumbo-1"; + + src = fetchurl { + url = "http://www.openwall.com/john/k/${pname}-${version}.tar.xz"; + sha256 = "0fvz3v41hnaiv1ggpxanfykyfjq79cwp9qcqqn63vic357w27lgm"; + }; + + postPatch = '' + sed -ri -e ' + s!^(#define\s+CFG_[A-Z]+_NAME\s+).*/!\1"'"$out"'/etc/john/! + /^#define\s+JOHN_SYSTEMWIDE/s!/usr!'"$out"'! + ' src/params.h + sed -ri -e '/^\.include/ { + s!\$JOHN!'"$out"'/etc/john! + s!^(\.include\s*)<([^./]+\.conf)>!\1"'"$out"'/etc/john/\2"! + }' run/*.conf + ''; + + preConfigure = '' + cd src + # Makefile.in depends on AS and LD being set to CC, which is set by default in configure.ac. + # This ensures we override the environment variables set in cc-wrapper/setup-hook.sh + export AS=$CC + export LD=$CC + ''; + configureFlags = [ + "--disable-native-tests" + "--with-systemwide" + ]; + + buildInputs = [ openssl nss nspr kerberos gmp zlib libpcap re2 ]; + nativeBuildInputs = [ gcc python3Packages.wrapPython perl makeWrapper ]; + propagatedBuildInputs = (with python3Packages; [ dpkt scapy lxml ]) ++ # For pcap2john.py + (with perlPackages; [ DigestMD4 DigestSHA1 GetoptLong # For pass_gen.pl + perlldap ]); # For sha-dump.pl + # TODO: Get dependencies for radius2john.pl and lion2john-alt.pl + + # gcc -DAC_BUILT -Wall vncpcap2john.o memdbg.o -g -lpcap -fopenmp -o ../run/vncpcap2john + # gcc: error: memdbg.o: No such file or directory + enableParallelBuilding = false; + + postInstall = '' + mkdir -p "$out/bin" "$out/etc/john" "$out/share/john" "$out/share/doc/john" "$out/share/john/rules" "$out/${perlPackages.perl.libPrefix}" + find -L ../run -mindepth 1 -maxdepth 1 -type f -executable \ + -exec cp -d {} "$out/bin" \; + cp -vt "$out/etc/john" ../run/*.conf + cp -vt "$out/share/john" ../run/*.chr ../run/password.lst + cp -vt "$out/share/john/rules" ../run/rules/*.rule + cp -vrt "$out/share/doc/john" ../doc/* + cp -vt "$out/${perlPackages.perl.libPrefix}" ../run/lib/* + ''; + + postFixup = '' + wrapPythonPrograms + + for i in $out/bin/*.pl; do + wrapProgram "$i" --prefix PERL5LIB : "$PERL5LIB:$out/${perlPackages.perl.libPrefix}" + done + ''; + + meta = { + description = "John the Ripper password cracker"; + license = licenses.gpl2; + homepage = "https://github.com/magnumripper/JohnTheRipper/"; + maintainers = with maintainers; [ offline matthewbauer ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/jwt-cli/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/jwt-cli/default.nix new file mode 100644 index 000000000000..728ea0a92da5 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/jwt-cli/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub, rustPlatform, Security, fetchpatch }: + +rustPlatform.buildRustPackage rec { + pname = "jwt-cli"; + version = "3.2.1"; + + src = fetchFromGitHub { + owner = "mike-engel"; + repo = pname; + rev = version; + sha256 = "07mnkr7hi29fyyyn7llb30p4ndiqz4gf1lnhm44qm09alaxmfvws"; + }; + + cargoSha256 = "0jkzy7ssg9v9phhlldq6s4rfs3sn17y2r1k0jr10g9j15lzixa04"; + + buildInputs = stdenv.lib.optional stdenv.isDarwin Security; + + doInstallCheck = true; + installCheckPhase = "$out/bin/jwt --version"; + + meta = with stdenv.lib; { + description = "Super fast CLI tool to decode and encode JWTs"; + homepage = "https://github.com/mike-engel/jwt-cli"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ rycee ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/kbs2/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/kbs2/default.nix new file mode 100644 index 000000000000..78935040fe14 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/kbs2/default.nix @@ -0,0 +1,44 @@ +{ stdenv, rustPlatform, fetchFromGitHub, installShellFiles, python3, libxcb, AppKit }: + +rustPlatform.buildRustPackage rec { + pname = "kbs2"; + version = "0.1.6"; + + src = fetchFromGitHub { + owner = "woodruffw"; + repo = pname; + rev = "v${version}"; + sha256 = "0n83d4zvy74rn38fqq84lm58l24c3r87m2di2sw4cdr1hkjg3nbl"; + }; + + cargoSha256 = "0kafyljn3b87k5m0wdii0gfa4wj1yfys8jqx79inj82m0w1khprk"; + + nativeBuildInputs = [ installShellFiles ] + ++ stdenv.lib.optionals stdenv.isLinux [ python3 ]; + + buildInputs = [ ] + ++ stdenv.lib.optionals stdenv.isLinux [ libxcb ] + ++ stdenv.lib.optionals stdenv.isDarwin [ AppKit ]; + + preCheck = '' + export HOME=$TMPDIR + ''; + + checkFlagsArray = [ "--skip=kbs2::config::tests::test_find_config_dir" ]; + + postInstall = '' + mkdir -p $out/share/kbs2 + cp -r contrib/ $out/share/kbs2 + for shell in bash fish zsh; do + $out/bin/kbs2 --completions $shell > kbs2.$shell + installShellCompletion kbs2.$shell + done + ''; + + meta = with stdenv.lib; { + description = "A secret manager backed by age"; + homepage = "https://github.com/woodruffw/kbs2"; + license = licenses.mit; + maintainers = [ maintainers.marsam ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/default.nix new file mode 100644 index 000000000000..ddc83ce0ce62 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/default.nix @@ -0,0 +1,41 @@ +{ stdenv, substituteAll, lib, buildGoPackage, fetchFromGitHub +, AVFoundation, AudioToolbox, ImageIO, CoreMedia +, Foundation, CoreGraphics, MediaToolbox +, gnupg +}: + +buildGoPackage rec { + pname = "keybase"; + version = "5.5.2"; + + goPackagePath = "github.com/keybase/client"; + subPackages = [ "go/kbnm" "go/keybase" ]; + + dontRenameImports = true; + + src = fetchFromGitHub { + owner = "keybase"; + repo = "client"; + rev = "v${version}"; + sha256 = "01k50mank6cdc7q3yd8m7xi8vmyklsqlmz7hw17a35lqcsjzy9zj"; + }; + + patches = [ + (substituteAll { + src = ./fix-paths-keybase.patch; + gpg = "${gnupg}/bin/gpg"; + gpg2 = "${gnupg}/bin/gpg2"; + }) + ]; + + buildInputs = stdenv.lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ]; + buildFlags = [ "-tags production" ]; + + meta = with stdenv.lib; { + homepage = "https://www.keybase.io/"; + description = "The Keybase official command-line utility and service"; + platforms = platforms.linux ++ platforms.darwin; + maintainers = with maintainers; [ avaq carlsverre np rvolosatovs Br1ght0ne ]; + license = licenses.bsd3; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/fix-paths-keybase.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/fix-paths-keybase.patch new file mode 100644 index 000000000000..b3de7bbb530d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/fix-paths-keybase.patch @@ -0,0 +1,16 @@ +diff --git a/go/libkb/gpg_cli.go b/go/libkb/gpg_cli.go +index 3c7c6257..ae8f7e2f 100644 +--- a/go/libkb/gpg_cli.go ++++ b/go/libkb/gpg_cli.go +@@ -54,9 +54,9 @@ func (g *GpgCLI) Configure(mctx MetaContext) (err error) { + if len(prog) > 0 { + err = canExec(prog) + } else { +- prog, err = exec.LookPath("gpg2") ++ prog, err = exec.LookPath("@gpg2@") + if err != nil { +- prog, err = exec.LookPath("gpg") ++ prog, err = exec.LookPath("@gpg@") + } + } + if err != nil { diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/gui.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/gui.nix new file mode 100644 index 000000000000..13a1fed2e308 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/gui.nix @@ -0,0 +1,115 @@ +{ stdenv, lib, fetchurl, alsaLib, atk, cairo, cups, udev +, dbus, expat, fontconfig, freetype, gdk-pixbuf, glib, gtk3, libappindicator-gtk3 +, libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook +, runtimeShell, gsettings-desktop-schemas }: + +let + versionSuffix = "20201016183637.d4ebf7d999"; +in + +stdenv.mkDerivation rec { + pname = "keybase-gui"; + version = "5.5.2"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + + src = fetchurl { + + url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; + sha256 = "0qwbqnc6dhfnx3gdwl1lyhdsbclaxpkv3zr3dmxfx1242s64v0c1"; + }; + + nativeBuildInputs = [ + autoPatchelfHook + wrapGAppsHook + ]; + + buildInputs = [ + alsaLib + atk + cairo + cups + dbus + expat + fontconfig + freetype + gdk-pixbuf + glib + gsettings-desktop-schemas + gtk3 + libappindicator-gtk3 + libnotify + nspr + nss + pango + systemd + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libxcb + ]; + + runtimeDependencies = [ + (lib.getLib udev) + libappindicator-gtk3 + ]; + + dontBuild = true; + dontConfigure = true; + dontPatchELF = true; + + unpackPhase = '' + ar xf $src + tar xf data.tar.xz + ''; + + installPhase = '' + mkdir -p $out/bin + mv usr/share $out/share + mv opt/keybase $out/share/ + + cat > $out/bin/keybase-gui <<EOF + #!${runtimeShell} + + checkFailed() { + if [ "\$NIX_SKIP_KEYBASE_CHECKS" = "1" ]; then + return + fi + echo "Set NIX_SKIP_KEYBASE_CHECKS=1 if you want to skip this check." >&2 + exit 1 + } + + if [ ! -S "\$XDG_RUNTIME_DIR/keybase/keybased.sock" ]; then + echo "Keybase service doesn't seem to be running." >&2 + echo "You might need to run: keybase service" >&2 + checkFailed + fi + + if [ -z "\$(keybase status | grep kbfsfuse)" ]; then + echo "Could not find kbfsfuse client in keybase status." >&2 + echo "You might need to run: kbfsfuse" >&2 + checkFailed + fi + + exec $out/share/keybase/Keybase "\$@" + EOF + chmod +x $out/bin/keybase-gui + + substituteInPlace $out/share/applications/keybase.desktop \ + --replace run_keybase $out/bin/keybase-gui + ''; + + meta = with stdenv.lib; { + homepage = "https://www.keybase.io/"; + description = "The Keybase official GUI"; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ avaq rvolosatovs puffnfresh np Br1ght0ne ]; + license = licenses.bsd3; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/kbfs.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/kbfs.nix new file mode 100644 index 000000000000..e9284e7230fb --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/keybase/kbfs.nix @@ -0,0 +1,22 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, keybase }: + +buildGoPackage { + pname = "kbfs"; + + inherit (keybase) src version; + + goPackagePath = "github.com/keybase/client"; + subPackages = [ "go/kbfs/kbfsfuse" "go/kbfs/redirector" "go/kbfs/kbfsgit/git-remote-keybase" ]; + + dontRenameImports = true; + + buildFlags = [ "-tags production" ]; + + meta = with stdenv.lib; { + homepage = "https://keybase.io/docs/kbfs"; + description = "The Keybase filesystem"; + platforms = platforms.unix; + maintainers = with maintainers; [ avaq rvolosatovs bennofs np ]; + license = licenses.bsd3; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/keycard-cli/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/keycard-cli/default.nix new file mode 100644 index 000000000000..73eab6c3dec9 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/keycard-cli/default.nix @@ -0,0 +1,31 @@ +{ lib, buildGoPackage, fetchFromGitHub, pkgconfig, pcsclite }: + +buildGoPackage rec { + pname = "keycard-cli"; + version = "0.4.0"; + + goPackagePath = "github.com/status-im/keycard-cli"; + subPackages = [ "." ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ pcsclite ]; + + src = fetchFromGitHub { + owner = "status-im"; + repo = pname; + rev = version; + sha256 = "0917vl5lw8wgvyn5l8q6xa8bqh342fibaa38syr8hmz8b09qkh38"; + }; + + buildFlagsArray = [ + "-ldflags=" + "-X main.version=${version}" + ]; + + meta = with lib; { + description = "A command line tool and shell to manage keycards"; + homepage = "https://keycard.status.im"; + license = licenses.mpl20; + maintainers = [ maintainers.zimbatm ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/keysmith/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/keysmith/default.nix new file mode 100644 index 000000000000..142e9c1e4a04 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/keysmith/default.nix @@ -0,0 +1,40 @@ +{ lib +, mkDerivation +, makeWrapper +, fetchFromGitHub +, cmake +, extra-cmake-modules +, qtbase +, qtquickcontrols2 +, qtdeclarative +, qtgraphicaleffects +, kirigami2 +, oathToolkit +, ki18n +, libsodium +}: +mkDerivation rec { + + pname = "keysmith"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "KDE"; + repo = "keysmith"; + rev = "v${version}"; + sha256 = "1gvzw23mly8cp7ag3xpbngpid9gqrfj8cyv9dar6i9j660bh03km"; + }; + + nativeBuildInputs = [ cmake extra-cmake-modules makeWrapper ]; + + buildInputs = [ libsodium ki18n oathToolkit kirigami2 qtquickcontrols2 qtbase ]; + propagatedBuildInput = [ oathToolkit ]; + + meta = with lib; { + description = "OTP client for Plasma Mobile and Desktop"; + license = licenses.gpl3; + homepage = "https://github.com/KDE/keysmith"; + maintainers = with maintainers; [ shamilton ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/knockknock/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/knockknock/default.nix new file mode 100644 index 000000000000..9478bb4ca237 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/knockknock/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub, python2Packages, hping }: +let + rev = "bf14bbff"; +in python2Packages.buildPythonApplication rec { + pname = "knockknock-r"; + version = rev; + + src = fetchFromGitHub { + inherit rev; + owner = "moxie0"; + repo = "knockknock"; + sha256 = "1chpfs3w2vkjrgay69pbdr116z1jldv53fi768a1i05fdqhy1px4"; + }; + + propagatedBuildInputs = [ python2Packages.pycrypto ]; + + # No tests + doCheck = false; + + patchPhase = '' + sed -i '/build\//d' setup.py + substituteInPlace setup.py --replace "/etc" "$out/etc" + substituteInPlace knockknock.py --replace 'existsInPath("hping3")' '"${hping}/bin/hping3"' + ''; + + meta = with stdenv.lib; { + description = "Simple, secure port knocking daemon and client written in Python"; + homepage = "http://www.thoughtcrime.org/software/knockknock/"; + license = licenses.gpl3; + maintainers = with maintainers; [ copumpkin ]; + platforms = platforms.linux; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/kpcli/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/kpcli/default.nix new file mode 100644 index 000000000000..12e2bb03d38d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/kpcli/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchurl, makeWrapper, perl, perlPackages }: + +stdenv.mkDerivation rec { + version = "3.6"; + pname = "kpcli"; + + src = fetchurl { + url = "mirror://sourceforge/kpcli/${pname}-${version}.pl"; + sha256 = "1srd6vrqgjlf906zdyxp4bg6gihkxn62cpzyfv0zzpsqsj13iwh1"; + }; + + buildInputs = [ makeWrapper perl ]; + + phases = [ "installPhase" "fixupPhase" ]; + + installPhase = '' + mkdir -p $out/{bin,share} + cp ${src} $out/share/kpcli.pl + chmod +x $out/share/kpcli.pl + + makeWrapper $out/share/kpcli.pl $out/bin/kpcli --set PERL5LIB \ + "${with perlPackages; makePerlPath ([ + CaptureTiny Clipboard Clone CryptRijndael SortNaturally TermReadKey TermShellUI FileKeePass TermReadLineGnu XMLParser + ] ++ stdenv.lib.optional stdenv.isDarwin MacPasteboard)}" + ''; + + + meta = with stdenv.lib; { + description = "KeePass Command Line Interface"; + longDescription = '' + KeePass Command Line Interface (CLI) / interactive shell. + Use this program to access and manage your KeePass 1.x or 2.x databases from a Unix-like command line. + ''; + license = licenses.artistic1; + homepage = "http://kpcli.sourceforge.net"; + platforms = platforms.all; + maintainers = [ maintainers.j-keck ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/krunner-pass/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/krunner-pass/default.nix new file mode 100644 index 000000000000..7904235b86a4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/krunner-pass/default.nix @@ -0,0 +1,43 @@ +{ mkDerivation, lib, fetchFromGitHub, fetchpatch, cmake, extra-cmake-modules +, kauth, krunner +, pass, pass-otp ? null }: + +mkDerivation rec { + pname = "krunner-pass"; + version = "1.3.0"; + + src = fetchFromGitHub { + owner = "akermu"; + repo = "krunner-pass"; + rev = "v${version}"; + sha256 = "032fs2174ls545kjixbhzyd65wgxkw4s5vg8b20irc5c9ak3pxm0"; + }; + + buildInputs = [ + kauth krunner + pass pass-otp + ]; + + nativeBuildInputs = [ cmake extra-cmake-modules ]; + + patches = [ + (fetchpatch { + url = "https://github.com/peterhoeg/krunner-pass/commit/be2695f4ae74b0cccec8294defcc92758583d96b.patch"; + sha256 = "098dqnal57994p51p2srfzg4lgcd6ybp29h037llr9cdv02hdxvl"; + name = "fix_build.patch"; + }) + ./pass-path.patch + ]; + + CXXFLAGS = [ + ''-DNIXPKGS_PASS=\"${lib.getBin pass}/bin/pass\"'' + ]; + + meta = with lib; { + description = "Integrates krunner with pass the unix standard password manager (https://www.passwordstore.org/)"; + homepage = "https://github.com/akermu/krunner-pass"; + license = licenses.gpl3; + maintainers = with maintainers; [ ysndr ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/krunner-pass/pass-path.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/krunner-pass/pass-path.patch new file mode 100644 index 000000000000..4ceb3c5d92da --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/krunner-pass/pass-path.patch @@ -0,0 +1,13 @@ +diff --git a/pass.cpp b/pass.cpp +index c02f9d0..85c5b99 100644 +--- a/pass.cpp ++++ b/pass.cpp +@@ -193,7 +193,7 @@ void Pass::run(const Plasma::RunnerContext &context, const Plasma::QueryMatch &m + } else { + args << "show" << match.text(); + } +- pass->start("pass", args); ++ pass->start(NIXPKGS_PASS, args); + + connect(pass, static_cast<void(QProcess::*)(int, QProcess::ExitStatus)>(&QProcess::finished), + [=](int exitCode, QProcess::ExitStatus exitStatus) { diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/kwalletcli/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/kwalletcli/default.nix new file mode 100644 index 000000000000..d03de5f7cfc2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/kwalletcli/default.nix @@ -0,0 +1,49 @@ +{ mkDerivation, fetchFromGitHub, lib, makeWrapper, pkgconfig +, kcoreaddons, ki18n, kwallet, mksh, pinentry-qt }: + +mkDerivation rec { + pname = "kwalletcli"; + version = "3.02"; + + src = fetchFromGitHub { + owner = "MirBSD"; + repo = pname; + rev = "${pname}-${lib.replaceStrings [ "." ] [ "_" ] version}"; + sha256 = "1gq45afb5nmmjfqxglv7wvcxcjd9822pc7nysq0350jmmmqwb474"; + }; + + postPatch = '' + substituteInPlace GNUmakefile \ + --replace -I/usr/include/KF5/KCoreAddons -I${kcoreaddons.dev}/include/KF5/KCoreAddons \ + --replace -I/usr/include/KF5/KI18n -I${ki18n.dev}/include/KF5/KI18n \ + --replace -I/usr/include/KF5/KWallet -I${kwallet.dev}/include/KF5/KWallet \ + --replace /usr/bin $out/bin \ + --replace /usr/share/man $out/share/man + + substituteInPlace pinentry-kwallet \ + --replace '/usr/bin/env mksh' ${mksh}/bin/mksh + ''; + + makeFlags = [ "KDE_VER=5" ]; + + nativeBuildInputs = [ makeWrapper pkgconfig ]; + # if using just kwallet, cmake will be added as a buildInput and fail the build + propagatedBuildInputs = [ kcoreaddons ki18n (lib.getLib kwallet) ]; + + preInstall = '' + mkdir -p $out/bin $out/share/man/man1 + ''; + + postInstall = '' + wrapProgram $out/bin/pinentry-kwallet \ + --prefix PATH : $out/bin:${lib.makeBinPath [ pinentry-qt ]} \ + --set-default PINENTRY pinentry-qt + ''; + + meta = with lib; { + description = "Command-Line Interface to the KDE Wallet"; + homepage = "https://www.mirbsd.org/kwalletcli.htm"; + license = licenses.miros; + maintainers = with maintainers; [ peterhoeg ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix new file mode 100644 index 000000000000..37da20225205 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix @@ -0,0 +1,37 @@ +{ stdenv, lib, fetchFromGitHub, asciidoc, cmake, docbook_xsl, pkgconfig +, bash-completion, openssl, curl, libxml2, libxslt }: + +stdenv.mkDerivation rec { + pname = "lastpass-cli"; + version = "1.3.3"; + + src = fetchFromGitHub { + owner = "lastpass"; + repo = pname; + rev = "v${version}"; + sha256 = "168jg8kjbylfgalhicn0llbykd7kdc9id2989gg0nxlgmnvzl58a"; + }; + + nativeBuildInputs = [ asciidoc cmake docbook_xsl pkgconfig ]; + + buildInputs = [ + bash-completion curl openssl libxml2 libxslt + ]; + + enableParallelBuilding = true; + + installTargets = [ "install" "install-doc" ]; + + postInstall = '' + install -Dm644 -T ../contrib/lpass_zsh_completion $out/share/zsh/site-functions/_lpass + install -Dm644 -T ../contrib/completions-lpass.fish $out/share/fish/vendor_completions.d/lpass.fish + ''; + + meta = with lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = "https://github.com/lastpass/lastpass-cli"; + license = licenses.gpl2Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ cstrahan ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/lesspass-cli/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/lesspass-cli/default.nix new file mode 100644 index 000000000000..5bf7358fa76a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/lesspass-cli/default.nix @@ -0,0 +1,39 @@ +{ stdenv, python3, fetchFromGitHub }: + +let + inherit (python3.pkgs) buildPythonApplication pytest mock pexpect; + repo = "lesspass"; +in +buildPythonApplication rec { + pname = "lesspass-cli"; + version = "9.1.9"; + + src = fetchFromGitHub { + owner = repo; + repo = repo; + rev = version; + sha256 = "126zk248s9r72qk9b8j27yvb8gglw49kazwz0sd69b5kkxvhz2dh"; + }; + sourceRoot = "source/cli"; + + # some tests are designed to run against code in the source directory - adapt to run against + # *installed* code + postPatch = '' + for f in tests/test_functional.py tests/test_interaction.py ; do + substituteInPlace $f --replace "lesspass/core.py" "-m lesspass.core" + done + ''; + + checkInputs = [ pytest mock pexpect ]; + checkPhase = '' + mv lesspass lesspass.hidden # ensure we're testing against *installed* package + pytest tests + ''; + + meta = with stdenv.lib; { + description = "Stateless password manager"; + homepage = "https://lesspass.com"; + maintainers = with maintainers; [ jasoncarr ]; + license = licenses.gpl3; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/libacr38u/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/libacr38u/default.nix new file mode 100644 index 000000000000..b56c15af3d62 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/libacr38u/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, pkgconfig, pcsclite , libusb-compat-0_1 }: + +stdenv.mkDerivation { + version = "1.7.11"; + pname = "libacr38u"; + + src = fetchurl { + url = "http://http.debian.net/debian/pool/main/a/acr38/acr38_1.7.11.orig.tar.bz2"; + sha256 = "0lxbq17y51cablx6bcd89klwnyigvkz0rsf9nps1a97ggnllyzkx"; + }; + + doCheck = true; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ pcsclite libusb-compat-0_1 ]; + + preBuild = '' + makeFlagsArray=(usbdropdir="$out/pcsc/drivers"); + ''; + + meta = with stdenv.lib; { + description = "ACR38U smartcard reader driver for pcsclite"; + longDescription = '' + A PC/SC IFD handler implementation for the ACS ACR38U + smartcard readers. This driver is for the non-CCID version only. + + This package is needed to communicate with the ACR38U smartcard readers through + the PC/SC Lite resource manager (pcscd). + + It can be enabled in /etc/nixos/configuration.nix by adding: + services.pcscd.enable = true; + services.pcscd.plugins = [ libacr38u ]; + + The package is based on the debian package libacr38u. + ''; + homepage = "https://www.acs.com.hk"; + license = licenses.lgpl2Plus; + maintainers = with maintainers; [ berce ]; + platforms = with platforms; unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix new file mode 100644 index 000000000000..01e9a3847920 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig +, doxygen, perl, valgrind +, curl, geoip, libxml2, lmdb, lua, pcre, yajl }: + +stdenv.mkDerivation rec { + pname = "libmodsecurity"; + version = "3.0.3"; + + src = fetchFromGitHub { + owner = "SpiderLabs"; + repo = "ModSecurity"; + fetchSubmodules = true; + rev = "v${version}"; + sha256 = "00g2407g2679zv73q67zd50z0f1g1ij734ssv2pp77z4chn5dzib"; + }; + + nativeBuildInputs = [ autoreconfHook pkgconfig doxygen ]; + + buildInputs = [ perl valgrind curl geoip libxml2 lmdb lua pcre yajl ]; + + configureFlags = [ + "--enable-static" + "--with-curl=${curl.dev}" + "--with-libxml=${libxml2.dev}" + "--with-pcre=${pcre.dev}" + "--with-yajl=${yajl}" + ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = '' + ModSecurity v3 library component. + ''; + longDescription = '' + Libmodsecurity is one component of the ModSecurity v3 project. The + library codebase serves as an interface to ModSecurity Connectors taking + in web traffic and applying traditional ModSecurity processing. In + general, it provides the capability to load/interpret rules written in + the ModSecurity SecRules format and apply them to HTTP content provided + by your application via Connectors. + ''; + homepage = "https://modsecurity.org/"; + license = licenses.asl20; + platforms = platforms.all; + maintainers = with maintainers; [ izorkin ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/logkeys/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/logkeys/default.nix new file mode 100644 index 000000000000..f3ea25d71601 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/logkeys/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, which, procps, kbd }: + +stdenv.mkDerivation { + pname = "logkeys"; + version = "2018-01-22"; + + src = fetchFromGitHub { + owner = "kernc"; + repo = "logkeys"; + rev = "7a9f19fb6b152d9f00a0b3fe29ab266ff1f88129"; + sha256 = "1k6kj0913imwh53lh6hrhqmrpygqg2h462raafjsn7gbd3vkgx8n"; + }; + + buildInputs = [ autoconf automake which procps kbd ]; + + postPatch = '' + substituteInPlace src/Makefile.am --replace 'root' '$(id -u)' + substituteInPlace configure.ac --replace '/dev/input' '/tmp' + sed -i '/chmod u+s/d' src/Makefile.am + ''; + + preConfigure = "./autogen.sh"; + + meta = with stdenv.lib; { + description = "A GNU/Linux keylogger that works!"; + license = licenses.gpl3; + homepage = "https://github.com/kernc/logkeys"; + maintainers = with maintainers; [mikoim offline]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/lynis/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/lynis/default.nix new file mode 100644 index 000000000000..9bbbc455b9b3 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/lynis/default.nix @@ -0,0 +1,38 @@ +{ stdenv, makeWrapper, fetchFromGitHub, gawk, installShellFiles }: + +stdenv.mkDerivation rec { + pname = "lynis"; + version = "3.0.1"; + + src = fetchFromGitHub { + owner = "CISOfy"; + repo = pname; + rev = version; + sha256 = "0lsb455rimr1cjxqcgy819xjxf1faas8wlx2x0pxhn5yha9w9sfs"; + }; + + nativeBuildInputs = [ installShellFiles makeWrapper ]; + + postPatch = '' + grep -rl '/usr/local/lynis' ./ | xargs sed -i "s@/usr/local/lynis@$out/share/lynis@g" + ''; + + installPhase = '' + install -d $out/bin $out/share/lynis/plugins + cp -r include db default.prf $out/share/lynis/ + cp -a lynis $out/bin + wrapProgram "$out/bin/lynis" --prefix PATH : ${stdenv.lib.makeBinPath [ gawk ]} + + installManPage lynis.8 + installShellCompletion --bash --name lynis.bash \ + extras/bash_completion.d/lynis + ''; + + meta = with stdenv.lib; { + description = "Security auditing tool for Linux, macOS, and UNIX-based systems"; + homepage = "https://cisofy.com/lynis/"; + license = licenses.gpl3; + platforms = platforms.unix; + maintainers = [ maintainers.ryneeverett ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/masscan/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/masscan/default.nix new file mode 100644 index 000000000000..297d13ef9f95 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/masscan/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchFromGitHub, makeWrapper, libpcap }: + +stdenv.mkDerivation rec { + pname = "masscan"; + version = "1.0.5"; + + src = fetchFromGitHub { + owner = "robertdavidgraham"; + repo = "masscan"; + rev = version; + sha256 = "0q0c7bsf0pbl8napry1qyg0gl4pd8wn872h4mz9b56dx4rx90vqg"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + makeFlags = [ "PREFIX=$(out)" "GITVER=${version}" "CC=cc" ]; + + preInstall = '' + mkdir -p $out/bin + ''; + + postInstall = '' + mkdir -p $out/share/man/man8 + mkdir -p $out/share/{doc,licenses}/masscan + mkdir -p $out/etc/masscan + + cp data/exclude.conf $out/etc/masscan + cp -t $out/share/doc/masscan doc/algorithm.js doc/howto-afl.md doc/bot.html + cp doc/masscan.8 $out/share/man/man8/masscan.8 + cp LICENSE $out/share/licenses/masscan/LICENSE + + wrapProgram $out/bin/masscan --prefix LD_LIBRARY_PATH : "${libpcap}/lib" + ''; + + meta = with stdenv.lib; { + description = "Fast scan of the Internet"; + homepage = "https://github.com/robertdavidgraham/masscan"; + license = licenses.agpl3; + platforms = platforms.unix; + maintainers = with maintainers; [ rnhmjoj ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/mbox/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/mbox/default.nix new file mode 100644 index 000000000000..7292ac6785f6 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/mbox/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchFromGitHub, openssl, which }: + +stdenv.mkDerivation { + name = "mbox-20140526"; + + src = fetchFromGitHub { + owner = "tsgates"; + repo = "mbox"; + rev = "a131424b6cb577e1c916bd0e8ffb2084a5f73048"; + sha256 = "06qggqxnzcxnc34m6sbafxwr2p64x65m9zm5wp7pwyarcckhh2hd"; + }; + + buildInputs = [ openssl which ]; + + preConfigure = '' + cd src + cp {.,}configsbox.h + ''; + + doCheck = true; + checkPhase = '' + rm tests/test-*vim.sh tests/test-pip.sh + + patchShebangs ./; dontPatchShebags=1 + sed -i 's|^/bin/||' tests/test-fileops.sh + + ./testall.sh + ''; + + meta = with stdenv.lib; + { description = "Lightweight sandboxing mechanism that any user can use without special privileges"; + homepage = "http://pdos.csail.mit.edu/mbox/"; + maintainers = with maintainers; [ ehmry ]; + license = licenses.bsd3; + platforms = [ "x86_64-linux" ]; + broken = true; + }; + +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/medusa/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/medusa/default.nix new file mode 100644 index 000000000000..bc18f165be73 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/medusa/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub, pkg-config, freerdp, openssl, libssh2 }: + +stdenv.mkDerivation rec { + pname = "medusa-unstable"; + version = "2018-12-16"; + + src = fetchFromGitHub { + owner = "jmk-foofus"; + repo = "medusa"; + rev = "292193b3995444aede53ff873899640b08129fc7"; + sha256 = "0njlz4fqa0165wdmd5y8lfnafayf3c4la0r8pf3hixkdwsss1509"; + }; + + outputs = [ "out" "man" ]; + + configureFlags = [ "--enable-module-ssh=yes" ]; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ freerdp openssl libssh2 ]; + + meta = with stdenv.lib; { + homepage = "https://github.com/jmk-foofus/medusa"; + description = "A speedy, parallel, and modular, login brute-forcer"; + license = licenses.gpl2; + maintainers = with maintainers; [ ma27 ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/meo/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/meo/default.nix new file mode 100644 index 000000000000..54b96917623a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/meo/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchhg, openssl, pcre-cpp, qt4, boost, pkcs11helper }: + +stdenv.mkDerivation { + name = "meo-20121113"; + + src = fetchhg { + url = "http://oss.stamfest.net/hg/meo"; + rev = "b48e5f16cff8"; + sha256 = "0ifg7y28s89i9gwda6fyj1jbrykbcvq8bf1m6rxmdcv5afi3arbq"; + }; + + buildFlags = [ "QMAKE=qmake" ]; + + buildInputs = [ openssl pcre-cpp qt4 boost pkcs11helper ]; + + preConfigure = '' + sed -i s,-mt$,, meo-gui/meo-gui.pro + ''; + + installPhase = '' + mkdir -p $out/bin + cp tools/{meo,p11} $out/bin + cp meo-gui/meo-gui $out/bin + cp meo-gui/meo-gui $out/bin + ''; + + meta = { + homepage = "http://oss.stamfest.net/wordpress/meo-multiple-eyepairs-only"; + description = "Tools to use cryptography for things like four-eyes principles"; + license = stdenv.lib.licenses.agpl3Plus; + maintainers = with stdenv.lib.maintainers; [viric]; + platforms = with stdenv.lib.platforms; linux; + broken = true; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/Gemfile b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/Gemfile new file mode 100644 index 000000000000..4df0d2235a05 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/Gemfile @@ -0,0 +1,4 @@ +# frozen_string_literal: true +source "https://rubygems.org" + +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.0.12" diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock new file mode 100644 index 000000000000..8ef6d3b3148a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock @@ -0,0 +1,384 @@ +GIT + remote: https://github.com/rapid7/metasploit-framework + revision: 8ba313ed85b03ef54bec32086c2a8708a7e1df58 + ref: refs/tags/6.0.12 + specs: + metasploit-framework (6.0.12) + actionpack (~> 5.2.2) + activerecord (~> 5.2.2) + activesupport (~> 5.2.2) + aws-sdk-ec2 + aws-sdk-iam + aws-sdk-s3 + bcrypt + bcrypt_pbkdf + bit-struct + bson + concurrent-ruby (= 1.0.5) + dnsruby + ed25519 + em-http-request + eventmachine + faker + faraday + faye-websocket + filesize + hrr_rb_ssh (= 0.3.0.pre2) + irb + jsobfu + json + metasm + metasploit-concern + metasploit-credential + metasploit-model + metasploit-payloads (= 2.0.22) + metasploit_data_models + metasploit_payloads-mettle (= 1.0.2) + mqtt + msgpack + nessus_rest + net-ldap + net-ssh + network_interface + nexpose + nokogiri + octokit + openssl-ccm + openvas-omp + packetfu + patch_finder + pcaprub + pdf-reader + pg + railties + rb-readline + recog + redcarpet + rex-arch + rex-bin_tools + rex-core + rex-encoder + rex-exploitation + rex-java + rex-mime + rex-nop + rex-ole + rex-powershell + rex-random_identifier + rex-registry + rex-rop_builder + rex-socket + rex-sslscan + rex-struct2 + rex-text + rex-zip + ruby-macho + ruby_smb (~> 2.0) + rubyntlm + rubyzip + sinatra + sqlite3 + sshkey + thin + tzinfo + tzinfo-data + warden + windows_error + xdr + xmlrpc + +GEM + remote: https://rubygems.org/ + specs: + Ascii85 (1.0.3) + actionpack (5.2.4.4) + actionview (= 5.2.4.4) + activesupport (= 5.2.4.4) + rack (~> 2.0, >= 2.0.8) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.2.4.4) + activesupport (= 5.2.4.4) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activemodel (5.2.4.4) + activesupport (= 5.2.4.4) + activerecord (5.2.4.4) + activemodel (= 5.2.4.4) + activesupport (= 5.2.4.4) + arel (>= 9.0) + activesupport (5.2.4.4) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) + afm (0.2.2) + arel (9.0.0) + arel-helpers (2.11.0) + activerecord (>= 3.1.0, < 7) + aws-eventstream (1.1.0) + aws-partitions (1.385.0) + aws-sdk-core (3.109.1) + aws-eventstream (~> 1, >= 1.0.2) + aws-partitions (~> 1, >= 1.239.0) + aws-sigv4 (~> 1.1) + jmespath (~> 1.0) + aws-sdk-ec2 (1.202.0) + aws-sdk-core (~> 3, >= 3.109.0) + aws-sigv4 (~> 1.1) + aws-sdk-iam (1.46.0) + aws-sdk-core (~> 3, >= 3.109.0) + aws-sigv4 (~> 1.1) + aws-sdk-kms (1.39.0) + aws-sdk-core (~> 3, >= 3.109.0) + aws-sigv4 (~> 1.1) + aws-sdk-s3 (1.83.1) + aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.1) + aws-sigv4 (1.2.2) + aws-eventstream (~> 1, >= 1.0.2) + bcrypt (3.1.16) + bcrypt_pbkdf (1.0.1) + bindata (2.4.8) + bit-struct (0.16) + bson (4.11.0) + builder (3.2.4) + concurrent-ruby (1.0.5) + cookiejar (0.3.3) + crass (1.0.6) + daemons (1.3.1) + dnsruby (1.61.4) + simpleidn (~> 0.1) + ed25519 (1.2.4) + em-http-request (1.1.7) + addressable (>= 2.3.4) + cookiejar (!= 0.3.1) + em-socksify (>= 0.3) + eventmachine (>= 1.0.3) + http_parser.rb (>= 0.6.0) + em-socksify (0.3.2) + eventmachine (>= 1.0.0.beta.4) + erubi (1.9.0) + eventmachine (1.2.7) + faker (2.14.0) + i18n (>= 1.6, < 2) + faraday (1.1.0) + multipart-post (>= 1.2, < 3) + ruby2_keywords + faye-websocket (0.11.0) + eventmachine (>= 0.12.0) + websocket-driver (>= 0.5.1) + filesize (0.2.0) + hashery (2.1.2) + hrr_rb_ssh (0.3.0.pre2) + ed25519 (~> 1.2) + http_parser.rb (0.6.0) + i18n (1.8.5) + concurrent-ruby (~> 1.0) + io-console (0.5.6) + irb (1.2.7) + reline (>= 0.1.5) + jmespath (1.4.0) + jsobfu (0.4.2) + rkelly-remix + json (2.3.1) + loofah (2.7.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + metasm (1.0.4) + metasploit-concern (3.0.0) + activemodel (~> 5.2.2) + activesupport (~> 5.2.2) + railties (~> 5.2.2) + metasploit-credential (4.0.2) + metasploit-concern + metasploit-model + metasploit_data_models (>= 3.0.0) + net-ssh + pg + railties + rex-socket + rubyntlm + rubyzip + metasploit-model (3.1.2) + activemodel (~> 5.2.2) + activesupport (~> 5.2.2) + railties (~> 5.2.2) + metasploit-payloads (2.0.22) + metasploit_data_models (4.1.0) + activerecord (~> 5.2.2) + activesupport (~> 5.2.2) + arel-helpers + metasploit-concern + metasploit-model (>= 3.1) + pg + railties (~> 5.2.2) + recog (~> 2.0) + metasploit_payloads-mettle (1.0.2) + method_source (1.0.0) + mini_portile2 (2.4.0) + minitest (5.14.2) + mqtt (0.5.0) + msgpack (1.3.3) + multipart-post (2.1.1) + mustermann (1.1.1) + ruby2_keywords (~> 0.0.1) + nessus_rest (0.1.6) + net-ldap (0.16.3) + net-ssh (6.1.0) + network_interface (0.0.2) + nexpose (7.2.1) + nokogiri (1.10.10) + mini_portile2 (~> 2.4.0) + octokit (4.19.0) + faraday (>= 0.9) + sawyer (~> 0.8.0, >= 0.5.3) + openssl-ccm (1.2.2) + openssl-cmac (2.0.1) + openvas-omp (0.0.4) + packetfu (1.1.13) + pcaprub + patch_finder (1.0.2) + pcaprub (0.13.0) + pdf-reader (2.4.1) + Ascii85 (~> 1.0.0) + afm (~> 0.2.1) + hashery (~> 2.0) + ruby-rc4 + ttfunk + pg (1.2.3) + public_suffix (4.0.6) + rack (2.2.3) + rack-protection (2.1.0) + rack + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.2.4.4) + actionpack (= 5.2.4.4) + activesupport (= 5.2.4.4) + method_source + rake (>= 0.8.7) + thor (>= 0.19.0, < 2.0) + rake (13.0.1) + rb-readline (0.5.5) + recog (2.3.15) + nokogiri + redcarpet (3.5.0) + reline (0.1.6) + io-console (~> 0.5) + rex-arch (0.1.13) + rex-text + rex-bin_tools (0.1.6) + metasm + rex-arch + rex-core + rex-struct2 + rex-text + rex-core (0.1.13) + rex-encoder (0.1.4) + metasm + rex-arch + rex-text + rex-exploitation (0.1.24) + jsobfu + metasm + rex-arch + rex-encoder + rex-text + rex-java (0.1.5) + rex-mime (0.1.5) + rex-text + rex-nop (0.1.1) + rex-arch + rex-ole (0.1.6) + rex-text + rex-powershell (0.1.87) + rex-random_identifier + rex-text + ruby-rc4 + rex-random_identifier (0.1.4) + rex-text + rex-registry (0.1.3) + rex-rop_builder (0.1.3) + metasm + rex-core + rex-text + rex-socket (0.1.24) + rex-core + rex-sslscan (0.1.5) + rex-core + rex-socket + rex-text + rex-struct2 (0.1.2) + rex-text (0.2.28) + rex-zip (0.1.3) + rex-text + rkelly-remix (0.0.7) + ruby-macho (2.3.0) + ruby-rc4 (0.1.5) + ruby2_keywords (0.0.2) + ruby_smb (2.0.6) + bindata + openssl-ccm + openssl-cmac + rubyntlm + windows_error + rubyntlm (0.6.2) + rubyzip (2.3.0) + sawyer (0.8.2) + addressable (>= 2.3.5) + faraday (> 0.8, < 2.0) + simpleidn (0.1.1) + unf (~> 0.1.4) + sinatra (2.1.0) + mustermann (~> 1.0) + rack (~> 2.2) + rack-protection (= 2.1.0) + tilt (~> 2.0) + sqlite3 (1.4.2) + sshkey (2.0.0) + thin (1.7.2) + daemons (~> 1.0, >= 1.0.9) + eventmachine (~> 1.0, >= 1.0.4) + rack (>= 1, < 3) + thor (1.0.1) + thread_safe (0.3.6) + tilt (2.0.10) + ttfunk (1.6.2.1) + tzinfo (1.2.7) + thread_safe (~> 0.1) + tzinfo-data (1.2020.4) + tzinfo (>= 1.0.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.7.7) + warden (1.2.9) + rack (>= 2.0.9) + websocket-driver (0.7.3) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + windows_error (0.1.2) + xdr (3.0.2) + activemodel (>= 4.2, < 7.0) + activesupport (>= 4.2, < 7.0) + xmlrpc (0.3.0) + +PLATFORMS + ruby + +DEPENDENCIES + metasploit-framework! + +BUNDLED WITH + 2.1.4 diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/default.nix new file mode 100644 index 000000000000..a2a0a28bbff6 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/default.nix @@ -0,0 +1,49 @@ +{ stdenv, fetchFromGitHub, makeWrapper, ruby, bundlerEnv }: + +let + env = bundlerEnv { + inherit ruby; + name = "metasploit-bundler-env"; + gemdir = ./.; + }; +in stdenv.mkDerivation rec { + pname = "metasploit-framework"; + version = "6.0.12"; + + src = fetchFromGitHub { + owner = "rapid7"; + repo = "metasploit-framework"; + rev = version; + sha256 = "1kh5alvw68lxnm1wcwbka983b5ww7bqvbkih831mrf6sfmv4wkxs"; + }; + + buildInputs = [ makeWrapper ]; + + dontPatchELF = true; # stay away from exploit executables + + installPhase = '' + mkdir -p $out/{bin,share/msf} + + cp -r * $out/share/msf + + ( + cd $out/share/msf/ + for i in msf*; do + makeWrapper ${env}/bin/bundle $out/bin/$i \ + --add-flags "exec ${ruby}/bin/ruby $out/share/msf/$i" + done + ) + + ''; + + # run with: nix-shell maintainers/scripts/update.nix --argstr path metasploit + passthru.updateScript = ./update.sh; + + meta = with stdenv.lib; { + description = "Metasploit Framework - a collection of exploits"; + homepage = "https://github.com/rapid7/metasploit-framework/wiki"; + platforms = platforms.unix; + license = licenses.bsd3; + maintainers = [ maintainers.makefu ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/gemset.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/gemset.nix new file mode 100644 index 000000000000..4879eb922846 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/gemset.nix @@ -0,0 +1,1354 @@ +{ + actionpack = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0d8gxymshjhva5fyv33iy2hzp4jm3i44asdbma9pv9wzpl5fwhn0"; + type = "gem"; + }; + version = "5.2.4.4"; + }; + actionview = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0k8dgkplqj76i3q1f8897m8svj2xggd1knhy3bcwfl4nh7998kw6"; + type = "gem"; + }; + version = "5.2.4.4"; + }; + activemodel = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1g79l7v0ddpxcj5r2s9kii6h4r4nbpy5bksbqi5lxvivrb3pkz1m"; + type = "gem"; + }; + version = "5.2.4.4"; + }; + activerecord = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "05b9l85a31cq6g7v4b4ifrj798q49rlidcvvfasmb3bk412wlp03"; + type = "gem"; + }; + version = "5.2.4.4"; + }; + activesupport = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0dpnk20s754fz6jfz9sp3ri49hn46ksw4hf6ycnlw7s3hsdxqgcd"; + type = "gem"; + }; + version = "5.2.4.4"; + }; + addressable = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1fvchp2rhp2rmigx7qglf69xvjqvzq7x0g49naliw29r2bz656sy"; + type = "gem"; + }; + version = "2.7.0"; + }; + afm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06kj9hgd0z8pj27bxp2diwqh6fv7qhwwm17z64rhdc4sfn76jgn8"; + type = "gem"; + }; + version = "0.2.2"; + }; + arel = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1jk7wlmkr61f6g36w9s2sn46nmdg6wn2jfssrhbhirv5x9n95nk0"; + type = "gem"; + }; + version = "9.0.0"; + }; + arel-helpers = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16irs6rai9pasv36yy31glijs3p2pvgry5g1lh03vnzg8xpb1msp"; + type = "gem"; + }; + version = "2.11.0"; + }; + Ascii85 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0658m37jjjn6drzqg1gk4p6c205mgp7g1jh2d00n4ngghgmz5qvs"; + type = "gem"; + }; + version = "1.0.3"; + }; + aws-eventstream = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0r0pn66yqrdkrfdin7qdim0yj2x75miyg4wp6mijckhzhrjb7cv5"; + type = "gem"; + }; + version = "1.1.0"; + }; + aws-partitions = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "04i4bry59c3g1anbjpsz9g1pz7yy23kh4vvhg7z611amlcr48zvb"; + type = "gem"; + }; + version = "1.385.0"; + }; + aws-sdk-core = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xmppcxq7jm8lffqibkhq257hfwfbv82zm2y1fbhwm3icgxzwlfx"; + type = "gem"; + }; + version = "3.109.1"; + }; + aws-sdk-ec2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0fsf9qhlxczz8cz755xlcdpfqn384d4kr3ybx2p54n377wamdq08"; + type = "gem"; + }; + version = "1.202.0"; + }; + aws-sdk-iam = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1j0llz7m9qymfn54vim99k0fjg6vsw71ylcagz1csay6qkjxipg7"; + type = "gem"; + }; + version = "1.46.0"; + }; + aws-sdk-kms = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ly1m631qm2ciif7sysbzrgczjvz95ga3g6w6vrzvfdv31jjnl9a"; + type = "gem"; + }; + version = "1.39.0"; + }; + aws-sdk-s3 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "021yqghdb1i980vn249hv44jajr0v3hq4ik4r6fqh9kwp04fsbqv"; + type = "gem"; + }; + version = "1.83.1"; + }; + aws-sigv4 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ll9382c1x2hp750cilh01h1cycgyhdr4cmmgx23k94hyyb8chv5"; + type = "gem"; + }; + version = "1.2.2"; + }; + bcrypt = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "02r1c3isfchs5fxivbq99gc3aq4vfyn8snhcy707dal1p8qz12qb"; + type = "gem"; + }; + version = "3.1.16"; + }; + bcrypt_pbkdf = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "02vssr285m7kpsr47jdmzbar1h1d0mnkmyrpr1zg828isfmwii35"; + type = "gem"; + }; + version = "1.0.1"; + }; + bindata = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1bmlqjb5h1ry6wm2d903d6yxibpqzzxwqczvlicsqv0vilaca5ic"; + type = "gem"; + }; + version = "2.4.8"; + }; + bit-struct = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1w7x1fh4a6inpb46imhdf4xrq0z4d6zdpg7sdf8n98pif2hx50sx"; + type = "gem"; + }; + version = "0.16"; + }; + bson = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1bm64q413wrrm3pda6ha2kn1yipyl0qp5240fwsdw1hkqhbjdnjm"; + type = "gem"; + }; + version = "4.11.0"; + }; + builder = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "045wzckxpwcqzrjr353cxnyaxgf0qg22jh00dcx7z38cys5g1jlr"; + type = "gem"; + }; + version = "3.2.4"; + }; + concurrent-ruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "183lszf5gx84kcpb779v6a2y0mx9sssy8dgppng1z9a505nj1qcf"; + type = "gem"; + }; + version = "1.0.5"; + }; + cookiejar = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0q0kmbks9l3hl0wdq744hzy97ssq9dvlzywyqv9k9y1p3qc9va2a"; + type = "gem"; + }; + version = "0.3.3"; + }; + crass = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pfl5c0pyqaparxaqxi6s4gfl21bdldwiawrc0aknyvflli60lfw"; + type = "gem"; + }; + version = "1.0.6"; + }; + daemons = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0l5gai3vd4g7aqff0k1mp41j9zcsvm2rbwmqn115a325k9r7pf4w"; + type = "gem"; + }; + version = "1.3.1"; + }; + dnsruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0i4mq4zm8bqd0ik908gnn8nm3kph268af7q173wlq4krg3nw562x"; + type = "gem"; + }; + version = "1.61.4"; + }; + ed25519 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1f5kr8za7hvla38fc0n9jiv55iq62k5bzclsa5kdb14l3r4w6qnw"; + type = "gem"; + }; + version = "1.2.4"; + }; + em-http-request = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1azx5rgm1zvx7391sfwcxzyccs46x495vb34ql2ch83f58mwgyqn"; + type = "gem"; + }; + version = "1.1.7"; + }; + em-socksify = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0rk43ywaanfrd8180d98287xv2pxyl7llj291cwy87g1s735d5nk"; + type = "gem"; + }; + version = "0.3.2"; + }; + erubi = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1nwzxnqhr31fn7nbqmffcysvxjdfl3bhxi0bld5qqhcnfc1xd13x"; + type = "gem"; + }; + version = "1.9.0"; + }; + eventmachine = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wh9aqb0skz80fhfn66lbpr4f86ya2z5rx6gm5xlfhd05bj1ch4r"; + type = "gem"; + }; + version = "1.2.7"; + }; + faker = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06sh8492k03p9lsfzv5zifzn51ilb4734vrvwl30vzmzg1apzml6"; + type = "gem"; + }; + version = "2.14.0"; + }; + faraday = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16dapwi5pivrl25r4lkr1mxjrzkznj4wlcb08fzkmxnj4g5c6y35"; + type = "gem"; + }; + version = "1.1.0"; + }; + faye-websocket = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1cwngdb41zh842y3nzz3cr7z2100pjsl7m3i05yjc1wlyrdk2sm3"; + type = "gem"; + }; + version = "0.11.0"; + }; + filesize = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "17p7rf1x7h3ivaznb4n4kmxnnzj25zaviryqgn2n12v2kmibhp8g"; + type = "gem"; + }; + version = "0.2.0"; + }; + hashery = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qj8815bf7q6q7llm5rzdz279gzmpqmqqicxnzv066a020iwqffj"; + type = "gem"; + }; + version = "2.1.2"; + }; + hrr_rb_ssh = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "066dj9sw5p8aa54vqc1bw7a8nfpf5rggrjyxqw2ccyxp10964qkz"; + type = "gem"; + }; + version = "0.3.0.pre2"; + }; + "http_parser.rb" = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15nidriy0v5yqfjsgsra51wmknxci2n2grliz78sf9pga3n0l7gi"; + type = "gem"; + }; + version = "0.6.0"; + }; + i18n = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "153sx77p16vawrs4qpkv7qlzf9v5fks4g7xqcj1dwk40i6g7rfzk"; + type = "gem"; + }; + version = "1.8.5"; + }; + io-console = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0vbn4nvnr1pcmjsn0gghc3bz2md89njxq4801zi5dv5niypdxlsp"; + type = "gem"; + }; + version = "0.5.6"; + }; + irb = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "10d9xr1hdpkqhljxhvdm44c2qbxdjfqm5x00d4v6aw0fym1w7r2g"; + type = "gem"; + }; + version = "1.2.7"; + }; + jmespath = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1d4wac0dcd1jf6kc57891glih9w57552zgqswgy74d1xhgnk0ngf"; + type = "gem"; + }; + version = "1.4.0"; + }; + jsobfu = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hchns89cfj0gggm2zbr7ghb630imxm2x2d21ffx2jlasn9xbkyk"; + type = "gem"; + }; + version = "0.4.2"; + }; + json = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "158fawfwmv2sq4whqqaksfykkiad2xxrrj0nmpnc6vnlzi1bp7iz"; + type = "gem"; + }; + version = "2.3.1"; + }; + loofah = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1alz1x6rkhbw10qpszr384299rf52rcyasn0619a9p50vzs8vczq"; + type = "gem"; + }; + version = "2.7.0"; + }; + metasm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0mbmpc8vsi574s78f23bhiqk07sr6yrrrmk702lfv61ql4ah5l89"; + type = "gem"; + }; + version = "1.0.4"; + }; + metasploit-concern = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "10a9dr0pi25vsnk7x1bavx2ja62lqswdkym0hvhjsds6awvx1cf2"; + type = "gem"; + }; + version = "3.0.0"; + }; + metasploit-credential = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03339i3v6lgz0cymn2i7y0sylpw2nihsc8h75c4yn3bq9p6wk6sx"; + type = "gem"; + }; + version = "4.0.2"; + }; + metasploit-framework = { + groups = ["default"]; + platforms = []; + source = { + fetchSubmodules = false; + rev = "8ba313ed85b03ef54bec32086c2a8708a7e1df58"; + sha256 = "1kh5alvw68lxnm1wcwbka983b5ww7bqvbkih831mrf6sfmv4wkxs"; + type = "git"; + url = "https://github.com/rapid7/metasploit-framework"; + }; + version = "6.0.12"; + }; + metasploit-model = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0szwqs6djh882alpnmnnkx46s548jg3vb0ya61hibw3kqcw3i1ig"; + type = "gem"; + }; + version = "3.1.2"; + }; + metasploit-payloads = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1yiwwyc12f9jln58l4j26yjbixij1v5h3spp4ci3ik4dxyk2r4zb"; + type = "gem"; + }; + version = "2.0.22"; + }; + metasploit_data_models = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1n7vb6pg446jadjsgrc29kxnc9b6ga29hw8pg52dnrzhp7rwhiyl"; + type = "gem"; + }; + version = "4.1.0"; + }; + metasploit_payloads-mettle = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "147s4jd2hckls76binsskb6rvnh1crd2agmf1lk7fsj1n55dhkvk"; + type = "gem"; + }; + version = "1.0.2"; + }; + method_source = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1pnyh44qycnf9mzi1j6fywd5fkskv3x7nmsqrrws0rjn5dd4ayfp"; + type = "gem"; + }; + version = "1.0.0"; + }; + mini_portile2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15zplpfw3knqifj9bpf604rb3wc1vhq6363pd6lvhayng8wql5vy"; + type = "gem"; + }; + version = "2.4.0"; + }; + minitest = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "170y2cvx51gm3cm3nhdf7j36sxnkh6vv8ls36p90ric7w8w16h4v"; + type = "gem"; + }; + version = "5.14.2"; + }; + mqtt = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0d1khsry5mf63y03r6v91f4vrbn88277ksv7d69z3xmqs9sgpri9"; + type = "gem"; + }; + version = "0.5.0"; + }; + msgpack = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1lva6bkvb4mfa0m3bqn4lm4s4gi81c40jvdcsrxr6vng49q9daih"; + type = "gem"; + }; + version = "1.3.3"; + }; + multipart-post = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1zgw9zlwh2a6i1yvhhc4a84ry1hv824d6g2iw2chs3k5aylpmpfj"; + type = "gem"; + }; + version = "2.1.1"; + }; + mustermann = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ccm54qgshr1lq3pr1dfh7gphkilc19dp63rw6fcx7460pjwy88a"; + type = "gem"; + }; + version = "1.1.1"; + }; + nessus_rest = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1allyrd4rll333zbmsi3hcyg6cw1dhc4bg347ibsw191nswnp8ci"; + type = "gem"; + }; + version = "0.1.6"; + }; + net-ldap = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13lh6qizxi8fza8py73b2dvjp9p010dvbaq7diagir9nh8plsinv"; + type = "gem"; + }; + version = "0.16.3"; + }; + net-ssh = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jp3jgcn8cij407xx9ldb5h9c6jv13jc4cf6kk2idclz43ww21c9"; + type = "gem"; + }; + version = "6.1.0"; + }; + network_interface = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xh4knfq77ii4pjzsd2z1p3nd6nrcdjhb2vi5gw36jqj43ffw0zp"; + type = "gem"; + }; + version = "0.0.2"; + }; + nexpose = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0i108glkklwgjxhfhnlqf4b16plqf9b84qpfz0pnl2pbnal5af8m"; + type = "gem"; + }; + version = "7.2.1"; + }; + nokogiri = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xmf60nj5kg9vaj5bysy308687sgmkasgx06vbbnf94p52ih7si2"; + type = "gem"; + }; + version = "1.10.10"; + }; + octokit = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1dz8na8fk445yqrwpkl31fimnap7p4xf9m9qm9i7cpvaxxgk2n24"; + type = "gem"; + }; + version = "4.19.0"; + }; + openssl-ccm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gxwxk657jya2s5m8cpckvgy5m7qx0hzfp8xvc0hg2wf1lg5gwp0"; + type = "gem"; + }; + version = "1.2.2"; + }; + openssl-cmac = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1k69p0p0ilvqnwskhc0bfax8rwvyk6n4wzarg8qsjdvm13xwx508"; + type = "gem"; + }; + version = "2.0.1"; + }; + openvas-omp = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14xf614vd76qjdjxjv14mmjar6s64fwp4cwb7bv5g1wc29srg28x"; + type = "gem"; + }; + version = "0.0.4"; + }; + packetfu = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16ppq9wfxq4x2hss61l5brs3s6fmi8gb50mnp1nnnzb1asq4g8ll"; + type = "gem"; + }; + version = "1.1.13"; + }; + patch_finder = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1md9scls55n1riw26vw1ak0ajq38dfygr36l0h00wqhv51cq745m"; + type = "gem"; + }; + version = "1.0.2"; + }; + pcaprub = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h4iarqdych6v4jm5s0ywkc01qspadz8sf6qn7pkqmszq4iqv67q"; + type = "gem"; + }; + version = "0.13.0"; + }; + pdf-reader = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0987glcd02mqglplmp1camivqx61jsyik21n99vrmi8s2p7h4mbh"; + type = "gem"; + }; + version = "2.4.1"; + }; + pg = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13mfrysrdrh8cka1d96zm0lnfs59i5x2g6ps49r2kz5p3q81xrzj"; + type = "gem"; + }; + version = "1.2.3"; + }; + public_suffix = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xqcgkl7bwws1qrlnmxgh8g4g9m10vg60bhlw40fplninb3ng6d9"; + type = "gem"; + }; + version = "4.0.6"; + }; + rack = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0i5vs0dph9i5jn8dfc6aqd6njcafmb20rwqngrf759c9cvmyff16"; + type = "gem"; + }; + version = "2.2.3"; + }; + rack-protection = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "159a4j4kragqh0z0z8vrpilpmaisnlz3n7kgiyf16bxkwlb3qlhz"; + type = "gem"; + }; + version = "2.1.0"; + }; + rack-test = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0rh8h376mx71ci5yklnpqqn118z3bl67nnv5k801qaqn1zs62h8m"; + type = "gem"; + }; + version = "1.1.0"; + }; + rails-dom-testing = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1lfq2a7kp2x64dzzi5p4cjcbiv62vxh9lyqk2f0rqq3fkzrw8h5i"; + type = "gem"; + }; + version = "2.0.3"; + }; + rails-html-sanitizer = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1icpqmxbppl4ynzmn6dx7wdil5hhq6fz707m9ya6d86c7ys8sd4f"; + type = "gem"; + }; + version = "1.3.0"; + }; + railties = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "089kiwmv8fxyfk0zp57q74nyd5i6d5x5ihlrzbzwl041v94s2zx9"; + type = "gem"; + }; + version = "5.2.4.4"; + }; + rake = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0w6qza25bq1s825faaglkx1k6d59aiyjjk3yw3ip5sb463mhhai9"; + type = "gem"; + }; + version = "13.0.1"; + }; + rb-readline = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14w79a121czmvk1s953qfzww30mqjb2zc0k9qhi0ivxxk3hxg6wy"; + type = "gem"; + }; + version = "0.5.5"; + }; + recog = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0vxnm9ld3rn8xxccq9jyhzz6558bqfxdb3sd4na20frg9f5pflb7"; + type = "gem"; + }; + version = "2.3.15"; + }; + redcarpet = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0skcyx1h8b5ms0rp2zm3ql6g322b8c1adnkwkqyv7z3kypb4bm7k"; + type = "gem"; + }; + version = "3.5.0"; + }; + reline = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0sspfd5x8aq80pmkdj0dzd20iclhrdjan1ibkrivgk7j8af23hbk"; + type = "gem"; + }; + version = "0.1.6"; + }; + rex-arch = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0cvdy2ysiphdig258lkicbxqq2y47bkl69kgj4kkj8w338rb5kwa"; + type = "gem"; + }; + version = "0.1.13"; + }; + rex-bin_tools = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19q4cj7cis29k3zx9j2gp4h3ib0zig2fa4rs56c1gjr32f192zzk"; + type = "gem"; + }; + version = "0.1.6"; + }; + rex-core = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1b9pf7f8m2zjck65dpp8h8v4n0a05kfas6cn9adv0w8d9z58aqvv"; + type = "gem"; + }; + version = "0.1.13"; + }; + rex-encoder = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1zm5jdxgyyp8pkfqwin34izpxdrmglx6vmk20ifnvcsm55c9m70z"; + type = "gem"; + }; + version = "0.1.4"; + }; + rex-exploitation = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0inrf2vahmpxhjf84i8ak2b7gcirsrjrmb1rnvvqqr9kl0xw5xm3"; + type = "gem"; + }; + version = "0.1.24"; + }; + rex-java = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0j58k02p5g9snkpak64sb4aymkrvrh9xpqh8wsnya4w7b86w2y6i"; + type = "gem"; + }; + version = "0.1.5"; + }; + rex-mime = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15a14kz429h7pn81ysa6av3qijxjmxagjff6dyss5v394fxzxf4a"; + type = "gem"; + }; + version = "0.1.5"; + }; + rex-nop = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0aigf9qsqsmiraa6zvfy1a7cyvf7zc3iyhzxi6fjv5sb8f64d6ny"; + type = "gem"; + }; + version = "0.1.1"; + }; + rex-ole = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1pnzbqfnvbs0vc0z0ryszk3fxhgxrjd6gzwqa937rhlphwp5jpww"; + type = "gem"; + }; + version = "0.1.6"; + }; + rex-powershell = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "11wi8dpb2s8bvkqhbf80g16nyj2hscs3vz31ffzl1g0g6imcs0dl"; + type = "gem"; + }; + version = "0.1.87"; + }; + rex-random_identifier = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0fg94sczff5c2rlvqqgw2dndlqyzjil5rjk3p9f46ss2hc8zxlbk"; + type = "gem"; + }; + version = "0.1.4"; + }; + rex-registry = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wv812ghnz143vx10ixmv32ypj1xrzr4rh4kgam8d8wwjwxsgw1q"; + type = "gem"; + }; + version = "0.1.3"; + }; + rex-rop_builder = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xjd3d6wnbq4ym0d0m268md8fb16f2hbwrahvxnl14q63fj9i3wy"; + type = "gem"; + }; + version = "0.1.3"; + }; + rex-socket = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1y6p1sw0wiw4x4dk89lwhf7vzsb0cjgpbr8hf7m119lg2kzm5g8y"; + type = "gem"; + }; + version = "0.1.24"; + }; + rex-sslscan = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06gbx45q653ajcx099p0yxdqqxazfznbrqshd4nwiwg1p498lmyx"; + type = "gem"; + }; + version = "0.1.5"; + }; + rex-struct2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1nbdn53264a20cr2m2nq2v4mg0n33dvrd1jj1sixl37qjzw2k452"; + type = "gem"; + }; + version = "0.1.2"; + }; + rex-text = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wx8pncrk7yb2zxxqaycm4ikvb577zj7rma8jdfi74a0c5119c44"; + type = "gem"; + }; + version = "0.2.28"; + }; + rex-zip = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mbfryyhcw47i7jb8cs8vilbyqgyiyjkfl1ngl6wdbf7d87dwdw7"; + type = "gem"; + }; + version = "0.1.3"; + }; + rkelly-remix = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1g7hjl9nx7f953y7lncmfgp0xgxfxvgfm367q6da9niik6rp1y3j"; + type = "gem"; + }; + version = "0.0.7"; + }; + ruby-macho = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "12khgv5hx90a4dxqca2hzbksalx9czb51bsz0bhq0czsql9pwby8"; + type = "gem"; + }; + version = "2.3.0"; + }; + ruby-rc4 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "00vci475258mmbvsdqkmqadlwn6gj9m01sp7b5a3zd90knil1k00"; + type = "gem"; + }; + version = "0.1.5"; + }; + ruby2_keywords = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "17pcc0wgvh3ikrkr7bm3nx0qhyiqwidd13ij0fa50k7gsbnr2p0l"; + type = "gem"; + }; + version = "0.0.2"; + }; + ruby_smb = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0fsdnvisswchk27knii6ijq8sjsc7qm9jiffdsf71q195ga2qi66"; + type = "gem"; + }; + version = "2.0.6"; + }; + rubyntlm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1p6bxsklkbcqni4bcq6jajc2n57g0w5rzn4r49c3lb04wz5xg0dy"; + type = "gem"; + }; + version = "0.6.2"; + }; + rubyzip = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0590m2pr9i209pp5z4mx0nb1961ishdiqb28995hw1nln1d1b5ji"; + type = "gem"; + }; + version = "2.3.0"; + }; + sawyer = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0yrdchs3psh583rjapkv33mljdivggqn99wkydkjdckcjn43j3cz"; + type = "gem"; + }; + version = "0.8.2"; + }; + simpleidn = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0b9v0xs4ksd68zckamv6rbrrqllpa9am0p29bycq9fxvlkqd7w2w"; + type = "gem"; + }; + version = "0.1.1"; + }; + sinatra = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0dd53rzpkxgs697pycbhhgc9vcnxra4ly4xar8ni6aiydx2f88zk"; + type = "gem"; + }; + version = "2.1.0"; + }; + sqlite3 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0lja01cp9xd5m6vmx99zwn4r7s97r1w5cb76gqd8xhbm1wxyzf78"; + type = "gem"; + }; + version = "1.4.2"; + }; + sshkey = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03bkn55qsng484iqwz2lmm6rkimj01vsvhwk661s3lnmpkl65lbp"; + type = "gem"; + }; + version = "2.0.0"; + }; + thin = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nagbf9pwy1vg09k6j4xqhbjjzrg5dwzvkn4ffvlj76fsn6vv61f"; + type = "gem"; + }; + version = "1.7.2"; + }; + thor = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xbhkmyhlxwzshaqa7swy2bx6vd64mm0wrr8g3jywvxy7hg0cwkm"; + type = "gem"; + }; + version = "1.0.1"; + }; + thread_safe = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nmhcgq6cgz44srylra07bmaw99f5271l0dpsvl5f75m44l0gmwy"; + type = "gem"; + }; + version = "0.3.6"; + }; + tilt = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0rn8z8hda4h41a64l0zhkiwz2vxw9b1nb70gl37h1dg2k874yrlv"; + type = "gem"; + }; + version = "2.0.10"; + }; + ttfunk = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0w0bjn6k38xv46mr02p3038gwk5jj5hl398bv5kr625msxkdhqzn"; + type = "gem"; + }; + version = "1.6.2.1"; + }; + tzinfo = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1i3jh086w1kbdj3k5l60lc3nwbanmzdf8yjj3mlrx9b2gjjxhi9r"; + type = "gem"; + }; + version = "1.2.7"; + }; + tzinfo-data = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "02anabncgfjwsqn07ra9jdqvmi0a4yngzp6dfiz2yxb1m9qpdm4a"; + type = "gem"; + }; + version = "1.2020.4"; + }; + unf = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0bh2cf73i2ffh4fcpdn9ir4mhq8zi50ik0zqa1braahzadx536a9"; + type = "gem"; + }; + version = "0.1.4"; + }; + unf_ext = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wc47r23h063l8ysws8sy24gzh74mks81cak3lkzlrw4qkqb3sg4"; + type = "gem"; + }; + version = "0.0.7.7"; + }; + warden = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1l7gl7vms023w4clg02pm4ky9j12la2vzsixi2xrv9imbn44ys26"; + type = "gem"; + }; + version = "1.2.9"; + }; + websocket-driver = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1i3rs4kcj0jba8idxla3s6xd1xfln3k8b4cb1dik2lda3ifnp3dh"; + type = "gem"; + }; + version = "0.7.3"; + }; + websocket-extensions = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0hc2g9qps8lmhibl5baa91b4qx8wqw872rgwagml78ydj8qacsqw"; + type = "gem"; + }; + version = "0.1.5"; + }; + windows_error = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0kbcv9j5sc7pvjzf1dkp6h69i6lmj205zyy2arxcfgqg11bsz2kp"; + type = "gem"; + }; + version = "0.1.2"; + }; + xdr = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "019yzxddyndc7m7basars0m380m27sfcq99vr5hk1ag4ymayqkwr"; + type = "gem"; + }; + version = "3.0.2"; + }; + xmlrpc = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1s744iwblw262gj357pky3d9fcx9hisvla7rnw29ysn5zsb6i683"; + type = "gem"; + }; + version = "0.3.0"; + }; +}
\ No newline at end of file diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/shell.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/shell.nix new file mode 100644 index 000000000000..e4bae57b6866 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/shell.nix @@ -0,0 +1,17 @@ +# Env to update Gemfile.lock / gemset.nix +with import <nixpkgs> {}; +stdenv.mkDerivation { + name = "env"; + buildInputs = [ + bundix + git + libiconv + libpcap + libxml2 + libxslt + pkg-config + postgresql + ruby.devEnv + sqlite + ]; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/update.sh b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/update.sh new file mode 100755 index 000000000000..e4da457c6f57 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/metasploit/update.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl bundix git libiconv libpcap libxml2 libxslt pkg-config postgresql ruby.devEnv sqlite xmlstarlet nix-update + +set -eu -o pipefail +cd "$(dirname "$(readlink -f "$0")")" + +latest=$(curl https://github.com/rapid7/metasploit-framework/releases.atom | xmlstarlet sel -N atom="http://www.w3.org/2005/Atom" -t -m /atom:feed/atom:entry -v atom:title -n | head -n1) +echo "Updating metasploit to $latest" + +sed -i "s#refs/tags/.*#refs/tags/$latest\"#" Gemfile + +bundler install +bundix +sed -i '/[ ]*dependencies =/d' gemset.nix + +cd "../../../../" +nix-update metasploit --version "$latest" diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/mfcuk/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/mfcuk/default.nix new file mode 100644 index 000000000000..59908f2a9ce5 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/mfcuk/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchurl, pkgconfig, libnfc }: + +stdenv.mkDerivation { + pname = "mfcuk"; + version = "0.3.8"; + + src = fetchurl { + url = "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/mfcuk/mfcuk-0.3.8.tar.gz"; + sha256 = "0m9sy61rsbw63xk05jrrmnyc3xda0c3m1s8pg3sf8ijbbdv9axcp"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libnfc ]; + + meta = with stdenv.lib; { + description = "MiFare Classic Universal toolKit"; + license = licenses.gpl2; + homepage = "https://github.com/nfc-tools/mfcuk"; + maintainers = with maintainers; [ offline ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/mfoc/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/mfoc/default.nix new file mode 100644 index 000000000000..fb622ad82496 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/mfoc/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, pkgconfig, libnfc }: + +stdenv.mkDerivation rec { + pname = "mfoc"; + version = "0.10.7"; + + src = fetchFromGitHub { + owner = "nfc-tools"; + repo = pname; + rev = "${pname}-${version}"; + sha256 = "0hbg1fn4000qdg1cfc7y8l0vh1mxlxcz7gapkcq54xp2l6kk1z65"; + }; + + patches = [ + (fetchpatch { + url = "https://github.com/nfc-tools/mfoc/commit/f13efb0a6deb1d97ba945d555a6a5d6be89b593f.patch"; + sha256 = "109gqzp8rdsjvj0nra686vy0dpd2bl6q5v9m4v98cpxkbz496450"; + }) + (fetchpatch { + url = "https://github.com/nfc-tools/mfoc/commit/00eae36f891bc4580103e3b54f0bb5228af2cdef.patch"; + sha256 = "1w56aj96g776f37j53jmf3hk21x4mqik3l2bmghrdp8drixc8bzk"; + }) + ]; + + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ libnfc ]; + + meta = with stdenv.lib; { + description = "Mifare Classic Offline Cracker"; + license = licenses.gpl2; + homepage = "https://github.com/nfc-tools/mfoc"; + maintainers = with maintainers; [ offline ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/minica/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/minica/default.nix new file mode 100644 index 000000000000..49f1e2beb4db --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/minica/default.nix @@ -0,0 +1,34 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "minica"; + version = "1.0.2"; + + goPackagePath = "github.com/jsha/minica"; + + src = fetchFromGitHub { + owner = "jsha"; + repo = "minica"; + rev = "v${version}"; + sha256 = "18518wp3dcjhf3mdkg5iwxqr3326n6jwcnqhyibphnb2a58ap7ny"; + }; + + buildFlagsArray = '' + -ldflags= + -X main.BuildVersion=${version} + ''; + + meta = with lib; { + description = "A simple tool for generating self signed certificates"; + longDescription = '' + Minica is a simple CA intended for use in situations where the CA + operator also operates each host where a certificate will be used. It + automatically generates both a key and a certificate when asked to + produce a certificate. + ''; + homepage = "https://github.com/jsha/minica/"; + license = licenses.mit; + maintainers = with maintainers; [ m1cr0man ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/minisign/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/minisign/default.nix new file mode 100644 index 000000000000..b67b65b0cf8b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/minisign/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub, cmake, pkg-config, libsodium }: + +stdenv.mkDerivation rec { + pname = "minisign"; + version = "0.9"; + + src = fetchFromGitHub { + repo = "minisign"; + owner = "jedisct1"; + rev = version; + sha256 = "0qx3hnkwx6ij0hgp5vc74x36qfc4h5wgzr70fqqhmv3zb8q9f2vn"; + }; + + nativeBuildInputs = [ cmake pkg-config ]; + buildInputs = [ libsodium ]; + + meta = with stdenv.lib; { + description = "A simple tool for signing files and verifying signatures"; + longDescription = '' + minisign uses public key cryptography to help facilitate secure (but not + necessarily private) file transfer, e.g., of software artefacts. minisign + is similar to and compatible with OpenBSD's signify. + ''; + homepage = "https://jedisct1.github.io/minisign/"; + license = licenses.isc; + maintainers = with maintainers; [ joachifm ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/mkp224o/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/mkp224o/default.nix new file mode 100644 index 000000000000..dc17cc602764 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/mkp224o/default.nix @@ -0,0 +1,47 @@ +{ stdenv, lib, fetchFromGitHub, autoreconfHook, libsodium }: + +stdenv.mkDerivation rec { + pname = "mkp224o"; + version = "1.5.0"; + + src = fetchFromGitHub { + owner = "cathugger"; + repo = "mkp224o"; + rev = "v${version}"; + sha256 = "0b2cn96wg4l8jkkqqp8l2295xlmm2jc8nrw6rdqb5g0zkpfmrxbb"; + }; + + buildCommand = + let + # compile few variants with different implementation of crypto + # the fastest depends on a particular cpu + variants = [ + { suffix = "ref10"; configureFlags = ["--enable-ref10"]; } + { suffix = "donna"; configureFlags = ["--enable-donna"]; } + ] ++ lib.optionals (stdenv.isi686 || stdenv.isx86_64) [ + { suffix = "donna-sse2"; configureFlags = ["--enable-donna-sse2"]; } + ] ++ lib.optionals stdenv.isx86_64 [ + { suffix = "amd64-51-30k"; configureFlags = ["--enable-amd64-51-30k"]; } + { suffix = "amd64-64-20k"; configureFlags = ["--enable-amd64-64-24k"]; } + ]; + in + lib.concatMapStrings ({suffix, configureFlags}: '' + install -D ${ + stdenv.mkDerivation { + name = "mkp224o-${suffix}-${version}"; + inherit version src configureFlags; + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ libsodium ]; + installPhase = "install -D mkp224o $out"; + } + } $out/bin/mkp224o-${suffix} + '') variants; + + meta = with lib; { + description = "Vanity address generator for tor onion v3 (ed25519) hidden services"; + homepage = "http://cathug2kyi4ilneggumrenayhuhsvrgn6qv2y47bgeet42iivkpynqad.onion/"; + license = licenses.cc0; + platforms = platforms.linux; + maintainers = with maintainers; [ volth ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/mkpasswd/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/mkpasswd/default.nix new file mode 100644 index 000000000000..b88852966ee1 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/mkpasswd/default.nix @@ -0,0 +1,21 @@ +{ stdenv, whois, perl }: + +stdenv.mkDerivation { + name = "mkpasswd-${whois.version}"; + + src = whois.src; + + nativeBuildInputs = [ perl ]; + + preConfigure = whois.preConfigure; + buildPhase = "make mkpasswd"; + installPhase = "make install-mkpasswd"; + + meta = with stdenv.lib; { + homepage = "https://packages.qa.debian.org/w/whois.html"; + description = "Overfeatured front-end to crypt, from the Debian whois package"; + license = licenses.gpl2; + maintainers = with maintainers; [ cstrahan fpletz ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/mkrand/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/mkrand/default.nix new file mode 100644 index 000000000000..54934b7111a9 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/mkrand/default.nix @@ -0,0 +1,20 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation { + name = "mkrand-0.1.0"; + + src = fetchurl { + url = "https://github.com/mknight-tag/MKRAND/releases/download/v0.1.0/mkrand-0.1.0.tar.gz"; + sha256 = "1irwyv2j5c3606k3qbq77yrd65y27rcq3jdlp295rz875q8iq9fs"; + }; + + doCheck = true; + + meta = { + description = "A Digital Random Bit Generator"; + longDescription = "MKRAND is a utility for generating random information."; + homepage = "https://github.com/mknight-tag/MKRAND/"; + license = stdenv.lib.licenses.mit; + platforms = stdenv.lib.platforms.all; + }; + } diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/mktemp/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/mktemp/default.nix new file mode 100644 index 000000000000..0732adecc45b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/mktemp/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchurl, groff }: + +stdenv.mkDerivation { + name = "mktemp-1.7"; + + # Have `configure' avoid `/usr/bin/nroff' in non-chroot builds. + NROFF = "${groff}/bin/nroff"; + + # Don't use "install -s" + postPatch = '' + substituteInPlace Makefile.in --replace " 0555 -s " " 0555 " + ''; + + src = fetchurl { + url = "ftp://ftp.mktemp.org/pub/mktemp/mktemp-1.7.tar.gz"; + sha256 = "0x969152znxxjbj7387xb38waslr4yv6bnj5jmhb4rpqxphvk54f"; + }; + + meta = with stdenv.lib; { + description = "Simple tool to make temporary file handling in shells scripts safe and simple"; + homepage = "https://www.mktemp.org"; + license = licenses.isc; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/modsecurity/Makefile.in.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/modsecurity/Makefile.in.patch new file mode 100644 index 000000000000..98384c754ce7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/modsecurity/Makefile.in.patch @@ -0,0 +1,17 @@ +--- a/apache2/Makefile.in 2017-10-10 09:45:51.000000000 -0400 ++++ b/apache2/Makefile.in 2017-10-10 09:46:04.000000000 -0400 +@@ -1208,14 +1208,12 @@ + @LINUX_TRUE@ for m in $(pkglib_LTLIBRARIES); do \ + @LINUX_TRUE@ base=`echo $$m | sed 's/\..*//'`; \ + @LINUX_TRUE@ rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \ +-@LINUX_TRUE@ install -D -m444 $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES)/$$base.so; \ + @LINUX_TRUE@ done + @LINUX_FALSE@install-exec-hook: $(pkglib_LTLIBRARIES) + @LINUX_FALSE@ @echo "Removing unused static libraries..."; \ + @LINUX_FALSE@ for m in $(pkglib_LTLIBRARIES); do \ + @LINUX_FALSE@ base=`echo $$m | sed 's/\..*//'`; \ + @LINUX_FALSE@ rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \ +-@LINUX_FALSE@ cp -p $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES); \ + @LINUX_FALSE@ done + + # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/modsecurity/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/modsecurity/default.nix new file mode 100644 index 000000000000..b9b696c17be6 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/modsecurity/default.nix @@ -0,0 +1,54 @@ +{ stdenv, lib, fetchurl, pkgconfig +, curl, apacheHttpd, pcre, apr, aprutil, libxml2 +, luaSupport ? false, lua5 +}: + +with lib; + +let luaValue = if luaSupport then lua5 else "no"; + optional = stdenv.lib.optional; +in + +stdenv.mkDerivation rec { + pname = "modsecurity"; + version = "2.9.3"; + + src = fetchurl { + url = "https://www.modsecurity.org/tarball/${version}/${pname}-${version}.tar.gz"; + sha256 = "0611nskd2y6yagrciqafxdn4rxbdk2v4swf45kc1sgwx2sfh34j1"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ curl apacheHttpd pcre apr aprutil libxml2 ] ++ + optional luaSupport lua5; + + configureFlags = [ + "--enable-standalone-module" + "--enable-static" + "--with-curl=${curl.dev}" + "--with-apxs=${apacheHttpd.dev}/bin/apxs" + "--with-pcre=${pcre.dev}" + "--with-apr=${apr.dev}" + "--with-apu=${aprutil.dev}/bin/apu-1-config" + "--with-libxml=${libxml2.dev}" + "--with-lua=${luaValue}" + ]; + + outputs = ["out" "nginx"]; + # by default modsecurity's install script copies compiled output to httpd's modules folder + # this patch removes those lines + patches = [ ./Makefile.in.patch ]; + + postInstall = '' + mkdir -p $nginx + cp -R * $nginx + ''; + + meta = { + description = "Open source, cross-platform web application firewall (WAF)"; + license = licenses.asl20; + homepage = "https://www.modsecurity.org/"; + maintainers = with maintainers; [offline]; + platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/monkeysphere/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/monkeysphere/default.nix new file mode 100644 index 000000000000..4b1f75698871 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/monkeysphere/default.nix @@ -0,0 +1,103 @@ +{ stdenv, fetchurl, makeWrapper +, perl, libassuan, libgcrypt +, perlPackages, lockfileProgs, gnupg, coreutils +# For the tests: +, openssh, which, socat, cpio, hexdump, procps, openssl +}: + +let + # A patch is needed to run the tests inside the Nix sandbox: + # /etc/passwd: "nixbld:x:1000:100:Nix build user:/build:/noshell" + # sshd: "User nixbld not allowed because shell /noshell does not exist" + opensshUnsafe = openssh.overrideAttrs (oldAttrs: { + patches = oldAttrs.patches ++ [ ./openssh-nixos-sandbox.patch ]; + }); +in stdenv.mkDerivation rec { + pname = "monkeysphere"; + version = "0.44"; + + # The patched OpenSSH binary MUST NOT be used (except in the check phase): + disallowedRequisites = [ opensshUnsafe ]; + + src = fetchurl { + url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz"; + sha256 = "1ah7hy8r9gj96pni8azzjb85454qky5l17m3pqn37854l6grgika"; + }; + + patches = [ ./monkeysphere.patch ]; + + postPatch = '' + sed -i "s,/usr/bin/env,${coreutils}/bin/env," src/share/ma/update_users + ''; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ perl libassuan libgcrypt ] + ++ stdenv.lib.optional doCheck + ([ gnupg opensshUnsafe which socat cpio hexdump procps lockfileProgs ] ++ + (with perlPackages; [ CryptOpenSSLRSA CryptOpenSSLBignum ])); + + makeFlags = [ + "PREFIX=/" + "DESTDIR=$(out)" + ]; + + # The tests should be run (and succeed) when making changes to this package + # but they aren't enabled by default because they "drain" entropy (GnuPG + # still uses /dev/random). + doCheck = false; + preCheck = stdenv.lib.optionalString doCheck '' + patchShebangs tests/ + patchShebangs src/ + sed -i \ + -e "s,/usr/sbin/sshd,${opensshUnsafe}/bin/sshd," \ + -e "s,/bin/true,${coreutils}/bin/true," \ + -e "s,/bin/false,${coreutils}/bin/false," \ + -e "s,openssl\ req,${openssl}/bin/openssl req," \ + tests/basic + sed -i "s/<(hd/<(hexdump/" tests/keytrans + ''; + + postFixup = + let wrapperArgs = runtimeDeps: + "--prefix PERL5LIB : " + + (with perlPackages; makePerlPath [ # Optional (only required for keytrans) + CryptOpenSSLRSA + CryptOpenSSLBignum + ]) + + stdenv.lib.optionalString + (builtins.length runtimeDeps > 0) + " --prefix PATH : ${stdenv.lib.makeBinPath runtimeDeps}"; + wrapMonkeysphere = runtimeDeps: program: + "wrapProgram $out/bin/${program} ${wrapperArgs runtimeDeps}\n"; + wrapPrograms = runtimeDeps: programs: stdenv.lib.concatMapStrings + (wrapMonkeysphere runtimeDeps) + programs; + in wrapPrograms [ gnupg ] [ "monkeysphere-authentication" "monkeysphere-host" ] + + wrapPrograms [ gnupg lockfileProgs ] [ "monkeysphere" ] + + '' + # These 4 programs depend on the program name ($0): + for program in openpgp2pem openpgp2spki openpgp2ssh pem2openpgp; do + rm $out/bin/$program + ln -sf keytrans $out/share/monkeysphere/$program + makeWrapper $out/share/monkeysphere/$program $out/bin/$program \ + ${wrapperArgs [ ]} + done + ''; + + meta = with stdenv.lib; { + homepage = "http://web.monkeysphere.info/"; + description = "Leverage the OpenPGP web of trust for SSH and TLS authentication"; + longDescription = '' + The Monkeysphere project's goal is to extend OpenPGP's web of + trust to new areas of the Internet to help us securely identify + servers we connect to, as well as each other while we work online. + The suite of Monkeysphere utilities provides a framework to + transparently leverage the web of trust for authentication of + TLS/SSL communications through the normal use of tools you are + familiar with, such as your web browser0 or secure shell. + ''; + license = licenses.gpl3Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/monkeysphere/monkeysphere.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/monkeysphere/monkeysphere.patch new file mode 100644 index 000000000000..8cdd85017b93 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/monkeysphere/monkeysphere.patch @@ -0,0 +1,23 @@ +diff --git a/Makefile b/Makefile +--- a/Makefile ++++ b/Makefile +@@ -52,7 +52,7 @@ clean: + replaced/%: % + mkdir -p $(dir $@) + sed < $< > $@ \ +- -e 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' \ ++ -e 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' \ + -e 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' \ + -e 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' + +diff --git a/src/share/keytrans b/src/share/keytrans +--- a/src/share/keytrans ++++ b/src/share/keytrans +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -T ++#!/usr/bin/perl + + # keytrans: this is an RSA key translation utility; it is capable of + # transforming RSA keys (both public keys and secret keys) between +-- +2.16.3 diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch new file mode 100644 index 000000000000..2a9a1fc8dfa9 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch @@ -0,0 +1,17 @@ +diff --git a/auth.c b/auth.c +index d2a8cd65..811a129f 100644 +--- a/auth.c ++++ b/auth.c +@@ -580,6 +580,12 @@ getpwnamallow(const char *user) + #endif + + pw = getpwnam(user); ++ if (pw != NULL) { ++ // This is only for testing purposes, ++ // DO NOT USE THIS PATCH IN PRODUCTION! ++ char *shell = "/bin/sh"; ++ pw->pw_shell = shell; ++ } + + #if defined(_AIX) && defined(HAVE_SETAUTHDB) + aix_restoreauthdb(); diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/mpw/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/mpw/default.nix new file mode 100644 index 000000000000..9d25daf29a69 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/mpw/default.nix @@ -0,0 +1,62 @@ +{ stdenv, cmake, fetchFromGitLab +, json_c, libsodium, libxml2, ncurses }: + +let + rev = "22796663dcad81684ab24308d9db570f6781ba2c"; + +in stdenv.mkDerivation rec { + name = "mpw-${version}-${builtins.substring 0 8 rev}"; + version = "2.6"; + + src = fetchFromGitLab { + owner = "MasterPassword"; + repo = "MasterPassword"; + sha256 = "1f2vqacgbyam1mazawrfim8zwp38gnwf5v3xkkficsfnv789g6fw"; + inherit rev; + }; + + sourceRoot = "./source/platform-independent/c/cli"; + + postPatch = '' + rm build + substituteInPlace mpw-cli-tests \ + --replace '/usr/bin/env bash' ${stdenv.shell} \ + --replace ./mpw ./build/mpw + ''; + + cmakeFlags = [ + "-Dmpw_version=${version}" + "-DBUILD_MPW_TESTS=ON" + ]; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ json_c libxml2 libsodium ncurses ]; + + installPhase = '' + runHook preInstall + + install -Dm755 mpw $out/bin/mpw + install -Dm644 ../mpw.completion.bash $out/share/bash-completion/completions/_mpw + install -Dm644 ../../../../README.md $out/share/doc/mpw/README.md + + runHook postInstall + ''; + + doCheck = true; + + checkPhase = '' + runHook preCheck + + ../mpw-cli-tests + + runHook postCheck + ''; + + meta = with stdenv.lib; { + description = "A stateless password management solution"; + homepage = "https://masterpasswordapp.com/"; + license = licenses.gpl3; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/munge/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/munge/default.nix new file mode 100644 index 000000000000..ee1858ad2845 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/munge/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, gawk, gnused, libgcrypt, zlib, bzip2 }: + +stdenv.mkDerivation rec { + name = "munge-0.5.14"; + + src = fetchFromGitHub { + owner = "dun"; + repo = "munge"; + rev = name; + sha256 = "15h805rwcb9f89dyrkxfclzs41n3ff8x7cc1dbvs8mb0ds682c4j"; + }; + + nativeBuildInputs = [ autoreconfHook gawk gnused ]; + buildInputs = [ libgcrypt zlib bzip2 ]; + + preAutoreconf = '' + # Remove the install-data stuff, since it tries to write to /var + substituteInPlace src/Makefile.am --replace "etc \\" "\\" + ''; + + configureFlags = [ + "--localstatedir=/var" + ]; + + meta = with stdenv.lib; { + description = '' + An authentication service for creating and validating credentials + ''; + license = licenses.lgpl3; + platforms = platforms.unix; + maintainers = [ maintainers.rickynils ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/nasty/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/nasty/default.nix new file mode 100644 index 000000000000..7f423860100b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/nasty/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl, gpgme }: + +stdenv.mkDerivation rec { + pname = "nasty"; + version = "0.6"; + + src = fetchurl { + url = "https://www.vanheusden.com/nasty/${pname}-${version}.tgz"; + sha256 = "1dznlxr728k1pgy1kwmlm7ivyl3j3rlvkmq34qpwbwbj8rnja1vn"; + }; + + # does not apply cleanly with patchPhase/fetchpatch + # https://sources.debian.net/src/nasty/0.6-3/debian/patches/02_add_largefile_support.patch + CFLAGS = "-D_FILE_OFFSET_BITS=64"; + + buildInputs = [ gpgme ]; + + installPhase = '' + mkdir -p $out/bin + cp nasty $out/bin + ''; + + meta = with stdenv.lib; { + description = "Recover the passphrase of your PGP or GPG-key"; + longDescription = '' + Nasty is a program that helps you to recover the passphrase of your PGP or GPG-key + in case you forget or lost it. It is mostly a proof-of-concept: with a different implementation + this program could be at least 100x faster. + ''; + homepage = "http://www.vanheusden.com/nasty/"; + license = licenses.gpl2; + maintainers = with maintainers; [ davidak ]; + platforms = platforms.unix; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ncrack/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ncrack/default.nix new file mode 100644 index 000000000000..e377d9748645 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ncrack/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchFromGitHub, openssl, zlib }: + +stdenv.mkDerivation rec { + pname = "ncrack"; + version = "0.7"; + + src = fetchFromGitHub { + owner = "nmap"; + repo = "ncrack"; + rev = version; + sha256 = "1gnv5xdd7n04glcpy7q1mkb6f8gdhdrhlrh8z6k4g2pjdhxlz26g"; + }; + + buildInputs = [ openssl zlib ]; + + meta = with stdenv.lib; { + description = "Network authentication tool"; + homepage = "https://nmap.org/ncrack/"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ siraben ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/neopg/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/neopg/default.nix new file mode 100644 index 000000000000..4f4f660e20f4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/neopg/default.nix @@ -0,0 +1,48 @@ +{ stdenv +, fetchFromGitHub +, cmake +, sqlite +, botan2 +, boost +, curl +, gettext +, pkgconfig +, libusb1 +, gnutls }: + +stdenv.mkDerivation rec { + pname = "neopg"; + version = "0.0.6"; + + src = fetchFromGitHub { + owner = "das-labor"; + repo = "neopg"; + rev = "v${version}"; + sha256 = "15xp5w046ix59cfrhh8ka4camr0d8qqw643g184sqrcqwpk7nbrx"; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ cmake gettext pkgconfig ]; + + buildInputs = [ sqlite botan2 boost curl libusb1 gnutls ]; + + doCheck = true; + checkTarget = "test"; + dontUseCmakeBuildDir = true; + + preCheck = '' + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg + ''; + + meta = with stdenv.lib; { + homepage = "https://neopg.io/"; + description = "Modern replacement for GnuPG 2"; + license = licenses.gpl3; + longDescription = '' + NeoPG starts as an opiniated fork of GnuPG 2 to clean up the code and make it easier to develop. + It is written in C++11. + ''; + maintainers = with maintainers; [ erictapen ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix new file mode 100644 index 000000000000..a4936d763b6c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix @@ -0,0 +1,48 @@ +{ stdenv, bash-completion, cmake, fetchFromGitHub, hidapi, libusb1, pkgconfig +, qtbase, qttranslations, qtsvg, wrapQtAppsHook }: + +stdenv.mkDerivation rec { + pname = "nitrokey-app"; + version = "1.3.2"; + + src = fetchFromGitHub { + owner = "Nitrokey"; + repo = "nitrokey-app"; + rev = "v${version}"; + sha256 = "193kzlz3qn9il56h78faiqkgv749hdils1nn1iw6g3wphgx5fjs2"; + fetchSubmodules = true; + }; + + postPatch = '' + substituteInPlace libnitrokey/CMakeLists.txt \ + --replace '/data/41-nitrokey.rules' '/libnitrokey/data/41-nitrokey.rules' + ''; + + buildInputs = [ + bash-completion + hidapi + libusb1 + qtbase + qttranslations + qtsvg + ]; + nativeBuildInputs = [ + cmake + pkgconfig + wrapQtAppsHook + ]; + cmakeFlags = [ "-DCMAKE_BUILD_TYPE=Release" ]; + + meta = with stdenv.lib; { + description = "Provides extra functionality for the Nitrokey Pro and Storage"; + longDescription = '' + The nitrokey-app provides a QT system tray widget with wich you can + access the extra functionality of a Nitrokey Storage or Nitrokey Pro. + See https://www.nitrokey.com/ for more information. + ''; + homepage = "https://github.com/Nitrokey/nitrokey-app"; + repositories.git = "https://github.com/Nitrokey/nitrokey-app.git"; + license = licenses.gpl3; + maintainers = with maintainers; [ kaiha fpletz ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/nitrokey-app/udev-rules.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/nitrokey-app/udev-rules.nix new file mode 100644 index 000000000000..a89fa7238269 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/nitrokey-app/udev-rules.nix @@ -0,0 +1,25 @@ +{ stdenv, nitrokey-app +, group ? "nitrokey" +}: + +stdenv.mkDerivation { + name = "nitrokey-udev-rules-${stdenv.lib.getVersion nitrokey-app}"; + + inherit (nitrokey-app) src; + + dontBuild = true; + + patchPhase = '' + substituteInPlace libnitrokey/data/41-nitrokey.rules --replace plugdev "${group}" + ''; + + installPhase = '' + mkdir -p $out/etc/udev/rules.d + cp libnitrokey/data/41-nitrokey.rules $out/etc/udev/rules.d + ''; + + meta = { + description = "udev rules for Nitrokeys"; + inherit (nitrokey-app.meta) homepage license maintainers; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/nmap/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/nmap/default.nix new file mode 100644 index 000000000000..bd543154494c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/nmap/default.nix @@ -0,0 +1,77 @@ +{ stdenv, fetchurl, fetchpatch, libpcap, pkgconfig, openssl, lua5_3 +, pcre, liblinear, libssh2 +, graphicalSupport ? false +, libX11 ? null +, gtk2 ? null +, python2 ? null +, makeWrapper ? null +, withLua ? true +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; + version = "7.80"; + + src = fetchurl { + url = "https://nmap.org/dist/nmap-${version}.tar.bz2"; + sha256 = "1aizfys6l9f9grm82bk878w56mg0zpkfns3spzj157h98875mypw"; + }; + + patches = [ ./zenmap.patch ] + ++ optionals stdenv.cc.isClang [( + # Fixes a compile error due an ambiguous reference to bind(2) in + # nping/EchoServer.cc, which is otherwise resolved to std::bind. + # https://github.com/nmap/nmap/pull/1363 + fetchpatch { + url = "https://github.com/nmap/nmap/commit/5bbe66f1bd8cbd3718f5805139e2e8139e6849bb.diff"; + includes = [ "nping/EchoServer.cc" ]; + sha256 = "0xcph9mycy57yryjg253frxyz87c4135rrbndlqw1400c8jxq70c"; + } + )]; + + prePatch = optionalString stdenv.isDarwin '' + substituteInPlace libz/configure \ + --replace /usr/bin/libtool ar \ + --replace 'AR="libtool"' 'AR="ar"' \ + --replace 'ARFLAGS="-o"' 'ARFLAGS="-r"' + ''; + + configureFlags = [ + (if withLua then "--with-liblua=${lua5_3}" else "--without-liblua") + ] ++ optionals (!graphicalSupport) [ "--without-ndiff" "--without-zenmap" ]; + + makeFlags = optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ + "AR=${stdenv.cc.bintools.targetPrefix}ar" + "RANLIB=${stdenv.cc.bintools.targetPrefix}ranlib" + "CC=${stdenv.cc.targetPrefix}gcc" + ]; + + pythonPath = with python2.pkgs; optionals graphicalSupport [ + pygtk pysqlite pygobject2 pycairo + ]; + + nativeBuildInputs = [ pkgconfig ] ++ optionals graphicalSupport [ python2.pkgs.wrapPython ]; + buildInputs = [ pcre liblinear libssh2 libpcap openssl ] ++ optionals graphicalSupport (with python2.pkgs; [ + python2 libX11 gtk2 + ]); + + postInstall = optionalString graphicalSupport '' + buildPythonPath "$out $pythonPath" + patchPythonScript $out/bin/ndiff + patchPythonScript $out/bin/zenmap + ''; + + enableParallelBuilding = true; + + doCheck = false; # fails 3 tests, probably needs the net + + meta = { + description = "A free and open source utility for network discovery and security auditing"; + homepage = "http://www.nmap.org"; + license = licenses.gpl2; + platforms = platforms.all; + maintainers = with maintainers; [ thoughtpolice fpletz ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/nmap/qt.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/nmap/qt.nix new file mode 100644 index 000000000000..216186daa5be --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/nmap/qt.nix @@ -0,0 +1,62 @@ +{ stdenv +, fetchFromGitHub +, cmake +, pkgconfig +, wrapQtAppsHook +, dnsutils +, nmap +, qtbase +, qtscript +, qtwebengine +}: + +stdenv.mkDerivation rec { + pname = "nmapsi4"; + version = "0.5-alpha2"; + + src = fetchFromGitHub { + owner = "nmapsi4"; + repo = "nmapsi4"; + rev = "v${version}"; + sha256 = "sha256-q3XfwJ4TGK4E58haN0Q0xRH4GDpKD8VZzyxHe/VwBqY="; + }; + + nativeBuildInputs = [ cmake pkgconfig wrapQtAppsHook ]; + + buildInputs = [ qtbase qtscript qtwebengine ]; + + enableParallelBuilding = true; + + postPatch = '' + substituteInPlace src/platform/digmanager.cpp \ + --replace '"dig"' '"${dnsutils}/bin/dig"' + substituteInPlace src/platform/discover.cpp \ + --replace '"nping"' '"${nmap}/bin/nping"' + for f in \ + src/platform/monitor/monitor.cpp \ + src/platform/nsemanager.cpp ; do + + substituteInPlace $f \ + --replace '"nmap"' '"${nmap}/bin/nmap"' + done + ''; + + postInstall = '' + mv $out/share/applications/kde4/*.desktop $out/share/applications + rmdir $out/share/applications/kde4 + + for f in $out/share/applications/* ; do + substituteInPlace $f \ + --replace Qt4 Qt5 \ + --replace Exec=nmapsi4 Exec=$out/bin/nmapsi4 \ + --replace "Exec=kdesu nmapsi4" "Exec=kdesu $out/bin/nmapsi4" + done + ''; + + meta = with stdenv.lib; { + description = "Qt frontend for nmap"; + license = licenses.gpl2; + maintainers = with maintainers; [ peterhoeg ]; + inherit (src.meta) homepage; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/nmap/zenmap.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/nmap/zenmap.patch new file mode 100644 index 000000000000..3cd39750c881 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/nmap/zenmap.patch @@ -0,0 +1,15 @@ +diff -ruN nmap-5.50.orig/zenmap/zenmapCore/Paths.py nmap-5.50/zenmap/zenmapCore/Paths.py +--- nmap-5.50.orig/zenmap/zenmapCore/Paths.py 2013-06-06 05:52:10.723087428 +0000 ++++ nmap-5.50/zenmap/zenmapCore/Paths.py 2013-06-06 07:07:25.481261761 +0000 +@@ -115,7 +115,10 @@ + else: + # Normal script execution. Look in the current directory to allow + # running from the distribution. +- return os.path.abspath(os.path.dirname(fs_dec(sys.argv[0]))) ++ # ++ # Grrwlf: No,no,dear. That's not a script, thats Nixos wrapper. Go add ++ # those '..' to substract /bin part. ++ return os.path.abspath(os.path.join(os.path.dirname(fs_dec(sys.argv[0])), "..")) + + prefix = get_prefix() + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/notary/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/notary/default.nix new file mode 100644 index 000000000000..020f37c836ba --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/notary/default.nix @@ -0,0 +1,65 @@ +{ stdenv, fetchFromGitHub, buildGoPackage, libtool }: + +buildGoPackage rec { + pname = "notary"; + version = "0.6.1"; + gitcommit = "d6e1431f"; + + src = fetchFromGitHub { + owner = "theupdateframework"; + repo = "notary"; + rev = "v${version}"; + sha256 = "1ak9dk6vjny5069hp3w36dbjawcnaq82l3i2qvf7mn7zfglbsnf9"; + }; + + patches = [ ./no-git-usage.patch ]; + + buildInputs = [ libtool ]; + buildPhase = '' + runHook preBuild + cd go/src/github.com/theupdateframework/notary + SKIPENVCHECK=1 make client GITCOMMIT=${gitcommit} + runHook postBuild + ''; + + goPackagePath = "github.com/theupdateframework/notary"; + + installPhase = '' + runHook preInstall + install -D bin/notary $out/bin/notary + runHook postInstall + ''; + + #doCheck = true; # broken by tzdata: 2018g -> 2019a + checkPhase = '' + make test PKGS=github.com/theupdateframework/notary/cmd/notary + ''; + + meta = with stdenv.lib; { + description = "A project that allows anyone to have trust over arbitrary collections of data"; + longDescription = '' + The Notary project comprises a server and a client for running and + interacting with trusted collections. See the service architecture + documentation for more information. + + Notary aims to make the internet more secure by making it easy for people + to publish and verify content. We often rely on TLS to secure our + communications with a web server which is inherently flawed, as any + compromise of the server enables malicious content to be substituted for + the legitimate content. + + With Notary, publishers can sign their content offline using keys kept + highly secure. Once the publisher is ready to make the content available, + they can push their signed trusted collection to a Notary Server. + + Consumers, having acquired the publisher's public key through a secure + channel, can then communicate with any notary server or (insecure) mirror, + relying only on the publisher's key to determine the validity and + integrity of the received content. + ''; + license = licenses.asl20; + homepage = "https://github.com/theupdateframework/notary"; + maintainers = with maintainers; [ vdemeester ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/notary/no-git-usage.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/notary/no-git-usage.patch new file mode 100644 index 000000000000..363eefe36921 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/notary/no-git-usage.patch @@ -0,0 +1,15 @@ +diff --git a/Makefile b/Makefile +index ab794165..0cbd047f 100644 +--- a/Makefile ++++ b/Makefile +@@ -5,8 +5,8 @@ PREFIX?=$(shell pwd) + # Add to compile time flags + NOTARY_PKG := github.com/theupdateframework/notary + NOTARY_VERSION := $(shell cat NOTARY_VERSION) +-GITCOMMIT := $(shell git rev-parse --short HEAD) +-GITUNTRACKEDCHANGES := $(shell git status --porcelain --untracked-files=no) ++GITCOMMIT ?= $(shell git rev-parse --short HEAD) ++GITUNTRACKEDCHANGES := + ifneq ($(GITUNTRACKEDCHANGES),) + GITCOMMIT := $(GITCOMMIT)-dirty + endif diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/nsjail/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/nsjail/default.nix new file mode 100644 index 000000000000..4522d0e897af --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/nsjail/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkgconfig, which +, libnl, protobuf, protobufc, shadow +}: + +stdenv.mkDerivation rec { + pname = "nsjail"; + version = "3.0"; + + src = fetchFromGitHub { + owner = "google"; + repo = "nsjail"; + rev = version; + fetchSubmodules = true; + sha256 = "1w6x8xcrs0i1y3q41gyq8z3cq9x24qablklc4jiydf855lhqn4dh"; + }; + + nativeBuildInputs = [ autoconf bison flex libtool pkgconfig which ]; + buildInputs = [ libnl protobuf protobufc ]; + enableParallelBuilding = true; + + preBuild = '' + makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap') + ''; + + installPhase = '' + mkdir -p $out/bin $out/share/man/man1 + install nsjail $out/bin/ + install nsjail.1 $out/share/man/man1/ + ''; + + meta = with stdenv.lib; { + description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters"; + homepage = "http://nsjail.com/"; + license = licenses.asl20; + maintainers = with maintainers; [ arturcygan bosu c0bw3b ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/nwipe/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/nwipe/default.nix new file mode 100644 index 000000000000..c72ada867614 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/nwipe/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchFromGitHub, ncurses, parted, automake, autoconf, pkgconfig }: + +stdenv.mkDerivation rec { + version = "0.28"; + pname = "nwipe"; + src = fetchFromGitHub { + owner = "martijnvanbrummelen"; + repo = "nwipe"; + rev = "v${version}"; + sha256 = "1aw905lmn1vm6klqn3q7445dwmwbjhcmwnkygpq9rddacgig1gdx"; + }; + nativeBuildInputs = [ automake autoconf pkgconfig ]; + buildInputs = [ ncurses parted ]; + preConfigure = "sh init.sh || :"; + meta = with stdenv.lib; { + description = "Securely erase disks"; + homepage = "https://github.com/martijnvanbrummelen/nwipe"; + license = licenses.gpl2; + maintainers = [ maintainers.woffs ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix new file mode 100644 index 000000000000..22327c6a38f0 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchFromGitLab, fetchpatch, pam, xmlsec, autoreconfHook, pkgconfig, libxml2, gtk-doc, perl, gengetopt, bison, help2man }: + +let + securityDependency = + if stdenv.isDarwin then xmlsec + else pam; + +in stdenv.mkDerivation { + name = "oath-toolkit-2.6.2"; + + src = fetchFromGitLab { + owner = "oath-toolkit"; + repo = "oath-toolkit"; + rev = "0dffdec9c5af5c89a5af43add29d8275eefe7414"; + sha256 = "0n2sl444723f1k0sjmc0mzdwslx51yxac39c2cx2bl3ykacgfv74"; + }; + + patches = [ + # fix for glibc>=2.28 + (fetchpatch { + name = "new_glibc_check.patch"; + url = "https://sources.debian.org/data/main/o/oath-toolkit/2.6.1-1.3/debian/patches/new-glibc-check.patch"; + sha256 = "0h75xyy3xsl485v7w27yqkks6z9sgsjmrv6wiswy15fdj5wyciv3"; + }) + ]; + + buildInputs = [ securityDependency libxml2 perl gengetopt bison ]; + + nativeBuildInputs = [ autoreconfHook gtk-doc help2man pkgconfig ]; + + # man file generation fails when true + enableParallelBuilding = false; + + configureFlags = [ "--disable-pskc" ]; + + # Replicate the steps from cfg.mk + preAutoreconf = '' + printf "gdoc_MANS =\ngdoc_TEXINFOS =\n" > liboath/man/Makefile.gdoc + printf "gdoc_MANS =\ngdoc_TEXINFOS =\n" > libpskc/man/Makefile.gdoc + touch ChangeLog + ''; + + meta = with stdenv.lib; { + description = "Components for building one-time password authentication systems"; + homepage = "https://www.nongnu.org/oath-toolkit/"; + platforms = with platforms; linux ++ darwin; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/omapd/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/omapd/default.nix new file mode 100644 index 000000000000..8ed23864ced5 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/omapd/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl, qt4, gdb, zlib }: + +stdenv.mkDerivation rec { + pname = "omapd"; + version = "0.9.2"; + + src = fetchurl { + url = "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/omapd/${pname}-${version}.tgz"; + sha256 = "0d7lgv957jhbsav60j50jhdy3rpcqgql74qsniwnnpm3yqj9p0xc"; + }; + + patches = [ ./zlib.patch ]; + + buildInputs = [ qt4 zlib gdb ]; + + buildPhase = '' + (cd plugins/RAMHashTables; qmake; make) + qmake + make + ''; + + installPhase = '' + install -vD omapd $out/bin/omapd + install -vD omapd.conf $out/etc/omapd.conf + install -vD plugins/libRAMHashTables.so $out/usr/lib/omapd/plugins/libRAMHashTables.so + ln -s $out/usr/lib/omapd/plugins $out/bin/plugins + ''; + + meta = with stdenv.lib; { + homepage = "https://code.google.com/archive/p/omapd/"; + description = "IF-MAP Server that implements the IF-MAP v1.1 and v2.0 specifications published by the Trusted Computing Group (TCG)"; + license = licenses.gpl3; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/omapd/zlib.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/omapd/zlib.patch new file mode 100644 index 000000000000..dc0644f2a016 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/omapd/zlib.patch @@ -0,0 +1,9 @@ +diff -uNr omapd-0.9.2-old/omapd.pro omapd-0.9.2/omapd.pro +--- omapd-0.9.2-old/omapd.pro 2015-08-03 09:46:47.463420480 +0200 ++++ omapd-0.9.2/omapd.pro 2015-08-03 09:48:32.238657105 +0200 +@@ -37,4 +37,4 @@ + clientconfiguration.h \ + managementserver.h \ + json.h +-INCLUDEPATH += $$[QT_INSTALL_PREFIX]/src/3rdparty/zlib ++LIBS += -lz diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/onesixtyone/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/onesixtyone/default.nix new file mode 100644 index 000000000000..4eed52b07f0e --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/onesixtyone/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "onesixtyone"; + version = "unstable-2019-12-26"; + + src = fetchFromGitHub { + owner = "trailofbits"; + repo = "onesixtyone"; + rev = "9ce1dcdad73d45c8694086a4f90d7713be1cbdd7"; + sha256 = "111nxn4pcbx6p9j8cjjxv1j1s7dgf7f4dix8acsmahwbpzinzkg3"; + }; + + buildPhase = '' + $CC -o onesixtyone onesixtyone.c + ''; + + installPhase = '' + install -D onesixtyone $out/bin/onesixtyone + ''; + + meta = with stdenv.lib; { + description = "Fast SNMP Scanner"; + homepage = "https://github.com/trailofbits/onesixtyone"; + license = licenses.gpl2Plus; + platforms = platforms.unix; + maintainers = [ maintainers.fishi0x01 ]; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/onioncircuits/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/onioncircuits/default.nix new file mode 100644 index 000000000000..92888a8de2a1 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/onioncircuits/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchgit, python3, intltool, gtk3, gobject-introspection, gnome3 }: + +python3.pkgs.buildPythonApplication rec { + pname = "onioncircuits"; + version = "0.5"; + + src = fetchgit { + url = "https://git-tails.immerda.ch/onioncircuits/"; + rev = version; + sha256 = "13mqif9b9iajpkrl9ijspdnvy82kxhprxd5mw3njk68rcn4z2pcm"; + }; + + nativeBuildInputs = [ intltool ]; + buildInputs = [ intltool gtk3 gobject-introspection ]; + propagatedBuildInputs = with python3.pkgs; [ stem distutils_extra pygobject3 ]; + + postFixup = '' + wrapProgram "$out/bin/onioncircuits" \ + --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ + --prefix XDG_DATA_DIRS : "$out/share:${gnome3.adwaita-icon-theme}/share" + ''; + + meta = with stdenv.lib; { + homepage = "https://tails.boum.org"; + description = "GTK application to display Tor circuits and streams"; + license = licenses.gpl3; + maintainers = [ maintainers.phreedom ]; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/open-ecard/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/open-ecard/default.nix new file mode 100644 index 000000000000..bac036e67900 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/open-ecard/default.nix @@ -0,0 +1,64 @@ +{ stdenv, fetchurl, jre, pcsclite, makeDesktopItem, makeWrapper }: + +let + version = "1.2.4"; + + srcs = { + richclient = fetchurl { + url = "https://jnlp.openecard.org/richclient-${version}-20171212-0958.jar"; + sha256 = "1ckhyhszp4zhfb5mn67lz603b55z814jh0sz0q5hriqzx017j7nr"; + }; + cifs = fetchurl { + url = "https://jnlp.openecard.org/cifs-${version}-20171212-0958.jar"; + sha256 = "0rc862lx3y6sw87r1v5xjmqqpysyr1x6yqhycqmcdrwz0j3wykrr"; + }; + logo = fetchurl { + url = "https://raw.githubusercontent.com/ecsec/open-ecard/1.2.3/gui/graphics/src/main/ext/oec_logo_bg-transparent.svg"; + sha256 = "0rpmyv10vjx2yfpm03mqliygcww8af2wnrnrppmsazdplksaxkhs"; + }; + }; +in stdenv.mkDerivation rec { + appName = "open-ecard"; + name = "${appName}-${version}"; + + src = srcs.richclient; + + phases = "installPhase"; + + buildInputs = [ makeWrapper ]; + + desktopItem = makeDesktopItem { + name = appName; + desktopName = "Open eCard App"; + genericName = "eCard App"; + comment = "Client side implementation of the eCard-API-Framework"; + icon = "oec_logo_bg-transparent.svg"; + exec = appName; + categories = "Utility;Security;"; + }; + + installPhase = '' + mkdir -p $out/share/java + cp ${srcs.richclient} $out/share/java/richclient-${version}.jar + cp ${srcs.cifs} $out/share/java/cifs-${version}.jar + + mkdir -p $out/share/applications $out/share/pixmaps + cp $desktopItem/share/applications/* $out/share/applications + cp ${srcs.logo} $out/share/pixmaps/oec_logo_bg-transparent.svg + + mkdir -p $out/bin + makeWrapper ${jre}/bin/java $out/bin/${appName} \ + --add-flags "-cp $out/share/java/cifs-${version}.jar" \ + --add-flags "-jar $out/share/java/richclient-${version}.jar" \ + --suffix LD_LIBRARY_PATH ':' ${stdenv.lib.getLib pcsclite}/lib + ''; + + meta = with stdenv.lib; { + description = "Client side implementation of the eCard-API-Framework (BSI + TR-03112) and related international standards, such as ISO/IEC 24727"; + homepage = "https://www.openecard.org/"; + license = licenses.gpl3; + maintainers = with maintainers; [ sephalon ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/opencryptoki/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/opencryptoki/default.nix new file mode 100644 index 000000000000..1eb4aab66b47 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/opencryptoki/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchFromGitHub, openssl, trousers, autoreconfHook, libtool, bison, flex }: + +stdenv.mkDerivation rec { + pname = "opencryptoki"; + version = "3.8.2"; + + src = fetchFromGitHub { + owner = "opencryptoki"; + repo = "opencryptoki"; + rev = "v${version}"; + sha256 = "1rf7cmibmx636vzv7p54g212478a8wim2lfjf2861hfd0m96nv4l"; + }; + + nativeBuildInputs = [ autoreconfHook libtool bison flex ]; + buildInputs = [ openssl trousers ]; + + postPatch = '' + substituteInPlace configure.ac \ + --replace "usermod" "true" \ + --replace "groupadd" "true" \ + --replace "chmod" "true" \ + --replace "chgrp" "true" + substituteInPlace usr/lib/Makefile.am --replace "DESTDIR" "out" + ''; + + configureFlags = [ + "--prefix=$(out)" + "--disable-ccatok" + "--disable-icatok" + ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "PKCS#11 implementation for Linux"; + homepage = "https://github.com/opencryptoki/opencryptoki"; + license = licenses.cpl10; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/opensc/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/opensc/default.nix new file mode 100644 index 000000000000..735f7558e7a8 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/opensc/default.nix @@ -0,0 +1,65 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, zlib, readline, openssl +, libiconv, pcsclite, libassuan, libXt +, docbook_xsl, libxslt, docbook_xml_dtd_412 +, Carbon, PCSC, buildPackages +, withApplePCSC ? stdenv.isDarwin +}: + +stdenv.mkDerivation rec { + pname = "opensc"; + version = "0.21.0"; + + src = fetchFromGitHub { + owner = "OpenSC"; + repo = "OpenSC"; + rev = version; + sha256 = "sha256-OjOfA1pIu8NeN+hPuow5UVMKsg0PrsLojw5h05/Qm+o="; + }; + + nativeBuildInputs = [ pkgconfig autoreconfHook ]; + buildInputs = [ + zlib readline openssl libassuan + libXt libxslt libiconv docbook_xml_dtd_412 + ] + ++ stdenv.lib.optional stdenv.isDarwin Carbon + ++ (if withApplePCSC then [ PCSC ] else [ pcsclite ]); + + NIX_CFLAGS_COMPILE = "-Wno-error"; + + configureFlags = [ + "--enable-zlib" + "--enable-readline" + "--enable-openssl" + "--enable-pcsc" + "--enable-sm" + "--enable-man" + "--enable-doc" + "--localstatedir=/var" + "--sysconfdir=/etc" + "--with-xsl-stylesheetsdir=${docbook_xsl}/xml/xsl/docbook" + "--with-pcsc-provider=${ + if withApplePCSC then + "${PCSC}/Library/Frameworks/PCSC.framework/PCSC" + else + "${stdenv.lib.getLib pcsclite}/lib/libpcsclite${stdenv.hostPlatform.extensions.sharedLibrary}" + }" + (stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) + "XSLTPROC=${buildPackages.libxslt}/bin/xsltproc") + ]; + + PCSC_CFLAGS = stdenv.lib.optionalString withApplePCSC + "-I${PCSC}/Library/Frameworks/PCSC.framework/Headers"; + + installFlags = [ + "sysconfdir=$(out)/etc" + "completiondir=$(out)/etc" + ]; + + meta = with stdenv.lib; { + description = "Set of libraries and utilities to access smart cards"; + homepage = "https://github.com/OpenSC/OpenSC/wiki"; + license = licenses.lgpl21Plus; + platforms = platforms.all; + maintainers = [ maintainers.erictapen ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ossec/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ossec/default.nix new file mode 100644 index 000000000000..285e275a81f7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ossec/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, which }: + +stdenv.mkDerivation { + name = "ossec-client-2.6"; + + src = fetchurl { + url = "https://www.ossec.net/files/ossec-hids-2.6.tar.gz"; + + sha256 = "0k1b59wdv9h50gbyy88qw3cnpdm8hv0nrl0znm92h9a11i5b39ip"; + }; + + buildInputs = [ which ]; + + phases = [ "unpackPhase" "patchPhase" "buildPhase" ]; + + patches = [ ./no-root.patch ]; + + buildPhase = '' + echo "en + +agent +$out +no +127.0.0.1 +yes +yes +yes + + +" | ./install.sh + ''; + + meta = { + description = "Open source host-based instrusion detection system"; + homepage = "https://www.ossec.net"; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ossec/no-root.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/ossec/no-root.patch new file mode 100644 index 000000000000..ea6e9c54a9ae --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ossec/no-root.patch @@ -0,0 +1,176 @@ +diff -Naur ossec-hids-2.6-orig/install.sh ossec-hids-2.6/install.sh +--- ossec-hids-2.6-orig/install.sh 2011-07-11 15:36:58.000000000 -0400 ++++ ossec-hids-2.6/install.sh 2012-07-09 09:58:57.970692818 -0400 +@@ -119,14 +119,14 @@ + # Generate the /etc/ossec-init.conf + VERSION_FILE="./src/VERSION" + VERSION=`cat ${VERSION_FILE}` +- chmod 700 ${OSSEC_INIT} > /dev/null 2>&1 +- echo "DIRECTORY=\"${INSTALLDIR}\"" > ${OSSEC_INIT} +- echo "VERSION=\"${VERSION}\"" >> ${OSSEC_INIT} +- echo "DATE=\"`date`\"" >> ${OSSEC_INIT} +- echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT} +- chmod 600 ${OSSEC_INIT} +- cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT} +- chmod 644 ${INSTALLDIR}${OSSEC_INIT} ++ echo chmod 700 ${OSSEC_INIT} > /dev/null 2>&1 ++ echo "DIRECTORY=\"${INSTALLDIR}\"" > ${INSTALLDIR}${OSSEC_INIT} ++ echo "VERSION=\"${VERSION}\"" >> ${INSTALLDIR}${OSSEC_INIT} ++ echo "DATE=\"`date`\"" >> ${INSTALLDIR}${OSSEC_INIT} ++ echo "TYPE=\"${INSTYPE}\"" >> ${INSTALLDIR}${OSSEC_INIT} ++ echo chmod 600 ${OSSEC_INIT} ++ echo cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT} ++ echo chmod 644 ${INSTALLDIR}${OSSEC_INIT} + + + # If update_rules is set, we need to tweak +@@ -926,11 +926,6 @@ + catError "0x1-location"; + fi + +- # Must be root +- if [ ! "X$ME" = "Xroot" ]; then +- catError "0x2-beroot"; +- fi +- + # Checking dependencies + checkDependencies + +diff -Naur ossec-hids-2.6-orig/src/InstallAgent.sh ossec-hids-2.6/src/InstallAgent.sh +--- ossec-hids-2.6-orig/src/InstallAgent.sh 2011-07-11 15:36:58.000000000 -0400 ++++ ossec-hids-2.6/src/InstallAgent.sh 2012-07-09 09:56:12.061870552 -0400 +@@ -80,7 +80,7 @@ + else + grep "^${USER}" /etc/passwd > /dev/null 2>&1 + if [ ! $? = 0 ]; then +- /usr/sbin/groupadd ${GROUP} ++ echo /usr/sbin/groupadd ${GROUP} + + # We first check if /sbin/nologin is present. If it is not, + # we look for bin/false. If none of them is present, we +@@ -93,7 +93,7 @@ + OSMYSHELL="/bin/false" + fi + fi +- /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER} ++ echo /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER} + fi + fi + +@@ -105,31 +105,31 @@ + done + + # Default for all directories +-chmod -R 550 ${DIR} +-chown -R root:${GROUP} ${DIR} ++echo chmod -R 550 ${DIR} ++echo chown -R root:${GROUP} ${DIR} + + # To the ossec queue (default for agentd to read) +-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec +-chmod -R 770 ${DIR}/queue/ossec ++echo chown -R ${USER}:${GROUP} ${DIR}/queue/ossec ++echo chmod -R 770 ${DIR}/queue/ossec + + # For the logging user +-chown -R ${USER}:${GROUP} ${DIR}/logs +-chmod -R 750 ${DIR}/logs +-chmod -R 775 ${DIR}/queue/rids +-touch ${DIR}/logs/ossec.log +-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log +-chmod 664 ${DIR}/logs/ossec.log +- +-chown -R ${USER}:${GROUP} ${DIR}/queue/diff +-chmod -R 750 ${DIR}/queue/diff +-chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 ++echo chown -R ${USER}:${GROUP} ${DIR}/logs ++echo chmod -R 750 ${DIR}/logs ++echo chmod -R 775 ${DIR}/queue/rids ++echo touch ${DIR}/logs/ossec.log ++echo chown ${USER}:${GROUP} ${DIR}/logs/ossec.log ++echo chmod 664 ${DIR}/logs/ossec.log ++ ++echo chown -R ${USER}:${GROUP} ${DIR}/queue/diff ++echo chmod -R 750 ${DIR}/queue/diff ++echo chmod 740 ${DIR}/queue/diff/* "> /dev/null 2>&1" + + + + + # For the etc dir +-chmod 550 ${DIR}/etc +-chown -R root:${GROUP} ${DIR}/etc ++echo chmod 550 ${DIR}/etc ++echo chown -R root:${GROUP} ${DIR}/etc + + ls /etc/localtime > /dev/null 2>&1 + if [ $? = 0 ]; then +@@ -167,25 +167,25 @@ + cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 + cp -pr agentlessd/scripts/* ${DIR}/agentless/ + +-chown root:${GROUP} ${DIR}/etc/internal_options.conf +-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 +-chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1 +-chown root:${GROUP} ${DIR}/agentless/* +-chown ${USER}:${GROUP} ${DIR}/.ssh +-chown -R root:${GROUP} ${DIR}/etc/shared +- +-chmod 550 ${DIR}/etc +-chmod 440 ${DIR}/etc/internal_options.conf +-chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 +-chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1 +-chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it +-chmod 550 ${DIR}/agentless/* +-chmod 700 ${DIR}/.ssh ++echo chown root:${GROUP} ${DIR}/etc/internal_options.conf ++echo chown root:${GROUP} ${DIR}/etc/local_internal_options.conf "> /dev/null 2>&1" ++echo chown root:${GROUP} ${DIR}/etc/client.keys "> /dev/null 2>&1" ++echo chown root:${GROUP} ${DIR}/agentless/* ++echo chown ${USER}:${GROUP} ${DIR}/.ssh ++echo chown -R root:${GROUP} ${DIR}/etc/shared ++ ++echo chmod 550 ${DIR}/etc ++echo chmod 440 ${DIR}/etc/internal_options.conf ++echo chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 ++echo chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1 ++echo chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it ++echo chmod 550 ${DIR}/agentless/* ++echo chmod 700 ${DIR}/.ssh + + + # For the /var/run +-chmod 770 ${DIR}/var/run +-chown root:${GROUP} ${DIR}/var/run ++echo chmod 770 ${DIR}/var/run ++echo chown root:${GROUP} ${DIR}/var/run + + + # Moving the binary files +@@ -201,11 +201,11 @@ + sh ./init/fw-check.sh execute > /dev/null + cp -pr ../active-response/*.sh ${DIR}/active-response/bin/ + cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ +-chmod 755 ${DIR}/active-response/bin/* +-chown root:${GROUP} ${DIR}/active-response/bin/* ++echo chmod 755 ${DIR}/active-response/bin/* ++echo chown root:${GROUP} ${DIR}/active-response/bin/* + +-chown root:${GROUP} ${DIR}/bin/* +-chmod 550 ${DIR}/bin/* ++echo chown root:${GROUP} ${DIR}/bin/* ++echo chmod 550 ${DIR}/bin/* + + + # Moving the config file +@@ -221,8 +221,8 @@ + else + cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf + fi +-chown root:${GROUP} ${DIR}/etc/ossec.conf +-chmod 440 ${DIR}/etc/ossec.conf ++echo chown root:${GROUP} ${DIR}/etc/ossec.conf ++echo chmod 440 ${DIR}/etc/ossec.conf + + + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/p0f/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/p0f/default.nix new file mode 100644 index 000000000000..02d888b725ff --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/p0f/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, libpcap, bash }: + +stdenv.mkDerivation rec { + pname = "p0f"; + version = "3.09b"; + + src = fetchurl { + url = "http://lcamtuf.coredump.cx/p0f3/releases/${pname}-${version}.tgz"; + sha256 = "0zqfq3gdnha29ckvlqmyp36c0jhj7f69bhqqx31yb6vkirinhfsl"; + }; + + buildInputs = [ libpcap ]; + + buildPhase = '' + substituteInPlace config.h --replace "p0f.fp" "$out/etc/p0f.fp" + substituteInPlace build.sh --replace "/bin/bash" "${bash}/bin/bash" + ./build.sh + cd tools && make && cd .. + ''; + + installPhase = '' + mkdir -p $out/sbin $out/etc + + cp ./p0f $out/sbin + cp ./p0f.fp $out/etc + + cp ./tools/p0f-client $out/sbin + cp ./tools/p0f-sendsyn $out/sbin + cp ./tools/p0f-sendsyn6 $out/sbin + ''; + + hardeningDisable = [ "format" ]; + + meta = { + description = "Passive network reconnaissance and fingerprinting tool"; + homepage = "https://lcamtuf.coredump.cx/p0f3/"; + license = stdenv.lib.licenses.lgpl21; + platforms = stdenv.lib.platforms.linux; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pamtester/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pamtester/default.nix new file mode 100644 index 000000000000..a1055dadc6ca --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pamtester/default.nix @@ -0,0 +1,20 @@ +{ stdenv, fetchurl, pam }: + +stdenv.mkDerivation rec { + name = "pamtester-0.1.2"; + + src = fetchurl { + url = "mirror://sourceforge/pamtester/${name}.tar.gz"; + sha256 = "1mdj1wj0adcnx354fs17928yn2xfr1hj5mfraq282dagi873sqw3"; + }; + + buildInputs = [ pam ]; + + meta = with stdenv.lib; { + description = "Utility program to test the PAM facility"; + homepage = "http://pamtester.sourceforge.net/"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/paperkey/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/paperkey/default.nix new file mode 100644 index 000000000000..dc3582b7369f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/paperkey/default.nix @@ -0,0 +1,34 @@ +{ fetchurl, stdenv }: + +stdenv.mkDerivation rec { + pname = "paperkey"; + version = "1.6"; + + src = fetchurl { + url = "https://www.jabberwocky.com/software/paperkey/${pname}-${version}.tar.gz"; + sha256 = "1xq5gni6gksjkd5avg0zpd73vsr97appksfx0gx2m38s4w9zsid2"; + }; + + postPatch = '' + for a in checks/*.sh ; do + substituteInPlace $a \ + --replace /bin/echo echo + done + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Store OpenPGP or GnuPG on paper"; + longDescription = '' + A reasonable way to achieve a long term backup of OpenPGP (GnuPG, PGP, etc) + keys is to print them out on paper. Paper and ink have amazingly long + retention qualities - far longer than the magnetic or optical means that + are generally used to back up computer data. + ''; + homepage = "https://www.jabberwocky.com/software/paperkey/"; + license = licenses.gpl2; + platforms = platforms.unix; + maintainers = with maintainers; [ skeidel ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/clip-wayland-support.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/clip-wayland-support.patch new file mode 100644 index 000000000000..7b8d2eb010d2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/clip-wayland-support.patch @@ -0,0 +1,113 @@ +From b0b784b1a57c0b06936e6f5d6560712b4b810cd3 Mon Sep 17 00:00:00 2001 +From: Brett Cornwall <brett@i--b.com> +Date: Wed, 27 Feb 2019 00:08:33 -0700 +Subject: clip: Add support for wl-clipboard + +Edited to properly apply with +`set-correct-program-name-for-sleep.patch`. + +--- + README | 4 +++- + man/pass.1 | 5 +++++ + src/password-store.sh | 26 +++++++++++++++++++++----- + 3 files changed, 29 insertions(+), 6 deletions(-) + +diff --git a/README b/README +index 6b59965..1a46242 100644 +--- a/README ++++ b/README +@@ -19,8 +19,10 @@ Depends on: + http://www.gnupg.org/ + - git + http://www.git-scm.com/ +-- xclip ++- xclip (for X11 environments) + http://sourceforge.net/projects/xclip/ ++- wl-clipboard (for wlroots Wayland-based environments) ++ https://github.com/bugaevc/wl-clipboard + - tree >= 1.7.0 + http://mama.indstate.edu/users/ice/tree/ + - GNU getopt +diff --git a/man/pass.1 b/man/pass.1 +index 01a3fbe..a555dcb 100644 +--- a/man/pass.1 ++++ b/man/pass.1 +@@ -99,6 +99,8 @@ Decrypt and print a password named \fIpass-name\fP. If \fI--clip\fP or \fI-c\fP + is specified, do not print the password but instead copy the first (or otherwise specified) + line to the clipboard using + .BR xclip (1) ++or ++.BR wl-clipboard(1) + and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP) seconds. If \fI--qrcode\fP + or \fI-q\fP is specified, do not print the password but instead display a QR code using + .BR qrencode (1) +@@ -132,6 +134,8 @@ in generating passwords can be changed with the \fIPASSWORD_STORE_CHARACTER_SET\ + If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy + it to the clipboard using + .BR xclip (1) ++or ++.BR wl-clipboard(1) + and then restore the clipboard after 45 (or \fIPASSWORD_STORE_CLIP_TIME\fP) seconds. If \fI--qrcode\fP + or \fI-q\fP is specified, do not print the password but instead display a QR code using + .BR qrencode (1) +@@ -466,6 +470,7 @@ The location of the text editor used by \fBedit\fP. + .BR tr (1), + .BR git (1), + .BR xclip (1), ++.BR wl-clipboard (1), + .BR qrencode (1). + + .SH AUTHOR +diff --git a/src/password-store.sh b/src/password-store.sh +index d89d455..284eabf 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -152,16 +152,32 @@ check_sneaky_paths() { + # + + clip() { ++ if [[ -n $WAYLAND_DISPLAY ]]; then ++ local copy_cmd=( wl-copy ) ++ local paste_cmd=( wl-paste -n ) ++ if [[ $X_SELECTION == primary ]]; then ++ copy_cmd+=( --primary ) ++ paste_cmd+=( --primary ) ++ fi ++ local display_name="$WAYLAND_DISPLAY" ++ elif [[ -n $DISPLAY ]]; then ++ local copy_cmd=( xclip -selection "$X_SELECTION" ) ++ local paste_cmd=( xclip -o -selection "$X_SELECTION" ) ++ local display_name="$DISPLAY" ++ else ++ die "Error: No X11 or Wayland display detected" ++ fi ++ local sleep_argv0="password store sleep on display $display_name" ++ + # This base64 business is because bash cannot store binary data in a shell + # variable. Specifically, it cannot store nulls nor (non-trivally) store + # trailing new lines. +- local sleep_argv0="password store sleep on display $DISPLAY" + pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 +- local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | $BASE64)" +- echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" ++ local before="$("${paste_cmd[@]}" 2>/dev/null | $BASE64)" ++ echo -n "$1" | "${copy_cmd[@]}" || die "Error: Could not copy data to the clipboard" + ( + ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") ) +- local now="$(xclip -o -selection "$X_SELECTION" | $BASE64)" ++ local now="$("${paste_cmd[@]}" | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + + # It might be nice to programatically check to see if klipper exists, +@@ -173,7 +189,7 @@ clip() { + # so we axe it here: + qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory &>/dev/null + +- echo "$before" | $BASE64 -d | xclip -selection "$X_SELECTION" ++ echo "$before" | $BASE64 -d | "${copy_cmd[@]}" + ) >/dev/null 2>&1 & disown + echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." + } +-- +cgit v1.2.1-28-gf32c + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/default.nix new file mode 100644 index 000000000000..354437a9bd56 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/default.nix @@ -0,0 +1,167 @@ +{ stdenv, lib, pkgs, fetchurl, buildEnv +, coreutils, findutils, gnugrep, gnused, getopt, git, tree, gnupg, openssl +, which, procps , qrencode , makeWrapper, pass, symlinkJoin + +, xclip ? null, xdotool ? null, dmenu ? null +, x11Support ? !stdenv.isDarwin , dmenuSupport ? x11Support +, waylandSupport ? false, wl-clipboard ? null + +# For backwards-compatibility +, tombPluginSupport ? false +}: + +with lib; + +assert x11Support -> xclip != null; + +assert dmenuSupport -> dmenu != null + && xdotool != null + && x11Support; + +assert waylandSupport -> wl-clipboard != null; + +let + passExtensions = import ./extensions { inherit pkgs; }; + + env = extensions: + let + selected = [ pass ] ++ extensions passExtensions + ++ stdenv.lib.optional tombPluginSupport passExtensions.tomb; + in buildEnv { + name = "pass-extensions-env"; + paths = selected; + buildInputs = [ makeWrapper ] ++ concatMap (x: x.buildInputs) selected; + + postBuild = '' + files=$(find $out/bin/ -type f -exec readlink -f {} \;) + if [ -L $out/bin ]; then + rm $out/bin + mkdir $out/bin + fi + + for i in $files; do + if ! [ "$(readlink -f "$out/bin/$(basename $i)")" = "$i" ]; then + ln -sf $i $out/bin/$(basename $i) + fi + done + + wrapProgram $out/bin/pass \ + --set SYSTEM_EXTENSION_DIR "$out/lib/password-store/extensions" + ''; + }; +in + +stdenv.mkDerivation rec { + version = "1.7.3"; + pname = "password-store"; + + src = fetchurl { + url = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz"; + sha256 = "1x53k5dn3cdmvy8m4fqdld4hji5n676ksl0ql4armkmsds26av1b"; + }; + + patches = [ + ./set-correct-program-name-for-sleep.patch + ./extension-dir.patch + ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch + # TODO (@Ma27) this patch adds support for wl-clipboard and can be removed during the next + # version bump. + ++ stdenv.lib.optional waylandSupport ./clip-wayland-support.patch; + + nativeBuildInputs = [ makeWrapper ]; + + installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; + + postInstall = '' + # Install Emacs Mode. NOTE: We can't install the necessary + # dependencies (s.el and f.el) here. The user has to do this + # himself. + mkdir -p "$out/share/emacs/site-lisp" + cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/" + '' + optionalString dmenuSupport '' + cp "contrib/dmenu/passmenu" "$out/bin/" + ''; + + wrapperPath = with stdenv.lib; makeBinPath ([ + coreutils + findutils + getopt + git + gnugrep + gnupg + gnused + tree + which + qrencode + procps + ] ++ optional stdenv.isDarwin openssl + ++ optional x11Support xclip + ++ optionals dmenuSupport [ xdotool dmenu ] + ++ optional waylandSupport wl-clipboard); + + postFixup = '' + # Fix program name in --help + substituteInPlace $out/bin/pass \ + --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass" + + # Ensure all dependencies are in PATH + wrapProgram $out/bin/pass \ + --prefix PATH : "${wrapperPath}" + '' + stdenv.lib.optionalString dmenuSupport '' + # We just wrap passmenu with the same PATH as pass. It doesn't + # need all the tools in there but it doesn't hurt either. + wrapProgram $out/bin/passmenu \ + --prefix PATH : "$out/bin:${wrapperPath}" + ''; + + # Turn "check" into "installcheck", since we want to test our pass, + # not the one before the fixup. + postPatch = '' + patchShebangs tests + + substituteInPlace src/password-store.sh \ + --replace "@out@" "$out" + + # the turning + sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \ + -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \ + -e '/which gpg/ d' \ + tests/setup.sh + '' + stdenv.lib.optionalString stdenv.isDarwin '' + # 'pass edit' uses hdid, which is not available from the sandbox. + rm -f tests/t0200-edit-tests.sh + rm -f tests/t0010-generate-tests.sh + rm -f tests/t0020-show-tests.sh + rm -f tests/t0050-mv-tests.sh + rm -f tests/t0100-insert-tests.sh + rm -f tests/t0300-reencryption.sh + rm -f tests/t0400-grep.sh + ''; + + doCheck = false; + + doInstallCheck = true; + installCheckInputs = [ git ]; + installCheckTarget = "test"; + + passthru = { + extensions = passExtensions; + withExtensions = env; + }; + + meta = with stdenv.lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = "https://www.passwordstore.org/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher globin ma27 ]; + platforms = platforms.unix; + + longDescription = '' + pass is a very simple password store that keeps passwords inside gpg2 + encrypted files inside a simple directory tree residing at + ~/.password-store. The pass utility provides a series of commands for + manipulating the password store, allowing the user to add, remove, edit, + synchronize, generate, and manipulate passwords. + ''; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extension-dir.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extension-dir.patch new file mode 100644 index 000000000000..028da31c4617 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extension-dir.patch @@ -0,0 +1,32 @@ +diff --git a/Makefile b/Makefile +index eac2291..1b1df0a 100644 +--- a/Makefile ++++ b/Makefile +@@ -46,12 +46,12 @@ install: install-common + @install -v -d "$(DESTDIR)$(LIBDIR)/password-store" && install -m 0644 -v "$(PLATFORMFILE)" "$(DESTDIR)$(LIBDIR)/password-store/platform.sh" + @install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions" + @install -v -d "$(DESTDIR)$(BINDIR)/" +- @trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \ ++ @trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;' src/password-store.sh > src/.pass && \ + install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass" + else + install: install-common + @install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions" +- @trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \ ++ @trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;' src/password-store.sh > src/.pass && \ + install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass" + endif + +diff --git a/src/password-store.sh b/src/password-store.sh +index 68551a4..2f3b5b7 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -656,7 +656,7 @@ cmd_extension_or_show() { + fi + } + +-SYSTEM_EXTENSION_DIR="" ++SYSTEM_EXTENSION_DIR="${SYSTEM_EXTENSION_DIR:-@out@/lib/password-store/extensions}" + cmd_extension() { + check_sneaky_paths "$1" + local user_extension system_extension extension diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/0001-Fix-installation-with-Nix.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/0001-Fix-installation-with-Nix.patch new file mode 100644 index 000000000000..55822f170d14 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/0001-Fix-installation-with-Nix.patch @@ -0,0 +1,41 @@ +From 611cb2de31a460789c44615d3a52b8d24dbd6fdd Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Fri, 4 Dec 2020 21:53:52 +0100 +Subject: [PATCH] Fix installation with Nix + +--- + Makefile | 2 +- + setup.py | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Makefile b/Makefile +index 2febf4e..8feab91 100644 +--- a/Makefile ++++ b/Makefile +@@ -7,7 +7,7 @@ all: + @echo + + install: +- @python3 setup.py install --root="$(DESTDIR)" --optimize=1 --skip-build ++ @python3 setup.py install --root="$(DESTDIR)" --optimize=1 --skip-build --prefix= + @echo + @echo "pass-import is installed succesfully" + @echo +diff --git a/setup.py b/setup.py +index b30870c..d9fedbc 100644 +--- a/setup.py ++++ b/setup.py +@@ -15,8 +15,8 @@ with Path('pass_import', '__about__.py').open() as file: + with open('README.md') as file: + long_description = file.read() + +-share = Path(sys.prefix, 'share') +-lib = Path('/usr', 'lib', 'password-store', 'extensions') ++share = Path('/share') ++lib = Path('/lib', 'password-store', 'extensions') + if '--user' in sys.argv: + lib = Path.home() / '.password-store' / 'extensions' + if 'XDG_DATA_HOME' in os.environ: +-- +2.28.0 + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch new file mode 100644 index 000000000000..5703f3c1f652 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch @@ -0,0 +1,28 @@ +From 8f76b32946430737f97f2702afd828b09536afd2 Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Sun, 15 Mar 2020 20:10:11 +0100 +Subject: [PATCH 2/2] Fix audit.bash setup + +This sets PASSWORD_STORE_DIR (needed by the python-code) to +PASSWORD_STORE_DIR and properly falls back to `~/.password-store` if +it's not set. +--- + audit.bash | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/audit.bash b/audit.bash +index 7a973dc..c40ff76 100755 +--- a/audit.bash ++++ b/audit.bash +@@ -17,7 +17,7 @@ + # + + cmd_audit() { +- export PASSWORD_STORE_DIR=$PREFIX GIT_DIR PASSWORD_STORE_GPG_OPTS ++ export PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR:-$HOME/.password-store} GIT_DIR PASSWORD_STORE_GPG_OPTS + export X_SELECTION CLIP_TIME PASSWORD_STORE_UMASK GENERATED_LENGTH + export CHARACTER_SET CHARACTER_SET_NO_SYMBOLS EXTENSIONS PASSWORD_STORE_KEY + export PASSWORD_STORE_ENABLE_EXTENSIONS PASSWORD_STORE_SIGNING_KEY +-- +2.25.0 + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix new file mode 100644 index 000000000000..ec0f23ddc383 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix @@ -0,0 +1,53 @@ +{ stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper, gnupg }: + +let + pythonEnv = pythonPackages.python.withPackages (p: [ p.requests p.setuptools p.zxcvbn ]); + +in stdenv.mkDerivation rec { + pname = "pass-audit"; + version = "1.1"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-audit"; + rev = "v${version}"; + sha256 = "1vapymgpab91kh798mirgs1nb7j9qln0gm2d3321cmsghhb7xs45"; + }; + + patches = [ + ./0002-Fix-audit.bash-setup.patch + ]; + + postPatch = '' + substituteInPlace audit.bash \ + --replace 'python3' "${pythonEnv}/bin/python3" + substituteInPlace Makefile \ + --replace "install --root" "install --prefix ''' --root" + ''; + + outputs = [ "out" "man" ]; + + buildInputs = [ pythonEnv ]; + nativeBuildInputs = [ makeWrapper ]; + + # Tests freeze on darwin with: pass-audit-1.1 (checkPhase): EOFError + doCheck = !stdenv.isDarwin; + checkInputs = [ pythonPackages.green pass gnupg ]; + checkPhase = '' + ${pythonEnv}/bin/python3 setup.py green -q + ''; + + installFlags = [ "DESTDIR=${placeholder "out"}" "PREFIX=" ]; + postInstall = '' + wrapProgram $out/lib/password-store/extensions/audit.bash \ + --prefix PYTHONPATH : "$out/lib/${pythonEnv.libPrefix}/site-packages" + ''; + + meta = with stdenv.lib; { + description = "Pass extension for auditing your password repository."; + homepage = "https://github.com/roddhjav/pass-audit"; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ ma27 ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/checkup.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/checkup.nix new file mode 100644 index 000000000000..83a1d7a8872d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/checkup.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub +, curl, findutils, gnugrep, gnused }: + +stdenv.mkDerivation rec { + pname = "pass-checkup"; + version = "0.2.0"; + + src = fetchFromGitHub { + owner = "etu"; + repo = "pass-checkup"; + rev = version; + sha256 = "17fyf8zj535fg43yddjww1jhxfb3nbdkn622wjxaai2nf46jzh7y"; + }; + + patchPhase = '' + substituteInPlace checkup.bash \ + --replace curl ${curl}/bin/curl \ + --replace find ${findutils}/bin/find \ + --replace grep ${gnugrep}/bin/grep \ + --replace sed ${gnused}/bin/sed + ''; + + installPhase = '' + install -D -m755 checkup.bash $out/lib/password-store/extensions/checkup.bash + ''; + + meta = with stdenv.lib; { + description = "A pass extension to check against the Have I been pwned API to see if your passwords are publicly leaked or not"; + homepage = "https://github.com/etu/pass-checkup"; + license = licenses.gpl3; + maintainers = with maintainers; [ etu ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/default.nix new file mode 100644 index 000000000000..1f41a6924821 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/default.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: + +with pkgs; + +{ + pass-audit = callPackage ./audit { + pythonPackages = python3Packages; + }; + pass-checkup = callPackage ./checkup.nix {}; + pass-import = callPackage ./import.nix { + pythonPackages = python3Packages; + }; + pass-otp = callPackage ./otp.nix {}; + pass-tomb = callPackage ./tomb.nix {}; + pass-update = callPackage ./update.nix {}; + pass-genphrase = callPackage ./genphrase.nix {}; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix new file mode 100644 index 000000000000..d45e35d9bbc0 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "pass-genphrase"; + version = "0.3"; + + src = fetchFromGitHub { + owner = "congma"; + repo = "pass-genphrase"; + rev = version; + sha256 = "01dff2jlp111y7vlmp1wbgijzphhlzc19m02fs8nzmn5vxyffanx"; + }; + + dontBuild = true; + + installTargets = [ "globalinstall" ]; + + installFlags = [ "PREFIX=$(out)" ]; + + postFixup = '' + substituteInPlace $out/lib/password-store/extensions/genphrase.bash \ + --replace '$EXTENSIONS' "$out/lib/password-store/extensions/" + ''; + + meta = with stdenv.lib; { + description = "Pass extension that generates memorable passwords"; + homepage = "https://github.com/congma/pass-genphrase"; + license = licenses.gpl3; + maintainers = with maintainers; [ seqizz ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/import.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/import.nix new file mode 100644 index 000000000000..885dd05110f3 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/import.nix @@ -0,0 +1,49 @@ +{ stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper, fetchpatch }: + +let + pythonEnv = pythonPackages.python.withPackages (p: [ + p.defusedxml + p.setuptools + p.pyaml + p.pykeepass + p.filemagic + p.cryptography + p.secretstorage + ]); + +in stdenv.mkDerivation rec { + pname = "pass-import"; + version = "3.1"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-import"; + rev = "v${version}"; + sha256 = "sha256-nH2xAqWfMT+Brv3z9Aw6nbvYqArEZjpM28rKsRPihqA="; + }; + + patches = [ ./0001-Fix-installation-with-Nix.patch ]; + + nativeBuildInputs = [ makeWrapper ]; + + buildInputs = [ pythonEnv ]; + + makeFlags = [ "DESTDIR=${placeholder "out"}" ]; + + postInstall = '' + wrapProgram $out/bin/pimport \ + --prefix PATH : "${pythonEnv}/bin" \ + --prefix PYTHONPATH : "$out/${pythonPackages.python.sitePackages}" + wrapProgram $out/lib/password-store/extensions/import.bash \ + --prefix PATH : "${pythonEnv}/bin" \ + --prefix PYTHONPATH : "$out/${pythonPackages.python.sitePackages}" + ''; + + meta = with stdenv.lib; { + description = "Pass extension for importing data from existing password managers"; + homepage = "https://github.com/roddhjav/pass-import"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix new file mode 100644 index 000000000000..835e693c2c5c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchFromGitHub, oathToolkit }: + +stdenv.mkDerivation rec { + pname = "pass-otp"; + version = "1.2.0"; + + src = fetchFromGitHub { + owner = "tadfisher"; + repo = "pass-otp"; + rev = "v${version}"; + sha256 = "0cpqrf3939hcvwg7sd8055ghc8x964ilimlri16czzx188a9jx9v"; + }; + + buildInputs = [ oathToolkit ]; + + dontBuild = true; + + patchPhase = '' + sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash + ''; + + installFlags = [ "PREFIX=$(out)" + "BASHCOMPDIR=$(out)/share/bash-completion/completions" + ]; + + meta = with stdenv.lib; { + description = "A pass extension for managing one-time-password (OTP) tokens"; + homepage = "https://github.com/tadfisher/pass-otp"; + license = licenses.gpl3; + maintainers = with maintainers; [ jwiegley tadfisher toonn ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix new file mode 100644 index 000000000000..43c74a9029b3 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub, tomb }: + +stdenv.mkDerivation rec { + pname = "pass-tomb"; + version = "1.1"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-tomb"; + rev = "v${version}"; + sha256 = "0wxa673yyzasjlkpd5f3yl5zf7bhsw7h1jbhf6sdjz65bypr2596"; + }; + + buildInputs = [ tomb ]; + + dontBuild = true; + + installFlags = [ "PREFIX=$(out)" ]; + + postFixup = '' + substituteInPlace $out/lib/password-store/extensions/tomb.bash \ + --replace 'TOMB="''${PASSWORD_STORE_TOMB:-tomb}"' 'TOMB="''${PASSWORD_STORE_TOMB:-${tomb}/bin/tomb}"' + ''; + + meta = with stdenv.lib; { + description = "Pass extension that keeps the password store encrypted inside a tomb"; + homepage = "https://github.com/roddhjav/pass-tomb"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/update.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/update.nix new file mode 100644 index 000000000000..c364c341bda5 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/extensions/update.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "pass-update"; + version = "2.1"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-update"; + rev = "v${version}"; + sha256 = "0yx8w97jcp6lv7ad5jxqnj04csbrn2hhc4pskssxknw2sbvg4g6c"; + }; + + postPatch = '' + substituteInPlace Makefile \ + --replace "BASHCOMPDIR ?= /etc/bash_completion.d" "BASHCOMPDIR ?= $out/share/bash-completion/completions" + ''; + + dontBuild = true; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with stdenv.lib; { + description = "Pass extension that provides an easy flow for updating passwords"; + homepage = "https://github.com/roddhjav/pass-update"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/no-darwin-getopt.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/no-darwin-getopt.patch new file mode 100644 index 000000000000..e8f7e138ff02 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/no-darwin-getopt.patch @@ -0,0 +1,9 @@ +diff -Naur password-store-1.6.5-orig/src/platform/darwin.sh password-store-1.6.5/src/platform/darwin.sh +--- password-store-1.6.5-orig/src/platform/darwin.sh 2015-01-28 16:43:02.000000000 +0000 ++++ password-store-1.6.5/src/platform/darwin.sh 2015-02-15 16:09:02.000000000 +0000 +@@ -31,5 +31,4 @@ + mount -t hfs -o noatime -o nobrowse "$DARWIN_RAMDISK_DEV" "$SECURE_TMPDIR" || die "Error: could not mount filesystem on ramdisk." + } + +-GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt" + SHRED="srm -f -z" diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix new file mode 100644 index 000000000000..d46aac93e86b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix @@ -0,0 +1,56 @@ +{ stdenv, fetchFromGitHub, pass, rofi, coreutils, util-linux, xdotool, gnugrep +, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper +}: + +stdenv.mkDerivation rec { + pname = "rofi-pass"; + version = "2.0.2"; + + src = fetchFromGitHub { + owner = "carnager"; + repo = "rofi-pass"; + rev = version; + sha256 = "131jpcwyyzgzjn9lx4k1zn95pd68pjw4i41jfzcp9z9fnazyln5n"; + }; + + buildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin + cp -a rofi-pass $out/bin/rofi-pass + + mkdir -p $out/share/doc/rofi-pass/ + cp -a config.example $out/share/doc/rofi-pass/config.example + ''; + + wrapperPath = with stdenv.lib; makeBinPath [ + coreutils + findutils + gawk + gnugrep + gnused + libnotify + (pass.withExtensions (ext: [ ext.pass-otp ])) + pwgen + rofi + util-linux + xclip + xdotool + ]; + + fixupPhase = '' + patchShebangs $out/bin + + wrapProgram $out/bin/rofi-pass \ + --prefix PATH : "${wrapperPath}" + ''; + + meta = { + description = "A script to make rofi work with password-store"; + homepage = "https://github.com/carnager/rofi-pass"; + license = stdenv.lib.licenses.gpl3; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch new file mode 100644 index 000000000000..f3a844ad2d6d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch @@ -0,0 +1,69 @@ +From d11261c2ad184daf6e9edd777bc8a3372c277b4b Mon Sep 17 00:00:00 2001 +From: Johannes Frankenau <johannes@frankenau.net> +Date: Fri, 10 Aug 2018 09:49:57 +0200 +Subject: [PATCH] Patch the clip() function to work even when using + single-binary coreutils + +--- + src/password-store.sh | 4 ++-- + src/platform/cygwin.sh | 4 ++-- + src/platform/darwin.sh | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/password-store.sh b/src/password-store.sh +index 7264ffc..68551a4 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -155,11 +155,11 @@ clip() { + # variable. Specifically, it cannot store nulls nor (non-trivally) store + # trailing new lines. + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | $BASE64)" + echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" + ( +- ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" ) ++ ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") ) + local now="$(xclip -o -selection "$X_SELECTION" | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + +diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh +index 5a8d5ea..423e0ce 100644 +--- a/src/platform/cygwin.sh ++++ b/src/platform/cygwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$($BASE64 < /dev/clipboard)" + echo -n "$1" > /dev/clipboard + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$($BASE64 < /dev/clipboard)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + echo "$before" | $BASE64 -d > /dev/clipboard +diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh +index 342ecce..9e12837 100644 +--- a/src/platform/darwin.sh ++++ b/src/platform/darwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep for user $(id -u)" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(pbpaste | $BASE64)" + echo -n "$1" | pbcopy + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(pbpaste | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + echo "$before" | $BASE64 -d | pbcopy +-- +2.16.4 + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/passff-host/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/passff-host/default.nix new file mode 100644 index 000000000000..0bdb04b76129 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/passff-host/default.nix @@ -0,0 +1,47 @@ +{ stdenv, fetchFromGitHub, python3, pass }: + +stdenv.mkDerivation rec { + pname = "passff-host"; + version = "1.2.1"; + + src = fetchFromGitHub { + owner = "passff"; + repo = pname; + rev = version; + sha256 = "0ydfwvhgnw5c3ydx2gn5d7ys9g7cxlck57vfddpv6ix890v21451"; + }; + + buildInputs = [ python3 ]; + makeFlags = [ "VERSION=${version}" ]; + + patchPhase = '' + sed -i 's#COMMAND = "pass"#COMMAND = "${pass}/bin/pass"#' src/passff.py + ''; + + installPhase = '' + substituteInPlace bin/${version}/passff.json \ + --replace PLACEHOLDER $out/share/passff-host/passff.py + + install -Dt $out/share/passff-host \ + bin/${version}/passff.{py,json} + + nativeMessagingPaths=( + /lib/mozilla/native-messaging-hosts + /etc/opt/chrome/native-messaging-hosts + /etc/chromium/native-messaging-hosts + /etc/vivaldi/native-messaging-hosts + ) + + for manifestDir in "''${nativeMessagingPaths[@]}"; do + install -d $out$manifestDir + ln -s $out/share/passff-host/passff.json $out$manifestDir/ + done + ''; + + meta = with stdenv.lib; { + description = "Host app for the WebExtension PassFF"; + homepage = "https://github.com/passff/passff-host"; + license = licenses.gpl2; + maintainers = with maintainers; [ nadrieril ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pbis/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pbis/default.nix new file mode 100644 index 000000000000..176ef7f7616b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pbis/default.nix @@ -0,0 +1,70 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, perl, flex, bison, curl, + pam, popt, libiconv, libuuid, openssl_1_0_2, cyrus_sasl, sqlite, tdb, libxml2 }: + +stdenv.mkDerivation rec { + pname = "pbis-open"; + version = "9.1.0"; + + src = fetchFromGitHub { + owner = "BeyondTrust"; + repo = pname; + rev = version; + sha256 = "081jm34sf488nwz5wzs55d6rxx3sv566x6p4h1yqcjaw36174m8v"; + }; + + nativeBuildInputs = [ + autoconf automake libtool perl flex bison + ]; + + # curl must be placed after openssl_1_0_2, because it pulls openssl 1.1 dependency. + buildInputs = [ + pam popt libiconv libuuid openssl_1_0_2 cyrus_sasl + curl sqlite popt tdb libxml2 /*libglade2 for gtk*/ + ]; + + postPatch = '' + patchShebangs . + sed -i -e 's/legacy//g' lwupgrade/MakeKitBuild # disable /opt/ symlinks + sed -i -e 's/tdb.h//g' samba-interop/MakeKitBuild #include <tdb.h> fails but it won't affect the build + ''; + preConfigure = '' + mkdir release + cd release + if [ $CC = gcc ]; then + NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -Wno-error=format-overflow -Wno-error=address-of-packed-member" + fi + NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -isystem ${stdenv.lib.getDev libxml2}/include/libxml2 -Wno-error=array-bounds -Wno-error=pointer-sign -Wno-error=deprecated-declarations -Wno-error=unused-variable" + ''; + configureScript = ''../configure''; + configureFlags = [ + "CFLAGS=-O" + "--docdir=${placeholder "prefix"}/share/doc" + "--mandir=${placeholder "prefix"}/share/doc/man" + "--datadir=${placeholder "prefix"}/share" + "--lw-initdir=${placeholder "prefix"}/etc/init.d" + "--selinux=no" # NixOS does not support SELinux + "--build-isas=x86_64" # [lwbase] endianness (host/x86_32): [lwbase] ERROR: could not determine endianness + "--fail-on-warn=no" + # "--debug=yes" + ]; # ^ See https://github.com/BeyondTrust/pbis-open/issues/124 + configureFlagsArray = [ "--lw-bundled-libs=linenoise-mob tomlc99 opensoap krb5 cyrus-sasl curl openldap ${ if libuuid == null then "libuuid" else "" }" ]; + # ^ it depends on old krb5 version 1.9 (issue #228) + # linenoise-mod, tomlc99, opensoap is not in nixpkgs. + # krb5 must be old one, and cyrus-sasl and openldap have dependency to newer libkrb5 that cause runtime error + enableParallelBuilding = true; + makeFlags = "SHELL="; + hardeningDisable = [ "format" ]; # -Werror=format-security + installPhase = '' + mkdir $sys + mv stage/{lib,var} $sys + mv stage$out $out + ''; + outputs = [ "out" "sys" ]; + + meta = with stdenv.lib; { + description = "BeyondTrust AD Bridge Open simplifies the process of joining non-Microsoft hosts to Active Directory domains"; + homepage = "https://github.com/BeyondTrust/pbis-open"; + license = with licenses; [ gpl2 lgpl21 ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix new file mode 100644 index 000000000000..7ae062547aa2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsc-cyberjack/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, autoreconfHook, pkgconfig, libusb1, pcsclite }: + +let + version = "3.99.5"; + suffix = "SP13"; + tarBall = "${version}final.${suffix}"; + +in stdenv.mkDerivation rec { + pname = "pcsc-cyberjack"; + inherit version; + + src = fetchurl { + url = + "http://support.reiner-sct.de/downloads/LINUX/V${version}_${suffix}/${pname}_${tarBall}.tar.gz"; + sha256 = "1lx4bfz4riz7j77sl65akyxzww0ygm63w0c1b75knr1pijlv8d3b"; + }; + + outputs = [ "out" "tools" ]; + + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + + buildInputs = [ libusb1 pcsclite ]; + + enableParallelBuilding = true; + + configureFlags = [ + "--with-usbdropdir=${placeholder "out"}/pcsc/drivers" + "--bindir=${placeholder "tools"}/bin" + ]; + + postInstall = "make -C tools/cjflash install"; + + meta = with stdenv.lib; { + description = "REINER SCT cyberJack USB chipcard reader user space driver"; + homepage = "https://www.reiner-sct.com/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ aszlig ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix new file mode 100644 index 000000000000..02e38bbe249a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchurl, unzip, libusb-compat-0_1 }: + +let + arch = if stdenv.hostPlatform.system == "i686-linux" then "32" + else if stdenv.hostPlatform.system == "x86_64-linux" then "64" + else throw "Unsupported system: ${stdenv.hostPlatform.system}"; +in +stdenv.mkDerivation rec { + pname = "pcsc-scm-scl"; + version = "2.09"; + + src = fetchurl { + url = "http://files.identiv.com/products/smart-card-readers/contactless/scl010-011/Linux_Driver_Ver${version}.zip"; + sha256 = "0ik26sxgqgsqplksl87z61vwmx51k7plaqmrkdid7xidgfhfxr42"; + }; + + buildInputs = [ unzip ]; + + unpackPhase = '' + unzip $src + tar xf "Linux Driver Ver${version}/sclgeneric_${version}_linux_${arch}bit.tar.gz" + export sourceRoot=$(readlink -e sclgeneric_${version}_linux_${arch}bit) + ''; + + # Add support for SCL011 nPA (subsidized model for German eID) + patches = [ ./eid.patch ]; + + installPhase = '' + mkdir -p $out/pcsc/drivers + cp -r proprietary/*.bundle $out/pcsc/drivers + ''; + + libPath = stdenv.lib.makeLibraryPath [ libusb-compat-0_1 ]; + + fixupPhase = '' + patchelf --set-rpath $libPath \ + $out/pcsc/drivers/SCLGENERIC.bundle/Contents/Linux/libSCLGENERIC.so.${version}; + ''; + + meta = with stdenv.lib; { + description = "SCM Microsystems SCL011 chipcard reader user space driver"; + homepage = "https://www.scm-pc-card.de/index.php?lang=en&page=product&function=show_product&product_id=630"; + downloadPage = "https://support.identiv.com/scl010-scl011/"; + license = licenses.unfreeRedistributable; + maintainers = with maintainers; [ sephalon ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/eid.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/eid.patch new file mode 100644 index 000000000000..6e7ffd60f72f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/eid.patch @@ -0,0 +1,28 @@ +diff --git a/proprietary/SCLGENERIC.bundle/Contents/Info.plist b/proprietary/SCLGENERIC.bundle/Contents/Info.plist +index 412d6b9..5d1c6cc 100755 +--- a/proprietary/SCLGENERIC.bundle/Contents/Info.plist ++++ b/proprietary/SCLGENERIC.bundle/Contents/Info.plist +@@ -34,6 +34,7 @@ + <string>0x04E6</string>
+ <string>0x04E6</string>
+ <string>0x04E6</string>
++ <string>0x04E6</string>
+ </array>
+
+ <key>ifdProductID</key>
+@@ -42,6 +43,7 @@ + <string>0x5291</string>
+ <string>0x5290</string>
+ <string>0x5293</string>
++ <string>0x5292</string>
+ </array>
+
+ <key>ifdFriendlyName</key>
+@@ -50,6 +52,7 @@ + <string>SCL010 Contactless Reader</string>
+ <string>SCR331CL-NTTCom</string>
+ <string>SCL011G Contactless Reader</string>
++ <string>SCM Microsystems, Inc. SCL011 RFID reader</string>
+ </array>
+
+ </dict>
diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pcsclite/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsclite/default.nix new file mode 100644 index 000000000000..98a3e8797fbf --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsclite/default.nix @@ -0,0 +1,47 @@ +{ stdenv, fetchurl, pkgconfig, udev, dbus, perl, python3 +, IOKit ? null }: + +stdenv.mkDerivation rec { + pname = "pcsclite"; + version = "1.9.0"; + + outputs = [ "bin" "out" "dev" "doc" "man" ]; + + src = fetchurl { + url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2"; + sha256 = "1y9f9zipnrmgiw0mxrvcgky8vfrcmg6zh40gbln5a93i2c1x8j01"; + }; + + patches = [ ./no-dropdir-literals.patch ]; + + configureFlags = [ + # The OS should care on preparing the drivers into this location + "--enable-usbdropdir=/var/lib/pcsc/drivers" + "--enable-confdir=/etc" + ] ++ stdenv.lib.optional stdenv.isLinux + "--with-systemdsystemunitdir=\${out}/etc/systemd/system" + ++ stdenv.lib.optional (!stdenv.isLinux) + "--disable-libsystemd"; + + postConfigure = '' + sed -i -re '/^#define *PCSCLITE_HP_DROPDIR */ { + s/(DROPDIR *)(.*)/\1(getenv("PCSCLITE_HP_DROPDIR") ? : \2)/ + }' config.h + ''; + + postInstall = '' + # pcsc-spy is a debugging utility and it drags python into the closure + moveToOutput bin/pcsc-spy "$dev" + ''; + + nativeBuildInputs = [ pkgconfig perl ]; + buildInputs = [ python3 ] ++ stdenv.lib.optionals stdenv.isLinux [ udev dbus ] + ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit ]; + + meta = with stdenv.lib; { + description = "Middleware to access a smart card using SCard API (PC/SC)"; + homepage = "https://pcsclite.apdu.fr/"; + license = licenses.bsd3; + platforms = with platforms; unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pcsclite/no-dropdir-literals.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsclite/no-dropdir-literals.patch new file mode 100644 index 000000000000..6e6734c95432 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsclite/no-dropdir-literals.patch @@ -0,0 +1,73 @@ +diff --git a/src/hotplug_libudev.c b/src/hotplug_libudev.c +index a8ba1b8..a53700b 100644 +--- a/src/hotplug_libudev.c ++++ b/src/hotplug_libudev.c +@@ -119,7 +119,8 @@ static LONG HPReadBundleValues(void) + + if (NULL == hpDir) + { +- Log1(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_ERROR, "Disabling USB support for pcscd."); + return -1; + } +@@ -722,7 +723,7 @@ ULONG HPRegisterForHotplugEvents(void) + + if (driverSize <= 0) + { +- Log1(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: " ++ Log2(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: %s", + PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_INFO, "Disabling USB support for pcscd"); + return 0; +diff --git a/src/hotplug_libusb.c b/src/hotplug_libusb.c +index eff8519..8dd496d 100644 +--- a/src/hotplug_libusb.c ++++ b/src/hotplug_libusb.c +@@ -138,7 +138,8 @@ static LONG HPReadBundleValues(void) + + if (hpDir == NULL) + { +- Log1(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_ERROR, "Cannot open PC/SC drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_ERROR, "Disabling USB support for pcscd."); + return -1; + } +@@ -265,7 +266,8 @@ static LONG HPReadBundleValues(void) + + if (driverSize == 0) + { +- Log1(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_INFO, "Disabling USB support for pcscd"); + } + #ifdef DEBUG_HOTPLUG +diff --git a/src/hotplug_linux.c b/src/hotplug_linux.c +index bf69af8..64b0ed7 100644 +--- a/src/hotplug_linux.c ++++ b/src/hotplug_linux.c +@@ -130,8 +130,8 @@ static LONG HPReadBundleValues(void) + + if (hpDir == NULL) + { +- Log1(PCSC_LOG_INFO, +- "Cannot open PC/SC drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_INFO, "Cannot open PC/SC drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_INFO, "Disabling USB support for pcscd."); + return -1; + } +@@ -219,8 +219,8 @@ end: + + if (bundleSize == 0) + { +- Log1(PCSC_LOG_INFO, +- "No bundle files in pcsc drivers directory: " PCSCLITE_HP_DROPDIR); ++ Log2(PCSC_LOG_INFO, "No bundle files in pcsc drivers directory: %s", ++ PCSCLITE_HP_DROPDIR); + Log1(PCSC_LOG_INFO, "Disabling USB support for pcscd"); + } + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pcsctools/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsctools/default.nix new file mode 100644 index 000000000000..b2ef4e7e0302 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pcsctools/default.nix @@ -0,0 +1,37 @@ +{ stdenv, lib, fetchurl, makeWrapper, pkgconfig, udev, dbus, pcsclite +, wget, coreutils, perlPackages +}: + +let deps = lib.makeBinPath [ wget coreutils ]; + +in stdenv.mkDerivation rec { + name = "pcsc-tools-1.5.7"; + + src = fetchurl { + url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${name}.tar.bz2"; + sha256 = "17b9jxvcxmn007lavan20l25v4jvm6dqc4x9dlqzbg6mjs28zsp0"; + }; + + buildInputs = [ udev dbus perlPackages.perl pcsclite ]; + + nativeBuildInputs = [ makeWrapper pkgconfig ]; + + postInstall = '' + wrapProgram $out/bin/scriptor \ + --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl ]}" + wrapProgram $out/bin/gscriptor \ + --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl GlibObjectIntrospection Glib Gtk3 Pango Cairo CairoGObject ]}" + wrapProgram $out/bin/ATR_analysis \ + --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl ]}" + wrapProgram $out/bin/pcsc_scan \ + --set PATH "$out/bin:${deps}" + ''; + + meta = with lib; { + description = "Tools used to test a PC/SC driver, card or reader"; + homepage = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pdfcrack/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pdfcrack/default.nix new file mode 100644 index 000000000000..afef0d4c4723 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pdfcrack/default.nix @@ -0,0 +1,23 @@ +{ stdenv, lib, fetchurl }: + +stdenv.mkDerivation rec { + pname = "pdfcrack"; + version = "0.19"; + + src = fetchurl { + url = "mirror://sourceforge/pdfcrack/pdfcrack/pdfcrack-${version}.tar.gz"; + sha256 = "1vf0l83xk627fg0a3b10wabgqxy08q4vbm0xjw9xzkdpk1lj059i"; + }; + + installPhase = '' + install -Dt $out/bin pdfcrack + ''; + + meta = with lib; { + homepage = "http://pdfcrack.sourceforge.net/"; + description = "Small command line driven tool for recovering passwords and content from PDF files"; + license = with licenses; [ gpl2 ]; + platforms = platforms.linux; + maintainers = with maintainers; [ qoelet ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pgpdump/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pgpdump/default.nix new file mode 100644 index 000000000000..cd421224fa63 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pgpdump/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub +, supportCompressedPackets ? true, zlib, bzip2 +}: + +stdenv.mkDerivation rec { + pname = "pgpdump"; + version = "0.33"; + + src = fetchFromGitHub { + owner = "kazu-yamamoto"; + repo = "pgpdump"; + rev = "v${version}"; + sha256 = "0pi9qdbmcmi58gmljin51ylbi3zkknl8fm26jm67cpl55hvfsn23"; + }; + + buildInputs = stdenv.lib.optionals supportCompressedPackets [ zlib bzip2 ]; + + meta = with stdenv.lib; { + description = "A PGP packet visualizer"; + longDescription = '' + pgpdump is a PGP packet visualizer which displays the packet format of + OpenPGP (RFC 4880) and PGP version 2 (RFC 1991). + ''; + homepage = "http://www.mew.org/~kazu/proj/pgpdump/en/"; + license = licenses.bsd3; + platforms = platforms.unix; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix new file mode 100644 index 000000000000..f62288c062b8 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl, openssl, libssh2, gpgme }: + +stdenv.mkDerivation rec { + pname = "phrasendrescher"; + version = "1.2.2c"; + + src = fetchurl { + url = "http://leidecker.info/projects/${pname}/${pname}-${version}.tar.gz"; + sha256 = "18vg6h294219v14x5zqm8ddmq5amxlbz7pw81lcmpz8v678kwyph"; + }; + + postPatch = '' + substituteInPlace configure \ + --replace 'SSL_LIB="ssl"' 'SSL_LIB="crypto"' + ''; + + buildInputs = [ openssl libssh2 gpgme ]; + + configureFlags = [ "--with-plugins" ]; + + meta = with stdenv.lib; { + description = "A modular and multi processing pass phrase cracking tool"; + homepage = "https://leidecker.info/projects/phrasendrescher/index.shtml"; + license = licenses.gpl2Plus; + platforms = platforms.all; + maintainers = with maintainers; [ bjornfor ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pinentry/autoconf-ar.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/pinentry/autoconf-ar.patch new file mode 100644 index 000000000000..6f531cfce325 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pinentry/autoconf-ar.patch @@ -0,0 +1,35 @@ +diff -ur a/configure.ac b/configure.ac +--- a/configure.ac 2019-09-14 11:30:11.584847746 +0000 ++++ b/configure.ac 2019-09-14 11:31:26.692355265 +0000 +@@ -81,6 +81,7 @@ + AC_PROG_CPP + AC_PROG_INSTALL + AC_PROG_RANLIB ++AC_CHECK_TOOL(AR, ar) + # We need to check for cplusplus here because we may not do the test + # for Qt and autoconf does does not allow that. + AC_PROG_CXX +diff -ur a/pinentry/Makefile.in b/pinentry/Makefile.in +--- a/pinentry/Makefile.in 2017-12-03 17:43:23.000000000 +0000 ++++ b/pinentry/Makefile.in 2019-09-14 11:32:02.532000236 +0000 +@@ -113,7 +113,7 @@ + CONFIG_CLEAN_FILES = + CONFIG_CLEAN_VPATH_FILES = + LIBRARIES = $(noinst_LIBRARIES) +-AR = ar ++AR = @AR@ + ARFLAGS = cru + AM_V_AR = $(am__v_AR_@AM_V@) + am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@) +diff -ur a/secmem/Makefile.in b/secmem/Makefile.in +--- a/secmem/Makefile.in 2017-12-03 17:43:23.000000000 +0000 ++++ b/secmem/Makefile.in 2019-09-14 11:31:58.764934552 +0000 +@@ -113,7 +113,7 @@ + CONFIG_CLEAN_FILES = + CONFIG_CLEAN_VPATH_FILES = + LIBRARIES = $(noinst_LIBRARIES) +-AR = ar ++AR = @AR@ + ARFLAGS = cru + AM_V_AR = $(am__v_AR_@AM_V@) + am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@) diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pinentry/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pinentry/default.nix new file mode 100644 index 000000000000..a72e8f9f5b2a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pinentry/default.nix @@ -0,0 +1,103 @@ +{ fetchurl, mkDerivation, fetchpatch, stdenv, lib, pkgconfig, autoreconfHook, wrapGAppsHook +, libgpgerror, libassuan, qtbase, wrapQtAppsHook +, ncurses, gtk2, gcr +, libcap ? null, libsecret ? null +, enabledFlavors ? [ "curses" "tty" "gtk2" "qt" "emacs" ] ++ lib.optionals stdenv.isLinux [ "gnome3" ] +}: + +with stdenv.lib; + +assert isList enabledFlavors && enabledFlavors != []; + +let + pinentryMkDerivation = + if (builtins.elem "qt" enabledFlavors) + then mkDerivation + else stdenv.mkDerivation; + + mkFlag = pfxTrue: pfxFalse: cond: name: + "--${if cond then pfxTrue else pfxFalse}-${name}"; + mkEnable = mkFlag "enable" "disable"; + mkWith = mkFlag "with" "without"; + + mkEnablePinentry = f: + let + info = flavorInfo.${f}; + flag = flavorInfo.${f}.flag or null; + in + optionalString (flag != null) + (mkEnable (elem f enabledFlavors) ("pinentry-" + flag)); + + flavorInfo = { + curses = { bin = "curses"; flag = "curses"; buildInputs = [ ncurses ]; }; + tty = { bin = "tty"; flag = "tty"; }; + gtk2 = { bin = "gtk-2"; flag = "gtk2"; buildInputs = [ gtk2 ]; }; + gnome3 = { bin = "gnome3"; flag = "gnome3"; buildInputs = [ gcr ]; nativeBuildInputs = [ wrapGAppsHook ]; }; + qt = { bin = "qt"; flag = "qt"; buildInputs = [ qtbase ]; nativeBuildInputs = [ wrapQtAppsHook ]; }; + emacs = { bin = "emacs"; flag = "emacs"; buildInputs = []; }; + }; + +in + +pinentryMkDerivation rec { + pname = "pinentry"; + version = "1.1.0"; + + src = fetchurl { + url = "mirror://gnupg/pinentry/${pname}-${version}.tar.bz2"; + sha256 = "0w35ypl960pczg5kp6km3dyr000m1hf0vpwwlh72jjkjza36c1v8"; + }; + + nativeBuildInputs = [ pkgconfig autoreconfHook ] + ++ concatMap(f: flavorInfo.${f}.nativeBuildInputs or []) enabledFlavors; + buildInputs = [ libgpgerror libassuan libcap libsecret ] + ++ concatMap(f: flavorInfo.${f}.buildInputs or []) enabledFlavors; + + dontWrapGApps = true; + dontWrapQtApps = true; + + patches = [ + ./autoconf-ar.patch + ] ++ optionals (elem "gtk2" enabledFlavors) [ + (fetchpatch { + url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch"; + sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd"; + }) + ]; + + configureFlags = [ + (mkWith (libcap != null) "libcap") + (mkEnable (libsecret != null) "libsecret") + ] ++ (map mkEnablePinentry (attrNames flavorInfo)); + + postInstall = + concatStrings (flip map enabledFlavors (f: + let + binary = "pinentry-" + flavorInfo.${f}.bin; + in '' + moveToOutput bin/${binary} ${placeholder f} + ln -sf ${placeholder f}/bin/${binary} ${placeholder f}/bin/pinentry + '' + optionalString (f == "gnome3") '' + wrapGApp ${placeholder f}/bin/${binary} + '' + optionalString (f == "qt") '' + wrapQtApp ${placeholder f}/bin/${binary} + '')) + '' + ln -sf ${placeholder (head enabledFlavors)}/bin/pinentry-${flavorInfo.${head enabledFlavors}.bin} $out/bin/pinentry + ''; + + outputs = [ "out" ] ++ enabledFlavors; + + passthru = { flavors = enabledFlavors; }; + + meta = with stdenv.lib; { + homepage = "http://gnupg.org/aegypten2/"; + description = "GnuPG’s interface to passphrase input"; + license = licenses.gpl2Plus; + platforms = platforms.all; + longDescription = '' + Pinentry provides a console and (optional) GTK and Qt GUIs allowing users + to enter a passphrase when `gpg' or `gpg2' is run and needs it. + ''; + maintainers = with maintainers; [ ttuegel fpletz ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pinentry/mac.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pinentry/mac.nix new file mode 100644 index 000000000000..1c3b87cd9f02 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pinentry/mac.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, xcbuildHook, libiconv, ncurses, Cocoa }: + +stdenv.mkDerivation { + name = "pinentry-mac-0.9.4"; + + src = fetchFromGitHub { + owner = "matthewbauer"; + repo = "pinentry-mac"; + rev = "6dfef256c8ea32d642fea847f27d800f024cf51e"; + sha256 = "0g75302697gqcxyf2hyqzvcbd5pyss1bl2xvfd40wqav7dlyvj83"; + }; + + nativeBuildInputs = [ xcbuildHook ]; + buildInputs = [ libiconv ncurses Cocoa ]; + + installPhase = '' + mkdir -p $out/Applications + mv Products/Release/pinentry-mac.app $out/Applications + ''; + + passthru = { + binaryPath = "Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac"; + }; + + meta = { + description = "Pinentry for GPG on Mac"; + license = stdenv.lib.licenses.gpl2Plus; + homepage = "https://github.com/GPGTools/pinentry-mac"; + platforms = stdenv.lib.platforms.darwin; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pius/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pius/default.nix new file mode 100644 index 000000000000..f1b4d80a3554 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pius/default.nix @@ -0,0 +1,41 @@ +{ fetchFromGitHub, stdenv, python3Packages, gnupg, perl }: + +let version = "3.0.0"; in +python3Packages.buildPythonApplication { + pname = "pius"; + namePrefix = ""; + inherit version; + + src = fetchFromGitHub { + owner = "jaymzh"; + repo = "pius"; + rev = "v${version}"; + sha256 = "0l87dx7n6iwy8alxnhvval8h1kl4da6a59hsilbi65c6bpj4dh3y"; + }; + + patchPhase = '' + for file in libpius/constants.py pius-keyring-mgr; do + sed -i "$file" -E -e's|/usr/bin/gpg2?|${gnupg}/bin/gpg|g' + done + ''; + + buildInputs = [ perl ]; + + meta = { + homepage = "https://www.phildev.net/pius/"; + + description = "PGP Individual UID Signer (PIUS), quickly and easily sign UIDs on a set of PGP keys"; + + longDescription = + '' This software will allow you to quickly and easily sign each UID on + a set of PGP keys. It is designed to take the pain out of the + sign-all-the-keys part of PGP Keysigning Party while adding security + to the process. + ''; + + license = stdenv.lib.licenses.gpl2; + + platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ kierdavis ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/polkit-gnome/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/polkit-gnome/default.nix new file mode 100644 index 000000000000..559911699680 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/polkit-gnome/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, polkit, gtk3, pkgconfig, intltool }: +stdenv.mkDerivation rec { + pname = "polkit-gnome"; + version = "0.105"; + + src = fetchurl { + url = "mirror://gnome/sources/polkit-gnome/${version}/${pname}-${version}.tar.xz"; + sha256 = "0sckmcbxyj6sbrnfc5p5lnw27ccghsid6v6wxq09mgxqcd4lk10p"; + }; + + buildInputs = [ polkit gtk3 ]; + nativeBuildInputs = [ pkgconfig intltool ]; + + configureFlags = [ "--disable-introspection" ]; + + # Desktop file from Debian + postInstall = '' + mkdir -p $out/etc/xdg/autostart + substituteAll ${./polkit-gnome-authentication-agent-1.desktop} $out/etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop + ''; + + meta = { + homepage = "https://gitlab.gnome.org/Archive/policykit-gnome"; + description = "A dbus session bus service that is used to bring up authentication dialogs"; + license = stdenv.lib.licenses.lgpl2Plus; + maintainers = with stdenv.lib.maintainers; [ phreedom ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop b/infra/libkookie/nixpkgs/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop new file mode 100644 index 000000000000..5ddda50cb015 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/polkit-gnome/polkit-gnome-authentication-agent-1.desktop @@ -0,0 +1,88 @@ +[Desktop Entry] +Name=PolicyKit Authentication Agent +Name[ar]=مدير الاستيثاق PolicyKit +Name[be]=PolicyKit - аґент аўтэнтыфікацыі +Name[bn_IN]=PolicyKit অনুমোদনের এজেন্ট +Name[ca]=Agent d'autenticació del PolicyKit +Name[cs]=Ověřovací agent PolicyKit +Name[da]=Godkendelsesprogrammet PolicyKit +Name[de]=Legitimationsdienst von PolicyKit +Name[el]=Πράκτορας πιστοποίησης PolicyKit +Name[en_GB]=PolicyKit Authentication Agent +Name[es]=Agente de autenticación de PolicyKit +Name[eu]=PolicyKit autentifikatzeko agentea +Name[fi]=PolicytKit-tunnistautumisohjelma +Name[fr]=Agent d'authentification de PolicyKit +Name[gl]=Axente de autenticación PolicyKit +Name[gu]=PolicyKit સત્તાધિકરણ એજન્ટ +Name[hi]=PolicyKit प्रमाणीकरण प्रतिनिधि +Name[hu]=PolicyKit hitelesítési ügynök +Name[it]=Agente di autenticazione per PolicyKit +Name[ja]=PolicyKit 認証エージェント +Name[kn]=PolicyKit ದೃಢೀಕರಣ ಮಧ್ಯವರ್ತಿ +Name[lt]=PolicyKit tapatybės nustatymo agentas +Name[ml]=പോളിസിക്കിറ്റ് ഓഥന്റിക്കേഷന് ഏജന്റ് +Name[mr]=PolicyKit ऑथेंटीकेशन एजेंट +Name[or]=PolicyKit ବୈଧିକରଣ ସଦସ୍ୟ +Name[pa]=ਪਾਲਸੀਕਿੱਟ ਪਰਮਾਣਕਿਤਾ ਏਜੰਟ +Name[pl]=Agent uwierzytelniania PolicyKit +Name[pt]=Agente de Autenticação PolicyKit +Name[pt_BR]=Agente de autenticação PolicyKit +Name[ro]=Agent de autentificare PolicyKit +Name[sk]=Agent PolicyKit na overovanie totožnosti +Name[sl]=PolicyKit program overjanja +Name[sv]=Autentiseringsagent för PolicyKit +Name[ta]=PolicyKit அங்கீகார முகவர் +Name[te]=పాలసీకిట్ ధృవీకరణ ప్రతినిధి +Name[th]=ตัวกลางสำหรับยืนยันตัวบุคคล PolicyKit +Name[uk]=Агент автентифікації PolicyKit +Name[zh_CN]=PolicyKit 认证代理 +Name[zh_HK]=PolicyKit 驗證代理程式 +Name[zh_TW]=PolicyKit 驗證代理程式 +Comment=PolicyKit Authentication Agent +Comment[ar]=مدير الاستيثاق PolicyKit +Comment[be]=PolicyKit - аґент аўтэнтыфікацыі +Comment[bn_IN]=PolicyKit অনুমোদনের এজেন্ট +Comment[ca]=Agent d'autenticació del PolicyKit +Comment[cs]=Ověřovací agent PolicyKit +Comment[da]=Godkendelsesprogrammet PolicyKit +Comment[de]=Legitimationsdienst von PolicyKit +Comment[el]=Πράκτορας πιστοποίησης PolicyKit +Comment[en_GB]=PolicyKit Authentication Agent +Comment[es]=Agente de autenticación de PolicyKit +Comment[eu]=PolicyKit autentifikatzeko agentea +Comment[fi]=PolicytKit-tunnistautumisohjelma +Comment[fr]=Agent d'authentification de PolicyKit +Comment[gl]=Axente de autenticación PolicyKit +Comment[gu]=PolicyKit સત્તાધિકરણ એજન્ટ +Comment[hi]=PolicyKit प्रमाणीकरण प्रतिनिधि +Comment[hu]=PolicyKit hitelesítési ügynök +Comment[it]=Agente di autenticazione per PolicyKit +Comment[ja]=PolicyKit 認証エージェント +Comment[kn]=PolicyKit ದೃಢೀಕರಣ ಮಧ್ಯವರ್ತಿ +Comment[lt]=PolicyKit tapatybės nustatymo agentas +Comment[ml]=പോളിസിക്കിറ്റ് ഓഥന്റിക്കേഷന് ഏജന്റ് +Comment[mr]=PolicyKit ऑथेंटीकेशन एजेंट +Comment[or]=PolicyKit ବୈଧିକରଣ ସଦସ୍ୟ +Comment[pa]=ਪਾਲਸੀਕਿੱਟ ਪਰਮਾਣਕਿਤਾ ਏਜੰਟ +Comment[pl]=Agent uwierzytelniania PolicyKit +Comment[pt]=Agente de Autenticação PolicyKit +Comment[pt_BR]=Agente de autenticação PolicyKit +Comment[ro]=Agent de autentificare PolicyKit +Comment[sk]=Agent PolicyKit na overovanie totožnosti +Comment[sl]=PolicyKit program overjanja +Comment[sv]=Autentiseringsagent för PolicyKit +Comment[ta]=PolicyKit அங்கீகார முகவர் +Comment[te]=పాలసీకిట్ ధృవీకరణ ప్రతినిధి +Comment[th]=ตัวกลางสำหรับยืนยันตัวบุคคล PolicyKit +Comment[uk]=Агент автентифікації PolicyKit +Comment[zh_CN]=PolicyKit 认证代理 +Comment[zh_HK]=PolicyKit 驗證代理程式 +Comment[zh_TW]=PolicyKit 驗證代理程式 +Exec=@out@/libexec/polkit-gnome-authentication-agent-1 +Terminal=false +Type=Application +Categories= +NoDisplay=true +OnlyShowIn=GNOME;XFCE;Unity; +AutostartCondition=GNOME3 unless-session gnome diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/proxmark3/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/proxmark3/default.nix new file mode 100644 index 000000000000..304ba041b46d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/proxmark3/default.nix @@ -0,0 +1,59 @@ +{ stdenv, fetchFromGitHub, pkgconfig, ncurses, readline, pcsclite, qt5 +, gcc-arm-embedded }: + +let + generic = { pname, version, rev, sha256 }: + stdenv.mkDerivation rec { + inherit pname version; + + src = fetchFromGitHub { + owner = "Proxmark"; + repo = "proxmark3"; + inherit rev sha256; + }; + + nativeBuildInputs = [ pkgconfig gcc-arm-embedded ]; + buildInputs = [ ncurses readline pcsclite qt5.qtbase ]; + + postPatch = '' + substituteInPlace client/Makefile --replace '-ltermcap' ' ' + substituteInPlace liblua/Makefile --replace '-ltermcap' ' ' + substituteInPlace client/flasher.c \ + --replace 'armsrc/obj/fullimage.elf' \ + '${placeholder "out"}/firmware/fullimage.elf' + ''; + + buildPhase = '' + make bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf client + ''; + + installPhase = '' + install -Dt $out/bin client/proxmark3 + install -T client/flasher $out/bin/proxmark3-flasher + install -Dt $out/firmware bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf + ''; + + meta = with stdenv.lib; { + description = "Client for proxmark3, powerful general purpose RFID tool"; + homepage = "http://www.proxmark.org"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ fpletz ]; + }; + }; +in + +{ + proxmark3 = generic rec { + pname = "proxmark3"; + version = "3.1.0"; + rev = "v${version}"; + sha256 = "1qw28n1bhhl91ix77lv50qcr919fq3hjc8zhhqphwxal2svgx2jf"; + }; + + proxmark3-unstable = generic { + pname = "proxmark3-unstable"; + version = "2019-12-28"; + rev = "a4ff62be63ca2a81071e9aa2b882bd3ff57f13ad"; + sha256 = "067lp28xqx61n3i2a2fy489r5frwxqrcfj8cpv3xdzi3gb3vk5c3"; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pwgen-secure/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pwgen-secure/default.nix new file mode 100644 index 000000000000..c3141676b370 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pwgen-secure/default.nix @@ -0,0 +1,36 @@ +{ lib, python3Packages, fetchFromGitHub }: + +with python3Packages; + +buildPythonApplication rec { + pname = "pwgen-secure"; + version = "0.9.1"; + + # it needs `secrets` which was introduced in 3.6 + disabled = pythonOlder "3.6"; + + # GH is newer than Pypi and contains both library *and* the actual program + # whereas Pypi only has the library + src = fetchFromGitHub { + owner = "mjmunger"; + repo = "pwgen_secure"; + rev = "v${version}"; + sha256 = "15md5606hzy1xfhj2lxmc0nvynyrcs4vxa5jdi34kfm31rdklj28"; + }; + + propagatedBuildInputs = [ docopt ]; + + postInstall = '' + install -Dm755 spwgen.py $out/bin/spwgen + ''; + + # there are no checks + doCheck = false; + + meta = with lib; { + description = "Secure password generation library to replace pwgen"; + homepage = "https://github.com/mjmunger/pwgen_secure/"; + license = licenses.mit; + maintainers = with maintainers; [ peterhoeg ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pwgen/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pwgen/default.nix new file mode 100644 index 000000000000..a63e40b744e8 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pwgen/default.nix @@ -0,0 +1,16 @@ +{stdenv, fetchurl, autoreconfHook}: +stdenv.mkDerivation { + name = "pwgen-2.08"; + + src = fetchurl { + url = "https://github.com/tytso/pwgen/archive/v2.08.tar.gz"; + sha256 = "8d6e94f28655e61d6126290e3eafad4d17d7fba0d0d354239522a740a270bb2f"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + meta = { + description = "Password generator which creates passwords which can be easily memorized by a human"; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/pyrit/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/pyrit/default.nix new file mode 100644 index 000000000000..93ae86416e13 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/pyrit/default.nix @@ -0,0 +1,42 @@ +{ stdenv, lib, fetchFromGitHub, python2Packages, openssl, zlib, libpcap, opencl-headers, ocl-icd }: + +let + version = "2019-12-13"; + src = fetchFromGitHub { + owner = "JPaulMora"; + repo = "Pyrit"; + rev = "f0f1913c645b445dd391fb047b812b5ba511782c"; + sha256 = "1npkvngc4g3g6mpjip2wwhvcd4a75jy3dbddxhxhzrrz4p7259gr"; + }; + + cpyrit_opencl = python2Packages.buildPythonPackage { + pname = "cpyrit-opencl"; + inherit version; + + src = "${src}/modules/cpyrit_opencl"; + + buildInputs = [ opencl-headers ocl-icd openssl zlib ]; + + postInstall = let + python = python2Packages.python; + in '' + # pyrit uses "import _cpyrit_cuda" so put the output in the root site-packages + mv $out/lib/${python.libPrefix}/site-packages/cpyrit/_cpyrit_opencl.so $out/lib/${python.libPrefix}/site-packages/ + ''; + }; +in +python2Packages.buildPythonApplication rec { + pname = "pyrit"; + inherit version src; + + buildInputs = [ openssl zlib libpcap ]; + propagatedBuildInputs = [ cpyrit_opencl ]; + + meta = with stdenv.lib; { + homepage = "https://github.com/JPaulMora/Pyrit"; + description = "GPGPU-driven WPA/WPA2-PSK key cracker"; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ danielfullmer ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/qdigidoc/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/qdigidoc/default.nix new file mode 100644 index 000000000000..fcbc166689e3 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/qdigidoc/default.nix @@ -0,0 +1,50 @@ +{ stdenv, mkDerivation, fetchgit, fetchurl, cmake, darkhttpd, gettext, makeWrapper, pkgconfig +, libdigidocpp, opensc, openldap, openssl, pcsclite, qtbase, qttranslations, qtsvg }: + +mkDerivation rec { + pname = "qdigidoc"; + version = "4.2.3"; + + src = fetchgit { + url = "https://github.com/open-eid/DigiDoc4-Client"; + rev = "v${version}"; + sha256 = "1hj49vvg8vrayr9kpz73fafa7k298hmiamkyd8c3ipy6s51xh6q4"; + fetchSubmodules = true; + }; + + tsl = fetchurl { + url = "https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml"; + sha256 = "0llr2fj8vd097hcr1d0xmzdy4jydv0b5j5qlksbjffs22rqgal14"; + }; + + nativeBuildInputs = [ cmake darkhttpd gettext makeWrapper pkgconfig ]; + + postPatch = '' + substituteInPlace client/CMakeLists.txt \ + --replace $\{TSL_URL} file://${tsl} + ''; + + buildInputs = [ + libdigidocpp + opensc + openldap + openssl + pcsclite + qtbase + qtsvg + qttranslations + ]; + + postInstall = '' + wrapProgram $out/bin/qdigidoc4 \ + --prefix LD_LIBRARY_PATH : ${opensc}/lib/pkcs11/ + ''; + + meta = with stdenv.lib; { + description = "Qt-based UI for signing and verifying DigiDoc documents"; + homepage = "https://www.id.ee/"; + license = licenses.lgpl21Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ yegortimoshenko mmahut ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/radamsa/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/radamsa/default.nix new file mode 100644 index 000000000000..b1d6400f2d0d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/radamsa/default.nix @@ -0,0 +1,43 @@ +{ stdenv, fetchurl, fetchFromGitLab, bash }: + +let + # Fetch explicitly, otherwise build will try to do so + owl = fetchurl { + name = "ol.c.gz"; + url = "https://gitlab.com/owl-lisp/owl/uploads/0d0730b500976348d1e66b4a1756cdc3/ol-0.1.19.c.gz"; + sha256 = "0kdmzf60nbpvdn8j3l51i9lhcwfi4aw1zj4lhbp4adyg8n8pp4c6"; + }; +in +stdenv.mkDerivation rec { + pname = "radamsa"; + version = "0.6"; + + src = fetchFromGitLab { + owner = "akihe"; + repo = pname; + rev = "v${version}"; + sha256 = "0mi1mwvfnlpblrbmp0rcyf5p74m771z6nrbsly6cajyn4mlpmbaq"; + }; + + patchPhase = '' + substituteInPlace ./tests/bd.sh \ + --replace "/bin/echo" echo + + ln -s ${owl} ol.c.gz + + patchShebangs tests + ''; + + makeFlags = [ "PREFIX=${placeholder "out"}" "BINDIR=" ]; + + checkInputs = [ bash ]; + doCheck = true; + + meta = { + description = "A general purpose fuzzer"; + longDescription = "Radamsa is a general purpose data fuzzer. It reads data from given sample files, or standard input if none are given, and outputs modified data. It is usually used to generate malformed data for testing programs."; + homepage = "https://gitlab.com/akihe/radamsa"; + maintainers = [ stdenv.lib.maintainers.markWot ]; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/rage/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/rage/default.nix new file mode 100644 index 000000000000..69ea8c0f9c2c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/rage/default.nix @@ -0,0 +1,41 @@ +{ stdenv, rustPlatform, fetchFromGitHub, installShellFiles +, Foundation, Security }: + +rustPlatform.buildRustPackage rec { + pname = "rage"; + version = "0.5.0"; + + src = fetchFromGitHub { + owner = "str4d"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-XSDfAsXfwSoe5JMdJtZlC324Sra+4fVJhE3/k2TthEc="; + }; + + cargoSha256 = "sha256-GPr5zxeODAjD+ynp/nned9gZUiReYcdzosuEbLIKZSs="; + + nativeBuildInputs = [ installShellFiles ]; + + buildInputs = stdenv.lib.optionals stdenv.isDarwin [ + Foundation + Security + ]; + + postBuild = '' + cargo run --example generate-docs + cargo run --example generate-completions + ''; + + postInstall = '' + installManPage target/manpages/* + installShellCompletion target/completions/*.{bash,fish,zsh} + ''; + + meta = with stdenv.lib; { + description = "A simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability"; + homepage = "https://github.com/str4d/rage"; + changelog = "https://github.com/str4d/rage/releases/tag/v${version}"; + license = with licenses; [ asl20 mit ]; # either at your option + maintainers = with maintainers; [ marsam ryantm ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/rarcrack/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/rarcrack/default.nix new file mode 100644 index 000000000000..9749d8251688 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/rarcrack/default.nix @@ -0,0 +1,39 @@ +{stdenv, fetchFromGitHub, libxml2, file, p7zip, unrar, unzip}: + +stdenv.mkDerivation { + pname = "rarcrack"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "jaredsburrows"; + repo = "Rarcrack"; + rev = "35ead64cd2b967eec3e3e3a4c328b89b11ff32a0"; + sha256 = "134fq84896w5vp8vg4qg0ybpb466njibigyd7bqqm1xydr07qrgn"; + }; + + buildInputs = [ libxml2 file p7zip unrar unzip ]; + buildFlags = stdenv.lib.optional stdenv.cc.isClang "CC=clang"; + installFlags = [ "PREFIX=\${out}" ]; + + patchPhase = '' + substituteInPlace rarcrack.c --replace "file -i" "${file}/bin/file -i" + ''; + + preInstall = '' + mkdir -p $out/bin + ''; + + meta = with stdenv.lib; { + description = "This program can crack zip,7z and rar file passwords"; + longDescription = '' + If you forget your password for compressed archive (rar, 7z, zip), this program is the solution. + This program uses bruteforce algorithm to find correct password. You can specify wich characters will be used in password generations. + Warning: Please don't use this program for any illegal things! + ''; + homepage = "https://github.com/jaredsburrows/Rarcrack"; + license = licenses.gpl2; + maintainers = with maintainers; [ davidak ]; + platforms = with platforms; unix; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/rbw/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/rbw/default.nix new file mode 100644 index 000000000000..e8c4b1f541bd --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/rbw/default.nix @@ -0,0 +1,78 @@ +{ lib +, stdenv +, rustPlatform +, fetchCrate +, pinentry +, openssl +, pkgconfig +, makeWrapper +, Security + +# rbw-fzf +, withFzf ? false, fzf, perl + +# rbw-rofi +, withRofi ? false, rofi, xclip + +# pass-import +, withPass ? false, pass +}: + +rustPlatform.buildRustPackage rec { + pname = "rbw"; + version = "0.5.0"; + + src = fetchCrate { + inherit version; + crateName = pname; + sha256 = "0p37kwkp153mkns4bh7k7gnksk6c31214wlw3faf42daav32mmgw"; + }; + + cargoSha256 = "1vkgh0995xx0hr96mnzmdgd15gs6da7ynywqcjgcw5kr48bf1063"; + + nativeBuildInputs = [ + pkgconfig + makeWrapper + ]; + + buildInputs = lib.optionals stdenv.isDarwin [ Security ]; + + postPatch = '' + substituteInPlace src/pinentry.rs \ + --replace 'Command::new("pinentry")' 'Command::new("${pinentry}/${pinentry.binaryPath or "bin/pinentry"}")' + '' + lib.optionalString withFzf '' + patchShebangs bin/rbw-fzf + substituteInPlace bin/rbw-fzf \ + --replace fzf ${fzf}/bin/fzf \ + --replace perl ${perl}/bin/perl + '' + lib.optionalString withRofi '' + patchShebangs bin/rbw-rofi + substituteInPlace bin/rbw-rofi \ + --replace rofi ${rofi}/bin/rofi \ + --replace xclip ${xclip}/bin/xclip + '' + lib.optionalString withRofi '' + patchShebangs bin/pass-import + substituteInPlace bin/pass-import \ + --replace pass ${pass}/bin/pass + ''; + + preConfigure = '' + export OPENSSL_INCLUDE_DIR="${openssl.dev}/include" + export OPENSSL_LIB_DIR="${openssl.out}/lib" + ''; + + postInstall = lib.optionalString withFzf '' + cp bin/rbw-fzf $out/bin + '' + lib.optionalString withRofi '' + cp bin/rbw-rofi $out/bin + '' + lib.optionalString withPass '' + cp bin/pass-import $out/bin + ''; + + meta = with lib; { + description = "Unofficial command line client for Bitwarden"; + homepage = "https://crates.io/crates/rbw"; + license = licenses.mit; + maintainers = with maintainers; [ albakham luc65r marsam ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/rhash/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/rhash/default.nix new file mode 100644 index 000000000000..394dd89484fe --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/rhash/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchFromGitHub, which }: + +stdenv.mkDerivation rec { + version = "1.4.0"; + pname = "rhash"; + + src = fetchFromGitHub { + owner = "rhash"; + repo = "RHash"; + rev = "v${version}"; + sha256 = "18zgr1bjzz8v6rckz2q2hx9f2ssbv8qfwclzpbyjaz0c1c9lqqar"; + }; + + nativeBuildInputs = [ which ]; + + # configure script is not autotools-based, doesn't support these options + configurePlatforms = [ ]; + + doCheck = true; + + checkTarget = "test-full"; + + installTargets = [ "install" "install-lib-shared" "install-lib-so-link" "install-lib-headers" ]; + + meta = with stdenv.lib; { + homepage = "http://rhash.sourceforge.net/"; + description = "Console utility and library for computing and verifying hash sums of files"; + license = licenses.bsd0; + platforms = platforms.all; + maintainers = [ maintainers.andrewrk ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ripasso/cursive.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ripasso/cursive.nix new file mode 100644 index 000000000000..29229bff0028 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ripasso/cursive.nix @@ -0,0 +1,39 @@ +{ stdenv, lib, rustPlatform, fetchFromGitHub, pkgconfig, ncurses, python3, openssl, libgpgerror, gpgme, xorg, AppKit, Security }: + +with rustPlatform; +buildRustPackage rec { + version = "0.4.0"; + pname = "ripasso-cursive"; + + src = fetchFromGitHub { + owner = "cortex"; + repo = "ripasso"; + rev = "release-${version}"; + sha256 = "164da20j727p8l7hh37j2r8pai9sj402nhswvg0nrlgj53nr6083"; + }; + + patches = [ ./fix-tests.patch ]; + + cargoSha256 = "1wpn67v0xmxhn1dgzhh1pwz1yc3cizmfxhpb7qv9b27ynx4486ji"; + + cargoBuildFlags = [ "-p ripasso-cursive -p ripasso-man" ]; + + nativeBuildInputs = [ pkgconfig gpgme python3 ]; + buildInputs = [ + ncurses openssl libgpgerror gpgme xorg.libxcb + ] ++ stdenv.lib.optionals stdenv.isDarwin [ AppKit Security ]; + + preFixup = '' + mkdir -p "$out/man/man1" + $out/bin/ripasso-man > $out/man/man1/ripasso-cursive.1 + rm $out/bin/ripasso-man + ''; + + meta = with stdenv.lib; { + description = "A simple password manager written in Rust"; + homepage = "https://github.com/cortex/ripasso"; + license = licenses.gpl3; + maintainers = with maintainers; [ sgo ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ripasso/fix-tests.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/ripasso/fix-tests.patch new file mode 100644 index 000000000000..433ff933b1f7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ripasso/fix-tests.patch @@ -0,0 +1,35 @@ +diff --git a/src/pass/test.rs b/src/pass/test.rs +index c980a2f..2e6c8cc 100644 +--- a/src/pass/test.rs ++++ b/src/pass/test.rs +@@ -56,6 +56,7 @@ fn populate_password_list_small_repo() { + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let mut password_dir: PathBuf = base_path.clone(); +@@ -84,6 +85,7 @@ fn populate_password_list_repo_with_deleted_files() { + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let mut password_dir: PathBuf = base_path.clone(); +@@ -112,6 +114,7 @@ fn populate_password_list_directory_without_git() { + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let mut password_dir: PathBuf = base_path.clone(); +@@ -149,4 +152,4 @@ fn parse_signing_keys_empty() { + let result = PasswordStore::parse_signing_keys(&None).unwrap(); + + assert_eq!(result.len(), 0); +-} +\ No newline at end of file ++} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/rng-tools/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/rng-tools/default.nix new file mode 100644 index 000000000000..16952e6dabb4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/rng-tools/default.nix @@ -0,0 +1,65 @@ +{ stdenv, fetchFromGitHub, libtool, autoreconfHook, pkgconfig +, sysfsutils +, argp-standalone + # WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS + # https://www.nist.gov/programs-projects/nist-randomness-beacon +, curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false + # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source +, libgcrypt ? null, withGcrypt ? true +, jitterentropy ? null, withJitterEntropy ? true +, libp11 ? null, opensc ? null, withPkcs11 ? true +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + pname = "rng-tools"; + version = "6.9"; + + src = fetchFromGitHub { + owner = "nhorman"; + repo = "rng-tools"; + rev = "v${version}"; + sha256 = "065jf26s8zkicb95zc9ilksjdq9gqrh5vcx3mhi6mypbnamn6w98"; + }; + + postPatch = '' + ${optionalString withPkcs11 '' + substituteInPlace rngd.c \ + --replace /usr/lib64/opensc-pkcs11.so ${opensc}/lib/opensc-pkcs11.so + ''} + ''; + + nativeBuildInputs = [ autoreconfHook libtool pkgconfig ]; + + configureFlags = [ + (withFeature withGcrypt "libgcrypt") + (enableFeature withJitterEntropy "jitterentropy") + (withFeature withNistBeacon "nistbeacon") + (withFeature withPkcs11 "pkcs11") + ]; + + # argp-standalone is only used when libc lacks argp parsing (musl) + buildInputs = [ sysfsutils ] + ++ optionals stdenv.hostPlatform.isx86_64 [ argp-standalone ] + ++ optionals withGcrypt [ libgcrypt ] + ++ optionals withJitterEntropy [ jitterentropy ] + ++ optionals withNistBeacon [ curl libxml2 openssl ] + ++ optionals withPkcs11 [ libp11 openssl ]; + + enableParallelBuilding = true; + + # For cross-compilation + makeFlags = [ "AR:=$(AR)" ]; + + doCheck = true; + preCheck = "patchShebangs tests/*.sh"; + + meta = { + description = "A random number generator daemon"; + homepage = "https://github.com/nhorman/rng-tools"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ johnazoidberg c0bw3b ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/rustscan/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/rustscan/default.nix new file mode 100644 index 000000000000..43b6a3a0afd7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/rustscan/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchFromGitHub, rustPlatform, nmap, Security }: + +rustPlatform.buildRustPackage rec { + pname = "rustscan"; + version = "2.0.1"; + + src = fetchFromGitHub { + owner = "RustScan"; + repo = pname; + rev = version; + sha256 = "0fdbsz1v7bb5dm3zqjs1qf73lb1m4qzkqyb3h3hbyrp9vklgxsgw"; + }; + + cargoSha256 = "039xarscwqndpyrr3sgzkhqna3c908zh06id8x2qaykm8l248zs9"; + + postPatch = '' + substituteInPlace src/main.rs \ + --replace 'Command::new("nmap")' 'Command::new("${nmap}/bin/nmap")' + ''; + + buildInputs = stdenv.lib.optional stdenv.isDarwin Security; + + checkFlags = [ + "--skip=infer_ulimit_lowering_no_panic" + "--skip=google_dns_runs" + "--skip=parse_correct_host_addresses" + "--skip=parse_hosts_file_and_incorrect_hosts" + "--skip=run_perl_script" + "--skip=run_python_script" + ]; + + meta = with stdenv.lib; { + description = "Faster Nmap Scanning with Rust"; + homepage = "https://github.com/RustScan/RustScan"; + license = licenses.gpl3Only; + maintainers = [ maintainers.SuperSandro2000 ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/safe/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/safe/default.nix new file mode 100644 index 000000000000..43d791e19dbe --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/safe/default.nix @@ -0,0 +1,31 @@ +{ stdenv +, buildGoPackage +, fetchFromGitHub +}: + +with builtins; + +buildGoPackage rec { + pname = "safe"; + version = "1.5.1"; + + src = fetchFromGitHub { + owner = "starkandwayne"; + repo = "safe"; + rev = "v${version}"; + sha256 = "12gzxrnyl890h79z9yx23m1wwgy8ahm74q4qwi8n2nh7ydq6mn2d"; + }; + + goPackagePath = "github.com/starkandwayne/safe"; + + preBuild = '' + buildFlagsArray+=("-ldflags" "-X main.Version=${version}") + ''; + + meta = with stdenv.lib; { + description = "A Vault CLI"; + homepage = "https://github.com/starkandwayne/safe"; + license = licenses.mit; + maintainers = with maintainers; [ eonpatapon ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/saml2aws/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/saml2aws/default.nix new file mode 100644 index 000000000000..68721bbdebc1 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/saml2aws/default.nix @@ -0,0 +1,32 @@ +{ stdenv, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "saml2aws"; + version = "2.27.1"; + + src = fetchFromGitHub { + owner = "Versent"; + repo = "saml2aws"; + rev = "v${version}"; + sha256 = "1ffq7jh14cj45wn5rx9awh5k8hqbfwm4fjz0a0rq22yqfwbbkkj2"; + }; + + runVend = true; + vendorSha256 = "1w7vnpv36lhxpaljdhslbckkr7p81nzc91a0503wk8nrrc4ljsyy"; + + doCheck = false; + + subPackages = [ "." "cmd/saml2aws" ]; + + buildFlagsArray = '' + -ldflags=-X main.Version=${version} + ''; + + meta = with stdenv.lib; { + description = "CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP"; + homepage = "https://github.com/Versent/saml2aws"; + license = licenses.mit; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.pmyjavec ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch new file mode 100644 index 000000000000..f436a73bca72 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch @@ -0,0 +1,29 @@ +--- sbsigntools/configure.ac 2018-09-25 10:30:00.878766256 -0500 ++++ configure.ac.new 2018-09-25 10:34:56.231277375 -0500 +@@ -71,15 +71,16 @@ + # no consistent view of where gnu-efi should dump the efi stuff, so find it + ## + for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi; do +- if test -e $path/crt0-efi-$EFI_ARCH.o; then +- CRTPATH=$path ++ if test -e @@NIX_GNUEFI@@/$path/crt0-efi-$EFI_ARCH.o; then ++ CRTPATH=@@NIX_GNUEFI@@/$path ++ break + fi + done + if test -z "$CRTPATH"; then + AC_MSG_ERROR([cannot find the gnu-efi crt path]) + fi + +-EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ ++EFI_CPPFLAGS="-I@@NIX_GNUEFI@@/include/efi -I@@NIX_GNUEFI@@/include/efi/$EFI_ARCH \ + -DEFI_FUNCTION_WRAPPER" + CPPFLAGS_save="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $EFI_CPPFLAGS" +@@ -90,5 +91,5 @@ + AC_SUBST(CRTPATH, $CRTPATH) + + AC_CONFIG_FILES([Makefile src/Makefile lib/ccan/Makefile] +- [docs/Makefile tests/Makefile]) ++ [docs/Makefile]) + AC_OUTPUT diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sbsigntool/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sbsigntool/default.nix new file mode 100644 index 000000000000..1a42ddf8beca --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sbsigntool/default.nix @@ -0,0 +1,53 @@ +{ stdenv +, fetchgit, autoconf, automake, pkgconfig, help2man +, openssl, libuuid, gnu-efi, libbfd +}: + +stdenv.mkDerivation { + pname = "sbsigntool"; + version = "0.9.1"; + + src = fetchgit { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git"; + rev = "v0.9.1"; + sha256 = "098gxmhjn8acxjw5bq59wq4xhgkpx1xn8kjvxwdzpqkwq9ivrsbp"; + }; + + patches = [ ./autoconf.patch ]; + + prePatch = "patchShebangs ."; + + nativeBuildInputs = [ autoconf automake pkgconfig help2man ]; + buildInputs = [ openssl libuuid libbfd gnu-efi ]; + + configurePhase = '' + substituteInPlace configure.ac --replace "@@NIX_GNUEFI@@" "${gnu-efi}" + + lib/ccan.git/tools/create-ccan-tree --build-type=automake lib/ccan "talloc read_write_all build_assert array_size endian" + touch AUTHORS + touch ChangeLog + + echo "SUBDIRS = lib/ccan src docs" >> Makefile.am + + aclocal + autoheader + autoconf + automake --add-missing -Wno-portability + + ./configure --prefix=$out + ''; + + installPhase = '' + mkdir -p $out + make install + ''; + + meta = with stdenv.lib; { + description = "Tools for maintaining UEFI signature databases"; + homepage = "http://jk.ozlabs.org/docs/sbkeysync-maintaing-uefi-key-databases"; + maintainers = [ maintainers.tstrobel ]; + platforms = [ "x86_64-linux" ]; # Broken on i686 + license = licenses.gpl3; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/scallion/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/scallion/default.nix new file mode 100644 index 000000000000..1395b8e10617 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/scallion/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, makeWrapper, mono, openssl_1_0_2, ocl-icd }: + +stdenv.mkDerivation rec { + version = "2.1"; + pname = "scallion"; + + src = fetchFromGitHub { + owner = "lachesis"; + repo = "scallion"; + rev = "v${version}"; + sha256 = "1l9aj101xpsaaa6kmmhmq68m6z8gzli1iaaf8xaxbivq0i7vka9k"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ mono ]; + + buildPhase = '' + xbuild scallion.sln + ''; + + installPhase = '' + mkdir -p $out/share + cp scallion/bin/Debug/* $out/share/ + makeWrapper ${mono}/bin/mono $out/bin/scallion \ + --prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [ openssl_1_0_2 ocl-icd ]} \ + --add-flags $out/share/scallion.exe + ''; + + meta = with stdenv.lib; { + description = "GPU-based tor hidden service name generator"; + homepage = src.meta.homepage; + license = licenses.mit; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ volth ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/scrypt/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/scrypt/default.nix new file mode 100644 index 000000000000..e230b2ee4574 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/scrypt/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchurl, openssl, util-linux, getconf }: + +stdenv.mkDerivation rec { + pname = "scrypt"; + version = "1.3.1"; + + src = fetchurl { + url = "https://www.tarsnap.com/scrypt/${pname}-${version}.tgz"; + sha256 = "1hnl0r6pmyxiy4dmafmqk1db7wpc0x9rqpzqcwr9d2cmghcj6byz"; + }; + + outputs = [ "out" "lib" "dev" ]; + + configureFlags = [ "--enable-libscrypt-kdf" ]; + + buildInputs = [ openssl ]; + + nativeBuildInputs = [ getconf ]; + + patchPhase = '' + for f in Makefile.in autotools/Makefile.am libcperciva/cpusupport/Build/cpusupport.sh configure ; do + substituteInPlace $f --replace "command -p " "" + done + + patchShebangs tests/test_scrypt.sh + ''; + + doCheck = true; + checkTarget = "test"; + checkInputs = [ util-linux ]; + + meta = with stdenv.lib; { + description = "Encryption utility"; + homepage = "https://www.tarsnap.com/scrypt.html"; + license = licenses.bsd2; + platforms = platforms.all; + maintainers = with maintainers; [ thoughtpolice ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/seccure/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/seccure/default.nix new file mode 100644 index 000000000000..e0f01f4f2c41 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/seccure/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl, libgcrypt }: + +stdenv.mkDerivation rec { + pname = "seccure"; + version = "0.5"; + + src = fetchurl { + url = "http://point-at-infinity.org/seccure/${pname}-${version}.tar.gz"; + sha256 = "0nwnk3hfhgvf5xr0xipbh6smfnya22wphc5rj0vgi5d0zr5cwrk5"; + }; + + buildInputs = [ libgcrypt ]; + + preConfigure = '' + sed -e s@/usr/@$out/@g -i Makefile + sed -e 's@ln -f@ln -sf@g' -i Makefile + mkdir -p $out/bin $out/share/man/man1 + ''; + + meta = { + homepage = "http://point-at-infinity.org/seccure/"; + description = "Zero-configuration elliptic curve cryptography utility"; + platforms = stdenv.lib.platforms.unix; + license = stdenv.lib.licenses.lgpl3; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/secp256k1/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/secp256k1/default.nix new file mode 100644 index 000000000000..d3b43d6adf69 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/secp256k1/default.nix @@ -0,0 +1,57 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, jdk + +# Enable ECDSA pubkey recovery module +, enableRecovery ? true + +# Enable ECDH shared secret computation (disabled by default because it is +# experimental) +, enableECDH ? false + +# Enable libsecp256k1_jni (disabled by default because it requires a jdk, +# which is a large dependency) +, enableJNI ? false + +}: + +let inherit (stdenv.lib) optionals; in + +stdenv.mkDerivation { + pname = "secp256k1"; + + # I can't find any version numbers, so we're just using the date of the + # last commit. + version = "2020-08-16"; + + src = fetchFromGitHub { + owner = "bitcoin-core"; + repo = "secp256k1"; + rev = "670cdd3f8be25f81472b2d16dcd228b0d24a5c45"; + sha256 = "0ak2hrr0wznl5d9s905qwn5yds7k22i28d2jp957l4a8yf8cqv3s"; + }; + + buildInputs = optionals enableJNI [ jdk ]; + + nativeBuildInputs = [ autoreconfHook ]; + + configureFlags = + [ "--enable-benchmark=no" "--enable-tests=yes" "--enable-exhaustive-tests=no" ] ++ + optionals enableECDH [ "--enable-module-ecdh" "--enable-experimental" ] ++ + optionals enableRecovery [ "--enable-module-recovery" ] ++ + optionals enableJNI [ "--enable-jni" ]; + + doCheck = true; + checkPhase = "./tests"; + + meta = with stdenv.lib; { + description = "Optimized C library for EC operations on curve secp256k1"; + longDescription = '' + Optimized C library for EC operations on curve secp256k1. Part of + Bitcoin Core. This library is a work in progress and is being used + to research best practices. Use at your own risk. + ''; + homepage = "https://github.com/bitcoin-core/secp256k1"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ chris-martin ]; + platforms = with platforms; unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sedutil/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sedutil/default.nix new file mode 100644 index 000000000000..4877a8adfcef --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sedutil/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchFromGitHub, autoreconfHook }: + +stdenv.mkDerivation rec { + pname = "sedutil"; + version = "1.15.1"; + + src = fetchFromGitHub { + owner = "Drive-Trust-Alliance"; + repo = "sedutil"; + rev = version; + sha256 = "0zg5v27vbrzzl2vqzks91zj48z30qgcshkqkm1g8ycnhi145l0mf"; + }; + + postPatch = '' + patchShebangs . + ''; + + nativeBuildInputs = [ autoreconfHook ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "DTA sedutil Self encrypting drive software"; + homepage = "https://www.drivetrust.com"; + license = licenses.gpl3; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sequoia/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sequoia/default.nix new file mode 100644 index 000000000000..aa2a12fc351e --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sequoia/default.nix @@ -0,0 +1,106 @@ +{ stdenv +, fetchFromGitLab +, lib +, darwin +, git +, nettle +# Use the same llvmPackages version as Rust +, llvmPackages_10 +, cargo +, rustc +, rustPlatform +, pkg-config +, glib +, openssl +, sqlite +, capnproto +, ensureNewerSourcesForZipFilesHook +, pythonSupport ? true +, pythonPackages ? null +}: + +assert pythonSupport -> pythonPackages != null; + +rustPlatform.buildRustPackage rec { + pname = "sequoia"; + version = "0.20.0"; + + src = fetchFromGitLab { + owner = "sequoia-pgp"; + repo = "sequoia"; + rev = "v${version}"; + sha256 = "sha256-br5GRzWprQTixNrE0WpNIB7Ayj5oEfyCg5JY4MnX5rA="; + }; + + cargoSha256 = "sha256-SpCdoLCtvU9jpG/ivB/+4KhRdKZxN3/+7P/RlR6n9/c="; + + nativeBuildInputs = [ + pkg-config + cargo + rustc + git + llvmPackages_10.libclang + llvmPackages_10.clang + ensureNewerSourcesForZipFilesHook + capnproto + ] ++ + lib.optionals pythonSupport [ pythonPackages.setuptools ] + ; + + checkInputs = lib.optionals pythonSupport [ + pythonPackages.pytest + pythonPackages.pytestrunner + ]; + + buildInputs = [ + openssl + sqlite + nettle + ] ++ lib.optionals pythonSupport [ pythonPackages.python pythonPackages.cffi ] + ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security ] + ; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + # Defaults to "ginstall" from some reason, although upstream's Makefiles check uname + "INSTALL=install" + ]; + + buildFlags = [ + "build-release" + ]; + + LIBCLANG_PATH = "${llvmPackages_10.libclang}/lib"; + + # Sometimes, tests fail on CI (ofborg) & hydra without this + CARGO_TEST_ARGS = "--workspace --exclude sequoia-store"; + + # Without this, the examples won't build + postPatch = '' + substituteInPlace openpgp-ffi/examples/Makefile \ + --replace '-O0 -g -Wall -Werror' '-g' + substituteInPlace ffi/examples/Makefile \ + --replace '-O0 -g -Wall -Werror' '-g' + ''; + + + preInstall = lib.optionalString pythonSupport '' + export installFlags="PYTHONPATH=$PYTHONPATH:$out/${pythonPackages.python.sitePackages}" + '' + lib.optionalString (!pythonSupport) '' + export makeFlags="PYTHON=disable" + ''; + + # Don't use buildRustPackage phases, only use it for rust deps setup + configurePhase = null; + buildPhase = null; + doCheck = true; + checkPhase = null; + installPhase = null; + + meta = with stdenv.lib; { + description = "A cool new OpenPGP implementation"; + homepage = "https://sequoia-pgp.org/"; + license = licenses.gpl3; + maintainers = with maintainers; [ minijackson doronbehar ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sha1collisiondetection/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sha1collisiondetection/default.nix new file mode 100644 index 000000000000..8c6a026a6124 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sha1collisiondetection/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub, libtool, which }: + +stdenv.mkDerivation rec { + pname = "sha1collisiondetection"; + version = "1.0.3"; + + src = fetchFromGitHub { + owner = "cr-marcstevens"; + repo = "sha1collisiondetection"; + rev = "stable-v${version}"; + sha256 = "0xn31hkkqs0kj9203rzx6w4nr0lq8fnrlm5i76g0px3q4v2dzw1s"; + }; + + makeFlags = [ "PREFIX=$(out)" ]; + + doCheck = true; + + nativeBuildInputs = [ libtool which ]; + + meta = with stdenv.lib; { + description = "Library and command line tool to detect SHA-1 collision"; + longDescription = '' + This library and command line tool were designed as near drop-in + replacements for common SHA-1 libraries and sha1sum. They will + compute the SHA-1 hash of any given file and additionally will + detect cryptanalytic collision attacks against SHA-1 present in + each file. It is very fast and takes less than twice the amount + of time as regular SHA-1. + ''; + platforms = platforms.all; + maintainers = with maintainers; [ leenaars ]; + license = licenses.mit; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/shc/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/shc/default.nix new file mode 100644 index 000000000000..3705d2c7ed1a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/shc/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "shc"; + version = "4.0.3"; + rev = version; + + src = fetchFromGitHub { + inherit rev; + owner = "neurobin"; + repo = "shc"; + sha256 = "0bfn404plsssa14q89k9l3s5lxq3df0sny5lis4j2w75qrkqx694"; + }; + + meta = with stdenv.lib; { + homepage = "https://neurobin.org/projects/softwares/unix/shc/"; + description = "Shell Script Compiler"; + platforms = stdenv.lib.platforms.linux; + license = licenses.gpl3; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/signify/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/signify/default.nix new file mode 100644 index 000000000000..3ec260a7c0c5 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/signify/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub, libbsd, pkgconfig }: + +stdenv.mkDerivation rec { + pname = "signify"; + version = "25"; + + src = fetchFromGitHub { + owner = "aperezdc"; + repo = "signify"; + rev = "v${version}"; + sha256 = "0zg0rffxwj2a71s1bllhrn491xsmirg9sshpq8f3vl25lv4c2cnq"; + }; + + doCheck = true; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libbsd ]; + + preInstall = '' + export PREFIX=$out + ''; + + meta = with stdenv.lib; { + description = "OpenBSD signing tool"; + longDescription = '' + OpenBSDs signing tool, which uses the Ed25519 public key signature system + for fast signing and verification of messages using small public keys. + ''; + homepage = "https://www.tedunangst.com/flak/post/signify"; + license = licenses.isc; + maintainers = [ maintainers.rlupton20 ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/signing-party/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/signing-party/default.nix new file mode 100644 index 000000000000..17c65d28884e --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/signing-party/default.nix @@ -0,0 +1,226 @@ +{ stdenv, fetchFromGitLab, autoconf, automake, makeWrapper +, python3, perl, perlPackages +, libmd, gnupg, which, getopt, libpaper, nettools, qprint +, sendmailPath ? "/run/wrappers/bin/sendmail" }: + +let + # All runtime dependencies from the CPAN graph: + # https://widgets.stratopan.com/wheel?q=GnuPG-Interface-0.52&runtime=1&fs=1 + GnuPGInterfaceRuntimeDependencies = with perlPackages; [ + strictures ClassMethodModifiers DataPerl DevelGlobalDestruction ExporterTiny + GnuPGInterface ListMoreUtils ModuleRuntime Moo MooXHandlesVia MooXlate + RoleTiny SubExporterProgressive SubQuote TypeTiny + ]; +in stdenv.mkDerivation rec { + pname = "signing-party"; + version = "2.11"; + + src = fetchFromGitLab { + domain = "salsa.debian.org"; + owner = "signing-party-team"; + repo = "signing-party"; + rev = "v${version}"; + sha256 = "1aig5ssabzbk4mih7xd04vgr931bw0flbi8dz902wlr610gyv5s5"; + }; + + # TODO: Get this patch upstream... + patches = [ ./gpgwrap_makefile.patch ]; + + postPatch = '' + substituteInPlace gpg-mailkeys/gpg-mailkeys --replace \ + "/usr/sbin/sendmail" "${sendmailPath}" + ''; + + # One can use the following command to find all relevant Makefiles: + # grep -R '$(DESTDIR)/usr' | cut -d: -f1 | sort -u | grep -v 'debian/rules' + preBuild = '' + substituteInPlace gpgsigs/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace keyanalyze/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace keylookup/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace sig2dot/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace springgraph/Makefile --replace '$(DESTDIR)/usr' "$out" + ''; + + # Perl is required for it's pod2man. + # Python and Perl are required for patching the script interpreter paths. + nativeBuildInputs = [ autoconf automake makeWrapper ]; + buildInputs = [ python3 perl perlPackages.GnuPGInterface libmd gnupg ]; + + postInstall = '' + # Install all tools which aren't handled by 'make install'. + # TODO: Fix upstream...! + + # caff: CA - Fire and Forget signs and mails a key + install -D -m555 caff/caff $out/bin/caff; + install -D -m444 caff/caff.1 $out/share/man/man1/caff.1; + + # pgp-clean: removes all non-self signatures from key + install -D -m555 caff/pgp-clean $out/bin/pgp-clean; + install -D -m444 caff/pgp-clean.1 $out/share/man/man1/pgp-clean.1; + + # pgp-fixkey: removes broken packets from keys + install -D -m555 caff/pgp-fixkey $out/bin/pgp-fixkey; + install -D -m444 caff/pgp-fixkey.1 $out/share/man/man1/pgp-fixkey.1; + + # gpg-mailkeys: simply mail out a signed key to its owner + install -D -m555 gpg-mailkeys/gpg-mailkeys $out/bin/gpg-mailkeys; + install -D -m444 gpg-mailkeys/gpg-mailkeys.1 $out/share/man/man1/gpg-mailkeys.1; + + # gpg-key2ps: generate PostScript file with fingerprint paper slips + install -D -m555 gpg-key2ps/gpg-key2ps $out/bin/gpg-key2ps; + install -D -m444 gpg-key2ps/gpg-key2ps.1 $out/share/man/man1/gpg-key2ps.1; + + # gpgdir: recursive directory encryption tool + install -D -m555 gpgdir/gpgdir $out/bin/gpgdir; + install -D -m444 gpgdir/gpgdir.1 $out/share/man/man1/gpgdir.1; + + # gpglist: show who signed which of your UIDs + install -D -m555 gpglist/gpglist $out/bin/gpglist; + install -D -m444 gpglist/gpglist.1 $out/share/man/man1/gpglist.1; + + # gpgsigs: annotates list of GnuPG keys with already done signatures + # The manual page is not handled by 'make install' + install -D -m444 gpgsigs/gpgsigs.1 $out/share/man/man1/gpgsigs.1; + + # gpgparticipants: create list of party participants for the organiser + install -D -m555 gpgparticipants/gpgparticipants $out/bin/gpgparticipants; + install -D -m444 gpgparticipants/gpgparticipants.1 $out/share/man/man1/gpgparticipants.1; + install -D -m555 gpgparticipants/gpgparticipants-prefill $out/bin/gpgparticipants-prefill; + install -D -m444 gpgparticipants/gpgparticipants-prefill.1 $out/share/man/man1/gpgparticipants-prefill.1; + install -D -m555 gpgparticipants/gpgparticipants-filter $out/bin/gpgparticipants-filter; + install -D -m444 gpgparticipants/gpgparticipants-filter.1 $out/share/man/man1/gpgparticipants-filter.1; + + # gpgwrap: a passphrase wrapper + install -D -m555 gpgwrap/bin/gpgwrap $out/bin/gpgwrap; + install -D -m444 gpgwrap/doc/gpgwrap.1 $out/share/man/man1/gpgwrap.1; + + # keyanalyze: minimum signing distance (MSD) analysis on keyrings + # Only the binaries are handled by 'make install' + install -D -m444 keyanalyze/keyanalyze.1 $out/share/man/man1/keyanalyze.1; + install -D -m444 keyanalyze/pgpring/pgpring.1 $out/share/man/man1/pgpring.1; + install -D -m444 keyanalyze/process_keys.1 $out/share/man/man1/process_keys.1; + + # keylookup: ncurses wrapper around gpg --search + # Handled by 'make install' + + # sig2dot: converts a list of GnuPG signatures to a .dot file + # Handled by 'make install' + + # springgraph: creates a graph from a .dot file + # Handled by 'make install' + + # keyart: creates a random ASCII art of a PGP key file + install -D -m555 keyart/keyart $out/bin/keyart; + install -D -m444 keyart/doc/keyart.1 $out/share/man/man1/keyart.1; + + # gpg-key2latex: generate LaTeX file with fingerprint paper slips + install -D -m555 gpg-key2latex/gpg-key2latex $out/bin/gpg-key2latex; + install -D -m444 gpg-key2latex/gpg-key2latex.1 $out/share/man/man1/gpg-key2latex.1; + ''; + + postFixup = '' + # Add the runtime dependencies for all programs (but mainly for the Perl + # scripts) + + wrapProgram $out/bin/caff --set PERL5LIB \ + ${with perlPackages; makePerlPath ([ + TextTemplate MIMETools MailTools TimeDate NetIDNEncode ] + ++ GnuPGInterfaceRuntimeDependencies)} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ nettools gnupg ]}" + + wrapProgram $out/bin/gpg-key2latex --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg libpaper ]}" + + wrapProgram $out/bin/gpg-key2ps --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ which gnupg libpaper ]}" + + wrapProgram $out/bin/gpg-mailkeys --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg qprint ]}" + + wrapProgram $out/bin/gpgdir --set PERL5LIB \ + ${with perlPackages; makePerlPath ([ + TermReadKey ] + ++ GnuPGInterfaceRuntimeDependencies)} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpglist --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgparticipants --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ getopt gnupg ]}" + +# wrapProgram $out/bin/gpgparticipants-prefill + + wrapProgram $out/bin/gpgparticipants-filter --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgsigs --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgwrap --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + +# wrapProgram $out/bin/keyanalyze --set PERL5LIB \ + + wrapProgram $out/bin/keyart --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/keylookup --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/pgp-clean --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/pgp-fixkey --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + +# wrapProgram $out/bin/pgpring + +# wrapProgram $out/bin/process_keys + + # Upstream-Bug: Seems like sig2dot doesn't work with 2.1 (modern) anymore, + # please use 2.0 (stable) instead. +# wrapProgram $out/bin/sig2dot + + wrapProgram $out/bin/springgraph --set PERL5LIB \ + ${with perlPackages; makePerlPath [ GD ]} + ''; + + meta = with stdenv.lib; { + homepage = "https://salsa.debian.org/signing-party-team/signing-party"; + description = "A collection of several projects relating to OpenPGP"; + longDescription = '' + This is a collection of several projects relating to OpenPGP. + + * caff: CA - Fire and Forget signs and mails a key + * pgp-clean: removes all non-self signatures from key + * pgp-fixkey: removes broken packets from keys + * gpg-mailkeys: simply mail out a signed key to its owner + * gpg-key2ps: generate PostScript file with fingerprint paper slips + * gpgdir: recursive directory encryption tool + * gpglist: show who signed which of your UIDs + * gpgsigs: annotates list of GnuPG keys with already done signatures + * gpgparticipants: create list of party participants for the organiser + * gpgwrap: a passphrase wrapper + * keyanalyze: minimum signing distance (MSD) analysis on keyrings + * keylookup: ncurses wrapper around gpg --search + * sig2dot: converts a list of GnuPG signatures to a .dot file + * springgraph: creates a graph from a .dot file + * keyart: creates a random ASCII art of a PGP key file + * gpg-key2latex: generate LaTeX file with fingerprint paper slips + ''; + license = with licenses; [ bsd2 bsd3 gpl2 gpl2Plus gpl3Plus ]; + maintainers = with maintainers; [ fpletz primeos ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch new file mode 100644 index 000000000000..4beaf5b80887 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch @@ -0,0 +1,16 @@ +--- a/gpgwrap/Makefile 2015-06-03 16:24:48.723129144 +0200 ++++ b/gpgwrap/Makefile 2015-06-03 16:24:11.639744346 +0200 +@@ -1,9 +1,12 @@ + MAKE=make + +-.PHONY: all clean ++.PHONY: all clean install + + all: + cd src && ${MAKE} all DIET="${DIET}" + ++install: ++ ++ + clean: + cd src && ${MAKE} clean diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix new file mode 100644 index 000000000000..2a360b4321c5 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub, trousers, openssl, opencryptoki, autoreconfHook, libtool }: + +stdenv.mkDerivation rec { + pname = "simple-tpm-pk11"; + version = "0.06"; + + src = fetchFromGitHub { + owner = "ThomasHabets"; + repo = "simple-tpm-pk11"; + rev = version; + sha256 = "0vpbaklr4r1a2am0pqcm6m41ph22mkcrq33y8ab5h8qkhkvhd6a6"; + }; + + nativeBuildInputs = [ autoreconfHook libtool ]; + buildInputs = [ trousers openssl opencryptoki ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Simple PKCS11 provider for TPM chips"; + longDescription = '' + A simple library for using the TPM chip to secure SSH keys. + ''; + homepage = "https://github.com/ThomasHabets/simple-tpm-pk11"; + license = licenses.asl20; + maintainers = with maintainers; [ tstrobel ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sn0int/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sn0int/default.nix new file mode 100644 index 000000000000..8b99649e0c9f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sn0int/default.nix @@ -0,0 +1,32 @@ +{ lib, fetchFromGitHub, rustPlatform, libsodium, libseccomp, sqlite, pkgconfig +}: + +rustPlatform.buildRustPackage rec { + pname = "sn0int"; + version = "0.19.1"; + + src = fetchFromGitHub { + owner = "kpcyrd"; + repo = pname; + rev = "v${version}"; + sha256 = "10f1wblczxlww09f4dl8i9zzgpr14jj7s329wkvm7lafmwx3qrn5"; + }; + + cargoSha256 = "1v0q751ylsfpdjwsbl20pvn7g75w503jwjl5kn5kc8xq3g0lnp65"; + + nativeBuildInputs = [ pkgconfig ]; + + buildInputs = [ libsodium libseccomp sqlite ]; + + # One of the dependencies (chrootable-https) tries to read "/etc/resolv.conf" + # in "checkPhase", hence fails in sandbox of "nix". + doCheck = false; + + meta = with lib; { + description = "Semi-automatic OSINT framework and package manager"; + homepage = "https://github.com/kpcyrd/sn0int"; + license = licenses.gpl3; + maintainers = with maintainers; [ xrelkd ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/snallygaster/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/snallygaster/default.nix new file mode 100644 index 000000000000..36ea37edbb9a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/snallygaster/default.nix @@ -0,0 +1,38 @@ +{ lib +, python3Packages +, fetchFromGitHub +}: + +python3Packages.buildPythonApplication rec { + pname = "snallygaster"; + version = "0.0.9"; + + src = fetchFromGitHub { + owner = "hannob"; + repo = pname; + rev = "v${version}"; + sha256 = "1gan5asgrxdgfi9lalhxzj3vs7nkazi8nqia36bpz1qb5fz7jrx3"; + }; + + propagatedBuildInputs = with python3Packages; [ + urllib3 + beautifulsoup4 + dnspython + ]; + + checkInputs = with python3Packages; [ + pytestCheckHook + ]; + + pytestFlagsArray = [ + # we are not interested in linting the project + "--ignore=tests/test_codingstyle.py" + ]; + + meta = with lib; { + description = "Tool to scan for secret files on HTTP servers"; + homepage = "https://github.com/hannob/snallygaster"; + license = licenses.cc0; + maintainers = with maintainers; [ hexa ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/snow/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/snow/default.nix new file mode 100644 index 000000000000..db52d853b7a3 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/snow/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "snow"; + version = "20130616"; + + src = fetchurl { + url = "https://web.archive.org/web/20200304125913if_/http://darkside.com.au/snow/snow-${version}.tar.gz"; + sha256 = "0r9q45y55z4i0askkxmxrx0jr1620ypd870vz0hx2a6n9skimdy0"; + }; + + makeFlags = [ "CFLAGS=-O2" ]; + + installPhase = '' + install -Dm755 snow -t $out/bin + ''; + + meta = with stdenv.lib; { + description = "Conceal messages in ASCII text by appending whitespace to the end of lines"; + homepage = "http://www.darkside.com.au/snow/"; + license = licenses.apsl20; + maintainers = with maintainers; [ siraben ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/softhsm/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/softhsm/default.nix new file mode 100644 index 000000000000..61afb9082d0f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/softhsm/default.nix @@ -0,0 +1,45 @@ +{ stdenv, fetchurl, botan2, libobjc, Security }: + +stdenv.mkDerivation rec { + + pname = "softhsm"; + version = "2.6.1"; + + src = fetchurl { + url = "https://dist.opendnssec.org/source/${pname}-${version}.tar.gz"; + hash = "sha256:1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"; + }; + + configureFlags = [ + "--with-crypto-backend=botan" + "--with-botan=${botan2}" + "--sysconfdir=$out/etc" + "--localstatedir=$out/var" + ]; + + propagatedBuildInputs = + stdenv.lib.optionals stdenv.isDarwin [ libobjc Security ]; + + buildInputs = [ botan2 ]; + + postInstall = "rm -rf $out/var"; + + meta = with stdenv.lib; { + homepage = "https://www.opendnssec.org/softhsm"; + description = "Cryptographic store accessible through a PKCS #11 interface"; + longDescription = " + SoftHSM provides a software implementation of a generic + cryptographic device with a PKCS#11 interface, which is of + course especially useful in environments where a dedicated hardware + implementation of such a device - for instance a Hardware + Security Module (HSM) or smartcard - is not available. + + SoftHSM follows the OASIS PKCS#11 standard, meaning it should be + able to work with many cryptographic products. SoftHSM is a + programme of The Commons Conservancy. + "; + license = licenses.bsd2; + maintainers = [ maintainers.leenaars ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sonar-scanner-cli/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sonar-scanner-cli/default.nix new file mode 100644 index 000000000000..f5ae475a45b0 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sonar-scanner-cli/default.nix @@ -0,0 +1,47 @@ +{ stdenv, lib, fetchurl, unzip, jre }: + +let + + version = "4.5.0.2216"; + + sonarScannerArchPackage = { + "x86_64-linux" = { + url = "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${version}-linux.zip"; + sha256 = "sha256-rmvDb5l2BGV8j94Uhu2kJXwoDAHA3VncAahqGvLY3I0="; + }; + "x86_64-darwin" = { + url = "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${version}-macosx.zip"; + sha256 = "1g3lldpkrjlvwld9h82hlwclyplxpbk4q3nq59ylw4dhp26kb993"; + }; + }; + +in stdenv.mkDerivation rec { + inherit version; + pname = "sonar-scanner-cli"; + + src = fetchurl sonarScannerArchPackage.${stdenv.hostPlatform.system}; + + buildInputs = [ unzip ]; + + installPhase = '' + mkdir -p $out/lib + cp -r lib/* $out/lib/ + mkdir -p $out/bin + cp bin/* $out/bin/ + mkdir -p $out/conf + cp conf/* $out/conf/ + ''; + + fixupPhase = '' + substituteInPlace $out/bin/sonar-scanner \ + --replace "\$sonar_scanner_home/jre" "${lib.getBin jre}" + ''; + + meta = with lib; { + homepage = "https://github.com/SonarSource/sonar-scanner-cli"; + description = "SonarQube Scanner used to start code analysis"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ peterromfeldhk ]; + platforms = builtins.attrNames sonarScannerArchPackage; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sops/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sops/default.nix new file mode 100644 index 000000000000..7557fa6a6d38 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sops/default.nix @@ -0,0 +1,24 @@ +{ stdenv, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "sops"; + version = "3.6.1"; + + src = fetchFromGitHub { + rev = "v${version}"; + owner = "mozilla"; + repo = pname; + sha256 = "0xl53rs8jzq5yz4wi0vzsr6ajsaf2x2n1h3x7krk02a9839y6f18"; + }; + + vendorSha256 = "1cpm06dyc6lb3a9apfggyi16alb2yijvyan1gbrl8r9fwlqvdpjk"; + + doCheck = false; + + meta = with stdenv.lib; { + homepage = "https://github.com/mozilla/sops"; + description = "Mozilla sops (Secrets OPerationS) is an editor of encrypted files"; + maintainers = [ maintainers.marsam ]; + license = licenses.mpl20; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix new file mode 100644 index 000000000000..b8f4eeea338f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchFromGitHub, makeWrapper, coreutils, binutils-unwrapped }: + +stdenv.mkDerivation rec { + pname = "spectre-meltdown-checker"; + version = "0.44"; + + src = fetchFromGitHub { + owner = "speed47"; + repo = "spectre-meltdown-checker"; + rev = "v${version}"; + sha256 = "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"; + }; + + prePatch = '' + substituteInPlace spectre-meltdown-checker.sh \ + --replace /bin/echo ${coreutils}/bin/echo + ''; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = with stdenv.lib; '' + runHook preInstall + + install -Dm755 spectre-meltdown-checker.sh $out/bin/spectre-meltdown-checker + wrapProgram $out/bin/spectre-meltdown-checker \ + --prefix PATH : ${makeBinPath [ binutils-unwrapped ]} + + runHook postInstall + ''; + + meta = with stdenv.lib; { + description = "Spectre & Meltdown vulnerability/mitigation checker for Linux"; + homepage = "https://github.com/speed47/spectre-meltdown-checker"; + license = licenses.gpl3; + maintainers = with maintainers; [ dotlambda ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/srm/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/srm/default.nix new file mode 100644 index 000000000000..853ad4f280a2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/srm/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + + name = "srm-" + version; + version = "1.2.15"; + + src = fetchurl { + url = "mirror://sourceforge/project/srm/${version}/${name}.tar.gz"; + sha256 = "10sjarhprs6s4zandndg720528rcnd4xk8dl48pjj7li1q9c30vm"; + }; + + meta = with stdenv.lib; { + description = "Delete files securely"; + longDescription = '' + srm (secure rm) is a command-line compatible rm(1) which + overwrites file contents before unlinking. The goal is to + provide drop in security for users who wish to prevent recovery + of deleted information, even if the machine is compromised. + ''; + homepage = "http://srm.sourceforge.net"; + license = licenses.mit; + maintainers = with maintainers; [ edwtjo ]; + platforms = platforms.unix; + }; + +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ssdeep/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ssdeep/default.nix new file mode 100644 index 000000000000..33ab4c373bca --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ssdeep/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub, autoreconfHook }: + +stdenv.mkDerivation rec { + pname = "ssdeep"; + version = "2.14.1"; + + src = fetchFromGitHub { + owner = "ssdeep-project"; + repo = "ssdeep"; + rev = "release-${version}"; + sha256 = "1yx6yjkggshw5yl89m4kvyzarjdg2l3hs0bbjbrfzwp1lkfd8i0c"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + # Hack to avoid TMPDIR in RPATHs. + preFixup = ''rm -rf "$(pwd)" ''; + + meta = { + description = "A program for calculating fuzzy hashes"; + homepage = "http://www.ssdeep.sf.net"; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ssh-audit/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ssh-audit/default.nix new file mode 100644 index 000000000000..2fdc42e52803 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ssh-audit/default.nix @@ -0,0 +1,25 @@ +{ lib, fetchFromGitHub, python3Packages }: + +python3Packages.buildPythonApplication rec { + pname = "ssh-audit"; + version = "2.3.1"; + + src = fetchFromGitHub { + owner = "jtesta"; + repo = pname; + rev = "v${version}"; + sha256 = "1h739r5nv5zkmjyyjwkw8r6d4avddjjxsamc5rffwfxi1kjavpxm"; + }; + + checkInputs = with python3Packages; [ + pytestCheckHook + ]; + + meta = with lib; { + description = "Tool for ssh server auditing"; + homepage = "https://github.com/jtesta/ssh-audit"; + license = licenses.mit; + platforms = platforms.all; + maintainers = with maintainers; [ tv SuperSandro2000 ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sshguard/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sshguard/default.nix new file mode 100644 index 000000000000..6bae0fddc23d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sshguard/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, autoreconfHook, yacc, flex}: + +stdenv.mkDerivation rec { + version = "2.4.1"; + pname = "sshguard"; + + src = fetchurl { + url = "mirror://sourceforge/sshguard/${pname}-${version}.tar.gz"; + sha256 = "0rrwmx91ifvc61wkld8gjkmfsq0ixxmf7m8fg4addkkxwvk04pc7"; + }; + + doCheck = true; + + nativeBuildInputs = [ autoreconfHook yacc flex ]; + + configureFlags = [ "--sysconfdir=/etc" ]; + + meta = with stdenv.lib; { + description = "Protects hosts from brute-force attacks"; + longDescription = '' + SSHGuard can read log messages from various input sources. Log messages are parsed, line-by-line, for recognized patterns. + If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. + ''; + homepage = "https://sshguard.net"; + license = licenses.bsd3; + maintainers = with maintainers; [ sargon ]; + platforms = with platforms; linux ++ darwin ++ freebsd ++ netbsd ++ openbsd; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sshuttle/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sshuttle/default.nix new file mode 100644 index 000000000000..6f620904872d --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sshuttle/default.nix @@ -0,0 +1,45 @@ +{ stdenv +, python3Packages +, makeWrapper +, coreutils +, iptables +, nettools +, openssh +, procps +}: + +python3Packages.buildPythonApplication rec { + pname = "sshuttle"; + version = "1.0.3"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "0fff1c88669a20bb6a4e7331960673a3a02a2e04ff163e4c9299496646edcf61"; + }; + + patches = [ ./sudo.patch ]; + + nativeBuildInputs = [ makeWrapper python3Packages.setuptools_scm ]; + + checkInputs = with python3Packages; [ mock pytest pytestcov pytestrunner flake8 ]; + + runtimeDeps = [ coreutils openssh procps ] ++ stdenv.lib.optionals stdenv.isLinux [ iptables nettools ]; + + postInstall = '' + wrapProgram $out/bin/sshuttle \ + --prefix PATH : "${stdenv.lib.makeBinPath runtimeDeps}" \ + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/sshuttle/sshuttle/"; + description = "Transparent proxy server that works as a poor man's VPN"; + longDescription = '' + Forward connections over SSH, without requiring administrator access to the + target network (though it does require Python 2.7, Python 3.5 or later at both ends). + Works with Linux and Mac OS and supports DNS tunneling. + ''; + license = licenses.gpl2; + maintainers = with maintainers; [ domenkozar carlosdagos ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch new file mode 100644 index 000000000000..6e8634bd4a1f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sshuttle/sudo.patch @@ -0,0 +1,13 @@ +diff --git a/sshuttle/client.py b/sshuttle/client.py +index cab5b1c..e89f8a6 100644 +--- a/sshuttle/client.py ++++ b/sshuttle/client.py +@@ -192,7 +192,7 @@ class FirewallClient: + + self.auto_nets = [] + python_path = os.path.dirname(os.path.dirname(__file__)) +- argvbase = ([sys.executable, sys.argv[0]] + ++ argvbase = ([sys.argv[0]] + + ['-v'] * (helpers.verbose or 0) + + ['--method', method_name] + + ['--firewall']) diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sslscan/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sslscan/default.nix new file mode 100644 index 000000000000..68efa7a17d1f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sslscan/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchFromGitHub, openssl }: + +stdenv.mkDerivation rec { + pname = "sslscan"; + version = "1.11.13"; + + src = fetchFromGitHub { + owner = "rbsec"; + repo = "sslscan"; + rev = "${version}-rbsec"; + sha256 = "0sa8iw91wi3515lw761j84wagab1x9rxr0mn8m08qj300z2044yk"; + }; + + buildInputs = [ openssl ]; + + makeFlags = [ "PREFIX=$(out)" "CC=cc" ]; + + meta = with stdenv.lib; { + description = "Tests SSL/TLS services and discover supported cipher suites"; + homepage = "https://github.com/rbsec/sslscan"; + license = licenses.gpl3; + maintainers = with maintainers; [ fpletz globin ]; + platforms = platforms.all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/ssss/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/ssss/default.nix new file mode 100644 index 000000000000..bd7de72e6bec --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/ssss/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl, gmp }: + +stdenv.mkDerivation { + name = "ssss-0.5"; + + src = fetchurl { + url = "http://point-at-infinity.org/ssss/ssss-0.5.tar.gz"; + sha256 = "15grn2fp1x8p92kxkwbmsx8rz16g93y9grl3hfqbh1jn21ama5jx"; + }; + + buildInputs = [ gmp ]; + + preBuild = + '' + sed -e s@/usr/@$out/@g -i Makefile + cp ssss.manpage.xml ssss.1 + cp ssss.manpage.xml ssss.1.html + mkdir -p $out/bin $out/share/man/man1 + echo -e 'install:\n\tcp ssss-combine ssss-split '"$out"'/bin' >>Makefile + ''; + + meta = { + description = "Shamir Secret Sharing Scheme"; + homepage = "http://point-at-infinity.org/ssss/"; + platforms = stdenv.lib.platforms.unix; + license = stdenv.lib.licenses.gpl2; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/default.nix new file mode 100644 index 000000000000..5ac40e0a0474 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchurl, libjpeg, libmcrypt, zlib, libmhash, gettext, libtool}: + +stdenv.mkDerivation rec { + buildInputs = [ libjpeg libmcrypt zlib libmhash gettext libtool ]; + version = "0.5.1"; + pname = "steghide"; + + src = fetchurl { + url = "mirror://sourceforge/steghide/steghide/${version}/steghide-${version}.tar.gz" ; + sha256 = "78069b7cfe9d1f5348ae43f918f06f91d783c2b3ff25af021e6a312cf541b47b"; + }; + + patches = [ + ./patches/steghide-0.5.1-gcc34.patch + ./patches/steghide-0.5.1-gcc4.patch + ./patches/steghide-0.5.1-gcc43.patch + ]; + + # AM_CXXFLAGS needed for automake + preConfigure = '' + export AM_CXXFLAGS="$CXXFLAGS -std=c++0x" + ''; + + meta = with stdenv.lib; { + homepage = "http://steghide.sourceforge.net/"; + description = "Steganography program that is able to hide data in various kinds of image- and audio-files"; + license = licenses.gpl2; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch new file mode 100644 index 000000000000..373316c78406 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch @@ -0,0 +1,42 @@ +--- steghide-0.5.1.old/src/Makefile.am ++++ steghide-0.5.1.new/src/Makefile.am 2004-07-16 19:01:39.673947633 +0200 +@@ -33,5 +33,5 @@ + WavPCMSampleValue.cc error.cc main.cc msg.cc SMDConstructionHeuristic.cc + LIBS = @LIBINTL@ @LIBS@ + localedir = $(datadir)/locale +-LIBTOOL = $(SHELL) libtool ++LIBTOOL = $(SHELL) libtool --tag=CXX + MAINTAINERCLEANFILES = Makefile.in +--- steghide-0.5.1.old/src/AuSampleValues.cc ++++ steghide-0.5.1.new/src/AuSampleValues.cc 2004-07-16 18:59:18.934578427 +0200 +@@ -17,21 +17,21 @@ + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ +- ++#include "common.h" + #include "AuSampleValues.h" + + // AuMuLawSampleValue +-const BYTE AuMuLawSampleValue::MinValue = 0 ; +-const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ; ++template<> const BYTE AuMuLawSampleValue::MinValue = 0 ; ++template<> const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ; + + // AuPCM8SampleValue +-const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ; +-const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ; ++template<> const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ; ++template<> const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ; + + // AuPCM16SampleValue +-const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ; +-const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ; ++template<> const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ; ++template<> const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ; + + // AuPCM32SampleValue +-const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ; +-const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ; ++template<> const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ; ++template<> const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ; diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch new file mode 100644 index 000000000000..a8df1735e9d4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch @@ -0,0 +1,46 @@ +diff -Naur steghide-0.5.1-orig/src/AuData.h steghide-0.5.1/src/AuData.h +--- steghide-0.5.1-orig/src/AuData.h 2003-09-28 09:30:29.000000000 -0600 ++++ steghide-0.5.1/src/AuData.h 2007-05-11 22:04:56.000000000 -0600 +@@ -26,22 +26,30 @@ + + // AuMuLawAudioData + typedef AudioDataImpl<AuMuLaw,BYTE> AuMuLawAudioData ; ++template<> + inline BYTE AuMuLawAudioData::readValue (BinaryIO* io) const { return (io->read8()) ; } ++template<> + inline void AuMuLawAudioData::writeValue (BinaryIO* io, BYTE v) const { io->write8(v) ; } + + // AuPCM8AudioData + typedef AudioDataImpl<AuPCM8,SBYTE> AuPCM8AudioData ; ++template<> + inline SBYTE AuPCM8AudioData::readValue (BinaryIO* io) const { return ((SBYTE) io->read8()) ; } ++template<> + inline void AuPCM8AudioData::writeValue (BinaryIO* io, SBYTE v) const { io->write8((BYTE) v) ; } + + // AuPCM16AudioData + typedef AudioDataImpl<AuPCM16,SWORD16> AuPCM16AudioData ; ++template<> + inline SWORD16 AuPCM16AudioData::readValue (BinaryIO* io) const { return ((SWORD16) io->read16_be()) ; } ++template<> + inline void AuPCM16AudioData::writeValue (BinaryIO* io, SWORD16 v) const { io->write16_be((UWORD16) v) ; } + + // AuPCM32AudioData + typedef AudioDataImpl<AuPCM32,SWORD32> AuPCM32AudioData ; ++template<> + inline SWORD32 AuPCM32AudioData::readValue (BinaryIO* io) const { return ((SWORD32) io->read32_be()) ; } ++template<> + inline void AuPCM32AudioData::writeValue (BinaryIO* io, SWORD32 v) const { io->write32_be((UWORD32) v) ; } + + #endif // ndef SH_AUDATA_H +diff -Naur steghide-0.5.1-orig/src/MHashPP.cc steghide-0.5.1/src/MHashPP.cc +--- steghide-0.5.1-orig/src/MHashPP.cc 2003-10-05 04:17:50.000000000 -0600 ++++ steghide-0.5.1/src/MHashPP.cc 2007-05-11 22:07:01.000000000 -0600 +@@ -120,7 +120,7 @@ + + std::string MHashPP::getAlgorithmName (hashid id) + { +- char *name = mhash_get_hash_name (id) ; ++ char *name = (char *) mhash_get_hash_name (id) ; + std::string retval ; + if (name == NULL) { + retval = std::string ("<algorithm not found>") ; diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch new file mode 100644 index 000000000000..ca66b9c544f5 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch @@ -0,0 +1,349 @@ +--- steghide-0.5.1.old/configure.in 2003-10-15 09:48:52.000000000 +0200 ++++ steghide-0.5.1.new/configure.in 2008-05-09 19:04:46.000000000 +0200 +@@ -7,27 +7,26 @@ + dnl checks for programs. + AC_PROG_CXX + AC_PROG_INSTALL + AC_PROG_AWK + AC_PROG_LN_S ++AC_CXX_COMPILE_STDCXX_0X + + dnl GNU gettext + AC_CHECK_FUNCS(strchr) + AM_GNU_GETTEXT + AM_CONDITIONAL(USE_INTLDIR, test "$nls_cv_use_gnu_gettext" = yes) + + dnl check if debugging support is requested +-AC_MSG_CHECKING([wether to enable debugging]) ++AC_MSG_CHECKING([whether to enable debugging]) + AC_ARG_ENABLE(debug,[ --enable-debug enable debugging], + if test "$enableval" = yes ; + then + AC_MSG_RESULT([yes]) + AC_DEFINE(DEBUG,1,[enable code used only for debugging]) +- CXXFLAGS="-O2 -Wall -g" + else + AC_MSG_RESULT([no]) +- CXXFLAGS="-O2 -Wall" + fi + , + AC_MSG_RESULT([no]) + CXXFLAGS="-O2 -Wall" + ) +@@ -213,7 +212,18 @@ + echo "libmhash can be downloaded from http://mhash.sourceforge.net/."; + echo "**********"; + AC_MSG_ERROR([[libmhash not found]]) + fi + ++dnl Should we add std=c++0x? ++ ++if test "$ac_cv_cxx_compile_cxx0x_cxx" = yes; ++then ++ CXXFLAGS="${CXXFLAGS} -std=c++0x -Wall -Wextra" ++else ++ CXXFLAGS="${CXXFLAGS} -Wall -Wextra" ++fi ++ ++AC_SUBST(CXXFLAGS) ++ + dnl create Makefiles + AC_OUTPUT([Makefile steghide.spec steghide.doxygen doc/Makefile po/Makefile.in src/Makefile tests/Makefile tests/data/Makefile m4/Makefile intl/Makefile]) +--- steghide-0.5.1.old/m4/ac_cxx_compile_stdcxx_0x.m4 1970-01-01 01:00:00.000000000 +0100 ++++ steghide-0.5.1.new/m4/ac_cxx_compile_stdcxx_0x.m4 2008-05-09 19:04:46.000000000 +0200 +@@ -0,0 +1,107 @@ ++# =========================================================================== ++# http://autoconf-archive.cryp.to/ac_cxx_compile_stdcxx_0x.html ++# =========================================================================== ++# ++# SYNOPSIS ++# ++# AC_CXX_COMPILE_STDCXX_0X ++# ++# DESCRIPTION ++# ++# Check for baseline language coverage in the compiler for the C++0x ++# standard. ++# ++# LAST MODIFICATION ++# ++# 2008-04-17 ++# ++# COPYLEFT ++# ++# Copyright (c) 2008 Benjamin Kosnik <bkoz@redhat.com> ++# ++# Copying and distribution of this file, with or without modification, are ++# permitted in any medium without royalty provided the copyright notice ++# and this notice are preserved. ++ ++AC_DEFUN([AC_CXX_COMPILE_STDCXX_0X], [ ++ AC_CACHE_CHECK(if g++ supports C++0x features without additional flags, ++ ac_cv_cxx_compile_cxx0x_native, ++ [AC_LANG_SAVE ++ AC_LANG_CPLUSPLUS ++ AC_TRY_COMPILE([ ++ template <typename T> ++ struct check ++ { ++ static_assert(sizeof(int) <= sizeof(T), "not big enough"); ++ }; ++ ++ typedef check<check<bool>> right_angle_brackets; ++ ++ int a; ++ decltype(a) b; ++ ++ typedef check<int> check_type; ++ check_type c; ++ check_type&& cr = c;],, ++ ac_cv_cxx_compile_cxx0x_native=yes, ac_cv_cxx_compile_cxx0x_native=no) ++ AC_LANG_RESTORE ++ ]) ++ ++ AC_CACHE_CHECK(if g++ supports C++0x features with -std=c++0x, ++ ac_cv_cxx_compile_cxx0x_cxx, ++ [AC_LANG_SAVE ++ AC_LANG_CPLUSPLUS ++ ac_save_CXXFLAGS="$CXXFLAGS" ++ CXXFLAGS="$CXXFLAGS -std=c++0x" ++ AC_TRY_COMPILE([ ++ template <typename T> ++ struct check ++ { ++ static_assert(sizeof(int) <= sizeof(T), "not big enough"); ++ }; ++ ++ typedef check<check<bool>> right_angle_brackets; ++ ++ int a; ++ decltype(a) b; ++ ++ typedef check<int> check_type; ++ check_type c; ++ check_type&& cr = c;],, ++ ac_cv_cxx_compile_cxx0x_cxx=yes, ac_cv_cxx_compile_cxx0x_cxx=no) ++ CXXFLAGS="$ac_save_CXXFLAGS" ++ AC_LANG_RESTORE ++ ]) ++ ++ AC_CACHE_CHECK(if g++ supports C++0x features with -std=gnu++0x, ++ ac_cv_cxx_compile_cxx0x_gxx, ++ [AC_LANG_SAVE ++ AC_LANG_CPLUSPLUS ++ ac_save_CXXFLAGS="$CXXFLAGS" ++ CXXFLAGS="$CXXFLAGS -std=gnu++0x" ++ AC_TRY_COMPILE([ ++ template <typename T> ++ struct check ++ { ++ static_assert(sizeof(int) <= sizeof(T), "not big enough"); ++ }; ++ ++ typedef check<check<bool>> right_angle_brackets; ++ ++ int a; ++ decltype(a) b; ++ ++ typedef check<int> check_type; ++ check_type c; ++ check_type&& cr = c;],, ++ ac_cv_cxx_compile_cxx0x_gxx=yes, ac_cv_cxx_compile_cxx0x_gxx=no) ++ CXXFLAGS="$ac_save_CXXFLAGS" ++ AC_LANG_RESTORE ++ ]) ++ ++ if test "$ac_cv_cxx_compile_cxx0x_native" = yes || ++ test "$ac_cv_cxx_compile_cxx0x_cxx" = yes || ++ test "$ac_cv_cxx_compile_cxx0x_gxx" = yes; then ++ AC_DEFINE(HAVE_STDCXX_0X,,[Define if g++ supports C++0x features. ]) ++ fi ++]) +--- steghide-0.5.1.old/src/Arguments.cc 2003-10-11 23:25:04.000000000 +0200 ++++ steghide-0.5.1.new/src/Arguments.cc 2008-05-09 19:04:44.000000000 +0200 +@@ -26,10 +26,12 @@ + #include "Terminal.h" + #include "common.h" + #include "error.h" + #include "msg.h" + ++float Arguments::Default_Goal = 100.0 ; ++ + // the global Arguments object + Arguments Args ; + + Arguments::Arguments (int argc, char* argv[]) + { +--- steghide-0.5.1.old/src/Arguments.h 2003-10-11 23:23:57.000000000 +0200 ++++ steghide-0.5.1.new/src/Arguments.h 2008-05-09 19:04:44.000000000 +0200 +@@ -98,11 +98,11 @@ + static const bool Default_EmbedEmbFn = true ; + static const bool Default_Force = false ; + static const VERBOSITY Default_Verbosity = NORMAL ; + static const unsigned long Default_Radius = 0 ; // there is no default radius for all file formats + static const unsigned int Max_Algorithm = 3 ; +- static const float Default_Goal = 100.0 ; ++ static float Default_Goal ; + static const DEBUGCOMMAND Default_DebugCommand = NONE ; + static const bool Default_Check = false ; + static const unsigned int Default_DebugLevel = 0 ; + static const unsigned int Default_GmlGraphRecDepth = 0 ; + static const unsigned int Default_GmlStartVertex = 0 ; +--- steghide-0.5.1.old/src/EncryptionMode.h 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/EncryptionMode.h 2008-05-09 19:04:46.000000000 +0200 +@@ -69,11 +69,11 @@ + static const unsigned int NumValues = 8 ; + IRep Value ; + + typedef struct struct_Translation { + IRep irep ; +- char* srep ; ++ const char* srep ; + } Translation ; + static const Translation Translations[] ; + } ; + + #endif // ndef SH_ENCMODE_H +--- steghide-0.5.1.old/src/Graph.cc 2003-10-11 23:54:26.000000000 +0200 ++++ steghide-0.5.1.new/src/Graph.cc 2008-05-09 19:04:46.000000000 +0200 +@@ -20,10 +20,12 @@ + + #include <ctime> + #include <list> + #include <map> + #include <vector> ++#include <algorithm> ++#include <climits> + + #include "BitString.h" + #include "CvrStgFile.h" + #include "Edge.h" + #include "Graph.h" +--- steghide-0.5.1.old/src/Matching.cc 2003-10-11 23:54:30.000000000 +0200 ++++ steghide-0.5.1.new/src/Matching.cc 2008-05-09 19:04:46.000000000 +0200 +@@ -16,10 +16,11 @@ + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ + ++#include <algorithm> + #include "Edge.h" + #include "Graph.h" + #include "Matching.h" + #include "ProgressOutput.h" + #include "common.h" +--- steghide-0.5.1.old/src/ProgressOutput.cc 2003-10-11 11:20:51.000000000 +0200 ++++ steghide-0.5.1.new/src/ProgressOutput.cc 2008-05-09 19:04:44.000000000 +0200 +@@ -21,10 +21,12 @@ + #include <cmath> + + #include "ProgressOutput.h" + #include "common.h" + ++float ProgressOutput::NoAvgWeight = 1.0 ; ++ + ProgressOutput::ProgressOutput () + : Message("__nomessage__") + { + LastUpdate = time(NULL) - 1 ; // -1 to ensure that message is written first time + } +--- steghide-0.5.1.old/src/ProgressOutput.h 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/ProgressOutput.h 2008-05-09 19:04:44.000000000 +0200 +@@ -60,13 +60,13 @@ + /** + * update the output appending rate, [average edge weight], "done" and a newline + * \param rate the rate of matched vertices + * \param avgweight the average edge weight (is not printed if not given) + **/ +- void done (float rate, float avgweight = NoAvgWeight) const ; ++ void done (float rate, float avgweight = 1.0) const ; + +- static const float NoAvgWeight = -1.0 ; ++ static float NoAvgWeight ; + + protected: + std::string vcompose (const char *msgfmt, va_list ap) const ; + + private: +--- steghide-0.5.1.old/src/SMDConstructionHeuristic.cc 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/SMDConstructionHeuristic.cc 2008-05-09 19:04:46.000000000 +0200 +@@ -16,10 +16,12 @@ + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ + ++#include <algorithm> ++ + #include "Edge.h" + #include "Graph.h" + #include "Matching.h" + #include "SMDConstructionHeuristic.h" + #include "Vertex.h" +--- steghide-0.5.1.old/src/WavFile.cc 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/WavFile.cc 2008-05-09 19:04:46.000000000 +0200 +@@ -19,10 +19,11 @@ + */ + + #include <cstdio> + #include <cstdlib> + #include <cstring> ++#include <algorithm> + + #include "CvrStgFile.h" + #include "DFSAPHeuristic.h" + #include "SampleValueAdjacencyList.h" + #include "SMDConstructionHeuristic.h" +--- steghide-0.5.1.old/src/wrapper_hash_map.h 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/wrapper_hash_map.h 2008-05-09 19:04:46.000000000 +0200 +@@ -25,17 +25,21 @@ + + #ifdef __GNUC__ + # if __GNUC__ < 3 + # include <hash_map.h> + namespace sgi { using ::hash ; using ::hash_map ; } ; +-# else ++# elif __GNUC__ == 3 || ( __GNUC__ == 4 && __GNUC_MINOR__ < 3 ) + # include <ext/hash_map> +-# if __GNUC_MINOR__ == 0 ++# if __GNUC__ == 3 && __GNUC_MINOR__ == 0 + namespace sgi = std ; // GCC 3.0 + # else + namespace sgi = __gnu_cxx ; // GCC 3.1 and later + # endif ++# else ++# include <unordered_map> ++# define hash_map unordered_map ++ namespace sgi = std ; + # endif + #else + namespace sgi = std ; + #endif + +--- steghide-0.5.1.old/src/wrapper_hash_set.h 2003-09-28 17:30:30.000000000 +0200 ++++ steghide-0.5.1.new/src/wrapper_hash_set.h 2008-05-09 19:04:46.000000000 +0200 +@@ -26,17 +26,21 @@ + + #ifdef __GNUC__ + # if __GNUC__ < 3 + # include <hash_set.h> + namespace sgi { using ::hash ; using ::hash_set ; } ; +-# else ++# elif __GNUC__ == 3 || ( __GNUC__ == 4 && __GNUC_MINOR__ < 3 ) + # include <ext/hash_set> +-# if __GNUC_MINOR__ == 0 ++# if __GNUC__ == 3 && __GNUC_MINOR__ == 0 + namespace sgi = std ; // GCC 3.0 + # else + namespace sgi = ::__gnu_cxx ; // GCC 3.1 and later + # endif ++# else ++# include <unordered_set> ++# define hash_set unordered_set ++ namespace sgi = std ; + # endif + #else + namespace sgi = std ; + #endif + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/step-ca/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/step-ca/default.nix new file mode 100644 index 000000000000..e5574be8ab94 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/step-ca/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "step-ca"; + version = "0.13.3"; + + goPackagePath = "github.com/smallstep/certificates"; + + src = fetchFromGitHub { + owner = "smallstep"; + repo = "certificates"; + rev = "v${version}"; + sha256 = "1i42j7v5a5qqqb9ng8irblfyzykhyws0394q3zac290ymjijxbnq"; + }; + + goDeps = ./deps.nix; + + meta = with lib; { + description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH"; + homepage = "https://smallstep.com/certificates/"; + license = licenses.asl20; + maintainers = with maintainers; [ cmcdragonkai ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/step-ca/deps.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/step-ca/deps.nix new file mode 100644 index 000000000000..07607b6f65d2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/step-ca/deps.nix @@ -0,0 +1,291 @@ +# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix) +[ + { + goPackagePath = "github.com/AndreasBriese/bbloom"; + fetch = { + type = "git"; + url = "https://github.com/AndreasBriese/bbloom"; + rev = "e2d15f34fcf99d5dbb871c820ec73f710fca9815"; + sha256 = "05kkrsmpragy69bj6s80pxlm3pbwxrkkx7wgk0xigs6y2n6ylpds"; + }; + } + { + goPackagePath = "github.com/chzyer/readline"; + fetch = { + type = "git"; + url = "https://github.com/chzyer/readline"; + rev = "2972be24d48e78746da79ba8e24e8b488c9880de"; + sha256 = "104q8dazj8yf6b089jjr82fy9h1g80zyyzvp3g8b44a7d8ngjj6r"; + }; + } + { + goPackagePath = "github.com/dgraph-io/badger"; + fetch = { + type = "git"; + url = "https://github.com/dgraph-io/badger"; + rev = "391b6d3b93e6014fe8c2971fcc0c1266e47dbbd9"; + sha256 = "13zyd6irxagwfv4azgmpk2qg8f80plhxrcjl8x89jzsjkl0a0pkx"; + }; + } + { + goPackagePath = "github.com/dgryski/go-farm"; + fetch = { + type = "git"; + url = "https://github.com/dgryski/go-farm"; + rev = "6a90982ecee230ff6cba02d5bd386acc030be9d3"; + sha256 = "1x3l4jgps0v1bjvd446kj4dp0ckswjckxgrng9afm275ixnf83ix"; + }; + } + { + goPackagePath = "github.com/go-chi/chi"; + fetch = { + type = "git"; + url = "https://github.com/go-chi/chi"; + rev = "0ebf7795c516423a110473652e9ba3a59a504863"; + sha256 = "18hwj6vni19ykp3bsmg9ggnl6y2hawym0vbsigdgx8craqbp7jb1"; + }; + } + { + goPackagePath = "github.com/go-sql-driver/mysql"; + fetch = { + type = "git"; + url = "https://github.com/go-sql-driver/mysql"; + rev = "72cd26f257d44c1114970e19afddcd812016007e"; + sha256 = "1fvsvwc1v2i0gqn01mynvi1shp5xm0xaym6xng09fcbqb56lbjx1"; + }; + } + { + goPackagePath = "github.com/golang/protobuf"; + fetch = { + type = "git"; + url = "https://github.com/golang/protobuf"; + rev = "aa810b61a9c79d51363740d207bb46cf8e620ed5"; + sha256 = "0kf4b59rcbb1cchfny2dm9jyznp8ri2hsb14n8iak1q8986xa0ab"; + }; + } + { + goPackagePath = "github.com/juju/ansiterm"; + fetch = { + type = "git"; + url = "https://github.com/juju/ansiterm"; + rev = "720a0952cc2ac777afc295d9861263e2a4cf96a1"; + sha256 = "0n6j0y7xhashp8gdkdl0r7vlbkdrkymrzxn9hxrx522k2isggs7h"; + }; + } + { + goPackagePath = "github.com/konsorten/go-windows-terminal-sequences"; + fetch = { + type = "git"; + url = "https://github.com/konsorten/go-windows-terminal-sequences"; + rev = "5c8c8bd35d3832f5d134ae1e1e375b69a4d25242"; + sha256 = "1lchgf27n276vma6iyxa0v1xds68n2g8lih5lavqnx5x6q5pw2ip"; + }; + } + { + goPackagePath = "github.com/lunixbochs/vtclean"; + fetch = { + type = "git"; + url = "https://github.com/lunixbochs/vtclean"; + rev = "2d01aacdc34a083dca635ba869909f5fc0cd4f41"; + sha256 = "1ss88dyx5hr4imvpg5lixvp0cf7c2qm4x9m8mdgshjpm92g5rqmf"; + }; + } + { + goPackagePath = "github.com/manifoldco/promptui"; + fetch = { + type = "git"; + url = "https://github.com/manifoldco/promptui"; + rev = "157c96fb638a14d268b305cf2012582431fcc410"; + sha256 = "0zha48i5f529q4j1qycybdzza4l9706hijiqws36ikd5jzg8i7wz"; + }; + } + { + goPackagePath = "github.com/mattn/go-colorable"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-colorable"; + rev = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"; + sha256 = "1nwjmsppsjicr7anq8na6md7b1z84l9ppnlr045hhxjvbkqwalvx"; + }; + } + { + goPackagePath = "github.com/mattn/go-isatty"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-isatty"; + rev = "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c"; + sha256 = "0zs92j2cqaw9j8qx1sdxpv3ap0rgbs0vrvi72m40mg8aa36gd39w"; + }; + } + { + goPackagePath = "github.com/mmcloughlin/avo"; + fetch = { + type = "git"; + url = "https://github.com/mmcloughlin/avo"; + rev = "2e7d06bc7ada2979f17ccf8ebf486dba23b84fc7"; + sha256 = "0fna1hhg193zy428lkj24a8853g3qviqs2c9xi96mji6ldprna5d"; + }; + } + { + goPackagePath = "github.com/newrelic/go-agent"; + fetch = { + type = "git"; + url = "https://github.com/newrelic/go-agent"; + rev = "f5bce3387232559bcbe6a5f8227c4bf508dac1ba"; + sha256 = "1zbp1cqhxp0sz3faymam6h1f91r1gl8dnnjx7qg8r06bd5fbzllb"; + }; + } + { + goPackagePath = "github.com/pkg/errors"; + fetch = { + type = "git"; + url = "https://github.com/pkg/errors"; + rev = "ba968bfe8b2f7e042a574c888954fccecfa385b4"; + sha256 = "0g5qcb4d4fd96midz0zdk8b9kz8xkzwfa8kr1cliqbg8sxsy5vd1"; + }; + } + { + goPackagePath = "github.com/rs/xid"; + fetch = { + type = "git"; + url = "https://github.com/rs/xid"; + rev = "15d26544def341f036c5f8dca987a4cbe575032c"; + sha256 = "1vgw1dikqw273awcci6pzifs7shkl5ah4l88j1zjbnpgbiwzlx9j"; + }; + } + { + goPackagePath = "github.com/samfoo/ansi"; + fetch = { + type = "git"; + url = "https://github.com/samfoo/ansi"; + rev = "b6bd2ded7189ce35bc02233b554eb56a5146af73"; + sha256 = "0sw2d7c6l2ry34x0n4j37ydr8s7hxnax76yh6n35gb2g6f1h46sz"; + }; + } + { + goPackagePath = "github.com/shurcooL/sanitized_anchor_name"; + fetch = { + type = "git"; + url = "https://github.com/shurcooL/sanitized_anchor_name"; + rev = "86672fcb3f950f35f2e675df2240550f2a50762f"; + sha256 = "142m507s9971cl8qdmbcw7sqxnkgi3xqd8wzvfq15p0w7w8i4a3h"; + }; + } + { + goPackagePath = "github.com/sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/sirupsen/logrus"; + rev = "ad15b42461921f1fb3529b058c6786c6a45d5162"; + sha256 = "02xdfcp4f6dqvpavwf1vvr794qgz2fx8929paam7wnvcxy7ib606"; + }; + } + { + goPackagePath = "github.com/smallstep/assert"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/assert"; + rev = "de77670473b5492f5d0bce155b5c01534c2d13f7"; + sha256 = "15z2b4qyylnwgq2pzlaxsdabqxh8dbna4ddprk9rzmsvnfkpds16"; + }; + } + { + goPackagePath = "github.com/smallstep/cli"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/cli"; + rev = "eeecaac062cb548ee2ab7c7563bc3c2f2160f019"; + sha256 = "1khhd1vgwqb08vki1nh0k4i2yk6jjdqmnq4f8anqn125zsj7hvdk"; + }; + } + { + goPackagePath = "github.com/smallstep/nosql"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/nosql"; + rev = "f80b3f432de0662f07ebd58fe52b0a119fe5dcd9"; + sha256 = "155blxdgaprl1py5g8p52gipp0ckz3k6v41hgsp83nay01yynafb"; + }; + } + { + goPackagePath = "github.com/urfave/cli"; + fetch = { + type = "git"; + url = "https://github.com/urfave/cli"; + rev = "b67dcf995b6a7b7f14fad5fcb7cc5441b05e814b"; + sha256 = "0n5vq4nydlhb7w12jiwphvxqdy4jwpxc3zwlxyhf05lq1nxfb56h"; + }; + } + { + goPackagePath = "go.etcd.io/bbolt"; + fetch = { + type = "git"; + url = "https://github.com/etcd-io/bbolt"; + rev = "63597a96ec0ad9e6d43c3fc81e809909e0237461"; + sha256 = "13d5l6p6c5wvkr6vn9hkhz9c593qifn7fgx0hg4d6jcvg1y0bnm2"; + }; + } + { + goPackagePath = "golang.org/x/crypto"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/crypto"; + rev = "4d3f4d9ffa16a13f451c3b2999e9c49e9750bf06"; + sha256 = "0sbsgjm6wqa162ssrf1gnpv62ak5wjn1bn8v7sxwwfg8a93z1028"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "c44066c5c816ec500d459a2a324a753f78531ae0"; + sha256 = "0mgww74bl15d0jvsh4f3qr1ckjzb8icb8hn0mgs5ppa0b2fgpc4f"; + }; + } + { + goPackagePath = "golang.org/x/sys"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/sys"; + rev = "9b800f95dbbc54abff0acf7ee32d88ba4e328c89"; + sha256 = "07v3l7q7y59cwvw0mc85i39v7qjcc1jh4svwi789rmrqqm5nq7q6"; + }; + } + { + goPackagePath = "golang.org/x/text"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/text"; + rev = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"; + sha256 = "0r6x6zjzhr8ksqlpiwm5gdd7s209kwk5p4lw54xjvz10cs3qlq19"; + }; + } + { + goPackagePath = "golang.org/x/tools"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/tools"; + rev = "3a10b9bf0a52df7e992a8c3eb712a86d3c896c75"; + sha256 = "19f3dijcc54jnd7458jab2dgpd0gzccmv2qympd9wi8cc8jpnhws"; + }; + } + { + goPackagePath = "google.golang.org/appengine"; + fetch = { + type = "git"; + url = "https://github.com/golang/appengine"; + rev = "54a98f90d1c46b7731eb8fb305d2a321c30ef610"; + sha256 = "0l7mkdnwhidv8m686x432vmx8z5nqcrr9f46ddgvrxbh4wvyfcll"; + }; + } + { + goPackagePath = "gopkg.in/square/go-jose.v2"; + fetch = { + type = "git"; + url = "https://github.com/square/go-jose"; + rev = "730df5f748271903322feb182be83b43ebbbe27d"; + sha256 = "11r93g9xrcjqj7qvq8sbd5hy5rnbpmim0vdsp6rbav8gl7wimaa3"; + }; + } +]
\ No newline at end of file diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/step-cli/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/step-cli/default.nix new file mode 100644 index 000000000000..d696b560f6dc --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/step-cli/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "step-cli"; + version = "0.13.3"; + + goPackagePath = "github.com/smallstep/cli"; + + src = fetchFromGitHub { + owner = "smallstep"; + repo = "cli"; + rev = "v${version}"; + sha256 = "0b5hk9a8yq1nyh8m1gmf28yiha95xwsc4dk321g84hvai7g47pbr"; + }; + + goDeps = ./deps.nix; + + meta = with lib; { + description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc"; + homepage = "https://smallstep.com/cli/"; + license = licenses.asl20; + maintainers = with maintainers; [ xfix ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/step-cli/deps.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/step-cli/deps.nix new file mode 100644 index 000000000000..bae1ba070a69 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/step-cli/deps.nix @@ -0,0 +1,453 @@ +# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix) +[ + { + goPackagePath = "github.com/AndreasBriese/bbloom"; + fetch = { + type = "git"; + url = "https://github.com/AndreasBriese/bbloom"; + rev = "e2d15f34fcf99d5dbb871c820ec73f710fca9815"; + sha256 = "05kkrsmpragy69bj6s80pxlm3pbwxrkkx7wgk0xigs6y2n6ylpds"; + }; + } + { + goPackagePath = "github.com/ThomasRooney/gexpect"; + fetch = { + type = "git"; + url = "https://github.com/ThomasRooney/gexpect"; + rev = "5482f03509440585d13d8f648989e05903001842"; + sha256 = "04zan78ndabxlwsw2hdcqbz32435pw2s04ljza07jlxnxzjp4kws"; + }; + } + { + goPackagePath = "github.com/asaskevich/govalidator"; + fetch = { + type = "git"; + url = "https://github.com/asaskevich/govalidator"; + rev = "ccb8e960c48f04d6935e72476ae4a51028f9e22f"; + sha256 = "1sih4yb6fqmdp5g6594yyida0qm7dvvqcfvf8pgikydkxyqb8g0k"; + }; + } + { + goPackagePath = "github.com/boombuler/barcode"; + fetch = { + type = "git"; + url = "https://github.com/boombuler/barcode"; + rev = "3cfea5ab600ae37946be2b763b8ec2c1cf2d272d"; + sha256 = "1fzb8wz1ny2sc78g9rm0bcm80pgwvkm2k6lmim2sb4jgm1j3sajd"; + }; + } + { + goPackagePath = "github.com/chzyer/readline"; + fetch = { + type = "git"; + url = "https://github.com/chzyer/readline"; + rev = "2972be24d48e78746da79ba8e24e8b488c9880de"; + sha256 = "104q8dazj8yf6b089jjr82fy9h1g80zyyzvp3g8b44a7d8ngjj6r"; + }; + } + { + goPackagePath = "github.com/corpix/uarand"; + fetch = { + type = "git"; + url = "https://github.com/corpix/uarand"; + rev = "2b8494104d86337cdd41d0a49cbed8e4583c0ab4"; + sha256 = "06ml5m8l9wbr96gvyg6z1syawn797f8kmq74nhgry3vqpngyb6yn"; + }; + } + { + goPackagePath = "github.com/davecgh/go-spew"; + fetch = { + type = "git"; + url = "https://github.com/davecgh/go-spew"; + rev = "8991bc29aa16c548c550c7ff78260e27b9ab7c73"; + sha256 = "0hka6hmyvp701adzag2g26cxdj47g21x6jz4sc6jjz1mn59d474y"; + }; + } + { + goPackagePath = "github.com/dgraph-io/badger"; + fetch = { + type = "git"; + url = "https://github.com/dgraph-io/badger"; + rev = "391b6d3b93e6014fe8c2971fcc0c1266e47dbbd9"; + sha256 = "13zyd6irxagwfv4azgmpk2qg8f80plhxrcjl8x89jzsjkl0a0pkx"; + }; + } + { + goPackagePath = "github.com/dgryski/go-farm"; + fetch = { + type = "git"; + url = "https://github.com/dgryski/go-farm"; + rev = "6a90982ecee230ff6cba02d5bd386acc030be9d3"; + sha256 = "1x3l4jgps0v1bjvd446kj4dp0ckswjckxgrng9afm275ixnf83ix"; + }; + } + { + goPackagePath = "github.com/go-chi/chi"; + fetch = { + type = "git"; + url = "https://github.com/go-chi/chi"; + rev = "0ebf7795c516423a110473652e9ba3a59a504863"; + sha256 = "18hwj6vni19ykp3bsmg9ggnl6y2hawym0vbsigdgx8craqbp7jb1"; + }; + } + { + goPackagePath = "github.com/go-sql-driver/mysql"; + fetch = { + type = "git"; + url = "https://github.com/go-sql-driver/mysql"; + rev = "72cd26f257d44c1114970e19afddcd812016007e"; + sha256 = "1fvsvwc1v2i0gqn01mynvi1shp5xm0xaym6xng09fcbqb56lbjx1"; + }; + } + { + goPackagePath = "github.com/golang/protobuf"; + fetch = { + type = "git"; + url = "https://github.com/golang/protobuf"; + rev = "b5d812f8a3706043e23a9cd5babf2e5423744d30"; + sha256 = "15am4s4646qy6iv0g3kkqq52rzykqjhm4bf08dk0fy2r58knpsyl"; + }; + } + { + goPackagePath = "github.com/google/certificate-transparency-go"; + fetch = { + type = "git"; + url = "https://github.com/google/certificate-transparency-go"; + rev = "3629d6846518309d22c16fee15d1007262a459d2"; + sha256 = "16vsq7dd2kbbk3vwlrhm3jrlg5kq16wf4iz6d1gnyc32s5fcy9d7"; + }; + } + { + goPackagePath = "github.com/icrowley/fake"; + fetch = { + type = "git"; + url = "https://github.com/icrowley/fake"; + rev = "4178557ae428460c3780a381c824a1f3aceb6325"; + sha256 = "1mv4bxfphaqbvacy49v4lf4gf2nmadzpmjq0jbdx93wi5bnkc977"; + }; + } + { + goPackagePath = "github.com/juju/ansiterm"; + fetch = { + type = "git"; + url = "https://github.com/juju/ansiterm"; + rev = "720a0952cc2ac777afc295d9861263e2a4cf96a1"; + sha256 = "0n6j0y7xhashp8gdkdl0r7vlbkdrkymrzxn9hxrx522k2isggs7h"; + }; + } + { + goPackagePath = "github.com/kballard/go-shellquote"; + fetch = { + type = "git"; + url = "https://github.com/kballard/go-shellquote"; + rev = "95032a82bc518f77982ea72343cc1ade730072f0"; + sha256 = "1rspvmnsikdq95jmx3dykxd4k1rmgl98ryjrysvl0cf18hl1vq80"; + }; + } + { + goPackagePath = "github.com/konsorten/go-windows-terminal-sequences"; + fetch = { + type = "git"; + url = "https://github.com/konsorten/go-windows-terminal-sequences"; + rev = "5c8c8bd35d3832f5d134ae1e1e375b69a4d25242"; + sha256 = "1lchgf27n276vma6iyxa0v1xds68n2g8lih5lavqnx5x6q5pw2ip"; + }; + } + { + goPackagePath = "github.com/kr/pty"; + fetch = { + type = "git"; + url = "https://github.com/kr/pty"; + rev = "db8e3cd836b82e82e0a9c8edc6896967dd31374f"; + sha256 = "0knzlvndfgjm2k23vhp2xj1cv3fm31vbg5b20gdl1vnxk7rh549h"; + }; + } + { + goPackagePath = "github.com/lunixbochs/vtclean"; + fetch = { + type = "git"; + url = "https://github.com/lunixbochs/vtclean"; + rev = "2d01aacdc34a083dca635ba869909f5fc0cd4f41"; + sha256 = "1ss88dyx5hr4imvpg5lixvp0cf7c2qm4x9m8mdgshjpm92g5rqmf"; + }; + } + { + goPackagePath = "github.com/manifoldco/promptui"; + fetch = { + type = "git"; + url = "https://github.com/manifoldco/promptui"; + rev = "157c96fb638a14d268b305cf2012582431fcc410"; + sha256 = "0zha48i5f529q4j1qycybdzza4l9706hijiqws36ikd5jzg8i7wz"; + }; + } + { + goPackagePath = "github.com/mattn/go-colorable"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-colorable"; + rev = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"; + sha256 = "1nwjmsppsjicr7anq8na6md7b1z84l9ppnlr045hhxjvbkqwalvx"; + }; + } + { + goPackagePath = "github.com/mattn/go-isatty"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-isatty"; + rev = "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c"; + sha256 = "0zs92j2cqaw9j8qx1sdxpv3ap0rgbs0vrvi72m40mg8aa36gd39w"; + }; + } + { + goPackagePath = "github.com/mmcloughlin/avo"; + fetch = { + type = "git"; + url = "https://github.com/mmcloughlin/avo"; + rev = "2e7d06bc7ada2979f17ccf8ebf486dba23b84fc7"; + sha256 = "0fna1hhg193zy428lkj24a8853g3qviqs2c9xi96mji6ldprna5d"; + }; + } + { + goPackagePath = "github.com/newrelic/go-agent"; + fetch = { + type = "git"; + url = "https://github.com/newrelic/go-agent"; + rev = "f5bce3387232559bcbe6a5f8227c4bf508dac1ba"; + sha256 = "1zbp1cqhxp0sz3faymam6h1f91r1gl8dnnjx7qg8r06bd5fbzllb"; + }; + } + { + goPackagePath = "github.com/pkg/errors"; + fetch = { + type = "git"; + url = "https://github.com/pkg/errors"; + rev = "ba968bfe8b2f7e042a574c888954fccecfa385b4"; + sha256 = "0g5qcb4d4fd96midz0zdk8b9kz8xkzwfa8kr1cliqbg8sxsy5vd1"; + }; + } + { + goPackagePath = "github.com/pmezard/go-difflib"; + fetch = { + type = "git"; + url = "https://github.com/pmezard/go-difflib"; + rev = "792786c7400a136282c1664665ae0a8db921c6c2"; + sha256 = "0c1cn55m4rypmscgf0rrb88pn58j3ysvc2d0432dp3c6fqg6cnzw"; + }; + } + { + goPackagePath = "github.com/pquerna/otp"; + fetch = { + type = "git"; + url = "https://github.com/pquerna/otp"; + rev = "b7b89250c468c06871d3837bee02e2d5c155ae19"; + sha256 = "0gsl9rh8awira21z6cj26c6swasskx03z66q72yjc1mpbvyg6han"; + }; + } + { + goPackagePath = "github.com/rs/xid"; + fetch = { + type = "git"; + url = "https://github.com/rs/xid"; + rev = "15d26544def341f036c5f8dca987a4cbe575032c"; + sha256 = "1vgw1dikqw273awcci6pzifs7shkl5ah4l88j1zjbnpgbiwzlx9j"; + }; + } + { + goPackagePath = "github.com/samfoo/ansi"; + fetch = { + type = "git"; + url = "https://github.com/samfoo/ansi"; + rev = "b6bd2ded7189ce35bc02233b554eb56a5146af73"; + sha256 = "0sw2d7c6l2ry34x0n4j37ydr8s7hxnax76yh6n35gb2g6f1h46sz"; + }; + } + { + goPackagePath = "github.com/shurcooL/sanitized_anchor_name"; + fetch = { + type = "git"; + url = "https://github.com/shurcooL/sanitized_anchor_name"; + rev = "86672fcb3f950f35f2e675df2240550f2a50762f"; + sha256 = "142m507s9971cl8qdmbcw7sqxnkgi3xqd8wzvfq15p0w7w8i4a3h"; + }; + } + { + goPackagePath = "github.com/sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/sirupsen/logrus"; + rev = "ad15b42461921f1fb3529b058c6786c6a45d5162"; + sha256 = "02xdfcp4f6dqvpavwf1vvr794qgz2fx8929paam7wnvcxy7ib606"; + }; + } + { + goPackagePath = "github.com/smallstep/assert"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/assert"; + rev = "de77670473b5492f5d0bce155b5c01534c2d13f7"; + sha256 = "15z2b4qyylnwgq2pzlaxsdabqxh8dbna4ddprk9rzmsvnfkpds16"; + }; + } + { + goPackagePath = "github.com/smallstep/certificates"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/certificates"; + rev = "effb490d276f33b8cdab661df8b57a8ded67e082"; + sha256 = "1i76bbm4rbpv4cw2ln36v0x74jjkss6j8pdh49hfvb75j2n32790"; + }; + } + { + goPackagePath = "github.com/smallstep/certinfo"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/certinfo"; + rev = "78e21b44234ef6ddeb58f5e8aad2ed09975b694a"; + sha256 = "0zrxql9173vzn7zirv4299j0vw2mzwknivrg8rzhdbkhvbfiql9q"; + }; + } + { + goPackagePath = "github.com/smallstep/nosql"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/nosql"; + rev = "a0934e12468769d8cbede3ed316c47a4b88de4ca"; + sha256 = "08bg0sgrhkzflyl0ybi8v2vmk8bfk5pmcyfrizpxssyql7k27fam"; + }; + } + { + goPackagePath = "github.com/smallstep/truststore"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/truststore"; + rev = "e16045d94a61ca04b60d5d246da3117e7eeb1ecf"; + sha256 = "15cv3dkn2npf6rwhkb575sdq089rf70rha8wrym4ygc8rjbgwbab"; + }; + } + { + goPackagePath = "github.com/smallstep/zcrypto"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/zcrypto"; + rev = "6bab21fcaafc3d150cf793b6d5f25fe32f49c80e"; + sha256 = "129az7k556lmnhh14ayrwzrp1y205zdgwk3rj1xcmgisx5irliqp"; + }; + } + { + goPackagePath = "github.com/smallstep/zlint"; + fetch = { + type = "git"; + url = "https://github.com/smallstep/zlint"; + rev = "d84eaafe274f9dc1f811ebfbb073e18c466e2a44"; + sha256 = "1xm7b1wvbify20vk9f3kmgmi5mnj5x2z3czc0r4zylcqcwwjkfd6"; + }; + } + { + goPackagePath = "github.com/stretchr/testify"; + fetch = { + type = "git"; + url = "https://github.com/stretchr/testify"; + rev = "f35b8ab0b5a2cef36673838d662e249dd9c94686"; + sha256 = "0dlszlshlxbmmfxj5hlwgv3r22x0y1af45gn1vd198nvvs3pnvfs"; + }; + } + { + goPackagePath = "github.com/urfave/cli"; + fetch = { + type = "git"; + url = "https://github.com/urfave/cli"; + rev = "b67dcf995b6a7b7f14fad5fcb7cc5441b05e814b"; + sha256 = "0n5vq4nydlhb7w12jiwphvxqdy4jwpxc3zwlxyhf05lq1nxfb56h"; + }; + } + { + goPackagePath = "github.com/weppos/publicsuffix-go"; + fetch = { + type = "git"; + url = "https://github.com/weppos/publicsuffix-go"; + rev = "386050f8211b04c965721c3591e7d96650a1ea86"; + sha256 = "17nvc0m0azm418w4mcyk7r1qcik0099vjpn455ia0lxhbqbl701b"; + }; + } + { + goPackagePath = "go.etcd.io/bbolt"; + fetch = { + type = "git"; + url = "https://github.com/etcd-io/bbolt"; + rev = "63597a96ec0ad9e6d43c3fc81e809909e0237461"; + sha256 = "13d5l6p6c5wvkr6vn9hkhz9c593qifn7fgx0hg4d6jcvg1y0bnm2"; + }; + } + { + goPackagePath = "golang.org/x/crypto"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/crypto"; + rev = "4d3f4d9ffa16a13f451c3b2999e9c49e9750bf06"; + sha256 = "0sbsgjm6wqa162ssrf1gnpv62ak5wjn1bn8v7sxwwfg8a93z1028"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "c44066c5c816ec500d459a2a324a753f78531ae0"; + sha256 = "0mgww74bl15d0jvsh4f3qr1ckjzb8icb8hn0mgs5ppa0b2fgpc4f"; + }; + } + { + goPackagePath = "golang.org/x/sys"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/sys"; + rev = "9b800f95dbbc54abff0acf7ee32d88ba4e328c89"; + sha256 = "07v3l7q7y59cwvw0mc85i39v7qjcc1jh4svwi789rmrqqm5nq7q6"; + }; + } + { + goPackagePath = "golang.org/x/text"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/text"; + rev = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"; + sha256 = "0r6x6zjzhr8ksqlpiwm5gdd7s209kwk5p4lw54xjvz10cs3qlq19"; + }; + } + { + goPackagePath = "golang.org/x/tools"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/tools"; + rev = "3a10b9bf0a52df7e992a8c3eb712a86d3c896c75"; + sha256 = "19f3dijcc54jnd7458jab2dgpd0gzccmv2qympd9wi8cc8jpnhws"; + }; + } + { + goPackagePath = "google.golang.org/appengine"; + fetch = { + type = "git"; + url = "https://github.com/golang/appengine"; + rev = "54a98f90d1c46b7731eb8fb305d2a321c30ef610"; + sha256 = "0l7mkdnwhidv8m686x432vmx8z5nqcrr9f46ddgvrxbh4wvyfcll"; + }; + } + { + goPackagePath = "gopkg.in/square/go-jose.v2"; + fetch = { + type = "git"; + url = "https://github.com/square/go-jose"; + rev = "730df5f748271903322feb182be83b43ebbbe27d"; + sha256 = "11r93g9xrcjqj7qvq8sbd5hy5rnbpmim0vdsp6rbav8gl7wimaa3"; + }; + } + { + goPackagePath = "howett.net/plist"; + fetch = { + type = "git"; + url = "https://gitlab.howett.net/go/plist.git"; + rev = "591f970eefbbeb04d7b37f334a0c4c3256e32876"; + sha256 = "1gr74rf6m8bgayf6mxcfaxb3cc49ldlhydzqfafx7di5nds5hxk9"; + }; + } +] diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/stoken/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/stoken/default.nix new file mode 100644 index 000000000000..22dc5e476e7f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/stoken/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, pkgconfig +, libxml2, nettle +, withGTK3 ? true, gtk3 }: + +stdenv.mkDerivation rec { + pname = "stoken"; + version = "0.92"; + src = fetchFromGitHub { + owner = "cernekee"; + repo = pname; + rev = "v${version}"; + sha256 = "0q7cv8vy5b2cslm57maqb6jsm7s4rwacjyv6gplwp26yhm38hw7y"; + }; + + preConfigure = '' + aclocal + libtoolize --automake --copy + autoheader + automake --add-missing --copy + autoconf + ''; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + autoconf automake libtool + libxml2 nettle + ] ++ stdenv.lib.optional withGTK3 gtk3; + + meta = with stdenv.lib; { + description = "Software Token for Linux/UNIX"; + homepage = "https://github.com/cernekee/stoken"; + license = licenses.lgpl21Plus; + maintainers = [ ]; + platforms = platforms.all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/stricat/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/stricat/default.nix new file mode 100644 index 000000000000..28c462cbb0a2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/stricat/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "stricat"; + version = "20140609100300"; + + src = fetchurl { + url = "http://www.stribob.com/dist/${pname}-${version}.tgz"; + sha256 = "1axg8r4g5n5kdqj5013pgck80nni3z172xkg506vz4zx1zcmrm4r"; + }; + + buildFlags = [ "CC=cc" ]; + + installPhase = '' + mkdir -p $out/bin + mv stricat $out/bin + ''; + + meta = { + description = "Multi-use cryptographic tool based on the STRIBOB algorithm"; + homepage = "https://www.stribob.com/stricat/"; + license = stdenv.lib.licenses.bsd3; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/su-exec/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/su-exec/default.nix new file mode 100644 index 000000000000..8ff33ee1ec91 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/su-exec/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "su-exec"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "ncopa"; + repo = "su-exec"; + rev = "v${version}"; + sha256 = "12vqlnpv48cjfh25sn98k1myc7h2wiv5qw2y2awgp6sipzv88abv"; + }; + + installPhase = '' + mkdir -p $out/bin + cp -a su-exec $out/bin/su-exec + ''; + + meta = with stdenv.lib; { + description = "switch user and group id and exec"; + homepage = "https://github.com/ncopa/su-exec"; + license = licenses.mit; + maintainers = with maintainers; [ zimbatm ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sudo/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sudo/default.nix new file mode 100644 index 000000000000..ae29eeafd006 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sudo/default.nix @@ -0,0 +1,85 @@ +{ stdenv, fetchurl, coreutils, pam, groff, sssd, nixosTests +, sendmailPath ? "/run/wrappers/bin/sendmail" +, withInsults ? false +, withSssd ? false +}: + +stdenv.mkDerivation rec { + pname = "sudo"; + version = "1.9.4"; + + src = fetchurl { + url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; + sha256 = "1w03257akspgkkl757vmpq3p30sb2n6y61hll038mw9sqwnbv4cb"; + }; + + prePatch = '' + # do not set sticky bit in nix store + substituteInPlace src/Makefile.in --replace 04755 0755 + ''; + + configureFlags = [ + "--with-env-editor" + "--with-editor=/run/current-system/sw/bin/nano" + "--with-rundir=/run/sudo" + "--with-vardir=/var/db/sudo" + "--with-logpath=/var/log/sudo.log" + "--with-iologdir=/var/log/sudo-io" + "--with-sendmail=${sendmailPath}" + "--enable-tmpfiles.d=no" + ] ++ stdenv.lib.optional withInsults [ + "--with-insults" + "--with-all-insults" + ] ++ stdenv.lib.optional withSssd [ + "--with-sssd" + "--with-sssd-lib=${sssd}/lib" + ]; + + configureFlagsArray = [ + "--with-passprompt=[sudo] password for %p: " # intentional trailing space + ]; + + postConfigure = + '' + cat >> pathnames.h <<'EOF' + #undef _PATH_MV + #define _PATH_MV "${coreutils}/bin/mv" + EOF + makeFlags="install_uid=$(id -u) install_gid=$(id -g)" + installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/" + ''; + + nativeBuildInputs = [ groff ]; + buildInputs = [ pam ]; + + enableParallelBuilding = true; + + doCheck = false; # needs root + + postInstall = + '' + rm -f $out/share/doc/sudo/ChangeLog + ''; + + passthru.tests = { inherit (nixosTests) sudo; }; + + meta = { + description = "A command to run commands as root"; + + longDescription = + '' + Sudo (su "do") allows a system administrator to delegate + authority to give certain users (or groups of users) the ability + to run some (or all) commands as root or another user while + providing an audit trail of the commands and their arguments. + ''; + + homepage = "https://www.sudo.ws/"; + + license = "https://www.sudo.ws/sudo/license.html"; + + maintainers = with stdenv.lib.maintainers; [ eelco delroth ]; + + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix new file mode 100644 index 000000000000..639926578c7b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix @@ -0,0 +1,32 @@ +# This file was generated by go2nix, then modified by hand for Darwin support. +{ stdenv, buildGoPackage, fetchFromGitHub, darwin }: + +buildGoPackage rec { + pname = "sudolikeaboss-unstable"; + version = "20161127-${stdenv.lib.strings.substring 0 7 rev}"; + rev = "2d9afe19f872c9f433d476e57ee86169781b164c"; + + goPackagePath = "github.com/ravenac95/sudolikeaboss"; + + src = fetchFromGitHub { + owner = "ravenac95"; + repo = "sudolikeaboss"; + inherit rev; + sha256 = "0ni3v4kanxfzxzjd48f5dgv62jbfrw7kdmq0snj09hw7ciw55yg6"; + }; + + goDeps = ./deps.nix; + + buildInputs = with darwin.apple_sdk.frameworks; [ + Cocoa + ]; + + meta = with stdenv.lib; { + inherit version; + inherit (src.meta) homepage; + description = "Get 1password access from iterm2"; + license = licenses.mit; + maintainers = [ maintainers.grahamc ]; + platforms = platforms.darwin; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix new file mode 100644 index 000000000000..350306a24f4b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix @@ -0,0 +1,39 @@ +# This file was generated by go2nix. +[ + { + goPackagePath = "github.com/Sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/Sirupsen/logrus"; + rev = "881bee4e20a5d11a6a88a5667c6f292072ac1963"; + sha256 = "176a09lp20f0qfhwwlh2xg0vk7z1g7gq8k2wr3sg1fd8m86wrzzg"; + }; + } + { + goPackagePath = "github.com/satori/go.uuid"; + fetch = { + type = "git"; + url = "https://github.com/satori/go.uuid"; + rev = "b061729afc07e77a8aa4fad0a2fd840958f1942a"; + sha256 = "0q87n5an7ha2d8kl6gn9wi41rq0whsxq68w5x3nxz7w9vgkfnq1k"; + }; + } + { + goPackagePath = "github.com/urfave/cli"; + fetch = { + type = "git"; + url = "https://github.com/urfave/cli"; + rev = "0bdeddeeb0f650497d603c4ad7b20cfe685682f6"; + sha256 = "1ny63c7bfwfrsp7vfkvb4i0xhq4v7yxqnwxa52y4xlfxs4r6v6fg"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "0c96df335ed3f17f758cba1a2c71b7849dd828e3"; + sha256 = "02zn1f539y5yc1sx82ym8c3pp3z371d1ldhl20skwjwbdw1ln8hm"; + }; + } +] diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/super/0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/super/0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch new file mode 100644 index 000000000000..048486caafd7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/super/0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch @@ -0,0 +1,51 @@ +From 86e37c1c09c23924c4e055a3d4b8c79f19cd0599 Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Mon, 10 Aug 2020 21:33:39 +0200 +Subject: [PATCH] Remove references to dropped `sys_nerr` & `sys_errlist` for + `glibc-2.32` compat + +According to the release-notes[1], `strerror(3)` should be used. This is +already the case, however the source tries to be backwards-compatible by +supporting `sys_nerr` & `sys_errlist` which breaks compilation +unfortunately. + +Simply using `strerror` fixes the problems. + +[1] https://sourceware.org/pipermail/libc-announce/2020/000029.html +--- + utils.c | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +diff --git a/utils.c b/utils.c +index 3ec70b6..430f027 100644 +--- a/utils.c ++++ b/utils.c +@@ -2003,7 +2003,6 @@ int n; + + #ifdef HAVE_SYS_ERRLIST + extern char *sys_errlist[]; +- extern int sys_nerr; + #endif + + /* +@@ -2019,16 +2018,7 @@ int errnum; + sprintf(buf, "Error %d", errnum); + return buf; + #else +- if (errnum < 0 || errnum > sys_nerr) { +- sprintf(buf, "Error %d (!)", errnum); +- return buf; +- } else { +-#ifdef HAVE_STRERROR +- return strerror(errnum); +-#else +- return sys_errlist[errnum]; +-#endif +- } ++ return strerror(errnum); + #endif + } + +-- +2.25.4 + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/super/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/super/default.nix new file mode 100644 index 000000000000..79a7cd839e5b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/super/default.nix @@ -0,0 +1,49 @@ +{ stdenv, fetchurl, fetchpatch }: + +stdenv.mkDerivation rec { + name = "super-3.30.0"; + + src = fetchurl { + name = "${name}.tar.gz"; + url = "https://www.ucolick.org/~will/RUE/super/${name}-tar.gz"; + sha256 = "0k476f83w7f45y9jpyxwr00ikv1vhjiq0c26fgjch9hnv18icvwy"; + }; + + prePatch = '' + # do not set sticky bit in nix store + substituteInPlace Makefile.in \ + --replace "-o root" "" \ + --replace 04755 755 + ''; + + patches = [ + ./0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch + (fetchpatch { + name = "CVE-2014-0470.patch"; + url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch"; + sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; + }) + ]; + + NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE"; + + configureFlags = [ + "--sysconfdir=/etc" + "--localstatedir=/var" + ]; + + installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(TMPDIR)" ]; + + meta = { + homepage = "https://www.ucolick.org/~will/#super"; + description = "Allows users to execute scripts as if they were root"; + longDescription = + '' + This package provides two commands: 1) “super”, which allows + users to execute commands under a different uid/gid (specified + in /etc/super.tab); and 2) “setuid”, which allows root to + execute a command under a different uid. + ''; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tboot/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tboot/default.nix new file mode 100644 index 000000000000..38f467fb441f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tboot/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchurl, trousers, openssl, zlib }: + +stdenv.mkDerivation rec { + pname = "tboot"; + version = "1.9.8"; + + src = fetchurl { + url = "mirror://sourceforge/tboot/${pname}-${version}.tar.gz"; + sha256 = "06f0ggl6vrb5ghklblvh2ixgmmjv31rkp1vfj9qm497iqwq9ac00"; + }; + + patches = [ ./tboot-add-well-known-secret-option-to-lcp_writepol.patch ]; + + buildInputs = [ trousers openssl zlib ]; + + enableParallelBuilding = true; + + hardeningDisable = [ "pic" "stackprotector" ]; + + NIX_CFLAGS_COMPILE = [ "-Wno-error=address-of-packed-member" ]; + + configurePhase = '' + for a in lcptools utils tb_polgen; do + substituteInPlace $a/Makefile --replace /usr/sbin /sbin + done + substituteInPlace docs/Makefile --replace /usr/share /share + ''; + + installFlags = [ "DESTDIR=$(out)" ]; + + meta = with stdenv.lib; { + description = "A pre-kernel/VMM module that uses Intel(R) TXT to perform a measured and verified launch of an OS kernel/VMM"; + homepage = "https://sourceforge.net/projects/tboot/"; + license = licenses.bsd3; + maintainers = with maintainers; [ ak ]; + platforms = [ "x86_64-linux" "i686-linux" ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch new file mode 100644 index 000000000000..a16ba9f4fbab --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch @@ -0,0 +1,50 @@ +diff -urp tboot-1.8.0.orig/lcptools/writepol.c tboot-1.8.0/lcptools/writepol.c +--- tboot-1.8.0.orig/lcptools/writepol.c 2014-01-30 10:34:57.000000000 +0100 ++++ tboot-1.8.0/lcptools/writepol.c 2014-02-12 01:48:51.523581057 +0100 +@@ -40,6 +40,7 @@ + #include <getopt.h> + #include <trousers/tss.h> + #include <trousers/trousers.h> ++#include <tss/tss_defines.h> + + #define PRINT printf + #include "../include/uuid.h" +@@ -51,14 +52,15 @@ static uint32_t index_value = 0; + static char *file_arg=NULL; + static uint32_t fLeng; + static unsigned char *policy_data = NULL; +-static char *password = NULL; ++static const char *password = NULL; + static uint32_t passwd_length = 0; ++static const char well_known_secret[] = TSS_WELL_KNOWN_SECRET; + static int help_input = 0; + static unsigned char empty_pol_data[] = {0}; + +-static const char *short_option = "ehi:f:p:"; ++static const char *short_option = "ehi:f:p:Z"; + static const char *usage_string = "lcp_writepol -i index_value " +- "[-f policy_file] [-e] [-p passwd] [-h]"; ++ "[-f policy_file] [-e] [-p passwd|-Z] [-h]"; + + static const char *option_strings[] = { + "-i index value: uint32/string.\n" +@@ -67,6 +69,7 @@ static const char *option_strings[] = { + "\tINDEX_AUX:0x50000002 or \"aux\"\n", + "-f file_name: string. File name of the policy data is stored. \n", + "-p password: string. \n", ++ "-Z use well known secret as password. \n", + "-e write 0 length data to the index.\n" + "\tIt will be used for some special index.\n" + "\tFor example, the index with permission WRITEDEFINE.\n", +@@ -119,6 +122,11 @@ parse_cmdline(int argc, const char * arg + fLeng = 0; + break; + ++ case 'Z': ++ password = well_known_secret; ++ passwd_length = sizeof(well_known_secret); ++ break; ++ + case 'h': + help_input = 1; + break; diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix new file mode 100644 index 000000000000..a6eb09fd2c5f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub, autoreconfHook +, openssl +, libcap, libpcap, libnfnetlink, libnetfilter_conntrack, libnetfilter_queue +}: + +with stdenv.lib; + +stdenv.mkDerivation rec { + pname = "tcpcrypt"; + version = "0.5"; + + src = fetchFromGitHub { + repo = "tcpcrypt"; + owner = "scslab"; + rev = "v${version}"; + sha256 = "0a015rlyvagz714pgwr85f8gjq1fkc0il7d7l39qcgxrsp15b96w"; + }; + + postUnpack = ''mkdir -vp $sourceRoot/m4''; + + outputs = [ "bin" "dev" "out" ]; + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ openssl libpcap ] + ++ optionals stdenv.isLinux [ libcap libnfnetlink libnetfilter_conntrack libnetfilter_queue ]; + + enableParallelBuilding = true; + + meta = { + homepage = "http://tcpcrypt.org/"; + description = "Fast TCP encryption"; + platforms = platforms.all; + license = licenses.bsd2; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/thc-hydra/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/thc-hydra/default.nix new file mode 100644 index 000000000000..f83d2675c6ac --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/thc-hydra/default.nix @@ -0,0 +1,48 @@ +{ stdenv, lib, fetchFromGitHub, zlib, openssl, ncurses, libidn, pcre, libssh, libmysqlclient, postgresql +, withGUI ? false, makeWrapper, pkgconfig, gtk2 }: + +stdenv.mkDerivation rec { + pname = "thc-hydra"; + version = "9.1"; + + src = fetchFromGitHub { + owner = "vanhauser-thc"; + repo = "thc-hydra"; + rev = "v${version}"; + sha256 = "1533h9z5jdlazwy0z7ll2753i507wq55by7rm9lh6y59889p0hps"; + }; + + postPatch = let + makeDirs = output: subDir: lib.concatStringsSep " " (map (path: lib.getOutput output path + "/" + subDir) buildInputs); + in '' + substituteInPlace configure \ + --replace '$LIBDIRS' "${makeDirs "lib" "lib"}" \ + --replace '$INCDIRS' "${makeDirs "dev" "include"}" \ + --replace "/usr/include/math.h" "${lib.getDev stdenv.cc.libc}/include/math.h" \ + --replace "libcurses.so" "libncurses.so" \ + --replace "-lcurses" "-lncurses" + ''; + + nativeBuildInputs = lib.optionals withGUI [ pkgconfig makeWrapper ]; + + buildInputs = [ + zlib openssl ncurses libidn pcre libssh libmysqlclient postgresql + ] ++ lib.optional withGUI gtk2; + + enableParallelBuilding = true; + + DATADIR = "/share/${pname}"; + + postInstall = lib.optionalString withGUI '' + wrapProgram $out/bin/xhydra \ + --add-flags --hydra-path --add-flags "$out/bin/hydra" + ''; + + meta = with stdenv.lib; { + description = "A very fast network logon cracker which support many different services"; + homepage = "https://www.thc.org/thc-hydra/"; + license = licenses.agpl3; + maintainers = with maintainers; [ offline ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/thc-ipv6/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/thc-ipv6/default.nix new file mode 100644 index 000000000000..b8175ef6dbac --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/thc-ipv6/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, libpcap, openssl, libnetfilter_queue, libnfnetlink }: +stdenv.mkDerivation rec { + pname = "thc-ipv6"; + version = "3.8"; + + src = fetchFromGitHub { + owner = "vanhauser-thc"; + repo = pname; + rev = "v${version}"; + sha256 = "07kwika1zdq62s5p5z94xznm77dxjxdg8k0hrg7wygz50151nzmx"; + }; + + buildInputs = [ + libpcap + openssl + libnetfilter_queue + libnfnetlink + ]; + + makeFlags = [ + "PREFIX=$(out)" + ]; + + meta = with stdenv.lib; { + description = "IPv6 attack toolkit"; + homepage = "https://github.com/vanhauser-thc/thc-ipv6"; + maintainers = with maintainers; [ ajs124 ]; + platforms = platforms.linux; + license = licenses.agpl3Only; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/theharvester/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/theharvester/default.nix new file mode 100644 index 000000000000..4153ddafbf48 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/theharvester/default.nix @@ -0,0 +1,36 @@ +{ lib, fetchFromGitHub, python3 }: + +python3.pkgs.buildPythonApplication rec { + pname = "theHarvester"; + version = "3.1"; + + src = fetchFromGitHub { + owner = "laramies"; + repo = pname; + rev = "V${version}"; + sha256 = "0lxzxfa9wbzim50d2jmd27i57szd0grm1dfayhnym86jn01qpvn3"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + aiodns beautifulsoup4 dns grequests netaddr + plotly pyyaml requests retrying shodan texttable + ]; + + checkInputs = [ python3.pkgs.pytest ]; + + checkPhase = "runHook preCheck ; pytest tests/test_myparser.py ; runHook postCheck"; + # We don't run other tests (discovery modules) because they require network access + + meta = with lib; { + description = "Gather E-mails, subdomains and names from different public sources"; + longDescription = '' + theHarvester is a very simple, yet effective tool designed to be used in the early + stages of a penetration test. Use it for open source intelligence gathering and + helping to determine an entity's external threat landscape on the internet. The tool + gathers emails, names, subdomains, IPs, and URLs using multiple public data sources. + ''; + homepage = "https://github.com/laramies/theHarvester"; + maintainers = with maintainers; [ c0bw3b treemo ]; + license = licenses.gpl2; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tor/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tor/default.nix new file mode 100644 index 000000000000..04bf598d132a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tor/default.nix @@ -0,0 +1,96 @@ +{ stdenv, fetchurl, pkgconfig, libevent, openssl, zlib, torsocks +, libseccomp, systemd, libcap, lzma, zstd, scrypt, nixosTests + +# for update.nix +, writeScript +, common-updater-scripts +, bash +, coreutils +, curl +, gnugrep +, gnupg +, gnused +, nix +}: + +stdenv.mkDerivation rec { + pname = "tor"; + version = "0.4.4.6"; + + src = fetchurl { + url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; + sha256 = "1p0zpqmbskygx0wmiijhprg8r45n2wqbbjl7kv4gbb83b0alq5az"; + }; + + outputs = [ "out" "geoip" ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ libevent openssl zlib lzma zstd scrypt ] ++ + stdenv.lib.optionals stdenv.isLinux [ libseccomp systemd libcap ]; + + patches = [ ./disable-monotonic-timer-tests.patch ]; + + # cross compiles correctly but needs the following + configureFlags = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) + "--disable-tool-name-check"; + + NIX_CFLAGS_LINK = stdenv.lib.optionalString stdenv.cc.isGNU "-lgcc_s"; + + postPatch = '' + substituteInPlace contrib/client-tools/torify \ + --replace 'pathfind torsocks' true \ + --replace 'exec torsocks' 'exec ${torsocks}/bin/torsocks' + + patchShebangs ./scripts/maint/checkShellScripts.sh + ''; + + enableParallelBuilding = true; + + doCheck = true; + + postInstall = '' + mkdir -p $geoip/share/tor + mv $out/share/tor/geoip{,6} $geoip/share/tor + rm -rf $out/share/tor + ''; + + passthru = { + tests.tor = nixosTests.tor; + updateScript = import ./update.nix { + inherit (stdenv) lib; + inherit + writeScript + common-updater-scripts + bash + coreutils + curl + gnupg + gnugrep + gnused + nix + ; + }; + }; + + meta = with stdenv.lib; { + homepage = "https://www.torproject.org/"; + repositories.git = "https://git.torproject.org/git/tor"; + description = "Anonymizing overlay network"; + + longDescription = '' + Tor helps improve your privacy by bouncing your communications around a + network of relays run by volunteers all around the world: it makes it + harder for somebody watching your Internet connection to learn what sites + you visit, and makes it harder for the sites you visit to track you. Tor + works with many of your existing applications, including web browsers, + instant messaging clients, remote login, and other applications based on + the TCP protocol. + ''; + + license = licenses.bsd3; + + maintainers = with maintainers; + [ phreedom thoughtpolice joachifm prusnak ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tor/disable-monotonic-timer-tests.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/tor/disable-monotonic-timer-tests.patch new file mode 100644 index 000000000000..a95a373bbb64 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tor/disable-monotonic-timer-tests.patch @@ -0,0 +1,26 @@ +diff --git a/src/test/test_util.c b/src/test/test_util.c +index 0d86a5ab5..e93c6ba89 100644 +--- a/src/test/test_util.c ++++ b/src/test/test_util.c +@@ -5829,13 +5829,9 @@ test_util_monotonic_time(void *arg) + /* We need to be a little careful here since we don't know the system load. + */ + tt_i64_op(monotime_diff_msec(&mt1, &mt2), OP_GE, 175); +- tt_i64_op(monotime_diff_msec(&mt1, &mt2), OP_LT, 1000); + tt_i64_op(monotime_coarse_diff_msec(&mtc1, &mtc2), OP_GE, 125); +- tt_i64_op(monotime_coarse_diff_msec(&mtc1, &mtc2), OP_LT, 1000); + tt_u64_op(nsec2-nsec1, OP_GE, 175000000); +- tt_u64_op(nsec2-nsec1, OP_LT, 1000000000); + tt_u64_op(nsecc2-nsecc1, OP_GE, 125000000); +- tt_u64_op(nsecc2-nsecc1, OP_LT, 1000000000); + + tt_u64_op(msec1, OP_GE, nsec1 / 1000000); + tt_u64_op(usec1, OP_GE, nsec1 / 1000); +@@ -5849,7 +5845,6 @@ test_util_monotonic_time(void *arg) + uint64_t coarse_stamp_diff = + monotime_coarse_stamp_units_to_approx_msec(stamp2-stamp1); + tt_u64_op(coarse_stamp_diff, OP_GE, 120); +- tt_u64_op(coarse_stamp_diff, OP_LE, 1200); + + { + uint64_t units = monotime_msec_to_approx_coarse_stamp_units(5000); diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tor/tor-arm.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tor/tor-arm.nix new file mode 100644 index 000000000000..896ab50562d8 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tor/tor-arm.nix @@ -0,0 +1,55 @@ +{ stdenv, fetchurl, makeWrapper +, python2Packages, ncurses, lsof, nettools +}: + +stdenv.mkDerivation rec { + pname = "tor-arm"; + version = "1.4.5.0"; + + src = fetchurl { + url = "https://www.atagar.com/arm/resources/static/arm-${version}.tar.bz2"; + sha256 = "1yi87gdglkvi1a23hv5c3k7mc18g0rw7b05lfcw81qyxhlapf3pw"; + }; + + nativeBuildInputs = [ makeWrapper python2Packages.python ]; + + outputs = [ "out" "man" ]; + + postPatch = '' + substituteInPlace ./setup.py --replace "/usr/bin" "$out/bin" + substituteInPlace ./src/util/connections.py \ + --replace "lsof -wnPi" "${lsof}/bin/lsof" + substituteInPlace ./src/util/torTools.py \ + --replace "netstat -npl" "${nettools}/bin/netstat -npl" \ + --replace "lsof -wnPi" "${lsof}/bin/lsof" + + substituteInPlace ./arm --replace '"$0" = /usr/bin/arm' 'true' + substituteInPlace ./arm --replace "python" "${python2Packages.python}/bin/python" + + for i in ./install ./arm ./src/gui/controller.py ./src/cli/wizard.py ./src/resources/torrcOverride/override.h ./src/resources/torrcOverride/override.py ./src/resources/arm.1 ./setup.py; do + substituteInPlace $i --replace "/usr/share" "$out/share" + done + + # fixes man page installation + substituteInPlace ./setup.py --replace "src/resoureces" "src/resources" + ''; + + installPhase = '' + mkdir -p $out/share/arm $out/bin $out/libexec + python setup.py install --prefix=$out --docPath $out/share/doc/arm + cp -R src/TorCtl $out/libexec + + wrapProgram $out/bin/arm \ + --prefix PYTHONPATH : "$(toPythonPath $out):$out/libexec:$PYTHONPATH" \ + --set TERMINFO "${ncurses.out}/share/terminfo" \ + --set TERM "xterm" + ''; + + meta = { + description = "A terminal status monitor for Tor relays"; + homepage = "https://www.atagar.com/arm/"; + license = stdenv.lib.licenses.gpl3; + platforms = stdenv.lib.platforms.unix; + maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tor/torsocks.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tor/torsocks.nix new file mode 100644 index 000000000000..381377032d6e --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tor/torsocks.nix @@ -0,0 +1,43 @@ +{ stdenv, fetchgit, fetchurl, autoreconfHook, libcap }: + +stdenv.mkDerivation rec { + pname = "torsocks"; + version = "2.3.0"; + + src = fetchgit { + url = meta.repositories.git; + rev = "refs/tags/v${version}"; + sha256 = "0x0wpcigf22sjxg7bm0xzqihmsrz51hl4v8xf91qi4qnmr4ny1hb"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + patches = stdenv.lib.optional stdenv.isDarwin + (fetchurl { + url = "https://trac.torproject.org/projects/tor/raw-attachment/ticket/28538/0001-Fix-macros-for-accept4-2.patch"; + sha256 = "97881f0b59b3512acc4acb58a0d6dfc840d7633ead2f400fad70dda9b2ba30b0"; + }); + + postPatch = '' + # Patch torify_app() + sed -i \ + -e 's,\(local app_path\)=`which $1`,\1=`type -P $1`,' \ + src/bin/torsocks.in + '' + stdenv.lib.optionalString stdenv.isLinux '' + sed -i \ + -e 's,\(local getcap\)=.*,\1=${libcap}/bin/getcap,' \ + src/bin/torsocks.in + ''; + + doInstallCheck = true; + installCheckTarget = "check-recursive"; + + meta = { + description = "Wrapper to safely torify applications"; + homepage = "https://github.com/dgoulet/torsocks"; + repositories.git = "https://git.torproject.org/torsocks.git"; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.unix; + maintainers = with stdenv.lib.maintainers; [ phreedom thoughtpolice ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tor/update.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tor/update.nix new file mode 100644 index 000000000000..c944883d4178 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tor/update.nix @@ -0,0 +1,71 @@ +{ lib +, writeScript +, common-updater-scripts +, bash +, coreutils +, curl +, gnugrep +, gnupg +, gnused +, nix +}: + +with lib; + +let + downloadPageUrl = "https://dist.torproject.org"; + + # See https://www.torproject.org/docs/signing-keys.html + signingKeys = [ + # Roger Dingledine + "B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5" + "F65C E37F 04BA 5B36 0AE6 EE17 C218 5258 19F7 8451" + # Nick Mathewson + "2133 BC60 0AB1 33E1 D826 D173 FE43 009C 4607 B1FB" + "B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5" + ]; +in + +writeScript "update-tor" '' +#! ${bash}/bin/bash + +set -eu -o pipefail + +export PATH=${makeBinPath [ + common-updater-scripts + coreutils + curl + gnugrep + gnupg + gnused + nix +]} + +srcBase=$(curl -L --list-only -- "${downloadPageUrl}" \ + | grep -Eo 'tor-([[:digit:]]+\.?)+\.tar\.gz' \ + | sort -Vu \ + | tail -n1) +srcFile=$srcBase +srcUrl=${downloadPageUrl}/$srcBase + +srcName=''${srcBase/.tar.gz/} +srcVers=(''${srcName//-/ }) +version=''${srcVers[1]} + +sigUrl=$srcUrl.asc +sigFile=''${sigUrl##*/} + +# upstream does not support byte ranges ... +[[ -e "$srcFile" ]] || curl -L -o "$srcFile" -- "$srcUrl" +[[ -e "$sigFile" ]] || curl -L -o "$sigFile" -- "$sigUrl" + +export GNUPGHOME=$PWD/gnupg +mkdir -m 700 -p "$GNUPGHOME" + +gpg --batch --recv-keys ${concatStringsSep " " (map (x: "'${x}'") signingKeys)} +gpg --batch --verify "$sigFile" "$srcFile" + +sha256=$(nix-hash --type sha256 --flat --base32 "$srcFile") + +update-source-version tor "$version" "$sha256" +'' diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-luks/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-luks/default.nix new file mode 100644 index 000000000000..fc1931fa4ba2 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-luks/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchgit, autoreconfHook, gawk, trousers, cryptsetup, openssl }: + +stdenv.mkDerivation { + pname = "tpm-luks"; + version = "git-2015-07-11"; + + src = fetchgit { + url = "https://github.com/momiji/tpm-luks"; + rev = "c9c5b7fdddbcdac1cd4d2ea6baddd0617cc88ffa"; + sha256 = "1ms2v57f13r9km6mvf9rha5ndmlmjvrz3mcikai6nzhpj0nrjz0w"; + }; + + patches = [ + ./openssl-1.1.patch + ./signed-ptr.patch + ]; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ gawk trousers cryptsetup openssl ]; + + installPhase = '' + mkdir -p $out + make install DESTDIR=$out + mv $out/$out/sbin $out/bin + rm -r $out/nix + ''; + + meta = with stdenv.lib; { + description = "LUKS key storage in TPM NVRAM"; + homepage = "https://github.com/shpedoikal/tpm-luks/"; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-luks/openssl-1.1.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-luks/openssl-1.1.patch new file mode 100644 index 000000000000..10132242b345 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-luks/openssl-1.1.patch @@ -0,0 +1,63 @@ +diff --git a/swtpm-utils/lib/hmac.c b/swtpm-utils/lib/hmac.c +index 5545375..f9bedea 100644 +--- a/swtpm-utils/lib/hmac.c ++++ b/swtpm-utils/lib/hmac.c +@@ -381,15 +381,19 @@ uint32_t TSS_authhmac(unsigned char *digest, unsigned char *key, unsigned int ke + /****************************************************************************/ + uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...) + { +- HMAC_CTX hmac; ++ HMAC_CTX* hmac; + unsigned int dlen; + unsigned char *data; + va_list argp; +- +-#ifdef HAVE_HMAC_CTX_CLEANUP +- HMAC_CTX_init(&hmac); +-#endif +- HMAC_Init(&hmac,key,keylen,EVP_sha1()); ++ ++ hmac = HMAC_CTX_new(); ++ ++ if (hmac == NULL) ++ { ++ return ERR_MEM_ERR; ++ } ++ ++ HMAC_Init_ex(hmac,key,keylen,EVP_sha1(),NULL); + + va_start(argp,keylen); + for (;;) +@@ -398,15 +402,11 @@ uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned i + if (dlen == 0) break; + data = (unsigned char *)va_arg(argp,unsigned char *); + if (data == NULL) return ERR_NULL_ARG; +- HMAC_Update(&hmac,data,dlen); ++ HMAC_Update(hmac,data,dlen); + } +- HMAC_Final(&hmac,digest,&dlen); ++ HMAC_Final(hmac,digest,&dlen); + +-#ifdef HAVE_HMAC_CTX_CLEANUP +- HMAC_CTX_cleanup(&hmac); +-#else +- HMAC_cleanup(&hmac); +-#endif ++ HMAC_CTX_free(hmac); + va_end(argp); + return 0; + } +diff --git a/swtpm-utils/lib/keys.c b/swtpm-utils/lib/keys.c +index 99691b6..6627a1f 100644 +--- a/swtpm-utils/lib/keys.c ++++ b/swtpm-utils/lib/keys.c +@@ -1249,8 +1249,7 @@ RSA *TSS_convpubkey(pubkeydata *k) + exp); + } + /* set up the RSA public key structure */ +- rsa->n = mod; +- rsa->e = exp; ++ RSA_set0_key(rsa, mod, exp, NULL); + return rsa; + } + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-luks/signed-ptr.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-luks/signed-ptr.patch new file mode 100644 index 000000000000..83e356a4ef9e --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-luks/signed-ptr.patch @@ -0,0 +1,15 @@ +diff --git a/swtpm-utils/getcapability.c b/swtpm-utils/getcapability.c +index 7359ba3..17b4324 100644 +--- a/swtpm-utils/getcapability.c ++++ b/swtpm-utils/getcapability.c +@@ -480,7 +480,8 @@ int main(int argc, char *argv[]) + } + + if (c) { +- char pcrmap[4], *pf; ++ char pcrmap[4]; ++ unsigned char *pf; + + memcpy(pcrmap, ndp.pcrInfoRead.pcrSelection.pcrSelect, + ndp.pcrInfoRead.pcrSelection.sizeOfSelect); + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-quote-tools/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-quote-tools/default.nix new file mode 100644 index 000000000000..a652867a0d09 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-quote-tools/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl, trousers, openssl }: + +stdenv.mkDerivation rec { + pname = "tpm-quote-tools"; + version = "1.0.4"; + + src = fetchurl { + url = "mirror://sourceforge/project/tpmquotetools/${version}/${pname}-${version}.tar.gz"; + sha256 = "1qjs83xb4np4yn1bhbjfhvkiika410v8icwnjix5ad96w2nlxp0h"; + }; + + buildInputs = [ trousers openssl ]; + + postFixup = '' + patchelf \ + --set-rpath "${stdenv.lib.makeLibraryPath [ openssl ]}:$(patchelf --print-rpath $out/bin/tpm_mkaik)" \ + $out/bin/tpm_mkaik + ''; + + meta = with stdenv.lib; { + description = "A collection of programs that provide support for TPM based attestation using the TPM quote mechanism"; + longDescription = '' + The TPM Quote Tools is a collection of programs that provide support + for TPM based attestation using the TPM quote mechanism. The manual + page for tpm_quote_tools provides a usage overview. + ''; + homepage = "http://tpmquotetools.sourceforge.net/"; + license = licenses.bsd3; + maintainers = with maintainers; [ ak ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-tools/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-tools/default.nix new file mode 100644 index 000000000000..5e0b4e6d94f4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm-tools/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, trousers, openssl, opencryptoki, perl }: + +let + version = "1.3.9.1"; +in +stdenv.mkDerivation rec { + pname = "tpm-tools"; + inherit version; + + src = fetchurl { + url = "mirror://sourceforge/trousers/tpm-tools/${version}/${pname}-${version}.tar.gz"; + sha256 = "0s7srgghykxnlb1g4izabzf2gfb1knxc0nzn6bly49h8cpi19dww"; + }; + + sourceRoot = "."; + + patches = [ + (fetchurl { + url = "https://sources.debian.org/data/main/t/tpm-tools/1.3.9.1-0.1/debian/patches/05-openssl1.1_fix_data_mgmt.patch"; + sha256 = "161yysw4wgy3spsz6p1d0ib0h5pnrqm8bdh1l71c4hz6a6wpcyxj"; + }) + ]; + + nativeBuildInputs = [ perl ]; + buildInputs = [ trousers openssl opencryptoki ]; + + meta = with stdenv.lib; { + description = "Management tools for TPM hardware"; + longDescription = '' + tpm-tools is an open-source package designed to enable user and + application enablement of Trusted Computing using a Trusted Platform + Module (TPM), similar to a smart card environment. + ''; + homepage = "https://sourceforge.net/projects/trousers/files/tpm-tools/"; + license = licenses.cpl10; + maintainers = [ maintainers.ak ]; + platforms = platforms.unix; + }; +} + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix new file mode 100644 index 000000000000..a3352c5abfdc --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix @@ -0,0 +1,49 @@ +{ stdenv, lib, fetchFromGitHub +, autoreconfHook, pkg-config, autoconf-archive, makeWrapper, which +, tpm2-tss, glib, dbus +, cmocka +}: + +stdenv.mkDerivation rec { + pname = "tpm2-abrmd"; + version = "2.3.3"; + + src = fetchFromGitHub { + owner = "tpm2-software"; + repo = pname; + rev = version; + sha256 = "17nv50w1yh6fg7393vfvys9y13lp0gvxx9vcw2pb87ky551d7xkf"; + }; + + nativeBuildInputs = [ pkg-config makeWrapper autoreconfHook autoconf-archive which ]; + buildInputs = [ tpm2-tss glib dbus ]; + checkInputs = [ cmocka ]; + + enableParallelBuilding = true; + + # Emulate the required behavior of ./bootstrap in the original + # package + preAutoreconf = '' + echo "${version}" > VERSION + ''; + + # Unit tests are currently broken as the check phase attempts to start a dbus daemon etc. + #configureFlags = [ "--enable-unit" ]; + doCheck = false; + + # Even though tpm2-tss is in the RUNPATH, starting from 2.3.0 abrmd + # seems to require the path to the device TCTI (used for accessing + # /dev/tpm0) in it's LD_LIBRARY_PATH + postFixup = '' + wrapProgram $out/bin/tpm2-abrmd \ + --suffix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ tpm2-tss ]}" + ''; + + meta = with lib; { + description = "TPM2 resource manager, accessible via D-Bus"; + homepage = "https://github.com/tpm2-software/tpm2-tools"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ matthiasbeyer ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix new file mode 100644 index 000000000000..e6a7621d9877 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchurl, lib +, pandoc, pkgconfig, makeWrapper, curl, openssl, tpm2-tss +, abrmdSupport ? true, tpm2-abrmd ? null }: + +stdenv.mkDerivation rec { + pname = "tpm2-tools"; + version = "4.1.3"; + + src = fetchurl { + url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; + sha256 = "0117r0zzdnblkibv81y71v3limixsw5m7g9xwf7lcx8fc8836pdv"; + }; + + nativeBuildInputs = [ pandoc pkgconfig makeWrapper ]; + buildInputs = [ + curl openssl tpm2-tss + ]; + + preFixup = let + ldLibraryPath = lib.makeLibraryPath ([ + tpm2-tss + ] ++ (lib.optional abrmdSupport tpm2-abrmd)); + in '' + for bin in $out/bin/*; do + wrapProgram $bin \ + --suffix LD_LIBRARY_PATH : "${ldLibraryPath}" + done + ''; + + + # Unit tests disabled, as they rely on a dbus session + #configureFlags = [ "--enable-unit" ]; + doCheck = false; + + meta = with lib; { + description = "Command line tools that provide access to a TPM 2.0 compatible device"; + homepage = "https://github.com/tpm2-software/tpm2-tools"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ delroth ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch new file mode 100644 index 000000000000..774a14f72bab --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch @@ -0,0 +1,19 @@ +diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/tcsd_conf.c +--- trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c 2013-07-12 18:27:37.000000000 +0200 ++++ trousers-0.3.11.2/src/tcsd/tcsd_conf.c 2013-08-21 14:29:42.917231648 +0200 +@@ -763,6 +763,7 @@ + return TCSERR(TSS_E_INTERNAL_ERROR); + } + ++#ifndef ALLOW_NON_TSS_CONFIG_FILE + /* make sure user/group TSS owns the conf file */ + if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { + LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file, +@@ -775,6 +776,7 @@ + LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file); + return TCSERR(TSS_E_INTERNAL_ERROR); + } ++#endif + #endif /* SOLARIS */ + + if ((f = fopen(tcsd_config_file, "r")) == NULL) { diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/trousers/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/trousers/default.nix new file mode 100644 index 000000000000..2cc702cf6f2f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/trousers/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchurl, openssl, pkgconfig }: + +stdenv.mkDerivation rec { + pname = "trousers"; + version = "0.3.14"; + + src = fetchurl { + url = "mirror://sourceforge/trousers/trousers/${version}/${pname}-${version}.tar.gz"; + sha256 = "0iwgsbrbb7nfqgl61x8aailwxm8akxh9gkcwxhsvf50x4qx72l6f"; + }; + + sourceRoot = "."; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ openssl ]; + + patches = [ ./allow-non-tss-config-file-owner.patch ]; + + configureFlags = [ "--disable-usercheck" ]; + + NIX_CFLAGS_COMPILE = [ "-DALLOW_NON_TSS_CONFIG_FILE" ]; + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Trusted computing software stack"; + homepage = "http://trousers.sourceforge.net/"; + license = licenses.bsd3; + maintainers = [ maintainers.ak ]; + platforms = platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/trufflehog/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/trufflehog/default.nix new file mode 100644 index 000000000000..353590ed87c8 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/trufflehog/default.nix @@ -0,0 +1,38 @@ +{ lib, python3Packages }: + +let + truffleHogRegexes = python3Packages.buildPythonPackage rec { + pname = "truffleHogRegexes"; + version = "0.0.7"; + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "b81dfc60c86c1e353f436a0e201fd88edb72d5a574615a7858485c59edf32405"; + }; + }; +in + python3Packages.buildPythonApplication rec { + pname = "truffleHog"; + version = "2.1.11"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "53619f0c5be082abd377f987291ace80bc3b88f864972b1a30494780980f769e"; + }; + + # Relax overly restricted version constraint + postPatch = '' + substituteInPlace setup.py --replace "GitPython ==" "GitPython >= " + ''; + + propagatedBuildInputs = [ python3Packages.GitPython truffleHogRegexes ]; + + # Test cases run git clone and require network access + doCheck = false; + + meta = { + homepage = "https://github.com/dxa4481/truffleHog"; + description = "Searches through git repositories for high entropy strings and secrets, digging deep into commit history"; + license = with lib.licenses; [ gpl2 ]; + maintainers = with lib.maintainers; [ bhipple ]; + }; + } diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/vault/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/vault/default.nix new file mode 100644 index 000000000000..4b460e74024b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/vault/default.nix @@ -0,0 +1,37 @@ +{ stdenv, fetchFromGitHub, buildGoPackage, installShellFiles, nixosTests }: + +buildGoPackage rec { + pname = "vault"; + version = "1.6.0"; + + src = fetchFromGitHub { + owner = "hashicorp"; + repo = "vault"; + rev = "v${version}"; + sha256 = "13fasdiijxy87m33wfyd8gylyz556i0bdd7xp706ip2fcckrmz7a"; + }; + + goPackagePath = "github.com/hashicorp/vault"; + + subPackages = [ "." ]; + + nativeBuildInputs = [ installShellFiles ]; + + buildFlagsArray = [ "-tags=vault" "-ldflags=-s -w -X ${goPackagePath}/sdk/version.GitCommit=${src.rev}" ]; + + postInstall = '' + echo "complete -C $out/bin/vault vault" > vault.bash + installShellCompletion vault.bash + ''; + + passthru.tests.vault = nixosTests.vault; + + meta = with stdenv.lib; { + homepage = "https://www.vaultproject.io/"; + description = "A tool for managing secrets"; + changelog = "https://github.com/hashicorp/vault/blob/v${version}/CHANGELOG.md"; + platforms = platforms.linux ++ platforms.darwin; + license = licenses.mpl20; + maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/vault/vault-bin.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/vault/vault-bin.nix new file mode 100644 index 000000000000..805afe89d31a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/vault/vault-bin.nix @@ -0,0 +1,50 @@ +{ stdenv, fetchurl, unzip }: + +let + version = "1.6.0"; + + sources = let + base = "https://releases.hashicorp.com/vault/${version}"; + in { + x86_64-linux = fetchurl { + url = "${base}/vault_${version}_linux_amd64.zip"; + sha256 = "0fay6bw31x9kxmc52sh5qp63nfkwji74fbnlx8pj3smz3qnqw143"; + }; + i686-linux = fetchurl { + url = "${base}/vault_${version}_linux_386.zip"; + sha256 = "0bjks9lpgl39cq55c9cyc0glhmyxzs37a2an8ynzza94gv5mgcxa"; + }; + x86_64-darwin = fetchurl { + url = "${base}/vault_${version}_darwin_amd64.zip"; + sha256 = "0hl1k35x78y0hi3y5xjnzby1ygisqjyvdak7s61m9f363nsr1shh"; + }; + aarch64-linux = fetchurl { + url = "${base}/vault_${version}_linux_arm64.zip"; + sha256 = "018a5i14x6phhx1axvx0bvqn4ggsimfizs48xbmykgiyfmzkrwgz"; + }; + }; + +in stdenv.mkDerivation { + pname = "vault-bin"; + inherit version; + + src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}"); + + nativeBuildInputs = [ unzip ]; + + sourceRoot = "."; + + installPhase = '' + mkdir -p $out/bin $out/share/bash-completion/completions + mv vault $out/bin + echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault + ''; + + meta = with stdenv.lib; { + homepage = "https://www.vaultproject.io"; + description = "A tool for managing secrets, this binary includes the UI"; + platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" ]; + license = licenses.mpl20; + maintainers = with maintainers; [ offline psyanticy mkaito ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/verifpal/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/verifpal/default.nix new file mode 100644 index 000000000000..930b44cb4c68 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/verifpal/default.nix @@ -0,0 +1,38 @@ +{ lib +, fetchgit +, buildGoModule +, pigeon +}: + +buildGoModule rec { + pname = "verifpal"; + version = "0.13.7"; + + src = fetchgit { + url = "https://source.symbolic.software/verifpal/verifpal.git"; + rev = "v${version}"; + sha256 = "1ia3mxwcvcxghga2vvhf6mia59cm3jl7vh8laywh421bfj42sh9d"; + }; + + vendorSha256 = "0cmj6h103igg5pcs9c9wrcmrsf0mwp9vbgzf5amsnj1206ryb1p2"; + + doCheck = false; + + nativeBuildInputs = [ pigeon ]; + + subPackages = [ "cmd/verifpal" ]; + + # goversioninfo is for Windows only and can be skipped during go generate + preBuild = '' + substituteInPlace cmd/verifpal/main.go --replace "go:generate goversioninfo" "(disabled goversioninfo)" + go generate verifpal.com/cmd/verifpal + ''; + + meta = { + homepage = "https://verifpal.com/"; + description = "Cryptographic protocol analysis for students and engineers"; + maintainers = with lib.maintainers; [ zimbatm ]; + license = with lib.licenses; [ gpl3 ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/volatility/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/volatility/default.nix new file mode 100644 index 000000000000..4f1e90eb9100 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/volatility/default.nix @@ -0,0 +1,24 @@ +{ stdenv, fetchFromGitHub, pythonPackages }: + +pythonPackages.buildPythonApplication rec { + pname = "volatility"; + version = "2.6.1"; + + src = fetchFromGitHub { + owner = "volatilityfoundation"; + repo = pname; + rev = version; + sha256 = "1v92allp3cv3akk71kljcwxr27h1k067dsq7j9h8jnlwk9jxh6rf"; + }; + + doCheck = false; + + propagatedBuildInputs = [ pythonPackages.pycrypto pythonPackages.distorm3 ]; + + meta = with stdenv.lib; { + homepage = "https://www.volatilityfoundation.org/"; + description = "Advanced memory forensics framework"; + maintainers = with maintainers; [ bosu ]; + license = stdenv.lib.licenses.gpl2Plus; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/vulnix/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/vulnix/default.nix new file mode 100644 index 000000000000..d4a3a0c621a1 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/vulnix/default.nix @@ -0,0 +1,57 @@ +{ stdenv +, python3Packages +, nix +, ronn +}: + +python3Packages.buildPythonApplication rec { + pname = "vulnix"; + version = "1.9.6"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "0anyxmqgn4kx102l3qjhh1f2b0cg7mnlapfhriyjw0zyy5gyqvng"; + }; + + outputs = [ "out" "doc" "man" ]; + nativeBuildInputs = [ ronn ]; + + checkInputs = with python3Packages; [ + freezegun + pytest + pytestcov + pytest-flake8 + ]; + + propagatedBuildInputs = [ + nix + ] ++ (with python3Packages; [ + click + colorama + pyyaml + requests + setuptools + toml + zodb + ]); + + postBuild = "make -C doc"; + + checkPhase = "py.test src/vulnix"; + + postInstall = '' + install -D -t $doc/share/doc/vulnix README.rst CHANGES.rst + gzip $doc/share/doc/vulnix/*.rst + install -D -t $man/share/man/man1 doc/vulnix.1 + install -D -t $man/share/man/man5 doc/vulnix-whitelist.5 + ''; + + dontStrip = true; + + meta = with stdenv.lib; { + description = "NixOS vulnerability scanner"; + homepage = "https://github.com/flyingcircusio/vulnix"; + license = licenses.bsd3; + maintainers = with maintainers; [ ckauhaus ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/wipe/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/wipe/default.nix new file mode 100644 index 000000000000..6b84803d2c46 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/wipe/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "wipe"; + version = "2.3.1"; + + src = fetchurl { + url = "mirror://sourceforge/wipe/${version}/${pname}-${version}.tar.bz2"; + sha256 = "180snqvh6k6il6prb19fncflf2jcvkihlb4w84sbndcv1wvicfa6"; + }; + + patches = [ ./fix-install.patch ]; + + meta = with stdenv.lib; { + description = "Secure file wiping utility"; + homepage = "http://wipe.sourceforge.net/"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = [ maintainers.abbradar ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/wipe/fix-install.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/wipe/fix-install.patch new file mode 100644 index 000000000000..2df3a1eec6a0 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/wipe/fix-install.patch @@ -0,0 +1,18 @@ +diff -ru3 wipe-2.3.1/Makefile.in wipe-2.3.1-new/Makefile.in +--- wipe-2.3.1/Makefile.in 2009-11-02 00:11:30.000000000 +0300 ++++ wipe-2.3.1-new/Makefile.in 2014-10-18 02:51:10.088966232 +0400 +@@ -60,12 +60,12 @@ + $(INSTALL_BIN) -d $(bindir) + $(INSTALL_BIN) -s $(BIN_OUT) $(bindir) + $(INSTALL) -d $(mandir)/man1 +- $(INSTALL) -o root -m 0644 wipe.1 $(mandir)/man1/ ++ $(INSTALL) -m 0644 wipe.1 $(mandir)/man1/ + rm -rf $(datadir)/doc/wipe* + $(INSTALL) -d $(datadir)/doc/wipe + + for file in $(DOCS); do \ +- $(INSTALL) -o root -m 0644 $$file $(datadir)/doc/wipe/; \ ++ $(INSTALL) -m 0644 $$file $(datadir)/doc/wipe/; \ + done + + install_home: $(BIN_OUT) diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/Gemfile b/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/Gemfile new file mode 100644 index 000000000000..5d76cd24f3ea --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/Gemfile @@ -0,0 +1,2 @@ +source 'https://rubygems.org' +gem 'wpscan' diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock b/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock new file mode 100644 index 000000000000..f3ece99b3656 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock @@ -0,0 +1,59 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (6.0.1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + zeitwerk (~> 2.2) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) + cms_scanner (0.7.1) + get_process_mem (~> 0.2.5) + nokogiri (~> 1.10.4) + opt_parse_validator (~> 1.8.1) + public_suffix (>= 3.0, < 4.1) + ruby-progressbar (~> 1.10.0) + sys-proctable (~> 1.2.2) + typhoeus (~> 1.3.0) + xmlrpc (~> 0.3) + yajl-ruby (~> 1.4.1) + concurrent-ruby (1.1.5) + ethon (0.12.0) + ffi (>= 1.3.0) + ffi (1.11.3) + get_process_mem (0.2.5) + ffi (~> 1.0) + i18n (1.7.0) + concurrent-ruby (~> 1.0) + mini_portile2 (2.4.0) + minitest (5.13.0) + nokogiri (1.10.7) + mini_portile2 (~> 2.4.0) + opt_parse_validator (1.8.1) + activesupport (> 4.2, < 6.1.0) + addressable (>= 2.5, < 2.8) + public_suffix (4.0.1) + ruby-progressbar (1.10.1) + sys-proctable (1.2.2) + ffi + thread_safe (0.3.6) + typhoeus (1.3.1) + ethon (>= 0.9.0) + tzinfo (1.2.5) + thread_safe (~> 0.1) + wpscan (3.7.5) + cms_scanner (~> 0.7.1) + xmlrpc (0.3.0) + yajl-ruby (1.4.1) + zeitwerk (2.2.2) + +PLATFORMS + ruby + +DEPENDENCIES + wpscan + +BUNDLED WITH + 2.1.4 diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/default.nix new file mode 100644 index 000000000000..e7a784c1a779 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/default.nix @@ -0,0 +1,21 @@ +{ bundlerApp, lib, makeWrapper, curl }: + +bundlerApp { + pname = "wpscan"; + gemdir = ./.; + exes = [ "wpscan" ]; + + buildInputs = [ makeWrapper ]; + postBuild = '' + wrapProgram "$out/bin/wpscan" \ + --prefix PATH : ${lib.makeBinPath [ curl ]} + ''; + + meta = with lib; { + description = "Black box WordPress vulnerability scanner"; + homepage = "https://wpscan.org/"; + license = licenses.unfreeRedistributable; + maintainers = with maintainers; [ nyanloutre manveru ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/gemset.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/gemset.nix new file mode 100644 index 000000000000..5c0691fda1bc --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/wpscan/gemset.nix @@ -0,0 +1,234 @@ +{ + activesupport = { + dependencies = ["concurrent-ruby" "i18n" "minitest" "tzinfo" "zeitwerk"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "190xv21yz03zz8nlfly557ir859jr5zkwi89naziy65hskdnkw1s"; + type = "gem"; + }; + version = "6.0.1"; + }; + addressable = { + dependencies = ["public_suffix"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1fvchp2rhp2rmigx7qglf69xvjqvzq7x0g49naliw29r2bz656sy"; + type = "gem"; + }; + version = "2.7.0"; + }; + cms_scanner = { + dependencies = ["get_process_mem" "nokogiri" "opt_parse_validator" "public_suffix" "ruby-progressbar" "sys-proctable" "typhoeus" "xmlrpc" "yajl-ruby"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14xmsigczibihlziisdgabsaz9lm2v31snlkc8kmza73pv8a61r4"; + type = "gem"; + }; + version = "0.7.1"; + }; + concurrent-ruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1x07r23s7836cpp5z9yrlbpljcxpax14yw4fy4bnp6crhr6x24an"; + type = "gem"; + }; + version = "1.1.5"; + }; + ethon = { + dependencies = ["ffi"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gggrgkcq839mamx7a8jbnp2h7x2ykfn34ixwskwb0lzx2ak17g9"; + type = "gem"; + }; + version = "0.12.0"; + }; + ffi = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "10ay35dm0lkcqprsiya6q2kwvyid884102ryipr4vrk790yfp8kd"; + type = "gem"; + }; + version = "1.11.3"; + }; + get_process_mem = { + dependencies = ["ffi"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1q7pivp9z9pdxc2ha32q7x9zgqy8m9jf87g6n5mvi5l6knxya8sh"; + type = "gem"; + }; + version = "0.2.5"; + }; + i18n = { + dependencies = ["concurrent-ruby"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0hmypvx9iyc0b4hski7aic2xzm09cg1c7q1qlpnk3k8s5acxzyhl"; + type = "gem"; + }; + version = "1.7.0"; + }; + mini_portile2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15zplpfw3knqifj9bpf604rb3wc1vhq6363pd6lvhayng8wql5vy"; + type = "gem"; + }; + version = "2.4.0"; + }; + minitest = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0w16p7cvslh3hxd3cia8jg4pd85z7rz7xqb16vh42gj4rijn8rmi"; + type = "gem"; + }; + version = "5.13.0"; + }; + nokogiri = { + dependencies = ["mini_portile2"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0r0qpgf80h764k176yr63gqbs2z0xbsp8vlvs2a79d5r9vs83kln"; + type = "gem"; + }; + version = "1.10.7"; + }; + opt_parse_validator = { + dependencies = ["activesupport" "addressable"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19rm44ww3zfb440kqpdprwb7y2d0gcm4znhv4kfs8dkhz8k1k5vy"; + type = "gem"; + }; + version = "1.8.1"; + }; + public_suffix = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xnfv2j2bqgdpg2yq9i2rxby0w2sc9h5iyjkpaas2xknwrgmhdb0"; + type = "gem"; + }; + version = "4.0.1"; + }; + ruby-progressbar = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1k77i0d4wsn23ggdd2msrcwfy0i376cglfqypkk2q77r2l3408zf"; + type = "gem"; + }; + version = "1.10.1"; + }; + sys-proctable = { + dependencies = ["ffi"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ndk34ipd4v96v5cbvj0kbkhnssi4nqrzd7sifyg3bavi1jrw3w8"; + type = "gem"; + }; + version = "1.2.2"; + }; + thread_safe = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nmhcgq6cgz44srylra07bmaw99f5271l0dpsvl5f75m44l0gmwy"; + type = "gem"; + }; + version = "0.3.6"; + }; + typhoeus = { + dependencies = ["ethon"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0cni8b1idcp0dk8kybmxydadhfpaj3lbs99w5kjibv8bsmip2zi5"; + type = "gem"; + }; + version = "1.3.1"; + }; + tzinfo = { + dependencies = ["thread_safe"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1fjx9j327xpkkdlxwmkl3a8wqj7i4l4jwlrv3z13mg95z9wl253z"; + type = "gem"; + }; + version = "1.2.5"; + }; + wpscan = { + dependencies = ["cms_scanner"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0vn6i48msxhj8g769vn2s3siv98cnqchblw69ldk1mr85lw4jci6"; + type = "gem"; + }; + version = "3.7.5"; + }; + xmlrpc = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1s744iwblw262gj357pky3d9fcx9hisvla7rnw29ysn5zsb6i683"; + type = "gem"; + }; + version = "0.3.0"; + }; + yajl-ruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16v0w5749qjp13xhjgr2gcsvjv6mf35br7iqwycix1n2h7kfcckf"; + type = "gem"; + }; + version = "1.4.1"; + }; + zeitwerk = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jywi63w1m2b2w9fj9rjb9n3imf6p5bfijfmml1xzdnsrdrjz0x1"; + type = "gem"; + }; + version = "2.2.2"; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/yara/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/yara/default.nix new file mode 100644 index 000000000000..8a1195350234 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/yara/default.nix @@ -0,0 +1,45 @@ +{ stdenv +, fetchFromGitHub +, autoreconfHook +, pcre +, pkg-config +, protobufc +, withCrypto ? true, openssl +, enableMagic ? true, file +, enableCuckoo ? true, jansson +}: + +stdenv.mkDerivation rec { + version = "4.0.1"; + pname = "yara"; + + src = fetchFromGitHub { + owner = "VirusTotal"; + repo = "yara"; + rev = "v${version}"; + sha256 = "0dy8jf0pdn0wilxy1pj6pqjxg7icxkwax09w54np87gl9p00f5rk"; + }; + + nativeBuildInputs = [ autoreconfHook pkg-config ]; + + buildInputs = [ pcre protobufc ] + ++ stdenv.lib.optionals withCrypto [ openssl ] + ++ stdenv.lib.optionals enableMagic [ file ] + ++ stdenv.lib.optionals enableCuckoo [ jansson ] + ; + + preConfigure = "./bootstrap.sh"; + + configureFlags = [ + (stdenv.lib.withFeature withCrypto "crypto") + (stdenv.lib.enableFeature enableMagic "magic") + (stdenv.lib.enableFeature enableCuckoo "cuckoo") + ]; + + meta = with stdenv.lib; { + description = "The pattern matching swiss knife for malware researchers"; + homepage = "http://Virustotal.github.io/yara/"; + license = licenses.asl20; + platforms = platforms.all; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix new file mode 100644 index 000000000000..5860fb3a03e4 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix @@ -0,0 +1,56 @@ +{ stdenv, lib, fetchFromGitHub, buildGoModule, libnotify, makeWrapper, pcsclite, pinentry_mac, pkgconfig, darwin }: + +buildGoModule rec { + pname = "yubikey-agent"; + version = "0.1.3"; + + src = fetchFromGitHub { + owner = "FiloSottile"; + repo = pname; + rev = "v${version}"; + sha256 = "07gix5wrakn4z846zhvl66lzwx58djrfnn6m8v7vc69l9jr3kihr"; + }; + + buildInputs = + lib.optional stdenv.isLinux (lib.getDev pcsclite) + ++ lib.optional stdenv.isDarwin (darwin.apple_sdk.frameworks.PCSC); + + nativeBuildInputs = [ makeWrapper pkgconfig ]; + + # pull in go-piv/piv-go#75 + # once go-piv/piv-go#75 is merged and released, we should + # use the released version (and push upstream to do the same) + patches = [ ./use-piv-go-75.patch ]; + postPatch = lib.optionalString stdenv.isLinux '' + substituteInPlace main.go --replace 'notify-send' ${libnotify}/bin/notify-send + ''; + + vendorSha256 = "128mlsagj3im6h0p0ndhzk29ya47g19im9dldx3nmddf2jlccj2h"; + + doCheck = false; + + subPackages = [ "." ]; + + # On macOS, there isn't a choice of pinentry program, so let's + # ensure the nixpkgs-provided one is available + postInstall = lib.optionalString stdenv.isDarwin '' + wrapProgram $out/bin/yubikey-agent --suffix PATH : $(dirname ${pinentry_mac}/${pinentry_mac.binaryPath}) + '' + # Note: in the next release, upstream provides + # contrib/systemd/user/yubikey-agent.service, which we should use + # instead + # See https://github.com/FiloSottile/yubikey-agent/pull/43 + + lib.optionalString stdenv.isLinux '' + mkdir -p $out/lib/systemd/user + substitute ${./yubikey-agent.service} $out/lib/systemd/user/yubikey-agent.service \ + --replace 'ExecStart=yubikey-agent' "ExecStart=$out/bin/yubikey-agent" + ''; + + meta = with lib; { + description = "A seamless ssh-agent for YubiKeys"; + license = licenses.bsd3; + homepage = "https://filippo.io/yubikey-agent"; + maintainers = with lib.maintainers; [ philandstuff rawkode ]; + platforms = platforms.darwin ++ platforms.linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/yubikey-agent/use-piv-go-75.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/yubikey-agent/use-piv-go-75.patch new file mode 100644 index 000000000000..73967d817d96 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/yubikey-agent/use-piv-go-75.patch @@ -0,0 +1,22 @@ +From 547695fff9cbfc4037168cdeb07cfe16bd89b6db Mon Sep 17 00:00:00 2001 +From: Philip Potter <philip.g.potter@gmail.com> +Date: Sat, 25 Jul 2020 21:59:50 +0100 +Subject: [PATCH] Pull in piv-go#75 + +--- + go.mod | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/go.mod b/go.mod +index d4d13c8..f75be2d 100644 +--- a/go.mod ++++ b/go.mod +@@ -7,3 +7,5 @@ require ( + github.com/gopasspw/gopass v1.9.1 + golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79 + ) ++ ++replace github.com/go-piv/piv-go => github.com/rawkode/piv-go v1.5.1-0.20200725154545-1c3200c75a28 +-- +2.27.0 + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service b/infra/libkookie/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service new file mode 100644 index 000000000000..7a91f902544e --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service @@ -0,0 +1,35 @@ +[Unit] +Description=Seamless ssh-agent for YubiKeys +Documentation=https://filippo.io/yubikey-agent + +[Service] +ExecStart=yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock +ExecReload=/bin/kill -HUP $MAINPID +ProtectSystem=strict +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +ProtectClock=yes +ProtectHostname=yes +PrivateTmp=yes +PrivateDevices=yes +PrivateUsers=yes +IPAddressDeny=any +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +LockPersonality=yes +CapabilityBoundingSet= +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +NoNewPrivileges=yes +KeyringMode=private +UMask=0177 +RuntimeDirectory=yubikey-agent + +[Install] +WantedBy=default.target diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/zmap/cmake-json-0.14-fix.patch b/infra/libkookie/nixpkgs/pkgs/tools/security/zmap/cmake-json-0.14-fix.patch new file mode 100644 index 000000000000..1c132948af6a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/zmap/cmake-json-0.14-fix.patch @@ -0,0 +1,13 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 8bd825f..694d9b2 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -72,6 +72,8 @@ if(WITH_JSON) + endif() + + add_definitions("-DJSON") ++ # JSON_CFLAGS is a list, i.e. semicolon-separated, convert it to space-separated ++ string(REPLACE ";" " " JSON_CFLAGS "${JSON_CFLAGS}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${JSON_CFLAGS}") + endif() + diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/zmap/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/zmap/default.nix new file mode 100644 index 000000000000..e2350b67c7d7 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/zmap/default.nix @@ -0,0 +1,37 @@ +{ stdenv, fetchFromGitHub, cmake, pkgconfig, libjson, json_c, gengetopt, flex, byacc, gmp +, libpcap +}: + +stdenv.mkDerivation rec { + pname = "zmap"; + version = "2.1.1"; + + src = fetchFromGitHub { + owner = "zmap"; + repo = pname; + rev = "v${version}"; + sha256 = "0yaahaiawkjk020hvsb8pndbrk8k10wxkfba1irp12a4sj6rywcs"; + }; + + patches = [ + # fix build with json-c 0.14 https://github.com/zmap/zmap/pull/609 + ./cmake-json-0.14-fix.patch + ]; + + cmakeFlags = [ "-DRESPECT_INSTALL_PREFIX_CONFIG=ON" ]; + dontUseCmakeBuildDir = true; + + nativeBuildInputs = [ cmake pkgconfig gengetopt flex byacc ]; + buildInputs = [ libjson json_c gmp libpcap ]; + + outputs = [ "out" "man" ]; + + meta = with stdenv.lib; { + homepage = "https://zmap.io/"; + license = licenses.asl20; + description = "Fast single packet network scanner designed for Internet-wide network surveys"; + maintainers = with maintainers; [ ma27 ]; + platforms = platforms.unix; + broken = stdenv.isDarwin; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/tools/security/zzuf/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/security/zzuf/default.nix new file mode 100644 index 000000000000..428f1ec1d09c --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/security/zzuf/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, pkgconfig }: + +stdenv.mkDerivation rec { + pname = "zzuf"; + version = "0.15"; + + src = fetchFromGitHub { + owner = "samhocevar"; + repo = "zzuf"; + rev = "v${version}"; + sha256 = "0li1s11xf32dafxq1jbnc8c63313hy9ry09dja2rymk9mza4x2n9"; + }; + + buildInputs = [ autoconf automake libtool pkgconfig ]; + + preConfigure = "./bootstrap"; + + meta = with stdenv.lib; { + description = "Transparent application input fuzzer"; + homepage = "http://caca.zoy.org/wiki/zzuf"; + license = licenses.wtfpl; + platforms = platforms.linux; + maintainers = with maintainers; [ lihop ]; + }; +} |