diff options
author | Robin Gloster <mail@glob.in> | 2019-08-25 18:55:46 +0200 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2019-08-25 18:55:46 +0200 |
commit | 616b8343c4c384f651f51d8c9b8e96239e1113d0 (patch) | |
tree | c6894ea5e950e373bcf8c8e8948fb2a7d4716565 /pkgs/tools/security | |
parent | 45d6ccea3357c65135b985f2eebf88020ca6461e (diff) | |
parent | 48191315aa2e34643203dbfc5ae8bd84c1cafe54 (diff) |
Merge remote-tracking branch 'upstream/master' into gcc-8
Diffstat (limited to 'pkgs/tools/security')
63 files changed, 850 insertions, 253 deletions
diff --git a/pkgs/tools/security/bitwarden-cli/node-packages-generated.nix b/pkgs/tools/security/bitwarden-cli/node-packages-generated.nix index e258571a620..2afff040354 100644 --- a/pkgs/tools/security/bitwarden-cli/node-packages-generated.nix +++ b/pkgs/tools/security/bitwarden-cli/node-packages-generated.nix @@ -1,4 +1,4 @@ -# This file has been generated by node2nix 1.6.0. Do not edit! +# This file has been generated by node2nix 1.7.0. Do not edit! {nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}: @@ -13,40 +13,40 @@ let sha512 = "sY5AXXVZv4Y1VACTtR11UJCPHHudgY5i26Qj5TypE6DKlIApbwb5uqhXcJ5UUGbvZNRh7EeIoW+LrJumBsKp7w=="; }; }; - "acorn-6.1.1" = { + "acorn-6.2.1" = { name = "acorn"; packageName = "acorn"; - version = "6.1.1"; + version = "6.2.1"; src = fetchurl { - url = "https://registry.npmjs.org/acorn/-/acorn-6.1.1.tgz"; - sha512 = "jPTiwtOxaHNaAPg/dmrJ/beuzLRnXtB0kQPQ8JpotKJgTB6rX6c8mlf315941pyjBSaPg8NHXS9fhP4u17DpGA=="; + url = "https://registry.npmjs.org/acorn/-/acorn-6.2.1.tgz"; + sha512 = "JD0xT5FCRDNyjDda3Lrg/IxFscp9q4tiYtxE1/nOzlKCk7hIRuYjhq1kCNkbPjMRMZuFq20HNQn1I9k8Oj0E+Q=="; }; }; - "acorn-globals-4.3.0" = { + "acorn-globals-4.3.2" = { name = "acorn-globals"; packageName = "acorn-globals"; - version = "4.3.0"; + version = "4.3.2"; src = fetchurl { - url = "https://registry.npmjs.org/acorn-globals/-/acorn-globals-4.3.0.tgz"; - sha512 = "hMtHj3s5RnuhvHPowpBYvJVj3rAar82JiDQHvGs1zO0l10ocX/xEdBShNHTJaboucJUsScghp74pH3s7EnHHQw=="; + url = "https://registry.npmjs.org/acorn-globals/-/acorn-globals-4.3.2.tgz"; + sha512 = "BbzvZhVtZP+Bs1J1HcwrQe8ycfO0wStkSGxuul3He3GkHOIZ6eTqOkPuw9IP1X3+IkOo4wiJmwkobzXYz4wewQ=="; }; }; - "acorn-walk-6.1.1" = { + "acorn-walk-6.2.0" = { name = "acorn-walk"; packageName = "acorn-walk"; - version = "6.1.1"; + version = "6.2.0"; src = fetchurl { - url = "https://registry.npmjs.org/acorn-walk/-/acorn-walk-6.1.1.tgz"; - sha512 = "OtUw6JUTgxA2QoqqmrmQ7F2NYqiBPi/L2jqHyFtllhOUvXYQXf0Z1CYUinIfyT4bTCGmrA7gX9FvHA81uzCoVw=="; + url = "https://registry.npmjs.org/acorn-walk/-/acorn-walk-6.2.0.tgz"; + sha512 = "7evsyfH1cLOCdAzZAd43Cic04yKydNx0cF+7tiA19p1XnLLPU4dpCQOqpjqwokFe//vS0QqfqqjCS2JkiIs0cA=="; }; }; - "ajv-6.10.0" = { + "ajv-6.10.2" = { name = "ajv"; packageName = "ajv"; - version = "6.10.0"; + version = "6.10.2"; src = fetchurl { - url = "https://registry.npmjs.org/ajv/-/ajv-6.10.0.tgz"; - sha512 = "nffhOpkymDECQyR0mnsUtoCE8RlX38G0rYP+wgLWFyZuUyuuojSSvi/+euOiQBIn63whYwYVIIH1TvE3tu4OEg=="; + url = "https://registry.npmjs.org/ajv/-/ajv-6.10.2.tgz"; + sha512 = "TXtUUEYHuaTEbLZWIKUr5pmBuhDLy+8KYtPYdcV8qC+pOZL+NKqYwvWSRrVXHn+ZmRRAu8vJTAznH7Oag6RVRw=="; }; }; "ansi-escapes-3.2.0" = { @@ -256,22 +256,22 @@ let sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7"; }; }; - "cssom-0.3.6" = { + "cssom-0.3.8" = { name = "cssom"; packageName = "cssom"; - version = "0.3.6"; + version = "0.3.8"; src = fetchurl { - url = "https://registry.npmjs.org/cssom/-/cssom-0.3.6.tgz"; - sha512 = "DtUeseGk9/GBW0hl0vVPpU22iHL6YB5BUX7ml1hB+GMpo0NX5G4voX3kdWiMSEguFtcW3Vh3djqNF4aIe6ne0A=="; + url = "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz"; + sha512 = "b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg=="; }; }; - "cssstyle-1.2.2" = { + "cssstyle-1.4.0" = { name = "cssstyle"; packageName = "cssstyle"; - version = "1.2.2"; + version = "1.4.0"; src = fetchurl { - url = "https://registry.npmjs.org/cssstyle/-/cssstyle-1.2.2.tgz"; - sha512 = "43wY3kl1CVQSvL7wUY1qXkxVGkStjpkDmVjiIKX8R97uhajy8Bybay78uOtqvh7Q5GK75dNPfW0geWjE6qQQow=="; + url = "https://registry.npmjs.org/cssstyle/-/cssstyle-1.4.0.tgz"; + sha512 = "GBrLZYZ4X4x6/QEoBnIrqb8B/f5l4+8me2dkom/j1Gtbxy0kBv6OGzKuAsGM75bkGwGAFkt56Iwg28S3XTZgSA=="; }; }; "dashdash-1.14.1" = { @@ -364,13 +364,13 @@ let sha1 = "0dee3fed31fcd469618ce7342099fc1afa0bdb13"; }; }; - "esutils-2.0.2" = { + "esutils-2.0.3" = { name = "esutils"; packageName = "esutils"; - version = "2.0.2"; + version = "2.0.3"; src = fetchurl { - url = "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz"; - sha1 = "0abf4f1caa5bcb1f7a9d8acc6dea4faaa04bac9b"; + url = "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz"; + sha512 = "kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g=="; }; }; "extend-3.0.2" = { @@ -382,13 +382,13 @@ let sha512 = "fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="; }; }; - "external-editor-3.0.3" = { + "external-editor-3.1.0" = { name = "external-editor"; packageName = "external-editor"; - version = "3.0.3"; + version = "3.1.0"; src = fetchurl { - url = "https://registry.npmjs.org/external-editor/-/external-editor-3.0.3.tgz"; - sha512 = "bn71H9+qWoOQKyZDo25mOMVpSmXROAsTJVVVYzrrtol3d4y+AsKjf4Iwl2Q+IuT0kFSQ1qo166UuIwqYq7mGnA=="; + url = "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz"; + sha512 = "hMQ4CX1p1izmuLYyZqLMO/qGNw10wSv9QDCPfzXfyFrOaCSSoRfqE1Kf1s5an66J5JZC62NewG+mK49jOCtQew=="; }; }; "extsprintf-1.3.0" = { @@ -463,13 +463,13 @@ let sha1 = "5eff8e3e684d569ae4cb2b1282604e8ba62149fa"; }; }; - "graceful-fs-4.1.15" = { + "graceful-fs-4.2.0" = { name = "graceful-fs"; packageName = "graceful-fs"; - version = "4.1.15"; + version = "4.2.0"; src = fetchurl { - url = "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.15.tgz"; - sha512 = "6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA=="; + url = "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.0.tgz"; + sha512 = "jpSvDPV4Cq/bgtpndIWbI5hmYxhQGHPC4d4cqBPb4DLniCfhJokdXhwhaDuLBGLQdvvRum/UiX6ECVIPvDXqdg=="; }; }; "har-schema-2.0.0" = { @@ -634,13 +634,13 @@ let sha1 = "3b09924edf9f083c0490fdd4c0bc4421e04764ee"; }; }; - "lodash-4.17.11" = { + "lodash-4.17.15" = { name = "lodash"; packageName = "lodash"; - version = "4.17.11"; + version = "4.17.15"; src = fetchurl { - url = "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz"; - sha512 = "cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg=="; + url = "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz"; + sha512 = "8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A=="; }; }; "lodash.sortby-4.7.0" = { @@ -670,22 +670,22 @@ let sha512 = "rlAEsgU9Bnavca2w1WJ6+6cdeHMXNyadcersyk3ZpuhgWb5HBNj8l4WwJz9PjksAhYDlpQffCVXPctOn+wCIVA=="; }; }; - "mime-db-1.38.0" = { + "mime-db-1.40.0" = { name = "mime-db"; packageName = "mime-db"; - version = "1.38.0"; + version = "1.40.0"; src = fetchurl { - url = "https://registry.npmjs.org/mime-db/-/mime-db-1.38.0.tgz"; - sha512 = "bqVioMFFzc2awcdJZIzR3HjZFX20QhilVS7hytkKrv7xFAn8bM1gzc/FOX2awLISvWe0PV8ptFKcon+wZ5qYkg=="; + url = "https://registry.npmjs.org/mime-db/-/mime-db-1.40.0.tgz"; + sha512 = "jYdeOMPy9vnxEqFRRo6ZvTZ8d9oPb+k18PKoYNYUe2stVEBPPwsln/qWzdbmaIvnhZ9v2P+CuecK+fpUfsV2mA=="; }; }; - "mime-types-2.1.22" = { + "mime-types-2.1.24" = { name = "mime-types"; packageName = "mime-types"; - version = "2.1.22"; + version = "2.1.24"; src = fetchurl { - url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.22.tgz"; - sha512 = "aGl6TZGnhm/li6F7yx82bJiBZwgiEa4Hf6CNr8YO+r5UHr53tSTYZb102zyU50DOWWKeOv0uQLRL0/9EiKWCog=="; + url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.24.tgz"; + sha512 = "WaFHS3MCl5fapm3oLxU4eYDw77IQM2ACcxQ9RIxfaC3ooc6PFuBMGZZsYpvoXS5D5QTWPieo1jjLdAm3TBP3cQ=="; }; }; "mimic-fn-1.2.0" = { @@ -724,13 +724,13 @@ let sha512 = "sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw=="; }; }; - "nwsapi-2.1.3" = { + "nwsapi-2.1.4" = { name = "nwsapi"; packageName = "nwsapi"; - version = "2.1.3"; + version = "2.1.4"; src = fetchurl { - url = "https://registry.npmjs.org/nwsapi/-/nwsapi-2.1.3.tgz"; - sha512 = "RowAaJGEgYXEZfQ7tvvdtAQUKPyTR6T6wNu0fwlNsGQYr/h3yQc6oI8WnVZh3Y/Sylwc+dtAlvPqfFZjhTyk3A=="; + url = "https://registry.npmjs.org/nwsapi/-/nwsapi-2.1.4.tgz"; + sha512 = "iGfd9Y6SFdTNldEy2L0GUhcarIutFmk+MPWIn9dmj8NMIup03G08uUF2KGbbmv/Ux4RT0VZJoP/sVbWA6d/VIw=="; }; }; "oauth-sign-0.9.0" = { @@ -823,13 +823,13 @@ let sha1 = "21932a549f5e52ffd9a827f570e04be62a97da54"; }; }; - "psl-1.1.31" = { + "psl-1.3.0" = { name = "psl"; packageName = "psl"; - version = "1.1.31"; + version = "1.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/psl/-/psl-1.1.31.tgz"; - sha512 = "/6pt4+C+T+wZUieKR620OpzN/LlnNKuWjy1iFLQ/UG35JqHlR/89MP1d96dUfkf6Dne3TuLQzOYEYshJ+Hx8mw=="; + url = "https://registry.npmjs.org/psl/-/psl-1.3.0.tgz"; + sha512 = "avHdspHO+9rQTLbv1RO+MPYeP/SzsCoxofjVnHanETfQhTJrmB0HlDoW+EiN/R+C0BZ+gERab9NY0lPN2TxNag=="; }; }; "punycode-1.4.1" = { @@ -904,22 +904,22 @@ let sha1 = "0371ab4ae0bdd720d4166d7dfda64ff7a445a6c0"; }; }; - "rxjs-6.4.0" = { + "rxjs-6.5.2" = { name = "rxjs"; packageName = "rxjs"; - version = "6.4.0"; + version = "6.5.2"; src = fetchurl { - url = "https://registry.npmjs.org/rxjs/-/rxjs-6.4.0.tgz"; - sha512 = "Z9Yfa11F6B9Sg/BK9MnqnQ+aQYicPLtilXBp2yUtDt2JRCE0h26d33EnfO3ZxoNxG0T92OUucP3Ct7cpfkdFfw=="; + url = "https://registry.npmjs.org/rxjs/-/rxjs-6.5.2.tgz"; + sha512 = "HUb7j3kvb7p7eCUHE3FqjoDsC1xfZQ4AHFWfTKSpZ+sAhhz5X1WX0ZuUqWbzB2QhSLp3DoLUG+hMdEDKqWo2Zg=="; }; }; - "safe-buffer-5.1.2" = { + "safe-buffer-5.2.0" = { name = "safe-buffer"; packageName = "safe-buffer"; - version = "5.1.2"; + version = "5.2.0"; src = fetchurl { - url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz"; - sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="; + url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz"; + sha512 = "fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg=="; }; }; "safer-buffer-2.1.2" = { @@ -931,13 +931,13 @@ let sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="; }; }; - "saxes-3.1.9" = { + "saxes-3.1.11" = { name = "saxes"; packageName = "saxes"; - version = "3.1.9"; + version = "3.1.11"; src = fetchurl { - url = "https://registry.npmjs.org/saxes/-/saxes-3.1.9.tgz"; - sha512 = "FZeKhJglhJHk7eWG5YM0z46VHmI3KJpMBAQm3xa9meDvd+wevB5GuBB0wc0exPInZiBBHqi00DbS8AcvCGCFMw=="; + url = "https://registry.npmjs.org/saxes/-/saxes-3.1.11.tgz"; + sha512 = "Ydydq3zC+WYDJK1+gRxRapLIED9PWeSuuS41wqyoRmzvhhh9nc+QQrVMKJYzJFULazeGhzSV0QleN2wD3boh2g=="; }; }; "signal-exit-3.0.2" = { @@ -1012,13 +1012,13 @@ let sha512 = "QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow=="; }; }; - "symbol-tree-3.2.2" = { + "symbol-tree-3.2.4" = { name = "symbol-tree"; packageName = "symbol-tree"; - version = "3.2.2"; + version = "3.2.4"; src = fetchurl { - url = "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.2.tgz"; - sha1 = "ae27db38f660a7ae2e1c3b7d1bc290819b8519e6"; + url = "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz"; + sha512 = "9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw=="; }; }; "through-2.3.8" = { @@ -1075,13 +1075,13 @@ let sha1 = "a8b13fd6bfd2489519674ccde55ba3693b706d09"; }; }; - "tslib-1.9.3" = { + "tslib-1.10.0" = { name = "tslib"; packageName = "tslib"; - version = "1.9.3"; + version = "1.10.0"; src = fetchurl { - url = "https://registry.npmjs.org/tslib/-/tslib-1.9.3.tgz"; - sha512 = "4krF8scpejhaOgqzBEcGM7yDIEfi0/8+8zDRZhNZZ2kjmHJ4hv3zCbQWxoJGz1iw5U0Jl0nma13xzHXcncMavQ=="; + url = "https://registry.npmjs.org/tslib/-/tslib-1.10.0.tgz"; + sha512 = "qOebF53frne81cf0S9B41ByenJ3/IuH8yJKngAX35CmiZySA0khhkovshKK+jGCaMnVomla7gVlIcc3EvKPbTQ=="; }; }; "tunnel-agent-0.6.0" = { @@ -1219,13 +1219,13 @@ let sha512 = "A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw=="; }; }; - "xmlchars-1.3.1" = { + "xmlchars-2.1.1" = { name = "xmlchars"; packageName = "xmlchars"; - version = "1.3.1"; + version = "2.1.1"; src = fetchurl { - url = "https://registry.npmjs.org/xmlchars/-/xmlchars-1.3.1.tgz"; - sha512 = "tGkGJkN8XqCod7OT+EvGYK5Z4SfDQGD30zAa58OcnAa0RRWgzUEK72tkXhsX1FZd+rgnhRxFtmO+ihkp8LHSkw=="; + url = "https://registry.npmjs.org/xmlchars/-/xmlchars-2.1.1.tgz"; + sha512 = "7hew1RPJ1iIuje/Y01bGD/mXokXxegAgVS+e+E0wSi2ILHQkYAH1+JXARwTjZSM4Z4Z+c73aKspEcqj+zPPL/w=="; }; }; "zxcvbn-4.4.2" = { @@ -1250,10 +1250,10 @@ in }; dependencies = [ sources."abab-2.0.0" - sources."acorn-6.1.1" - sources."acorn-globals-4.3.0" - sources."acorn-walk-6.1.1" - sources."ajv-6.10.0" + sources."acorn-6.2.1" + sources."acorn-globals-4.3.2" + sources."acorn-walk-6.2.0" + sources."ajv-6.10.2" sources."ansi-escapes-3.2.0" sources."ansi-regex-3.0.0" sources."ansi-styles-3.2.1" @@ -1277,8 +1277,8 @@ in sources."combined-stream-1.0.6" sources."commander-2.18.0" sources."core-util-is-1.0.2" - sources."cssom-0.3.6" - sources."cssstyle-1.2.2" + sources."cssom-0.3.8" + sources."cssstyle-1.4.0" sources."dashdash-1.14.1" sources."data-urls-1.1.0" sources."deep-is-0.1.3" @@ -1289,9 +1289,9 @@ in sources."escodegen-1.11.1" sources."esprima-3.1.3" sources."estraverse-4.2.0" - sources."esutils-2.0.2" + sources."esutils-2.0.3" sources."extend-3.0.2" - sources."external-editor-3.0.3" + sources."external-editor-3.1.0" sources."extsprintf-1.3.0" sources."fast-deep-equal-2.0.1" sources."fast-json-stable-stringify-2.0.0" @@ -1300,7 +1300,7 @@ in sources."forever-agent-0.6.1" sources."form-data-2.3.2" sources."getpass-0.1.7" - sources."graceful-fs-4.1.15" + sources."graceful-fs-4.2.0" sources."har-schema-2.0.0" sources."har-validator-5.1.3" sources."has-flag-3.0.0" @@ -1319,17 +1319,17 @@ in sources."json-stringify-safe-5.0.1" sources."jsprim-1.4.1" sources."levn-0.3.0" - sources."lodash-4.17.11" + sources."lodash-4.17.15" sources."lodash.sortby-4.7.0" sources."lowdb-1.0.0" sources."lunr-2.3.3" - sources."mime-db-1.38.0" - sources."mime-types-2.1.22" + sources."mime-db-1.40.0" + sources."mime-types-2.1.24" sources."mimic-fn-1.2.0" sources."mute-stream-0.0.7" sources."node-fetch-2.2.0" sources."node-forge-0.7.6" - sources."nwsapi-2.1.3" + sources."nwsapi-2.1.4" sources."oauth-sign-0.9.0" sources."onetime-2.0.1" sources."optionator-0.8.2" @@ -1340,7 +1340,7 @@ in sources."pify-3.0.0" sources."pn-1.1.0" sources."prelude-ls-1.1.2" - sources."psl-1.1.31" + sources."psl-1.3.0" sources."punycode-2.1.1" sources."qs-6.5.2" (sources."request-2.88.0" // { @@ -1353,10 +1353,10 @@ in sources."request-promise-native-1.0.7" sources."restore-cursor-2.0.0" sources."run-async-2.3.0" - sources."rxjs-6.4.0" - sources."safe-buffer-5.1.2" + sources."rxjs-6.5.2" + sources."safe-buffer-5.2.0" sources."safer-buffer-2.1.2" - sources."saxes-3.1.9" + sources."saxes-3.1.11" sources."signal-exit-3.0.2" sources."source-map-0.6.1" sources."sshpk-1.16.1" @@ -1365,7 +1365,7 @@ in sources."string-width-2.1.1" sources."strip-ansi-4.0.0" sources."supports-color-5.5.0" - sources."symbol-tree-3.2.2" + sources."symbol-tree-3.2.4" sources."through-2.3.8" (sources."tldjs-2.3.1" // { dependencies = [ @@ -1375,7 +1375,7 @@ in sources."tmp-0.0.33" sources."tough-cookie-2.5.0" sources."tr46-1.0.1" - sources."tslib-1.9.3" + sources."tslib-1.10.0" sources."tunnel-agent-0.6.0" sources."tweetnacl-0.14.5" sources."type-check-0.3.2" @@ -1391,7 +1391,7 @@ in sources."wordwrap-1.0.0" sources."ws-6.2.1" sources."xml-name-validator-3.0.0" - sources."xmlchars-1.3.1" + sources."xmlchars-2.1.1" sources."zxcvbn-4.4.2" ]; buildInputs = globalBuildInputs; @@ -1402,5 +1402,6 @@ in }; production = true; bypassCache = true; + reconstructLock = true; }; }
\ No newline at end of file diff --git a/pkgs/tools/security/bitwarden-cli/node-packages.nix b/pkgs/tools/security/bitwarden-cli/node-packages.nix index 6fb6421eb2d..41e23864c44 100644 --- a/pkgs/tools/security/bitwarden-cli/node-packages.nix +++ b/pkgs/tools/security/bitwarden-cli/node-packages.nix @@ -1,8 +1,8 @@ -# This file has been generated by node2nix 1.6.0. Do not edit! +# This file has been generated by node2nix 1.7.0. Do not edit! {pkgs ? import <nixpkgs> { inherit system; - }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-8_x"}: + }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-10_x"}: let nodeEnv = import ../../../development/node-packages/node-env.nix { diff --git a/pkgs/tools/security/bitwarden/default.nix b/pkgs/tools/security/bitwarden/default.nix new file mode 100644 index 00000000000..e6874d085d2 --- /dev/null +++ b/pkgs/tools/security/bitwarden/default.nix @@ -0,0 +1,87 @@ +{ atomEnv +, autoPatchelfHook +, dpkg +, fetchurl +, libsecret +, makeDesktopItem +, makeWrapper +, stdenv +, udev +, wrapGAppsHook +}: + +let + inherit (stdenv.hostPlatform) system; + + pname = "bitwarden"; + + version = { + "x86_64-linux" = "1.15.2"; + }.${system} or ""; + + sha256 = { + "x86_64-linux" = "0yz4hkqqwq2zrdjfxk5kybhs90n80k6bkn0625m47b09lwl2di4f"; + }.${system} or ""; + + meta = with stdenv.lib; { + description = "A secure and free password manager for all of your devices"; + homepage = "https://bitwarden.com"; + license = licenses.gpl3; + maintainers = with maintainers; [ kiwi ]; + platforms = [ "x86_64-linux" ]; + }; + + linux = stdenv.mkDerivation rec { + inherit pname version meta; + + src = fetchurl { + url = "https://github.com/bitwarden/desktop/releases/download/" + + "v${version}/Bitwarden-${version}-amd64.deb"; + inherit sha256; + }; + + desktopItem = makeDesktopItem { + name = "bitwarden"; + exec = "bitwarden %U"; + icon = "bitwarden"; + comment = "A secure and free password manager for all of your devices"; + desktopName = "Bitwarden"; + categories = "Utility"; + }; + + dontBuild = true; + dontConfigure = true; + dontPatchElf = true; + dontWrapGApps = true; + + buildInputs = [ libsecret ] ++ atomEnv.packages; + + nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook wrapGAppsHook ]; + + unpackPhase = "dpkg-deb -x $src ."; + + installPhase = '' + mkdir -p "$out/bin" + cp -R "opt" "$out" + cp -R "usr/share" "$out/share" + chmod -R g-w "$out" + + # Desktop file + mkdir -p "$out/share/applications" + cp "${desktopItem}/share/applications/"* "$out/share/applications" + ''; + + runtimeDependencies = [ + udev.lib + ]; + + postFixup = '' + makeWrapper $out/opt/Bitwarden/bitwarden $out/bin/bitwarden \ + --prefix LD_LIBRARY_PATH : "${stdenv.lib.makeLibraryPath [ libsecret stdenv.cc.cc ] }" \ + "''${gappsWrapperArgs[@]}" + ''; + }; + +in if stdenv.isDarwin +then throw "Bitwarden has not been packaged for macOS yet" +else linux diff --git a/pkgs/tools/security/bitwarden_rs/cargo-lock-lettre.patch b/pkgs/tools/security/bitwarden_rs/cargo-lock-lettre.patch new file mode 100644 index 00000000000..d9f491ca290 --- /dev/null +++ b/pkgs/tools/security/bitwarden_rs/cargo-lock-lettre.patch @@ -0,0 +1,58 @@ +diff --git a/Cargo.lock b/Cargo.lock +index 2e0b695..6d23410 100644 +--- a/Cargo.lock ++++ b/Cargo.lock +@@ -114,8 +114,8 @@ dependencies = [ + "handlebars 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)", + "jsonwebtoken 6.0.1 (registry+https://github.com/rust-lang/crates.io-index)", + "lazy_static 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)", +- "lettre 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)", +- "lettre_email 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "lettre 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)", ++ "lettre_email 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)", + "libsqlite3-sys 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)", + "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)", + "multipart 0.16.1 (registry+https://github.com/rust-lang/crates.io-index)", +@@ -1007,13 +1007,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" + + [[package]] + name = "lettre" +-version = "0.9.1" ++version = "0.9.2" + source = "registry+https://github.com/rust-lang/crates.io-index" + dependencies = [ + "base64 0.10.1 (registry+https://github.com/rust-lang/crates.io-index)", + "bufstream 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)", +- "failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", +- "failure_derive 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", + "fast_chemail 0.9.6 (registry+https://github.com/rust-lang/crates.io-index)", + "hostname 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", + "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)", +@@ -1026,14 +1024,12 @@ dependencies = [ + + [[package]] + name = "lettre_email" +-version = "0.9.1" ++version = "0.9.2" + source = "registry+https://github.com/rust-lang/crates.io-index" + dependencies = [ + "base64 0.10.1 (registry+https://github.com/rust-lang/crates.io-index)", + "email 0.0.20 (registry+https://github.com/rust-lang/crates.io-index)", +- "failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", +- "failure_derive 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", +- "lettre 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "lettre 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)", + "mime 0.3.13 (registry+https://github.com/rust-lang/crates.io-index)", + "time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)", + "uuid 0.7.4 (registry+https://github.com/rust-lang/crates.io-index)", +@@ -2858,8 +2854,8 @@ dependencies = [ + "checksum language-tags 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a91d884b6667cd606bb5a69aa0c99ba811a115fc68915e7056ec08a46e93199a" + "checksum lazy_static 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bc5729f27f159ddd61f4df6228e827e86643d4d3e7c32183cb30a1c08f604a14" + "checksum lazycell 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b294d6fa9ee409a054354afc4352b0b9ef7ca222c69b8812cbea9e7d2bf3783f" +-"checksum lettre 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "646aee0a55545eaffdf0df1ac19b500b51adb3095ec4dfdc704134e56ea23531" +-"checksum lettre_email 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "ae1b3d43e4bb7beb9974a359cbb3ea4f93dfba6c1c0c6e9c9f82e538e0f9ab9f" ++"checksum lettre 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)" = "c66afaa5dfadbb81d4e00fd1d1ab057c7cd4c799c5a44e0009386d553587e728" ++"checksum lettre_email 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bbb68ca999042d965476e47bbdbacd52db0927348b6f8062c44dd04a3b1fd43b" + "checksum libc 0.2.55 (registry+https://github.com/rust-lang/crates.io-index)" = "42914d39aad277d9e176efbdad68acb1d5443ab65afe0e0e4f0d49352a950880" + "checksum libsqlite3-sys 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fd6457c70bbff456d9fe49deaba35ec47c3e598bf8d7950ff0575ceb7a8a6ad1" + "checksum lock_api 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "62ebf1391f6acad60e5c8b43706dde4582df75c06698ab44511d15016bc2442c" diff --git a/pkgs/tools/security/bitwarden_rs/default.nix b/pkgs/tools/security/bitwarden_rs/default.nix index d22a2773fd9..f04996f1b43 100644 --- a/pkgs/tools/security/bitwarden_rs/default.nix +++ b/pkgs/tools/security/bitwarden_rs/default.nix @@ -2,21 +2,26 @@ rustPlatform.buildRustPackage rec { pname = "bitwarden_rs"; - version = "1.9.0"; + version = "1.9.1"; src = fetchFromGitHub { owner = "dani-garcia"; repo = pname; rev = version; - sha256 = "14c2blzkmdd9s0gpf6b7y141yx9s2v2gmwy5l1lgqjhi3h6jpcqr"; + sha256 = "0jfb4b2lp2v01aw615lx0qj1qh73hyrbjn9kva7zqp74wcfw12gp"; }; + cargoPatches = [ + # type annotations required: cannot resolve `std::string::String: std::convert::AsRef<_>` + ./cargo-lock-lettre.patch + ]; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ openssl ] ++ stdenv.lib.optionals stdenv.isDarwin [ Security CoreServices ]; RUSTC_BOOTSTRAP = 1; - cargoSha256 = "038l6alcdc0g4avpbzxgd2k09nr3wrsbry763bq2c77qqgwldj8r"; + cargoSha256 = "0p39gqrqdmgqhngp1qyh6jl0sp0ifj5n3bxfqafjbspb4zph3ls4"; meta = with stdenv.lib; { description = "An unofficial lightweight implementation of the Bitwarden server API using Rust and SQLite"; diff --git a/pkgs/tools/security/bitwarden_rs/vault.nix b/pkgs/tools/security/bitwarden_rs/vault.nix index f5ddfe9ea58..76b9f24224c 100644 --- a/pkgs/tools/security/bitwarden_rs/vault.nix +++ b/pkgs/tools/security/bitwarden_rs/vault.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "bitwarden_rs-vault"; - version = "2.10.0"; + version = "2.11.0"; src = fetchurl { url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - sha256 = "0i0hdh8sxqfyhdv4h696cf595bmkg47bww4ixlvy51h6i14v5pn7"; + sha256 = "06f0rcpqhz5qjm01jbxx2czhnj9ng29rgsrilm5r5xx31s9dnhg7"; }; buildCommand = '' diff --git a/pkgs/tools/security/browserpass/default.nix b/pkgs/tools/security/browserpass/default.nix index 4e602804405..966383163e6 100644 --- a/pkgs/tools/security/browserpass/default.nix +++ b/pkgs/tools/security/browserpass/default.nix @@ -1,4 +1,4 @@ -{ lib, callPackage, buildGoModule, fetchFromGitHub, makeWrapper, gnupg }: +{ lib, buildGoModule, fetchFromGitHub, makeWrapper, gnupg }: buildGoModule rec { pname = "browserpass"; version = "3.0.6"; diff --git a/pkgs/tools/security/bundler-audit/default.nix b/pkgs/tools/security/bundler-audit/default.nix index 8b19b6103d4..3712c129cf6 100644 --- a/pkgs/tools/security/bundler-audit/default.nix +++ b/pkgs/tools/security/bundler-audit/default.nix @@ -1,4 +1,4 @@ -{ bundlerEnv, ruby, lib }: +{ bundlerEnv, ruby, lib, bundlerUpdateScript }: bundlerEnv rec { name = "${pname}-${version}"; @@ -8,6 +8,8 @@ bundlerEnv rec { inherit ruby; gemdir = ./.; + passthru.updateScript = bundlerUpdateScript "bundler-audit"; + meta = with lib; { description = "Patch-level verification for Bundler"; longDescription = '' @@ -20,7 +22,7 @@ bundlerEnv rec { ''; homepage = https://github.com/rubysec/bundler-audit; license = licenses.gpl3Plus; - maintainers = with maintainers; [ primeos ]; + maintainers = with maintainers; [ primeos nicknovitski ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/ccid/default.nix b/pkgs/tools/security/ccid/default.nix index 6fbcffdae29..654d2dd6a7a 100644 --- a/pkgs/tools/security/ccid/default.nix +++ b/pkgs/tools/security/ccid/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, pcsclite, pkgconfig, libusb1, perl }: stdenv.mkDerivation rec { - version = "1.4.30"; + version = "1.4.31"; name = "ccid-${version}"; src = fetchurl { url = "https://ccid.apdu.fr/files/${name}.tar.bz2"; - sha256 = "0z7zafdg75fr1adlv2x0zz34s07gljcjg2lsz76s1048w1xhh5xc"; + sha256 = "1xz8ikr6vk73w3xnwb931yq8lqc1zrj8c3v34n6h63irwjvdfj3b"; }; postPatch = '' diff --git a/pkgs/tools/security/chaps/default.nix b/pkgs/tools/security/chaps/default.nix index 4fbb0b5d948..e81567c3ed8 100644 --- a/pkgs/tools/security/chaps/default.nix +++ b/pkgs/tools/security/chaps/default.nix @@ -84,5 +84,6 @@ stdenv.mkDerivation rec { maintainers = [ maintainers.tstrobel ]; platforms = [ "x86_64-linux" ]; license = licenses.bsd3; + broken = true; # build failure withn openssl 1.1 }; } diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 4d9beb654ec..b96fc49886a 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { name = "clamav-${version}"; - version = "0.101.2"; + version = "0.101.4"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${name}.tar.gz"; - sha256 = "0d3n4y8i5q594h4cjglmvpk4jd73r9ajpp1bvq5lr9zpdzgyn4ha"; + sha256 = "1kdw0b49hbvja6xn589v4f0q334wav16pmi1hibql5cxj7q99w0b"; }; # don't install sample config files into the absolute sysconfdir folder @@ -45,7 +45,7 @@ stdenv.mkDerivation rec { homepage = https://www.clamav.net; description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats"; license = licenses.gpl2; - maintainers = with maintainers; [ phreedom robberer qknight fpletz ]; + maintainers = with maintainers; [ phreedom robberer qknight fpletz globin ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/cowpatty/default.nix b/pkgs/tools/security/cowpatty/default.nix index de34005401b..c5ace5d2e8c 100644 --- a/pkgs/tools/security/cowpatty/default.nix +++ b/pkgs/tools/security/cowpatty/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { meta = { description = "Offline dictionary attack against WPA/WPA2 networks"; license = licenses.gpl2; - homepage = http://www.willhackforsushi.com/?page_id=50; + homepage = https://www.willhackforsushi.com/?page_id=50; maintainers = with maintainers; [ nico202 ]; platforms = platforms.linux; }; diff --git a/pkgs/tools/security/dnsenum/default.nix b/pkgs/tools/security/dnsenum/default.nix index d764e8a71ae..3374c827d75 100644 --- a/pkgs/tools/security/dnsenum/default.nix +++ b/pkgs/tools/security/dnsenum/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = "https://github.com/fwaeytens/dnsenum"; description = "A tool to enumerate DNS information"; - maintainers = with maintainers; [ c0bw3b globin ]; + maintainers = with maintainers; [ c0bw3b ]; license = licenses.gpl2Plus; platforms = platforms.all; }; diff --git a/pkgs/tools/security/dnsrecon/default.nix b/pkgs/tools/security/dnsrecon/default.nix index 06270723f4d..2575636aeca 100644 --- a/pkgs/tools/security/dnsrecon/default.nix +++ b/pkgs/tools/security/dnsrecon/default.nix @@ -39,6 +39,6 @@ python3.pkgs.buildPythonApplication rec { homepage = "https://github.com/darkoperator/dnsrecon"; license = licenses.gpl2; platforms = platforms.all; - maintainers = with maintainers; [ c0bw3b globin ]; + maintainers = with maintainers; [ c0bw3b ]; }; } diff --git a/pkgs/tools/security/duo-unix/default.nix b/pkgs/tools/security/duo-unix/default.nix index 88c570eb75e..10e2138494e 100644 --- a/pkgs/tools/security/duo-unix/default.nix +++ b/pkgs/tools/security/duo-unix/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "duo-unix-${version}"; - version = "1.11.1"; + version = "1.11.2"; src = fetchurl { url = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz"; - sha256 = "1krpk6ngl9vmvax8qax2iqcjdkvgdq5bxs079qy6c33ql40ra96i"; + sha256 = "11467kk8blg777vss0hsgz6k8f5m43p50zqs7yhx2sgbh9ygnn6y"; }; buildInputs = [ pam openssl zlib ]; diff --git a/pkgs/tools/security/encryptr/default.nix b/pkgs/tools/security/encryptr/default.nix index 8d0c7876431..6f79be83be5 100644 --- a/pkgs/tools/security/encryptr/default.nix +++ b/pkgs/tools/security/encryptr/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, glib, nss, nspr, gconf, fontconfig, freetype , pango , cairo, libX11 , libXi, libXcursor, libXext, libXfixes , libXrender, libXcomposite , alsaLib, libXdamage, libXtst, libXrandr -, expat, libcap, systemd , dbus, gtk2 , gdk_pixbuf, libnotify +, expat, libcap, systemd , dbus, gtk2 , gdk-pixbuf, libnotify }: let @@ -27,7 +27,7 @@ in stdenv.mkDerivation rec { rpath = stdenv.lib.makeLibraryPath [ glib nss nspr gconf fontconfig freetype pango cairo libX11 libXi libXcursor libXext libXfixes libXrender libXcomposite alsaLib - libXdamage libXtst libXrandr expat libcap dbus gtk2 gdk_pixbuf + libXdamage libXtst libXrandr expat libcap dbus gtk2 gdk-pixbuf libnotify stdenv.cc.cc ]; diff --git a/pkgs/tools/security/enpass/default.nix b/pkgs/tools/security/enpass/default.nix index 97a692d7f33..c33e433448f 100644 --- a/pkgs/tools/security/enpass/default.nix +++ b/pkgs/tools/security/enpass/default.nix @@ -2,7 +2,7 @@ , glib, libGLU_combined, libpulseaudio, zlib, dbus, fontconfig, freetype , gtk3, pango , makeWrapper , python, pythonPackages, lib -, lsof, curl, libuuid, cups, mesa_drivers +, lsof, curl, libuuid, cups, mesa }: let @@ -18,7 +18,7 @@ let # used of both wrappers and libpath libPath = lib.makeLibraryPath (with xorg; [ - mesa_drivers + mesa.drivers libGLU_combined fontconfig freetype diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index 6b1d8e6c4f8..296080cbd8e 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -21,6 +21,9 @@ pythonPackages.buildPythonApplication { --replace /usr/sbin/sendmail sendmail \ --replace /usr/bin/whois whois done + + substituteInPlace config/filter.d/dovecot.conf \ + --replace dovecot.service dovecot2.service ''; doCheck = false; diff --git a/pkgs/tools/security/fierce/default.nix b/pkgs/tools/security/fierce/default.nix index abc1bacd212..809d8e29ea3 100644 --- a/pkgs/tools/security/fierce/default.nix +++ b/pkgs/tools/security/fierce/default.nix @@ -17,7 +17,7 @@ python3.pkgs.buildPythonApplication rec { homepage = "https://github.com/mschwager/fierce"; description = "DNS reconnaissance tool for locating non-contiguous IP space"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ c0bw3b globin ]; + maintainers = with maintainers; [ c0bw3b ]; platforms = platforms.all; }; } diff --git a/pkgs/tools/security/ghidra/default.nix b/pkgs/tools/security/ghidra/default.nix index 71cda94d5f8..d68fd5e7e92 100644 --- a/pkgs/tools/security/ghidra/default.nix +++ b/pkgs/tools/security/ghidra/default.nix @@ -6,11 +6,11 @@ in stdenv.mkDerivation { - name = "ghidra-9.0"; + name = "ghidra-9.0.4"; src = fetchurl { - url = https://ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip; - sha256 = "3b65d29024b9decdbb1148b12fe87bcb7f3a6a56ff38475f5dc9dd1cfc7fd6b2"; + url = https://ghidra-sre.org/ghidra_9.0.4_PUBLIC_20190516.zip; + sha256 = "1gqqxk57hswwgr97qisqivcfgjdxjipfdshyh4r76dyrfpa0q3d5"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch b/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch new file mode 100644 index 00000000000..061fb0e8de9 --- /dev/null +++ b/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch @@ -0,0 +1,34 @@ +From 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Sun, 30 Jun 2019 11:54:35 -0400 +Subject: [PATCH] dirmngr: Only use SKS pool CA for SKS pool + +* dirmngr/http.c (http_session_new): when checking whether the +keyserver is the HKPS pool, check specifically against the pool name, +as ./configure might have been used to select a different default +keyserver. It makes no sense to apply Kristian's certificate +authority to anything other than the literal host +hkps.pool.sks-keyservers.net. + +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +GnuPG-Bug-Id: 4593 +--- + dirmngr/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dirmngr/http.c b/dirmngr/http.c +index 384f2569d..8e5d53939 100644 +--- a/dirmngr/http.c ++++ b/dirmngr/http.c +@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session, + + is_hkps_pool = (intended_hostname + && !ascii_strcasecmp (intended_hostname, +- get_default_keyserver (1))); ++ "hkps.pool.sks-keyservers.net")); + + /* If the user has not specified a CA list, and they are looking + * for the hkps pool from sks-keyservers.net, then default to +-- +2.22.0 + diff --git a/pkgs/tools/security/gnupg/1.nix b/pkgs/tools/security/gnupg/1.nix index b86bb1a221c..3b916378bf5 100644 --- a/pkgs/tools/security/gnupg/1.nix +++ b/pkgs/tools/security/gnupg/1.nix @@ -27,6 +27,6 @@ stdenv.mkDerivation rec { other applications. A wealth of frontend applications and libraries are available. ''; - platforms = platforms.gnu ++ platforms.linux; # arbitrary choice + platforms = platforms.all; }; } diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index b360992c6be..7a8fb5a3244 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -1,5 +1,5 @@ -{ fetchurl, stdenv, pkgconfig, libgcrypt, libassuan, libksba, libgpgerror -, libiconv, npth, gettext, texinfo, pcsclite, sqlite +{ fetchurl, fetchpatch, stdenv, pkgconfig, libgcrypt, libassuan, libksba +, libgpgerror, libiconv, npth, gettext, texinfo, pcsclite, sqlite , buildPackages # Each of the dependencies below are optional. @@ -16,11 +16,11 @@ assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-${version}"; - version = "2.2.16"; + version = "2.2.17"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "1jqlzp9b3kpfp1dkjqskm67jjrhvf9nh3lzf45321p7m9d2qvgkc"; + sha256 = "056mgy09lvsi03531a437qj58la1j2x1y1scvfi53diris3658mg"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -32,8 +32,12 @@ stdenv.mkDerivation rec { patches = [ ./fix-libusb-include-path.patch + ./0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch ]; - postPatch = stdenv.lib.optionalString stdenv.isLinux '' + postPatch = '' + sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' \ + configure doc/dirmngr.texi doc/gnupg.info-1 + '' + stdenv.lib.optionalString stdenv.isLinux '' sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( diff --git a/pkgs/tools/security/gopass/default.nix b/pkgs/tools/security/gopass/default.nix index b8be17e4996..41a0d6eb7a5 100644 --- a/pkgs/tools/security/gopass/default.nix +++ b/pkgs/tools/security/gopass/default.nix @@ -1,8 +1,8 @@ -{ stdenv, buildGoPackage, fetchFromGitHub, git, gnupg, xclip, makeWrapper }: +{ stdenv, buildGoPackage, fetchFromGitHub, git, gnupg, xclip, wl-clipboard, makeWrapper }: buildGoPackage rec { pname = "gopass"; - version = "1.8.5"; + version = "1.8.6"; goPackagePath = "github.com/gopasspw/gopass"; @@ -12,14 +12,14 @@ buildGoPackage rec { owner = "gopasspw"; repo = pname; rev = "v${version}"; - sha256 = "1mgc77j5b9pjf2ayd5c09ym6d8n1yia8yg87zw0b8fsh5wac41sl"; + sha256 = "0v3sx9hb03bdn4rvsv2r0jzif6p1rx47hrkpsbnwva31k396mck2"; }; - wrapperPath = with stdenv.lib; makeBinPath ([ + wrapperPath = stdenv.lib.makeBinPath ([ git gnupg xclip - ]); + ] ++ stdenv.lib.optional stdenv.isLinux wl-clipboard); postInstall = '' mkdir -p \ diff --git a/pkgs/tools/security/hcxtools/default.nix b/pkgs/tools/security/hcxtools/default.nix index 275578d8cb4..216d58192fb 100644 --- a/pkgs/tools/security/hcxtools/default.nix +++ b/pkgs/tools/security/hcxtools/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hcxtools"; - version = "5.1.4"; + version = "5.2.0"; src = fetchFromGitHub { owner = "ZerBea"; repo = pname; rev = version; - sha256 = "1bkl0j6m5q091fas99s83aclcc5kfwacmkgmyg8565z2npvnj7nf"; + sha256 = "0k2qlq9hz5zc21nyc6yrnfqzga7hydn5mm0x3rpl2fhkwl81lxcn"; }; buildInputs = [ curl openssl zlib ]; diff --git a/pkgs/tools/security/kbfs/default.nix b/pkgs/tools/security/kbfs/default.nix deleted file mode 100644 index 9cd6ccca388..00000000000 --- a/pkgs/tools/security/kbfs/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ stdenv, buildGoPackage, fetchFromGitHub }: - -buildGoPackage rec { - name = "kbfs-${version}"; - version = "2.11.0"; - - goPackagePath = "github.com/keybase/kbfs"; - subPackages = [ "kbfsfuse" "kbfsgit/git-remote-keybase" ]; - - dontRenameImports = true; - - src = fetchFromGitHub { - owner = "keybase"; - repo = "kbfs"; - rev = "v${version}"; - sha256 = "1qlns7vpyj3ivm7d3vvlmx3iksl7hpcg87yh30f3n64c8jk0xc83"; - }; - - buildFlags = [ "-tags production" ]; - - meta = with stdenv.lib; { - homepage = https://www.keybase.io; - description = "The Keybase FS FUSE driver"; - platforms = platforms.unix; - maintainers = with maintainers; [ rvolosatovs bennofs np ]; - license = licenses.bsd3; - }; -} diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index 02a322a1802..6fac3b66cbc 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -1,27 +1,25 @@ -{ stdenv, lib, buildGoPackage, fetchurl, cf-private +{ stdenv, lib, buildGoPackage, fetchFromGitHub , AVFoundation, AudioToolbox, ImageIO, CoreMedia , Foundation, CoreGraphics, MediaToolbox }: buildGoPackage rec { name = "keybase-${version}"; - version = "4.0.0"; + version = "4.3.1"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/keybase" ]; dontRenameImports = true; - src = fetchurl { - url = "https://github.com/keybase/client/archive/v${version}.tar.gz"; - sha256 = "14c0876mxz3xa2k4d665kf8j6k3hc6qybkj0gr4pr9c9gs70cgjh"; + src = fetchFromGitHub { + owner = "keybase"; + repo = "client"; + rev = "v${version}"; + sha256 = "1743d7a7ix882yxz9pk230vdvdj46sbscqv4wqyhb0la2pl9jqdp"; }; - buildInputs = lib.optionals stdenv.isDarwin [ - AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox - # Needed for OBJC_CLASS_$_NSData symbols. - cf-private - ]; + buildInputs = lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ]; buildFlags = [ "-tags production" ]; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix index bd9c1328d31..02d8625aa76 100644 --- a/pkgs/tools/security/keybase/gui.nix +++ b/pkgs/tools/security/keybase/gui.nix @@ -1,19 +1,19 @@ -{ stdenv, fetchurl, alsaLib, atk, cairo, cups, udev, hicolor-icon-theme -, dbus, expat, fontconfig, freetype, gdk_pixbuf, glib, gtk3, gnome3 +{ stdenv, fetchurl, alsaLib, atk, cairo, cups, udev +, dbus, expat, fontconfig, freetype, gdk-pixbuf, glib, gtk3 , libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook , runtimeShell, gsettings-desktop-schemas }: let - versionSuffix = "20190508150240.6614a49937"; + versionSuffix = "20190813132700.6f497ec371"; in stdenv.mkDerivation rec { name = "keybase-gui-${version}"; - version = "4.0.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "4.3.1"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - sha256 = "1fj92gxwfd6909r79prsq760b9s50js1iip5c01621hz9y39jd6m"; + sha256 = "1mbbfy1aijqr8209jjja6dm2nzw721qqw94839df047rcwnd38pg"; }; nativeBuildInputs = [ @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { expat fontconfig freetype - gdk_pixbuf + gdk-pixbuf glib gsettings-desktop-schemas gtk3 diff --git a/pkgs/tools/security/keybase/kbfs.nix b/pkgs/tools/security/keybase/kbfs.nix new file mode 100644 index 00000000000..302e996213d --- /dev/null +++ b/pkgs/tools/security/keybase/kbfs.nix @@ -0,0 +1,22 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, keybase }: + +buildGoPackage rec { + pname = "kbfs"; + + inherit (keybase) src version; + + goPackagePath = "github.com/keybase/client"; + subPackages = [ "go/kbfs/kbfsfuse" "go/kbfs/kbfsgit/git-remote-keybase" ]; + + dontRenameImports = true; + + buildFlags = [ "-tags production" ]; + + meta = with stdenv.lib; { + homepage = "https://keybase.io/docs/kbfs"; + description = "The Keybase filesystem"; + platforms = platforms.unix; + maintainers = with maintainers; [ rvolosatovs bennofs np ]; + license = licenses.bsd3; + }; +} diff --git a/pkgs/tools/security/kpcli/default.nix b/pkgs/tools/security/kpcli/default.nix index 350d0e66dc7..e7c09e0b2d5 100644 --- a/pkgs/tools/security/kpcli/default.nix +++ b/pkgs/tools/security/kpcli/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, makeWrapper, perl, perlPackages }: stdenv.mkDerivation rec { - version = "3.2"; + version = "3.3"; name = "kpcli-${version}"; src = fetchurl { url = "mirror://sourceforge/kpcli/${name}.pl"; - sha256 = "11z6zbnsmqgjw73ai4nrq4idr83flrib22d8fqh1637d36p1nnk1"; + sha256 = "1z6dy70d3ag16vgzzafcnxb8gap3wahfmy4vd22fpgbrdd6riph4"; }; buildInputs = [ makeWrapper perl ]; diff --git a/pkgs/tools/security/lesspass-cli/default.nix b/pkgs/tools/security/lesspass-cli/default.nix new file mode 100644 index 00000000000..afcdf0c0a07 --- /dev/null +++ b/pkgs/tools/security/lesspass-cli/default.nix @@ -0,0 +1,38 @@ +{ stdenv, python3, fetchFromGitHub }: + +let + inherit (python3.pkgs) buildPythonApplication pytest mock pexpect; +in +buildPythonApplication rec { + pname = "lesspass-cli"; + version = "9.0.0"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = version; + sha256 = "1mdv0c0fn4d72iigy8hz4s7kf7q3pg4gjjadxwxyjwsalapnsapk"; + }; + sourceRoot = "source/cli"; + + # some tests are designed to run against code in the source directory - adapt to run against + # *installed* code + postPatch = '' + for f in tests/test_functional.py tests/test_interaction.py ; do + substituteInPlace $f --replace "lesspass/core.py" "-m lesspass.core" + done + ''; + + checkInputs = [ pytest mock pexpect ]; + checkPhase = '' + mv lesspass lesspass.hidden # ensure we're testing against *installed* package + pytest tests + ''; + + meta = with stdenv.lib; { + description = "Stateless password manager"; + homepage = https://lesspass.com; + maintainers = with maintainers; [ jasoncarr ]; + license = licenses.gpl3; + }; +} diff --git a/pkgs/tools/security/lynis/default.nix b/pkgs/tools/security/lynis/default.nix index 198e33c8500..7579636cfbf 100644 --- a/pkgs/tools/security/lynis/default.nix +++ b/pkgs/tools/security/lynis/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "lynis"; - version = "2.7.4"; + version = "2.7.5"; name = "${pname}-${version}"; src = fetchFromGitHub { owner = "CISOfy"; repo = "${pname}"; rev = "${version}"; - sha256 = "1jjk5hcxmp4f4ppsljiq95l2ln6b03azydap3b35lsvxkjybv88k"; + sha256 = "1lkkbvxm0rgrrlx0szaxmf8ghc3d26wal96sgqk84m37mvs1f7p0"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix index ed1cda8030f..e1a134ec5d1 100644 --- a/pkgs/tools/security/monkeysphere/default.nix +++ b/pkgs/tools/security/monkeysphere/default.nix @@ -2,7 +2,7 @@ , perl, libassuan, libgcrypt , perlPackages, lockfileProgs, gnupg, coreutils # For the tests: -, bash, openssh, which, socat, cpio, hexdump, procps, openssl +, openssh, which, socat, cpio, hexdump, procps, openssl }: let diff --git a/pkgs/tools/security/nitrokey-app/default.nix b/pkgs/tools/security/nitrokey-app/default.nix index e7f7547e4ad..1b18f0e1e11 100644 --- a/pkgs/tools/security/nitrokey-app/default.nix +++ b/pkgs/tools/security/nitrokey-app/default.nix @@ -1,5 +1,5 @@ -{ stdenv, makeWrapper, bash-completion, cmake, fetchFromGitHub, hidapi, libusb1, pkgconfig -, qtbase, qttranslations, qtsvg }: +{ stdenv, bash-completion, cmake, fetchFromGitHub, hidapi, libusb1, pkgconfig +, qtbase, qttranslations, qtsvg, wrapQtAppsHook }: stdenv.mkDerivation rec { name = "nitrokey-app-${version}"; @@ -29,15 +29,10 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake pkgconfig - makeWrapper + wrapQtAppsHook ]; cmakeFlags = "-DCMAKE_BUILD_TYPE=Release"; - postFixup = '' - wrapProgram $out/bin/nitrokey-app \ - --prefix QT_PLUGIN_PATH : "${qtbase}/${qtbase.qtPluginPrefix}" - ''; - meta = with stdenv.lib; { description = "Provides extra functionality for the Nitrokey Pro and Storage"; longDescription = '' diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index 3bc5758aad4..1b66dab35c8 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -20,22 +20,22 @@ let in stdenv.mkDerivation rec { name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; - version = "7.70"; + version = "7.80"; src = fetchurl { url = "https://nmap.org/dist/nmap-${version}.tar.bz2"; - sha256 = "063fg8adx23l4irrh5kn57hsmi1xvjkar4vm4k6g94ppan4hcyw4"; + sha256 = "1aizfys6l9f9grm82bk878w56mg0zpkfns3spzj157h98875mypw"; }; patches = [ ./zenmap.patch ] ++ optionals stdenv.cc.isClang [( # Fixes a compile error due an ambiguous reference to bind(2) in # nping/EchoServer.cc, which is otherwise resolved to std::bind. - # Also fixes a missing include. # https://github.com/nmap/nmap/pull/1363 fetchpatch { url = "https://github.com/nmap/nmap/commit/5bbe66f1bd8cbd3718f5805139e2e8139e6849bb.diff"; - sha256 = "088r8ylpc9hachsxs4r17cqfa1ncyspbjvkc573lill7rk1r9m0s"; + includes = [ "nping/EchoServer.cc" ]; + sha256 = "0xcph9mycy57yryjg253frxyz87c4135rrbndlqw1400c8jxq70c"; } )]; diff --git a/pkgs/tools/security/ossec/default.nix b/pkgs/tools/security/ossec/default.nix index 803380dbb4a..7231f6821da 100644 --- a/pkgs/tools/security/ossec/default.nix +++ b/pkgs/tools/security/ossec/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation { name = "ossec-client-2.6"; src = fetchurl { - url = http://www.ossec.net/files/ossec-hids-2.6.tar.gz; + url = https://www.ossec.net/files/ossec-hids-2.6.tar.gz; sha256 = "0k1b59wdv9h50gbyy88qw3cnpdm8hv0nrl0znm92h9a11i5b39ip"; }; diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 8ddbd60a38d..94f517d2e92 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -120,7 +120,7 @@ let description = "Stores, retrieves, generates, and synchronizes passwords securely"; homepage = https://www.passwordstore.org/; license = licenses.gpl2Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher globin ]; platforms = platforms.unix; longDescription = '' diff --git a/pkgs/tools/security/pass/extensions/genphrase.nix b/pkgs/tools/security/pass/extensions/genphrase.nix index 0413234bad2..ba3f821e88c 100644 --- a/pkgs/tools/security/pass/extensions/genphrase.nix +++ b/pkgs/tools/security/pass/extensions/genphrase.nix @@ -1,4 +1,4 @@ -{ stdenv, pass, fetchFromGitHub }: +{ stdenv, fetchFromGitHub }: stdenv.mkDerivation rec { name = "pass-genphrase-${version}"; diff --git a/pkgs/tools/security/pass/extensions/otp.nix b/pkgs/tools/security/pass/extensions/otp.nix index 6d35c4aa837..c951a5e37ef 100644 --- a/pkgs/tools/security/pass/extensions/otp.nix +++ b/pkgs/tools/security/pass/extensions/otp.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "pass-otp-${version}"; - version = "1.1.1"; + version = "1.2.0"; src = fetchFromGitHub { owner = "tadfisher"; repo = "pass-otp"; rev = "v${version}"; - sha256 = "0m8x5dqwcr9jim530685nsq4zn941hhl7ridmmd63b204z141rwa"; + sha256 = "0cpqrf3939hcvwg7sd8055ghc8x964ilimlri16czzx188a9jx9v"; }; buildInputs = [ oathToolkit ]; @@ -19,13 +19,15 @@ stdenv.mkDerivation rec { sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash ''; - installFlags = [ "PREFIX=$(out)" ]; + installFlags = [ "PREFIX=$(out)" + "BASHCOMPDIR=$(out)/share/bash-completion/completions" + ]; meta = with stdenv.lib; { description = "A pass extension for managing one-time-password (OTP) tokens"; homepage = https://github.com/tadfisher/pass-otp; license = licenses.gpl3; - maintainers = with maintainers; [ jwiegley tadfisher ]; + maintainers = with maintainers; [ jwiegley tadfisher toonn ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/pass/rofi-pass.nix b/pkgs/tools/security/pass/rofi-pass.nix index ac9ea6c7013..6140159dcb5 100644 --- a/pkgs/tools/security/pass/rofi-pass.nix +++ b/pkgs/tools/security/pass/rofi-pass.nix @@ -50,7 +50,7 @@ stdenv.mkDerivation rec { meta = { description = "A script to make rofi work with password-store"; homepage = https://github.com/carnager/rofi-pass; - maintainers = with stdenv.lib.maintainers; [ the-kenny garbas ]; + maintainers = with stdenv.lib.maintainers; [ the-kenny ]; license = stdenv.lib.licenses.gpl3; platforms = with stdenv.lib.platforms; linux; }; diff --git a/pkgs/tools/security/passff-host/default.nix b/pkgs/tools/security/passff-host/default.nix index a97bc57ad45..59f03db0200 100644 --- a/pkgs/tools/security/passff-host/default.nix +++ b/pkgs/tools/security/passff-host/default.nix @@ -1,27 +1,41 @@ { stdenv, fetchFromGitHub, python3, pass }: stdenv.mkDerivation rec { - name = "passff-host-${version}"; + pname = "passff-host"; version = "1.2.1"; src = fetchFromGitHub { owner = "passff"; - repo = "passff-host"; + repo = pname; rev = version; sha256 = "0ydfwvhgnw5c3ydx2gn5d7ys9g7cxlck57vfddpv6ix890v21451"; }; buildInputs = [ python3 ]; + makeFlags = [ "VERSION=${version}" ]; patchPhase = '' sed -i 's#COMMAND = "pass"#COMMAND = "${pass}/bin/pass"#' src/passff.py ''; installPhase = '' - install -D bin/testing/passff.py $out/share/passff-host/passff.py - cp bin/testing/passff.json $out/share/passff-host/passff.json - substituteInPlace $out/share/passff-host/passff.json \ + substituteInPlace bin/${version}/passff.json \ --replace PLACEHOLDER $out/share/passff-host/passff.py + + install -Dt $out/share/passff-host \ + bin/${version}/passff.{py,json} + + nativeMessagingPaths=( + /lib/mozilla/native-messaging-hosts + /etc/opt/chrome/native-messaging-hosts + /etc/chromium/native-messaging-hosts + /etc/vivaldi/native-messaging-hosts + ) + + for manifestDir in "''${nativeMessagingPaths[@]}"; do + install -d $out$manifestDir + ln -s $out/share/passff-host/passff.json $out$manifestDir/ + done ''; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/pinentry/default.nix b/pkgs/tools/security/pinentry/default.nix index ba7ef7a3cfd..ac6a50960ad 100644 --- a/pkgs/tools/security/pinentry/default.nix +++ b/pkgs/tools/security/pinentry/default.nix @@ -1,9 +1,21 @@ { fetchurl, fetchpatch, stdenv, lib, pkgconfig -, libgpgerror, libassuan, libcap ? null, libsecret ? null, ncurses ? null, gtk2 ? null, gcr ? null, qt ? null +, libgpgerror, libassuan +, libcap ? null, libsecret ? null, ncurses ? null, gtk2 ? null, gcr ? null +, qt4 ? null, qt5 ? null , enableEmacs ? false }: -stdenv.mkDerivation rec { +assert qt5 != null -> qt4 == null; +assert qt4 != null -> qt5 == null; + +let + mkDerivation = + if qt5 != null + then qt5.mkDerivation + else stdenv.mkDerivation; +in + +mkDerivation rec { name = "pinentry-1.1.0"; src = fetchurl { @@ -12,7 +24,9 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ libgpgerror libassuan libcap libsecret gtk2 gcr ncurses qt ]; + buildInputs = + [ libgpgerror libassuan libcap libsecret gtk2 gcr ncurses qt4 ] + ++ stdenv.lib.optional (qt5 != null) qt5.qtbase; prePatch = '' substituteInPlace pinentry/pinentry-curses.c --replace ncursesw ncurses @@ -34,7 +48,7 @@ stdenv.mkDerivation rec { (stdenv.lib.enableFeature enableEmacs "pinentry-emacs") (stdenv.lib.enableFeature (gtk2 != null) "pinentry-gtk2") (stdenv.lib.enableFeature (gcr != null) "pinentry-gnome3") - (stdenv.lib.enableFeature (qt != null) "pinentry-qt") + (stdenv.lib.enableFeature (qt4 != null || qt5 != null) "pinentry-qt") "--with-libassuan-prefix=${libassuan.dev}" "--with-libgpg-error-prefix=${libgpgerror.dev}" diff --git a/pkgs/tools/security/pinentry/mac.nix b/pkgs/tools/security/pinentry/mac.nix index 8168aa94b3d..1fbb52985fb 100644 --- a/pkgs/tools/security/pinentry/mac.nix +++ b/pkgs/tools/security/pinentry/mac.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, xcbuildHook, libiconv, Cocoa, ncurses, cf-private }: +{ stdenv, fetchFromGitHub, xcbuildHook, libiconv, ncurses, Cocoa }: stdenv.mkDerivation rec { name = "pinentry-mac-0.9.4"; @@ -11,12 +11,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ xcbuildHook ]; - - buildInputs = [ - libiconv Cocoa ncurses - # Needed for OBJC_CLASS_$_NSArray symbols. - cf-private - ]; + buildInputs = [ libiconv ncurses Cocoa ]; installPhase = '' mkdir -p $out/Applications diff --git a/pkgs/tools/security/pius/default.nix b/pkgs/tools/security/pius/default.nix index fba92bd47ac..5aa4ad47d42 100644 --- a/pkgs/tools/security/pius/default.nix +++ b/pkgs/tools/security/pius/default.nix @@ -1,15 +1,16 @@ -{ fetchFromGitHub, stdenv, pythonPackages, gnupg, perl }: +{ fetchFromGitHub, stdenv, python3Packages, gnupg, perl }: -let version = "2.2.7"; in -pythonPackages.buildPythonApplication { - name = "pius-${version}"; +let version = "3.0.0"; in +python3Packages.buildPythonApplication { + pname = "pius"; namePrefix = ""; + inherit version; src = fetchFromGitHub { owner = "jaymzh"; repo = "pius"; rev = "v${version}"; - sha256 = "1kjj44lf9di4ylvmc949dxncllzd8afp0yknr3152dmxkw1vl127"; + sha256 = "0l87dx7n6iwy8alxnhvval8h1kl4da6a59hsilbi65c6bpj4dh3y"; }; patchPhase = '' @@ -18,8 +19,7 @@ pythonPackages.buildPythonApplication { done ''; - nativeBuildInputs = [ perl ]; - propagatedBuildInputs = with pythonPackages; [ six ]; + buildInputs = [ perl ]; meta = { homepage = https://www.phildev.net/pius/; diff --git a/pkgs/tools/security/pwgen-secure/default.nix b/pkgs/tools/security/pwgen-secure/default.nix new file mode 100644 index 00000000000..c3141676b37 --- /dev/null +++ b/pkgs/tools/security/pwgen-secure/default.nix @@ -0,0 +1,36 @@ +{ lib, python3Packages, fetchFromGitHub }: + +with python3Packages; + +buildPythonApplication rec { + pname = "pwgen-secure"; + version = "0.9.1"; + + # it needs `secrets` which was introduced in 3.6 + disabled = pythonOlder "3.6"; + + # GH is newer than Pypi and contains both library *and* the actual program + # whereas Pypi only has the library + src = fetchFromGitHub { + owner = "mjmunger"; + repo = "pwgen_secure"; + rev = "v${version}"; + sha256 = "15md5606hzy1xfhj2lxmc0nvynyrcs4vxa5jdi34kfm31rdklj28"; + }; + + propagatedBuildInputs = [ docopt ]; + + postInstall = '' + install -Dm755 spwgen.py $out/bin/spwgen + ''; + + # there are no checks + doCheck = false; + + meta = with lib; { + description = "Secure password generation library to replace pwgen"; + homepage = "https://github.com/mjmunger/pwgen_secure/"; + license = licenses.mit; + maintainers = with maintainers; [ peterhoeg ]; + }; +} diff --git a/pkgs/tools/security/qesteidutil/default.nix b/pkgs/tools/security/qesteidutil/default.nix index 0f9502a7ac9..f8b110ce221 100644 --- a/pkgs/tools/security/qesteidutil/default.nix +++ b/pkgs/tools/security/qesteidutil/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, fetchpatch +{ stdenv, fetchFromGitHub , cmake, ccid, qttools, qttranslations , pkgconfig, pcsclite, hicolor-icon-theme }: diff --git a/pkgs/tools/security/saml2aws/default.nix b/pkgs/tools/security/saml2aws/default.nix index 7ccb9efcdd5..888d3bb4018 100644 --- a/pkgs/tools/security/saml2aws/default.nix +++ b/pkgs/tools/security/saml2aws/default.nix @@ -2,7 +2,8 @@ buildGoPackage rec { name = "saml2aws-${version}"; - version = "2.10.0"; + pname = "saml2aws"; + version = "2.15.0"; goPackagePath = "github.com/versent/saml2aws"; goDeps = ./deps.nix; @@ -15,7 +16,7 @@ buildGoPackage rec { rev = "v${version}"; owner = "Versent"; repo = "saml2aws"; - sha256 = "00m8x57fgry601w5f9dxnxdqbbqjiv7c0rsx47iv9qsp0w7l50c5"; + sha256 = "0pn4zdzisgan7vvgi7hp8716wsb2x33gq55c7fw1aa2qwy0bq3gp"; }; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/saml2aws/deps.nix b/pkgs/tools/security/saml2aws/deps.nix index 6069f0b184a..08a26db91b1 100644 --- a/pkgs/tools/security/saml2aws/deps.nix +++ b/pkgs/tools/security/saml2aws/deps.nix @@ -1,6 +1,15 @@ # file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix) [ { + goPackagePath = "github.com/99designs/keyring"; + fetch = { + type = "git"; + url = "https://github.com/99designs/keyring"; + rev = "82da6802f65f1ac7963cfc3b7c62ae12dab8ee5d"; + sha256 = "105ddy9vkjr6cmcm85qnxxlnsmkx2svm6bd80rzr9n6zyc5hhk7b"; + }; + } + { goPackagePath = "github.com/AlecAivazis/survey"; fetch = { type = "git"; @@ -64,6 +73,15 @@ }; } { + goPackagePath = "github.com/aulanov/go.dbus"; + fetch = { + type = "git"; + url = "https://github.com/aulanov/go.dbus"; + rev = "25c3068a42a0b50b877953fb249dbcffc6bd1bca"; + sha256 = "0jh4jyxqhsl1rkzabhln7chw1jkzhqw2nn0mw79cmn8fyafi0rgn"; + }; + } + { goPackagePath = "github.com/aws/aws-sdk-go"; fetch = { type = "git"; @@ -109,6 +127,15 @@ }; } { + goPackagePath = "github.com/dvsekhvalnov/jose2go"; + fetch = { + type = "git"; + url = "https://github.com/dvsekhvalnov/jose2go"; + rev = "f21a8cedbbae609f623613ec8f81125c243212e6"; + sha256 = "1nzwvk6nqi7nm2wq4mr2q6k5p0qzsl0kmwx7kgkqsg1zh53250ld"; + }; + } + { goPackagePath = "github.com/fatih/color"; fetch = { type = "git"; @@ -127,6 +154,33 @@ }; } { + goPackagePath = "github.com/godbus/dbus"; + fetch = { + type = "git"; + url = "https://github.com/godbus/dbus"; + rev = "2ff6f7ffd60f0f2410b3105864bdd12c7894f844"; + sha256 = "1c107893nbdfc297i9y0smljmqs167mw26i24509qd09dmvr998y"; + }; + } + { + goPackagePath = "github.com/gsterjov/go-libsecret"; + fetch = { + type = "git"; + url = "https://github.com/gsterjov/go-libsecret"; + rev = "a6f4afe4910cad8688db3e0e9b9ac92ad22d54e1"; + sha256 = "09zaiadnll83vs22ib89agg7anj0blw5fywvmckxllsgif6ak6v7"; + }; + } + { + goPackagePath = "github.com/headzoo/surf"; + fetch = { + type = "git"; + url = "https://github.com/headzoo/surf"; + rev = "a4a8c16c01dc47ef3a25326d21745806f3e6797a"; + sha256 = "1dzcp0wdh3qmm5s5hixk9vj2s2kcvkpbhjdwz7kh2crvnavdgwh6"; + }; + } + { goPackagePath = "github.com/jmespath/go-jmespath"; fetch = { type = "git"; @@ -136,6 +190,15 @@ }; } { + goPackagePath = "github.com/keybase/go-keychain"; + fetch = { + type = "git"; + url = "https://github.com/keybase/go-keychain"; + rev = "f1daa725cce4049b1715f1e97d6a51880e401e70"; + sha256 = "0wk2zc5f5i5mhdkbyzd60wzc64vybds6kxlmwc41k8mx6d1hxdm6"; + }; + } + { goPackagePath = "github.com/mattn/go-colorable"; fetch = { type = "git"; @@ -190,6 +253,15 @@ }; } { + goPackagePath = "github.com/robertkrimen/otto"; + fetch = { + type = "git"; + url = "https://github.com/robertkrimen/otto"; + rev = "15f95af6e78dcd2030d8195a138bd88d4f403546"; + sha256 = "07j7l340lmqwpfscwyb8llk3k37flvs20a4a8vzc85f16xyd9npf"; + }; + } + { goPackagePath = "github.com/sirupsen/logrus"; fetch = { type = "git"; @@ -288,4 +360,13 @@ sha256 = "0fx123601aiqqn0yr9vj6qp1bh8gp240w4qdm76irs73q8dxlk7a"; }; } + { + goPackagePath = "gopkg.in/sourcemap.v1"; + fetch = { + type = "git"; + url = "https://github.com/go-sourcemap/sourcemap"; + rev = "6e83acea0053641eff084973fee085f0c193c61a"; + sha256 = "08rf2dl13hbnm3fq2cm0nnsspy9fhf922ln23cz5463cv7h62as4"; + }; + } ]
\ No newline at end of file diff --git a/pkgs/tools/security/sbsigntool/default.nix b/pkgs/tools/security/sbsigntool/default.nix index 4f4cbf4fb6f..1091b366781 100644 --- a/pkgs/tools/security/sbsigntool/default.nix +++ b/pkgs/tools/security/sbsigntool/default.nix @@ -1,6 +1,6 @@ { stdenv , fetchgit, autoconf, automake, pkgconfig, help2man -, utillinux, openssl, libuuid, gnu-efi, libbfd +, openssl, libuuid, gnu-efi, libbfd }: stdenv.mkDerivation rec { diff --git a/pkgs/tools/security/sequoia/default.nix b/pkgs/tools/security/sequoia/default.nix new file mode 100644 index 00000000000..5d9ffca6937 --- /dev/null +++ b/pkgs/tools/security/sequoia/default.nix @@ -0,0 +1,91 @@ +{ stdenv, fetchFromGitLab, lib, darwin +, git, nettle, llvmPackages, cargo, rustc +, rustPlatform, pkgconfig, glib +, openssl, sqlite, capnproto +, ensureNewerSourcesForZipFilesHook, pythonSupport ? true, pythonPackages ? null +}: + +assert pythonSupport -> pythonPackages != null; + +rustPlatform.buildRustPackage rec { + pname = "sequoia"; + version = "0.9.0"; + + src = fetchFromGitLab { + owner = "sequoia-pgp"; + repo = pname; + rev = "v${version}"; + sha256 = "13dzwdzz33dy2lgnznsv8wqnw2501f2ggrkfwpqy5x6d1kgms8rj"; + }; + + cargoSha256 = "1zcnkpzcar3a2fk2rn3i3nb70b59ds9fpfa44f15r3aaxajsdhdi"; + + nativeBuildInputs = [ + pkgconfig + cargo + rustc + git + llvmPackages.libclang + llvmPackages.clang + ensureNewerSourcesForZipFilesHook + ] ++ + lib.optionals pythonSupport [ pythonPackages.setuptools ] + ; + + checkInputs = lib.optionals pythonSupport [ + pythonPackages.pytest + pythonPackages.pytestrunner + ]; + + buildInputs = [ + openssl + sqlite + nettle + capnproto + ] + ++ lib.optionals pythonSupport [ pythonPackages.python pythonPackages.cffi ] + ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security ] + ; + + makeFlags = [ + "PREFIX=${placeholder ''out''}" + ]; + + buildFlags = [ + "build-release" + ]; + + LIBCLANG_PATH = "${llvmPackages.libclang}/lib"; + + postPatch = '' + # otherwise, the check fails because we delete the `.git` in the unpack phase + substituteInPlace openpgp-ffi/Makefile \ + --replace 'git grep' 'grep -R' + # Without this, the check fails + substituteInPlace openpgp-ffi/examples/Makefile \ + --replace '-O0 -g -Wall -Werror' '-g' + substituteInPlace ffi/examples/Makefile \ + --replace '-O0 -g -Wall -Werror' '-g' + ''; + + preInstall = lib.optionalString pythonSupport '' + export installFlags="PYTHONPATH=$PYTHONPATH:$out/${pythonPackages.python.sitePackages}" + '' + lib.optionalString (!pythonSupport) '' + export installFlags="PYTHON=disable" + ''; + + # Don't use buildRustPackage phases, only use it for rust deps setup + configurePhase = null; + buildPhase = null; + doCheck = true; + checkPhase = null; + installPhase = null; + + meta = with stdenv.lib; { + description = "A cool new OpenPGP implementation"; + homepage = "https://sequoia-pgp.org/"; + license = licenses.gpl3; + maintainers = with maintainers; [ minijackson doronbehar ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/tools/security/shc/default.nix b/pkgs/tools/security/shc/default.nix index e3f5f72c141..3d3bd4eef84 100644 --- a/pkgs/tools/security/shc/default.nix +++ b/pkgs/tools/security/shc/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { name = "shc-${version}"; - version = "4.0.2"; + version = "4.0.3"; rev = "${version}"; src = fetchFromGitHub { inherit rev; owner = "neurobin"; repo = "shc"; - sha256 = "1vd9dldm6h234awn5fhpgq4lb85ylcawr2p2108332ffy70kvdix"; + sha256 = "0bfn404plsssa14q89k9l3s5lxq3df0sny5lis4j2w75qrkqx694"; }; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/sshguard/default.nix b/pkgs/tools/security/sshguard/default.nix index 4774e5cef13..18f010ee1ec 100644 --- a/pkgs/tools/security/sshguard/default.nix +++ b/pkgs/tools/security/sshguard/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, autoreconfHook, yacc, flex}: stdenv.mkDerivation rec { - version = "2.3.1"; + version = "2.4.0"; name = "sshguard-${version}"; src = fetchurl { url = "mirror://sourceforge/sshguard/${name}.tar.gz"; - sha256 = "18i0kmjvym9xym3ysg5kap0298nzcprar9y96k54p3zpdpi5b43n"; + sha256 = "1h6n2xyh58bshplbdqlr9rbnf3lz7nydnq5m2hkq15is3c4s8p06"; }; doCheck = true; diff --git a/pkgs/tools/security/sshuttle/default.nix b/pkgs/tools/security/sshuttle/default.nix index 6a9bd05d820..0e0e8c7ad75 100644 --- a/pkgs/tools/security/sshuttle/default.nix +++ b/pkgs/tools/security/sshuttle/default.nix @@ -1,5 +1,5 @@ { stdenv, python3Packages, fetchurl, makeWrapper -, coreutils, iptables, nettools, openssh, procps, fetchpatch }: +, coreutils, iptables, nettools, openssh, procps }: python3Packages.buildPythonApplication rec { name = "sshuttle-${version}"; diff --git a/pkgs/tools/security/tcpcrypt/default.nix b/pkgs/tools/security/tcpcrypt/default.nix index 3641472f276..4d0feef72c9 100644 --- a/pkgs/tools/security/tcpcrypt/default.nix +++ b/pkgs/tools/security/tcpcrypt/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, autoreconfHook -, openssl, lib +, openssl , libcap, libpcap, libnfnetlink, libnetfilter_conntrack, libnetfilter_queue }: diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index b3b71a16eb8..249ff435c5f 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.0.5"; + version = "0.4.1.5"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "0vk9j3ybz5dwwbmqrdj1bjcsxy76pc8frmfvflkdzwfkvkqcp8mm"; + sha256 = "0984jb6hdcc10f7aq8xzl7l4jf93skp45wkv2v63z4zv0nvf0r58"; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/security/tpm-luks/default.nix b/pkgs/tools/security/tpm-luks/default.nix index 7d0ff797336..e7a82f6089e 100644 --- a/pkgs/tools/security/tpm-luks/default.nix +++ b/pkgs/tools/security/tpm-luks/default.nix @@ -10,6 +10,11 @@ stdenv.mkDerivation rec { sha256 = "1ms2v57f13r9km6mvf9rha5ndmlmjvrz3mcikai6nzhpj0nrjz0w"; }; + patches = [ + ./openssl-1.1.patch + ./signed-ptr.patch + ]; + nativeBuildInputs = [ autoreconfHook ]; buildInputs = [ gawk trousers cryptsetup openssl ]; diff --git a/pkgs/tools/security/tpm-luks/openssl-1.1.patch b/pkgs/tools/security/tpm-luks/openssl-1.1.patch new file mode 100644 index 00000000000..10132242b34 --- /dev/null +++ b/pkgs/tools/security/tpm-luks/openssl-1.1.patch @@ -0,0 +1,63 @@ +diff --git a/swtpm-utils/lib/hmac.c b/swtpm-utils/lib/hmac.c +index 5545375..f9bedea 100644 +--- a/swtpm-utils/lib/hmac.c ++++ b/swtpm-utils/lib/hmac.c +@@ -381,15 +381,19 @@ uint32_t TSS_authhmac(unsigned char *digest, unsigned char *key, unsigned int ke + /****************************************************************************/ + uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...) + { +- HMAC_CTX hmac; ++ HMAC_CTX* hmac; + unsigned int dlen; + unsigned char *data; + va_list argp; +- +-#ifdef HAVE_HMAC_CTX_CLEANUP +- HMAC_CTX_init(&hmac); +-#endif +- HMAC_Init(&hmac,key,keylen,EVP_sha1()); ++ ++ hmac = HMAC_CTX_new(); ++ ++ if (hmac == NULL) ++ { ++ return ERR_MEM_ERR; ++ } ++ ++ HMAC_Init_ex(hmac,key,keylen,EVP_sha1(),NULL); + + va_start(argp,keylen); + for (;;) +@@ -398,15 +402,11 @@ uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned i + if (dlen == 0) break; + data = (unsigned char *)va_arg(argp,unsigned char *); + if (data == NULL) return ERR_NULL_ARG; +- HMAC_Update(&hmac,data,dlen); ++ HMAC_Update(hmac,data,dlen); + } +- HMAC_Final(&hmac,digest,&dlen); ++ HMAC_Final(hmac,digest,&dlen); + +-#ifdef HAVE_HMAC_CTX_CLEANUP +- HMAC_CTX_cleanup(&hmac); +-#else +- HMAC_cleanup(&hmac); +-#endif ++ HMAC_CTX_free(hmac); + va_end(argp); + return 0; + } +diff --git a/swtpm-utils/lib/keys.c b/swtpm-utils/lib/keys.c +index 99691b6..6627a1f 100644 +--- a/swtpm-utils/lib/keys.c ++++ b/swtpm-utils/lib/keys.c +@@ -1249,8 +1249,7 @@ RSA *TSS_convpubkey(pubkeydata *k) + exp); + } + /* set up the RSA public key structure */ +- rsa->n = mod; +- rsa->e = exp; ++ RSA_set0_key(rsa, mod, exp, NULL); + return rsa; + } + diff --git a/pkgs/tools/security/tpm-luks/signed-ptr.patch b/pkgs/tools/security/tpm-luks/signed-ptr.patch new file mode 100644 index 00000000000..83e356a4ef9 --- /dev/null +++ b/pkgs/tools/security/tpm-luks/signed-ptr.patch @@ -0,0 +1,15 @@ +diff --git a/swtpm-utils/getcapability.c b/swtpm-utils/getcapability.c +index 7359ba3..17b4324 100644 +--- a/swtpm-utils/getcapability.c ++++ b/swtpm-utils/getcapability.c +@@ -480,7 +480,8 @@ int main(int argc, char *argv[]) + } + + if (c) { +- char pcrmap[4], *pf; ++ char pcrmap[4]; ++ unsigned char *pf; + + memcpy(pcrmap, ndp.pcrInfoRead.pcrSelection.pcrSelect, + ndp.pcrInfoRead.pcrSelection.sizeOfSelect); + diff --git a/pkgs/tools/security/tpm-tools/default.nix b/pkgs/tools/security/tpm-tools/default.nix index 1944cf236e1..5a2dc6652dd 100644 --- a/pkgs/tools/security/tpm-tools/default.nix +++ b/pkgs/tools/security/tpm-tools/default.nix @@ -13,6 +13,13 @@ stdenv.mkDerivation rec { sourceRoot = "."; + patches = [ + (fetchurl { + url = https://sources.debian.org/data/main/t/tpm-tools/1.3.9.1-0.1/debian/patches/05-openssl1.1_fix_data_mgmt.patch; + sha256 = "161yysw4wgy3spsz6p1d0ib0h5pnrqm8bdh1l71c4hz6a6wpcyxj"; + }) + ]; + nativeBuildInputs = [ perl ]; buildInputs = [ trousers openssl opencryptoki ]; diff --git a/pkgs/tools/security/tpm2-tools/default.nix b/pkgs/tools/security/tpm2-tools/default.nix index ef4ae52ac59..1a6c8aaaa5d 100644 --- a/pkgs/tools/security/tpm2-tools/default.nix +++ b/pkgs/tools/security/tpm2-tools/default.nix @@ -1,13 +1,13 @@ -{ stdenv, fetchurl, fetchpatch, lib +{ stdenv, fetchurl, lib , cmocka, curl, pandoc, pkgconfig, openssl, tpm2-tss }: stdenv.mkDerivation rec { pname = "tpm2-tools"; - version = "3.1.4"; + version = "3.2.0"; src = fetchurl { url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "0cv09wnf7sw17z1n898w0zmk58y8b1why58m63hqx5d7x4054l9g"; + sha256 = "057gg84zly6gjp6ypj6bv6zzmnr77cqsygl8x0147cylwa1ywydd"; }; nativeBuildInputs = [ pandoc pkgconfig ]; diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 1aa42dc75f3..3f366a58320 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "vault-${version}"; - version = "1.1.2"; + version = "1.1.3"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "1916zqmh4cam9nw3k95wiqizlpkbbm5qhfz4lblqba8pzc2y9v32"; + sha256 = "0dylwvs95crvn1p7pbyzib979rxzp4ivzvi5k4f5ivp4ygnp597s"; }; nativeBuildInputs = [ go gox removeReferencesTo ]; diff --git a/pkgs/tools/security/vault/vault-bin.nix b/pkgs/tools/security/vault/vault-bin.nix new file mode 100644 index 00000000000..b58e41d850d --- /dev/null +++ b/pkgs/tools/security/vault/vault-bin.nix @@ -0,0 +1,53 @@ +{ stdenv, fetchurl, unzip }: + +let + version = "1.1.3"; + + sources = let + base = "https://releases.hashicorp.com/vault/${version}"; + in { + "x86_64-linux" = fetchurl { + url = "${base}/vault_${version}_linux_amd64.zip"; + sha256 = "293b88f4d31f6bcdcc8b508eccb7b856a0423270adebfa0f52f04144c5a22ae0"; + }; + "i686-linux" = fetchurl { + url = "${base}/vault_${version}_linux_386.zip"; + sha256 = "9f2fb99e08fa3d25af1497516d08b5d2d8a73bcacd5354ddec024e9628795867"; + }; + "x86_64-darwin" = fetchurl { + url = "${base}/vault_${version}_darwin_amd64.zip"; + sha256 = "a0a7a242f8299ac4a00af8aa10ccedaf63013c8a068f56eadfb9d730b87155ea"; + }; + "i686-darwin" = fetchurl { + url = "${base}/vault_${version}_darwin_386.zip"; + sha256 = "50542cfb37abb06e8bb6b8ba41f5ca7d72a4d6a4396d4e3f4a8391bed14f63be"; + }; + "aarch64-linux" = fetchurl { + url = "${base}/vault_${version}_linux_arm64.zip"; + sha256 = "c243dce14b2e48e3667c2aa5b7fb37009dd7043b56032d6ebe50dd456715fd3f"; + }; + }; + +in stdenv.mkDerivation { + name = "vault-bin-${version}"; + + src = sources."${stdenv.hostPlatform.system}" or (throw "unsupported system: ${stdenv.hostPlatform.system}"); + + nativeBuildInputs = [ unzip ]; + + sourceRoot = "."; + + installPhase = '' + mkdir -p $out/bin $out/share/bash-completion/completions + mv vault $out/bin + echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault + ''; + + meta = with stdenv.lib; { + homepage = https://www.vaultproject.io; + description = "A tool for managing secrets, this binary includes the UI"; + platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" "i686-darwin" ]; + license = licenses.mpl20; + maintainers = with maintainers; [ offline psyanticy ]; + }; +} diff --git a/pkgs/tools/security/vulnix/default.nix b/pkgs/tools/security/vulnix/default.nix index 96c3e78b6a7..2f7986c128b 100644 --- a/pkgs/tools/security/vulnix/default.nix +++ b/pkgs/tools/security/vulnix/default.nix @@ -2,11 +2,11 @@ pythonPackages.buildPythonApplication rec { pname = "vulnix"; - version = "1.8.1"; + version = "1.8.2"; src = pythonPackages.fetchPypi { inherit pname version; - sha256 = "1kpwqsnz7jisi622halzl4s5q42d76nbq6ra800gscnfx48hqw9r"; + sha256 = "0zn21j15vd1z7s40s45zr5wri3r770yvazxqmm60fqpzc5sg552y"; }; outputs = [ "out" "doc" "man" ]; |