diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
90 files changed, 1321 insertions, 917 deletions
diff --git a/nixpkgs/pkgs/tools/security/1password-gui/default.nix b/nixpkgs/pkgs/tools/security/1password-gui/default.nix new file mode 100644 index 00000000000..d03f2c551b9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/1password-gui/default.nix @@ -0,0 +1,75 @@ +{ stdenv +, fetchurl +, appimageTools +, makeWrapper +, electron_9 +, openssl +}: + +let + electron = electron_9; + +in + +stdenv.mkDerivation rec { + pname = "1password"; + version = "0.8.5-1"; + + src = fetchurl { + url = "https://onepassword.s3.amazonaws.com/linux/appimage/${pname}-${version}.AppImage"; + sha256 = "1jardsyxkf7qfhz8jwzwick5r9jf9yjwsdqvmc2rrnrflzzpscm9"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + appimageContents = appimageTools.extractType2 { + name = "${pname}-${version}"; + inherit src; + }; + + dontUnpack = true; + dontConfigure = true; + dontBuild = true; + + installPhase = let + runtimeLibs = [ + openssl.out + stdenv.cc.cc + ]; + in '' + mkdir -p $out/bin $out/share/1password + + # Applications files. + cp -a ${appimageContents}/{locales,resources} $out/share/${pname} + + # Desktop file. + install -Dt $out/share/applications ${appimageContents}/${pname}.desktop + substituteInPlace $out/share/applications/${pname}.desktop \ + --replace 'Exec=AppRun' 'Exec=${pname}' + + # Icons. + cp -a ${appimageContents}/usr/share/icons $out/share + + # Wrap the application with Electron. + makeWrapper "${electron}/bin/electron" "$out/bin/${pname}" \ + --add-flags "$out/share/${pname}/resources/app.asar" \ + --prefix LD_LIBRARY_PATH : "${stdenv.lib.makeLibraryPath runtimeLibs}" + ''; + + passthru.updateScript = ./update.sh; + + meta = with stdenv.lib; { + description = "Multi-platform password manager"; + longDescription = '' + 1Password is a multi-platform package manager. + + The Linux version is currently a development preview and can + only be used to search, view, and copy items. However items + cannot be created or edited. + ''; + homepage = "https://1password.com/"; + license = licenses.unfree; + maintainers = with maintainers; [ danieldk ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/1password-gui/update.sh b/nixpkgs/pkgs/tools/security/1password-gui/update.sh new file mode 100755 index 00000000000..7703aba9984 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/1password-gui/update.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl gnused common-updater-scripts + +version="$(curl -sL https://onepassword.s3.amazonaws.com/linux/debian/dists/edge/main/binary-amd64/Packages | sed -r -n 's/^Version: (.*)-[0-9]+/\1/p' | head -n1)" +update-source-version _1password-gui "$version" diff --git a/nixpkgs/pkgs/tools/security/2fa/default.nix b/nixpkgs/pkgs/tools/security/2fa/default.nix index cf14ec12402..7b6048660c4 100644 --- a/nixpkgs/pkgs/tools/security/2fa/default.nix +++ b/nixpkgs/pkgs/tools/security/2fa/default.nix @@ -16,7 +16,6 @@ buildGoPackage rec { meta = with stdenv.lib; { homepage = "https://rsc.io/2fa"; description = "Two-factor authentication on the command line"; - platforms = platforms.all; maintainers = with maintainers; [ rvolosatovs ]; license = licenses.bsd3; }; diff --git a/nixpkgs/pkgs/tools/security/afl/default.nix b/nixpkgs/pkgs/tools/security/afl/default.nix index e32aa034874..091b52bfcf0 100644 --- a/nixpkgs/pkgs/tools/security/afl/default.nix +++ b/nixpkgs/pkgs/tools/security/afl/default.nix @@ -9,13 +9,13 @@ let else throw "afl: no support for ${stdenv.hostPlatform.system}!"; afl = stdenv.mkDerivation rec { pname = "afl"; - version = "2.56b"; + version = "2.57b"; src = fetchFromGitHub { owner = "google"; repo = pname; rev = "v${version}"; - sha256 = "1q1g59gkm48aa4cg9h70jx4i2gapmypgp5rzs156b2avd95vwkn1"; + sha256 = "0fqj3g6ds1f21kxz7m9mc1fspi9r4jg9jcmi60inwxijrc5ncvr6"; }; enableParallelBuilding = true; diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/default.nix b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix index f99be6d7575..a0ef58ae8b6 100644 --- a/nixpkgs/pkgs/tools/security/aflplusplus/default.nix +++ b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix @@ -1,6 +1,6 @@ { stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper -, clang_9, llvm_9, gcc, which, libcgroup, python, perl, gmp -, file, cmocka, wine ? null, fetchpatch +, clang, llvm, gcc, which, libcgroup, python, perl, gmp +, file, wine ? null, fetchpatch }: # wine fuzzing is only known to work for win32 binaries, and using a mixture of @@ -17,38 +17,28 @@ let libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; - version = "2.64c"; + version = "2.65c"; src = fetchFromGitHub { owner = "AFLplusplus"; repo = "AFLplusplus"; rev = version; - sha256 = "0n618pk6nlmkcbv1qm05fny4mnhcprrw0ppmra1phvk1y22iildj"; + sha256 = "1np2a3kypb2m8nyv6qnij18yzn41pl8619jzydci40br4vxial9l"; }; enableParallelBuilding = true; - # build of unsigaction32 broken in 2.64c: - # https://github.com/AFLplusplus/AFLplusplus/commit/079fdbf9bc5be1adba19e4bd08be965bd4dd79dc#commitcomment-38428357 - # The applied patch fixes it. - patches = [ - (fetchpatch { - url = "https://github.com/AFLplusplus/AFLplusplus/commit/5b9928f1a9d4b017ea04365ca8b522fde71236eb.patch"; - sha256 = "1m4w9w4jaxb2mjkwvr6r4qa2j5cdzzpchjphpwd95861h0zvb6hh"; - }) - ]; - # Note: libcgroup isn't needed for building, just for the afl-cgroup # script. - nativeBuildInputs = [ makeWrapper which clang_9 gcc ]; - buildInputs = [ llvm_9 python gmp ] + nativeBuildInputs = [ makeWrapper which clang gcc ]; + buildInputs = [ llvm python gmp ] ++ stdenv.lib.optional (wine != null) python.pkgs.wrapPython; postPatch = '' # Replace the CLANG_BIN variables with the correct path substituteInPlace llvm_mode/afl-clang-fast.c \ - --replace "CLANGPP_BIN" '"${clang_9}/bin/clang++"' \ - --replace "CLANG_BIN" '"${clang_9}/bin/clang"' \ + --replace "CLANGPP_BIN" '"${clang}/bin/clang++"' \ + --replace "CLANG_BIN" '"${clang}/bin/clang"' \ --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" # Replace "gcc" and friends with full paths in afl-gcc @@ -115,7 +105,7 @@ let wrapPythonProgramsIn $out/bin ${python.pkgs.pefile} ''; - installCheckInputs = [ perl file cmocka ]; + installCheckInputs = [ perl file ]; doInstallCheck = true; installCheckPhase = '' # replace references to tools in build directory with references to installed locations @@ -123,7 +113,7 @@ let --replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \ --replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \ --replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`' - perl -pi -e 's|(?<!\.)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh + perl -pi -e 's|(?<!\.)(?<!-I)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh cd test && ./test.sh ''; diff --git a/nixpkgs/pkgs/tools/security/age/default.nix b/nixpkgs/pkgs/tools/security/age/default.nix index c3756b545e3..8a6d008551e 100644 --- a/nixpkgs/pkgs/tools/security/age/default.nix +++ b/nixpkgs/pkgs/tools/security/age/default.nix @@ -2,10 +2,11 @@ buildGoModule rec { pname = "age"; - version = "unstable-2020-03-25"; - goPackagePath = "github.com/FiloSottile/age"; + version = "1.0.0-beta4"; vendorSha256 = "0km7a2826j3fk2nrkmgc990chrkcfz006wfw14yilsa4p2hmfl7m"; + doCheck = false; + subPackages = [ "cmd/age" "cmd/age-keygen" @@ -14,8 +15,8 @@ buildGoModule rec { src = fetchFromGitHub { owner = "FiloSottile"; repo = "age"; - rev = "f0f8092d60bb96737fa096c29ec6d8adb5810390"; - sha256 = "079kfc8d1pr39hr4qnx48kviyzwg4p8m4pz0bdkypns4aq8ppbfk"; + rev = "v${version}"; + sha256 = "0pp6zn4rdypyxn1md9ppisiwiapkfkbh08rzfl3qwn0998wx6gnb"; }; meta = with lib; { @@ -24,4 +25,4 @@ buildGoModule rec { license = licenses.bsd3; maintainers = with maintainers; [ tazjin ]; }; -}
\ No newline at end of file +} diff --git a/nixpkgs/pkgs/tools/security/aws-okta/default.nix b/nixpkgs/pkgs/tools/security/aws-okta/default.nix index fe7d5e69f4d..b540be3928a 100644 --- a/nixpkgs/pkgs/tools/security/aws-okta/default.nix +++ b/nixpkgs/pkgs/tools/security/aws-okta/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "aws-okta"; - version = "0.26.3"; + version = "1.0.4"; goPackagePath = "github.com/segmentio/aws-okta"; @@ -10,13 +10,13 @@ buildGoPackage rec { owner = "segmentio"; repo = "aws-okta"; rev = "v${version}"; - sha256 = "0n6xm3yv0lxfapchzfrqi05hk918n4lh1hcp7gq7hybam93rld96"; + sha256 = "0a7xccnv0x0a6sydif0rvkdbw4jy9gjijajip1ac6m70l20dhl1v"; }; - goDeps = ./deps.nix; - buildFlags = [ "--tags" "release" ]; + buildFlagsArray = [ "-ldflags=-X main.Version=${version}" ]; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ libusb1 libiconv ]; @@ -25,7 +25,6 @@ buildGoPackage rec { description = "aws-vault like tool for Okta authentication"; license = licenses.mit; maintainers = [maintainers.imalsogreg]; - platforms = platforms.all; homepage = "https://github.com/segmentio/aws-okta"; downloadPage = "https://github.com/segmentio/aws-okta"; }; diff --git a/nixpkgs/pkgs/tools/security/aws-okta/deps.nix b/nixpkgs/pkgs/tools/security/aws-okta/deps.nix deleted file mode 100644 index 180aa69d56c..00000000000 --- a/nixpkgs/pkgs/tools/security/aws-okta/deps.nix +++ /dev/null @@ -1,29 +0,0 @@ -[ - { - goPackagePath = "github.com/sirupsen/logrus"; - fetch = { - type = "git"; - url = "https://github.com/sirupsen/logrus.git"; - rev = "a437dfd2463eaedbec3dfe443e477d3b0a810b3f"; - sha256 = "1904s2bbc7p88anzjp6fyj3jrbm5p6wbb8j4490674dq10kkcfbj"; - }; - } - { - goPackagePath = "golang.org/x/sys/unix"; - fetch = { - type = "git"; - url = "https://github.com/golang/sys.git"; - rev = "b699b7032584f0953262cb2788a0ca19bb494703"; - sha256 = "172sw1bm581qwal9pbf9qj1sgivr74nabbj8qq4q4fhgpzams9ix"; - }; - } - { - goPackagePath = "github.com/marshallbrekka/go-u2fhost"; - fetch = { - type = "git"; - url = "https://github.com/marshallbrekka/go-u2fhost"; - rev = "72b0e7a3f583583996b3b382d2dfaa81fdc4b82c"; - sha256 = "0apzmf0bjpr58ynw55agyjsl74zyg5qjk19nyyy4zhip3s9b1d0h"; - }; - } -] diff --git a/nixpkgs/pkgs/tools/security/b3sum/add-cargo-lock.patch b/nixpkgs/pkgs/tools/security/b3sum/add-cargo-lock.patch index 309e0f147e7..ecbb2b0bab9 100644 --- a/nixpkgs/pkgs/tools/security/b3sum/add-cargo-lock.patch +++ b/nixpkgs/pkgs/tools/security/b3sum/add-cargo-lock.patch @@ -1,585 +1,501 @@ ---- /dev/null 2020-01-18 15:11:39.204798767 +0100 -+++ b3sum/Cargo.lock 2020-01-24 14:27:29.593356345 +0100 -@@ -0,0 +1,582 @@ +diff --git a/b3sum/Cargo.lock b/b3sum/Cargo.lock +new file mode 100644 +index 0000000..1ce7abc +--- /dev/null ++++ b/Cargo.lock +@@ -0,0 +1,495 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +[[package]] ++name = "ansi_term" ++version = "0.11.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" ++dependencies = [ ++ "winapi", ++] ++ ++[[package]] +name = "anyhow" -+version = "1.0.26" ++version = "1.0.31" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "85bb70cc08ec97ca5450e6eba421deeea5f172c0fc61f78b5357b2a8e8be195f" + +[[package]] +name = "arrayref" -+version = "0.3.5" ++version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544" + +[[package]] +name = "arrayvec" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "cff77d8686867eceff3105329d4698d96c2391c176d5d03adc90c7389162b5b8" + +[[package]] -+name = "assert_cmd" -+version = "0.12.0" ++name = "atty" ++version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" +dependencies = [ -+ "doc-comment 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "escargot 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "predicates 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", -+ "predicates-core 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "predicates-tree 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "hermit-abi", ++ "libc", ++ "winapi", +] + +[[package]] +name = "autocfg" -+version = "0.1.7" ++version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "f8aac770f1885fd7e387acedd76065302551364496e46b3dd00860b2f8359b9d" + +[[package]] +name = "b3sum" -+version = "0.1.3" ++version = "0.3.4" +dependencies = [ -+ "anyhow 1.0.26 (registry+https://github.com/rust-lang/crates.io-index)", -+ "assert_cmd 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "blake3 0.1.3", -+ "clap 2.33.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "duct 0.13.3 (registry+https://github.com/rust-lang/crates.io-index)", -+ "hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "memmap 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "tempfile 3.1.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "anyhow", ++ "blake3", ++ "clap", ++ "duct", ++ "hex", ++ "memmap", ++ "rayon", ++ "tempfile", ++ "wild", +] + +[[package]] +name = "bitflags" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" + +[[package]] +name = "blake3" -+version = "0.1.3" -+dependencies = [ -+ "arrayref 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)", -+ "arrayvec 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "cc 1.0.50 (registry+https://github.com/rust-lang/crates.io-index)", -+ "cfg-if 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)", -+ "constant_time_eq 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", -+ "rayon 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "c2-chacha" -+version = "0.2.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" ++version = "0.3.4" +dependencies = [ -+ "ppv-lite86 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)", ++ "arrayref", ++ "arrayvec", ++ "cc", ++ "cfg-if", ++ "constant_time_eq", ++ "crypto-mac", ++ "digest", ++ "rayon", +] + +[[package]] +name = "cc" -+version = "1.0.50" ++version = "1.0.57" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "0fde55d2a2bfaa4c9668bbc63f531fbdeee3ffe188f4662511ce2c22b3eedebe" + +[[package]] +name = "cfg-if" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" + +[[package]] +name = "clap" -+version = "2.33.0" ++version = "2.33.1" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "bdfa80d47f954d53a35a64987ca1422f495b8d6483c0fe9f7117b36c2a792129" +dependencies = [ -+ "bitflags 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "textwrap 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "unicode-width 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", ++ "ansi_term", ++ "atty", ++ "bitflags", ++ "strsim", ++ "textwrap", ++ "unicode-width", ++ "vec_map", +] + +[[package]] +name = "constant_time_eq" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" + +[[package]] +name = "crossbeam-deque" -+version = "0.7.2" ++version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "9f02af974daeee82218205558e51ec8768b48cf524bd01d550abe5573a608285" +dependencies = [ -+ "crossbeam-epoch 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "crossbeam-utils 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "crossbeam-epoch", ++ "crossbeam-utils", ++ "maybe-uninit", +] + +[[package]] +name = "crossbeam-epoch" -+version = "0.8.0" ++version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "058ed274caafc1f60c4997b5fc07bf7dc7cca454af7c6e81edffe5f33f70dace" +dependencies = [ -+ "autocfg 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", -+ "cfg-if 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)", -+ "crossbeam-utils 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "memoffset 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)", -+ "scopeguard 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "autocfg", ++ "cfg-if", ++ "crossbeam-utils", ++ "lazy_static", ++ "maybe-uninit", ++ "memoffset", ++ "scopeguard", +] + +[[package]] +name = "crossbeam-queue" -+version = "0.2.1" ++version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "774ba60a54c213d409d5353bda12d49cd68d14e45036a285234c8d6f91f92570" +dependencies = [ -+ "cfg-if 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)", -+ "crossbeam-utils 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cfg-if", ++ "crossbeam-utils", ++ "maybe-uninit", +] + +[[package]] +name = "crossbeam-utils" -+version = "0.7.0" ++version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "c3c7c73a2d1e9fc0886a08b93e98eb643461230d5f1925e4036204d5f2e261a8" +dependencies = [ -+ "autocfg 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", -+ "cfg-if 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)", -+ "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "autocfg", ++ "cfg-if", ++ "lazy_static", +] + +[[package]] -+name = "difference" -+version = "2.0.0" ++name = "crypto-mac" ++version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5" ++dependencies = [ ++ "generic-array", ++ "subtle", ++] + +[[package]] -+name = "doc-comment" -+version = "0.3.1" ++name = "digest" ++version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" ++dependencies = [ ++ "generic-array", ++] + +[[package]] +name = "duct" -+version = "0.13.3" ++version = "0.13.4" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "f90a9c3a25aafbd538c7d40a53f83c4487ee8216c12d1c8ef2c01eb2f6ea1553" +dependencies = [ -+ "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", -+ "once_cell 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "os_pipe 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "shared_child 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc", ++ "once_cell", ++ "os_pipe", ++ "shared_child", +] + +[[package]] +name = "either" +version = "1.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "bb1f6b1ce1c140482ea30ddd3335fc0024ac7ee112895426e0a629a6c20adfe3" + +[[package]] -+name = "escargot" -+version = "0.5.0" ++name = "generic-array" ++version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "c68f0274ae0e023facc3c97b2e00f076be70e254bc851d972503b328db79b2ec" +dependencies = [ -+ "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)", -+ "serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)", -+ "serde_json 1.0.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "typenum", +] + +[[package]] +name = "getrandom" +version = "0.1.14" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "7abc8dd8451921606d809ba32e95b6111925cd2906060d2dcc29c070220503eb" +dependencies = [ -+ "cfg-if 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)", -+ "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", -+ "wasi 0.9.0+wasi-snapshot-preview1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cfg-if", ++ "libc", ++ "wasi", +] + +[[package]] ++name = "glob" ++version = "0.3.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" ++ ++[[package]] +name = "hermit-abi" -+version = "0.1.6" ++version = "0.1.15" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "3deed196b6e7f9e44a2ae8d94225d80302d81208b1bb673fd21fe634645c85a9" +dependencies = [ -+ "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc", +] + +[[package]] +name = "hex" -+version = "0.4.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "itoa" -+version = "0.4.4" ++version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "644f9158b2f133fd50f5fb3242878846d9eb792e445c893805ff0e3824006e35" + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "libc" -+version = "0.2.66" ++version = "0.2.71" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "9457b06509d27052635f90d6466700c65095fdf75409b3fbdd903e988b886f49" + +[[package]] -+name = "log" -+version = "0.4.8" ++name = "maybe-uninit" ++version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "cfg-if 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)", -+] ++checksum = "60302e4db3a61da70c0cb7991976248362f30319e88850c487b9b95bbf059e00" + +[[package]] +name = "memmap" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "6585fd95e7bb50d6cc31e20d4cf9afb4e2ba16c5846fc76793f11218da9c475b" +dependencies = [ -+ "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", -+ "winapi 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc", ++ "winapi", +] + +[[package]] +name = "memoffset" -+version = "0.5.3" ++version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "c198b026e1bbf08a937e94c6c60f9ec4a2267f5b0d2eec9c1b21b061ce2be55f" +dependencies = [ -+ "rustc_version 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", ++ "autocfg", +] + +[[package]] +name = "num_cpus" -+version = "1.12.0" ++version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "05499f3756671c15885fee9034446956fff3f243d6077b91e5767df161f766b3" +dependencies = [ -+ "hermit-abi 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", -+ "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", ++ "hermit-abi", ++ "libc", +] + +[[package]] +name = "once_cell" -+version = "1.3.1" ++version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "0b631f7e854af39a1739f401cf34a8a013dfe09eac4fa4dba91e9768bd28168d" + +[[package]] +name = "os_pipe" -+version = "0.9.1" ++version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "fb233f06c2307e1f5ce2ecad9f8121cffbbee2c95428f44ea85222e460d0d213" +dependencies = [ -+ "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", -+ "winapi 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc", ++ "winapi", +] + +[[package]] +name = "ppv-lite86" -+version = "0.2.6" ++version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "predicates" -+version = "1.0.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "difference 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "predicates-core 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "predicates-core" -+version = "1.0.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "predicates-tree" -+version = "1.0.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "predicates-core 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "treeline 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "proc-macro2" -+version = "1.0.8" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "unicode-xid 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "quote" -+version = "1.0.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "proc-macro2 1.0.8 (registry+https://github.com/rust-lang/crates.io-index)", -+] ++checksum = "237a5ed80e274dbc66f86bd59c1e25edc039660be53194b5fe0a482e0f2612ea" + +[[package]] +name = "rand" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" +dependencies = [ -+ "getrandom 0.1.14 (registry+https://github.com/rust-lang/crates.io-index)", -+ "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", -+ "rand_chacha 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "rand_core 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "rand_hc 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "getrandom", ++ "libc", ++ "rand_chacha", ++ "rand_core", ++ "rand_hc", +] + +[[package]] +name = "rand_chacha" -+version = "0.2.1" ++version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" +dependencies = [ -+ "c2-chacha 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", -+ "rand_core 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "ppv-lite86", ++ "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" +dependencies = [ -+ "getrandom 0.1.14 (registry+https://github.com/rust-lang/crates.io-index)", ++ "getrandom", +] + +[[package]] +name = "rand_hc" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" +dependencies = [ -+ "rand_core 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "rand_core", +] + +[[package]] +name = "rayon" -+version = "1.3.0" ++version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "62f02856753d04e03e26929f820d0a0a337ebe71f849801eea335d464b349080" +dependencies = [ -+ "crossbeam-deque 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)", -+ "either 1.5.3 (registry+https://github.com/rust-lang/crates.io-index)", -+ "rayon-core 1.7.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "autocfg", ++ "crossbeam-deque", ++ "either", ++ "rayon-core", +] + +[[package]] +name = "rayon-core" -+version = "1.7.0" ++version = "1.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "e92e15d89083484e11353891f1af602cc661426deb9564c298b270c726973280" +dependencies = [ -+ "crossbeam-deque 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)", -+ "crossbeam-queue 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", -+ "crossbeam-utils 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "num_cpus 1.12.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "crossbeam-deque", ++ "crossbeam-queue", ++ "crossbeam-utils", ++ "lazy_static", ++ "num_cpus", +] + +[[package]] +name = "redox_syscall" +version = "0.1.56" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "2439c63f3f6139d1b57529d16bc3b8bb855230c8efcc5d3a896c8bea7c3b1e84" + +[[package]] +name = "remove_dir_all" -+version = "0.5.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "winapi 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "rustc_version" -+version = "0.2.3" ++version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" +dependencies = [ -+ "semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "winapi", +] + +[[package]] -+name = "ryu" -+version = "1.0.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] +name = "scopeguard" -+version = "1.0.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[[package]] -+name = "semver" -+version = "0.9.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "semver-parser 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "semver-parser" -+version = "0.7.0" ++version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" + +[[package]] -+name = "serde" -+version = "1.0.104" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "serde_derive 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "serde_derive" -+version = "1.0.104" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "proc-macro2 1.0.8 (registry+https://github.com/rust-lang/crates.io-index)", -+ "quote 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", -+ "syn 1.0.14 (registry+https://github.com/rust-lang/crates.io-index)", -+] -+ -+[[package]] -+name = "serde_json" -+version = "1.0.45" ++name = "shared_child" ++version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "8cebcf3a403e4deafaf34dc882c4a1b6a648b43e5670aa2e4bb985914eaeb2d2" +dependencies = [ -+ "itoa 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)", -+ "ryu 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", -+ "serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc", ++ "winapi", +] + +[[package]] -+name = "shared_child" -+version = "0.3.4" ++name = "strsim" ++version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", -+ "winapi 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)", -+] ++checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" + +[[package]] -+name = "syn" -+version = "1.0.14" ++name = "subtle" ++version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" -+dependencies = [ -+ "proc-macro2 1.0.8 (registry+https://github.com/rust-lang/crates.io-index)", -+ "quote 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", -+ "unicode-xid 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", -+] ++checksum = "2d67a5a62ba6e01cb2192ff309324cb4875d0c451d55fe2319433abe7a05a8ee" + +[[package]] +name = "tempfile" +version = "3.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "7a6e24d9338a0a5be79593e2fa15a648add6138caa803e2d5bc782c371732ca9" +dependencies = [ -+ "cfg-if 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)", -+ "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", -+ "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)", -+ "redox_syscall 0.1.56 (registry+https://github.com/rust-lang/crates.io-index)", -+ "remove_dir_all 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)", -+ "winapi 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cfg-if", ++ "libc", ++ "rand", ++ "redox_syscall", ++ "remove_dir_all", ++ "winapi", +] + +[[package]] +name = "textwrap" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" +dependencies = [ -+ "unicode-width 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", ++ "unicode-width", +] + +[[package]] -+name = "treeline" -+version = "0.1.0" ++name = "typenum" ++version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "373c8a200f9e67a0c95e62a4f52fbf80c23b4381c05a17845531982fa99e6b33" + +[[package]] +name = "unicode-width" -+version = "0.1.7" ++version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "9337591893a19b88d8d87f2cec1e73fad5cdfd10e5a6f349f498ad6ea2ffb1e3" + +[[package]] -+name = "unicode-xid" -+version = "0.2.0" ++name = "vec_map" ++version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" + +[[package]] +name = "wasi" +version = "0.9.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" ++ ++[[package]] ++name = "wild" ++version = "2.0.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "035793abb854745033f01a07647a79831eba29ec0be377205f2a25b0aa830020" ++dependencies = [ ++ "glob", ++] + +[[package]] +name = "winapi" -+version = "0.3.8" ++version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ -+ "winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", -+ "winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "winapi-i686-pc-windows-gnu", ++ "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" -+ -+[metadata] -+"checksum anyhow 1.0.26 (registry+https://github.com/rust-lang/crates.io-index)" = "7825f6833612eb2414095684fcf6c635becf3ce97fe48cf6421321e93bfbd53c" -+"checksum arrayref 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)" = "0d382e583f07208808f6b1249e60848879ba3543f57c32277bf52d69c2f0f0ee" -+"checksum arrayvec 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "cff77d8686867eceff3105329d4698d96c2391c176d5d03adc90c7389162b5b8" -+"checksum assert_cmd 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)" = "6283bac8dd7226470d491bc4737816fea4ca1fba7a2847f2e9097fd6bfb4624c" -+"checksum autocfg 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "1d49d90015b3c36167a20fe2810c5cd875ad504b39cff3d4eae7977e6b7c1cb2" -+"checksum bitflags 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" -+"checksum c2-chacha 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "214238caa1bf3a496ec3392968969cab8549f96ff30652c9e56885329315f6bb" -+"checksum cc 1.0.50 (registry+https://github.com/rust-lang/crates.io-index)" = "95e28fa049fda1c330bcf9d723be7663a899c4679724b34c81e9f5a326aab8cd" -+"checksum cfg-if 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)" = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" -+"checksum clap 2.33.0 (registry+https://github.com/rust-lang/crates.io-index)" = "5067f5bb2d80ef5d68b4c87db81601f0b75bca627bc2ef76b141d7b846a3c6d9" -+"checksum constant_time_eq 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" -+"checksum crossbeam-deque 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)" = "c3aa945d63861bfe624b55d153a39684da1e8c0bc8fba932f7ee3a3c16cea3ca" -+"checksum crossbeam-epoch 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "5064ebdbf05ce3cb95e45c8b086f72263f4166b29b97f6baff7ef7fe047b55ac" -+"checksum crossbeam-queue 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "c695eeca1e7173472a32221542ae469b3e9aac3a4fc81f7696bcad82029493db" -+"checksum crossbeam-utils 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ce446db02cdc3165b94ae73111e570793400d0794e46125cc4056c81cbb039f4" -+"checksum difference 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "524cbf6897b527295dff137cec09ecf3a05f4fddffd7dfcd1585403449e74198" -+"checksum doc-comment 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "923dea538cea0aa3025e8685b20d6ee21ef99c4f77e954a30febbaac5ec73a97" -+"checksum duct 0.13.3 (registry+https://github.com/rust-lang/crates.io-index)" = "1607fa68d55be208e83bcfbcfffbc1ec65c9fbcf9eb1a5d548dc3ac0100743b0" -+"checksum either 1.5.3 (registry+https://github.com/rust-lang/crates.io-index)" = "bb1f6b1ce1c140482ea30ddd3335fc0024ac7ee112895426e0a629a6c20adfe3" -+"checksum escargot 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)" = "74cf96bec282dcdb07099f7e31d9fed323bca9435a09aba7b6d99b7617bca96d" -+"checksum getrandom 0.1.14 (registry+https://github.com/rust-lang/crates.io-index)" = "7abc8dd8451921606d809ba32e95b6111925cd2906060d2dcc29c070220503eb" -+"checksum hermit-abi 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "eff2656d88f158ce120947499e971d743c05dbcbed62e5bd2f38f1698bbc3772" -+"checksum hex 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "023b39be39e3a2da62a94feb433e91e8bcd37676fbc8bea371daf52b7a769a3e" -+"checksum itoa 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "501266b7edd0174f8530248f87f99c88fbe60ca4ef3dd486835b8d8d53136f7f" -+"checksum lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" -+"checksum libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)" = "d515b1f41455adea1313a4a2ac8a8a477634fbae63cc6100e3aebb207ce61558" -+"checksum log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)" = "14b6052be84e6b71ab17edffc2eeabf5c2c3ae1fdb464aae35ac50c67a44e1f7" -+"checksum memmap 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "6585fd95e7bb50d6cc31e20d4cf9afb4e2ba16c5846fc76793f11218da9c475b" -+"checksum memoffset 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)" = "75189eb85871ea5c2e2c15abbdd541185f63b408415e5051f5cac122d8c774b9" -+"checksum num_cpus 1.12.0 (registry+https://github.com/rust-lang/crates.io-index)" = "46203554f085ff89c235cd12f7075f3233af9b11ed7c9e16dfe2560d03313ce6" -+"checksum once_cell 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b1c601810575c99596d4afc46f78a678c80105117c379eb3650cf99b8a21ce5b" -+"checksum os_pipe 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "db4d06355a7090ce852965b2d08e11426c315438462638c6d721448d0b47aa22" -+"checksum ppv-lite86 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "74490b50b9fbe561ac330df47c08f3f33073d2d00c150f719147d7c54522fa1b" -+"checksum predicates 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a9bfe52247e5cc9b2f943682a85a5549fb9662245caf094504e69a2f03fe64d4" -+"checksum predicates-core 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "06075c3a3e92559ff8929e7a280684489ea27fe44805174c3ebd9328dcb37178" -+"checksum predicates-tree 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "8e63c4859013b38a76eca2414c64911fba30def9e3202ac461a2d22831220124" -+"checksum proc-macro2 1.0.8 (registry+https://github.com/rust-lang/crates.io-index)" = "3acb317c6ff86a4e579dfa00fc5e6cca91ecbb4e7eb2df0468805b674eb88548" -+"checksum quote 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "053a8c8bcc71fcce321828dc897a98ab9760bef03a4fc36693c231e5b3216cfe" -+"checksum rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)" = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" -+"checksum rand_chacha 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "03a2a90da8c7523f554344f921aa97283eadf6ac484a6d2a7d0212fa7f8d6853" -+"checksum rand_core 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" -+"checksum rand_hc 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" -+"checksum rayon 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "db6ce3297f9c85e16621bb8cca38a06779ffc31bb8184e1be4bed2be4678a098" -+"checksum rayon-core 1.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "08a89b46efaf957e52b18062fb2f4660f8b8a4dde1807ca002690868ef2c85a9" -+"checksum redox_syscall 0.1.56 (registry+https://github.com/rust-lang/crates.io-index)" = "2439c63f3f6139d1b57529d16bc3b8bb855230c8efcc5d3a896c8bea7c3b1e84" -+"checksum remove_dir_all 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)" = "4a83fa3702a688b9359eccba92d153ac33fd2e8462f9e0e3fdf155239ea7792e" -+"checksum rustc_version 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a" -+"checksum ryu 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bfa8506c1de11c9c4e4c38863ccbe02a305c8188e85a05a784c9e11e1c3910c8" -+"checksum scopeguard 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b42e15e59b18a828bbf5c58ea01debb36b9b096346de35d941dcb89009f24a0d" -+"checksum semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403" -+"checksum semver-parser 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" -+"checksum serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)" = "414115f25f818d7dfccec8ee535d76949ae78584fc4f79a6f45a904bf8ab4449" -+"checksum serde_derive 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)" = "128f9e303a5a29922045a830221b8f78ec74a5f544944f3d5984f8ec3895ef64" -+"checksum serde_json 1.0.45 (registry+https://github.com/rust-lang/crates.io-index)" = "eab8f15f15d6c41a154c1b128a22f2dfabe350ef53c40953d84e36155c91192b" -+"checksum shared_child 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8cebcf3a403e4deafaf34dc882c4a1b6a648b43e5670aa2e4bb985914eaeb2d2" -+"checksum syn 1.0.14 (registry+https://github.com/rust-lang/crates.io-index)" = "af6f3550d8dff9ef7dc34d384ac6f107e5d31c8f57d9f28e0081503f547ac8f5" -+"checksum tempfile 3.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e24d9338a0a5be79593e2fa15a648add6138caa803e2d5bc782c371732ca9" -+"checksum textwrap 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" -+"checksum treeline 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "a7f741b240f1a48843f9b8e0444fb55fb2a4ff67293b50a9179dfd5ea67f8d41" -+"checksum unicode-width 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "caaa9d531767d1ff2150b9332433f32a24622147e5ebb1f26409d5da67afd479" -+"checksum unicode-xid 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "826e7639553986605ec5979c7dd957c7895e93eabed50ab2ffa7f6128a75097c" -+"checksum wasi 0.9.0+wasi-snapshot-preview1 (registry+https://github.com/rust-lang/crates.io-index)" = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" -+"checksum winapi 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)" = "8093091eeb260906a183e6ae1abdba2ef5ef2257a21801128899c3fc699229c6" -+"checksum winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" -+"checksum winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" ++checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" diff --git a/nixpkgs/pkgs/tools/security/b3sum/default.nix b/nixpkgs/pkgs/tools/security/b3sum/default.nix index 6f783d07ced..dd6a538d11d 100644 --- a/nixpkgs/pkgs/tools/security/b3sum/default.nix +++ b/nixpkgs/pkgs/tools/security/b3sum/default.nix @@ -2,18 +2,18 @@ rustPlatform.buildRustPackage rec { pname = "b3sum"; - version = "0.1.3"; + version = "0.3.4"; src = fetchFromGitHub { owner = "BLAKE3-team"; repo = "BLAKE3"; rev = version; - sha256 = "1aigwwv576ybb3x3fppq46kbvd3k4fc4w1hh2hkzyyic6fibwbpy"; + sha256 = "02yyv91wvy5w7i05z6f3kzxm5x34a4xgkgmcqxnb0ivsxnnld73h"; }; sourceRoot = "source/b3sum"; - cargoSha256 = "1rqhz2r60603mylazn37mkm783qb7qhjcg8cqss0iy1g752f3f2i"; + cargoSha256 = "0ycn5788dc925wx28sgfs121w4x7yggm4mnmwij829ka8859bymk"; cargoPatches = [ ./add-cargo-lock.patch ]; diff --git a/nixpkgs/pkgs/tools/security/bettercap/default.nix b/nixpkgs/pkgs/tools/security/bettercap/default.nix index d3cc3c7cadb..a8ca38e1f1d 100644 --- a/nixpkgs/pkgs/tools/security/bettercap/default.nix +++ b/nixpkgs/pkgs/tools/security/bettercap/default.nix @@ -10,16 +10,18 @@ buildGoModule rec { pname = "bettercap"; - version = "2.27.1"; + version = "2.28"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "0jb78c3s6p210mj28qg4aacd8ly6d6k5h9c48y88vmcyllzjvbhl"; + sha256 = "0aihinn3i3jj350l2rqph7nv3wy4nh4f8syidf77zybjcp9nmcys"; }; - vendorSha256 = "1j272w0zdndcz4fmh9fzbk2q8wmyfi70vn0p6d8cg0r0l231sbyx"; + vendorSha256 = "0yfs1f18d8frbkrshsajzzbj4wh2azd89g2h35wm6wqknvlipwr0"; + + doCheck = false; nativeBuildInputs = [ pkg-config ]; buildInputs = [ libpcap libnfnetlink libnetfilter_queue libusb1 ]; @@ -32,6 +34,5 @@ buildGoModule rec { homepage = "https://www.bettercap.org/"; license = with licenses; gpl3; maintainers = with maintainers; [ y0no ]; - platforms = platforms.all; }; -}
\ No newline at end of file +} diff --git a/nixpkgs/pkgs/tools/security/bitwarden/default.nix b/nixpkgs/pkgs/tools/security/bitwarden/default.nix index f2abc376cd2..d383a00a7f2 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden/default.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden/default.nix @@ -6,6 +6,7 @@ , makeDesktopItem , makeWrapper , stdenv +, lib , udev , wrapGAppsHook }: @@ -16,11 +17,11 @@ let pname = "bitwarden"; version = { - x86_64-linux = "1.17.2"; + x86_64-linux = "1.20.1"; }.${system} or ""; sha256 = { - x86_64-linux = "0v7lrwj3sdypnqayknwg0cg9c2gfsxbjic5wswkfxljy652x8izx"; + x86_64-linux = "1lywslkpgg9rxwz7kwfknkgdi0r47j14i420r5yxgkaizb7ww27z"; }.${system} or ""; meta = with stdenv.lib; { @@ -72,7 +73,7 @@ let ''; runtimeDependencies = [ - udev.lib + (lib.getLib udev) ]; postFixup = '' diff --git a/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix b/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix index 6d3c4bccef9..c2bb8324186 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix @@ -1,4 +1,4 @@ -{ stdenv, rustPlatform, fetchFromGitHub +{ stdenv, rustPlatform, fetchFromGitHub, nixosTests , pkgconfig, openssl , Security, CoreServices , dbBackend ? "sqlite", libmysqlclient, postgresql }: @@ -8,13 +8,13 @@ let in rustPlatform.buildRustPackage rec { pname = "bitwarden_rs"; - version = "1.14.2"; + version = "1.16.3"; src = fetchFromGitHub { owner = "dani-garcia"; repo = pname; rev = version; - sha256 = "0413yjbnj4k917x48h1gnj64kygbr6c1n55f23qkvj0hgbxpgssz"; + sha256 = "1scy8abzy6j1jsms84cg2nqkn1zsxr5mjikp2xh0yl0ckkk13ffn"; }; nativeBuildInputs = [ pkgconfig ]; @@ -25,7 +25,7 @@ in rustPlatform.buildRustPackage rec { RUSTC_BOOTSTRAP = 1; - cargoSha256 = "09747f9g7yyq9c8wbfdb3hwxii5xq23ynhba0vc01nhjpjyn0ksd"; + cargoSha256 = "112mvgq581cms0war5dbni7f7yryjr5agryzn5qx835qkznzar8s"; cargoBuildFlags = [ featuresFlag ]; checkPhase = '' @@ -35,11 +35,12 @@ in rustPlatform.buildRustPackage rec { runHook postCheck ''; + passthru.tests = nixosTests.bitwarden; + meta = with stdenv.lib; { description = "Unofficial Bitwarden compatible server written in Rust"; homepage = "https://github.com/dani-garcia/bitwarden_rs"; license = licenses.gpl3; maintainers = with maintainers; [ msteen ]; - platforms = platforms.all; }; } diff --git a/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix b/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix index 256bf458b3b..2ac50912c05 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix @@ -1,12 +1,12 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchurl, nixosTests }: stdenv.mkDerivation rec { pname = "bitwarden_rs-vault"; - version = "2.14.0"; + version = "2.15.1"; src = fetchurl { url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - sha256 = "16620md9lsxw6s0qzv5vj9kfkgxnlaxfrax6s2h3h39skza80x2c"; + sha256 = "1wvpg2awdbpbzhxhrf1iv1mjjc1ah54kswnznc7w5zbh9512dyx8"; }; buildCommand = '' @@ -16,6 +16,8 @@ stdenv.mkDerivation rec { mv web-vault vault ''; + passthru.tests = nixosTests.bitwarden; + meta = with stdenv.lib; { description = "Integrates the web vault into bitwarden_rs"; homepage = "https://github.com/dani-garcia/bw_web_builds"; diff --git a/nixpkgs/pkgs/tools/security/browserpass/default.nix b/nixpkgs/pkgs/tools/security/browserpass/default.nix index 2dd03bc465d..9aec14e0a41 100644 --- a/nixpkgs/pkgs/tools/security/browserpass/default.nix +++ b/nixpkgs/pkgs/tools/security/browserpass/default.nix @@ -14,6 +14,8 @@ buildGoModule rec { vendorSha256 = "1wcbn0ip596f2dp68y6jmxgv20l0dgrcxg5cwclkawigj05416zj"; + doCheck = false; + postPatch = '' # Because this Makefile will be installed to be used by the user, patch # variables to be valid by default @@ -48,7 +50,6 @@ buildGoModule rec { description = "Browserpass native client app"; homepage = "https://github.com/browserpass/browserpass-native"; license = licenses.isc; - platforms = platforms.all; maintainers = with maintainers; [ rvolosatovs infinisil ]; }; -}
\ No newline at end of file +} diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock index 107e425bc57..f130b57912b 100644 --- a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock @@ -1,10 +1,10 @@ GEM remote: https://rubygems.org/ specs: - bundler-audit (0.6.1) + bundler-audit (0.7.0.1) bundler (>= 1.2.0, < 3) - thor (~> 0.18) - thor (0.20.3) + thor (>= 0.18, < 2) + thor (1.0.1) PLATFORMS ruby diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/default.nix b/nixpkgs/pkgs/tools/security/bundler-audit/default.nix index 6bcb341a834..c24831f26b0 100644 --- a/nixpkgs/pkgs/tools/security/bundler-audit/default.nix +++ b/nixpkgs/pkgs/tools/security/bundler-audit/default.nix @@ -21,6 +21,7 @@ bundlerEnv rec { - Does not require a network connection. ''; homepage = "https://github.com/rubysec/bundler-audit"; + changelog = "https://github.com/rubysec/bundler-audit/blob/v${version}/ChangeLog.md"; license = licenses.gpl3Plus; maintainers = with maintainers; [ primeos nicknovitski ]; platforms = platforms.unix; diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix index 56d78b3e8f1..2121a3c08e5 100644 --- a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix @@ -1,19 +1,23 @@ { bundler-audit = { dependencies = ["thor"]; + groups = ["default"]; + platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0pm22xpn3xyymsainixnrk8v3l3xi9bzwkjkspx00cfzp84xvxbq"; + sha256 = "04l9rs56rlvihbr2ybkrigjajgd3swa98lxvmdl8iylj1g5m7n0j"; type = "gem"; }; - version = "0.6.1"; + version = "0.7.0.1"; }; thor = { + groups = ["default"]; + platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1yhrnp9x8qcy5vc7g438amd5j9sw83ih7c30dr6g6slgw9zj3g29"; + sha256 = "1xbhkmyhlxwzshaqa7swy2bx6vd64mm0wrr8g3jywvxy7hg0cwkm"; type = "gem"; }; - version = "0.20.3"; + version = "1.0.1"; }; }
\ No newline at end of file diff --git a/nixpkgs/pkgs/tools/security/ccid/default.nix b/nixpkgs/pkgs/tools/security/ccid/default.nix index e74e1b61438..b7f408e748f 100644 --- a/nixpkgs/pkgs/tools/security/ccid/default.nix +++ b/nixpkgs/pkgs/tools/security/ccid/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "ccid"; - version = "1.4.32"; + version = "1.4.33"; src = fetchurl { url = "https://ccid.apdu.fr/files/${pname}-${version}.tar.bz2"; - sha256 = "0f8nzk7379ip4x2ii5vn6h67jyx733pq0ywnnsj2llbxi2vllpsl"; + sha256 = "0974h2v9wq0j0ajw3c7yckaw8wqcppb2npfhfhmv9phijy9xlmjj"; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/certstrap/default.nix b/nixpkgs/pkgs/tools/security/certstrap/default.nix index fb3c00e48f9..99ba5c9e29b 100644 --- a/nixpkgs/pkgs/tools/security/certstrap/default.nix +++ b/nixpkgs/pkgs/tools/security/certstrap/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "certstrap"; - version = "1.1.1"; + version = "1.2.0"; goPackagePath = "github.com/square/certstrap"; @@ -10,13 +10,12 @@ buildGoPackage rec { owner = "square"; repo = "certstrap"; rev = "v${version}"; - sha256 = "0j7gi2nzykny7i0gjax9vixw72l9jcm4wnwxgm72hh1pji0ysa8n"; + sha256 = "1ymchnn7c9g3pq7rw4lrwsd6z3wfjx90g7qgrw6r5hssl77mnscj"; }; meta = with stdenv.lib; { inherit (src.meta) homepage; description = "Tools to bootstrap CAs, certificate requests, and signed certificates"; - platforms = platforms.all; license = licenses.asl20; maintainers = with maintainers; [ volth ]; }; diff --git a/nixpkgs/pkgs/tools/security/cfssl/default.nix b/nixpkgs/pkgs/tools/security/cfssl/default.nix index 6d4238de700..1aef7b5bd56 100644 --- a/nixpkgs/pkgs/tools/security/cfssl/default.nix +++ b/nixpkgs/pkgs/tools/security/cfssl/default.nix @@ -1,34 +1,49 @@ -{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }: +{ stdenv, buildGoModule, fetchFromGitHub, go-rice }: -buildGoPackage rec { +buildGoModule rec { pname = "cfssl"; - version = "1.3.2"; - - goPackagePath = "github.com/cloudflare/cfssl"; + version = "1.4.1"; src = fetchFromGitHub { owner = "cloudflare"; repo = "cfssl"; - rev = version; - sha256 = "0j2gz2vl2pf7ir7sc7jrwmjnr67hk4qhxw09cjx132jbk337jc9x"; + rev = "v${version}"; + sha256 = "07qacg95mbh94fv64y577zyr4vk986syf8h5l8lbcmpr0zcfk0pd"; }; - # The following patch ensures that the auth-key decoder doesn't break, - # if the auth-key file contains leading or trailing whitespaces. - # https://github.com/cloudflare/cfssl/pull/923 is merged - # remove patch when it becomes part of a release. - patches = [ - (fetchpatch { - url = "https://github.com/cloudflare/cfssl/commit/7e13f60773c96644db9dd8d342d42fe3a4d26f36.patch"; - sha256 = "1z2v2i8yj7qpj8zj5f2q739nhrr9s59jwzfzk52wfgssl4vv5mn5"; - }) + subPackages = [ + "cmd/cfssl" + "cmd/cfssljson" + "cmd/cfssl-bundle" + "cmd/cfssl-certinfo" + "cmd/cfssl-newkey" + "cmd/cfssl-scan" + "cmd/multirootca" + "cmd/mkbundle" ]; + vendorSha256 = null; + + doCheck = false; + + nativeBuildInputs = [ go-rice ]; + + preBuild = '' + pushd cli/serve + rice embed-go + popd + ''; + + buildFlagsArray = '' + -ldflags= + -s -w + -X github.com/cloudflare/cfssl/cli/version.version=v${version} + ''; + meta = with stdenv.lib; { homepage = "https://cfssl.org/"; description = "Cloudflare's PKI and TLS toolkit"; license = licenses.bsd2; maintainers = with maintainers; [ mbrgm ]; - platforms = platforms.all; }; } diff --git a/nixpkgs/pkgs/tools/security/chipsec/default.nix b/nixpkgs/pkgs/tools/security/chipsec/default.nix index 387fa4d750b..5dccf295065 100644 --- a/nixpkgs/pkgs/tools/security/chipsec/default.nix +++ b/nixpkgs/pkgs/tools/security/chipsec/default.nix @@ -2,13 +2,13 @@ , kernel ? null, withDriver ? false }: pythonPackages.buildPythonApplication rec { pname = "chipsec"; - version = "1.4.9"; + version = "1.5.1"; src = fetchFromGitHub { owner = "chipsec"; repo = "chipsec"; rev = version; - sha256 = "1p6w8294w5z2f4jwc22mqaggv5qajvmf9iifv7fl7wdz3wsvskrk"; + sha256 = "1rxr9i08a22m15slvlkrhnki30jixi2ds096kmmc2nqzfr9yibmb"; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/clamav/default.nix b/nixpkgs/pkgs/tools/security/clamav/default.nix index 9b58aa97dd5..fb523c5299c 100644 --- a/nixpkgs/pkgs/tools/security/clamav/default.nix +++ b/nixpkgs/pkgs/tools/security/clamav/default.nix @@ -1,15 +1,15 @@ { stdenv, fetchurl, pkgconfig , zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2 -, libmspack, systemd +, libmspack, systemd, Foundation }: stdenv.mkDerivation rec { pname = "clamav"; - version = "0.102.3"; + version = "0.102.4"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - sha256 = "14q6vi178ih60yz4ja33b6181va1dcj8fyscnmxfx2crav250c7d"; + sha256 = "06rrzyrhnr0rswryijpbbzywr6387rv8qjq8sb8cl3h2d1m45ggf"; }; # don't install sample config files into the absolute sysconfdir folder @@ -20,13 +20,12 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; buildInputs = [ zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack - systemd - ]; + ] ++ stdenv.lib.optional stdenv.isLinux systemd + ++ stdenv.lib.optional stdenv.isDarwin Foundation; configureFlags = [ "--libdir=$(out)/lib" "--sysconfdir=/etc/clamav" - "--with-systemdsystemunitdir=$(out)/lib/systemd" "--disable-llvm" # enabling breaks the build at the moment "--with-zlib=${zlib.dev}" "--with-xml=${libxml2.dev}" @@ -34,7 +33,8 @@ stdenv.mkDerivation rec { "--with-libcurl=${curl.dev}" "--with-system-libmspack" "--enable-milter" - ]; + ] ++ stdenv.lib.optional stdenv.isLinux + "--with-systemdsystemunitdir=$(out)/lib/systemd"; postInstall = '' mkdir $out/etc @@ -46,6 +46,6 @@ stdenv.mkDerivation rec { description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats"; license = licenses.gpl2; maintainers = with maintainers; [ phreedom robberer qknight fpletz globin ]; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/creddump/default.nix b/nixpkgs/pkgs/tools/security/creddump/default.nix new file mode 100644 index 00000000000..d37c58a5159 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/creddump/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitLab, python2, python2Packages }: + +python2Packages.buildPythonApplication rec { + pname = "creddump"; + version = "0.3"; + + src = fetchFromGitLab { + owner = "kalilinux"; + repo = "packages/creddump"; + # url-encoding workaround: https://github.com/NixOS/nixpkgs/issues/65796#issuecomment-517829019 + rev = "debian%2F${version}-1kali2"; # %2F = urlquote("/") + sha256 = "0r3rs2hggsvv619l3fh3c0jli6d3ryyj30ni3hz0nz670z5smzcf"; + }; + + # No setup.py is available + dontBuild = true; + doCheck = false; + propagatedBuildInputs = [ python2Packages.pycrypto ]; + + installPhase = '' + mkdir -p ${placeholder "out"}/bin + cp -r framework ${placeholder "out"}/bin/framework + cp pwdump.py ${placeholder "out"}/bin/pwdump + cp cachedump.py ${placeholder "out"}/bin/cachedump + cp lsadump.py ${placeholder "out"}/bin/lsadump + ''; + + meta = with stdenv.lib; { + description = "Python tool to extract various credentials and secrets from Windows registry hives"; + homepage = "https://gitlab.com/kalilinux/packages/creddump"; + license = licenses.gpl3; + platforms = platforms.unix; + maintainers = [ maintainers.fishi0x01 ]; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/diceware/default.nix b/nixpkgs/pkgs/tools/security/diceware/default.nix deleted file mode 100644 index f32d63cfc10..00000000000 --- a/nixpkgs/pkgs/tools/security/diceware/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib -, python3Packages -}: - -with python3Packages; - -buildPythonApplication rec { - pname = "diceware"; - version = "0.9.6"; - - src = fetchPypi { - inherit pname version; - sha256 = "0klb0ysybzlh2wihvir82hgq62v0jjmlcqklwajyms7c0p529yby"; - }; - - nativeBuildInputs = [ pytestrunner ]; - - propagatedBuildInputs = [ setuptools ]; - - checkInputs = [ coverage pytest ]; - - # see https://github.com/ulif/diceware/commit/a7d844df76cd4b95a717f21ef5aa6167477b6733 - checkPhase = '' - py.test -m 'not packaging' - ''; - - meta = with lib; { - description = "Generates passphrases by concatenating words randomly picked from wordlists"; - homepage = "https://github.com/ulif/diceware"; - license = licenses.gpl3; - maintainers = with maintainers; [ asymmetric ]; - }; -} diff --git a/nixpkgs/pkgs/tools/security/doona/default.nix b/nixpkgs/pkgs/tools/security/doona/default.nix new file mode 100644 index 00000000000..5e1233f308c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/doona/default.nix @@ -0,0 +1,36 @@ +{ fetchFromGitHub +, stdenv +, perl +}: + +stdenv.mkDerivation rec { + pname = "doona"; + version = "unstable-2019-03-08"; + + src = fetchFromGitHub { + owner = "wireghoul"; + repo = pname; + rev = "master"; + sha256 = "0x9irwrw5x2ia6ch6gshadrlqrgdi1ivkadmr7j4m75k04a7nvz1"; + }; + + buildInputs = [ perl ]; + + installPhase = '' + mkdir -p $out/bin + cp -r ${src}/bedmod $out/bin/bedmod + cp ${src}/doona.pl $out/bin/doona + chmod +x $out/bin/doona + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/wireghoul/doona"; + description = "A fork of the Bruteforce Exploit Detector Tool (BED)"; + longDescription = '' + A fork of the Bruteforce Exploit Detector Tool (BED). + BED is a program which is designed to check daemons for potential buffer overflows, format string bugs etc. + ''; + license = licenses.gpl2; + maintainers = with maintainers; [ pamplemousse ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/doppler/default.nix b/nixpkgs/pkgs/tools/security/doppler/default.nix new file mode 100644 index 00000000000..847d5d0cafb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/doppler/default.nix @@ -0,0 +1,28 @@ +{ buildGoModule, fetchFromGitHub, lib }: + +buildGoModule rec { + pname = "doppler"; + version = "3.10.3"; + + src = fetchFromGitHub { + owner = "dopplerhq"; + repo = "cli"; + rev = version; + sha256 = "15wmg67wwwgrs8q45r1z98k9v7mf2bfgsa40gcf8dr18ilnfpbn4"; + }; + + vendorSha256 = "0wqbwk72k4r30a3vnf0gnx3k97y8xgnr2iavk5bc8f8vkjv0bsv6"; + + buildFlagsArray = "-ldflags=-X github.com/DopplerHQ/cli/pkg/version.ProgramVersion=v${version}"; + + postInstall = '' + mv $out/bin/cli $out/bin/doppler + ''; + + meta = with lib; { + homepage = "https://doppler.com"; + description = "The official CLI for interacting with your Doppler Enclave secrets and configuation"; + license = licenses.asl20; + maintainers = with maintainers; [ lucperkins ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/eid-mw/default.nix b/nixpkgs/pkgs/tools/security/eid-mw/default.nix index cad5bb244f9..1fdd5b9a722 100644 --- a/nixpkgs/pkgs/tools/security/eid-mw/default.nix +++ b/nixpkgs/pkgs/tools/security/eid-mw/default.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation rec { pname = "eid-mw"; - version = "4.4.16"; + version = "4.4.27"; src = fetchFromGitHub { - sha256 = "1q82fw63xzrnrgh1wyh457hal6vfdl6swqfq7l6kviywiwlzx7kd"; rev = "v${version}"; + sha256 = "17lw8iwp7h5cs3db80sysr84ffi333cf2vrhncs9l6hy6glfl2v1"; repo = "eid-mw"; owner = "Fedict"; }; @@ -25,6 +25,8 @@ stdenv.mkDerivation rec { ln -s ${openssl.bin}/bin openssl ln -s ${openssl.dev}/include openssl export SSL_PREFIX=$(realpath openssl) + substituteInPlace plugins_tools/eid-viewer/Makefile.in \ + --replace "c_rehash" "openssl rehash" ''; postPatch = '' @@ -64,13 +66,6 @@ stdenv.mkDerivation rec { eid-viewer is also installed. - **TO FIX:** - The procedure below did not work for me, I had to install the .so directly in firefox as instructed at - https://eid.belgium.be/en/log-eid#7507 - and specify - /run/current-system/sw/lib/libbeidpkcs11.so - as the path to the module. - This package only installs the libraries. To use eIDs in Firefox or Chromium, the eID Belgium add-on must be installed. This package only installs the libraries. To use eIDs in NSS-compatible @@ -81,6 +76,11 @@ stdenv.mkDerivation rec { Before uninstalling this package, it is a very good idea to run ~$ eid-nssdb [--system] remove and remove all ~/.pki and/or /etc/pki directories no longer needed. + + The above procedure doesn't seem to work in Firefox. You can override the + firefox wrapper to add this derivation to the PKCS#11 modules, like so: + + firefox.override { pkcs11Modules = [ pkgs.eid-mw ]; } ''; platforms = platforms.linux; maintainers = with maintainers; [ bfortz ]; diff --git a/nixpkgs/pkgs/tools/security/encryptr/default.nix b/nixpkgs/pkgs/tools/security/encryptr/default.nix index b4c2bef2cf4..62311a41da3 100644 --- a/nixpkgs/pkgs/tools/security/encryptr/default.nix +++ b/nixpkgs/pkgs/tools/security/encryptr/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, glib, nss, nspr, gconf, fontconfig, freetype +{ stdenv, lib, fetchurl, glib, nss, nspr, gconf, fontconfig, freetype , pango , cairo, libX11 , libXi, libXcursor, libXext, libXfixes , libXrender, libXcomposite , alsaLib, libXdamage, libXtst, libXrandr , expat, libcap, systemd , dbus, gtk2 , gdk-pixbuf, libnotify @@ -36,7 +36,7 @@ in stdenv.mkDerivation rec { cp -v {encryptr-bin,icudtl.dat,nw.pak} $out/bin mv -v $out/bin/encryptr{-bin,} cp -v lib* $out/lib - ln -sv ${systemd.lib}/lib/libudev.so.1 $out/lib/libudev.so.0 + ln -sv ${lib.getLib systemd}/lib/libudev.so.1 $out/lib/libudev.so.0 patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ --set-rpath $out/lib:${rpath} \ diff --git a/nixpkgs/pkgs/tools/security/fail2ban/default.nix b/nixpkgs/pkgs/tools/security/fail2ban/default.nix index 6377e829aa6..c27f82d7053 100644 --- a/nixpkgs/pkgs/tools/security/fail2ban/default.nix +++ b/nixpkgs/pkgs/tools/security/fail2ban/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, python3, gamin }: +{ stdenv, fetchFromGitHub, python3 }: let version = "0.11.1"; in diff --git a/nixpkgs/pkgs/tools/security/fprintd/default.nix b/nixpkgs/pkgs/tools/security/fprintd/default.nix index 62f5dda17f6..b14aff386ab 100644 --- a/nixpkgs/pkgs/tools/security/fprintd/default.nix +++ b/nixpkgs/pkgs/tools/security/fprintd/default.nix @@ -40,17 +40,17 @@ stdenv.mkDerivation rec { # https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/50 (fetchpatch { url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/d7fec03f24d10f88d34581c72f0eef201f5eafac.patch"; - sha256 = "QNN05WF4YZ0XiTwm5NkfqZDuQpyXlnrh+RJF9SNsCDk="; + sha256 = "0f88dhizai8jz7hpm5lpki1fx4593zcy89iwi4brsqbqc7jp9ls0"; }) # Fix locating libpam_wrapper for tests (fetchpatch { url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/40.patch"; - sha256 = "43uPihK6HhygHw1Qplwci80Wseq/S77VUp+OdEECHmM="; + sha256 = "0qqy090p93lzabavwjxzxaqidkcb3ifacl0d3yh1q7ms2a58yyz3"; }) (fetchpatch { url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f401f399a85dbeb2de165b9b9162eb552ab6eea7.patch"; - sha256 = "Pga+/QEkln8DOwGZfKM1r2urJX4Y3X0bozWWxKZ5ia0="; + sha256 = "1bc9g6kc95imlcdpvp8qgqjsnsxg6nipr6817c1pz5i407yvw1iy"; }) ]; diff --git a/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix b/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix index 15b8820bfd5..68536a519aa 100644 --- a/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix +++ b/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix @@ -1,4 +1,4 @@ -{ coreutils, fetchFromGitHub, libcaca, makeWrapper, python, openssl, qrencode, stdenv, yubikey-manager }: +{ coreutils, fetchFromGitHub, file, libcaca, makeWrapper, python, openssl, qrencode, stdenv, yubikey-manager }: stdenv.mkDerivation rec { pname = "gen-oath-safe"; @@ -18,6 +18,7 @@ stdenv.mkDerivation rec { let path = stdenv.lib.makeBinPath [ coreutils + file libcaca.bin openssl.bin python diff --git a/nixpkgs/pkgs/tools/security/genpass/default.nix b/nixpkgs/pkgs/tools/security/genpass/default.nix index ee3eebac991..39a84112d63 100644 --- a/nixpkgs/pkgs/tools/security/genpass/default.nix +++ b/nixpkgs/pkgs/tools/security/genpass/default.nix @@ -1,6 +1,9 @@ { stdenv , fetchFromGitHub , rustPlatform +, CoreFoundation +, libiconv +, Security }: rustPlatform.buildRustPackage rec { pname = "genpass"; @@ -15,11 +18,12 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "1p6l64s9smhwka8bh3pamqimamxziad859i62nrmxzqc49nq5s7m"; + buildInputs = stdenv.lib.optionals stdenv.isDarwin [ CoreFoundation libiconv Security ]; + meta = with stdenv.lib; { description = "A simple yet robust commandline random password generator."; homepage = "https://github.com/cyplo/genpass"; license = licenses.agpl3; - platforms = platforms.all; maintainers = with maintainers; [ cyplo ]; }; } diff --git a/nixpkgs/pkgs/tools/security/gnupg/20.nix b/nixpkgs/pkgs/tools/security/gnupg/20.nix deleted file mode 100644 index f5b693fed35..00000000000 --- a/nixpkgs/pkgs/tools/security/gnupg/20.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ fetchurl, stdenv, readline, zlib, libgpgerror, pth, libgcrypt, libassuan -, libksba, coreutils, libiconv, pcsclite - -# Each of the dependencies below are optional. -# Gnupg can be built without them at the cost of reduced functionality. -, pinentry ? null, guiSupport ? false -, openldap ? null, bzip2 ? null, libusb-compat-0_1 ? null, curl ? null -}: - -with stdenv.lib; - -assert guiSupport -> pinentry != null; - -stdenv.mkDerivation rec { - pname = "gnupg"; - version = "2.0.30"; - - src = fetchurl { - url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "0wax4cy14hh0h7kg9hj0hjn9424b71z8lrrc5kbsasrn9xd7hag3"; - }; - - buildInputs - = [ readline zlib libgpgerror libgcrypt libassuan libksba pth - openldap bzip2 libusb-compat-0_1 curl libiconv ]; - - patches = [ ./gpgkey2ssh-20.patch ]; - - prePatch = '' - find tests -type f | xargs sed -e 's@/bin/pwd@${coreutils}&@g' -i - '' + stdenv.lib.optionalString stdenv.isLinux '' - sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c - '' + stdenv.lib.optionalString stdenv.isDarwin '' - find . -name pcsc-wrapper.c | xargs sed -i 's/typedef unsinged int pcsc_dword_t/typedef unsigned int pcsc_dword_t/' - '' + '' - patch gl/stdint_.h < ${./clang.patch} - ''; - - pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; - configureFlags = optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; - - postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c"; - - checkPhase="GNUPGHOME=`pwd` ./agent/gpg-agent --daemon make check"; - - doCheck = true; - - meta = with stdenv.lib; { - homepage = "https://gnupg.org"; - description = "Stable (2.0) release of the GNU Privacy Guard, a GPL OpenPGP implementation"; - license = licenses.gpl3Plus; - longDescription = '' - The GNU Privacy Guard is the GNU project's complete and free - implementation of the OpenPGP standard as defined by RFC4880. GnuPG - "stable" (2.0) is the current stable version for general use. This is - what most users are still using. GnuPG allows to encrypt and sign your - data and communication, features a versatile key management system as well - as access modules for all kind of public key directories. GnuPG, also - known as GPG, is a command line tool with features for easy integration - with other applications. A wealth of frontend applications and libraries - are available. Version 2 of GnuPG also provides support for S/MIME. - ''; - maintainers = with maintainers; [ roconnor ]; - platforms = platforms.all; - }; -} diff --git a/nixpkgs/pkgs/tools/security/gnupg/22.nix b/nixpkgs/pkgs/tools/security/gnupg/22.nix index 7c095cffa31..48271a2f5bc 100644 --- a/nixpkgs/pkgs/tools/security/gnupg/22.nix +++ b/nixpkgs/pkgs/tools/security/gnupg/22.nix @@ -16,11 +16,11 @@ assert guiSupport -> pinentry != null && enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.2.20"; + version = "2.2.23"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "0c6a4v9p6qzhsw1pfcwc459bxpc8hma0w9z8iqb9khvligack9q4"; + sha256 = "0p6ss4f3vlkf91pmp27bmvfr5bdxxi0pb3dmxpqljglbsx4mxd8h"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -38,8 +38,10 @@ stdenv.mkDerivation rec { ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch ]; postPatch = '' - sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' \ - configure doc/dirmngr.texi doc/gnupg.info-1 + sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' configure doc/dirmngr.texi doc/gnupg.info-1 + # Fix broken SOURCE_DATE_EPOCH usage - remove on the next upstream update + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.am + sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.in '' + stdenv.lib.optionalString ( stdenv.isLinux && pcsclite != null) '' sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; #" fix Emacs syntax highlighting :-( diff --git a/nixpkgs/pkgs/tools/security/gobuster/default.nix b/nixpkgs/pkgs/tools/security/gobuster/default.nix index 8b808551149..6e049917de2 100644 --- a/nixpkgs/pkgs/tools/security/gobuster/default.nix +++ b/nixpkgs/pkgs/tools/security/gobuster/default.nix @@ -16,10 +16,12 @@ buildGoModule rec { vendorSha256 = "0kr9i2nm5csf3070hwaiss137pfa3088xbw2zigp7aqb2naky036"; + doCheck = false; + meta = with lib; { description = "Tool used to brute-force URIs, DNS subdomains, Virtual Host names on target web servers"; homepage = "https://github.com/OJ/gobuster"; license = licenses.asl20; maintainers = with maintainers; [ pamplemousse ]; }; -}
\ No newline at end of file +} diff --git a/nixpkgs/pkgs/tools/security/gopass/default.nix b/nixpkgs/pkgs/tools/security/gopass/default.nix index 6b9042e5691..15ad1c70a8d 100644 --- a/nixpkgs/pkgs/tools/security/gopass/default.nix +++ b/nixpkgs/pkgs/tools/security/gopass/default.nix @@ -1,5 +1,8 @@ -{ stdenv, makeWrapper -, buildGoModule, fetchFromGitHub, installShellFiles +{ stdenv +, makeWrapper +, buildGoModule +, fetchFromGitHub +, installShellFiles , git , gnupg , xclip @@ -9,7 +12,7 @@ buildGoModule rec { pname = "gopass"; - version = "1.9.2"; + version = "1.10.1"; nativeBuildInputs = [ installShellFiles makeWrapper ]; @@ -17,18 +20,22 @@ buildGoModule rec { owner = "gopasspw"; repo = pname; rev = "v${version}"; - sha256 = "066dphw8xq0g72kj64sdai2yyllnr6ca27bfy5sxhk8x69j97rvz"; + sha256 = "0dhh64mxfhk610wr7bpakzgmc4a4iyhfkkl3qhjp6a46g9iygana"; }; - vendorSha256 = "1wn20bh7ma4pblsf6qnlbz5bx4p9apig3d1yz7cpsqv4z3w07baw"; + vendorSha256 = "07wv6yahx4yzr3h1x93x4r5rvw8wbfk836f04b4r9xjbnpq7lb2a"; + + doCheck = false; buildFlagsArray = [ "-ldflags=-s -w -X main.version=${version} -X main.commit=${src.rev}" ]; - wrapperPath = stdenv.lib.makeBinPath ([ - git - gnupg - xclip - ] ++ stdenv.lib.optional stdenv.isLinux wl-clipboard); + wrapperPath = stdenv.lib.makeBinPath ( + [ + git + gnupg + xclip + ] ++ stdenv.lib.optional stdenv.isLinux wl-clipboard + ); postInstall = '' for shell in bash fish zsh; do @@ -40,16 +47,18 @@ buildGoModule rec { ''; postFixup = '' - wrapProgram $out/bin/gopass \ - --prefix PATH : "${wrapperPath}" + for bin in $out/bin/*; do + wrapProgram $bin \ + --prefix PATH : "${wrapperPath}" + done ''; meta = with stdenv.lib; { - description = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go."; - homepage = "https://www.gopass.pw/"; - license = licenses.mit; - maintainers = with maintainers; [ andir rvolosatovs ]; - platforms = platforms.unix; + description = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go."; + homepage = "https://www.gopass.pw/"; + license = licenses.mit; + maintainers = with maintainers; [ andir rvolosatovs ]; + platforms = platforms.unix; longDescription = '' gopass is a rewrite of the pass password manager in Go with the aim of @@ -61,4 +70,4 @@ buildGoModule rec { well, providing a stellar user experience and a sane, simple interface. ''; }; -}
\ No newline at end of file +} diff --git a/nixpkgs/pkgs/tools/security/hash_extender/default.nix b/nixpkgs/pkgs/tools/security/hash_extender/default.nix index 5bda599f0f0..dc8ea8b2c9b 100644 --- a/nixpkgs/pkgs/tools/security/hash_extender/default.nix +++ b/nixpkgs/pkgs/tools/security/hash_extender/default.nix @@ -25,6 +25,6 @@ stdenv.mkDerivation { description = "Tool to automate hash length extension attacks"; homepage = "https://github.com/iagox86/hash_extender"; license = licenses.bsd3; - maintainers = with maintainers; [ geistesk ]; + maintainers = with maintainers; [ oxzi ]; }; } diff --git a/nixpkgs/pkgs/tools/security/hashcat/default.nix b/nixpkgs/pkgs/tools/security/hashcat/default.nix index c1fd84b6452..b156cda99ac 100644 --- a/nixpkgs/pkgs/tools/security/hashcat/default.nix +++ b/nixpkgs/pkgs/tools/security/hashcat/default.nix @@ -1,12 +1,18 @@ -{ stdenv, fetchurl, makeWrapper, opencl-headers, ocl-icd, xxHash }: +{ stdenv +, fetchurl +, makeWrapper +, opencl-headers +, ocl-icd +, xxHash +}: stdenv.mkDerivation rec { pname = "hashcat"; - version = "5.1.0"; + version = "6.1.1"; src = fetchurl { url = "https://hashcat.net/files/hashcat-${version}.tar.gz"; - sha256 = "0f73y4cg8c7a6q7x34qvpfi4g3lw6j9bnn0a13g43aqyiskflfr8"; + sha256 = "104z63m7lqbb0sdrxhf9yi15l4a9zwf9m6zs9dbb3gf0nfxl1h9r"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix b/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix index c7a5a998555..fc81a395078 100644 --- a/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix +++ b/nixpkgs/pkgs/tools/security/hcxdumptool/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hcxdumptool"; - version = "6.0.6"; + version = "6.1.1"; src = fetchFromGitHub { owner = "ZerBea"; repo = "hcxdumptool"; rev = version; - sha256 = "1b4d543y64ib92w9gcmiyjn5hz2vyjqmxk3f3yr1zk04fhw16gmf"; + sha256 = "0v6dq6x2mrmavazknmhb08ks53773sll367anfrrramild8350bh"; }; buildInputs = [ openssl ]; diff --git a/nixpkgs/pkgs/tools/security/hcxtools/default.nix b/nixpkgs/pkgs/tools/security/hcxtools/default.nix index 5634ee6cff0..a81c1ef75cf 100644 --- a/nixpkgs/pkgs/tools/security/hcxtools/default.nix +++ b/nixpkgs/pkgs/tools/security/hcxtools/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hcxtools"; - version = "6.0.2"; + version = "6.0.3"; src = fetchFromGitHub { owner = "ZerBea"; repo = pname; rev = version; - sha256 = "0a36184igdgs2h83zr4zihc5acps91ipmgph37jakvzwrsn64ma6"; + sha256 = "0s9l5mvzcv6hnj7h28piabnm66b09hk2l57vb85ny35w99hzpkc0"; }; buildInputs = [ curl openssl zlib ]; diff --git a/nixpkgs/pkgs/tools/security/hologram/default.nix b/nixpkgs/pkgs/tools/security/hologram/default.nix index 910bcc522e7..7c5a2d5a4c1 100644 --- a/nixpkgs/pkgs/tools/security/hologram/default.nix +++ b/nixpkgs/pkgs/tools/security/hologram/default.nix @@ -13,8 +13,6 @@ buildGoPackage rec { goPackagePath = "github.com/AdRoll/hologram"; - goDeps = ./deps.nix; - preConfigure = '' sed -i 's|cacheTimeout != 3600|cacheTimeout != 0|' cmd/hologram-server/main.go ''; @@ -23,7 +21,6 @@ buildGoPackage rec { homepage = "https://github.com/AdRoll/hologram/"; description = "Easy, painless AWS credentials on developer laptops."; maintainers = with maintainers; [ nand0p ]; - platforms = platforms.all; license = licenses.asl20; }; } diff --git a/nixpkgs/pkgs/tools/security/hologram/deps.nix b/nixpkgs/pkgs/tools/security/hologram/deps.nix deleted file mode 100644 index a9b66da2a9c..00000000000 --- a/nixpkgs/pkgs/tools/security/hologram/deps.nix +++ /dev/null @@ -1,110 +0,0 @@ -[ - { - goPackagePath = "golang.org/x/crypto"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/crypto"; - rev = "575fdbe86e5dd89229707ebec0575ce7d088a4a6"; - sha256 = "1kgv1mkw9y404pk3lcwbs0vgl133mwyp294i18jg9hp10s5d56xa"; - }; - } - { - goPackagePath = "github.com/golang/protobuf"; - fetch = { - type = "git"; - url = "https://github.com/golang/protobuf"; - rev = "59b73b37c1e45995477aae817e4a653c89a858db"; - sha256 = "1dx22jvhvj34ivpr7gw01fncg9yyx35mbpal4mpgnqka7ajmgjsa"; - }; - } - { - goPackagePath = "github.com/howeyc/gopass"; - fetch = { - type = "git"; - url = "https://github.com/howeyc/gopass"; - rev = "2c70fa70727c953c51695f800f25d6b44abb368e"; - sha256 = "152lrkfxk205rlxiign0w5wb0fmfh910yz4jhlv4f4l1qr1h2lx8"; - }; - } - { - goPackagePath = "github.com/aybabtme/rgbterm"; - fetch = { - type = "git"; - url = "https://github.com/aybabtme/rgbterm"; - rev = "c07e2f009ed2311e9c35bca12ec00b38ccd48283"; - sha256 = "1qph7drds44jzx1whqlrh1hs58k0wv0v58zyq2a81hmm72gsgzam"; - }; - } - { - goPackagePath = "github.com/vaughan0/go-ini"; - fetch = { - type = "git"; - url = "https://github.com/vaughan0/go-ini"; - rev = "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1"; - sha256 = "1l1isi3czis009d9k5awsj4xdxgbxn4n9yqjc1ac7f724x6jacfa"; - }; - } - { - goPackagePath = "github.com/mitchellh/go-homedir"; - fetch = { - type = "git"; - url = "https://github.com/mitchellh/go-homedir"; - rev = "1f6da4a72e57d4e7edd4a7295a585e0a3999a2d4"; - sha256 = "1l5lrsjrnwxn299mhvyxvz8hd0spkx0d31gszm4cyx21bg1xsiy9"; - }; - } - { - goPackagePath = "github.com/goamz/goamz"; - fetch = { - type = "git"; - url = "https://github.com/goamz/goamz"; - rev = "2a8fed5e89ab9e16210fc337d1aac780e8c7bbb7"; - sha256 = "0rlinp0cvgw66qjndg4padr5s0wd3n7kjfggkx6czqj9bqaxcz4b"; - }; - } - { - goPackagePath = "github.com/nmcclain/asn1-ber"; - fetch = { - type = "git"; - url = "https://github.com/go-asn1-ber/asn1-ber"; - rev = "f4b6f4a84f5cde443d1925b5ec185ee93c2bdc72"; - sha256 = "0qdyax6yw3hvplzqc2ykpihi3m5y4nii581ay0mxy9c54bzs2nk9"; - }; - } - { - goPackagePath = "gopkg.in/asn1-ber.v1"; - fetch = { - type = "git"; - url = "https://github.com/go-asn1-ber/asn1-ber"; - rev = "f4b6f4a84f5cde443d1925b5ec185ee93c2bdc72"; - sha256 = "0qdyax6yw3hvplzqc2ykpihi3m5y4nii581ay0mxy9c54bzs2nk9"; - }; - } - { - goPackagePath = "github.com/peterbourgon/g2s"; - fetch = { - type = "git"; - url = "https://github.com/peterbourgon/g2s"; - rev = "ec76db4c1ac16400ac0e17ca9c4840e1d23da5dc"; - sha256 = "1p4p8755v2nrn54rik7yifpg9szyg44y5rpp0kryx4ycl72307rj"; - }; - } - { - goPackagePath = "github.com/nmcclain/ldap"; - fetch = { - type = "git"; - url = "https://github.com/go-ldap/ldap"; - rev = "83e65426fd1c06626e88aa8a085e5bfed0208e29"; - sha256 = "179lwaf0hvczl8g4xzkpcpzq25p1b23f7399bx5zl55iin62d8yz"; - }; - } - { - goPackagePath = "github.com/aws/aws-sdk-go"; - fetch = { - type = "git"; - url = "https://github.com/aws/aws-sdk-go"; - rev = "3f8f870ec9939e32b3372abf74d24e468bcd285d"; - sha256 = "0a4hycs3d87s50z4prf5h6918r0fa2rvrrwlbffs430ilc4y8ghv"; - }; - } -] diff --git a/nixpkgs/pkgs/tools/security/honggfuzz/default.nix b/nixpkgs/pkgs/tools/security/honggfuzz/default.nix new file mode 100644 index 00000000000..71146b15ea3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/honggfuzz/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchFromGitHub, callPackage, makeWrapper +, clang, llvm, libbfd, libopcodes, libunwind, libblocksruntime +}: + +let + honggfuzz = stdenv.mkDerivation rec { + pname = "honggfuzz"; + version = "2.3.1"; + + src = fetchFromGitHub { + owner = "google"; + repo = pname; + rev = "${version}"; + sha256 = "0dcl5a5jykgfmnfj42vl7kah9k26wg38l2g6yfh5pssmlf0nax33"; + }; + + postPatch = '' + substituteInPlace hfuzz_cc/hfuzz-cc.c \ + --replace '"clang' '"${clang}/bin/clang' + ''; + + enableParallelBuilding = true; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ llvm ]; + propagatedBuildInputs = [ libbfd libopcodes libunwind libblocksruntime ]; + + makeFlags = [ "PREFIX=$(out)" ]; + + meta = { + description = "A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer"; + longDescription = '' + Honggfuzz is a security oriented, feedback-driven, evolutionary, + easy-to-use fuzzer with interesting analysis options. It is + multi-process and multi-threaded, blazingly fast when the persistent + fuzzing mode is used and has a solid track record of uncovered security + bugs. + + Honggfuzz uses low-level interfaces to monitor processes and it will + discover and report hijacked/ignored signals from crashes. Feed it + a simple corpus directory (can even be empty for the feedback-driven + fuzzing), and it will work its way up, expanding it by utilizing + feedback-based coverage metrics. + ''; + homepage = "https://honggfuzz.dev/"; + license = stdenv.lib.licenses.asl20; + platforms = ["x86_64-linux"]; + maintainers = with stdenv.lib.maintainers; [ cpu ]; + }; + }; +in honggfuzz diff --git a/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix b/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix index 5e1d460a463..c177726bbb1 100644 --- a/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix +++ b/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "ibm-sw-tpm2"; - version = "1563"; + version = "1637"; src = fetchurl { url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz"; - sha256 = "1sfi7drmbm08rgd2414s3sxd7h5g8d4kiwk40xklf7sw67w1ffpw"; + sha256 = "09z3wbv38dc8wnw1q961s6bcd0kvz2xkjp6dxg4kn914fwzlqfnx"; }; buildInputs = [ openssl ]; diff --git a/nixpkgs/pkgs/tools/security/jd-gui/default.nix b/nixpkgs/pkgs/tools/security/jd-gui/default.nix index af88fd6270f..c4b7706c266 100644 --- a/nixpkgs/pkgs/tools/security/jd-gui/default.nix +++ b/nixpkgs/pkgs/tools/security/jd-gui/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, jre, jdk, gradle, makeDesktopItem, perl, writeText, runtimeShell }: +{ stdenv, fetchFromGitHub, jre, jdk, gradle_5, makeDesktopItem, perl, writeText, runtimeShell }: let pname = "jd-gui"; @@ -15,7 +15,7 @@ let name = "${pname}-deps"; inherit src; - nativeBuildInputs = [ jdk perl gradle ]; + nativeBuildInputs = [ jdk perl gradle_5 ]; buildPhase = '' export GRADLE_USER_HOME=$(mktemp -d); @@ -71,7 +71,7 @@ in stdenv.mkDerivation rec { inherit pname version src; name = "${pname}-${version}"; - nativeBuildInputs = [ jdk gradle ]; + nativeBuildInputs = [ jdk gradle_5 ]; buildPhase = '' export GRADLE_USER_HOME=$(mktemp -d) diff --git a/nixpkgs/pkgs/tools/security/john/default.nix b/nixpkgs/pkgs/tools/security/john/default.nix index f47728b8ba2..2fedec48c70 100644 --- a/nixpkgs/pkgs/tools/security/john/default.nix +++ b/nixpkgs/pkgs/tools/security/john/default.nix @@ -48,20 +48,21 @@ stdenv.mkDerivation rec { enableParallelBuilding = false; postInstall = '' - mkdir -p "$out/bin" "$out/etc/john" "$out/share/john" "$out/share/doc/john" "$out/share/john/rules" + mkdir -p "$out/bin" "$out/etc/john" "$out/share/john" "$out/share/doc/john" "$out/share/john/rules" "$out/${perlPackages.perl.libPrefix}" find -L ../run -mindepth 1 -maxdepth 1 -type f -executable \ -exec cp -d {} "$out/bin" \; cp -vt "$out/etc/john" ../run/*.conf cp -vt "$out/share/john" ../run/*.chr ../run/password.lst cp -vt "$out/share/john/rules" ../run/rules/*.rule cp -vrt "$out/share/doc/john" ../doc/* + cp -vt "$out/${perlPackages.perl.libPrefix}" ../run/lib/* ''; postFixup = '' wrapPythonPrograms for i in $out/bin/*.pl; do - wrapProgram "$i" --prefix PERL5LIB : $PERL5LIB + wrapProgram "$i" --prefix PERL5LIB : "$PERL5LIB:$out/${perlPackages.perl.libPrefix}" done ''; diff --git a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix index 2161aa5f1cd..23c25accc93 100644 --- a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, rustPlatform, Security }: +{ stdenv, fetchFromGitHub, rustPlatform, Security, fetchpatch }: rustPlatform.buildRustPackage rec { pname = "jwt-cli"; @@ -13,6 +13,14 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "165g1v0c8jxs8ddm8ld0hh7k8mvk3566ig43pf99hnw009fg1yc2"; + patches = [ + # to fix `cargo test -- --test-threads $NIX_BUILD_CORES` + (fetchpatch { + url = "https://github.com/mike-engel/jwt-cli/commit/df87111f3084abdecce5d58ad031edb6e7fef94a.patch"; + sha256 = "1vjk7wy8ddkz9wjkiayag61gklrq59m7bwlaiyinjp4n15gx0j1k"; + }) + ]; + buildInputs = stdenv.lib.optional stdenv.isDarwin Security; meta = with stdenv.lib; { @@ -20,6 +28,5 @@ rustPlatform.buildRustPackage rec { homepage = "https://github.com/mike-engel/jwt-cli"; license = with licenses; [ mit ]; maintainers = with maintainers; [ rycee ]; - platforms = platforms.all; }; } diff --git a/nixpkgs/pkgs/tools/security/kbs2/default.nix b/nixpkgs/pkgs/tools/security/kbs2/default.nix new file mode 100644 index 00000000000..191b4f35150 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kbs2/default.nix @@ -0,0 +1,44 @@ +{ stdenv, rustPlatform, fetchFromGitHub, installShellFiles, python3, libxcb, AppKit }: + +rustPlatform.buildRustPackage rec { + pname = "kbs2"; + version = "0.1.4"; + + src = fetchFromGitHub { + owner = "woodruffw"; + repo = pname; + rev = "v${version}"; + sha256 = "1hjcx651nqj1plxw4i2nv72zc0igd8pl31dy2zwm5yyky6dl7qla"; + }; + + cargoSha256 = "11fw097r4mim3rgb0db7naqlf3ws0bavqdd4z84mpdg6714dga0n"; + + nativeBuildInputs = [ installShellFiles ] + ++ stdenv.lib.optionals stdenv.isLinux [ python3 ]; + + buildInputs = [ ] + ++ stdenv.lib.optionals stdenv.isLinux [ libxcb ] + ++ stdenv.lib.optionals stdenv.isDarwin [ AppKit ]; + + preCheck = '' + export HOME=$TMPDIR + ''; + + checkFlagsArray = [ "--skip=kbs2::config::tests::test_find_config_dir" ]; + + postInstall = '' + mkdir -p $out/share/kbs2 + cp -r contrib/ $out/share/kbs2 + for shell in bash fish zsh; do + $out/bin/kbs2 --completions $shell > kbs2.$shell + installShellCompletion kbs2.$shell + done + ''; + + meta = with stdenv.lib; { + description = "A secret manager backed by age"; + homepage = "https://github.com/woodruffw/kbs2"; + license = licenses.mit; + maintainers = [ maintainers.marsam ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/keybase/default.nix b/nixpkgs/pkgs/tools/security/keybase/default.nix index bbc99c2ac41..ee1cfa9d2a4 100644 --- a/nixpkgs/pkgs/tools/security/keybase/default.nix +++ b/nixpkgs/pkgs/tools/security/keybase/default.nix @@ -6,7 +6,7 @@ buildGoPackage rec { pname = "keybase"; - version = "5.4.2"; + version = "5.5.1"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/kbnm" "go/keybase" ]; @@ -17,7 +17,7 @@ buildGoPackage rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - sha256 = "08lw5aw962f75xi42bwbgba94hiql2n2jnsxrkx84czi0ijs1wlr"; + sha256 = "03y69zmzbnfay173xkbzvnhh8zjjd2rfnqmpgr0wvh1psn7mgpsh"; }; patches = [ diff --git a/nixpkgs/pkgs/tools/security/keybase/gui.nix b/nixpkgs/pkgs/tools/security/keybase/gui.nix index b745b63ca9d..20c1bb8f7f1 100644 --- a/nixpkgs/pkgs/tools/security/keybase/gui.nix +++ b/nixpkgs/pkgs/tools/security/keybase/gui.nix @@ -1,19 +1,20 @@ -{ stdenv, fetchurl, alsaLib, atk, cairo, cups, udev +{ stdenv, lib, fetchurl, alsaLib, atk, cairo, cups, udev , dbus, expat, fontconfig, freetype, gdk-pixbuf, glib, gtk3, libappindicator-gtk3 , libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook , runtimeShell, gsettings-desktop-schemas }: let - versionSuffix = "20200424214931.7b0bbf1e3c"; + versionSuffix = "20200527202541.39ca0071e5"; in stdenv.mkDerivation rec { pname = "keybase-gui"; - version = "5.4.2"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "5.5.1"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { + url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - sha256 = "06iksmrr959mlzxc3nwd70apmvhij1xarxvvflys5qa31vravizs"; + sha256 = "1n54a86491aqazqa4rgljbji638nj83ciibqxq46sa2m1php9dfd"; }; nativeBuildInputs = [ @@ -55,7 +56,7 @@ stdenv.mkDerivation rec { ]; runtimeDependencies = [ - udev.lib + (lib.getLib udev) libappindicator-gtk3 ]; diff --git a/nixpkgs/pkgs/tools/security/keycard-cli/default.nix b/nixpkgs/pkgs/tools/security/keycard-cli/default.nix index a76c102b2bb..73eab6c3dec 100644 --- a/nixpkgs/pkgs/tools/security/keycard-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/keycard-cli/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { pname = "keycard-cli"; - version = "0.0.12"; + version = "0.4.0"; goPackagePath = "github.com/status-im/keycard-cli"; subPackages = [ "." ]; @@ -14,7 +14,7 @@ buildGoPackage rec { owner = "status-im"; repo = pname; rev = version; - sha256 = "1jnbaq57i6i9bad1hcvd28mxfqq6v8rv806c6l74vlb79ff4v1wb"; + sha256 = "0917vl5lw8wgvyn5l8q6xa8bqh342fibaa38syr8hmz8b09qkh38"; }; buildFlagsArray = [ diff --git a/nixpkgs/pkgs/tools/security/keysmith/default.nix b/nixpkgs/pkgs/tools/security/keysmith/default.nix new file mode 100644 index 00000000000..b9ab7bb0b4a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/keysmith/default.nix @@ -0,0 +1,45 @@ +{ lib +, mkDerivation +, makeWrapper +, fetchFromGitHub +, cmake +, extra-cmake-modules +, qtbase +, qtquickcontrols2 +, qtdeclarative +, qtgraphicaleffects +, kirigami2 +, oathToolkit +}: +mkDerivation rec { + + pname = "keysmith"; + version = "0.1"; + + src = fetchFromGitHub { + owner = "KDE"; + repo = "keysmith"; + rev = "v${version}"; + sha256 = "15fzf0bvarivm32zqa5w71mscpxdac64ykiawc5hx6kplz93bsgx"; + }; + + nativeBuildInputs = [ cmake extra-cmake-modules makeWrapper ]; + + buildInputs = [ oathToolkit kirigami2 qtquickcontrols2 qtbase ]; + + postInstall = '' + mv $out/bin/org.kde.keysmith $out/bin/.org.kde.keysmith-wrapped + makeWrapper $out/bin/.org.kde.keysmith-wrapped $out/bin/org.kde.keysmith \ + --set QML2_IMPORT_PATH "${lib.getLib kirigami2}/lib/qt-5.12.7/qml:${lib.getBin qtquickcontrols2}/lib/qt-5.12.7/qml:${lib.getBin qtdeclarative}/lib/qt-5.12.7/qml:${qtgraphicaleffects}/lib/qt-5.12.7/qml" \ + --set QT_PLUGIN_PATH "${lib.getBin qtbase}/lib/qt-5.12.7/plugins" + ln -s $out/bin/org.kde.keysmith $out/bin/keysmith + ''; + + meta = with lib; { + description = "OTP client for Plasma Mobile and Desktop"; + license = licenses.gpl3; + homepage = "https://github.com/KDE/keysmith"; + maintainers = with maintainers; [ shamilton ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/lynis/default.nix b/nixpkgs/pkgs/tools/security/lynis/default.nix index bbed166d759..d7f42479d0b 100644 --- a/nixpkgs/pkgs/tools/security/lynis/default.nix +++ b/nixpkgs/pkgs/tools/security/lynis/default.nix @@ -1,17 +1,17 @@ -{ stdenv, makeWrapper, fetchFromGitHub, gawk }: +{ stdenv, makeWrapper, fetchFromGitHub, gawk, installShellFiles }: stdenv.mkDerivation rec { pname = "lynis"; - version = "2.7.5"; + version = "3.0.0"; src = fetchFromGitHub { owner = "CISOfy"; repo = pname; rev = version; - sha256 = "1lkkbvxm0rgrrlx0szaxmf8ghc3d26wal96sgqk84m37mvs1f7p0"; + sha256 = "05p8h2ww4jcc6lgxrm796cbvlfmw26rxq5fmw0xxavbpadiw752j"; }; - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ installShellFiles makeWrapper ]; postPatch = '' grep -rl '/usr/local/lynis' ./ | xargs sed -i "s@/usr/local/lynis@$out/share/lynis@g" @@ -22,6 +22,10 @@ stdenv.mkDerivation rec { cp -r include db default.prf $out/share/lynis/ cp -a lynis $out/bin wrapProgram "$out/bin/lynis" --prefix PATH : ${stdenv.lib.makeBinPath [ gawk ]} + + installManPage lynis.8 + installShellCompletion --bash --name lynis.bash \ + extras/bash_completion.d/lynis ''; meta = with stdenv.lib; { diff --git a/nixpkgs/pkgs/tools/security/minica/default.nix b/nixpkgs/pkgs/tools/security/minica/default.nix new file mode 100644 index 00000000000..20ae3878a71 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/minica/default.nix @@ -0,0 +1,34 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "minica"; + version = "1.0.2"; + + goPackagePath = "github.com/jsha/minica"; + + src = fetchFromGitHub { + owner = "jsha"; + repo = "minica"; + rev = "v${version}"; + sha256 = "18518wp3dcjhf3mdkg5iwxqr3326n6jwcnqhyibphnb2a58ap7ny"; + }; + + buildFlagsArray = '' + -ldflags= + -X main.BuildVersion=${version} + ''; + + meta = with lib; { + description = "A simple tool for generating self signed certificates."; + longDescription = '' + Minica is a simple CA intended for use in situations where the CA + operator also operates each host where a certificate will be used. It + automatically generates both a key and a certificate when asked to + produce a certificate. + ''; + homepage = "https://github.com/jsha/minica/"; + license = licenses.mit; + maintainers = with maintainers; [ m1cr0man ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/minisign/default.nix b/nixpkgs/pkgs/tools/security/minisign/default.nix index ed226994a31..b67b65b0cf8 100644 --- a/nixpkgs/pkgs/tools/security/minisign/default.nix +++ b/nixpkgs/pkgs/tools/security/minisign/default.nix @@ -1,17 +1,17 @@ -{ stdenv, fetchFromGitHub, cmake, libsodium }: +{ stdenv, fetchFromGitHub, cmake, pkg-config, libsodium }: stdenv.mkDerivation rec { pname = "minisign"; - version = "0.8"; + version = "0.9"; src = fetchFromGitHub { repo = "minisign"; owner = "jedisct1"; rev = version; - sha256 = "0rgg9jb5108hd5psivlrfd8cxnjylawm0glcry8ba6zlmkv949r8"; + sha256 = "0qx3hnkwx6ij0hgp5vc74x36qfc4h5wgzr70fqqhmv3zb8q9f2vn"; }; - nativeBuildInputs = [ cmake ]; + nativeBuildInputs = [ cmake pkg-config ]; buildInputs = [ libsodium ]; meta = with stdenv.lib; { diff --git a/nixpkgs/pkgs/tools/security/mkp224o/default.nix b/nixpkgs/pkgs/tools/security/mkp224o/default.nix index 5640debf124..dc17cc60276 100644 --- a/nixpkgs/pkgs/tools/security/mkp224o/default.nix +++ b/nixpkgs/pkgs/tools/security/mkp224o/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "mkp224o"; - version = "1.4.0"; + version = "1.5.0"; src = fetchFromGitHub { owner = "cathugger"; repo = "mkp224o"; rev = "v${version}"; - sha256 = "0b7xs4gnyfhdkwl8wkb6mazas88ybnlbxck59p4n2mnlndvd8kb7"; + sha256 = "0b2cn96wg4l8jkkqqp8l2295xlmm2jc8nrw6rdqb5g0zkpfmrxbb"; }; buildCommand = diff --git a/nixpkgs/pkgs/tools/security/nsjail/default.nix b/nixpkgs/pkgs/tools/security/nsjail/default.nix index 27712e4d42f..4522d0e897a 100644 --- a/nixpkgs/pkgs/tools/security/nsjail/default.nix +++ b/nixpkgs/pkgs/tools/security/nsjail/default.nix @@ -4,26 +4,24 @@ stdenv.mkDerivation rec { pname = "nsjail"; - version = "2.9"; + version = "3.0"; src = fetchFromGitHub { owner = "google"; repo = "nsjail"; rev = version; fetchSubmodules = true; - sha256 = "0218n0qjb45fawqqfj3gdxgd0fw5k0vxn9iggi0ciljmr9zywkgh"; + sha256 = "1w6x8xcrs0i1y3q41gyq8z3cq9x24qablklc4jiydf855lhqn4dh"; }; - postPatch = '' - substituteInPlace user.cc \ - --replace "/usr/bin/newgidmap" "${shadow}/bin/newgidmap" \ - --replace "/usr/bin/newuidmap" "${shadow}/bin/newuidmap" - ''; - nativeBuildInputs = [ autoconf bison flex libtool pkgconfig which ]; buildInputs = [ libnl protobuf protobufc ]; enableParallelBuilding = true; + preBuild = '' + makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap') + ''; + installPhase = '' mkdir -p $out/bin $out/share/man/man1 install nsjail $out/bin/ @@ -34,7 +32,7 @@ stdenv.mkDerivation rec { description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters"; homepage = "http://nsjail.com/"; license = licenses.asl20; - maintainers = with maintainers; [ bosu c0bw3b ]; + maintainers = with maintainers; [ arturcygan bosu c0bw3b ]; platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/tools/security/pcsclite/default.nix b/nixpkgs/pkgs/tools/security/pcsclite/default.nix index 4e01a5792dc..98a3e8797fb 100644 --- a/nixpkgs/pkgs/tools/security/pcsclite/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsclite/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "pcsclite"; - version = "1.8.26"; + version = "1.9.0"; outputs = [ "bin" "out" "dev" "doc" "man" ]; src = fetchurl { url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2"; - sha256 = "1ndvvz0fgqwz70pijymsxmx25mzryb0zav1i8jjc067ndryvxdry"; + sha256 = "1y9f9zipnrmgiw0mxrvcgky8vfrcmg6zh40gbln5a93i2c1x8j01"; }; patches = [ ./no-dropdir-literals.patch ]; @@ -18,7 +18,6 @@ stdenv.mkDerivation rec { # The OS should care on preparing the drivers into this location "--enable-usbdropdir=/var/lib/pcsc/drivers" "--enable-confdir=/etc" - "--enable-ipcdir=/run/pcscd" ] ++ stdenv.lib.optional stdenv.isLinux "--with-systemdsystemunitdir=\${out}/etc/systemd/system" ++ stdenv.lib.optional (!stdenv.isLinux) diff --git a/nixpkgs/pkgs/tools/security/pcsctools/default.nix b/nixpkgs/pkgs/tools/security/pcsctools/default.nix index c9c677e64c0..b2ef4e7e030 100644 --- a/nixpkgs/pkgs/tools/security/pcsctools/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsctools/default.nix @@ -5,11 +5,11 @@ let deps = lib.makeBinPath [ wget coreutils ]; in stdenv.mkDerivation rec { - name = "pcsc-tools-1.5.6"; + name = "pcsc-tools-1.5.7"; src = fetchurl { url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${name}.tar.bz2"; - sha256 = "1a2zd06c6s4sqlpm5801gj41gh5g62jb8srd7vhlcm70hg3l3nsy"; + sha256 = "17b9jxvcxmn007lavan20l25v4jvm6dqc4x9dlqzbg6mjs28zsp0"; }; buildInputs = [ udev dbus perlPackages.perl pcsclite ]; @@ -20,7 +20,7 @@ in stdenv.mkDerivation rec { wrapProgram $out/bin/scriptor \ --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl ]}" wrapProgram $out/bin/gscriptor \ - --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl Glib Gtk2 Pango Cairo ]}" + --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl GlibObjectIntrospection Glib Gtk3 Pango Cairo CairoGObject ]}" wrapProgram $out/bin/ATR_analysis \ --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl ]}" wrapProgram $out/bin/pcsc_scan \ diff --git a/nixpkgs/pkgs/tools/security/rage/default.nix b/nixpkgs/pkgs/tools/security/rage/default.nix index cdba2f2beb0..26ae27dff6b 100644 --- a/nixpkgs/pkgs/tools/security/rage/default.nix +++ b/nixpkgs/pkgs/tools/security/rage/default.nix @@ -1,4 +1,4 @@ -{ stdenv, rustPlatform, fetchFromGitHub, Security }: +{ stdenv, rustPlatform, fetchFromGitHub, installShellFiles, Security }: rustPlatform.buildRustPackage rec { pname = "rage"; @@ -13,8 +13,20 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "08njl8irkqkfxj54pz4sx3l9aqb40h10wxb82zza52pqd4zapgn6"; + nativeBuildInputs = [ installShellFiles ]; + buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security ]; + postBuild = '' + cargo run --example generate-docs + cargo run --example generate-completions + ''; + + postInstall = '' + installManPage target/manpages/* + installShellCompletion target/completions/*.{bash,fish,zsh} + ''; + meta = with stdenv.lib; { description = "A simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability"; homepage = "https://github.com/str4d/rage"; diff --git a/nixpkgs/pkgs/tools/security/rbw/default.nix b/nixpkgs/pkgs/tools/security/rbw/default.nix new file mode 100644 index 00000000000..9eb670102fb --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rbw/default.nix @@ -0,0 +1,76 @@ +{ lib +, rustPlatform +, fetchCrate +, pinentry +, openssl +, pkgconfig +, makeWrapper +, cargo + +# rbw-fzf +, withFzf ? false, fzf, perl + +# rbw-rofi +, withRofi ? false, rofi, xclip + +# pass-import +, withPass ? false, pass +}: + +rustPlatform.buildRustPackage rec { + pname = "rbw"; + version = "0.4.6"; + + src = fetchCrate { + inherit version; + crateName = "${pname}"; + sha256 = "0vq7cwk3i57fvn54q2rgln74j4p9vqm5zyhap94s73swjywicwk0"; + }; + + cargoSha256 = "1h253ncick2v9aki5rf1bdrg5rj3h4nrvx5q01gw03cgwnqvyiiy"; + + nativeBuildInputs = [ + pkgconfig + makeWrapper + ]; + + postPatch = '' + substituteInPlace src/pinentry.rs \ + --replace "Command::new(\"pinentry\")" "Command::new(\"${pinentry}/bin/pinentry\")" + '' + lib.optionalString withFzf '' + patchShebangs bin/rbw-fzf + substituteInPlace bin/rbw-fzf \ + --replace fzf ${fzf}/bin/fzf \ + --replace perl ${perl}/bin/perl + '' + lib.optionalString withRofi '' + patchShebangs bin/rbw-rofi + substituteInPlace bin/rbw-rofi \ + --replace rofi ${rofi}/bin/rofi \ + --replace xclip ${xclip}/bin/xclip + '' + lib.optionalString withRofi '' + patchShebangs bin/pass-import + substituteInPlace bin/pass-import \ + --replace pass ${pass}/bin/pass + ''; + + preConfigure = '' + export OPENSSL_INCLUDE_DIR="${openssl.dev}/include" + export OPENSSL_LIB_DIR="${openssl.out}/lib" + ''; + + postInstall = lib.optionalString withFzf '' + cp bin/rbw-fzf $out/bin + '' + lib.optionalString withRofi '' + cp bin/rbw-rofi $out/bin + '' + lib.optionalString withPass '' + cp bin/pass-import $out/bin + ''; + + meta = with lib; { + description = "Unofficial command line client for Bitwarden"; + homepage = "https://crates.io/crates/rbw"; + license = licenses.mit; + maintainers = with maintainers; [ albakham luc65r ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rhash/default.nix b/nixpkgs/pkgs/tools/security/rhash/default.nix index 863b03a117c..394dd89484f 100644 --- a/nixpkgs/pkgs/tools/security/rhash/default.nix +++ b/nixpkgs/pkgs/tools/security/rhash/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchFromGitHub, which }: stdenv.mkDerivation rec { - version = "1.3.9"; + version = "1.4.0"; pname = "rhash"; src = fetchFromGitHub { owner = "rhash"; repo = "RHash"; rev = "v${version}"; - sha256 = "06i49x1l21h2q7pfnf4crbmjyg8b9ad0qs10ywyyn5sjpi0c21wq"; + sha256 = "18zgr1bjzz8v6rckz2q2hx9f2ssbv8qfwclzpbyjaz0c1c9lqqar"; }; nativeBuildInputs = [ which ]; diff --git a/nixpkgs/pkgs/tools/security/ripasso/cursive.nix b/nixpkgs/pkgs/tools/security/ripasso/cursive.nix index c8a55d3f397..29229bff002 100644 --- a/nixpkgs/pkgs/tools/security/ripasso/cursive.nix +++ b/nixpkgs/pkgs/tools/security/ripasso/cursive.nix @@ -12,6 +12,8 @@ buildRustPackage rec { sha256 = "164da20j727p8l7hh37j2r8pai9sj402nhswvg0nrlgj53nr6083"; }; + patches = [ ./fix-tests.patch ]; + cargoSha256 = "1wpn67v0xmxhn1dgzhh1pwz1yc3cizmfxhpb7qv9b27ynx4486ji"; cargoBuildFlags = [ "-p ripasso-cursive -p ripasso-man" ]; diff --git a/nixpkgs/pkgs/tools/security/ripasso/fix-tests.patch b/nixpkgs/pkgs/tools/security/ripasso/fix-tests.patch new file mode 100644 index 00000000000..433ff933b1f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ripasso/fix-tests.patch @@ -0,0 +1,35 @@ +diff --git a/src/pass/test.rs b/src/pass/test.rs +index c980a2f..2e6c8cc 100644 +--- a/src/pass/test.rs ++++ b/src/pass/test.rs +@@ -56,6 +56,7 @@ fn populate_password_list_small_repo() { + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let mut password_dir: PathBuf = base_path.clone(); +@@ -84,6 +85,7 @@ fn populate_password_list_repo_with_deleted_files() { + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let mut password_dir: PathBuf = base_path.clone(); +@@ -112,6 +114,7 @@ fn populate_password_list_directory_without_git() { + base_path.pop(); + base_path.pop(); + base_path.pop(); ++ base_path.pop(); + base_path.push("testres"); + + let mut password_dir: PathBuf = base_path.clone(); +@@ -149,4 +152,4 @@ fn parse_signing_keys_empty() { + let result = PasswordStore::parse_signing_keys(&None).unwrap(); + + assert_eq!(result.len(), 0); +-} +\ No newline at end of file ++} diff --git a/nixpkgs/pkgs/tools/security/rustscan/default.nix b/nixpkgs/pkgs/tools/security/rustscan/default.nix new file mode 100644 index 00000000000..2a2e8c7ec6c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rustscan/default.nix @@ -0,0 +1,37 @@ +{ lib +, fetchFromGitHub +, rustPlatform +, nmap +}: + +rustPlatform.buildRustPackage rec { + pname = "rustscan"; + version = "1.8.0"; + + src = fetchFromGitHub { + owner = "RustScan"; + repo = pname; + rev = "${version}"; + sha256 = "0rkqsh4i58cf18ad97yr4f68s5jg6z0ybz4bw8607lz7cjkfvjay"; + }; + + cargoSha256 = "0mj214f2md7kjknmcayc5dcfmlk2b8mqkn7kxzdis8qv9a5xcbk8"; + + postPatch = '' + substituteInPlace src/main.rs \ + --replace 'Command::new("nmap")' 'Command::new("${nmap}/bin/nmap")' + ''; + + checkFlags = [ + "--skip=infer_ulimit_lowering_no_panic" + "--skip=google_dns_runs" + "--skip=parse_correct_ips_or_hosts" + ]; + + meta = with lib; { + description = "Faster Nmap Scanning with Rust"; + homepage = "https://github.com/RustScan/RustScan"; + license = licenses.gpl3Only; + maintainers = [ maintainers.SuperSandro2000 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/saml2aws/default.nix b/nixpkgs/pkgs/tools/security/saml2aws/default.nix index 42845705ff6..fc52662e536 100644 --- a/nixpkgs/pkgs/tools/security/saml2aws/default.nix +++ b/nixpkgs/pkgs/tools/security/saml2aws/default.nix @@ -2,29 +2,19 @@ buildGoModule rec { pname = "saml2aws"; - version = "2.25.0"; + version = "2.27.0"; src = fetchFromGitHub { owner = "Versent"; repo = "saml2aws"; rev = "v${version}"; - sha256 = "12aidylamrq4rvy2cfdz669lr1p20yqrshigcc5x1hrlhh9y64xc"; + sha256 = "15ddzab93iqwbvxnaw5wp4dzwlxjqxvyy1c4w37jm69zkczylrmc"; }; - hid = fetchFromGitHub { - owner = "karalabe"; - repo = "hid"; - rev = "9c14560f9ee858c43f40b5cd01392b167aacf4e8"; - sha256 = "0xc7b8mwha64j7l2fr2g5zy8pz7cqi0vrxx60gii52b6ii31xncx"; - }; + runVend = true; + vendorSha256 = "1w7vnpv36lhxpaljdhslbckkr7p81nzc91a0503wk8nrrc4ljsyy"; - vendorSha256 = "0mns5clykvj33krf29yjh8lkf05nih42ka5ji7miq0iaikqyyc78"; - overrideModAttrs = (_: { - postBuild = '' - cp -r --reflink=auto ${hid}/libusb vendor/github.com/karalabe/hid - cp -r --reflink=auto ${hid}/hidapi vendor/github.com/karalabe/hid - ''; - }); + doCheck = false; subPackages = [ "." "cmd/saml2aws" ]; @@ -39,4 +29,4 @@ buildGoModule rec { platforms = stdenv.lib.platforms.unix; maintainers = [ stdenv.lib.maintainers.pmyjavec ]; }; -}
\ No newline at end of file +} diff --git a/nixpkgs/pkgs/tools/security/sequoia/default.nix b/nixpkgs/pkgs/tools/security/sequoia/default.nix index e6081fbf472..a54433b92c9 100644 --- a/nixpkgs/pkgs/tools/security/sequoia/default.nix +++ b/nixpkgs/pkgs/tools/security/sequoia/default.nix @@ -1,32 +1,46 @@ -{ stdenv, fetchFromGitLab, lib, darwin -, git, nettle, llvmPackages, cargo, rustc -, rustPlatform, pkgconfig, glib -, openssl, sqlite, capnproto -, ensureNewerSourcesForZipFilesHook, pythonSupport ? true, pythonPackages ? null +{ stdenv +, fetchFromGitLab +, lib +, darwin +, git +, nettle +# Use the same llvmPackages version as Rust +, llvmPackages_10 +, cargo +, rustc +, rustPlatform +, pkg-config +, glib +, openssl +, sqlite +, capnproto +, ensureNewerSourcesForZipFilesHook +, pythonSupport ? true +, pythonPackages ? null }: assert pythonSupport -> pythonPackages != null; rustPlatform.buildRustPackage rec { pname = "sequoia"; - version = "0.16.0"; + version = "0.19.0"; src = fetchFromGitLab { owner = "sequoia-pgp"; - repo = pname; + repo = "sequoia"; rev = "v${version}"; - sha256 = "0iwzi2ylrwz56s77cd4vcf89ig6ipy4w6kp2pfwqvd2d00x54dhk"; + sha256 = "1870wd03c3x0da9p3jmkvfx8am87ak0dcsvp2qkjvglbl396kd8y"; }; - cargoSha256 = "0jsmvs6hr9mhapz3a74wpfgkjkq3w10014j3z30bm659mxqrknha"; + cargoSha256 = "0bb51vdppdjhsxbfy3lyqvw5r5j58r3wi0qb68m2a45k3za7liss"; nativeBuildInputs = [ - pkgconfig + pkg-config cargo rustc git - llvmPackages.libclang - llvmPackages.clang + llvmPackages_10.libclang + llvmPackages_10.clang ensureNewerSourcesForZipFilesHook capnproto ] ++ @@ -54,23 +68,24 @@ rustPlatform.buildRustPackage rec { "build-release" ]; - LIBCLANG_PATH = "${llvmPackages.libclang}/lib"; + LIBCLANG_PATH = "${llvmPackages_10.libclang}/lib"; + # Sometimes, tests fail on CI (ofborg) & hydra without this + CARGO_TEST_ARGS = "--workspace --exclude sequoia-store"; + + # Without this, the examples won't build postPatch = '' - # otherwise, the check fails because we delete the `.git` in the unpack phase - substituteInPlace openpgp-ffi/Makefile \ - --replace 'git grep' 'grep -R' - # Without this, the check fails substituteInPlace openpgp-ffi/examples/Makefile \ --replace '-O0 -g -Wall -Werror' '-g' substituteInPlace ffi/examples/Makefile \ --replace '-O0 -g -Wall -Werror' '-g' ''; + preInstall = lib.optionalString pythonSupport '' export installFlags="PYTHONPATH=$PYTHONPATH:$out/${pythonPackages.python.sitePackages}" '' + lib.optionalString (!pythonSupport) '' - export installFlags="PYTHON=disable" + export makeFlags="PYTHON=disable" ''; # Don't use buildRustPackage phases, only use it for rust deps setup @@ -85,7 +100,6 @@ rustPlatform.buildRustPackage rec { homepage = "https://sequoia-pgp.org/"; license = licenses.gpl3; maintainers = with maintainers; [ minijackson doronbehar ]; - platforms = platforms.all; broken = stdenv.targetPlatform.isDarwin; }; } diff --git a/nixpkgs/pkgs/tools/security/signing-party/default.nix b/nixpkgs/pkgs/tools/security/signing-party/default.nix index 91d3ea356df..17c65d28884 100644 --- a/nixpkgs/pkgs/tools/security/signing-party/default.nix +++ b/nixpkgs/pkgs/tools/security/signing-party/default.nix @@ -13,14 +13,14 @@ let ]; in stdenv.mkDerivation rec { pname = "signing-party"; - version = "2.10"; + version = "2.11"; src = fetchFromGitLab { domain = "salsa.debian.org"; owner = "signing-party-team"; repo = "signing-party"; rev = "v${version}"; - sha256 = "0lq8nmwjmysry0n4jg6vb7bh0lagbyb9pa11ii3s41p1mhzchf2r"; + sha256 = "1aig5ssabzbk4mih7xd04vgr931bw0flbi8dz902wlr610gyv5s5"; }; # TODO: Get this patch upstream... @@ -87,6 +87,8 @@ in stdenv.mkDerivation rec { install -D -m444 gpgparticipants/gpgparticipants.1 $out/share/man/man1/gpgparticipants.1; install -D -m555 gpgparticipants/gpgparticipants-prefill $out/bin/gpgparticipants-prefill; install -D -m444 gpgparticipants/gpgparticipants-prefill.1 $out/share/man/man1/gpgparticipants-prefill.1; + install -D -m555 gpgparticipants/gpgparticipants-filter $out/bin/gpgparticipants-filter; + install -D -m444 gpgparticipants/gpgparticipants-filter.1 $out/share/man/man1/gpgparticipants-filter.1; # gpgwrap: a passphrase wrapper install -D -m555 gpgwrap/bin/gpgwrap $out/bin/gpgwrap; @@ -153,6 +155,9 @@ in stdenv.mkDerivation rec { # wrapProgram $out/bin/gpgparticipants-prefill + wrapProgram $out/bin/gpgparticipants-filter --prefix PATH ":" \ + "${stdenv.lib.makeBinPath [ gnupg ]}" + wrapProgram $out/bin/gpgsigs --set PERL5LIB \ ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ --prefix PATH ":" \ diff --git a/nixpkgs/pkgs/tools/security/sn0int/default.nix b/nixpkgs/pkgs/tools/security/sn0int/default.nix index 9e9cbe2bb3a..8b99649e0c9 100644 --- a/nixpkgs/pkgs/tools/security/sn0int/default.nix +++ b/nixpkgs/pkgs/tools/security/sn0int/default.nix @@ -1,18 +1,18 @@ -{ lib, fetchFromGitHub, rustPlatform, - libsodium, libseccomp, sqlite, pkgconfig }: +{ lib, fetchFromGitHub, rustPlatform, libsodium, libseccomp, sqlite, pkgconfig +}: rustPlatform.buildRustPackage rec { pname = "sn0int"; - version = "0.18.2"; + version = "0.19.1"; src = fetchFromGitHub { owner = "kpcyrd"; repo = pname; rev = "v${version}"; - sha256 = "0b21b0ryq03zrhqailg2iajirn30l358aj3k44lfnravr4h9zwkj"; + sha256 = "10f1wblczxlww09f4dl8i9zzgpr14jj7s329wkvm7lafmwx3qrn5"; }; - cargoSha256 = "1pvn0sc325b5fh29m2l6cack4qfssa4lp3zhyb1qzkb3fmw3lgcy"; + cargoSha256 = "1v0q751ylsfpdjwsbl20pvn7g75w503jwjl5kn5kc8xq3g0lnp65"; nativeBuildInputs = [ pkgconfig ]; diff --git a/nixpkgs/pkgs/tools/security/softhsm/default.nix b/nixpkgs/pkgs/tools/security/softhsm/default.nix index 5cc7dbac5da..61afb9082d0 100644 --- a/nixpkgs/pkgs/tools/security/softhsm/default.nix +++ b/nixpkgs/pkgs/tools/security/softhsm/default.nix @@ -1,18 +1,18 @@ -{ stdenv, fetchurl, botan, libobjc, Security }: +{ stdenv, fetchurl, botan2, libobjc, Security }: stdenv.mkDerivation rec { pname = "softhsm"; - version = "2.5.0"; + version = "2.6.1"; src = fetchurl { url = "https://dist.opendnssec.org/source/${pname}-${version}.tar.gz"; - sha256 = "1cijq78jr3mzg7jj11r0krawijp99p253f4qdqr94n728p7mdalj"; + hash = "sha256:1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"; }; configureFlags = [ "--with-crypto-backend=botan" - "--with-botan=${botan}" + "--with-botan=${botan2}" "--sysconfdir=$out/etc" "--localstatedir=$out/var" ]; @@ -20,13 +20,24 @@ stdenv.mkDerivation rec { propagatedBuildInputs = stdenv.lib.optionals stdenv.isDarwin [ libobjc Security ]; - buildInputs = [ botan ]; + buildInputs = [ botan2 ]; postInstall = "rm -rf $out/var"; meta = with stdenv.lib; { homepage = "https://www.opendnssec.org/softhsm"; description = "Cryptographic store accessible through a PKCS #11 interface"; + longDescription = " + SoftHSM provides a software implementation of a generic + cryptographic device with a PKCS#11 interface, which is of + course especially useful in environments where a dedicated hardware + implementation of such a device - for instance a Hardware + Security Module (HSM) or smartcard - is not available. + + SoftHSM follows the OASIS PKCS#11 standard, meaning it should be + able to work with many cryptographic products. SoftHSM is a + programme of The Commons Conservancy. + "; license = licenses.bsd2; maintainers = [ maintainers.leenaars ]; platforms = platforms.unix; diff --git a/nixpkgs/pkgs/tools/security/sops/default.nix b/nixpkgs/pkgs/tools/security/sops/default.nix index 55dde8438c8..8ec324b3542 100644 --- a/nixpkgs/pkgs/tools/security/sops/default.nix +++ b/nixpkgs/pkgs/tools/security/sops/default.nix @@ -2,16 +2,18 @@ buildGoModule rec { pname = "sops"; - version = "3.5.0"; + version = "3.6.0"; src = fetchFromGitHub { rev = "v${version}"; owner = "mozilla"; repo = pname; - sha256 = "1515bk0fl0pvdkp402l51gdg63bmqlh89sglss6prc1qqvv5v2xy"; + sha256 = "01skk6vdfki4a88z0snl1pby09im406qhnsfa0d2l8gp6nz8pq6j"; }; - vendorSha256 = "0yryc799k4563wy53z7amraj89cyprklj0lfv207530hwv5i5gm6"; + vendorSha256 = "0475y95qma5m346ng898n80xv2rxzndx89c9ygjcvjs513yzcba2"; + + doCheck = false; meta = with stdenv.lib; { homepage = "https://github.com/mozilla/sops"; @@ -19,4 +21,4 @@ buildGoModule rec { maintainers = [ maintainers.marsam ]; license = licenses.mpl20; }; -}
\ No newline at end of file +} diff --git a/nixpkgs/pkgs/tools/security/ssh-audit/default.nix b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix index e615cec945d..884a3d90c4f 100644 --- a/nixpkgs/pkgs/tools/security/ssh-audit/default.nix +++ b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix @@ -1,53 +1,44 @@ -{ fetchFromGitHub, python3Packages, stdenv }: +{ lib, fetchFromGitHub, python3Packages }: -python3Packages.buildPythonPackage rec { +python3Packages.buildPythonApplication rec { pname = "ssh-audit"; - version = "1.7.0"; + version = "2.2.0"; src = fetchFromGitHub { - owner = "arthepsy"; + owner = "jtesta"; repo = pname; - rev = "refs/tags/v${version}"; - sha256 = "0akrychkdym9f6830ysq787c9nc0bkyqvy4h72498lyghwvwc2ms"; + rev = "v${version}"; + sha256 = "1z1h9nsgfaxdnkr9dvc0yzc23b3wz436rg2fycg2glwjhhal8az7"; }; - checkInputs = [ - python3Packages.pytest - python3Packages.pytestcov - ]; - - checkPhase = '' - py.test --cov-report= --cov=ssh-audit -v test - ''; - postPatch = '' - printf %s "$setupPy" > setup.py - mkdir scripts - cp ssh-audit.py scripts/ssh-audit - mkdir ssh_audit - cp ssh-audit.py ssh_audit/__init__.py + cp ./README.md pypi/sshaudit/ + cp ./ssh-audit.py pypi/sshaudit/sshaudit.py + mv pypi/* . + ls -lah ''; - setupPy = /* py */ '' - from distutils.core import setup - setup( - author='arthepsy', - description='${meta.description}', - license='${meta.license.spdxId}', - name='${pname}', - packages=['ssh_audit'], - scripts=['scripts/ssh-audit'], - url='${meta.homepage}', - version='${version}', - ) - ''; + checkInputs = with python3Packages; [ + pytestCheckHook + ]; + + disabledTests = [ + "test_resolve_error" + "test_resolve_hostname_without_records" + "test_resolve_ipv4" + "test_resolve_ipv6" + "test_resolve_ipv46_both" + "test_resolve_ipv46_order" + "test_invalid_host" + "test_invalid_port" + "test_not_connected_socket" + "test_ssh2_server_simple" + ]; - meta = { + meta = with lib; { description = "Tool for ssh server auditing"; - homepage = "https://github.com/arthepsy/ssh-audit"; - license = stdenv.lib.licenses.mit; - maintainers = [ - stdenv.lib.maintainers.tv - ]; + homepage = "https://github.com/jtesta/ssh-audit"; + license = licenses.mit; + maintainers = with maintainers; [ tv ]; }; } diff --git a/nixpkgs/pkgs/tools/security/sshguard/default.nix b/nixpkgs/pkgs/tools/security/sshguard/default.nix index bad1c9fd16d..6c2298f6729 100644 --- a/nixpkgs/pkgs/tools/security/sshguard/default.nix +++ b/nixpkgs/pkgs/tools/security/sshguard/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, autoreconfHook, yacc, flex}: stdenv.mkDerivation rec { - version = "2.4.0"; + version = "2.4.1"; pname = "sshguard"; src = fetchurl { url = "mirror://sourceforge/sshguard/${pname}-${version}.tar.gz"; - sha256 = "1h6n2xyh58bshplbdqlr9rbnf3lz7nydnq5m2hkq15is3c4s8p06"; + sha256 = "0rrwmx91ifvc61wkld8gjkmfsq0ixxmf7m8fg4addkkxwvk04pc7"; }; doCheck = true; diff --git a/nixpkgs/pkgs/tools/security/sshuttle/default.nix b/nixpkgs/pkgs/tools/security/sshuttle/default.nix index 4d0ae5e051d..6f620904872 100644 --- a/nixpkgs/pkgs/tools/security/sshuttle/default.nix +++ b/nixpkgs/pkgs/tools/security/sshuttle/default.nix @@ -1,29 +1,33 @@ -{ stdenv, python3Packages, fetchurl, makeWrapper -, coreutils, iptables, nettools, openssh, procps }: +{ stdenv +, python3Packages +, makeWrapper +, coreutils +, iptables +, nettools +, openssh +, procps +}: python3Packages.buildPythonApplication rec { pname = "sshuttle"; - version = "0.78.5"; + version = "1.0.3"; src = python3Packages.fetchPypi { inherit pname version; - sha256 = "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"; + sha256 = "0fff1c88669a20bb6a4e7331960673a3a02a2e04ff163e4c9299496646edcf61"; }; patches = [ ./sudo.patch ]; nativeBuildInputs = [ makeWrapper python3Packages.setuptools_scm ]; - buildInputs = - [ coreutils openssh procps nettools ] - ++ stdenv.lib.optionals stdenv.isLinux [ iptables ]; checkInputs = with python3Packages; [ mock pytest pytestcov pytestrunner flake8 ]; - postInstall = let - mapPath = f: x: stdenv.lib.concatStringsSep ":" (map f x); - in '' - wrapProgram $out/bin/sshuttle \ - --prefix PATH : "${mapPath (x: "${x}/bin") buildInputs}" \ + runtimeDeps = [ coreutils openssh procps ] ++ stdenv.lib.optionals stdenv.isLinux [ iptables nettools ]; + + postInstall = '' + wrapProgram $out/bin/sshuttle \ + --prefix PATH : "${stdenv.lib.makeBinPath runtimeDeps}" \ ''; meta = with stdenv.lib; { diff --git a/nixpkgs/pkgs/tools/security/thc-hydra/default.nix b/nixpkgs/pkgs/tools/security/thc-hydra/default.nix index aa36901e46b..f83d2675c6a 100644 --- a/nixpkgs/pkgs/tools/security/thc-hydra/default.nix +++ b/nixpkgs/pkgs/tools/security/thc-hydra/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "thc-hydra"; - version = "9.0"; + version = "9.1"; src = fetchFromGitHub { owner = "vanhauser-thc"; repo = "thc-hydra"; rev = "v${version}"; - sha256 = "09d2f55wky1iabnl871d4r6dyyvr8zhp47d9j1p6d0pvdv93kl4z"; + sha256 = "1533h9z5jdlazwy0z7ll2753i507wq55by7rm9lh6y59889p0hps"; }; postPatch = let diff --git a/nixpkgs/pkgs/tools/security/tor/default.nix b/nixpkgs/pkgs/tools/security/tor/default.nix index 1e033fa31ce..c535bf70670 100644 --- a/nixpkgs/pkgs/tools/security/tor/default.nix +++ b/nixpkgs/pkgs/tools/security/tor/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, pkgconfig, libevent, openssl, zlib, torsocks -, libseccomp, systemd, libcap, lzma, zstd, scrypt +, libseccomp, systemd, libcap, lzma, zstd, scrypt, nixosTests # for update.nix , writeScript @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.3.5"; + version = "0.4.3.6"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "0s6qspi102drn1nk3gfxs51x992xarc44gkfsi8y3l48wr50wsk1"; + sha256 = "0qmcrkjip0ywq77232m73pjwqiaj0q2klwklqlpbw575shvhcbba"; }; outputs = [ "out" "geoip" ]; @@ -54,19 +54,22 @@ stdenv.mkDerivation rec { rm -rf $out/share/tor ''; - passthru.updateScript = import ./update.nix { - inherit (stdenv) lib; - inherit - writeScript - common-updater-scripts - bash - coreutils - curl - gnupg - gnugrep - gnused - nix - ; + passthru = { + tests.tor = nixosTests.tor; + updateScript = import ./update.nix { + inherit (stdenv) lib; + inherit + writeScript + common-updater-scripts + bash + coreutils + curl + gnupg + gnugrep + gnused + nix + ; + }; }; meta = with stdenv.lib; { diff --git a/nixpkgs/pkgs/tools/security/tor/torsocks.nix b/nixpkgs/pkgs/tools/security/tor/torsocks.nix index 2ce4c9806eb..381377032d6 100644 --- a/nixpkgs/pkgs/tools/security/tor/torsocks.nix +++ b/nixpkgs/pkgs/tools/security/tor/torsocks.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, autoreconfHook, libcap }: +{ stdenv, fetchgit, fetchurl, autoreconfHook, libcap }: stdenv.mkDerivation rec { pname = "torsocks"; @@ -12,10 +12,19 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; + patches = stdenv.lib.optional stdenv.isDarwin + (fetchurl { + url = "https://trac.torproject.org/projects/tor/raw-attachment/ticket/28538/0001-Fix-macros-for-accept4-2.patch"; + sha256 = "97881f0b59b3512acc4acb58a0d6dfc840d7633ead2f400fad70dda9b2ba30b0"; + }); + postPatch = '' # Patch torify_app() sed -i \ -e 's,\(local app_path\)=`which $1`,\1=`type -P $1`,' \ + src/bin/torsocks.in + '' + stdenv.lib.optionalString stdenv.isLinux '' + sed -i \ -e 's,\(local getcap\)=.*,\1=${libcap}/bin/getcap,' \ src/bin/torsocks.in ''; diff --git a/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix b/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix index fbebde2e7bf..6fe116d7015 100644 --- a/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix +++ b/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix @@ -1,24 +1,44 @@ -{ stdenv, fetchurl, lib -, tpm2-tss, pkgconfig, glib, which, dbus, cmocka }: +{ stdenv, lib, fetchFromGitHub +, autoreconfHook, pkg-config, autoconf-archive, makeWrapper, which +, tpm2-tss, glib, dbus +, cmocka +}: stdenv.mkDerivation rec { pname = "tpm2-abrmd"; - version = "2.2.0"; + version = "2.3.2"; - src = fetchurl { - url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "1lbfhyyh9k54r8s1h8ca2czxv4hg0yq984kdh3vqh3990aca0x9a"; + src = fetchFromGitHub { + owner = "tpm2-software"; + repo = pname; + rev = version; + sha256 = "0jzglnlb700clcq6mjhhgvcq29a6893h888wsn9fbrh4f255sw8q"; }; - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ - tpm2-tss glib which dbus cmocka - ]; + nativeBuildInputs = [ pkg-config makeWrapper autoreconfHook autoconf-archive which ]; + buildInputs = [ tpm2-tss glib dbus ]; + checkInputs = [ cmocka ]; + + enableParallelBuilding = true; + + # Emulate the required behavior of ./bootstrap in the original + # package + preAutoreconf = '' + echo "${version}" > VERSION + ''; # Unit tests are currently broken as the check phase attempts to start a dbus daemon etc. #configureFlags = [ "--enable-unit" ]; doCheck = false; + # Even though tpm2-tss is in the RUNPATH, starting from 2.3.0 abrmd + # seems to require the path to the device TCTI (used for accessing + # /dev/tpm0) in it's LD_LIBRARY_PATH + postFixup = '' + wrapProgram $out/bin/tpm2-abrmd \ + --suffix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ tpm2-tss ]}" + ''; + meta = with lib; { description = "TPM2 resource manager, accessible via D-Bus"; homepage = "https://github.com/tpm2-software/tpm2-tools"; diff --git a/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix b/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix index 282b1df299c..e6a7621d987 100644 --- a/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix +++ b/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "tpm2-tools"; - version = "4.1.2"; + version = "4.1.3"; src = fetchurl { url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "0di97zmxdh04m2ibyshcgvillwxx6rnd0543scm7q10y7nv74m0p"; + sha256 = "0117r0zzdnblkibv81y71v3limixsw5m7g9xwf7lcx8fc8836pdv"; }; nativeBuildInputs = [ pandoc pkgconfig makeWrapper ]; diff --git a/nixpkgs/pkgs/tools/security/vault/default.nix b/nixpkgs/pkgs/tools/security/vault/default.nix index e1b6ef80860..eb999b5cedc 100644 --- a/nixpkgs/pkgs/tools/security/vault/default.nix +++ b/nixpkgs/pkgs/tools/security/vault/default.nix @@ -2,13 +2,13 @@ buildGoPackage rec { pname = "vault"; - version = "1.4.2"; + version = "1.5.3"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "0aschysngs6f50plqkqbnhgl6zryd0bpypr50zd45cgww7jvvqd4"; + sha256 = "149if5s4rdpxgzakh8s79j1fcfcqk1w7gvgchc044xlicl1r49ic"; }; goPackagePath = "github.com/hashicorp/vault"; @@ -17,10 +17,7 @@ buildGoPackage rec { nativeBuildInputs = [ installShellFiles ]; - buildFlagsArray = [ - "-tags='vault'" - "-ldflags=\"-X github.com/hashicorp/vault/sdk/version.GitCommit='v${version}'\"" - ]; + buildFlagsArray = [ "-tags=vault" "-ldflags=-s -w -X ${goPackagePath}/sdk/version.GitCommit=${src.rev}" ]; postInstall = '' echo "complete -C $out/bin/vault vault" > vault.bash diff --git a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix index 6b14a834330..b8a70eb82f9 100644 --- a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix +++ b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix @@ -1,30 +1,30 @@ { stdenv, fetchurl, unzip }: let - version = "1.3.0"; + version = "1.5.3"; sources = let base = "https://releases.hashicorp.com/vault/${version}"; in { x86_64-linux = fetchurl { url = "${base}/vault_${version}_linux_amd64.zip"; - sha256 = "1crfj4gd1qwwa2xidd0pjffv0n6hf5hbhv6568m6zc1ig0qqm6yq"; + sha256 = "1chhi7piq04j8rgk15rcszqqp37xd9cjj67plr5pgvdps3s1zihy"; }; i686-linux = fetchurl { url = "${base}/vault_${version}_linux_386.zip"; - sha256 = "0pyf0kyvxpmx3fwfvin1r0x30r9byx9lyi81894q06xrhiwbqc0l"; + sha256 = "0jbnvypapang025wfyj6i70jdz3g29ggg7rzmg8xh6gfyhwk3vmb"; }; x86_64-darwin = fetchurl { url = "${base}/vault_${version}_darwin_amd64.zip"; - sha256 = "113vnpz9n6y7z2k9jqpfpxqxqbrmd9bhny79yaxqzkfdqw8vyv3g"; + sha256 = "1m54258lfdr79p2j8janbkhp0a8bs8xbrcr51lqx2s620n7sfbya"; }; i686-darwin = fetchurl { url = "${base}/vault_${version}_darwin_386.zip"; - sha256 = "0d191qai0bpl7cyivca26wqgycsj2dz08809z147d1vnrz321v6w"; + sha256 = "038qkkhlwj86fz9vpcycvv5nb41y8mqypqvhfp0ia11birp8xlsr"; }; aarch64-linux = fetchurl { url = "${base}/vault_${version}_linux_arm64.zip"; - sha256 = "1bk5y3knc42mh07gnnn6p109qz908014620h1s0348wp4qfdy49w"; + sha256 = "1vivkwcy9j9zs7w65k7y8chix8jnii5pz8zck6rlpwgz5vs0h04k"; }; }; diff --git a/nixpkgs/pkgs/tools/security/verifpal/default.nix b/nixpkgs/pkgs/tools/security/verifpal/default.nix index e1e5e100bd1..930b44cb4c6 100644 --- a/nixpkgs/pkgs/tools/security/verifpal/default.nix +++ b/nixpkgs/pkgs/tools/security/verifpal/default.nix @@ -1,35 +1,31 @@ { lib , fetchgit -, buildGoPackage +, buildGoModule , pigeon }: -buildGoPackage rec { +buildGoModule rec { pname = "verifpal"; - version = "0.7.5"; - - goPackagePath = "github.com/SymbolicSoft/verifpal"; - goDeps = ./deps.nix; + version = "0.13.7"; src = fetchgit { url = "https://source.symbolic.software/verifpal/verifpal.git"; - rev = version; - sha256 = "0njgn6j5qg5kgid6ddv23axhw5gwjbayhdjkj4ya08mnxndr284m"; + rev = "v${version}"; + sha256 = "1ia3mxwcvcxghga2vvhf6mia59cm3jl7vh8laywh421bfj42sh9d"; }; - nativeBuildInputs = [ pigeon ]; + vendorSha256 = "0cmj6h103igg5pcs9c9wrcmrsf0mwp9vbgzf5amsnj1206ryb1p2"; - postPatch = '' - sed -e 's|/bin/echo |echo |g' -i Makefile - ''; + doCheck = false; - buildPhase = '' - make -C go/src/$goPackagePath parser linux - ''; + nativeBuildInputs = [ pigeon ]; + + subPackages = [ "cmd/verifpal" ]; - installPhase = '' - mkdir -p $out/bin - cp go/src/$goPackagePath/build/bin/linux/verifpal $out/bin/ + # goversioninfo is for Windows only and can be skipped during go generate + preBuild = '' + substituteInPlace cmd/verifpal/main.go --replace "go:generate goversioninfo" "(disabled goversioninfo)" + go generate verifpal.com/cmd/verifpal ''; meta = { diff --git a/nixpkgs/pkgs/tools/security/verifpal/deps.nix b/nixpkgs/pkgs/tools/security/verifpal/deps.nix deleted file mode 100644 index aaa4269416a..00000000000 --- a/nixpkgs/pkgs/tools/security/verifpal/deps.nix +++ /dev/null @@ -1,12 +0,0 @@ -# file generated from go.mod using vgo2nix (https://github.com/adisbladis/vgo2nix) -[ - { - goPackagePath = "github.com/logrusorgru/aurora"; - fetch = { - type = "git"; - url = "https://github.com/logrusorgru/aurora"; - rev = "94edacc10f9b"; - sha256 = "0bhwy3rrd8mwb8xjwf44nj6vmxaj5hdvayvszr1rskkmz08l5v01"; - }; - } -] diff --git a/nixpkgs/pkgs/tools/security/vulnix/default.nix b/nixpkgs/pkgs/tools/security/vulnix/default.nix index 59d8b8c0875..d4a3a0c621a 100644 --- a/nixpkgs/pkgs/tools/security/vulnix/default.nix +++ b/nixpkgs/pkgs/tools/security/vulnix/default.nix @@ -1,12 +1,16 @@ -{ stdenv, python3Packages, nix, ronn }: +{ stdenv +, python3Packages +, nix +, ronn +}: python3Packages.buildPythonApplication rec { pname = "vulnix"; - version = "1.9.4"; + version = "1.9.6"; src = python3Packages.fetchPypi { inherit pname version; - sha256 = "06dpdsnz1ih0syas3x25s557qpw0f4kmypvxwaffm734djg8klmi"; + sha256 = "0anyxmqgn4kx102l3qjhh1f2b0cg7mnlapfhriyjw0zyy5gyqvng"; }; outputs = [ "out" "doc" "man" ]; diff --git a/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix b/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix new file mode 100644 index 00000000000..5860fb3a03e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix @@ -0,0 +1,56 @@ +{ stdenv, lib, fetchFromGitHub, buildGoModule, libnotify, makeWrapper, pcsclite, pinentry_mac, pkgconfig, darwin }: + +buildGoModule rec { + pname = "yubikey-agent"; + version = "0.1.3"; + + src = fetchFromGitHub { + owner = "FiloSottile"; + repo = pname; + rev = "v${version}"; + sha256 = "07gix5wrakn4z846zhvl66lzwx58djrfnn6m8v7vc69l9jr3kihr"; + }; + + buildInputs = + lib.optional stdenv.isLinux (lib.getDev pcsclite) + ++ lib.optional stdenv.isDarwin (darwin.apple_sdk.frameworks.PCSC); + + nativeBuildInputs = [ makeWrapper pkgconfig ]; + + # pull in go-piv/piv-go#75 + # once go-piv/piv-go#75 is merged and released, we should + # use the released version (and push upstream to do the same) + patches = [ ./use-piv-go-75.patch ]; + postPatch = lib.optionalString stdenv.isLinux '' + substituteInPlace main.go --replace 'notify-send' ${libnotify}/bin/notify-send + ''; + + vendorSha256 = "128mlsagj3im6h0p0ndhzk29ya47g19im9dldx3nmddf2jlccj2h"; + + doCheck = false; + + subPackages = [ "." ]; + + # On macOS, there isn't a choice of pinentry program, so let's + # ensure the nixpkgs-provided one is available + postInstall = lib.optionalString stdenv.isDarwin '' + wrapProgram $out/bin/yubikey-agent --suffix PATH : $(dirname ${pinentry_mac}/${pinentry_mac.binaryPath}) + '' + # Note: in the next release, upstream provides + # contrib/systemd/user/yubikey-agent.service, which we should use + # instead + # See https://github.com/FiloSottile/yubikey-agent/pull/43 + + lib.optionalString stdenv.isLinux '' + mkdir -p $out/lib/systemd/user + substitute ${./yubikey-agent.service} $out/lib/systemd/user/yubikey-agent.service \ + --replace 'ExecStart=yubikey-agent' "ExecStart=$out/bin/yubikey-agent" + ''; + + meta = with lib; { + description = "A seamless ssh-agent for YubiKeys"; + license = licenses.bsd3; + homepage = "https://filippo.io/yubikey-agent"; + maintainers = with lib.maintainers; [ philandstuff rawkode ]; + platforms = platforms.darwin ++ platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yubikey-agent/use-piv-go-75.patch b/nixpkgs/pkgs/tools/security/yubikey-agent/use-piv-go-75.patch new file mode 100644 index 00000000000..73967d817d9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yubikey-agent/use-piv-go-75.patch @@ -0,0 +1,22 @@ +From 547695fff9cbfc4037168cdeb07cfe16bd89b6db Mon Sep 17 00:00:00 2001 +From: Philip Potter <philip.g.potter@gmail.com> +Date: Sat, 25 Jul 2020 21:59:50 +0100 +Subject: [PATCH] Pull in piv-go#75 + +--- + go.mod | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/go.mod b/go.mod +index d4d13c8..f75be2d 100644 +--- a/go.mod ++++ b/go.mod +@@ -7,3 +7,5 @@ require ( + github.com/gopasspw/gopass v1.9.1 + golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79 + ) ++ ++replace github.com/go-piv/piv-go => github.com/rawkode/piv-go v1.5.1-0.20200725154545-1c3200c75a28 +-- +2.27.0 + diff --git a/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service b/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service new file mode 100644 index 00000000000..7a91f902544 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service @@ -0,0 +1,35 @@ +[Unit] +Description=Seamless ssh-agent for YubiKeys +Documentation=https://filippo.io/yubikey-agent + +[Service] +ExecStart=yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock +ExecReload=/bin/kill -HUP $MAINPID +ProtectSystem=strict +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +ProtectClock=yes +ProtectHostname=yes +PrivateTmp=yes +PrivateDevices=yes +PrivateUsers=yes +IPAddressDeny=any +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +LockPersonality=yes +CapabilityBoundingSet= +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallErrorNumber=EPERM +SystemCallArchitectures=native +NoNewPrivileges=yes +KeyringMode=private +UMask=0177 +RuntimeDirectory=yubikey-agent + +[Install] +WantedBy=default.target diff --git a/nixpkgs/pkgs/tools/security/zmap/cmake-json-0.14-fix.patch b/nixpkgs/pkgs/tools/security/zmap/cmake-json-0.14-fix.patch new file mode 100644 index 00000000000..1c132948af6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zmap/cmake-json-0.14-fix.patch @@ -0,0 +1,13 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 8bd825f..694d9b2 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -72,6 +72,8 @@ if(WITH_JSON) + endif() + + add_definitions("-DJSON") ++ # JSON_CFLAGS is a list, i.e. semicolon-separated, convert it to space-separated ++ string(REPLACE ";" " " JSON_CFLAGS "${JSON_CFLAGS}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${JSON_CFLAGS}") + endif() + diff --git a/nixpkgs/pkgs/tools/security/zmap/default.nix b/nixpkgs/pkgs/tools/security/zmap/default.nix index ef36b21641b..e2350b67c7d 100644 --- a/nixpkgs/pkgs/tools/security/zmap/default.nix +++ b/nixpkgs/pkgs/tools/security/zmap/default.nix @@ -13,6 +13,11 @@ stdenv.mkDerivation rec { sha256 = "0yaahaiawkjk020hvsb8pndbrk8k10wxkfba1irp12a4sj6rywcs"; }; + patches = [ + # fix build with json-c 0.14 https://github.com/zmap/zmap/pull/609 + ./cmake-json-0.14-fix.patch + ]; + cmakeFlags = [ "-DRESPECT_INSTALL_PREFIX_CONFIG=ON" ]; dontUseCmakeBuildDir = true; |