ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

217
pkgs/tools/security/aflplusplus/default.nix Normal file
View File

@@ -0,0 +1,217 @@
{
lib,
stdenv,
stdenvNoCC,
fetchFromGitHub,
callPackage,
makeWrapper,
clang,
llvm,
gcc,
which,
libcgroup,
python3,
perl,
gmp,
file,
wine ? null,
cmocka,
llvmPackages,
}:
# wine fuzzing is only known to work for win32 binaries, and using a mixture of
# 32 and 64-bit libraries ... complicates things, so it's recommended to build
# a full 32bit version of this package if you want to do wine fuzzing
assert (wine != null) -> (stdenv.targetPlatform.system == "i686-linux");
let
aflplusplus-qemu = callPackage ./qemu.nix { };
qemu-exe-name =
if stdenv.targetPlatform.system == "x86_64-linux" then
"qemu-x86_64"
else if stdenv.targetPlatform.system == "i686-linux" then
"qemu-i386"
else
throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!";
libdislocator = callPackage ./libdislocator.nix { inherit aflplusplus; };
libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; };
aflplusplus = stdenvNoCC.mkDerivation rec {
pname = "aflplusplus";
version = "4.32c";
src = fetchFromGitHub {
owner = "AFLplusplus";
repo = "AFLplusplus";
tag = "v${version}";
hash = "sha256-Fhf7dHyHd8IGXq7t1y9TwN9VN8SckLRkgfGGMvmqIqk=";
};
enableParallelBuilding = true;
# Note: libcgroup isn't needed for building, just for the afl-cgroup
# script.
nativeBuildInputs = [
makeWrapper
which
clang
gcc
];
buildInputs = [
llvm
python3
gmp
llvmPackages.bintools
]
++ lib.optional (wine != null) python3.pkgs.wrapPython;
# Flag is already set by package and causes some compiler warnings.
# warning: "_FORTIFY_SOURCE" redefined
hardeningDisable = [ "fortify" ];
postPatch = ''
# Don't care about this.
rm Android.bp
# Replace the CLANG_BIN variables with the correct path.
# Replace "gcc" and friends with full paths in afl-gcc.
# Prevents afl-gcc picking up any (possibly incorrect) gcc from the path.
# Replace LLVM_BINDIR with a non-existing path to give a hard error when it's used.
substituteInPlace src/afl-cc.c \
--replace-fail "CLANGPP_BIN" '"${clang}/bin/clang++"' \
--replace-fail "CLANG_BIN" '"${clang}/bin/clang"' \
--replace-fail '"gcc"' '"${gcc}/bin/gcc"' \
--replace-fail '"g++"' '"${gcc}/bin/g++"' \
--replace-fail 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")"
substituteInPlace src/afl-ld-lto.c \
--replace-fail 'LLVM_BINDIR' '"/nixpkgs-patched-does-not-exist"'
# Remove the rest of the line
sed -i 's|LLVM_BINDIR = .*|LLVM_BINDIR = |' utils/aflpp_driver/GNUmakefile
substituteInPlace utils/aflpp_driver/GNUmakefile \
--replace-fail 'LLVM_BINDIR = ' 'LLVM_BINDIR = ${clang}/bin/'
substituteInPlace GNUmakefile.llvm \
--replace-fail "\$(LLVM_BINDIR)/clang" "${clang}/bin/clang"
'';
env.NIX_CFLAGS_COMPILE = toString [
# Needed with GCC 12
"-Wno-error=use-after-free"
];
makeFlags = [
"PREFIX=${placeholder "out"}"
"USE_BINDIR=0"
];
buildPhase = ''
runHook preBuild
common="$makeFlags -j$NIX_BUILD_CORES"
make distrib $common
make -C qemu_mode/libcompcov $common
make -C qemu_mode/unsigaction $common
runHook postBuild
'';
postInstall = ''
# remove afl-clang(++) which are just symlinks to afl-clang-fast
rm $out/bin/afl-clang $out/bin/afl-clang++
# the makefile neglects to install unsigaction
cp qemu_mode/unsigaction/unsigaction*.so $out/lib/afl/
# Install the custom QEMU emulator for binary blob fuzzing.
ln -s ${aflplusplus-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace
# give user a convenient way of accessing libcompconv.so, libdislocator.so, libtokencap.so
cat > $out/bin/get-afl-qemu-libcompcov-so <<END
#!${stdenv.shell}
echo $out/lib/afl/libcompcov.so
END
chmod +x $out/bin/get-afl-qemu-libcompcov-so
ln -s ${libdislocator}/bin/get-libdislocator-so $out/bin/
ln -s ${libtokencap}/bin/get-libtokencap-so $out/bin/
# Install the cgroups wrapper for asan-based fuzzing.
cp utils/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup
chmod +x $out/bin/afl-cgroup
substituteInPlace $out/bin/afl-cgroup \
--replace-fail "cgcreate" "${libcgroup}/bin/cgcreate" \
--replace-fail "cgexec" "${libcgroup}/bin/cgexec" \
--replace-fail "cgdelete" "${libcgroup}/bin/cgdelete"
patchShebangs $out/bin
''
+ lib.optionalString (wine != null) ''
substitute afl-wine-trace $out/bin/afl-wine-trace \
--replace-fail "qemu_mode/unsigaction" "$out/lib/afl"
chmod +x $out/bin/afl-wine-trace
# qemu needs to be fed ELFs, not wrapper scripts, so we have to cheat a bit if we
# detect a wrapped wine
for winePath in ${wine}/bin/.wine ${wine}/bin/wine; do
if [ -x $winePath ]; then break; fi
done
makeWrapperArgs="--set-default 'AFL_WINE_PATH' '$winePath'" \
wrapPythonProgramsIn $out/bin ${python3.pkgs.pefile}
'';
nativeInstallCheckInputs = [
perl
file
cmocka
];
doInstallCheck = true;
installCheckPhase = ''
runHook preInstallCheck
# replace references to tools in build directory with references to installed locations
substituteInPlace test/test-qemu-mode.sh \
--replace-fail '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \
--replace-fail '../afl-qemu-trace' '$out/bin/afl-qemu-trace' \
--replace-fail '../afl-fuzz' '$out/bin/afl-fuzz' \
--replace-fail '../qemu_mode/unsigaction/unsigaction32.so' '$out/lib/afl/unsigaction32.so' \
--replace-fail '../qemu_mode/unsigaction/unsigaction64.so' '$out/lib/afl/unsigaction64.so'
substituteInPlace test/test-libextensions.sh \
--replace-fail '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \
--replace-fail '../libtokencap.so' '`$out/bin/get-libtokencap-so`'
substituteInPlace test/test-llvm.sh \
--replace-fail '../afl-cmin.bash' '`$out/bin/afl-cmin.bash`'
# perl -pi -e 's|(?<!\.)(?<!-I)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh
patchShebangs .
cd test && ./test-all.sh
runHook postInstallCheck
'';
passthru = {
inherit libdislocator libtokencap;
qemu = aflplusplus-qemu;
};
meta = {
description = ''
Heavily enhanced version of AFL, incorporating many features
and improvements from the community
'';
homepage = "https://aflplus.plus";
changelog = "https://aflplus.plus/docs/changelog";
license = lib.licenses.asl20;
platforms = [
"x86_64-linux"
"i686-linux"
];
maintainers = with lib.maintainers; [
ris
mindavi
msanft
];
};
};
in
aflplusplus

43
pkgs/tools/security/aflplusplus/libdislocator.nix Normal file
View File

@@ -0,0 +1,43 @@
{
lib,
stdenv,
aflplusplus,
}:
stdenv.mkDerivation {
version = lib.getVersion aflplusplus;
pname = "libdislocator";
src = aflplusplus.src;
postUnpack = "chmod -R +w ${aflplusplus.src.name}";
sourceRoot = "${aflplusplus.src.name}/utils/libdislocator";
makeFlags = [ "PREFIX=${placeholder "out"}" ];
preInstall = ''
mkdir -p $out/lib/afl
'';
postInstall = ''
mkdir $out/bin
cat > $out/bin/get-libdislocator-so <<END
#!${stdenv.shell}
echo $out/lib/afl/libdislocator.so
END
chmod +x $out/bin/get-libdislocator-so
'';
meta = {
homepage = "https://github.com/vanhauser-thc/AFLplusplus";
description = ''
Drop-in replacement for the libc allocator which improves
the odds of bumping into heap-related security bugs in
several ways
'';
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [
ris
msanft
];
};
}

39
pkgs/tools/security/aflplusplus/libtokencap.nix Normal file
View File

@@ -0,0 +1,39 @@
{
lib,
stdenv,
aflplusplus,
}:
stdenv.mkDerivation {
version = lib.getVersion aflplusplus;
pname = "libtokencap";
src = aflplusplus.src;
postUnpack = "chmod -R +w ${aflplusplus.src.name}";
sourceRoot = "${aflplusplus.src.name}/utils/libtokencap";
makeFlags = [ "PREFIX=${placeholder "out"}" ];
preInstall = ''
mkdir -p $out/lib/afl
mkdir -p $out/share/doc/afl
'';
postInstall = ''
mkdir $out/bin
cat > $out/bin/get-libtokencap-so <<END
#!${stdenv.shell}
echo $out/lib/afl/libtokencap.so
END
chmod +x $out/bin/get-libtokencap-so
'';
meta = {
homepage = "https://github.com/AFLplusplus/AFLplusplus";
description = "strcmp & memcmp token capture library";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [
ris
msanft
];
};
}

149
pkgs/tools/security/aflplusplus/qemu.nix Normal file
View File

@@ -0,0 +1,149 @@
{
lib,
stdenv,
python3,
zlib,
pkg-config,
glib,
perl,
texinfo,
libuuid,
flex,
bison,
pixman,
meson,
fetchFromGitHub,
ninja,
}:
let
qemuName = "qemu-5.2.50";
in
stdenv.mkDerivation {
name = "aflplusplus-${qemuName}";
src = fetchFromGitHub {
owner = "AFLplusplus";
repo = "qemuafl";
# Use a fixed qemuafl version instead of the one in https://github.com/AFLplusplus/AFLplusplus/blob/v4.31c/qemu_mode/QEMUAFL_VERSION.
# See: https://github.com/AFLplusplus/AFLplusplus/issues/2296.
rev = "ef1cd9a8cb1522c918faab42805216f9a4054dda";
hash = "sha256-tbKDnDoBtFhvtE9nbi9XuHPuFuGezUFngnw4pJyKFgY=";
fetchSubmodules = true;
};
nativeBuildInputs = [
python3
perl
pkg-config
flex
bison
meson
texinfo
ninja
];
buildInputs = [
zlib
glib
pixman
libuuid
];
enableParallelBuilding = true;
dontUseMesonConfigure = true; # meson's configurePhase isn't compatible with qemu build
preBuild = "cd build";
preConfigure = ''
# this script isn't marked as executable b/c it's indirectly used by meson. Needed to patch its shebang
chmod +x ./scripts/shaderinclude.pl
patchShebangs .
'';
configureFlags = [
"--target-list=${stdenv.hostPlatform.uname.processor}-linux-user"
"--sysconfdir=/etc"
"--localstatedir=/var"
"--meson=meson"
"--disable-system"
"--enable-linux-user"
"--enable-pie"
"--audio-drv-list="
"--disable-blobs"
"--disable-bochs"
"--disable-brlapi"
"--disable-bsd-user"
"--disable-bzip2"
"--disable-cap-ng"
"--disable-cloop"
"--disable-curl"
"--disable-curses"
"--disable-dmg"
"--disable-fdt"
"--disable-gcrypt"
"--disable-glusterfs"
"--disable-gnutls"
"--disable-gtk"
"--disable-guest-agent"
"--disable-iconv"
"--disable-libiscsi"
"--disable-libnfs"
"--disable-libssh"
"--disable-libusb"
"--disable-linux-aio"
"--disable-live-block-migration"
"--disable-lzo"
"--disable-nettle"
"--disable-numa"
"--disable-opengl"
"--disable-parallels"
"--disable-plugins"
"--disable-qcow1"
"--disable-qed"
"--disable-rbd"
"--disable-rdma"
"--disable-replication"
"--disable-sdl"
"--disable-seccomp"
"--disable-sheepdog"
"--disable-smartcard"
"--disable-snappy"
"--disable-spice"
"--disable-system"
"--disable-tools"
"--disable-tpm"
"--disable-usb-redir"
"--disable-vde"
"--disable-vdi"
"--disable-vhost-crypto"
"--disable-vhost-kernel"
"--disable-vhost-net"
"--disable-vhost-scsi"
"--disable-vhost-user"
"--disable-vhost-vdpa"
"--disable-vhost-vsock"
"--disable-virglrenderer"
"--disable-virtfs"
"--disable-vnc"
"--disable-vnc-jpeg"
"--disable-vnc-png"
"--disable-vnc-sasl"
"--disable-vte"
"--disable-vvfat"
"--disable-xen"
"--disable-xen-pci-passthrough"
"--disable-xfsctl"
"--without-default-devices"
];
meta = {
homepage = "https://github.com/AFLplusplus/qemuafl";
description = "Fork of QEMU with AFL++ instrumentation support";
license = lib.licenses.gpl2Plus;
maintainers = with lib.maintainers; [
ris
msanft
];
platforms = lib.platforms.linux;
};
}

50
pkgs/tools/security/b2sum/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{
lib,
stdenv,
fetchFromGitHub,
openmp ? null,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "b2sum";
version = "20190724";
src = fetchFromGitHub {
owner = "BLAKE2";
repo = "BLAKE2";
rev = finalAttrs.version;
sha256 = "sha256-6BVl3Rh+CRPQq3QxcUlk5ArvjIj/IcPCA2/Ok0Zu7UI=";
};
# Use the generic C implementation rather than the SSE optimised version on non-x86 platforms
postPatch = lib.optionalString (!stdenv.hostPlatform.isx86) ''
substituteInPlace makefile \
--replace "#FILES=b2sum.c ../ref/" "FILES=b2sum.c ../ref/" \
--replace "FILES=b2sum.c ../sse/" "#FILES=b2sum.c ../sse/"
'';
sourceRoot = "${finalAttrs.src.name}/b2sum";
buildInputs = [ openmp ];
buildFlags = [ (lib.optional (openmp == null) "NO_OPENMP=1") ];
# clang builds require at least C99 or the build fails with:
# error: unknown type name 'inline'
env.NIX_CFLAGS_COMPILE = "-std=c99";
installFlags = [ "PREFIX=$(out)" ];
meta = with lib; {
description = "BLAKE2 cryptographic hash function";
mainProgram = "b2sum";
homepage = "https://blake2.net";
license = with licenses; [
asl20
cc0
openssl
];
maintainers = with maintainers; [ kirelagin ];
platforms = platforms.unix;
};
})

113
pkgs/tools/security/bitwarden-directory-connector/default.nix Normal file
View File

@@ -0,0 +1,113 @@
{
lib,
buildNpmPackage,
electron,
fetchFromGitHub,
buildPackages,
python3,
pkg-config,
libsecret,
nodejs_22,
}:
let
common =
{
name,
npmBuildScript,
installPhase,
}:
buildNpmPackage rec {
pname = name;
version = "2025.9.0";
nodejs = nodejs_22;
src = fetchFromGitHub {
owner = "bitwarden";
repo = "directory-connector";
rev = "v${version}";
hash = "sha256-owzOgaYSbtsnZ0AvSWWFdSx96agJyBUM2steGIeg2E4=";
};
postPatch = ''
${lib.getExe buildPackages.jq} 'del(.scripts.preinstall)' package.json > package.json.tmp
mv -f package.json{.tmp,}
substituteInPlace electron-builder.json \
--replace-fail '"afterSign": "scripts/notarize.js",' "" \
--replace-fail "AppImage" "dir"
'';
npmDepsHash = "sha256-brO+GGwdZyCDYycur5QnLKCcFZc1J2pM+vQPLtjUD/I=";
env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1";
makeCacheWritable = true;
inherit npmBuildScript installPhase;
buildInputs = [
libsecret
];
nativeBuildInputs = [
(python3.withPackages (ps: with ps; [ setuptools ]))
pkg-config
];
meta = with lib; {
description = "LDAP connector for Bitwarden";
homepage = "https://github.com/bitwarden/directory-connector";
license = licenses.gpl3Only;
maintainers = with maintainers; [
Silver-Golden
SuperSandro2000
];
platforms = platforms.linux;
mainProgram = name;
};
};
in
{
bitwarden-directory-connector = common {
name = "bitwarden-directory-connector";
npmBuildScript = "build:dist";
installPhase = ''
runHook preInstall
npm exec electron-builder -- \
--dir \
-c.electronDist=${electron.dist} \
-c.electronVersion=${electron.version} \
-c.npmRebuild=false
mkdir -p $out/share/bitwarden-directory-connector $out/bin
cp -r dist/*-unpacked/{locales,resources{,.pak}} $out/share/bitwarden-directory-connector
makeWrapper ${lib.getExe electron} $out/bin/bitwarden-directory-connector \
--add-flags $out/share/bitwarden-directory-connector/resources/app.asar \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime=true}}" \
--set-default ELECTRON_IS_DEV 0 \
--inherit-argv0
runHook postInstall
'';
};
bitwarden-directory-connector-cli = common {
name = "bitwarden-directory-connector-cli";
npmBuildScript = "build:cli:prod";
installPhase = ''
runHook preInstall
mkdir -p $out/libexec/bitwarden-directory-connector
cp -R build-cli node_modules $out/libexec/bitwarden-directory-connector
# needs to be wrapped with nodejs so that it can be executed
chmod +x $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js
mkdir -p $out/bin
ln -s $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js $out/bin/bitwarden-directory-connector-cli
runHook postInstall
'';
};
}

35
pkgs/tools/security/bmrsa/11.nix Normal file
View File

@@ -0,0 +1,35 @@
{
lib,
stdenv,
fetchurl,
unzip,
}:
stdenv.mkDerivation rec {
pname = "bmrsa";
version = "11";
src = fetchurl {
url = "mirror://sourceforge/bmrsa/bmrsa${version}.zip";
sha256 = "0ksd9xkvm9lkvj4yl5sl0zmydp1wn3xhc55b28gj70gi4k75kcl4";
};
nativeBuildInputs = [ unzip ];
unpackPhase = ''
mkdir bmrsa
cd bmrsa
unzip ${src}
sed -e 's/gcc/g++/' -i Makefile
mkdir -p $out/bin
echo -e 'install:\n\tcp bmrsa '$out'/bin' >> Makefile
'';
meta = with lib; {
description = "RSA utility";
mainProgram = "bmrsa";
homepage = "http://bmrsa.sourceforge.net/";
license = licenses.gpl2Only;
platforms = platforms.linux;
};
}

2
pkgs/tools/security/bundler-audit/Gemfile Normal file
View File

@@ -0,0 +1,2 @@
source 'https://rubygems.org'
gem 'bundler-audit'

16
pkgs/tools/security/bundler-audit/Gemfile.lock Normal file
View File

@@ -0,0 +1,16 @@
GEM
remote: https://rubygems.org/
specs:
bundler-audit (0.9.2)
bundler (>= 1.2.0, < 3)
thor (~> 1.0)
thor (1.3.2)
PLATFORMS
ruby
DEPENDENCIES
bundler-audit
BUNDLED WITH
2.6.2

36
pkgs/tools/security/bundler-audit/default.nix Normal file
View File

@@ -0,0 +1,36 @@
{
bundlerEnv,
ruby,
lib,
bundlerUpdateScript,
}:
bundlerEnv rec {
name = "${pname}-${version}";
pname = "bundler-audit";
version = (import ./gemset.nix).bundler-audit.version;
inherit ruby;
gemdir = ./.;
passthru.updateScript = bundlerUpdateScript "bundler-audit";
meta = with lib; {
description = "Patch-level verification for Bundler";
longDescription = ''
Features:
- Checks for vulnerable versions of gems in Gemfile.lock.
- Checks for insecure gem sources (http://).
- Allows ignoring certain advisories that have been manually worked around.
- Prints advisory information.
- Does not require a network connection.
'';
homepage = "https://github.com/rubysec/bundler-audit";
changelog = "https://github.com/rubysec/bundler-audit/blob/v${version}/ChangeLog.md";
license = licenses.gpl3Plus;
maintainers = with maintainers; [
nicknovitski
];
platforms = platforms.unix;
};
}

23
pkgs/tools/security/bundler-audit/gemset.nix Normal file
View File

@@ -0,0 +1,23 @@
{
bundler-audit = {
dependencies = [ "thor" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0j0h5cgnzk0ms17ssjkzfzwz65ggrs3lsp53a1j46p4616m1s1bk";
type = "gem";
};
version = "0.9.2";
};
thor = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1nmymd86a0vb39pzj2cwv57avdrl6pl3lf5bsz58q594kqxjkw7f";
type = "gem";
};
version = "1.3.2";
};
}

13
pkgs/tools/security/chipsec/compile-ko.diff Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/setup.py b/setup.py
index 3465765c..ae128922 100755
--- a/setup.py
+++ b/setup.py
@@ -137,7 +137,7 @@ class build_ext(_build_ext):
elif platform.system().lower() == "windows":
driver_build_function = self._build_win_driver
- if not self.skip_driver:
+ if True:
driver_build_function()
def get_source_files(self):

95
pkgs/tools/security/chipsec/default.nix Normal file
View File

@@ -0,0 +1,95 @@
{
lib,
stdenv,
fetchFromGitHub,
kernel ? null,
elfutils,
nasm,
python3,
withDriver ? false,
}:
python3.pkgs.buildPythonApplication rec {
pname = "chipsec";
version = "1.10.6";
format = "setuptools";
disabled = !stdenv.hostPlatform.isLinux;
src = fetchFromGitHub {
owner = "chipsec";
repo = "chipsec";
rev = version;
hash = "sha256-+pbFG1SmSO/cnt1e+kel7ereC0I1OCJKKsS0KaJDWdc=";
};
patches = lib.optionals withDriver [
./ko-path.diff
./compile-ko.diff
];
postPatch = ''
substituteInPlace tests/software/util.py \
--replace-fail "assertRegexpMatches" "assertRegex"
'';
KSRC = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
nativeBuildInputs = [
nasm
]
++ lib.optionals (lib.meta.availableOn stdenv.buildPlatform elfutils) [
elfutils
]
++ lib.optionals withDriver kernel.moduleBuildDependencies;
nativeCheckInputs = with python3.pkgs; [
distro
pytestCheckHook
];
preBuild = lib.optionalString withDriver ''
export CHIPSEC_BUILD_LIB=$(mktemp -d)
mkdir -p $CHIPSEC_BUILD_LIB/chipsec/helper/linux
appendToVar setupPyBuildFlags "--build-lib=$CHIPSEC_BUILD_LIB"
'';
env.NIX_CFLAGS_COMPILE = toString [
# Needed with GCC 12
"-Wno-error=dangling-pointer"
];
preInstall = lib.optionalString withDriver ''
mkdir -p $out/${python3.pkgs.python.sitePackages}/drivers/linux
mv $CHIPSEC_BUILD_LIB/chipsec/helper/linux/chipsec.ko \
$out/${python3.pkgs.python.sitePackages}/drivers/linux/chipsec.ko
'';
setupPyBuildFlags = lib.optionals (!withDriver) [
"--skip-driver"
];
pythonImportsCheck = [
"chipsec"
];
meta = with lib; {
description = "Platform Security Assessment Framework";
longDescription = ''
CHIPSEC is a framework for analyzing the security of PC platforms
including hardware, system firmware (BIOS/UEFI), and platform components.
It includes a security test suite, tools for accessing various low level
interfaces, and forensic capabilities. It can be run on Windows, Linux,
Mac OS X and UEFI shell.
'';
license = licenses.gpl2Only;
homepage = "https://github.com/chipsec/chipsec";
maintainers = with maintainers; [
johnazoidberg
erdnaxe
];
platforms = [ "x86_64-linux" ] ++ lib.optional (!withDriver) "x86_64-darwin";
# https://github.com/chipsec/chipsec/issues/1793
broken = withDriver && kernel.kernelOlder "5.4" && kernel.isHardened;
};
}

13
pkgs/tools/security/chipsec/ko-path.diff Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/chipsec/helper/linux/linuxhelper.py b/chipsec/helper/linux/linuxhelper.py
index 2fd65140..f3f26bcb 100644
--- a/chipsec/helper/linux/linuxhelper.py
+++ b/chipsec/helper/linux/linuxhelper.py
@@ -153,7 +153,7 @@ class LinuxHelper(Helper):
else:
a2 = f'a2=0x{phys_mem_access_prot}'
- driver_path = os.path.join(chipsec.file.get_main_dir(), "chipsec", "helper", "linux", "chipsec.ko")
+ driver_path = os.path.join(chipsec.file.get_main_dir(), "drivers", "linux", "chipsec.ko")
if not os.path.exists(driver_path):
driver_path += ".xz"
if not os.path.exists(driver_path):

51
pkgs/tools/security/chrome-token-signing/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{
lib,
mkDerivation,
fetchFromGitHub,
qmake,
pcsclite,
pkg-config,
opensc,
}:
mkDerivation rec {
pname = "chrome-token-signing";
version = "1.1.5";
src = fetchFromGitHub {
owner = "open-eid";
repo = "chrome-token-signing";
rev = "v${version}";
sha256 = "sha256-wKy/RVR7jx5AkMJgHXsuV+jlzyfH5nDRggcIUgh2ML4=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
qmake
pcsclite
];
dontUseQmakeConfigure = true;
patchPhase = ''
substituteInPlace host-linux/ee.ria.esteid.json --replace /usr $out
# TODO: macos
substituteInPlace host-shared/PKCS11Path.cpp \
--replace opensc-pkcs11.so ${opensc}/lib/pkcs11/opensc-pkcs11.so
'';
installPhase = ''
install -D -t $out/bin host-linux/chrome-token-signing
# TODO: wire these up
install -D -t $out/etc/chromium/native-messaging-hosts host-linux/ee.ria.esteid.json
install -D -t $out/lib/mozilla/native-messaging-hosts host-linux/ff/ee.ria.esteid.json
'';
meta = with lib; {
description = "Chrome and Firefox extension for signing with your eID on the web";
mainProgram = "chrome-token-signing";
homepage = "https://github.com/open-eid/chrome-token-signing/wiki";
license = licenses.lgpl21;
maintainers = [ maintainers.mmahut ];
platforms = platforms.linux;
};
}

117
pkgs/tools/security/cve-bin-tool/default.nix Normal file
View File

@@ -0,0 +1,117 @@
{
lib,
buildPythonApplication,
fetchFromGitHub,
# build-system
setuptools,
# dependencies
aiohttp,
beautifulsoup4,
brotlipy,
cvss,
distro,
filetype,
jinja2,
jsonschema,
lib4sbom,
lib4vex,
packageurl-python,
packaging,
plotly,
python-gnupg,
pyyaml,
requests,
rich,
rpmfile,
xmlschema,
zipp,
zstandard,
# optional-dependencies
reportlab,
# runtime-dependencies
google-cloud-sdk,
# tests
versionCheckHook,
}:
buildPythonApplication rec {
pname = "cve-bin-tool";
version = "3.4";
pyproject = true;
src = fetchFromGitHub {
owner = "intel";
repo = "cve-bin-tool";
tag = "v${version}";
hash = "sha256-pv8XjKjZBUw5FmmUn1dakGeS1uw2xzF3wSIZOYQ2/3c=";
};
build-system = [ setuptools ];
dependencies = [
aiohttp
beautifulsoup4
brotlipy
cvss
distro
filetype
jinja2
jsonschema
lib4sbom
lib4vex
packageurl-python
packaging
plotly
python-gnupg
pyyaml
requests
rich
rpmfile
setuptools
xmlschema
zipp
zstandard
]
++ aiohttp.optional-dependencies.speedups;
optional-dependencies = {
pdf = [ reportlab ];
};
pythonRemoveDeps = [
# gsutil is only called as a binary at runtime instead of being used as a library
"gsutil"
];
# don't run pytestCheckHook because it wants to open a sqlite database, access the internet, etc
nativeCheckInputs = [
versionCheckHook
]
++ lib.flatten (lib.attrValues optional-dependencies);
pythonImportsCheck = [
"cve_bin_tool"
"cve_bin_tool.mismatch_loader"
];
# provide gsutil
makeWrapperArgs = [
"--prefix"
"PATH"
":"
(lib.makeBinPath [ google-cloud-sdk ])
];
meta = with lib; {
description = "CVE Binary Checker Tool";
homepage = "https://github.com/intel/cve-bin-tool";
changelog = "https://github.com/intel/cve-bin-tool/releases/tag/${src.tag}";
license = licenses.gpl3Plus;
maintainers = [ ];
};
}

91
pkgs/tools/security/ggshield/default.nix Normal file
View File

@@ -0,0 +1,91 @@
{
lib,
fetchFromGitHub,
git,
python3,
}:
python3.pkgs.buildPythonApplication rec {
pname = "ggshield";
version = "1.40.0";
pyproject = true;
src = fetchFromGitHub {
owner = "GitGuardian";
repo = "ggshield";
tag = "v${version}";
hash = "sha256-Y42MBRyjPljUAGTwhH2FS8drUAceuJse8Qd1GbctWQs=";
};
pythonRelaxDeps = true;
build-system = with python3.pkgs; [ pdm-backend ];
dependencies = with python3.pkgs; [
appdirs
charset-normalizer
click
cryptography
marshmallow
marshmallow-dataclass
oauthlib
platformdirs
pygitguardian
pyjwt
python-dotenv
pyyaml
requests
rich
truststore
];
nativeCheckInputs = [
git
]
++ (with python3.pkgs; [
jsonschema
pyfakefs
pytest-factoryboy
pytest-mock
pytest-voluptuous
pytestCheckHook
snapshottest
vcrpy
]);
pythonImportsCheck = [ "ggshield" ];
disabledTestPaths = [
# Don't run functional tests
"tests/functional/"
"tests/unit/cmd/honeytoken"
"tests/unit/cmd/scan/"
"tests/test_factories.py"
];
disabledTests = [
# No TLS certificate, no .git folder, etc.
"test_cache_catches"
"test_is_git_dir"
"test_is_valid_git_commit_ref"
"test_check_git_dir"
"test_does_not_fail_if_cache"
# Encoding issues
"test_create_files_from_paths"
"test_file_decode_content"
"test_file_is_longer_than_does_not_read_utf8_file"
"test_file_is_longer_using_8bit_codec"
"test_generate_files_from_paths"
# Nixpkgs issue
"test_get_file_sha_in_ref"
];
meta = with lib; {
description = "Tool to find and fix various types of hardcoded secrets and infrastructure-as-code misconfigurations";
homepage = "https://github.com/GitGuardian/ggshield";
changelog = "https://github.com/GitGuardian/ggshield/blob/${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
mainProgram = "ggshield";
};
}

185
pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch Normal file
View File

@@ -0,0 +1,185 @@
diff --git a/Ghidra/Debug/Debugger-isf/build.gradle b/Ghidra/Debug/Debugger-isf/build.gradle
index 2db94ed67e..925f394cf0 100644
--- a/Ghidra/Debug/Debugger-isf/build.gradle
+++ b/Ghidra/Debug/Debugger-isf/build.gradle
@@ -18,11 +18,17 @@ apply from: "${rootProject.projectDir}/gradle/javaProject.gradle"
apply from: "${rootProject.projectDir}/gradle/jacocoProject.gradle"
apply from: "${rootProject.projectDir}/gradle/javaTestProject.gradle"
apply from: "${rootProject.projectDir}/gradle/distributableGhidraModule.gradle"
-apply from: "${rootProject.projectDir}/gradle/hasProtobuf.gradle"
+apply plugin: 'com.google.protobuf'
apply plugin: 'eclipse'
eclipse.project.name = 'Debug Debugger-isf'
+buildscript {
+ dependencies {
+ classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.18'
+ }
+}
+
dependencies {
api project(':ProposedUtils')
}
diff --git a/Ghidra/Debug/Debugger-rmi-trace/build.gradle b/Ghidra/Debug/Debugger-rmi-trace/build.gradle
index 4fa3b9a539..2663aeaeb0 100644
--- a/Ghidra/Debug/Debugger-rmi-trace/build.gradle
+++ b/Ghidra/Debug/Debugger-rmi-trace/build.gradle
@@ -19,12 +19,17 @@ apply from: "${rootProject.projectDir}/gradle/helpProject.gradle"
apply from: "${rootProject.projectDir}/gradle/jacocoProject.gradle"
apply from: "${rootProject.projectDir}/gradle/javaTestProject.gradle"
apply from: "${rootProject.projectDir}/gradle/distributableGhidraModule.gradle"
-apply from: "${rootProject.projectDir}/gradle/hasProtobuf.gradle"
apply from: "${rootProject.projectDir}/gradle/hasPythonPackage.gradle"
-
+apply plugin: 'com.google.protobuf'
apply plugin: 'eclipse'
eclipse.project.name = 'Debug Debugger-rmi-trace'
+buildscript {
+ dependencies {
+ classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.18'
+ }
+}
+
dependencies {
api project(':ProposedUtils')
api project(':Pty')
@@ -37,13 +42,10 @@ dependencies {
}
task configureGenerateProtoPy {
- dependsOn(configurations.protocArtifact)
+ dependsOn(protobuf.generateProtoTasks.all())
- doLast {
- def exe = configurations.protocArtifact.first()
- if (!isCurrentWindows()) {
- exe.setExecutable(true)
- }
+ doLast {
+ def exe = protobuf.tools.protoc.path
generateProtoPy.commandLine exe
generateProtoPy.args "--python_out=${generateProtoPy.outdir}"
generateProtoPy.args "--pyi_out=${generateProtoPy.stubsOutdir}"
diff --git a/build.gradle b/build.gradle
index 159eb7dd7b..ef4add1ad8 100644
--- a/build.gradle
+++ b/build.gradle
@@ -80,6 +80,12 @@ if (flatRepo.isDirectory()) {
mavenCentral()
flatDir name: "flat", dirs:["$flatRepo"]
}
+ buildscript {
+ repositories {
+ mavenLocal()
+ mavenCentral()
+ }
+ }
}
}
else {
diff --git a/gradle/hasProtobuf.gradle b/gradle/hasProtobuf.gradle
deleted file mode 100644
index a8c176bcbe..0000000000
--- a/gradle/hasProtobuf.gradle
+++ /dev/null
@@ -1,98 +0,0 @@
-/* ###
- * IP: GHIDRA
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*plugins {
- id 'com.google.protobuf' version '0.8.10'
-}*/
-
-configurations {
- allProtocArtifacts
- protocArtifact
-}
-
-def platform = getCurrentPlatformName()
-
-
-dependencies {
- allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:windows-x86_64@exe'
- allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:linux-x86_64@exe'
- allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:linux-aarch_64@exe'
- allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:osx-x86_64@exe'
- allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:osx-aarch_64@exe'
-
- if (isCurrentWindows()) {
- protocArtifact 'com.google.protobuf:protoc:3.21.8:windows-x86_64@exe'
- }
- if (isCurrentLinux()) {
- if (platform.endsWith("x86_64")) {
- protocArtifact 'com.google.protobuf:protoc:3.21.8:linux-x86_64@exe'
- }
- else {
- protocArtifact 'com.google.protobuf:protoc:3.21.8:linux-aarch_64@exe'
- }
- }
- if (isCurrentMac()) {
- if (platform.endsWith("x86_64")) {
- protocArtifact 'com.google.protobuf:protoc:3.21.8:osx-x86_64@exe'
- }
- else {
- protocArtifact 'com.google.protobuf:protoc:3.21.8:osx-aarch_64@exe'
- }
- }
-}
-
-/*protobuf {
- protoc {
- artifact = 'com.google.protobuf:protoc:3.21.8'
- }
-}*/
-
-task configureGenerateProto {
- dependsOn(configurations.protocArtifact)
-
- doLast {
- def exe = configurations.protocArtifact.first()
- if (!isCurrentWindows()) {
- exe.setExecutable(true)
- }
- generateProto.commandLine exe, "--java_out=${generateProto.outdir}", "-I${generateProto.srcdir}"
- generateProto.args generateProto.src
- }
-}
-
-// Can't use providers.exec, or else we see no output
-task generateProto(type:Exec) {
- dependsOn(configureGenerateProto)
- ext.srcdir = file("src/main/proto")
- ext.src = fileTree(srcdir) {
- include "**/*.proto"
- }
- ext.outdir = file("build/generated/source/proto/main/java")
- outputs.dir(outdir)
- inputs.files(src)
-}
-
-tasks.compileJava.dependsOn(tasks.generateProto)
-tasks.eclipse.dependsOn(tasks.generateProto)
-rootProject.tasks.prepDev.dependsOn(tasks.generateProto)
-
-sourceSets {
- main {
- java {
- srcDir tasks.generateProto.outdir
- }
- }
-}
-zipSourceSubproject.dependsOn generateProto

15
pkgs/tools/security/ghidra/0002-Load-nix-extensions.patch Normal file
View File

@@ -0,0 +1,15 @@
diff --git a/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java b/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java
index ea12a661f0..da7779b07f 100644
--- a/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java
+++ b/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java
@@ -36,6 +36,10 @@ public class ApplicationUtilities {
*/
public static Collection<ResourceFile> findDefaultApplicationRootDirs() {
Collection<ResourceFile> applicationRootDirs = new ArrayList<>();
+ String nixGhidraHome = System.getenv("NIX_GHIDRAHOME");
+ if (nixGhidraHome != null) {
+ applicationRootDirs.add(new ResourceFile(nixGhidraHome));
+ };
ResourceFile applicationRootDir = findPrimaryApplicationRootDir();
if (applicationRootDir != null) {
applicationRootDirs.add(applicationRootDir);

26
pkgs/tools/security/ghidra/0003-Remove-build-datestamp.patch Normal file
View File

@@ -0,0 +1,26 @@
diff --git a/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle b/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle
index bc194f219..94b00fabd 100644
--- a/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle
+++ b/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle
@@ -82,7 +82,7 @@ dependencies {
helpPath fileTree(dir: ghidraDir + '/Features/Base', include: "**/Base.jar")
}
-def ZIP_NAME_PREFIX = "${DISTRO_PREFIX}_${RELEASE_NAME}_${getCurrentDate()}"
+def ZIP_NAME_PREFIX = "${DISTRO_PREFIX}_${RELEASE_NAME}"
def DISTRIBUTION_DIR = file("dist")
def pathInZip = "${project.name}"
diff --git a/gradle/root/distribution.gradle b/gradle/root/distribution.gradle
index f44c8267b..f6231c417 100644
--- a/gradle/root/distribution.gradle
+++ b/gradle/root/distribution.gradle
@@ -32,7 +32,7 @@ apply from: "$rootProject.projectDir/gradle/support/sbom.gradle"
def currentPlatform = getCurrentPlatformName()
def PROJECT_DIR = file (rootProject.projectDir.absolutePath)
ext.DISTRIBUTION_DIR = file("$buildDir/dist")
-ext.ZIP_NAME_PREFIX = "${rootProject.DISTRO_PREFIX}_${rootProject.BUILD_DATE_SHORT}"
+ext.ZIP_NAME_PREFIX = "${rootProject.DISTRO_PREFIX}"
ext.ZIP_DIR_PREFIX = "${rootProject.DISTRO_PREFIX}"
ext.ALL_REPOS = [rootProject.file('.').getName()]

110
pkgs/tools/security/ghidra/build-extension.nix Normal file
View File

@@ -0,0 +1,110 @@
{
lib,
stdenv,
unzip,
jdk,
gradle,
ghidra,
}:
let
metaCommon =
oldMeta:
oldMeta
// {
maintainers =
(oldMeta.maintainers or [ ])
++ (with lib.maintainers; [
vringar
ivyfanchiang
]);
platforms = oldMeta.platforms or ghidra.meta.platforms;
};
buildGhidraExtension = lib.extendMkDerivation {
constructDrv = stdenv.mkDerivation;
extendDrvArgs =
finalAttrs:
{
pname,
nativeBuildInputs ? [ ],
meta ? { },
...
}@args:
{
nativeBuildInputs = nativeBuildInputs ++ [
unzip
jdk
gradle
];
preBuild = ''
# Set project name, otherwise defaults to directory name
echo -e '\nrootProject.name = "${pname}"' >> settings.gradle
# A config directory needs to exist when ghidra's GHelpBuilder is run
export XDG_CONFIG_HOME="''${XDG_CONFIG_HOME:-$(mktemp -d)}"
${args.preBuild or ""}
'';
# Needed to run gradle on darwin
__darwinAllowLocalNetworking = true;
gradleBuildTask = args.gradleBuildTask or "buildExtension";
gradleFlags = args.gradleFlags or [ ] ++ [ "-PGHIDRA_INSTALL_DIR=${ghidra}/lib/ghidra" ];
installPhase =
args.installPhase or ''
runHook preInstall
mkdir -p $out/lib/ghidra/Ghidra/Extensions
unzip -d $out/lib/ghidra/Ghidra/Extensions dist/*.zip
# Prevent attempted creation of plugin lock files in the Nix store.
for i in $out/lib/ghidra/Ghidra/Extensions/*; do
touch "$i/.dbDirLock"
done
runHook postInstall
'';
meta = metaCommon meta;
};
};
buildGhidraScripts = lib.extendMkDerivation {
constructDrv = stdenv.mkDerivation;
extendDrvArgs =
finalAttrs:
{
pname,
meta ? { },
...
}@args:
{
installPhase = ''
runHook preInstall
GHIDRA_HOME=$out/lib/ghidra/Ghidra/Extensions/${pname}
mkdir -p $GHIDRA_HOME
cp -r . $GHIDRA_HOME/ghidra_scripts
touch $GHIDRA_HOME/Module.manifest
cat <<'EOF' > extension.properties
name=${pname}
description=${meta.description or ""}
author=
createdOn=
version=${lib.getVersion ghidra}
EOF
runHook postInstall
'';
meta = metaCommon meta;
};
};
in
{
inherit buildGhidraExtension buildGhidraScripts;
}

220
pkgs/tools/security/ghidra/build.nix Normal file
View File

@@ -0,0 +1,220 @@
{
stdenv,
fetchFromGitHub,
lib,
callPackage,
gradle_8,
makeBinaryWrapper,
openjdk21,
unzip,
makeDesktopItem,
copyDesktopItems,
desktopToDarwinBundle,
xcbuild,
protobuf,
ghidra-extensions,
python3,
python3Packages,
}:
let
pkg_path = "$out/lib/ghidra";
pname = "ghidra";
version = "11.4.2";
isMacArm64 = stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64;
releaseName = "NIX";
distroPrefix = "ghidra_${version}_${releaseName}";
src = fetchFromGitHub {
owner = "NationalSecurityAgency";
repo = "Ghidra";
rev = "Ghidra_${version}_build";
hash = "sha256-/veSp2WuGOF0cYwUC4QFJD6kaMae5NuKrQ5Au4LjDe8=";
# populate values that require us to use git. By doing this in postFetch we
# can delete .git afterwards and maintain better reproducibility of the src.
leaveDotGit = true;
postFetch = ''
cd "$out"
git rev-parse HEAD > $out/COMMIT
# 1970-Jan-01
date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%b-%d" > $out/SOURCE_DATE_EPOCH
# 19700101
date -u -d "@$(git log -1 --pretty=%ct)" "+%Y%m%d" > $out/SOURCE_DATE_EPOCH_SHORT
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
patches = [
# Use our own protoc binary instead of the prebuilt one
./0001-Use-protobuf-gradle-plugin.patch
# Override installation directory to allow loading extensions
./0002-Load-nix-extensions.patch
# Remove build dates from output filenames for easier reference
./0003-Remove-build-datestamp.patch
];
postPatch = ''
# Set name of release (eg. PUBLIC, DEV, etc.)
sed -i -e 's/application\.release\.name=.*/application.release.name=${releaseName}/' Ghidra/application.properties
# Set build date and git revision
echo "application.build.date=$(cat SOURCE_DATE_EPOCH)" >> Ghidra/application.properties
echo "application.build.date.short=$(cat SOURCE_DATE_EPOCH_SHORT)" >> Ghidra/application.properties
echo "application.revision.ghidra=$(cat COMMIT)" >> Ghidra/application.properties
# Tells ghidra to use our own protoc binary instead of the prebuilt one.
tee -a Ghidra/Debug/Debugger-{isf,rmi-trace}/build.gradle <<HERE
protobuf {
protoc {
path = '${protobuf}/bin/protoc'
}
}
HERE
'';
# "Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0."
gradle = gradle_8;
in
stdenv.mkDerivation (finalAttrs: {
inherit
pname
version
src
patches
postPatch
;
# Don't create .orig files if the patch isn't an exact match.
patchFlags = [
"--no-backup-if-mismatch"
"-p1"
];
desktopItems = [
(makeDesktopItem {
name = "ghidra";
exec = "ghidra";
icon = "ghidra";
desktopName = "Ghidra";
genericName = "Ghidra Software Reverse Engineering Suite";
categories = [ "Development" ];
terminal = false;
startupWMClass = "ghidra-Ghidra";
})
];
nativeBuildInputs = [
gradle
unzip
makeBinaryWrapper
copyDesktopItems
protobuf
python3
python3Packages.pip
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
xcbuild
desktopToDarwinBundle
];
dontStrip = true;
__darwinAllowLocalNetworking = true;
mitmCache = gradle.fetchDeps {
inherit pname;
data = ./deps.json;
};
gradleFlags = [
"-Dorg.gradle.java.home=${openjdk21}"
]
++ lib.optionals isMacArm64 [
# For some reason I haven't been able to figure out yet, ghidra builds for
# arm64 seems to build the x64 binaries of the decompiler. These fail to
# build due to trying to link the x64 object files with arm64 stdc++
# library, which obviously fails.
#
# Those binaries are entirely unnecessary anyways, since we're targeting
# arm64 build here, so let's exclude them from the build.
"-x"
"Decompiler:linkSleighMac_x86_64Executable"
"-x"
"Decompiler:linkDecompileMac_x86_64Executable"
];
preBuild = ''
export JAVA_TOOL_OPTIONS="-Duser.home=$NIX_BUILD_TOP/home"
gradle -I gradle/support/fetchDependencies.gradle
'';
gradleBuildTask = "buildGhidra";
installPhase = ''
runHook preInstall
mkdir -p "${pkg_path}" "$out/share/applications"
ZIP=build/dist/$(ls build/dist)
echo $ZIP
unzip $ZIP -d ${pkg_path}
f=("${pkg_path}"/*)
mv "${pkg_path}"/*/* "${pkg_path}"
rmdir "''${f[@]}"
for f in Ghidra/Framework/Gui/src/main/resources/images/GhidraIcon*.png; do
res=$(basename "$f" ".png" | cut -d"_" -f3 | cut -c11-)
install -Dm444 "$f" "$out/share/icons/hicolor/''${res}x''${res}/apps/ghidra.png"
done;
# improved macOS icon support
install -Dm444 Ghidra/Framework/Gui/src/main/resources/images/GhidraIcon64.png $out/share/icons/hicolor/32x32@2/apps/ghidra.png
runHook postInstall
'';
postFixup = ''
mkdir -p "$out/bin"
ln -s "${pkg_path}/ghidraRun" "$out/bin/ghidra"
ln -s "${pkg_path}/support/analyzeHeadless" "$out/bin/ghidra-analyzeHeadless"
wrapProgram "${pkg_path}/support/launch.sh" \
--set-default NIX_GHIDRAHOME "${pkg_path}/Ghidra" \
--prefix PATH : ${lib.makeBinPath [ openjdk21 ]}
'';
passthru = {
inherit releaseName distroPrefix;
inherit (ghidra-extensions.override { ghidra = finalAttrs.finalPackage; })
buildGhidraExtension
buildGhidraScripts
;
withExtensions = callPackage ./with-extensions.nix { ghidra = finalAttrs.finalPackage; };
};
meta = with lib; {
changelog = "https://htmlpreview.github.io/?https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_${finalAttrs.version}_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html";
description = "Software reverse engineering (SRE) suite of tools";
mainProgram = "ghidra";
homepage = "https://ghidra-sre.org/";
platforms = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
sourceProvenance = with sourceTypes; [
fromSource
binaryBytecode # deps
];
license = licenses.asl20;
maintainers = with maintainers; [
roblabla
vringar
];
broken = stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64;
};
})

94
pkgs/tools/security/ghidra/default.nix Normal file
View File

@@ -0,0 +1,94 @@
{
stdenv,
fetchzip,
lib,
makeWrapper,
autoPatchelfHook,
openjdk21,
pam,
makeDesktopItem,
icoutils,
}:
let
pkg_path = "$out/lib/ghidra";
desktopItem = makeDesktopItem {
name = "ghidra";
exec = "ghidra";
icon = "ghidra";
desktopName = "Ghidra";
genericName = "Ghidra Software Reverse Engineering Suite";
categories = [ "Development" ];
terminal = false;
startupWMClass = "ghidra-Ghidra";
};
in
stdenv.mkDerivation rec {
pname = "ghidra";
version = "11.4.2";
versiondate = "20250826";
src = fetchzip {
url = "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_${version}_build/ghidra_${version}_PUBLIC_${versiondate}.zip";
hash = "sha256-5illpD+kWZfwtN8QpSJFcnsTrOPpvll3zNXR5r5q7jA=";
};
nativeBuildInputs = [
makeWrapper
icoutils
]
++ lib.optionals stdenv.hostPlatform.isLinux [ autoPatchelfHook ];
buildInputs = [
(lib.getLib stdenv.cc.cc)
pam
];
dontStrip = true;
installPhase = ''
mkdir -p "${pkg_path}"
mkdir -p "${pkg_path}" "$out/share/applications"
cp -a * "${pkg_path}"
ln -s ${desktopItem}/share/applications/* $out/share/applications
icotool -x "${pkg_path}/support/ghidra.ico"
rm ghidra_4_40x40x32.png
for f in ghidra_*.png; do
res=$(basename "$f" ".png" | cut -d"_" -f3 | cut -d"x" -f1-2)
mkdir -pv "$out/share/icons/hicolor/$res/apps"
mv "$f" "$out/share/icons/hicolor/$res/apps/ghidra.png"
done;
'';
postFixup = ''
mkdir -p "$out/bin"
ln -s "${pkg_path}/ghidraRun" "$out/bin/ghidra"
ln -s "${pkg_path}/support/analyzeHeadless" "$out/bin/ghidra-analyzeHeadless"
wrapProgram "${pkg_path}/support/launch.sh" \
--prefix PATH : ${lib.makeBinPath [ openjdk21 ]}
'';
meta = with lib; {
description = "Software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission";
mainProgram = "ghidra";
homepage = "https://github.com/NationalSecurityAgency/ghidra";
platforms = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
sourceProvenance = with sourceTypes; [ binaryBytecode ];
license = licenses.asl20;
maintainers = with maintainers; [
ck3d
govanify
mic92
];
};
}

878
pkgs/tools/security/ghidra/deps.json generated Normal file
View File

@@ -0,0 +1,878 @@
{
"!comment": "This is a nixpkgs Gradle dependency lockfile. For more details, refer to the Gradle section in the nixpkgs manual.",
"!version": 1,
"https://archive.eclipse.org": {
"tools/cdt/releases/8.6/cdt-8.6.0": {
"zip": "sha256-gbfRnVfEowCfR2FpmnLo1kK14dklHSu5jfQ4seKPi6k="
}
},
"https://files.pythonhosted.org/packages": {
"05/71/590b2a91b43763aa27eac2c63803542a2878a4d8c600b81aa694d3fde919/jpype1-1.5.2-cp39-cp39-macosx_10_9_x86_64": {
"whl": "sha256-i3XTPpOjvGVD3fl8JO4K21qGpp+2fw5PT6HIw5cLv5g="
},
"0b/7d/9fdbbc1a574be43f9820735ca8df0caf8b159856201d9b21fd73932342bc/jpype1-1.5.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64": {
"whl": "sha256-uQDhVIJqB2EY0HQWZZbx2BfhE+BwhL8MnEPYBkqGq3c="
},
"0e/78/95db2eb3c8a7311ee08a2c237cea24828859db6a6cb5e901971d3f5e49da/jpype1-1.5.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64": {
"whl": "sha256-pUp3HuViYPmOW5p3RVCE5KSAYZZ94T2r9ii9upyBIuA="
},
"0e/b9/4dfb38a7f4efb21f71df7344944a8d9a23e30d0503574e455af6ce4f1a56/jpype1-1.5.2-cp311-cp311-win_amd64": {
"whl": "sha256-Cg0Y1DhLPfLlUoJUVzffzxjGBFBPE4KtFPiAvvlg8mU="
},
"20/a3/00a265d424f7d47e0dc547df2320225ce0143fec671faf710def41404b8c/jpype1-1.5.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64": {
"whl": "sha256-wISAx9GBJWZKEr8KJEuWtJwFEFMGtlk32+/rBatLKEc="
},
"22/18/0a51845ca890ffdc72f4d71a0c2be334b887c5bb6812207efe5ad45afcb3/jpype1-1.5.2-cp310-cp310-win_amd64": {
"whl": "sha256-kksKDPk9Pd2z95KG++QPjJAceO1hIW7b4QhmYjTfQ+A="
},
"27/d6/003e593296a85fd6ed616ed962795b2f87709c3eee2bca4f6d0fe55c6d00/wheel-0.37.1-py2.py3-none-any": {
"whl": "sha256-S9zX2EATgIYSbNCSVNxhlftPxvAcBQodcjbyYw2x0io="
},
"35/a0/638186a75026a02286041e4a0449b1dff799a3914dc1c0716ef9b9367b73/jpype1-1.5.2-cp311-cp311-macosx_10_9_universal2": {
"whl": "sha256-yfarjdKEwW4mF6aX1Uw9AwSwgCCjc4btlhA6EpORotk="
},
"50/8f/518a37381e55a8857a638afa86143efa5508434613541402d20611a1b322/comtypes-1.4.1-py3-none-any": {
"whl": "sha256-ogig48ocClNic12g/2YYIoAdzocxK4lNfXUq3QEKIbA="
},
"6d/d0/191db2e9ab6ae7029368a488c9d88235966843b185aba7925e54aa0c0013/jpype1-1.5.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64": {
"whl": "sha256-Qv6NtmrU5cZvY39cTegvyogLppYQTh9KfldYhZI96tg="
},
"74/dd/7408d4beae755de6fcd07c76b2f0bacabc0461b43fba83811c1f7c22440e/jpype1-1.5.2-cp312-cp312-win_amd64": {
"whl": "sha256-x7HC120hHKtgvhZQXTKms8n//FHOecaOgaPUjl7//y0="
},
"74/f3/1cd4332076ed0421e703412f47f15f43af170809435c57ba3162edc80d4b/jpype1-1.5.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64": {
"whl": "sha256-tbH7K0MKUPCB6g7iTRkjKuDQPb/j3QduxfiuQrMKZW8="
},
"76/be/b37005bec457b94eaaf637a663073b7c5df70113fd4ae4865f6e386c612f/jpype1-1.5.2-cp313-cp313-macosx_10_13_universal2": {
"whl": "sha256-SssJjLFpixS25ceeJ19McNzAGw+5NCXyBtCl44DkPGY="
},
"77/6b/130fb6d0c43976b4e129c6bc19daf0e25c42fc38c5096ed92c4105bfd2c4/jpype1-1.5.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64": {
"whl": "sha256-6iG8pM7OdSzT7oj81izo9ET+rI3HJER1/bnA6HEuB+o="
},
"77/91/f08a719461a390b48d9096b50f1f4a49ee281007ec192e51073090d3d8b7/jpype1-1.5.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64": {
"whl": "sha256-VHRCZe82Zl0RDROaS4HRBTJpTGB3sj72DzYJ/q3CLTA="
},
"83/1c/25b79fc3ec99b19b0a0730cc47356f7e2959863bf9f3cd314332bddb4f68/pywin32-306-cp312-cp312-win_amd64": {
"whl": "sha256-NyV3lMGtOe6b5lLaBGLcLjlMgVnf2ROopOjrb9NG2g4="
},
"8d/14/619e24a4c70df2901e1f4dbc50a6291eb63a759172558df326347dce1f0d/protobuf-3.20.3-py2.py3-none-any": {
"whl": "sha256-p8ptSIqo/38ynUxUWy262KwxRk8dixyHrRNGcXcx5Ns="
},
"8d/e4/0c27352e8222dcc0e3ce44b298015072d2057d08dd353541c980a31d26c9/jpype1-1.5.2-cp312-cp312-macosx_10_9_universal2": {
"whl": "sha256-Hh25rJCa0q4OQLBMKqiMsUJQ1SRdaXFVYVB2gfKwiy8="
},
"90/c7/6dc0a455d111f68ee43f27793971cf03fe29b6ef972042549db29eec39a2/psutil-5.9.8": {
"tar.gz": "sha256-a+Em4yJUht/yhqj7mgYkalJT9MfFO0depfWsk05kGUw="
},
"97/0a/cbe03759331c640aa5862f974028122a862b08935a0b11b8fa6f6e46c26b/jpype1-1.5.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64": {
"whl": "sha256-zcqTzHT42x9gTS6mrbdk3sTexoUo8e5oMI+j1SQJVzk="
},
"bd/68/47fa634cbd0418cbca86355e9421425f5892ee994f7338106327e49f9117/jpype1-1.5.2": {
"tar.gz": "sha256-dKQuzPIdMDlMGDKuw5haFJZfpTINoIe2UCnRcsDOxDs="
},
"c0/c6/63538d160c17e837f62d29ba4163bc444cef08c29cd3f3b8090691c1869c/jpype1-1.5.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64": {
"whl": "sha256-/PxcHUXWsQiADRcuqBe9pYXbfxZG1qmNFNqaymbg60Q="
},
"c7/42/be1c7bbdd83e1bfb160c94b9cafd8e25efc7400346cf7ccdbdb452c467fa/setuptools-68.0.0-py3-none-any": {
"whl": "sha256-EeUsZ0FaOB0Q1rRiztnPuXBmF58OhxOZ4AbEqxAfyF8="
},
"c7/f2/b2efcad1ea5a541f125218e4eb1529ebb8ca18941264c879f3e89a36dc35/jpype1-1.5.2-cp310-cp310-macosx_10_9_universal2": {
"whl": "sha256-ey2pjBQoEspAoYpzWzPkfGURsD3r8el5Yw9M9HO2ioc="
},
"ce/78/91db67e7fe1546dc8b02c38591b7732980373d2d252372f7358054031dd4/Pybag-2.2.12-py3-none-any": {
"whl": "sha256-7aXubE6HOQKYG39SW0KgJCi4fHNo3yxb3+He0OaIQSY="
},
"d0/dd/b28df50316ca193dd1275a4c47115a720796d9e1501c1888c4bfa5dc2260/capstone-5.0.1-py3-none-win_amd64": {
"whl": "sha256-G/pcgeaIDK9BoxlGzW0tBpwEi8wi7fEhJUtQGgSN5nU="
},
"e3/b7/e1787633b41d609320b41d0dd87fe3118598210609e4e3f6cef93cfcef40/jpype1-1.5.2-cp313-cp313-win_amd64": {
"whl": "sha256-K5Y2XxMC3y+zxq1zEX1v5FClW3VQ/X/sraw87FvHEXw="
},
"e5/cf/344e1f81f1e8c651ec23dfa9fe4b91f6e1d699b36f610a547ba85ee7fb16/jpype1-1.5.2-cp39-cp39-win_amd64": {
"whl": "sha256-aOHRGCAPxG9OpL8gkACBWH7ATeSEA3yZewo7fF63H+M="
},
"ec/1a/610693ac4ee14fcdf2d9bf3c493370e4f2ef7ae2e19217d7a237ff42367d/packaging-23.2-py3-none-any": {
"whl": "sha256-jEkRkAM6mvfh2THQtdrMLvR1CbNN0N5n7SCbUgP8iMc="
},
"fa/4c/e0200a6e3fed5cda79e926c2a8a610676f04948f89d7e38d93c7d4b21be9/jpype1-1.5.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64": {
"whl": "sha256-mU+3sxm0U/d61Lav8B4N1BgOp0pv5aAx5OnbktvpU3Y="
}
},
"https://ftp.postgresql.org": {
"pub/source/v15.13/postgresql-15.13": {
"tar.gz": "sha256-r9wisKblvse2VyN1a5DUTqkR5hsvewHE3FUkq4E7TYk="
}
},
"https://github.com/NationalSecurityAgency/ghidra-data/raw/Ghidra_11.4.2": {
"Debugger/dbgmodel": {
"tlb": "sha256-jPXzouuBFgqjSQVqXKTCxyaxtumL8wl81BNRRxYzQ8c="
},
"FunctionID/vs2012_x64": {
"fidb": "sha256-1OmKs/eQuDF5MhhDC7oNiySl+/TaZbDB/6jLDPvrDNw="
},
"FunctionID/vs2012_x86": {
"fidb": "sha256-pJDtfi7SHlh0Wf6urOcDa37eTOhOcuEN/YxXQ0ppGLY="
},
"FunctionID/vs2015_x64": {
"fidb": "sha256-4E6eQPnstgHIX02E7Zv2a0U2O+HR6CwWLkyZArjLUI8="
},
"FunctionID/vs2015_x86": {
"fidb": "sha256-tm7mlmU+LtNlkZ3qrviFEDEgx5LiLnmvcNEgnX4dhkQ="
},
"FunctionID/vs2017_x64": {
"fidb": "sha256-1fpfaXKYF0+lPSR9NZnmoSiEYFrRgce5VOI4DsHwvYk="
},
"FunctionID/vs2017_x86": {
"fidb": "sha256-04nLjXb/SlnKNfiRuFIccq1fDfluJTlzotIahhSkzIE="
},
"FunctionID/vs2019_x64": {
"fidb": "sha256-FQAHeW/DakBpZgrWJEmq2q890Rs4ZKXvIeeYMcnOkRg="
},
"FunctionID/vs2019_x86": {
"fidb": "sha256-62MKNvqlhqNx63NNwLvY0TzK72l/PbWHJZY1jz3SQyo="
},
"FunctionID/vsOlder_x64": {
"fidb": "sha256-jDtR9GYM0n4aDWEKnz8tX7yDOmasnuQ5PuLySB6FWGY="
},
"FunctionID/vsOlder_x86": {
"fidb": "sha256-mGBca2uSFKlF2ETkHIWGDVRkmkW8p4c+9pkcDpNyB4c="
},
"lib/java-sarif-2.1-modified": {
"jar": "sha256-f3NlZklHVtJxql5LGvbIncUNB0qxxjdKR9+CImQiawE="
}
},
"https://repo.maven.apache.org/maven2": {
"biz/aQute/bnd#biz.aQute.bnd.util/7.0.0": {
"jar": "sha256-OVddFQJJliqcbUbM5+Zy53fIqGIKHS0iDH8sCnmediM=",
"pom": "sha256-+dgDJLl2Hp3ipFoP6naPWZRH9AxuQZ8gje2MrxIYAMU="
},
"biz/aQute/bnd#biz.aQute.bndlib/7.0.0": {
"jar": "sha256-gKVp0AbzLpJc7kzor5Jrfm/aqqtcy/1f5MnN/5xN0t8=",
"pom": "sha256-mOuywO2iBtxb79bFJsjCAneApDvymekXyzwDXwOYp9I="
},
"com/beust#jcommander/1.64": {
"jar": "sha256-FWvnNhmcmQMh2f93CQsZlinPyYZeLWwT980pG7FkGBc=",
"pom": "sha256-F84MMunPlTZ4+CCuXyrZLu85bYQPZn/JnyOtwK0l0yg="
},
"com/formdev#flatlaf/3.5.4": {
"jar": "sha256-PDS2rrLxcKlUxDWGR+tDtotEeiw1H/MRBy9xV6XU4v4=",
"module": "sha256-Rjx10DAKwDblv9OLBqPx8Ua/17YdoyYael79bebtqdU=",
"pom": "sha256-ymv/5ynY3zr6lZQM0Wz/dL4eiHIHGP5hCsD+Jv4XsWA="
},
"com/github/rotty3000#phidias/0.3.7": {
"jar": "sha256-yNB2DOOw7RRT1DW83THjTwvjrAkCTn4amLijzr9Ka7U=",
"pom": "sha256-FY+kDQZfFCR5B7aSIiRY152eFjsTz1tfrHvgIkLMK60="
},
"com/github/tomnelson#jungrapht-layout/1.4": {
"jar": "sha256-owQBKdw57SMms2yhXGNEIu5XmkYXhmj5lELjiz5gcJk=",
"pom": "sha256-TO0lLb8YrUWTvoW6bWycCdvB7tZEjZtZneziavTnyN4="
},
"com/github/tomnelson#jungrapht-visualization-parent/1.4": {
"pom": "sha256-s5gyFq8VA62ryVOkKXKO1kpORbvDj++2wgOiiUPCq+w="
},
"com/github/tomnelson#jungrapht-visualization/1.4": {
"jar": "sha256-lwU6HdLNqyY/tWEfG8grhiswmflR480FZOPiPRk/Tdg=",
"pom": "sha256-YE8saHqHsq0L90QETPJmynWuKdPPCa383C5WEjDOtoY="
},
"com/google/code/findbugs#jsr305/3.0.2": {
"jar": "sha256-dmrSoHg/JoeWLIrXTO7MOKKLn3Ki0IXuQ4t4E+ko0Mc=",
"pom": "sha256-GYidvfGyVLJgGl7mRbgUepdGRIgil2hMeYr+XWPXjf4="
},
"com/google/code/gson#gson-parent/2.9.0": {
"pom": "sha256-r3gcmldm/+oxGg3wU2V2pk3sxmGqEQxN5cc6yL9DRCQ="
},
"com/google/code/gson#gson/2.9.0": {
"jar": "sha256-yW1gVRMxoZbaxUt0WqZCzQeO+JtvJnFGtwXywsvvBS0=",
"pom": "sha256-cZDQsH8njp9MYD9E5UOUD4HPGiVZ+FHG8pjJuyvil4w="
},
"com/google/errorprone#error_prone_annotations/2.2.0": {
"jar": "sha256-br0iyhudjsBtQd6NZOBZaYHZYHtCA1+e03T53icaSBo=",
"pom": "sha256-XgJY6huk5RoTN0JoC8IkSPerIUvkBz6GGfZF7xvkLdU="
},
"com/google/errorprone#error_prone_annotations/2.21.1": {
"jar": "sha256-0fPGaqkaxSVJ4Arjsgi6S5r31y1o8jBkNVO+s45hGKw=",
"pom": "sha256-9ZiID+766p1nTcQdsTqzcAS/A3drW7IcBN7ejpIMHxI="
},
"com/google/errorprone#error_prone_parent/2.2.0": {
"pom": "sha256-xGCQLd9ezmiDLGsnHOUqCSiwXPOmrIGo9UjHPL1UETg="
},
"com/google/errorprone#error_prone_parent/2.21.1": {
"pom": "sha256-MrsLX/JB/Wuh/upEiuu5zt7xaZvnPLbzGTZTh7gr+Sw="
},
"com/google/gradle#osdetector-gradle-plugin/1.7.0": {
"jar": "sha256-29oheMFO1rk6GEsay/ONchBwAiUmaMERz0EeyjfkHKY=",
"pom": "sha256-6BYywu6apI5+zwVHUSwcOGVgwNRqlY7lBVD3693xNRc="
},
"com/google/guava#failureaccess/1.0.1": {
"jar": "sha256-oXHuTHNN0tqDfksWvp30Zhr6typBra8x64Tf2vk2yiY=",
"pom": "sha256-6WBCznj+y6DaK+lkUilHyHtAopG1/TzWcqQ0kkEDxLk="
},
"com/google/guava#guava-parent/19.0": {
"pom": "sha256-O3b/Q+zfEPdNo25KritHDJ0GPgU8XKAm9VEq6U8cPhA="
},
"com/google/guava#guava-parent/26.0-android": {
"pom": "sha256-+GmKtGypls6InBr8jKTyXrisawNNyJjUWDdCNgAWzAQ="
},
"com/google/guava#guava-parent/27.0.1-jre": {
"pom": "sha256-MX6IKRJi4M8oBelWwYhQ8dRWXIXC4REvXZ0Iqxcy5pY="
},
"com/google/guava#guava-parent/27.1-android": {
"pom": "sha256-1oF79aZ2AKOTpoA9UfR8159KXth1cqg3K++S4nNRgXI="
},
"com/google/guava#guava-parent/32.1.3-jre": {
"pom": "sha256-8oPB8EiXqaiKP6T/RoBOZeghFICaCc0ECUv33gGxhXs="
},
"com/google/guava#guava/19.0": {
"pom": "sha256-rdwGTafxB3/fTckOWqqIfNeQhQ0bdP4ubiXV94VRrGM="
},
"com/google/guava#guava/27.0.1-jre": {
"jar": "sha256-4cgU/QRJKifDjgMX6r6qGz6VDsgBAjnkAP6QrWyRB7Q=",
"pom": "sha256-ao3QQfI6a7FKhuRA/MuZNTe2InE1eg2sCjyw/zkVjzY="
},
"com/google/guava#guava/27.1-android": {
"pom": "sha256-KUYNJundBml2Ak+RJoMlzxHzkScNiPi1MewGQqNbwNw="
},
"com/google/guava#guava/32.1.3-jre": {
"jar": "sha256-bU4rWhGKq2Lm5eKdGFoCJO7YLIXECsPTPPBKJww7N0Q=",
"module": "sha256-9f/3ZCwS52J7wUKJ/SZ+JgLBf5WQ4jUiw+YxB/YcKUI=",
"pom": "sha256-cA5tRudbWTmiKkHCXsK7Ei88vvTv7UXjMS/dy+mT2zM="
},
"com/google/guava#listenablefuture/9999.0-empty-to-avoid-conflict-with-guava": {
"jar": "sha256-s3KgN9QjCqV/vv/e8w/WEj+cDC24XQrO0AyRuXTzP5k=",
"pom": "sha256-GNSx2yYVPU5VB5zh92ux/gXNuGLvmVSojLzE/zi4Z5s="
},
"com/google/j2objc#j2objc-annotations/1.1": {
"jar": "sha256-KZSn63jycQvT07+2ObLJTiGc7awNTQhNUW54wW3d7PY=",
"pom": "sha256-8MmMVx6Tp8tN0Y3w+jCPCWPnoGIKwtQkTmHnCdA61r4="
},
"com/google/j2objc#j2objc-annotations/2.8": {
"jar": "sha256-8CqV+hpele2z7YWf0Pt99wnRIaNSkO/4t03OKrf01u0=",
"pom": "sha256-N/h3mLGDhRE8kYv6nhJ2/lBzXvj6hJtYAMUZ1U2/Efg="
},
"com/google/protobuf#protobuf-bom/3.21.8": {
"pom": "sha256-+7Ds/DyjGFddtifjOuRUwT1qTcp68UXRTT9m4IY8PPo="
},
"com/google/protobuf#protobuf-gradle-plugin/0.8.18": {
"jar": "sha256-RP2JrzepsvHdQcCUqbtzPAe/f8eg4jhooQuvbjUfpeA=",
"pom": "sha256-Gwqekab09LYqWmB4wibudwqo3FdnueRzwvwY8KOImAQ="
},
"com/google/protobuf#protobuf-java/3.21.8": {
"jar": "sha256-C4WBrYENLfrv0Nz78VabFFBEhlAjjX4v1rF2yTLQjJU=",
"pom": "sha256-OJBUBuApx6MYaW8O4RnFXM7HizN+oR5MMZWfDgardAg="
},
"com/google/protobuf#protobuf-parent/3.21.8": {
"pom": "sha256-bHKyrDl1sAnR5FdQlVnp+onyV4vShD3LTWo+XPgRFws="
},
"com/h2database#h2/2.2.220": {
"jar": "sha256-l4q4YwGNP5ZeOIgFccNik+qLEKgIYZQVnE1dILUPClc=",
"pom": "sha256-tbp8XBcINbyupnWMWfo8EOvNepx5LiWzm4a559X72Mo="
},
"com/opencsv#opencsv/5.4": {
"jar": "sha256-n94e8+VEQE406u4V5L97p0uANV15gJOwUk1jpZk2JCs=",
"pom": "sha256-uGQpmn0KIQIKgxaZQ499P4VAirJKNOkR+qmf9oTrdv0="
},
"com/oracle/labs/olcut#olcut-config-protobuf/5.2.0": {
"jar": "sha256-xmqG5GT9gi9xzu6JuSU3l8Pc/fZWxNsr+W2kceuXs8o=",
"pom": "sha256-JCBA8xgQ+I6pnGF7RUBrhmdtOvJa7jzZIoysQpd0zmk="
},
"com/oracle/labs/olcut#olcut-core/5.2.0": {
"jar": "sha256-5T6OCQrUJo0iqlPgaCu76rHIHiyoRBP6Q2AqQWP2vhk=",
"pom": "sha256-G912ta/r+7rg+FHQjJ46WmgwP40cMHY4rxuChHVvCgM="
},
"com/oracle/labs/olcut#olcut/5.2.0": {
"pom": "sha256-SRIriefVQhUkr5IsQrsnF0x7vhL2oKKWwiEJgIUW/B4="
},
"commons-beanutils#commons-beanutils/1.9.4": {
"jar": "sha256-fZOMgXiQKARcCMBl6UvnX8KAUnYg1b1itRnVg4UyNoo=",
"pom": "sha256-w1zKe2HUZ42VeMvAuQG4cXtTmr+SVEQdp4uP5g3gZNA="
},
"commons-codec#commons-codec/1.18.0": {
"jar": "sha256-ugBfMEzvkqPe3iSjitWsm4r8zw2PdYOdbBM4Y0z39uQ=",
"pom": "sha256-dLkW2ksDhMYZ5t1MGN7+iqQ4f3lSBSU8+0u7L0WM3c4="
},
"commons-collections#commons-collections/3.2.2": {
"jar": "sha256-7urpF5FxRKaKdB1MDf9mqlxcX9hVk/8he87T/Iyng7g=",
"pom": "sha256-1dgfzCiMDYxxHDAgB8raSqmiJu0aES1LqmTLHWMiFws="
},
"commons-io#commons-io/2.11.0": {
"jar": "sha256-lhsvbYfbrMXVSr9Fq3puJJX4m3VZiWLYxyPOqbwhCQg=",
"pom": "sha256-LgFv1+MkS18sIKytg02TqkeQSG7h5FZGQTYaPoMe71k="
},
"commons-io#commons-io/2.19.0": {
"jar": "sha256-gkJokZtLYvn0DwjFQ4HeWZOwePWGZ+My0XNIrgGdcrk=",
"pom": "sha256-VCt6UC7WGVDRuDEStRsWF9NAfjpN9atWqY12Dg+MWVA="
},
"commons-lang#commons-lang/2.6": {
"jar": "sha256-UPEbCfh3wpTVbyRGP0fSj5Kc9QRPZIZhwPDPuumi9Jw=",
"pom": "sha256-7Xa4iRwwtWYonHQ2Vvik1DWYaYJDjUDFZ8YmIzJH5xE="
},
"commons-logging#commons-logging/1.2": {
"jar": "sha256-2t3qHqC+D1aXirMAa4rJKDSv7vvZt+TmMW/KV98PpjY=",
"pom": "sha256-yRq1qlcNhvb9B8wVjsa8LFAIBAKXLukXn+JBAHOfuyA="
},
"de/femtopedia/dex2jar#d2j-base-cmd/2.4.24": {
"jar": "sha256-npdgWaiU74QPoAMunrk+psr60vGphpifoMXqcbvZFJ0=",
"module": "sha256-65mjqSTi2DV/NXoU2RN9XX8KH0FODoH9EfVBqInq2Bs=",
"pom": "sha256-s8X4M7/XHInxWe+0DG5BtsU0qglCXme9YIQxdW0cUzk="
},
"de/femtopedia/dex2jar#d2j-external/2.4.24": {
"jar": "sha256-PVAlQnJ6wWlu6/vwttvaU4uppYIq8r9LvgtgLvAsChA=",
"pom": "sha256-iurxTkKYs3mHap/0Bshvlvb1ItTNRgX/UHVb+9Wr6nw="
},
"de/femtopedia/dex2jar#dex-ir/2.4.24": {
"jar": "sha256-5wB1C3kGWPqw1ceC9oofvcWH74op+LMsgWv5JdKUWQA=",
"module": "sha256-bwx56rQdiS++RQReuV/x6+XW9kW/j75D1TkmjCfCP6I=",
"pom": "sha256-UpoS1s+bSCpK6lMusffK4pf96ez+/EzG3Toy5BFom+A="
},
"de/femtopedia/dex2jar#dex-reader-api/2.4.24": {
"jar": "sha256-gJvNGdys1pm6BILCdNMgtp0uFHEJh1uMVXcpquWTxKw=",
"module": "sha256-9KsAw3EWGfByHsgc5PMoSI0NSHkMqmJHg23KLqmFYBQ=",
"pom": "sha256-TwVdir25YI+lmnUa4LHLa5MCMxZzXj34idrMGQugXcc="
},
"de/femtopedia/dex2jar#dex-reader/2.4.24": {
"jar": "sha256-Sh8LEZ7oU/27K55XzBBziskG0RGotrAjTaePSNzrGrI=",
"module": "sha256-qlKoHHLESSxUL/oUZVts5tBwsB4CRmi/Yu5di6WHETY=",
"pom": "sha256-Z6TS45BHREEwK1Y9RvHU9B6plqXMKOvslFq9XG29vJ0="
},
"de/femtopedia/dex2jar#dex-translator/2.4.24": {
"jar": "sha256-1Uvxla4E3v1KbMQBv1hkTTTOKccAuVOl8A9/HXsD2lU=",
"module": "sha256-0KGW3NUxqnpbEZCwyypcG6BhF137Ey2S3P5a0pCpF9s=",
"pom": "sha256-YQbcNXGfyXyPjDoBP0w3Dn4genKLKQu8bdSwiaezL5s="
},
"javax/help#javahelp/2.0.05": {
"jar": "sha256-/PSSLTj/hRhPHSMoMXu2CCbhTalIq9YG7j1bjGpw3r0=",
"pom": "sha256-uIEr4lGsoTl/S2pCO/Tt06KERONFOyIDtTSTNrmVgik="
},
"junit#junit/4.13.2": {
"jar": "sha256-jklbY0Rp1k+4rPo0laBly6zIoP/1XOHjEAe+TBbcV9M=",
"pom": "sha256-Vptpd+5GA8llwcRsMFj6bpaSkbAWDraWTdCSzYnq3ZQ="
},
"kr/motd/maven#os-maven-plugin/1.7.0": {
"jar": "sha256-lDBTUBpCnlPRxNYhUu7BJfo2Yg4NxmtzkKiVCXz96s4=",
"pom": "sha256-xPVqjuqlJp76BdsB4xMJBf9b24frKuPnZhVOmuoYO6Y="
},
"msv#isorelax/20050913": {
"jar": "sha256-NCcVJDHPf5Z/kuaeXKwWFHxdj7S05ainL1KReI78/4w=",
"pom": "sha256-u54IxYm/b2BxTQ+dMcLtdwPK9nf+muOSFrzKt3SkfNk="
},
"msv#msv/20050913": {
"jar": "sha256-FL46VQ5QhDO0/hB3XVQOnrWLPvBO10Vrx8fShckMh6I=",
"pom": "sha256-eoaknOHugXmjgCLiMZHkjPW1fkEEr2tXSJ3bjN7GoNY="
},
"msv#relaxngDatatype/20050913": {
"jar": "sha256-TUWpPrXNwyYxlmZzyVS4P8m2CgaBu93O+ixJdtBM3fI=",
"pom": "sha256-F/kF72gZZRismj53oNXlGY1g9D/8kEsiCcoEZhfyLfk="
},
"msv#xsdlib/20050913": {
"jar": "sha256-a476GP9XDAkW2nAsRpBrnooTnhwF2/Hk2L3rokTBsrM=",
"pom": "sha256-Ti8Z4AifVdrd/gOXbyhwCXvAaJcWVQ/p3r10KwrKZ5Y="
},
"net/java/dev/javacc#javacc/5.0": {
"jar": "sha256-cRExYbyM9mQVFVQcKBgCi4fHjsLo/6p1MXaG7giWe4k=",
"pom": "sha256-lBZg1Hgi+cDYDUDqBtSYH83CuHzGJTgbVF79fmtEnO8="
},
"net/java/dev/jna#jna-platform/5.14.0": {
"jar": "sha256-rkys6zhAcwwlN/m3+1WgG6ulgChrQSKVFIi87lWMJEk=",
"pom": "sha256-bLoOBPnuyxZIYAB5O7J+EDsPTQSF4FVOK0wK7RPS7RY="
},
"net/java/dev/jna#jna/5.14.0": {
"jar": "sha256-NO0eHyf6iWvKUNvE6ZzzcylnzsOHp6DV40hsCWc/6MY=",
"pom": "sha256-4E4llRUB3yWtx7Hc22xTNzyUiXuE0+FJISknY+4Hrj0="
},
"net/java/dev/timingframework#timingframework/1.0": {
"jar": "sha256-dGHpJGw7BRkWRaf5TBBGgMwxhlu02RIIKsAv93Egz0s=",
"pom": "sha256-EHm33r9dRb/PyG6euBCvHRhqN11glaDpHKKM2a8pwtA="
},
"net/sf/jung#jung-algorithms/2.1.1": {
"jar": "sha256-7ROOL2srLxOvYaE/F4i85vHeiFjELucKfUHmKDk3owo=",
"pom": "sha256-INw/C+7taPkCw/AtO6qJ8eI0xNSWeyIS15HBjw/a6Qs="
},
"net/sf/jung#jung-api/2.1.1": {
"jar": "sha256-bLc1ljw21RVdDeXxmgNIW5om5nVQ4WCz3YkAmm9RaU4=",
"pom": "sha256-3vtMVoVkg6Trdxnh4WiqYKtjnkPJJRKGZYNzLyPxOgs="
},
"net/sf/jung#jung-graph-impl/2.1.1": {
"jar": "sha256-SRHaBNd7T3u0ZaZa48w6AAyuTVK1h5EePAtMS2Q0k8E=",
"pom": "sha256-DXLiLd6PiBAEu7aagzjuxtnpGTlg9BRDOBlhYPhJqLQ="
},
"net/sf/jung#jung-parent/2.1.1": {
"pom": "sha256-os5T0/ynH/HQQ3FfmhowSo5KrhwGRa2QOMrkxSE2i+Q="
},
"net/sf/jung#jung-visualization/2.1.1": {
"jar": "sha256-kzuibCMIw79FZsOCiXm2itdCJyRXFxLlrw3odr3/oq4=",
"pom": "sha256-ayUROtpk+JgoOQmGsyWE0nNsBE+7iVz1Bo6BQWo9l+w="
},
"net/sf/sevenzipjbinding#sevenzipjbinding-all-platforms/16.02-2.01": {
"jar": "sha256-cvq1Op0x4W1lP+H0AAEdAqf2vGqR6GNLXPrVzhXUZ7s=",
"pom": "sha256-u3FCxepITF/phCbcFezhuYu/3UZTRWqI2idCHXJnAmU="
},
"net/sf/sevenzipjbinding#sevenzipjbinding/16.02-2.01": {
"jar": "sha256-Ezyj9pyMc12Jl8CUd1BPSKny5h6ntwSzcUqQZrHvuI4=",
"pom": "sha256-pdF4WGwNvc4V3cKlKBaE04ek8jW10bklWzls7TaWhcE="
},
"org/antlr#ST4/4.0.8": {
"jar": "sha256-WMqrxAyfdLC1mT/YaOD2SlDAdZCU5qJRqq+tmO38ejs=",
"pom": "sha256-PAiQ3scRdOs7o9QEyp40GQH/awQhgIsAcTsNuxMGwXw="
},
"org/antlr#antlr-master/3.5.2": {
"pom": "sha256-QtkaUx6lEA6wm1QaoALDuQjo8oK9c7bi9S83HvEzG9Y="
},
"org/antlr#antlr-runtime/3.5.2": {
"jar": "sha256-zj/I7LEPOemjzdy7LONQ0nLZzT0LHhjm/nPDuTichzQ=",
"pom": "sha256-RqnCIAu4sSvXEkqnpQl/9JCZkIMpyFGgTLIFFCCqfyU="
},
"org/antlr#antlr/3.5.2": {
"jar": "sha256-WsNsKs+woPPTfa/iC1tXDyZD4tAAxkjURQPCc4vmQ98=",
"pom": "sha256-Bl5egGYv64WHldPAH3cUJHvdMZRZcF7hOxpLGWj6IuQ="
},
"org/apache#apache/13": {
"pom": "sha256-/1E9sDYf1BI3vvR4SWi8FarkeNTsCpSW+BEHLMrzhB0="
},
"org/apache#apache/16": {
"pom": "sha256-n4X/L9fWyzCXqkf7QZ7n8OvoaRCfmKup9Oyj9J50pA4="
},
"org/apache#apache/19": {
"pom": "sha256-kfejMJbqabrCy69tAf65NMrAAsSNjIz6nCQLQPHsId8="
},
"org/apache#apache/21": {
"pom": "sha256-rxDBCNoBTxfK+se1KytLWjocGCZfoq+XoyXZFDU3s4A="
},
"org/apache#apache/23": {
"pom": "sha256-vBBiTgYj82V3+sVjnKKTbTJA7RUvttjVM6tNJwVDSRw="
},
"org/apache#apache/27": {
"pom": "sha256-srD8aeIqZQw4kvHDZtdwdvKVdcZzjfTHpwpEhESEzfk="
},
"org/apache#apache/33": {
"pom": "sha256-14vYUkxfg4ChkKZSVoZimpXf5RLfIRETg6bYwJI6RBU="
},
"org/apache#apache/7": {
"pom": "sha256-E5fOHbQzrcnyI9vwdJbRM2gUSHUfSuKeWPaOePtLbCU="
},
"org/apache/commons#commons-collections4/4.1": {
"jar": "sha256-sf6LWWi1fYRlQlNX7S2dxpVQRRi+0t9bVlxLjmjByKU=",
"pom": "sha256-wK1C6RA1N5YNmnTaWOzCTdGjehPR5MSPCWm+k+QBg2k="
},
"org/apache/commons#commons-collections4/4.4": {
"jar": "sha256-Hfi5QwtcjtFD14FeQD4z71NxskAKrb6b2giDdi4IRtE=",
"pom": "sha256-JxvWc4Oa9G5zr/lX4pGNS/lvWsT2xs9NW+k/0fEnHE0="
},
"org/apache/commons#commons-compress/1.27.1": {
"jar": "sha256-KT2A9UtTa3QJXc1+o88KKbv8NAJRkoEzJJX0Qg03DRY=",
"pom": "sha256-34zBqDh9TOhCNjtyCf3G0135djg5/T/KtVig+D+dhBw="
},
"org/apache/commons#commons-dbcp2/2.9.0": {
"jar": "sha256-iHcgkSxcu83/bg4h1QNJN1Vfj/xZc4Hv+Pp38zzm1k4=",
"pom": "sha256-XtPwH1ee+0xru81m9VnpwV6ZwUCVeeAZG7pUHF/meYY="
},
"org/apache/commons#commons-lang3/3.11": {
"pom": "sha256-mA1mXYP+0EZlE08FeOUHRCoOdQaRBzeEORsKeYhySnU="
},
"org/apache/commons#commons-lang3/3.17.0": {
"jar": "sha256-bucx31yOWil2ocoCO2uzIOqNNTn75kyKHVy3ZRJ8M7Q=",
"pom": "sha256-NRxuSUDpObHzMN9H9g8Tujg9uB7gCBga9UHzoqbSpWw="
},
"org/apache/commons#commons-lang3/3.9": {
"pom": "sha256-pAIkKbmEJbQwGBkVchJ5pS9hDzRki9rEh9TKy76N/rU="
},
"org/apache/commons#commons-parent/17": {
"pom": "sha256-lucYuvU0h07mLOTULeJl8t2s2IORpUDgMNWdmPp8RAg="
},
"org/apache/commons#commons-parent/34": {
"pom": "sha256-Oi5p0G1kHR87KTEm3J4uTqZWO/jDbIfgq2+kKS0Et5w="
},
"org/apache/commons#commons-parent/38": {
"pom": "sha256-VY2WF0Xrrcxdw5HP3n1HQIbUyq7iTdPm35Me2fa1tJU="
},
"org/apache/commons#commons-parent/39": {
"pom": "sha256-h80n4aAqXD622FBZzphpa7G0TCuLZQ8FZ8ht9g+mHac="
},
"org/apache/commons#commons-parent/47": {
"pom": "sha256-io7LVwVTv58f+uIRqNTKnuYwwXr+WSkzaPunvZtC/Lc="
},
"org/apache/commons#commons-parent/48": {
"pom": "sha256-Hh996TcKe3kB8Sjx2s0UIr504/R/lViw954EwGN8oLQ="
},
"org/apache/commons#commons-parent/51": {
"pom": "sha256-m3edGLItjeVZYFVY57sKCjGz8Awqu5yHgRfDmKrKvso="
},
"org/apache/commons#commons-parent/52": {
"pom": "sha256-ddvo806Y5MP/QtquSi+etMvNO18QR9VEYKzpBtu0UC4="
},
"org/apache/commons#commons-parent/54": {
"pom": "sha256-AA2Bh5UrIjcC/eKW33mVY/Nd6CznKttOe/FXNCN4++M="
},
"org/apache/commons#commons-parent/72": {
"pom": "sha256-Q0Xev8dnsa6saKvdcvxn0YtSHUs5A3KhG2P/DFhrIyA="
},
"org/apache/commons#commons-parent/73": {
"pom": "sha256-TtRFYLB/hEhHnf0eg6Qiuk6D5gs25RsocaxQKm1cG+o="
},
"org/apache/commons#commons-parent/79": {
"pom": "sha256-Yo3zAUis08SRz8trc8euS1mJ5VJqsTovQo3qXUrRDXo="
},
"org/apache/commons#commons-parent/81": {
"pom": "sha256-NI1OfBMb5hFMhUpxnOekQwenw5vTZghJd7JP0prQ7bQ="
},
"org/apache/commons#commons-pool2/2.11.1": {
"jar": "sha256-6gUF7nUV5YsawOaG5NGl2ffYCOJRphvDcaoFlbmWP4M=",
"pom": "sha256-wbsCmUpK34loDfepitujPFUnaDAUJy1liFuzA27NSMM="
},
"org/apache/commons#commons-text/1.10.0": {
"jar": "sha256-dwzZA/p7YE0ffve6F/hBCGZylLK0eL6O0a87/7SuABg=",
"pom": "sha256-OI3VI0i6GEKqOK64l8kdJwsUZh64daIP2YAxU1qydWc="
},
"org/apache/commons#commons-text/1.8": {
"pom": "sha256-9s/bqlnHCtfj/r5xTgkRmQFWrAkFKV2PKjt1HgXlmhI="
},
"org/apache/commons#commons-text/1.9": {
"pom": "sha256-n5IWz8lE3KeC5jEdYnV/13Fk/mfaKbWPAVaH+gn0QFA="
},
"org/apache/felix#felix-parent/6": {
"pom": "sha256-Ngi2sgD2yPSIx3zBWYR9UV5pZugzO4XY4E45Sgk7VZU="
},
"org/apache/felix#org.apache.felix.framework/7.0.5": {
"jar": "sha256-q6cpMsX/5S0a6ftzVBVHS8gwX9BPBQ6FHzqPZ9oYNP0=",
"pom": "sha256-CBAm1JP4dt+OsPPxyPhdpyy+N99VeDPpaLQMMNrL/Kk="
},
"org/apache/logging#logging-parent/3": {
"pom": "sha256-djouwrgJTUFh3rbCZLEmIIW5vjC/OjHCzhNyQuV3Iqc="
},
"org/apache/logging/log4j#log4j-api/2.17.1": {
"jar": "sha256-sNikyKtPuLGIjQCVgicDsObUeTxBlVAgPanmkZYWHeQ=",
"pom": "sha256-HirO8yILKb4QrgmXKLFYsY2UP5Ghk8xFAbtC+SnB6Io="
},
"org/apache/logging/log4j#log4j-core/2.17.1": {
"jar": "sha256-yWfyI0h5gLk2TpSnx/mooB/T7nwZvb8LD5+MuFEfPUE=",
"pom": "sha256-C7s79tTSKhv6PDwJJ8KUEK8UoPsm47Ark3JvXH6Yqv0="
},
"org/apache/logging/log4j#log4j/2.17.1": {
"pom": "sha256-lnq8AkRDqcsJaTVVmvXprW8P9hN1+Esn1EDS+nCAawk="
},
"org/bouncycastle#bcpkix-jdk18on/1.80": {
"jar": "sha256-T0umqSYX6hncGD8PpdtJLu5Cb93ioKLWyUd3/9GvZBM=",
"pom": "sha256-pKEiETRntyjhjyb7DP1X8LGg18SlO4Zxis5wv4uG7Uc="
},
"org/bouncycastle#bcprov-jdk18on/1.80": {
"jar": "sha256-6K0gn4xY0pGjfKl1Dp6frGBZaVbJg+Sd2Cgjgd2LMkk=",
"pom": "sha256-oKdcdtkcQh7qVtD2Bi+49j7ff6x+xyT9QgzNytcYHUM="
},
"org/bouncycastle#bcutil-jdk18on/1.80": {
"jar": "sha256-Iuymh/eVVBH0Vq8z5uqOaPxzzYDLizKqX3qLGCfXxng=",
"pom": "sha256-Qhp95L/rnFs4sfxHxCagh9kIeJVdQQf1t6gusde3R7Y="
},
"org/checkerframework#checker-compat-qual/2.5.2": {
"pom": "sha256-da9ztewybj29yUayH9RoAtXafGEsO/Hlh1N0yY1+pP0="
},
"org/checkerframework#checker-qual/2.5.2": {
"jar": "sha256-ZLAmkci51OdwD47i50Lc5+osboHmYrdSLJ7jv1aMBAo=",
"pom": "sha256-3EzUOKNkYtATwjOMjiBtECoyKgDzNynolV7iGYWcnt4="
},
"org/checkerframework#checker-qual/3.37.0": {
"jar": "sha256-5M4TdswnNeHd4iC2KtCRP1EpdwTarRVaM/OGvF2w2fc=",
"module": "sha256-clinadyqJrmBVNIp2FzHLls2ZrC8tjfS2vFuxJiVZjg=",
"pom": "sha256-AjkvvUziGQH5RWFUcrHU1NNZGzqr3wExBfXJLsMstPA="
},
"org/checkerframework#checker-qual/3.49.3": {
"jar": "sha256-Nn7b8v6fYGwf21qLpuHJwnYlmT4f+VTjho3nC8xkFrc=",
"module": "sha256-dv9CWNsfoaC8bOeur0coPfEGD9Q3oJvm7zxcMmnqWtM=",
"pom": "sha256-i+QBdkYoXZFCx/sibPuARFwXfcfBNjsj2UH6bJuwXc8="
},
"org/codehaus#codehaus-parent/3": {
"pom": "sha256-UOslOs0LbuBI9DLZ/Do7NiZO+z2h/6f7B/bE1LeoyjE="
},
"org/codehaus/mojo#animal-sniffer-annotations/1.17": {
"jar": "sha256-kmVPST7P7FIILnY1Tw6/h2SNw9XOwuPDzblHwBZ0elM=",
"pom": "sha256-6VarXS60j6uuEjANDNLTKU1KKkGrwgaMI8tNYK12y+U="
},
"org/codehaus/mojo#animal-sniffer-annotations/1.9": {
"jar": "sha256-zZb+60fzSyVZcEcV23sXmgOjch+dxAksNFxxjim0LeQ=",
"pom": "sha256-/nEJDiNXjdGapqj+9Rhvz6WPSPgHBnKprIlFhis7fz0="
},
"org/codehaus/mojo#animal-sniffer-parent/1.17": {
"pom": "sha256-GKA98W4qGExYLbexJWM8Fft3FAJ6hMG1MtcpM9wIuB8="
},
"org/codehaus/mojo#animal-sniffer-parent/1.9": {
"pom": "sha256-nyDSRN5e5OZQmbJ3tpiE7xr4EROcAJcl3TzPqPsaxjs="
},
"org/codehaus/mojo#mojo-parent/28": {
"pom": "sha256-WrbfH5JfxhOX3y0XNSu8mK8UZOhT7SF+CeU9IKMm9wc="
},
"org/codehaus/mojo#mojo-parent/40": {
"pom": "sha256-/GSNzcQE+L9m4Fg5FOz5gBdmGCASJ76hFProUEPLdV4="
},
"org/commonmark#commonmark-ext-footnotes/0.23.0": {
"jar": "sha256-YwKKfV6V7sjibuBCSxQfh+nalccYTypaSbtD371TsQQ=",
"pom": "sha256-zMoEy/7Z60gzSM+6aexh9gvdyfPjwJJLZLsZ0cqy4s0="
},
"org/commonmark#commonmark-ext-gfm-tables/0.23.0": {
"jar": "sha256-WfO2Gthywhg7guygUn14GspFThF31xmMl5WydH0XC3s=",
"pom": "sha256-x6/bJCGgs9hFDewHWaPrfBHEqZfTlLd8VR3Bgi3S2Uk="
},
"org/commonmark#commonmark-ext-heading-anchor/0.23.0": {
"jar": "sha256-7O27O1jbcgxhNXwb4boTKlweeczr4B8NPZo25VJCDL0=",
"pom": "sha256-95zHry5Zpgc70UwPNKezU0JDO5FxqhdLYzeHRaVuASw="
},
"org/commonmark#commonmark-parent/0.23.0": {
"pom": "sha256-zEC+Twqn9Lw5BEquYQVT5BfyYRkHNJVqXJl/Q50Tw94="
},
"org/commonmark#commonmark/0.23.0": {
"jar": "sha256-spUGEYOcwMDG4lwIPjprIpXrwyeDLsBzPn2bvJTnTrM=",
"pom": "sha256-3mdvxdpEpo0CntlaCSuJPVbo/ElogKIx5HHl1bKzvhY="
},
"org/fusesource#fusesource-pom/1.12": {
"pom": "sha256-xA2WDarc73sBwbHGZXr7rE//teUxaPj8sLKLhOb9zKE="
},
"org/fusesource/jansi#jansi/2.3.2": {
"jar": "sha256-+dWXnFx7oxN8d/QYR16wIYn4/Ip1+nP/w/8dEv6UVWc=",
"pom": "sha256-ywU3vsxjUsFUcz22+v0JAPlYRgOgsLnPjyJFVjEs2+E="
},
"org/hamcrest#hamcrest-core/1.3": {
"jar": "sha256-Zv3vkelzk0jfeglqo4SlaF9Oh1WEzOiThqekclHE2Ok=",
"pom": "sha256-/eOGp5BRc6GxA95quCBydYS1DQ4yKC4nl3h8IKZP+pM="
},
"org/hamcrest#hamcrest-parent/1.3": {
"pom": "sha256-bVNflO+2Y722gsnyelAzU5RogAlkK6epZ3UEvBvkEps="
},
"org/hamcrest#hamcrest/2.2": {
"jar": "sha256-XmKEaonwXNeM2cGlU/NA0AJFg4DDIEVd0fj8VJeoocE=",
"pom": "sha256-s2E3N2xLP8923DN+KhvFtpGirBqpZqtdJiCak4EvpX0="
},
"org/jacoco#org.jacoco.agent/0.8.11": {
"jar": "sha256-0+2F3qeKntVYRqdzjjoMoVxwLGYe5LyMv+Aqi59KmcA=",
"pom": "sha256-FuBen0liG4fFPmk1AUDzxG1C2WbGepM730sGOiscj8U="
},
"org/jacoco#org.jacoco.ant/0.8.11": {
"jar": "sha256-gdfriJDZvjCpOWEsKVYDVBBjUpzdA6UyZaunRHS3C3w=",
"pom": "sha256-ftED2VnQzue6v7Ewf6bkUbFpb/01JwYVU7VQ3lUgHYU="
},
"org/jacoco#org.jacoco.build/0.8.11": {
"pom": "sha256-W4SxXPLu8+WeuRvCJ4SDMQCwnfmRHjMZAww7xki9iws="
},
"org/jacoco#org.jacoco.core/0.8.11": {
"jar": "sha256-/NGIxohHP8jcwMbKrzVeeziVAiQ1J8M7lZej7Ch5H0c=",
"pom": "sha256-u2E18Qo2NJy4SlYA/Yz3P8EpahNbLxStzYPejPJMq7E="
},
"org/jacoco#org.jacoco.report/0.8.11": {
"jar": "sha256-g5MpWuJGgO0QytgzOQcED5KLhxMySRWBylvHhOLLT74=",
"pom": "sha256-jjtzR3nV4/1oPsAVQT1S+WGYTFDLkEX9orI7/160I4E="
},
"org/jdom#jdom-legacy/1.1.3": {
"jar": "sha256-Ar1hpyXor5sBdrQ78pgW0MdIuKuVE4W9EnvjdIkyWgo=",
"pom": "sha256-bWWTi3CxFyMBy0LY5l7gVzpXHtOfOvEBOp5ukp/flow="
},
"org/jgrapht#jgrapht-core/1.5.1": {
"jar": "sha256-pNgQy2Pgp3p1PRRwlP6p3ULoLPxXqiifn4UinyYEO7Q=",
"pom": "sha256-KknxKWxTwJ4OCiVdogMgVq3fKlu6WFyAF3Eg/IELQRM="
},
"org/jgrapht#jgrapht-io/1.5.1": {
"jar": "sha256-hsf8ZswZB7/CazZtTdKSzQ2ihr3h/QiKEcDZcp1tzFw=",
"pom": "sha256-jMvAH5otyMV0llX6FSck3dJ8FIIpxWeV+CC7V6GEp4g="
},
"org/jgrapht#jgrapht/1.5.1": {
"pom": "sha256-X9k28p0qw4blfbTL+JtZLFth3GpA03qhUw9eVLNQx9I="
},
"org/jheaps#jheaps/0.13": {
"jar": "sha256-Y0FCkMNJf4rA8QIgkgcIjexG/UdH4PVqJsaTCOhcZBU=",
"pom": "sha256-SH2xJbFxCY4/qDOFNaxZR2kirCxFK1ehTTz2YfIohDA="
},
"org/jline#jline-builtins/3.20.0": {
"jar": "sha256-prFPiYOXb7Sd67PZ6KFb+V9yTXFp8TFaYu+lin+omeI=",
"pom": "sha256-9T2EkbSNrQfnIR8M5BIhS5un25YmYZAxsqhvgMgrZrE="
},
"org/jline#jline-parent/3.20.0": {
"pom": "sha256-cXjGACAsS8Jux6S2IlXu829wVsrSpeYjnFdL7qXCEMo="
},
"org/jline#jline-reader/3.20.0": {
"jar": "sha256-rNHJTR4iiqe3li9psh7Tqf2CjrOmPkuvkIaVTmJq8fA=",
"pom": "sha256-2fF+3XIcAqExcgN21sB4eHgutrb6/rX/QkBKtXFD4TY="
},
"org/jline#jline-style/3.20.0": {
"jar": "sha256-C7ERYF4BAM6E05YfMLQNqgiOnC7FxnHn75D0L2rdBrY=",
"pom": "sha256-48nFXt7Ob0ru5jplYjiaS++NA1j6iq3GdKPeZR4w4ao="
},
"org/jline#jline-terminal-jansi/3.20.0": {
"jar": "sha256-wX/++o8GDa79OPJXRAcOQI9LrFPD6BOuoZKMxgcmD+Q=",
"pom": "sha256-Q3JhhBr0j5oZT9WygHJSCKds+jzKFgBAx6QoDrAn2+s="
},
"org/jline#jline-terminal/3.20.0": {
"jar": "sha256-EhJRcOeVUZum3IAQwHC1PHaq6StIXB43Uw5Uq13QjUM=",
"pom": "sha256-EMo7z1F48YUH8hCmOtljeJaFM0OtHBKRoBmhFvIWpUg="
},
"org/junit#junit-bom/5.11.0": {
"module": "sha256-9+2+Z/IgQnCMQQq8VHQI5cR29An1ViNqEXkiEnSi7S0=",
"pom": "sha256-5nRZ1IgkJKxjdPQNscj0ouiJRrNAugcsgL6TKivkZE0="
},
"org/junit#junit-bom/5.11.0-M2": {
"module": "sha256-hkd6vPSQ1soFmqmXPLEI0ipQb0nRpVabsyzGy/Q8LM4=",
"pom": "sha256-Sj/8Sk7c/sLLXWGZInBqlAcWF5hXGTn4VN/ac+ThfMg="
},
"org/junit#junit-bom/5.11.4": {
"module": "sha256-qaTye+lOmbnVcBYtJGqA9obSd9XTGutUgQR89R2vRuQ=",
"pom": "sha256-GdS3R7IEgFMltjNFUylvmGViJ3pKwcteWTpeTE9eQRU="
},
"org/junit#junit-bom/5.7.2": {
"module": "sha256-87zrHFndT2mT9DBN/6WAFyuN9lp2zTb6T9ksBXjSitg=",
"pom": "sha256-zRSqqGmZH4ICHFhdVw0x/zQry6WLtEIztwGTdxuWSHs="
},
"org/junit#junit-bom/5.8.0-M1": {
"module": "sha256-vgUUcTA6UD9MIkZwdbJ0kEE3fd1tWoywc53tZ9kW2C0=",
"pom": "sha256-dxREMv/Gi9mKeQqxBpYZ2RAyz8Dk4TwIFjqgPaNv1uI="
},
"org/junit#junit-bom/5.9.0": {
"module": "sha256-oFTq9QFrWLvN6GZgREp8DdPiyvhNKhrV/Ey1JZecGbk=",
"pom": "sha256-2D6H8Wds3kQZHuxc2mkEkjkvJpI7HkmBSMpznf7XUpU="
},
"org/junit#junit-bom/5.9.1": {
"module": "sha256-kCbBZWaQ+hRa117Og2dCEaoSrYkwqRsQfC9c3s4vGxw=",
"pom": "sha256-sWPBz8j8H9WLRXoA1YbATEbphtdZBOnKVMA6l9ZbSWw="
},
"org/osgi#org.osgi.core/5.0.0": {
"jar": "sha256-tEDGv/KGMyr89crgZ7YGli52HA3wDl/Yp0bwsxJlYZs=",
"pom": "sha256-4AHZl0MYUeq4uTOLW32f5eaOGutDpYV5JLChWIbuNjk="
},
"org/osgi#org.osgi.util.promise/1.3.0": {
"jar": "sha256-cFPFfn19iP7GuQl5o68SXh0ruEcmijKKLx7WWtCkwYU=",
"pom": "sha256-rcyK9ce+Z7BSEF4Mncq43ibaxvGbxamrcpRqMydscQA="
},
"org/ow2#ow2/1.5.1": {
"pom": "sha256-Mh3bt+5v5PU96mtM1tt0FU1r+kI5HB92OzYbn0hazwU="
},
"org/ow2/asm#asm-analysis/9.7.1": {
"jar": "sha256-hbKTcYhLoxu3bt8iMjwsJOFywyZ6ZxUuuj0czC4EHvI=",
"pom": "sha256-JcI3nyv8Kh5k5iw54rk8+w5IlweFKwjW/EcLHGpSue4="
},
"org/ow2/asm#asm-bom/9.6": {
"pom": "sha256-ig5fYk/ikwt6jWmVb0OORe9TKZa01kQJthbErvSxrE4="
},
"org/ow2/asm#asm-commons/9.6": {
"jar": "sha256-eu/Q1cCQFwHGn3UT/tp2X7a+M68s56oXxXgfyHZXxRE=",
"pom": "sha256-qYrkiVM0uvj/hr1mUWIQ29mgPxpuFeR92oKvz2tT13w="
},
"org/ow2/asm#asm-commons/9.7.1": {
"jar": "sha256-mlebVNKSrZvhcdQxP9RznGNVksK1rDpFm70QSc3exqA=",
"pom": "sha256-C/HTHaDJ+djtwvJ9u/279z8acVtyzS+ijz8ZWZTXStE="
},
"org/ow2/asm#asm-tree/9.6": {
"jar": "sha256-xD7PF7U5x3fhXae1uGVTs3fi05poPeYoVWfVKDiI5+8=",
"pom": "sha256-G8tIHX/Ba5VbtgygfIz6JCS87ni9xAW7oxx9b13C0RM="
},
"org/ow2/asm#asm-tree/9.7.1": {
"jar": "sha256-mSmIH1nra4QOhtVFcMd7Wc5yHRBObf16QJeJkcLTtB8=",
"pom": "sha256-E7kF9l5/1DynZ09Azao3Z5ukhYxsnZ+48Xp6/ZuqvJ4="
},
"org/ow2/asm#asm-util/9.7.1": {
"jar": "sha256-+IW+cbXJBVb18a0cT5J2spuWBXxJfUZmb+TdvsPLQ8Y=",
"pom": "sha256-f7XmM2Ky1S133KO3VK661jV1HT/FIBkelQDs6eI0W3E="
},
"org/ow2/asm#asm/9.6": {
"jar": "sha256-PG+sJCTbPUqFO2afTj0dnDxVIjXhmjGWc/iHCDwjA6E=",
"pom": "sha256-ku7iS8PIQ+SIHUbB3WUFRx7jFC+s+0ZrQoz+paVsa2A="
},
"org/ow2/asm#asm/9.7.1": {
"jar": "sha256-jK3UOsXrbQneBfrsyji5F6BAu5E5x+3rTMgcdAtxMoE=",
"pom": "sha256-cimwOzCnPukQCActnkVppR2FR/roxQ9SeEGu9MGwuqg="
},
"org/postgresql#postgresql/42.7.6": {
"jar": "sha256-8qHMA1LdXlxvZdut/ye+4Awy5DLGrQMNB0R/ilmDxCo=",
"pom": "sha256-SfNzCJO2khPK99foymodjHaf9mhCHVJS3gBSvFVGp8c="
},
"org/python#jython-standalone/2.7.4": {
"jar": "sha256-H7oXae/8yLGfXhBDa8gnShWM6YhVnyV5J8JMc7sTfzw=",
"pom": "sha256-WjutObAFQl/DVMK4niUVrj0MmdizCk6UqxtaPBSF1TM="
},
"org/slf4j#slf4j-api/1.7.25": {
"jar": "sha256-GMSgCV1cHaa4F1kudnuyPSndL1YK1033X/OWHb3iW3k=",
"pom": "sha256-fNnXoLXZPf1GGhSIkbQ1Cc9AOpx/n7SQYNNVTfHIHh4="
},
"org/slf4j#slf4j-nop/1.7.25": {
"jar": "sha256-bLEnE49Btahp+ezdBhrRd5mg4/5yBGAHlxVOsEMu6xI=",
"pom": "sha256-ogpNV7z++b2sp9EVliwN58lEa+TUZre9MNXxmkWc9Jk="
},
"org/slf4j#slf4j-parent/1.7.25": {
"pom": "sha256-GPXFISDbA26I1hNviDnIMtB0vdqVx1bG9CkknS21SsY="
},
"org/smali#baksmali/2.5.2": {
"jar": "sha256-HtI2Jm19xJB6reCxmjT3fvrCU0K2PIrOUuV5A5lBs4k=",
"module": "sha256-g+59x3oek4+5BtaNfUPiRX8s+Im7HecuqtcJJDVfpbU=",
"pom": "sha256-8FzZiasE/SboahreXCGauEgovqfebryA/Bd7YtJ1k4g="
},
"org/smali#dexlib2/2.5.2": {
"jar": "sha256-WlyJgti9fW47saBxMEnjx4txnsMrIPa2GYhc7DCg3WE=",
"module": "sha256-5XDKZe/asrKMAq2P34W9hSIGZrkkuJXKW+r1fXKGiDw=",
"pom": "sha256-BWB6NSDN841drl0MQZZRKjhWpA3rlTny/OCGNalut44="
},
"org/smali#util/2.5.2": {
"jar": "sha256-T1gKnP8+u4PLP9IL7Ijjfk8YN5bKZScymSYRYgKC2uo=",
"module": "sha256-rRt+JSAWcAXJFp2Gv8z/JvXF+b8Ls/qyRMtIIWU9wmE=",
"pom": "sha256-IKx+12/5cPUQB6IPrIvbon7IeUT9Kb2oxnQJZ5LJFFE="
},
"org/sonatype/oss#oss-parent/7": {
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
},
"org/sonatype/oss#oss-parent/9": {
"pom": "sha256-+0AmX5glSCEv+C42LllzKyGH7G8NgBgohcFO8fmCgno="
},
"org/tribuo#tribuo-classification-core/4.2.0": {
"jar": "sha256-+vv5OnIrmrVC7oeaX09lF5bkyuobZ5gNVWL+jdjbqeY=",
"pom": "sha256-gLgGCPTPN93HLmioPGBRyupwvqF+96hTCfWeqdpzBPE="
},
"org/tribuo#tribuo-classification-tree/4.2.0": {
"jar": "sha256-uVozLZJI7RKVgxdkTNQ9cubdit4KJPnKTlLaB72sY6c=",
"pom": "sha256-OrTlGe48n3lzd3MirS7EaR5j1kovRxiR4A1BGQdY2jw="
},
"org/tribuo#tribuo-classification/4.2.0": {
"pom": "sha256-SqINxWFbgU86wjq3xB+s+LpCKbPuzSwa/KeL3/kntcU="
},
"org/tribuo#tribuo-common-tree/4.2.0": {
"jar": "sha256-34iqIWT+X60ITLIxl7LgodbBPk7QbuXCGXausNuVfOk=",
"pom": "sha256-DbCNldwWEPdn/AehmZqXlhVxALozjH4JA2jMVN5NIHU="
},
"org/tribuo#tribuo-common/4.2.0": {
"pom": "sha256-GAZzLdQd51aq3tY2v7qZSD00J72diyAvEEJcr84iykk="
},
"org/tribuo#tribuo-core/4.2.0": {
"jar": "sha256-NFwzfcKHjsdQJJgqqwZycZtznnGOc9eisu/ottXQCb8=",
"pom": "sha256-XkjLxuPn9x+wYPSWdPTXbCLcKEe9flflVCY7+5gYpZ0="
},
"org/tribuo#tribuo-data/4.2.0": {
"jar": "sha256-m8EQCFnODOBCDNbfbOdna25DxSKEXUKGz5FIUmgtYz0=",
"pom": "sha256-SMm4+bX7Nd5toLwWhuMLStMkS6UWMCNw1fqGd1ixruA="
},
"org/tribuo#tribuo-math/4.2.0": {
"jar": "sha256-7NZdhI/2SIAXBLm6D3CmRtQDAgy97SYf1zVIGkeWVRI=",
"pom": "sha256-iCAlohj3F9hakTNsztSg+08CsjFcppZy0oqCc3uWhVE="
},
"org/tribuo#tribuo-util-onnx/4.2.0": {
"jar": "sha256-ohcAq4nLB1/OT8UkA1n5HMj4t/JCiS1lsD+oda0s3Vs=",
"pom": "sha256-Q19d8ELZieF6QHPjcFa++ChKUrw3zIZeF5Xvi7U5KUw="
},
"org/tribuo#tribuo-util-tokenization/4.2.0": {
"jar": "sha256-b0TzDZ0g6amwscMHAbcrPeXtofbXbZXanWkHQmVXdoI=",
"pom": "sha256-6GAT6tT7c0apQghWqMAX/g7aAlhmu0w935AK2JLi/Tg="
},
"org/tribuo#tribuo-util/4.2.0": {
"pom": "sha256-saxG0eBU4acgcz0cMeBMaIxxJb+mIN7RpEQ9BdNMma8="
},
"org/tribuo#tribuo/4.2.0": {
"pom": "sha256-mMQFMwnY7vg2fAbCAmyDHkqwS3nOny0hrGrrKE2dNZQ="
},
"org/tukaani#xz/1.9": {
"jar": "sha256-IRswbPxE+Plt86Cj3a91uoxSie7XfWDXL4ibuFX1NeU=",
"pom": "sha256-CTvhsDMxvOKTLWglw36YJy12Ieap6fuTKJoAJRi43Vo="
}
},
"https://sourceforge.net/projects": {
"pydev/files/pydev/PyDev%209.3.0/PyDev%209.3.0": {
"zip": "sha256-RTmO3yrbVgeKgLyIqRmUFXjwwLNj773QEb/RWKmbES4="
},
"yajsw/files/yajsw/yajsw-stable-13.12/yajsw-stable-13.12": {
"zip": "sha256-xvxZgV04ANFOyXeSaor9P2BqDr100s/WBgFndGbt6qI="
}
},
"https://storage.googleapis.com": {
"google-code-archive-downloads/v2/code.google.com/android4me/AXMLPrinter2": {
"jar": "sha256-AO0Djrarr23eyNICo+16gbUhRY9M1FmUgRXP0C/1nW0="
}
}
}

39
pkgs/tools/security/ghidra/extensions.nix Normal file
View File

@@ -0,0 +1,39 @@
{
lib,
newScope,
callPackage,
ghidra,
}:
lib.makeScope newScope (self: {
inherit (callPackage ./build-extension.nix { inherit ghidra; })
buildGhidraExtension
buildGhidraScripts
;
findcrypt = self.callPackage ./extensions/findcrypt { };
ghidra-delinker-extension = self.callPackage ./extensions/ghidra-delinker-extension {
inherit ghidra;
};
ghidra-firmware-utils = self.callPackage ./extensions/ghidra-firmware-utils { };
ghidra-golanganalyzerextension = self.callPackage ./extensions/ghidra-golanganalyzerextension { };
ghidraninja-ghidra-scripts = self.callPackage ./extensions/ghidraninja-ghidra-scripts { };
gnudisassembler = self.callPackage ./extensions/gnudisassembler { inherit ghidra; };
kaiju = self.callPackage ./extensions/kaiju { };
lightkeeper = self.callPackage ./extensions/lightkeeper { };
machinelearning = self.callPackage ./extensions/machinelearning { inherit ghidra; };
ret-sync = self.callPackage ./extensions/ret-sync { };
sleighdevtools = self.callPackage ./extensions/sleighdevtools { inherit ghidra; };
wasm = self.callPackage ./extensions/wasm { inherit ghidra; };
})

25
pkgs/tools/security/ghidra/extensions/findcrypt/default.nix Normal file
View File

@@ -0,0 +1,25 @@
{
lib,
fetchFromGitHub,
buildGhidraExtension,
}:
buildGhidraExtension (finalAttrs: {
pname = "findcrypt";
version = "3.1.2";
src = fetchFromGitHub {
owner = "antoniovazquezblanco";
repo = "GhidraFindcrypt";
rev = "v${finalAttrs.version}";
hash = "sha256-KP6Wx2U8O/37yEAcV3abKg/uWraHJJOIfb7kvcfejHA=";
};
meta = {
description = "Ghidra analysis plugin to locate cryptographic constants";
homepage = "https://github.com/antoniovazquezblanco/GhidraFindcrypt";
downloadPage = "https://github.com/antoniovazquezblanco/GhidraFindcrypt/releases/tag/v${finalAttrs.version}";
changelog = "https://github.com/antoniovazquezblanco/GhidraFindcrypt/releases/tag/v${finalAttrs.version}";
license = lib.licenses.gpl3;
maintainers = [ lib.maintainers.BonusPlay ];
};
})

39
pkgs/tools/security/ghidra/extensions/ghidra-delinker-extension/default.nix Normal file
View File

@@ -0,0 +1,39 @@
{
lib,
ghidra,
gradle,
fetchFromGitHub,
}:
ghidra.buildGhidraExtension (finalAttrs: {
pname = "ghidra-delinker-extension";
version = "0.5.1";
src = fetchFromGitHub {
owner = "boricj";
repo = "ghidra-delinker-extension";
rev = "v${finalAttrs.version}";
hash = "sha256-h6F50Z7S6tPOl9mIhChLKoFxHuAkq/n36ysUEFwWGxI=";
};
postPatch = ''
substituteInPlace build.gradle \
--replace-fail '"''${getGitHash()}"' '"v${finalAttrs.version}"'
'';
gradleBuildTask = "buildExtension";
__darwinAllowLocalNetworking = true;
mitmCache = gradle.fetchDeps {
pkg = finalAttrs.finalPackage;
data = ./deps.json;
};
meta = {
description = "Ghidra extension for delinking executables back to object files";
homepage = "https://github.com/boricj/ghidra-delinker-extension";
license = lib.licenses.asl20;
maintainers = [ lib.maintainers.jchw ];
platforms = lib.platforms.unix;
};
})

214
pkgs/tools/security/ghidra/extensions/ghidra-delinker-extension/deps.json generated Normal file
View File

@@ -0,0 +1,214 @@
{
"!comment": "This is a nixpkgs Gradle dependency lockfile. For more details, refer to the Gradle section in the nixpkgs manual.",
"!version": 1,
"https://plugins.gradle.org/m2": {
"com/diffplug/durian#durian-collect/1.2.0": {
"jar": "sha256-sZTAuIAhzBFsIcHcdvScLB/hda9by3TIume527+aSMw=",
"pom": "sha256-i7diCGoKT9KmRzu/kFx0R2OvodWaVjD3O7BLeHLAn/M="
},
"com/diffplug/durian#durian-core/1.2.0": {
"jar": "sha256-F+0KrLOjwWMjMyFou96thpTzKACytH1p1KTEmxFNXa4=",
"pom": "sha256-hwMg6QdVNxsBeW/oG6Ul/R3ui3A0b1VFUe7dQonwtmI="
},
"com/diffplug/durian#durian-io/1.2.0": {
"jar": "sha256-CV/R3HeIjAc/C+OaAYFW7lJnInmLCd6eKF7yE14W6sQ=",
"pom": "sha256-NQkZQkMk4nUKPdwvobzmqQrIziklaYpgqbTR1uSSL/4="
},
"com/diffplug/durian#durian-swt.os/4.2.0": {
"jar": "sha256-8h5XK/n7tUmpmMt+L3m2uaOrliM3GsEwsSUJUj97dI8=",
"module": "sha256-S9OpnUAGnXD/3CiPsokUlAoDtNURHO1NnPohI8lOX+M=",
"pom": "sha256-5CTf5Z5I9R1LbVP2mXeaU6Ue8yTx/zxtZi791PYwSGI="
},
"com/diffplug/spotless#com.diffplug.spotless.gradle.plugin/6.20.0": {
"pom": "sha256-g2lNHgrPjO84zk9mbIzZ3h5S4dQpc+YwFYmXja3WWnY="
},
"com/diffplug/spotless#spotless-lib-extra/2.40.0": {
"jar": "sha256-/+NEZO04c32MmQ+Im51b87b+wvu+oAvUq92SjuNPUxY=",
"module": "sha256-VHaHB4POYSoDtDOa00a11RN9a3fSAUFybYWRCdYZFPc=",
"pom": "sha256-CpqBsO9AG7lEYP08A2kB74qKW9d1khjyFbFviGGhZfE="
},
"com/diffplug/spotless#spotless-lib/2.40.0": {
"jar": "sha256-ozGah3amzO4e1DaQTtEBZWX9Ay7KhIwlpCUSbBk3Z10=",
"module": "sha256-sPGda3aE/68dQY7dFc7ZgCBZCwbFfsr0RAX0iVBRgFw=",
"pom": "sha256-aQbVFaYTBtHzpqMFi5hXcTipXDTEwCD00AmBUfMZSLI="
},
"com/diffplug/spotless#spotless-plugin-gradle/6.20.0": {
"jar": "sha256-PbqJL0iTeT3w0CRZb02LGQUXzUDNErVYFwoB37PCLDM=",
"module": "sha256-i+pazpSaZq1tIXFfG9Ge5u7F9S7A1m8G+PLJNPtwJWA=",
"pom": "sha256-VTD1T1UXPH7b0n0dAUjbFVWCBvMYy/bCtjZYNcNUW9I="
},
"com/github/gmazzo/buildconfig#com.github.gmazzo.buildconfig.gradle.plugin/5.3.5": {
"pom": "sha256-+7LpGMzwo5wJ8GZtfRlxoEaiVsZG8yfDoQpN6M5P1JU="
},
"com/github/gmazzo/buildconfig#plugin/5.3.5": {
"jar": "sha256-Jeh99WaAFSYYVbxxERZaqpQMo9I781sKoBBVRXNjgyk=",
"module": "sha256-4Fk5HzzRXQvCrDvbTf7MNXtNcFekqGlpSg/sbGruwXY=",
"pom": "sha256-MgrmPgZ4TF2fraSFnOPhEBYlcCoWM4/dvu9UHVUkWOo="
},
"com/googlecode/concurrent-trees#concurrent-trees/2.6.1": {
"jar": "sha256-BONySYTipcv1VgbPo3KlvT08XSohUzpwBOPN5Tl2H6U=",
"pom": "sha256-Q8K5sULnBV0fKlgn8QlEkl0idH2XVrMlDAeqtHU4qXE="
},
"com/googlecode/javaewah#JavaEWAH/1.2.3": {
"jar": "sha256-1lImlJcTxMYaeE9BxRFn57Axb5N2Q5jrup5DNrPZVMI=",
"pom": "sha256-5O1sZpYgNm+ZOSBln+CsfLyD11PbwNwOseUplzr5byM="
},
"com/squareup#javapoet/1.13.0": {
"jar": "sha256-THUX6EinGzbQadErs79Gpw/UzaMQXYIrDtLhnAC2kpE=",
"pom": "sha256-VKNPqFAqRryQ79tJJiYAWR+oC/mjT1pMeYMRrsFsqXc="
},
"com/squareup#kotlinpoet-jvm/1.15.3": {
"jar": "sha256-cdnoD49eqFCombaN6tOxwzvfq67DZJBpVfS0hTbXn6E=",
"module": "sha256-WTlDw+sa3SFaeEL6MsmnlqoCF3zVZDkfuIp9QIYWs6M=",
"pom": "sha256-3Zr3oWxwNwdeGbOoQLXlHVes9g4cjYnG5FqcHDWw6Ik="
},
"com/squareup#kotlinpoet/1.15.3": {
"module": "sha256-Q38EctA1tN3NSAJpTEodgDhphD4Li+WP/FA//GFmIWc=",
"pom": "sha256-TLSlkhcLOMvGCZ4QIWMAR8ViFco++yl5jP4nA1qyPw0="
},
"com/squareup/okhttp3#okhttp/4.10.0": {
"jar": "sha256-dYDxT6FpEgbjcIGtP5IGOxYDsyjaC7MW8v7wLgVi5+w=",
"module": "sha256-bDBwggtZH17IwpSEl7Wmt0L0krcVvKz0t1EVs6j/qxU=",
"pom": "sha256-x/kgsofIOOHYHipj+Gd7svqZE3BYorEeZTWv3pyBoOU="
},
"com/squareup/okio#okio-jvm/3.0.0": {
"jar": "sha256-vmSgzB8o6pzVyXDdfnVXr3LICNc4xJWzl7+JfJkh6Qc=",
"module": "sha256-F/SNQXdb2E3qeOnf7Y37zGavgFZ6XJ7J2WCHheyCDN4=",
"pom": "sha256-sMtzRExjeVg7KlOiZIxI3kIOsfSRVmdTdNimdW7zovo="
},
"com/squareup/okio#okio/3.0.0": {
"module": "sha256-b546eXgx51xbVi2UbAdRg/myvoRnken4i95FSR2u2Yc=",
"pom": "sha256-lgrVNSNexh9VRtuBPQGVwTr4UjChLqvpmXUeilUNFU8="
},
"dev/equo/ide#solstice/1.3.1": {
"jar": "sha256-dl9eEMdIofpRy3tsyH8pgqs2txWX5p9wnZi/ETa1ME8=",
"module": "sha256-oEpRNV2jFNNKtpRZzJ1J8trBV3pd9Kc3Y5DXfOogItE=",
"pom": "sha256-ljw9pdrhspFNWcDbgXTt2LyqwwO0FMdp4WQsfYOMbPw="
},
"org/eclipse/jgit#org.eclipse.jgit-parent/6.6.0.202305301015-r": {
"pom": "sha256-rILKtoxRf/67xcbnagItce9dQANsnE4O+QHw6ceKOlk="
},
"org/eclipse/jgit#org.eclipse.jgit/6.6.0.202305301015-r": {
"jar": "sha256-4wRVXVsg3zuRzHfBJCSvcL4w1Copx+2MJ7Pwb3M3qOM=",
"pom": "sha256-nNAirxZ7WVDZpXC0s+aqPsybehWhshWFVDB+mb7h0IQ="
},
"org/eclipse/platform#org.eclipse.osgi/3.18.300": {
"jar": "sha256-urlD5Y7dFzCSOGctunpFrsni2svd24GKjPF3I+oT+iI=",
"pom": "sha256-4nl2N1mZxUJ/y8//PzvCD77a+tiqRRArN59cL5fI/rQ="
},
"org/jetbrains#annotations/13.0": {
"jar": "sha256-rOKhDcji1f00kl7KwD5JiLLA+FFlDJS4zvSbob0RFHg=",
"pom": "sha256-llrrK+3/NpgZvd4b96CzuJuCR91pyIuGN112Fju4w5c="
},
"org/jetbrains/kotlin#kotlin-reflect/1.9.21": {
"jar": "sha256-oTPgSfCk4kllFYJCjhZt5N+slUat9Da2FyEZJV7eUQ8=",
"pom": "sha256-wu93WbdrxNn29SnS8/vBwxpFl8wVhuc6fXqxbRvbtKk="
},
"org/jetbrains/kotlin#kotlin-stdlib-common/1.9.22": {
"module": "sha256-+Tyemr+NUtjo/Y6FGqgC7OxVEyFhxK7ufTzZJL95QkY=",
"pom": "sha256-10k21oh1ZK63EOhCmLVCB/U+m88jpSrSv6IsIIZ3V2c="
},
"org/jetbrains/kotlin#kotlin-stdlib-jdk7/1.8.0": {
"jar": "sha256-TIidHZgD9fLrbBWSprfmI2msdmDJ7uFauhb+wFkWNmY=",
"pom": "sha256-36lkSmrluJjuR1ux9X6DC6H3cK7mycFfgRKqOBGAGEo="
},
"org/jetbrains/kotlin#kotlin-stdlib-jdk8/1.8.0": {
"jar": "sha256-BbYoBEQbDJoZILa31c9zKaTiS2JYR44ysfBGygGQCUY=",
"pom": "sha256-K7bHVRuXx7oCn5hmWC56oZ1jq/1M1T2j/AxGLzq1/CY="
},
"org/jetbrains/kotlin#kotlin-stdlib/1.9.22": {
"jar": "sha256-ar4UbCeGQTi4dMzM/l9TTj65I8maG3tdRUlO5WlPPgo=",
"module": "sha256-9IIxS1B5wUVfb7DUJXp0XRAcYSTOlhUiuob53JCQHkc=",
"pom": "sha256-zOLxUoXsgHijd0a1cwigVAQt1cwlQgxD9zt4V8JGjwM="
},
"org/slf4j#slf4j-api/1.7.36": {
"jar": "sha256-0+9XXj5JeWeNwBvx3M5RAhSTtNEft/G+itmCh3wWocA=",
"pom": "sha256-+wRqnCKUN5KLsRwtJ8i113PriiXmDL0lPZhSEN7cJoQ="
},
"org/slf4j#slf4j-parent/1.7.36": {
"pom": "sha256-uziNN/vN083mTDzt4hg4aTIY3EUfBAQMXfNgp47X6BI="
},
"org/sonatype/oss#oss-parent/5": {
"pom": "sha256-FnjUEgpYXYpjATGu7ExSTZKDmFg7fqthbufVqH9SDT0="
},
"org/sonatype/oss#oss-parent/7": {
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
},
"org/tukaani#xz/1.9": {
"jar": "sha256-IRswbPxE+Plt86Cj3a91uoxSie7XfWDXL4ibuFX1NeU=",
"pom": "sha256-CTvhsDMxvOKTLWglw36YJy12Ieap6fuTKJoAJRi43Vo="
}
},
"https://repo.maven.apache.org/maven2": {
"junit#junit/4.12": {
"jar": "sha256-WXIfCAXiI9hLkGd4h9n/Vn3FNNfFAsqQPAwrF/BcEWo=",
"pom": "sha256-kPFj944/+28cetl96efrpO6iWAcUG4XW0SvmfKJUScQ="
},
"net/bytebuddy#byte-buddy-agent/1.14.5": {
"jar": "sha256-VfGYYrhw9dhYkLpThrG0Xpu8iNX+H4Gavgx4i0kp+ms=",
"pom": "sha256-CyjT+A+r52hqIX2ZiWGdN8V7vXSoCja5bC3DojrKTyg="
},
"net/bytebuddy#byte-buddy-parent/1.14.5": {
"pom": "sha256-/gFyOCYsnppgFaKxG5Ra9yjBMz9fnvnQ4DEj568X8MI="
},
"net/bytebuddy#byte-buddy/1.14.5": {
"jar": "sha256-6ZdhpSbfD++70/4UQ2sPlTAAzfpRUdxjwLGNN9nEbxw=",
"pom": "sha256-ZtTt/qwkvRduj7LUhn6QigYX15dxCIFFuYJReEsoggo="
},
"org/hamcrest#hamcrest-core/1.3": {
"jar": "sha256-Zv3vkelzk0jfeglqo4SlaF9Oh1WEzOiThqekclHE2Ok=",
"pom": "sha256-/eOGp5BRc6GxA95quCBydYS1DQ4yKC4nl3h8IKZP+pM="
},
"org/hamcrest#hamcrest-parent/1.3": {
"pom": "sha256-bVNflO+2Y722gsnyelAzU5RogAlkK6epZ3UEvBvkEps="
},
"org/jacoco#org.jacoco.agent/0.8.11": {
"jar": "sha256-0+2F3qeKntVYRqdzjjoMoVxwLGYe5LyMv+Aqi59KmcA=",
"pom": "sha256-FuBen0liG4fFPmk1AUDzxG1C2WbGepM730sGOiscj8U="
},
"org/jacoco#org.jacoco.ant/0.8.11": {
"jar": "sha256-gdfriJDZvjCpOWEsKVYDVBBjUpzdA6UyZaunRHS3C3w=",
"pom": "sha256-ftED2VnQzue6v7Ewf6bkUbFpb/01JwYVU7VQ3lUgHYU="
},
"org/jacoco#org.jacoco.build/0.8.11": {
"pom": "sha256-W4SxXPLu8+WeuRvCJ4SDMQCwnfmRHjMZAww7xki9iws="
},
"org/jacoco#org.jacoco.core/0.8.11": {
"jar": "sha256-/NGIxohHP8jcwMbKrzVeeziVAiQ1J8M7lZej7Ch5H0c=",
"pom": "sha256-u2E18Qo2NJy4SlYA/Yz3P8EpahNbLxStzYPejPJMq7E="
},
"org/jacoco#org.jacoco.report/0.8.11": {
"jar": "sha256-g5MpWuJGgO0QytgzOQcED5KLhxMySRWBylvHhOLLT74=",
"pom": "sha256-jjtzR3nV4/1oPsAVQT1S+WGYTFDLkEX9orI7/160I4E="
},
"org/mockito#mockito-core/5.4.0": {
"jar": "sha256-sWibBmF+oB/Xd7+u293lEvrwg9Y5oEn3mziNWk6W0uU=",
"pom": "sha256-1gZDwDIVaj0pWc0AAN871iqBcj9+DCWD+kL9ZoTz1eM="
},
"org/objenesis#objenesis-parent/3.3": {
"pom": "sha256-MFw4SqLx4cf+U6ltpBw+w1JDuX1CjSSo93mBjMEL5P8="
},
"org/objenesis#objenesis/3.3": {
"jar": "sha256-At/QsEOaVZHjW3CO0vVHTrCUj1Or90Y36Vm45O9pv+s=",
"pom": "sha256-ugxA2iZpoEi24k73BmpHHw+8v8xQnmo+hWyk3fphStM="
},
"org/ow2#ow2/1.5.1": {
"pom": "sha256-Mh3bt+5v5PU96mtM1tt0FU1r+kI5HB92OzYbn0hazwU="
},
"org/ow2/asm#asm-bom/9.6": {
"pom": "sha256-ig5fYk/ikwt6jWmVb0OORe9TKZa01kQJthbErvSxrE4="
},
"org/ow2/asm#asm-commons/9.6": {
"jar": "sha256-eu/Q1cCQFwHGn3UT/tp2X7a+M68s56oXxXgfyHZXxRE=",
"pom": "sha256-qYrkiVM0uvj/hr1mUWIQ29mgPxpuFeR92oKvz2tT13w="
},
"org/ow2/asm#asm-tree/9.6": {
"jar": "sha256-xD7PF7U5x3fhXae1uGVTs3fi05poPeYoVWfVKDiI5+8=",
"pom": "sha256-G8tIHX/Ba5VbtgygfIz6JCS87ni9xAW7oxx9b13C0RM="
},
"org/ow2/asm#asm/9.6": {
"jar": "sha256-PG+sJCTbPUqFO2afTj0dnDxVIjXhmjGWc/iHCDwjA6E=",
"pom": "sha256-ku7iS8PIQ+SIHUbB3WUFRx7jFC+s+0ZrQoz+paVsa2A="
}
}
}

24
pkgs/tools/security/ghidra/extensions/ghidra-firmware-utils/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{
buildGhidraExtension,
fetchFromGitHub,
lib,
}:
buildGhidraExtension (finalAttrs: {
pname = "ghidra-firmware-utils";
version = "2024.04.20";
src = fetchFromGitHub {
owner = "al3xtjames";
repo = "ghidra-firmware-utils";
rev = finalAttrs.version;
hash = "sha256-BbPRSD1EzgMA3TCKHyNqLjzEgiOm67mLJuOeFOTvd0I=";
};
meta = {
description = "Ghidra utilities for analyzing PC firmware";
homepage = "https://github.com/al3xtjames/ghidra-firmware-utils";
downloadPage = "https://github.com/al3xtjames/ghidra-firmware-utils/releases/tag/${finalAttrs.version}";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ timschumi ];
};
})

24
pkgs/tools/security/ghidra/extensions/ghidra-golanganalyzerextension/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{
lib,
fetchFromGitHub,
buildGhidraExtension,
}:
buildGhidraExtension (finalAttrs: {
pname = "Ghidra-GolangAnalyzerExtension";
version = "1.2.4";
src = fetchFromGitHub {
owner = "mooncat-greenpy";
repo = "Ghidra_GolangAnalyzerExtension";
rev = finalAttrs.version;
hash = "sha256-uxozIJ+BLcP1vBnLOCZD9ueY10hd37fON/Miii3zabo=";
};
meta = {
description = "Facilitates the analysis of Golang binaries using Ghidra";
homepage = "https://github.com/mooncat-greenpy/Ghidra_GolangAnalyzerExtension";
downloadPage = "https://github.com/mooncat-greenpy/Ghidra_GolangAnalyzerExtension/releases/tag/${finalAttrs.version}";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.ivyfanchiang ];
};
})

37
pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix Normal file
View File

@@ -0,0 +1,37 @@
{
lib,
fetchFromGitHub,
buildGhidraScripts,
binwalk,
swift,
yara,
}:
buildGhidraScripts {
pname = "ghidraninja-ghidra-scripts";
version = "unstable-2020-10-07";
src = fetchFromGitHub {
owner = "ghidraninja";
repo = "ghidra_scripts";
rev = "99f2a8644a29479618f51e2d4e28f10ba5e9ac48";
sha256 = "aElx0mp66/OHQRfXwTkqdLL0gT2T/yL00bOobYleME8=";
};
postPatch = ''
# Replace subprocesses with store versions
substituteInPlace binwalk.py --replace-fail 'subprocess.call(["binwalk"' 'subprocess.call(["${binwalk}/bin/binwalk"'
substituteInPlace swift_demangler.py --replace-fail '"swift"' '"${swift}/bin/swift"'
substituteInPlace yara.py --replace-fail 'subprocess.check_output(["yara"' 'subprocess.check_output(["${yara}/bin/yara"'
substituteInPlace YaraSearch.py --replace-fail '"yara "' '"${yara}/bin/yara "'
'';
meta = with lib; {
description = "Scripts for the Ghidra software reverse engineering suite";
homepage = "https://github.com/ghidraninja/ghidra_scripts";
license = with licenses; [
gpl3Only
gpl2Only
];
};
}

70
pkgs/tools/security/ghidra/extensions/gnudisassembler/default.nix Normal file
View File

@@ -0,0 +1,70 @@
{
lib,
stdenv,
fetchurl,
buildGhidraExtension,
ghidra,
flex,
bison,
texinfo,
perl,
zlib,
xcbuild,
}:
let
# Incorporates source from binutils
# https://github.com/NationalSecurityAgency/ghidra/blob/7ab9bf6abffb6938d61d072040fc34ad3331332b/GPL/GnuDisassembler/build.gradle#L34-L35
binutils-version = "2.41";
binutils-src = fetchurl {
url = "mirror://gnu/binutils/binutils-${binutils-version}.tar.bz2";
sha256 = "sha256-pMS+wFL3uDcAJOYDieGUN38/SLVmGEGOpRBn9nqqsws=";
};
in
buildGhidraExtension {
pname = "gnudisassembler";
version = lib.getVersion ghidra;
src = "${ghidra}/lib/ghidra/Extensions/Ghidra/${ghidra.distroPrefix}_GnuDisassembler.zip";
postPatch = ''
ln -s ${binutils-src} binutils-${binutils-version}.tar.bz2
'';
# Don't modify ELF stub resources
dontPatchELF = true;
dontStrip = true;
__darwinAllowLocalNetworking = true;
nativeBuildInputs = [
flex
bison
texinfo
perl
]
++ lib.optionals stdenv.hostPlatform.isDarwin [ xcbuild ];
buildInputs = [ zlib ];
gradleBuildTask = "assemble";
installPhase = ''
runHook preInstall
EXTENSIONS_ROOT=$out/lib/ghidra/Ghidra/Extensions
mkdir -p $EXTENSIONS_ROOT
unzip -d $EXTENSIONS_ROOT $src
mkdir -p $EXTENSIONS_ROOT/GnuDisassembler/build
cp -r build/os $EXTENSIONS_ROOT/GnuDisassembler/build/
runHook postInstall
'';
meta = with lib; {
description = "Leverage the binutils disassembler capabilities for various processors";
homepage = "https://ghidra-sre.org/";
downloadPage = "https://github.com/NationalSecurityAgency/ghidra/tree/master/GPL/GnuDisassembler";
license = licenses.gpl2Only;
};
}

73
pkgs/tools/security/ghidra/extensions/kaiju/default.nix Normal file
View File

@@ -0,0 +1,73 @@
{
lib,
stdenv,
fetchFromGitHub,
buildGhidraExtension,
z3,
gradle,
}:
let
ghidraPlatformName =
{
x86_64-linux = "linux_x86_64";
aarch64-linux = "linux_x86_64";
x86_64-darwin = "mac_x86_64";
aarch64-darwin = "mac_arm_64";
}
.${stdenv.hostPlatform.system}
or (throw "${stdenv.hostPlatform.system} is an unsupported platform");
z3_lib = (
z3.override {
javaBindings = true;
jdk = gradle.jdk;
}
);
self = buildGhidraExtension (finalAttrs: {
pname = "kaiju";
version = "250828";
src = fetchFromGitHub {
owner = "CERTCC";
repo = "kaiju";
rev = finalAttrs.version;
hash = "sha256-edsQIBoOTY+WxVBtH1bbM7TZZHhA0jgVb2iJKC66iVM=";
};
buildInputs = [
z3_lib
];
# used to copy java bindings from nixpkgs z3 package instead of having kaiju's build.gradle build gradle from source
# https://github.com/CERTCC/kaiju/blob/c9dbb55484b3d2a6abd9dfca2197cd00fb7ee3c1/build.gradle#L189
preBuild = ''
mkdir -p build/cmake/z3/java-bindings
ln -s ${lib.getOutput "java" z3_lib}/share/java/com.microsoft.z3.jar build/cmake/z3/java-bindings
mkdir -p os/${ghidraPlatformName}
cp ${lib.getOutput "java" z3_lib}/lib/* os/${ghidraPlatformName}
'';
gradleFlags = [ "-PKAIJU_SKIP_Z3_BUILD=true" ];
mitmCache = gradle.fetchDeps {
pkg = self;
data = ./deps.json;
};
meta = {
description = "Java implementation of some features of the CERT Pharos Binary Analysis Framework for Ghidra";
homepage = "https://github.com/CERTCC/kaiju";
downloadPage = "https://github.com/CERTCC/kaiju/releases/tag/${finalAttrs.version}";
license = lib.licenses.bsd3;
maintainers = [ lib.maintainers.ivyfanchiang ];
platforms = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
};
});
in
self

163
pkgs/tools/security/ghidra/extensions/kaiju/deps.json generated Normal file
View File

@@ -0,0 +1,163 @@
{
"!comment": "This is a nixpkgs Gradle dependency lockfile. For more details, refer to the Gradle section in the nixpkgs manual.",
"!version": 1,
"https://plugins.gradle.org/m2": {
"com/adarshr#gradle-test-logger-plugin/4.0.0": {
"jar": "sha256-5nhoOjPSvINWcb3U5YcQAErR2TFqqfmlTP4iQZpPbvk=",
"module": "sha256-jERLLH/UQgDNSrMYJyJwHCCXWkOyPH6e35sCJgSavcI=",
"pom": "sha256-ienBpTqmJS2mx9fZscN/t/j8qQuysaNq+Ti8cNni3GE="
},
"com/adarshr/test-logger#com.adarshr.test-logger.gradle.plugin/4.0.0": {
"pom": "sha256-sobTcqzS2uG4vHsg/ouoT49kiXMdiBpB83NqYCCFotc="
},
"com/github/tomtzook#castle/2.0.0": {
"jar": "sha256-00zgaBUmlsBRQcXYStVP4PhRNglOxFNf7P+kBr0A7hg=",
"pom": "sha256-3uocEIH4TsePK074yLEPseyHxbdkreKq1Uelx+60//0="
},
"com/google/code/gson#gson-parent/2.8.5": {
"pom": "sha256-jx/scrkaceo57Dn193jE0RJLawl8bVWzpQtVSlIjeyc="
},
"com/google/code/gson#gson/2.8.5": {
"jar": "sha256-IzoBSfw2XJ9u29aDz+JmsZvcdzvpjqva9rPJJLSOfYE=",
"pom": "sha256-uDCFV6f8zJLZ/nyM0FmSWLNhKF0uzedontqYhDJVoJI="
},
"de/undercouch#gradle-download-task/5.5.0": {
"jar": "sha256-q/7DKUbJfz8N62qP5HDon99K7FYneLm/bPp8RAehPiI=",
"module": "sha256-5q+RV5vPUg0udBmtEPB4j13RBsCLzLCc40sNB3UvlEc=",
"pom": "sha256-HXoKzY/wjdfQnruzxz1j1mYYyFGNudC9J0J7/BjL9Hs="
},
"de/undercouch/download#de.undercouch.download.gradle.plugin/5.5.0": {
"pom": "sha256-WNFNTmP4TrzAgj/2tk1804/2bFRtUp9gLj3ML1xPEZk="
},
"io/github/tomtzook#plugin/1.2.2": {
"jar": "sha256-tTNTLIWad6fNX4McGhtFiTkQqujQ14MXhv4llB2TjYs=",
"module": "sha256-91tklOgQk0ObuwzAs8+kumszoLjzK36bNUIChrb91Cc=",
"pom": "sha256-HliRlUYwjo3HQu/JqktYsiJy/TJTdvYTSuyHPH/3xys="
},
"io/github/tomtzook/gradle-cmake#io.github.tomtzook.gradle-cmake.gradle.plugin/1.2.2": {
"pom": "sha256-xqnleYCaGEjSEkRXp5CwK67T9sAJaxIIliGoxZTnDJo="
},
"org/fusesource#fusesource-pom/1.12": {
"pom": "sha256-xA2WDarc73sBwbHGZXr7rE//teUxaPj8sLKLhOb9zKE="
},
"org/fusesource/jansi#jansi/2.4.0": {
"jar": "sha256-bNkZkTI917L7KMqT16wSr1qGovUyeeKzWCezAxP9C58=",
"pom": "sha256-rECp8tDB7mMfw7CO+OLwvRS6IgEcp2/xvPZftWnq3zU="
},
"org/slf4j#slf4j-api/1.7.25": {
"jar": "sha256-GMSgCV1cHaa4F1kudnuyPSndL1YK1033X/OWHb3iW3k=",
"pom": "sha256-fNnXoLXZPf1GGhSIkbQ1Cc9AOpx/n7SQYNNVTfHIHh4="
},
"org/slf4j#slf4j-parent/1.7.25": {
"pom": "sha256-GPXFISDbA26I1hNviDnIMtB0vdqVx1bG9CkknS21SsY="
},
"org/sonatype/oss#oss-parent/7": {
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
}
},
"https://repo.maven.apache.org/maven2": {
"com/google/code/gson#gson-parent/2.8.6": {
"pom": "sha256-NzZGOFnsGSZyleiUlAroKo9oRBMDESL+Nc58/34wp3Q="
},
"com/google/code/gson#gson/2.8.6": {
"jar": "sha256-yPtIOQVNKAswM/gA0fWpfeLwKOuLoutFitKH5Tbz8l8=",
"pom": "sha256-IXRBWmRzMtMP2gS9HPxwij7MhOr3UX9ZYYjYJE4QORE="
},
"junit#junit/4.12": {
"pom": "sha256-kPFj944/+28cetl96efrpO6iWAcUG4XW0SvmfKJUScQ="
},
"junit#junit/4.13.2": {
"jar": "sha256-jklbY0Rp1k+4rPo0laBly6zIoP/1XOHjEAe+TBbcV9M=",
"pom": "sha256-Vptpd+5GA8llwcRsMFj6bpaSkbAWDraWTdCSzYnq3ZQ="
},
"net/sf/jopt-simple#jopt-simple/5.0.4": {
"jar": "sha256-3ybMWPI19HfbB/dTulo6skPr5Xidn4ns9o3WLqmmbCg=",
"pom": "sha256-amd2O3avzZyAuV5cXiR4LRjMGw49m0VK0/h1THa3aBU="
},
"org/apiguardian#apiguardian-api/1.1.2": {
"jar": "sha256-tQlEisUG1gcxnxglN/CzXXEAdYLsdBgyofER5bW3Czg=",
"module": "sha256-4IAoExN1s1fR0oc06aT7QhbahLJAZByz7358fWKCI/w=",
"pom": "sha256-MjVQgdEJCVw9XTdNWkO09MG3XVSemD71ByPidy5TAqA="
},
"org/commonmark#commonmark-parent/0.17.1": {
"pom": "sha256-VQ6X1IOuWsZblW66NsnxqdlIV/bHs+qVmta7R2N4DiI="
},
"org/commonmark#commonmark/0.17.1": {
"jar": "sha256-5jrQgyZPWHdSJ0c8NduGbs3DhDxHvSvy8kdan65e938=",
"pom": "sha256-UFfBCkUrXNVyngvDZU+0vAx+VGAgCv/BqN1PfGOWPXI="
},
"org/hamcrest#hamcrest-core/1.3": {
"jar": "sha256-Zv3vkelzk0jfeglqo4SlaF9Oh1WEzOiThqekclHE2Ok=",
"pom": "sha256-/eOGp5BRc6GxA95quCBydYS1DQ4yKC4nl3h8IKZP+pM="
},
"org/hamcrest#hamcrest-parent/1.3": {
"pom": "sha256-bVNflO+2Y722gsnyelAzU5RogAlkK6epZ3UEvBvkEps="
},
"org/junit#junit-bom/5.9.2": {
"module": "sha256-qxN7pajjLJsGa/kSahx23VYUtyS6XAsCVJdyten0zx8=",
"pom": "sha256-LtB9ZYRRMfUzaoZHbJpAVrWdC1i5gVqzZ5uw82819wU="
},
"org/junit/jupiter#junit-jupiter-api/5.9.2": {
"jar": "sha256-92ehcPlxJ7CtNYK/M1jqu7vpgdn5ZBGFPmKdknaSb9U=",
"module": "sha256-y9Ae2F1HTMhbIT/iBrzpgmbWdZzSjWxeQb/kUJCepHs=",
"pom": "sha256-EK9g+mkKzNzr85TsWECdzs/x3sNwJopnA2ChFfcxxVw="
},
"org/junit/jupiter#junit-jupiter-engine/5.9.2": {
"jar": "sha256-dM/Ek4j3YEE/80jKLJqzlSdIS1fe7NFX8idaX4pf6XE=",
"module": "sha256-WmigqdMTI0BieAXap0YY+zTEXMUZp8LsgzQedDixOTM=",
"pom": "sha256-nfOOgj4a3Zplas+5Wc5zsHAE32yffANnwmt0PmVrWa8="
},
"org/junit/jupiter#junit-jupiter-migrationsupport/5.9.2": {
"jar": "sha256-1DTOe1gzyuX+9ovSfSfyABPrJ9U7bcl9eL8yS7YaDgQ=",
"module": "sha256-0tnRvL9p+RLgxT3fNO/HonM/0gCAhCA0d3Sig2ZFVZM=",
"pom": "sha256-KkAZMJh5lh9z788rZrJsF3TSjqF1U/72qAbA9sNbgqY="
},
"org/junit/platform#junit-platform-commons/1.9.2": {
"jar": "sha256-Yko9dF7x0o6VWmpnr47boP38XJutaApz9npwu5UKaD0=",
"module": "sha256-a6TIRhPluJ5mjuaomXHw2Q0OG4FyG4tf4MgAWPDOue4=",
"pom": "sha256-JAI/IMI1ppYJ+y+Vpgc4VX/PlBPzrpKpLhMpVH1hRck="
},
"org/junit/platform#junit-platform-engine/1.9.2": {
"jar": "sha256-JfI9xTWgkencgMAI+vKdy5K+kC5pEfd6c2+68BmQg2c=",
"module": "sha256-HehRQa+fWBU+JFdQaaE3X7vt169dhEy+MoeWU0nLofc=",
"pom": "sha256-LflCCmsk5fTzFCNeAc2cO49kYoXbL26C2G7gbvevTiQ="
},
"org/junit/vintage#junit-vintage-engine/5.9.2": {
"jar": "sha256-QeFt0yyPRiu8AysrefI5RBkbMuw5jQWFi6212r/9BhI=",
"module": "sha256-jMz93WRdDOdyFmeJhOtqEruXJQk0SVgOepIxTIxj0qQ=",
"pom": "sha256-n0TiazxEQSZXNjh58YscZBQX6nrCm66O5yfi8g2w9Ck="
},
"org/opentest4j#opentest4j/1.2.0": {
"jar": "sha256-WIEt5giY2Xb7ge87YtoFxmBMGP1KJJ9QRCgkefwoavI=",
"pom": "sha256-qW5nGBbB/4gDvex0ySQfAlvfsnfaXStO4CJmQFk2+ZQ="
},
"org/sonatype/oss#oss-parent/7": {
"pom": "sha256-tR+IZ8kranIkmVV/w6H96ne9+e9XRyL+kM5DailVlFQ="
},
"systems/manifold#manifold-core-parent/2023.1.28": {
"pom": "sha256-ahN15Fn/32/sBPQOta1Tp+cScHjqREz7iUUTtPCfdJA="
},
"systems/manifold#manifold-deps-parent/2023.1.28": {
"pom": "sha256-DE+CPr0aN18k0zh2D7G5WreDvyrnO5Wd0wDt88AJbkY="
},
"systems/manifold#manifold-parent/2023.1.28": {
"pom": "sha256-J0ChX+GyGJ9xJMda85n+tR1IfdE6Ij0hhtaHYSOtU6w="
},
"systems/manifold#manifold-preprocessor/2023.1.28": {
"jar": "sha256-vRIrrVT6SX3zuMVcfSwhL9nHE0oqfrtMNXuKzli2UB8=",
"pom": "sha256-Ov7/Z6wWQo+0mSc5K9t4Yw0aehDcnQEBDSpy9fnGMiU="
},
"systems/manifold#manifold-rt/2023.1.28": {
"jar": "sha256-4cn28jDYci2C2tUEizvJkdv6LRe/BrLwypEC6N0sGl0=",
"pom": "sha256-SAJid1Td0/ltrFi7w2YDNDlWhggDxFB+jynCG/rYaok="
},
"systems/manifold#manifold-util/2023.1.28": {
"jar": "sha256-WjY+1jmh4gvUHjvEbreQqoIB54HBfoNoOIILZs3IT80=",
"pom": "sha256-CF4FlMbIuKBRMfa1OjcnIQ7EVgulP739XXFkui2/JR0="
},
"systems/manifold#manifold/2023.1.28": {
"jar": "sha256-kPQeNEgFGZkZPz3zejWHU9+npn6RYRpMgOftt+bksRw=",
"pom": "sha256-R2kHxQVkoYLTSSIm/jJhjeRx4uObTuHlTSWVp+jBkpw="
}
}
}

24
pkgs/tools/security/ghidra/extensions/lightkeeper/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{
lib,
fetchFromGitHub,
buildGhidraExtension,
}:
buildGhidraExtension (finalAttrs: {
pname = "lightkeeper";
version = "1.2.4";
src = fetchFromGitHub {
owner = "WorksButNotTested";
repo = "lightkeeper";
rev = finalAttrs.version;
hash = "sha256-aGMWg6VQleKH/txlxpSw19QOotWZSqeW5Ve2SpWGhgA=";
};
preConfigure = ''
cd lightkeeper
'';
meta = {
description = "Port of the Lighthouse plugin to GHIDRA";
homepage = "https://github.com/WorksButNotTested/lightkeeper";
license = lib.licenses.asl20;
};
})

35
pkgs/tools/security/ghidra/extensions/machinelearning/default.nix Normal file
View File

@@ -0,0 +1,35 @@
{
lib,
buildGhidraExtension,
ghidra,
}:
buildGhidraExtension {
pname = "machinelearning";
version = lib.getVersion ghidra;
src = "${ghidra}/lib/ghidra/Extensions/Ghidra/${ghidra.distroPrefix}_MachineLearning.zip";
dontUnpack = true;
# Built as part ghidra
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out/lib/ghidra/Ghidra/Extensions
unzip -d $out/lib/ghidra/Ghidra/Extensions $src
runHook postInstall
'';
meta = with lib; {
inherit (ghidra.meta) homepage license;
description = "Finds functions using ML";
downloadPage = "https://github.com/NationalSecurityAgency/ghidra/tree/master/Ghidra/Extensions/MachineLearning";
sourceProvenance = with sourceTypes; [
fromSource
binaryBytecode # deps
];
};
}

42
pkgs/tools/security/ghidra/extensions/ret-sync/default.nix Normal file
View File

@@ -0,0 +1,42 @@
{
lib,
fetchFromGitHub,
fetchpatch,
buildGhidraExtension,
ghidra,
}:
buildGhidraExtension {
pname = "ret-sync-ghidra";
version = "0-unstable-2024-05-29";
src = fetchFromGitHub {
owner = "bootleg";
repo = "ret-sync";
rev = "0617c75746ddde7fe2bdbbf880175af8ad27553e";
hash = "sha256-+G5ccdHnFL0sHpueuIYwLRU9FhzN658CYqQCHCBwxV4=";
};
patches = [
# This patch is needed to get the extension compiling with Ghidra 11.2.
# Once it's fixed upstream, the src can be updated and this can be removed.
(fetchpatch {
# https://github.com/bootleg/ret-sync/pull/126
name = "ghidra-11.2-fix.patch";
url = "https://github.com/bootleg/ret-sync/commit/d81d953c24b4369b499e90ba64c1c9f78513a008.patch";
hash = "sha256-t/voPcBfsZtfdYnskgBAPfqMTBw1LRTT0aXyyb5qtr8=";
})
];
preConfigure = ''
cd ext_ghidra
'';
preInstall = ''
correct_version=$(ls dist | grep ${ghidra.version})
mv dist/$correct_version dist/safe.zip
rm dist/ghidra*
mv dist/safe.zip dist/$correct_version
'';
meta = with lib; {
description = "Reverse-Engineering Tools SYNChronization. Allows syncing between a debugging session and Ghidra";
homepage = "https://github.com/bootleg/ret-sync";
license = licenses.gpl3Only;
};
}

41
pkgs/tools/security/ghidra/extensions/sleighdevtools/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
lib,
buildGhidraExtension,
ghidra,
python3,
}:
buildGhidraExtension {
pname = "sleighdevtools";
version = lib.getVersion ghidra;
src = "${ghidra}/lib/ghidra/Extensions/Ghidra/${ghidra.distroPrefix}_SleighDevTools.zip";
dontUnpack = true;
# Built as part ghidra
dontBuild = true;
buildInputs = [ python3 ];
installPhase = ''
runHook preInstall
mkdir -p $out/lib/ghidra/Ghidra/Extensions
unzip -d $out/lib/ghidra/Ghidra/Extensions $src
runHook postInstall
'';
meta = with lib; {
inherit (ghidra.meta) homepage license;
description = "Sleigh language development tools including external disassembler capabilities";
longDescription = ''
Sleigh language development tools including external disassembler capabilities.
The GnuDisassembler extension may be also be required as a disassembly provider.
'';
downloadPage = "https://github.com/NationalSecurityAgency/ghidra/tree/master/Ghidra/Extensions/SleighDevTools";
sourceProvenance = with sourceTypes; [
fromSource
binaryBytecode # deps
];
};
}

40
pkgs/tools/security/ghidra/extensions/wasm/default.nix Normal file
View File

@@ -0,0 +1,40 @@
{
lib,
fetchFromGitHub,
buildGhidraExtension,
ghidra,
ant,
}:
buildGhidraExtension (finalAttrs: {
pname = "wasm";
version = "2.3.2";
src = fetchFromGitHub {
owner = "nneonneo";
repo = "ghidra-wasm-plugin";
rev = "v${finalAttrs.version}";
hash = "sha256-JFUPhh4WUcfxYow3kLMyva1Ni/cQBIit983o/KbbKps=";
};
nativeBuildInputs = [ ant ];
configurePhase = ''
runHook preConfigure
# this doesn't really compile, it compresses sinc into sla
pushd data
ant -f build.xml -Dghidra.install.dir=${ghidra}/lib/ghidra sleighCompile
popd
runHook postConfigure
'';
meta = {
description = "Ghidra Wasm plugin with disassembly and decompilation support";
homepage = "https://github.com/nneonneo/ghidra-wasm-plugin";
downloadPage = "https://github.com/nneonneo/ghidra-wasm-plugin/releases/tag/v${finalAttrs.version}";
changelog = "https://github.com/nneonneo/ghidra-wasm-plugin/releases/tag/v${finalAttrs.version}";
license = lib.licenses.gpl3;
maintainers = [ lib.maintainers.BonusPlay ];
};
})

48
pkgs/tools/security/ghidra/with-extensions.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
stdenv,
callPackage,
symlinkJoin,
makeBinaryWrapper,
desktopToDarwinBundle,
ghidra,
}:
let
ghidra-extensions = callPackage ./extensions.nix { inherit ghidra; };
allExtensions = lib.filterAttrs (n: pkg: lib.isDerivation pkg) ghidra-extensions;
/*
Make Ghidra with additional extensions
Example:
pkgs.ghidra.withExtensions (p: with p; [
ghostrings
]);
=> /nix/store/3yn0rbnz5mbrxf0x70jbjq73wgkszr5c-ghidra-with-extensions-10.2.2
*/
withExtensions =
f:
(symlinkJoin {
name = "${ghidra.pname}-with-extensions-${lib.getVersion ghidra}";
paths = (f allExtensions);
nativeBuildInputs = [
makeBinaryWrapper
]
++ lib.optional stdenv.hostPlatform.isDarwin desktopToDarwinBundle;
postBuild = ''
# Prevent attempted creation of plugin lock files in the Nix store.
touch $out/lib/ghidra/Ghidra/.dbDirLock
makeWrapper '${ghidra}/bin/ghidra' "$out/bin/ghidra" \
--set NIX_GHIDRAHOME "$out/lib/ghidra/Ghidra"
makeWrapper '${ghidra}/bin/ghidra-analyzeHeadless' "$out/bin/ghidra-analyzeHeadless" \
--set NIX_GHIDRAHOME "$out/lib/ghidra/Ghidra"
ln -s ${ghidra}/share $out/share
''
+ lib.optionalString stdenv.hostPlatform.isDarwin ''
convertDesktopFiles $prefix
'';
inherit (ghidra) meta;
});
in
withExtensions

35
pkgs/tools/security/gnupg/1compat.nix Normal file
View File

@@ -0,0 +1,35 @@
{
stdenv,
gnupg,
coreutils,
writeScript,
}:
stdenv.mkDerivation {
pname = "gnupg1compat";
version = gnupg.version;
builder = writeScript "gnupg1compat-builder" ''
PATH=${coreutils}/bin
# First symlink all top-level dirs
mkdir -p $out
ln -s "${gnupg}/"* $out
# Replace bin with directory and symlink it contents
rm $out/bin
mkdir -p $out/bin
ln -s "${gnupg}/bin/"* $out/bin
# Add symlinks for any executables that end in 2 and lack any non-*2 version
for f in $out/bin/*2; do
[[ -x $f ]] || continue # ignore failed globs and non-executable files
[[ -e ''${f%2} ]] && continue # ignore commands that already have non-*2 versions
ln -s -- "''${f##*/}" "''${f%2}"
done
'';
meta = gnupg.meta // {
description = gnupg.meta.description + " with symbolic links for gpg and gpgv";
priority = -1;
};
}

220
pkgs/tools/security/gnupg/24.nix Normal file
View File

@@ -0,0 +1,220 @@
{
lib,
stdenv,
fetchurl,
fetchFromGitLab,
buildPackages,
pkg-config,
texinfo,
gettext,
libassuan,
libgcrypt,
libgpg-error,
libiconv,
libksba,
npth,
adns,
bzip2,
gnutls,
libusb1,
openldap,
readline,
sqlite,
zlib,
openssh,
enableMinimal ? false,
withPcsc ? !enableMinimal,
pcsclite,
guiSupport ? stdenv.hostPlatform.isDarwin,
pinentry,
withTpm2Tss ? !stdenv.hostPlatform.isDarwin && !enableMinimal,
tpm2-tss,
nixosTests,
}:
assert guiSupport -> !enableMinimal;
stdenv.mkDerivation rec {
pname = "gnupg";
version = "2.4.8";
src = fetchurl {
url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
hash = "sha256-tYyA15sE0yQ/9JwcP8a1+DE46zeEaJVjvN0GBZUxhhY=";
};
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [
# XXX: do not add autoreconfHook without very careful testing!
# Problems that were identified during the last attempt:
# • Prints a warning about being a development version not
# suitable for production use.
# • Smartcards do not work, at least without pcscd.
pkg-config
texinfo
libgpg-error
];
buildInputs = [
gettext
libassuan
libgcrypt
libgpg-error
libiconv
libksba
npth
]
++ lib.optionals (!enableMinimal) [
adns
bzip2
gnutls
libusb1
openldap
readline
sqlite
zlib
]
++ lib.optionals withTpm2Tss [ tpm2-tss ];
# FreePG (https://freepg.org) is a set of commonly-used patches for GnuPG that
# have not been merged upstream. It is used by Arch Linux, Debian, Fedora and
# NixOS, and is maintained by Andrew Gallagher.
#
# The main purpose of including these patches in Nixpkgs is to maintain
# compatibility with OpenPGP.
#
freepgPatches = fetchFromGitLab {
domain = "gitlab.com";
owner = "freepg";
repo = "gnupg";
rev = "361c223eb00ca372fbf9506f5150ddbec193936f";
hash = "sha256-hRuwrB6G2vjp7Md6m+cwoi7g4GtW0sazAEN5RC+AKdg=";
};
patches = [
# Without this, scdaemon isn't linked to libusb, causing smartcards to not work correctly
./fix-libusb-include-path.patch
# Use pkg-config to find tss2-esys to fix static building
# Submitted upstream: https://dev.gnupg.org/D606
# The diff is larger than upstream because configure.ac was modified,
# requiring configure to be regenerated. For reasons we don't totally
# understand, regenerating configure has all sorts of other undesirable
# side effects. So to unbreak things, instead of regenerating configure,
# we can include just the configure changes relevant to the static patch
# in the patch file.
./static.patch
]
++ lib.map (v: "${freepgPatches}/STABLE-BRANCH-2-4-freepg/" + v) [
"0002-gpg-accept-subkeys-with-a-good-revocation-but-no-sel.patch"
"0003-gpg-allow-import-of-previously-known-keys-even-witho.patch"
"0004-tests-add-test-cases-for-import-without-uid.patch"
"0005-gpg-drop-import-clean-from-default-keyserver-import-.patch"
"0008-avoid-systemd-deprecation-warning.patch"
"0009-Add-systemd-support-for-keyboxd.patch"
"0010-Ship-sample-systemd-unit-files.patch"
"0011-el-gamal-default-to-3072-bits.patch"
"0012-gpg-default-digest-algorithm-SHA512.patch"
"0013-gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch"
"0018-Avoid-simple-memory-dumps-via-ptrace.patch"
"0019-Disallow-compressed-signatures-and-certificates.patch"
"0020-ssh-agent-emulation-under-systemd-inject-SSH_AUTH_SO.patch"
"0021-gpg-Sync-compliance-mode-cleanup-with-master.patch"
"0022-gpg-emit-RSA-pubkey-algorithm-when-in-compatibility-.patch"
"0023-gpg-Reintroduce-openpgp-as-distinct-from-rfc4880.patch"
"0024-gpg-Emit-LibrePGP-material-only-in-compliance-gnupg.patch"
"0025-gpg-gpgconf-list-report-actual-compliance-mode.patch"
"0026-gpg-Default-to-compliance-openpgp.patch"
"0027-gpg-Fix-newlines-in-Cleartext-Signature-Framework-CS.patch"
"0029-Add-keyboxd-systemd-support.patch"
"0033-Support-large-RSA-keygen-in-non-batch-mode.patch"
"0034-gpg-Verify-Text-mode-Signatures-over-binary-Literal-.patch"
];
postPatch =
# Switch the default key server to keys.openpgp.org
# The original motivation in 2019 was to switch away from the then-default SKS network: https://github.com/NixOS/nixpkgs/pull/63952
# In 2021 upstream also switched away, but to keyserver.ubuntu.com: https://dev.gnupg.org/rG47c4e3e00a7ef55f954c14b3c237496e54a853c1,
# while NixOS kept the keys.openpgp.org default: https://github.com/NixOS/nixpkgs/pull/159604
# TODO: Should this patch be removed so that the now-uncompromised default is used once again?
# A significant difference between the two seems to be that keys.openpgp.org is verifying keys, while keyserver.ubuntu.com isn't: https://unix.stackexchange.com/a/694528
# The keys.openpgp.org also has a great FAQ: https://keys.openpgp.org/about/faq
''
sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1
''
+ lib.optionalString (stdenv.hostPlatform.isLinux && withPcsc) ''
sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
'';
env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.hostPlatform.isDarwin "-Wno-implicit-function-declaration";
configureFlags = [
"--sysconfdir=/etc"
# Needed for large RSA key support (patch 0033)
"--enable-large-secmem"
"--with-libgpg-error-prefix=${libgpg-error.dev}"
"--with-libgcrypt-prefix=${libgcrypt.dev}"
"--with-libassuan-prefix=${libassuan.dev}"
"--with-ksba-prefix=${libksba.dev}"
"GPGRT_CONFIG=${lib.getDev libgpg-error}/bin/gpgrt-config"
]
++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${
pinentry.binaryPath or "bin/pinentry"
}"
++ lib.optional withTpm2Tss "--with-tss=intel"
++ lib.optional stdenv.hostPlatform.isDarwin "--disable-ccid-driver";
postInstall =
if enableMinimal then
''
rm -r $out/{libexec,sbin,share}
for f in $(find $out/bin -type f -not -name gpg)
do
rm $f
done
''
else
''
# add gpg2 symlink to make sure git does not break when signing commits
ln -s $out/bin/gpg $out/bin/gpg2
# Make libexec tools available in PATH
for f in $out/libexec/*; do
if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi
ln -s $f $out/bin/$(basename $f)
done
'';
enableParallelBuilding = true;
nativeCheckInputs = [
# A test would be skipped without SSH
openssh
];
doCheck = !enableMinimal;
passthru.tests = nixosTests.gnupg;
meta = with lib; {
homepage = "https://gnupg.org";
changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=${pname}.git;a=blob;f=NEWS;hb=refs/tags/${pname}-${version}";
description = "Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation";
license = licenses.gpl3Plus;
longDescription = ''
The GNU Privacy Guard is the GNU project's complete and free
implementation of the OpenPGP standard as defined by RFC4880. GnuPG
"modern" (2.1) is the latest development with a lot of new features.
GnuPG allows to encrypt and sign your data and communication, features a
versatile key management system as well as access modules for all kind of
public key directories. GnuPG, also known as GPG, is a command line tool
with features for easy integration with other applications. A wealth of
frontend applications and libraries are available. Version 2 of GnuPG
also provides support for S/MIME.
'';
maintainers = with maintainers; [
fpletz
sgo
];
platforms = platforms.all;
mainProgram = "gpg";
};
}

12
pkgs/tools/security/gnupg/fix-libusb-include-path.patch Normal file
View File

@@ -0,0 +1,12 @@
--- a/configure
+++ b/configure
@@ -9281,8 +9281,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking libusb include dir" >&5
$as_echo_n "checking libusb include dir... " >&6; }
usb_incdir_found="no"
- for _incdir in "" "/usr/include/libusb-1.0" \
- "/usr/local/include/libusb-1.0" "/usr/pkg/include/libusb-1.0"; do
+ for _incdir in "$($PKG_CONFIG --variable=includedir libusb-1.0)/libusb-1.0"; do
_libusb_save_cppflags=$CPPFLAGS
if test -n "${_incdir}"; then
CPPFLAGS="-I${_incdir} ${CPPFLAGS}"

216
pkgs/tools/security/gnupg/static.patch Normal file
View File

@@ -0,0 +1,216 @@
From 6a426b8093cf6633425d08a2d33ed24d200473a0 Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Sun, 9 Feb 2025 08:51:32 +0100
Subject: [PATCH] build: use pkg-config to find tss2-esys
Otherwise, tss2-esys's dependencies (other tss2 libraries, OpenSSL)
won't be linked when tss2-esys is a static library.
---
Link: https://dev.gnupg.org/D606
configure | 131 +++++++++++++++++++++++++++++----------------------
configure.ac | 5 +-
2 files changed, 76 insertions(+), 60 deletions(-)
diff --git a/configure b/configure
index 59f027d..f53c99d 100755
--- a/configure
+++ b/configure
@@ -669,12 +669,12 @@ TEST_LIBTSS_FALSE
TEST_LIBTSS_TRUE
HAVE_LIBTSS_FALSE
HAVE_LIBTSS_TRUE
-LIBTSS_CFLAGS
-LIBTSS_LIBS
SWTPM
TSSSTARTUP
TPMSERVER
TSS_INCLUDE
+LIBTSS_LIBS
+LIBTSS_CFLAGS
W32SOCKLIBS
NETLIBS
CROSS_COMPILING_FALSE
@@ -1005,7 +1005,9 @@ PKG_CONFIG_LIBDIR
SQLITE3_CFLAGS
SQLITE3_LIBS
LIBGNUTLS_CFLAGS
-LIBGNUTLS_LIBS'
+LIBGNUTLS_LIBS
+LIBTSS_CFLAGS
+LIBTSS_LIBS'
# Initialize some variables set by options.
@@ -1771,6 +1773,9 @@ Some influential environment variables:
C compiler flags for LIBGNUTLS, overriding pkg-config
LIBGNUTLS_LIBS
linker flags for LIBGNUTLS, overriding pkg-config
+ LIBTSS_CFLAGS
+ C compiler flags for LIBTSS, overriding pkg-config
+ LIBTSS_LIBS linker flags for LIBTSS, overriding pkg-config
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
@@ -15465,64 +15470,77 @@ else
fi
elif test "$with_tss" = intel; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing Esys_Initialize" >&5
-$as_echo_n "checking for library containing Esys_Initialize... " >&6; }
-if ${ac_cv_search_Esys_Initialize+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char Esys_Initialize ();
-int
-main ()
-{
-return Esys_Initialize ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' tss2-esys; do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_search_Esys_Initialize=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext
- if ${ac_cv_search_Esys_Initialize+:} false; then :
- break
-fi
-done
-if ${ac_cv_search_Esys_Initialize+:} false; then :
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBTSS" >&5
+$as_echo_n "checking for LIBTSS... " >&6; }
+if test -n "$LIBTSS_CFLAGS"; then
+ pkg_cv_LIBTSS_CFLAGS="$LIBTSS_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys tss2-mu tss2-rc tss2-tctildr\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "tss2-esys tss2-mu tss2-rc tss2-tctildr") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_LIBTSS_CFLAGS=`$PKG_CONFIG --cflags "tss2-esys tss2-mu tss2-rc tss2-tctildr" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
else
- ac_cv_search_Esys_Initialize=no
+ pkg_failed=yes
fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+ else
+ pkg_failed=untried
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_Esys_Initialize" >&5
-$as_echo "$ac_cv_search_Esys_Initialize" >&6; }
-ac_res=$ac_cv_search_Esys_Initialize
-if test "$ac_res" != no; then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
- have_libtss=Intel
+if test -n "$LIBTSS_LIBS"; then
+ pkg_cv_LIBTSS_LIBS="$LIBTSS_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys tss2-mu tss2-rc tss2-tctildr\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "tss2-esys tss2-mu tss2-rc tss2-tctildr") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_LIBTSS_LIBS=`$PKG_CONFIG --libs "tss2-esys tss2-mu tss2-rc tss2-tctildr" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
else
- as_fn_error $? "Intel TPM Software Stack requested but not found" "$LINENO" 5
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
fi
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ LIBTSS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tss2-esys tss2-mu tss2-rc tss2-tctildr" 2>&1`
+ else
+ LIBTSS_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tss2-esys tss2-mu tss2-rc tss2-tctildr" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$LIBTSS_PKG_ERRORS" >&5
+
+ as_fn_error $? "Intel TPM Software Stack requested but not found" "$LINENO" 5
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "Intel TPM Software Stack requested but not found" "$LINENO" 5
+else
+ LIBTSS_CFLAGS=$pkg_cv_LIBTSS_CFLAGS
+ LIBTSS_LIBS=$pkg_cv_LIBTSS_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ have_libtss=Intel
+fi
else
as_fn_error $? "Invalid TPM Software Stack requested: $with_tss" "$LINENO" 5
fi
@@ -15616,7 +15634,6 @@ $as_echo "$as_me: WARNING: Need Esys_TR_GetTpmHandle API (usually requires Intel
fi
- LIBTSS_LIBS="$LIBS -ltss2-mu -ltss2-rc -ltss2-tctildr"
$as_echo "#define HAVE_INTEL_TSS 1" >>confdefs.h
diff --git a/configure.ac b/configure.ac
index dc44465..92880e6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1574,8 +1574,8 @@ if test "$build_tpm2d" = "yes"; then
AC_SEARCH_LIBS([TSS_Create],[tss ibmtss],have_libtss=IBM,
[AC_MSG_ERROR([IBM TPM Software Stack requested but not found])])
elif test "$with_tss" = intel; then
- AC_SEARCH_LIBS([Esys_Initialize],[tss2-esys],have_libtss=Intel,
- [AC_MSG_ERROR([Intel TPM Software Stack requested but not found])])
+ PKG_CHECK_MODULES([LIBTSS], [tss2-esys tss2-mu tss2-rc tss2-tctildr],have_libtss=Intel,
+ [AC_MSG_ERROR([Intel TPM Software Stack requested but not found])])
else
AC_MSG_ERROR([Invalid TPM Software Stack requested: $with_tss])
fi
@@ -1605,7 +1605,6 @@ if test "$build_tpm2d" = "yes"; then
AC_MSG_WARN([Need Esys_TR_GetTpmHandle API (usually requires Intel TSS 2.4.0 or later, disabling TPM support)])
have_libtss=no
])
- LIBTSS_LIBS="$LIBS -ltss2-mu -ltss2-rc -ltss2-tctildr"
AC_DEFINE(HAVE_INTEL_TSS, 1, [Defined if we have the Intel TSS])
fi
LIBS="$_save_libs"
--
2.47.2

201
pkgs/tools/security/gnupg/tests-add-test-cases-for-import-without-uid.patch Normal file
View File

@@ -0,0 +1,201 @@
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:41 +0200
Subject: tests: add test cases for import without uid
This commit adds a test case that does the following, in order:
- Import of a primary key plus user id
- Check that import of a subkey works, without a user id present in the
imported key
- Check that import of a subkey revocation works, without a user id or
subkey binding signature present in the imported key
- Check that import of a primary key revocation works, without a user id
present in the imported key
--
Note that this test currently fails. The following changesets will
fix gpg so that the tests pass.
GnuPG-Bug-id: 4393
Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
tests/openpgp/Makefile.am | 1 +
tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++
.../import-incomplete/primary+revocation.asc | 9 +++
.../primary+subkey+sub-revocation.asc | 10 ++++
.../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++
.../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++
tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++
7 files changed, 118 insertions(+)
create mode 100755 tests/openpgp/import-incomplete.scm
create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc
create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index f6014c9..6423da1 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -78,6 +78,7 @@ XTESTS = \
gpgv-forged-keyring.scm \
armor.scm \
import.scm \
+ import-incomplete.scm \
import-revocation-certificate.scm \
ecc.scm \
4gb-packet.scm \
diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm
new file mode 100755
index 0000000..727a027
--- /dev/null
+++ b/tests/openpgp/import-incomplete.scm
@@ -0,0 +1,68 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2016 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
+(setup-environment)
+
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc")))
+
+(info "Test import of new subkey, from a certificate without uid")
+(define keyid "573EA710367356BB")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc")))
+(tr:do
+ (tr:pipe-do
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+ (lambda (c)
+ ;; XXX we do not have a regexp library
+ (unless (any (lambda (line)
+ (and (string-prefix? line "sub:")
+ (string-contains? line "573EA710367356BB")))
+ (string-split-newlines c))
+ (exit 1)))))
+
+(info "Test import of a subkey revocation, from a certificate without uid")
+(define keyid "573EA710367356BB")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc")))
+(tr:do
+ (tr:pipe-do
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+ (lambda (c)
+ ;; XXX we do not have a regexp library
+ (unless (any (lambda (line)
+ (and (string-prefix? line "sub:r:")
+ (string-contains? line "573EA710367356BB")))
+ (string-split-newlines c))
+ (exit 1)))))
+
+(info "Test import of revocation, from a certificate without uid")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc")))
+(tr:do
+ (tr:pipe-do
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+ (lambda (c)
+ ;; XXX we do not have a regexp library
+ (unless (any (lambda (line)
+ (and (string-prefix? line "pub:r:")
+ (string-contains? line "0843DA969AA8DAFB")))
+ (string-split-newlines c))
+ (exit 1)))))
+
diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc
new file mode 100644
index 0000000..6b7b608
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+revocation.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [E] primary key, revocation signature over primary (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ
+EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3
+XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ==
+=tM90
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
new file mode 100644
index 0000000..83a51a5
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [D] primary key, subkey, subkey revocation (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
+j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ
+3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ=
+=dwx2
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
new file mode 100644
index 0000000..dc47a02
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [B] primary key, subkey, subkey binding sig (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
+j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR
+Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg=
+=xuDu
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc
new file mode 100644
index 0000000..134607d
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [C] primary key and self-sig expiring in 2024 (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8
+2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu
+3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN
+9ohXOEBWvdJgVv2YAg==
+=KWIK
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc
new file mode 100644
index 0000000..055f300
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+uid.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [A] primary key, user ID, and self-sig expiring in 2021
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja
++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI
+kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs=
+=1eII
+-----END PGP PUBLIC KEY BLOCK-----

110
pkgs/tools/security/gopass/default.nix Normal file
View File

@@ -0,0 +1,110 @@
{
lib,
stdenv,
makeBinaryWrapper,
buildGoModule,
fetchFromGitHub,
installShellFiles,
gitMinimal,
gnupg,
xclip,
wl-clipboard,
passAlias ? false,
apple-sdk_14,
nix-update-script,
versionCheckHook,
}:
let
wrapperPath = lib.makeBinPath (
[
gitMinimal
gnupg
xclip
]
++ lib.optionals stdenv.hostPlatform.isLinux [
wl-clipboard
]
);
in
buildGoModule (finalAttrs: {
pname = "gopass";
version = "1.15.18";
nativeBuildInputs = [
installShellFiles
makeBinaryWrapper
];
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
# For ScreenCaptureKit.h, see https://github.com/NixOS/nixpkgs/pull/358760#discussion_r1858327365
apple-sdk_14
];
src = fetchFromGitHub {
owner = "gopasspw";
repo = "gopass";
tag = "v${finalAttrs.version}";
hash = "sha256-0vAZfcI/cUS/+x9clX9dV1q9yPOP3ZYPrn7hLPaYy/U=";
};
vendorHash = "sha256-HH0VU/JdRbpLK4pp2WOewXmv7Slu35iC2tFZ1TYWn5s=";
subPackages = [ "." ];
ldflags = [
"-s"
"-w"
"-X main.version=${finalAttrs.version}"
"-X main.commit=${finalAttrs.src.rev}"
];
postInstall = ''
installManPage gopass.1
installShellCompletion --cmd gopass \
--zsh zsh.completion \
--bash bash.completion \
--fish fish.completion
''
+ lib.optionalString passAlias ''
ln -s $out/bin/gopass $out/bin/pass
'';
postFixup = ''
wrapProgram $out/bin/gopass \
--prefix PATH : "${wrapperPath}" \
--set GOPASS_NO_REMINDER true
'';
doInstallCheck = true;
nativeInstallCheckInputs = [ versionCheckHook ];
versionCheckProgramArg = "--version";
passthru = {
inherit wrapperPath;
updateScript = nix-update-script { };
};
meta = {
description = "Slightly more awesome Standard Unix Password Manager for Teams. Written in Go";
homepage = "https://www.gopass.pw/";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [
rvolosatovs
sikmir
];
changelog = "https://github.com/gopasspw/gopass/blob/v${finalAttrs.version}/CHANGELOG.md";
longDescription = ''
gopass is a rewrite of the pass password manager in Go with the aim of
making it cross-platform and adding additional features. Our target
audience are professional developers and sysadmins (and especially teams
of those) who are well versed with a command line interface. One explicit
goal for this project is to make it more approachable to non-technical
users. We go by the UNIX philosophy and try to do one thing and do it
well, providing a stellar user experience and a sane, simple interface.
'';
mainProgram = "gopass";
};
})

46
pkgs/tools/security/gopass/git-credential.nix Normal file
View File

@@ -0,0 +1,46 @@
{
lib,
makeWrapper,
buildGoModule,
fetchFromGitHub,
gopass,
}:
buildGoModule rec {
pname = "git-credential-gopass";
version = "1.15.18";
src = fetchFromGitHub {
owner = "gopasspw";
repo = "git-credential-gopass";
rev = "v${version}";
hash = "sha256-tW4tPSZErVGZyPgLyQBbwDqmuYyl4nB/qCdAad+Kro4=";
};
vendorHash = "sha256-Yqhl1e0fFykFv/T3yaRkEyOKWBfaJXVrjrUWTToWd5s=";
subPackages = [ "." ];
nativeBuildInputs = [ makeWrapper ];
ldflags = [
"-s"
"-w"
"-X main.version=${version}"
"-X main.commit=${src.rev}"
];
postFixup = ''
wrapProgram $out/bin/git-credential-gopass \
--prefix PATH : "${lib.makeBinPath [ gopass ]}"
'';
meta = with lib; {
description = "Manage git credentials using gopass";
homepage = "https://github.com/gopasspw/git-credential-gopass";
changelog = "https://github.com/gopasspw/git-credential-gopass/blob/v${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [ benneti ];
mainProgram = "git-credential-gopass";
};
}

48
pkgs/tools/security/gopass/hibp.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
makeWrapper,
buildGoModule,
fetchFromGitHub,
gopass,
}:
buildGoModule rec {
pname = "gopass-hibp";
version = "1.15.18";
src = fetchFromGitHub {
owner = "gopasspw";
repo = "gopass-hibp";
rev = "v${version}";
hash = "sha256-tlElF7AO4eJQAYwqBdwf6140Y1lsB8xdPCPfZZe/d8k=";
};
vendorHash = "sha256-3uxKxpIgnQvTA1v/IJU7Z8IfIjjyhOFU7Py8uPIQ1q8=";
subPackages = [ "." ];
nativeBuildInputs = [ makeWrapper ];
ldflags = [
"-s"
"-w"
"-X main.version=${version}"
"-X main.commit=${src.rev}"
];
postFixup = ''
wrapProgram $out/bin/gopass-hibp \
--prefix PATH : "${lib.makeBinPath [ gopass ]}"
'';
__darwinAllowLocalNetworking = true;
meta = with lib; {
description = "Gopass haveibeenpwnd.com integration";
homepage = "https://github.com/gopasspw/gopass-hibp";
changelog = "https://github.com/gopasspw/gopass-hibp/blob/v${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [ sikmir ];
mainProgram = "gopass-hibp";
};
}

46
pkgs/tools/security/gopass/summon.nix Normal file
View File

@@ -0,0 +1,46 @@
{
lib,
makeWrapper,
buildGoModule,
fetchFromGitHub,
gopass,
}:
buildGoModule rec {
pname = "gopass-summon-provider";
version = "1.15.18";
src = fetchFromGitHub {
owner = "gopasspw";
repo = "gopass-summon-provider";
rev = "v${version}";
hash = "sha256-tpOWOFET2Uub1xLU1Ex3tawY23B9atb9vHyMQg3YR5M=";
};
vendorHash = "sha256-THzegtJmOOY/DtGSKFNT7VM2J1WeH02BjURMzjLPjTQ=";
subPackages = [ "." ];
nativeBuildInputs = [ makeWrapper ];
ldflags = [
"-s"
"-w"
"-X main.version=${version}"
"-X main.commit=${src.rev}"
];
postFixup = ''
wrapProgram $out/bin/gopass-summon-provider \
--prefix PATH : "${lib.makeBinPath [ gopass ]}"
'';
meta = with lib; {
description = "Gopass Summon Provider";
homepage = "https://github.com/gopasspw/gopass-summon-provider";
changelog = "https://github.com/gopasspw/gopass-summon-provider/blob/v${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [ sikmir ];
mainProgram = "gopass-summon-provider";
};
}

61
pkgs/tools/security/gpg-tui/default.nix Normal file
View File

@@ -0,0 +1,61 @@
{
lib,
stdenv,
rustPlatform,
fetchFromGitHub,
gpgme,
libgpg-error,
pkg-config,
python3,
libiconv,
libresolv,
x11Support ? true,
libxcb,
libxkbcommon,
}:
rustPlatform.buildRustPackage rec {
pname = "gpg-tui";
version = "0.11.1";
src = fetchFromGitHub {
owner = "orhun";
repo = "gpg-tui";
rev = "v${version}";
hash = "sha256-qGm0eHpVFGn8tNdEnmQ4oIfjCxyixMFYdxih7pHvGH0=";
};
cargoHash = "sha256-XdT/6N7CJJ8LY0KmkO6PuRdnq1FZvbZrGhky1hmyr2Y=";
nativeBuildInputs = [
gpgme # for gpgme-config
libgpg-error # for gpg-error-config
pkg-config
python3
];
buildInputs = [
gpgme
libgpg-error
]
++ lib.optionals x11Support [
libxcb
libxkbcommon
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
libiconv
libresolv
];
meta = with lib; {
description = "Terminal user interface for GnuPG";
homepage = "https://github.com/orhun/gpg-tui";
changelog = "https://github.com/orhun/gpg-tui/blob/${src.rev}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [
dotlambda
matthiasbeyer
];
mainProgram = "gpg-tui";
};
}

101
pkgs/tools/security/iaito/default.nix Normal file
View File

@@ -0,0 +1,101 @@
{
lib,
stdenv,
fetchFromGitHub,
meson,
ninja,
pkg-config,
python3,
qtbase,
qttools,
radare2,
wrapQtAppsHook,
}:
let
pname = "iaito";
version = "6.0.0";
main_src = fetchFromGitHub rec {
owner = "radareorg";
repo = pname;
tag = version;
hash = "sha256-bwGKHc2jlf1C/25CEoDUCLr6zOhAJES7+PvcGVyO8To=";
name = repo;
};
translations_src = fetchFromGitHub rec {
owner = "radareorg";
repo = "iaito-translations";
rev = "e66b3a962a7fc7dfd730764180011ecffbb206bf";
hash = "sha256-6NRTZ/ydypsB5TwbivvwOH9TEMAff/LH69hCXTvMPp8=";
name = repo;
};
in
stdenv.mkDerivation (finalAttrs: {
inherit pname version;
srcs = [
main_src
translations_src
];
sourceRoot = "${main_src.name}/src";
postUnpack = ''
chmod -R u+w ${translations_src.name}
'';
postPatch = ''
substituteInPlace common/ResourcePaths.cpp \
--replace "/app/share/iaito/translations" "$out/share/iaito/translations"
'';
nativeBuildInputs = [
meson
ninja
pkg-config
python3
qttools
wrapQtAppsHook
];
buildInputs = [
qtbase
radare2
];
postBuild = ''
pushd ../../../${translations_src.name}
make build -j$NIX_BUILD_CORES PREFIX=$out
popd
'';
installPhase = ''
runHook preInstall
install -m755 -Dt $out/bin iaito
install -m644 -Dt $out/share/metainfo ../org.radare.iaito.appdata.xml
install -m644 -Dt $out/share/applications ../org.radare.iaito.desktop
install -m644 -Dt $out/share/pixmaps ../img/org.radare.iaito.svg
pushd ../../../${translations_src.name}
make install -j$NIX_BUILD_CORES PREFIX=$out
popd
runHook postInstall
'';
meta = with lib; {
description = "Official Qt frontend of radare2";
longDescription = ''
iaito is the official graphical interface for radare2, a libre reverse
engineering framework.
'';
homepage = "https://radare.org/n/iaito.html";
changelog = "https://github.com/radareorg/iaito/releases/tag/${finalAttrs.version}";
license = licenses.gpl3Only;
maintainers = with maintainers; [ azahi ];
mainProgram = "iaito";
platforms = platforms.linux;
};
})

56
pkgs/tools/security/keybase/default.nix Normal file
View File

@@ -0,0 +1,56 @@
{
replaceVars,
lib,
buildGoModule,
fetchFromGitHub,
gnupg,
}:
buildGoModule rec {
pname = "keybase";
version = "6.5.1";
modRoot = "go";
subPackages = [
"kbnm"
"keybase"
];
dontRenameImports = true;
src = fetchFromGitHub {
owner = "keybase";
repo = "client";
rev = "v${version}";
hash = "sha256-B3vedsxQM4FDZVpkMKR67DF7FtaTPhGIJ1e2lViKYzg=";
};
vendorHash = "sha256-uw1tiaYoMpMXCYt5bPL5OBbK09PJmAQYQDrDwuPShxU=";
patches = [
(replaceVars ./fix-paths-keybase.patch {
gpg = "${gnupg}/bin/gpg";
gpg2 = "${gnupg}/bin/gpg2";
})
];
tags = [ "production" ];
ldflags = [
"-s"
"-w"
];
meta = with lib; {
homepage = "https://www.keybase.io/";
description = "Keybase official command-line utility and service";
mainProgram = "keybase";
platforms = platforms.linux ++ platforms.darwin;
maintainers = with maintainers; [
avaq
np
rvolosatovs
Br1ght0ne
shofius
ryand56
];
license = licenses.bsd3;
};
}

16
pkgs/tools/security/keybase/fix-paths-keybase.patch Normal file
View File

@@ -0,0 +1,16 @@
diff --git a/go/libkb/gpg_cli.go b/go/libkb/gpg_cli.go
index 3c7c6257..ae8f7e2f 100644
--- a/go/libkb/gpg_cli.go
+++ b/go/libkb/gpg_cli.go
@@ -54,9 +54,9 @@ func (g *GpgCLI) Configure(mctx MetaContext) (err error) {
if len(prog) > 0 {
err = canExec(prog)
} else {
- prog, err = exec.LookPath("gpg2")
+ prog, err = exec.LookPath("@gpg2@")
if err != nil {
- prog, err = exec.LookPath("gpg")
+ prog, err = exec.LookPath("@gpg@")
}
}
if err != nil {

152
pkgs/tools/security/keybase/gui.nix Normal file
View File

@@ -0,0 +1,152 @@
{
stdenv,
lib,
fetchurl,
alsa-lib,
atk,
cairo,
cups,
udev,
libdrm,
libgbm,
dbus,
expat,
fontconfig,
freetype,
gdk-pixbuf,
glib,
gtk3,
libappindicator-gtk3,
libnotify,
nspr,
nss,
pango,
systemd,
xorg,
autoPatchelfHook,
wrapGAppsHook3,
runtimeShell,
gsettings-desktop-schemas,
}:
let
versionSuffix = "20250428154451.19f9cfeddb";
in
stdenv.mkDerivation rec {
pname = "keybase-gui";
version = "6.5.1"; # Find latest version and versionSuffix from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages
src = fetchurl {
url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb";
hash = "sha256-PCKi1lavGwLbCoMTMG4h6PJTIzwRAu542eYqDDKzU4Y=";
};
nativeBuildInputs = [
autoPatchelfHook
wrapGAppsHook3
];
buildInputs = [
alsa-lib
atk
cairo
cups
dbus
expat
fontconfig
freetype
gdk-pixbuf
glib
gsettings-desktop-schemas
gtk3
libappindicator-gtk3
libnotify
nspr
nss
pango
systemd
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
xorg.libxcb
libdrm
libgbm
];
runtimeDependencies = [
(lib.getLib udev)
libappindicator-gtk3
];
dontBuild = true;
dontConfigure = true;
dontPatchELF = true;
unpackPhase = ''
ar xf $src
tar xf data.tar.xz
'';
installPhase = ''
mkdir -p $out/bin
mv usr/share $out/share
mv opt/keybase $out/share/
cat > $out/bin/keybase-gui <<EOF
#!${runtimeShell}
checkFailed() {
if [ "\$NIX_SKIP_KEYBASE_CHECKS" = "1" ]; then
return
fi
echo "Set NIX_SKIP_KEYBASE_CHECKS=1 if you want to skip this check." >&2
exit 1
}
if [ ! -S "\$XDG_RUNTIME_DIR/keybase/keybased.sock" ]; then
echo "Keybase service doesn't seem to be running." >&2
echo "You might need to run: keybase service" >&2
checkFailed
fi
if [ -z "\$(keybase status | grep kbfsfuse)" ]; then
echo "Could not find kbfsfuse client in keybase status." >&2
echo "You might need to run: kbfsfuse" >&2
checkFailed
fi
exec $out/share/keybase/Keybase \''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime=true}} "\$@"
EOF
chmod +x $out/bin/keybase-gui
substituteInPlace $out/share/applications/keybase.desktop \
--replace run_keybase $out/bin/keybase-gui
'';
meta = with lib; {
homepage = "https://www.keybase.io/";
description = "Keybase official GUI";
mainProgram = "keybase-gui";
platforms = [ "x86_64-linux" ];
maintainers = with maintainers; [
avaq
rvolosatovs
puffnfresh
np
Br1ght0ne
shofius
ryand56
];
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
license = licenses.bsd3;
};
}

37
pkgs/tools/security/keybase/kbfs.nix Normal file
View File

@@ -0,0 +1,37 @@
{
lib,
buildGoModule,
keybase,
}:
buildGoModule {
pname = "kbfs";
inherit (keybase) src version vendorHash;
modRoot = "go";
subPackages = [
"kbfs/kbfsfuse"
"kbfs/redirector"
"kbfs/kbfsgit/git-remote-keybase"
];
tags = [ "production" ];
ldflags = [
"-s"
"-w"
];
meta = with lib; {
homepage = "https://keybase.io/docs/kbfs";
description = "Keybase filesystem";
maintainers = with maintainers; [
avaq
rvolosatovs
bennofs
np
shofius
];
license = licenses.bsd3;
};
}

71
pkgs/tools/security/kwalletcli/default.nix Normal file
View File

@@ -0,0 +1,71 @@
{
mkDerivation,
fetchFromGitHub,
lib,
makeWrapper,
pkg-config,
kcoreaddons,
ki18n,
kwallet,
mksh,
pinentry-qt,
}:
mkDerivation rec {
pname = "kwalletcli";
version = "3.03";
src = fetchFromGitHub {
owner = "MirBSD";
repo = pname;
rev = "${pname}-${lib.replaceStrings [ "." ] [ "_" ] version}";
sha256 = "sha256-DUtaQITzHhQrqA9QJd0U/5EDjH0IzY9/kal/7SYQ/Ck=";
};
postPatch = ''
substituteInPlace GNUmakefile \
--replace -I/usr/include/KF5/KCoreAddons -I${kcoreaddons.dev}/include/KF5/KCoreAddons \
--replace -I/usr/include/KF5/KI18n -I${ki18n.dev}/include/KF5/KI18n \
--replace -I/usr/include/KF5/KWallet -I${kwallet.dev}/include/KF5/KWallet \
--replace /usr/bin $out/bin \
--replace /usr/share/man $out/share/man
substituteInPlace pinentry-kwallet \
--replace '/usr/bin/env mksh' ${mksh}/bin/mksh
substituteInPlace kwalletcli_getpin \
--replace '/usr/bin/env mksh' ${mksh}/bin/mksh
'';
makeFlags = [ "KDE_VER=5" ];
nativeBuildInputs = [
makeWrapper
pkg-config
];
# if using just kwallet, cmake will be added as a buildInput and fail the build
propagatedBuildInputs = [
kcoreaddons
ki18n
(lib.getLib kwallet)
];
preInstall = ''
mkdir -p $out/bin $out/share/man/man1
'';
postInstall = ''
for program in pinentry-kwallet kwalletcli_getpin; do
wrapProgram $out/bin/$program \
--prefix PATH : $out/bin:${lib.makeBinPath [ pinentry-qt ]} \
--set-default PINENTRY pinentry-qt
done
'';
meta = with lib; {
description = "Command-Line Interface to the KDE Wallet";
homepage = "https://www.mirbsd.org/kwalletcli.htm";
license = licenses.miros;
maintainers = with maintainers; [ peterhoeg ];
};
}

6
pkgs/tools/security/metasploit/Gemfile Normal file
View File

@@ -0,0 +1,6 @@
# frozen_string_literal: true
source "https://rubygems.org"
gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.4.53"
gem "syslog", "~> 0.3.0"

503
pkgs/tools/security/metasploit/Gemfile.lock Normal file
View File

@@ -0,0 +1,503 @@
GIT
remote: https://github.com/rapid7/metasploit-framework
revision: ce6990ff84c944186dfa104b3aa1edd98962b468
ref: refs/tags/6.4.53
specs:
metasploit-framework (6.4.53)
aarch64
abbrev
actionpack (~> 7.0.0)
activerecord (~> 7.0.0)
activesupport (~> 7.0.0)
aws-sdk-ec2
aws-sdk-ec2instanceconnect
aws-sdk-iam
aws-sdk-s3
aws-sdk-ssm
base64
bcrypt
bcrypt_pbkdf
benchmark
bigdecimal
bootsnap
bson
chunky_png
concurrent-ruby (= 1.3.4)
csv
dnsruby
drb
ed25519
elftools
em-http-request
eventmachine
faker
faraday (= 2.7.11)
faraday-retry
faye-websocket
ffi (< 1.17.0)
fiddle
filesize
getoptlong
hrr_rb_ssh-ed25519
http-cookie
irb (~> 1.7.4)
jsobfu
json
metasm
metasploit-concern
metasploit-credential
metasploit-model
metasploit-payloads (= 2.0.189)
metasploit_data_models
metasploit_payloads-mettle (= 1.0.35)
mqtt
msgpack (~> 1.6.0)
mutex_m
nessus_rest
net-imap
net-ldap
net-sftp
net-smtp
net-ssh
network_interface
nexpose
nokogiri
octokit (~> 4.0)
openssl-ccm
openvas-omp
ostruct
packetfu
patch_finder
pcaprub
pdf-reader
pg
puma
railties
rasn1 (= 0.14.0)
rb-readline
recog
redcarpet
reline
rex-arch
rex-bin_tools
rex-core
rex-encoder
rex-exploitation
rex-java
rex-mime
rex-nop
rex-ole
rex-powershell
rex-random_identifier
rex-registry
rex-rop_builder
rex-socket
rex-sslscan
rex-struct2
rex-text
rex-zip
ruby-macho
ruby-mysql
ruby_smb (~> 3.3.3)
rubyntlm
rubyzip
sinatra
sqlite3 (= 1.7.3)
sshkey
swagger-blocks
thin
tzinfo
tzinfo-data
unix-crypt
warden
win32api
windows_error
winrm
xdr
xmlrpc
zeitwerk
GEM
remote: https://rubygems.org/
specs:
Ascii85 (1.1.1)
aarch64 (2.1.0)
racc (~> 1.6)
abbrev (0.1.2)
actionpack (7.0.8.6)
actionview (= 7.0.8.6)
activesupport (= 7.0.8.6)
rack (~> 2.0, >= 2.2.4)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actionview (7.0.8.6)
activesupport (= 7.0.8.6)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
activemodel (7.0.8.6)
activesupport (= 7.0.8.6)
activerecord (7.0.8.6)
activemodel (= 7.0.8.6)
activesupport (= 7.0.8.6)
activesupport (7.0.8.6)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
addressable (2.8.7)
public_suffix (>= 2.0.2, < 7.0)
afm (0.2.2)
arel-helpers (2.15.0)
activerecord (>= 3.1.0, < 8)
aws-eventstream (1.3.0)
aws-partitions (1.999.0)
aws-sdk-core (3.211.0)
aws-eventstream (~> 1, >= 1.3.0)
aws-partitions (~> 1, >= 1.992.0)
aws-sigv4 (~> 1.9)
jmespath (~> 1, >= 1.6.1)
aws-sdk-ec2 (1.486.0)
aws-sdk-core (~> 3, >= 3.210.0)
aws-sigv4 (~> 1.5)
aws-sdk-ec2instanceconnect (1.52.0)
aws-sdk-core (~> 3, >= 3.210.0)
aws-sigv4 (~> 1.5)
aws-sdk-iam (1.112.0)
aws-sdk-core (~> 3, >= 3.210.0)
aws-sigv4 (~> 1.5)
aws-sdk-kms (1.95.0)
aws-sdk-core (~> 3, >= 3.210.0)
aws-sigv4 (~> 1.5)
aws-sdk-s3 (1.169.0)
aws-sdk-core (~> 3, >= 3.210.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.5)
aws-sdk-ssm (1.183.0)
aws-sdk-core (~> 3, >= 3.210.0)
aws-sigv4 (~> 1.5)
aws-sigv4 (1.10.1)
aws-eventstream (~> 1, >= 1.0.2)
base64 (0.2.0)
bcrypt (3.1.20)
bcrypt_pbkdf (1.1.1)
benchmark (0.4.0)
bigdecimal (3.1.8)
bindata (2.4.15)
bootsnap (1.18.4)
msgpack (~> 1.2)
bson (5.0.1)
builder (3.3.0)
chunky_png (1.4.0)
concurrent-ruby (1.3.4)
cookiejar (0.3.4)
crass (1.0.6)
csv (3.3.0)
daemons (1.4.1)
date (3.3.4)
dnsruby (1.72.2)
simpleidn (~> 0.2.1)
domain_name (0.6.20240107)
drb (2.2.1)
ed25519 (1.3.0)
elftools (1.3.1)
bindata (~> 2)
em-http-request (1.1.7)
addressable (>= 2.3.4)
cookiejar (!= 0.3.1)
em-socksify (>= 0.3)
eventmachine (>= 1.0.3)
http_parser.rb (>= 0.6.0)
em-socksify (0.3.3)
base64
eventmachine (>= 1.0.0.beta.4)
erubi (1.13.0)
eventmachine (1.2.7)
faker (3.5.1)
i18n (>= 1.8.11, < 2)
faraday (2.7.11)
base64
faraday-net_http (>= 2.0, < 3.1)
ruby2_keywords (>= 0.0.4)
faraday-net_http (3.0.2)
faraday-retry (2.2.1)
faraday (~> 2.0)
faye-websocket (0.11.3)
eventmachine (>= 0.12.0)
websocket-driver (>= 0.5.1)
ffi (1.16.3)
fiddle (1.1.6)
filesize (0.2.0)
getoptlong (0.2.1)
gssapi (1.3.1)
ffi (>= 1.0.1)
gyoku (1.4.0)
builder (>= 2.1.2)
rexml (~> 3.0)
hashery (2.1.2)
hrr_rb_ssh (0.4.2)
hrr_rb_ssh-ed25519 (0.4.2)
ed25519 (~> 1.2)
hrr_rb_ssh (>= 0.4)
http-cookie (1.0.7)
domain_name (~> 0.5)
http_parser.rb (0.8.0)
httpclient (2.8.3)
i18n (1.14.6)
concurrent-ruby (~> 1.0)
io-console (0.7.2)
irb (1.7.4)
reline (>= 0.3.6)
jmespath (1.6.2)
jsobfu (0.4.2)
rkelly-remix
json (2.7.5)
little-plugger (1.1.4)
logger (1.6.6)
logging (2.4.0)
little-plugger (~> 1.1)
multi_json (~> 1.14)
loofah (2.23.1)
crass (~> 1.0.2)
nokogiri (>= 1.12.0)
metasm (1.0.5)
metasploit-concern (5.0.3)
activemodel (~> 7.0)
activesupport (~> 7.0)
railties (~> 7.0)
zeitwerk
metasploit-credential (6.0.11)
metasploit-concern
metasploit-model
metasploit_data_models (>= 5.0.0)
net-ssh
pg
railties
rex-socket
rubyntlm
rubyzip
metasploit-model (5.0.2)
activemodel (~> 7.0)
activesupport (~> 7.0)
railties (~> 7.0)
metasploit-payloads (2.0.189)
metasploit_data_models (6.0.5)
activerecord (~> 7.0)
activesupport (~> 7.0)
arel-helpers
metasploit-concern
metasploit-model (>= 3.1)
pg
railties (~> 7.0)
recog
webrick
metasploit_payloads-mettle (1.0.35)
method_source (1.1.0)
mini_portile2 (2.8.7)
minitest (5.25.1)
mqtt (0.6.0)
msgpack (1.6.1)
multi_json (1.15.0)
mustermann (3.0.3)
ruby2_keywords (~> 0.0.1)
mutex_m (0.2.0)
nessus_rest (0.1.6)
net-imap (0.5.0)
date
net-protocol
net-ldap (0.19.0)
net-protocol (0.2.2)
timeout
net-sftp (4.0.0)
net-ssh (>= 5.0.0, < 8.0.0)
net-smtp (0.5.0)
net-protocol
net-ssh (7.3.0)
network_interface (0.0.4)
nexpose (7.3.0)
nio4r (2.7.4)
nokogiri (1.16.7)
mini_portile2 (~> 2.8.2)
racc (~> 1.4)
nori (2.7.1)
bigdecimal
octokit (4.25.1)
faraday (>= 1, < 3)
sawyer (~> 0.9)
openssl-ccm (1.2.3)
openssl-cmac (2.0.2)
openvas-omp (0.0.4)
ostruct (0.6.1)
packetfu (2.0.0)
pcaprub (~> 0.13.1)
patch_finder (1.0.2)
pcaprub (0.13.3)
pdf-reader (2.12.0)
Ascii85 (~> 1.0)
afm (~> 0.2.1)
hashery (~> 2.0)
ruby-rc4
ttfunk
pg (1.5.9)
public_suffix (6.0.1)
puma (6.4.3)
nio4r (~> 2.0)
racc (1.8.1)
rack (2.2.10)
rack-protection (3.2.0)
base64 (>= 0.1.0)
rack (~> 2.2, >= 2.2.4)
rack-test (2.1.0)
rack (>= 1.3)
rails-dom-testing (2.2.0)
activesupport (>= 5.0.0)
minitest
nokogiri (>= 1.6)
rails-html-sanitizer (1.6.0)
loofah (~> 2.21)
nokogiri (~> 1.14)
railties (7.0.8.6)
actionpack (= 7.0.8.6)
activesupport (= 7.0.8.6)
method_source
rake (>= 12.2)
thor (~> 1.0)
zeitwerk (~> 2.5)
rake (13.2.1)
rasn1 (0.14.0)
strptime (~> 0.2.5)
rb-readline (0.5.5)
recog (3.1.11)
nokogiri
redcarpet (3.6.0)
reline (0.5.10)
io-console (~> 0.5)
rex-arch (0.1.16)
rex-text
rex-bin_tools (0.1.9)
metasm
rex-arch
rex-core
rex-struct2
rex-text
rex-core (0.1.32)
rex-encoder (0.1.7)
metasm
rex-arch
rex-text
rex-exploitation (0.1.40)
jsobfu
metasm
rex-arch
rex-encoder
rex-text
rexml
rex-java (0.1.7)
rex-mime (0.1.8)
rex-text
rex-nop (0.1.3)
rex-arch
rex-ole (0.1.8)
rex-text
rex-powershell (0.1.100)
rex-random_identifier
rex-text
ruby-rc4
rex-random_identifier (0.1.13)
rex-text
rex-registry (0.1.5)
rex-rop_builder (0.1.5)
metasm
rex-core
rex-text
rex-socket (0.1.57)
rex-core
rex-sslscan (0.1.10)
rex-core
rex-socket
rex-text
rex-struct2 (0.1.4)
rex-text (0.2.59)
rex-zip (0.1.5)
rex-text
rexml (3.3.9)
rkelly-remix (0.0.7)
ruby-macho (4.1.0)
ruby-mysql (4.1.0)
ruby-rc4 (0.1.5)
ruby2_keywords (0.0.5)
ruby_smb (3.3.11)
bindata (= 2.4.15)
openssl-ccm
openssl-cmac
rubyntlm (>= 0.6.5)
windows_error (>= 0.1.4)
rubyntlm (0.6.5)
base64
rubyzip (2.3.2)
sawyer (0.9.2)
addressable (>= 2.3.5)
faraday (>= 0.17.3, < 3)
simpleidn (0.2.3)
sinatra (3.2.0)
mustermann (~> 3.0)
rack (~> 2.2, >= 2.2.4)
rack-protection (= 3.2.0)
tilt (~> 2.0)
sqlite3 (1.7.3)
mini_portile2 (~> 2.8.0)
sshkey (3.0.0)
strptime (0.2.5)
swagger-blocks (3.0.0)
syslog (0.3.0)
logger
thin (1.8.2)
daemons (~> 1.0, >= 1.0.9)
eventmachine (~> 1.0, >= 1.0.4)
rack (>= 1, < 3)
thor (1.3.2)
tilt (2.4.0)
timeout (0.4.1)
ttfunk (1.8.0)
bigdecimal (~> 3.1)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
tzinfo-data (1.2024.2)
tzinfo (>= 1.0.0)
unix-crypt (1.3.1)
warden (1.2.9)
rack (>= 2.0.9)
webrick (1.8.2)
websocket-driver (0.7.6)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
win32api (0.1.0)
windows_error (0.1.5)
winrm (2.3.9)
builder (>= 2.1.2)
erubi (~> 1.8)
gssapi (~> 1.2)
gyoku (~> 1.0)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0, >= 2.7.1)
rexml (~> 3.0)
rubyntlm (~> 0.6.0, >= 0.6.3)
xdr (3.0.3)
activemodel (>= 4.2, < 8.0)
activesupport (>= 4.2, < 8.0)
xmlrpc (0.3.3)
webrick
zeitwerk (2.6.18)
PLATFORMS
ruby
DEPENDENCIES
metasploit-framework!
syslog (~> 0.3.0)
BUNDLED WITH
2.5.22

87
pkgs/tools/security/metasploit/default.nix Normal file
View File

@@ -0,0 +1,87 @@
{
lib,
stdenv,
fetchFromGitHub,
makeWrapper,
ruby,
bundlerEnv,
testers,
python3,
}:
let
env = bundlerEnv {
inherit ruby;
name = "metasploit-bundler-env";
gemdir = ./.;
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "metasploit-framework";
version = "6.4.53";
src = fetchFromGitHub {
owner = "rapid7";
repo = "metasploit-framework";
tag = finalAttrs.version;
hash = "sha256-yHat9U8EZbUWo4j9ut6K9IPtPFm130pfSmIuhtQhFoQ=";
};
nativeBuildInputs = [
makeWrapper
];
buildInputs = [
(python3.withPackages (ps: [ ps.requests ]))
];
dontPatchELF = true; # stay away from exploit executables
installPhase = ''
runHook preInstall
mkdir -p $out/{bin,share/msf}
cp -r * $out/share/msf
grep -rl "^#\!.*python2$" $out/share/msf | xargs -d '\n' rm
(
cd $out/share/msf/
for i in msf*; do
makeWrapper ${env}/bin/bundle $out/bin/$i \
--add-flags "exec ${ruby}/bin/ruby $out/share/msf/$i"
done
)
makeWrapper ${env}/bin/bundle $out/bin/msf-pattern_create \
--add-flags "exec ${ruby}/bin/ruby $out/share/msf/tools/exploit/pattern_create.rb"
makeWrapper ${env}/bin/bundle $out/bin/msf-pattern_offset \
--add-flags "exec ${ruby}/bin/ruby $out/share/msf/tools/exploit/pattern_offset.rb"
runHook postInstall
'';
passthru.tests = {
msfconsole-version = testers.testVersion {
package = finalAttrs.finalPackage;
command = "HOME=/tmp msfconsole -q -x 'version;exit'";
};
};
# run with: nix-shell maintainers/scripts/update.nix --argstr path metasploit
passthru.updateScript = ./update.sh;
meta = with lib; {
description = "Metasploit Framework - a collection of exploits";
homepage = "https://docs.metasploit.com/";
platforms = platforms.unix;
license = licenses.bsd3;
maintainers = with maintainers; [
fab
makefu
];
mainProgram = "msfconsole";
};
})

1798
pkgs/tools/security/metasploit/gemset.nix Normal file
View File

File diff suppressed because it is too large Load Diff

25
pkgs/tools/security/metasploit/shell.nix Normal file
View File

@@ -0,0 +1,25 @@
{
pkgs ? import ../../../.. { },
}:
pkgs.mkShell {
nativeBuildInputs = [
pkgs.pkg-config
pkgs.libffi # libffi as native input
];
buildInputs = with pkgs; [
bundix
git
libiconv
libpcap
libxml2
libxslt
postgresql
ruby.devEnv
sqlite
];
# Ensure that pkg-config finds libffi
shellHook = ''
export PKG_CONFIG_PATH="${pkgs.libffi.out}/lib/pkgconfig:$PKG_CONFIG_PATH"
echo "PKG_CONFIG_PATH set to: $PKG_CONFIG_PATH"
'';
}

20
pkgs/tools/security/metasploit/update.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl bundix git libiconv libpcap libxml2 libxslt pkg-config postgresql ruby.devEnv sqlite xmlstarlet nix-update
set -eu -o pipefail
cd "$(dirname "$(readlink -f "$0")")"
latest=$(curl https://github.com/rapid7/metasploit-framework/tags.atom | xmlstarlet sel -N atom="http://www.w3.org/2005/Atom" -t -m /atom:feed/atom:entry -v atom:title -n | head -n1)
echo "Updating metasploit to $latest"
sed -i "s#refs/tags/.*#refs/tags/$latest\"#" Gemfile
bundler install
bundix
sed -i '/[ ]*dependencies =/d' gemset.nix
# Hacks
sed -i 's/nokogiri = {/nokogiri = {\n dependencies = ["mini_portile2" "racc"];/g' gemset.nix
cd "../../../../"
nix-update metasploit --version "$latest"

32
pkgs/tools/security/mkpasswd/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{
lib,
stdenv,
whois,
libxcrypt,
perl,
pkg-config,
}:
stdenv.mkDerivation {
pname = "mkpasswd";
inherit (whois) version src patches;
nativeBuildInputs = [
perl
pkg-config
];
buildInputs = [ libxcrypt ];
inherit (whois) preConfigure;
buildPhase = "make mkpasswd";
installPhase = "make install-mkpasswd";
meta = with lib; {
homepage = "https://packages.qa.debian.org/w/whois.html";
description = "Overfeatured front-end to crypt, from the Debian whois package";
mainProgram = "mkpasswd";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ fpletz ];
platforms = platforms.unix;
};
}

57
pkgs/tools/security/nitrokey-app/default.nix Normal file
View File

@@ -0,0 +1,57 @@
{
lib,
stdenv,
cmake,
fetchFromGitHub,
pkg-config,
wrapQtAppsHook,
libnitrokey,
cppcodec,
qttools,
}:
stdenv.mkDerivation rec {
pname = "nitrokey-app";
version = "1.4.2";
src = fetchFromGitHub {
owner = "Nitrokey";
repo = "nitrokey-app";
tag = "v${version}";
hash = "sha256-c6EC5uuMna07xVHDRFq0UDwuSeopZTmZGZ9ZD5zaq8Y=";
};
nativeBuildInputs = [
cmake
pkg-config
wrapQtAppsHook
qttools
];
cmakeFlags = [
"-DADD_GIT_INFO=OFF"
"-DBASH_COMPLETION_PATH=share/bash-completion/completions"
];
buildInputs = [
libnitrokey
cppcodec
];
meta = with lib; {
description = "Provides extra functionality for the Nitrokey Pro and Storage";
mainProgram = "nitrokey-app";
longDescription = ''
The nitrokey-app provides a QT system tray widget with which you can
access the extra functionality of a Nitrokey Storage or Nitrokey Pro.
See https://www.nitrokey.com/ for more information.
'';
homepage = "https://github.com/Nitrokey/nitrokey-app";
changelog = "https://github.com/Nitrokey/nitrokey-app/releases/tag/v${version}";
license = licenses.gpl3Plus;
maintainers = with maintainers; [
kaiha
panicgh
];
};
}

86
pkgs/tools/security/nitrokey-app2/default.nix Normal file
View File

@@ -0,0 +1,86 @@
{
lib,
stdenv,
buildPythonApplication,
fetchFromGitHub,
poetry-core,
fido2,
nitrokey,
pyside6,
usb-monitor,
qt6,
}:
let
inherit (qt6)
wrapQtAppsHook
qtbase
qtwayland
qtsvg
;
in
buildPythonApplication rec {
pname = "nitrokey-app2";
version = "2.4.1";
pyproject = true;
src = fetchFromGitHub {
owner = "Nitrokey";
repo = "nitrokey-app2";
tag = "v${version}";
hash = "sha256-nzhhtnKKOHA+Cw1y+BpYsyQklzkDnmFRKGIfaJ/dmaQ=";
};
nativeBuildInputs = [
wrapQtAppsHook
];
buildInputs = [
qtbase
]
++ lib.optionals stdenv.hostPlatform.isLinux [
qtwayland
qtsvg
];
build-system = [
poetry-core
];
dependencies = [
fido2
nitrokey
pyside6
usb-monitor
];
pythonRelaxDeps = [ "nitrokey" ];
pythonImportsCheck = [
"nitrokeyapp"
];
postInstall = ''
install -Dm755 meta/com.nitrokey.nitrokey-app2.desktop $out/share/applications/com.nitrokey.nitrokey-app2.desktop
install -Dm755 meta/nk-app2.png $out/share/icons/hicolor/128x128/apps/com.nitrokey.nitrokey-app2.png
'';
# wrapQtApps only wrapps binary files and normally skips python programs.
# Manually pass the qtWrapperArgs from wrapQtAppsHook to wrap python programs.
preFixup = ''
makeWrapperArgs+=("''${qtWrapperArgs[@]}")
'';
meta = with lib; {
description = "This application allows to manage Nitrokey 3 devices";
homepage = "https://github.com/Nitrokey/nitrokey-app2";
changelog = "https://github.com/Nitrokey/nitrokey-app2/releases/tag/${src.tag}";
license = licenses.asl20;
maintainers = with maintainers; [
_999eagle
panicgh
];
mainProgram = "nitrokeyapp";
};
}

72
pkgs/tools/security/nsjail/default.nix Normal file
View File

@@ -0,0 +1,72 @@
{
lib,
stdenv,
fetchFromGitHub,
autoconf,
bison,
flex,
libtool,
pkg-config,
which,
libnl,
protobuf,
protobufc,
shadow,
installShellFiles,
}:
stdenv.mkDerivation rec {
pname = "nsjail";
version = "3.4";
src = fetchFromGitHub {
owner = "google";
repo = "nsjail";
rev = version;
fetchSubmodules = true;
hash = "sha256-/K+qJV5Dq+my45Cpw6czdsWLtO9lnJwZTsOIRt4Iijk=";
};
nativeBuildInputs = [
autoconf
bison
flex
installShellFiles
libtool
pkg-config
which
];
buildInputs = [
libnl
protobuf
protobufc
];
enableParallelBuilding = true;
env.NIX_CFLAGS_COMPILE = toString [ "-Wno-error" ];
preBuild = ''
makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap')
'';
installPhase = ''
runHook preInstall
install -Dm755 nsjail "$out/bin/nsjail"
installManPage nsjail.1
runHook postInstall
'';
meta = with lib; {
description = "Light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";
homepage = "https://nsjail.dev/";
changelog = "https://github.com/google/nsjail/releases/tag/${version}";
license = licenses.asl20;
maintainers = with maintainers; [
arturcygan
bosu
c0bw3b
];
platforms = platforms.linux;
mainProgram = "nsjail";
};
}

82
pkgs/tools/security/ossec/agent.nix Normal file
View File

@@ -0,0 +1,82 @@
{
lib,
stdenv,
fetchFromGitHub,
which,
pcre2,
zlib,
ncurses,
openssl,
}:
let
version = "unstable-2023-08-09";
in
stdenv.mkDerivation {
pname = "ossec-agent";
inherit version;
src = fetchFromGitHub {
owner = "ossec";
repo = "ossec-hids";
rev = "c8a36b0af3d4ee5252855b90236407cbfb996eb2";
sha256 = "sha256-AZ8iubyhNHXGR/l+hA61ifNDUoan7AQ42l/uRTt5GmE=";
};
# clear is used during the build process
nativeBuildInputs = [ ncurses ];
buildInputs = [
which
pcre2
zlib
openssl
];
# patch to remove root manipulation, install phase which tries to add users to the system, and init phase which tries to modify the system to launch files
patches = [ ./no-root.patch ];
# Workaround build failure on -fno-common toolchains like upstream
# gcc-10. Otherwise build fails as:
# ld: src/common/mgmt/pint-worker-external.po:(.data.rel.local+0x0): multiple definition of
# `PINT_worker_external_impl'; src/common/mgmt/pint-mgmt.po:(.bss+0x20): first defined here
env.NIX_CFLAGS_COMPILE = "-fcommon";
buildPhase = ''
mkdir $out
export USER_DIR="$out" # just to satisy the script
./install.sh <<EOF
en
agent
127.0.0.1
yes
yes
yes
EOF
'';
installPhase = ''
runHook preInstall
mkdir -p $out/share
mv $out/active-response/bin/* $out/bin
mv $out/etc $out/share
mv $out/queue $out/share
mv $out/var $out/share
mv $out/agentless $out/share
mv $out/.ssh $out/share
rm -r $out/active-response
rm -r $out/tmp
runHook postInstall
'';
meta = with lib; {
description = "Open source host-based instrusion detection system";
homepage = "https://www.ossec.net";
license = licenses.gpl2Only;
maintainers = with maintainers; [ happysalada ];
platforms = platforms.all;
};
}

297
pkgs/tools/security/ossec/no-root.patch Normal file
View File

@@ -0,0 +1,297 @@
diff --git a/install.sh b/install.sh
index 387bde1a..cb6dcbf2 100755
--- a/install.sh
+++ b/install.sh
@@ -126,14 +126,14 @@ Install()
# Generate the /etc/ossec-init.conf
VERSION_FILE="./src/VERSION"
VERSION=`cat ${VERSION_FILE}`
- chmod 700 ${OSSEC_INIT} > /dev/null 2>&1
- echo "DIRECTORY=\"${INSTALLDIR}\"" > ${OSSEC_INIT}
- echo "VERSION=\"${VERSION}\"" >> ${OSSEC_INIT}
- echo "DATE=\"`date`\"" >> ${OSSEC_INIT}
- echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT}
- chmod 600 ${OSSEC_INIT}
- cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT}
- chmod 640 ${INSTALLDIR}${OSSEC_INIT}
+ # chmod 700 ${OSSEC_INIT} > /dev/null 2>&1
+ # echo "DIRECTORY=\"${INSTALLDIR}\"" > ${OSSEC_INIT}
+ # echo "VERSION=\"${VERSION}\"" >> ${OSSEC_INIT}
+ # echo "DATE=\"`date`\"" >> ${OSSEC_INIT}
+ # echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT}
+ # chmod 600 ${OSSEC_INIT}
+ # cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT}
+ # chmod 640 ${INSTALLDIR}${OSSEC_INIT}
# If update_rules is set, we need to tweak
@@ -148,12 +148,12 @@ Install()
fi
# Calling the init script to start ossec hids during boot
- if [ "X${update_only}" = "X" ]; then
- runInit
- if [ $? = 1 ]; then
- notmodified="yes"
- fi
- fi
+ # if [ "X${update_only}" = "X" ]; then
+ # runInit
+ # if [ $? = 1 ]; then
+ # notmodified="yes"
+ # fi
+ # fi
}
@@ -965,10 +965,10 @@ main()
catError "0x1-location";
fi
- # Must be root
- if [ ! "X$ME" = "Xroot" ]; then
- catError "0x2-beroot";
- fi
+ # # Must be root
+ # if [ ! "X$ME" = "Xroot" ]; then
+ # catError "0x2-beroot";
+ # fi
# Checking dependencies
checkDependencies
diff --git a/src/Makefile b/src/Makefile
index 7fc04c0b..0eb27a0a 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -144,7 +144,7 @@ endif
ifeq (${uname_S},AIX)
INSTALL_CMD?=./install-shim-aix.ksh -m $(1) -o $(2) -g $(3)
else
- INSTALL_CMD?=install -m $(1) -o $(2) -g $(3)
+ INSTALL_CMD?=install
endif
ifdef DEBUGAD
@@ -404,10 +404,10 @@ endif
install: install-${TARGET}
install-agent: install-common
- $(call INSTALL_CMD,0550,root,0) ossec-agentd ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) agent-auth ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-agentd ${PREFIX}/bin
+ $(call INSTALL_CMD) agent-auth ${PREFIX}/bin
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids
+ $(call INSTALL_CMD) -d ${PREFIX}/queue/rids
install-local: install-server-generic
@@ -416,133 +416,126 @@ install-hybrid: install-server-generic
install-server: install-server-generic
install-common: build
- ./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX}
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs
- $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/ossec.log
-
- $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-logcollector ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-syscheckd ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-execd ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) manage_agents ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ../contrib/util.sh ${PREFIX}/bin/
- $(call INSTALL_CMD,0550,root,0) ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control
+ $(call INSTALL_CMD) -d ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-logcollector ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-syscheckd ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-execd ${PREFIX}/bin
+ $(call INSTALL_CMD) manage_agents ${PREFIX}/bin
+ $(call INSTALL_CMD) ../contrib/util.sh ${PREFIX}/bin/
+ $(call INSTALL_CMD) ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control
ifeq (${LUA_ENABLE},yes)
- $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua
- $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/native
- $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/compiled
- $(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/
- $(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/
+ $(call INSTALL_CMD) -d ${PREFIX}/lua
+ $(call INSTALL_CMD) -d ${PREFIX}/lua/native
+ $(call INSTALL_CMD) -d ${PREFIX}/lua/compiled
+ $(call INSTALL_CMD) ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/
+ $(call INSTALL_CMD) ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/
endif
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/queue
- $(call INSTALL_CMD,0770,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/alerts
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/ossec
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/syscheck
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/diff
+ $(call INSTALL_CMD) -d ${PREFIX}/queue
+ $(call INSTALL_CMD) -d ${PREFIX}/queue/alerts
+ $(call INSTALL_CMD) -d ${PREFIX}/queue/ossec
+ $(call INSTALL_CMD) -d ${PREFIX}/queue/syscheck
+ $(call INSTALL_CMD) -d ${PREFIX}/queue/diff
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/etc
+ $(call INSTALL_CMD) -d ${PREFIX}/etc
ifeq (${INSTALL_LOCALTIME},yes)
- $(call INSTALL_CMD,0440,root,${OSSEC_GROUP}) /etc/localtime ${PREFIX}/etc
+ $(call INSTALL_CMD) /etc/localtime ${PREFIX}/etc
endif
ifeq (${INSTALL_RESOLVCONF},yes)
- $(call INSTALL_CMD,0440,root,${OSSEC_GROUP}) /etc/resolv.conf ${PREFIX}/etc
+ $(call INSTALL_CMD) /etc/resolv.conf ${PREFIX}/etc
endif
- $(call INSTALL_CMD,1550,root,${OSSEC_GROUP}) -d ${PREFIX}/tmp
+ $(call INSTALL_CMD) -d ${PREFIX}/tmp
ifneq (,$(wildcard /etc/TIMEZONE))
- $(call INSTALL_CMD,440,root,${OSSEC_GROUP}) /etc/TIMEZONE ${PREFIX}/etc/
+ $(call INSTALL_CMD) /etc/TIMEZONE ${PREFIX}/etc/
endif
# Solaris Needs some extra files
ifeq (${uname_S},SunOS)
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/usr/share/lib/zoneinfo/
+ $(call INSTALL_CMD) -d ${PREFIX}/usr/share/lib/zoneinfo/
cp -r /usr/share/lib/zoneinfo/* ${PREFIX}/usr/share/lib/zoneinfo/
endif
- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/internal_options.conf ${PREFIX}/etc/
+ $(call INSTALL_CMD) -b ../etc/internal_options.conf ${PREFIX}/etc/
ifeq (,$(wildcard ${PREFIX}/etc/local_internal_options.conf))
- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
+ $(call INSTALL_CMD) ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
endif
ifeq (,$(wildcard ${PREFIX}/etc/client.keys))
- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) /dev/null ${PREFIX}/etc/client.keys
+ $(call INSTALL_CMD) /dev/null ${PREFIX}/etc/client.keys
endif
ifeq (,$(wildcard ${PREFIX}/etc/ossec.conf))
ifneq (,$(wildcard ../etc/ossec.mc))
- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
+ $(call INSTALL_CMD) ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
else
- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
+ $(call INSTALL_CMD) ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
endif
endif
- $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/etc/shared
- $(call INSTALL_CMD,0640,${OSSEC_USER},${OSSEC_GROUP}) rootcheck/db/*.txt ${PREFIX}/etc/shared/
+ $(call INSTALL_CMD) -d ${PREFIX}/etc/shared
+ $(call INSTALL_CMD) rootcheck/db/*.txt ${PREFIX}/etc/shared/
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response/bin
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/agentless
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) agentlessd/scripts/* ${PREFIX}/agentless/
+ $(call INSTALL_CMD) -d ${PREFIX}/active-response
+ $(call INSTALL_CMD) -d ${PREFIX}/active-response/bin
+ $(call INSTALL_CMD) -d ${PREFIX}/agentless
+ $(call INSTALL_CMD) agentlessd/scripts/* ${PREFIX}/agentless/
- $(call INSTALL_CMD,0700,root,${OSSEC_GROUP}) -d ${PREFIX}/.ssh
+ $(call INSTALL_CMD) -d ${PREFIX}/.ssh
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/*.sh ${PREFIX}/active-response/bin/
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
+ $(call INSTALL_CMD) ../active-response/*.sh ${PREFIX}/active-response/bin/
+ $(call INSTALL_CMD) ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/var
- $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/var/run
-
- ./init/fw-check.sh execute
+ $(call INSTALL_CMD) -d ${PREFIX}/var
+ $(call INSTALL_CMD) -d ${PREFIX}/var/run
install-server-generic: install-common
- $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/active-responses.log
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/archives
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/alerts
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/firewall
-
- $(call INSTALL_CMD,0550,root,0) ossec-agentlessd ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-analysisd ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-monitord ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-reportd ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-maild ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-remoted ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-logtest ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-csyslogd ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-authd ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-dbd ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) ossec-makelists ${PREFIX}/bin
- $(call INSTALL_CMD,0550,root,0) verify-agent-conf ${PREFIX}/bin/
- $(call INSTALL_CMD,0550,root,0) clear_stats ${PREFIX}/bin/
- $(call INSTALL_CMD,0550,root,0) list_agents ${PREFIX}/bin/
- $(call INSTALL_CMD,0550,root,0) ossec-regex ${PREFIX}/bin/
- $(call INSTALL_CMD,0550,root,0) syscheck_update ${PREFIX}/bin/
- $(call INSTALL_CMD,0550,root,0) agent_control ${PREFIX}/bin/
- $(call INSTALL_CMD,0550,root,0) syscheck_control ${PREFIX}/bin/
- $(call INSTALL_CMD,0550,root,0) rootcheck_control ${PREFIX}/bin/
-
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/stats
- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/rules
+ $(call INSTALL_CMD) /dev/null ${PREFIX}/logs/active-responses.log
+ $(call INSTALL_CMD) -d ${PREFIX}/logs/archives
+ $(call INSTALL_CMD) -d ${PREFIX}/logs/alerts
+ $(call INSTALL_CMD) -d ${PREFIX}/logs/firewall
+
+ $(call INSTALL_CMD) ossec-agentlessd ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-analysisd ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-monitord ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-reportd ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-maild ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-remoted ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-logtest ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-csyslogd ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-authd ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-dbd ${PREFIX}/bin
+ $(call INSTALL_CMD) ossec-makelists ${PREFIX}/bin
+ $(call INSTALL_CMD) verify-agent-conf ${PREFIX}/bin/
+ $(call INSTALL_CMD) clear_stats ${PREFIX}/bin/
+ $(call INSTALL_CMD) list_agents ${PREFIX}/bin/
+ $(call INSTALL_CMD) ossec-regex ${PREFIX}/bin/
+ $(call INSTALL_CMD) syscheck_update ${PREFIX}/bin/
+ $(call INSTALL_CMD) agent_control ${PREFIX}/bin/
+ $(call INSTALL_CMD) syscheck_control ${PREFIX}/bin/
+ $(call INSTALL_CMD) rootcheck_control ${PREFIX}/bin/
+
+ $(call INSTALL_CMD) -d ${PREFIX}/stats
+ $(call INSTALL_CMD) -d ${PREFIX}/rules
ifneq (,$(wildcard ${PREFIX}/rules/local_rules.xml))
cp ${PREFIX}/rules/local_rules.xml ${PREFIX}/rules/local_rules.xml.installbackup
- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules
- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
+ $(call INSTALL_CMD) -b ../etc/rules/*.xml ${PREFIX}/rules
+ $(call INSTALL_CMD) ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
rm ${PREFIX}/rules/local_rules.xml.installbackup
else
- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules
+ $(call INSTALL_CMD) -b ../etc/rules/*.xml ${PREFIX}/rules
endif
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/fts
+ $(call INSTALL_CMD) -d ${PREFIX}/queue/fts
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rootcheck
+ $(call INSTALL_CMD) -d ${PREFIX}/queue/rootcheck
- $(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/agent-info
- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/agentless
+ $(call INSTALL_CMD) -d ${PREFIX}/queue/agent-info
+ $(call INSTALL_CMD) -d ${PREFIX}/queue/agentless
- $(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids
+ $(call INSTALL_CMD) -d ${PREFIX}/queue/rids
- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/decoder.xml ${PREFIX}/etc/
+ $(call INSTALL_CMD) ../etc/decoder.xml ${PREFIX}/etc/
rm -f ${PREFIX}/etc/shared/merged.mg

82
pkgs/tools/security/ossec/server.nix Normal file
View File

@@ -0,0 +1,82 @@
{
lib,
stdenv,
fetchFromGitHub,
which,
pcre2,
zlib,
ncurses,
openssl,
}:
let
version = "unstable-2023-08-09";
in
stdenv.mkDerivation {
pname = "ossec-server";
inherit version;
src = fetchFromGitHub {
owner = "ossec";
repo = "ossec-hids";
rev = "c8a36b0af3d4ee5252855b90236407cbfb996eb2";
sha256 = "sha256-AZ8iubyhNHXGR/l+hA61ifNDUoan7AQ42l/uRTt5GmE=";
};
# clear is used during the build process
nativeBuildInputs = [ ncurses ];
buildInputs = [
which
pcre2
zlib
openssl
];
# patch to remove root manipulation, install phase which tries to add users to the system, and init phase which tries to modify the system to launch files
patches = [ ./no-root.patch ];
# Workaround build failure on -fno-common toolchains like upstream
# gcc-10. Otherwise build fails as:
# ld: src/common/mgmt/pint-worker-external.po:(.data.rel.local+0x0): multiple definition of
# `PINT_worker_external_impl'; src/common/mgmt/pint-mgmt.po:(.bss+0x20): first defined here
env.NIX_CFLAGS_COMPILE = "-fcommon";
buildPhase = ''
mkdir -p $out/logs
export USER_DIR="$out" # just to satisy the script
./install.sh <<EOF
en
server
n
n
EOF
'';
installPhase = ''
runHook preInstall
mkdir -p $out/share
mv $out/active-response/bin/* $out/bin
mv $out/etc $out/share
mv $out/queue $out/share
mv $out/var $out/share
mv $out/agentless $out/share
mv $out/.ssh $out/share
mv $out/logs $out/share
mv $out/rules $out/share
mv $out/stats $out/share
rm -r $out/active-response
rm -r $out/tmp
runHook postInstall
'';
meta = with lib; {
description = "Open source host-based instrusion detection system";
homepage = "https://www.ossec.net";
license = licenses.gpl2Only;
maintainers = with maintainers; [ happysalada ];
platforms = platforms.all;
};
}

214
pkgs/tools/security/pass/default.nix Normal file
View File

@@ -0,0 +1,214 @@
{
stdenv,
lib,
pkgs,
fetchurl,
bash,
buildEnv,
coreutils,
findutils,
gnugrep,
gnused,
getopt,
git,
tree,
gnupg,
openssl,
which,
openssh,
procps,
qrencode,
makeWrapper,
pass,
xclip ? null,
xdotool ? null,
dmenu ? null,
x11Support ? !stdenv.hostPlatform.isDarwin,
dmenuSupport ? (x11Support || waylandSupport),
waylandSupport ? false,
wl-clipboard ? null,
ydotool ? null,
dmenu-wayland ? null,
# For backwards-compatibility
tombPluginSupport ? false,
}:
assert x11Support -> xclip != null;
assert waylandSupport -> wl-clipboard != null;
assert dmenuSupport -> x11Support || waylandSupport;
assert dmenuSupport && x11Support -> dmenu != null && xdotool != null;
assert dmenuSupport && waylandSupport -> dmenu-wayland != null && ydotool != null;
let
passExtensions = import ./extensions { inherit pkgs; };
env =
extensions:
let
selected = [
pass
]
++ extensions passExtensions
++ lib.optional tombPluginSupport passExtensions.tomb;
in
buildEnv {
name = "pass-env";
paths = selected;
nativeBuildInputs = [ makeWrapper ];
buildInputs = lib.concatMap (x: x.buildInputs) selected;
postBuild = ''
files=$(find $out/bin/ -type f -exec readlink -f {} \;)
if [ -L $out/bin ]; then
rm $out/bin
mkdir $out/bin
fi
for i in $files; do
if ! [ "$(readlink -f "$out/bin/$(basename $i)")" = "$i" ]; then
ln -sf $i $out/bin/$(basename $i)
fi
done
wrapProgram $out/bin/pass \
--set SYSTEM_EXTENSION_DIR "$out/lib/password-store/extensions"
'';
meta.mainProgram = "pass";
};
in
stdenv.mkDerivation rec {
version = "1.7.4";
pname = "password-store";
src = fetchurl {
url = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz";
sha256 = "1h4k6w7g8pr169p5w9n6mkdhxl3pw51zphx7www6pvgjb7vgmafg";
};
patches = [
./set-correct-program-name-for-sleep.patch
./extension-dir.patch
]
++ lib.optional stdenv.hostPlatform.isDarwin ./no-darwin-getopt.patch;
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ bash ];
installFlags = [
"PREFIX=$(out)"
"WITH_ALLCOMP=yes"
];
postInstall = lib.optionalString dmenuSupport ''
cp "contrib/dmenu/passmenu" "$out/bin/"
'';
wrapperPath = lib.makeBinPath (
[
coreutils
findutils
getopt
git
gnugrep
gnupg
gnused
tree
which
openssh
procps
qrencode
]
++ lib.optional stdenv.hostPlatform.isDarwin openssl
++ lib.optional x11Support xclip
++ lib.optional waylandSupport wl-clipboard
++ lib.optionals (waylandSupport && dmenuSupport) [
ydotool
dmenu-wayland
]
++ lib.optionals (x11Support && dmenuSupport) [
xdotool
dmenu
]
);
postFixup = ''
# Fix program name in --help
substituteInPlace $out/bin/pass \
--replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass"
# Ensure all dependencies are in PATH
wrapProgram $out/bin/pass \
--prefix PATH : "${wrapperPath}"
''
+ lib.optionalString dmenuSupport ''
# We just wrap passmenu with the same PATH as pass. It doesn't
# need all the tools in there but it doesn't hurt either.
wrapProgram $out/bin/passmenu \
--prefix PATH : "$out/bin:${wrapperPath}"
'';
# Turn "check" into "installcheck", since we want to test our pass,
# not the one before the fixup.
postPatch = ''
patchShebangs tests
substituteInPlace src/password-store.sh \
--replace "@out@" "$out"
# the turning
sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \
-e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \
-e '/which gpg/ d' \
tests/setup.sh
''
+ lib.optionalString stdenv.hostPlatform.isDarwin ''
# 'pass edit' uses hdid, which is not available from the sandbox.
rm -f tests/t0200-edit-tests.sh
rm -f tests/t0010-generate-tests.sh
rm -f tests/t0020-show-tests.sh
rm -f tests/t0050-mv-tests.sh
rm -f tests/t0100-insert-tests.sh
rm -f tests/t0300-reencryption.sh
rm -f tests/t0400-grep.sh
'';
doCheck = false;
doInstallCheck = true;
nativeInstallCheckInputs = [ git ];
installCheckTarget = "test";
passthru = {
extensions = passExtensions;
withExtensions = env;
};
meta = with lib; {
description = "Stores, retrieves, generates, and synchronizes passwords securely";
homepage = "https://www.passwordstore.org/";
license = licenses.gpl2Plus;
mainProgram = "pass";
maintainers = with maintainers; [
lovek323
fpletz
tadfisher
globin
ma27
ryan4yin
];
platforms = platforms.unix;
longDescription = ''
pass is a very simple password store that keeps passwords inside gpg2
encrypted files inside a simple directory tree residing at
~/.password-store. The pass utility provides a series of commands for
manipulating the password store, allowing the user to add, remove, edit,
synchronize, generate, and manipulate passwords.
'';
};
}

32
pkgs/tools/security/pass/extension-dir.patch Normal file
View File

@@ -0,0 +1,32 @@
diff --git a/Makefile b/Makefile
index eac2291..1b1df0a 100644
--- a/Makefile
+++ b/Makefile
@@ -46,12 +46,12 @@ install: install-common
@install -v -d "$(DESTDIR)$(LIBDIR)/password-store" && install -m 0644 -v "$(PLATFORMFILE)" "$(DESTDIR)$(LIBDIR)/password-store/platform.sh"
@install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions"
@install -v -d "$(DESTDIR)$(BINDIR)/"
- @trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \
+ @trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;' src/password-store.sh > src/.pass && \
install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass"
else
install: install-common
@install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions"
- @trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \
+ @trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;' src/password-store.sh > src/.pass && \
install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass"
endif
diff --git a/src/password-store.sh b/src/password-store.sh
index 68551a4..2f3b5b7 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -656,7 +656,7 @@ cmd_extension_or_show() {
fi
}
-SYSTEM_EXTENSION_DIR=""
+SYSTEM_EXTENSION_DIR="${SYSTEM_EXTENSION_DIR:-@out@/lib/password-store/extensions}"
cmd_extension() {
check_sneaky_paths "$1"
local user_extension system_extension extension

43
pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch Normal file
View File

@@ -0,0 +1,43 @@
From a2d5d973f53efb11bdcaecbd0099df9714bc287f Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Tue, 8 Feb 2022 19:35:35 +0100
Subject: [PATCH] Set `base` to an empty value
`DESTDIR` ensures that everything lands in the correct location (i.e.
the target store-path on Nix), within this path, everything should be
moved into `/lib` and `/share`.
---
setup.py | 17 ++---------------
1 file changed, 2 insertions(+), 15 deletions(-)
diff --git a/setup.py b/setup.py
index 1f0a58b..f7baa41 100644
--- a/setup.py
+++ b/setup.py
@@ -8,21 +8,8 @@ from pathlib import Path
from setuptools import setup
-share = Path(sys.prefix, 'share')
-base = '/usr'
-if os.uname().sysname == 'Darwin':
- base = '/usr/local'
-lib = Path(base, 'lib', 'password-store', 'extensions')
-
-if '--user' in sys.argv:
- if 'PASSWORD_STORE_EXTENSIONS_DIR' in os.environ:
- lib = Path(os.environ['PASSWORD_STORE_EXTENSIONS_DIR'])
- else:
- lib = Path.home() / '.password-store' / '.extensions'
- if 'XDG_DATA_HOME' in os.environ:
- share = Path(os.environ['XDG_DATA_HOME'])
- else:
- share = Path.home() / '.local' / 'share'
+share = Path('share')
+lib = Path('lib', 'password-store', 'extensions')
setup(
data_files=[
--
2.33.1

28
pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch Normal file
View File

@@ -0,0 +1,28 @@
From 8f76b32946430737f97f2702afd828b09536afd2 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Sun, 15 Mar 2020 20:10:11 +0100
Subject: [PATCH 2/2] Fix audit.bash setup
This sets PASSWORD_STORE_DIR (needed by the python-code) to
PASSWORD_STORE_DIR and properly falls back to `~/.password-store` if
it's not set.
---
audit.bash | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/audit.bash b/audit.bash
index 7a973dc..c40ff76 100755
--- a/audit.bash
+++ b/audit.bash
@@ -17,7 +17,7 @@
#
cmd_audit() {
- export PASSWORD_STORE_DIR=$PREFIX GIT_DIR PASSWORD_STORE_GPG_OPTS
+ export PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR:-$HOME/.password-store} GIT_DIR PASSWORD_STORE_GPG_OPTS
export X_SELECTION CLIP_TIME PASSWORD_STORE_UMASK GENERATED_LENGTH
export CHARACTER_SET CHARACTER_SET_NO_SYMBOLS EXTENSIONS PASSWORD_STORE_KEY
export PASSWORD_STORE_ENABLE_EXTENSIONS PASSWORD_STORE_SIGNING_KEY
--
2.25.0

76
pkgs/tools/security/pass/extensions/audit/default.nix Normal file
View File

@@ -0,0 +1,76 @@
{
lib,
stdenv,
pass,
fetchFromGitHub,
python3,
gnupg,
}:
python3.pkgs.buildPythonApplication rec {
pname = "pass-audit";
version = "1.2";
pyproject = true;
src = fetchFromGitHub {
owner = "roddhjav";
repo = "pass-audit";
rev = "v${version}";
hash = "sha256-xigP8LxRXITLF3X21zhWx6ooFNSTKGv46yFSt1dd4vs=";
};
patches = [
./0001-Set-base-to-an-empty-value.patch
./0002-Fix-audit.bash-setup.patch
];
postPatch = ''
substituteInPlace audit.bash \
--replace-fail python3 "${lib.getExe python3}"
rm Makefile
patchShebangs audit.bash
'';
outputs = [
"out"
"man"
];
build-system = with python3.pkgs; [ setuptools ];
dependencies = with python3.pkgs; [
requests
setuptools
zxcvbn
];
# Tests freeze on darwin with: pass-audit-1.1 (checkPhase): EOFError
doCheck = !stdenv.hostPlatform.isDarwin;
nativeCheckInputs = [
python3.pkgs.green
pass
gnupg
];
checkPhase = ''
python3 -m green -q
'';
postInstall = ''
mkdir -p $out/lib/password-store/extensions
install -m777 audit.bash $out/lib/password-store/extensions/audit.bash
cp -r share $out/
buildPythonPath "$out $dependencies"
wrapProgram $out/lib/password-store/extensions/audit.bash \
--prefix PYTHONPATH : "$PYTHONPATH" \
--run "export COMMAND"
'';
pythonImportsCheck = [ "pass_audit" ];
meta = with lib; {
description = "Pass extension for auditing your password repository";
homepage = "https://github.com/roddhjav/pass-audit";
license = licenses.gpl3Plus;
platforms = platforms.unix;
maintainers = with maintainers; [ ma27 ];
};
}

51
pkgs/tools/security/pass/extensions/checkup.nix Normal file
View File

@@ -0,0 +1,51 @@
{
lib,
stdenv,
fetchFromGitHub,
curl,
findutils,
gnugrep,
gnused,
shellcheck,
}:
let
pname = "pass-checkup";
version = "0.2.2";
in
stdenv.mkDerivation {
inherit pname version;
src = fetchFromGitHub {
owner = "etu";
repo = pname;
rev = version;
sha256 = "1p65yxr00k35g4bnagszp8i03pmhnrcmipgrdsawps2ba8faqp6r";
};
nativeBuildInputs = [ shellcheck ];
postPatch = ''
substituteInPlace checkup.bash \
--replace curl ${curl}/bin/curl \
--replace find ${findutils}/bin/find \
--replace grep ${gnugrep}/bin/grep \
--replace sed ${gnused}/bin/sed
'';
installPhase = ''
runHook preInstall
install -D -m755 checkup.bash $out/lib/password-store/extensions/checkup.bash
runHook postInstall
'';
meta = with lib; {
description = "Pass extension to check against the Have I been pwned API to see if your passwords are publicly leaked or not";
homepage = "https://github.com/etu/pass-checkup";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ etu ];
platforms = platforms.unix;
};
}

16
pkgs/tools/security/pass/extensions/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ pkgs, ... }:
let
inherit (pkgs) callPackage;
in
{
pass-audit = callPackage ./audit { };
pass-checkup = callPackage ./checkup.nix { };
pass-import = callPackage ./import.nix { };
pass-otp = callPackage ./otp.nix { };
pass-tomb = callPackage ./tomb.nix { };
pass-update = callPackage ./update.nix { };
pass-genphrase = callPackage ./genphrase.nix { };
pass-file = callPackage ./file.nix { };
}

27
pkgs/tools/security/pass/extensions/file.nix Normal file
View File

@@ -0,0 +1,27 @@
{
lib,
stdenv,
fetchFromGitHub,
}:
stdenv.mkDerivation rec {
pname = "pass-file";
version = "1.0.0";
src = fetchFromGitHub {
owner = "dvogt23";
repo = pname;
rev = version;
hash = "sha256-18KvmcfLwelyk9RV/IMaj6O/nkQEQz84eUEB/mRaKE4=";
};
installFlags = [ "PREFIX=$(out)" ];
meta = with lib; {
description = "Pass extension that allows to add files to password-store";
homepage = "https://github.com/dvogt23/pass-file";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ taranarmo ];
platforms = platforms.unix;
};
}

39
pkgs/tools/security/pass/extensions/genphrase.nix Normal file
View File

@@ -0,0 +1,39 @@
{
lib,
stdenv,
fetchFromGitHub,
python3,
}:
stdenv.mkDerivation rec {
pname = "pass-genphrase";
version = "0.3";
src = fetchFromGitHub {
owner = "congma";
repo = "pass-genphrase";
rev = version;
sha256 = "01dff2jlp111y7vlmp1wbgijzphhlzc19m02fs8nzmn5vxyffanx";
};
dontBuild = true;
buildInputs = [ python3 ];
installTargets = [ "globalinstall" ];
installFlags = [ "PREFIX=$(out)" ];
postFixup = ''
substituteInPlace $out/lib/password-store/extensions/genphrase.bash \
--replace '$EXTENSIONS' "$out/lib/password-store/extensions/"
'';
meta = with lib; {
description = "Pass extension that generates memorable passwords";
homepage = "https://github.com/congma/pass-genphrase";
license = licenses.gpl3;
maintainers = with maintainers; [ seqizz ];
platforms = platforms.unix;
};
}

68
pkgs/tools/security/pass/extensions/import.nix Normal file
View File

@@ -0,0 +1,68 @@
{
lib,
fetchurl,
python3Packages,
gnupg,
pass,
}:
python3Packages.buildPythonApplication rec {
pname = "pass-import";
version = "3.5";
format = "setuptools";
src = fetchurl {
url = "https://github.com/roddhjav/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz";
hash = "sha256-+wrff3OxPkAGu1Mn4Kl0KN4FmvIAb+MnaERcD5ScDNc=";
};
propagatedBuildInputs = with python3Packages; [
cryptography
defusedxml
jsonpath-ng
pyaml
pykeepass
python-magic # similar API to "file-magic", but already in nixpkgs.
requests
secretstorage
zxcvbn
];
nativeCheckInputs = [
gnupg
pass
python3Packages.pytestCheckHook
];
disabledTests = [
"test_import_gnome_keyring" # requires dbus, which pytest doesn't support
];
postInstall = ''
mkdir -p $out/lib/password-store/extensions
cp import.bash $out/lib/password-store/extensions/import.bash
wrapProgram $out/lib/password-store/extensions/import.bash \
--prefix PATH : "${python3Packages.python.withPackages (_: propagatedBuildInputs)}/bin" \
--prefix PYTHONPATH : "$out/${python3Packages.python.sitePackages}" \
--run "export PREFIX"
cp -r share $out/
'';
postCheck = ''
$out/bin/pimport --list-exporters --list-importers
'';
meta = with lib; {
description = "Pass extension for importing data from existing password managers";
mainProgram = "pimport";
homepage = "https://github.com/roddhjav/pass-import";
changelog = "https://github.com/roddhjav/pass-import/blob/v${version}/CHANGELOG.rst";
license = licenses.gpl3Plus;
maintainers = with maintainers; [
lovek323
fpletz
tadfisher
];
platforms = platforms.unix;
};
}

43
pkgs/tools/security/pass/extensions/otp.nix Normal file
View File

@@ -0,0 +1,43 @@
{
lib,
stdenv,
fetchFromGitHub,
oath-toolkit,
}:
stdenv.mkDerivation rec {
pname = "pass-otp";
version = "1.2.0";
src = fetchFromGitHub {
owner = "tadfisher";
repo = "pass-otp";
rev = "v${version}";
sha256 = "0cpqrf3939hcvwg7sd8055ghc8x964ilimlri16czzx188a9jx9v";
};
buildInputs = [ oath-toolkit ];
dontBuild = true;
patchPhase = ''
sed -i -e 's|OATH=\$(which oathtool)|OATH=${oath-toolkit}/bin/oathtool|' otp.bash
'';
installFlags = [
"PREFIX=$(out)"
"BASHCOMPDIR=$(out)/share/bash-completion/completions"
];
meta = with lib; {
description = "Pass extension for managing one-time-password (OTP) tokens";
homepage = "https://github.com/tadfisher/pass-otp";
license = licenses.gpl3;
maintainers = with maintainers; [
jwiegley
tadfisher
toonn
];
platforms = platforms.unix;
};
}

41
pkgs/tools/security/pass/extensions/tomb.nix Normal file
View File

@@ -0,0 +1,41 @@
{
lib,
stdenv,
fetchFromGitHub,
tomb,
}:
stdenv.mkDerivation rec {
pname = "pass-tomb";
version = "1.3";
src = fetchFromGitHub {
owner = "roddhjav";
repo = "pass-tomb";
rev = "v${version}";
sha256 = "sha256-kbbMHmYmeyt7HM8YiNhknePm1vUaXWWXPWePKGpbU+o=";
};
buildInputs = [ tomb ];
dontBuild = true;
installFlags = [ "PREFIX=$(out)" ];
postFixup = ''
substituteInPlace $out/lib/password-store/extensions/tomb.bash \
--replace 'TOMB="''${PASSWORD_STORE_TOMB:-tomb}"' 'TOMB="''${PASSWORD_STORE_TOMB:-${tomb}/bin/tomb}"'
'';
meta = with lib; {
description = "Pass extension that keeps the password store encrypted inside a tomb";
homepage = "https://github.com/roddhjav/pass-tomb";
license = licenses.gpl3Plus;
maintainers = with maintainers; [
lovek323
fpletz
tadfisher
];
platforms = platforms.unix;
};
}

38
pkgs/tools/security/pass/extensions/update.nix Normal file
View File

@@ -0,0 +1,38 @@
{
lib,
stdenv,
fetchFromGitHub,
}:
stdenv.mkDerivation rec {
pname = "pass-update";
version = "2.2.1";
src = fetchFromGitHub {
owner = "roddhjav";
repo = "pass-update";
rev = "v${version}";
sha256 = "sha256-NFdPnGMs8myiHufeHAQUNDUuvDzYeoWYZllI9+4HL+s=";
};
postPatch = ''
substituteInPlace Makefile \
--replace "BASHCOMPDIR ?= /etc/bash_completion.d" "BASHCOMPDIR ?= $out/share/bash-completion/completions"
'';
dontBuild = true;
installFlags = [ "PREFIX=$(out)" ];
meta = with lib; {
description = "Pass extension that provides an easy flow for updating passwords";
homepage = "https://github.com/roddhjav/pass-update";
license = licenses.gpl3Plus;
maintainers = with maintainers; [
lovek323
fpletz
tadfisher
];
platforms = platforms.unix;
};
}

11
pkgs/tools/security/pass/no-darwin-getopt.patch Normal file
View File

@@ -0,0 +1,11 @@
diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh
index f6cc471..e2e8bba 100644
--- a/src/platform/darwin.sh
+++ b/src/platform/darwin.sh
@@ -39,6 +39,5 @@ qrcode() {
fi
}
-GETOPT="$({ test -x /usr/local/opt/gnu-getopt/bin/getopt && echo /usr/local/opt/gnu-getopt; } || brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt"
SHRED="srm -f -z"
BASE64="openssl base64"

109
pkgs/tools/security/pass/rofi-pass.nix Normal file
View File

@@ -0,0 +1,109 @@
{
lib,
stdenv,
fetchFromGitHub,
makeBinaryWrapper,
unstableGitUpdater,
coreutils,
util-linuxMinimal,
gnugrep,
libnotify,
pwgen,
findutils,
gawk,
gnused,
rofi,
# wayland-only deps
pass-wayland,
wl-clipboard,
wtype,
# x11-only deps
pass,
xclip,
xdotool,
# backend selector
backend ? "x11",
}:
assert lib.assertOneOf "backend" backend [
"x11"
"wayland"
];
stdenv.mkDerivation {
pname = "rofi-pass";
version = "2.0.2-unstable-2024-06-16";
src = fetchFromGitHub {
owner = "carnager";
repo = "rofi-pass";
rev = "37c4c862deb133a85b7d72989acfdbd2ef16b8ad";
hash = "sha256-1lPNj47vTPLBK7mVm+PngV8C/ZsjJ2EN4ffXGU2TlQo=";
};
nativeBuildInputs = [ makeBinaryWrapper ];
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp -a rofi-pass $out/bin/rofi-pass
mkdir -p $out/share/doc/rofi-pass/
cp -a config.example $out/share/doc/rofi-pass/config.example
runHook postInstall
'';
wrapperPath = lib.makeBinPath (
[
coreutils
findutils
gawk
gnugrep
gnused
libnotify
pwgen
rofi
util-linuxMinimal
]
++ lib.optionals (backend == "x11") [
(pass.withExtensions (ext: [ ext.pass-otp ]))
xclip
xdotool
]
++ lib.optionals (backend == "wayland") [
(pass-wayland.withExtensions (ext: [ ext.pass-otp ]))
wl-clipboard
wtype
]
);
fixupPhase = ''
runHook preFixup
patchShebangs $out/bin
wrapProgram $out/bin/rofi-pass \
--prefix PATH : "$wrapperPath" \
--set-default ROFI_PASS_BACKEND ${if backend == "wayland" then "wtype" else "xdotool"} \
--set-default ROFI_PASS_CLIPBOARD_BACKEND ${
if backend == "wayland" then "wl-clipboard" else "xclip"
}
runHook postFixup
'';
passthru.updateScript = unstableGitUpdater { };
meta = {
description = "Script to make rofi work with password-store";
mainProgram = "rofi-pass";
homepage = "https://github.com/carnager/rofi-pass";
license = lib.licenses.gpl3;
platforms = with lib.platforms; linux;
maintainers = [ ];
};
}

50
pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch Normal file
View File

@@ -0,0 +1,50 @@
From d11261c2ad184daf6e9edd777bc8a3372c277b4b Mon Sep 17 00:00:00 2001
From: Johannes Frankenau <johannes@frankenau.net>
Date: Fri, 10 Aug 2018 09:49:57 +0200
Subject: [PATCH] Patch the clip() function to work even when using
single-binary coreutils
---
src/platform/cygwin.sh | 4 ++--
src/platform/darwin.sh | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh
index 5a8d5ea..423e0ce 100644
--- a/src/platform/cygwin.sh
+++ b/src/platform/cygwin.sh
@@ -3,11 +3,11 @@
clip() {
local sleep_argv0="password store sleep on display $DISPLAY"
- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
+ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
local before="$($BASE64 < /dev/clipboard)"
echo -n "$1" > /dev/clipboard
(
- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
+ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") )
local now="$($BASE64 < /dev/clipboard)"
[[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now"
echo "$before" | $BASE64 -d > /dev/clipboard
diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh
index 342ecce..9e12837 100644
--- a/src/platform/darwin.sh
+++ b/src/platform/darwin.sh
@@ -3,11 +3,11 @@
clip() {
local sleep_argv0="password store sleep for user $(id -u)"
- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
+ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
local before="$(pbpaste | $BASE64)"
echo -n "$1" | pbcopy
(
- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
+ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") )
local now="$(pbpaste | $BASE64)"
[[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now"
echo "$before" | $BASE64 -d | pbcopy
--
2.16.4

66
pkgs/tools/security/pass/wofi-pass.nix Normal file
View File

@@ -0,0 +1,66 @@
{
lib,
stdenv,
fetchFromGitHub,
pass-wayland,
coreutils,
gnugrep,
libnotify,
pwgen,
findutils,
makeWrapper,
wl-clipboard,
wtype,
wofi,
extensions ? exts: [ ],
}:
let
wrapperPath = lib.makeBinPath [
coreutils
findutils
gnugrep
libnotify
pwgen
wofi
wl-clipboard
wtype
(pass-wayland.withExtensions extensions)
];
in
stdenv.mkDerivation rec {
pname = "wofi-pass";
version = "24.1.0";
src = fetchFromGitHub {
owner = "schmidtandreas";
repo = "wofi-pass";
rev = "v${version}";
sha256 = "sha256-oRGDhr28UQjr+g//fWcLKWXqKSsRUWtdh39UMFSaPfw=";
};
nativeBuildInputs = [ makeWrapper ];
dontBuild = true;
installPhase = ''
install -Dm755 wofi-pass -t $out/bin
install -Dm755 wofi-pass.conf -t $out/share/doc/wofi-pass/wofi-pass.conf
'';
fixupPhase = ''
patchShebangs $out/bin
wrapProgram $out/bin/wofi-pass \
--prefix PATH : "${wrapperPath}"
'';
meta = {
description = "Script to make wofi work with password-store";
homepage = "https://github.com/schmidtandreas/wofi-pass";
maintainers = with lib.maintainers; [ akechishiro ];
license = lib.licenses.gpl2Plus;
platforms = with lib.platforms; linux;
mainProgram = "wofi-pass";
};
}

37
pkgs/tools/security/pass2csv/default.nix Normal file
View File

@@ -0,0 +1,37 @@
{
buildPythonApplication,
fetchPypi,
lib,
python-gnupg,
setuptools,
}:
buildPythonApplication rec {
pname = "pass2csv";
version = "1.2.0";
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-IdcSwQ9O2HmCvT8p4tC7e2GQuhkE3kvMINszZH970og=";
};
nativeBuildInputs = [
setuptools
];
propagatedBuildInputs = [
python-gnupg
];
# Project has no tests.
doCheck = false;
meta = with lib; {
description = "Export pass(1), \"Standard unix password manager\", to CSV";
mainProgram = "pass2csv";
homepage = "https://codeberg.org/svartstare/pass2csv";
license = licenses.mit;
maintainers = [ ];
};
}

35
pkgs/tools/security/pinentry/autoconf-ar.patch Normal file
View File

@@ -0,0 +1,35 @@
diff -ur a/configure.ac b/configure.ac
--- a/configure.ac 2019-09-14 11:30:11.584847746 +0000
+++ b/configure.ac 2019-09-14 11:31:26.692355265 +0000
@@ -81,6 +81,7 @@
AC_PROG_CPP
AC_PROG_INSTALL
AC_PROG_RANLIB
+AC_CHECK_TOOL(AR, ar)
# We need to check for cplusplus here because we may not do the test
# for Qt and autoconf does does not allow that.
AC_PROG_CXX
diff -ur a/pinentry/Makefile.in b/pinentry/Makefile.in
--- a/pinentry/Makefile.in 2017-12-03 17:43:23.000000000 +0000
+++ b/pinentry/Makefile.in 2019-09-14 11:32:02.532000236 +0000
@@ -113,7 +113,7 @@
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
LIBRARIES = $(noinst_LIBRARIES)
-AR = ar
+AR = @AR@
ARFLAGS = cru
AM_V_AR = $(am__v_AR_@AM_V@)
am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@)
diff -ur a/secmem/Makefile.in b/secmem/Makefile.in
--- a/secmem/Makefile.in 2017-12-03 17:43:23.000000000 +0000
+++ b/secmem/Makefile.in 2019-09-14 11:31:58.764934552 +0000
@@ -113,7 +113,7 @@
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
LIBRARIES = $(noinst_LIBRARIES)
-AR = ar
+AR = @AR@
ARFLAGS = cru
AM_V_AR = $(am__v_AR_@AM_V@)
am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@)

186
pkgs/tools/security/pinentry/default.nix Normal file
View File

@@ -0,0 +1,186 @@
{
stdenv,
lib,
fetchurl,
fetchpatch,
pkg-config,
autoreconfHook,
wrapGAppsHook3,
kdePackages,
libgpg-error,
libassuan,
libsForQt5,
qt6,
ncurses,
gtk2,
gcr,
withLibsecret ? true,
libsecret,
}:
let
flavorInfo = {
tty = {
flag = "tty";
};
curses = {
flag = "curses";
buildInputs = [ ncurses ];
};
gtk2 = {
flag = "gtk2";
buildInputs = [ gtk2 ];
};
gnome3 = {
flag = "gnome3";
buildInputs = [ gcr ];
nativeBuildInputs = [ wrapGAppsHook3 ];
};
qt5 = {
flag = "qt5";
buildInputs = [
libsForQt5.qtbase
libsForQt5.kwayland
libsForQt5.qtx11extras
];
nativeBuildInputs = [ libsForQt5.wrapQtAppsHook ];
};
qt = {
flag = "qt";
buildInputs = [
qt6.qtbase
qt6.qtwayland
kdePackages.kguiaddons
];
nativeBuildInputs = [ qt6.wrapQtAppsHook ];
};
emacs = {
flag = "emacs";
};
};
buildPinentry =
pinentryExtraPname: buildFlavors:
let
enableFeaturePinentry =
f: lib.enableFeature (lib.elem f buildFlavors) ("pinentry-" + flavorInfo.${f}.flag);
in
stdenv.mkDerivation rec {
pname = "pinentry-${pinentryExtraPname}";
version = "1.3.2";
src = fetchurl {
url = "mirror://gnupg/pinentry/pinentry-${version}.tar.bz2";
hash = "sha256-jphu2IVhtNpunv4MVPpMqJIwNcmSZN8LBGRJfF+5Tp4=";
};
nativeBuildInputs = [
pkg-config
autoreconfHook
]
++ lib.concatMap (f: flavorInfo.${f}.nativeBuildInputs or [ ]) buildFlavors;
buildInputs = [
libgpg-error
libassuan
]
++ lib.optional withLibsecret libsecret
++ lib.concatMap (f: flavorInfo.${f}.buildInputs or [ ]) buildFlavors;
dontWrapGApps = true;
dontWrapQtApps = true;
patches = [
./autoconf-ar.patch
./gettext-0.25.patch
]
++ lib.optionals (lib.elem "gtk2" buildFlavors) [
(fetchpatch {
url = "https://salsa.debian.org/debian/pinentry/raw/debian/1.1.0-1/debian/patches/0007-gtk2-When-X11-input-grabbing-fails-try-again-over-0..patch";
sha256 = "15r1axby3fdlzz9wg5zx7miv7gqx2jy4immaw4xmmw5skiifnhfd";
})
];
configureFlags = [
"--with-libgpg-error-prefix=${libgpg-error.dev}"
"--with-libassuan-prefix=${libassuan.dev}"
(lib.enableFeature withLibsecret "libsecret")
]
++ (map enableFeaturePinentry (lib.attrNames flavorInfo));
postInstall =
lib.optionalString (lib.elem "gnome3" buildFlavors) ''
wrapGApp $out/bin/pinentry-gnome3
''
+ lib.optionalString (lib.elem "qt5" buildFlavors) ''
wrapQtApp $out/bin/pinentry-qt5
ln -sf $out/bin/pinentry-qt5 $out/bin/pinentry-qt
''
+ lib.optionalString (lib.elem "qt" buildFlavors) ''
wrapQtApp $out/bin/pinentry-qt
'';
passthru = {
flavors = buildFlavors;
};
meta = {
homepage = "https://gnupg.org/software/pinentry/index.html";
description = "GnuPGs interface to passphrase input";
license = lib.licenses.gpl2Plus;
platforms =
if lib.elem "gnome3" buildFlavors then
lib.platforms.linux
else if (lib.elem "qt5" buildFlavors || lib.elem "qt" buildFlavors) then
(lib.remove "aarch64-darwin" lib.platforms.all)
else
lib.platforms.all;
longDescription = ''
Pinentry provides a console and (optional) GTK and Qt GUIs allowing users
to enter a passphrase when `gpg` or `gpg2` is run and needs it.
'';
maintainers = with lib.maintainers; [ fpletz ];
mainProgram = "pinentry";
};
};
in
{
pinentry-curses = buildPinentry "curses" [
"curses"
"tty"
];
pinentry-emacs = buildPinentry "emacs" [
"emacs"
"curses"
"tty"
];
pinentry-gnome3 = buildPinentry "gnome3" [
"gnome3"
"curses"
"tty"
];
pinentry-gtk2 = buildPinentry "gtk2" [
"gtk2"
"curses"
"tty"
];
pinentry-qt5 = buildPinentry "qt5" [
"qt5"
"curses"
"tty"
];
pinentry-qt = buildPinentry "qt" [
"qt"
"curses"
"tty"
];
pinentry-tty = buildPinentry "tty" [ "tty" ];
pinentry-all = buildPinentry "all" [
"curses"
"tty"
"gtk2"
"gnome3"
"qt"
"emacs"
];
}

21
pkgs/tools/security/pinentry/fix-with-xcbuild-plistbuddy.patch Normal file
View File

@@ -0,0 +1,21 @@
diff --git a/macosx/copyInfoPlist.sh b/macosx/copyInfoPlist.sh
index f366665153..dfd9511e79 100755
--- a/macosx/copyInfoPlist.sh
+++ b/macosx/copyInfoPlist.sh
@@ -20,9 +20,10 @@
cp "$1" "$dest" || exit 1
-/usr/libexec/PlistBuddy \
- -c "Set CommitHash '${COMMIT_HASH:--}'" \
- -c "Set BuildNumber '${BUILD_NUMBER:-0}'" \
- -c "Set CFBundleVersion '${BUILD_VERSION:-0n}'" \
- -c "Set CFBundleShortVersionString '$VERSION'" \
- "$dest" || exit 1
+PlistBuddy "$dest" <<EOF || exit 1
+ Set CommitHash "${COMMIT_HASH:--}"
+ Set BuildNumber "${BUILD_NUMBER:-0}"
+ Set CFBundleVersion "${BUILD_VERSION:-0n}"
+ Set CFBundleShortVersionString "$VERSION"
+ Save
+EOF

29
pkgs/tools/security/pinentry/gettext-0.25.patch Normal file
View File

@@ -0,0 +1,29 @@
diff --git a/configure.ac b/configure.ac
index 2a9f5d2..a3d9b79 100644
--- a/configure.ac
+++ b/configure.ac
@@ -45,6 +45,7 @@ m4_esyscmd([echo ]mym4_version[>VERSION])
AC_INIT([mym4_package],[mym4_version],[https://bugs.gnupg.org])
+AC_CONFIG_MACRO_DIRS([m4])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_SRCDIR(pinentry/pinentry.h)
@@ -329,13 +330,15 @@ if test "$pinentry_tty" = "yes"; then
[The TTY version of Pinentry is to be build])
fi
+AM_GNU_GETTEXT_VERSION([0.21])
+AM_GNU_GETTEXT([external])
+AM_ICONV
dnl
dnl Additional checks pinentry Curses.
dnl
if test "$pinentry_curses" = "yes" \
-o "$fallback_curses" = "yes" ; then
- AM_ICONV
if test "$am_cv_func_iconv" != "yes"; then
AC_MSG_ERROR([[
***

110
pkgs/tools/security/pinentry/mac.nix Normal file
View File

@@ -0,0 +1,110 @@
{
lib,
stdenv,
fetchFromGitHub,
autoreconfHook,
libassuan,
libgpg-error,
makeBinaryWrapper,
texinfo,
xcbuild,
common-updater-scripts,
writers,
}:
stdenv.mkDerivation rec {
pname = "pinentry-mac";
# NOTE: Don't update manually. Use passthru.updateScript on a Mac with XCode
# installed.
version = "1.1.1.1";
src = fetchFromGitHub {
owner = "GPGTools";
repo = "pinentry";
rev = "v${version}";
sha256 = "sha256-QnDuqFrI/U7aZ5WcOCp5vLE+w59LVvDGOFNQy9fSy70=";
};
patches = [
./gettext-0.25.patch
# Fix the build with xcbuilds inferior `PlistBuddy(8)`.
./fix-with-xcbuild-plistbuddy.patch
];
# use pregenerated nib files because generating them requires XCode
postPatch = ''
cp -r ${./mac/Main.nib} macosx/Main.nib
cp -r ${./mac/Pinentry.nib} macosx/Pinentry.nib
chmod -R u+w macosx/*.nib
# pinentry_mac requires updated macros to correctly detect v2 API support in libassuan 3.x.
cp '${lib.getDev libassuan}/share/aclocal/libassuan.m4' m4/libassuan.m4
'';
strictDeps = true;
nativeBuildInputs = [
autoreconfHook
makeBinaryWrapper
texinfo
# for `PlistBuddy(8)`
xcbuild
];
configureFlags = [
"--enable-maintainer-mode"
"--disable-ncurses"
"--with-libgpg-error-prefix=${libgpg-error.dev}"
"--with-libassuan-prefix=${libassuan.dev}"
];
installPhase = ''
mkdir -p $out/Applications $out/bin
mv macosx/pinentry-mac.app $out/Applications
# Compatibility with `lib.getExe`
makeWrapper $out/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac $out/bin/pinentry-mac
'';
enableParallelBuilding = true;
passthru = {
binaryPath = "Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac";
updateScript = writers.writeBash "update-pinentry-mac" ''
set -euxo pipefail
main() {
tag="$(queryLatestTag)"
ver="$(expr "$tag" : 'v\(.*\)')"
${common-updater-scripts}/bin/update-source-version pinentry_mac "$ver"
cd ${lib.escapeShellArg ./.}
rm -rf mac
mkdir mac
srcDir="$(nix-build ../../../.. --no-out-link -A pinentry_mac.src)"
for path in "$srcDir"/macosx/*.xib; do
filename="''${path##*/}"
/usr/bin/ibtool --compile "mac/''${filename%.*}.nib" "$path"
done
}
queryLatestTag() {
curl -sS https://api.github.com/repos/GPGTools/pinentry/tags \
| jq -r '.[] | .name' | sort --version-sort | tail -1
}
main
'';
};
meta = {
description = "Pinentry for GPG on Mac";
license = lib.licenses.gpl2Plus;
homepage = "https://github.com/GPGTools/pinentry";
platforms = lib.platforms.darwin;
mainProgram = "pinentry-mac";
};
}

BIN
pkgs/tools/security/pinentry/mac/Main.nib/keyedobjects-101300.nib generated Normal file
View File

Binary file not shown.

BIN
pkgs/tools/security/pinentry/mac/Main.nib/keyedobjects.nib generated Normal file
View File

Binary file not shown.

BIN
pkgs/tools/security/pinentry/mac/Pinentry.nib/keyedobjects-101300.nib generated Normal file
View File

Binary file not shown.

BIN
pkgs/tools/security/pinentry/mac/Pinentry.nib/keyedobjects.nib generated Normal file
View File

Binary file not shown.

13
pkgs/tools/security/proxmark3/darwin-always-gui.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/client/src/proxmark3.c b/client/src/proxmark3.c
index 6c77bfad3..0d41a2d6b 100644
--- a/client/src/proxmark3.c
+++ b/client/src/proxmark3.c
@@ -1098,7 +1098,7 @@ int main(int argc, char *argv[]) {
#ifdef HAVE_GUI
-# if defined(_WIN32)
+# if defined(_WIN32) || (defined(__MACH__) && defined(__APPLE__))
InitGraphics(argc, argv, script_cmds_file, script_cmd, stayInCommandLoop);
MainGraphics();
# else

105
pkgs/tools/security/proxmark3/default.nix Normal file
View File

@@ -0,0 +1,105 @@
{
lib,
stdenv,
fetchFromGitHub,
pkg-config,
gcc-arm-embedded,
readline,
bzip2,
openssl,
jansson,
gd,
whereami,
lua,
lz4,
udevCheckHook,
withGui ? true,
wrapQtAppsHook,
qtbase,
withPython ? true,
python3,
withBlueshark ? false,
bluez5,
withGeneric ? false,
withSmall ? false,
withoutFunctions ? [ ],
hardwarePlatform ? if withGeneric then "PM3GENERIC" else "PM3RDV4",
hardwarePlatformExtras ? lib.optionalString withBlueshark "BTADDON",
standalone ? "LF_SAMYRUN",
}:
assert withBlueshark -> stdenv.hostPlatform.isLinux;
stdenv.mkDerivation (finalAttrs: {
pname = "proxmark3";
version = "4.20469";
src = fetchFromGitHub {
owner = "RfidResearchGroup";
repo = "proxmark3";
rev = "v${finalAttrs.version}";
hash = "sha256-Z87YCuNWQ66FTAq7qXUYKI25BEWrXD+YK0GczDmWc9A=";
};
patches = [
# Don't check for DISPLAY env variable on Darwin. pm3 uses this to test if
# XQuartz is installed, however it is not actually required for GUI features
./darwin-always-gui.patch
];
postPatch = ''
# Remove hardcoded paths on Darwin
substituteInPlace Makefile.defs \
--replace-fail "/usr/bin/ar" "ar" \
--replace-fail "/usr/bin/ranlib" "ranlib"
# Replace hardcoded path to libwhereami
# Replace darwin sed syntax with gnused
substituteInPlace client/Makefile \
--replace-fail "/usr/include/whereami.h" "${whereami}/include/whereami.h" \
--replace-fail "sed -E -i '''" "sed -i"
'';
nativeBuildInputs = [
pkg-config
gcc-arm-embedded
udevCheckHook
]
++ lib.optional withGui wrapQtAppsHook;
buildInputs = [
readline
bzip2
openssl
jansson
gd
lz4
whereami
lua
]
++ lib.optional withGui qtbase
++ lib.optional withPython python3
++ lib.optional withBlueshark bluez5;
makeFlags = [
"PREFIX=${placeholder "out"}"
"UDEV_PREFIX=${placeholder "out"}/etc/udev/rules.d"
"PLATFORM=${hardwarePlatform}"
"PLATFORM_EXTRAS=${hardwarePlatformExtras}"
"STANDALONE=${standalone}"
"USE_BREW=0"
]
++ lib.optional withSmall "PLATFORM_SIZE=256"
++ map (x: "SKIP_${x}=1") withoutFunctions;
enableParallelBuilding = true;
doInstallCheck = true;
meta = with lib; {
description = "Client for proxmark3, powerful general purpose RFID tool";
homepage = "https://github.com/RfidResearchGroup/proxmark3";
license = licenses.gpl3Plus;
maintainers = with maintainers; [
nyanotech
emilytrau
];
platforms = platforms.unix;
mainProgram = "pm3";
};
})

87
pkgs/tools/security/rekor/default.nix Normal file
View File

@@ -0,0 +1,87 @@
{
lib,
stdenv,
buildGoModule,
fetchFromGitHub,
installShellFiles,
}:
let
generic =
{
pname,
packageToBuild,
description,
}:
buildGoModule rec {
inherit pname;
version = "1.4.2";
src = fetchFromGitHub {
owner = "sigstore";
repo = "rekor";
rev = "v${version}";
hash = "sha256-ILHFITlcT/2szSOuPoQZkont8GRMYXCAmMwEqvMT/tE=";
# populate values that require us to use git. By doing this in postFetch we
# can delete .git afterwards and maintain better reproducibility of the src.
leaveDotGit = true;
postFetch = ''
cd "$out"
git rev-parse HEAD > $out/COMMIT
# '0000-00-00T00:00:00Z'
date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
vendorHash = "sha256-JOpqNwIR2SCuOAVQnSqX1PLaQW+Eh7YR1wK56byj94w=";
nativeBuildInputs = [ installShellFiles ];
subPackages = [ packageToBuild ];
ldflags = [
"-s"
"-w"
"-X sigs.k8s.io/release-utils/version.gitVersion=v${version}"
"-X sigs.k8s.io/release-utils/version.gitTreeState=clean"
];
# ldflags based on metadata from git and source
preBuild = ''
ldflags+=" -X sigs.k8s.io/release-utils/version.gitCommit=$(cat COMMIT)"
ldflags+=" -X sigs.k8s.io/release-utils/version.buildDate=$(cat SOURCE_DATE_EPOCH)"
'';
postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
installShellCompletion --cmd ${pname} \
--bash <($out/bin/${pname} completion bash) \
--fish <($out/bin/${pname} completion fish) \
--zsh <($out/bin/${pname} completion zsh)
'';
meta = with lib; {
inherit description;
homepage = "https://github.com/sigstore/rekor";
changelog = "https://github.com/sigstore/rekor/releases/tag/v${version}";
license = licenses.asl20;
maintainers = with maintainers; [
lesuisse
jk
developer-guy
];
};
};
in
{
rekor-cli = generic {
pname = "rekor-cli";
packageToBuild = "cmd/rekor-cli";
description = "CLI client for Sigstore, the Signature Transparency Log";
};
rekor-server = generic {
pname = "rekor-server";
packageToBuild = "cmd/rekor-server";
description = "Sigstore server, the Signature Transparency Log";
};
}

37
pkgs/tools/security/sslscan/default.nix Normal file
View File

@@ -0,0 +1,37 @@
{
lib,
stdenv,
fetchFromGitHub,
openssl,
}:
stdenv.mkDerivation rec {
pname = "sslscan";
version = "2.2.0";
src = fetchFromGitHub {
owner = "rbsec";
repo = "sslscan";
tag = version;
hash = "sha256-i8nrGni7mClJQIlkDt20JXyhlJALKCR0MZk51ACtev0=";
};
buildInputs = [ openssl ];
makeFlags = [
"PREFIX=$(out)"
"CC=${stdenv.cc.targetPrefix}cc"
];
meta = with lib; {
description = "Tests SSL/TLS services and discover supported cipher suites";
mainProgram = "sslscan";
homepage = "https://github.com/rbsec/sslscan";
changelog = "https://github.com/rbsec/sslscan/blob/${version}/Changelog";
license = licenses.gpl3Only;
maintainers = with maintainers; [
fpletz
globin
];
};
}

Some files were not shown because too many files have changed in this diff Show More