alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
38597 commits 217 branches 116 tags 4 GiB
Commit graph

38597 commits

This branch
This branch
All branches
Author SHA1 Message Date
Moritz Maxeiner 7bf94cadad Add library dependencies explicitly 2014-01-29 18:49:26 +01:00
Moritz Maxeiner b0d2f0e3f0 Add myself as a maintainer for ykpers and libyubikey 2014-01-29 18:05:17 +01:00
Moritz Maxeiner e96f58ef5c Implement muli-user authentication for yubikey pba, i.e. multiple users can now share a single luks keyslot. 
This is achieved by having multiple lines per storage file, one for each user (if the feature is enabled); each of these
lines has the same format as would be the case for the userless authentication, except that they are prepended with a
SHA-512 of the user's id.
 2014-01-29 17:20:05 +01:00
Moritz Maxeiner 20cfaf0faa Change the crypt-storage file to be hex encoded instead of raw binary. To update from the previous configuration, convert your crypt-storage file from raw binary to hex. 2014-01-29 13:58:35 +01:00
Moritz Maxeiner cce9712331 Enable two-factor authentication by default. Add proper descriptions to attributes. 2014-01-29 12:55:32 +01:00
Moritz Maxeiner 45b1ffb8db Cosmetic change to yubikey detection 2014-01-28 20:39:46 +01:00
Moritz Maxeiner 407a770161 Rewrite as a pre-boot authentication module (mostly) comforming to the design specification of 
'YubiKey Integration for Full Disk Encryption Pre-Boot Authentication (Copyright) Yubico, 2011 Version: 1.1'.

Used binaries:
  * uuidgen - for generation of random sequence numbers
  * ykchalresp - for challenging a Yubikey
  * ykinfo - to check if a Yubikey is plugged in at boot (fallback to passphrase authentication otherwise)
  * openssl - for calculation of SHA-1, HMAC-SHA-1, as well as AES-256-CTR (de/en)cryption

Main differences to the specification mentioned above:
  * No user management (yet), only one password+yubikey per LUKS device
  * SHA-512 instead of CRC-16 for checksum

Main differences to the previous implementation:
  * Instead of changing the key slot of the LUKS device each boot,
    the actual key for the LUKS device will be encrypted itself
  * Since the response for the new challenge is now calculated
    locally with openssl, the MITM-USB-attack with which previously
    an attacker could obtain the new response (that was used as the new
    encryption key for the LUKS device) by listening to the
    Yubikey has ideally become useless (as long as uuidgen can
    successfuly generate new random sequence numbers).

Remarks:
  * This is not downwards compatible to the previous implementation
 2014-01-28 04:02:51 +01:00
Moritz Maxeiner 333f5caaf9 Implement authentication for a LUKS device with a yubikey (HMAC-SHA1); supports simple challenge-response and two-factor authentication 2014-01-25 03:33:09 +01:00
Moritz Maxeiner 8f9300fb0e Add ykpers (aka yubikey-personalization) package 2014-01-25 03:17:06 +01:00
Moritz Maxeiner 433774c608 Add libyubikey (aka yubico-c) package 2014-01-25 03:13:34 +01:00
Domen Kožar 29a29c6438 Merge pull request #1582 from ttuegel/networkmanager 
networkmanager: load modules required for PPTP
 2014-01-24 07:28:07 -08:00
Thomas Tuegel 7b743fcaab networkmanager: load modules required for PPTP 2014-01-24 09:22:59 -06:00
Rob Vermaas 13e13f279b Do not assume a .rev attribute in available in src in maven-build.nix 2014-01-24 15:52:31 +01:00
Domen Kožar f2d6166781 python-libarchive: 3.0.4-5 -> 3.1.2-1 2014-01-24 14:33:41 +01:00
Domen Kožar 8a5c65abf4 mailpile: update dev version 2014-01-24 14:33:40 +01:00
Domen Kožar c4cb65187e i3: 4.6 -> 4.7.2 2014-01-24 14:33:40 +01:00
Domen Kožar a5b054e18a xfce4-screenshooter: add platforms.linux 2014-01-24 14:33:40 +01:00
Peter Simons a86f119dfc haskell-either: disable the documentation build on GHC 7.4.x or earlier 2014-01-24 00:58:50 +01:00
Domen Kožar c30f725707 Merge pull request #1580 from NixOS/docs/README 
add most basic README.md
 2014-01-23 15:40:58 -08:00
Domen Kožar b73b4bfd61 Update README.md 2014-01-24 00:08:00 +01:00
Domen Kožar 97b519a515 add most basic README.md 2014-01-24 00:07:05 +01:00
Peter Simons 6968277785 maude: build with bison 2.x; version 3.x causes compiler errors 2014-01-23 23:28:20 +01:00
Vladimír Čunát 12235ed36e remove .topmsg (close #1578) 2014-01-23 22:30:07 +01:00
Vladimír Čunát 343cd5b1ef midori: minor update 0.5.6 -> .7 2014-01-23 22:29:25 +01:00
Song Wenwu 04a55b5e14 webkitgtk: update to 2.2.4, enable html5 video support 2014-01-23 22:29:24 +01:00
Nixpkgs Monitor 7a211df849 wget: update from 1.14 to 1.15 2014-01-23 21:10:55 +02:00
Evgeny Egorochkin 862ac34bdd wineUnstable: update from 1.7.10 to 1.7.11 2014-01-23 21:04:01 +02:00
Evgeny Egorochkin f8f8e8d4d2 clamav: update from 0.98 to 0.98.1 2014-01-23 20:55:31 +02:00
Evgeny Egorochkin f0081dcc02 youtubeDL: update from 2014.01.08 to 2014.01.20 2014-01-23 20:52:59 +02:00
Sander van der Burg b25529a4ad titaniumsdk: colored output makes a web server think that logs are in raw format. So disable it 2014-01-23 17:11:16 +01:00
Sander van der Burg 1a24278161 titaniumsdk: Add additional login simulation for the ipa target 2014-01-23 15:11:46 +01:00
Eelco Dolstra 230a00f644 findbugs: Clean up packaging 
Most stuff is now hidden under $out/libexec/findbugs, with only a few
JARs exported via $out/share/java.  Also, the setup hook sets
FINDBUGS_HOME.
 2014-01-23 14:17:44 +01:00
Jaka Hudoklin e0000f8ad1 ati-drivers: update to 13.12 (close #1569) 
This update is mostly effort from @MarcWeber and @vcunat, now tested on real
hardware making sure it works with multiple GPUs and opencl.
 2014-01-23 12:11:28 +01:00
Peter Simons f5461b02d5 serf: fix evaluation on FreeBSD (required for Subversion) 2014-01-23 11:57:37 +01:00
Eelco Dolstra 6a8485af6b clang-wrapper: Set $CXX to clang 
This is useful for non-Autoconf-based packages, since GNU Make's
default for CXX is "g++".  (The CC default is "cc" so should work fine
with Clang already.)
 2014-01-23 11:24:17 +01:00
Eelco Dolstra c07559b782 sudo: Update to 1.8.9p4 2014-01-23 11:21:38 +01:00
Eelco Dolstra f4af2a8737 clang-wrapper: Sync with gcc-wrapper 2014-01-23 10:57:49 +01:00
Shea Levy 3b20a10ae9 Fix tarball 
Signed-off-by: Shea Levy <shea@shealevy.com>
 2014-01-22 15:54:40 -05:00
Michael Raskin 9e42b753a7 Merge pull request #1561 from wizeman/u/ipmiutil 
ipmiutil: Update from 2.7.3 -> 2.9.2 and simplify
 2014-01-22 12:32:18 -08:00
Michael Raskin 77fa75b1ba Merge pull request #1572 from bennofs/update-java7 
java: Update to version 7u51
 2014-01-22 12:29:23 -08:00
Benno Fünfstück 42fb68d6a9 java: Update to version 7u51 2014-01-22 21:22:18 +01:00
Shea Levy 51de280c0a nixos X tests: wait for logind to link a session to the server 
There seems to be some race causing failures if an X command gets in before slim starts the session

Signed-off-by: Shea Levy <shea@shealevy.com>
 2014-01-22 14:23:56 -05:00
Shea Levy 058fd7eeea Merge branch 'master' of git://github.com/madjar/nixpkgs 
rust: fixed i686 build

Signed-off-by: Shea Levy <shea@shealevy.com>
 2014-01-22 13:33:02 -05:00
Georges Dubus f8afc745bf rust: fixed i686 build 2014-01-22 19:29:20 +01:00
Rob Vermaas 004b8d24f6 Merge pull request #1564 from aristidb/master 
fix keepassx under gcc 4.8
 2014-01-22 10:17:38 -08:00
Domen Kožar c1811d0304 Add pythonPackages.pyramid_chameleon and disable tests for zope_testrunner 2014-01-22 18:19:07 +01:00
Georges Dubus 49dd0867a7 rust: Fixed build 2014-01-22 16:36:05 +01:00
Georges Dubus 6eed023894 rust: patched the source to hardcode gcc path 
to avoid using a wrapper.
 2014-01-22 13:33:04 +01:00
Georges Dubus 35aa131371 rust: fixed build for i686 and maybe darwin 2014-01-22 13:33:04 +01:00
Peter Simons ff8cffed86 subversion: fix evaluation errors on FreeBSD 2014-01-22 12:44:49 +01:00