password-store on Darwin does not pass unit tests in sandboxed
builds:
- 'openssl base64' is used on Darwin to compute base64. Add openssl
to the environment of pass.
- t0200-edit-tests.sh tests 'pass edit', which uses hdid on Darwin.
However hdid is not available in the sandbox.
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
The updated version brings selective whitelisting, i.e. when some CVEs
of a package are whitelisted and others are not, only the new CVEs are
reported.
Also correct license to match upstream BSD-3-Clause and clean up source.
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.
Misc...
- qtikz: use libsForQt5.callPackage
This ensures we get the right poppler.
- rewrites:
docbook5_xsl -> docbook_xsl_ns
docbook_xml_xslt -> docbook_xsl
diffpdf: fixup
Not every package that needs xcbuild will want to use its build phase.
I have moved the xcbuild setup hook to the new attribute xcbuildHook.
This means that dontUseXcbuild is no longer needed. If you just need
to call xcbuild on its own you can just refer to xcbuild.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/lynis/versions.
<details><summary>Version release notes (from GitHub)</summary>
## Lynis 2.6.6 (2018-07-06)
### Improvements
* New format of changelog (https://keepachangelog.com/en/1.0.0/)
* KRNL-5830 - improved log text about running kernel version
### Fixed
* Under some condition no hostid2 value was reported
* Solved 'extra operand' issue with tr command</details>
These checks were done:
- built on NixOS
- /nix/store/ds1yfrg5q01q8j64yggb3p5ib5crg26c-lynis-2.6.6/bin/lynis passed the binary check.
- /nix/store/ds1yfrg5q01q8j64yggb3p5ib5crg26c-lynis-2.6.6/bin/.lynis-wrapped passed the binary check.
- 2 of 2 passed binary check by having a zero exit code.
- 2 of 2 passed binary check by having the new version present in output.
- found 2.6.6 with grep in /nix/store/ds1yfrg5q01q8j64yggb3p5ib5crg26c-lynis-2.6.6
- directory tree listing: https://gist.github.com/1539c4e988dbc040136beb3577edd526
- du listing: https://gist.github.com/149b0c5b68a57473edf905b2bb6c03a8
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/eid-mw/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/sis599r39a2g7kvnv1d09l6sy6kn45l0-eid-mw-4.4.3/bin/eid-viewer had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/sis599r39a2g7kvnv1d09l6sy6kn45l0-eid-mw-4.4.3/bin/.eid-viewer-wrapped had a zero exit code or showed the expected version
- /nix/store/sis599r39a2g7kvnv1d09l6sy6kn45l0-eid-mw-4.4.3/bin/beid-update-nssdb passed the binary check.
- /nix/store/sis599r39a2g7kvnv1d09l6sy6kn45l0-eid-mw-4.4.3/bin/eid-nssdb passed the binary check.
- 2 of 4 passed binary check by having a zero exit code.
- 0 of 4 passed binary check by having the new version present in output.
- found 4.4.3 with grep in /nix/store/sis599r39a2g7kvnv1d09l6sy6kn45l0-eid-mw-4.4.3
- directory tree listing: https://gist.github.com/3bca8b9d321e62009daf1d388923ec47
- du listing: https://gist.github.com/64220a7b5b960cbd2ec3bb5f61c93a29
Adds a new package, saml2aws, a CLI tool for managaing AWS logins via
SAML. For more information see https://github.com/Versent/saml2aws.
* Add nix expression to build the package.
* Add myself as a maintainer.
gopass tries to write a version number to it's configuaration, even when
just generating the shell completion scripts. This fails, as
/homeless-shelter is read-only inside the sandbox.
As error messages are printed to stdout instead of stderr
(see https://github.com/gopasspw/gopass/issues/877), the error message
lands inside the completion script, thus breaking it.
Workaround that by setting GOPASS_CONFIG to `/dev/null`
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/gnupg/versions.
These checks were done:
- built on NixOS
- /nix/store/bxq2w522d82qykwqi8wscm4v105zs2bq-gnupg-1.4.23/bin/gpgsplit passed the binary check.
- /nix/store/bxq2w522d82qykwqi8wscm4v105zs2bq-gnupg-1.4.23/bin/gpg passed the binary check.
- /nix/store/bxq2w522d82qykwqi8wscm4v105zs2bq-gnupg-1.4.23/bin/gpgv passed the binary check.
- /nix/store/bxq2w522d82qykwqi8wscm4v105zs2bq-gnupg-1.4.23/bin/gpg-zip passed the binary check.
- 4 of 4 passed binary check by having a zero exit code.
- 1 of 4 passed binary check by having the new version present in output.
- found 1.4.23 with grep in /nix/store/bxq2w522d82qykwqi8wscm4v105zs2bq-gnupg-1.4.23
- directory tree listing: https://gist.github.com/37dc2e87340f0983866c3c125172de27
- du listing: https://gist.github.com/4a84db46e37bd6d372fe020cc7826838
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/stoken/versions.
These checks were done:
- built on NixOS
- /nix/store/hygpmiw7a636bsydqyrkh1rqiw5f36nh-stoken-0.92/bin/stoken passed the binary check.
- Warning: no invocation of /nix/store/hygpmiw7a636bsydqyrkh1rqiw5f36nh-stoken-0.92/bin/stoken-gui had a zero exit code or showed the expected version
- 1 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 0.92 with grep in /nix/store/hygpmiw7a636bsydqyrkh1rqiw5f36nh-stoken-0.92
- directory tree listing: https://gist.github.com/4e9af90c5364e054183e3b51d2ec5d7a
- du listing: https://gist.github.com/7671604980c1e3ec7cb11d47ad4f521d
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/eid-mw/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/fb82i287dxzdi7iymk84yyvrx5ph4x41-eid-mw-4.4.2/bin/eid-viewer had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/fb82i287dxzdi7iymk84yyvrx5ph4x41-eid-mw-4.4.2/bin/.eid-viewer-wrapped had a zero exit code or showed the expected version
- /nix/store/fb82i287dxzdi7iymk84yyvrx5ph4x41-eid-mw-4.4.2/bin/beid-update-nssdb passed the binary check.
- /nix/store/fb82i287dxzdi7iymk84yyvrx5ph4x41-eid-mw-4.4.2/bin/eid-nssdb passed the binary check.
- 2 of 4 passed binary check by having a zero exit code.
- 0 of 4 passed binary check by having the new version present in output.
- found 4.4.2 with grep in /nix/store/fb82i287dxzdi7iymk84yyvrx5ph4x41-eid-mw-4.4.2
- directory tree listing: https://gist.github.com/9bc7e47978cdc6d1c57b60a0cdf06ffc
- du listing: https://gist.github.com/8f3d2be711226cec456c9d62c6e114d6
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/opensc/versions.
These checks were done:
- built on NixOS
- /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/opensc-tool passed the binary check.
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/opensc-explorer had a zero exit code or showed the expected version
- /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/opensc-notify passed the binary check.
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/pkcs15-tool had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/pkcs15-crypt had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/pkcs11-tool had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/cardos-tool had a zero exit code or showed the expected version
- /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/eidenv passed the binary check.
- /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/openpgp-tool passed the binary check.
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/iasecc-tool had a zero exit code or showed the expected version
- /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/egk-tool passed the binary check.
- /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/opensc-asn1 passed the binary check.
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/cryptoflex-tool had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/pkcs15-init had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/netkey-tool had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/piv-tool had a zero exit code or showed the expected version
- /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/westcos-tool passed the binary check.
- /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/sc-hsm-tool passed the binary check.
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/dnie-tool had a zero exit code or showed the expected version
- /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/gids-tool passed the binary check.
- Warning: no invocation of /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0/bin/npa-tool had a zero exit code or showed the expected version
- 9 of 21 passed binary check by having a zero exit code.
- 3 of 21 passed binary check by having the new version present in output.
- found 0.18.0 with grep in /nix/store/4dhwvyjqklvgf9a1mgdw1grkg8vlswv5-opensc-0.18.0
- directory tree listing: https://gist.github.com/1276953ac55af68ec597ce6744192684
- du listing: https://gist.github.com/b02c245b9a13433013450fc258e41a01
This commit adds the python3 application truffleHog, which is a stand-alone tool
that scans a git repo for unencrypted passwords.
This depends on a newer GitPython, which depends on a new major version of
gitdb, which depends on a new major version of smmap, so I've packaged those
as well in the preceding commits.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/lynis/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/6z5szmm4m9jix1062zrp1m556g75lbwf-lynis-2.6.4/bin/lynis -V’ and found version 2.6.4
- ran ‘/nix/store/6z5szmm4m9jix1062zrp1m556g75lbwf-lynis-2.6.4/bin/lynis --version’ and found version 2.6.4
- ran ‘/nix/store/6z5szmm4m9jix1062zrp1m556g75lbwf-lynis-2.6.4/bin/.lynis-wrapped -V’ and found version 2.6.4
- ran ‘/nix/store/6z5szmm4m9jix1062zrp1m556g75lbwf-lynis-2.6.4/bin/.lynis-wrapped --version’ and found version 2.6.4
- found 2.6.4 with grep in /nix/store/6z5szmm4m9jix1062zrp1m556g75lbwf-lynis-2.6.4
- directory tree listing: https://gist.github.com/bb3a08cde57013b3af4f2511af3cc77c
This is another dependency needed when invoked with "gopass -c".
I opted for xclip instead of xsel, because xclip is tried first in
order.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @andir, @suvash, @mkaito
Urgent version bump as tax season is coming and 4.1.19 is not compatible
with firefox anymore.
eid-viewer was merged upstream with eid-mw, so it is included here now.
Urgent version bump as tax season is coming and 4.1.19 is not compatible
with firefox anymore.
eid-viewer was merged upstream with eid-mw, so it is included here now.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/sudo/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/cvtsudoers -h’ got 0 exit code
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/cvtsudoers --help’ got 0 exit code
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/sudoreplay -h’ got 0 exit code
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/sudoreplay --help’ got 0 exit code
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/sudoreplay -V’ and found version 1.8.23
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/sudoreplay --version’ and found version 1.8.23
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/visudo -h’ got 0 exit code
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/visudo --help’ got 0 exit code
- found 1.8.23 with grep in /nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23
- directory tree listing: https://gist.github.com/4d6cfc75cde31a340e8a41bf3d969564
"platforms.gnu" has been linux-only since at least 17.03:
$ nix eval -f channel:nixos-17.03 lib.platforms.gnu
[ "i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" "mips64el-linux" ]
Unlike platforms.linux, platforms.gnu indicates "must use glibc"
which for the most part is not intended.
Replacing platforms.gnu with platforms.linux would be the same "today"
but let's err on preserving existing behavior and be optimistic
about platforms these packages work on.
The package is broken on master for some time now:
https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.notary.x86_64-linux/all
The main reason for the breackage is that the `Makefile` script attempts
to retrieve the latest git commit by using `git rev-parse` which breaks
as `git` is not in the build environment. This could be fixed by using
`?=` rather than `:=` for the `GITCOMMIT` variable in the `make` script
to easily override `GITCOMMIT` in the `buildPhase`.
See the Hydra logs for reference:
https://nix-cache.s3.amazonaws.com/log/ib4qp8h4r8d830ra4fah38l7ybb82gp7-notary-0.6.0.drv
Furthermore some refactoring was applied:
* Activated the test suite for `cmd/notary` to confirm the basic
functionality when building for NixOS.
* Added {pre,post} hooks for `{build,install}Phase`
* Added myself as maintainer to have more people available in case of
further breakage.
Update to current vulnix which features greatly improved whitelist
handling among others.
- Temporarly disable flake8 until #39206 is solved.
- Split docs into own output.