nixpkgs/pkgs/tools/networking/dsniff/default.nix

{ stdenv, lib, fetchFromGitLab, autoreconfHook, libpcap, db, glib, libnet, libnids, symlinkJoin, openssl
, rpcsvc-proto, libtirpc, libnsl, libnl
}:

let
  /*
  dsniff's build system unconditionnaly wants static libraries and does not
  support multi output derivations. We do some overriding to give it
  satisfaction.
  */
  staticdb = symlinkJoin {
    inherit (db) name;
    paths = with db.overrideAttrs { dontDisableStatic = true; }; [ out dev ];
    postBuild = ''
      rm $out/lib/*.so*
    '';
  };
  pcap = symlinkJoin {
    inherit (libpcap) name;
    paths = [ (libpcap.overrideAttrs { dontDisableStatic = true; }) ];
    postBuild = ''
      cp -rs $out/include/pcap $out/include/net
      # prevent references to libpcap
      rm $out/lib/*.so*
    '';
  };
  net = symlinkJoin {
    inherit (libnet) name;
    paths = [ (libnet.overrideAttrs { dontDisableStatic = true; }) ];
    postBuild = ''
      # prevent dynamic linking, now that we have a static library
      rm $out/lib/*.so*
    '';
  };
  nids = libnids.overrideAttrs {
    dontDisableStatic = true;
  };
  ssl = symlinkJoin {
    inherit (openssl) name;
    paths = with openssl.override { static = true; }; [ out dev ];
  };
in stdenv.mkDerivation rec {
  pname = "dsniff";
  version = "2.4b1";
  # upstream is so old that nearly every distribution packages the beta version.
  # Also, upstream only serves the latest version, so we use debian's sources.
  # this way we can benefit the numerous debian patches to be able to build
  # dsniff with recent libraries.
  src = fetchFromGitLab {
    domain = "salsa.debian.org";
    owner = "pkg-security-team";
    repo = "dsniff";
    rev = "debian/${version}+debian-30";
    sha256 = "1fk2k0sfdp5g27i11g0sbzm7al52raz5yr1aibzssnysv7l9xgzh";
    name = "dsniff.tar.gz";
  };

  nativeBuildInputs = [ autoreconfHook rpcsvc-proto ];
  buildInputs = [ glib pcap libtirpc libnsl libnl ];
  NIX_CFLAGS_LINK = "-lglib-2.0 -lpthread -ltirpc -lnl-3 -lnl-genl-3";
  env.NIX_CFLAGS_COMPILE = toString [ "-I${libtirpc.dev}/include/tirpc" ];
  postPatch = ''
    for patch in debian/patches/*.patch; do
      patch < $patch
    done;
  '';
  configureFlags = [
    "--with-db=${staticdb}"
    "--with-libpcap=${pcap}"
    "--with-libnet=${net}"
    "--with-libnids=${nids}"
    "--with-openssl=${ssl}"
  ];

  meta = with lib; {
    description = "collection of tools for network auditing and penetration testing";
    longDescription = ''
      dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
    '';
    homepage = "https://www.monkey.org/~dugsong/dsniff/";
    license = licenses.bsd3;
    maintainers = [ maintainers.symphorien ];
    # bsd and solaris should work as well
    platforms = platforms.linux;
  };
}
dsniff: unpin stdenv Old version of GCC was used because of the bug in the new version of GCC that is long gone, we can safely use the current version now. 2024-05-16 22:43:34 +00:00			`{ stdenv, lib, fetchFromGitLab, autoreconfHook, libpcap, db, glib, libnet, libnids, symlinkJoin, openssl`
dsniff: fixup build https://hydra.nixos.org/build/215252689 2023-04-09 07:38:28 +00:00			`, rpcsvc-proto, libtirpc, libnsl, libnl`
dsniff: fix build w/glibc-2.32 2020-08-21 12:27:42 +00:00			`}:`
dsniff: unbreak the build We revert to using GCC 9 for compilation, in order to work around a GCC 10 bug resulting in a segfault when compiling. The alternative would be to restrict to optimization level -O1, but this disables fortify. 2021-01-06 16:00:52 +00:00
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`let`
			`/*`
			`dsniff's build system unconditionnaly wants static libraries and does not`
			`support multi output derivations. We do some overriding to give it`
			`satisfaction.`
			`*/`
			`staticdb = symlinkJoin {`
			`inherit (db) name;`
pkgs/tools/networking: remove dead code 2023-07-25 15:36:57 +00:00			`paths = with db.overrideAttrs { dontDisableStatic = true; }; [ out dev ];`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`postBuild = ''`
			`rm $out/lib/.so`
			`'';`
			`};`
			`pcap = symlinkJoin {`
			`inherit (libpcap) name;`
pkgs/tools/networking: remove dead code 2023-07-25 15:36:57 +00:00			`paths = [ (libpcap.overrideAttrs { dontDisableStatic = true; }) ];`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`postBuild = ''`
			`cp -rs $out/include/pcap $out/include/net`
			`# prevent references to libpcap`
			`rm $out/lib/.so`
			`'';`
			`};`
			`net = symlinkJoin {`
			`inherit (libnet) name;`
pkgs/tools/networking: remove dead code 2023-07-25 15:36:57 +00:00			`paths = [ (libnet.overrideAttrs { dontDisableStatic = true; }) ];`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`postBuild = ''`
			`# prevent dynamic linking, now that we have a static library`
			`rm $out/lib/.so`
			`'';`
			`};`
pkgs/tools/networking: remove dead code 2023-07-25 15:36:57 +00:00			`nids = libnids.overrideAttrs {`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`dontDisableStatic = true;`
pkgs/tools/networking: remove dead code 2023-07-25 15:36:57 +00:00			`};`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`ssl = symlinkJoin {`
treewide: remove openssl 1.1 pinning 2019-07-30 01:41:32 +00:00			`inherit (openssl) name;`
			`paths = with openssl.override { static = true; }; [ out dev ];`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`};`
dsniff: unpin stdenv Old version of GCC was used because of the bug in the new version of GCC that is long gone, we can safely use the current version now. 2024-05-16 22:43:34 +00:00			`in stdenv.mkDerivation rec {`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`pname = "dsniff";`
			`version = "2.4b1";`
			`# upstream is so old that nearly every distribution packages the beta version.`
			`# Also, upstream only serves the latest version, so we use debian's sources.`
			`# this way we can benefit the numerous debian patches to be able to build`
			`# dsniff with recent libraries.`
			`src = fetchFromGitLab {`
			`domain = "salsa.debian.org";`
			`owner = "pkg-security-team";`
			`repo = "dsniff";`
dsniff: 2.4b1+debian-29 -> 2.4b1+debian-30 2021-03-06 23:31:43 +00:00			`rev = "debian/${version}+debian-30";`
			`sha256 = "1fk2k0sfdp5g27i11g0sbzm7al52raz5yr1aibzssnysv7l9xgzh";`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`name = "dsniff.tar.gz";`
			`};`

dsniff: fix build w/glibc-2.32 2020-08-21 12:27:42 +00:00			`nativeBuildInputs = [ autoreconfHook rpcsvc-proto ];`
dsniff: fixup build https://hydra.nixos.org/build/215252689 2023-04-09 07:38:28 +00:00			`buildInputs = [ glib pcap libtirpc libnsl libnl ];`
			`NIX_CFLAGS_LINK = "-lglib-2.0 -lpthread -ltirpc -lnl-3 -lnl-genl-3";`
treewide: move NIX_CFLAGS_COMPILE to the env attrset with structuredAttrs lists will be bash arrays which cannot be exported which will be a issue with some patches and some wrappers like cc-wrapper this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists in env cause a eval failure 2023-02-19 19:23:32 +00:00			`env.NIX_CFLAGS_COMPILE = toString [ "-I${libtirpc.dev}/include/tirpc" ];`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`postPatch = ''`
			`for patch in debian/patches/*.patch; do`
			`patch < $patch`
			`done;`
			`'';`
			`configureFlags = [`
			`"--with-db=${staticdb}"`
			`"--with-libpcap=${pcap}"`
			`"--with-libnet=${net}"`
			`"--with-libnids=${nids}"`
			`"--with-openssl=${ssl}"`
			`];`

dsniff: unbreak the build We revert to using GCC 9 for compilation, in order to work around a GCC 10 bug resulting in a segfault when compiling. The alternative would be to restrict to optimization level -O1, but this disables fortify. 2021-01-06 16:00:52 +00:00			`meta = with lib; {`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`description = "collection of tools for network auditing and penetration testing";`
			`longDescription = ''`
			`dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.`
			`'';`
treewide: Per RFC45, remove all unquoted URLs 2020-04-01 01:11:51 +00:00			`homepage = "https://www.monkey.org/~dugsong/dsniff/";`
dsniff: init at 2.4b1 2018-12-02 23:59:11 +00:00			`license = licenses.bsd3;`
			`maintainers = [ maintainers.symphorien ];`
			`# bsd and solaris should work as well`
			`platforms = platforms.linux;`
			`};`
			`}`