nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 16:03:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #65348 from mayflower/checksec-2.0.1

Browse Source 
checksec: 1.5 -> 2.0.1
This commit is contained in:
WilliButz 2019-07-25 14:17:33 +02:00 committed by GitHub
commit f149bfe82a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
pkgs/os-specific/linux/checksec/0001-attempt-to-modprobe-config-before-checking-kernel.patch
View File

@ -8,20 +8,21 @@ Signed-off-by: Austin Seipp <aseipp@pobox.com>
checksec.sh | 3 ++- checksec.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-) 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/checksec.sh b/checksec.sh diff --git a/checksec b/checksec
index dd1f72e..63acc29 100644 index dd1f72e..63acc29 100644
--- a/checksec.sh --- a/checksec
+++ b/checksec.sh +++ b/checksec
@@ -337,7 +337,8 @@ kernelcheck() { @@ -676,7 +676,8 @@ kernelcheck() {
printf " userspace processes, this option lists the status of kernel configuration\n" echo_message " userspace processes, this option lists the status of kernel configuration\n" '' '' ''
printf " options that harden the kernel itself against attack.\n\n" echo_message " options that harden the kernel itself against attack.\n\n" '' '' ''
printf " Kernel config: " echo_message " Kernel config:\n" '' '' '{ "kernel": '
- -
+ +
+ modprobe configs 2> /dev/null + modprobe configs 2> /dev/null
if [ -f /proc/config.gz ] ; then if [[ ! "${1}" == "" ]] ; then
kconfig="zcat /proc/config.gz" kconfig="cat ${1}"
printf "\033[32m/proc/config.gz\033[m\n\n" echo_message " Warning: The config ${1} on disk may not represent running kernel config!\n\n" "${1}" "<kernel config=\"${1}\"" "{ \"KernelConfig\":\"${1}\","
# update the architecture based on the config rather than the system
-- --
1.8.3.2 1.8.3.2

50
pkgs/os-specific/linux/checksec/default.nix
View File

@ -1,43 +1,39 @@
{ stdenv, fetchurl, file, findutils, binutils-unwrapped, glibc, coreutils, sysctl }: { stdenv, fetchFromGitHub, makeWrapper, file, findutils
, binutils-unwrapped, glibc, coreutils, sysctl, openssl
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "checksec-${version}"; pname = "checksec";
version = "1.5"; version = "2.0.1";
src = fetchurl { src = fetchFromGitHub {
url = "https://www.trapkit.de/tools/checksec.sh"; owner = "slimm609";
sha256 = "0iq9v568mk7g7ksa1939g5f5sx7ffq8s8n2ncvphvlckjgysgf3p"; repo = "checksec.sh";
rev = version;
sha256 = "04lzwm24d576h425rgvgjj2wim29i3961jrj35r43wrswmrsc3r2";
}; };
patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch ]; patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch ];
nativeBuildInputs = [ makeWrapper ];
unpackPhase = '' installPhase = let
mkdir ${name} path = stdenv.lib.makeBinPath [
cp $src ${name}/checksec.sh findutils file binutils-unwrapped sysctl openssl
cd ${name} ];
''; in ''
installPhase = ''
mkdir -p $out/bin mkdir -p $out/bin
cp checksec.sh $out/bin/checksec install checksec $out/bin
chmod +x $out/bin/checksec
substituteInPlace $out/bin/checksec --replace /bin/bash ${stdenv.shell}
substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6 substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6
substituteInPlace $out/bin/checksec --replace find ${findutils}/bin/find
substituteInPlace $out/bin/checksec --replace "file $" "${file}/bin/file $"
substituteInPlace $out/bin/checksec --replace "xargs file" "xargs ${file}/bin/file"
substituteInPlace $out/bin/checksec --replace " readelf -" " ${binutils-unwrapped}/bin/readelf -"
substituteInPlace $out/bin/checksec --replace "(readelf -" "(${binutils-unwrapped}/bin/readelf -"
substituteInPlace $out/bin/checksec --replace "command_exists readelf" "command_exists ${binutils-unwrapped}/bin/readelf"
substituteInPlace $out/bin/checksec --replace "/sbin/sysctl -" "${sysctl}/bin/sysctl -"
substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -" substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -"
wrapProgram $out/bin/checksec \
--prefix PATH : ${path}
''; '';
meta = { meta = with stdenv.lib; {
description = "A tool for checking security bits on executables"; description = "A tool for checking security bits on executables";
homepage = "http://www.trapkit.de/tools/checksec.html"; homepage = "http://www.trapkit.de/tools/checksec.html";
license = stdenv.lib.licenses.bsd3; license = licenses.bsd3;
platforms = stdenv.lib.platforms.linux; platforms = platforms.linux;
maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; maintainers = with maintainers; [ thoughtpolice globin ];
}; };
} }