nixpkgs/pkgs/tools/networking/dsniff/default.nix
Artem Leshchev 43fa250334 dsniff: unpin stdenv
Old version of GCC was used because of the bug in the new version of GCC
that is long gone, we can safely use the current version now.
2024-05-16 17:43:34 -05:00

87 lines
3.0 KiB
Nix

{ stdenv, lib, fetchFromGitLab, autoreconfHook, libpcap, db, glib, libnet, libnids, symlinkJoin, openssl
, rpcsvc-proto, libtirpc, libnsl, libnl
}:
let
/*
dsniff's build system unconditionnaly wants static libraries and does not
support multi output derivations. We do some overriding to give it
satisfaction.
*/
staticdb = symlinkJoin {
inherit (db) name;
paths = with db.overrideAttrs { dontDisableStatic = true; }; [ out dev ];
postBuild = ''
rm $out/lib/*.so*
'';
};
pcap = symlinkJoin {
inherit (libpcap) name;
paths = [ (libpcap.overrideAttrs { dontDisableStatic = true; }) ];
postBuild = ''
cp -rs $out/include/pcap $out/include/net
# prevent references to libpcap
rm $out/lib/*.so*
'';
};
net = symlinkJoin {
inherit (libnet) name;
paths = [ (libnet.overrideAttrs { dontDisableStatic = true; }) ];
postBuild = ''
# prevent dynamic linking, now that we have a static library
rm $out/lib/*.so*
'';
};
nids = libnids.overrideAttrs {
dontDisableStatic = true;
};
ssl = symlinkJoin {
inherit (openssl) name;
paths = with openssl.override { static = true; }; [ out dev ];
};
in stdenv.mkDerivation rec {
pname = "dsniff";
version = "2.4b1";
# upstream is so old that nearly every distribution packages the beta version.
# Also, upstream only serves the latest version, so we use debian's sources.
# this way we can benefit the numerous debian patches to be able to build
# dsniff with recent libraries.
src = fetchFromGitLab {
domain = "salsa.debian.org";
owner = "pkg-security-team";
repo = "dsniff";
rev = "debian/${version}+debian-30";
sha256 = "1fk2k0sfdp5g27i11g0sbzm7al52raz5yr1aibzssnysv7l9xgzh";
name = "dsniff.tar.gz";
};
nativeBuildInputs = [ autoreconfHook rpcsvc-proto ];
buildInputs = [ glib pcap libtirpc libnsl libnl ];
NIX_CFLAGS_LINK = "-lglib-2.0 -lpthread -ltirpc -lnl-3 -lnl-genl-3";
env.NIX_CFLAGS_COMPILE = toString [ "-I${libtirpc.dev}/include/tirpc" ];
postPatch = ''
for patch in debian/patches/*.patch; do
patch < $patch
done;
'';
configureFlags = [
"--with-db=${staticdb}"
"--with-libpcap=${pcap}"
"--with-libnet=${net}"
"--with-libnids=${nids}"
"--with-openssl=${ssl}"
];
meta = with lib; {
description = "collection of tools for network auditing and penetration testing";
longDescription = ''
dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
'';
homepage = "https://www.monkey.org/~dugsong/dsniff/";
license = licenses.bsd3;
maintainers = [ maintainers.symphorien ];
# bsd and solaris should work as well
platforms = platforms.linux;
};
}