[Nix-dev] additional security-related packages (gsasl, gss, rush)

Mon Apr 26 10:06:01 CEST 2010

This patch adds some security-related packages, GNU SASL, GSS and rush
(restricted user shell).

Index: pkgs/top-level/all-packages.nix
===================================================================

--- pkgs/top-level/all-packages.nix	(revision 21312)
+++ pkgs/top-level/all-packages.nix	(working copy)
@@ -1906,6 +1906,10 @@
     inherit fetchurl stdenv ncurses;
   };
 
+  rush = import ../shells/rush {
+    inherit fetchurl stdenv;
+  };
+
   zsh = import ../shells/zsh {
     inherit fetchurl stdenv ncurses coreutils;
   };
@@ -3915,6 +3919,10 @@
     inherit fetchurl stdenv libgpgerror pkgconfig pth gnupg gnupg2 glib;
   };
 
+  gsasl = import ../development/libraries/gsasl {
+    inherit stdenv fetchurl;
+  };
+
   gsl = import ../development/libraries/gsl {
     inherit fetchurl stdenv;
   };
@@ -3923,6 +3931,10 @@
     inherit fetchurl stdenv m4 bison flex openssl zlib;
   };
 
+  gss = import ../development/libraries/gss {
+    inherit stdenv fetchurl;
+  };
+
   gtkimageview = import ../development/libraries/gtkimageview {
     inherit fetchurl stdenv pkgconfig;
     inherit (gnome) gtk;
Index: pkgs/development/libraries/gsasl/default.nix
===================================================================
--- pkgs/development/libraries/gsasl/default.nix	(revision 0)
+++ pkgs/development/libraries/gsasl/default.nix	(revision 0)
@@ -0,0 +1,29 @@
+{ fetchurl, stdenv }:
+
+stdenv.mkDerivation rec {
+  name = "gsasl-1.4.4";
+
+  src = fetchurl {
+    url = "mirror://gnu/gsasl/${name}.tar.gz";
+    sha256 = "0xd9irff42dd5i4cr74dy0yd9ijjv9nkg6c2l1328grsn8zifwdc";
+  };
+
+  doCheck = true;
+
+  meta = {
+    description = "GNU SASL, Simple Authentication and Security Layer library";
+
+    longDescription =
+      '' GNU SASL is a library that implements the IETF Simple 
+         Authentication and Security Layer (SASL) framework and 
+         some SASL mechanisms. SASL is used in network servers 
+         (e.g. IMAP, SMTP, etc.) to authenticate peers. 
+       '';
+
+    homepage = http://www.gnu.org/software/gsasl/;
+    license = "GPLv3+";
+
+    maintainers = [ stdenv.lib.maintainers.bjg ];
+    platforms = stdenv.lib.platforms.all;
+  };
+}
Index: pkgs/development/libraries/gss/default.nix
===================================================================
--- pkgs/development/libraries/gss/default.nix	(revision 0)
+++ pkgs/development/libraries/gss/default.nix	(revision 0)
@@ -0,0 +1,29 @@
+{ fetchurl, stdenv }:
+
+stdenv.mkDerivation rec {
+  name = "gss-1.0.0";
+
+  src = fetchurl {
+    url = "mirror://gnu/gss/${name}.tar.gz";
+    sha256 = "0rcbzg19m7bddvbhjqv1iwyydkj61czb0xr691mkj0i5p4d4bakk";
+  };
+
+  doCheck = true;
+
+  meta = {
+    description = "GNU GSS Generic Security Service";
+
+    longDescription =
+      '' GSS is an implementation of the Generic Security Service Application
+         Program Interface (GSS-API). GSS-API is used by network servers to 
+         provide security services, e.g., to authenticate SMTP/IMAP clients 
+         against SMTP/IMAP servers. 
+       '';
+
+    homepage = http://www.gnu.org/software/gss/;
+    license = "GPLv3+";
+
+    maintainers = [ stdenv.lib.maintainers.bjg ];
+    platforms = stdenv.lib.platforms.all;
+  };
+}
Index: pkgs/shells/rush/default.nix
===================================================================
--- pkgs/shells/rush/default.nix	(revision 0)
+++ pkgs/shells/rush/default.nix	(revision 0)
@@ -0,0 +1,36 @@
+{ fetchurl, stdenv }:
+
+stdenv.mkDerivation rec {
+  name = "rush-1.6";
+
+  src = fetchurl {
+    url = "mirror://gnu/rush/${name}.tar.gz";
+    sha256 = "1j9h1imql05cijav6hr9jigcmy1br8fs9vahvh6y7pf53k4lcfrv";
+  };
+
+  doCheck = true;
+
+  meta = {
+    description = "GNU Rush, Restricted User Shell";
+
+    longDescription =
+      '' GNU Rush is a Restricted User Shell, designed for sites
+         providing limited remote access to their resources, such as
+         svn or git repositories, scp, or the like.  Using a
+         sophisticated configuration file, Rush gives you complete
+         control over the command lines that users execute, as well as
+         over the usage of system resources, such as virtual memory,
+         CPU time, etc.
+
+         In particular, it allows remote programs to be run in a chrooted
+         environment, which is important with such programs as
+         sftp-server or scp, that lack this ability.
+      '';
+
+    homepage = http://www.gnu.org/software/rush/;
+    license = "GPLv3+";
+
+    maintainers = [ stdenv.lib.maintainers.bjg ];
+    platforms = stdenv.lib.platforms.all;
+  };
+}

