pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / os-specific / linux / checksec / default.nix
at 17.09-beta 43 lines 1.8 kB view raw
1{ stdenv, fetchurl, file, findutils, binutils, glibc, procps, coreutils }: 2 3stdenv.mkDerivation rec { 4 name = "checksec-${version}"; 5 version = "1.5"; 6 7 src = fetchurl { 8 url = "http://www.trapkit.de/tools/checksec.sh"; 9 sha256 = "0iq9v568mk7g7ksa1939g5f5sx7ffq8s8n2ncvphvlckjgysgf3p"; 10 }; 11 12 patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch ]; 13 14 unpackPhase = '' 15 mkdir ${name} 16 cp $src ${name}/checksec.sh 17 cd ${name} 18 ''; 19 20 installPhase = '' 21 mkdir -p $out/bin 22 cp checksec.sh $out/bin/checksec 23 chmod +x $out/bin/checksec 24 substituteInPlace $out/bin/checksec --replace /bin/bash ${stdenv.shell} 25 substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6 26 substituteInPlace $out/bin/checksec --replace find ${findutils}/bin/find 27 substituteInPlace $out/bin/checksec --replace "file $" "${file}/bin/file $" 28 substituteInPlace $out/bin/checksec --replace "xargs file" "xargs ${file}/bin/file" 29 substituteInPlace $out/bin/checksec --replace " readelf -" " ${binutils.out}/bin/readelf -" 30 substituteInPlace $out/bin/checksec --replace "(readelf -" "(${binutils.out}/bin/readelf -" 31 substituteInPlace $out/bin/checksec --replace "command_exists readelf" "command_exists ${binutils.out}/bin/readelf" 32 substituteInPlace $out/bin/checksec --replace "/sbin/sysctl -" "${procps}/sbin/sysctl -" 33 substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -" 34 ''; 35 36 meta = { 37 description = "A tool for checking security bits on executables"; 38 homepage = "http://www.trapkit.de/tools/checksec.html"; 39 license = stdenv.lib.licenses.bsd3; 40 platforms = stdenv.lib.platforms.linux; 41 maintainers = [ stdenv.lib.maintainers.thoughtpolice ]; 42 }; 43}