pkgs/tools/security/cipherscan/default.nix at 16.09 · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / tools / security / cipherscan / default.nix

at 16.09 43 lines 1.3 kB view raw

 1{ stdenv, lib, fetchFromGitHub, pkgconfig, openssl, makeWrapper, python, coreutils }:
 2
 3stdenv.mkDerivation rec {
 4  name = "cipherscan-${version}";
 5  version = "2015-12-17";
 6  src = fetchFromGitHub {
 7    owner = "jvehent";
 8    repo = "cipherscan";
 9    rev = "18b0d1b952d027d20e38f07329817873ec077d26";
10    sha256 = "0b6fkfm2y8w04am4krspmapcc5ngn603n5rlwyjly92z2dawc7h8";
11  };
12  buildInputs = [ makeWrapper python ];
13  patches = [ ./path.patch ];
14  buildPhase = ''
15    substituteInPlace cipherscan \
16      --replace "@OPENSSLBIN@" \
17                "${openssl.bin}/bin/openssl" \
18      --replace "@TIMEOUTBIN@" \
19                "${coreutils}/bin/timeout" \
20      --replace "@READLINKBIN@" \
21                "${coreutils}/bin/readlink"
22
23    substituteInPlace analyze.py \
24      --replace "@OPENSSLBIN@" \
25                "${openssl.bin}/bin/openssl"
26  '';
27  installPhase = ''
28    mkdir -p $out/bin
29
30    cp cipherscan $out/bin
31    cp openssl.cnf $out/bin
32    cp analyze.py $out/bin
33
34    wrapProgram $out/bin/analyze.py --set PYTHONPATH "$PYTHONPATH"
35  '';
36  meta = with lib; {
37    description = "Very simple way to find out which SSL ciphersuites are supported by a target";
38    homepage = "https://github.com/jvehent/cipherscan";
39    license = licenses.mpl20;
40    platforms = platforms.all;
41    maintainers = with maintainers; [ cstrahan ];
42  };
43}