pkgs/os-specific/linux/checksec/default.nix at 22.05

tjh.dev / nixpkgs

fork atom

nixpkgs mirror (for testing) github.com/NixOS/nixpkgs

nix

fork atom

nixpkgs / pkgs / os-specific / linux / checksec / default.nix

at 22.05 39 lines 1.2 kB view raw

wrap content

 1{ lib, stdenv, fetchFromGitHub, makeWrapper, file, findutils
 2, binutils-unwrapped, glibc, coreutils, sysctl, openssl
 3}:
 4
 5stdenv.mkDerivation rec {
 6  pname = "checksec";
 7  version = "2.5.0";
 8
 9  src = fetchFromGitHub {
10    owner = "slimm609";
11    repo = "checksec.sh";
12    rev = version;
13    sha256 = "sha256-GxWXocz+GCEssRrIQP6E9hjVIhVh2EmZrefELxQlV1Q=";
14  };
15
16  patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch ];
17  nativeBuildInputs = [ makeWrapper ];
18
19  installPhase = let
20    path = lib.makeBinPath [
21      findutils file binutils-unwrapped sysctl openssl
22    ];
23  in ''
24    mkdir -p $out/bin
25    install checksec $out/bin
26    substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6
27    substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -"
28    wrapProgram $out/bin/checksec \
29      --prefix PATH : ${path}
30  '';
31
32  meta = with lib; {
33    description = "A tool for checking security bits on executables";
34    homepage    = "https://www.trapkit.de/tools/checksec/";
35    license     = licenses.bsd3;
36    platforms   = platforms.linux;
37    maintainers = with maintainers; [ thoughtpolice globin ];
38  };
39}