pkgs/os-specific/linux/checksec/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / os-specific / linux / checksec / default.nix

at netboot-syslinux-multiplatform 59 lines 1.3 kB view raw

 1{ lib
 2, stdenv
 3, fetchFromGitHub
 4, makeWrapper
 5, file
 6, findutils
 7, binutils-unwrapped
 8, glibc
 9, coreutils
10, sysctl
11, openssl
12}:
13
14stdenv.mkDerivation rec {
15  pname = "checksec";
16  version = "2.6.0";
17
18  src = fetchFromGitHub {
19    owner = "slimm609";
20    repo = "checksec.sh";
21    rev = version;
22    hash = "sha256-BWtchWXukIDSLJkFX8M/NZBvfi7vUE2j4yFfS0KEZDo=";
23  };
24
25  patches = [
26    ./0001-attempt-to-modprobe-config-before-checking-kernel.patch
27  ];
28
29  nativeBuildInputs = [
30    makeWrapper
31  ];
32
33  installPhase =
34    let
35      path = lib.makeBinPath [
36        findutils
37        file
38        binutils-unwrapped
39        sysctl
40        openssl
41      ];
42    in
43    ''
44      mkdir -p $out/bin
45      install checksec $out/bin
46      substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6
47      substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -"
48      wrapProgram $out/bin/checksec \
49        --prefix PATH : ${path}
50    '';
51
52  meta = with lib; {
53    description = "Tool for checking security bits on executables";
54    homepage = "https://www.trapkit.de/tools/checksec/";
55    license = licenses.bsd3;
56    platforms = platforms.linux;
57    maintainers = with maintainers; [ thoughtpolice globin ];
58  };
59}