HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: cracklib: Install password dictionary.
[jackhill/guix/guix.git] / gnu / packages / password-utils.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2015 Steve Sprang <scs@stevesprang.com>
3 ;;; Copyright © 2015, 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
4 ;;; Copyright © 2015 Aljosha Papsch <misc@rpapsch.de>
5 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
6 ;;; Copyright © 2016 Jessica Tallon <tsyesika@tsyesika.se>
7 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
8 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
9 ;;; Copyright © 2016, 2019 Alex Griffin <a@ajgrf.com>
10 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
11 ;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org>
12 ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
13 ;;; Copyright © 2017 Jelle Licht <jlicht@fsfe.org>
14 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
15 ;;; Copyright © 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
16 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
17 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
18 ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
19 ;;; Copyright © 2018 Konrad Hinsen <konrad.hinsen@fastmail.net>
20 ;;; Copyright © 2018 Thomas Sigurdsen <tonton@riseup.net>
21 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
22 ;;; Copyright © 2018 Pierre Neidhardt <mail@ambrevar.xyz>
23 ;;; Copyright © 2018 Amirouche Boubekki <amirouche@hypermove.net>
24 ;;; Copyright © 2018 Tim Gesthuizen <tim.gesthuizen@yahoo.de>
25 ;;;
26 ;;; This file is part of GNU Guix.
27 ;;;
28 ;;; GNU Guix is free software; you can redistribute it and/or modify it
29 ;;; under the terms of the GNU General Public License as published by
30 ;;; the Free Software Foundation; either version 3 of the License, or (at
31 ;;; your option) any later version.
32 ;;;
33 ;;; GNU Guix is distributed in the hope that it will be useful, but
34 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
35 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
36 ;;; GNU General Public License for more details.
37 ;;;
38 ;;; You should have received a copy of the GNU General Public License
39 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
40
41 (define-module (gnu packages password-utils)
42 #:use-module ((guix licenses) #:prefix license:)
43 #:use-module (guix build-system cmake)
44 #:use-module (guix build-system gnu)
45 #:use-module (guix download)
46 #:use-module (guix git-download)
47 #:use-module (guix packages)
48 #:use-module (gnu packages)
49 #:use-module (gnu packages admin)
50 #:use-module (gnu packages aidc)
51 #:use-module (gnu packages authentication)
52 #:use-module (gnu packages base)
53 #:use-module (gnu packages check)
54 #:use-module (gnu packages compression)
55 #:use-module (gnu packages crypto)
56 #:use-module (gnu packages curl)
57 #:use-module (gnu packages file)
58 #:use-module (gnu packages freedesktop)
59 #:use-module (gnu packages gettext)
60 #:use-module (gnu packages glib)
61 #:use-module (gnu packages gnupg)
62 #:use-module (gnu packages gtk)
63 #:use-module (gnu packages guile)
64 #:use-module (gnu packages kerberos)
65 #:use-module (gnu packages libffi)
66 #:use-module (gnu packages linux)
67 #:use-module (gnu packages man)
68 #:use-module (gnu packages multiprecision)
69 #:use-module (gnu packages ncurses)
70 #:use-module (gnu packages nss)
71 #:use-module (gnu packages opencl)
72 #:use-module (gnu packages perl)
73 #:use-module (gnu packages pkg-config)
74 #:use-module (gnu packages python)
75 #:use-module (gnu packages python-web)
76 #:use-module (gnu packages python-xyz)
77 #:use-module (gnu packages suckless)
78 #:use-module (gnu packages tcl)
79 #:use-module (gnu packages tls)
80 #:use-module (gnu packages qt)
81 #:use-module (gnu packages version-control)
82 #:use-module (gnu packages wxwidgets)
83 #:use-module (gnu packages xdisorg)
84 #:use-module (gnu packages xorg)
85 #:use-module (gnu packages xml)
86 #:use-module (guix build-system python))
87
88 (define-public pwgen
89 (package
90 (name "pwgen")
91 (version "2.08")
92 (source
93 (origin
94 (method url-fetch)
95 (uri (string-append "mirror://sourceforge/pwgen/pwgen/" version
96 "/pwgen-" version ".tar.gz"))
97 (sha256
98 (base32 "0yy90pqrr2pszzhb5hxjishq9qc7dqd290amiibqx9fm1b9kvc6s"))))
99 (build-system gnu-build-system)
100 (arguments
101 `(#:tests? #f)) ; no test suite
102 (home-page "http://pwgen.sourceforge.net/")
103 (synopsis "Password generator")
104 (description "Pwgen generates passwords which can be easily memorized by a
105 human.")
106 (license license:gpl2)))
107
108 (define-public keepassxc
109 (package
110 (name "keepassxc")
111 (version "2.4.2")
112 (source
113 (origin
114 (method url-fetch)
115 (uri (string-append "https://github.com/keepassxreboot/" name
116 "/releases/download/" version "/keepassxc-"
117 version "-src.tar.xz"))
118 (sha256
119 (base32
120 "0f31lmpbkw0wrhq0qa4yw5b51bjv7vqp3ikr355qcm905456vyhm"))))
121 (build-system cmake-build-system)
122 (arguments
123 '(#:configure-flags '("-DWITH_XC_NETWORKING=YES"
124 "-DWITH_XC_BROWSER=YES"
125 "-DWITH_XC_SSHAGENT=YES"
126 "-DWITH_XC_UPDATECHECK=NO")))
127 (inputs
128 `(("argon2" ,argon2)
129 ("curl" ,curl) ; XC_NETWORKING
130 ("libgcrypt" ,libgcrypt)
131 ("libsodium" ,libsodium) ; XC_BROWSER
132 ("libxi" ,libxi)
133 ("libxtst" ,libxtst)
134 ("qrencode" ,qrencode)
135 ("qtbase" ,qtbase)
136 ("qtsvg" ,qtsvg)
137 ("qtx11extras" ,qtx11extras)
138 ("zlib" ,zlib)))
139 (native-inputs
140 `(("qttools" ,qttools)))
141 (home-page "https://www.keepassxc.org")
142 (synopsis "Password manager")
143 (description "KeePassXC is a password manager or safe which helps you to
144 manage your passwords in a secure way. You can put all your passwords in one
145 database, which is locked with one master key or a key-file which can be stored
146 on an external storage device. The databases are encrypted using the
147 algorithms AES or Twofish.")
148 ;; Non-functional parts use various licences.
149 (license license:gpl3)))
150
151 (define-public keepassx
152 (package
153 (name "keepassx")
154 (version "2.0.3")
155 (source
156 (origin
157 (method url-fetch)
158 (uri (string-append "https://www.keepassx.org/releases/" version
159 "/keepassx-" version ".tar.gz"))
160 (sha256
161 (base32
162 "1ia7cqx9ias38mnffsl7da7g1f66bcbjsi23k49sln0c6spb9zr3"))))
163 (build-system cmake-build-system)
164 (inputs
165 `(("libgcrypt" ,libgcrypt)
166 ("libxi" ,libxi)
167 ("libxtst" ,libxtst)
168 ("qt" ,qt-4)))
169 (native-inputs
170 `(("zlib" ,zlib)))
171 (home-page "https://www.keepassx.org")
172 (synopsis "Password manager")
173 (description "KeePassX is a password manager or safe which helps you to
174 manage your passwords in a secure way. You can put all your passwords in one
175 database, which is locked with one master key or a key-file which can be stored
176 on an external storage device. The databases are encrypted using the
177 algorithms AES or Twofish.")
178 ;; Non functional parts use various licences.
179 (license license:gpl3)
180 (properties `((superseded . ,keepassxc)))))
181
182 (define-public pwsafe
183 (package
184 (name "pwsafe")
185 (version "3.48.0")
186 (home-page "https://www.pwsafe.org/" )
187 (source
188 (origin
189 (method git-fetch)
190 (uri (git-reference
191 (url "https://github.com/pwsafe/pwsafe.git")
192 (commit version)))
193 (sha256 (base32 "0hxv23yh76liggxbjn4m132z15sklra8ms341xgzl4n5vjx30ihi"))
194 (file-name (string-append name "-" version "-checkout"))))
195 (build-system cmake-build-system)
196 (native-inputs `(("gettext" ,gettext-minimal)
197 ("perl" ,perl)
198 ("zip" ,zip)))
199 (inputs `(("curl" ,curl)
200 ("file" ,file)
201 ("gtest" ,googletest)
202 ("libuuid" ,util-linux)
203 ("libxt" ,libxt)
204 ("libxtst" ,libxtst)
205 ("openssl" ,openssl)
206 ("qrencode" ,qrencode)
207 ("wxwidgets" ,wxwidgets)
208 ("xerces-c" ,xerces-c)))
209 (arguments '(#:configure-flags (list "-DNO_GTEST=YES")
210 #:phases (modify-phases %standard-phases
211 (add-after 'unpack 'add-gtest
212 (lambda* (#:key inputs #:allow-other-keys)
213 (chmod "CMakeLists.txt" #o644)
214 (let ((cmake-port (open-file "CMakeLists.txt"
215 "a")))
216 (display "find_package(GTest)
217 add_subdirectory(src/test)\n" cmake-port)
218 (close cmake-port)
219 #t)))
220 (add-after 'add-gtest 'patch-executables
221 (lambda* (#:key inputs #:allow-other-keys)
222 (chmod "src/test/OSTest.cpp" #o644)
223 (substitute* "src/os/unix/media.cpp"
224 (("/usr/bin/file")
225 (string-append (assoc-ref inputs "file")
226 "/bin/file")))
227 #t)))))
228 (synopsis "Password safe with automatic input and key generation")
229 (description "pwsafe is a password manager originally designed by Bruce
230 Schneier. It offers a simple UI to manage passwords for different services.
231 There are other programs that support the file format on different
232 platforms.")
233 (license license:artistic2.0)))
234
235 (define-public shroud
236 (package
237 (name "shroud")
238 (version "0.1.1")
239 (source (origin
240 (method url-fetch)
241 (uri (string-append "https://files.dthompson.us/shroud/shroud-"
242 version ".tar.gz"))
243 (sha256
244 (base32
245 "1y43yhgy2zbrk5bqj3qyx9rkcz2bma9sinlrg7dip3jqms9gq4lr"))))
246 (build-system gnu-build-system)
247 (arguments
248 '(#:phases
249 (modify-phases %standard-phases
250 (add-after 'install 'wrap-shroud
251 (lambda* (#:key outputs #:allow-other-keys)
252 (let* ((out (assoc-ref outputs "out"))
253 (ccachedir (string-append out "/lib/guile/2.0/ccache"))
254 (prog (string-append out "/bin/shroud")))
255 (wrap-program prog
256 `("GUILE_LOAD_COMPILED_PATH" ":" prefix (,ccachedir)))
257 #t))))))
258 (inputs
259 `(("guile" ,guile-2.0)
260 ("gnupg" ,gnupg)
261 ("xclip" ,xclip)))
262 (synopsis "GnuPG-based secret manager")
263 (description "Shroud is a simple secret manager with a command line
264 interface. The password database is stored as a Scheme s-expression and
265 encrypted with a GnuPG key. Secrets consist of an arbitrary number of
266 key/value pairs, making Shroud suitable for more than just password storage.
267 For copying and pasting secrets into web browsers and other graphical
268 applications, there is xclip integration." )
269 (home-page "https://dthompson.us/projects/shroud.html")
270 (license license:gpl3+)))
271
272 (define-public yapet
273 (package
274 (name "yapet")
275 (version "1.1")
276 (source (origin
277 (method url-fetch)
278 (uri (string-append "http://www.guengel.ch/myapps/yapet/downloads/yapet-"
279 version
280 ".tar.bz2"))
281 (sha256
282 (base32
283 "1lq46mpxdsbl6qw4cj58hp9q7jckmyvbsi08p5zr77rjgqadxyyy"))))
284 (build-system gnu-build-system)
285 (inputs
286 `(("ncurses" ,ncurses)
287 ("openssl" ,openssl)))
288 (native-inputs
289 `(("pkg-config" ,pkg-config)))
290 (synopsis "Yet Another Password Encryption Tool")
291 (description "YAPET is a text based password manager using the Blowfish
292 encryption algorithm. Because of its small footprint and very few library
293 dependencies, it is suited for installing on desktop and server systems alike.
294 The text based user interface allows you to run YAPET easily in a Secure Shell
295 session. Two companion utilities enable users to convert CSV files to YAPET
296 and vice versa.")
297 (home-page "http://www.guengel.ch/myapps/yapet/")
298 (license license:gpl3+)))
299
300 (define-public cracklib
301 (package
302 (name "cracklib")
303 (version "2.9.7")
304 (source
305 (origin
306 (method url-fetch)
307 (uri (string-append "https://github.com/cracklib/cracklib/"
308 "releases/download/v" version "/"
309 "cracklib-" version ".tar.bz2"))
310 (sha256
311 (base32 "1rimpjsdnmw8f5b7k558cic41p2qy2n2yrlqp5vh7mp4162hk0py"))))
312 (build-system gnu-build-system)
313 (arguments
314 `(#:phases
315 (modify-phases %standard-phases
316 (add-after 'install 'install-dict
317 (lambda* (#:key make-flags #:allow-other-keys)
318 (begin
319 (chmod (string-append "util/cracklib-format") #o755)
320 (apply invoke "make" "dict" make-flags)
321 #t))))))
322 (synopsis "Password checking library")
323 (home-page "https://github.com/cracklib/cracklib")
324 (description
325 "CrackLib is a library containing a C function which may be used in a
326 @command{passwd}-like program. The idea is simple: try to prevent users from
327 choosing passwords that could easily be guessed (or \"cracked\") by filtering
328 them out, at the source.")
329 (license license:lgpl2.1)))
330
331 (define-public libpwquality
332 (package
333 (name "libpwquality")
334 (version "1.4.0")
335 (source (origin
336 (method url-fetch)
337 (uri (list
338 (string-append "https://github.com/" name "/" name
339 "/releases/download/" name "-" version
340 "/" name "-" version ".tar.bz2")
341 (string-append "https://launchpad.net/libpwquality/trunk/"
342 version "/+download/"
343 name "-" version ".tar.bz2")))
344 (sha256
345 (base32
346 "0syyz8r54l8mqmbb0mw19qz4z2cx8gdgidicb8k2s5zjdh2gzrhx"))))
347 (build-system gnu-build-system)
348 (arguments
349 ;; XXX: have RUNPATH issue.
350 '(#:configure-flags '("--disable-python-bindings")))
351 (inputs
352 `(("cracklib" ,cracklib)))
353 (synopsis "Password quality checker")
354 (home-page "https://github.com/libpwquality/libpwquality")
355 (description
356 "Libpwquality is a library for password quality checking and generation of
357 random passwords that pass the checks.")
358 (license license:gpl2+)))
359
360 (define-public assword
361 (package
362 (name "assword")
363 (version "0.11")
364 (source (origin
365 (method url-fetch)
366 (uri (list
367 (string-append
368 "http://http.debian.net/debian/pool/main/a/assword/"
369 "assword_" version ".orig.tar.gz")))
370 (sha256
371 (base32
372 "03gkb6kvsghznbcw5l7nmrc6mn3ixkjd5jcs96ni4zs9l47jf7yp"))))
373 (arguments
374 `(;; irritatingly, tests do run but not there are two problems:
375 ;; - "import gtk" fails for unknown reasons here despite it the
376 ;; program working (indeed, I've found I have to do a logout and log
377 ;; back in in after an install order for some mumbo jumbo environment
378 ;; variable mess to work with pygtk and assword... what's up with
379 ;; that?)
380 ;; - even when the tests fail, they don't return a nonzero status,
381 ;; so I'm not sure how to programmatically get that information
382 #:tests? #f
383 #:phases
384 (modify-phases %standard-phases
385 (add-after 'install 'wrap-assword
386 (lambda* (#:key outputs #:allow-other-keys)
387 (let ((prog (string-append
388 (assoc-ref outputs "out")
389 "/bin/assword"))
390 (gi-typelib-path (getenv "GI_TYPELIB_PATH")))
391 (wrap-program prog
392 `("GI_TYPELIB_PATH" ":" prefix (,gi-typelib-path)))
393 #t)))
394 (add-after 'install 'manpage
395 (lambda* (#:key outputs #:allow-other-keys)
396 ;; Without this substitution, it fails with
397 ;; ImportError: No module named 'gpg'
398 (substitute* "Makefile"
399 (("PYTHONPATH=.") ""))
400 (invoke "make" "assword.1")
401 (install-file
402 "assword.1"
403 (string-append (assoc-ref outputs "out") "/share/man/man1")))))))
404 (build-system python-build-system)
405 (native-inputs
406 `(("txt2man" ,txt2man)))
407 (inputs
408 `(("gtk+" ,gtk+)
409 ("python-xdo" ,python-xdo)
410 ("python-gpg" ,python-gpg)
411 ("python-pygobject" ,python-pygobject)))
412 (propagated-inputs
413 `(("xclip" ,xclip)))
414 (home-page "https://finestructure.net/assword/")
415 (synopsis "Password manager")
416 (description "assword is a simple password manager using GPG-wrapped
417 JSON files. It has a command line interface as well as a very simple
418 graphical interface, which can even \"type\" your passwords into
419 any X11 window.")
420 (license license:gpl3+)))
421
422 (define-public password-store
423 (package
424 (name "password-store")
425 (version "1.7.3")
426 (source (origin
427 (method url-fetch)
428 (uri
429 (string-append "https://git.zx2c4.com/password-store/snapshot/"
430 name "-" version ".tar.xz"))
431 (sha256
432 (base32
433 "1x53k5dn3cdmvy8m4fqdld4hji5n676ksl0ql4armkmsds26av1b"))))
434 (build-system gnu-build-system)
435 (arguments
436 '(#:phases
437 (modify-phases %standard-phases
438 (delete 'configure)
439 (delete 'build)
440 (add-before 'install 'patch-system-extension-dir
441 (lambda* (#:key outputs #:allow-other-keys)
442 (let* ((out (assoc-ref outputs "out"))
443 (extension-dir (string-append out "/lib/password-store/extensions")))
444 (substitute* "src/password-store.sh"
445 (("^SYSTEM_EXTENSION_DIR=.*$")
446 ;; lead with whitespace to prevent 'make install' from
447 ;; overwriting it again
448 (string-append " SYSTEM_EXTENSION_DIR=\""
449 "${PASSWORD_STORE_SYSTEM_EXTENSION_DIR:-"
450 extension-dir
451 "}\"\n"))))
452 #t))
453 (add-before 'install 'patch-passmenu-path
454 (lambda* (#:key inputs #:allow-other-keys)
455 (substitute* "contrib/dmenu/passmenu"
456 (("dmenu") (string-append (assoc-ref inputs "dmenu")
457 "/bin/dmenu"))
458 (("xdotool") (string-append (assoc-ref inputs "xdotool")
459 "/bin/xdotool")))
460 #t))
461 (add-after 'install 'install-passmenu
462 (lambda* (#:key outputs #:allow-other-keys)
463 (let* ((out (assoc-ref outputs "out"))
464 (bin (string-append out "/bin")))
465 (install-file "contrib/dmenu/passmenu" bin)
466 #t)))
467 (add-after 'install 'wrap-path
468 (lambda* (#:key inputs outputs #:allow-other-keys)
469 (let ((out (assoc-ref outputs "out"))
470 (path (map (lambda (pkg)
471 (string-append (assoc-ref inputs pkg) "/bin"))
472 '("coreutils" "getopt" "git" "gnupg" "qrencode"
473 "sed" "tree" "which" "xclip"))))
474 (wrap-program (string-append out "/bin/pass")
475 `("PATH" ":" prefix (,(string-join path ":"))))
476 #t)))
477 (add-after 'wrap-path 'install-shell-completions
478 (lambda* (#:key outputs #:allow-other-keys)
479 (let* ((out (assoc-ref outputs "out"))
480 (bashcomp (string-append out "/etc/bash_completion.d")))
481 ;; TODO: install fish and zsh completions.
482 (mkdir-p bashcomp)
483 (copy-file "src/completion/pass.bash-completion"
484 (string-append bashcomp "/pass"))
485 #t))))
486 #:make-flags (list "CC=gcc" (string-append "PREFIX=" %output))
487 ;; Parallel tests may cause a race condition leading to a
488 ;; timeout in some circumstances.
489 #:parallel-tests? #f
490 #:test-target "test"))
491 (native-search-paths
492 (list (search-path-specification
493 (variable "PASSWORD_STORE_SYSTEM_EXTENSION_DIR")
494 (files '("lib/password-store/extensions")))))
495 (inputs
496 `(("dmenu" ,dmenu)
497 ("getopt" ,util-linux)
498 ("git" ,git)
499 ("gnupg" ,gnupg)
500 ("qrencode" ,qrencode)
501 ("sed" ,sed)
502 ("tree" ,tree)
503 ("which" ,which)
504 ("xclip" ,xclip)
505 ("xdotool" ,xdotool)))
506 (home-page "https://www.passwordstore.org/")
507 (synopsis "Encrypted password manager")
508 (description "Password-store is a password manager which uses GnuPG to
509 store and retrieve passwords. The tool stores each password in its own
510 GnuPG-encrypted file, allowing the program to be simple yet secure.
511 Synchronization is possible using the integrated git support, which commits
512 changes to your password database to a git repository that can be managed
513 through the pass command.")
514 (license license:gpl2+)))
515
516 (define-public pass-otp
517 (package
518 (name "pass-otp")
519 (version "1.2.0")
520 (source
521 (origin
522 (method url-fetch)
523 (uri
524 (string-append "https://github.com/tadfisher/pass-otp/releases/"
525 "download/v" version "/pass-otp-" version ".tar.gz"))
526 (sha256
527 (base32
528 "0rrs3iazq80dn0wbl20xkh270428jd8l99m5gd7hl93s4r4sc82p"))))
529 (build-system gnu-build-system)
530 (arguments
531 '(#:make-flags
532 (let* ((out (assoc-ref %outputs "out"))
533 (bashcomp (string-append out "/etc/bash_completion.d")))
534 (list (string-append "PREFIX=" %output)
535 (string-append "BASHCOMPDIR=" bashcomp)))
536 #:phases
537 (modify-phases %standard-phases
538 (delete 'configure)
539 (add-after 'build 'patch-oath-path
540 (lambda* (#:key inputs #:allow-other-keys)
541 (substitute* "otp.bash"
542 (("^OATH=.*$")
543 (string-append
544 "OATH="
545 (assoc-ref inputs "oath-toolkit")
546 "/bin/oathtool\n")))
547 #t)))
548 #:test-target "test"))
549 (inputs
550 `(("oath-toolkit" ,oath-toolkit)))
551 (native-inputs
552 `(("password-store" ,password-store)
553 ("expect" ,expect)
554 ("git" ,git)
555 ("gnupg" ,gnupg)
556 ("which" ,which)))
557 (home-page "https://github.com/tadfisher/pass-otp")
558 (synopsis "Pass extension for managing one-time-password (OTP) tokens")
559 (description
560 "Pass OTP is an extension for password-store that allows adding
561 one-time-password (OTP) secrets, generating OTP codes, and displaying secret
562 key URIs using the standard otpauth:// scheme.")
563 (license license:gpl3+)))
564
565 (define-public argon2
566 (package
567 (name "argon2")
568 (version "20171227")
569 (source
570 (origin
571 (method url-fetch)
572 (uri
573 (string-append "https://github.com/P-H-C/phc-winner-argon2/archive/"
574 version ".tar.gz"))
575 (file-name (string-append name "-" version ".tar.gz"))
576 (sha256
577 (base32
578 "1n6w5y3va7lrcym7cxr0nikapldqm80wxjdns584bvplq5r03spa"))))
579 (build-system gnu-build-system)
580 (arguments
581 `(#:test-target "test"
582 #:make-flags '("CC=gcc"
583 "OPTTEST=1") ;disable CPU optimization
584 #:phases
585 (modify-phases %standard-phases
586 (add-after 'unpack 'patch-Makefile
587 (lambda* (#:key outputs #:allow-other-keys)
588 (let ((out (assoc-ref outputs "out")))
589 (substitute* "Makefile"
590 (("PREFIX = /usr") (string-append "PREFIX = " out)))
591 (substitute* "libargon2.pc"
592 (("prefix=/usr") (string-append "prefix=" out))
593 (("@HOST_MULTIARCH@") "")
594 (("@UPSTREAM_VER@") ,version))
595 #t)))
596 (delete 'configure)
597 (add-after 'install 'install-argon2.pc
598 (lambda* (#:key outputs #:allow-other-keys)
599 (let ((out (assoc-ref outputs "out")))
600 (install-file "libargon2.pc"
601 (string-append out "/lib/pkgconfig"))
602 #t))))))
603 (home-page "https://www.argon2.com/")
604 (synopsis "Password hashing library")
605 (description "Argon2 provides a key derivation function that was declared
606 winner of the 2015 Password Hashing Competition.")
607 ;; Argon2 is dual licensed under CC0 and ASL 2.0. Some of the source
608 ;; files are CC0 only; see README.md and LICENSE for details.
609 (license (list license:cc0 license:asl2.0))))
610
611 (define-public pass-git-helper
612 (package
613 (name "pass-git-helper")
614 (version "0.3.1")
615 (source
616 (origin
617 (method url-fetch)
618 (uri (string-append "https://github.com/languitar/pass-git-helper/archive/release-"
619 version ".tar.gz"))
620 (sha256
621 (base32
622 "0lz5ncy44pz7z1j2nnyildx8sq33zi3xvg5nkwg25n11nasqh2xn"))))
623 (build-system python-build-system)
624 (arguments
625 `(#:phases
626 (modify-phases %standard-phases
627 (add-before 'build 'patch-pass-path
628 (lambda* (#:key inputs #:allow-other-keys)
629 (let* ((password-store (assoc-ref inputs "password-store"))
630 (pass (string-append password-store "/bin/pass")))
631 (substitute* "pass-git-helper"
632 (("'pass'") (string-append "'" pass "'")))
633 #t))))))
634 (inputs
635 `(("python-pyxdg" ,python-pyxdg)
636 ("password-store" ,password-store)))
637 (home-page "https://github.com/languitar/pass-git-helper")
638 (synopsis "Git credential helper interfacing with pass")
639 (description "pass-git-helper is a git credential helper which allows to
640 use pass, the standard unix password manager, as the credential backend for
641 your git repositories. This is achieved by explicitly defining mappings
642 between hosts and entries in the password store.")
643 (license license:lgpl3+)))
644
645 (define-public john-the-ripper-jumbo
646 (let ((official-version "1.8.0")
647 (jumbo-version "1"))
648 (package
649 (name "john-the-ripper-jumbo")
650 (version (string-append official-version "-" jumbo-version))
651 (source
652 (origin
653 (method url-fetch)
654 (uri (string-append "http://www.openwall.com/john/j/john-"
655 official-version "-jumbo-" jumbo-version ".tar.xz"))
656 (sha256
657 (base32
658 "08q92sfdvkz47rx6qjn7qv57cmlpy7i7rgddapq5384mb413vjds"))
659 (patches
660 (list (origin
661 (method url-fetch)
662 (uri (string-append "https://github.com/magnumripper/"
663 "JohnTheRipper/commit/"
664 "e2e868db3e153b3f959e119a51703d4afb99c624.patch"))
665 (file-name "john-the-ripper-jumbo-gcc5-inline.patch")
666 (sha256
667 (base32
668 "1shvcf1y2097115mxhzdkm64dr106a8zr6pqjqyh171q5ng5vfra")))
669 (origin
670 (method url-fetch)
671 (uri (string-append "https://github.com/magnumripper/"
672 "JohnTheRipper/commit/"
673 "480e95b0e449863be3e1a5b0bc634a67df28b618.patch"))
674 (file-name "john-the-ripper-jumbo-non-x86.patch")
675 (sha256
676 (base32
677 "1ffd9dvhk0sb6ss8dv5yalh01lz30i7rilqilf2xv68gax2hyjqx")))))))
678 (build-system gnu-build-system)
679 (inputs
680 `(("gmp" ,gmp)
681 ("krb5" ,mit-krb5)
682 ("libpcap" ,libpcap)
683 ("nss" ,nss)
684 ("openssl" ,openssl)
685 ("zlib" ,zlib)))
686 (arguments
687 `(#:configure-flags
688 (list (string-append
689 "CFLAGS=-O2 -g "
690 "-DJOHN_SYSTEMWIDE=1 "
691 "-DJOHN_SYSTEMWIDE_EXEC='\"" %output "/libexec/john\"' "
692 "-DJOHN_SYSTEMWIDE_HOME='\"" %output "/share/john\"'")
693 ;; For now, do not test for instruction set in configure, and
694 ;; do not pass '-march=native' to gcc:
695 "--disable-native-tests"
696 "--disable-native-macro")
697 #:tests? #f ;tests try to create '.john' in the build user's $HOME
698 #:phases
699 (modify-phases %standard-phases
700 (add-before 'configure 'chdir-src
701 (lambda _ (chdir "src")))
702 (replace 'install
703 (lambda _
704 (let ((bindir (string-append %output "/bin"))
705 (docdir (string-append %output "/share/doc/john"))
706 (execdir (string-append %output "/libexec/john"))
707 (homedir (string-append %output "/share/john"))
708 (install-file-to (lambda (dir)
709 (lambda (f) (install-file f dir))))
710 (symlink? (lambda (_ s) (eq? (stat:type s) 'symlink))))
711 (with-directory-excursion "../run"
712 (for-each (install-file-to execdir)
713 (cons* "mailer" "benchmark-unify"
714 (find-files "." ".*\\.(py|rb|pl)")))
715 (for-each (install-file-to homedir)
716 (append (find-files "." "(stats|dictionary.*)")
717 (find-files "." "(.*\\.chr|.*\\.lst)")
718 (find-files "." ".*\\.conf")))
719 (for-each (install-file-to bindir)
720 '("tgtsnarf" "genmkvpwd" "mkvcalcproba"
721 "raw2dyna" "luks2john" "vncpcap2john"
722 "uaf2john" "calc_stat" "wpapcap2john"
723 "cprepair" "relbench" "SIPdump" "john"))
724 (for-each (lambda (f) ;install symlinked aliases
725 (symlink "john"
726 (string-append bindir "/" (basename f))))
727 (find-files "." symlink?)))
728 (copy-recursively "../doc" docdir)
729 #t))))))
730 (home-page "http://www.openwall.com/john/")
731 (synopsis "Password cracker")
732 (description "John the Ripper is a fast password cracker. Its primary
733 purpose is to detect weak Unix passwords. Besides several @code{crypt}
734 password hash types most commonly found on various Unix systems, supported out
735 of the box are Windows LM hashes, plus lots of other hashes and ciphers. This
736 is the community-enhanced, \"jumbo\" version of John the Ripper.")
737 (license license:gpl2+))))
738
739 (define-public sala
740 (package
741 (name "sala")
742 (version "1.3")
743 (source
744 (origin
745 (method url-fetch)
746 (uri (pypi-uri "sala" version))
747 (sha256
748 (base32
749 "13qgmc3i2a0cqp8jqrfl93lnphfagb32pgfikc1gza2a14asxzi8"))))
750 (build-system python-build-system)
751 (arguments
752 ;; Sala is supposed to work with Python 3.2 or higher,
753 ;; but it doesn't work with Python 3.6. Better stick
754 ;; to Python 2, which works fine.
755 `(#:python ,python-2))
756 (propagated-inputs
757 `(("gnupg" ,gnupg)
758 ("pwgen" ,pwgen)))
759 (home-page "http://www.digip.org/sala/")
760 (synopsis "Encrypted plaintext password store")
761 (description
762 "Store passwords and other bits of sensitive plain-text information
763 to encrypted files on a directory hierarchy. The information is protected
764 by GnuPG's symmetrical encryption.")
765 (license license:expat)))
766
767 (define-public fpm2
768 (package
769 (name "fpm2")
770 (version "0.79")
771 (source (origin
772 (method url-fetch)
773 (uri (string-append "https://als.regnet.cz/fpm2/download/fpm2-"
774 version ".tar.bz2"))
775 (sha256
776 (base32
777 "19sdy1lygfhkg5nxi2w9a4d9kwvw24nxp0ix0p0lz91qpvk9qpnm"))))
778 (build-system gnu-build-system)
779 (inputs `(("gtk2" ,gtk+-2)
780 ("gnupg" ,gnupg)
781 ("libxml2" ,libxml2)))
782 (native-inputs `(("pkg-config" ,pkg-config)
783 ("intltool" ,intltool)))
784 (arguments
785 `(#:phases
786 (modify-phases %standard-phases
787 (add-before 'configure 'pre-configure
788 ;; The file po/POTFILES.in ends up missing for some reason in
789 ;; both nix and guix builds. Adding the file with contents
790 ;; found during troubleshooting.
791 (lambda _
792 (call-with-output-file "po/POTFILES.in"
793 (lambda (port)
794 (format port "data/fpm2.desktop.in
795 data/fpm2.desktop.in.in
796 fpm2.glade
797 src/callbacks.c
798 src/fpm.c
799 src/fpm_file.c
800 src/interface.c
801 src/support.c
802 fpm2.glade
803 ")))
804 #t)))))
805 (synopsis "Manage, generate and store passwords encrypted")
806 (description "FPM2 is GTK2 port from Figaro's Password Manager
807 originally developed by John Conneely, with some new enhancements.
808
809 Upstream development seems to have stopped. It is therefore recommended
810 to use a different password manager.")
811 (home-page "https://als.regnet.cz/fpm2/")
812 (license license:gpl2+)))
813
814 (define-public pass-rotate
815 (package
816 (name "pass-rotate")
817 (version "0.1")
818 (source
819 (origin
820 (method url-fetch)
821 (uri (string-append "https://github.com/SirCmpwn/pass-rotate/archive/"
822 version ".tar.gz"))
823 (sha256
824 (base32
825 "1svm5nj8bczv2dg8lh2zqqhbsrljqsw9680r03qwgl9vlci90210"))
826 (file-name (string-append name "-" version ".tar.gz"))))
827 (build-system python-build-system)
828 (inputs
829 `(("python-beautifulsoup4" ,python-beautifulsoup4)
830 ("python-docopt" ,python-docopt)
831 ("python-html5lib" ,python-html5lib)
832 ("python-requests" ,python-requests)))
833 (home-page "https://github.com/SirCmpwn/pass-rotate")
834 (synopsis "Rotate password on online services")
835 (description "pass-rotate is a command line utility and python library for
836 rotating passwords on various web services. It makes it easier to rotate your
837 passwords, one at a time or in bulk, when security events or routine upkeep of
838 your online accounts makes it necessary.")
839 (license license:expat)))
840
841 (define-public hashcat
842 (package
843 (name "hashcat")
844 (version "5.1.0")
845 (source
846 (origin
847 (method url-fetch)
848 (uri (string-append "https://hashcat.net/files/hashcat-"
849 version ".tar.gz"))
850 (sha256
851 (base32
852 "0f73y4cg8c7a6q7x34qvpfi4g3lw6j9bnn0a13g43aqyiskflfr8"))))
853 (native-inputs
854 `(("opencl-headers" ,opencl-headers)))
855 (build-system gnu-build-system)
856 (arguments
857 '(#:tests? #f ;no tests
858 #:make-flags (list (string-append "PREFIX=" %output))
859 #:phases
860 (modify-phases %standard-phases
861 (delete 'configure))))
862 (home-page "https://hashcat.net/hashcat/")
863 (synopsis "Advanced password recovery utility")
864 (description "Hashcat is an password recovery utility, supporting five
865 unique modes of attack for over 200 highly-optimized hashing algorithms.
866 Hashcat currently supports CPUs, GPUs, and other hardware accelerators on
867 Linux, Windows, and macOS, and has facilities to help enable distributed
868 password cracking.")
869 (license license:expat)))
870
871 (define-public hashcat-utils
872 (package
873 (name "hashcat-utils")
874 (version "1.9")
875 (source
876 (origin
877 (method url-fetch)
878 (uri (string-append "https://github.com/hashcat/hashcat-utils/releases/"
879 "download/v" version "/"
880 "hashcat-utils-" version ".7z"))
881 (sha256
882 (base32 "0kq555kb338691qd7zjmi8vhq4km3apnsl2w63zh0igwzcjx6lx1"))))
883 (native-inputs
884 `(("p7zip" ,p7zip)))
885 (inputs
886 `(("perl" ,perl)))
887 (build-system gnu-build-system)
888 (arguments
889 `(#:tests? #f ;no tests
890 #:make-flags (list "CC=gcc"
891 ;; Upstream bug(?): "make all" seems to remove the
892 ;; Perl scripts from the source.
893 "native")
894 #:phases
895 (modify-phases %standard-phases
896 (replace 'unpack
897 (lambda* (#:key source #:allow-other-keys)
898 (invoke "7z" "x" source)
899 (chdir (string-append "hashcat-utils-" ,version "/src"))
900 #t))
901 (delete 'configure)
902 (replace 'install
903 (lambda* (#:key outputs #:allow-other-keys)
904 (let ((out (string-append (assoc-ref outputs "out") "/bin")))
905 (mkdir-p out)
906 (for-each
907 (lambda (file)
908 (copy-file file (string-append out "/"
909 (basename file ".bin"))))
910 (find-files "." "\\.bin$"))
911 (for-each
912 (lambda (file)
913 (copy-file file (string-append out "/"
914 (basename file ".pl"))))
915 (find-files "../bin" "\\.pl$"))
916 #t))))))
917 (home-page "https://github.com/hashcat/hashcat-utils/")
918 (synopsis "Small utilities that are useful in advanced password cracking")
919 (description "Hashcat-utils are a set of small utilities that are useful
920 in advanced password cracking. They all are packed into multiple stand-alone
921 binaries. All of these utils are designed to execute only one specific
922 function. Since they all work with @code{STDIN} and @code{STDOUT} you can
923 group them into chains.")
924 (license license:expat)))
jackhill's copy of GNU Guix: https://guix.gnu.org/