HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into core-updates
[jackhill/guix/guix.git] / gnu / packages / password-utils.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2015 Steve Sprang <scs@stevesprang.com>
3 ;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Efraim Flashner <efraim@flashner.co.il>
4 ;;; Copyright © 2015 Aljosha Papsch <misc@rpapsch.de>
5 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
6 ;;; Copyright © 2016 Jessica Tallon <tsyesika@tsyesika.se>
7 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
8 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
9 ;;; Copyright © 2016, 2019, 2020 Alex Griffin <a@ajgrf.com>
10 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
11 ;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org>
12 ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
13 ;;; Copyright © 2017 Jelle Licht <jlicht@fsfe.org>
14 ;;; Copyright © 2017, 2019 Eric Bavier <bavier@member.fsf.org>
15 ;;; Copyright © 2017, 2020 Nicolas Goaziou <mail@nicolasgoaziou.fr>
16 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
17 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
18 ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
19 ;;; Copyright © 2018 Konrad Hinsen <konrad.hinsen@fastmail.net>
20 ;;; Copyright © 2018 Thomas Sigurdsen <tonton@riseup.net>
21 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
22 ;;; Copyright © 2018 Pierre Neidhardt <mail@ambrevar.xyz>
23 ;;; Copyright © 2018 Amirouche Boubekki <amirouche@hypermove.net>
24 ;;; Copyright © 2018, 2019 Tim Gesthuizen <tim.gesthuizen@yahoo.de>
25 ;;; Copyright © 2019 Jens Mølgaard <jens@zete.tk>
26 ;;; Copyright © 2019 Tanguy Le Carrour <tanguy@bioneland.org>
27 ;;; Copyright © 2020 Guillaume Le Vaillant <glv@posteo.net>
28 ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
29 ;;;
30 ;;; This file is part of GNU Guix.
31 ;;;
32 ;;; GNU Guix is free software; you can redistribute it and/or modify it
33 ;;; under the terms of the GNU General Public License as published by
34 ;;; the Free Software Foundation; either version 3 of the License, or (at
35 ;;; your option) any later version.
36 ;;;
37 ;;; GNU Guix is distributed in the hope that it will be useful, but
38 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
39 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
40 ;;; GNU General Public License for more details.
41 ;;;
42 ;;; You should have received a copy of the GNU General Public License
43 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
44
45 (define-module (gnu packages password-utils)
46 #:use-module ((guix licenses) #:prefix license:)
47 #:use-module (guix build-system cmake)
48 #:use-module (guix build-system gnu)
49 #:use-module (guix build-system go)
50 #:use-module (guix build-system trivial)
51 #:use-module (guix download)
52 #:use-module (guix git-download)
53 #:use-module (guix packages)
54 #:use-module (gnu packages)
55 #:use-module (gnu packages admin)
56 #:use-module (gnu packages aidc)
57 #:use-module (gnu packages authentication)
58 #:use-module (gnu packages base)
59 #:use-module (gnu packages check)
60 #:use-module (gnu packages compression)
61 #:use-module (gnu packages crypto)
62 #:use-module (gnu packages cryptsetup)
63 #:use-module (gnu packages curl)
64 #:use-module (gnu packages file)
65 #:use-module (gnu packages freedesktop)
66 #:use-module (gnu packages gettext)
67 #:use-module (gnu packages glib)
68 #:use-module (gnu packages gnupg)
69 #:use-module (gnu packages golang)
70 #:use-module (gnu packages gtk)
71 #:use-module (gnu packages guile)
72 #:use-module (gnu packages kerberos)
73 #:use-module (gnu packages libffi)
74 #:use-module (gnu packages linux)
75 #:use-module (gnu packages man)
76 #:use-module (gnu packages multiprecision)
77 #:use-module (gnu packages ncurses)
78 #:use-module (gnu packages nss)
79 #:use-module (gnu packages opencl)
80 #:use-module (gnu packages perl)
81 #:use-module (gnu packages pkg-config)
82 #:use-module (gnu packages python)
83 #:use-module (gnu packages python-web)
84 #:use-module (gnu packages python-xyz)
85 #:use-module (gnu packages readline)
86 #:use-module (gnu packages ruby)
87 #:use-module (gnu packages security-token)
88 #:use-module (gnu packages suckless)
89 #:use-module (gnu packages tcl)
90 #:use-module (gnu packages tls)
91 #:use-module (gnu packages qt)
92 #:use-module (gnu packages version-control)
93 #:use-module (gnu packages wxwidgets)
94 #:use-module (gnu packages xdisorg)
95 #:use-module (gnu packages xorg)
96 #:use-module (gnu packages xml)
97 #:use-module (guix build-system python))
98
99 (define-public pwgen
100 (package
101 (name "pwgen")
102 (version "2.08")
103 (source
104 (origin
105 (method url-fetch)
106 (uri (string-append "mirror://sourceforge/pwgen/pwgen/" version
107 "/pwgen-" version ".tar.gz"))
108 (sha256
109 (base32 "0yy90pqrr2pszzhb5hxjishq9qc7dqd290amiibqx9fm1b9kvc6s"))))
110 (build-system gnu-build-system)
111 (arguments
112 `(#:tests? #f)) ; no test suite
113 (home-page "http://pwgen.sourceforge.net/")
114 (synopsis "Password generator")
115 (description "Pwgen generates passwords which can be easily memorized by a
116 human.")
117 (license license:gpl2)))
118
119 (define-public keepassxc
120 (package
121 (name "keepassxc")
122 (version "2.5.4")
123 (source
124 (origin
125 (method url-fetch)
126 (uri (string-append "https://github.com/keepassxreboot/keepassxc"
127 "/releases/download/" version "/keepassxc-"
128 version "-src.tar.xz"))
129 (sha256
130 (base32 "0jndssyvpl8bc5i2q3d6kq1ppynchxx9nvp1qhd2pc0qqc0hhpm5"))))
131 (build-system cmake-build-system)
132 (arguments
133 '(#:configure-flags '("-DWITH_XC_ALL=YES"
134 "-DWITH_XC_UPDATECHECK=NO")))
135 (inputs
136 `(("argon2" ,argon2)
137 ("libgcrypt" ,libgcrypt)
138 ("libsodium" ,libsodium) ; XC_BROWSER
139 ("libyubikey" ,libyubikey) ; XC_YUBIKEY
140 ("libxi" ,libxi)
141 ("libxtst" ,libxtst)
142 ("qrencode" ,qrencode)
143 ("qtbase" ,qtbase)
144 ("qtsvg" ,qtsvg)
145 ("qtx11extras" ,qtx11extras)
146 ("quazip" ,quazip) ; XC_KEESHARE
147 ("readline" ,readline)
148 ("yubikey-personalization" ,yubikey-personalization) ; XC_YUBIKEY
149 ("zlib" ,zlib)))
150 (native-inputs
151 `(("qttools" ,qttools)))
152 (home-page "https://www.keepassxc.org")
153 (synopsis "Password manager")
154 (description "KeePassXC is a password manager or safe which helps you to
155 manage your passwords in a secure way. You can put all your passwords in one
156 database, which is locked with one master key or a key-file which can be stored
157 on an external storage device. The databases are encrypted using the
158 algorithms AES or Twofish.")
159 ;; While various parts of the software are licensed under different licenses,
160 ;; the combined work falls under the GPLv3.
161 (license license:gpl3)))
162
163 (define-public keepassx
164 (package
165 (name "keepassx")
166 (version "2.0.3")
167 (source
168 (origin
169 (method url-fetch)
170 (uri (string-append "https://www.keepassx.org/releases/" version
171 "/keepassx-" version ".tar.gz"))
172 (sha256
173 (base32
174 "1ia7cqx9ias38mnffsl7da7g1f66bcbjsi23k49sln0c6spb9zr3"))))
175 (build-system cmake-build-system)
176 (inputs
177 `(("libgcrypt" ,libgcrypt)
178 ("libxi" ,libxi)
179 ("libxtst" ,libxtst)
180 ("qt" ,qt-4)))
181 (native-inputs
182 `(("zlib" ,zlib)))
183 (home-page "https://www.keepassx.org")
184 (synopsis "Password manager")
185 (description "KeePassX is a password manager or safe which helps you to
186 manage your passwords in a secure way. You can put all your passwords in one
187 database, which is locked with one master key or a key-file which can be stored
188 on an external storage device. The databases are encrypted using the
189 algorithms AES or Twofish.")
190 ;; Non functional parts use various licences.
191 (license license:gpl3)
192 (properties `((superseded . ,keepassxc)))))
193
194 (define-public pwsafe
195 (package
196 (name "pwsafe")
197 (version "3.50.0")
198 (home-page "https://www.pwsafe.org/")
199 (source
200 (origin
201 (method git-fetch)
202 (uri (git-reference
203 (url "https://github.com/pwsafe/pwsafe.git")
204 (commit version)))
205 (sha256
206 (base32 "01kfssd2vr64yh4dqhch58x36n3aj3hpj5n560f41rsxym69c6qs"))
207 (file-name (git-file-name name version))))
208 (build-system cmake-build-system)
209 (native-inputs
210 `(("gettext" ,gettext-minimal)
211 ("gtest" ,googletest)
212 ("perl" ,perl)
213 ("zip" ,zip)))
214 (inputs `(("curl" ,curl)
215 ("file" ,file)
216 ("libuuid" ,util-linux "lib")
217 ("libxt" ,libxt)
218 ("libxtst" ,libxtst)
219 ("openssl" ,openssl)
220 ("qrencode" ,qrencode)
221 ("wxwidgets" ,wxwidgets)
222 ("xerces-c" ,xerces-c)))
223 (arguments '(#:configure-flags (list "-DNO_GTEST=YES")
224 #:phases (modify-phases %standard-phases
225 (add-after 'unpack 'add-gtest
226 (lambda* (#:key inputs #:allow-other-keys)
227 (chmod "CMakeLists.txt" #o644)
228 (let ((cmake-port (open-file "CMakeLists.txt"
229 "a")))
230 (display "find_package(GTest)
231 add_subdirectory(src/test)\n" cmake-port)
232 (close cmake-port)
233 #t)))
234 (add-after 'add-gtest 'patch-executables
235 (lambda* (#:key inputs #:allow-other-keys)
236 (chmod "src/test/OSTest.cpp" #o644)
237 (substitute* "src/os/unix/media.cpp"
238 (("/usr/bin/file")
239 (string-append (assoc-ref inputs "file")
240 "/bin/file")))
241 #t)))))
242 (synopsis "Password safe with automatic input and key generation")
243 (description "pwsafe is a password manager originally designed by Bruce
244 Schneier. It offers a simple UI to manage passwords for different services.
245 There are other programs that support the file format on different
246 platforms.")
247 (license license:artistic2.0)))
248
249 (define-public shroud
250 (package
251 (name "shroud")
252 (version "0.1.2")
253 (source (origin
254 (method url-fetch)
255 (uri (string-append "https://files.dthompson.us/shroud/shroud-"
256 version ".tar.gz"))
257 (sha256
258 (base32
259 "1l2shrhvcwfzkar9qiwb75nhcqmx25iz55lzmz0c187nbjhqzi9p"))))
260 (build-system gnu-build-system)
261 (native-inputs
262 `(("pkg-config" ,pkg-config)))
263 (arguments
264 `(#:modules ((guix build gnu-build-system)
265 (guix build utils)
266 (ice-9 popen)
267 (ice-9 rdelim))
268 #:phases
269 (modify-phases %standard-phases
270 (add-after 'install 'wrap-shroud
271 (lambda* (#:key inputs outputs #:allow-other-keys)
272 (let* ((out (assoc-ref outputs "out"))
273 (guile (assoc-ref inputs "guile"))
274 (effective (read-line
275 (open-pipe* OPEN_READ
276 (string-append guile "/bin/guile")
277 "-c" "(display (effective-version))")))
278 (ccachedir (string-append out
279 "/lib/guile/" effective "/site-ccache"))
280 (prog (string-append out "/bin/shroud")))
281 (wrap-program prog
282 `("GUILE_LOAD_COMPILED_PATH" ":" prefix (,ccachedir)))
283 #t))))))
284 (inputs
285 `(("guile" ,guile-2.2)
286 ("gnupg" ,gnupg)
287 ("xclip" ,xclip)))
288 (synopsis "GnuPG-based secret manager")
289 (description "Shroud is a simple secret manager with a command line
290 interface. The password database is stored as a Scheme s-expression and
291 encrypted with a GnuPG key. Secrets consist of an arbitrary number of
292 key/value pairs, making Shroud suitable for more than just password storage.
293 For copying and pasting secrets into web browsers and other graphical
294 applications, there is xclip integration." )
295 (home-page "https://dthompson.us/projects/shroud.html")
296 (license license:gpl3+)))
297
298 (define-public yapet
299 (package
300 (name "yapet")
301 (version "2.3")
302 (source
303 (origin
304 (method url-fetch)
305 (uri (string-append "https://yapet.guengel.ch/downloads/yapet-"
306 version ".tar.xz"))
307 (sha256
308 (base32 "1fl4s7v1psl52ndd6i7716i9f493aj8ipl6lgmraadnn5h26l3pm"))))
309 (build-system gnu-build-system)
310 (inputs
311 `(("argon2" ,argon2)
312 ("ncurses" ,ncurses)
313 ("openssl" ,openssl)))
314 (native-inputs
315 `(("cppunit" ,cppunit)
316 ("pkg-config" ,pkg-config)))
317 (synopsis "Yet Another Password Encryption Tool")
318 (description "YAPET is a text based password manager using the Blowfish
319 encryption algorithm. Because of its small footprint and very few library
320 dependencies, it is suited for installing on desktop and server systems alike.
321 The text based user interface allows you to run YAPET easily in a Secure Shell
322 session. Two companion utilities enable users to convert CSV files to YAPET
323 and vice versa.")
324 (home-page "https://yapet.guengel.ch/")
325 (license license:gpl3+)))
326
327 (define-public cracklib
328 (package
329 (name "cracklib")
330 (version "2.9.7")
331 (source
332 (origin
333 (method url-fetch)
334 (uri (string-append "https://github.com/cracklib/cracklib/"
335 "releases/download/v" version "/"
336 "cracklib-" version ".tar.bz2"))
337 (sha256
338 (base32 "1rimpjsdnmw8f5b7k558cic41p2qy2n2yrlqp5vh7mp4162hk0py"))))
339 (build-system gnu-build-system)
340 (arguments
341 `(#:phases
342 (modify-phases %standard-phases
343 (add-after 'install 'install-dict
344 (lambda* (#:key make-flags #:allow-other-keys)
345 (begin
346 (chmod (string-append "util/cracklib-format") #o755)
347 (apply invoke "make" "dict" make-flags)
348 #t))))))
349 (synopsis "Password checking library")
350 (home-page "https://github.com/cracklib/cracklib")
351 (description
352 "CrackLib is a library containing a C function which may be used in a
353 @command{passwd}-like program. The idea is simple: try to prevent users from
354 choosing passwords that could easily be guessed (or \"cracked\") by filtering
355 them out, at the source.")
356 (license license:lgpl2.1)))
357
358 (define-public libpwquality
359 (package
360 (name "libpwquality")
361 (version "1.4.2")
362 (source (origin
363 (method url-fetch)
364 (uri (list
365 (string-append "https://github.com/libpwquality/libpwquality"
366 "/releases/download/libpwquality-" version
367 "/libpwquality-" version ".tar.bz2")
368 (string-append "https://launchpad.net/libpwquality/trunk/"
369 version "/+download/"
370 "libpwquality-" version ".tar.bz2")))
371 (sha256
372 (base32
373 "13hw532fmzc5xjpy75d74rlfdlxf2a8ibb4hyy9c0s92wsgf0qsj"))))
374 (build-system gnu-build-system)
375 (arguments
376 ;; XXX: have RUNPATH issue.
377 '(#:configure-flags '("--disable-python-bindings")))
378 (inputs
379 `(("cracklib" ,cracklib)))
380 (synopsis "Password quality checker")
381 (home-page "https://github.com/libpwquality/libpwquality")
382 (description
383 "Libpwquality is a library for password quality checking and generation of
384 random passwords that pass the checks.")
385 (license license:gpl2+)))
386
387 (define-public assword
388 (package
389 (name "assword")
390 (version "0.11")
391 (source (origin
392 (method url-fetch)
393 (uri (list
394 (string-append
395 "http://http.debian.net/debian/pool/main/a/assword/"
396 "assword_" version ".orig.tar.gz")))
397 (sha256
398 (base32
399 "03gkb6kvsghznbcw5l7nmrc6mn3ixkjd5jcs96ni4zs9l47jf7yp"))))
400 (arguments
401 `(;; irritatingly, tests do run but not there are two problems:
402 ;; - "import gtk" fails for unknown reasons here despite it the
403 ;; program working (indeed, I've found I have to do a logout and log
404 ;; back in in after an install order for some mumbo jumbo environment
405 ;; variable mess to work with pygtk and assword... what's up with
406 ;; that?)
407 ;; - even when the tests fail, they don't return a nonzero status,
408 ;; so I'm not sure how to programmatically get that information
409 #:tests? #f
410 #:phases
411 (modify-phases %standard-phases
412 (add-after 'install 'wrap-assword
413 (lambda* (#:key outputs #:allow-other-keys)
414 (let ((prog (string-append
415 (assoc-ref outputs "out")
416 "/bin/assword"))
417 (gi-typelib-path (getenv "GI_TYPELIB_PATH")))
418 (wrap-program prog
419 `("GI_TYPELIB_PATH" ":" prefix (,gi-typelib-path)))
420 #t)))
421 (add-after 'install 'manpage
422 (lambda* (#:key outputs #:allow-other-keys)
423 ;; Without this substitution, it fails with
424 ;; ImportError: No module named 'gpg'
425 (substitute* "Makefile"
426 (("PYTHONPATH=.") ""))
427 (invoke "make" "assword.1")
428 (install-file
429 "assword.1"
430 (string-append (assoc-ref outputs "out") "/share/man/man1")))))))
431 (build-system python-build-system)
432 (native-inputs
433 `(("txt2man" ,txt2man)))
434 (inputs
435 `(("gtk+" ,gtk+)
436 ("python-xdo" ,python-xdo)
437 ("python-gpg" ,python-gpg)
438 ("python-pygobject" ,python-pygobject)))
439 (propagated-inputs
440 `(("xclip" ,xclip)))
441 (home-page "https://finestructure.net/assword/")
442 (synopsis "Password manager")
443 (description "assword is a simple password manager using GPG-wrapped
444 JSON files. It has a command line interface as well as a very simple
445 graphical interface, which can even \"type\" your passwords into
446 any X11 window.")
447 (license license:gpl3+)))
448
449 (define-public password-store
450 (package
451 (name "password-store")
452 (version "1.7.3")
453 (source (origin
454 (method url-fetch)
455 (uri
456 (string-append "https://git.zx2c4.com/password-store/snapshot/"
457 name "-" version ".tar.xz"))
458 (sha256
459 (base32
460 "1x53k5dn3cdmvy8m4fqdld4hji5n676ksl0ql4armkmsds26av1b"))))
461 (build-system gnu-build-system)
462 (arguments
463 '(#:phases
464 (modify-phases %standard-phases
465 (delete 'configure)
466 (delete 'build)
467 (add-before 'install 'patch-system-extension-dir
468 (lambda* (#:key outputs #:allow-other-keys)
469 (let* ((out (assoc-ref outputs "out"))
470 (extension-dir (string-append out "/lib/password-store/extensions")))
471 (substitute* "src/password-store.sh"
472 (("^SYSTEM_EXTENSION_DIR=.*$")
473 ;; lead with whitespace to prevent 'make install' from
474 ;; overwriting it again
475 (string-append " SYSTEM_EXTENSION_DIR=\""
476 "${PASSWORD_STORE_SYSTEM_EXTENSION_DIR:-"
477 extension-dir
478 "}\"\n"))))
479 #t))
480 (add-before 'install 'patch-passmenu-path
481 (lambda* (#:key inputs #:allow-other-keys)
482 (substitute* "contrib/dmenu/passmenu"
483 (("dmenu") (string-append (assoc-ref inputs "dmenu")
484 "/bin/dmenu"))
485 (("xdotool") (string-append (assoc-ref inputs "xdotool")
486 "/bin/xdotool")))
487 #t))
488 (add-after 'install 'install-passmenu
489 (lambda* (#:key outputs #:allow-other-keys)
490 (let* ((out (assoc-ref outputs "out"))
491 (bin (string-append out "/bin")))
492 (install-file "contrib/dmenu/passmenu" bin)
493 #t)))
494 (add-after 'install 'wrap-path
495 (lambda* (#:key inputs outputs #:allow-other-keys)
496 (let ((out (assoc-ref outputs "out"))
497 (path (map (lambda (pkg)
498 (string-append (assoc-ref inputs pkg) "/bin"))
499 '("coreutils" "getopt" "git" "gnupg" "qrencode"
500 "sed" "tree" "which" "xclip"))))
501 (wrap-program (string-append out "/bin/pass")
502 `("PATH" ":" prefix (,(string-join path ":"))))
503 #t))))
504 #:make-flags (list "CC=gcc" (string-append "PREFIX=" %output)
505 "WITH_ALLCOMP=yes"
506 (string-append "BASHCOMPDIR="
507 %output "/etc/bash_completion.d"))
508 ;; Parallel tests may cause a race condition leading to a
509 ;; timeout in some circumstances.
510 #:parallel-tests? #f
511 #:test-target "test"))
512 (native-search-paths
513 (list (search-path-specification
514 (variable "PASSWORD_STORE_SYSTEM_EXTENSION_DIR")
515 (separator #f) ;single entry
516 (files '("lib/password-store/extensions")))))
517 (inputs
518 `(("dmenu" ,dmenu)
519 ("getopt" ,util-linux)
520 ("git" ,git)
521 ("gnupg" ,gnupg)
522 ("qrencode" ,qrencode)
523 ("sed" ,sed)
524 ("tree" ,tree)
525 ("which" ,which)
526 ("xclip" ,xclip)
527 ("xdotool" ,xdotool)))
528 (home-page "https://www.passwordstore.org/")
529 (synopsis "Encrypted password manager")
530 (description "Password-store is a password manager which uses GnuPG to
531 store and retrieve passwords. The tool stores each password in its own
532 GnuPG-encrypted file, allowing the program to be simple yet secure.
533 Synchronization is possible using the integrated git support, which commits
534 changes to your password database to a git repository that can be managed
535 through the pass command.")
536 (license license:gpl2+)))
537
538 (define-public pass-otp
539 (package
540 (name "pass-otp")
541 (version "1.2.0")
542 (source
543 (origin
544 (method url-fetch)
545 (uri
546 (string-append "https://github.com/tadfisher/pass-otp/releases/"
547 "download/v" version "/pass-otp-" version ".tar.gz"))
548 (sha256
549 (base32
550 "0rrs3iazq80dn0wbl20xkh270428jd8l99m5gd7hl93s4r4sc82p"))))
551 (build-system gnu-build-system)
552 (arguments
553 '(#:make-flags
554 (let* ((out (assoc-ref %outputs "out"))
555 (bashcomp (string-append out "/etc/bash_completion.d")))
556 (list (string-append "PREFIX=" %output)
557 (string-append "BASHCOMPDIR=" bashcomp)))
558 #:phases
559 (modify-phases %standard-phases
560 (delete 'configure)
561 (add-after 'build 'patch-oath-path
562 (lambda* (#:key inputs #:allow-other-keys)
563 (substitute* "otp.bash"
564 (("^OATH=.*$")
565 (string-append
566 "OATH="
567 (assoc-ref inputs "oath-toolkit")
568 "/bin/oathtool\n")))
569 #t)))
570 #:test-target "test"))
571 (inputs
572 `(("oath-toolkit" ,oath-toolkit)))
573 (native-inputs
574 `(("password-store" ,password-store)
575 ("expect" ,expect)
576 ("git" ,git)
577 ("gnupg" ,gnupg)
578 ("which" ,which)))
579 (home-page "https://github.com/tadfisher/pass-otp")
580 (synopsis "Pass extension for managing one-time-password (OTP) tokens")
581 (description
582 "Pass OTP is an extension for password-store that allows adding
583 one-time-password (OTP) secrets, generating OTP codes, and displaying secret
584 key URIs using the standard otpauth:// scheme.")
585 (license license:gpl3+)))
586
587 (define-public qtpass
588 (package
589 (name "qtpass")
590 (version "1.2.3")
591 (source
592 (origin
593 (method git-fetch)
594 (uri (git-reference
595 (url "https://github.com/IJHack/QtPass.git")
596 (commit (string-append "v" version))))
597 (file-name (git-file-name name version))
598 (sha256
599 (base32
600 "1vfhfyccrxq9snyvayqfzm5rqik8ny2gysyv7nipc91kvhq3bhky"))))
601 (build-system gnu-build-system)
602 (arguments
603 `(#:phases
604 (modify-phases %standard-phases
605 (replace 'configure
606 (lambda* (#:key inputs outputs #:allow-other-keys)
607 (let ((out (assoc-ref outputs "out")))
608 ;; lupdate/lrelease need to find qmake.
609 (setenv "QMAKE" "qmake")
610 ;; qmake needs to find lrelease/lupdate.
611 (invoke "qmake"
612 "QMAKE_LRELEASE=lrelease"
613 "QMAKE_LUPDATE=lupdate"
614 (string-append "PREFIX=" out)))))
615 (add-after 'configure 'reset-resource-timestamps
616 ;; Reset timestamps on localization files for a reproducible build.
617 (lambda _
618 (with-directory-excursion "localization"
619 (for-each (lambda (file)
620 (let* ((base (basename file ".qm"))
621 (src (string-append base ".ts"))
622 (st (stat src)))
623 (set-file-time file st)))
624 (find-files "." ".*\\.qm")))
625 #t))
626 (add-after 'install 'install-auxilliary
627 ;; Install man-page, icon and .desktop file.
628 (lambda* (#:key inputs outputs #:allow-other-keys)
629 (let* ((out (assoc-ref outputs "out"))
630 (applications (string-append out "/share/applications"))
631 (icons (string-append out "/share/icons/hicolor/scalable/apps"))
632 (man (string-append out "/share/man/man1")))
633 (install-file "qtpass.desktop" applications)
634 (install-file "artwork/icon.svg" icons)
635 (rename-file (string-append icons "/icon.svg")
636 (string-append icons "/qtpass-icon.svg"))
637 (install-file "qtpass.1" man)
638 #t)))
639 (add-before 'check 'check-setup
640 ;; Make Qt render "offscreen", required for tests.
641 (lambda _
642 (setenv "QT_QPA_PLATFORM" "offscreen")
643 #t)))))
644 (native-inputs
645 `(("qttools" ,qttools)))
646 (inputs
647 `(("qtbase" ,qtbase)
648 ("qtsvg" ,qtsvg)))
649 (home-page "https://qtpass.org")
650 (synopsis "GUI for password manager password-store")
651 (description
652 "Qt-based graphical user interface for the password manager
653 password-store also known as pass. Can use either pass or gpg to interact
654 with password-store files. Features configurable password generation,
655 templates, clipboard handling, and per folder settings for multi-recipient
656 encryption.")
657 (license license:gpl3+)))
658
659 (define-public rofi-pass
660 (package
661 (name "rofi-pass")
662 (version "2.0.2")
663 (source
664 (origin
665 (method url-fetch)
666 (uri
667 (string-append "https://raw.githubusercontent.com/carnager/rofi-pass/"
668 version "/rofi-pass"))
669 (sha256
670 (base32 "0msldkndqp40nx1s5s7ggcr97ir4nshpmnyzvj5hqw1l7m3gvw6j"))
671 (file-name name)))
672 (build-system trivial-build-system)
673 (arguments
674 `(#:modules ((guix build utils))
675 #:builder
676 (begin
677 (use-modules (guix build utils))
678 (let ((source (string-append (assoc-ref %build-inputs "source")))
679 (script "rofi-pass")
680 (out (assoc-ref %outputs "out")))
681 (copy-file source script)
682 (chmod script #o555)
683 (install-file script (string-append out "/bin"))))))
684 (propagated-inputs
685 `(("password-store" ,password-store)
686 ("rofi" ,rofi)
687 ("xdotool" ,xdotool)))
688 (home-page "https://github.com/carnager/rofi-pass")
689 (synopsis "Rofi frontend for password-store")
690 (description "Rofi-pass provides a way to manipulate information stored
691 using password-store through rofi interface:
692 @enumerate
693 @item open URLs of entries with hotkey;
694 @item type any field from entry;
695 @item auto-typing of user and/or password fields;
696 @item auto-typing username based on path;
697 @item auto-typing of more than one field, using the autotype entry;
698 @item bookmarks mode (open stored URLs in browser, default: Alt+x).
699 @end enumerate")
700 (license license:gpl3)))
701
702 (define-public browserpass-native
703 (package
704 (name "browserpass-native")
705 (version "3.0.6")
706 (source
707 (origin
708 (method git-fetch)
709 (uri (git-reference
710 (url "https://github.com/browserpass/browserpass-native.git")
711 (commit version)))
712 (file-name (git-file-name name version))
713 (sha256
714 (base32
715 "0q3bsla07zjl6i69nj1axbkg2ia89pvh0jg6nlqgbm2kpzzbn0pz"))))
716 (build-system go-build-system)
717 (arguments
718 `(#:import-path "github.com/browserpass/browserpass-native"
719 #:install-source? #f
720 #:phases
721 (modify-phases %standard-phases
722 (add-before 'build 'patch-makefile
723 (lambda* (#:key outputs #:allow-other-keys)
724 (let ((out (assoc-ref outputs "out")))
725 ;; This doesn't go in #:make-flags because the Makefile itself
726 ;; gets installed.
727 (substitute*
728 "src/github.com/browserpass/browserpass-native/Makefile"
729 (("PREFIX \\?= /usr")
730 (string-append "PREFIX ?= " out)))
731 #t)))
732 (add-before 'build 'configure
733 (lambda _
734 (with-directory-excursion
735 "src/github.com/browserpass/browserpass-native"
736 (invoke "make" "configure"))
737 #t))
738 (replace 'build
739 (lambda _
740 (with-directory-excursion
741 "src/github.com/browserpass/browserpass-native"
742 (invoke "make"))
743 #t))
744 (replace 'install
745 (lambda _
746 (with-directory-excursion
747 "src/github.com/browserpass/browserpass-native"
748 (invoke "make" "install"))
749 #t))
750 (add-after 'install 'wrap-executable
751 (lambda* (#:key inputs outputs #:allow-other-keys)
752 (let ((out (assoc-ref outputs "out"))
753 (gnupg (assoc-ref inputs "gnupg")))
754 (wrap-program (string-append out "/bin/browserpass")
755 `("PATH" ":" prefix
756 (,(string-append gnupg "/bin"))))
757 #t))))))
758 (native-inputs
759 `(("which" ,which)))
760 (inputs
761 `(("gnupg" ,gnupg)
762 ("go-github-com-mattn-go-zglob" ,go-github-com-mattn-go-zglob)
763 ("go-github-com-rifflock-lfshook" ,go-github-com-rifflock-lfshook)
764 ("go-github-com-sirupsen-logrus" ,go-github-com-sirupsen-logrus)
765 ("go-golang-org-x-sys" ,go-golang-org-x-sys)))
766 (home-page "https://github.com/browserpass/browserpass-native")
767 (synopsis "Browserpass native messaging host")
768 (description "Browserpass is a browser extension for pass, a
769 UNIX-based password store manager. It allows you to auto-fill or copy to
770 clipboard credentials for the current domain, protecting you from phishing
771 attacks.
772
773 This package only contains the Browserpass native messaging host. You must
774 also install the browser extension for GNU IceCat or ungoogled-chromium
775 separately.")
776 (license license:isc)))
777
778 (define-public argon2
779 (package
780 (name "argon2")
781 (version "20190702")
782 (source
783 (origin
784 (method git-fetch)
785 (uri (git-reference
786 (url "https://github.com/P-H-C/phc-winner-argon2")
787 (commit version)))
788 (file-name (git-file-name name version))
789 (sha256
790 (base32
791 "01rwanr4wmr9vm6c712x411wig543q195z2icn388z892a93lc7p"))))
792 (build-system gnu-build-system)
793 (arguments
794 `(#:test-target "test"
795 #:make-flags (list "CC=gcc"
796 (string-append "PREFIX=" (assoc-ref %outputs "out"))
797 "LIBRARY_REL=lib"
798 (string-append "ARGON2_VERSION=" ,version)
799 "OPTTEST=1") ; disable CPU optimization
800 #:phases
801 (modify-phases %standard-phases
802 (delete 'configure)))) ; No configure script.
803 (home-page "https://www.argon2.com/")
804 (synopsis "Password hashing library")
805 (description "Argon2 provides a key derivation function that was declared
806 winner of the 2015 Password Hashing Competition.")
807 ;; Argon2 is dual licensed under CC0 and ASL 2.0. Some of the source
808 ;; files are CC0 only; see README.md and LICENSE for details.
809 (license (list license:cc0 license:asl2.0))))
810
811 (define-public pass-git-helper
812 (package
813 (name "pass-git-helper")
814 (version "1.1.0")
815 (source
816 (origin
817 (method git-fetch)
818 (uri (git-reference
819 (url "https://github.com/languitar/pass-git-helper")
820 (commit (string-append "v" version))))
821 (file-name (git-file-name name version))
822 (sha256
823 (base32
824 "18nvwlp0w4aqj268wly60rnjzqw2d8jl0hbs6bkwp3hpzzz5g6yd"))))
825 (build-system python-build-system)
826 (arguments
827 `(#:phases
828 (modify-phases %standard-phases
829 (add-before 'build 'patch-pass-path
830 (lambda* (#:key inputs #:allow-other-keys)
831 (let* ((password-store (assoc-ref inputs "password-store"))
832 (pass (string-append password-store "/bin/pass")))
833 (substitute* '("passgithelper.py"
834 "test_passgithelper.py")
835 (("'pass'") (string-append "'" pass "'")))
836 #t)))
837 (replace 'check
838 (lambda _
839 (setenv "HOME" (getcwd))
840 (invoke "pytest"))))))
841 (inputs
842 `(("python-pyxdg" ,python-pyxdg)
843 ("password-store" ,password-store)))
844 (native-inputs
845 `(("python-pytest" ,python-pytest)
846 ("python-pytest-mock" ,python-pytest-mock)))
847 (home-page "https://github.com/languitar/pass-git-helper")
848 (synopsis "Git credential helper interfacing with pass")
849 (description "pass-git-helper is a git credential helper which
850 uses pass, the standard unix password manager, as the credential backend for
851 your git repositories. This is achieved by explicitly defining mappings
852 between hosts and entries in the password store.")
853 (license license:lgpl3+)))
854
855 (define-public john-the-ripper-jumbo
856 (let ((official-version "1.9.0")
857 (jumbo-version "1"))
858 (package
859 (name "john-the-ripper-jumbo")
860 (version (string-append official-version "-" jumbo-version))
861 (source
862 (origin
863 (method url-fetch)
864 (uri (string-append "http://www.openwall.com/john/j/john-"
865 official-version "-jumbo-" jumbo-version ".tar.xz"))
866 (sha256
867 (base32
868 "0fvz3v41hnaiv1ggpxanfykyfjq79cwp9qcqqn63vic357w27lgm"))))
869 (build-system gnu-build-system)
870 (native-inputs
871 `(("perl" ,perl)))
872 (inputs
873 `(("gmp" ,gmp)
874 ("libpcap" ,libpcap)
875 ("nss" ,nss)
876 ("openssl" ,openssl-1.0)
877 ("python" ,python-2) ; For "python" and "python2" shebangs
878 ("ruby" ,ruby) ; For genincstats.rb
879 ("zlib" ,zlib)))
880 (arguments
881 `(#:configure-flags
882 (list "--with-systemwide"
883 ;; Do not test for instruction set in configure, and do not
884 ;; pass '-march=native' to gcc:
885 "--disable-native-tests"
886 "--disable-native-march"
887 ,(string-append
888 "--enable-simd="
889 (let ((system (or (%current-target-system)
890 (%current-system))))
891 (cond
892 ((or (string-prefix? "x86_64" system)
893 (string-prefix? "i686" system)) "sse2")
894 ((string-prefix? "aarch" system) "neon")
895 (else "no")))))
896 #:phases
897 (modify-phases %standard-phases
898 (add-before 'configure 'chdir-src
899 (lambda _ (chdir "src") #t))
900 (replace 'install
901 (lambda _
902 (let ((bindir (string-append %output "/bin"))
903 (docdir (string-append %output "/share/doc/john"))
904 (execdir (string-append %output "/libexec/john"))
905 (datadir (string-append %output "/share/john"))
906 (install-file-to (lambda (dir)
907 (lambda (f) (install-file f dir))))
908 (symlink? (lambda (_ s) (eq? (stat:type s) 'symlink))))
909 (with-directory-excursion "../run"
910 (for-each (install-file-to bindir)
911 (cons*
912 "john" "makechr" "cprepair" "SIPdump" "tgtsnarf"
913 "genmkvpwd" "mkvcalcproba" "calc_stat" "raw2dyna"
914 (find-files "." "(to|2)?john(-[^.]*)?$")))
915 (for-each (lambda (f) ; Install symlinked aliases
916 (let ((tgt (string-append bindir "/" (basename f))))
917 ;; The use of install-file above dereferences
918 ;; symlinks. We'd rather have the symlinks
919 ;; for clarity, so remove tgt before linking.
920 (when (file-exists? tgt) (delete-file tgt))
921 (symlink "john" tgt)))
922 (find-files "." symlink?))
923 (for-each (install-file-to execdir)
924 (cons* "mailer" "benchmark-unify" "relbench"
925 (find-files "." ".*\\.js")))
926 (for-each (lambda (f)
927 (let* ((base (basename f))
928 (name (substring base 0 (string-index base #\.)))
929 (link (string-append bindir "/" name)))
930 (install-file f execdir)
931 (when (and (executable-file? f)
932 (not (file-exists? link)))
933 (symlink (string-append execdir "/" base) link))))
934 (find-files "." ".*\\.(pl|py|rb|lua)"))
935 (for-each (install-file-to datadir)
936 (append (find-files "." "(stats|dictionary.*)")
937 (find-files "." "(.*\\.chr|.*\\.lst)")
938 (find-files "." ".*\\.conf")))
939 (copy-recursively "rules" (string-append datadir "/rules")))
940 (copy-recursively "../doc" docdir)
941 #t)))
942 (delete 'check) ; Tests need installed .conf files; move after install
943 (add-after 'install 'check
944 (lambda args
945 (setenv "HOME" "/tmp") ; Some tests need to write to ~/.john
946 (setenv "OMP_NUM_THREADS" (number->string (parallel-job-count)))
947 (apply (assoc-ref %standard-phases 'check) args))))))
948 (home-page "http://www.openwall.com/john/")
949 (synopsis "Password cracker")
950 (description "John the Ripper is a fast password cracker. Its primary
951 purpose is to detect weak Unix passwords. Besides several @code{crypt}
952 password hash types most commonly found on various Unix systems, supported out
953 of the box are Windows LM hashes, plus lots of other hashes and ciphers. This
954 is the community-enhanced, \"jumbo\" version of John the Ripper.")
955 (license license:gpl2+))))
956
957 (define-public sala
958 (package
959 (name "sala")
960 (version "1.3")
961 (source
962 (origin
963 (method url-fetch)
964 (uri (pypi-uri "sala" version))
965 (sha256
966 (base32
967 "13qgmc3i2a0cqp8jqrfl93lnphfagb32pgfikc1gza2a14asxzi8"))))
968 (build-system python-build-system)
969 (arguments
970 ;; Sala is supposed to work with Python 3.2 or higher,
971 ;; but it doesn't work with Python 3.6. Better stick
972 ;; to Python 2, which works fine.
973 `(#:python ,python-2))
974 (propagated-inputs
975 `(("gnupg" ,gnupg)
976 ("pwgen" ,pwgen)))
977 (home-page "http://www.digip.org/sala/")
978 (synopsis "Encrypted plaintext password store")
979 (description
980 "Store passwords and other bits of sensitive plain-text information
981 to encrypted files on a directory hierarchy. The information is protected
982 by GnuPG's symmetrical encryption.")
983 (license license:expat)))
984
985 (define-public fpm2
986 (package
987 (name "fpm2")
988 (version "0.79")
989 (source (origin
990 (method url-fetch)
991 (uri (string-append "https://als.regnet.cz/fpm2/download/fpm2-"
992 version ".tar.bz2"))
993 (sha256
994 (base32
995 "19sdy1lygfhkg5nxi2w9a4d9kwvw24nxp0ix0p0lz91qpvk9qpnm"))))
996 (build-system gnu-build-system)
997 (inputs `(("gtk2" ,gtk+-2)
998 ("gnupg" ,gnupg)
999 ("libxml2" ,libxml2)))
1000 (native-inputs `(("pkg-config" ,pkg-config)
1001 ("intltool" ,intltool)))
1002 (arguments
1003 `(#:phases
1004 (modify-phases %standard-phases
1005 (add-before 'configure 'pre-configure
1006 ;; The file po/POTFILES.in ends up missing for some reason in
1007 ;; both nix and guix builds. Adding the file with contents
1008 ;; found during troubleshooting.
1009 (lambda _
1010 (call-with-output-file "po/POTFILES.in"
1011 (lambda (port)
1012 (format port "data/fpm2.desktop.in
1013 data/fpm2.desktop.in.in
1014 fpm2.glade
1015 src/callbacks.c
1016 src/fpm.c
1017 src/fpm_file.c
1018 src/interface.c
1019 src/support.c
1020 fpm2.glade
1021 ")))
1022 #t)))))
1023 (synopsis "Manage, generate and store passwords encrypted")
1024 (description "FPM2 is GTK2 port from Figaro's Password Manager
1025 originally developed by John Conneely, with some new enhancements.
1026
1027 Upstream development seems to have stopped. It is therefore recommended
1028 to use a different password manager.")
1029 (home-page "https://als.regnet.cz/fpm2/")
1030 (license license:gpl2+)))
1031
1032 (define-public pass-rotate
1033 (package
1034 (name "pass-rotate")
1035 (version "0.1")
1036 (source
1037 (origin
1038 (method git-fetch)
1039 (uri (git-reference
1040 (url "https://github.com/ddevault/pass-rotate")
1041 (commit version)))
1042 (file-name (git-file-name name version))
1043 (sha256
1044 (base32
1045 "1m067vvdlc85csbpkp8aw4s3ags7q8s3jszrr32kmj9qhk5c254f"))))
1046 (build-system python-build-system)
1047 (inputs
1048 `(("python-beautifulsoup4" ,python-beautifulsoup4)
1049 ("python-docopt" ,python-docopt)
1050 ("python-html5lib" ,python-html5lib)
1051 ("python-requests" ,python-requests)))
1052 (home-page "https://github.com/ddevault/pass-rotate")
1053 (synopsis "Rotate password on online services")
1054 (description "pass-rotate is a command line utility and python library for
1055 rotating passwords on various web services. It makes it easier to rotate your
1056 passwords, one at a time or in bulk, when security events or routine upkeep of
1057 your online accounts makes it necessary.")
1058 (license license:expat)))
1059
1060 (define-public hashcat
1061 (package
1062 (name "hashcat")
1063 (version "5.1.0")
1064 (source
1065 (origin
1066 (method url-fetch)
1067 (uri (string-append "https://hashcat.net/files/hashcat-"
1068 version ".tar.gz"))
1069 (sha256
1070 (base32
1071 "0f73y4cg8c7a6q7x34qvpfi4g3lw6j9bnn0a13g43aqyiskflfr8"))))
1072 (native-inputs
1073 `(("opencl-headers" ,opencl-headers)))
1074 (build-system gnu-build-system)
1075 (arguments
1076 '(#:tests? #f ;no tests
1077 #:make-flags (list (string-append "PREFIX=" %output))
1078 #:phases
1079 (modify-phases %standard-phases
1080 (delete 'configure))))
1081 (home-page "https://hashcat.net/hashcat/")
1082 (synopsis "Advanced password recovery utility")
1083 (description "Hashcat is an password recovery utility, supporting five
1084 unique modes of attack for over 200 highly-optimized hashing algorithms.
1085 Hashcat currently supports CPUs, GPUs, and other hardware accelerators on
1086 Linux, Windows, and macOS, and has facilities to help enable distributed
1087 password cracking.")
1088 (license license:expat)))
1089
1090 (define-public hashcat-utils
1091 (package
1092 (name "hashcat-utils")
1093 (version "1.9")
1094 (source
1095 (origin
1096 (method url-fetch)
1097 (uri (string-append "https://github.com/hashcat/hashcat-utils/releases/"
1098 "download/v" version "/"
1099 "hashcat-utils-" version ".7z"))
1100 (sha256
1101 (base32 "0kq555kb338691qd7zjmi8vhq4km3apnsl2w63zh0igwzcjx6lx1"))))
1102 (native-inputs
1103 `(("p7zip" ,p7zip)))
1104 (inputs
1105 `(("perl" ,perl)))
1106 (build-system gnu-build-system)
1107 (arguments
1108 `(#:tests? #f ;no tests
1109 #:make-flags (list "CC=gcc"
1110 ;; Upstream bug(?): "make all" seems to remove the
1111 ;; Perl scripts from the source.
1112 "native")
1113 #:phases
1114 (modify-phases %standard-phases
1115 (replace 'unpack
1116 (lambda* (#:key source #:allow-other-keys)
1117 (invoke "7z" "x" source)
1118 (chdir (string-append "hashcat-utils-" ,version "/src"))
1119 #t))
1120 (delete 'configure)
1121 (replace 'install
1122 (lambda* (#:key outputs #:allow-other-keys)
1123 (let ((out (string-append (assoc-ref outputs "out") "/bin")))
1124 (mkdir-p out)
1125 (for-each
1126 (lambda (file)
1127 (copy-file file (string-append out "/"
1128 (basename file ".bin"))))
1129 (find-files "." "\\.bin$"))
1130 (for-each
1131 (lambda (file)
1132 (copy-file file (string-append out "/"
1133 (basename file ".pl"))))
1134 (find-files "../bin" "\\.pl$"))
1135 #t))))))
1136 (home-page "https://github.com/hashcat/hashcat-utils/")
1137 (synopsis "Small utilities that are useful in advanced password cracking")
1138 (description "Hashcat-utils are a set of small utilities that are useful
1139 in advanced password cracking. They all are packed into multiple stand-alone
1140 binaries. All of these utils are designed to execute only one specific
1141 function. Since they all work with @code{STDIN} and @code{STDOUT} you can
1142 group them into chains.")
1143 (license license:expat)))
1144
1145 (define-public bruteforce-luks
1146 (package
1147 (name "bruteforce-luks")
1148 (version "1.4.0")
1149 (source
1150 (origin
1151 (method url-fetch)
1152 (uri (string-append "https://github.com/glv2/bruteforce-luks/releases/download/"
1153 version
1154 "/bruteforce-luks-"
1155 version
1156 ".tar.lz"))
1157 (sha256
1158 (base32 "0yawrlbbklhmvwr99wm7li3r0d5kxvpkwf33a12rji7z0ya5p340"))))
1159 (build-system gnu-build-system)
1160 (native-inputs
1161 `(("lzip" ,lzip)))
1162 (inputs
1163 `(("cryptsetup" ,cryptsetup)))
1164 (synopsis "LUKS encrypted volume cracker")
1165 (description
1166 "This is a cracker for LUKS encrypted volumes. It can be used either in
1167 exhaustive mode to try every password given a charset or in dictionary mode to
1168 try every password contained in a file.")
1169 (home-page "https://github.com/glv2/bruteforce-luks")
1170 (license license:gpl3+)))
jackhill's copy of GNU Guix: https://guix.gnu.org/