;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
+;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2015, 2016 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
;;; Copyright © 2015 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
+;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Pjotr Prins <pjotr.guix@thebird.nl>
+;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (guix build-system trivial)
#:use-module (gnu packages)
#:use-module (gnu packages base)
+ #:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages readline)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages lua)
#:use-module (gnu packages guile)
#:use-module (gnu packages gettext)
+ #:use-module (gnu packages pcre)
#:use-module (gnu packages perl)
#:use-module (gnu packages tcl)
#:use-module (gnu packages compression)
#:use-module (gnu packages bison)
#:use-module (gnu packages flex)
#:use-module (gnu packages glib)
+ #:use-module (gnu packages openldap)
+ #:use-module (gnu packages mcrypt)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages popt)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages image)
#:use-module (gnu packages xorg)
#:use-module (gnu packages python)
- #:use-module (gnu packages man))
+ #:use-module (gnu packages man)
+ #:use-module (gnu packages autotools))
+
+(define-public aide
+ (package
+ (name "aide")
+ (version "0.15.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://sourceforge/aide/aide/"
+ version "/aide-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1vsrc0s62kv1i84skm6k6zy868gayjck268qwj38rpspc8c5qgih"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ `(("bison" ,bison)
+ ("flex" ,flex)))
+ (inputs
+ `(("libgcrypt" ,libgcrypt)
+ ("libgpg-error" ,libgpg-error)
+ ("libmhash" ,libmhash)
+ ("zlib" ,zlib)))
+ (synopsis "File and directory integrity checker")
+ (description
+ "AIDE (Advanced Intrusion Detection Environment) is a file and directory
+integrity checker. It creates a database from the regular expression rules
+that it finds from its configuration files. Once this database is initialized
+it can be used to verify the integrity of the files. It has several message
+digest algorithms that are used to check the integrity of files. All of the
+usual file attributes can be checked for inconsistencies.")
+ (home-page "http://aide.sourceforge.net/")
+ (license license:gpl2+)))
+
+(define-public progress
+ (package
+ (name "progress")
+ (version "0.13")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/Xfennec/"
+ name "/archive/v" version ".tar.gz"))
+ (sha256
+ (base32 "133iar4vq5vlklydb4cyazjy6slmpbndrws474mg738bd8avc30n"))
+ (file-name (string-append name "-" version ".tar.gz"))))
+ (build-system gnu-build-system)
+ (inputs
+ `(("ncurses" ,ncurses)))
+ (arguments
+ `(#:tests? #f ; There is no test suite.
+ #:make-flags (list "CC=gcc" "LDFLAGS+=-lncurses"
+ (string-append "PREFIX=" (assoc-ref %outputs "out")))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)))) ; There's no configure phase.
+ (home-page "https://github.com/Xfennec/progress")
+ (synopsis "Program to view the progress of the coreutils commands")
+ (description "A program that looks for coreutils basic commands (cp, mv,
+dd, tar, gzip/gunzip, cat, etc.) currently running on your system and displays
+the percentage of copied data. It can also show estimated time and throughput,
+and provides a \"top-like\" mode (monitoring).")
+ (license license:gpl3+)))
(define-public dmd
+ ;; Deprecated. Kept around "just in case."
(let ((base-version "0.2")
(patch-level "01"))
(package
;; is used by a bunch of services.
(method url-fetch)
(uri (string-append
- "http://git.savannah.gnu.org/cgit/dmd.git/patch/"
- "?id=d1d0ff30b3ed2b86b0a3c9bc048d2a855f8e31e6"))
+ "http://git.savannah.gnu.org/cgit/shepherd.git/"
+ "patch?id=d1d0ff30b3ed2b86b0a3c9bc048d2a855f8e31e6"))
(sha256
(base32
"1lqymypixfiyb72d6bn24m06ry2q1ljnnv0qrc89pbb4z9azaa4d"))
(license license:gpl3+)
(home-page "http://www.gnu.org/software/dmd/"))))
+(define-public shepherd
+ (package
+ (name "shepherd")
+ (version "0.3.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "ftp://alpha.gnu.org/gnu/dmd/shepherd-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "0f3yi3n4sl9myiay95yhv2a9an338qddfjrbv7da753ip66dkfz6"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags '("--localstatedir=/var")))
+ (native-inputs `(("pkg-config" ,pkg-config)))
+ (inputs `(("guile" ,guile-2.0)))
+ (synopsis "System service manager")
+ (description
+ "The GNU Shepherd is a daemon-managing daemon, meaning that it supervises
+the execution of system services, replacing similar functionality found in
+typical init systems. It provides dependency-handling through a convenient
+interface and is based on GNU Guile.")
+ (license license:gpl3+)
+ (home-page "http://www.gnu.org/software/shepherd/")))
+
(define-public dfc
(package
(name "dfc")
(define-public htop
(package
(name "htop")
- (version "1.0.3")
+ (version "2.0.1")
(source (origin
(method url-fetch)
(uri (string-append "http://hisham.hm/htop/releases/"
version "/htop-" version ".tar.gz"))
(sha256
(base32
- "0a8qbpsifzjwc4f45xfwm48jhm59g6q5hlib4bf7z13mgy95fp05"))))
+ "0rjn9ybqx5sav7z4gn18f1q6k23nmqyb6yydfgghzdznz9nn447l"))))
(build-system gnu-build-system)
(inputs
`(("ncurses" ,ncurses)))
(license license:gpl3+)))
(define-public isc-dhcp
- (package
- (name "isc-dhcp")
- (version "4.3.1")
- (source (origin
- (method url-fetch)
- (uri (string-append "http://ftp.isc.org/isc/dhcp/"
- version "/dhcp-" version ".tar.gz"))
- (sha256
- (base32
- "1w4s7sni1m9223ya8m2a64lr62845c6xlraprjf8zfx6lylbqv16"))))
- (build-system gnu-build-system)
- (arguments
- '(#:phases (alist-cons-after
- 'configure 'post-configure
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Point to the right client script, which will be
- ;; installed in a later phase.
- (substitute* "includes/dhcpd.h"
- (("#define[[:blank:]]+_PATH_DHCLIENT_SCRIPT.*")
- (let ((out (assoc-ref outputs "out")))
- (string-append "#define _PATH_DHCLIENT_SCRIPT \""
- out "/libexec/dhclient-script"
- "\"\n"))))
-
- ;; During the 'build' phase, 'bind.tar.gz' is extracted, so
- ;; we must patch shebangs in there and make sure the right
- ;; shell is used.
- (with-directory-excursion "bind"
- (substitute* "Makefile"
- (("\\./configure")
- (let ((sh (which "sh")))
- (string-append "./configure CONFIG_SHELL="
- sh " SHELL=" sh))))
-
- (system* "tar" "xf" "bind.tar.gz")
- (for-each patch-shebang
- (find-files "bind-9.9.5-P1" ".*"))
- (zero? (system* "tar" "cf" "bind.tar.gz"
- "bind-9.9.5-P1"
- ;; avoid non-determinism in the archive
- "--sort=name"
- "--mtime=@0"
- "--owner=root:0"
- "--group=root:0"))))
- (alist-cons-after
- 'install 'post-install
- (lambda* (#:key inputs outputs #:allow-other-keys)
- ;; Install the dhclient script for GNU/Linux and make sure
- ;; if finds all the programs it needs.
- (let* ((out (assoc-ref outputs "out"))
- (libexec (string-append out "/libexec"))
- (coreutils (assoc-ref inputs "coreutils"))
- (inetutils (assoc-ref inputs "inetutils"))
- (net-tools (assoc-ref inputs "net-tools"))
- (sed (assoc-ref inputs "sed")))
- (substitute* "client/scripts/linux"
- (("/sbin/ip")
- (string-append (assoc-ref inputs "iproute")
- "/sbin/ip")))
-
- (mkdir-p libexec)
- (copy-file "client/scripts/linux"
- (string-append libexec "/dhclient-script"))
-
- (wrap-program
- (string-append libexec "/dhclient-script")
- `("PATH" ":" prefix
- ,(map (lambda (dir)
- (string-append dir "/bin:"
- dir "/sbin"))
- (list inetutils net-tools coreutils sed))))))
- %standard-phases))))
+ (let* ((bind-major-version "9")
+ (bind-minor-version "9")
+ (bind-patch-version "8")
+ (bind-release-type "-P")
+ (bind-release-version "4")
+ (bind-version (string-append bind-major-version
+ "."
+ bind-minor-version
+ "."
+ bind-patch-version
+ bind-release-type
+ bind-release-version)))
+ (package
+ (name "isc-dhcp")
+ (version "4.3.3-P1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "http://ftp.isc.org/isc/dhcp/"
+ version "/dhcp-" version ".tar.gz"))
+ (sha256
+ (base32
+ "08crcsmg4dm2v533aq3883ik8mf4vvvd6r998r4vrgx1zxnqj7n1"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:parallel-build? #f
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'replace-bundled-bind
+ (lambda* (#:key inputs #:allow-other-keys)
+ (delete-file "bind/bind.tar.gz")
+ (copy-file (assoc-ref inputs "bind-source-tarball")
+ "bind/bind.tar.gz")
+ (chmod "bind/bind.tar.gz" #o644)
+ (substitute* "bind/version.tmp"
+ (("^MAJORVER=.*")
+ (format #f "MAJORVER=~a\n" ,bind-major-version))
+ (("^MINORVER=.*")
+ (format #f "MINORVER=~a\n" ,bind-minor-version))
+ (("^PATCHVER=.*")
+ (format #f "PATCHVER=~a\n" ,bind-patch-version))
+ (("^RELEASETYPE=.*")
+ (format #f "RELEASETYPE=~a\n" ,bind-release-type))
+ (("^RELEASEVER=.*")
+ (format #f "RELEASEVER=~a\n" ,bind-release-version)))
+ #t))
+ (add-after 'configure 'post-configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Point to the right client script, which will be
+ ;; installed in a later phase.
+ (substitute* "includes/dhcpd.h"
+ (("#define[[:blank:]]+_PATH_DHCLIENT_SCRIPT.*")
+ (let ((out (assoc-ref outputs "out")))
+ (string-append "#define _PATH_DHCLIENT_SCRIPT \""
+ out "/libexec/dhclient-script"
+ "\"\n"))))
- (native-inputs `(("perl" ,perl)))
+ ;; During the 'build' phase, 'bind.tar.gz' is extracted, so
+ ;; we must patch shebangs in there and make sure the right
+ ;; shell is used.
+ (with-directory-excursion "bind"
+ (substitute* "Makefile"
+ (("\\./configure")
+ (let ((sh (which "sh")))
+ (string-append "./configure CONFIG_SHELL="
+ sh " SHELL=" sh))))
- (inputs `(("inetutils" ,inetutils)
- ("net-tools" ,net-tools)
- ("iproute" ,iproute)
+ (let ((bind-directory (string-append "bind-" ,bind-version)))
+ (system* "tar" "xf" "bind.tar.gz")
+ (for-each patch-shebang
+ (find-files bind-directory ".*"))
+ (zero? (system* "tar" "cf" "bind.tar.gz"
+ bind-directory
+ ;; avoid non-determinism in the archive
+ "--sort=name"
+ "--mtime=@0"
+ "--owner=root:0"
+ "--group=root:0"))))))
+ (add-after 'install 'post-install
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ ;; Install the dhclient script for GNU/Linux and make sure
+ ;; if finds all the programs it needs.
+ (let* ((out (assoc-ref outputs "out"))
+ (libexec (string-append out "/libexec"))
+ (coreutils (assoc-ref inputs "coreutils"))
+ (inetutils (assoc-ref inputs "inetutils"))
+ (net-tools (assoc-ref inputs "net-tools"))
+ (sed (assoc-ref inputs "sed")))
+ (substitute* "client/scripts/linux"
+ (("/sbin/ip")
+ (string-append (assoc-ref inputs "iproute")
+ "/sbin/ip")))
- ;; When cross-compiling, we need the cross Coreutils and sed.
- ;; Otherwise just use those from %FINAL-INPUTS.
- ,@(if (%current-target-system)
- `(("coreutils" ,coreutils)
- ("sed" ,sed))
- '())))
+ (mkdir-p libexec)
+ (copy-file "client/scripts/linux"
+ (string-append libexec "/dhclient-script"))
- (home-page "http://www.isc.org/products/DHCP/")
- (synopsis "Dynamic Host Configuration Protocol (DHCP) tools")
- (description
- "ISC's Dynamic Host Configuration Protocol (DHCP) distribution provides a
+ (wrap-program
+ (string-append libexec "/dhclient-script")
+ `("PATH" ":" prefix
+ ,(map (lambda (dir)
+ (string-append dir "/bin:"
+ dir "/sbin"))
+ (list inetutils net-tools coreutils sed))))))))))
+
+ (native-inputs `(("perl" ,perl)))
+
+ (inputs `(("inetutils" ,inetutils)
+ ("net-tools" ,net-tools)
+ ("iproute" ,iproute)
+
+ ;; XXX isc-dhcp bundles a copy of bind that has security
+ ;; flaws, so we use a newer version.
+ ("bind-source-tarball"
+ ,(origin
+ (method url-fetch)
+ (uri (string-append "http://ftp.isc.org/isc/bind9/"
+ bind-version
+ "/bind-" bind-version ".tar.gz"))
+ (sha256
+ (base32
+ "1wl9kl0630dc1qjrf7fnp8cscagfm5qgmisi0zhr1p6iwi9bil2y"))))
+
+ ;; When cross-compiling, we need the cross Coreutils and sed.
+ ;; Otherwise just use those from %FINAL-INPUTS.
+ ,@(if (%current-target-system)
+ `(("coreutils" ,coreutils)
+ ("sed" ,sed))
+ '())))
+
+ (home-page "http://www.isc.org/products/DHCP/")
+ (synopsis "Dynamic Host Configuration Protocol (DHCP) tools")
+ (description
+ "ISC's Dynamic Host Configuration Protocol (DHCP) distribution provides a
reference implementation of all aspects of DHCP, through a suite of DHCP
tools: server, client, and relay agent.")
- (license license:isc)))
+ (license license:isc))))
(define-public libpcap
(package
(define-public tcpdump
(package
(name "tcpdump")
- (version "4.5.1")
+ (version "4.7.4")
(source (origin
(method url-fetch)
(uri (string-append "http://www.tcpdump.org/release/tcpdump-"
version ".tar.gz"))
(sha256
(base32
- "15hb7zkzd66nag102qbv100hcnf7frglbkylmr8adwr8f5jkkaql"))))
+ "1byr8w6grk08fsq0444jmcz9ar89lq9nf4mjq2cny0w9k8k21rbb"))))
(build-system gnu-build-system)
(inputs `(("libpcap" ,libpcap)
("openssl" ,openssl)))
(define-public sudo
(package
(name "sudo")
- (version "1.8.10p3")
+ (version "1.8.15")
(source (origin
(method url-fetch)
(uri
version ".tar.gz")))
(sha256
(base32
- "002l6h27pnhb77b65frhazbhknsxvrsnkpi43j7i0qw1lrgi7nkf"))))
+ "0263gi6i19fyzzc488n0qw3m518i39f6a7qmrfvahk9j10bkh5j3"))
+ (patches (search-patches "sudo-CVE-2015-5602.patch"))))
(build-system gnu-build-system)
(arguments
- `(#:configure-flags '("--with-logpath=/var/log/sudo.log"
- "--with-rundir=/run/sudo"
- "--with-vardir=/var/db/sudo"
- "--with-iologdir=/var/log/sudo-io")
+ `(#:configure-flags
+ (list "--with-logpath=/var/log/sudo.log"
+ "--with-rundir=/var/run/sudo" ;must be cleaned up at boot time
+ "--with-vardir=/var/db/sudo"
+ "--with-iologdir=/var/log/sudo-io"
+
+ ;; 'visudo.c' expects _PATH_MV to be defined, but glibc doesn't
+ ;; provide it.
+ (string-append "CPPFLAGS=-D_PATH_MV='\""
+ (assoc-ref %build-inputs "coreutils")
+ "/bin/mv\"'"))
+
+ ;; Avoid non-determinism; see <http://bugs.gnu.org/21918>.
+ #:parallel-build? #f
+
#:phases (alist-cons-before
'configure 'pre-configure
(lambda _
- (substitute* "configure"
- ;; Refer to the right executables.
- (("/usr/bin/mv") (which "mv"))
- (("/usr/bin/sh") (which "sh")))
+ (substitute* "src/sudo_usage.h.in"
+ ;; Do not capture 'configure' arguments since we would
+ ;; unduly retain references, and also because the
+ ;; CPPFLAGS above would close the string literal
+ ;; prematurely.
+ (("@CONFIGURE_ARGS@") "\"\""))
(substitute* (find-files "." "Makefile\\.in")
- (("-O [[:graph:]]+ -G [[:graph:]]+")
+ (("-o [[:graph:]]+ -g [[:graph:]]+")
;; Allow installation as non-root.
"")
(("^install: (.*)install-sudoers(.*)" _ before after)
".tar.gz"))
(sha256
(base32
- "05mkp5bx1c3z7h5biddsv0p49gkrq9ksany3anp4wdiv92p5prfc"))))
+ "05mkp5bx1c3z7h5biddsv0p49gkrq9ksany3anp4wdiv92p5prfc"))
+ (patches
+ (search-patches "wpa-supplicant-CVE-2015-5310.patch"
+ "wpa-supplicant-CVE-2015-5314.patch"
+ "wpa-supplicant-CVE-2015-5315.patch"
+ "wpa-supplicant-CVE-2015-5316.patch"
+ "wpa-supplicant-CVE-2016-4476.patch"
+ "wpa-supplicant-CVE-2016-4477-pt1.patch"
+ "wpa-supplicant-CVE-2016-4477-pt2.patch"
+ "wpa-supplicant-CVE-2016-4477-pt3.patch"
+ "wpa-supplicant-CVE-2016-4477-pt4.patch"))))
(build-system gnu-build-system)
(arguments
'(#:phases (alist-replace
ad-hoc task-execution, and multinode orchestration - including trivializing
things like zero downtime rolling updates with load balancers.")
(license license:gpl3+)))
+
+(define-public cpulimit
+ (package
+ (name "cpulimit")
+ (version "0.2")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/opsengine/cpulimit/archive/v"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1nn2w849xd5bw4y5sqnll29nxdwl5h0cv4smc7dwmpb9qnd2ycb4"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:phases (modify-phases %standard-phases
+ (delete 'configure)
+ (replace
+ 'build
+ (lambda _
+ (zero? (system* "make" "CC=gcc" "-Csrc"))))
+ (replace
+ 'check
+ (lambda _
+ (zero? (system* "make" "CC=gcc" "-Ctests"))))
+ (replace
+ 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin")))
+ (install-file "src/cpulimit" bin)))))))
+ (home-page "https://github.com/opsengine/cpulimit")
+ (synopsis "Limit CPU usage")
+ (description
+ "Cpulimit limits the CPU usage of a process. It does not change the nice
+value or other scheduling priority settings, but the real CPU usage, and is
+able to adapt itself dynamically to the overall system load. Children
+processes and threads of the specified process may optionally share the same
+limits.")
+ (license license:gpl2+)))
+
+(define-public autojump
+ (package
+ (name "autojump")
+ (version "22.2.4")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/wting/autojump/archive/"
+ "release-v" version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0xglj7nb8xczaqy2dhn78drqdwqj64rqpymxhqmmwwqzfaqassw1"))))
+ (build-system gnu-build-system)
+ (native-inputs ;for tests
+ `(("python-mock" ,python-mock)
+ ("python-pytest" ,python-pytest)))
+ (inputs
+ `(("python" ,python-wrapper)))
+ (arguments
+ `(#:phases (modify-phases %standard-phases
+ (delete 'configure)
+ (delete 'build)
+ (replace 'check
+ (lambda _
+ (zero?
+ (system* "python" "tests/autojump_utils_test.py"))))
+ (replace 'install
+ ;; The install.py script doesn't allow system installation
+ ;; into an arbitrary prefix, so do our own install.
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin"))
+ (share (string-append out "/share/autojump"))
+ (py (string-append out "/lib/python"
+ ,(version-major+minor
+ (package-version python-wrapper))
+ "/site-packages"))
+ (man (string-append out "/share/man/man1")))
+ (install-file "bin/autojump" bin)
+ (for-each (λ (f) (install-file f py))
+ (find-files "bin" "\\.py$"))
+ (for-each (λ (f) (install-file f share))
+ (find-files "bin" "autojump\\..*$"))
+ (substitute* (string-append share "/autojump.sh")
+ (("/usr/local") out))
+ (install-file "docs/autojump.1" man)
+ (wrap-program (string-append bin "/autojump")
+ `("PYTHONPATH" ":" prefix (,py)))
+ #t))))))
+ (home-page "https://github.com/wting/autojump")
+ (synopsis "Shell extension for filesystem navigation")
+ (description
+ "Autojump provides a faster way to navigate your filesystem, with a \"cd
+command that learns\". It works by maintaining a database of the directories
+you use the most from the command line and allows you to \"jump\" to
+frequently used directories by typing only a small pattern.")
+ (license license:gpl3+)))
+
+(define-public iftop
+ (package
+ (name "iftop")
+ (version "1.0pre4")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "http://www.ex-parrot.com/~pdw/iftop/download"
+ "/iftop-" version ".tar.gz"))
+ (sha256
+ (base32
+ "15sgkdyijb7vbxpxjavh5qm5nvyii3fqcg9mzvw7fx8s6zmfwczp"))))
+ (build-system gnu-build-system)
+ (inputs
+ `(("libpcap" ,libpcap)
+ ("ncurses" ,ncurses)))
+ (synopsis "Monitor network usage")
+ (description "Iftop does for network usage what @command{top} does
+for CPU usage. It listens to network traffic on a named interface and
+displays a table of current bandwidth usage by pairs of hosts.")
+ (home-page "http://www.ex-parrot.com/~pdw/iftop/")
+ (license license:gpl2+)))
+
+(define-public munge
+ (package
+ (name "munge")
+ (version "0.5.11")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/dun/munge/archive/munge-"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0njplyalwwqh7xr7xc7klc6x06mq0ak8w2pxh85w8n4hxkmqqnf5"))))
+ (inputs
+ `(("openssl" ,openssl)
+ ("libgcrypt" ,libgcrypt)))
+ (build-system gnu-build-system)
+ (home-page "http://dun.github.io/munge/")
+ (synopsis "Cluster computing authentication service")
+ (description
+ "Munge is an authentication service for creating and validating
+credentials. It allows a process to authenticate the UID and GID of another
+local or remote process within a group of hosts having common users and
+groups. These hosts form a security realm that is defined by a shared
+cryptographic key. Clients within this security realm can create and validate
+credentials without the use of root privileges, reserved ports, or
+platform-specific methods.")
+ (license license:gpl3+)))
+
+(define-public audit
+ (package
+ (name "audit")
+ (version "2.4.5")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "http://people.redhat.com/sgrubb/audit/"
+ "audit-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1q1q51dvxscbi4kbakmd4bn0xrvwwaiwvaya79925cbrqwzxsg77"))))
+ (build-system gnu-build-system)
+ (home-page "http://people.redhat.com/sgrubb/audit/")
+ (arguments
+ `(#:configure-flags (list "--with-python=no")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'fix-tests
+ (lambda _
+ ;; In the build environmnte /etc/passwd does not contain an entry
+ ;; for root/0, so we have to patch the expected value.
+ (substitute* "auparse/test/auparse_test.ref"
+ (("=0 \\(root\\)") "=0 (unknown(0))"))
+ #t)))))
+ (inputs
+ `(("openldap" ,openldap)
+ ("openssl" ,openssl)
+ ("sasl" ,cyrus-sasl)))
+ (synopsis "User-space component to the Linux auditing system")
+ (description
+ "auditd is the user-space component to the Linux auditing system, which
+allows logging of system calls made by user-land processes. It's responsible
+for writing audit records to the disk. Viewing the logs is done with the
+@code{ausearch} or @code{aureport} utilities. Configuring the audit rules is
+done with the @code{auditctl} utility.")
+ (license license:gpl2+)))
+
+(define-public nmap
+ (package
+ (name "nmap")
+ (version "7.11")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://nmap.org/dist/nmap-" version
+ ".tar.bz2"))
+ (sha256
+ (base32
+ "0jlmq1w0gjqpa7qa523kdj73ndm1xzww2wjvb94hxh6yalargyhk"))
+ (modules '((guix build utils)))
+ (snippet
+ '(map delete-file-recursively
+ ;; Remove bundled lua, pcap, and pcre libraries.
+ ;; FIXME: Remove bundled liblinear once packaged.
+ '("liblua"
+ "libpcap"
+ "libpcre"
+ ;; Remove pre-compiled binares.
+ "mswin32")))))
+ (build-system gnu-build-system)
+ (inputs
+ `(("openssl" ,openssl)
+ ("libpcap" ,libpcap)
+ ("pcre" ,pcre)
+ ("lua" ,lua)
+ ;; For 'ndiff'.
+ ("python" ,python-2)))
+
+ ;; TODO Add zenmap output.
+ (outputs '("out" "ndiff"))
+ (arguments
+ '(#:configure-flags '("--without-zenmap")
+ #:phases
+ (modify-phases %standard-phases
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (define (make out . args)
+ (unless (zero? (apply system* "make"
+ (string-append "prefix=" out)
+ args))
+ (error "make failed")))
+ (define (python-path dir)
+ (string-append dir "/lib/python2.7/site-packages"))
+ (let ((out (assoc-ref outputs "out"))
+ (ndiff (assoc-ref outputs "ndiff")))
+ (for-each mkdir-p (list out ndiff))
+ (make out
+ "install-nmap"
+ "install-nse"
+ "install-ncat"
+ "install-nping")
+ (make ndiff "install-ndiff")
+ (wrap-program (string-append ndiff "/bin/ndiff")
+ `("PYTHONPATH" prefix
+ (,(python-path ndiff)))))))
+ ;; These are the tests that do not require network access.
+ (replace 'check
+ (lambda _ (zero? (system* "make"
+ "check-nse"
+ "check-ndiff"
+ "check-dns")))))
+ ;; Nmap can't cope with out-of-source building.
+ #:out-of-source? #f))
+ (home-page "https://nmap.org/")
+ (synopsis "Network discovery and security auditing tool")
+ (description
+ "Nmap (\"Network Mapper\") is a network discovery and security auditing
+tool. It is also useful for tasks such as network inventory, managing service
+upgrade schedules, and monitoring host or service uptime. It also provides an
+advanced netcat implementation (ncat), a utility for comparing scan
+results (ndiff), and a packet generation and response analysis tool (nping).")
+ ;; This package uses nmap's bundled versions of libdnet and liblinear, which
+ ;; both use a 3-clause BSD license.
+ (license (list license:nmap license:bsd-3))))