cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
38593 commits 1 branch 0 tags 3.7 GiB
Commit graph

38593 commits

This branch
This branch
All branches
Author SHA1 Message Date
Moritz Maxeiner
cce9712331 Enable two-factor authentication by default. Add proper descriptions to attributes. 2014-01-29 12:55:32 +01:00
Moritz Maxeiner
45b1ffb8db Cosmetic change to yubikey detection 2014-01-28 20:39:46 +01:00
Moritz Maxeiner
407a770161 Rewrite as a pre-boot authentication module (mostly) comforming to the design specification of 
'YubiKey Integration for Full Disk Encryption Pre-Boot Authentication (Copyright) Yubico, 2011 Version: 1.1'.

Used binaries:
  * uuidgen - for generation of random sequence numbers
  * ykchalresp - for challenging a Yubikey
  * ykinfo - to check if a Yubikey is plugged in at boot (fallback to passphrase authentication otherwise)
  * openssl - for calculation of SHA-1, HMAC-SHA-1, as well as AES-256-CTR (de/en)cryption

Main differences to the specification mentioned above:
  * No user management (yet), only one password+yubikey per LUKS device
  * SHA-512 instead of CRC-16 for checksum

Main differences to the previous implementation:
  * Instead of changing the key slot of the LUKS device each boot,
    the actual key for the LUKS device will be encrypted itself
  * Since the response for the new challenge is now calculated
    locally with openssl, the MITM-USB-attack with which previously
    an attacker could obtain the new response (that was used as the new
    encryption key for the LUKS device) by listening to the
    Yubikey has ideally become useless (as long as uuidgen can
    successfuly generate new random sequence numbers).

Remarks:
  * This is not downwards compatible to the previous implementation
 2014-01-28 04:02:51 +01:00
Moritz Maxeiner
333f5caaf9 Implement authentication for a LUKS device with a yubikey (HMAC-SHA1); supports simple challenge-response and two-factor authentication 2014-01-25 03:33:09 +01:00
Moritz Maxeiner
8f9300fb0e Add ykpers (aka yubikey-personalization) package 2014-01-25 03:17:06 +01:00
Moritz Maxeiner
433774c608 Add libyubikey (aka yubico-c) package 2014-01-25 03:13:34 +01:00
Domen Kožar
29a29c6438 Merge pull request #1582 from ttuegel/networkmanager 
networkmanager: load modules required for PPTP
 2014-01-24 07:28:07 -08:00
Thomas Tuegel
7b743fcaab networkmanager: load modules required for PPTP 2014-01-24 09:22:59 -06:00
Rob Vermaas
13e13f279b Do not assume a .rev attribute in available in src in maven-build.nix 2014-01-24 15:52:31 +01:00
Domen Kožar
f2d6166781 python-libarchive: 3.0.4-5 -> 3.1.2-1 2014-01-24 14:33:41 +01:00
Domen Kožar
8a5c65abf4 mailpile: update dev version 2014-01-24 14:33:40 +01:00
Domen Kožar
c4cb65187e i3: 4.6 -> 4.7.2 2014-01-24 14:33:40 +01:00
Domen Kožar
a5b054e18a xfce4-screenshooter: add platforms.linux 2014-01-24 14:33:40 +01:00
Peter Simons
a86f119dfc haskell-either: disable the documentation build on GHC 7.4.x or earlier 2014-01-24 00:58:50 +01:00
Domen Kožar
c30f725707 Merge pull request #1580 from NixOS/docs/README 
add most basic README.md
 2014-01-23 15:40:58 -08:00
Domen Kožar
b73b4bfd61 Update README.md 2014-01-24 00:08:00 +01:00
Domen Kožar
97b519a515 add most basic README.md 2014-01-24 00:07:05 +01:00
Peter Simons
6968277785 maude: build with bison 2.x; version 3.x causes compiler errors 2014-01-23 23:28:20 +01:00
Vladimír Čunát
12235ed36e remove .topmsg (close #1578) 2014-01-23 22:30:07 +01:00
Vladimír Čunát
343cd5b1ef midori: minor update 0.5.6 -> .7 2014-01-23 22:29:25 +01:00
Song Wenwu
04a55b5e14 webkitgtk: update to 2.2.4, enable html5 video support 2014-01-23 22:29:24 +01:00
Nixpkgs Monitor
7a211df849 wget: update from 1.14 to 1.15 2014-01-23 21:10:55 +02:00
Evgeny Egorochkin
862ac34bdd wineUnstable: update from 1.7.10 to 1.7.11 2014-01-23 21:04:01 +02:00
Evgeny Egorochkin
f8f8e8d4d2 clamav: update from 0.98 to 0.98.1 2014-01-23 20:55:31 +02:00
Evgeny Egorochkin
f0081dcc02 youtubeDL: update from 2014.01.08 to 2014.01.20 2014-01-23 20:52:59 +02:00
Sander van der Burg
b25529a4ad titaniumsdk: colored output makes a web server think that logs are in raw format. So disable it 2014-01-23 17:11:16 +01:00
Sander van der Burg
1a24278161 titaniumsdk: Add additional login simulation for the ipa target 2014-01-23 15:11:46 +01:00
Eelco Dolstra
230a00f644 findbugs: Clean up packaging 
Most stuff is now hidden under $out/libexec/findbugs, with only a few
JARs exported via $out/share/java.  Also, the setup hook sets
FINDBUGS_HOME.
 2014-01-23 14:17:44 +01:00
Jaka Hudoklin
e0000f8ad1 ati-drivers: update to 13.12 (close #1569) 
This update is mostly effort from @MarcWeber and @vcunat, now tested on real
hardware making sure it works with multiple GPUs and opencl.
 2014-01-23 12:11:28 +01:00
Peter Simons
f5461b02d5 serf: fix evaluation on FreeBSD (required for Subversion) 2014-01-23 11:57:37 +01:00
Eelco Dolstra
6a8485af6b clang-wrapper: Set $CXX to clang 
This is useful for non-Autoconf-based packages, since GNU Make's
default for CXX is "g++".  (The CC default is "cc" so should work fine
with Clang already.)
 2014-01-23 11:24:17 +01:00
Eelco Dolstra
c07559b782 sudo: Update to 1.8.9p4 2014-01-23 11:21:38 +01:00
Eelco Dolstra
f4af2a8737 clang-wrapper: Sync with gcc-wrapper 2014-01-23 10:57:49 +01:00
Shea Levy
3b20a10ae9 Fix tarball 
Signed-off-by: Shea Levy <shea@shealevy.com>
 2014-01-22 15:54:40 -05:00
Michael Raskin
9e42b753a7 Merge pull request #1561 from wizeman/u/ipmiutil 
ipmiutil: Update from 2.7.3 -> 2.9.2 and simplify
 2014-01-22 12:32:18 -08:00
Michael Raskin
77fa75b1ba Merge pull request #1572 from bennofs/update-java7 
java: Update to version 7u51
 2014-01-22 12:29:23 -08:00
Benno Fünfstück
42fb68d6a9 java: Update to version 7u51 2014-01-22 21:22:18 +01:00
Shea Levy
51de280c0a nixos X tests: wait for logind to link a session to the server 
There seems to be some race causing failures if an X command gets in before slim starts the session

Signed-off-by: Shea Levy <shea@shealevy.com>
 2014-01-22 14:23:56 -05:00
Shea Levy
058fd7eeea Merge branch 'master' of git://github.com/madjar/nixpkgs 
rust: fixed i686 build

Signed-off-by: Shea Levy <shea@shealevy.com>
 2014-01-22 13:33:02 -05:00
Georges Dubus
f8afc745bf rust: fixed i686 build 2014-01-22 19:29:20 +01:00
Rob Vermaas
004b8d24f6 Merge pull request #1564 from aristidb/master 
fix keepassx under gcc 4.8
 2014-01-22 10:17:38 -08:00
Domen Kožar
c1811d0304 Add pythonPackages.pyramid_chameleon and disable tests for zope_testrunner 2014-01-22 18:19:07 +01:00
Georges Dubus
49dd0867a7 rust: Fixed build 2014-01-22 16:36:05 +01:00
Georges Dubus
6eed023894 rust: patched the source to hardcode gcc path 
to avoid using a wrapper.
 2014-01-22 13:33:04 +01:00
Georges Dubus
35aa131371 rust: fixed build for i686 and maybe darwin 2014-01-22 13:33:04 +01:00
Peter Simons
ff8cffed86 subversion: fix evaluation errors on FreeBSD 2014-01-22 12:44:49 +01:00
Peter Simons
37cc0df1bf silgraphite: fix evaluation errors on Darwin 2014-01-22 12:43:01 +01:00
Domen Kožar
5b982bd090 nss: patch http location moved, let's keep it in filesystem 2014-01-22 10:46:37 +01:00
cillianderoiste
fc1ae3f6b5 Merge pull request #1568 from urv/master 
rockbox-utility: upgrade 1.3.1 -> 1.4.0
 2014-01-22 01:21:16 -08:00
Domen Kožar
15006a1788 mailpile: add spambayes dependency to spam/ham emails 2014-01-22 08:06:18 +01:00