wordlists: init at unstable-2020-11-23

[Pamplemousse]

Signed-off-by: Pamplemousse xav.maso@gmail.com

Motivation for this change

Wordlists are a must-have for pentesting.
I thought it would be nice to package some, for ease of use.

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

[Pamplemousse]

I am quite unsure if this fits nixpkgs, or if I should put that elsewhere (NUR).
Thoughts and feedback appreciated :)

[iblech]

Oh, nice! I wanted to have a couple wordlists available in the past, but was too lazy to package them. We also ship john the ripper, it might even make sense to mark these wordlists as dependencies of john, hence I do believe that these wordlists are useful additions to nixpkgs. Thank you for your work, very much appreciated.

[Pamplemousse]

@nixinator This can be done at "merge" time through GH's UI...

[Pamplemousse]

@SuperSandro2000 @jonringer any chance this can be merged?

This PR has been reviewed by many people already;
I have fixed things as soon as possible every time;
But the PR gets forgotten every other month;
And now, it seems to mostly attract nitpicking when I ask for "review"...

[fogti]

otherwise fine

[fogti]

please try to incorporate my newly suggestions; I rebased them. https://github.com/zseri/nixpkgs/tree/wordlists / Pamplemousse#1

[fogti]

currently, makeScope is used (probably to make extending the package set easier), but extending the package set of wordlists is still not easy, because it involves overrideAttrs on withLists to be comfortably usable. Additionally, I'm unsure if we should provide an attribute withLists' which takes the list of packages directly instead of a function.

[fogti]

anyway, I would really appreciate if this PR could be merged rather sooner than later, it doesn't matter (to me) if my suggestions get merged into this PR, or if I try to get them in via the usual nixpkgs PR workflow after this has been merged. I think the interface is good enough, it works, details and interna can be improved later on / in the long run.

[Pamplemousse]

@zseri, thanks, it took your comment on the other PR for me to realise I did not push the commit I took from what you did...

[fogti]

thanks.

@SuperSandro2000 please re-review. this imo is now ready to be merged.

[stale]

I marked this as stale due to inactivity. → More info

[iblech]

Looks good also to me!

[buckley310]

Was putting the wordlists in a sub folder $out/share/wordlists/ considered? I don't feel too strongly either way, but it would be a little more similar to the security distributions (kali) that way.

[Pamplemousse]

I am tired of this PR, it:

• is almost a year old
• has attracted two main rounds of reviews, and corrections were made as soon as possible
• has been approved several times
• regularly goes into limbo for several months
• attracts new kind of nitpicking every now and then

IMHO, this was an improvement on having nothing at all, and good enough to be iterated from if needed.
Closing given that this is unlikely to be merged ever.

[jonringer]

@Pamplemousse sorry, I think it would be beneficial to have them available in nixpkgs. But I agree, it can be painful to upstream these, especially if you're treading new water.

I would recommend creating a personal repo (or NUR repo) where this can be available.

For me personally, I don't really know how to "ensure this is the correct way forward"... not to mention it would take me to ~14 hours a day to tackle all of my github notifications a day :(