1 files changed, 101 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/eid-mw/default.nix b/nixpkgs/pkgs/tools/security/eid-mw/default.nix
new file mode 100644
index 000000000000..925931e6a3e3
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/eid-mw/default.nix
@@ -0,0 +1,101 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, autoreconfHook
+, autoconf-archive
+, pkg-config
+, makeWrapper
+, curl
+, gtk3
+, libassuan
+, libbsd
+, libproxy
+, libxml2
+, openssl
+, p11-kit
+, pcsclite
+, nssTools
+, substituteAll
+}:
+
+stdenv.mkDerivation rec {
+  pname = "eid-mw";
+  # NOTE: Don't just blindly update to the latest version/tag. Releases are always for a specific OS.
+  version = "5.0.28";
+
+  src = fetchFromGitHub {
+    owner = "Fedict";
+    repo = "eid-mw";
+    rev = "v${version}";
+    sha256 = "rrrzw8i271ZZkwY3L6aRw2Nlz+GmDr/1ahYYlUBvtzo=";
+  };
+
+  nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config makeWrapper ];
+  buildInputs = [ curl gtk3 libassuan libbsd libproxy libxml2 openssl p11-kit pcsclite ];
+  preConfigure = ''
+    mkdir openssl
+    ln -s ${openssl.out}/lib openssl
+    ln -s ${openssl.bin}/bin openssl
+    ln -s ${openssl.dev}/include openssl
+    export SSL_PREFIX=$(realpath openssl)
+    substituteInPlace plugins_tools/eid-viewer/Makefile.in \
+      --replace "c_rehash" "openssl rehash"
+  '';
+  # pinentry uses hardcoded `/usr/bin/pinentry`, so use the built-in (uglier) dialogs for pinentry.
+  configureFlags = [ "--disable-pinentry" ];
+
+  postPatch = ''
+    sed 's@m4_esyscmd_s(.*,@[${version}],@' -i configure.ac
+  '';
+
+  postInstall =
+    let
+      eid-nssdb-in = substituteAll {
+        inherit (stdenv) shell;
+        isExecutable = true;
+        src = ./eid-nssdb.in;
+      };
+    in
+    ''
+      install -D ${eid-nssdb-in} $out/bin/eid-nssdb
+      substituteInPlace $out/bin/eid-nssdb \
+        --replace "modutil" "${nssTools}/bin/modutil"
+
+      rm $out/bin/about-eid-mw
+      wrapProgram $out/bin/eid-viewer --prefix XDG_DATA_DIRS : "$out/share/gsettings-schemas/$name"
+    '';
+
+  enableParallelBuilding = true;
+
+  doCheck = true;
+
+  meta = with lib; {
+    description = "Belgian electronic identity card (eID) middleware";
+    homepage = "https://eid.belgium.be/en";
+    license = licenses.lgpl3Only;
+    longDescription = ''
+      Allows user authentication and digital signatures with Belgian ID cards.
+      Also requires a running pcscd service and compatible card reader.
+
+      eid-viewer is also installed.
+
+      This package only installs the libraries. To use eIDs in Firefox or
+      Chromium, the eID Belgium add-on must be installed.
+      This package only installs the libraries. To use eIDs in NSS-compatible
+      browsers like Chrom{e,ium} or Firefox, each user must first execute:
+        ~$ eid-nssdb add
+      (Running the script once as root with the --system option enables eID
+      support for all users, but will *not* work when using Chrom{e,ium}!)
+      Before uninstalling this package, it is a very good idea to run
+        ~$ eid-nssdb [--system] remove
+      and remove all ~/.pki and/or /etc/pki directories no longer needed.
+
+      The above procedure doesn't seem to work in Firefox. You can override the
+      firefox wrapper to add this derivation to the PKCS#11 modules, like so:
+
+          firefox.override { pkcs11Modules = [ pkgs.eid-mw ]; }
+    '';
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ bfortz chvp ];
+  };
+}