diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/eid-mw')
-rw-r--r-- | nixpkgs/pkgs/tools/security/eid-mw/default.nix | 101 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in | 83 |
2 files changed, 184 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/eid-mw/default.nix b/nixpkgs/pkgs/tools/security/eid-mw/default.nix new file mode 100644 index 000000000000..925931e6a3e3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/eid-mw/default.nix @@ -0,0 +1,101 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, autoconf-archive +, pkg-config +, makeWrapper +, curl +, gtk3 +, libassuan +, libbsd +, libproxy +, libxml2 +, openssl +, p11-kit +, pcsclite +, nssTools +, substituteAll +}: + +stdenv.mkDerivation rec { + pname = "eid-mw"; + # NOTE: Don't just blindly update to the latest version/tag. Releases are always for a specific OS. + version = "5.0.28"; + + src = fetchFromGitHub { + owner = "Fedict"; + repo = "eid-mw"; + rev = "v${version}"; + sha256 = "rrrzw8i271ZZkwY3L6aRw2Nlz+GmDr/1ahYYlUBvtzo="; + }; + + nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config makeWrapper ]; + buildInputs = [ curl gtk3 libassuan libbsd libproxy libxml2 openssl p11-kit pcsclite ]; + preConfigure = '' + mkdir openssl + ln -s ${openssl.out}/lib openssl + ln -s ${openssl.bin}/bin openssl + ln -s ${openssl.dev}/include openssl + export SSL_PREFIX=$(realpath openssl) + substituteInPlace plugins_tools/eid-viewer/Makefile.in \ + --replace "c_rehash" "openssl rehash" + ''; + # pinentry uses hardcoded `/usr/bin/pinentry`, so use the built-in (uglier) dialogs for pinentry. + configureFlags = [ "--disable-pinentry" ]; + + postPatch = '' + sed 's@m4_esyscmd_s(.*,@[${version}],@' -i configure.ac + ''; + + postInstall = + let + eid-nssdb-in = substituteAll { + inherit (stdenv) shell; + isExecutable = true; + src = ./eid-nssdb.in; + }; + in + '' + install -D ${eid-nssdb-in} $out/bin/eid-nssdb + substituteInPlace $out/bin/eid-nssdb \ + --replace "modutil" "${nssTools}/bin/modutil" + + rm $out/bin/about-eid-mw + wrapProgram $out/bin/eid-viewer --prefix XDG_DATA_DIRS : "$out/share/gsettings-schemas/$name" + ''; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with lib; { + description = "Belgian electronic identity card (eID) middleware"; + homepage = "https://eid.belgium.be/en"; + license = licenses.lgpl3Only; + longDescription = '' + Allows user authentication and digital signatures with Belgian ID cards. + Also requires a running pcscd service and compatible card reader. + + eid-viewer is also installed. + + This package only installs the libraries. To use eIDs in Firefox or + Chromium, the eID Belgium add-on must be installed. + This package only installs the libraries. To use eIDs in NSS-compatible + browsers like Chrom{e,ium} or Firefox, each user must first execute: + ~$ eid-nssdb add + (Running the script once as root with the --system option enables eID + support for all users, but will *not* work when using Chrom{e,ium}!) + Before uninstalling this package, it is a very good idea to run + ~$ eid-nssdb [--system] remove + and remove all ~/.pki and/or /etc/pki directories no longer needed. + + The above procedure doesn't seem to work in Firefox. You can override the + firefox wrapper to add this derivation to the PKCS#11 modules, like so: + + firefox.override { pkcs11Modules = [ pkgs.eid-mw ]; } + ''; + platforms = platforms.linux; + maintainers = with maintainers; [ bfortz chvp ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in b/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in new file mode 100644 index 000000000000..636b4c1ee118 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/eid-mw/eid-nssdb.in @@ -0,0 +1,83 @@ +#!@shell@ + +rootdb="/etc/pki/nssdb" +userdb="$HOME/.pki/nssdb" +dbentry="Belgium eID" +libfile="/run/current-system/sw/lib/libbeidpkcs11.so" + +dbdir="$userdb" + +while true; do + case "$1" in + --help|"") cat << EOF +(Un)register $dbentry with NSS-compatible browsers. + +Usage: `basename "$0"` [OPTION] ACTION [LIBRARY] + +Options: + --db PATH use custom NSS database directory PATH + --user use user NSS database $userdb (default) + --system use global NSS database $rootdb + --help show this message + +Actions: + add add $dbentry to NSS database + remove remove $dbentry from NSS database + show show $dbentry NSS database entry + +Default arguments if unspecified: + LIBRARY $libfile +EOF + exit ;; + --db) dbdir="$2" + shift 2 ;; + --user) dbdir="$userdb" + shift ;; + --system) + dbdir="$rootdb" + shift ;; + -*) echo "$0: unknown option: '$1'" >&2 + echo "Try --help for usage information." + exit 1 ;; + *) break ;; + esac +done + +if [ "$2" ]; then + libfile="$2" + if ! [ -f "$libfile" ]; then + echo "$0: error: '$libfile' not found" >&2 + exit 1 + fi +fi + +mkdir -p "$dbdir" +if ! [ -d "$dbdir" ]; then + echo "$0: error: '$dbdir' must be a writable directory" >&2 + exit 1 +fi + +dbdir="sql:$dbdir" + +echo "NSS database: $dbdir" +echo "BEID library: $libfile" + +case "$1" in +add) echo "Adding $dbentry to database:" + modutil -dbdir "$dbdir" -add "$dbentry" -libfile "$libfile" || + echo "Tip: try removing the module before adding it again." ;; +remove) echo "Removing $dbentry from database:" + modutil -dbdir "$dbdir" -delete "$dbentry" ;; +show) echo "Displaying $dbentry database entry, if any:" + echo "Note: this may fail if you don't have the correct permissions." ;; +'') exec "$0" --help ;; +*) echo "$0: unknown action: '$1'" >&2 + echo "Try --help for usage information." + exit 1 ;; +esac + +ret=$? + +modutil -dbdir "$dbdir" -list "$dbentry" 2>/dev/null + +exit $ret |