pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / tools / security / opensc-dnie-wrapper / default.nix
at v192 67 lines 2.1 kB view raw
1{stdenv, makeWrapper, ed, libopensc_dnie}: 2 3let 4 opensc = libopensc_dnie.opensc; 5in 6stdenv.mkDerivation rec { 7 name = "${opensc.name}-dnie-wrapper"; 8 9 buildInputs = [ makeWrapper ]; 10 11 phases = [ "installPhase" ]; 12 13 installPhase = '' 14 mkdir -p $out/etc 15 cp ${opensc}/etc/opensc.conf $out/etc 16 chmod +w $out/etc/opensc.conf 17 18 # NOTE: The libopensc-dnie.so driver requires /usr/bin/pinentry available, to sign 19 20 ${ed}/bin/ed $out/etc/opensc.conf << EOF 21 /card_drivers 22 a 23 card_drivers = dnie; 24 card_driver dnie { 25 module = ${libopensc_dnie}/lib/libopensc-dnie.so; 26 } 27 . 28 w 29 q 30 EOF 31 32 # Disable pkcs15 file caching, otherwise the card does not work 33 sed -i 's/use_caching = true/use_caching = false/' $out/etc/opensc.conf 34 35 for a in ${opensc}/bin/*; do 36 makeWrapper $a $out/bin/`basename $a` \ 37 --set OPENSC_CONF $out/etc/opensc.conf 38 done 39 40 # Special wrapper for pkcs11-tool, which needs an additional parameter 41 rm $out/bin/pkcs11-tool 42 makeWrapper ${opensc}/bin/pkcs11-tool $out/bin/pkcs11-tool \ 43 --set OPENSC_CONF $out/etc/opensc.conf \ 44 --add-flags "--module ${opensc}/lib/opensc-pkcs11.so" 45 46 # Add, as bonus, a wrapper for the firefox in the PATH, that loads the 47 # proper opensc configuration. 48 cat > $out/bin/firefox-dnie << EOF 49 #!${stdenv.shell} 50 export OPENSC_CONF=$out/etc/opensc.conf 51 exec firefox 52 EOF 53 chmod +x $out/bin/firefox-dnie 54 ''; 55 56 meta = { 57 description = "Access to the opensc tools and firefox using the Spanish national ID SmartCard"; 58 longDescription = '' 59 Opensc needs a special configuration and special drivers to use the SmartCard 60 the Spanish government provides to the citizens as ID card. 61 Some wrapper scripts take care for the proper opensc configuration to be used, in order 62 to access the certificates in the SmartCard through the opensc tools or firefox. 63 Opensc will require a pcscd daemon running, managing the access to the card reader. 64 ''; 65 maintainers = with stdenv.lib.maintainers; [viric]; 66 }; 67}