pkgs/tools/security/eid-mw/default.nix at devShellTools-shell

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / tools / security / eid-mw / default.nix
at devShellTools-shell 126 lines 3.4 kB view raw
wrap content
  1{
  2  lib,
  3  stdenv,
  4  fetchFromGitHub,
  5  autoconf-archive,
  6  autoreconfHook,
  7  makeWrapper,
  8  pkg-config,
  9  replaceVarsWith,
 10  curl,
 11  gtk3,
 12  libassuan,
 13  libbsd,
 14  libproxy,
 15  libxml2,
 16  nssTools,
 17  openssl,
 18  p11-kit,
 19  pcsclite,
 20  wrapGAppsHook3,
 21}:
 22
 23stdenv.mkDerivation rec {
 24  pname = "eid-mw";
 25  # NOTE: Don't just blindly update to the latest version/tag. Releases are always for a specific OS.
 26  version = "5.1.21";
 27
 28  src = fetchFromGitHub {
 29    owner = "Fedict";
 30    repo = "eid-mw";
 31    rev = "v${version}";
 32    hash = "sha256-WFXVQ2CNrEEy4R6xGiwWkAZmbvXK44FtO5w6s1ZUZpA=";
 33  };
 34
 35  postPatch = ''
 36    sed 's@m4_esyscmd_s(.*,@[${version}],@' -i configure.ac
 37    substituteInPlace configure.ac --replace 'p11kitcfdir=""' 'p11kitcfdir="'$out/share/p11-kit/modules'"'
 38  '';
 39
 40  nativeBuildInputs = [
 41    wrapGAppsHook3
 42    autoreconfHook
 43    autoconf-archive
 44    pkg-config
 45    makeWrapper
 46  ];
 47  buildInputs = [
 48    curl
 49    gtk3
 50    libassuan
 51    libbsd
 52    libproxy
 53    libxml2
 54    openssl
 55    p11-kit
 56    pcsclite
 57  ];
 58
 59  preConfigure = ''
 60    mkdir openssl
 61    ln -s ${lib.getLib openssl}/lib openssl
 62    ln -s ${openssl.bin}/bin openssl
 63    ln -s ${openssl.dev}/include openssl
 64    export SSL_PREFIX=$(realpath openssl)
 65    substituteInPlace plugins_tools/eid-viewer/Makefile.in \
 66      --replace "c_rehash" "openssl rehash"
 67  '';
 68  # pinentry uses hardcoded `/usr/bin/pinentry`, so use the built-in (uglier) dialogs for pinentry.
 69  configureFlags = [ "--disable-pinentry" ];
 70
 71  postInstall =
 72    let
 73      eid-nssdb-in = replaceVarsWith {
 74        isExecutable = true;
 75        src = ./eid-nssdb.in;
 76        replacements = {
 77          inherit (stdenv) shell;
 78        };
 79      };
 80    in
 81    ''
 82      install -D ${eid-nssdb-in} $out/bin/eid-nssdb
 83      substituteInPlace $out/bin/eid-nssdb \
 84        --replace "modutil" "${nssTools}/bin/modutil"
 85
 86      rm $out/bin/about-eid-mw
 87      wrapProgram $out/bin/eid-viewer --prefix XDG_DATA_DIRS : "$out/share/gsettings-schemas/$name"
 88    '';
 89
 90  enableParallelBuilding = true;
 91
 92  doCheck = true;
 93
 94  meta = with lib; {
 95    description = "Belgian electronic identity card (eID) middleware";
 96    homepage = "https://eid.belgium.be/en";
 97    license = licenses.lgpl3Only;
 98    longDescription = ''
 99      Allows user authentication and digital signatures with Belgian ID cards.
100      Also requires a running pcscd service and compatible card reader.
101
102      eid-viewer is also installed.
103
104      This package only installs the libraries. To use eIDs in Firefox or
105      Chromium, the eID Belgium add-on must be installed.
106      This package only installs the libraries. To use eIDs in NSS-compatible
107      browsers like Chrom{e,ium} or Firefox, each user must first execute:
108        ~$ eid-nssdb add
109      (Running the script once as root with the --system option enables eID
110      support for all users, but will *not* work when using Chrom{e,ium}!)
111      Before uninstalling this package, it is a very good idea to run
112        ~$ eid-nssdb [--system] remove
113      and remove all ~/.pki and/or /etc/pki directories no longer needed.
114
115      The above procedure doesn't seem to work in Firefox. You can override the
116      firefox wrapper to add this derivation to the PKCS#11 modules, like so:
117
118          firefox.override { pkcs11Modules = [ pkgs.eid-mw ]; }
119    '';
120    platforms = platforms.linux;
121    maintainers = with maintainers; [
122      bfortz
123      chvp
124    ];
125  };
126}