pkgs/tools/security/eid-mw/default.nix at netboot-syslinux-multiplatform

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / tools / security / eid-mw / default.nix
at netboot-syslinux-multiplatform 101 lines 3.1 kB view raw
wrap content
  1{ lib
  2, stdenv
  3, fetchFromGitHub
  4, autoreconfHook
  5, autoconf-archive
  6, pkg-config
  7, makeWrapper
  8, curl
  9, gtk3
 10, libassuan
 11, libbsd
 12, libproxy
 13, libxml2
 14, openssl
 15, p11-kit
 16, pcsclite
 17, nssTools
 18, substituteAll
 19}:
 20
 21stdenv.mkDerivation rec {
 22  pname = "eid-mw";
 23  # NOTE: Don't just blindly update to the latest version/tag. Releases are always for a specific OS.
 24  version = "5.1.10";
 25
 26  src = fetchFromGitHub {
 27    owner = "Fedict";
 28    repo = "eid-mw";
 29    rev = "v${version}";
 30    hash = "sha256-2Xru/s7KawZlIxON5nO679P+L3okofE054WDfRsE3ZI=";
 31  };
 32
 33  nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config makeWrapper ];
 34  buildInputs = [ curl gtk3 libassuan libbsd libproxy libxml2 openssl p11-kit pcsclite ];
 35  preConfigure = ''
 36    mkdir openssl
 37    ln -s ${lib.getLib openssl}/lib openssl
 38    ln -s ${openssl.bin}/bin openssl
 39    ln -s ${openssl.dev}/include openssl
 40    export SSL_PREFIX=$(realpath openssl)
 41    substituteInPlace plugins_tools/eid-viewer/Makefile.in \
 42      --replace "c_rehash" "openssl rehash"
 43  '';
 44  # pinentry uses hardcoded `/usr/bin/pinentry`, so use the built-in (uglier) dialogs for pinentry.
 45  configureFlags = [ "--disable-pinentry" ];
 46
 47  postPatch = ''
 48    sed 's@m4_esyscmd_s(.*,@[${version}],@' -i configure.ac
 49  '';
 50
 51  postInstall =
 52    let
 53      eid-nssdb-in = substituteAll {
 54        inherit (stdenv) shell;
 55        isExecutable = true;
 56        src = ./eid-nssdb.in;
 57      };
 58    in
 59    ''
 60      install -D ${eid-nssdb-in} $out/bin/eid-nssdb
 61      substituteInPlace $out/bin/eid-nssdb \
 62        --replace "modutil" "${nssTools}/bin/modutil"
 63
 64      rm $out/bin/about-eid-mw
 65      wrapProgram $out/bin/eid-viewer --prefix XDG_DATA_DIRS : "$out/share/gsettings-schemas/$name"
 66    '';
 67
 68  enableParallelBuilding = true;
 69
 70  doCheck = true;
 71
 72  meta = with lib; {
 73    description = "Belgian electronic identity card (eID) middleware";
 74    homepage = "https://eid.belgium.be/en";
 75    license = licenses.lgpl3Only;
 76    longDescription = ''
 77      Allows user authentication and digital signatures with Belgian ID cards.
 78      Also requires a running pcscd service and compatible card reader.
 79
 80      eid-viewer is also installed.
 81
 82      This package only installs the libraries. To use eIDs in Firefox or
 83      Chromium, the eID Belgium add-on must be installed.
 84      This package only installs the libraries. To use eIDs in NSS-compatible
 85      browsers like Chrom{e,ium} or Firefox, each user must first execute:
 86        ~$ eid-nssdb add
 87      (Running the script once as root with the --system option enables eID
 88      support for all users, but will *not* work when using Chrom{e,ium}!)
 89      Before uninstalling this package, it is a very good idea to run
 90        ~$ eid-nssdb [--system] remove
 91      and remove all ~/.pki and/or /etc/pki directories no longer needed.
 92
 93      The above procedure doesn't seem to work in Firefox. You can override the
 94      firefox wrapper to add this derivation to the PKCS#11 modules, like so:
 95
 96          firefox.override { pkcs11Modules = [ pkgs.eid-mw ]; }
 97    '';
 98    platforms = platforms.linux;
 99    maintainers = with maintainers; [ bfortz chvp ];
100  };
101}