From 742a4b51911f25ca3c04122d8a478d0d99fc2e6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Llu=C3=ADs=20Batlle=20i=20Rossell?=
 <viric@vicerveza.homeunix.net>
Date: Thu, 14 Jan 2010 23:43:56 +0000
Subject: [PATCH] Adding a global wrapper that provides the user with
 ready-to-use opensc tools and a 'firefox-dnie' that will launch the firefox
 in the path with the proper environment variables to allow firefox access the
 Spanish national id SmartCard as a Security Device. For the later to work
 cleanly, it will require the user to enable the opensc-pkcs11 module as
 Security Devices in firefox.

svn path=/nixpkgs/trunk/; revision=19452
---
 .../libraries/libopensc-dnie/default.nix      |  5 ++
 .../security/opensc-dnie-wrapper/default.nix  | 67 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  4 ++
 3 files changed, 76 insertions(+)
 create mode 100644 pkgs/tools/security/opensc-dnie-wrapper/default.nix

diff --git a/pkgs/development/libraries/libopensc-dnie/default.nix b/pkgs/development/libraries/libopensc-dnie/default.nix
index 16c65e33c900..a3a6a6423d87 100644
--- a/pkgs/development/libraries/libopensc-dnie/default.nix
+++ b/pkgs/development/libraries/libopensc-dnie/default.nix
@@ -39,6 +39,11 @@ stdenv.mkDerivation rec {
     cp -R usr/share $out
   '';
 
+  passthru = {
+    # This will help keeping the proper opensc version when using this libopensc-dnie library
+    inherit opensc;
+  };
+
   meta = {
     homepage = http://www.dnielectronico.es/descargas/;
     description = "Opensc plugin to access the Spanish national ID smartcard";
diff --git a/pkgs/tools/security/opensc-dnie-wrapper/default.nix b/pkgs/tools/security/opensc-dnie-wrapper/default.nix
new file mode 100644
index 000000000000..ec649790e677
--- /dev/null
+++ b/pkgs/tools/security/opensc-dnie-wrapper/default.nix
@@ -0,0 +1,67 @@
+{stdenv, makeWrapper, ed, libopensc_dnie}:
+
+let
+   opensc = libopensc_dnie.opensc;
+in
+stdenv.mkDerivation rec {
+  name = "${opensc.name}-dnie-wrapper";
+
+  buildInputs = [ makeWrapper ];
+  
+  phases = [ "installPhase" ];
+
+  installPhase = ''
+    ensureDir $out/etc
+    cp ${opensc}/etc/opensc.conf $out/etc
+    chmod +w $out/etc/opensc.conf
+
+    # NOTE: The libopensc-dnie.so driver requires /usr/bin/pinentry available, to sign
+
+    ${ed}/bin/ed $out/etc/opensc.conf << EOF
+    /card_drivers
+    a
+    card_drivers = dnie;
+    card_driver dnie {
+      module = ${libopensc_dnie}/lib/libopensc-dnie.so;
+    }
+    .
+    w
+    q
+    EOF
+
+    # Disable pkcs15 file caching, otherwise the card does not work
+    sed -i 's/use_caching = true/use_caching = false/' $out/etc/opensc.conf
+
+    for a in ${opensc}/bin/*; do
+      makeWrapper $a $out/bin/`basename $a` \
+        --set OPENSC_CONF $out/etc/opensc.conf
+    done
+
+    # Special wrapper for pkcs11-tool, which needs an additional parameter
+    rm $out/bin/pkcs11-tool
+    makeWrapper ${opensc}/bin/pkcs11-tool $out/bin/pkcs11-tool \
+      --set OPENSC_CONF $out/etc/opensc.conf \
+      --add-flags "--module ${opensc}/lib/opensc-pkcs11.so"
+
+    # Add, as bonus, a wrapper for the firefox in the PATH, that loads the
+    # proper opensc configuration.
+    cat > $out/bin/firefox-dnie << EOF
+    #!${stdenv.shell}
+    export OPENSC_CONF=$out/etc/opensc.conf
+    exec firefox
+    EOF
+    chmod +x $out/bin/firefox-dnie
+  '';
+
+  meta = {
+    description = "Access to the opensc tools and firefox using the Spanish national ID SmartCard";
+    longDescription = ''
+      Opensc needs a special configuration and special drivers to use the SmartCard
+      the Spanish governement provides to the citizens as ID card.
+      Some wrapper scripts take care for the proper opensc configuration to be used, in order
+      to access the certificates in the SmartCard through the opensc tools or firefox.
+      Opensc will require a pcscd daemon running, managing the access to the card reader.
+    '';
+    maintainers = with stdenv.lib.maintainers; [viric];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2239e0cf130c..1e216130f323 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1186,6 +1186,10 @@ let
 
   opensc = opensc_0_11_7;
 
+  opensc_dnie_wrapper = import ../tools/security/opensc-dnie-wrapper {
+    inherit stdenv makeWrapper ed libopensc_dnie;
+  };
+
   openssh = import ../tools/networking/openssh {
     inherit fetchurl stdenv zlib openssl pam perl;
     pamSupport = getPkgConfig "openssh" "pam" true;