diff --git a/nixos/modules/services/hardware/trezord.nix b/nixos/modules/services/hardware/trezord.nix index 62824ed7350a..561106c41626 100644 --- a/nixos/modules/services/hardware/trezord.nix +++ b/nixos/modules/services/hardware/trezord.nix @@ -44,20 +44,7 @@ in { ### implementation config = mkIf cfg.enable { - services.udev.packages = lib.singleton (pkgs.writeTextFile { - name = "trezord-udev-rules"; - destination = "/etc/udev/rules.d/51-trezor.rules"; - text = '' - # TREZOR v1 (One) - SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0660", GROUP="trezord", TAG+="uaccess", SYMLINK+="trezor%n" - KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0660", GROUP="trezord", TAG+="uaccess" - - # TREZOR v2 (T) - SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0660", GROUP="trezord", TAG+="uaccess", SYMLINK+="trezor%n" - SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="trezord", TAG+="uaccess", SYMLINK+="trezor%n" - KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="trezord", TAG+="uaccess" - ''; - }); + services.udev.packages = [ pkgs.trezor-udev-rules ]; systemd.services.trezord = { description = "TREZOR Bridge"; diff --git a/pkgs/development/python-modules/trezor/default.nix b/pkgs/development/python-modules/trezor/default.nix index 078727ddc9ac..cdf29cb565d3 100644 --- a/pkgs/development/python-modules/trezor/default.nix +++ b/pkgs/development/python-modules/trezor/default.nix @@ -11,6 +11,7 @@ , libusb1 , rlp , shamir-mnemonic +, trezor-udev-rules }: buildPythonPackage rec { @@ -24,7 +25,7 @@ buildPythonPackage rec { sha256 = "cd8aafd70a281daa644c4a3fb021ffac20b7a88e86226ecc8bb3e78e1734a184"; }; - propagatedBuildInputs = [ typing-extensions protobuf hidapi ecdsa mnemonic requests pyblake2 click construct libusb1 rlp shamir-mnemonic ]; + propagatedBuildInputs = [ typing-extensions protobuf hidapi ecdsa mnemonic requests pyblake2 click construct libusb1 rlp shamir-mnemonic trezor-udev-rules ]; checkInputs = [ pytest diff --git a/pkgs/os-specific/linux/trezor-udev-rules/default.nix b/pkgs/os-specific/linux/trezor-udev-rules/default.nix new file mode 100644 index 000000000000..c2be81373768 --- /dev/null +++ b/pkgs/os-specific/linux/trezor-udev-rules/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "trezor-udev-rules"; + version = "unstable-2019-07-17"; + + udevRules = fetchurl { + # let's pin the latest commit in the repo which touched the udev rules file + url = "https://raw.githubusercontent.com/trezor/trezor-firmware/68a3094b0a8e36b588b1bcb58c34a2c9eafc0dca/common/udev/51-trezor.rules"; + sha256 = "0vlxif89nsqpbnbz1vwfgpl1zayzmq87gw1snskn0qns6x2rpczk"; + }; + + dontUnpack = true; + + installPhase = '' + cp ${udevRules} 51-trezor.rules + mkdir -p $out/lib/udev/rules.d + # we use trezord group, not plugdev + # we don't need the udev-acl tag + substituteInPlace 51-trezor.rules \ + --replace 'GROUP="plugdev"' 'GROUP="trezord"' \ + --replace ', TAG+="udev-acl"' "" + cp 51-trezor.rules $out/lib/udev/rules.d/51-trezor.rules + ''; + + meta = with stdenv.lib; { + description = "Udev rules for Trezor"; + license = licenses.gpl3; + maintainers = with maintainers; [ prusnak ]; + platforms = platforms.linux; + homepage = "https://github.com/trezor/trezor-firmware/tree/master/common/udev"; + }; +} diff --git a/pkgs/servers/trezord/default.nix b/pkgs/servers/trezord/default.nix index 38fefd041bdd..134d36258a56 100644 --- a/pkgs/servers/trezord/default.nix +++ b/pkgs/servers/trezord/default.nix @@ -1,4 +1,4 @@ -{ stdenv, buildGoPackage, fetchFromGitHub }: +{ stdenv, buildGoPackage, fetchFromGitHub, trezor-udev-rules }: buildGoPackage rec { pname = "trezord-go"; @@ -13,6 +13,8 @@ buildGoPackage rec { sha256 = "00d90qmmk1pays78a2jm8gb7dncvlsjjn4033q1yd1ii3fxc6nh8"; }; + propagatedBuildInputs = [ trezor-udev-rules ]; + meta = with stdenv.lib; { description = "TREZOR Communication Daemon aka TREZOR Bridge"; homepage = "https://trezor.io"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f2a80fdc0b64..5c34d88d0b9b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6643,6 +6643,8 @@ in tpm2-tools = callPackage ../tools/security/tpm2-tools { }; + trezor-udev-rules = callPackage ../os-specific/linux/trezor-udev-rules {}; + trezord = callPackage ../servers/trezord { }; tthsum = callPackage ../applications/misc/tthsum { };