forked from mirrors/nixpkgs
c90b6a859b
The polkit support in pcsclite is entirely optional but package enables it unconditionally and this breaks connecting to the pcscd daemon on systems without polkit. The fix is making this configurable and automatically disabling `polkitSupport` when the polkit service is disabled.
77 lines
2.2 KiB
Nix
77 lines
2.2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfgFile = pkgs.writeText "reader.conf" config.services.pcscd.readerConfig;
|
|
|
|
package = if config.security.polkit.enable
|
|
then pkgs.pcscliteWithPolkit
|
|
else pkgs.pcsclite;
|
|
|
|
pluginEnv = pkgs.buildEnv {
|
|
name = "pcscd-plugins";
|
|
paths = map (p: "${p}/pcsc/drivers") config.services.pcscd.plugins;
|
|
};
|
|
|
|
in
|
|
{
|
|
|
|
###### interface
|
|
|
|
options.services.pcscd = {
|
|
enable = mkEnableOption (lib.mdDoc "PCSC-Lite daemon");
|
|
|
|
plugins = mkOption {
|
|
type = types.listOf types.package;
|
|
default = [ pkgs.ccid ];
|
|
defaultText = literalExpression "[ pkgs.ccid ]";
|
|
example = literalExpression "[ pkgs.pcsc-cyberjack ]";
|
|
description = lib.mdDoc "Plugin packages to be used for PCSC-Lite.";
|
|
};
|
|
|
|
readerConfig = mkOption {
|
|
type = types.lines;
|
|
default = "";
|
|
example = ''
|
|
FRIENDLYNAME "Some serial reader"
|
|
DEVICENAME /dev/ttyS0
|
|
LIBPATH /path/to/serial_reader.so
|
|
CHANNELID 1
|
|
'';
|
|
description = lib.mdDoc ''
|
|
Configuration for devices that aren't hotpluggable.
|
|
|
|
See {manpage}`reader.conf(5)` for valid options.
|
|
'';
|
|
};
|
|
};
|
|
|
|
###### implementation
|
|
|
|
config = mkIf config.services.pcscd.enable {
|
|
|
|
environment.etc."reader.conf".source = cfgFile;
|
|
|
|
environment.systemPackages = [ package ];
|
|
systemd.packages = [ (getBin package) ];
|
|
|
|
systemd.sockets.pcscd.wantedBy = [ "sockets.target" ];
|
|
|
|
systemd.services.pcscd = {
|
|
environment.PCSCLITE_HP_DROPDIR = pluginEnv;
|
|
restartTriggers = [ "/etc/reader.conf" ];
|
|
|
|
# If the cfgFile is empty and not specified (in which case the default
|
|
# /etc/reader.conf is assumed), pcscd will happily start going through the
|
|
# entire confdir (/etc in our case) looking for a config file and try to
|
|
# parse everything it finds. Doesn't take a lot of imagination to see how
|
|
# well that works. It really shouldn't do that to begin with, but to work
|
|
# around it, we force the path to the cfgFile.
|
|
#
|
|
# https://github.com/NixOS/nixpkgs/issues/121088
|
|
serviceConfig.ExecStart = [ "" "${getBin package}/bin/pcscd -f -x -c ${cfgFile}" ];
|
|
};
|
|
};
|
|
}
|