Adding a global wrapper that provides the user with ready-to-use opensc tools and

a 'firefox-dnie' that will launch the firefox in the path with the proper environment variables to allow firefox access the Spanish national id SmartCard as a Security Device. For the later to work cleanly, it will require the user to enable the opensc-pkcs11 module as Security Devices in firefox. svn path=/nixpkgs/trunk/; revision=19452
2024-11-21 05:00:16 +00:00 · 2010-01-14 23:43:56 +00:00 · 2010-01-14 23:43:56 +00:00 · 742a4b5191
parent 2ef0816647
commit 742a4b5191
3 changed files with 76 additions and 0 deletions
--- a/pkgs/development/libraries/libopensc-dnie/default.nix
+++ b/pkgs/development/libraries/libopensc-dnie/default.nix
@ -39,6 +39,11 @@ stdenv.mkDerivation rec {
    cp -R usr/share $out
  '';

+  passthru = {
+    # This will help keeping the proper opensc version when using this libopensc-dnie library
+    inherit opensc;
+  };
+
  meta = {
    homepage = http://www.dnielectronico.es/descargas/;
    description = "Opensc plugin to access the Spanish national ID smartcard";
--- a/pkgs/tools/security/opensc-dnie-wrapper/default.nix
+++ b/pkgs/tools/security/opensc-dnie-wrapper/default.nix
@ -0,0 +1,67 @@
+{stdenv, makeWrapper, ed, libopensc_dnie}:
+
+let
+   opensc = libopensc_dnie.opensc;
+in
+stdenv.mkDerivation rec {
+  name = "${opensc.name}-dnie-wrapper";
+
+  buildInputs = [ makeWrapper ];
+  
+  phases = [ "installPhase" ];
+
+  installPhase = ''
+    ensureDir $out/etc
+    cp ${opensc}/etc/opensc.conf $out/etc
+    chmod +w $out/etc/opensc.conf
+
+    # NOTE: The libopensc-dnie.so driver requires /usr/bin/pinentry available, to sign
+
+    ${ed}/bin/ed $out/etc/opensc.conf << EOF
+    /card_drivers
+    a
+    card_drivers = dnie;
+    card_driver dnie {
+      module = ${libopensc_dnie}/lib/libopensc-dnie.so;
+    }
+    .
+    w
+    q
+    EOF
+
+    # Disable pkcs15 file caching, otherwise the card does not work
+    sed -i 's/use_caching = true/use_caching = false/' $out/etc/opensc.conf
+
+    for a in ${opensc}/bin/*; do
+      makeWrapper $a $out/bin/`basename $a` \
+        --set OPENSC_CONF $out/etc/opensc.conf
+    done
+
+    # Special wrapper for pkcs11-tool, which needs an additional parameter
+    rm $out/bin/pkcs11-tool
+    makeWrapper ${opensc}/bin/pkcs11-tool $out/bin/pkcs11-tool \
+      --set OPENSC_CONF $out/etc/opensc.conf \
+      --add-flags "--module ${opensc}/lib/opensc-pkcs11.so"
+
+    # Add, as bonus, a wrapper for the firefox in the PATH, that loads the
+    # proper opensc configuration.
+    cat > $out/bin/firefox-dnie << EOF
+    #!${stdenv.shell}
+    export OPENSC_CONF=$out/etc/opensc.conf
+    exec firefox
+    EOF
+    chmod +x $out/bin/firefox-dnie
+  '';
+
+  meta = {
+    description = "Access to the opensc tools and firefox using the Spanish national ID SmartCard";
+    longDescription = ''
+      Opensc needs a special configuration and special drivers to use the SmartCard
+      the Spanish governement provides to the citizens as ID card.
+      Some wrapper scripts take care for the proper opensc configuration to be used, in order
+      to access the certificates in the SmartCard through the opensc tools or firefox.
+      Opensc will require a pcscd daemon running, managing the access to the card reader.
+    '';
+    maintainers = with stdenv.lib.maintainers; [viric];
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -1186,6 +1186,10 @@ let

  opensc = opensc_0_11_7;

+  opensc_dnie_wrapper = import ../tools/security/opensc-dnie-wrapper {
+    inherit stdenv makeWrapper ed libopensc_dnie;
+  };
+
  openssh = import ../tools/networking/openssh {
    inherit fetchurl stdenv zlib openssl pam perl;
    pamSupport = getPkgConfig "openssh" "pam" true;