From 742a4b51911f25ca3c04122d8a478d0d99fc2e6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Llu=C3=ADs=20Batlle=20i=20Rossell?= Date: Thu, 14 Jan 2010 23:43:56 +0000 Subject: [PATCH] Adding a global wrapper that provides the user with ready-to-use opensc tools and a 'firefox-dnie' that will launch the firefox in the path with the proper environment variables to allow firefox access the Spanish national id SmartCard as a Security Device. For the later to work cleanly, it will require the user to enable the opensc-pkcs11 module as Security Devices in firefox. svn path=/nixpkgs/trunk/; revision=19452 --- .../libraries/libopensc-dnie/default.nix | 5 ++ .../security/opensc-dnie-wrapper/default.nix | 67 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 4 ++ 3 files changed, 76 insertions(+) create mode 100644 pkgs/tools/security/opensc-dnie-wrapper/default.nix diff --git a/pkgs/development/libraries/libopensc-dnie/default.nix b/pkgs/development/libraries/libopensc-dnie/default.nix index 16c65e33c900..a3a6a6423d87 100644 --- a/pkgs/development/libraries/libopensc-dnie/default.nix +++ b/pkgs/development/libraries/libopensc-dnie/default.nix @@ -39,6 +39,11 @@ stdenv.mkDerivation rec { cp -R usr/share $out ''; + passthru = { + # This will help keeping the proper opensc version when using this libopensc-dnie library + inherit opensc; + }; + meta = { homepage = http://www.dnielectronico.es/descargas/; description = "Opensc plugin to access the Spanish national ID smartcard"; diff --git a/pkgs/tools/security/opensc-dnie-wrapper/default.nix b/pkgs/tools/security/opensc-dnie-wrapper/default.nix new file mode 100644 index 000000000000..ec649790e677 --- /dev/null +++ b/pkgs/tools/security/opensc-dnie-wrapper/default.nix @@ -0,0 +1,67 @@ +{stdenv, makeWrapper, ed, libopensc_dnie}: + +let + opensc = libopensc_dnie.opensc; +in +stdenv.mkDerivation rec { + name = "${opensc.name}-dnie-wrapper"; + + buildInputs = [ makeWrapper ]; + + phases = [ "installPhase" ]; + + installPhase = '' + ensureDir $out/etc + cp ${opensc}/etc/opensc.conf $out/etc + chmod +w $out/etc/opensc.conf + + # NOTE: The libopensc-dnie.so driver requires /usr/bin/pinentry available, to sign + + ${ed}/bin/ed $out/etc/opensc.conf << EOF + /card_drivers + a + card_drivers = dnie; + card_driver dnie { + module = ${libopensc_dnie}/lib/libopensc-dnie.so; + } + . + w + q + EOF + + # Disable pkcs15 file caching, otherwise the card does not work + sed -i 's/use_caching = true/use_caching = false/' $out/etc/opensc.conf + + for a in ${opensc}/bin/*; do + makeWrapper $a $out/bin/`basename $a` \ + --set OPENSC_CONF $out/etc/opensc.conf + done + + # Special wrapper for pkcs11-tool, which needs an additional parameter + rm $out/bin/pkcs11-tool + makeWrapper ${opensc}/bin/pkcs11-tool $out/bin/pkcs11-tool \ + --set OPENSC_CONF $out/etc/opensc.conf \ + --add-flags "--module ${opensc}/lib/opensc-pkcs11.so" + + # Add, as bonus, a wrapper for the firefox in the PATH, that loads the + # proper opensc configuration. + cat > $out/bin/firefox-dnie << EOF + #!${stdenv.shell} + export OPENSC_CONF=$out/etc/opensc.conf + exec firefox + EOF + chmod +x $out/bin/firefox-dnie + ''; + + meta = { + description = "Access to the opensc tools and firefox using the Spanish national ID SmartCard"; + longDescription = '' + Opensc needs a special configuration and special drivers to use the SmartCard + the Spanish governement provides to the citizens as ID card. + Some wrapper scripts take care for the proper opensc configuration to be used, in order + to access the certificates in the SmartCard through the opensc tools or firefox. + Opensc will require a pcscd daemon running, managing the access to the card reader. + ''; + maintainers = with stdenv.lib.maintainers; [viric]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2239e0cf130c..1e216130f323 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1186,6 +1186,10 @@ let opensc = opensc_0_11_7; + opensc_dnie_wrapper = import ../tools/security/opensc-dnie-wrapper { + inherit stdenv makeWrapper ed libopensc_dnie; + }; + openssh = import ../tools/networking/openssh { inherit fetchurl stdenv zlib openssl pam perl; pamSupport = getPkgConfig "openssh" "pam" true;