pkgs/athena-bccr: fix gaudi support

author: Alejandro Soto <alejandro@34project.org> 2025-07-13 01:51:00 -0600
committer: Alejandro Soto <alejandro@34project.org> 2025-07-13 01:51:00 -0600
commit: 9d01e6dd2213dccd566c6204bd81465d3da68e46 (patch)
tree: 6fb0df81001b9fec00de20475b47f3e38e92a781 /pkgs/athena-bccr/unwrapped.nix
parent: 863aaa665b18175909d27d853db9e65fcec06677 (diff)
1 files changed, 99 insertions, 12 deletions
diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix
index 244bebc..200e998 100644
--- a/pkgs/athena-bccr/unwrapped.nix
+++ b/pkgs/athena-bccr/unwrapped.nix
@@ -1,28 +1,40 @@
 { lib
+, requireFile
 
 , release
+, gaudiHash ? null
+, ...
 }:
 let
   inherit (release) srcPaths;
 
-  moduleFromDeb = name: args@{ stdenv, dpkg, requireFile, unzip, srcPath, ... }:
+  src = requireFile {
+    url = "https://soportefirmadigital.com";
+    name = "${release.basename}.zip";
+
+    inherit (release) hash;
+  };
+
+  gaudiUpdateSrc = { update-gaudi }: requireFile {
+    url = "${update-gaudi}";
+    name = "gaudi-update-${release.name}.zip";
+
+    hash = gaudiHash;
+  };
+
+  moduleFromDeb = name: args@{ stdenv, dpkg, unzip, srcPath, ... }:
     stdenv.mkDerivation ({
       pname = "${name}-unwrapped";
       version = release.name;
 
-      src = requireFile {
-        url = "https://soportefirmadigital.com";
-        name = "${release.basename}.zip";
-
-        inherit (release) hash;
-      };
+      inherit src;
 
       nativeBuildInputs = [ dpkg unzip ] ++ (args.nativeBuildInputs or [ ]);
 
       postUnpack = ''
         dpkg -x ${lib.escapeShellArg "${release.basename}/${srcPath}"} ${lib.escapeShellArg release.basename}
       '';
-    } // lib.removeAttrs args [ "stdenv" "dpkg" "requireFile" "unzip" "srcPath" "nativeBuildInputs" ]);
+    } // lib.removeAttrs args [ "stdenv" "dpkg" "unzip" "srcPath" "nativeBuildInputs" ]);
 in
 {
   ase-idprotect =
@@ -31,14 +43,14 @@ in
     , fontconfig
     , freetype
     , pcsclite
-    , requireFile
     , stdenv
     , unzip
     , xorg
     , zlib
+    , ...
     }:
     moduleFromDeb "ase-idprotect" {
-      inherit dpkg requireFile stdenv unzip;
+      inherit dpkg stdenv unzip;
       srcPath = srcPaths.idprotect;
 
       buildInputs = [
@@ -76,20 +88,25 @@ in
     , dpkg
     , makeWrapper
     , openjdk
-    , requireFile
+    , pkgs
     , stdenv
     , unzip
     , writeShellScriptBin
+
+    , update-gaudi
+    , ...
     }:
     let
       jdk = openjdk.override {
         enableJavaFX = true;
+        openjfx_jdk = pkgs."openjfx${lib.head (lib.splitString "." openjdk.version)}".override { withWebKit = true; };
       };
 
       fakeSudo = writeShellScriptBin "sudo" "";
+      gaudiUpdate = gaudiUpdateSrc { inherit update-gaudi; };
     in
     moduleFromDeb "gaudi" {
-      inherit dpkg requireFile stdenv unzip;
+      inherit dpkg stdenv unzip;
       srcPath = srcPaths.gaudi;
 
       nativeBuildInputs = [
@@ -98,7 +115,13 @@ in
         makeWrapper
       ];
 
+      preBuild = lib.optionalString (gaudiHash != null) ''
+        unzip -o ${gaudiUpdate} -d opt/Agente-GAUDI/lib/app
+      '';
+
       buildPhase = ''
+        runHook preBuild
+
         install -m755 -d $out/{bin,opt/Firmador-BCCR/lib}
         cp -r opt/Agente-GAUDI/lib/app $out/opt/Firmador-BCCR/lib/app
 
@@ -109,6 +132,8 @@ in
           -cp opt/Agente-GAUDI/lib/app/bccr-firma-fva-clienteMultiplataforma.jar \
           -d $out/opt/Firmador-BCCR/lib/app \
           LaunchGaudi.java
+
+        runHook postBuild
       '';
 
       installPhase = ''
@@ -131,4 +156,66 @@ in
         runHook postInstall
       '';
     };
+
+  bccr-cacerts =
+    { openssl
+    , stdenv
+    , unzip
+    , ...
+    }:
+    stdenv.mkDerivation {
+      pname = "bccr-cacerts";
+      version = release.name;
+
+      inherit src;
+
+      nativeBuildInputs = [
+        openssl
+        unzip
+      ];
+
+      installPhase = ''
+        cp -r Firma\ Digital/Certificados $out
+        openssl x509 -in $out/CA\ RAIZ\ NACIONAL\ -\ COSTA\ RICA\ v2.crt -out $out/root-ca.pem -text
+      '';
+    };
+
+  update-gaudi =
+    { wget
+    , writeShellScript
+    , zip
+
+    , bccr-cacerts
+    , ...
+    }:
+    writeShellScript "update-gaudi" ''
+      set -o errexit
+      set -o pipefail
+      set -o nounset
+
+      temp_dir="$(mktemp -d)"
+      trap 'cd / && rm -rf -- "$temp_dir"' EXIT
+      cd "$temp_dir"
+
+      PATH="${lib.makeBinPath [ wget zip ]}:$PATH"
+      ca_cert="${bccr-cacerts}/root-ca.pem"
+      base_url="https://www.firmadigital.go.cr/Bccr.Firma.Fva.Actualizador.ClienteFirmadorJava//recursosLiberica17/actualizador"
+
+      wget --ca-certificate="$ca_cert" "$base_url/bccr.cacerts"
+      wget --ca-certificate="$ca_cert" "$base_url/config.properties"
+      wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar"
+      wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar"
+
+      # https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2
+      TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} +
+      zip_path="$PWD/gaudi-update-${release.name}.zip"
+      TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" .
+      TZ=UTC touch -a -m -t 198002010000.00 "$zip_path"
+
+      set -x
+      nix-store --add-fixed sha256 "$zip_path"
+      set +x
+
+      echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))"
+    '';
 }
author	Alejandro Soto <alejandro@34project.org>	2025-07-13 01:51:00 -0600
committer	Alejandro Soto <alejandro@34project.org>	2025-07-13 01:51:00 -0600
commit	9d01e6dd2213dccd566c6204bd81465d3da68e46 (patch)
tree	6fb0df81001b9fec00de20475b47f3e38e92a781 /pkgs/athena-bccr/unwrapped.nix
parent	863aaa665b18175909d27d853db9e65fcec06677 (diff)