summaryrefslogtreecommitdiff
path: root/pkgs/athena-bccr
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/athena-bccr')
-rw-r--r--pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch25
-rw-r--r--pkgs/athena-bccr/LaunchGaudi.java12
-rw-r--r--pkgs/athena-bccr/default.nix32
-rw-r--r--pkgs/athena-bccr/firmador.nix57
-rw-r--r--pkgs/athena-bccr/gaudi-env.nix62
-rw-r--r--pkgs/athena-bccr/releases.nix27
-rw-r--r--pkgs/athena-bccr/unwrapped.nix328
7 files changed, 0 insertions, 543 deletions
diff --git a/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch b/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch
deleted file mode 100644
index a15896a..0000000
--- a/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 5e7eb46f46af6a29a2aea19db722ebc28baede25 Mon Sep 17 00:00:00 2001
-From: Alejandro Soto <alejandro@34project.org>
-Date: Sat, 21 Jun 2025 22:37:19 -0600
-Subject: [PATCH] Remove CheckUpdatePlugin from default list
-
----
- src/main/java/cr/libre/firmador/Settings.java | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/main/java/cr/libre/firmador/Settings.java b/src/main/java/cr/libre/firmador/Settings.java
-index e392a82..c2ab5e4 100644
---- a/src/main/java/cr/libre/firmador/Settings.java
-+++ b/src/main/java/cr/libre/firmador/Settings.java
-@@ -160,7 +160,7 @@ public class Settings {
- @SuppressWarnings("this-escape")
- public Settings() {
- activePlugins.add("cr.libre.firmador.plugins.DummyPlugin");
-- activePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin");
-+ // activePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin");
- // activePlugins.add("cr.libre.firmador.plugins.DocumentSignLogs");
- availablePlugins.add("cr.libre.firmador.plugins.DummyPlugin");
- availablePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin");
---
-2.51.2
-
diff --git a/pkgs/athena-bccr/LaunchGaudi.java b/pkgs/athena-bccr/LaunchGaudi.java
deleted file mode 100644
index e4bcdbf..0000000
--- a/pkgs/athena-bccr/LaunchGaudi.java
+++ /dev/null
@@ -1,12 +0,0 @@
-// Los del BCCR no se molestaron en ponerle un main al Agente Gaudi porque el
-// actualizador (que a su vez sí tiene main) carga el jar en memoria y crea una
-// instancia de Inicializador usando reflexión. El actualizador no es relevante
-// en Nix. En todo caso, dicho actualizador es sumamente frágil y me daría
-// demasiada pereza arreglarlo, así que en su lugar usamos este stub para
-// launchear Gaudi.
-
-public class LaunchGaudi {
- public static void main(String[] args) {
- new InicializadorCliente.Inicializador("");
- }
-}
diff --git a/pkgs/athena-bccr/default.nix b/pkgs/athena-bccr/default.nix
deleted file mode 100644
index 038220b..0000000
--- a/pkgs/athena-bccr/default.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{
- callPackage,
- lib,
- mirror ? null,
-}: let
- latest = "deb64-rev26.2";
-
- releases = lib.mapAttrs (name: release: release // {name = name;}) (import ./releases.nix);
-
- overrideUnwrapped = default: new: let
- args = default // new;
- unwrappedPkgs = lib.filterAttrs (name: _: ! lib.elem name ["override" "overrideDerivation"]) (callPackage ./unwrapped.nix args);
- in
- lib.fix (unwrapped: lib.mapAttrs (_: pkg: callPackage pkg unwrapped) unwrappedPkgs)
- // {
- override = overrideUnwrapped args;
- };
-
- pkgsForRelease = release: let
- inherit (unwrapped) card-driver bccr-cacerts;
-
- unwrapped = overrideUnwrapped {inherit mirror release;} {};
- pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}";
- in {
- inherit card-driver bccr-cacerts pkcs11-module;
- inherit (release) vendor;
-
- gaudi = callPackage ./gaudi-env.nix {inherit unwrapped;};
- firmador = callPackage ./firmador.nix {inherit pkcs11-module;};
- };
-in
- lib.mapAttrs (_: pkgsForRelease) (releases // {latest = releases.${latest};})
diff --git a/pkgs/athena-bccr/firmador.nix b/pkgs/athena-bccr/firmador.nix
deleted file mode 100644
index e8e0a2d..0000000
--- a/pkgs/athena-bccr/firmador.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{
- fetchgit,
- lib,
- makeWrapper,
- maven,
- openjdk,
- wrapGAppsHook3,
- pkcs11-module ? null,
-}: let
- jdk = openjdk.override {
- enableJavaFX = true;
- };
-
- version = "1.9.8+master";
-in
- maven.buildMavenPackage {
- pname = "firmador";
- inherit version;
-
- src = fetchgit {
- url = "https://codeberg.org/firmador/firmador";
- rev = "676b0e3c0dc5adb0628d4d98efcfccfca3daa8a7";
- hash = "sha256-f/EKll1csvUCRSt4G1SeDB4gVW+ZtUgJjlmM7PlafyQ=";
- };
-
- patches = [
- ./0001-Remove-CheckUpdatePlugin-from-default-list.patch
- ];
-
- mvnHash = "sha256-iqooTe8xTrkG0JxJXlAMHExt6D8n+msB/VrCNrSJ10c=";
-
- nativeBuildInputs = [
- makeWrapper
- wrapGAppsHook3
- ];
-
- postPatch = lib.optionalString (pkcs11-module != null) ''
- sed -i 's@/usr/lib/x64-athena/libASEP11.so@${pkcs11-module}@g' src/main/java/cr/libre/firmador/signers/CRSigner.java
- '';
-
- installPhase = ''
- runHook preInstall
-
- mkdir -p $out/bin $out/share/java
- install -Dm644 target/firmador.jar $out/share/java
-
- makeWrapper ${jdk}/bin/java $out/bin/firmador \
- --add-flags "-jar $out/share/java/firmador.jar"
-
- runHook postInstall
- '';
-
- meta = {
- homepage = "https://firmador.libre.cr";
- license = lib.licenses.gpl3Plus;
- };
- }
diff --git a/pkgs/athena-bccr/gaudi-env.nix b/pkgs/athena-bccr/gaudi-env.nix
deleted file mode 100644
index db79641..0000000
--- a/pkgs/athena-bccr/gaudi-env.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{
- buildFHSEnv,
- curl,
- lib,
- writeShellScriptBin,
- gaudiHash ? null,
- unwrapped,
-}: let
- unwrappedWithGaudi = unwrapped.override {inherit gaudiHash;};
-in
- buildFHSEnv {
- name = "gaudi";
-
- targetPkgs = pkgs: [
- unwrappedWithGaudi.card-driver.lib
- unwrappedWithGaudi.gaudi
-
- (writeShellScriptBin "launch-gaudi" ''
- set -o errexit
- set -o pipefail
- set -o nounset
-
- PATH="${lib.makeBinPath [curl]}:$PATH"
-
- echo "$0: testing for incompatible releases..." >&2
-
- jar_name=bccr-firma-fva-clienteMultiplataforma.jar
- url="https://www.firmadigital.go.cr/Bccr.Firma.Fva.Actualizador.ClienteFirmadorJava//recursosLiberica17/actualizador/$jar_name"
- ca_file="${unwrappedWithGaudi.bccr-cacerts}/root-ca.pem"
- url_hash=$(curl -sS --cacert "$ca_file" "$url" | sha256sum | cut -d' ' -f1)
- jar_path="${unwrappedWithGaudi.gaudi}/share/java/$jar_name"
- jar_hash=$(sha256sum "$jar_path" | cut -d' ' -f1)
-
- if [ "$url_hash" != "$jar_hash" ]; then
- last_modified=$(curl -sS --head --cacert "$ca_file" "$url" | grep -i '^last-modified:' | head -1)
-
- echo "$0: sha256 mismatch for $jar_path due to server-side update" >&2
- echo "$0: expected: $url_hash" >&2
- echo "$0: actual: $jar_hash" >&2
- echo "$0: $last_modified" >&2
- echo "$0: run the following to download the new client JAR, then update your derivation:" >&2
- echo "$0: \$ ${unwrappedWithGaudi.update-gaudi}" >&2
-
- exit 1
- fi
-
- cache_path_1="''${XDG_CACHE_HOME:-$HOME/.cache}/Agente-GAUDI"
- cache_path_2="''${XDG_CACHE_HOME:-$HOME/.cache}/Firmador-BCCR"
-
- for cache_path in "$cache_path_1" "$cache_path_2"; do
- mkdir -p "$cache_path"
- ln -sf -- ${unwrappedWithGaudi.gaudi}/share/java/bccr-firma-fva-clienteMultiplataforma.jar "$cache_path"
- done
-
- cp -f --no-preserve=mode -t "$cache_path_1" -- "${unwrappedWithGaudi.gaudi}/share/java/config.properties"
-
- exec gaudi
- '')
- ];
-
- runScript = "launch-gaudi";
- }
diff --git a/pkgs/athena-bccr/releases.nix b/pkgs/athena-bccr/releases.nix
deleted file mode 100644
index cbc5bdb..0000000
--- a/pkgs/athena-bccr/releases.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{
- "deb64-rev26" = {
- # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Rev26.zip | cut -d' ' -f1)
- hash = "sha256-ZPWP9TqJQ5coJAPzUSiaXKVItBWlqFM4smCjOf+gqQM=";
- filename = "sfd_ClientesLinux_DEB64_Rev26.zip";
- basename = "sfd_ClientesLinux_DEB64_Rev26";
- vendor = "athena";
-
- srcPaths = {
- gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_20.0_amd64.deb";
- idprotect = "Firma Digital/PinTool/IDProtect PINTool 7.24.02/DEB/idprotectclient_7.24.02-0_amd64.deb";
- };
- };
-
- "deb64-rev26.2" = {
- # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02 | cut -d' ' -f1)
- hash = "sha256-DNzP0YRnuUbfKLhi7JeQCirdGx4kM7ROqHDkTuVs0mA=";
- filename = "sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02.zip";
- basename = "sfd_ClientesLinux_DEB64_Ubuntu24_26_02";
- vendor = "idopte";
-
- srcPaths = {
- gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_27.0_amd64.deb";
- idopte = "Firma Digital/Idopte/Idopte_6.23.44.0_ubun24_amd64.deb";
- };
- };
-}
diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix
deleted file mode 100644
index bf99a84..0000000
--- a/pkgs/athena-bccr/unwrapped.nix
+++ /dev/null
@@ -1,328 +0,0 @@
-{
- fetchurl,
- lib,
- mirror ? null,
- requireFile,
- release,
- gaudiHash ? null,
- ...
-}: let
- inherit (release) srcPaths vendor;
-
- url =
- if mirror != null
- then "${mirror}/${release.filename}"
- else "https://soportefirmadigital.com";
-
- fetchSrc =
- if mirror != null
- then fetchurl
- else requireFile;
-
- src = fetchSrc {
- name = release.filename;
-
- inherit url;
- inherit (release) hash;
- };
-
- gaudiUpdateSrc = {
- update-gaudi,
- runCommand,
- }:
- runCommand "gaudi-update-${release.name}.zip" {
- outputHash = gaudiHash;
- } ''
- ${update-gaudi} $out
- '';
-
- moduleFromDeb = name: args @ {
- stdenv,
- dpkg,
- unzip,
- srcPath,
- ...
- }:
- stdenv.mkDerivation ({
- pname = "${name}-unwrapped";
- version = release.name;
-
- inherit src;
-
- nativeBuildInputs = [dpkg unzip] ++ (args.nativeBuildInputs or []);
-
- postUnpack = ''
- dpkg -x ${lib.escapeShellArg "${release.basename}/${srcPath}"} ${lib.escapeShellArg release.basename}
- '';
- }
- // lib.removeAttrs args ["stdenv" "dpkg" "unzip" "srcPath" "nativeBuildInputs"]);
-
- ase-idprotect = {
- autoPatchelfHook,
- dpkg,
- fontconfig,
- freetype,
- pcsclite,
- stdenv,
- unzip,
- xorg,
- zlib,
- ...
- }:
- moduleFromDeb "ase-idprotect" {
- inherit dpkg stdenv unzip;
- srcPath = srcPaths.idprotect;
-
- buildInputs = [
- fontconfig
- freetype
- pcsclite
- stdenv.cc.cc.lib
- xorg.libX11
- xorg.libXext
- zlib
- ];
-
- nativeBuildInputs = [
- autoPatchelfHook
- ];
-
- outputs = ["out" "lib"];
-
- installPhase = ''
- runHook preInstall
-
- install -m755 -d $out/bin $lib/{etc,lib/x64-athena}
- install -m755 usr/bin/IDProtect{_Manager,PINTool} $out/bin/
- install -m755 usr/lib/x64-athena/* $lib/lib/x64-athena
- cp -r etc/Athena $lib/etc/Athena
-
- runHook postInstall
- '';
-
- preFixup = ''
- patchelf --set-rpath $lib/lib/x64-athena $out/bin/*
- '';
-
- passthru.pkcs11-path = "lib/x64-athena/libASEP11.so";
- };
-
- scmiddleware = {
- autoPatchelfHook,
- dpkg,
- glib,
- gtk3,
- libappindicator-gtk3,
- libnotify,
- openssl,
- pcsclite,
- python3,
- stdenv,
- unzip,
- webkitgtk_4_1,
- ...
- }:
- moduleFromDeb "idopte-scmiddleware" {
- inherit dpkg stdenv unzip;
- srcPath = srcPaths.idopte;
-
- buildInputs = [
- glib
- gtk3
- libappindicator-gtk3
- libnotify
- openssl
- pcsclite
- stdenv.cc.cc.lib
- webkitgtk_4_1
- ];
-
- nativeBuildInputs = [
- autoPatchelfHook
- python3
- ];
-
- outputs = ["out" "lib"];
-
- installPhase = ''
- runHook preInstall
-
- install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware}
- install -m755 usr/lib/SCMiddleware/SCManager $out/bin
- install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware
- cp -r etc/id* $lib/etc
- ln -s ../lib/SCMiddleware $lib/etc
-
- runHook postInstall
- '';
-
- preFixup = ''
- for elf in $lib/lib/SCMiddleware/* $out/bin/*; do
- python3 /dev/fd/3 <$elf >$elf.patched 3<<EOF
- import sys
- contents = sys.stdin.buffer.read()
-
- def bin_replace(s, a, b):
- assert len(a) >= len(b)
- return s.replace(a, b + b'\0' * (len(a) - len(b)))
-
- contents = bin_replace(contents, b'/usr/lib/SCMiddleware', b'/etc/SCMiddleware')
- contents = bin_replace(contents, b'/tmp/.idoss_socket', b'/run/idoss/socket')
-
- sys.stdout.buffer.write(contents)
- EOF
-
- chmod --reference=$elf $elf.patched
- mv $elf.patched $elf
-
- patchelf --set-rpath $lib/lib/SCMiddleware $elf
- done
- '';
-
- passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so";
- };
-in
- {
- gaudi = {
- autoPatchelfHook,
- dpkg,
- makeWrapper,
- openjdk,
- pkgs,
- stdenv,
- unzip,
- runCommand,
- writeShellScriptBin,
- update-gaudi,
- ...
- }: let
- jdk = openjdk.override {
- enableJavaFX = true;
- openjfx_jdk = pkgs."openjfx${lib.head (lib.splitString "." openjdk.version)}".override {withWebKit = true;};
- };
-
- fakeSudo = writeShellScriptBin "sudo" "";
- gaudiUpdate = gaudiUpdateSrc {inherit runCommand update-gaudi;};
- in
- moduleFromDeb "gaudi" {
- inherit dpkg stdenv unzip;
- srcPath = srcPaths.gaudi;
-
- nativeBuildInputs = [
- autoPatchelfHook
- jdk
- makeWrapper
- ];
-
- preBuild = lib.optionalString (gaudiHash != null) ''
- unzip -o ${gaudiUpdate} -d opt/Agente-GAUDI/lib/app
- '';
-
- buildPhase = ''
- runHook preBuild
-
- install -m755 -d $out/{bin,opt/Firmador-BCCR/lib}
- cp -r opt/Agente-GAUDI/lib/app $out/opt/Firmador-BCCR/lib/app
-
- # Preserves the original filename and avoids <hash>-LaunchGaudi.java
- ln -s ${./LaunchGaudi.java} LaunchGaudi.java
-
- javac \
- -cp opt/Agente-GAUDI/lib/app/bccr-firma-fva-clienteMultiplataforma.jar \
- -d $out/opt/Firmador-BCCR/lib/app \
- LaunchGaudi.java
-
- runHook postBuild
- '';
-
- installPhase = ''
- runHook preInstall
-
- install -m755 -d $out/{share,opt/Firmador-BCCR/lib/runtime/lib}
- install -m755 -D opt/Agente-GAUDI/bin/Agente-GAUDI $out/opt/Firmador-BCCR/bin/Agente-GAUDI
- install -m755 -D opt/Agente-GAUDI/lib/libapplauncher.so $out/opt/Firmador-BCCR/lib/libapplauncher.so
-
- ln -s ../opt/Firmador-BCCR/lib/app $out/share/java
- ln -s Firmador-BCCR $out/opt/Agente-GAUDI
- ln -s ${jdk}/lib/openjdk/lib/libjli.so $out/opt/Firmador-BCCR/lib/runtime/lib/libjli.so
-
- makeWrapper ${jdk}/bin/java $out/bin/gaudi \
- --prefix PATH : ${fakeSudo}/bin \
- --add-flags "-cp $out/share/java:$out/share/java/bccr-firma-fva-clienteMultiplataforma.jar" \
- --add-flags "-Djavax.net.ssl.trustStore=$out/opt/Firmador-BCCR/lib/app/bccr.cacerts" \
- --add-flags "LaunchGaudi"
-
- runHook postInstall
- '';
- };
-
- bccr-cacerts = {
- openssl,
- stdenv,
- unzip,
- ...
- }:
- stdenv.mkDerivation {
- pname = "bccr-cacerts";
- version = release.name;
-
- inherit src;
-
- nativeBuildInputs = [
- openssl
- unzip
- ];
-
- installPhase = ''
- cp -r Firma\ Digital/Certificados $out
- openssl x509 -in $out/CA\ RAIZ\ NACIONAL\ -\ COSTA\ RICA\ v2.crt -out $out/root-ca.pem -text
- '';
- };
-
- update-gaudi = {
- wget,
- writeShellScript,
- zip,
- bccr-cacerts,
- ...
- }:
- writeShellScript "update-gaudi" ''
- set -o errexit
- set -o pipefail
- set -o nounset
-
- temp_dir="$(mktemp -d)"
- trap 'cd / && rm -rf -- "$temp_dir"' EXIT
- cd "$temp_dir"
-
- PATH="${lib.makeBinPath [wget zip]}:$PATH"
- ca_cert="${bccr-cacerts}/root-ca.pem"
- base_url="https://www.firmadigital.go.cr/Bccr.Firma.Fva.Actualizador.ClienteFirmadorJava//recursosLiberica17/actualizador"
-
- wget --ca-certificate="$ca_cert" "$base_url/bccr.cacerts"
- wget --ca-certificate="$ca_cert" "$base_url/config.properties"
- wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar"
- wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar"
-
- if [ -n "$1" ]; then
- zip_path="$1"
- else
- zip_path="$PWD/gaudi-update-${release.name}.zip"
- fi
-
- # https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2
- TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} +
- TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" .
- TZ=UTC touch -a -m -t 198002010000.00 "$zip_path"
-
- if [ -z "$1" ]; then
- echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))"
- fi
- '';
- }
- // lib.optionalAttrs (vendor == "athena") {
- card-driver = ase-idprotect;
- }
- // lib.optionalAttrs (vendor == "idopte") {
- card-driver = scmiddleware;
- }
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 07:28:54 +0000