summaryrefslogtreecommitdiff
path: root/trivionomicon/pkgs/athena-bccr/unwrapped.nix
diff options
context:
space:
mode:
Diffstat (limited to 'trivionomicon/pkgs/athena-bccr/unwrapped.nix')
-rw-r--r--trivionomicon/pkgs/athena-bccr/unwrapped.nix329
1 files changed, 329 insertions, 0 deletions
diff --git a/trivionomicon/pkgs/athena-bccr/unwrapped.nix b/trivionomicon/pkgs/athena-bccr/unwrapped.nix
new file mode 100644
index 0000000..dc9f142
--- /dev/null
+++ b/trivionomicon/pkgs/athena-bccr/unwrapped.nix
@@ -0,0 +1,329 @@
+{
+ fetchurl,
+ lib,
+ mirror ? null,
+ requireFile,
+ release,
+ gaudiHash ? null,
+ vendor,
+ ...
+}: let
+ inherit (release) srcPaths;
+
+ url =
+ if mirror != null
+ then "${mirror}/${release.filename}"
+ else "https://soportefirmadigital.com";
+
+ fetchSrc =
+ if mirror != null
+ then fetchurl
+ else requireFile;
+
+ src = fetchSrc {
+ name = release.filename;
+
+ inherit url;
+ inherit (release) hash;
+ };
+
+ gaudiUpdateSrc = {
+ update-gaudi,
+ runCommand,
+ }:
+ runCommand "gaudi-update-${release.name}.zip" {
+ outputHash = gaudiHash;
+ } ''
+ ${update-gaudi} $out
+ '';
+
+ moduleFromDeb = name: args @ {
+ stdenv,
+ dpkg,
+ unzip,
+ srcPath,
+ ...
+ }:
+ stdenv.mkDerivation ({
+ pname = "${name}-unwrapped";
+ version = release.name;
+
+ inherit src;
+
+ nativeBuildInputs = [dpkg unzip] ++ (args.nativeBuildInputs or []);
+
+ postUnpack = ''
+ dpkg -x ${lib.escapeShellArg "${release.basename}/${srcPath}"} ${lib.escapeShellArg release.basename}
+ '';
+ }
+ // lib.removeAttrs args ["stdenv" "dpkg" "unzip" "srcPath" "nativeBuildInputs"]);
+
+ ase-idprotect = {
+ autoPatchelfHook,
+ dpkg,
+ fontconfig,
+ freetype,
+ pcsclite,
+ stdenv,
+ unzip,
+ xorg,
+ zlib,
+ ...
+ }:
+ moduleFromDeb "ase-idprotect" {
+ inherit dpkg stdenv unzip;
+ srcPath = srcPaths.idprotect;
+
+ buildInputs = [
+ fontconfig
+ freetype
+ pcsclite
+ stdenv.cc.cc.lib
+ xorg.libX11
+ xorg.libXext
+ zlib
+ ];
+
+ nativeBuildInputs = [
+ autoPatchelfHook
+ ];
+
+ outputs = ["out" "lib"];
+
+ installPhase = ''
+ runHook preInstall
+
+ install -m755 -d $out/bin $lib/{etc,lib/x64-athena}
+ install -m755 usr/bin/IDProtect{_Manager,PINTool} $out/bin/
+ install -m755 usr/lib/x64-athena/* $lib/lib/x64-athena
+ cp -r etc/Athena $lib/etc/Athena
+
+ runHook postInstall
+ '';
+
+ preFixup = ''
+ patchelf --set-rpath $lib/lib/x64-athena $out/bin/*
+ '';
+
+ passthru.pkcs11-path = "lib/x64-athena/libASEP11.so";
+ };
+
+ scmiddleware = {
+ autoPatchelfHook,
+ dpkg,
+ glib,
+ gtk3,
+ libappindicator-gtk3,
+ libnotify,
+ openssl,
+ pcsclite,
+ python3,
+ stdenv,
+ unzip,
+ webkitgtk_4_1,
+ ...
+ }:
+ moduleFromDeb "idopte-scmiddleware" {
+ inherit dpkg stdenv unzip;
+ srcPath = srcPaths.idopte;
+
+ buildInputs = [
+ glib
+ gtk3
+ libappindicator-gtk3
+ libnotify
+ openssl
+ pcsclite
+ stdenv.cc.cc.lib
+ webkitgtk_4_1
+ ];
+
+ nativeBuildInputs = [
+ autoPatchelfHook
+ python3
+ ];
+
+ outputs = ["out" "lib"];
+
+ installPhase = ''
+ runHook preInstall
+
+ install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware}
+ install -m755 usr/lib/SCMiddleware/SCManager $out/bin
+ install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware
+ cp -r etc/id* $lib/etc
+ ln -s ../lib/SCMiddleware $lib/etc
+
+ runHook postInstall
+ '';
+
+ preFixup = ''
+ for elf in $lib/lib/SCMiddleware/* $out/bin/*; do
+ python3 /dev/fd/3 <$elf >$elf.patched 3<<EOF
+ import sys
+ contents = sys.stdin.buffer.read()
+
+ def bin_replace(s, a, b):
+ assert len(a) >= len(b)
+ return s.replace(a, b + b'\0' * (len(a) - len(b)))
+
+ contents = bin_replace(contents, b'/usr/lib/SCMiddleware', b'/etc/SCMiddleware')
+ contents = bin_replace(contents, b'/tmp/.idoss_socket', b'/run/idoss/socket')
+
+ sys.stdout.buffer.write(contents)
+ EOF
+
+ chmod --reference=$elf $elf.patched
+ mv $elf.patched $elf
+
+ patchelf --set-rpath $lib/lib/SCMiddleware $elf
+ done
+ '';
+
+ passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so";
+ };
+in
+ {
+ gaudi = {
+ autoPatchelfHook,
+ dpkg,
+ makeWrapper,
+ openjdk,
+ pkgs,
+ stdenv,
+ unzip,
+ runCommand,
+ writeShellScriptBin,
+ update-gaudi,
+ ...
+ }: let
+ jdk = openjdk.override {
+ enableJavaFX = true;
+ openjfx_jdk = pkgs."openjfx${lib.head (lib.splitString "." openjdk.version)}".override {withWebKit = true;};
+ };
+
+ fakeSudo = writeShellScriptBin "sudo" "";
+ gaudiUpdate = gaudiUpdateSrc {inherit runCommand update-gaudi;};
+ in
+ moduleFromDeb "gaudi" {
+ inherit dpkg stdenv unzip;
+ srcPath = srcPaths.gaudi;
+
+ nativeBuildInputs = [
+ autoPatchelfHook
+ jdk
+ makeWrapper
+ ];
+
+ preBuild = lib.optionalString (gaudiHash != null) ''
+ unzip -o ${gaudiUpdate} -d opt/Agente-GAUDI/lib/app
+ '';
+
+ buildPhase = ''
+ runHook preBuild
+
+ install -m755 -d $out/{bin,opt/Firmador-BCCR/lib}
+ cp -r opt/Agente-GAUDI/lib/app $out/opt/Firmador-BCCR/lib/app
+
+ # Preserves the original filename and avoids <hash>-LaunchGaudi.java
+ ln -s ${./LaunchGaudi.java} LaunchGaudi.java
+
+ javac \
+ -cp opt/Agente-GAUDI/lib/app/bccr-firma-fva-clienteMultiplataforma.jar \
+ -d $out/opt/Firmador-BCCR/lib/app \
+ LaunchGaudi.java
+
+ runHook postBuild
+ '';
+
+ installPhase = ''
+ runHook preInstall
+
+ install -m755 -d $out/{share,opt/Firmador-BCCR/lib/runtime/lib}
+ install -m755 -D opt/Agente-GAUDI/bin/Agente-GAUDI $out/opt/Firmador-BCCR/bin/Agente-GAUDI
+ install -m755 -D opt/Agente-GAUDI/lib/libapplauncher.so $out/opt/Firmador-BCCR/lib/libapplauncher.so
+
+ ln -s ../opt/Firmador-BCCR/lib/app $out/share/java
+ ln -s Firmador-BCCR $out/opt/Agente-GAUDI
+ ln -s ${jdk}/lib/openjdk/lib/libjli.so $out/opt/Firmador-BCCR/lib/runtime/lib/libjli.so
+
+ makeWrapper ${jdk}/bin/java $out/bin/gaudi \
+ --prefix PATH : ${fakeSudo}/bin \
+ --add-flags "-cp $out/share/java:$out/share/java/bccr-firma-fva-clienteMultiplataforma.jar" \
+ --add-flags "-Djavax.net.ssl.trustStore=$out/opt/Firmador-BCCR/lib/app/bccr.cacerts" \
+ --add-flags "LaunchGaudi"
+
+ runHook postInstall
+ '';
+ };
+
+ bccr-cacerts = {
+ openssl,
+ stdenv,
+ unzip,
+ ...
+ }:
+ stdenv.mkDerivation {
+ pname = "bccr-cacerts";
+ version = release.name;
+
+ inherit src;
+
+ nativeBuildInputs = [
+ openssl
+ unzip
+ ];
+
+ installPhase = ''
+ cp -r Firma\ Digital/Certificados $out
+ openssl x509 -in $out/CA\ RAIZ\ NACIONAL\ -\ COSTA\ RICA\ v2.crt -out $out/root-ca.pem -text
+ '';
+ };
+
+ update-gaudi = {
+ wget,
+ writeShellScript,
+ zip,
+ bccr-cacerts,
+ ...
+ }:
+ writeShellScript "update-gaudi" ''
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+
+ temp_dir="$(mktemp -d)"
+ trap 'cd / && rm -rf -- "$temp_dir"' EXIT
+ cd "$temp_dir"
+
+ PATH="${lib.makeBinPath [wget zip]}:$PATH"
+ ca_cert="${bccr-cacerts}/root-ca.pem"
+ base_url="https://www.firmadigital.go.cr/Bccr.Firma.Fva.Actualizador.ClienteFirmadorJava//recursosLiberica17/actualizador"
+
+ wget --ca-certificate="$ca_cert" "$base_url/bccr.cacerts"
+ wget --ca-certificate="$ca_cert" "$base_url/config.properties"
+ wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar"
+ wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar"
+
+ if [ -n "$1" ]; then
+ zip_path="$1"
+ else
+ zip_path="$PWD/gaudi-update-${release.name}.zip"
+ fi
+
+ # https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2
+ TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} +
+ TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" .
+ TZ=UTC touch -a -m -t 198002010000.00 "$zip_path"
+
+ if [ -z "$1" ]; then
+ echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))"
+ fi
+ '';
+ }
+ // lib.optionalAttrs (vendor == "athena") {
+ card-driver = ase-idprotect;
+ }
+ // lib.optionalAttrs (vendor == "idopte") {
+ card-driver = scmiddleware;
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 05:23:47 +0000