From 91527cc068dea79b9b071c21e577ca5468156ddd Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Sun, 8 Mar 2026 21:14:10 -0600 Subject: trivionomicon: athena-bccr: add idopte links in /etc --- modules/athena-bccr/sys.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index 5457ca5..ce63b01 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -16,7 +16,11 @@ in { ''; } // lib.optionalAttrs (vendor == "athena") { - "Athena".source = "${athena.card-driver}/etc/Athena"; + "Athena".source = "${athena.card-driver.lib}/etc/Athena"; + } + // lib.optionalAttrs (vendor == "idopte") { + "idoss.conf".source = "${athena.card-driver.lib}/etc/idoss.conf"; + "idoss.lic".source = "${athena.card-driver.lib}/etc/idoss.lic"; }; systemPackages = [athena.card-driver]; -- cgit v1.2.3 From ca6ac0d5cb77b1328be42e36582bfcc970512ed9 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 02:33:10 -0600 Subject: trivionomicon: athena-bccr: patch hard-coded FHS paths in idopte driver --- modules/athena-bccr/sys.nix | 10 +++++++--- pkgs/athena-bccr/unwrapped.nix | 27 ++++++++++++++++++++++++--- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index ce63b01..425c23a 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -7,6 +7,9 @@ }: let athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; inherit (athena) vendor; + + driver = athena.card-driver.lib; + scmiddleware = "${driver}/lib/SCMiddleware"; in { environment = { etc = @@ -16,11 +19,12 @@ in { ''; } // lib.optionalAttrs (vendor == "athena") { - "Athena".source = "${athena.card-driver.lib}/etc/Athena"; + "Athena".source = "${driver}/etc/Athena"; } // lib.optionalAttrs (vendor == "idopte") { - "idoss.conf".source = "${athena.card-driver.lib}/etc/idoss.conf"; - "idoss.lic".source = "${athena.card-driver.lib}/etc/idoss.lic"; + "idoss.conf".source = "${driver}/etc/idoss.conf"; + "idoss.lic".source = "${driver}/etc/idoss.lic"; + "SCMiddleware".source = scmiddleware; }; systemPackages = [athena.card-driver]; diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix index c7781e4..3a70144 100644 --- a/pkgs/athena-bccr/unwrapped.nix +++ b/pkgs/athena-bccr/unwrapped.nix @@ -102,6 +102,7 @@ libnotify, openssl, pcsclite, + python3, stdenv, unzip, webkitgtk_4_1, @@ -124,6 +125,7 @@ nativeBuildInputs = [ autoPatchelfHook + python3 ]; outputs = ["out" "lib"]; @@ -132,15 +134,34 @@ runHook preInstall install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware} - install -m755 usr/lib/SCMiddleware/{idocachesrv,SCManager} $out/bin - install -m755 usr/lib/SCMiddleware/*.so $lib/lib/SCMiddleware + install -m755 usr/lib/SCMiddleware/SCManager $out/bin + install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware cp -r etc/id* $lib/etc runHook postInstall ''; preFixup = '' - patchelf --set-rpath $lib/lib/SCMiddleware $lib/lib/SCMiddleware/* $out/bin/* + for elf in $lib/lib/SCMiddleware/* $out/bin/*; do + python3 /dev/fd/3 <$elf >$elf.patched 3<= len(b) + return s.replace(a, b + b'\0' * (len(a) - len(b))) + + contents = bin_replace(contents, b'/usr/lib/SCMiddleware', b'/etc/SCMiddleware') + contents = bin_replace(contents, b'/tmp/.idoss_socket', b'/run/idoss/socket') + + sys.stdout.buffer.write(contents) + EOF + + chmod --reference=$elf $elf.patched + mv $elf.patched $elf + + patchelf --set-rpath $lib/lib/SCMiddleware $elf + done ''; passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so"; -- cgit v1.2.3 From b2a7c51c1b3c0af037e008cd6fd690d9960d1134 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 02:33:53 -0600 Subject: trivionomicon: athena-bccr: add idopte cache server --- modules/athena-bccr/sys.nix | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index 425c23a..98ae904 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -1,4 +1,5 @@ { + config, pkgs, lib, cfg, @@ -51,10 +52,42 @@ in { services = { pcscd.enable = true; - udev.extraRules = '' - # Athena Smartcard Solutions, Inc. ASEDrive V3CR - ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" - ''; + udev.extraRules = + lib.optionalString (vendor == "athena") '' + # Athena Smartcard Solutions, Inc. ASEDrive V3CR + ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" + '' + + lib.optionalString (vendor == "idopte") '' + # Bit4id Srl miniLector-s + ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl start --no-block idopte-reader.target" + ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl stop --no-block idopte-reader.target" + ''; + }; + + systemd = lib.mkIf (vendor == "idopte") { + #TODO: make this run as a non-root user + services.idopte-cache = { + description = "Idopte cache server"; + + after = ["smartcard.target"]; + bindsTo = ["idopte-reader.target"]; + wantedBy = ["idopte-reader.target"]; + + serviceConfig = { + Type = "forking"; + PIDFile = "/run/idoCacheSrv.pid"; + RuntimeDirectory = "idoss"; + + ExecStart = "${scmiddleware}/idocachesrv"; + }; + }; + + targets.idopte-reader = { + description = "Idopte USB reader inserted"; + + wants = ["smartcard.target"]; + before = ["smartcard.target"]; + }; }; users.groups.${cfg.group} = {}; -- cgit v1.2.3 From 2ae55b6ff17c2dc3e02f08611e9028cbe896dfd0 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 12:56:22 -0600 Subject: trivionomicon: athena-bccr: update firmador mvnHsah --- pkgs/athena-bccr/firmador.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/athena-bccr/firmador.nix b/pkgs/athena-bccr/firmador.nix index 82578e8..feec48e 100644 --- a/pkgs/athena-bccr/firmador.nix +++ b/pkgs/athena-bccr/firmador.nix @@ -27,7 +27,7 @@ in ./0001-Remove-CheckUpdatePlugin-from-default-list.patch ]; - mvnHash = "sha256-0vwJ1f+0UXxrXRaJ1BHqfOXDU/pxrSPdYYEQ71m4jJQ="; + mvnHash = "sha256-QDjhwrKZK/cEQxRYUM+z1zMCNrTHyxRqAhUfNtubhhI="; nativeBuildInputs = [ makeWrapper -- cgit v1.2.3 From fc467dc475567cf8030d5b20aacf99f2afcbbe9e Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 15:25:05 -0600 Subject: trivionomicon: athena-bccr: add support for mirrors --- modules/athena-bccr/hm.nix | 7 ++++++- modules/athena-bccr/options.nix | 12 ++++++++++++ modules/athena-bccr/sys.nix | 8 +++++++- pkgs/athena-bccr/default.nix | 3 ++- pkgs/athena-bccr/unwrapped.nix | 16 ++++++++++++++-- 5 files changed, 41 insertions(+), 5 deletions(-) diff --git a/modules/athena-bccr/hm.nix b/modules/athena-bccr/hm.nix index 0678e3c..df41f12 100644 --- a/modules/athena-bccr/hm.nix +++ b/modules/athena-bccr/hm.nix @@ -5,7 +5,12 @@ doctrine, ... }: let - athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; + athena = + (pkgs.${doctrine.prefix}.athena-bccr.override { + inherit (cfg) mirror; + }).${ + cfg.release + }; in { home.packages = [ athena.firmador diff --git a/modules/athena-bccr/options.nix b/modules/athena-bccr/options.nix index eb61cf5..7b6cf93 100644 --- a/modules/athena-bccr/options.nix +++ b/modules/athena-bccr/options.nix @@ -7,6 +7,12 @@ with lib.types; { description = "hash of the Gaudi client"; }; + mirror = lib.mkOption { + type = nullOr str; + default = null; + description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; + }; + release = lib.mkOption { type = str; default = "latest"; @@ -21,6 +27,12 @@ with lib.types; { description = "user group with full access to the smartcard reader"; }; + mirror = lib.mkOption { + type = nullOr str; + default = null; + description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; + }; + release = lib.mkOption { type = str; default = "latest"; diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index 98ae904..bd7d758 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -6,7 +6,13 @@ doctrine, ... }: let - athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; + athena = + (pkgs.${doctrine.prefix}.athena-bccr.override { + inherit (cfg) mirror; + }).${ + cfg.release + }; + inherit (athena) vendor; driver = athena.card-driver.lib; diff --git a/pkgs/athena-bccr/default.nix b/pkgs/athena-bccr/default.nix index c4a8575..038220b 100644 --- a/pkgs/athena-bccr/default.nix +++ b/pkgs/athena-bccr/default.nix @@ -1,6 +1,7 @@ { callPackage, lib, + mirror ? null, }: let latest = "deb64-rev26.2"; @@ -18,7 +19,7 @@ pkgsForRelease = release: let inherit (unwrapped) card-driver bccr-cacerts; - unwrapped = overrideUnwrapped {inherit release;} {}; + unwrapped = overrideUnwrapped {inherit mirror release;} {}; pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}"; in { inherit card-driver bccr-cacerts pkcs11-module; diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix index 3a70144..a2b7722 100644 --- a/pkgs/athena-bccr/unwrapped.nix +++ b/pkgs/athena-bccr/unwrapped.nix @@ -1,5 +1,7 @@ { + fetchurl, lib, + mirror ? null, requireFile, release, gaudiHash ? null, @@ -7,10 +9,20 @@ }: let inherit (release) srcPaths vendor; - src = requireFile { - url = "https://soportefirmadigital.com"; + url = + if mirror != null + then "${mirror}/${release.filename}" + else "https://soportefirmadigital.com"; + + fetchSrc = + if mirror != null + then fetchurl + else requireFile; + + src = fetchSrc { name = release.filename; + inherit url; inherit (release) hash; }; -- cgit v1.2.3 From 85d28c94bffea2291fc5302e490a1828f61bbe33 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 15:42:13 -0600 Subject: trivionomicon: athena-bccr: run update-gaudi during build if gaudiHash is given --- pkgs/athena-bccr/unwrapped.nix | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix index a2b7722..848ea3e 100644 --- a/pkgs/athena-bccr/unwrapped.nix +++ b/pkgs/athena-bccr/unwrapped.nix @@ -26,13 +26,15 @@ inherit (release) hash; }; - gaudiUpdateSrc = {update-gaudi}: - requireFile { - url = "${update-gaudi}"; - name = "gaudi-update-${release.name}.zip"; - - hash = gaudiHash; - }; + gaudiUpdateSrc = { + update-gaudi, + runCommand, + }: + runCommand "gaudi-update-${release.name}.zip" { + outputHash = gaudiHash; + } '' + ${update-gaudi} $out + ''; moduleFromDeb = name: args @ { stdenv, @@ -188,6 +190,7 @@ in pkgs, stdenv, unzip, + runCommand, writeShellScriptBin, update-gaudi, ... @@ -198,7 +201,7 @@ in }; fakeSudo = writeShellScriptBin "sudo" ""; - gaudiUpdate = gaudiUpdateSrc {inherit update-gaudi;}; + gaudiUpdate = gaudiUpdateSrc {inherit runCommand update-gaudi;}; in moduleFromDeb "gaudi" { inherit dpkg stdenv unzip; @@ -300,17 +303,20 @@ in wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar" wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar" + if [ -n "$1" ]; then + zip_path="$1" + else + zip_path="$PWD/gaudi-update-${release.name}.zip" + fi + # https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2 TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} + - zip_path="$PWD/gaudi-update-${release.name}.zip" TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" . TZ=UTC touch -a -m -t 198002010000.00 "$zip_path" - set -x - nix-store --add-fixed sha256 "$zip_path" - set +x - - echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))" + if [ -z "$1" ]; then + echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))" + fi ''; } // lib.optionalAttrs (vendor == "athena") { -- cgit v1.2.3 From 0362e95bc2c3e59f92108fb30d7a60a20c246ccf Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 18:07:38 -0600 Subject: trivionomicon: athena-bccr: fix /etc/SCMiddleware symlink in gaudi FHS env --- pkgs/athena-bccr/unwrapped.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix index 848ea3e..bf99a84 100644 --- a/pkgs/athena-bccr/unwrapped.nix +++ b/pkgs/athena-bccr/unwrapped.nix @@ -151,6 +151,7 @@ install -m755 usr/lib/SCMiddleware/SCManager $out/bin install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware cp -r etc/id* $lib/etc + ln -s ../lib/SCMiddleware $lib/etc runHook postInstall ''; -- cgit v1.2.3 From c258f492161ec8c81ec71ca5f6776be85863f934 Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 9 Mar 2026 18:09:07 -0600 Subject: trivionomicon/athena-bccr: update maven hash --- pkgs/athena-bccr/firmador.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/athena-bccr/firmador.nix b/pkgs/athena-bccr/firmador.nix index feec48e..e8e0a2d 100644 --- a/pkgs/athena-bccr/firmador.nix +++ b/pkgs/athena-bccr/firmador.nix @@ -27,7 +27,7 @@ in ./0001-Remove-CheckUpdatePlugin-from-default-list.patch ]; - mvnHash = "sha256-QDjhwrKZK/cEQxRYUM+z1zMCNrTHyxRqAhUfNtubhhI="; + mvnHash = "sha256-iqooTe8xTrkG0JxJXlAMHExt6D8n+msB/VrCNrSJ10c="; nativeBuildInputs = [ makeWrapper -- cgit v1.2.3