From dd366aa20eeb2b01de8f52795b7c78757066ef5b Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 02:33:10 -0600 Subject: [PATCH 1/3] trivionomicon: athena-bccr: patch hard-coded FHS paths in idopte driver --- modules/athena-bccr/sys.nix | 10 +++++++--- pkgs/athena-bccr/unwrapped.nix | 27 ++++++++++++++++++++++++--- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index ce63b01..425c23a 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -7,6 +7,9 @@ }: let athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; inherit (athena) vendor; + + driver = athena.card-driver.lib; + scmiddleware = "${driver}/lib/SCMiddleware"; in { environment = { etc = @@ -16,11 +19,12 @@ in { ''; } // lib.optionalAttrs (vendor == "athena") { - "Athena".source = "${athena.card-driver.lib}/etc/Athena"; + "Athena".source = "${driver}/etc/Athena"; } // lib.optionalAttrs (vendor == "idopte") { - "idoss.conf".source = "${athena.card-driver.lib}/etc/idoss.conf"; - "idoss.lic".source = "${athena.card-driver.lib}/etc/idoss.lic"; + "idoss.conf".source = "${driver}/etc/idoss.conf"; + "idoss.lic".source = "${driver}/etc/idoss.lic"; + "SCMiddleware".source = scmiddleware; }; systemPackages = [athena.card-driver]; diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix index c7781e4..3a70144 100644 --- a/pkgs/athena-bccr/unwrapped.nix +++ b/pkgs/athena-bccr/unwrapped.nix @@ -102,6 +102,7 @@ libnotify, openssl, pcsclite, + python3, stdenv, unzip, webkitgtk_4_1, @@ -124,6 +125,7 @@ nativeBuildInputs = [ autoPatchelfHook + python3 ]; outputs = ["out" "lib"]; @@ -132,15 +134,34 @@ runHook preInstall install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware} - install -m755 usr/lib/SCMiddleware/{idocachesrv,SCManager} $out/bin - install -m755 usr/lib/SCMiddleware/*.so $lib/lib/SCMiddleware + install -m755 usr/lib/SCMiddleware/SCManager $out/bin + install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware cp -r etc/id* $lib/etc runHook postInstall ''; preFixup = '' - patchelf --set-rpath $lib/lib/SCMiddleware $lib/lib/SCMiddleware/* $out/bin/* + for elf in $lib/lib/SCMiddleware/* $out/bin/*; do + python3 /dev/fd/3 <$elf >$elf.patched 3<= len(b) + return s.replace(a, b + b'\0' * (len(a) - len(b))) + + contents = bin_replace(contents, b'/usr/lib/SCMiddleware', b'/etc/SCMiddleware') + contents = bin_replace(contents, b'/tmp/.idoss_socket', b'/run/idoss/socket') + + sys.stdout.buffer.write(contents) + EOF + + chmod --reference=$elf $elf.patched + mv $elf.patched $elf + + patchelf --set-rpath $lib/lib/SCMiddleware $elf + done ''; passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so"; From f7ec31843d8bc7f7ca6d0e2a41726af7af09d6df Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 02:33:53 -0600 Subject: [PATCH 2/3] trivionomicon: athena-bccr: add idopte cache server --- modules/athena-bccr/sys.nix | 41 +++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index 425c23a..98ae904 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -1,4 +1,5 @@ { + config, pkgs, lib, cfg, @@ -51,10 +52,42 @@ in { services = { pcscd.enable = true; - udev.extraRules = '' - # Athena Smartcard Solutions, Inc. ASEDrive V3CR - ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" - ''; + udev.extraRules = + lib.optionalString (vendor == "athena") '' + # Athena Smartcard Solutions, Inc. ASEDrive V3CR + ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" + '' + + lib.optionalString (vendor == "idopte") '' + # Bit4id Srl miniLector-s + ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl start --no-block idopte-reader.target" + ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl stop --no-block idopte-reader.target" + ''; + }; + + systemd = lib.mkIf (vendor == "idopte") { + #TODO: make this run as a non-root user + services.idopte-cache = { + description = "Idopte cache server"; + + after = ["smartcard.target"]; + bindsTo = ["idopte-reader.target"]; + wantedBy = ["idopte-reader.target"]; + + serviceConfig = { + Type = "forking"; + PIDFile = "/run/idoCacheSrv.pid"; + RuntimeDirectory = "idoss"; + + ExecStart = "${scmiddleware}/idocachesrv"; + }; + }; + + targets.idopte-reader = { + description = "Idopte USB reader inserted"; + + wants = ["smartcard.target"]; + before = ["smartcard.target"]; + }; }; users.groups.${cfg.group} = {}; From 789b1780cb5f3b309497466bf73e1389c281cc13 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 12:56:22 -0600 Subject: [PATCH 3/3] trivionomicon: athena-bccr: update firmador mvnHsah --- pkgs/athena-bccr/firmador.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/athena-bccr/firmador.nix b/pkgs/athena-bccr/firmador.nix index 82578e8..feec48e 100644 --- a/pkgs/athena-bccr/firmador.nix +++ b/pkgs/athena-bccr/firmador.nix @@ -27,7 +27,7 @@ in ./0001-Remove-CheckUpdatePlugin-from-default-list.patch ]; - mvnHash = "sha256-0vwJ1f+0UXxrXRaJ1BHqfOXDU/pxrSPdYYEQ71m4jJQ="; + mvnHash = "sha256-QDjhwrKZK/cEQxRYUM+z1zMCNrTHyxRqAhUfNtubhhI="; nativeBuildInputs = [ makeWrapper