trivionomicon: athena-bccr: update firmador mvnHsah

trivionomicon: athena-bccr: add idopte cache server
trivionomicon: athena-bccr: patch hard-coded FHS paths in idopte driver
2026-03-09 12:56:22 -06:00 · 2026-03-09 12:55:19 -06:00 · 2026-03-09 02:33:10 -06:00
3 changed files with 69 additions and 11 deletions
--- a/modules/athena-bccr/sys.nix
+++ b/modules/athena-bccr/sys.nix
@ -1,4 +1,5 @@
 {
  config,
  pkgs,
  lib,
  cfg,
@ -7,6 +8,9 @@
 }: let
  athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release};
  inherit (athena) vendor;
  driver = athena.card-driver.lib;
  scmiddleware = "${driver}/lib/SCMiddleware";
 in {
  environment = {
    etc =
@ -16,11 +20,12 @@ in {
        '';
      }
      // lib.optionalAttrs (vendor == "athena") {
-        "Athena".source = "${athena.card-driver.lib}/etc/Athena";
+        "Athena".source = "${driver}/etc/Athena";
      }
      // lib.optionalAttrs (vendor == "idopte") {
-        "idoss.conf".source = "${athena.card-driver.lib}/etc/idoss.conf";
+        "idoss.conf".source = "${driver}/etc/idoss.conf";
-        "idoss.lic".source = "${athena.card-driver.lib}/etc/idoss.lic";
+        "idoss.lic".source = "${driver}/etc/idoss.lic";
        "SCMiddleware".source = scmiddleware;
      };
    systemPackages = [athena.card-driver];
@ -47,10 +52,42 @@ in {
  services = {
    pcscd.enable = true;
-    udev.extraRules = ''
+    udev.extraRules =
-      # Athena Smartcard Solutions, Inc. ASEDrive V3CR
+      lib.optionalString (vendor == "athena") ''
-      ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess"
+        # Athena Smartcard Solutions, Inc. ASEDrive V3CR
-    '';
+        ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess"
      ''
      + lib.optionalString (vendor == "idopte") ''
        # Bit4id Srl miniLector-s
        ACTION=="add",    SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl start --no-block idopte-reader.target"
        ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl stop --no-block idopte-reader.target"
      '';
  };
  systemd = lib.mkIf (vendor == "idopte") {
    #TODO: make this run as a non-root user
    services.idopte-cache = {
      description = "Idopte cache server";
      after = ["smartcard.target"];
      bindsTo = ["idopte-reader.target"];
      wantedBy = ["idopte-reader.target"];
      serviceConfig = {
        Type = "forking";
        PIDFile = "/run/idoCacheSrv.pid";
        RuntimeDirectory = "idoss";
        ExecStart = "${scmiddleware}/idocachesrv";
      };
    };
    targets.idopte-reader = {
      description = "Idopte USB reader inserted";
      wants = ["smartcard.target"];
      before = ["smartcard.target"];
    };
  };
  users.groups.${cfg.group} = {};
--- a/pkgs/athena-bccr/firmador.nix
+++ b/pkgs/athena-bccr/firmador.nix
@ -27,7 +27,7 @@ in
      ./0001-Remove-CheckUpdatePlugin-from-default-list.patch
    ];
-    mvnHash = "sha256-0vwJ1f+0UXxrXRaJ1BHqfOXDU/pxrSPdYYEQ71m4jJQ=";
+    mvnHash = "sha256-QDjhwrKZK/cEQxRYUM+z1zMCNrTHyxRqAhUfNtubhhI=";
    nativeBuildInputs = [
      makeWrapper
--- a/pkgs/athena-bccr/unwrapped.nix
+++ b/pkgs/athena-bccr/unwrapped.nix
@ -102,6 +102,7 @@
    libnotify,
    openssl,
    pcsclite,
    python3,
    stdenv,
    unzip,
    webkitgtk_4_1,
@ -124,6 +125,7 @@
      nativeBuildInputs = [
        autoPatchelfHook
        python3
      ];
      outputs = ["out" "lib"];
@ -132,15 +134,34 @@
        runHook preInstall
        install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware}
-        install -m755 usr/lib/SCMiddleware/{idocachesrv,SCManager} $out/bin
+        install -m755 usr/lib/SCMiddleware/SCManager $out/bin
-        install -m755 usr/lib/SCMiddleware/*.so $lib/lib/SCMiddleware
+        install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware
        cp -r etc/id* $lib/etc
        runHook postInstall
      '';
      preFixup = ''
-        patchelf --set-rpath $lib/lib/SCMiddleware $lib/lib/SCMiddleware/* $out/bin/*
+        for elf in $lib/lib/SCMiddleware/* $out/bin/*; do
          python3 /dev/fd/3 <$elf >$elf.patched 3<<EOF
        import sys
        contents = sys.stdin.buffer.read()
        def bin_replace(s, a, b):
          assert len(a) >= len(b)
          return s.replace(a, b + b'\0' * (len(a) - len(b)))
        contents = bin_replace(contents, b'/usr/lib/SCMiddleware', b'/etc/SCMiddleware')
        contents = bin_replace(contents, b'/tmp/.idoss_socket', b'/run/idoss/socket')
        sys.stdout.buffer.write(contents)
        EOF
          chmod --reference=$elf $elf.patched
          mv $elf.patched $elf
          patchelf --set-rpath $lib/lib/SCMiddleware $elf
        done
      '';
      passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so";
Author	SHA1	Message	Date
Alejandro Soto	789b1780cb	trivionomicon: athena-bccr: update firmador mvnHsah	2026-03-09 12:56:22 -06:00
Alejandro Soto	f7ec31843d	trivionomicon: athena-bccr: add idopte cache server	2026-03-09 12:55:19 -06:00
Alejandro Soto	dd366aa20e	trivionomicon: athena-bccr: patch hard-coded FHS paths in idopte driver	2026-03-09 02:33:10 -06:00