trivionomicon: athena-bccr: fix non-reproducibility in firmador

Revert "Merge commit 'efcef47c37' into user"
This reverts commit 93d87124e90859011855467b93592bd3d1bb7723, reversing changes made to 194efc5c4b7c1dabebd0731c81952e17d935c4d8.
2026-03-24 18:16:34 -06:00 · 2026-03-24 17:42:30 -06:00
5 changed files with 49 additions and 49 deletions
--- a/modules/athena-bccr/hm.nix
+++ b/modules/athena-bccr/hm.nix
@ -5,12 +5,11 @@
  doctrine,
  ...
 }: let
-  athena =
+  releases = pkgs.${doctrine.prefix}.athena-bccr.override {
-    (pkgs.${doctrine.prefix}.athena-bccr.override {
+    inherit (cfg) mirror vendor;
      inherit (cfg) mirror;
    }).${
      cfg.release
  };
  athena = releases.${cfg.release};
 in {
  home.packages = [
    athena.firmador
--- a/modules/athena-bccr/options.nix
+++ b/modules/athena-bccr/options.nix
@ -1,42 +1,40 @@
 {lib, ...}:
-with lib.types; {
+with lib.types; let
  mirror = lib.mkOption {
    type = nullOr str;
    default = null;
    description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store";
  };
  release = lib.mkOption {
    type = str;
    default = "latest";
    description = "pinned athena-bccr release tag";
  };
  vendor = lib.mkOption {
    type = enum ["athena" "idopte"];
    default = "idopte";
    description = "driver dvendor";
  };
 in {
  hm = {
    inherit mirror release vendor;
    gaudiHash = lib.mkOption {
      type = nullOr str;
      default = null;
      description = "hash of the Gaudi client";
    };
    mirror = lib.mkOption {
      type = nullOr str;
      default = null;
      description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store";
    };
    release = lib.mkOption {
      type = str;
      default = "latest";
      description = "pinned athena-bccr release tag";
    };
  };
  sys = {
    inherit mirror release vendor;
    group = lib.mkOption {
      type = str;
      default = "users";
      description = "user group with full access to the smartcard reader";
    };
    mirror = lib.mkOption {
      type = nullOr str;
      default = null;
      description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store";
    };
    release = lib.mkOption {
      type = str;
      default = "latest";
      description = "pinned athena-bccr release tag";
    };
  };
 }
--- a/modules/athena-bccr/sys.nix
+++ b/modules/athena-bccr/sys.nix
@ -6,17 +6,15 @@
  doctrine,
  ...
 }: let
-  athena =
+  releases = pkgs.${doctrine.prefix}.athena-bccr.override {
-    (pkgs.${doctrine.prefix}.athena-bccr.override {
+    inherit (cfg) mirror vendor;
      inherit (cfg) mirror;
    }).${
      cfg.release
  };
-  inherit (athena) vendor;
+  athena = releases.${cfg.release};
  driver = athena.card-driver.lib;
  scmiddleware = "${driver}/lib/SCMiddleware";
  inherit (cfg) vendor;
 in {
  environment = {
    etc =
--- a/pkgs/athena-bccr/default.nix
+++ b/pkgs/athena-bccr/default.nix
@ -2,10 +2,14 @@
  callPackage,
  lib,
  mirror ? null,
  vendor ? "idopte",
 }: let
-  latest = "deb64-rev26.2";
+  releases = lib.mapAttrs resolveRelease (import ./releases.nix).${vendor};
-  releases = lib.mapAttrs (name: release: release // {name = name;}) (import ./releases.nix);
+  resolveRelease = name: release:
    if builtins.isString release
    then releases.${release}
    else release // {name = name;};
  overrideUnwrapped = default: new: let
    args = default // new;
@ -19,7 +23,7 @@
  pkgsForRelease = release: let
    inherit (unwrapped) card-driver bccr-cacerts;
-    unwrapped = overrideUnwrapped {inherit mirror release;} {};
+    unwrapped = overrideUnwrapped {inherit mirror release vendor;} {};
    pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}";
  in {
    inherit card-driver bccr-cacerts pkcs11-module;
@ -29,4 +33,4 @@
    firmador = callPackage ./firmador.nix {inherit pkcs11-module;};
  };
 in
-  lib.mapAttrs (_: pkgsForRelease) (releases // {latest = releases.${latest};})
+  lib.mapAttrs (_: pkgsForRelease) releases
--- a/pkgs/athena-bccr/firmador.nix
+++ b/pkgs/athena-bccr/firmador.nix
@ -3,15 +3,15 @@
  lib,
  makeWrapper,
  maven,
-  openjdk,
+  openjdk21,
  wrapGAppsHook3,
  pkcs11-module ? null,
 }: let
-  jdk = openjdk.override {
+  jdk = openjdk21.override {
    enableJavaFX = true;
  };
-  version = "1.9.8+master";
+  version = "2.0.0+master";
 in
  maven.buildMavenPackage {
    pname = "firmador";
@ -19,15 +19,16 @@ in
    src = fetchgit {
      url = "https://codeberg.org/firmador/firmador";
-      rev = "676b0e3c0dc5adb0628d4d98efcfccfca3daa8a7";
+      rev = "76a16ff5fa7c1a9c3f4a03359742fc09cb98b2c4";
-      hash = "sha256-f/EKll1csvUCRSt4G1SeDB4gVW+ZtUgJjlmM7PlafyQ=";
+      hash = "sha256-xzcJXIU3NFPUdwRNUvymScpBS1eeJYdb8ffevUbAS1o=";
    };
    patches = [
      ./0001-Remove-CheckUpdatePlugin-from-default-list.patch
    ];
-    mvnHash = "sha256-iqooTe8xTrkG0JxJXlAMHExt6D8n+msB/VrCNrSJ10c=";
+    mvnJdk = jdk;
    mvnHash = "sha256-SCTXlLqc4SxWWZlQLJc+T7jM991LLwU9MqDALcbECsw=";
    nativeBuildInputs = [
      makeWrapper
Author	SHA1	Message	Date
Alejandro Soto	652871f78f	trivionomicon: athena-bccr: fix non-reproducibility in firmador	2026-03-24 18:16:34 -06:00
Alejandro Soto	5b3df597d0	Revert "Merge commit '`efcef47c37`' into user" This reverts commit 93d87124e90859011855467b93592bd3d1bb7723, reversing changes made to 194efc5c4b7c1dabebd0731c81952e17d935c4d8.	2026-03-24 17:42:30 -06:00