{ fetchurl, lib, mirror ? null, requireFile, release, gaudiHash ? null, ... }: let inherit (release) srcPaths vendor; url = if mirror != null then "${mirror}/${release.filename}" else "https://soportefirmadigital.com"; fetchSrc = if mirror != null then fetchurl else requireFile; src = fetchSrc { name = release.filename; inherit url; inherit (release) hash; }; gaudiUpdateSrc = { update-gaudi, runCommand, }: runCommand "gaudi-update-${release.name}.zip" { outputHash = gaudiHash; } '' ${update-gaudi} $out ''; moduleFromDeb = name: args @ { stdenv, dpkg, unzip, srcPath, ... }: stdenv.mkDerivation ({ pname = "${name}-unwrapped"; version = release.name; inherit src; nativeBuildInputs = [dpkg unzip] ++ (args.nativeBuildInputs or []); postUnpack = '' dpkg -x ${lib.escapeShellArg "${release.basename}/${srcPath}"} ${lib.escapeShellArg release.basename} ''; } // lib.removeAttrs args ["stdenv" "dpkg" "unzip" "srcPath" "nativeBuildInputs"]); ase-idprotect = { autoPatchelfHook, dpkg, fontconfig, freetype, pcsclite, stdenv, unzip, xorg, zlib, ... }: moduleFromDeb "ase-idprotect" { inherit dpkg stdenv unzip; srcPath = srcPaths.idprotect; buildInputs = [ fontconfig freetype pcsclite stdenv.cc.cc.lib xorg.libX11 xorg.libXext zlib ]; nativeBuildInputs = [ autoPatchelfHook ]; outputs = ["out" "lib"]; installPhase = '' runHook preInstall install -m755 -d $out/bin $lib/{etc,lib/x64-athena} install -m755 usr/bin/IDProtect{_Manager,PINTool} $out/bin/ install -m755 usr/lib/x64-athena/* $lib/lib/x64-athena cp -r etc/Athena $lib/etc/Athena runHook postInstall ''; preFixup = '' patchelf --set-rpath $lib/lib/x64-athena $out/bin/* ''; passthru.pkcs11-path = "lib/x64-athena/libASEP11.so"; }; scmiddleware = { autoPatchelfHook, dpkg, glib, gtk3, libappindicator-gtk3, libnotify, openssl, pcsclite, python3, stdenv, unzip, webkitgtk_4_1, ... }: moduleFromDeb "idopte-scmiddleware" { inherit dpkg stdenv unzip; srcPath = srcPaths.idopte; buildInputs = [ glib gtk3 libappindicator-gtk3 libnotify openssl pcsclite stdenv.cc.cc.lib webkitgtk_4_1 ]; nativeBuildInputs = [ autoPatchelfHook python3 ]; outputs = ["out" "lib"]; installPhase = '' runHook preInstall install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware} install -m755 usr/lib/SCMiddleware/SCManager $out/bin install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware cp -r etc/id* $lib/etc ln -s ../lib/SCMiddleware $lib/etc runHook postInstall ''; preFixup = '' for elf in $lib/lib/SCMiddleware/* $out/bin/*; do python3 /dev/fd/3 <$elf >$elf.patched 3<= len(b) return s.replace(a, b + b'\0' * (len(a) - len(b))) contents = bin_replace(contents, b'/usr/lib/SCMiddleware', b'/etc/SCMiddleware') contents = bin_replace(contents, b'/tmp/.idoss_socket', b'/run/idoss/socket') sys.stdout.buffer.write(contents) EOF chmod --reference=$elf $elf.patched mv $elf.patched $elf patchelf --set-rpath $lib/lib/SCMiddleware $elf done ''; passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so"; }; in { gaudi = { autoPatchelfHook, dpkg, makeWrapper, openjdk, pkgs, stdenv, unzip, runCommand, writeShellScriptBin, update-gaudi, ... }: let jdk = openjdk.override { enableJavaFX = true; openjfx_jdk = pkgs."openjfx${lib.head (lib.splitString "." openjdk.version)}".override {withWebKit = true;}; }; fakeSudo = writeShellScriptBin "sudo" ""; gaudiUpdate = gaudiUpdateSrc {inherit runCommand update-gaudi;}; in moduleFromDeb "gaudi" { inherit dpkg stdenv unzip; srcPath = srcPaths.gaudi; nativeBuildInputs = [ autoPatchelfHook jdk makeWrapper ]; preBuild = lib.optionalString (gaudiHash != null) '' unzip -o ${gaudiUpdate} -d opt/Agente-GAUDI/lib/app ''; buildPhase = '' runHook preBuild install -m755 -d $out/{bin,opt/Firmador-BCCR/lib} cp -r opt/Agente-GAUDI/lib/app $out/opt/Firmador-BCCR/lib/app # Preserves the original filename and avoids -LaunchGaudi.java ln -s ${./LaunchGaudi.java} LaunchGaudi.java javac \ -cp opt/Agente-GAUDI/lib/app/bccr-firma-fva-clienteMultiplataforma.jar \ -d $out/opt/Firmador-BCCR/lib/app \ LaunchGaudi.java runHook postBuild ''; installPhase = '' runHook preInstall install -m755 -d $out/{share,opt/Firmador-BCCR/lib/runtime/lib} install -m755 -D opt/Agente-GAUDI/bin/Agente-GAUDI $out/opt/Firmador-BCCR/bin/Agente-GAUDI install -m755 -D opt/Agente-GAUDI/lib/libapplauncher.so $out/opt/Firmador-BCCR/lib/libapplauncher.so ln -s ../opt/Firmador-BCCR/lib/app $out/share/java ln -s Firmador-BCCR $out/opt/Agente-GAUDI ln -s ${jdk}/lib/openjdk/lib/libjli.so $out/opt/Firmador-BCCR/lib/runtime/lib/libjli.so makeWrapper ${jdk}/bin/java $out/bin/gaudi \ --prefix PATH : ${fakeSudo}/bin \ --add-flags "-cp $out/share/java:$out/share/java/bccr-firma-fva-clienteMultiplataforma.jar" \ --add-flags "-Djavax.net.ssl.trustStore=$out/opt/Firmador-BCCR/lib/app/bccr.cacerts" \ --add-flags "LaunchGaudi" runHook postInstall ''; }; bccr-cacerts = { openssl, stdenv, unzip, ... }: stdenv.mkDerivation { pname = "bccr-cacerts"; version = release.name; inherit src; nativeBuildInputs = [ openssl unzip ]; installPhase = '' cp -r Firma\ Digital/Certificados $out openssl x509 -in $out/CA\ RAIZ\ NACIONAL\ -\ COSTA\ RICA\ v2.crt -out $out/root-ca.pem -text ''; }; update-gaudi = { wget, writeShellScript, zip, bccr-cacerts, ... }: writeShellScript "update-gaudi" '' set -o errexit set -o pipefail set -o nounset temp_dir="$(mktemp -d)" trap 'cd / && rm -rf -- "$temp_dir"' EXIT cd "$temp_dir" PATH="${lib.makeBinPath [wget zip]}:$PATH" ca_cert="${bccr-cacerts}/root-ca.pem" base_url="https://www.firmadigital.go.cr/Bccr.Firma.Fva.Actualizador.ClienteFirmadorJava//recursosLiberica17/actualizador" wget --ca-certificate="$ca_cert" "$base_url/bccr.cacerts" wget --ca-certificate="$ca_cert" "$base_url/config.properties" wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar" wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar" if [ -n "$1" ]; then zip_path="$1" else zip_path="$PWD/gaudi-update-${release.name}.zip" fi # https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2 TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} + TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" . TZ=UTC touch -a -m -t 198002010000.00 "$zip_path" if [ -z "$1" ]; then echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))" fi ''; } // lib.optionalAttrs (vendor == "athena") { card-driver = ase-idprotect; } // lib.optionalAttrs (vendor == "idopte") { card-driver = scmiddleware; }