From be676a1d06dab7433e74191dee943dad9c81e2ed Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Sun, 8 Mar 2026 10:35:10 -0600 Subject: [PATCH 01/13] trivionomicon/waybar: make waybar solid black instead of transparent this makes it so that window text does not go under bar text in a wierd way --- modules/waybar/hm.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/waybar/hm.nix b/modules/waybar/hm.nix index 1bfa3e2..6149a63 100644 --- a/modules/waybar/hm.nix +++ b/modules/waybar/hm.nix @@ -101,9 +101,9 @@ with lib; { box-shadow: none; } - /* Entire bar: fully transparent, no border */ + /* Entire bar: solid black, no border */ window#waybar { - background: transparent; + background: #000000; color: #eaeaea; margin: 0; padding: 0; From ce5d35c4ea4094a878ff3d1c635abd6ffc52fdd4 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Sun, 8 Mar 2026 21:14:10 -0600 Subject: [PATCH 02/13] trivionomicon: athena-bccr: add idopte links in /etc --- modules/athena-bccr/sys.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index 5457ca5..ce63b01 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -16,7 +16,11 @@ in { ''; } // lib.optionalAttrs (vendor == "athena") { - "Athena".source = "${athena.card-driver}/etc/Athena"; + "Athena".source = "${athena.card-driver.lib}/etc/Athena"; + } + // lib.optionalAttrs (vendor == "idopte") { + "idoss.conf".source = "${athena.card-driver.lib}/etc/idoss.conf"; + "idoss.lic".source = "${athena.card-driver.lib}/etc/idoss.lic"; }; systemPackages = [athena.card-driver]; From dd366aa20eeb2b01de8f52795b7c78757066ef5b Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 02:33:10 -0600 Subject: [PATCH 03/13] trivionomicon: athena-bccr: patch hard-coded FHS paths in idopte driver --- modules/athena-bccr/sys.nix | 10 +++++++--- pkgs/athena-bccr/unwrapped.nix | 27 ++++++++++++++++++++++++--- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index ce63b01..425c23a 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -7,6 +7,9 @@ }: let athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; inherit (athena) vendor; + + driver = athena.card-driver.lib; + scmiddleware = "${driver}/lib/SCMiddleware"; in { environment = { etc = @@ -16,11 +19,12 @@ in { ''; } // lib.optionalAttrs (vendor == "athena") { - "Athena".source = "${athena.card-driver.lib}/etc/Athena"; + "Athena".source = "${driver}/etc/Athena"; } // lib.optionalAttrs (vendor == "idopte") { - "idoss.conf".source = "${athena.card-driver.lib}/etc/idoss.conf"; - "idoss.lic".source = "${athena.card-driver.lib}/etc/idoss.lic"; + "idoss.conf".source = "${driver}/etc/idoss.conf"; + "idoss.lic".source = "${driver}/etc/idoss.lic"; + "SCMiddleware".source = scmiddleware; }; systemPackages = [athena.card-driver]; diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix index c7781e4..3a70144 100644 --- a/pkgs/athena-bccr/unwrapped.nix +++ b/pkgs/athena-bccr/unwrapped.nix @@ -102,6 +102,7 @@ libnotify, openssl, pcsclite, + python3, stdenv, unzip, webkitgtk_4_1, @@ -124,6 +125,7 @@ nativeBuildInputs = [ autoPatchelfHook + python3 ]; outputs = ["out" "lib"]; @@ -132,15 +134,34 @@ runHook preInstall install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware} - install -m755 usr/lib/SCMiddleware/{idocachesrv,SCManager} $out/bin - install -m755 usr/lib/SCMiddleware/*.so $lib/lib/SCMiddleware + install -m755 usr/lib/SCMiddleware/SCManager $out/bin + install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware cp -r etc/id* $lib/etc runHook postInstall ''; preFixup = '' - patchelf --set-rpath $lib/lib/SCMiddleware $lib/lib/SCMiddleware/* $out/bin/* + for elf in $lib/lib/SCMiddleware/* $out/bin/*; do + python3 /dev/fd/3 <$elf >$elf.patched 3<= len(b) + return s.replace(a, b + b'\0' * (len(a) - len(b))) + + contents = bin_replace(contents, b'/usr/lib/SCMiddleware', b'/etc/SCMiddleware') + contents = bin_replace(contents, b'/tmp/.idoss_socket', b'/run/idoss/socket') + + sys.stdout.buffer.write(contents) + EOF + + chmod --reference=$elf $elf.patched + mv $elf.patched $elf + + patchelf --set-rpath $lib/lib/SCMiddleware $elf + done ''; passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so"; From f7ec31843d8bc7f7ca6d0e2a41726af7af09d6df Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 02:33:53 -0600 Subject: [PATCH 04/13] trivionomicon: athena-bccr: add idopte cache server --- modules/athena-bccr/sys.nix | 41 +++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index 425c23a..98ae904 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -1,4 +1,5 @@ { + config, pkgs, lib, cfg, @@ -51,10 +52,42 @@ in { services = { pcscd.enable = true; - udev.extraRules = '' - # Athena Smartcard Solutions, Inc. ASEDrive V3CR - ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" - ''; + udev.extraRules = + lib.optionalString (vendor == "athena") '' + # Athena Smartcard Solutions, Inc. ASEDrive V3CR + ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" + '' + + lib.optionalString (vendor == "idopte") '' + # Bit4id Srl miniLector-s + ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl start --no-block idopte-reader.target" + ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl stop --no-block idopte-reader.target" + ''; + }; + + systemd = lib.mkIf (vendor == "idopte") { + #TODO: make this run as a non-root user + services.idopte-cache = { + description = "Idopte cache server"; + + after = ["smartcard.target"]; + bindsTo = ["idopte-reader.target"]; + wantedBy = ["idopte-reader.target"]; + + serviceConfig = { + Type = "forking"; + PIDFile = "/run/idoCacheSrv.pid"; + RuntimeDirectory = "idoss"; + + ExecStart = "${scmiddleware}/idocachesrv"; + }; + }; + + targets.idopte-reader = { + description = "Idopte USB reader inserted"; + + wants = ["smartcard.target"]; + before = ["smartcard.target"]; + }; }; users.groups.${cfg.group} = {}; From 789b1780cb5f3b309497466bf73e1389c281cc13 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 12:56:22 -0600 Subject: [PATCH 05/13] trivionomicon: athena-bccr: update firmador mvnHsah --- pkgs/athena-bccr/firmador.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/athena-bccr/firmador.nix b/pkgs/athena-bccr/firmador.nix index 82578e8..feec48e 100644 --- a/pkgs/athena-bccr/firmador.nix +++ b/pkgs/athena-bccr/firmador.nix @@ -27,7 +27,7 @@ in ./0001-Remove-CheckUpdatePlugin-from-default-list.patch ]; - mvnHash = "sha256-0vwJ1f+0UXxrXRaJ1BHqfOXDU/pxrSPdYYEQ71m4jJQ="; + mvnHash = "sha256-QDjhwrKZK/cEQxRYUM+z1zMCNrTHyxRqAhUfNtubhhI="; nativeBuildInputs = [ makeWrapper From 286c49e36935fe33c5fadf932ce7a51059f8eebd Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 15:25:05 -0600 Subject: [PATCH 06/13] trivionomicon: athena-bccr: add support for mirrors --- modules/athena-bccr/hm.nix | 7 ++++++- modules/athena-bccr/options.nix | 12 ++++++++++++ modules/athena-bccr/sys.nix | 8 +++++++- pkgs/athena-bccr/default.nix | 3 ++- pkgs/athena-bccr/unwrapped.nix | 16 ++++++++++++++-- 5 files changed, 41 insertions(+), 5 deletions(-) diff --git a/modules/athena-bccr/hm.nix b/modules/athena-bccr/hm.nix index 0678e3c..df41f12 100644 --- a/modules/athena-bccr/hm.nix +++ b/modules/athena-bccr/hm.nix @@ -5,7 +5,12 @@ doctrine, ... }: let - athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; + athena = + (pkgs.${doctrine.prefix}.athena-bccr.override { + inherit (cfg) mirror; + }).${ + cfg.release + }; in { home.packages = [ athena.firmador diff --git a/modules/athena-bccr/options.nix b/modules/athena-bccr/options.nix index eb61cf5..7b6cf93 100644 --- a/modules/athena-bccr/options.nix +++ b/modules/athena-bccr/options.nix @@ -7,6 +7,12 @@ with lib.types; { description = "hash of the Gaudi client"; }; + mirror = lib.mkOption { + type = nullOr str; + default = null; + description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; + }; + release = lib.mkOption { type = str; default = "latest"; @@ -21,6 +27,12 @@ with lib.types; { description = "user group with full access to the smartcard reader"; }; + mirror = lib.mkOption { + type = nullOr str; + default = null; + description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; + }; + release = lib.mkOption { type = str; default = "latest"; diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index 98ae904..bd7d758 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -6,7 +6,13 @@ doctrine, ... }: let - athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; + athena = + (pkgs.${doctrine.prefix}.athena-bccr.override { + inherit (cfg) mirror; + }).${ + cfg.release + }; + inherit (athena) vendor; driver = athena.card-driver.lib; diff --git a/pkgs/athena-bccr/default.nix b/pkgs/athena-bccr/default.nix index c4a8575..038220b 100644 --- a/pkgs/athena-bccr/default.nix +++ b/pkgs/athena-bccr/default.nix @@ -1,6 +1,7 @@ { callPackage, lib, + mirror ? null, }: let latest = "deb64-rev26.2"; @@ -18,7 +19,7 @@ pkgsForRelease = release: let inherit (unwrapped) card-driver bccr-cacerts; - unwrapped = overrideUnwrapped {inherit release;} {}; + unwrapped = overrideUnwrapped {inherit mirror release;} {}; pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}"; in { inherit card-driver bccr-cacerts pkcs11-module; diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix index 3a70144..a2b7722 100644 --- a/pkgs/athena-bccr/unwrapped.nix +++ b/pkgs/athena-bccr/unwrapped.nix @@ -1,5 +1,7 @@ { + fetchurl, lib, + mirror ? null, requireFile, release, gaudiHash ? null, @@ -7,10 +9,20 @@ }: let inherit (release) srcPaths vendor; - src = requireFile { - url = "https://soportefirmadigital.com"; + url = + if mirror != null + then "${mirror}/${release.filename}" + else "https://soportefirmadigital.com"; + + fetchSrc = + if mirror != null + then fetchurl + else requireFile; + + src = fetchSrc { name = release.filename; + inherit url; inherit (release) hash; }; From 26f1fa436a662baa59a4717138dbfb14c5d48911 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 15:42:13 -0600 Subject: [PATCH 07/13] trivionomicon: athena-bccr: run update-gaudi during build if gaudiHash is given --- pkgs/athena-bccr/unwrapped.nix | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix index a2b7722..848ea3e 100644 --- a/pkgs/athena-bccr/unwrapped.nix +++ b/pkgs/athena-bccr/unwrapped.nix @@ -26,13 +26,15 @@ inherit (release) hash; }; - gaudiUpdateSrc = {update-gaudi}: - requireFile { - url = "${update-gaudi}"; - name = "gaudi-update-${release.name}.zip"; - - hash = gaudiHash; - }; + gaudiUpdateSrc = { + update-gaudi, + runCommand, + }: + runCommand "gaudi-update-${release.name}.zip" { + outputHash = gaudiHash; + } '' + ${update-gaudi} $out + ''; moduleFromDeb = name: args @ { stdenv, @@ -188,6 +190,7 @@ in pkgs, stdenv, unzip, + runCommand, writeShellScriptBin, update-gaudi, ... @@ -198,7 +201,7 @@ in }; fakeSudo = writeShellScriptBin "sudo" ""; - gaudiUpdate = gaudiUpdateSrc {inherit update-gaudi;}; + gaudiUpdate = gaudiUpdateSrc {inherit runCommand update-gaudi;}; in moduleFromDeb "gaudi" { inherit dpkg stdenv unzip; @@ -300,17 +303,20 @@ in wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar" wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar" + if [ -n "$1" ]; then + zip_path="$1" + else + zip_path="$PWD/gaudi-update-${release.name}.zip" + fi + # https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2 TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} + - zip_path="$PWD/gaudi-update-${release.name}.zip" TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" . TZ=UTC touch -a -m -t 198002010000.00 "$zip_path" - set -x - nix-store --add-fixed sha256 "$zip_path" - set +x - - echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))" + if [ -z "$1" ]; then + echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))" + fi ''; } // lib.optionalAttrs (vendor == "athena") { From a74fc0c70ec71ed9eca77f4f108a0ef943a059f6 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 9 Mar 2026 18:07:38 -0600 Subject: [PATCH 08/13] trivionomicon: athena-bccr: fix /etc/SCMiddleware symlink in gaudi FHS env --- pkgs/athena-bccr/unwrapped.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix index 848ea3e..bf99a84 100644 --- a/pkgs/athena-bccr/unwrapped.nix +++ b/pkgs/athena-bccr/unwrapped.nix @@ -151,6 +151,7 @@ install -m755 usr/lib/SCMiddleware/SCManager $out/bin install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware cp -r etc/id* $lib/etc + ln -s ../lib/SCMiddleware $lib/etc runHook postInstall ''; From d5c9c5223687ec73eb8b8db587fa78e08abc6cc8 Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 9 Mar 2026 18:09:07 -0600 Subject: [PATCH 09/13] trivionomicon/athena-bccr: update maven hash --- pkgs/athena-bccr/firmador.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/athena-bccr/firmador.nix b/pkgs/athena-bccr/firmador.nix index feec48e..e8e0a2d 100644 --- a/pkgs/athena-bccr/firmador.nix +++ b/pkgs/athena-bccr/firmador.nix @@ -27,7 +27,7 @@ in ./0001-Remove-CheckUpdatePlugin-from-default-list.patch ]; - mvnHash = "sha256-QDjhwrKZK/cEQxRYUM+z1zMCNrTHyxRqAhUfNtubhhI="; + mvnHash = "sha256-iqooTe8xTrkG0JxJXlAMHExt6D8n+msB/VrCNrSJ10c="; nativeBuildInputs = [ makeWrapper From aac5bbeb91733e4e920d512ff720ca50b1c2c725 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Tue, 10 Mar 2026 20:03:02 -0600 Subject: [PATCH 10/13] trivionomicon: athena-bccr: separate releases by vendor, add 'vendor' option --- modules/athena-bccr/hm.nix | 11 ++++---- modules/athena-bccr/options.nix | 48 ++++++++++++++++----------------- modules/athena-bccr/sys.nix | 14 +++++----- pkgs/athena-bccr/default.nix | 12 ++++++--- pkgs/athena-bccr/releases.nix | 42 ++++++++++++++++------------- pkgs/athena-bccr/unwrapped.nix | 3 ++- pkgs/default.nix | 3 ++- 7 files changed, 70 insertions(+), 63 deletions(-) diff --git a/modules/athena-bccr/hm.nix b/modules/athena-bccr/hm.nix index df41f12..683cb4d 100644 --- a/modules/athena-bccr/hm.nix +++ b/modules/athena-bccr/hm.nix @@ -5,12 +5,11 @@ doctrine, ... }: let - athena = - (pkgs.${doctrine.prefix}.athena-bccr.override { - inherit (cfg) mirror; - }).${ - cfg.release - }; + releases = pkgs.${doctrine.prefix}.athena-bccr.override { + inherit (cfg) mirror vendor; + }; + + athena = releases.${cfg.release}; in { home.packages = [ athena.firmador diff --git a/modules/athena-bccr/options.nix b/modules/athena-bccr/options.nix index 7b6cf93..dc4c986 100644 --- a/modules/athena-bccr/options.nix +++ b/modules/athena-bccr/options.nix @@ -1,42 +1,40 @@ {lib, ...}: -with lib.types; { +with lib.types; let + mirror = lib.mkOption { + type = nullOr str; + default = null; + description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; + }; + + release = lib.mkOption { + type = str; + default = "latest"; + description = "pinned athena-bccr release tag"; + }; + + vendor = lib.mkOption { + type = enum ["athena" "idopte"]; + default = "idopte"; + description = "driver dvendor"; + }; +in { hm = { + inherit mirror release vendor; + gaudiHash = lib.mkOption { type = nullOr str; default = null; description = "hash of the Gaudi client"; }; - - mirror = lib.mkOption { - type = nullOr str; - default = null; - description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; - }; - - release = lib.mkOption { - type = str; - default = "latest"; - description = "pinned athena-bccr release tag"; - }; }; sys = { + inherit mirror release vendor; + group = lib.mkOption { type = str; default = "users"; description = "user group with full access to the smartcard reader"; }; - - mirror = lib.mkOption { - type = nullOr str; - default = null; - description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; - }; - - release = lib.mkOption { - type = str; - default = "latest"; - description = "pinned athena-bccr release tag"; - }; }; } diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index bd7d758..0b4658c 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -6,17 +6,15 @@ doctrine, ... }: let - athena = - (pkgs.${doctrine.prefix}.athena-bccr.override { - inherit (cfg) mirror; - }).${ - cfg.release - }; - - inherit (athena) vendor; + releases = pkgs.${doctrine.prefix}.athena-bccr.override { + inherit (cfg) mirror vendor; + }; + athena = releases.${cfg.release}; driver = athena.card-driver.lib; scmiddleware = "${driver}/lib/SCMiddleware"; + + inherit (cfg) vendor; in { environment = { etc = diff --git a/pkgs/athena-bccr/default.nix b/pkgs/athena-bccr/default.nix index 038220b..c17911e 100644 --- a/pkgs/athena-bccr/default.nix +++ b/pkgs/athena-bccr/default.nix @@ -2,10 +2,14 @@ callPackage, lib, mirror ? null, + vendor ? "idopte", }: let - latest = "deb64-rev26.2"; + releases = lib.mapAttrs resolveRelease (import ./releases.nix).${vendor}; - releases = lib.mapAttrs (name: release: release // {name = name;}) (import ./releases.nix); + resolveRelease = name: release: + if builtins.isString release + then releases.${release} + else release // {name = name;}; overrideUnwrapped = default: new: let args = default // new; @@ -19,7 +23,7 @@ pkgsForRelease = release: let inherit (unwrapped) card-driver bccr-cacerts; - unwrapped = overrideUnwrapped {inherit mirror release;} {}; + unwrapped = overrideUnwrapped {inherit mirror release vendor;} {}; pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}"; in { inherit card-driver bccr-cacerts pkcs11-module; @@ -29,4 +33,4 @@ firmador = callPackage ./firmador.nix {inherit pkcs11-module;}; }; in - lib.mapAttrs (_: pkgsForRelease) (releases // {latest = releases.${latest};}) + lib.mapAttrs (_: pkgsForRelease) releases diff --git a/pkgs/athena-bccr/releases.nix b/pkgs/athena-bccr/releases.nix index cbc5bdb..203e57c 100644 --- a/pkgs/athena-bccr/releases.nix +++ b/pkgs/athena-bccr/releases.nix @@ -1,27 +1,33 @@ { - "deb64-rev26" = { - # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Rev26.zip | cut -d' ' -f1) - hash = "sha256-ZPWP9TqJQ5coJAPzUSiaXKVItBWlqFM4smCjOf+gqQM="; - filename = "sfd_ClientesLinux_DEB64_Rev26.zip"; - basename = "sfd_ClientesLinux_DEB64_Rev26"; - vendor = "athena"; + "athena" = { + latest = "deb64-rev26"; - srcPaths = { - gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_20.0_amd64.deb"; - idprotect = "Firma Digital/PinTool/IDProtect PINTool 7.24.02/DEB/idprotectclient_7.24.02-0_amd64.deb"; + "deb64-rev26" = { + # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Rev26.zip | cut -d' ' -f1) + hash = "sha256-ZPWP9TqJQ5coJAPzUSiaXKVItBWlqFM4smCjOf+gqQM="; + filename = "sfd_ClientesLinux_DEB64_Rev26.zip"; + basename = "sfd_ClientesLinux_DEB64_Rev26"; + + srcPaths = { + gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_20.0_amd64.deb"; + idprotect = "Firma Digital/PinTool/IDProtect PINTool 7.24.02/DEB/idprotectclient_7.24.02-0_amd64.deb"; + }; }; }; - "deb64-rev26.2" = { - # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02 | cut -d' ' -f1) - hash = "sha256-DNzP0YRnuUbfKLhi7JeQCirdGx4kM7ROqHDkTuVs0mA="; - filename = "sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02.zip"; - basename = "sfd_ClientesLinux_DEB64_Ubuntu24_26_02"; - vendor = "idopte"; + "idopte" = { + latest = "deb64-rev26.2"; - srcPaths = { - gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_27.0_amd64.deb"; - idopte = "Firma Digital/Idopte/Idopte_6.23.44.0_ubun24_amd64.deb"; + "deb64-rev26.2" = { + # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02 | cut -d' ' -f1) + hash = "sha256-DNzP0YRnuUbfKLhi7JeQCirdGx4kM7ROqHDkTuVs0mA="; + filename = "sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02.zip"; + basename = "sfd_ClientesLinux_DEB64_Ubuntu24_26_02"; + + srcPaths = { + gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_27.0_amd64.deb"; + idopte = "Firma Digital/Idopte/Idopte_6.23.44.0_ubun24_amd64.deb"; + }; }; }; } diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix index bf99a84..dc9f142 100644 --- a/pkgs/athena-bccr/unwrapped.nix +++ b/pkgs/athena-bccr/unwrapped.nix @@ -5,9 +5,10 @@ requireFile, release, gaudiHash ? null, + vendor, ... }: let - inherit (release) srcPaths vendor; + inherit (release) srcPaths; url = if mirror != null diff --git a/pkgs/default.nix b/pkgs/default.nix index 1b11af9..6339da3 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -4,7 +4,8 @@ with prev.lib; let in { override = {}; - athena-bccr = callPackage ./athena-bccr {}; + athena-bccr = callPackage ./athena-bccr {vendor = "athena";}; + idopte-bccr = callPackage ./athena-bccr {vendor = "idopte";}; snapborg = final.python3Packages.callPackage ./snapborg {}; socialpredict = callPackage ./socialpredict {}; spliit = callPackage ./spliit {}; From 91e5edd82b1c51c5bdbdcfd32a3d055ff2954b24 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 23 Mar 2026 19:20:36 -0600 Subject: [PATCH 11/13] trivionomicon: ibkr-tws: initial commit --- pkgs/default.nix | 1 + pkgs/ibkr-tws/default.nix | 106 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 pkgs/ibkr-tws/default.nix diff --git a/pkgs/default.nix b/pkgs/default.nix index 6339da3..255a365 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -5,6 +5,7 @@ in { override = {}; athena-bccr = callPackage ./athena-bccr {vendor = "athena";}; + ibkr-tws = callPackage ./ibkr-tws {}; idopte-bccr = callPackage ./athena-bccr {vendor = "idopte";}; snapborg = final.python3Packages.callPackage ./snapborg {}; socialpredict = callPackage ./socialpredict {}; diff --git a/pkgs/ibkr-tws/default.nix b/pkgs/ibkr-tws/default.nix new file mode 100644 index 0000000..ea3e94b --- /dev/null +++ b/pkgs/ibkr-tws/default.nix @@ -0,0 +1,106 @@ +{ + lib, + makeWrapper, + openjdk, + requireFile, + stdenv, +}: let + version = "10.44.1g"; + + jdk = openjdk.override { + enableJavaFX = true; + }; + + removeJavaVersionCheck = file: '' + # Lie about the openjdk version to skip the version check + sed -i 's/\(read_db_entry || create_db_entry \$2\)/\1; ver_major=17; ver_minor=0; ver_micro=16/' ${file} + ''; +in + stdenv.mkDerivation { + pname = "ibkr-tws"; + inherit version; + + src = requireFile { + name = "tws-${version}-standalone-linux-x64.sh"; + url = "https://www.interactivebrokers.com/en/trading/download-tws.php?p=offline-latest"; + + # 1. Rename 'tws-latest-standalone-linux-x64.sh' to 'tws-${version}-standalone-linux-x64.sh' + # 2. nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum tws-${version}-standalone-linux-x64.sh | cut -d' ' -f1) + hash = "sha256-UfyfTHOcPiwTof0ZMhV1haX7gyb08v7U2A12VjAny7c="; + }; + + nativeBuildInputs = [ + makeWrapper + ]; + + unpackPhase = '' + runHook preUnpack + + cp $src bundle.sh + chmod +x bundle.sh + + runHook postUnpack + ''; + + patchPhase = '' + runHook prePatch + + ${removeJavaVersionCheck "bundle.sh"} + + runHook postPatch + ''; + + preBuild = '' + export INSTALL4J_NO_DB=true + export INSTALL4J_JAVA_HOME=${jdk} + export INSTALL4J_DISABLE_BUNDLED_JRE=true + ''; + + buildPhase = '' + runHook preBuild + + # Where should Trader Workstation 10.44 be installed?: $out + # Run Trader Workstation 10.44? Yes [y], No [n, Enter]: n + echo -e "$out/lib/tws\nn" | ./bundle.sh + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p "$out/bin" "$out/share/applications" + + ${removeJavaVersionCheck "$out/lib/tws/tws"} + makeWrapper \ + "$out/lib/tws/tws" "$out/bin/tws" \ + --set INSTALL4J_NO_DB true \ + --set INSTALL4J_JAVA_HOME ${jdk} + + mv "$out/lib/tws/.install4j/tws.png" "$out/lib/tws" + + for path in $out/lib/tws/*.desktop; do + target="$(readlink -f "$path")" + mv "$target" "$out/share/applications/$(basename "$path")" + rm -f "$path" + done + + sed -i \ + 's@$out/lib/tws/tws\>@$out/bin/tws@; s@$out/lib/tws/.install4j/tws.png@$out/lib/tws/tws.png@' \ + $out/share/applications/*.desktop + + #TODO + sed -i \ + 's@/build/Jts@/tmp/Jts@g' \ + $out/lib/tws/.install4j/{i4jparams.conf,response.varfile} + + rm -f "$out/lib/tws/uninstall" $out/lib/tws/.install4j/*.log + + runHook postInstall + ''; + + meta = { + license = lib.licenses.unfree; + mainProgram = "tws"; + }; + } From 5b3df597d0b83156e68feed7dd7111e4ac666152 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Tue, 24 Mar 2026 17:42:30 -0600 Subject: [PATCH 12/13] Revert "Merge commit 'efcef47c37e27be128082fa9585b8fa1be3c4dd5' into user" This reverts commit 93d87124e90859011855467b93592bd3d1bb7723, reversing changes made to 194efc5c4b7c1dabebd0731c81952e17d935c4d8. --- modules/athena-bccr/hm.nix | 11 ++++---- modules/athena-bccr/options.nix | 48 ++++++++++++++++----------------- modules/athena-bccr/sys.nix | 14 +++++----- pkgs/athena-bccr/default.nix | 12 ++++++--- pkgs/athena-bccr/firmador.nix | 2 +- 5 files changed, 43 insertions(+), 44 deletions(-) diff --git a/modules/athena-bccr/hm.nix b/modules/athena-bccr/hm.nix index df41f12..683cb4d 100644 --- a/modules/athena-bccr/hm.nix +++ b/modules/athena-bccr/hm.nix @@ -5,12 +5,11 @@ doctrine, ... }: let - athena = - (pkgs.${doctrine.prefix}.athena-bccr.override { - inherit (cfg) mirror; - }).${ - cfg.release - }; + releases = pkgs.${doctrine.prefix}.athena-bccr.override { + inherit (cfg) mirror vendor; + }; + + athena = releases.${cfg.release}; in { home.packages = [ athena.firmador diff --git a/modules/athena-bccr/options.nix b/modules/athena-bccr/options.nix index 7b6cf93..dc4c986 100644 --- a/modules/athena-bccr/options.nix +++ b/modules/athena-bccr/options.nix @@ -1,42 +1,40 @@ {lib, ...}: -with lib.types; { +with lib.types; let + mirror = lib.mkOption { + type = nullOr str; + default = null; + description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; + }; + + release = lib.mkOption { + type = str; + default = "latest"; + description = "pinned athena-bccr release tag"; + }; + + vendor = lib.mkOption { + type = enum ["athena" "idopte"]; + default = "idopte"; + description = "driver dvendor"; + }; +in { hm = { + inherit mirror release vendor; + gaudiHash = lib.mkOption { type = nullOr str; default = null; description = "hash of the Gaudi client"; }; - - mirror = lib.mkOption { - type = nullOr str; - default = null; - description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; - }; - - release = lib.mkOption { - type = str; - default = "latest"; - description = "pinned athena-bccr release tag"; - }; }; sys = { + inherit mirror release vendor; + group = lib.mkOption { type = str; default = "users"; description = "user group with full access to the smartcard reader"; }; - - mirror = lib.mkOption { - type = nullOr str; - default = null; - description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; - }; - - release = lib.mkOption { - type = str; - default = "latest"; - description = "pinned athena-bccr release tag"; - }; }; } diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix index bd7d758..0b4658c 100644 --- a/modules/athena-bccr/sys.nix +++ b/modules/athena-bccr/sys.nix @@ -6,17 +6,15 @@ doctrine, ... }: let - athena = - (pkgs.${doctrine.prefix}.athena-bccr.override { - inherit (cfg) mirror; - }).${ - cfg.release - }; - - inherit (athena) vendor; + releases = pkgs.${doctrine.prefix}.athena-bccr.override { + inherit (cfg) mirror vendor; + }; + athena = releases.${cfg.release}; driver = athena.card-driver.lib; scmiddleware = "${driver}/lib/SCMiddleware"; + + inherit (cfg) vendor; in { environment = { etc = diff --git a/pkgs/athena-bccr/default.nix b/pkgs/athena-bccr/default.nix index 038220b..c17911e 100644 --- a/pkgs/athena-bccr/default.nix +++ b/pkgs/athena-bccr/default.nix @@ -2,10 +2,14 @@ callPackage, lib, mirror ? null, + vendor ? "idopte", }: let - latest = "deb64-rev26.2"; + releases = lib.mapAttrs resolveRelease (import ./releases.nix).${vendor}; - releases = lib.mapAttrs (name: release: release // {name = name;}) (import ./releases.nix); + resolveRelease = name: release: + if builtins.isString release + then releases.${release} + else release // {name = name;}; overrideUnwrapped = default: new: let args = default // new; @@ -19,7 +23,7 @@ pkgsForRelease = release: let inherit (unwrapped) card-driver bccr-cacerts; - unwrapped = overrideUnwrapped {inherit mirror release;} {}; + unwrapped = overrideUnwrapped {inherit mirror release vendor;} {}; pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}"; in { inherit card-driver bccr-cacerts pkcs11-module; @@ -29,4 +33,4 @@ firmador = callPackage ./firmador.nix {inherit pkcs11-module;}; }; in - lib.mapAttrs (_: pkgsForRelease) (releases // {latest = releases.${latest};}) + lib.mapAttrs (_: pkgsForRelease) releases diff --git a/pkgs/athena-bccr/firmador.nix b/pkgs/athena-bccr/firmador.nix index e8e0a2d..feec48e 100644 --- a/pkgs/athena-bccr/firmador.nix +++ b/pkgs/athena-bccr/firmador.nix @@ -27,7 +27,7 @@ in ./0001-Remove-CheckUpdatePlugin-from-default-list.patch ]; - mvnHash = "sha256-iqooTe8xTrkG0JxJXlAMHExt6D8n+msB/VrCNrSJ10c="; + mvnHash = "sha256-QDjhwrKZK/cEQxRYUM+z1zMCNrTHyxRqAhUfNtubhhI="; nativeBuildInputs = [ makeWrapper From 652871f78fa7321c4feb3c53bcbf4aa82e7b52f2 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Tue, 24 Mar 2026 18:16:34 -0600 Subject: [PATCH 13/13] trivionomicon: athena-bccr: fix non-reproducibility in firmador --- pkgs/athena-bccr/firmador.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/pkgs/athena-bccr/firmador.nix b/pkgs/athena-bccr/firmador.nix index feec48e..42ce79e 100644 --- a/pkgs/athena-bccr/firmador.nix +++ b/pkgs/athena-bccr/firmador.nix @@ -3,15 +3,15 @@ lib, makeWrapper, maven, - openjdk, + openjdk21, wrapGAppsHook3, pkcs11-module ? null, }: let - jdk = openjdk.override { + jdk = openjdk21.override { enableJavaFX = true; }; - version = "1.9.8+master"; + version = "2.0.0+master"; in maven.buildMavenPackage { pname = "firmador"; @@ -19,15 +19,16 @@ in src = fetchgit { url = "https://codeberg.org/firmador/firmador"; - rev = "676b0e3c0dc5adb0628d4d98efcfccfca3daa8a7"; - hash = "sha256-f/EKll1csvUCRSt4G1SeDB4gVW+ZtUgJjlmM7PlafyQ="; + rev = "76a16ff5fa7c1a9c3f4a03359742fc09cb98b2c4"; + hash = "sha256-xzcJXIU3NFPUdwRNUvymScpBS1eeJYdb8ffevUbAS1o="; }; patches = [ ./0001-Remove-CheckUpdatePlugin-from-default-list.patch ]; - mvnHash = "sha256-QDjhwrKZK/cEQxRYUM+z1zMCNrTHyxRqAhUfNtubhhI="; + mvnJdk = jdk; + mvnHash = "sha256-SCTXlLqc4SxWWZlQLJc+T7jM991LLwU9MqDALcbECsw="; nativeBuildInputs = [ makeWrapper