fabian/nix
1
0
Fork 2
Code Issues 16 Pull requests Projects Releases Packages Wiki Activity

Merge commit '652871f78f'

Browse source
This commit is contained in:
Fabian Montero 2026-03-24 22:47:54 -06:00
commit f586e8afae
Signed by: fabian
GPG key ID: 3EDA9AE3937CCDE3
9 changed files with 290 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

13
trivionomicon/pkgs/athena-bccr/default.nix
View file

@ -1,10 +1,15 @@
{
callPackage,
lib,
mirror ? null,
vendor ? "idopte",
}: let
latest = "deb64-rev26.2";
releases = lib.mapAttrs resolveRelease (import ./releases.nix).${vendor};
releases = lib.mapAttrs (name: release: release // {name = name;}) (import ./releases.nix);
resolveRelease = name: release:
if builtins.isString release
then releases.${release}
else release // {name = name;};
overrideUnwrapped = default: new: let
args = default // new;
@ -18,7 +23,7 @@
pkgsForRelease = release: let
inherit (unwrapped) card-driver bccr-cacerts;
unwrapped = overrideUnwrapped {inherit release;} {};
unwrapped = overrideUnwrapped {inherit mirror release vendor;} {};
pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}";
in {
inherit card-driver bccr-cacerts pkcs11-module;
@ -28,4 +33,4 @@
firmador = callPackage ./firmador.nix {inherit pkcs11-module;};
};
in
lib.mapAttrs (_: pkgsForRelease) (releases // {latest = releases.${latest};})
lib.mapAttrs (_: pkgsForRelease) releases

13
trivionomicon/pkgs/athena-bccr/firmador.nix
View file

@ -3,15 +3,15 @@
lib,
makeWrapper,
maven,
openjdk,
openjdk21,
wrapGAppsHook3,
pkcs11-module ? null,
}: let
jdk = openjdk.override {
jdk = openjdk21.override {
enableJavaFX = true;
};
version = "1.9.8+master";
version = "2.0.0+master";
in
maven.buildMavenPackage {
pname = "firmador";
@ -19,15 +19,16 @@ in
src = fetchgit {
url = "https://codeberg.org/firmador/firmador";
rev = "676b0e3c0dc5adb0628d4d98efcfccfca3daa8a7";
hash = "sha256-f/EKll1csvUCRSt4G1SeDB4gVW+ZtUgJjlmM7PlafyQ=";
rev = "76a16ff5fa7c1a9c3f4a03359742fc09cb98b2c4";
hash = "sha256-xzcJXIU3NFPUdwRNUvymScpBS1eeJYdb8ffevUbAS1o=";
};
patches = [
./0001-Remove-CheckUpdatePlugin-from-default-list.patch
];
mvnHash = "sha256-0vwJ1f+0UXxrXRaJ1BHqfOXDU/pxrSPdYYEQ71m4jJQ=";
mvnJdk = jdk;
mvnHash = "sha256-SCTXlLqc4SxWWZlQLJc+T7jM991LLwU9MqDALcbECsw=";
nativeBuildInputs = [
makeWrapper

42
trivionomicon/pkgs/athena-bccr/releases.nix
View file

@ -1,27 +1,33 @@
{
"deb64-rev26" = {
# nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Rev26.zip | cut -d' ' -f1)
hash = "sha256-ZPWP9TqJQ5coJAPzUSiaXKVItBWlqFM4smCjOf+gqQM=";
filename = "sfd_ClientesLinux_DEB64_Rev26.zip";
basename = "sfd_ClientesLinux_DEB64_Rev26";
vendor = "athena";
"athena" = {
latest = "deb64-rev26";
srcPaths = {
gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_20.0_amd64.deb";
idprotect = "Firma Digital/PinTool/IDProtect PINTool 7.24.02/DEB/idprotectclient_7.24.02-0_amd64.deb";
"deb64-rev26" = {
# nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Rev26.zip | cut -d' ' -f1)
hash = "sha256-ZPWP9TqJQ5coJAPzUSiaXKVItBWlqFM4smCjOf+gqQM=";
filename = "sfd_ClientesLinux_DEB64_Rev26.zip";
basename = "sfd_ClientesLinux_DEB64_Rev26";
srcPaths = {
gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_20.0_amd64.deb";
idprotect = "Firma Digital/PinTool/IDProtect PINTool 7.24.02/DEB/idprotectclient_7.24.02-0_amd64.deb";
};
};
};
"deb64-rev26.2" = {
# nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02 | cut -d' ' -f1)
hash = "sha256-DNzP0YRnuUbfKLhi7JeQCirdGx4kM7ROqHDkTuVs0mA=";
filename = "sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02.zip";
basename = "sfd_ClientesLinux_DEB64_Ubuntu24_26_02";
vendor = "idopte";
"idopte" = {
latest = "deb64-rev26.2";
srcPaths = {
gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_27.0_amd64.deb";
idopte = "Firma Digital/Idopte/Idopte_6.23.44.0_ubun24_amd64.deb";
"deb64-rev26.2" = {
# nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02 | cut -d' ' -f1)
hash = "sha256-DNzP0YRnuUbfKLhi7JeQCirdGx4kM7ROqHDkTuVs0mA=";
filename = "sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02.zip";
basename = "sfd_ClientesLinux_DEB64_Ubuntu24_26_02";
srcPaths = {
gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_27.0_amd64.deb";
idopte = "Firma Digital/Idopte/Idopte_6.23.44.0_ubun24_amd64.deb";
};
};
};
}

81
trivionomicon/pkgs/athena-bccr/unwrapped.nix
View file

@ -1,26 +1,41 @@
{
fetchurl,
lib,
mirror ? null,
requireFile,
release,
gaudiHash ? null,
vendor,
...
}: let
inherit (release) srcPaths vendor;
inherit (release) srcPaths;
src = requireFile {
url = "https://soportefirmadigital.com";
url =
if mirror != null
then "${mirror}/${release.filename}"
else "https://soportefirmadigital.com";
fetchSrc =
if mirror != null
then fetchurl
else requireFile;
src = fetchSrc {
name = release.filename;
inherit url;
inherit (release) hash;
};
gaudiUpdateSrc = {update-gaudi}:
requireFile {
url = "${update-gaudi}";
name = "gaudi-update-${release.name}.zip";
hash = gaudiHash;
};
gaudiUpdateSrc = {
update-gaudi,
runCommand,
}:
runCommand "gaudi-update-${release.name}.zip" {
outputHash = gaudiHash;
} ''
${update-gaudi} $out
'';
moduleFromDeb = name: args @ {
stdenv,
@ -102,6 +117,7 @@
libnotify,
openssl,
pcsclite,
python3,
stdenv,
unzip,
webkitgtk_4_1,
@ -124,6 +140,7 @@
nativeBuildInputs = [
autoPatchelfHook
python3
];
outputs = ["out" "lib"];
@ -132,15 +149,35 @@
runHook preInstall
install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware}
install -m755 usr/lib/SCMiddleware/{idocachesrv,SCManager} $out/bin
install -m755 usr/lib/SCMiddleware/*.so $lib/lib/SCMiddleware
install -m755 usr/lib/SCMiddleware/SCManager $out/bin
install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware
cp -r etc/id* $lib/etc
ln -s ../lib/SCMiddleware $lib/etc
runHook postInstall
'';
preFixup = ''
patchelf --set-rpath $lib/lib/SCMiddleware $lib/lib/SCMiddleware/* $out/bin/*
for elf in $lib/lib/SCMiddleware/* $out/bin/*; do
python3 /dev/fd/3 <$elf >$elf.patched 3<<EOF
import sys
contents = sys.stdin.buffer.read()
def bin_replace(s, a, b):
assert len(a) >= len(b)
return s.replace(a, b + b'\0' * (len(a) - len(b)))
contents = bin_replace(contents, b'/usr/lib/SCMiddleware', b'/etc/SCMiddleware')
contents = bin_replace(contents, b'/tmp/.idoss_socket', b'/run/idoss/socket')
sys.stdout.buffer.write(contents)
EOF
chmod --reference=$elf $elf.patched
mv $elf.patched $elf
patchelf --set-rpath $lib/lib/SCMiddleware $elf
done
'';
passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so";
@ -155,6 +192,7 @@ in
pkgs,
stdenv,
unzip,
runCommand,
writeShellScriptBin,
update-gaudi,
...
@ -165,7 +203,7 @@ in
};
fakeSudo = writeShellScriptBin "sudo" "";
gaudiUpdate = gaudiUpdateSrc {inherit update-gaudi;};
gaudiUpdate = gaudiUpdateSrc {inherit runCommand update-gaudi;};
in
moduleFromDeb "gaudi" {
inherit dpkg stdenv unzip;
@ -267,17 +305,20 @@ in
wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar"
wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar"
if [ -n "$1" ]; then
zip_path="$1"
else
zip_path="$PWD/gaudi-update-${release.name}.zip"
fi
# https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2
TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} +
zip_path="$PWD/gaudi-update-${release.name}.zip"
TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" .
TZ=UTC touch -a -m -t 198002010000.00 "$zip_path"
set -x
nix-store --add-fixed sha256 "$zip_path"
set +x
echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))"
if [ -z "$1" ]; then
echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))"
fi
'';
}
// lib.optionalAttrs (vendor == "athena") {