fabian/nix
1
0
Fork 2
Code Issues 16 Pull requests Projects Releases Packages Wiki Activity

Merge commit '652871f78f'

Browse source
This commit is contained in:
Fabian Montero 2026-03-24 22:47:54 -06:00
commit f586e8afae
Signed by: fabian
GPG key ID: 3EDA9AE3937CCDE3
9 changed files with 290 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

6
trivionomicon/modules/athena-bccr/hm.nix
View file

@ -5,7 +5,11 @@
doctrine, doctrine,
... ...
}: let }: let
athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; releases = pkgs.${doctrine.prefix}.athena-bccr.override {
inherit (cfg) mirror vendor;
};
athena = releases.${cfg.release};
in { in {
home.packages = [ home.packages = [
athena.firmador athena.firmador

36
trivionomicon/modules/athena-bccr/options.nix
View file

@ -1,30 +1,40 @@
{lib, ...}: {lib, ...}:
with lib.types; { with lib.types; let
mirror = lib.mkOption {
type = nullOr str;
default = null;
description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store";
};
release = lib.mkOption {
type = str;
default = "latest";
description = "pinned athena-bccr release tag";
};
vendor = lib.mkOption {
type = enum ["athena" "idopte"];
default = "idopte";
description = "driver dvendor";
};
in {
hm = { hm = {
inherit mirror release vendor;
gaudiHash = lib.mkOption { gaudiHash = lib.mkOption {
type = nullOr str; type = nullOr str;
default = null; default = null;
description = "hash of the Gaudi client"; description = "hash of the Gaudi client";
}; };
release = lib.mkOption {
type = str;
default = "latest";
description = "pinned athena-bccr release tag";
};
}; };
sys = { sys = {
inherit mirror release vendor;
group = lib.mkOption { group = lib.mkOption {
type = str; type = str;
default = "users"; default = "users";
description = "user group with full access to the smartcard reader"; description = "user group with full access to the smartcard reader";
}; };
release = lib.mkOption {
type = str;
default = "latest";
description = "pinned athena-bccr release tag";
};
}; };
} }

53
trivionomicon/modules/athena-bccr/sys.nix
View file

@ -1,12 +1,20 @@
{ {
config,
pkgs, pkgs,
lib, lib,
cfg, cfg,
doctrine, doctrine,
... ...
}: let }: let
athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; releases = pkgs.${doctrine.prefix}.athena-bccr.override {
inherit (athena) vendor; inherit (cfg) mirror vendor;
};
athena = releases.${cfg.release};
driver = athena.card-driver.lib;
scmiddleware = "${driver}/lib/SCMiddleware";
inherit (cfg) vendor;
in { in {
environment = { environment = {
etc = etc =
@ -16,7 +24,12 @@ in {
''; '';
} }
// lib.optionalAttrs (vendor == "athena") { // lib.optionalAttrs (vendor == "athena") {
"Athena".source = "${athena.card-driver}/etc/Athena"; "Athena".source = "${driver}/etc/Athena";
}
// lib.optionalAttrs (vendor == "idopte") {
"idoss.conf".source = "${driver}/etc/idoss.conf";
"idoss.lic".source = "${driver}/etc/idoss.lic";
"SCMiddleware".source = scmiddleware;
}; };
systemPackages = [athena.card-driver]; systemPackages = [athena.card-driver];
@ -43,11 +56,43 @@ in {
services = { services = {
pcscd.enable = true; pcscd.enable = true;
udev.extraRules = '' udev.extraRules =
lib.optionalString (vendor == "athena") ''
# Athena Smartcard Solutions, Inc. ASEDrive V3CR # Athena Smartcard Solutions, Inc. ASEDrive V3CR
ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess"
''
+ lib.optionalString (vendor == "idopte") ''
# Bit4id Srl miniLector-s
ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl start --no-block idopte-reader.target"
ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl stop --no-block idopte-reader.target"
''; '';
}; };
systemd = lib.mkIf (vendor == "idopte") {
#TODO: make this run as a non-root user
services.idopte-cache = {
description = "Idopte cache server";
after = ["smartcard.target"];
bindsTo = ["idopte-reader.target"];
wantedBy = ["idopte-reader.target"];
serviceConfig = {
Type = "forking";
PIDFile = "/run/idoCacheSrv.pid";
RuntimeDirectory = "idoss";
ExecStart = "${scmiddleware}/idocachesrv";
};
};
targets.idopte-reader = {
description = "Idopte USB reader inserted";
wants = ["smartcard.target"];
before = ["smartcard.target"];
};
};
users.groups.${cfg.group} = {}; users.groups.${cfg.group} = {};
} }

13
trivionomicon/pkgs/athena-bccr/default.nix
View file

@ -1,10 +1,15 @@
{ {
callPackage, callPackage,
lib, lib,
mirror ? null,
vendor ? "idopte",
}: let }: let
latest = "deb64-rev26.2"; releases = lib.mapAttrs resolveRelease (import ./releases.nix).${vendor};
releases = lib.mapAttrs (name: release: release // {name = name;}) (import ./releases.nix); resolveRelease = name: release:
if builtins.isString release
then releases.${release}
else release // {name = name;};
overrideUnwrapped = default: new: let overrideUnwrapped = default: new: let
args = default // new; args = default // new;
@ -18,7 +23,7 @@
pkgsForRelease = release: let pkgsForRelease = release: let
inherit (unwrapped) card-driver bccr-cacerts; inherit (unwrapped) card-driver bccr-cacerts;
unwrapped = overrideUnwrapped {inherit release;} {}; unwrapped = overrideUnwrapped {inherit mirror release vendor;} {};
pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}"; pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}";
in { in {
inherit card-driver bccr-cacerts pkcs11-module; inherit card-driver bccr-cacerts pkcs11-module;
@ -28,4 +33,4 @@
firmador = callPackage ./firmador.nix {inherit pkcs11-module;}; firmador = callPackage ./firmador.nix {inherit pkcs11-module;};
}; };
in in
lib.mapAttrs (_: pkgsForRelease) (releases // {latest = releases.${latest};}) lib.mapAttrs (_: pkgsForRelease) releases

13
trivionomicon/pkgs/athena-bccr/firmador.nix
View file

@ -3,15 +3,15 @@
lib, lib,
makeWrapper, makeWrapper,
maven, maven,
openjdk, openjdk21,
wrapGAppsHook3, wrapGAppsHook3,
pkcs11-module ? null, pkcs11-module ? null,
}: let }: let
jdk = openjdk.override { jdk = openjdk21.override {
enableJavaFX = true; enableJavaFX = true;
}; };
version = "1.9.8+master"; version = "2.0.0+master";
in in
maven.buildMavenPackage { maven.buildMavenPackage {
pname = "firmador"; pname = "firmador";
@ -19,15 +19,16 @@ in
src = fetchgit { src = fetchgit {
url = "https://codeberg.org/firmador/firmador"; url = "https://codeberg.org/firmador/firmador";
rev = "676b0e3c0dc5adb0628d4d98efcfccfca3daa8a7"; rev = "76a16ff5fa7c1a9c3f4a03359742fc09cb98b2c4";
hash = "sha256-f/EKll1csvUCRSt4G1SeDB4gVW+ZtUgJjlmM7PlafyQ="; hash = "sha256-xzcJXIU3NFPUdwRNUvymScpBS1eeJYdb8ffevUbAS1o=";
}; };
patches = [ patches = [
./0001-Remove-CheckUpdatePlugin-from-default-list.patch ./0001-Remove-CheckUpdatePlugin-from-default-list.patch
]; ];
mvnHash = "sha256-0vwJ1f+0UXxrXRaJ1BHqfOXDU/pxrSPdYYEQ71m4jJQ="; mvnJdk = jdk;
mvnHash = "sha256-SCTXlLqc4SxWWZlQLJc+T7jM991LLwU9MqDALcbECsw=";
nativeBuildInputs = [ nativeBuildInputs = [
makeWrapper makeWrapper

10
trivionomicon/pkgs/athena-bccr/releases.nix
View file

@ -1,27 +1,33 @@
{ {
"athena" = {
latest = "deb64-rev26";
"deb64-rev26" = { "deb64-rev26" = {
# nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Rev26.zip | cut -d' ' -f1) # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Rev26.zip | cut -d' ' -f1)
hash = "sha256-ZPWP9TqJQ5coJAPzUSiaXKVItBWlqFM4smCjOf+gqQM="; hash = "sha256-ZPWP9TqJQ5coJAPzUSiaXKVItBWlqFM4smCjOf+gqQM=";
filename = "sfd_ClientesLinux_DEB64_Rev26.zip"; filename = "sfd_ClientesLinux_DEB64_Rev26.zip";
basename = "sfd_ClientesLinux_DEB64_Rev26"; basename = "sfd_ClientesLinux_DEB64_Rev26";
vendor = "athena";
srcPaths = { srcPaths = {
gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_20.0_amd64.deb"; gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_20.0_amd64.deb";
idprotect = "Firma Digital/PinTool/IDProtect PINTool 7.24.02/DEB/idprotectclient_7.24.02-0_amd64.deb"; idprotect = "Firma Digital/PinTool/IDProtect PINTool 7.24.02/DEB/idprotectclient_7.24.02-0_amd64.deb";
}; };
}; };
};
"idopte" = {
latest = "deb64-rev26.2";
"deb64-rev26.2" = { "deb64-rev26.2" = {
# nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02 | cut -d' ' -f1) # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02 | cut -d' ' -f1)
hash = "sha256-DNzP0YRnuUbfKLhi7JeQCirdGx4kM7ROqHDkTuVs0mA="; hash = "sha256-DNzP0YRnuUbfKLhi7JeQCirdGx4kM7ROqHDkTuVs0mA=";
filename = "sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02.zip"; filename = "sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02.zip";
basename = "sfd_ClientesLinux_DEB64_Ubuntu24_26_02"; basename = "sfd_ClientesLinux_DEB64_Ubuntu24_26_02";
vendor = "idopte";
srcPaths = { srcPaths = {
gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_27.0_amd64.deb"; gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_27.0_amd64.deb";
idopte = "Firma Digital/Idopte/Idopte_6.23.44.0_ubun24_amd64.deb"; idopte = "Firma Digital/Idopte/Idopte_6.23.44.0_ubun24_amd64.deb";
}; };
}; };
};
} }

79
trivionomicon/pkgs/athena-bccr/unwrapped.nix
View file

@ -1,26 +1,41 @@
{ {
fetchurl,
lib, lib,
mirror ? null,
requireFile, requireFile,
release, release,
gaudiHash ? null, gaudiHash ? null,
vendor,
... ...
}: let }: let
inherit (release) srcPaths vendor; inherit (release) srcPaths;
src = requireFile { url =
url = "https://soportefirmadigital.com"; if mirror != null
then "${mirror}/${release.filename}"
else "https://soportefirmadigital.com";
fetchSrc =
if mirror != null
then fetchurl
else requireFile;
src = fetchSrc {
name = release.filename; name = release.filename;
inherit url;
inherit (release) hash; inherit (release) hash;
}; };
gaudiUpdateSrc = {update-gaudi}: gaudiUpdateSrc = {
requireFile { update-gaudi,
url = "${update-gaudi}"; runCommand,
name = "gaudi-update-${release.name}.zip"; }:
runCommand "gaudi-update-${release.name}.zip" {
hash = gaudiHash; outputHash = gaudiHash;
}; } ''
${update-gaudi} $out
'';
moduleFromDeb = name: args @ { moduleFromDeb = name: args @ {
stdenv, stdenv,
@ -102,6 +117,7 @@
libnotify, libnotify,
openssl, openssl,
pcsclite, pcsclite,
python3,
stdenv, stdenv,
unzip, unzip,
webkitgtk_4_1, webkitgtk_4_1,
@ -124,6 +140,7 @@
nativeBuildInputs = [ nativeBuildInputs = [
autoPatchelfHook autoPatchelfHook
python3
]; ];
outputs = ["out" "lib"]; outputs = ["out" "lib"];
@ -132,15 +149,35 @@
runHook preInstall runHook preInstall
install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware} install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware}
install -m755 usr/lib/SCMiddleware/{idocachesrv,SCManager} $out/bin install -m755 usr/lib/SCMiddleware/SCManager $out/bin
install -m755 usr/lib/SCMiddleware/*.so $lib/lib/SCMiddleware install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware
cp -r etc/id* $lib/etc cp -r etc/id* $lib/etc
ln -s ../lib/SCMiddleware $lib/etc
runHook postInstall runHook postInstall
''; '';
preFixup = '' preFixup = ''
patchelf --set-rpath $lib/lib/SCMiddleware $lib/lib/SCMiddleware/* $out/bin/* for elf in $lib/lib/SCMiddleware/* $out/bin/*; do
python3 /dev/fd/3 <$elf >$elf.patched 3<<EOF
import sys
contents = sys.stdin.buffer.read()
def bin_replace(s, a, b):
assert len(a) >= len(b)
return s.replace(a, b + b'\0' * (len(a) - len(b)))
contents = bin_replace(contents, b'/usr/lib/SCMiddleware', b'/etc/SCMiddleware')
contents = bin_replace(contents, b'/tmp/.idoss_socket', b'/run/idoss/socket')
sys.stdout.buffer.write(contents)
EOF
chmod --reference=$elf $elf.patched
mv $elf.patched $elf
patchelf --set-rpath $lib/lib/SCMiddleware $elf
done
''; '';
passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so"; passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so";
@ -155,6 +192,7 @@ in
pkgs, pkgs,
stdenv, stdenv,
unzip, unzip,
runCommand,
writeShellScriptBin, writeShellScriptBin,
update-gaudi, update-gaudi,
... ...
@ -165,7 +203,7 @@ in
}; };
fakeSudo = writeShellScriptBin "sudo" ""; fakeSudo = writeShellScriptBin "sudo" "";
gaudiUpdate = gaudiUpdateSrc {inherit update-gaudi;}; gaudiUpdate = gaudiUpdateSrc {inherit runCommand update-gaudi;};
in in
moduleFromDeb "gaudi" { moduleFromDeb "gaudi" {
inherit dpkg stdenv unzip; inherit dpkg stdenv unzip;
@ -267,17 +305,20 @@ in
wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar" wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar"
wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar" wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar"
if [ -n "$1" ]; then
zip_path="$1"
else
zip_path="$PWD/gaudi-update-${release.name}.zip"
fi
# https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2 # https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2
TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} + TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} +
zip_path="$PWD/gaudi-update-${release.name}.zip"
TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" . TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" .
TZ=UTC touch -a -m -t 198002010000.00 "$zip_path" TZ=UTC touch -a -m -t 198002010000.00 "$zip_path"
set -x if [ -z "$1" ]; then
nix-store --add-fixed sha256 "$zip_path"
set +x
echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))" echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))"
fi
''; '';
} }
// lib.optionalAttrs (vendor == "athena") { // lib.optionalAttrs (vendor == "athena") {

4
trivionomicon/pkgs/default.nix
View file

@ -4,7 +4,9 @@ with prev.lib; let
in { in {
override = {}; override = {};
athena-bccr = callPackage ./athena-bccr {}; athena-bccr = callPackage ./athena-bccr {vendor = "athena";};
ibkr-tws = callPackage ./ibkr-tws {};
idopte-bccr = callPackage ./athena-bccr {vendor = "idopte";};
snapborg = final.python3Packages.callPackage ./snapborg {}; snapborg = final.python3Packages.callPackage ./snapborg {};
socialpredict = callPackage ./socialpredict {}; socialpredict = callPackage ./socialpredict {};
spliit = callPackage ./spliit {}; spliit = callPackage ./spliit {};

106
trivionomicon/pkgs/ibkr-tws/default.nix Normal file
View file

@ -0,0 +1,106 @@
{
lib,
makeWrapper,
openjdk,
requireFile,
stdenv,
}: let
version = "10.44.1g";
jdk = openjdk.override {
enableJavaFX = true;
};
removeJavaVersionCheck = file: ''
# Lie about the openjdk version to skip the version check
sed -i 's/\(read_db_entry || create_db_entry \$2\)/\1; ver_major=17; ver_minor=0; ver_micro=16/' ${file}
'';
in
stdenv.mkDerivation {
pname = "ibkr-tws";
inherit version;
src = requireFile {
name = "tws-${version}-standalone-linux-x64.sh";
url = "https://www.interactivebrokers.com/en/trading/download-tws.php?p=offline-latest";
# 1. Rename 'tws-latest-standalone-linux-x64.sh' to 'tws-${version}-standalone-linux-x64.sh'
# 2. nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum tws-${version}-standalone-linux-x64.sh | cut -d' ' -f1)
hash = "sha256-UfyfTHOcPiwTof0ZMhV1haX7gyb08v7U2A12VjAny7c=";
};
nativeBuildInputs = [
makeWrapper
];
unpackPhase = ''
runHook preUnpack
cp $src bundle.sh
chmod +x bundle.sh
runHook postUnpack
'';
patchPhase = ''
runHook prePatch
${removeJavaVersionCheck "bundle.sh"}
runHook postPatch
'';
preBuild = ''
export INSTALL4J_NO_DB=true
export INSTALL4J_JAVA_HOME=${jdk}
export INSTALL4J_DISABLE_BUNDLED_JRE=true
'';
buildPhase = ''
runHook preBuild
# Where should Trader Workstation 10.44 be installed?: $out
# Run Trader Workstation 10.44? Yes [y], No [n, Enter]: n
echo -e "$out/lib/tws\nn" | ./bundle.sh
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p "$out/bin" "$out/share/applications"
${removeJavaVersionCheck "$out/lib/tws/tws"}
makeWrapper \
"$out/lib/tws/tws" "$out/bin/tws" \
--set INSTALL4J_NO_DB true \
--set INSTALL4J_JAVA_HOME ${jdk}
mv "$out/lib/tws/.install4j/tws.png" "$out/lib/tws"
for path in $out/lib/tws/*.desktop; do
target="$(readlink -f "$path")"
mv "$target" "$out/share/applications/$(basename "$path")"
rm -f "$path"
done
sed -i \
's@$out/lib/tws/tws\>@$out/bin/tws@; s@$out/lib/tws/.install4j/tws.png@$out/lib/tws/tws.png@' \
$out/share/applications/*.desktop
#TODO
sed -i \
's@/build/Jts@/tmp/Jts@g' \
$out/lib/tws/.install4j/{i4jparams.conf,response.varfile}
rm -f "$out/lib/tws/uninstall" $out/lib/tws/.install4j/*.log
runHook postInstall
'';
meta = {
license = lib.licenses.unfree;
mainProgram = "tws";
};
}