diff --git a/home/modules/defaultDesktopPack.nix b/home/modules/defaultDesktopPack.nix index b973da3..ba052ab 100644 --- a/home/modules/defaultDesktopPack.nix +++ b/home/modules/defaultDesktopPack.nix @@ -42,7 +42,6 @@ in { vpsfree-client vscodium-fhs zola - trivium.ibkr-tws ]; trivium = { diff --git a/pkgs/config/unfree.nix b/pkgs/config/unfree.nix index d9c197d..b2e2424 100644 --- a/pkgs/config/unfree.nix +++ b/pkgs/config/unfree.nix @@ -9,5 +9,4 @@ with lib; "steam-original" "steam-unwrapped" "steam-run" - "ibkr-tws" ] diff --git a/trivionomicon/modules/athena-bccr/hm.nix b/trivionomicon/modules/athena-bccr/hm.nix index 683cb4d..0678e3c 100644 --- a/trivionomicon/modules/athena-bccr/hm.nix +++ b/trivionomicon/modules/athena-bccr/hm.nix @@ -5,11 +5,7 @@ doctrine, ... }: let - releases = pkgs.${doctrine.prefix}.athena-bccr.override { - inherit (cfg) mirror vendor; - }; - - athena = releases.${cfg.release}; + athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; in { home.packages = [ athena.firmador diff --git a/trivionomicon/modules/athena-bccr/options.nix b/trivionomicon/modules/athena-bccr/options.nix index dc4c986..eb61cf5 100644 --- a/trivionomicon/modules/athena-bccr/options.nix +++ b/trivionomicon/modules/athena-bccr/options.nix @@ -1,40 +1,30 @@ {lib, ...}: -with lib.types; let - mirror = lib.mkOption { - type = nullOr str; - default = null; - description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store"; - }; - - release = lib.mkOption { - type = str; - default = "latest"; - description = "pinned athena-bccr release tag"; - }; - - vendor = lib.mkOption { - type = enum ["athena" "idopte"]; - default = "idopte"; - description = "driver dvendor"; - }; -in { +with lib.types; { hm = { - inherit mirror release vendor; - gaudiHash = lib.mkOption { type = nullOr str; default = null; description = "hash of the Gaudi client"; }; + + release = lib.mkOption { + type = str; + default = "latest"; + description = "pinned athena-bccr release tag"; + }; }; sys = { - inherit mirror release vendor; - group = lib.mkOption { type = str; default = "users"; description = "user group with full access to the smartcard reader"; }; + + release = lib.mkOption { + type = str; + default = "latest"; + description = "pinned athena-bccr release tag"; + }; }; } diff --git a/trivionomicon/modules/athena-bccr/sys.nix b/trivionomicon/modules/athena-bccr/sys.nix index 0b4658c..5457ca5 100644 --- a/trivionomicon/modules/athena-bccr/sys.nix +++ b/trivionomicon/modules/athena-bccr/sys.nix @@ -1,20 +1,12 @@ { - config, pkgs, lib, cfg, doctrine, ... }: let - releases = pkgs.${doctrine.prefix}.athena-bccr.override { - inherit (cfg) mirror vendor; - }; - - athena = releases.${cfg.release}; - driver = athena.card-driver.lib; - scmiddleware = "${driver}/lib/SCMiddleware"; - - inherit (cfg) vendor; + athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; + inherit (athena) vendor; in { environment = { etc = @@ -24,12 +16,7 @@ in { ''; } // lib.optionalAttrs (vendor == "athena") { - "Athena".source = "${driver}/etc/Athena"; - } - // lib.optionalAttrs (vendor == "idopte") { - "idoss.conf".source = "${driver}/etc/idoss.conf"; - "idoss.lic".source = "${driver}/etc/idoss.lic"; - "SCMiddleware".source = scmiddleware; + "Athena".source = "${athena.card-driver}/etc/Athena"; }; systemPackages = [athena.card-driver]; @@ -56,42 +43,10 @@ in { services = { pcscd.enable = true; - udev.extraRules = - lib.optionalString (vendor == "athena") '' - # Athena Smartcard Solutions, Inc. ASEDrive V3CR - ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" - '' - + lib.optionalString (vendor == "idopte") '' - # Bit4id Srl miniLector-s - ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl start --no-block idopte-reader.target" - ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="25dd/1101*", RUN+="${config.systemd.package}/bin/systemctl stop --no-block idopte-reader.target" - ''; - }; - - systemd = lib.mkIf (vendor == "idopte") { - #TODO: make this run as a non-root user - services.idopte-cache = { - description = "Idopte cache server"; - - after = ["smartcard.target"]; - bindsTo = ["idopte-reader.target"]; - wantedBy = ["idopte-reader.target"]; - - serviceConfig = { - Type = "forking"; - PIDFile = "/run/idoCacheSrv.pid"; - RuntimeDirectory = "idoss"; - - ExecStart = "${scmiddleware}/idocachesrv"; - }; - }; - - targets.idopte-reader = { - description = "Idopte USB reader inserted"; - - wants = ["smartcard.target"]; - before = ["smartcard.target"]; - }; + udev.extraRules = '' + # Athena Smartcard Solutions, Inc. ASEDrive V3CR + ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" + ''; }; users.groups.${cfg.group} = {}; diff --git a/trivionomicon/pkgs/athena-bccr/default.nix b/trivionomicon/pkgs/athena-bccr/default.nix index c17911e..c4a8575 100644 --- a/trivionomicon/pkgs/athena-bccr/default.nix +++ b/trivionomicon/pkgs/athena-bccr/default.nix @@ -1,15 +1,10 @@ { callPackage, lib, - mirror ? null, - vendor ? "idopte", }: let - releases = lib.mapAttrs resolveRelease (import ./releases.nix).${vendor}; + latest = "deb64-rev26.2"; - resolveRelease = name: release: - if builtins.isString release - then releases.${release} - else release // {name = name;}; + releases = lib.mapAttrs (name: release: release // {name = name;}) (import ./releases.nix); overrideUnwrapped = default: new: let args = default // new; @@ -23,7 +18,7 @@ pkgsForRelease = release: let inherit (unwrapped) card-driver bccr-cacerts; - unwrapped = overrideUnwrapped {inherit mirror release vendor;} {}; + unwrapped = overrideUnwrapped {inherit release;} {}; pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}"; in { inherit card-driver bccr-cacerts pkcs11-module; @@ -33,4 +28,4 @@ firmador = callPackage ./firmador.nix {inherit pkcs11-module;}; }; in - lib.mapAttrs (_: pkgsForRelease) releases + lib.mapAttrs (_: pkgsForRelease) (releases // {latest = releases.${latest};}) diff --git a/trivionomicon/pkgs/athena-bccr/firmador.nix b/trivionomicon/pkgs/athena-bccr/firmador.nix index 42ce79e..82578e8 100644 --- a/trivionomicon/pkgs/athena-bccr/firmador.nix +++ b/trivionomicon/pkgs/athena-bccr/firmador.nix @@ -3,15 +3,15 @@ lib, makeWrapper, maven, - openjdk21, + openjdk, wrapGAppsHook3, pkcs11-module ? null, }: let - jdk = openjdk21.override { + jdk = openjdk.override { enableJavaFX = true; }; - version = "2.0.0+master"; + version = "1.9.8+master"; in maven.buildMavenPackage { pname = "firmador"; @@ -19,16 +19,15 @@ in src = fetchgit { url = "https://codeberg.org/firmador/firmador"; - rev = "76a16ff5fa7c1a9c3f4a03359742fc09cb98b2c4"; - hash = "sha256-xzcJXIU3NFPUdwRNUvymScpBS1eeJYdb8ffevUbAS1o="; + rev = "676b0e3c0dc5adb0628d4d98efcfccfca3daa8a7"; + hash = "sha256-f/EKll1csvUCRSt4G1SeDB4gVW+ZtUgJjlmM7PlafyQ="; }; patches = [ ./0001-Remove-CheckUpdatePlugin-from-default-list.patch ]; - mvnJdk = jdk; - mvnHash = "sha256-SCTXlLqc4SxWWZlQLJc+T7jM991LLwU9MqDALcbECsw="; + mvnHash = "sha256-0vwJ1f+0UXxrXRaJ1BHqfOXDU/pxrSPdYYEQ71m4jJQ="; nativeBuildInputs = [ makeWrapper diff --git a/trivionomicon/pkgs/athena-bccr/releases.nix b/trivionomicon/pkgs/athena-bccr/releases.nix index 203e57c..cbc5bdb 100644 --- a/trivionomicon/pkgs/athena-bccr/releases.nix +++ b/trivionomicon/pkgs/athena-bccr/releases.nix @@ -1,33 +1,27 @@ { - "athena" = { - latest = "deb64-rev26"; + "deb64-rev26" = { + # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Rev26.zip | cut -d' ' -f1) + hash = "sha256-ZPWP9TqJQ5coJAPzUSiaXKVItBWlqFM4smCjOf+gqQM="; + filename = "sfd_ClientesLinux_DEB64_Rev26.zip"; + basename = "sfd_ClientesLinux_DEB64_Rev26"; + vendor = "athena"; - "deb64-rev26" = { - # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Rev26.zip | cut -d' ' -f1) - hash = "sha256-ZPWP9TqJQ5coJAPzUSiaXKVItBWlqFM4smCjOf+gqQM="; - filename = "sfd_ClientesLinux_DEB64_Rev26.zip"; - basename = "sfd_ClientesLinux_DEB64_Rev26"; - - srcPaths = { - gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_20.0_amd64.deb"; - idprotect = "Firma Digital/PinTool/IDProtect PINTool 7.24.02/DEB/idprotectclient_7.24.02-0_amd64.deb"; - }; + srcPaths = { + gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_20.0_amd64.deb"; + idprotect = "Firma Digital/PinTool/IDProtect PINTool 7.24.02/DEB/idprotectclient_7.24.02-0_amd64.deb"; }; }; - "idopte" = { - latest = "deb64-rev26.2"; + "deb64-rev26.2" = { + # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02 | cut -d' ' -f1) + hash = "sha256-DNzP0YRnuUbfKLhi7JeQCirdGx4kM7ROqHDkTuVs0mA="; + filename = "sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02.zip"; + basename = "sfd_ClientesLinux_DEB64_Ubuntu24_26_02"; + vendor = "idopte"; - "deb64-rev26.2" = { - # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02 | cut -d' ' -f1) - hash = "sha256-DNzP0YRnuUbfKLhi7JeQCirdGx4kM7ROqHDkTuVs0mA="; - filename = "sfd_ClientesLinux_DEB64_Ubuntu24_rev26_02.zip"; - basename = "sfd_ClientesLinux_DEB64_Ubuntu24_26_02"; - - srcPaths = { - gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_27.0_amd64.deb"; - idopte = "Firma Digital/Idopte/Idopte_6.23.44.0_ubun24_amd64.deb"; - }; + srcPaths = { + gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_27.0_amd64.deb"; + idopte = "Firma Digital/Idopte/Idopte_6.23.44.0_ubun24_amd64.deb"; }; }; } diff --git a/trivionomicon/pkgs/athena-bccr/unwrapped.nix b/trivionomicon/pkgs/athena-bccr/unwrapped.nix index dc9f142..c7781e4 100644 --- a/trivionomicon/pkgs/athena-bccr/unwrapped.nix +++ b/trivionomicon/pkgs/athena-bccr/unwrapped.nix @@ -1,41 +1,26 @@ { - fetchurl, lib, - mirror ? null, requireFile, release, gaudiHash ? null, - vendor, ... }: let - inherit (release) srcPaths; + inherit (release) srcPaths vendor; - url = - if mirror != null - then "${mirror}/${release.filename}" - else "https://soportefirmadigital.com"; - - fetchSrc = - if mirror != null - then fetchurl - else requireFile; - - src = fetchSrc { + src = requireFile { + url = "https://soportefirmadigital.com"; name = release.filename; - inherit url; inherit (release) hash; }; - gaudiUpdateSrc = { - update-gaudi, - runCommand, - }: - runCommand "gaudi-update-${release.name}.zip" { - outputHash = gaudiHash; - } '' - ${update-gaudi} $out - ''; + gaudiUpdateSrc = {update-gaudi}: + requireFile { + url = "${update-gaudi}"; + name = "gaudi-update-${release.name}.zip"; + + hash = gaudiHash; + }; moduleFromDeb = name: args @ { stdenv, @@ -117,7 +102,6 @@ libnotify, openssl, pcsclite, - python3, stdenv, unzip, webkitgtk_4_1, @@ -140,7 +124,6 @@ nativeBuildInputs = [ autoPatchelfHook - python3 ]; outputs = ["out" "lib"]; @@ -149,35 +132,15 @@ runHook preInstall install -m755 -d $out/bin $lib/{etc,lib/SCMiddleware} - install -m755 usr/lib/SCMiddleware/SCManager $out/bin - install -m755 usr/lib/SCMiddleware/{*.so,idocachesrv} $lib/lib/SCMiddleware + install -m755 usr/lib/SCMiddleware/{idocachesrv,SCManager} $out/bin + install -m755 usr/lib/SCMiddleware/*.so $lib/lib/SCMiddleware cp -r etc/id* $lib/etc - ln -s ../lib/SCMiddleware $lib/etc runHook postInstall ''; preFixup = '' - for elf in $lib/lib/SCMiddleware/* $out/bin/*; do - python3 /dev/fd/3 <$elf >$elf.patched 3<= len(b) - return s.replace(a, b + b'\0' * (len(a) - len(b))) - - contents = bin_replace(contents, b'/usr/lib/SCMiddleware', b'/etc/SCMiddleware') - contents = bin_replace(contents, b'/tmp/.idoss_socket', b'/run/idoss/socket') - - sys.stdout.buffer.write(contents) - EOF - - chmod --reference=$elf $elf.patched - mv $elf.patched $elf - - patchelf --set-rpath $lib/lib/SCMiddleware $elf - done + patchelf --set-rpath $lib/lib/SCMiddleware $lib/lib/SCMiddleware/* $out/bin/* ''; passthru.pkcs11-path = "lib/SCMiddleware/libidop11.so"; @@ -192,7 +155,6 @@ in pkgs, stdenv, unzip, - runCommand, writeShellScriptBin, update-gaudi, ... @@ -203,7 +165,7 @@ in }; fakeSudo = writeShellScriptBin "sudo" ""; - gaudiUpdate = gaudiUpdateSrc {inherit runCommand update-gaudi;}; + gaudiUpdate = gaudiUpdateSrc {inherit update-gaudi;}; in moduleFromDeb "gaudi" { inherit dpkg stdenv unzip; @@ -305,20 +267,17 @@ in wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar" wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar" - if [ -n "$1" ]; then - zip_path="$1" - else - zip_path="$PWD/gaudi-update-${release.name}.zip" - fi - # https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2 TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} + + zip_path="$PWD/gaudi-update-${release.name}.zip" TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" . TZ=UTC touch -a -m -t 198002010000.00 "$zip_path" - if [ -z "$1" ]; then - echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))" - fi + set -x + nix-store --add-fixed sha256 "$zip_path" + set +x + + echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))" ''; } // lib.optionalAttrs (vendor == "athena") { diff --git a/trivionomicon/pkgs/default.nix b/trivionomicon/pkgs/default.nix index 255a365..1b11af9 100644 --- a/trivionomicon/pkgs/default.nix +++ b/trivionomicon/pkgs/default.nix @@ -4,9 +4,7 @@ with prev.lib; let in { override = {}; - athena-bccr = callPackage ./athena-bccr {vendor = "athena";}; - ibkr-tws = callPackage ./ibkr-tws {}; - idopte-bccr = callPackage ./athena-bccr {vendor = "idopte";}; + athena-bccr = callPackage ./athena-bccr {}; snapborg = final.python3Packages.callPackage ./snapborg {}; socialpredict = callPackage ./socialpredict {}; spliit = callPackage ./spliit {}; diff --git a/trivionomicon/pkgs/ibkr-tws/default.nix b/trivionomicon/pkgs/ibkr-tws/default.nix deleted file mode 100644 index ea3e94b..0000000 --- a/trivionomicon/pkgs/ibkr-tws/default.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ - lib, - makeWrapper, - openjdk, - requireFile, - stdenv, -}: let - version = "10.44.1g"; - - jdk = openjdk.override { - enableJavaFX = true; - }; - - removeJavaVersionCheck = file: '' - # Lie about the openjdk version to skip the version check - sed -i 's/\(read_db_entry || create_db_entry \$2\)/\1; ver_major=17; ver_minor=0; ver_micro=16/' ${file} - ''; -in - stdenv.mkDerivation { - pname = "ibkr-tws"; - inherit version; - - src = requireFile { - name = "tws-${version}-standalone-linux-x64.sh"; - url = "https://www.interactivebrokers.com/en/trading/download-tws.php?p=offline-latest"; - - # 1. Rename 'tws-latest-standalone-linux-x64.sh' to 'tws-${version}-standalone-linux-x64.sh' - # 2. nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum tws-${version}-standalone-linux-x64.sh | cut -d' ' -f1) - hash = "sha256-UfyfTHOcPiwTof0ZMhV1haX7gyb08v7U2A12VjAny7c="; - }; - - nativeBuildInputs = [ - makeWrapper - ]; - - unpackPhase = '' - runHook preUnpack - - cp $src bundle.sh - chmod +x bundle.sh - - runHook postUnpack - ''; - - patchPhase = '' - runHook prePatch - - ${removeJavaVersionCheck "bundle.sh"} - - runHook postPatch - ''; - - preBuild = '' - export INSTALL4J_NO_DB=true - export INSTALL4J_JAVA_HOME=${jdk} - export INSTALL4J_DISABLE_BUNDLED_JRE=true - ''; - - buildPhase = '' - runHook preBuild - - # Where should Trader Workstation 10.44 be installed?: $out - # Run Trader Workstation 10.44? Yes [y], No [n, Enter]: n - echo -e "$out/lib/tws\nn" | ./bundle.sh - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p "$out/bin" "$out/share/applications" - - ${removeJavaVersionCheck "$out/lib/tws/tws"} - makeWrapper \ - "$out/lib/tws/tws" "$out/bin/tws" \ - --set INSTALL4J_NO_DB true \ - --set INSTALL4J_JAVA_HOME ${jdk} - - mv "$out/lib/tws/.install4j/tws.png" "$out/lib/tws" - - for path in $out/lib/tws/*.desktop; do - target="$(readlink -f "$path")" - mv "$target" "$out/share/applications/$(basename "$path")" - rm -f "$path" - done - - sed -i \ - 's@$out/lib/tws/tws\>@$out/bin/tws@; s@$out/lib/tws/.install4j/tws.png@$out/lib/tws/tws.png@' \ - $out/share/applications/*.desktop - - #TODO - sed -i \ - 's@/build/Jts@/tmp/Jts@g' \ - $out/lib/tws/.install4j/{i4jparams.conf,response.varfile} - - rm -f "$out/lib/tws/uninstall" $out/lib/tws/.install4j/*.log - - runHook postInstall - ''; - - meta = { - license = lib.licenses.unfree; - mainProgram = "tws"; - }; - }