From 34364c9f5f7de8091521c4bc88c53633b9bfd983 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Wed, 1 Jun 2022 00:52:12 +0200 Subject: [PATCH 1/3] firefox: smartcardSupport: Use multi-slot module `onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required. `opensc-pkcs11.so` enables all slots. I can successfully use PIN1 and PIN2 in Smart-ID cards with this. --- pkgs/applications/networking/browsers/firefox/wrapper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index 6d93629e718..755336de935 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -137,7 +137,7 @@ let }; } // lib.optionalAttrs smartcardSupport { SecurityDevices = { - "OpenSC PKCS#11 Module" = "onepin-opensc-pkcs11.so"; + "OpenSC PKCS#11 Module" = "opensc-pkcs11.so"; }; } // extraPolicies; From 787a44459643229bad4f5f6d15ef320dab2edc7b Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Wed, 1 Jun 2022 00:48:48 +0200 Subject: [PATCH 2/3] doc: firefox: Show how to use PKCS#11 Proxy Module `p11-kit-proxy.so` makes it able to use multiple PKCS#11 modules and manage them through p11-kit(8). Fix indentation while here. --- doc/builders/packages/firefox.section.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/doc/builders/packages/firefox.section.md b/doc/builders/packages/firefox.section.md index 6f7d39c8b5e..0dd786a599d 100644 --- a/doc/builders/packages/firefox.section.md +++ b/doc/builders/packages/firefox.section.md @@ -26,10 +26,14 @@ The `wrapFirefox` function allows to pass policies, preferences and extensions t Pocket = false; Snippets = false; }; - UserMessaging = { - ExtensionRecommendations = false; - SkipOnboarding = true; - }; + UserMessaging = { + ExtensionRecommendations = false; + SkipOnboarding = true; + }; + SecurityDevices = { + # Use a proxy module rather than `nixpkgs.config.firefox.smartcardSupport = true` + "PKCS#11 Proxy Module" = "${pkgs.p11-kit}/lib/p11-kit-proxy.so"; + }; }; extraPrefs = '' From 5d27c8d53fb70de7baac99ad3b12bfdeffdb699e Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Wed, 1 Jun 2022 02:12:26 +0200 Subject: [PATCH 3/3] firefox: merge identical optionalAttrs block, fix indent Two consecutive sets are pulled in under the same `usesNixExtensions` condition. Due to wrong indentation, it does however they are nested. Fix both. --- .../networking/browsers/firefox/wrapper.nix | 41 +++++++++---------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index 755336de935..153bd31a5e7 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -118,28 +118,27 @@ let lib.optionalAttrs usesNixExtensions { ExtensionSettings = { "*" = { - blocked_install_message = "You can't have manual extension mixed with nix extensions"; - installation_mode = "blocked"; - }; - + blocked_install_message = "You can't have manual extension mixed with nix extensions"; + installation_mode = "blocked"; + }; } // lib.foldr (e: ret: - ret // { - "${e.extid}" = { - installation_mode = "allowed"; - }; - } - ) {} extensions; - } // lib.optionalAttrs usesNixExtensions { - Extensions = { - Install = lib.foldr (e: ret: - ret ++ [ "${e.outPath}/${e.extid}.xpi" ] - ) [] extensions; - }; - } // lib.optionalAttrs smartcardSupport { - SecurityDevices = { - "OpenSC PKCS#11 Module" = "opensc-pkcs11.so"; - }; - } + ret // { + "${e.extid}" = { + installation_mode = "allowed"; + }; + } + ) {} extensions; + + Extensions = { + Install = lib.foldr (e: ret: + ret ++ [ "${e.outPath}/${e.extid}.xpi" ] + ) [] extensions; + }; + } // lib.optionalAttrs smartcardSupport { + SecurityDevices = { + "OpenSC PKCS#11 Module" = "opensc-pkcs11.so"; + }; + } // extraPolicies; };