depot/ops/modules/open_eid.nix, branch refs/r/7712 monorepo for the virus lounge http://code.tvl.fyi/depot/atom?h=refs%2Fr%2F7712 2024-03-13T18:06:19+00:00 chore(ops/modules/open_eid): use nativeMessagingHosts.packages 2024-03-13T18:06:19+00:00 Florian Klink flokli@flokli.de 2024-03-12T18:06:38+00:00 urn:sha1:8f19ffc4fd93db4c8427db81716f31b45815fcfd trace: warning: The `programs.firefox.nativeMessagingHosts.euwebid` option is deprecated, please add `web-eid-app` to `programs.firefox.nativeMessagingHosts.packages` instead. Change-Id: Ic2518957eb8e9151f2fdb13a5f25dfbc12c577a2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11138 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> feat(ops/modules/open_eid): add support for Web eID extension 2023-04-28T13:14:24+00:00 Florian Klink flokli@flokli.de 2023-04-20T22:04:23+00:00 urn:sha1:b58f6f1d618378d0673a247d0ed9645e305852f5 Most likely due to bad UX in browsers for hardware-backed TLS client cert auth, most websites have switched from client-side TLS to the "Web eID" extension. Once installed, the extension uses [Native Messaging] to talk to a `web-eid-app` application, which handles the communication with the smart card itself. This can be tested on https://web-eid.eu/ . The commit needs nixpkgs to be bumped past https://github.com/NixOS/nixpkgs/pull/227354 . [Native Messaging]: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging Change-Id: Iffe6d81ecf7cee25406fa39a983ff52cf669c373 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8490 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI fix(ops/modules/open_eid): use libdigidocpp.bin 2023-04-19T09:11:34+00:00 Florian Klink flokli@flokli.de 2023-04-18T23:02:58+00:00 urn:sha1:2363a194cdaa16131ecdb43a6d469f8ef068d556 nixpkgs commit 134036f642a7f3ba9efeab509727c0989458b02b moved the digidoc-tool binary to the `bin` output, so this wasn't actually providing the digidoc-tool binary anymore. Change-Id: Id5f7cc69d55b7cc058a6361512cc74de0e7bc1b2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8487 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> feat(ops/modules/open_eid.nix): Access all key slots 2022-05-25T20:38:11+00:00 Klemens Nanni klemens@posteo.de 2022-05-22T23:52:51+00:00 urn:sha1:3a53587c2ab06ecc0082a0c564a214b81a8bde54 `onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required. Change-Id: Ic1c34ca58a46c2978c7e27e7a9b7e6a4d335ac0c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5648 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: kn <klemens@posteo.de> Reviewed-by: tazjin <tazjin@tvl.su> feat(ops/modules/open_eid.nix): Add digidoc-tool(1) to PATH 2022-05-25T20:37:53+00:00 Klemens Nanni klemens@posteo.de 2022-05-22T23:51:18+00:00 urn:sha1:45c46d4a73910f4712a687238dbef3ee195e9404 libdigidocpp is a dependency of qdigidoc4(1) already. This will need https://github.com/NixOS/nixpkgs/pull/174055 "libdigidocpp: Fix PKCS11 module library path" to work, though. Change-Id: Ic8d671077977b1d1f099a8b4b23cc537b52aa954 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5647 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> feat(ops/modules/open_eid.nix): document firefox 2022-05-08T13:52:27+00:00 Florian Klink flokli@flokli.de 2022-05-07T19:06:07+00:00 urn:sha1:e8855f4befb91df25ac1d0c835864735ef91965a Firefox users can add p11-kit-proxy (or other SecurityDevices) system-wide, by making use of the extraPolicies functionality. Change-Id: Id58b6cab425199fb0e09e846db2a86d302c0de0d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5534 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> feat(ops/modules/open_eid.nix): use p11-kit-proxy 2022-05-07T21:29:56+00:00 Florian Klink flokli@flokli.de 2022-05-07T19:02:48+00:00 urn:sha1:84c62eb68b16af02a84f310e7b3bc05e6794aaf7 … instead of onepin-opensc-pkcs11. This acts as a glue to multiple PKCS#11 modules, and reads configuration files from /etc/pkcs11/modules. p11-kit is also used to propagate the system trust store to NSS: https://p11-glue.github.io/p11-glue/sharing-trust-policy.html See-Also: https://p11-glue.github.io/p11-glue/p11-kit.html Change-Id: I135c3a80a4eea0bd06f6b00089dc197c82476746 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5533 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI feat(ops/open_eid): Add script for setting up browser integration 2022-04-14T16:18:43+00:00 Vincent Ambo mail@tazj.in 2022-04-09T09:40:04+00:00 urn:sha1:e3cd8069ef8e810b494353bafa1d33aec3b3895e Change-Id: Ib339d62d862fd99dab2fda30376b8e47b337a26b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5441 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su> feat(ops/modules): Add module for using Estonian e-residency card 2022-04-09T08:49:06+00:00 Vincent Ambo mail@tazj.in 2022-04-03T18:46:56+00:00 urn:sha1:186c2822b0991684390a056d26ba9e9eac8265eb Someone already packaged the required software, so I didn't have to do that. Change-Id: Ifc6a68fd4cd89f4718368a05acb6c6f536e01aab Reviewed-on: https://cl.tvl.fyi/c/depot/+/5431 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<feed xmlns="http://www.w3.org/2005/Atom">
<title>depot/ops/modules/open_eid.nix, branch refs/r/7712</title>
<subtitle>monorepo for the virus lounge</subtitle>
<id>http://code.tvl.fyi/depot/atom?h=refs%2Fr%2F7712</id>
<link rel="self" href="http://code.tvl.fyi/depot/atom?h=refs%2Fr%2F7712"/>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/"/>
<updated>2024-03-13T18:06:19+00:00</updated>
<entry>
<title>chore(ops/modules/open_eid): use nativeMessagingHosts.packages</title>
<updated>2024-03-13T18:06:19+00:00</updated>
<author>
<name>Florian Klink</name>
<email>flokli@flokli.de</email>
</author>
<published>2024-03-12T18:06:38+00:00</published>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/commit/?id=8f19ffc4fd93db4c8427db81716f31b45815fcfd"/>
<id>urn:sha1:8f19ffc4fd93db4c8427db81716f31b45815fcfd</id>
<content type="text"> trace: warning: The `programs.firefox.nativeMessagingHosts.euwebid` option is deprecated, please add `web-eid-app` to `programs.firefox.nativeMessagingHosts.packages` instead. Change-Id: Ic2518957eb8e9151f2fdb13a5f25dfbc12c577a2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11138 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> </content>
</entry>
<entry>
<title>feat(ops/modules/open_eid): add support for Web eID extension</title>
<updated>2023-04-28T13:14:24+00:00</updated>
<author>
<name>Florian Klink</name>
<email>flokli@flokli.de</email>
</author>
<published>2023-04-20T22:04:23+00:00</published>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/commit/?id=b58f6f1d618378d0673a247d0ed9645e305852f5"/>
<id>urn:sha1:b58f6f1d618378d0673a247d0ed9645e305852f5</id>
<content type="text"> Most likely due to bad UX in browsers for hardware-backed TLS client cert auth, most websites have switched from client-side TLS to the "Web eID" extension. Once installed, the extension uses [Native Messaging] to talk to a `web-eid-app` application, which handles the communication with the smart card itself. This can be tested on https://web-eid.eu/ . The commit needs nixpkgs to be bumped past https://github.com/NixOS/nixpkgs/pull/227354 . [Native Messaging]: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging Change-Id: Iffe6d81ecf7cee25406fa39a983ff52cf669c373 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8490 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI </content>
</entry>
<entry>
<title>fix(ops/modules/open_eid): use libdigidocpp.bin</title>
<updated>2023-04-19T09:11:34+00:00</updated>
<author>
<name>Florian Klink</name>
<email>flokli@flokli.de</email>
</author>
<published>2023-04-18T23:02:58+00:00</published>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/commit/?id=2363a194cdaa16131ecdb43a6d469f8ef068d556"/>
<id>urn:sha1:2363a194cdaa16131ecdb43a6d469f8ef068d556</id>
<content type="text"> nixpkgs commit 134036f642a7f3ba9efeab509727c0989458b02b moved the digidoc-tool binary to the `bin` output, so this wasn't actually providing the digidoc-tool binary anymore. Change-Id: Id5f7cc69d55b7cc058a6361512cc74de0e7bc1b2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8487 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> </content>
</entry>
<entry>
<title>feat(ops/modules/open_eid.nix): Access all key slots</title>
<updated>2022-05-25T20:38:11+00:00</updated>
<author>
<name>Klemens Nanni</name>
<email>klemens@posteo.de</email>
</author>
<published>2022-05-22T23:52:51+00:00</published>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/commit/?id=3a53587c2ab06ecc0082a0c564a214b81a8bde54"/>
<id>urn:sha1:3a53587c2ab06ecc0082a0c564a214b81a8bde54</id>
<content type="text"> `onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required. Change-Id: Ic1c34ca58a46c2978c7e27e7a9b7e6a4d335ac0c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5648 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: kn <klemens@posteo.de> Reviewed-by: tazjin <tazjin@tvl.su> </content>
</entry>
<entry>
<title>feat(ops/modules/open_eid.nix): Add digidoc-tool(1) to PATH</title>
<updated>2022-05-25T20:37:53+00:00</updated>
<author>
<name>Klemens Nanni</name>
<email>klemens@posteo.de</email>
</author>
<published>2022-05-22T23:51:18+00:00</published>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/commit/?id=45c46d4a73910f4712a687238dbef3ee195e9404"/>
<id>urn:sha1:45c46d4a73910f4712a687238dbef3ee195e9404</id>
<content type="text"> libdigidocpp is a dependency of qdigidoc4(1) already. This will need https://github.com/NixOS/nixpkgs/pull/174055 "libdigidocpp: Fix PKCS11 module library path" to work, though. Change-Id: Ic8d671077977b1d1f099a8b4b23cc537b52aa954 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5647 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> </content>
</entry>
<entry>
<title>feat(ops/modules/open_eid.nix): document firefox</title>
<updated>2022-05-08T13:52:27+00:00</updated>
<author>
<name>Florian Klink</name>
<email>flokli@flokli.de</email>
</author>
<published>2022-05-07T19:06:07+00:00</published>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/commit/?id=e8855f4befb91df25ac1d0c835864735ef91965a"/>
<id>urn:sha1:e8855f4befb91df25ac1d0c835864735ef91965a</id>
<content type="text"> Firefox users can add p11-kit-proxy (or other SecurityDevices) system-wide, by making use of the extraPolicies functionality. Change-Id: Id58b6cab425199fb0e09e846db2a86d302c0de0d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5534 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> </content>
</entry>
<entry>
<title>feat(ops/modules/open_eid.nix): use p11-kit-proxy</title>
<updated>2022-05-07T21:29:56+00:00</updated>
<author>
<name>Florian Klink</name>
<email>flokli@flokli.de</email>
</author>
<published>2022-05-07T19:02:48+00:00</published>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/commit/?id=84c62eb68b16af02a84f310e7b3bc05e6794aaf7"/>
<id>urn:sha1:84c62eb68b16af02a84f310e7b3bc05e6794aaf7</id>
<content type="text"> … instead of onepin-opensc-pkcs11. This acts as a glue to multiple PKCS#11 modules, and reads configuration files from /etc/pkcs11/modules. p11-kit is also used to propagate the system trust store to NSS: https://p11-glue.github.io/p11-glue/sharing-trust-policy.html See-Also: https://p11-glue.github.io/p11-glue/p11-kit.html Change-Id: I135c3a80a4eea0bd06f6b00089dc197c82476746 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5533 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI </content>
</entry>
<entry>
<title>feat(ops/open_eid): Add script for setting up browser integration</title>
<updated>2022-04-14T16:18:43+00:00</updated>
<author>
<name>Vincent Ambo</name>
<email>mail@tazj.in</email>
</author>
<published>2022-04-09T09:40:04+00:00</published>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/commit/?id=e3cd8069ef8e810b494353bafa1d33aec3b3895e"/>
<id>urn:sha1:e3cd8069ef8e810b494353bafa1d33aec3b3895e</id>
<content type="text"> Change-Id: Ib339d62d862fd99dab2fda30376b8e47b337a26b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5441 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su> </content>
</entry>
<entry>
<title>feat(ops/modules): Add module for using Estonian e-residency card</title>
<updated>2022-04-09T08:49:06+00:00</updated>
<author>
<name>Vincent Ambo</name>
<email>mail@tazj.in</email>
</author>
<published>2022-04-03T18:46:56+00:00</published>
<link rel="alternate" type="text/html" href="http://code.tvl.fyi/commit/?id=186c2822b0991684390a056d26ba9e9eac8265eb"/>
<id>urn:sha1:186c2822b0991684390a056d26ba9e9eac8265eb</id>
<content type="text"> Someone already packaged the required software, so I didn't have to do that. Change-Id: Ifc6a68fd4cd89f4718368a05acb6c6f536e01aab Reviewed-on: https://cl.tvl.fyi/c/depot/+/5431 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su> </content>
</entry>
</feed>