about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
authorKlemens Nanni <klemens@posteo.de>2022-05-22T23·52+0200
committerkn <klemens@posteo.de>2022-05-25T20·38+0000
commit3a53587c2ab06ecc0082a0c564a214b81a8bde54 (patch)
tree030a0f4544c0e9b71ed6014885624922982c4db8 /ops
parent45c46d4a73910f4712a687238dbef3ee195e9404 (diff)
feat(ops/modules/open_eid.nix): Access all key slots r/4115
`onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required.

Change-Id: Ic1c34ca58a46c2978c7e27e7a9b7e6a4d335ac0c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5648
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: kn <klemens@posteo.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Diffstat (limited to 'ops')
-rw-r--r--ops/modules/open_eid.nix7
1 files changed, 4 insertions, 3 deletions
diff --git a/ops/modules/open_eid.nix b/ops/modules/open_eid.nix
index 4a48a09a6c9a..4bc35e298c89 100644
--- a/ops/modules/open_eid.nix
+++ b/ops/modules/open_eid.nix
@@ -23,9 +23,10 @@ in
 {
   services.pcscd.enable = true;
 
-  # Tell p11-kit to load onepin-opensc-pkcs11.so
-  environment.etc."pkcs11/modules/onepin-opensc-pkcs11".text = ''
-    module: ${pkgs.opensc}/lib/onepin-opensc-pkcs11.so
+  # Tell p11-kit to load/proxy opensc-pkcs11.so, providing all available slots
+  # (PIN1 for authentication/decryption, PIN2 for signing).
+  environment.etc."pkcs11/modules/opensc-pkcs11".text = ''
+    module: ${pkgs.opensc}/lib/opensc-pkcs11.so
   '';
 
   environment.systemPackages = with pkgs; [