about summary refs log tree commit diff
path: root/ops/modules/open_eid.nix
AgeCommit message (Collapse)AuthorFilesLines
2023-04-28 r/6117 feat(ops/modules/open_eid): add support for Web eID extensionFlorian Klink1-20/+37
Most likely due to bad UX in browsers for hardware-backed TLS client cert auth, most websites have switched from client-side TLS to the "Web eID" extension. Once installed, the extension uses [Native Messaging] to talk to a `web-eid-app` application, which handles the communication with the smart card itself. This can be tested on https://web-eid.eu/ . The commit needs nixpkgs to be bumped past https://github.com/NixOS/nixpkgs/pull/227354 . [Native Messaging]: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging Change-Id: Iffe6d81ecf7cee25406fa39a983ff52cf669c373 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8490 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-04-19 r/6099 fix(ops/modules/open_eid): use libdigidocpp.binFlorian Klink1-1/+1
nixpkgs commit 134036f642a7f3ba9efeab509727c0989458b02b moved the digidoc-tool binary to the `bin` output, so this wasn't actually providing the digidoc-tool binary anymore. Change-Id: Id5f7cc69d55b7cc058a6361512cc74de0e7bc1b2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8487 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2022-05-25 r/4115 feat(ops/modules/open_eid.nix): Access all key slotsKlemens Nanni1-3/+4
`onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required. Change-Id: Ic1c34ca58a46c2978c7e27e7a9b7e6a4d335ac0c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5648 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: kn <klemens@posteo.de> Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-25 r/4114 feat(ops/modules/open_eid.nix): Add digidoc-tool(1) to PATHKlemens Nanni1-0/+1
libdigidocpp is a dependency of qdigidoc4(1) already. This will need https://github.com/NixOS/nixpkgs/pull/174055 "libdigidocpp: Fix PKCS11 module library path" to work, though. Change-Id: Ic8d671077977b1d1f099a8b4b23cc537b52aa954 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5647 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-08 r/4017 feat(ops/modules/open_eid.nix): document firefoxFlorian Klink1-0/+3
Firefox users can add p11-kit-proxy (or other SecurityDevices) system-wide, by making use of the extraPolicies functionality. Change-Id: Id58b6cab425199fb0e09e846db2a86d302c0de0d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5534 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2022-05-07 r/4016 feat(ops/modules/open_eid.nix): use p11-kit-proxyFlorian Klink1-7/+11
… instead of onepin-opensc-pkcs11. This acts as a glue to multiple PKCS#11 modules, and reads configuration files from /etc/pkcs11/modules. p11-kit is also used to propagate the system trust store to NSS: https://p11-glue.github.io/p11-glue/sharing-trust-policy.html See-Also: https://p11-glue.github.io/p11-glue/p11-kit.html Change-Id: I135c3a80a4eea0bd06f6b00089dc197c82476746 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5533 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2022-04-14 r/3948 feat(ops/open_eid): Add script for setting up browser integrationVincent Ambo1-0/+18
Change-Id: Ib339d62d862fd99dab2fda30376b8e47b337a26b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5441 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su>
2022-04-09 r/3938 feat(ops/modules): Add module for using Estonian e-residency cardVincent Ambo1-0/+10
Someone already packaged the required software, so I didn't have to do that. Change-Id: Ifc6a68fd4cd89f4718368a05acb6c6f536e01aab Reviewed-on: https://cl.tvl.fyi/c/depot/+/5431 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-09T10·05+0000