From 3a53587c2ab06ecc0082a0c564a214b81a8bde54 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Mon, 23 May 2022 01:52:51 +0200 Subject: feat(ops/modules/open_eid.nix): Access all key slots `onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required. Change-Id: Ic1c34ca58a46c2978c7e27e7a9b7e6a4d335ac0c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5648 Tested-by: BuildkiteCI Reviewed-by: flokli Reviewed-by: kn Reviewed-by: tazjin --- ops/modules/open_eid.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ops/modules/open_eid.nix b/ops/modules/open_eid.nix index 4a48a09a6c9a..4bc35e298c89 100644 --- a/ops/modules/open_eid.nix +++ b/ops/modules/open_eid.nix @@ -23,9 +23,10 @@ in { services.pcscd.enable = true; - # Tell p11-kit to load onepin-opensc-pkcs11.so - environment.etc."pkcs11/modules/onepin-opensc-pkcs11".text = '' - module: ${pkgs.opensc}/lib/onepin-opensc-pkcs11.so + # Tell p11-kit to load/proxy opensc-pkcs11.so, providing all available slots + # (PIN1 for authentication/decryption, PIN2 for signing). + environment.etc."pkcs11/modules/opensc-pkcs11".text = '' + module: ${pkgs.opensc}/lib/opensc-pkcs11.so ''; environment.systemPackages = with pkgs; [ -- cgit 1.4.1