Web eID: Difference between revisions

(4 intermediate revisions by 4 users not shown)

Line 22:

programs.firefox.nativeMessagingHosts.~~euwebid~~ = ~~true~~;

programs.firefox.nativeMessagingHosts.packages = [ pkgs.web-eid-app ];

</syntaxhighlight>

Line 80:

environment.systemPackages = ~~with pkgs;~~ [

environment.systemPackages = [

# Wrapper script to tell to Chrome/Chromium to use p11-kit-proxy to load

# security devices, so they can be used for TLS client auth.

Line 87:

#

# https://bugs.chromium.org/p/chromium/issues/detail?id=16387

#

~~# Firefox users can just set~~

~~# extraPolicies.SecurityDevices.p11-kit-proxy "${pkgs.p11-kit}/lib/p11-kit-proxy.so";~~

~~# when overriding the firefox derivation.~~

(pkgs.writeShellScriptBin "setup-browser-eid" ''

NSSDB="''${HOME}/.pki/nssdb"

Line 102:

Line 98:

Invoke <code>setup-browser-eid</code> to configure (and whenever this gets garbage-collected), and restart your browser.

== Belgian eID cards ==

The Web eID browser extension, used for authentication with Belgian eID cards, requires the PKCS#11 module <code>libbeidpkcs11.so.0</code> to be available in the directory <code>/usr/lib/x86_64-linux-gnu/</code>. Since this directory does not exist by default on NixOS, the Web eID application installed on the host system will not detect or support Belgian eID cards.

To resolve this, you can create a symlink from the Nix store version of <code>beidpkcs11.so</code>, provided by the <code>eid-mw</code> package, into <code>/usr/lib/x86_64-linux-gnu/</code>:<syntaxhighlight lang="nix">system.activationScripts.web-eid-app = {

text = ''

mkdir -p /usr/lib/x86_64-linux-gnu

ln -sf ${pkgs.eid-mw}/lib/pkcs11/beidpkcs11.so /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so.0

'';

};</syntaxhighlight>This script ensures the required symlink is created at system activation time and remains up to date with the correct Nix store path for <code>eid-mw</code>.

[[Category:Hardware]]

[[Category:Applications]]

[[Category:Web Applications]]

@@ Line 22: / Line 22: @@
 <syntaxhighlight lang="nix">
-programs.firefox.nativeMessagingHosts.euwebid = true;
+programs.firefox.nativeMessagingHosts.packages = [ pkgs.web-eid-app ];
 </syntaxhighlight>
@@ Line 80: / Line 80: @@
 <syntaxhighlight lang="nix">
-   environment.systemPackages = with pkgs; [
+   environment.systemPackages = [
      # Wrapper script to tell to Chrome/Chromium to use p11-kit-proxy to load
      # security devices, so they can be used for TLS client auth.
@@ Line 87: / Line 87: @@
      #
      # https://bugs.chromium.org/p/chromium/issues/detail?id=16387
-    #
-    # Firefox users can just set
-    # extraPolicies.SecurityDevices.p11-kit-proxy "${pkgs.p11-kit}/lib/p11-kit-proxy.so";
-    # when overriding the firefox derivation.
      (pkgs.writeShellScriptBin "setup-browser-eid" ''
        NSSDB="''${HOME}/.pki/nssdb"
@@ Line 102: / Line 98: @@
 Invoke <code>setup-browser-eid</code> to configure (and whenever this gets garbage-collected), and restart your browser.
+== Belgian eID cards ==
+The Web eID browser extension, used for authentication with Belgian eID cards, requires the PKCS#11 module <code>libbeidpkcs11.so.0</code> to be available in the directory <code>/usr/lib/x86_64-linux-gnu/</code>. Since this directory does not exist by default on NixOS, the Web eID application installed on the host system will not detect or support Belgian eID cards.
+To resolve this, you can create a symlink from the Nix store version of <code>beidpkcs11.so</code>, provided by the <code>eid-mw</code> package, into <code>/usr/lib/x86_64-linux-gnu/</code>:<syntaxhighlight lang="nix">system.activationScripts.web-eid-app = {
+  text = ''
+    mkdir -p /usr/lib/x86_64-linux-gnu
+    ln -sf ${pkgs.eid-mw}/lib/pkcs11/beidpkcs11.so /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so.0
+  '';
+};</syntaxhighlight>This script ensures the required symlink is created at system activation time and remains up to date with the correct Nix store path for <code>eid-mw</code>.
+[[Category:Hardware]]
+[[Category:Applications]]
+[[Category:Web Applications]]