From c90b6a859bbadc31b62505e0d966145c93476dd9 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Sun, 4 Sep 2022 11:36:39 +0200 Subject: [PATCH] nixos/pcscd: allow use without polkit The polkit support in pcsclite is entirely optional but package enables it unconditionally and this breaks connecting to the pcscd daemon on systems without polkit. The fix is making this configurable and automatically disabling `polkitSupport` when the polkit service is disabled. --- nixos/modules/services/hardware/pcscd.nix | 10 +++++++--- pkgs/tools/security/pcsclite/default.nix | 19 ++++++++++--------- pkgs/top-level/all-packages.nix | 5 +++++ 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/hardware/pcscd.nix b/nixos/modules/services/hardware/pcscd.nix index 44d0d3b04a39..a09c64645c48 100644 --- a/nixos/modules/services/hardware/pcscd.nix +++ b/nixos/modules/services/hardware/pcscd.nix @@ -5,6 +5,10 @@ with lib; let cfgFile = pkgs.writeText "reader.conf" config.services.pcscd.readerConfig; + package = if config.security.polkit.enable + then pkgs.pcscliteWithPolkit + else pkgs.pcsclite; + pluginEnv = pkgs.buildEnv { name = "pcscd-plugins"; paths = map (p: "${p}/pcsc/drivers") config.services.pcscd.plugins; @@ -49,8 +53,8 @@ in environment.etc."reader.conf".source = cfgFile; - environment.systemPackages = [ pkgs.pcsclite ]; - systemd.packages = [ (getBin pkgs.pcsclite) ]; + environment.systemPackages = [ package ]; + systemd.packages = [ (getBin package) ]; systemd.sockets.pcscd.wantedBy = [ "sockets.target" ]; @@ -66,7 +70,7 @@ in # around it, we force the path to the cfgFile. # # https://github.com/NixOS/nixpkgs/issues/121088 - serviceConfig.ExecStart = [ "" "${getBin pkgs.pcsclite}/bin/pcscd -f -x -c ${cfgFile}" ]; + serviceConfig.ExecStart = [ "" "${getBin package}/bin/pcscd -f -x -c ${cfgFile}" ]; }; }; } diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index e5f26bca5612..a4ade683b136 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -10,10 +10,12 @@ , polkit , systemdMinimal , IOKit +, pname ? "pcsclite" +, polkitSupport ? false }: stdenv.mkDerivation rec { - pname = "pcsclite"; + inherit pname; version = "1.9.5"; outputs = [ "bin" "out" "dev" "doc" "man" ]; @@ -34,14 +36,12 @@ stdenv.mkDerivation rec { "--enable-confdir=/etc" # The OS should care on preparing the drivers into this location "--enable-usbdropdir=/var/lib/pcsc/drivers" - ] - ++ (if stdenv.isLinux then [ + (lib.enableFeature stdenv.isLinux "systemd") + (lib.enableFeature polkitSupport "polkit") + ] ++ lib.optionals stdenv.isLinux [ "--enable-ipcdir=/run/pcscd" - "--enable-polkit" "--with-systemdsystemunitdir=${placeholder "bin"}/lib/systemd/system" - ] else [ - "--disable-libsystemd" - ]); + ]; postConfigure = '' sed -i -re '/^#define *PCSCLITE_HP_DROPDIR */ { @@ -59,8 +59,9 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config perl ]; buildInputs = [ python3 ] - ++ lib.optionals stdenv.isLinux [ dbus polkit systemdMinimal ] - ++ lib.optionals stdenv.isDarwin [ IOKit ]; + ++ lib.optionals stdenv.isLinux [ systemdMinimal ] + ++ lib.optionals stdenv.isDarwin [ IOKit ] + ++ lib.optionals polkitSupport [ dbus polkit ]; meta = with lib; { description = "Middleware to access a smart card using SCard API (PC/SC)"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index df9a85f20e3a..844a1c980208 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10154,6 +10154,11 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) IOKit; }; + pcscliteWithPolkit = pcsclite.override { + pname = "pcsclite-with-polkit"; + polkitSupport = true; + }; + pcsctools = callPackage ../tools/security/pcsctools { }; pcsc-cyberjack = callPackage ../tools/security/pcsc-cyberjack { };