tvl-depot

Author	SHA1	Message	Date
Florian Klink	b58f6f1d61	feat(ops/modules/open_eid): add support for Web eID extension Most likely due to bad UX in browsers for hardware-backed TLS client cert auth, most websites have switched from client-side TLS to the "Web eID" extension. Once installed, the extension uses [Native Messaging] to talk to a `web-eid-app` application, which handles the communication with the smart card itself. This can be tested on https://web-eid.eu/ . The commit needs nixpkgs to be bumped past https://github.com/NixOS/nixpkgs/pull/227354 . [Native Messaging]: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging Change-Id: Iffe6d81ecf7cee25406fa39a983ff52cf669c373 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8490 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI	2023-04-28 13:14:24 +00:00
Florian Klink	2363a194cd	fix(ops/modules/open_eid): use libdigidocpp.bin nixpkgs commit 134036f642a7f3ba9efeab509727c0989458b02b moved the digidoc-tool binary to the `bin` output, so this wasn't actually providing the digidoc-tool binary anymore. Change-Id: Id5f7cc69d55b7cc058a6361512cc74de0e7bc1b2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8487 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>	2023-04-19 09:11:34 +00:00
Klemens Nanni	3a53587c2a	feat(ops/modules/open_eid.nix): Access all key slots `onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required. Change-Id: Ic1c34ca58a46c2978c7e27e7a9b7e6a4d335ac0c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5648 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: kn <klemens@posteo.de> Reviewed-by: tazjin <tazjin@tvl.su>	2022-05-25 20:38:11 +00:00
Klemens Nanni	45c46d4a73	feat(ops/modules/open_eid.nix): Add digidoc-tool(1) to PATH libdigidocpp is a dependency of qdigidoc4(1) already. This will need https://github.com/NixOS/nixpkgs/pull/174055 "libdigidocpp: Fix PKCS11 module library path" to work, though. Change-Id: Ic8d671077977b1d1f099a8b4b23cc537b52aa954 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5647 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su>	2022-05-25 20:37:53 +00:00
Florian Klink	e8855f4bef	feat(ops/modules/open_eid.nix): document firefox Firefox users can add p11-kit-proxy (or other SecurityDevices) system-wide, by making use of the extraPolicies functionality. Change-Id: Id58b6cab425199fb0e09e846db2a86d302c0de0d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5534 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>	2022-05-08 13:52:27 +00:00
Florian Klink	84c62eb68b	feat(ops/modules/open_eid.nix): use p11-kit-proxy … instead of onepin-opensc-pkcs11. This acts as a glue to multiple PKCS#11 modules, and reads configuration files from /etc/pkcs11/modules. p11-kit is also used to propagate the system trust store to NSS: https://p11-glue.github.io/p11-glue/sharing-trust-policy.html See-Also: https://p11-glue.github.io/p11-glue/p11-kit.html Change-Id: I135c3a80a4eea0bd06f6b00089dc197c82476746 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5533 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI	2022-05-07 21:29:56 +00:00
Vincent Ambo	e3cd8069ef	feat(ops/open_eid): Add script for setting up browser integration Change-Id: Ib339d62d862fd99dab2fda30376b8e47b337a26b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5441 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Autosubmit: tazjin <tazjin@tvl.su>	2022-04-14 16:18:43 +00:00
Vincent Ambo	186c2822b0	feat(ops/modules): Add module for using Estonian e-residency card Someone already packaged the required software, so I didn't have to do that. Change-Id: Ifc6a68fd4cd89f4718368a05acb6c6f536e01aab Reviewed-on: https://cl.tvl.fyi/c/depot/+/5431 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>	2022-04-09 08:49:06 +00:00

8 commits