Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firefox: support for PKCS#11 modules in wrapper #92251

Merged
merged 2 commits into from Jul 25, 2020
Merged

firefox: support for PKCS#11 modules in wrapper #92251

merged 2 commits into from Jul 25, 2020

Conversation

chvp
Copy link
Member

@chvp chvp commented Jul 4, 2020

Motivation for this change

Configuring the middleware for the Belgian eID in firefox required some manual work, that still left the PKCS#11 in a weird state since (at least on my machines) the firefox extension sends a notification warning about the PKCS#11 module being missing (even though the functionality worked). This adds an extra option similar to extraNativeMessagingHosts (added in #31572) that allows configuring PKCS#11 modules in the firefox wrapper. This fixed all papercuts related to the eID middleware (manually adding it is no longer required and there is no longer a notification on startup).

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@chvp chvp force-pushed the pr/firefox-pkcs11-modules branch from 7143cba to 12732ef Compare July 4, 2020 08:17
@ofborg ofborg bot requested a review from bfortz July 4, 2020 08:21
@chvp
Copy link
Member Author

chvp commented Jul 5, 2020
edited

@edolstra @andir As far as I can tell you're the Firefox maintainers. Would you mind taking a look at this?

@vcunat
Copy link
Member

vcunat commented Jul 5, 2020

Some pkcs11 changes appear to be happening in #91746.

@chvp
Copy link
Member Author

chvp commented Jul 5, 2020

Some pkcs11 changes appear to be happening in #91746.

I don't expect that this will impact the firefox functionality, but I'd be willing to check everything again once the nss and firefox updates hit unstable.

@chvp chvp force-pushed the pr/firefox-pkcs11-modules branch from 12732ef to 1e245e3 Compare July 13, 2020 12:08
@chvp chvp force-pushed the pr/firefox-pkcs11-modules branch 2 times, most recently from 4da6ffd to a8d0b4e Compare July 24, 2020 10:06
@vcunat
Copy link
Member

vcunat commented Jul 25, 2020
edited

The NSS update is in master now (and most binaries are available already). If it (still) works for you, I see no reason to wait with merging it.

@chvp
Copy link
Member Author

chvp commented Jul 25, 2020

The NSS update is in master now (and most binaries are available already). If it (still) works for you, I see no reason to wait with merging it.

Still works (both on a clean firefox profile and my usual firefox profile).

@chvp chvp force-pushed the pr/firefox-pkcs11-modules branch from a8d0b4e to 194d749 Compare July 25, 2020 15:04
@vcunat vcunat merged commit 194d749 into NixOS:master Jul 25, 2020
@chvp chvp deleted the pr/firefox-pkcs11-modules branch July 25, 2020 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vcunat vcunat vcunat approved these changes

@bfortz bfortz Awaiting requested review from bfortz

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10 12. first-time contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@chvp @vcunat @Janik-Haag