Skip to content

firefox: support for PKCS#11 modules in wrapper#92251

Merged
vcunat merged 2 commits intoNixOS:masterfrom
chvp:pr/firefox-pkcs11-modules
Jul 25, 2020
Merged

firefox: support for PKCS#11 modules in wrapper#92251
vcunat merged 2 commits intoNixOS:masterfrom
chvp:pr/firefox-pkcs11-modules

Conversation

@chvp
Copy link
Member

@chvp chvp commented Jul 4, 2020

Motivation for this change

Configuring the middleware for the Belgian eID in firefox required some manual work, that still left the PKCS#11 in a weird state since (at least on my machines) the firefox extension sends a notification warning about the PKCS#11 module being missing (even though the functionality worked). This adds an extra option similar to extraNativeMessagingHosts (added in #31572) that allows configuring PKCS#11 modules in the firefox wrapper. This fixed all papercuts related to the eID middleware (manually adding it is no longer required and there is no longer a notification on startup).

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@chvp chvp force-pushed the pr/firefox-pkcs11-modules branch from 7143cba to 12732ef Compare July 4, 2020 08:17
@ofborg ofborg bot requested a review from bfortz July 4, 2020 08:21
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Jul 4, 2020
@chvp
Copy link
Member Author

chvp commented Jul 5, 2020
edited
Loading

@edolstra @andir As far as I can tell you're the Firefox maintainers. Would you mind taking a look at this?

@vcunat
Copy link
Member

vcunat commented Jul 5, 2020

Some pkcs11 changes appear to be happening in #91746.

@chvp
Copy link
Member Author

chvp commented Jul 5, 2020

Some pkcs11 changes appear to be happening in #91746.

I don't expect that this will impact the firefox functionality, but I'd be willing to check everything again once the nss and firefox updates hit unstable.

@chvp chvp force-pushed the pr/firefox-pkcs11-modules branch from 12732ef to 1e245e3 Compare July 13, 2020 12:08
@chvp chvp force-pushed the pr/firefox-pkcs11-modules branch 2 times, most recently from 4da6ffd to a8d0b4e Compare July 24, 2020 10:06
@vcunat
Copy link
Member

vcunat commented Jul 25, 2020
edited
Loading

The NSS update is in master now (and most binaries are available already). If it (still) works for you, I see no reason to wait with merging it.

@chvp
Copy link
Member Author

chvp commented Jul 25, 2020

The NSS update is in master now (and most binaries are available already). If it (still) works for you, I see no reason to wait with merging it.

Still works (both on a clean firefox profile and my usual firefox profile).

@chvp chvp force-pushed the pr/firefox-pkcs11-modules branch from a8d0b4e to 194d749 Compare July 25, 2020 15:04
@vcunat vcunat merged commit 194d749 into NixOS:master Jul 25, 2020
@chvp chvp deleted the pr/firefox-pkcs11-modules branch July 25, 2020 15:14
@Janik-Haag Janik-Haag added the 12.first-time contribution This PR is the author's first one; please be gentle! label Jun 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vcunat vcunat vcunat approved these changes

@bfortz bfortz Awaiting requested review from bfortz

Assignees

No one assigned

Labels

10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.first-time contribution This PR is the author's first one; please be gentle!

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chvp @vcunat @Janik-Haag