fix: reapply changes from #130 and #144. Mostly fixes for upstream ch…

…anges
nix-community · Mar 2, 2025 · f77fe05 · f77fe05
1 parent b734827
commit f77fe05
Show file tree

Hide file tree

Showing 11 changed files with 70 additions and 90 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 > **⚠️ Important Notice: Cache Configuration Update**
 >
-> We recently migrated the `autofirma-nix` repository from one of the creators' accounts to the Nix Community's organization.  
+> We recently migrated the `autofirma-nix` repository from one of the creators' accounts to the Nix Community's organization.
 > As part of this migration, the binary cache has also changed. To avoid unnecessary compilations in your local machine, please update your `flake.nix` configuration to use the new cache. Replace the `nixConfig` section in your `flake.nix` file with the following:
 >
 > ```nix
@@ -22,27 +22,27 @@
 This repository provides a suite of tools needed to interact with Spain’s public administration,
 alongside NixOS and Home Manager modules for easy integration. These tools include:
 
-- **AutoFirma** for digitally signing documents  
-- **DNIeRemote** for using an NFC-based national ID with an Android device as an NFC reader  
-- **Configurador FNMT-RCM** for securely requesting the personal certificate from the Spanish Royal Mint (**Fábrica Nacional de Moneda y Timbre**)  
+- **Autofirma** for digitally signing documents
+- **DNIeRemote** for using an NFC-based national ID with an Android device as an NFC reader
+- **Configurador FNMT-RCM** for securely requesting the personal certificate from the Spanish Royal Mint (**Fábrica Nacional de Moneda y Timbre**)
 
 ## Usage Example
 
 ```console
 $ nix run --accept-flake-config github:nix-community/autofirma-nix#dnieremote
 ```
 
-## AutoFirma on NixOS and Home Manager
+## Autofirma on NixOS and Home Manager
 
-A NixOS module is provided to enable AutoFirma on NixOS and another one for Home Manager.
-You only need to enable one of them, depending on whether you want AutoFirma
+A NixOS module is provided to enable Autofirma on NixOS and another one for Home Manager.
+You only need to enable one of them, depending on whether you want Autofirma
 system-wide or at the user level.
 
 ### Home Manager Configuration
 
-The integration of AutoFirma in Home Manager enables the `autofirma` command for
+The integration of Autofirma in Home Manager enables the `autofirma` command for
 signing PDF documents and configures the Firefox browser (if enabled through
-`programs.firefox.enable`) to use AutoFirma on websites that require it.
+`programs.firefox.enable`) to use Autofirma on websites that require it.
 
 Additionally, you can enable DNIe integration, including NFC-based DNIe from an
 Android mobile via DNIeRemote.
@@ -98,7 +98,7 @@ Manager installation method. Below are examples for a standalone configuration.
   config = {
     programs.autofirma.enable = true;
     programs.autofirma.firefoxIntegration.profiles = {
-      myprofile = {  # The name of the Firefox profile where AutoFirma will be enabled
+      myprofile = {  # The name of the Firefox profile where Autofirma will be enabled
         enable = true;
       };
     };
@@ -130,9 +130,9 @@ Manager installation method. Below are examples for a standalone configuration.
 
 ### NixOS Configuration
 
-The AutoFirma integration in NixOS enables the `autofirma` command for signing PDF
+The Autofirma integration in NixOS enables the `autofirma` command for signing PDF
 documents and configures the Firefox browser (if enabled through
-`programs.firefox.enable`) to use AutoFirma on websites that require it.
+`programs.firefox.enable`) to use Autofirma on websites that require it.
 
 Additionally, you can enable DNIe integration, including NFC-based DNIe from an
 Android mobile via DNIeRemote.
@@ -154,7 +154,7 @@ Android mobile via DNIeRemote.
         autofirma-nix.nixosModules.default
         ({ pkgs, config, ... }: {
           programs.autofirma.enable = true;
-          programs.autofirma.firefoxIntegration.enable = true;  # Let Firefox use AutoFirma
+          programs.autofirma.firefoxIntegration.enable = true;  # Let Firefox use Autofirma
 
           programs.dnieremote.enable = true;
 
@@ -196,11 +196,11 @@ it.
 The following NixOS options determine which certificates are accepted or blocked in the
 system *truststore*, directly affecting **autofirma-nix**:
 
-- **`security.pki.certificateFiles`**  
+- **`security.pki.certificateFiles`**
   Adds additional certificates to the global *truststore*. If any match the official list,
   **autofirma-nix** will accept them.
 
-- **`security.pki.caCertificateBlacklist`**  
+- **`security.pki.caCertificateBlacklist`**
   Blocks specific certificates. Even if they are on the official list, **autofirma-nix** will
   exclude them if they appear in this blacklist.
 
@@ -227,7 +227,7 @@ official list.
 
 ### Security devices do not seem to update or do not appear
 
-If you have installed AutoFirma and enabled Firefox integration, but Firefox does not
+If you have installed Autofirma and enabled Firefox integration, but Firefox does not
 detect the security devices, you may need to remove the `pkcs11.txt` file from the
 Firefox profile folder. For instance, if you enabled the Home Manager module and the
 profile is named `myprofile`, the file is located in `~/.mozilla/firefox/myprofile/pkcs11.txt`.
@@ -262,7 +262,7 @@ SEVERE: El almacen no contiene ningun certificado que se pueda usar para firmar:
 This occurs because your certificates have expired, as indicated by the “NotAfter:” date.
 
 If the certificates are not expired because you recently renewed them, but you used
-AutoFirma before this renewal, it is possible that OpenSC has cached your old certificates.
+Autofirma before this renewal, it is possible that OpenSC has cached your old certificates.
 To fix this, you need to delete the OpenSC cache. [By default, it is located at
 $HOME/.cache/opensc](https://github.com/OpenSC/OpenSC/wiki/Environment-variables).
 

diff --git a/docs/src/introduction.md b/docs/src/introduction.md
@@ -2,7 +2,7 @@
 
 Welcome to **autofirma-nix**! This project provides a suite of tools to interact with Spain’s public administration, seamlessly integrating into your NixOS and Home Manager setup. It includes:
 
-- **AutoFirma** for digitally signing documents and authenticating on various Spanish administration websites—because ink and paper are so last century.  
-- **DNIeRemote** for using an NFC-based national ID via an Android device—no more digging through drawers for that card reader you haven’t seen since 2010.  
-- **Configurador FNMT-RCM** for securely requesting personal certificates from the Spanish Royal Mint—yes, the mint that makes actual coins.  
-- Integration with **Mozilla Firefox** (provided on both the NixOS and the Home Manager modules) that allows Firefox to communicate with AutoFirma, as required by some sites—now with automatic setup!  
+- **Autofirma** for digitally signing documents and authenticating on various Spanish administration websites—because ink and paper are so last century.
+- **DNIeRemote** for using an NFC-based national ID via an Android device—no more digging through drawers for that card reader you haven’t seen since 2010.
+- **Configurador FNMT-RCM** for securely requesting personal certificates from the Spanish Royal Mint—yes, the mint that makes actual coins.
+- Integration with **Mozilla Firefox** (provided on both the NixOS and the Home Manager modules) that allows Firefox to communicate with Autofirma, as required by some sites—now with automatic setup!
diff --git a/docs/src/security.md b/docs/src/security.md
@@ -1,34 +1,34 @@
 # Security
 
-AutoFirma chats with remote servers in a couple of different ways to handle document signing and authentication. Here’s the lowdown on these scenarios and how certificates fit into the bigger picture.
+Autofirma chats with remote servers in a couple of different ways to handle document signing and authentication. Here’s the lowdown on these scenarios and how certificates fit into the bigger picture.
 
 ## Browser-based scenario
 
-In most cases, your friendly web browser takes care of the heavy lifting for server authentication: it connects to the remote server and confirms the server’s identity with its own certificate store. After that, the browser opens a WebSocket to AutoFirma, relaying commands back and forth. For this communication to work, a SSL certificate is created and added to Firefox; depending on the installation method you chose is located either in `/etc/AutoFirma` or in `$HOME/.afirma/AutoFirma`.
+In most cases, your friendly web browser takes care of the heavy lifting for server authentication: it connects to the remote server and confirms the server’s identity with its own certificate store. After that, the browser opens a WebSocket to Autofirma, relaying commands back and forth. For this communication to work, a SSL certificate is created and added to Firefox; depending on the installation method you chose is located either in `/etc/Autofirma` or in `$HOME/.afirma/Autofirma`.
 
 ## Direct connection scenario
 
-Sometimes, the browser tells AutoFirma to talk directly to the remote server. In that case, AutoFirma itself must determine which Certificate Authorities (CAs) are valid. This is where certificate management in AutoFirma becomes important.
+Sometimes, the browser tells Autofirma to talk directly to the remote server. In that case, Autofirma itself must determine which Certificate Authorities (CAs) are valid. This is where certificate management in Autofirma becomes important.
 
 ## Managing certificates in autofirma-nix
 
-AutoFirma trusts a certificate only if it meets two conditions:
+Autofirma trusts a certificate only if it meets two conditions:
 
-1. **Official Provider**  
+1. **Official Provider**
    It must come from one of the providers published in the Spanish Government’s authorized list.
 
-2. **System CA Store**  
-   It must also appear in your system’s *ca-bundle* (or *cacerts*) on NixOS. If your NixOS configuration blocks or adds a certificate, AutoFirma respects that setting.
+2. **System CA Store**
+   It must also appear in your system’s *ca-bundle* (or *cacerts*) on NixOS. If your NixOS configuration blocks or adds a certificate, Autofirma respects that setting.
 
-If a certificate is missing from the system CA store or explicitly blocked, AutoFirma will ignore it—even if it shows up on the official list.
+If a certificate is missing from the system CA store or explicitly blocked, Autofirma will ignore it—even if it shows up on the official list.
 
 ### Relevant NixOS options
 
-- **`security.pki.certificateFiles`**  
-  Adds extra certificates to the global truststore. If a certificate is on the official list, and you include it here, AutoFirma will trust it.
+- **`security.pki.certificateFiles`**
+  Adds extra certificates to the global truststore. If a certificate is on the official list, and you include it here, Autofirma will trust it.
 
-- **`security.pki.caCertificateBlacklist`**  
-  Blocks specific certificates. Even if one is on the official list, AutoFirma ignores it if it appears here.
+- **`security.pki.caCertificateBlacklist`**
+  Blocks specific certificates. Even if one is on the official list, Autofirma ignores it if it appears here.
 
 #### Minimal example
 
@@ -46,5 +46,5 @@ If a certificate is missing from the system CA store or explicitly blocked, Auto
 }
 ```
 
-In this snippet, if `./my-certificate.crt` is on the official list, AutoFirma will trust it, while any certificate from `Izenpe.com` is blacklisted, no matter what.
+In this snippet, if `./my-certificate.crt` is on the official list, Autofirma will trust it, while any certificate from `Izenpe.com` is blacklisted, no matter what.
 
diff --git a/docs/src/troubleshooting.md b/docs/src/troubleshooting.md
@@ -4,7 +4,7 @@ Encountering issues? Here are some tips to get you back on track:
 
 ## Security devices do not seem to update or do not appear
 
-If you have installed AutoFirma and enabled Firefox integration, but Firefox does not
+If you have installed Autofirma and enabled Firefox integration, but Firefox does not
 detect the security devices, you may need to remove the `pkcs11.txt` file from the
 Firefox profile folder. For instance, if you enabled the Home Manager module and the
 profile is named `myprofile`, the file is located in `~/.mozilla/firefox/myprofile/pkcs11.txt`.
@@ -39,7 +39,7 @@ SEVERE: El almacen no contiene ningun certificado que se pueda usar para firmar:
 This occurs because your certificates have expired, as indicated by the “NotAfter:” date.
 
 If the certificates are not expired because you recently renewed them, but you used
-AutoFirma before this renewal, it is possible that OpenSC has cached your old certificates.
+Autofirma before this renewal, it is possible that OpenSC has cached your old certificates.
 To fix this, you need to delete the OpenSC cache. [By default, it is located at
 $HOME/.cache/opensc](https://github.com/OpenSC/OpenSC/wiki/Environment-variables).
 

diff --git a/flake.nix b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "A Nix flake for AutoFirma and related Spanish e-signature tools.";
+  description = "A Nix flake for Autofirma and related Spanish e-signature tools.";
 
   nixConfig = {
     extra-substituters = [
@@ -180,23 +180,23 @@
           packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") (lib.filterAttrs (n: _v: !(builtins.elem n blacklistPackages)) self'.packages);
           checks = {
             # NixOS Modules
-            ## AutoFirma
+            ## Autofirma
             nixos-autofirma-cli-sign-document = pkgs.callPackage ./nix/tests/nixos/autofirma/cli/sign-document.nix { inherit self; };
             nixos-autofirma-firefoxIntegration-protocol-handler = pkgs.callPackage ./nix/tests/nixos/autofirma/firefoxIntegration/protocol-handler { inherit self; };
             nixos-autofirma-firefoxIntegration-connection-method-websocket = pkgs.callPackage ./nix/tests/nixos/autofirma/firefoxIntegration/connection-method/websocket { inherit self; };
             nixos-autofirma-firefoxIntegration-connection-method-xhr = pkgs.callPackage ./nix/tests/nixos/autofirma/firefoxIntegration/connection-method/xhr { inherit self; };
             nixos-autofirma-firefoxIntegration-connection-method-auxiliary-servers = pkgs.callPackage ./nix/tests/nixos/autofirma/firefoxIntegration/connection-method/auxiliary-servers { inherit self; };
             # Home Manager Modules
             ## HM installed as a NixOS Module
-            ### AutoFirma
+            ### Autofirma
             hm-as-nixos-module-autofirma-cli-sign-document = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/cli/sign-document.nix { inherit self home-manager; };
             hm-as-nixos-module-autofirma-firefoxIntegration-protocol-handler = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/firefoxIntegration/protocol-handler { inherit self home-manager; };
             hm-as-nixos-module-autofirma-firefoxIntegration-connection-method-websocket = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/firefoxIntegration/connection-method/websocket { inherit self home-manager; };
             hm-as-nixos-module-autofirma-firefoxIntegration-connection-method-xhr = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/firefoxIntegration/connection-method/xhr { inherit self home-manager; };
             hm-as-nixos-module-autofirma-firefoxIntegration-connection-method-auxiliary-servers = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/firefoxIntegration/connection-method/auxiliary-servers { inherit self home-manager; };
             hm-as-nixos-module-autofirma-config-omitAskOnClose = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/config/omitAskOnClose.nix { inherit self home-manager; };
             # HM standalone installation
-            ### AutoFirma
+            ### Autofirma
             hm-standalone-autofirma-cli-sign-document = pkgs.callPackage ./nix/tests/hm-standalone/autofirma/cli/sign-document.nix { inherit self home-manager; };
             hm-standalone-autofirma-firefoxIntegration-protocol-handler = pkgs.callPackage ./nix/tests/hm-standalone/autofirma/firefoxIntegration/protocol-handler { inherit self home-manager; };
             hm-standalone-autofirma-firefoxIntegration-connection-method-websocket = pkgs.callPackage ./nix/tests/hm-standalone/autofirma/firefoxIntegration/connection-method/websocket { inherit self home-manager; };

diff --git a/nix/autofirma/create-autofirma-cert b/nix/autofirma/create-autofirma-cert
@@ -4,7 +4,7 @@ if [[ "$1" == '--verbose' ]]; then
 fi
 
 _autofirma_dir="$1"
-_autofirma_ca="${_autofirma_dir}/AutoFirma_ROOT.cer"
+_autofirma_ca="${_autofirma_dir}/Autofirma_ROOT.cer"
 _autofirma_pfx="${_autofirma_dir}/autofirma.pfx"
 _cert_days="3650"
 _cert_cn="AutoFirma ROOT"

diff --git a/nix/autofirma/default.nix b/nix/autofirma/default.nix
@@ -32,7 +32,6 @@
     patches =
       [
         ./patches/clienteafirma/pr-367.patch
-        ./patches/clienteafirma/certutilpath.patch
         ./patches/clienteafirma/etc_config.patch
         ./patches/clienteafirma/aarch64_elf.patch  # Until https://github.com/ctt-gob-es/clienteafirma/pull/435 gets merged
       ]
@@ -79,9 +78,6 @@
       # Register the xmldoclet plugin in the pom.xml for documentation generation
       update-plugin-version-by-groupId "org.apache.maven.plugins" "maven-javadoc-plugin" "${javadocVersion}"
       add-xml-doclet-to-javadoc-plugin "${javadocVersion}" "${xmlDocletVersion}"
-
-      substituteInPlace afirma-ui-simple-configurator/src/main/java/es/gob/afirma/standalone/configurator/ConfiguratorFirefoxLinux.java \
-        --replace-fail '@certutilpath' '${nss.tools}/bin/certutil'
     '';
 
     dontFixup = true;
@@ -178,8 +174,7 @@
     installPhase = ''
       runHook preInstall
       mkdir -p $out/bin $out/lib/AutoFirma
-      install -Dm644 afirma-simple/target/AutoFirma.jar $out/lib/AutoFirma
-      install -Dm644 afirma-ui-simple-configurator/target/AutoFirmaConfigurador.jar $out/lib/AutoFirma
+      install -Dm644 afirma-simple/target/autofirma.jar $out/lib/AutoFirma
       install -Dm644 preferences.json $out/lib/AutoFirma/preferences.json
 
       runHook postInstall
@@ -219,7 +214,7 @@
         --add-flags "-Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel" \
         --add-flags "-Dawt.useSystemAAFontSettings=lcd" \
         --add-flags "-Dswing.aatext=true" \
-        --add-flags "-jar ${autofirma-jar}/lib/AutoFirma/AutoFirma.jar"
+        --add-flags "-jar ${autofirma-jar}/lib/AutoFirma/autofirma.jar"
 
       substituteInPlace $out/etc/firefox/pref/AutoFirma.js \
         --replace-fail /usr/bin/autofirma $out/bin/autofirma
@@ -239,8 +234,8 @@
   };
 
   desktopItem = makeDesktopItem {
-    name = "AutoFirma";
-    desktopName = "AutoFirma";
+    name = "Autofirma";
+    desktopName = "Autofirma";
     genericName = "Herramienta de firma";
     exec = "autofirma %u";
     icon = "${thisPkg}/lib/AutoFirma/AutoFirma.png";
@@ -266,7 +261,7 @@ in
       ln -s ${thisPkg}/etc/firefox/pref/AutoFirma.js $out/etc/firefox/pref/AutoFirma.js
     '';
     extraBwrapArgs = [
-      "--ro-bind-try /etc/AutoFirma /etc/AutoFirma"
+      "--ro-bind-try /etc/Autofirma /etc/Autofirma"
     ];
     passthru = {
       clienteafirma = thisPkg;