pcsclite: Remove the confdir configure option (fix #121088)

[thblt]

Motivation

This reverts commit 6d23cfd by @peterhoeg, which solved #121088 by hardcoding the configuration file path into the binary call. Instead, it removes the --enable-confdir build option which was the root cause of the issue. To clarify, this is how ./configure --help describes the parameter:

  --enable-confdir=DIR directory containing reader
                       configurations (default /etc/reader.conf.d)

But it was set as:

  configureFlags = [
     "--enable-confdir=/etc" … ]

(Also a very minor formatting change that Emacs insisted to make and I forgot to unstage.)

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

[peterhoeg]

The enable-confdir was there all along - even before #97440. The issues are:

1. pcsclite goes off on its own if it cannot read proper config from /etc/reader.conf and tries everything else in that directory. This is just bananas. If we don't specify it, it will default to $out/etc which while it doesn't blow up, is just pointless. The best way to deal with this is just to specify a file inside nix store which we generate and then reference that in ExecStart (this way we can also drop the restartTrigger).

2. the policykit files aren't registered properly.

This PR doesn't address either issue.

[r-rmcgibbo]

Result of nixpkgs-review pr 121247 at b81b9ba6 run on x86_64-linux 1

297 packages marked as broken and skipped:

• globalplatform
• gnokii
• gnome3.gnome-books
• gnome3.gnome-documents
• gnuradio3_7Packages.gsm
• gppcscconnectionplugin
• gpshell
• hash-slinger
• libsForQt512.akonadi
• libsForQt512.akonadi-calendar
• ...

1 package failed to build:

• moneyplex

742 packages skipped due to time constraints:

• AusweisApp2
• acsccid
• adapta-gtk-theme
• aeon
• aerc
• afew
• ajour
• almanah
• alot (python38Packages.alot)
• amarok (amarok-kf5)
• ...

50 packages built successfully:

• cosign
• gcr (gnome3.gcr)
• git-remote-gcrypt
• git-secret
• gitRepo
• gnome-online-accounts (gnome3.gnome-online-accounts ,gnome3.gnome_online_accounts)
• gvfs (gnome2.gvfs)
• libgdata (gnome3.libgdata)
• gnupg (gnupg22)
• gnupg1 (gnupg1compat)
• gpgme
• hexio
• keychain
• leiningen
• libblockdev
• libnma
• libsForQt5.grantleetheme (libsForQt515.grantleetheme ,plasma5Packages.grantleetheme)
• libsForQt5.kaccounts-integration (libsForQt515.kaccounts-integration ,plasma5Packages.kaccounts-integration)
• libsForQt5.kcmutils (libsForQt515.kcmutils ,plasma5Packages.kcmutils)
• libsForQt5.kdeclarative (libsForQt515.kdeclarative ,plasma5Packages.kdeclarative)
• libsForQt5.kdesignerplugin (libsForQt515.kdesignerplugin ,plasma5Packages.kdesignerplugin)
• libsForQt5.kio (libsForQt515.kio ,plasma5Packages.kio)
• libsForQt5.knewstuff (libsForQt515.knewstuff ,plasma5Packages.knewstuff)
• libsForQt5.knotifyconfig (libsForQt515.knotifyconfig ,plasma5Packages.knotifyconfig)
• libsForQt5.kpimtextedit (libsForQt515.kpimtextedit ,plasma5Packages.kpimtextedit)
• libsForQt5.kwallet (libsForQt515.kwallet ,plasma5Packages.kwallet)
• libsForQt5.qgpgme (libsForQt515.qgpgme ,plasma5Packages.qgpgme)
• libsForQt514.kcmutils
• libsForQt514.kdeclarative
• libsForQt514.kio
• libsForQt514.kwallet
• libsForQt514.qgpgme
• nice-dcv-client
• open-ecard
• pass
• pcsclite
• perl530Packages.pcscperl
• perl532Packages.GnuPGInterface
• perl532Packages.pcscperl
• python38Packages.btchip
• python38Packages.emv
• python38Packages.pypass
• python38Packages.pysatochip
• python38Packages.pyscard
• python39Packages.emv
• python39Packages.pysatochip
• python39Packages.pyscard
• udisks (udisks2)
• volume_key
• yadm

2 suggestions:

• warning: missing-patch-comment

  Please add a comment on the line above, explaining the purpose of this patch.
  Near pkgs/tools/security/pcsclite/default.nix:25:15:

     |
  25 |   patches = [ ./no-dropdir-literals.patch ];
     |               ^
  

• warning: maintainers-missing

  Package does not have a maintainer. Consider adding yourself?

  Near pkgs/tools/security/pcsclite/default.nix:63:3:

     |
  63 |   meta = with lib; {
     |   ^
  

Note that build failures may predate this PR, and could be nondeterministic or hardware dependent.
Please exercise your independent judgement.

---

Result of nixpkgs-review pr 121247 at b81b9ba6 run on aarch64-linux 1

293 packages marked as broken and skipped:

• globalplatform
• gnokii
• gnome3.gnome-books
• gnome3.gnome-documents
• gnuradio3_7Packages.gsm
• gppcscconnectionplugin
• gpshell
• kstars
• libsForQt512.akonadi
• libsForQt512.akonadi-calendar
• ...

688 packages skipped due to time constraints:

• AusweisApp2
• acsccid
• adapta-gtk-theme
• aerc
• afew
• ajour
• almanah
• alot (python38Packages.alot)
• appimagekit
• aptly
• ...

50 packages built successfully:

• cosign
• gcr (gnome3.gcr)
• git-remote-gcrypt
• git-secret
• gitRepo
• gnome-online-accounts (gnome3.gnome-online-accounts ,gnome3.gnome_online_accounts)
• gvfs (gnome2.gvfs)
• libgdata (gnome3.libgdata)
• gnupg (gnupg22)
• gnupg1 (gnupg1compat)
• gpgme
• hexio
• keychain
• leiningen
• libblockdev
• libnma
• libsForQt5.grantleetheme (libsForQt515.grantleetheme ,plasma5Packages.grantleetheme)
• libsForQt5.kaccounts-integration (libsForQt515.kaccounts-integration ,plasma5Packages.kaccounts-integration)
• libsForQt5.kcmutils (libsForQt515.kcmutils ,plasma5Packages.kcmutils)
• libsForQt5.kdeclarative (libsForQt515.kdeclarative ,plasma5Packages.kdeclarative)
• libsForQt5.kdesignerplugin (libsForQt515.kdesignerplugin ,plasma5Packages.kdesignerplugin)
• libsForQt5.kio (libsForQt515.kio ,plasma5Packages.kio)
• libsForQt5.knewstuff (libsForQt515.knewstuff ,plasma5Packages.knewstuff)
• libsForQt5.knotifyconfig (libsForQt515.knotifyconfig ,plasma5Packages.knotifyconfig)
• libsForQt5.kpimtextedit (libsForQt515.kpimtextedit ,plasma5Packages.kpimtextedit)
• libsForQt5.kwallet (libsForQt515.kwallet ,plasma5Packages.kwallet)
• libsForQt5.qgpgme (libsForQt515.qgpgme ,plasma5Packages.qgpgme)
• libsForQt514.kcmutils
• libsForQt514.kdeclarative
• libsForQt514.kio
• libsForQt514.kwallet
• libsForQt514.qgpgme
• nice-dcv-client
• open-ecard
• pass
• pcsclite
• perl532Packages.GnuPGInterface
• perl532Packages.pcscperl
• python38Packages.btchip
• python38Packages.emv
• python38Packages.pypass
• python38Packages.pysatochip
• python38Packages.pyscard
• python39Packages.btchip
• python39Packages.emv
• python39Packages.pysatochip
• python39Packages.pyscard
• udisks (udisks2)
• volume_key
• yadm

[thblt]

The enable-confdir was there all along - even before #97440. The issues are:

Indeed, but its usage remains incorrect, AFAICT. As per configure --help, it's meant to tell pcsclite which directory contains all its config files, and only its config files. This cannot be /etc.

1. pcsclite goes off on its own if it cannot read proper config from /etc/reader.conf and tries everything else in that directory. This is just bananas.

I cannot reproduce this behavior with my patch applied.

If we don't specify it, it will default to $out/etc which while it doesn't blow up, is just pointless.

How do you observe that? The default value for confdir is /etc/reader.conf.d, which makes perfect sense.

2. the policykit files aren't registered properly.

This is not the point of this PR. I've addressed the PolicyKit issue in #121246.

[peterhoeg]

The issue here is that while the default confdir is /etc/reader.conf.d if not specified, when we're building it with the nix, that gets set to $out/etc/reader.conf.d.

So the real fix would be to change it to that instead. Thanks for your patience @thblt - do you mind revising this PR?

[thblt]

Ha, right, thank you. Just one question, do we actually need confdir to be set to anything? Is it for Nix on non-NixOS platforms?

[peterhoeg]

Is it for Nix on non-NixOS platforms?

That's the most important reason, yes. Another is that it's very convenient to have a writeable place where you can just drop files in order to try things out without having to build a new generation.

[thblt]

Done, but I'm not sure it'll work — this is the default value, after all, I'm afraid $OUT is implied. I'm rebuilding to check.

[thblt]

It should be correct, the configure scripts actually defaults to confdir="${sysconfdir}/reader.conf.d"

[stale]

I marked this as stale due to inactivity. → More info

[kirelagin]

This looks good and makes perfect sense.

While we are at it, would it make sense to also remove

environment.etc."reader.conf".source = cfgFile;

? I don’t think it serves any purpose and is thus a bit confusing.

[kirelagin]

Wait, no, sorry, I think we need to keep the -c option though? If I am reading the code correctly, if -c is given, the daemon will go read config from this file, but if it is not given, it will go and read everything from confdir.

So, if you remove this option, then readerConfig written by the NixOS module will not be used in any way.

I think the confusion comes from the pcsclite documentation being entirely wrong and misleading in that /etc/reader.conf has no special significance for the code and won’t be ever tried, unless explicitly given as -c.

[kirelagin]

Reported upstream: LudovicRousseau/PCSC#115.

[kirelagin]

Upstream docs have been updated and they now indicate that -c accepts a directory rather than a file (and, I think, the fact that passing a file works is an undocumented feature/coincidence), so I think we should switch to writeTextFile with destination set instead of writeText

[flokli]

@peterhoeg @kirelagin @thblt what's the state of this PR? Has this been solved elsewhere in the meantime?