| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This already has started in e0abe1dbbda54c1f048b5d38df05e1a3289216a6
with @Profpatsch putting his packages into its own namespace, so let's
continue on that and move my crap into my own namespace as well.
The only difference in my approach is that I'm now also using a new
function called callPackageScope, which declutters pkgs/default.nix a
bit and moves the individual callPackage invocations into
aszlig/default.nix.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WebKitGTK+ has a bunch of security vulnerabilities:
* WSA-2017-0002
* WSA-2017-0001
* WSA-2016-0006
* WSA-2016-0005
* WSA-2016-0004
We're using dwb in conjunction with this insecure version only for *one*
specific application with *one* specific web site, so the attack surface
is relatively low.
The main issue with this is that the plugin required for the Santander
page is based on NPAPI and most of the browsers out there do not support
NPAPI, except a few ones:
https://en.wikipedia.org/wiki/NPAPI#Browser_support
I've tried to embed the plugin within Midori but I couldn't get it to
work so far (Midori just says "No plugin available"), so I'm sticking
with dwb for now, because the other browsers listed here either have the
same problem (uzbl) or are simply too heavyweight.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
| |
Right now the linking process with wineg++ fails on 64bit and I
currently don't have time to properly look into why this happens.
Another workaround would be to just use patchelf to fix the errors
afterwards, but in the end everything except dwb has to be 32bit anyway.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the version bump of wineStaging, stuff like mono and gecko are
included when creating a new wineprefix. We can avoid this by overriding
DLLs using "mscoree,mshtml=".
In addition to that, we now use wineMinimal instead of the wineStaging
attribute from nixpkgs so that we really have as few options compiled in
as possible, especially because we really don't need them for the
plugin.
This trims down the closure size by a few hundred megabytes.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@b6c204f substituting a file which doesn't exist will
fail and the preFixup phase tries to substitute something in the
"install-dependency" script, which doesn't exist here in vuizvui (we're
using a later version directly from upstream Git).
I'm suppressing this simply by null'ing out the preFixup phase instead
of fixing this properly because I'm not going to stay at this bank for a
very long time.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
I didn't get the starcoscard to run with aqbanking so far and the bank
itself is very uncooperative if it comes to giving specific details
about their implementation of FinTS 3.00, so in the end I'm going to
move away from the bank.
But during transition this will work much better than running a Windows
VM (which I didn't have access to in the meantime, so I *had* to get
this running somehow), especially because we can wrap this plugin in
*any* browser that supports NPAPI.
Also, there seems to be some work implementing PPAPI support for
pipelight, but the branch is stale since quite a while:
https://bitbucket.org/mmueller2012/pipelight/branch/ppapi
Going back to the pesky Santander plugin:
In order to support PC/SC-Lite, we need to patch Wine to get support for
the winscard API. We also patch out unixfs, so while there definitely
are better sandboxing options this should suffice so that the plugin
doesn't write garbage on any location of the system (basically it works
entirely read-only).
So in the end we get a nice and small dwb browser, which directly opens
up the login page along with the plugin. The browser is wrapped so that
it only writes to a temporary location, so as soon as it is closed all
the cruft is cleaned up afterwards.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
