[arch-commits] Commit in p11-kit/repos (4 files)

Jan Steffens heftig at archlinux.org
Wed Jan 22 09:04:56 UTC 2020 

    Date: Wednesday, January 22, 2020 @ 09:04:55
  Author: heftig
Revision: 373780

archrelease: copy trunk to testing-x86_64

Added:
  p11-kit/repos/testing-x86_64/
  p11-kit/repos/testing-x86_64/0001-Build-and-install-libnssckbi-p11-kit.so.patch
    (from rev 373779, p11-kit/trunk/0001-Build-and-install-libnssckbi-p11-kit.so.patch)
  p11-kit/repos/testing-x86_64/PKGBUILD
    (from rev 373779, p11-kit/trunk/PKGBUILD)
  p11-kit/repos/testing-x86_64/p11-kit.install
    (from rev 373779, p11-kit/trunk/p11-kit.install)

----------------------------------------------------+
 0001-Build-and-install-libnssckbi-p11-kit.so.patch |  100 +++++++++++++++++++
 PKGBUILD                                           |   51 +++++++++
 p11-kit.install                                    |   14 ++
 3 files changed, 165 insertions(+)

Copied: p11-kit/repos/testing-x86_64/0001-Build-and-install-libnssckbi-p11-kit.so.patch (from rev 373779, p11-kit/trunk/0001-Build-and-install-libnssckbi-p11-kit.so.patch)
===================================================================
--- testing-x86_64/0001-Build-and-install-libnssckbi-p11-kit.so.patch	                        (rev 0)
+++ testing-x86_64/0001-Build-and-install-libnssckbi-p11-kit.so.patch	2020-01-22 09:04:55 UTC (rev 373780)
@@ -0,0 +1,100 @@
+From 5bc704e6a0de57d451cf551d74fa8543fc7ec9a0 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens at gmail.com>
+Date: Tue, 10 Sep 2019 18:08:25 +0000
+Subject: [PATCH] Build and install libnssckbi-p11-kit.so
+
+Create an additional library which is a copy of p11-kit-trust.so but
+uses the same label for root certs as libnssckbi.so:
+  "Builtin Object Token" instead of "Default Trust".
+
+https://bugs.freedesktop.org/show_bug.cgi?id=66161
+---
+ trust/Makefile.am | 14 ++++++++++++++
+ trust/meson.build | 13 +++++++++++++
+ trust/module.c    | 12 +++++++++++-
+ 3 files changed, 38 insertions(+), 1 deletion(-)
+
+diff --git a/trust/Makefile.am b/trust/Makefile.am
+index b050a8f..4943aba 100644
+--- a/trust/Makefile.am
++++ b/trust/Makefile.am
+@@ -66,6 +66,20 @@ p11_kit_trust_la_LDFLAGS = \
+ 
+ p11_kit_trust_la_SOURCES = $(TRUST_SRCS) trust/module-init.c
+ 
++libnssckbi_compatdir = $(libdir)
++libnssckbi_compat_LTLIBRARIES = \
++	libnssckbi-p11-kit.la
++
++libnssckbi_p11_kit_la_CFLAGS = \
++	-DLIBNSSCKBI_COMPAT \
++	$(p11_kit_trust_la_CFLAGS)
++
++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD)
++
++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS)
++
++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES)
++
+ libtrust_testable_la_LDFLAGS = \
+ 	-no-undefined
+ 
+diff --git a/trust/meson.build b/trust/meson.build
+index c5b978b..14993e5 100644
+--- a/trust/meson.build
++++ b/trust/meson.build
+@@ -58,6 +58,19 @@ shared_module('p11-kit-trust',
+               install: true,
+               install_dir: prefix / p11_module_path)
+ 
++shared_module('libnssckbi-p11-kit',
++              libtrust_sources,
++              'module-init.c',
++              name_prefix: '',
++              c_args: p11_kit_trust_c_args + ['-DLIBNSSCKBI_COMPAT'],
++              dependencies: [libp11_library_dep] + libtasn1_deps,
++              link_args: p11_module_ldflags,
++              link_depends: [p11_module_symbol_map,
++                             p11_module_symbol_def],
++              link_with: libtrust_data,
++              vs_module_defs: p11_module_symbol_def,
++              install: true)
++
+ libtrust_testable_c_args = [
+   '-DP11_DEFAULT_TRUST_PREFIX="@0@"'.format(meson.current_build_dir() / 'default'),
+   '-DP11_SYSTEM_TRUST_PREFIX="@0@"'.format(meson.current_build_dir() / 'system')
+diff --git a/trust/module.c b/trust/module.c
+index ec3333d..9204673 100644
+--- a/trust/module.c
++++ b/trust/module.c
+@@ -201,7 +201,11 @@ create_tokens_inlock (p11_array *tokens,
+ 		int flags;
+ 	} labels[] = {
+ 		{ "~/", "User Trust", P11_TOKEN_FLAG_NONE },
++#ifdef LIBNSSCKBI_COMPAT
++		{ P11_DEFAULT_TRUST_PREFIX, "Builtin Object Token", P11_TOKEN_FLAG_WRITE_PROTECTED },
++#else
+ 		{ P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED },
++#endif
+ 		{ P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE },
+ 		{ NULL },
+ 	};
+@@ -534,8 +538,14 @@ sys_C_GetSlotInfo (CK_SLOT_ID id,
+ 		info->flags = CKF_TOKEN_PRESENT;
+ 		memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
+ 
++#ifdef LIBNSSCKBI_COMPAT
++		/* Change description to match libnssckbi so HPKP works in Chromium */
++		if (strcmp (p11_token_get_label (token), "Builtin Object Token") == 0)
++			path = "NSS Builtin Objects";
++		else
++#endif
++			path = p11_token_get_path (token);
+ 		/* If too long, copy the first 64 characters into buffer */
+-		path = p11_token_get_path (token);
+ 		length = strlen (path);
+ 		if (length > sizeof (info->slotDescription))
+ 			length = sizeof (info->slotDescription);
+-- 
+2.23.0
+

Copied: p11-kit/repos/testing-x86_64/PKGBUILD (from rev 373779, p11-kit/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2020-01-22 09:04:55 UTC (rev 373780)
@@ -0,0 +1,51 @@
+# Maintainer: Jan Alexander Steffens (heftig) <jan.steffens at gmail.com>
+# Contributor: Ionut Biru <ibiru at archlinux.org>
+
+pkgname=p11-kit
+pkgver=0.23.19
+pkgrel=1
+pkgdesc="Provides a way to load and enumerate PKCS#11 modules"
+arch=(x86_64)
+url="https://p11-glue.freedesktop.org"
+license=(BSD)
+depends=(glibc libtasn1 libffi systemd)
+makedepends=(gtk-doc git meson)
+provides=(libp11-kit.so)
+install=p11-kit.install
+source=("git+https://github.com/p11-glue/p11-kit?signed#tag=$pkgver"
+        0001-Build-and-install-libnssckbi-p11-kit.so.patch)
+sha256sums=('SKIP'
+            'e832eece10587ac50ae42ca4515786b51e67fea0647716061e51cd94f5e058cd')
+validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF'  # Stef Walter
+              '462225C3B46F34879FC8496CD605848ED7E69871') # Daiki Ueno
+
+prepare() {
+  cd p11-kit
+
+  # Build and install an additional library (libnssckbi-p11-kit.so) which
+  # is a copy of p11-kit-trust.so but uses the same label for root certs as
+  # libnssckbi.so ("Builtin Object Token" instead of "Default Trust")
+  # https://bugs.freedesktop.org/show_bug.cgi?id=66161
+  patch -Np1 -i ../0001-Build-and-install-libnssckbi-p11-kit.so.patch
+}
+
+build() {
+  arch-meson p11-kit build \
+    --buildtype debugoptimized \
+    -D gtk_doc=true \
+    -D man=true \
+    -D trust_paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source
+  ninja -C build
+}
+
+check() {
+  meson test -C build --print-errorlogs
+}
+
+package() {
+  DESTDIR="$pkgdir" meson install -C build
+  install -Dt "$pkgdir/usr/share/licenses/$pkgname" -m644 p11-kit/COPYING
+  ln -srf "$pkgdir/usr/bin/update-ca-trust" "$pkgdir/usr/lib/p11-kit/trust-extract-compat"
+}
+
+# vim:set ts=2 sw=2 et:

Copied: p11-kit/repos/testing-x86_64/p11-kit.install (from rev 373779, p11-kit/trunk/p11-kit.install)
===================================================================
--- testing-x86_64/p11-kit.install	                        (rev 0)
+++ testing-x86_64/p11-kit.install	2020-01-22 09:04:55 UTC (rev 373780)
@@ -0,0 +1,14 @@
+post_install() {
+  # Enable socket by default
+  systemctl --global enable p11-kit-server.socket
+}
+
+post_upgrade() {
+  if (( $(vercmp $2 0.23.13-1) < 0)); then
+    systemctl --global enable p11-kit-server.socket
+  fi
+}
+
+pre_remove() {
+  systemctl --global disable p11-kit-server.socket
+}

More information about the arch-commits mailing list