Commit 46b85f19 authored by Chaoting Liu's avatar Chaoting Liu Committed by Chaoting Liu

p11-kit: update to 0.23.20

parent d2ea9bc4
# $Id$
# Contributor: Ionut Biru <ibiru@archlinux.org>
pkgname=p11-kit
pkgver=0.23.8
pkgbase=p11-kit
pkgname=(p11-kit libp11-kit)
pkgver=0.23.20
pkgrel=1
pkgdesc="Provides a way to load and enumerate PKCS#11 modules"
arch=(i686 x86_64)
pkgdesc="Loads and enumerates PKCS#11 modules"
url="https://p11-glue.freedesktop.org"
arch=(x86_64)
license=(BSD)
depends=(glibc libtasn1 libffi)
makedepends=(git)
_commit=25474901cf9c1fb39ae5dc73a2f2b4dd34e81fdc # tags/0.23.8^0
source=("git+https://github.com/p11-glue/p11-kit#commit=$_commit"
libnssckbi-compat.patch)
sha256sums=('SKIP'
'8f763cdbc6c0ca6c5a7898f9fd6f3018b7ac5b1aca36f67c6c813343c2962962')
validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF')
pkgver() {
cd $pkgname
git describe --tags | sed 's/-/+/g'
}
makedepends=(git meson libtasn1 libffi systemd)
source=("git+https://github.com/p11-glue/p11-kit?signed#tag=$pkgver")
sha256sums=('SKIP')
validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF' # Stef Walter
'462225C3B46F34879FC8496CD605848ED7E69871') # Daiki Ueno
prepare() {
cd $pkgname
# Build and install an additional library (libnssckbi-p11-kit.so) which
# is a copy of p11-kit-trust.so but uses the same label for root certs as
# libnssckbi.so ("Builtin Object Token" instead of "Default Trust")
# https://bugs.freedesktop.org/show_bug.cgi?id=66161
patch -Np1 -i ../libnssckbi-compat.patch
NOCONFIGURE=1 ./autogen.sh
cd p11-kit
}
build() {
cd $pkgname
./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--libexecdir=/usr/lib \
--with-module-path=/usr/lib/pkcs11 \
--with-trust-paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source
make
chakra-meson p11-kit build \
--buildtype debugoptimized \
-D gtk_doc=false \
-D man=false \
-D trust_paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source
ninja -C build
}
check() {
cd $pkgname
make check
meson test -C build --print-errorlogs
}
_pick() {
local p="$1" f d; shift
for f; do
d="$srcdir/$p/${f#$pkgdir/}"
mkdir -p "$(dirname "$d")"
mv "$f" "$d"
rmdir -p --ignore-fail-on-non-empty "$(dirname "$f")"
done
}
package() {
cd $pkgname
make DESTDIR="$pkgdir" install
install -Dm644 COPYING "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
package_p11-kit() {
depends=("libp11-kit=$pkgver-$pkgrel" coreutils libp11-kit.so libsystemd.so)
install=p11-kit.install
DESTDIR="$pkgdir" meson install -C build
ln -sr "$pkgdir/usr/bin/update-ca-trust" "$pkgdir/usr/lib/p11-kit/trust-extract-compat"
# Split libp11-kit
_pick lib "$pkgdir"/usr/include
_pick lib "$pkgdir"/usr/lib/{p11-kit-proxy.so,libp11-kit.*}
_pick lib "$pkgdir"/usr/lib/{pkcs11,pkgconfig}
_pick lib "$pkgdir"/usr/share/{locale,p11-kit}
install -Dt "$pkgdir/usr/share/licenses/$pkgname" -m644 p11-kit/COPYING
}
package_libp11-kit() {
pkgdesc+=" (library)"
depends=(glibc libtasn1 libffi)
provides=(libp11-kit.so)
mv lib/* "$pkgdir"
ln -srf "$pkgdir/usr/bin/update-ca-trust" "$pkgdir/usr/lib/p11-kit/trust-extract-compat"
install -Dt "$pkgdir/usr/share/licenses/$pkgname" -m644 p11-kit/COPYING
}
# vim:set ts=2 sw=2 et:
diff -upr p11-kit-0.23.1.orig/trust/Makefile.am p11-kit-0.23.1/trust/Makefile.am
--- p11-kit-0.23.1.orig/trust/Makefile.am 2014-11-12 12:58:50.000000000 +0200
+++ p11-kit-0.23.1/trust/Makefile.am 2015-03-30 16:43:35.275993032 +0300
@@ -61,6 +61,20 @@ p11_kit_trust_la_LDFLAGS = \
p11_kit_trust_la_SOURCES = $(TRUST_SRCS)
+libnssckbi_compatdir = $(libdir)
+libnssckbi_compat_LTLIBRARIES = \
+ libnssckbi-p11-kit.la
+
+libnssckbi_p11_kit_la_CFLAGS = \
+ -DLIBNSSCKBI_COMPAT \
+ $(p11_kit_trust_la_CFLAGS)
+
+libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD)
+
+libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS)
+
+libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES)
+
libtrust_testable_la_LDFLAGS = \
-no-undefined
diff -upr p11-kit-0.23.1.orig/trust/module.c p11-kit-0.23.1/trust/module.c
--- p11-kit-0.23.1.orig/trust/module.c 2014-12-16 12:24:01.000000000 +0200
+++ p11-kit-0.23.1/trust/module.c 2015-03-30 16:48:41.370360130 +0300
@@ -196,7 +196,11 @@ create_tokens_inlock (p11_array *tokens,
const char *label;
} labels[] = {
{ "~/", "User Trust" },
+#ifdef LIBNSSCKBI_COMPAT
+ { DATA_DIR, "Builtin Object Token" },
+#else
{ DATA_DIR, "Default Trust" },
+#endif
{ SYSCONFDIR, "System Trust" },
{ NULL },
};
@@ -521,9 +525,15 @@ sys_C_GetSlotInfo (CK_SLOT_ID id,
info->flags = CKF_TOKEN_PRESENT;
strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
- /* If too long, copy the first 64 characters into buffer */
- path = p11_token_get_path (token);
+#ifdef LIBNSSCKBI_COMPAT
+ /* Change description to match libnssckbi so HPKP works in Chromium */
+ if (strcmp (p11_token_get_label (token), "Builtin Object Token" ) == 0)
+ path = "NSS Builtin Objects";
+ else
+#endif
+ path = p11_token_get_path (token);
length = strlen (path);
+ /* If too long, copy the first 64 characters into buffer */
if (length > sizeof (info->slotDescription))
length = sizeof (info->slotDescription);
memset (info->slotDescription, ' ', sizeof (info->slotDescription));
_global_units() {
local unit=p11-kit-server.socket dir=/etc/systemd/user/sockets.target.wants
case $1 in
enable)
mkdir -p $dir
ln -sf /usr/lib/systemd/user/$unit $dir/$unit
;;
disable)
rm -f $dir/$unit
rmdir -p --ignore-fail-on-non-empty $dir
;;
esac
}
post_install() {
# Enable socket by default
_global_units enable
}
pre_remove() {
_global_units disable
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment