Date: Monday, September 30, 2019 @ 17:24:32 Author: heftig Revision: 363576
archrelease: copy trunk to testing-x86_64 Added: p11-kit/repos/testing-x86_64/ p11-kit/repos/testing-x86_64/0001-Build-and-install-libnssckbi-p11-kit.so.patch (from rev 363573, p11-kit/trunk/0001-Build-and-install-libnssckbi-p11-kit.so.patch) p11-kit/repos/testing-x86_64/PKGBUILD (from rev 363573, p11-kit/trunk/PKGBUILD) p11-kit/repos/testing-x86_64/p11-kit.install (from rev 363573, p11-kit/trunk/p11-kit.install) ----------------------------------------------------+ 0001-Build-and-install-libnssckbi-p11-kit.so.patch | 100 +++++++++++++++++++ PKGBUILD | 49 +++++++++ p11-kit.install | 14 ++ 3 files changed, 163 insertions(+) Copied: p11-kit/repos/testing-x86_64/0001-Build-and-install-libnssckbi-p11-kit.so.patch (from rev 363573, p11-kit/trunk/0001-Build-and-install-libnssckbi-p11-kit.so.patch) =================================================================== --- testing-x86_64/0001-Build-and-install-libnssckbi-p11-kit.so.patch (rev 0) +++ testing-x86_64/0001-Build-and-install-libnssckbi-p11-kit.so.patch 2019-09-30 17:24:32 UTC (rev 363576) @@ -0,0 +1,100 @@ +From 5bc704e6a0de57d451cf551d74fa8543fc7ec9a0 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steff...@gmail.com> +Date: Tue, 10 Sep 2019 18:08:25 +0000 +Subject: [PATCH] Build and install libnssckbi-p11-kit.so + +Create an additional library which is a copy of p11-kit-trust.so but +uses the same label for root certs as libnssckbi.so: + "Builtin Object Token" instead of "Default Trust". + +https://bugs.freedesktop.org/show_bug.cgi?id=66161 +--- + trust/Makefile.am | 14 ++++++++++++++ + trust/meson.build | 13 +++++++++++++ + trust/module.c | 12 +++++++++++- + 3 files changed, 38 insertions(+), 1 deletion(-) + +diff --git a/trust/Makefile.am b/trust/Makefile.am +index b050a8f..4943aba 100644 +--- a/trust/Makefile.am ++++ b/trust/Makefile.am +@@ -66,6 +66,20 @@ p11_kit_trust_la_LDFLAGS = \ + + p11_kit_trust_la_SOURCES = $(TRUST_SRCS) trust/module-init.c + ++libnssckbi_compatdir = $(libdir) ++libnssckbi_compat_LTLIBRARIES = \ ++ libnssckbi-p11-kit.la ++ ++libnssckbi_p11_kit_la_CFLAGS = \ ++ -DLIBNSSCKBI_COMPAT \ ++ $(p11_kit_trust_la_CFLAGS) ++ ++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD) ++ ++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS) ++ ++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES) ++ + libtrust_testable_la_LDFLAGS = \ + -no-undefined + +diff --git a/trust/meson.build b/trust/meson.build +index c5b978b..14993e5 100644 +--- a/trust/meson.build ++++ b/trust/meson.build +@@ -58,6 +58,19 @@ shared_module('p11-kit-trust', + install: true, + install_dir: prefix / p11_module_path) + ++shared_module('libnssckbi-p11-kit', ++ libtrust_sources, ++ 'module-init.c', ++ name_prefix: '', ++ c_args: p11_kit_trust_c_args + ['-DLIBNSSCKBI_COMPAT'], ++ dependencies: [libp11_library_dep] + libtasn1_deps, ++ link_args: p11_module_ldflags, ++ link_depends: [p11_module_symbol_map, ++ p11_module_symbol_def], ++ link_with: libtrust_data, ++ vs_module_defs: p11_module_symbol_def, ++ install: true) ++ + libtrust_testable_c_args = [ + '-DP11_DEFAULT_TRUST_PREFIX="@0@"'.format(meson.current_build_dir() / 'default'), + '-DP11_SYSTEM_TRUST_PREFIX="@0@"'.format(meson.current_build_dir() / 'system') +diff --git a/trust/module.c b/trust/module.c +index ec3333d..9204673 100644 +--- a/trust/module.c ++++ b/trust/module.c +@@ -201,7 +201,11 @@ create_tokens_inlock (p11_array *tokens, + int flags; + } labels[] = { + { "~/", "User Trust", P11_TOKEN_FLAG_NONE }, ++#ifdef LIBNSSCKBI_COMPAT ++ { P11_DEFAULT_TRUST_PREFIX, "Builtin Object Token", P11_TOKEN_FLAG_WRITE_PROTECTED }, ++#else + { P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED }, ++#endif + { P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE }, + { NULL }, + }; +@@ -534,8 +538,14 @@ sys_C_GetSlotInfo (CK_SLOT_ID id, + info->flags = CKF_TOKEN_PRESENT; + memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + ++#ifdef LIBNSSCKBI_COMPAT ++ /* Change description to match libnssckbi so HPKP works in Chromium */ ++ if (strcmp (p11_token_get_label (token), "Builtin Object Token") == 0) ++ path = "NSS Builtin Objects"; ++ else ++#endif ++ path = p11_token_get_path (token); + /* If too long, copy the first 64 characters into buffer */ +- path = p11_token_get_path (token); + length = strlen (path); + if (length > sizeof (info->slotDescription)) + length = sizeof (info->slotDescription); +-- +2.23.0 + Copied: p11-kit/repos/testing-x86_64/PKGBUILD (from rev 363573, p11-kit/trunk/PKGBUILD) =================================================================== --- testing-x86_64/PKGBUILD (rev 0) +++ testing-x86_64/PKGBUILD 2019-09-30 17:24:32 UTC (rev 363576) @@ -0,0 +1,49 @@ +# Maintainer: Jan Alexander Steffens (heftig) <jan.steff...@gmail.com> +# Contributor: Ionut Biru <ib...@archlinux.org> + +pkgname=p11-kit +pkgver=0.23.18.1 +pkgrel=1 +pkgdesc="Provides a way to load and enumerate PKCS#11 modules" +arch=(x86_64) +url="https://p11-glue.freedesktop.org" +license=(BSD) +depends=(glibc libtasn1 libffi systemd) +makedepends=(gtk-doc git meson) +install=p11-kit.install +source=("git+https://github.com/p11-glue/p11-kit?signed#tag=$pkgver" + 0001-Build-and-install-libnssckbi-p11-kit.so.patch) +sha256sums=('SKIP' + 'e832eece10587ac50ae42ca4515786b51e67fea0647716061e51cd94f5e058cd') +validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF' # Stef Walter + '462225C3B46F34879FC8496CD605848ED7E69871') # Daiki Ueno + +prepare() { + cd p11-kit + + # Build and install an additional library (libnssckbi-p11-kit.so) which + # is a copy of p11-kit-trust.so but uses the same label for root certs as + # libnssckbi.so ("Builtin Object Token" instead of "Default Trust") + # https://bugs.freedesktop.org/show_bug.cgi?id=66161 + patch -Np1 -i ../0001-Build-and-install-libnssckbi-p11-kit.so.patch +} + +build() { + arch-meson p11-kit build \ + -D gtk_doc=true \ + -D man=true \ + -D trust_paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source + ninja -C build +} + +check() { + meson test -C build --print-errorlogs +} + +package() { + DESTDIR="$pkgdir" meson install -C build + install -Dt "$pkgdir/usr/share/licenses/$pkgname" -m644 p11-kit/COPYING + ln -srf "$pkgdir/usr/bin/update-ca-trust" "$pkgdir/usr/lib/p11-kit/trust-extract-compat" +} + +# vim:set ts=2 sw=2 et: Copied: p11-kit/repos/testing-x86_64/p11-kit.install (from rev 363573, p11-kit/trunk/p11-kit.install) =================================================================== --- testing-x86_64/p11-kit.install (rev 0) +++ testing-x86_64/p11-kit.install 2019-09-30 17:24:32 UTC (rev 363576) @@ -0,0 +1,14 @@ +post_install() { + # Enable socket by default + systemctl --global enable p11-kit-server.socket +} + +post_upgrade() { + if (( $(vercmp $2 0.23.13-1) < 0)); then + systemctl --global enable p11-kit-server.socket + fi +} + +pre_remove() { + systemctl --global disable p11-kit-server.socket +}