diff options
-rw-r--r-- | nonsystemd-multilib/lib32-p11-kit/0001-Build-and-install-libnssckbi-p11-kit.so.patch | 76 | ||||
-rw-r--r-- | nonsystemd-multilib/lib32-p11-kit/PKGBUILD | 72 |
2 files changed, 148 insertions, 0 deletions
diff --git a/nonsystemd-multilib/lib32-p11-kit/0001-Build-and-install-libnssckbi-p11-kit.so.patch b/nonsystemd-multilib/lib32-p11-kit/0001-Build-and-install-libnssckbi-p11-kit.so.patch new file mode 100644 index 000000000..3ccdbb757 --- /dev/null +++ b/nonsystemd-multilib/lib32-p11-kit/0001-Build-and-install-libnssckbi-p11-kit.so.patch @@ -0,0 +1,76 @@ +From 8a1c9bb1170213498d3386d2a5c2882868e4f535 Mon Sep 17 00:00:00 2001 +Message-Id: <8a1c9bb1170213498d3386d2a5c2882868e4f535.1548110948.git.jan.steffens@gmail.com> +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Thu, 1 Mar 2018 16:20:59 +0100 +Subject: [PATCH] Build and install libnssckbi-p11-kit.so + +Create an additional library which is a copy of p11-kit-trust.so but +uses the same label for root certs as libnssckbi.so: + "Builtin Object Token" instead of "Default Trust". + +https://bugs.freedesktop.org/show_bug.cgi?id=66161 +--- + trust/Makefile.am | 14 ++++++++++++++ + trust/module.c | 12 +++++++++++- + 2 files changed, 25 insertions(+), 1 deletion(-) + +diff --git a/trust/Makefile.am b/trust/Makefile.am +index c4a65a3..303e1d0 100644 +--- a/trust/Makefile.am ++++ b/trust/Makefile.am +@@ -66,6 +66,20 @@ p11_kit_trust_la_LDFLAGS = \ + + p11_kit_trust_la_SOURCES = $(TRUST_SRCS) trust/module-init.c + ++libnssckbi_compatdir = $(libdir) ++libnssckbi_compat_LTLIBRARIES = \ ++ libnssckbi-p11-kit.la ++ ++libnssckbi_p11_kit_la_CFLAGS = \ ++ -DLIBNSSCKBI_COMPAT \ ++ $(p11_kit_trust_la_CFLAGS) ++ ++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD) ++ ++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS) ++ ++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES) ++ + libtrust_testable_la_LDFLAGS = \ + -no-undefined + +diff --git a/trust/module.c b/trust/module.c +index 1722340..e776270 100644 +--- a/trust/module.c ++++ b/trust/module.c +@@ -201,7 +201,11 @@ create_tokens_inlock (p11_array *tokens, + int flags; + } labels[] = { + { "~/", "User Trust", P11_TOKEN_FLAG_NONE }, ++#ifdef LIBNSSCKBI_COMPAT ++ { P11_DEFAULT_TRUST_PREFIX, "Builtin Object Token", P11_TOKEN_FLAG_WRITE_PROTECTED }, ++#else + { P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED }, ++#endif + { P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE }, + { NULL }, + }; +@@ -534,8 +538,14 @@ sys_C_GetSlotInfo (CK_SLOT_ID id, + info->flags = CKF_TOKEN_PRESENT; + memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + ++#ifdef LIBNSSCKBI_COMPAT ++ /* Change description to match libnssckbi so HPKP works in Chromium */ ++ if (strcmp (p11_token_get_label (token), "Builtin Object Token") == 0) ++ path = "NSS Builtin Objects"; ++ else ++#endif ++ path = p11_token_get_path (token); + /* If too long, copy the first 64 characters into buffer */ +- path = p11_token_get_path (token); + length = strlen (path); + if (length > sizeof (info->slotDescription)) + length = sizeof (info->slotDescription); +-- +2.20.1 + diff --git a/nonsystemd-multilib/lib32-p11-kit/PKGBUILD b/nonsystemd-multilib/lib32-p11-kit/PKGBUILD new file mode 100644 index 000000000..1fd307fa6 --- /dev/null +++ b/nonsystemd-multilib/lib32-p11-kit/PKGBUILD @@ -0,0 +1,72 @@ +# Maintainer: David P. <megver83@parabola.nu> +# Maintainer (Arch): Florian Pritz <bluewind@xinu.at> +# Contributor (Arch): Christoph Vigano <mail@cvigano.de> + +pkgname=lib32-p11-kit +pkgver=0.23.15 +pkgrel=1 +pkgrel+=.nonsystemd1 +pkgdesc="Provides a way to load and enumerate PKCS#11 modules (32-bit)" +arch=(x86_64) +url="https://p11-glue.freedesktop.org" +license=(BSD) +depends=(lib32-glibc lib32-libtasn1 lib32-libffi p11-kit) +makedepends=(git lib32-gcc-libs) +source=("git+https://github.com/p11-glue/p11-kit?signed#tag=$pkgver" + 0001-Build-and-install-libnssckbi-p11-kit.so.patch) +sha256sums=('SKIP' + 'a2222e092b2c9ae2d2c344b3268f8f86e7b424973433d49653f72e6c51fa54cf') +validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF' # Stef Walter + '462225C3B46F34879FC8496CD605848ED7E69871') # Daiki Ueno + +prepare() { + cd p11-kit + + # Build and install an additional library (libnssckbi-p11-kit.so) which + # is a copy of p11-kit-trust.so but uses the same label for root certs as + # libnssckbi.so ("Builtin Object Token" instead of "Default Trust") + # https://bugs.freedesktop.org/show_bug.cgi?id=66161 + patch -Np1 -i ../0001-Build-and-install-libnssckbi-p11-kit.so.patch + + NOCONFIGURE=1 ./autogen.sh +} + +build() { + cd p11-kit + + export CC="gcc -m32" + export CXX="g++ -m32" + export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" + + ./configure --prefix=/usr \ + --libdir=/usr/lib32 \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/lib \ + --disable-doc \ + --with-module-path=/usr/lib32/pkcs11 \ + --with-trust-paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source \ + --without-systemd + make +} + +check() ( + cd p11-kit + + # https://github.com/p11-glue/p11-kit/issues/212 + unset SOURCE_DATE_EPOCH + + make check +) + +package() { + cd p11-kit + make DESTDIR="$pkgdir" install + + rm -rf "${pkgdir}"/etc "${pkgdir}"/usr/{bin,include,lib,share} + + install -d "$pkgdir/usr/share/licenses" + ln -s p11-kit "$pkgdir/usr/share/licenses/$pkgname" +} + +# vim:set ts=2 sw=2 et: |