summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nonsystemd-multilib/lib32-p11-kit/0001-Build-and-install-libnssckbi-p11-kit.so.patch76
-rw-r--r--nonsystemd-multilib/lib32-p11-kit/PKGBUILD72
2 files changed, 148 insertions, 0 deletions
diff --git a/nonsystemd-multilib/lib32-p11-kit/0001-Build-and-install-libnssckbi-p11-kit.so.patch b/nonsystemd-multilib/lib32-p11-kit/0001-Build-and-install-libnssckbi-p11-kit.so.patch
new file mode 100644
index 000000000..3ccdbb757
--- /dev/null
+++ b/nonsystemd-multilib/lib32-p11-kit/0001-Build-and-install-libnssckbi-p11-kit.so.patch
@@ -0,0 +1,76 @@
+From 8a1c9bb1170213498d3386d2a5c2882868e4f535 Mon Sep 17 00:00:00 2001
+Message-Id: <8a1c9bb1170213498d3386d2a5c2882868e4f535.1548110948.git.jan.steffens@gmail.com>
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Thu, 1 Mar 2018 16:20:59 +0100
+Subject: [PATCH] Build and install libnssckbi-p11-kit.so
+
+Create an additional library which is a copy of p11-kit-trust.so but
+uses the same label for root certs as libnssckbi.so:
+ "Builtin Object Token" instead of "Default Trust".
+
+https://bugs.freedesktop.org/show_bug.cgi?id=66161
+---
+ trust/Makefile.am | 14 ++++++++++++++
+ trust/module.c | 12 +++++++++++-
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/trust/Makefile.am b/trust/Makefile.am
+index c4a65a3..303e1d0 100644
+--- a/trust/Makefile.am
++++ b/trust/Makefile.am
+@@ -66,6 +66,20 @@ p11_kit_trust_la_LDFLAGS = \
+
+ p11_kit_trust_la_SOURCES = $(TRUST_SRCS) trust/module-init.c
+
++libnssckbi_compatdir = $(libdir)
++libnssckbi_compat_LTLIBRARIES = \
++ libnssckbi-p11-kit.la
++
++libnssckbi_p11_kit_la_CFLAGS = \
++ -DLIBNSSCKBI_COMPAT \
++ $(p11_kit_trust_la_CFLAGS)
++
++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD)
++
++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS)
++
++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES)
++
+ libtrust_testable_la_LDFLAGS = \
+ -no-undefined
+
+diff --git a/trust/module.c b/trust/module.c
+index 1722340..e776270 100644
+--- a/trust/module.c
++++ b/trust/module.c
+@@ -201,7 +201,11 @@ create_tokens_inlock (p11_array *tokens,
+ int flags;
+ } labels[] = {
+ { "~/", "User Trust", P11_TOKEN_FLAG_NONE },
++#ifdef LIBNSSCKBI_COMPAT
++ { P11_DEFAULT_TRUST_PREFIX, "Builtin Object Token", P11_TOKEN_FLAG_WRITE_PROTECTED },
++#else
+ { P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED },
++#endif
+ { P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE },
+ { NULL },
+ };
+@@ -534,8 +538,14 @@ sys_C_GetSlotInfo (CK_SLOT_ID id,
+ info->flags = CKF_TOKEN_PRESENT;
+ memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
+
++#ifdef LIBNSSCKBI_COMPAT
++ /* Change description to match libnssckbi so HPKP works in Chromium */
++ if (strcmp (p11_token_get_label (token), "Builtin Object Token") == 0)
++ path = "NSS Builtin Objects";
++ else
++#endif
++ path = p11_token_get_path (token);
+ /* If too long, copy the first 64 characters into buffer */
+- path = p11_token_get_path (token);
+ length = strlen (path);
+ if (length > sizeof (info->slotDescription))
+ length = sizeof (info->slotDescription);
+--
+2.20.1
+
diff --git a/nonsystemd-multilib/lib32-p11-kit/PKGBUILD b/nonsystemd-multilib/lib32-p11-kit/PKGBUILD
new file mode 100644
index 000000000..1fd307fa6
--- /dev/null
+++ b/nonsystemd-multilib/lib32-p11-kit/PKGBUILD
@@ -0,0 +1,72 @@
+# Maintainer: David P. <megver83@parabola.nu>
+# Maintainer (Arch): Florian Pritz <bluewind@xinu.at>
+# Contributor (Arch): Christoph Vigano <mail@cvigano.de>
+
+pkgname=lib32-p11-kit
+pkgver=0.23.15
+pkgrel=1
+pkgrel+=.nonsystemd1
+pkgdesc="Provides a way to load and enumerate PKCS#11 modules (32-bit)"
+arch=(x86_64)
+url="https://p11-glue.freedesktop.org"
+license=(BSD)
+depends=(lib32-glibc lib32-libtasn1 lib32-libffi p11-kit)
+makedepends=(git lib32-gcc-libs)
+source=("git+https://github.com/p11-glue/p11-kit?signed#tag=$pkgver"
+ 0001-Build-and-install-libnssckbi-p11-kit.so.patch)
+sha256sums=('SKIP'
+ 'a2222e092b2c9ae2d2c344b3268f8f86e7b424973433d49653f72e6c51fa54cf')
+validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF' # Stef Walter
+ '462225C3B46F34879FC8496CD605848ED7E69871') # Daiki Ueno
+
+prepare() {
+ cd p11-kit
+
+ # Build and install an additional library (libnssckbi-p11-kit.so) which
+ # is a copy of p11-kit-trust.so but uses the same label for root certs as
+ # libnssckbi.so ("Builtin Object Token" instead of "Default Trust")
+ # https://bugs.freedesktop.org/show_bug.cgi?id=66161
+ patch -Np1 -i ../0001-Build-and-install-libnssckbi-p11-kit.so.patch
+
+ NOCONFIGURE=1 ./autogen.sh
+}
+
+build() {
+ cd p11-kit
+
+ export CC="gcc -m32"
+ export CXX="g++ -m32"
+ export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
+
+ ./configure --prefix=/usr \
+ --libdir=/usr/lib32 \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --libexecdir=/usr/lib \
+ --disable-doc \
+ --with-module-path=/usr/lib32/pkcs11 \
+ --with-trust-paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source \
+ --without-systemd
+ make
+}
+
+check() (
+ cd p11-kit
+
+ # https://github.com/p11-glue/p11-kit/issues/212
+ unset SOURCE_DATE_EPOCH
+
+ make check
+)
+
+package() {
+ cd p11-kit
+ make DESTDIR="$pkgdir" install
+
+ rm -rf "${pkgdir}"/etc "${pkgdir}"/usr/{bin,include,lib,share}
+
+ install -d "$pkgdir/usr/share/licenses"
+ ln -s p11-kit "$pkgdir/usr/share/licenses/$pkgname"
+}
+
+# vim:set ts=2 sw=2 et: