Date: Sunday, August 20, 2017 @ 18:41:46
Author: heftig
Revision: 302932
archrelease: copy trunk to testing-i686, testing-x86_64
Added:
p11-kit/repos/testing-i686/
p11-kit/repos/testing-i686/PKGBUILD
(from rev 302931, p11-kit/trunk/PKGBUILD)
p11-kit/repos/testing-i686/libnssckbi-compat.patch
(from rev 302931, p11-kit/trunk/libnssckbi-compat.patch)
p11-kit/repos/testing-x86_64/
p11-kit/repos/testing-x86_64/PKGBUILD
(from rev 302931, p11-kit/trunk/PKGBUILD)
p11-kit/repos/testing-x86_64/libnssckbi-compat.patch
(from rev 302931, p11-kit/trunk/libnssckbi-compat.patch)
----------------------------------------+
testing-i686/PKGBUILD | 63 +++++++++++++++++++++++++++++++
testing-i686/libnssckbi-compat.patch | 57 ++++++++++++++++++++++++++++
testing-x86_64/PKGBUILD | 63 +++++++++++++++++++++++++++++++
testing-x86_64/libnssckbi-compat.patch | 57 ++++++++++++++++++++++++++++
4 files changed, 240 insertions(+)
Copied: p11-kit/repos/testing-i686/PKGBUILD (from rev 302931,
p11-kit/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD (rev 0)
+++ testing-i686/PKGBUILD 2017-08-20 18:41:46 UTC (rev 302932)
@@ -0,0 +1,63 @@
+# $Id$
+# Contributor: Ionut Biru <ib...@archlinux.org>
+
+pkgname=p11-kit
+pkgver=0.23.8
+pkgrel=1
+pkgdesc="Provides a way to load and enumerate PKCS#11 modules"
+arch=(i686 x86_64)
+url="https://p11-glue.freedesktop.org";
+license=(BSD)
+depends=(glibc libtasn1 libffi)
+makedepends=(gtk-doc git)
+_commit=25474901cf9c1fb39ae5dc73a2f2b4dd34e81fdc # tags/0.23.8^0
+source=("git+https://github.com/p11-glue/p11-kit#commit=$_commit";
+ libnssckbi-compat.patch)
+sha256sums=('SKIP'
+ '8f763cdbc6c0ca6c5a7898f9fd6f3018b7ac5b1aca36f67c6c813343c2962962')
+validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF')
+
+pkgver() {
+ cd $pkgname
+ git describe --tags | sed 's/-/+/g'
+}
+
+prepare() {
+ cd $pkgname
+
+ # Build and install an additional library (libnssckbi-p11-kit.so) which
+ # is a copy of p11-kit-trust.so but uses the same label for root certs as
+ # libnssckbi.so ("Builtin Object Token" instead of "Default Trust")
+ # https://bugs.freedesktop.org/show_bug.cgi?id=66161
+ patch -Np1 -i ../libnssckbi-compat.patch
+
+ NOCONFIGURE=1 ./autogen.sh
+}
+
+build() {
+ cd $pkgname
+
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --libexecdir=/usr/lib \
+ --enable-doc \
+ --with-module-path=/usr/lib/pkcs11 \
+
--with-trust-paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source
+ make
+}
+
+check() {
+ cd $pkgname
+ make check
+}
+
+package() {
+ cd $pkgname
+ make DESTDIR="$pkgdir" install
+ install -Dm644 COPYING "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+
+ ln -srf "$pkgdir/usr/bin/update-ca-trust"
"$pkgdir/usr/lib/p11-kit/trust-extract-compat"
+}
+
+# vim:set ts=2 sw=2 et:
Copied: p11-kit/repos/testing-i686/libnssckbi-compat.patch (from rev 302931,
p11-kit/trunk/libnssckbi-compat.patch)
===================================================================
--- testing-i686/libnssckbi-compat.patch (rev 0)
+++ testing-i686/libnssckbi-compat.patch 2017-08-20 18:41:46 UTC (rev
302932)
@@ -0,0 +1,57 @@
+diff -upr p11-kit-0.23.1.orig/trust/Makefile.am
p11-kit-0.23.1/trust/Makefile.am
+--- p11-kit-0.23.1.orig/trust/Makefile.am 2014-11-12 12:58:50.000000000
+0200
++++ p11-kit-0.23.1/trust/Makefile.am 2015-03-30 16:43:35.275993032 +0300
+@@ -61,6 +61,20 @@ p11_kit_trust_la_LDFLAGS = \
+
+ p11_kit_trust_la_SOURCES = $(TRUST_SRCS)
+
++libnssckbi_compatdir = $(libdir)
++libnssckbi_compat_LTLIBRARIES = \
++ libnssckbi-p11-kit.la
++
++libnssckbi_p11_kit_la_CFLAGS = \
++ -DLIBNSSCKBI_COMPAT \
++ $(p11_kit_trust_la_CFLAGS)
++
++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD)
++
++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS)
++
++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES)
++
+ libtrust_testable_la_LDFLAGS = \
+ -no-undefined
+
+diff -upr p11-kit-0.23.1.orig/trust/module.c p11-kit-0.23.1/trust/module.c
+--- p11-kit-0.23.1.orig/trust/module.c 2014-12-16 12:24:01.000000000 +0200
++++ p11-kit-0.23.1/trust/module.c 2015-03-30 16:48:41.370360130 +0300
+@@ -196,7 +196,11 @@ create_tokens_inlock (p11_array *tokens,
+ const char *label;
+ } labels[] = {
+ { "~/", "User Trust" },
++#ifdef LIBNSSCKBI_COMPAT
++ { DATA_DIR, "Builtin Object Token" },
++#else
+ { DATA_DIR, "Default Trust" },
++#endif
+ { SYSCONFDIR, "System Trust" },
+ { NULL },
+ };
+@@ -521,9 +525,15 @@ sys_C_GetSlotInfo (CK_SLOT_ID id,
+ info->flags = CKF_TOKEN_PRESENT;
+ strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
+
+- /* If too long, copy the first 64 characters into buffer */
+- path = p11_token_get_path (token);
++#ifdef LIBNSSCKBI_COMPAT
++ /* Change description to match libnssckbi so HPKP works in
Chromium */
++ if (strcmp (p11_token_get_label (token), "Builtin Object Token"
) == 0)
++ path = "NSS Builtin Objects";
++ else
++#endif
++ path = p11_token_get_path (token);
+ length = strlen (path);
++ /* If too long, copy the first 64 characters into buffer */
+ if (length > sizeof (info->slotDescription))
+ length = sizeof (info->slotDescription);
+ memset (info->slotDescription, ' ', sizeof
(info->slotDescription));
Copied: p11-kit/repos/testing-x86_64/PKGBUILD (from rev 302931,
p11-kit/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2017-08-20 18:41:46 UTC (rev 302932)
@@ -0,0 +1,63 @@
+# $Id$
+# Contributor: Ionut Biru <ib...@archlinux.org>
+
+pkgname=p11-kit
+pkgver=0.23.8
+pkgrel=1
+pkgdesc="Provides a way to load and enumerate PKCS#11 modules"
+arch=(i686 x86_64)
+url="https://p11-glue.freedesktop.org";
+license=(BSD)
+depends=(glibc libtasn1 libffi)
+makedepends=(gtk-doc git)
+_commit=25474901cf9c1fb39ae5dc73a2f2b4dd34e81fdc # tags/0.23.8^0
+source=("git+https://github.com/p11-glue/p11-kit#commit=$_commit";
+ libnssckbi-compat.patch)
+sha256sums=('SKIP'
+ '8f763cdbc6c0ca6c5a7898f9fd6f3018b7ac5b1aca36f67c6c813343c2962962')
+validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF')
+
+pkgver() {
+ cd $pkgname
+ git describe --tags | sed 's/-/+/g'
+}
+
+prepare() {
+ cd $pkgname
+
+ # Build and install an additional library (libnssckbi-p11-kit.so) which
+ # is a copy of p11-kit-trust.so but uses the same label for root certs as
+ # libnssckbi.so ("Builtin Object Token" instead of "Default Trust")
+ # https://bugs.freedesktop.org/show_bug.cgi?id=66161
+ patch -Np1 -i ../libnssckbi-compat.patch
+
+ NOCONFIGURE=1 ./autogen.sh
+}
+
+build() {
+ cd $pkgname
+
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --libexecdir=/usr/lib \
+ --enable-doc \
+ --with-module-path=/usr/lib/pkcs11 \
+
--with-trust-paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source
+ make
+}
+
+check() {
+ cd $pkgname
+ make check
+}
+
+package() {
+ cd $pkgname
+ make DESTDIR="$pkgdir" install
+ install -Dm644 COPYING "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+
+ ln -srf "$pkgdir/usr/bin/update-ca-trust"
"$pkgdir/usr/lib/p11-kit/trust-extract-compat"
+}
+
+# vim:set ts=2 sw=2 et:
Copied: p11-kit/repos/testing-x86_64/libnssckbi-compat.patch (from rev 302931,
p11-kit/trunk/libnssckbi-compat.patch)
===================================================================
--- testing-x86_64/libnssckbi-compat.patch (rev 0)
+++ testing-x86_64/libnssckbi-compat.patch 2017-08-20 18:41:46 UTC (rev
302932)
@@ -0,0 +1,57 @@
+diff -upr p11-kit-0.23.1.orig/trust/Makefile.am
p11-kit-0.23.1/trust/Makefile.am
+--- p11-kit-0.23.1.orig/trust/Makefile.am 2014-11-12 12:58:50.000000000
+0200
++++ p11-kit-0.23.1/trust/Makefile.am 2015-03-30 16:43:35.275993032 +0300
+@@ -61,6 +61,20 @@ p11_kit_trust_la_LDFLAGS = \
+
+ p11_kit_trust_la_SOURCES = $(TRUST_SRCS)
+
++libnssckbi_compatdir = $(libdir)
++libnssckbi_compat_LTLIBRARIES = \
++ libnssckbi-p11-kit.la
++
++libnssckbi_p11_kit_la_CFLAGS = \
++ -DLIBNSSCKBI_COMPAT \
++ $(p11_kit_trust_la_CFLAGS)
++
++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD)
++
++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS)
++
++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES)
++
+ libtrust_testable_la_LDFLAGS = \
+ -no-undefined
+
+diff -upr p11-kit-0.23.1.orig/trust/module.c p11-kit-0.23.1/trust/module.c
+--- p11-kit-0.23.1.orig/trust/module.c 2014-12-16 12:24:01.000000000 +0200
++++ p11-kit-0.23.1/trust/module.c 2015-03-30 16:48:41.370360130 +0300
+@@ -196,7 +196,11 @@ create_tokens_inlock (p11_array *tokens,
+ const char *label;
+ } labels[] = {
+ { "~/", "User Trust" },
++#ifdef LIBNSSCKBI_COMPAT
++ { DATA_DIR, "Builtin Object Token" },
++#else
+ { DATA_DIR, "Default Trust" },
++#endif
+ { SYSCONFDIR, "System Trust" },
+ { NULL },
+ };
+@@ -521,9 +525,15 @@ sys_C_GetSlotInfo (CK_SLOT_ID id,
+ info->flags = CKF_TOKEN_PRESENT;
+ strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
+
+- /* If too long, copy the first 64 characters into buffer */
+- path = p11_token_get_path (token);
++#ifdef LIBNSSCKBI_COMPAT
++ /* Change description to match libnssckbi so HPKP works in
Chromium */
++ if (strcmp (p11_token_get_label (token), "Builtin Object Token"
) == 0)
++ path = "NSS Builtin Objects";
++ else
++#endif
++ path = p11_token_get_path (token);
+ length = strlen (path);
++ /* If too long, copy the first 64 characters into buffer */
+ if (length > sizeof (info->slotDescription))
+ length = sizeof (info->slotDescription);
+ memset (info->slotDescription, ' ', sizeof
(info->slotDescription));
