Date: Sunday, August 20, 2017 @ 18:41:46 Author: heftig Revision: 302932
archrelease: copy trunk to testing-i686, testing-x86_64 Added: p11-kit/repos/testing-i686/ p11-kit/repos/testing-i686/PKGBUILD (from rev 302931, p11-kit/trunk/PKGBUILD) p11-kit/repos/testing-i686/libnssckbi-compat.patch (from rev 302931, p11-kit/trunk/libnssckbi-compat.patch) p11-kit/repos/testing-x86_64/ p11-kit/repos/testing-x86_64/PKGBUILD (from rev 302931, p11-kit/trunk/PKGBUILD) p11-kit/repos/testing-x86_64/libnssckbi-compat.patch (from rev 302931, p11-kit/trunk/libnssckbi-compat.patch) ----------------------------------------+ testing-i686/PKGBUILD | 63 +++++++++++++++++++++++++++++++ testing-i686/libnssckbi-compat.patch | 57 ++++++++++++++++++++++++++++ testing-x86_64/PKGBUILD | 63 +++++++++++++++++++++++++++++++ testing-x86_64/libnssckbi-compat.patch | 57 ++++++++++++++++++++++++++++ 4 files changed, 240 insertions(+) Copied: p11-kit/repos/testing-i686/PKGBUILD (from rev 302931, p11-kit/trunk/PKGBUILD) =================================================================== --- testing-i686/PKGBUILD (rev 0) +++ testing-i686/PKGBUILD 2017-08-20 18:41:46 UTC (rev 302932) @@ -0,0 +1,63 @@ +# $Id$ +# Contributor: Ionut Biru <ib...@archlinux.org> + +pkgname=p11-kit +pkgver=0.23.8 +pkgrel=1 +pkgdesc="Provides a way to load and enumerate PKCS#11 modules" +arch=(i686 x86_64) +url="https://p11-glue.freedesktop.org" +license=(BSD) +depends=(glibc libtasn1 libffi) +makedepends=(gtk-doc git) +_commit=25474901cf9c1fb39ae5dc73a2f2b4dd34e81fdc # tags/0.23.8^0 +source=("git+https://github.com/p11-glue/p11-kit#commit=$_commit" + libnssckbi-compat.patch) +sha256sums=('SKIP' + '8f763cdbc6c0ca6c5a7898f9fd6f3018b7ac5b1aca36f67c6c813343c2962962') +validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF') + +pkgver() { + cd $pkgname + git describe --tags | sed 's/-/+/g' +} + +prepare() { + cd $pkgname + + # Build and install an additional library (libnssckbi-p11-kit.so) which + # is a copy of p11-kit-trust.so but uses the same label for root certs as + # libnssckbi.so ("Builtin Object Token" instead of "Default Trust") + # https://bugs.freedesktop.org/show_bug.cgi?id=66161 + patch -Np1 -i ../libnssckbi-compat.patch + + NOCONFIGURE=1 ./autogen.sh +} + +build() { + cd $pkgname + + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/lib \ + --enable-doc \ + --with-module-path=/usr/lib/pkcs11 \ + --with-trust-paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source + make +} + +check() { + cd $pkgname + make check +} + +package() { + cd $pkgname + make DESTDIR="$pkgdir" install + install -Dm644 COPYING "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + + ln -srf "$pkgdir/usr/bin/update-ca-trust" "$pkgdir/usr/lib/p11-kit/trust-extract-compat" +} + +# vim:set ts=2 sw=2 et: Copied: p11-kit/repos/testing-i686/libnssckbi-compat.patch (from rev 302931, p11-kit/trunk/libnssckbi-compat.patch) =================================================================== --- testing-i686/libnssckbi-compat.patch (rev 0) +++ testing-i686/libnssckbi-compat.patch 2017-08-20 18:41:46 UTC (rev 302932) @@ -0,0 +1,57 @@ +diff -upr p11-kit-0.23.1.orig/trust/Makefile.am p11-kit-0.23.1/trust/Makefile.am +--- p11-kit-0.23.1.orig/trust/Makefile.am 2014-11-12 12:58:50.000000000 +0200 ++++ p11-kit-0.23.1/trust/Makefile.am 2015-03-30 16:43:35.275993032 +0300 +@@ -61,6 +61,20 @@ p11_kit_trust_la_LDFLAGS = \ + + p11_kit_trust_la_SOURCES = $(TRUST_SRCS) + ++libnssckbi_compatdir = $(libdir) ++libnssckbi_compat_LTLIBRARIES = \ ++ libnssckbi-p11-kit.la ++ ++libnssckbi_p11_kit_la_CFLAGS = \ ++ -DLIBNSSCKBI_COMPAT \ ++ $(p11_kit_trust_la_CFLAGS) ++ ++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD) ++ ++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS) ++ ++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES) ++ + libtrust_testable_la_LDFLAGS = \ + -no-undefined + +diff -upr p11-kit-0.23.1.orig/trust/module.c p11-kit-0.23.1/trust/module.c +--- p11-kit-0.23.1.orig/trust/module.c 2014-12-16 12:24:01.000000000 +0200 ++++ p11-kit-0.23.1/trust/module.c 2015-03-30 16:48:41.370360130 +0300 +@@ -196,7 +196,11 @@ create_tokens_inlock (p11_array *tokens, + const char *label; + } labels[] = { + { "~/", "User Trust" }, ++#ifdef LIBNSSCKBI_COMPAT ++ { DATA_DIR, "Builtin Object Token" }, ++#else + { DATA_DIR, "Default Trust" }, ++#endif + { SYSCONFDIR, "System Trust" }, + { NULL }, + }; +@@ -521,9 +525,15 @@ sys_C_GetSlotInfo (CK_SLOT_ID id, + info->flags = CKF_TOKEN_PRESENT; + strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + +- /* If too long, copy the first 64 characters into buffer */ +- path = p11_token_get_path (token); ++#ifdef LIBNSSCKBI_COMPAT ++ /* Change description to match libnssckbi so HPKP works in Chromium */ ++ if (strcmp (p11_token_get_label (token), "Builtin Object Token" ) == 0) ++ path = "NSS Builtin Objects"; ++ else ++#endif ++ path = p11_token_get_path (token); + length = strlen (path); ++ /* If too long, copy the first 64 characters into buffer */ + if (length > sizeof (info->slotDescription)) + length = sizeof (info->slotDescription); + memset (info->slotDescription, ' ', sizeof (info->slotDescription)); Copied: p11-kit/repos/testing-x86_64/PKGBUILD (from rev 302931, p11-kit/trunk/PKGBUILD) =================================================================== --- testing-x86_64/PKGBUILD (rev 0) +++ testing-x86_64/PKGBUILD 2017-08-20 18:41:46 UTC (rev 302932) @@ -0,0 +1,63 @@ +# $Id$ +# Contributor: Ionut Biru <ib...@archlinux.org> + +pkgname=p11-kit +pkgver=0.23.8 +pkgrel=1 +pkgdesc="Provides a way to load and enumerate PKCS#11 modules" +arch=(i686 x86_64) +url="https://p11-glue.freedesktop.org" +license=(BSD) +depends=(glibc libtasn1 libffi) +makedepends=(gtk-doc git) +_commit=25474901cf9c1fb39ae5dc73a2f2b4dd34e81fdc # tags/0.23.8^0 +source=("git+https://github.com/p11-glue/p11-kit#commit=$_commit" + libnssckbi-compat.patch) +sha256sums=('SKIP' + '8f763cdbc6c0ca6c5a7898f9fd6f3018b7ac5b1aca36f67c6c813343c2962962') +validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF') + +pkgver() { + cd $pkgname + git describe --tags | sed 's/-/+/g' +} + +prepare() { + cd $pkgname + + # Build and install an additional library (libnssckbi-p11-kit.so) which + # is a copy of p11-kit-trust.so but uses the same label for root certs as + # libnssckbi.so ("Builtin Object Token" instead of "Default Trust") + # https://bugs.freedesktop.org/show_bug.cgi?id=66161 + patch -Np1 -i ../libnssckbi-compat.patch + + NOCONFIGURE=1 ./autogen.sh +} + +build() { + cd $pkgname + + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/lib \ + --enable-doc \ + --with-module-path=/usr/lib/pkcs11 \ + --with-trust-paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source + make +} + +check() { + cd $pkgname + make check +} + +package() { + cd $pkgname + make DESTDIR="$pkgdir" install + install -Dm644 COPYING "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + + ln -srf "$pkgdir/usr/bin/update-ca-trust" "$pkgdir/usr/lib/p11-kit/trust-extract-compat" +} + +# vim:set ts=2 sw=2 et: Copied: p11-kit/repos/testing-x86_64/libnssckbi-compat.patch (from rev 302931, p11-kit/trunk/libnssckbi-compat.patch) =================================================================== --- testing-x86_64/libnssckbi-compat.patch (rev 0) +++ testing-x86_64/libnssckbi-compat.patch 2017-08-20 18:41:46 UTC (rev 302932) @@ -0,0 +1,57 @@ +diff -upr p11-kit-0.23.1.orig/trust/Makefile.am p11-kit-0.23.1/trust/Makefile.am +--- p11-kit-0.23.1.orig/trust/Makefile.am 2014-11-12 12:58:50.000000000 +0200 ++++ p11-kit-0.23.1/trust/Makefile.am 2015-03-30 16:43:35.275993032 +0300 +@@ -61,6 +61,20 @@ p11_kit_trust_la_LDFLAGS = \ + + p11_kit_trust_la_SOURCES = $(TRUST_SRCS) + ++libnssckbi_compatdir = $(libdir) ++libnssckbi_compat_LTLIBRARIES = \ ++ libnssckbi-p11-kit.la ++ ++libnssckbi_p11_kit_la_CFLAGS = \ ++ -DLIBNSSCKBI_COMPAT \ ++ $(p11_kit_trust_la_CFLAGS) ++ ++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD) ++ ++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS) ++ ++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES) ++ + libtrust_testable_la_LDFLAGS = \ + -no-undefined + +diff -upr p11-kit-0.23.1.orig/trust/module.c p11-kit-0.23.1/trust/module.c +--- p11-kit-0.23.1.orig/trust/module.c 2014-12-16 12:24:01.000000000 +0200 ++++ p11-kit-0.23.1/trust/module.c 2015-03-30 16:48:41.370360130 +0300 +@@ -196,7 +196,11 @@ create_tokens_inlock (p11_array *tokens, + const char *label; + } labels[] = { + { "~/", "User Trust" }, ++#ifdef LIBNSSCKBI_COMPAT ++ { DATA_DIR, "Builtin Object Token" }, ++#else + { DATA_DIR, "Default Trust" }, ++#endif + { SYSCONFDIR, "System Trust" }, + { NULL }, + }; +@@ -521,9 +525,15 @@ sys_C_GetSlotInfo (CK_SLOT_ID id, + info->flags = CKF_TOKEN_PRESENT; + strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + +- /* If too long, copy the first 64 characters into buffer */ +- path = p11_token_get_path (token); ++#ifdef LIBNSSCKBI_COMPAT ++ /* Change description to match libnssckbi so HPKP works in Chromium */ ++ if (strcmp (p11_token_get_label (token), "Builtin Object Token" ) == 0) ++ path = "NSS Builtin Objects"; ++ else ++#endif ++ path = p11_token_get_path (token); + length = strlen (path); ++ /* If too long, copy the first 64 characters into buffer */ + if (length > sizeof (info->slotDescription)) + length = sizeof (info->slotDescription); + memset (info->slotDescription, ' ', sizeof (info->slotDescription));