Date: Friday, January 24, 2020 @ 21:56:58 Author: heftig Revision: 555373
0.23.19-2: FS#64401 Drop the custom libnssckbi and use p11-kit-trust proper Modified: lib32-p11-kit/trunk/PKGBUILD Deleted: lib32-p11-kit/trunk/0001-Build-and-install-libnssckbi-p11-kit.so.patch ----------------------------------------------------+ 0001-Build-and-install-libnssckbi-p11-kit.so.patch | 100 ------------------- PKGBUILD | 19 --- 2 files changed, 5 insertions(+), 114 deletions(-) Deleted: 0001-Build-and-install-libnssckbi-p11-kit.so.patch =================================================================== --- 0001-Build-and-install-libnssckbi-p11-kit.so.patch 2020-01-24 21:56:54 UTC (rev 555372) +++ 0001-Build-and-install-libnssckbi-p11-kit.so.patch 2020-01-24 21:56:58 UTC (rev 555373) @@ -1,100 +0,0 @@ -From 5bc704e6a0de57d451cf551d74fa8543fc7ec9a0 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <jan.steff...@gmail.com> -Date: Tue, 10 Sep 2019 18:08:25 +0000 -Subject: [PATCH] Build and install libnssckbi-p11-kit.so - -Create an additional library which is a copy of p11-kit-trust.so but -uses the same label for root certs as libnssckbi.so: - "Builtin Object Token" instead of "Default Trust". - -https://bugs.freedesktop.org/show_bug.cgi?id=66161 ---- - trust/Makefile.am | 14 ++++++++++++++ - trust/meson.build | 13 +++++++++++++ - trust/module.c | 12 +++++++++++- - 3 files changed, 38 insertions(+), 1 deletion(-) - -diff --git a/trust/Makefile.am b/trust/Makefile.am -index b050a8f..4943aba 100644 ---- a/trust/Makefile.am -+++ b/trust/Makefile.am -@@ -66,6 +66,20 @@ p11_kit_trust_la_LDFLAGS = \ - - p11_kit_trust_la_SOURCES = $(TRUST_SRCS) trust/module-init.c - -+libnssckbi_compatdir = $(libdir) -+libnssckbi_compat_LTLIBRARIES = \ -+ libnssckbi-p11-kit.la -+ -+libnssckbi_p11_kit_la_CFLAGS = \ -+ -DLIBNSSCKBI_COMPAT \ -+ $(p11_kit_trust_la_CFLAGS) -+ -+libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD) -+ -+libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS) -+ -+libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES) -+ - libtrust_testable_la_LDFLAGS = \ - -no-undefined - -diff --git a/trust/meson.build b/trust/meson.build -index c5b978b..14993e5 100644 ---- a/trust/meson.build -+++ b/trust/meson.build -@@ -58,6 +58,19 @@ shared_module('p11-kit-trust', - install: true, - install_dir: prefix / p11_module_path) - -+shared_module('libnssckbi-p11-kit', -+ libtrust_sources, -+ 'module-init.c', -+ name_prefix: '', -+ c_args: p11_kit_trust_c_args + ['-DLIBNSSCKBI_COMPAT'], -+ dependencies: [libp11_library_dep] + libtasn1_deps, -+ link_args: p11_module_ldflags, -+ link_depends: [p11_module_symbol_map, -+ p11_module_symbol_def], -+ link_with: libtrust_data, -+ vs_module_defs: p11_module_symbol_def, -+ install: true) -+ - libtrust_testable_c_args = [ - '-DP11_DEFAULT_TRUST_PREFIX="@0@"'.format(meson.current_build_dir() / 'default'), - '-DP11_SYSTEM_TRUST_PREFIX="@0@"'.format(meson.current_build_dir() / 'system') -diff --git a/trust/module.c b/trust/module.c -index ec3333d..9204673 100644 ---- a/trust/module.c -+++ b/trust/module.c -@@ -201,7 +201,11 @@ create_tokens_inlock (p11_array *tokens, - int flags; - } labels[] = { - { "~/", "User Trust", P11_TOKEN_FLAG_NONE }, -+#ifdef LIBNSSCKBI_COMPAT -+ { P11_DEFAULT_TRUST_PREFIX, "Builtin Object Token", P11_TOKEN_FLAG_WRITE_PROTECTED }, -+#else - { P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED }, -+#endif - { P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE }, - { NULL }, - }; -@@ -534,8 +538,14 @@ sys_C_GetSlotInfo (CK_SLOT_ID id, - info->flags = CKF_TOKEN_PRESENT; - memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - -+#ifdef LIBNSSCKBI_COMPAT -+ /* Change description to match libnssckbi so HPKP works in Chromium */ -+ if (strcmp (p11_token_get_label (token), "Builtin Object Token") == 0) -+ path = "NSS Builtin Objects"; -+ else -+#endif -+ path = p11_token_get_path (token); - /* If too long, copy the first 64 characters into buffer */ -- path = p11_token_get_path (token); - length = strlen (path); - if (length > sizeof (info->slotDescription)) - length = sizeof (info->slotDescription); --- -2.23.0 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2020-01-24 21:56:54 UTC (rev 555372) +++ PKGBUILD 2020-01-24 21:56:58 UTC (rev 555373) @@ -3,30 +3,21 @@ pkgname=lib32-p11-kit pkgver=0.23.19 -pkgrel=1 +pkgrel=2 pkgdesc="Provides a way to load and enumerate PKCS#11 modules (32-bit)" arch=(x86_64) url="https://p11-glue.freedesktop.org" license=(BSD) -depends=(lib32-glibc lib32-libtasn1 lib32-libffi lib32-systemd p11-kit) -makedepends=(git meson) +depends=(lib32-glibc lib32-libtasn1 lib32-libffi p11-kit) +makedepends=(git meson lib32-systemd) provides=(libp11-kit.so) -_commit=b0ebe7555c291808db29377ba79cb8326301f0a6 # tags/0.23.18.1^0 -source=("git+https://github.com/p11-glue/p11-kit?signed#tag=$pkgver" - 0001-Build-and-install-libnssckbi-p11-kit.so.patch) -sha256sums=('SKIP' - 'e832eece10587ac50ae42ca4515786b51e67fea0647716061e51cd94f5e058cd') +source=("git+https://github.com/p11-glue/p11-kit?signed#tag=$pkgver") +sha256sums=('SKIP') validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF' # Stef Walter '462225C3B46F34879FC8496CD605848ED7E69871') # Daiki Ueno prepare() { cd p11-kit - - # Build and install an additional library (libnssckbi-p11-kit.so) which - # is a copy of p11-kit-trust.so but uses the same label for root certs as - # libnssckbi.so ("Builtin Object Token" instead of "Default Trust") - # https://bugs.freedesktop.org/show_bug.cgi?id=66161 - patch -Np1 -i ../0001-Build-and-install-libnssckbi-p11-kit.so.patch } build() {