On Sun, 14 Aug 2022 17:10:37 +0200 Andrea Venturoli <[email protected]>
wrote:
> On 8/13/22 11:51, Tijl Coosemans wrote:
>> Try this patch for p11-kit. If it works you can file a bug against
>> p11-kit, because I believe ports are supposed to move away from
>> ca_root_nss.
>>
>> --- a/security/p11-kit/Makefile
>> +++ b/security/p11-kit/Makefile
>> @@ -25,7 +25,7 @@ MESON_ARGS= -Dbash_completion=enabled \
>> -Dlibffi=enabled \
>> -Dnls=false \
>> -Dtrust_module=enabled \
>> - -Dtrust_paths=${LOCALBASE}/share/certs/ca-root-nss.crt
>> + -Dtrust_paths=/etc/ssl/certs
>>
>> OPTIONS_DEFINE= DOCS MANPAGES TEST
>> OPTIONS_SUB= yes
>
> Hello and thanks.
> Unfortunately this does not seem to work.
>
> "trust list" now outputs nothing.
> ("Standard" "trust list" of course outputs all certs from ca_root_nss).
>
> You are right that, according to the documentation, this should work; I
> have no idea why it doesn't though.
Try this patch instead.
diff --git a/security/p11-kit/Makefile b/security/p11-kit/Makefile
index 6c0d4d634505..68ae7d58a122 100644
--- a/security/p11-kit/Makefile
+++ b/security/p11-kit/Makefile
@@ -10,9 +10,7 @@ COMMENT= Library for loading and enumerating of PKCS\#11 modules
LICENSE= BSD3CLAUSE
LICENSE_FILE= ${WRKSRC}/COPYING
-BUILD_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss \
- bash-completion>=0:shells/bash-completion
-RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
+BUILD_DEPENDS= bash-completion>=0:shells/bash-completion
LIB_DEPENDS= libffi.so:devel/libffi \
libtasn1.so:security/libtasn1
@@ -25,7 +23,7 @@ MESON_ARGS= -Dbash_completion=enabled \
-Dlibffi=enabled \
-Dnls=false \
-Dtrust_module=enabled \
- -Dtrust_paths=${LOCALBASE}/share/certs/ca-root-nss.crt
+ -Dtrust_paths=${DATADIR}/certs
OPTIONS_DEFINE= DOCS MANPAGES TEST
OPTIONS_SUB= yes
@@ -46,5 +44,8 @@ post-install:
${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
${MV} ${STAGEDIR}${PREFIX}/etc/pkcs11/pkcs11.conf.example ${STAGEDIR}${EXAMPLESDIR}
${RMDIR} ${STAGEDIR}${PREFIX}/etc/pkcs11
+ ${MKDIR} ${STAGEDIR}${DATADIR}/certs
+ ${LN} -s /etc/ssl/certs ${STAGEDIR}${DATADIR}/certs/anchors
+ ${LN} -s /etc/ssl/untrusted ${STAGEDIR}${DATADIR}/certs/blocklist
.include <bsd.port.mk>
diff --git a/security/p11-kit/pkg-plist b/security/p11-kit/pkg-plist
index 7341c822cc7f..dac887134044 100644
--- a/security/p11-kit/pkg-plist
+++ b/security/p11-kit/pkg-plist
@@ -61,5 +61,7 @@ share/bash-completion/completions/trust
%%DOCS%%share/gtk-doc/html/p11-kit/trust.html
%%DOCS%%share/gtk-doc/html/p11-kit/up-insensitive.png
%%DOCS%%share/gtk-doc/html/p11-kit/up.png
+%%DATADIR%%/certs/anchors
+%%DATADIR%%/certs/blocklist
%%DATADIR%%/modules/p11-kit-trust.module
%%EXAMPLESDIR%%/pkcs11.conf.example
