diff options
-rw-r--r-- | .SRCINFO | 14 | ||||
-rw-r--r-- | 0001-Build-and-install-libnssckbi-p11-kit.so.patch | 76 | ||||
-rw-r--r-- | PKGBUILD | 33 |
3 files changed, 107 insertions, 16 deletions
@@ -1,10 +1,8 @@ -# Generated by mksrcinfo v8 -# Fri Jan 19 18:15:18 UTC 2018 pkgbase = mingw-w64-p11-kit - pkgdesc = Library to work with PKCS#11 modules (mingw-w64) - pkgver = 0.23.9 + pkgdesc = Provides a way to load and enumerate PKCS#11modules (mingw-w64) + pkgver = 0.23.10+14+gba6ebb0 pkgrel = 1 - url = http://p11-glue.freedesktop.org + url = https://p11-glue.freedesktop.org arch = any license = BSD makedepends = mingw-w64-configure @@ -14,8 +12,10 @@ pkgbase = mingw-w64-p11-kit options = staticlibs options = !buildflags options = !strip - source = https://github.com/p11-glue/p11-kit/releases/download/0.23.9/p11-kit-0.23.9.tar.gz - sha256sums = e1c1649c335107a8d33cf3762eb7f57b2d0681f0c7d8353627293a58d6b4db63 + source = git+https://github.com/p11-glue/p11-kit#commit=ba6ebb05fc0c8010d8510984ce3c5f908edf13b6 + source = 0001-Build-and-install-libnssckbi-p11-kit.so.patch + sha256sums = SKIP + sha256sums = 0736f74cec5ca49d91afa47cd84f9ac0404947bf0064358e22c3e53b69e82798 pkgname = mingw-w64-p11-kit diff --git a/0001-Build-and-install-libnssckbi-p11-kit.so.patch b/0001-Build-and-install-libnssckbi-p11-kit.so.patch new file mode 100644 index 000000000000..62d3b1c7348a --- /dev/null +++ b/0001-Build-and-install-libnssckbi-p11-kit.so.patch @@ -0,0 +1,76 @@ +From ec8bb05e15640b1857b94ded128bc33ca7ec7fe0 Mon Sep 17 00:00:00 2001 +Message-Id: <ec8bb05e15640b1857b94ded128bc33ca7ec7fe0.1519917784.git.jan.steffens@gmail.com> +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Thu, 1 Mar 2018 16:20:59 +0100 +Subject: [PATCH] Build and install libnssckbi-p11-kit.so + +Create an additional library which is a copy of p11-kit-trust.so but +uses the same label for root certs as libnssckbi.so: + "Builtin Object Token" instead of "Default Trust". + +https://bugs.freedesktop.org/show_bug.cgi?id=66161 +--- + trust/Makefile.am | 14 ++++++++++++++ + trust/module.c | 12 +++++++++++- + 2 files changed, 25 insertions(+), 1 deletion(-) + +diff --git a/trust/Makefile.am b/trust/Makefile.am +index 6e52c4d..157a1d9 100644 +--- a/trust/Makefile.am ++++ b/trust/Makefile.am +@@ -66,6 +66,20 @@ p11_kit_trust_la_LDFLAGS = \ + + p11_kit_trust_la_SOURCES = $(TRUST_SRCS) + ++libnssckbi_compatdir = $(libdir) ++libnssckbi_compat_LTLIBRARIES = \ ++ libnssckbi-p11-kit.la ++ ++libnssckbi_p11_kit_la_CFLAGS = \ ++ -DLIBNSSCKBI_COMPAT \ ++ $(p11_kit_trust_la_CFLAGS) ++ ++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD) ++ ++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS) ++ ++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES) ++ + libtrust_testable_la_LDFLAGS = \ + -no-undefined + +diff --git a/trust/module.c b/trust/module.c +index e8b7256..d578a90 100644 +--- a/trust/module.c ++++ b/trust/module.c +@@ -201,7 +201,11 @@ create_tokens_inlock (p11_array *tokens, + int flags; + } labels[] = { + { "~/", "User Trust", P11_TOKEN_FLAG_NONE }, ++#ifdef LIBNSSCKBI_COMPAT ++ { P11_DEFAULT_TRUST_PREFIX, "Builtin Object Token", P11_TOKEN_FLAG_WRITE_PROTECTED }, ++#else + { P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED }, ++#endif + { P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE }, + { NULL }, + }; +@@ -529,8 +533,14 @@ sys_C_GetSlotInfo (CK_SLOT_ID id, + info->flags = CKF_TOKEN_PRESENT; + strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + ++#ifdef LIBNSSCKBI_COMPAT ++ /* Change description to match libnssckbi so HPKP works in Chromium */ ++ if (strcmp (p11_token_get_label (token), "Builtin Object Token") == 0) ++ path = "NSS Builtin Objects"; ++ else ++#endif ++ path = p11_token_get_path (token); + /* If too long, copy the first 64 characters into buffer */ +- path = p11_token_get_path (token); + length = strlen (path); + if (length > sizeof (info->slotDescription)) + length = sizeof (info->slotDescription); +-- +2.16.1 + @@ -1,26 +1,41 @@ pkgname=mingw-w64-p11-kit -pkgver=0.23.9 +pkgver=0.23.10+14+gba6ebb0 pkgrel=1 -pkgdesc="Library to work with PKCS#11 modules (mingw-w64)" +pkgdesc="Provides a way to load and enumerate PKCS#11modules (mingw-w64)" arch=(any) -url="http://p11-glue.freedesktop.org" +url="https://p11-glue.freedesktop.org" license=('BSD') depends=('mingw-w64-crt' 'mingw-w64-libtasn1' 'mingw-w64-libffi') makedepends=('mingw-w64-configure') options=('staticlibs' '!buildflags' '!strip') -source=($url/releases/p11-kit-$pkgver.tar.gz mingw-p11-kit-setenv.patch) -source=("https://github.com/p11-glue/p11-kit/releases/download/${pkgver}/p11-kit-${pkgver}.tar.gz") -sha256sums=('e1c1649c335107a8d33cf3762eb7f57b2d0681f0c7d8353627293a58d6b4db63') +_commit=ba6ebb05fc0c8010d8510984ce3c5f908edf13b6 # after MinGW fix +source=("git+https://github.com/p11-glue/p11-kit#commit=$_commit" + 0001-Build-and-install-libnssckbi-p11-kit.so.patch) +sha256sums=('SKIP' + '0736f74cec5ca49d91afa47cd84f9ac0404947bf0064358e22c3e53b69e82798') _architectures="i686-w64-mingw32 x86_64-w64-mingw32" +pkgver() { + cd "$srcdir"/p11-kit + git describe --tags | sed 's/-/+/g' +} + prepare() { - cd "$srcdir"/p11-kit-${pkgver} + cd "$srcdir"/p11-kit + + # Build and install an additional library (libnssckbi-p11-kit.so) which + # is a copy of p11-kit-trust.so but uses the same label for root certs as + # libnssckbi.so ("Builtin Object Token" instead of "Default Trust") + # https://bugs.freedesktop.org/show_bug.cgi?id=66161 + patch -Np1 -i ../0001-Build-and-install-libnssckbi-p11-kit.so.patch + + NOCONFIGURE=1 ./autogen.sh } build() { - cd "$srcdir"/p11-kit-${pkgver} + cd "$srcdir"/p11-kit for _arch in ${_architectures}; do mkdir -p build-${_arch} && pushd build-${_arch} ${_arch}-configure --disable-static --disable-silent-rules --disable-trust-module @@ -31,7 +46,7 @@ build() { package() { for _arch in ${_architectures}; do - cd "$srcdir"/p11-kit-${pkgver}/build-${_arch} + cd "$srcdir"/p11-kit/build-${_arch} make install DESTDIR="$pkgdir" rm "$pkgdir"/usr/${_arch}/bin/*.exe rm -r "$pkgdir"/usr/${_arch}/libexec |