Context Navigation

source: postlfs/security/p11-kit.xml@ 307e799

Visit:

11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 307e799 was 307e799, checked in by Xi Ruoyao <xry111@…>, 3 years ago
update to p11-kit-0.24.0 (#15111)
Property mode set to `100644`
File size: 8.7 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY p11-kit-download-http "https://github.com/p11-glue/p11-kit/releases/download/&p11-kit-version;/p11-kit-&p11-kit-version;.tar.xz">
8	<!ENTITY p11-kit-download-ftp " ">
9	<!ENTITY p11-kit-md5sum "8ccf11c4a2e2e505b8e516d8549e64a5">
10	<!ENTITY p11-kit-size "816 KB">
11	<!ENTITY p11-kit-buildsize "56 MB (with tests)">
12	<!ENTITY p11-kit-time "0.2 SBU (add 0.6 SBU for tests)">
13	]>
14
15	<sect1 id="p11-kit" xreflabel="p11-kit-&p11-kit-version;">
16	<?dbhtml filename="p11-kit.html"?>
17
18	<sect1info>
19	<date>$Date$</date>
20	</sect1info>
21
22	<title>p11-kit-&p11-kit-version;</title>
23
24	<indexterm zone="p11-kit">
25	<primary sortas="a-p11-kit">p11-kit</primary>
26	</indexterm>
27
28	<sect2 role="package">
29	<title>Introduction to p11-kit</title>
30
31	<para>
32	The <application>p11-kit</application> package provides a way to load and
33	enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules.
34	</para>
35
36	&lfs101_checked;
37
38	<bridgehead renderas="sect3">Package Information</bridgehead>
39	<itemizedlist spacing="compact">
40	<listitem>
41	<para>
42	Download (HTTP): <ulink url="&p11-kit-download-http;"/>
43	</para>
44	</listitem>
45	<listitem>
46	<para>
47	Download (FTP): <ulink url="&p11-kit-download-ftp;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download MD5 sum: &p11-kit-md5sum;
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download size: &p11-kit-size;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Estimated disk space required: &p11-kit-buildsize;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated build time: &p11-kit-time;
68	</para>
69	</listitem>
70	</itemizedlist>
71
72	<bridgehead renderas="sect3">p11-kit Dependencies</bridgehead>
73
74	<!-- There is a check for libsystemd. It seems to install a systemd service
75	in /usr/lib/systemd/user.-->
76	<bridgehead renderas="sect4">Recommended</bridgehead>
77	<para role="recommended">
78	<xref linkend="libtasn1"/> and
79	<xref role="runtime" linkend="make-ca"/> (runtime)
80	</para>
81
82	<bridgehead renderas="sect4">Optional</bridgehead>
83	<para role="optional">
84	<xref linkend="gtk-doc"/>,
85	<xref linkend="libxslt"/>, and
86	<xref role="runtime" linkend="nss"/> (runtime)
87	</para>
88
89	<para condition="html" role="usernotes">User Notes:
90	<ulink url="&blfs-wiki;/p11-kit"/>
91	</para>
92	</sect2>
93
94	<sect2 role="installation">
95	<title>Installation of p11-kit</title>
96
97	<para>
98	Prepare the distribution specific anchor hook:
99	</para>
100
101	<screen><userinput>sed '20,$ d' -i trust/trust-extract-compat &&
102	cat >> trust/trust-extract-compat << "EOF"
103	<literal># Copy existing anchor modifications to /etc/ssl/local
104	/usr/libexec/make-ca/copy-trust-modifications
105
106	# Generate a new trust store
107	/usr/sbin/make-ca -f -g</literal>
108	EOF</userinput></screen>
109
110	<para>
111	Install <application>p11-kit</application> by running the following
112	commands:
113	</para>
114
115	<screen><userinput>mkdir build &&
116	cd build &&
117
118	meson --prefix=/usr \
119	--buildtype=release \
120	-Dtrust_paths=/etc/pki/anchors &&
121	ninja</userinput></screen>
122
123	<para>
124	To test the results, issue: <command>ninja test</command>.
125	</para>
126
127	<para>
128	Now, as the <systemitem class="username">root</systemitem> user:
129	</para>
130
131	<screen role="root"><userinput>ninja install &&
132	ln -sfv /usr/libexec/p11-kit/trust-extract-compat \
133	/usr/bin/update-ca-certificates</userinput></screen>
134
135	</sect2>
136
137	<sect2 role="commands">
138	<title>Command Explanations</title>
139
140	<para>
141	<parameter>--buildtype=release</parameter>: Override the default
142	buildtype (<quote>debug</quote>), which would produce unoptimized
143	binaries.
144	</para>
145
146	<para>
147	<parameter>-Dtrust_paths=/etc/pki/anchors</parameter>: this switch
148	sets the location of trusted certificates used by libp11-kit.so.
149	</para>
150
151	<para>
152	<option>-Dhash_impl=freebl</option>: Use this switch if you want to
153	use the Freebl library from <application>NSS</application> for SHA1 and
154	MD5 hashing.
155	</para>
156
157	<para>
158	<option>-Dgtk_doc=true</option>: Use this switch if you have installed
159	<xref linkend="gtk-doc"/> and <xref linkend="libxslt"/> and wish to
160	rebuild the documentation and generate manual pages.
161	</para>
162
163	</sect2>
164
165	<sect2 role="configuration">
166	<title>Configuring p11-kit</title>
167
168	<para>
169	The <application>p11-kit</application> trust module
170	(<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
171	drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
172	transparently make the system CAs available to
173	<application>NSS</application> aware applications, rather than the static
174	list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
175	<systemitem class="username">root</systemitem> user, execute the
176	following commands:
177	</para>
178
179	<screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen>
180
181	</sect2>
182
183	<sect2 role="content">
184	<title>Contents</title>
185
186	<segmentedlist>
187	<segtitle>Installed Programs</segtitle>
188	<segtitle>Installed Libraries</segtitle>
189	<segtitle>Installed Directories</segtitle>
190
191	<seglistitem>
192	<seg>
193	p11-kit, trust, and update-ca-certificates
194	</seg>
195	<seg>
196	libp11-kit.so and p11-kit-proxy.so
197	</seg>
198	<seg>
199	/etc/pkcs11,
200	/usr/include/p11-kit-1,
201	/usr/lib/pkcs11,
202	/usr/libexec/p11-kit,
203	/usr/share/gtk-doc/html/p11-kit, and
204	/usr/share/p11-kit
205	</seg>
206	</seglistitem>
207	</segmentedlist>
208
209	<variablelist>
210	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
211	<?dbfo list-presentation="list"?>
212	<?dbhtml list-presentation="table"?>
213
214	<varlistentry id="p11-kit-prog">
215	<term><command>p11-kit</command></term>
216	<listitem>
217	<para>
218	is a command line tool that can be used to perform operations
219	on PKCS#11 modules configured on the system
220	</para>
221	<indexterm zone="p11-kit p11-kit-prog">
222	<primary sortas="b-p11-kit">p11-kit</primary>
223	</indexterm>
224	</listitem>
225	</varlistentry>
226
227	<varlistentry id="trust">
228	<term><command>trust</command></term>
229	<listitem>
230	<para>
231	is a command line tool to examine and modify the shared trust
232	policy store
233	</para>
234	<indexterm zone="p11-kit trust">
235	<primary sortas="b-trust">trust</primary>
236	</indexterm>
237	</listitem>
238	</varlistentry>
239
240	<varlistentry id="update-ca-certificates">
241	<term><command>update-ca-certificates</command></term>
242	<listitem>
243	<para>
244	is a command line tool to both extract local certificates from an
245	updated anchor store, and regenerate all anchors and certificate
246	stores on the system. This is done unconditionally on BLFS using
247	the <parameter>--force</parameter> and <parameter>--get</parameter>
248	flags to <command>make-ca</command> and should likely not be used
249	for automated updates
250	</para>
251	<indexterm zone="p11-kit update-ca-certificates">
252	<primary sortas="b-update-ca-certificates">update-ca-certificates</primary>
253	</indexterm>
254	</listitem>
255	</varlistentry>
256
257	<varlistentry id="libp11-kit">
258	<term><filename class="libraryfile">libp11-kit.so</filename></term>
259	<listitem>
260	<para>
261	contains functions used to coordinate initialization and
262	finalization of any PKCS#11 module
263	</para>
264	<indexterm zone="p11-kit libp11-kit">
265	<primary sortas="c-libp11-kit">libp11-kit.so</primary>
266	</indexterm>
267	</listitem>
268	</varlistentry>
269
270	<varlistentry id="p11-kit-proxy">
271	<term><filename class="libraryfile">p11-kit-proxy.so</filename></term>
272	<listitem>
273	<para>
274	is the PKCS#11 proxy module
275	</para>
276	<indexterm zone="p11-kit p11-kit-proxy">
277	<primary sortas="c-p11-kit-proxy">p11-kit-proxy.so</primary>
278	</indexterm>
279	</listitem>
280	</varlistentry>
281
282	</variablelist>
283
284	</sect2>
285
286	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: