source: postlfs/security/p11-kit.xml@ 3345cfea

12.0 12.1 kea ken/TL2024 ken/tuningfonts lazarus lxqt plabs/newcss python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal
Last change on this file since 3345cfea was 91318eb, checked in by Pierre Labastie <pierre.labastie@…>, 16 months ago

Add "setup" to meson commands

I've not been very consistent on typography, but it is a start
  • Property mode set to 100644
File size: 8.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY p11-kit-download-http "https://github.com/p11-glue/p11-kit/releases/download/&p11-kit-version;/p11-kit-&p11-kit-version;.tar.xz">
8 <!ENTITY p11-kit-download-ftp " ">
9 <!ENTITY p11-kit-md5sum "67b2539bdca6b4bedaeecc12864d2796">
10 <!ENTITY p11-kit-size "820 KB">
11 <!ENTITY p11-kit-buildsize "44 MB (with tests)">
12 <!ENTITY p11-kit-time "0.5 SBU (with tests)">
13]>
14
15<sect1 id="p11-kit" xreflabel="p11-kit-&p11-kit-version;">
16 <?dbhtml filename="p11-kit.html"?>
17
18
19 <title>p11-kit-&p11-kit-version;</title>
20
21 <indexterm zone="p11-kit">
22 <primary sortas="a-p11-kit">p11-kit</primary>
23 </indexterm>
24
25 <sect2 role="package">
26 <title>Introduction to p11-kit</title>
27
28 <para>
29 The <application>p11-kit</application> package provides a way to load and
30 enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules.
31 </para>
32
33 &lfs113_checked;
34
35 <bridgehead renderas="sect3">Package Information</bridgehead>
36 <itemizedlist spacing="compact">
37 <listitem>
38 <para>
39 Download (HTTP): <ulink url="&p11-kit-download-http;"/>
40 </para>
41 </listitem>
42 <listitem>
43 <para>
44 Download (FTP): <ulink url="&p11-kit-download-ftp;"/>
45 </para>
46 </listitem>
47 <listitem>
48 <para>
49 Download MD5 sum: &p11-kit-md5sum;
50 </para>
51 </listitem>
52 <listitem>
53 <para>
54 Download size: &p11-kit-size;
55 </para>
56 </listitem>
57 <listitem>
58 <para>
59 Estimated disk space required: &p11-kit-buildsize;
60 </para>
61 </listitem>
62 <listitem>
63 <para>
64 Estimated build time: &p11-kit-time;
65 </para>
66 </listitem>
67 </itemizedlist>
68
69 <bridgehead renderas="sect3">p11-kit Dependencies</bridgehead>
70
71 <!-- There is a check for libsystemd. It seems to install a systemd service
72 in /usr/lib/systemd/user.-->
73 <bridgehead renderas="sect4">Recommended</bridgehead>
74 <para role="recommended">
75 <xref linkend="libtasn1"/> and
76 <xref role="runtime" linkend="make-ca"/> (runtime)
77 </para>
78
79 <bridgehead renderas="sect4">Optional</bridgehead>
80 <para role="optional">
81 <xref linkend="gtk-doc"/>,
82 <xref linkend="libxslt"/>, and
83 <xref role="runtime" linkend="nss"/> (runtime)
84 </para>
85
86 <para condition="html" role="usernotes">User Notes:
87 <ulink url="&blfs-wiki;/p11-kit"/>
88 </para>
89 </sect2>
90
91 <sect2 role="installation">
92 <title>Installation of p11-kit</title>
93
94 <para>
95 Prepare the distribution specific anchor hook:
96 </para>
97
98<screen><userinput>sed '20,$ d' -i trust/trust-extract-compat &amp;&amp;
99cat &gt;&gt; trust/trust-extract-compat &lt;&lt; "EOF"
100<literal># Copy existing anchor modifications to /etc/ssl/local
101/usr/libexec/make-ca/copy-trust-modifications
102
103# Update trust stores
104/usr/sbin/make-ca -r</literal>
105EOF</userinput></screen>
106
107 <para>
108 Install <application>p11-kit</application> by running the following
109 commands:
110 </para>
111
112<screen><userinput>mkdir p11-build &amp;&amp;
113cd p11-build &amp;&amp;
114
115meson setup .. \
116 --prefix=/usr \
117 --buildtype=release \
118 -Dtrust_paths=/etc/pki/anchors &amp;&amp;
119ninja</userinput></screen>
120
121 <para>
122 To test the results, issue: <command>ninja test</command>.
123 </para>
124
125 <para>
126 Now, as the <systemitem class="username">root</systemitem> user:
127 </para>
128
129<screen role="root"><userinput>ninja install &amp;&amp;
130ln -sfv /usr/libexec/p11-kit/trust-extract-compat \
131 /usr/bin/update-ca-certificates</userinput></screen>
132
133 </sect2>
134
135 <sect2 role="commands">
136 <title>Command Explanations</title>
137
138 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
139 href="../../xincludes/meson-buildtype-release.xml"/>
140
141 <para>
142 <parameter>-Dtrust_paths=/etc/pki/anchors</parameter>: this switch
143 sets the location of trusted certificates used by libp11-kit.so.
144 </para>
145
146 <para>
147 <option>-Dhash_impl=freebl</option>: Use this switch if you want to
148 use the Freebl library from <application>NSS</application> for SHA1 and
149 MD5 hashing.
150 </para>
151
152 <para>
153 <option>-Dgtk_doc=true</option>: Use this switch if you have installed
154 <xref linkend="gtk-doc"/> and <xref linkend="libxslt"/> and wish to
155 rebuild the documentation and generate manual pages.
156 </para>
157
158 </sect2>
159
160 <sect2 role="configuration">
161 <title>Configuring p11-kit</title>
162
163 <para>
164 The <application>p11-kit</application> trust module
165 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
166 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
167 transparently make the system CAs available to
168 <application>NSS</application> aware applications, rather than the static
169 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
170 <systemitem class="username">root</systemitem> user, execute the
171 following commands:
172 </para>
173
174<screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen>
175
176 </sect2>
177
178 <sect2 role="content">
179 <title>Contents</title>
180
181 <segmentedlist>
182 <segtitle>Installed Programs</segtitle>
183 <segtitle>Installed Libraries</segtitle>
184 <segtitle>Installed Directories</segtitle>
185
186 <seglistitem>
187 <seg>
188 p11-kit, trust, and update-ca-certificates
189 </seg>
190 <seg>
191 libp11-kit.so and p11-kit-proxy.so
192 </seg>
193 <seg>
194 /etc/pkcs11,
195 /usr/include/p11-kit-1,
196 /usr/lib/pkcs11,
197 /usr/libexec/p11-kit,
198 /usr/share/gtk-doc/html/p11-kit, and
199 /usr/share/p11-kit
200 </seg>
201 </seglistitem>
202 </segmentedlist>
203
204 <variablelist>
205 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
206 <?dbfo list-presentation="list"?>
207 <?dbhtml list-presentation="table"?>
208
209 <varlistentry id="p11-kit-prog">
210 <term><command>p11-kit</command></term>
211 <listitem>
212 <para>
213 is a command line tool that can be used to perform operations
214 on PKCS#11 modules configured on the system
215 </para>
216 <indexterm zone="p11-kit p11-kit-prog">
217 <primary sortas="b-p11-kit">p11-kit</primary>
218 </indexterm>
219 </listitem>
220 </varlistentry>
221
222 <varlistentry id="trust">
223 <term><command>trust</command></term>
224 <listitem>
225 <para>
226 is a command line tool to examine and modify the shared trust
227 policy store
228 </para>
229 <indexterm zone="p11-kit trust">
230 <primary sortas="b-trust">trust</primary>
231 </indexterm>
232 </listitem>
233 </varlistentry>
234
235 <varlistentry id="update-ca-certificates">
236 <term><command>update-ca-certificates</command></term>
237 <listitem>
238 <para>
239 is a command line tool to both extract local certificates from an
240 updated anchor store, and regenerate all anchors and certificate
241 stores on the system. This is done unconditionally on BLFS using
242 the <parameter>--force</parameter> and <parameter>--get</parameter>
243 flags to <command>make-ca</command> and should likely not be used
244 for automated updates
245 </para>
246 <indexterm zone="p11-kit update-ca-certificates">
247 <primary sortas="b-update-ca-certificates">update-ca-certificates</primary>
248 </indexterm>
249 </listitem>
250 </varlistentry>
251
252 <varlistentry id="libp11-kit">
253 <term><filename class="libraryfile">libp11-kit.so</filename></term>
254 <listitem>
255 <para>
256 contains functions used to coordinate initialization and
257 finalization of any PKCS#11 module
258 </para>
259 <indexterm zone="p11-kit libp11-kit">
260 <primary sortas="c-libp11-kit">libp11-kit.so</primary>
261 </indexterm>
262 </listitem>
263 </varlistentry>
264
265 <varlistentry id="p11-kit-proxy">
266 <term><filename class="libraryfile">p11-kit-proxy.so</filename></term>
267 <listitem>
268 <para>
269 is the PKCS#11 proxy module
270 </para>
271 <indexterm zone="p11-kit p11-kit-proxy">
272 <primary sortas="c-p11-kit-proxy">p11-kit-proxy.so</primary>
273 </indexterm>
274 </listitem>
275 </varlistentry>
276
277 </variablelist>
278
279 </sect2>
280
281</sect1>
Note: See TracBrowser for help on using the repository browser.