source: postlfs/security/p11-kit.xml@ 82731495

11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 82731495 was 45ab6c7, checked in by Xi Ruoyao <xry111@…>, 3 years ago

more SVN prop clean up

Remove "$LastChanged$" everywhere, and also some unused $Date$
  • Property mode set to 100644
File size: 8.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY p11-kit-download-http "https://github.com/p11-glue/p11-kit/releases/download/&p11-kit-version;/p11-kit-&p11-kit-version;.tar.xz">
8 <!ENTITY p11-kit-download-ftp " ">
9 <!ENTITY p11-kit-md5sum "03f93a4eb62127b5d40e345c624a0665">
10 <!ENTITY p11-kit-size "812 KB">
11 <!ENTITY p11-kit-buildsize "47 MB (add 169 MB for tests)">
12 <!ENTITY p11-kit-time "0.2 SBU (add 0.6 SBU for tests)">
13]>
14
15<sect1 id="p11-kit" xreflabel="p11-kit-&p11-kit-version;">
16 <?dbhtml filename="p11-kit.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>p11-kit-&p11-kit-version;</title>
23
24 <indexterm zone="p11-kit">
25 <primary sortas="a-p11-kit">p11-kit</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to p11-kit</title>
30
31 <para>
32 The <application>p11-kit</application> package provides a way to load and
33 enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules.
34 </para>
35
36 &lfs101_checked;
37
38 <bridgehead renderas="sect3">Package Information</bridgehead>
39 <itemizedlist spacing="compact">
40 <listitem>
41 <para>
42 Download (HTTP): <ulink url="&p11-kit-download-http;"/>
43 </para>
44 </listitem>
45 <listitem>
46 <para>
47 Download (FTP): <ulink url="&p11-kit-download-ftp;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download MD5 sum: &p11-kit-md5sum;
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download size: &p11-kit-size;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Estimated disk space required: &p11-kit-buildsize;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated build time: &p11-kit-time;
68 </para>
69 </listitem>
70 </itemizedlist>
71
72 <bridgehead renderas="sect3">p11-kit Dependencies</bridgehead>
73
74 <!-- There is a check for libsystemd. It seems to install a systemd service
75 in /usr/lib/systemd/user.-->
76 <bridgehead renderas="sect4">Recommended</bridgehead>
77 <para role="recommended">
78 <xref linkend="libtasn1"/> and
79 <xref role="runtime" linkend="make-ca"/> (runtime)
80 </para>
81
82 <bridgehead renderas="sect4">Optional</bridgehead>
83 <para role="optional">
84 <xref linkend="gtk-doc"/>,
85 <xref linkend="libxslt"/>, and
86 <xref role="runtime" linkend="nss"/> (runtime)
87 </para>
88
89 <para condition="html" role="usernotes">User Notes:
90 <ulink url="&blfs-wiki;/p11-kit"/>
91 </para>
92 </sect2>
93
94 <sect2 role="installation">
95 <title>Installation of p11-kit</title>
96
97 <para>
98 Prepare the distribution specific anchor hook:
99 </para>
100
101<screen><userinput>sed '20,$ d' -i trust/trust-extract-compat &amp;&amp;
102cat &gt;&gt; trust/trust-extract-compat &lt;&lt; "EOF"
103<literal># Copy existing anchor modifications to /etc/ssl/local
104/usr/libexec/make-ca/copy-trust-modifications
105
106# Generate a new trust store
107/usr/sbin/make-ca -f -g</literal>
108EOF</userinput></screen>
109
110 <para>
111 Install <application>p11-kit</application> by running the following
112 commands:
113 </para>
114
115<screen><userinput>./configure --prefix=/usr \
116 --sysconfdir=/etc \
117 --with-trust-paths=/etc/pki/anchors &amp;&amp;
118make</userinput></screen>
119
120 <para>
121 To test the results, issue: <command>make check</command>.
122 Many tests will fail if the test suite is run as the
123 <systemitem class="username"> root</systemitem> user.
124 </para>
125
126 <para>
127 Now, as the <systemitem class="username">root</systemitem> user:
128 </para>
129
130<screen role="root"><userinput>make install &amp;&amp;
131ln -sfv /usr/libexec/p11-kit/trust-extract-compat \
132 /usr/bin/update-ca-certificates</userinput></screen>
133
134 </sect2>
135
136 <sect2 role="commands">
137 <title>Command Explanations</title>
138
139 <para>
140 <parameter>--with-trust-paths=/etc/pki/anchors</parameter>: this switch
141 sets the location of trusted certificates used by libp11-kit.so.
142 </para>
143
144 <para>
145 <option>--with-hash-impl=freebl</option>: Use this switch if you want to
146 use the Freebl library from <application>NSS</application> for SHA1 and
147 MD5 hashing.
148 </para>
149
150 <para>
151 <option>--enable-doc</option>: Use this switch if you have installed
152 <xref linkend="gtk-doc"/> and <xref linkend="libxslt"/> and wish to
153 rebuild the documentation and generate manual pages.
154 </para>
155
156 </sect2>
157
158 <sect2 role="configuration">
159 <title>Configuring p11-kit</title>
160
161 <para>
162 The <application>p11-kit</application> trust module
163 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
164 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
165 transparently make the system CAs available to
166 <application>NSS</application> aware applications, rather than the static
167 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
168 <systemitem class="username">root</systemitem> user, execute the
169 following commands:
170 </para>
171
172<screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen>
173
174 </sect2>
175
176 <sect2 role="content">
177 <title>Contents</title>
178
179 <segmentedlist>
180 <segtitle>Installed Programs</segtitle>
181 <segtitle>Installed Libraries</segtitle>
182 <segtitle>Installed Directories</segtitle>
183
184 <seglistitem>
185 <seg>
186 p11-kit, trust, and update-ca-certificates
187 </seg>
188 <seg>
189 libp11-kit.so and p11-kit-proxy.so
190 </seg>
191 <seg>
192 /etc/pkcs11,
193 /usr/include/p11-kit-1,
194 /usr/lib/pkcs11,
195 /usr/libexec/p11-kit,
196 /usr/share/gtk-doc/html/p11-kit, and
197 /usr/share/p11-kit
198 </seg>
199 </seglistitem>
200 </segmentedlist>
201
202 <variablelist>
203 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
204 <?dbfo list-presentation="list"?>
205 <?dbhtml list-presentation="table"?>
206
207 <varlistentry id="p11-kit-prog">
208 <term><command>p11-kit</command></term>
209 <listitem>
210 <para>
211 is a command line tool that can be used to perform operations
212 on PKCS#11 modules configured on the system
213 </para>
214 <indexterm zone="p11-kit p11-kit-prog">
215 <primary sortas="b-p11-kit">p11-kit</primary>
216 </indexterm>
217 </listitem>
218 </varlistentry>
219
220 <varlistentry id="trust">
221 <term><command>trust</command></term>
222 <listitem>
223 <para>
224 is a command line tool to examine and modify the shared trust
225 policy store
226 </para>
227 <indexterm zone="p11-kit trust">
228 <primary sortas="b-trust">trust</primary>
229 </indexterm>
230 </listitem>
231 </varlistentry>
232
233 <varlistentry id="update-ca-certificates">
234 <term><command>update-ca-certificates</command></term>
235 <listitem>
236 <para>
237 is a command line tool to both extract local certificates from an
238 updated anchor store, and regenerate all anchors and certificate
239 stores on the system. This is done unconditionally on BLFS using
240 the <parameter>--force</parameter> and <parameter>--get</parameter>
241 flags to <command>make-ca</command> and should likely not be used
242 for automated updates
243 </para>
244 <indexterm zone="p11-kit update-ca-certificates">
245 <primary sortas="b-update-ca-certificates">update-ca-certificates</primary>
246 </indexterm>
247 </listitem>
248 </varlistentry>
249
250 <varlistentry id="libp11-kit">
251 <term><filename class="libraryfile">libp11-kit.so</filename></term>
252 <listitem>
253 <para>
254 contains functions used to coordinate initialization and
255 finalization of any PKCS#11 module
256 </para>
257 <indexterm zone="p11-kit libp11-kit">
258 <primary sortas="c-libp11-kit">libp11-kit.so</primary>
259 </indexterm>
260 </listitem>
261 </varlistentry>
262
263 <varlistentry id="p11-kit-proxy">
264 <term><filename class="libraryfile">p11-kit-proxy.so</filename></term>
265 <listitem>
266 <para>
267 is the PKCS#11 proxy module
268 </para>
269 <indexterm zone="p11-kit p11-kit-proxy">
270 <primary sortas="c-p11-kit-proxy">p11-kit-proxy.so</primary>
271 </indexterm>
272 </listitem>
273 </varlistentry>
274
275 </variablelist>
276
277 </sect2>
278
279</sect1>
Note: See TracBrowser for help on using the repository browser.