source: postlfs/security/p11-kit.xml@ bb37db9

trunk
Last change on this file since bb37db9 was bb37db9, checked in by Bruce Dubbs <bdubbs@…>, 7 weeks ago

Tweal build directory name in p11-kit

  • Property mode set to 100644
File size: 8.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY p11-kit-download-http "https://github.com/p11-glue/p11-kit/releases/download/&p11-kit-version;/p11-kit-&p11-kit-version;.tar.xz">
8 <!ENTITY p11-kit-download-ftp " ">
9 <!ENTITY p11-kit-md5sum "8ccf11c4a2e2e505b8e516d8549e64a5">
10 <!ENTITY p11-kit-size "816 KB">
11 <!ENTITY p11-kit-buildsize "56 MB (with tests)">
12 <!ENTITY p11-kit-time "0.2 SBU (add 0.6 SBU for tests)">
13]>
14
15<sect1 id="p11-kit" xreflabel="p11-kit-&p11-kit-version;">
16 <?dbhtml filename="p11-kit.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>p11-kit-&p11-kit-version;</title>
23
24 <indexterm zone="p11-kit">
25 <primary sortas="a-p11-kit">p11-kit</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to p11-kit</title>
30
31 <para>
32 The <application>p11-kit</application> package provides a way to load and
33 enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules.
34 </para>
35
36 &lfs101_checked;
37
38 <bridgehead renderas="sect3">Package Information</bridgehead>
39 <itemizedlist spacing="compact">
40 <listitem>
41 <para>
42 Download (HTTP): <ulink url="&p11-kit-download-http;"/>
43 </para>
44 </listitem>
45 <listitem>
46 <para>
47 Download (FTP): <ulink url="&p11-kit-download-ftp;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download MD5 sum: &p11-kit-md5sum;
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download size: &p11-kit-size;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Estimated disk space required: &p11-kit-buildsize;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated build time: &p11-kit-time;
68 </para>
69 </listitem>
70 </itemizedlist>
71
72 <bridgehead renderas="sect3">p11-kit Dependencies</bridgehead>
73
74 <!-- There is a check for libsystemd. It seems to install a systemd service
75 in /usr/lib/systemd/user.-->
76 <bridgehead renderas="sect4">Recommended</bridgehead>
77 <para role="recommended">
78 <xref linkend="libtasn1"/> and
79 <xref role="runtime" linkend="make-ca"/> (runtime)
80 </para>
81
82 <bridgehead renderas="sect4">Optional</bridgehead>
83 <para role="optional">
84 <xref linkend="gtk-doc"/>,
85 <xref linkend="libxslt"/>, and
86 <xref role="runtime" linkend="nss"/> (runtime)
87 </para>
88
89 <para condition="html" role="usernotes">User Notes:
90 <ulink url="&blfs-wiki;/p11-kit"/>
91 </para>
92 </sect2>
93
94 <sect2 role="installation">
95 <title>Installation of p11-kit</title>
96
97 <para>
98 Prepare the distribution specific anchor hook:
99 </para>
100
101<screen><userinput>sed '20,$ d' -i trust/trust-extract-compat &amp;&amp;
102cat &gt;&gt; trust/trust-extract-compat &lt;&lt; "EOF"
103<literal># Copy existing anchor modifications to /etc/ssl/local
104/usr/libexec/make-ca/copy-trust-modifications
105
106# Generate a new trust store
107/usr/sbin/make-ca -f -g</literal>
108EOF</userinput></screen>
109
110 <para>
111 Install <application>p11-kit</application> by running the following
112 commands:
113 </para>
114
115<screen><userinput>mkdir p11-build &amp;&amp;
116cd p11-build &amp;&amp;
117
118meson --prefix=/usr \
119 --buildtype=release \
120 -Dtrust_paths=/etc/pki/anchors &amp;&amp;
121ninja</userinput></screen>
122
123 <para>
124 To test the results, issue: <command>ninja test</command>.
125 </para>
126
127 <para>
128 Now, as the <systemitem class="username">root</systemitem> user:
129 </para>
130
131<screen role="root"><userinput>ninja install &amp;&amp;
132ln -sfv /usr/libexec/p11-kit/trust-extract-compat \
133 /usr/bin/update-ca-certificates</userinput></screen>
134
135 </sect2>
136
137 <sect2 role="commands">
138 <title>Command Explanations</title>
139
140 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
141 href="../../xincludes/meson-buildtype-release.xml"/>
142
143 <para>
144 <parameter>-Dtrust_paths=/etc/pki/anchors</parameter>: this switch
145 sets the location of trusted certificates used by libp11-kit.so.
146 </para>
147
148 <para>
149 <option>-Dhash_impl=freebl</option>: Use this switch if you want to
150 use the Freebl library from <application>NSS</application> for SHA1 and
151 MD5 hashing.
152 </para>
153
154 <para>
155 <option>-Dgtk_doc=true</option>: Use this switch if you have installed
156 <xref linkend="gtk-doc"/> and <xref linkend="libxslt"/> and wish to
157 rebuild the documentation and generate manual pages.
158 </para>
159
160 </sect2>
161
162 <sect2 role="configuration">
163 <title>Configuring p11-kit</title>
164
165 <para>
166 The <application>p11-kit</application> trust module
167 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
168 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
169 transparently make the system CAs available to
170 <application>NSS</application> aware applications, rather than the static
171 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
172 <systemitem class="username">root</systemitem> user, execute the
173 following commands:
174 </para>
175
176<screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen>
177
178 </sect2>
179
180 <sect2 role="content">
181 <title>Contents</title>
182
183 <segmentedlist>
184 <segtitle>Installed Programs</segtitle>
185 <segtitle>Installed Libraries</segtitle>
186 <segtitle>Installed Directories</segtitle>
187
188 <seglistitem>
189 <seg>
190 p11-kit, trust, and update-ca-certificates
191 </seg>
192 <seg>
193 libp11-kit.so and p11-kit-proxy.so
194 </seg>
195 <seg>
196 /etc/pkcs11,
197 /usr/include/p11-kit-1,
198 /usr/lib/pkcs11,
199 /usr/libexec/p11-kit,
200 /usr/share/gtk-doc/html/p11-kit, and
201 /usr/share/p11-kit
202 </seg>
203 </seglistitem>
204 </segmentedlist>
205
206 <variablelist>
207 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
208 <?dbfo list-presentation="list"?>
209 <?dbhtml list-presentation="table"?>
210
211 <varlistentry id="p11-kit-prog">
212 <term><command>p11-kit</command></term>
213 <listitem>
214 <para>
215 is a command line tool that can be used to perform operations
216 on PKCS#11 modules configured on the system
217 </para>
218 <indexterm zone="p11-kit p11-kit-prog">
219 <primary sortas="b-p11-kit">p11-kit</primary>
220 </indexterm>
221 </listitem>
222 </varlistentry>
223
224 <varlistentry id="trust">
225 <term><command>trust</command></term>
226 <listitem>
227 <para>
228 is a command line tool to examine and modify the shared trust
229 policy store
230 </para>
231 <indexterm zone="p11-kit trust">
232 <primary sortas="b-trust">trust</primary>
233 </indexterm>
234 </listitem>
235 </varlistentry>
236
237 <varlistentry id="update-ca-certificates">
238 <term><command>update-ca-certificates</command></term>
239 <listitem>
240 <para>
241 is a command line tool to both extract local certificates from an
242 updated anchor store, and regenerate all anchors and certificate
243 stores on the system. This is done unconditionally on BLFS using
244 the <parameter>--force</parameter> and <parameter>--get</parameter>
245 flags to <command>make-ca</command> and should likely not be used
246 for automated updates
247 </para>
248 <indexterm zone="p11-kit update-ca-certificates">
249 <primary sortas="b-update-ca-certificates">update-ca-certificates</primary>
250 </indexterm>
251 </listitem>
252 </varlistentry>
253
254 <varlistentry id="libp11-kit">
255 <term><filename class="libraryfile">libp11-kit.so</filename></term>
256 <listitem>
257 <para>
258 contains functions used to coordinate initialization and
259 finalization of any PKCS#11 module
260 </para>
261 <indexterm zone="p11-kit libp11-kit">
262 <primary sortas="c-libp11-kit">libp11-kit.so</primary>
263 </indexterm>
264 </listitem>
265 </varlistentry>
266
267 <varlistentry id="p11-kit-proxy">
268 <term><filename class="libraryfile">p11-kit-proxy.so</filename></term>
269 <listitem>
270 <para>
271 is the PKCS#11 proxy module
272 </para>
273 <indexterm zone="p11-kit p11-kit-proxy">
274 <primary sortas="c-p11-kit-proxy">p11-kit-proxy.so</primary>
275 </indexterm>
276 </listitem>
277 </varlistentry>
278
279 </variablelist>
280
281 </sect2>
282
283</sect1>
Note: See TracBrowser for help on using the repository browser.