source: postlfs/security/p11-kit.xml@ bd2365e0

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 9.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since bd2365e0 was bd2365e0, checked in by Bruce Dubbs <bdubbs@…>, 4 years ago

Update to lxml-4.5.0.
Update to unrar-5.9.1.
Update to highlight-3.55.
Update to poppler-0.85.0.
Update to p11-kit-0.23.20.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22614 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 8.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY p11-kit-download-http "https://github.com/p11-glue/p11-kit/releases/download/&p11-kit-version;/p11-kit-&p11-kit-version;.tar.xz">
8 <!ENTITY p11-kit-download-ftp " ">
9 <!ENTITY p11-kit-md5sum "c9b3076475c6a57ca62005c43e77cd64">
10 <!ENTITY p11-kit-size "804 KB">
11 <!ENTITY p11-kit-buildsize "46 MB (add 169 MB for tests)">
12 <!ENTITY p11-kit-time "0.4 SBU (add 0.6 SBU for tests)">
13]>
14
15<sect1 id="p11-kit" xreflabel="p11-kit-&p11-kit-version;">
16 <?dbhtml filename="p11-kit.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>p11-kit-&p11-kit-version;</title>
24
25 <indexterm zone="p11-kit">
26 <primary sortas="a-p11-kit">p11-kit</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to p11-kit</title>
31
32 <para>
33 The <application>p11-kit</application> package provides a way to load and
34 enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules.
35 </para>
36
37 &lfs90_checked;
38
39 <bridgehead renderas="sect3">Package Information</bridgehead>
40 <itemizedlist spacing="compact">
41 <listitem>
42 <para>
43 Download (HTTP): <ulink url="&p11-kit-download-http;"/>
44 </para>
45 </listitem>
46 <listitem>
47 <para>
48 Download (FTP): <ulink url="&p11-kit-download-ftp;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download MD5 sum: &p11-kit-md5sum;
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download size: &p11-kit-size;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Estimated disk space required: &p11-kit-buildsize;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated build time: &p11-kit-time;
69 </para>
70 </listitem>
71 </itemizedlist>
72
73 <bridgehead renderas="sect3">p11-kit Dependencies</bridgehead>
74
75 <!-- There is a check for libsystemd. It seems to install a systemd service
76 in /usr/lib/systemd/user.-->
77 <bridgehead renderas="sect4">Recommended</bridgehead>
78 <para role="recommended">
79 <xref linkend="libtasn1"/> and
80 <xref role="runtime" linkend="make-ca"/> (runtime)
81 </para>
82
83 <bridgehead renderas="sect4">Optional</bridgehead>
84 <para role="optional">
85 <xref linkend="gtk-doc"/>,
86 <xref linkend="libxslt"/>, and
87 <xref role="runtime" linkend="nss"/> (runtime)
88 </para>
89
90 <para condition="html" role="usernotes">User Notes:
91 <ulink url="&blfs-wiki;/p11-kit"/>
92 </para>
93 </sect2>
94
95 <sect2 role="installation">
96 <title>Installation of p11-kit</title>
97
98 <para>Prepare the distribution specific anchor hook:</para>
99
100<screen><userinput>sed '20,$ d' -i trust/trust-extract-compat.in &amp;&amp;
101cat &gt;&gt; trust/trust-extract-compat.in &lt;&lt; "EOF"
102<literal># Copy existing anchor modifications to /etc/ssl/local
103/usr/libexec/make-ca/copy-trust-modifications
104
105# Generate a new trust store
106/usr/sbin/make-ca -f -g</literal>
107EOF</userinput></screen>
108
109 <para>
110 Install <application>p11-kit</application> by running the following
111 commands:
112 </para>
113
114<screen><userinput>./configure --prefix=/usr \
115 --sysconfdir=/etc \
116 --with-trust-paths=/etc/pki/anchors &amp;&amp;
117make</userinput></screen>
118
119 <para>
120 To test the results, issue: <command>make check</command>.
121 </para>
122
123 <para>
124 Now, as the <systemitem class="username">root</systemitem> user:
125 </para>
126
127<screen role="root"><userinput>make install &amp;&amp;
128ln -sfv /usr/libexec/p11-kit/trust-extract-compat \
129 /usr/bin/update-ca-certificates</userinput></screen>
130
131 </sect2>
132
133 <sect2 role="commands">
134 <title>Command Explanations</title>
135
136 <para>
137 <parameter>--with-trust-paths=/etc/pki/anchors</parameter>: this switch
138 sets the location of trusted certificates used by libp11-kit.so.
139 </para>
140
141 <para>
142 <option>--with-hash-impl=freebl</option>: Use this switch if you want to
143 use the Freebl library from <application>NSS</application> for SHA1 and
144 MD5 hashing.
145 </para>
146
147 <para>
148 <option>--enable-doc</option>: Use this switch if you have installed
149 <xref linkend="gtk-doc"/> and <xref linkend="libxslt"/> and wish to
150 rebuild the documentation and generate manual pages.
151 </para>
152
153 </sect2>
154
155 <sect2 role="configuration">
156 <title>Configuring p11-kit</title>
157
158 <para>The <application>p11-kit</application> trust module
159 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
160 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
161 transparently make the system CAs available to
162 <application>NSS</application> aware applications, rather than the static
163 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
164 <systemitem class="username">root</systemitem> user, execute the following
165 commands:</para>
166
167<screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen>
168
169 </sect2>
170
171 <sect2 role="content">
172 <title>Contents</title>
173
174 <segmentedlist>
175 <segtitle>Installed Programs</segtitle>
176 <segtitle>Installed Libraries</segtitle>
177 <segtitle>Installed Directories</segtitle>
178
179 <seglistitem>
180 <seg>
181 p11-kit, trust, and update-ca-certificates
182 </seg>
183 <seg>
184 libp11-kit.so and p11-kit-proxy.so
185 </seg>
186 <seg>
187 /etc/pkcs11,
188 /usr/include/p11-kit-1,
189 /usr/lib/pkcs11,
190 /usr/libexec/p11-kit,
191 /usr/share/gtk-doc/html/p11-kit, and
192 /usr/share/p11-kit
193 </seg>
194 </seglistitem>
195 </segmentedlist>
196
197 <variablelist>
198 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
199 <?dbfo list-presentation="list"?>
200 <?dbhtml list-presentation="table"?>
201
202 <varlistentry id="p11-kit-prog">
203 <term><command>p11-kit</command></term>
204 <listitem>
205 <para>
206 is a command line tool that can be used to perform operations
207 on PKCS#11 modules configured on the system.
208 </para>
209 <indexterm zone="p11-kit p11-kit-prog">
210 <primary sortas="b-p11-kit">p11-kit</primary>
211 </indexterm>
212 </listitem>
213 </varlistentry>
214
215 <varlistentry id="trust">
216 <term><command>trust</command></term>
217 <listitem>
218 <para>
219 is a command line tool to examine and modify the shared trust
220 policy store.
221 </para>
222 <indexterm zone="p11-kit trust">
223 <primary sortas="b-trust">trust</primary>
224 </indexterm>
225 </listitem>
226 </varlistentry>
227
228 <varlistentry id="update-ca-certificates">
229 <term><command>update-ca-certificates</command></term>
230 <listitem>
231 <para>
232 is a command line tool to both extract local certificates from an
233 updated anchor store, and regenerate all anchors and certificate
234 stores on the system. This is done unconditionally on BLFS using
235 the <parameter>--force</parameter> and <parameter>--get</parameter>
236 flags to <command>make-ca</command> and should likely not be used
237 for automated updates.
238 </para>
239 <indexterm zone="p11-kit update-ca-certificates">
240 <primary sortas="b-update-ca-certificates">update-ca-certificates</primary>
241 </indexterm>
242 </listitem>
243 </varlistentry>
244
245 <varlistentry id="libp11-kit">
246 <term><filename class="libraryfile">libp11-kit.so</filename></term>
247 <listitem>
248 <para>
249 contains functions used to coordinate initialization and
250 finalization of any PKCS#11 module.
251 </para>
252 <indexterm zone="p11-kit libp11-kit">
253 <primary sortas="c-libp11-kit">libp11-kit.so</primary>
254 </indexterm>
255 </listitem>
256 </varlistentry>
257
258 <varlistentry id="p11-kit-proxy">
259 <term><filename class="libraryfile">p11-kit-proxy.so</filename></term>
260 <listitem>
261 <para>
262 is the PKCS#11 proxy module.
263 </para>
264 <indexterm zone="p11-kit p11-kit-proxy">
265 <primary sortas="c-p11-kit-proxy">p11-kit-proxy.so</primary>
266 </indexterm>
267 </listitem>
268 </varlistentry>
269
270 </variablelist>
271
272 </sect2>
273
274</sect1>
Note: See TracBrowser for help on using the repository browser.