source: postlfs/security/p11-kit.xml@ eed39e3

11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal
Last change on this file since eed39e3 was 3f2db3a6, checked in by Pierre Labastie <pierre.labastie@…>, 18 months ago

Remove sect1info tags

They only contain a date tag that is nowhere used.
  • Property mode set to 100644
File size: 8.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY p11-kit-download-http "https://github.com/p11-glue/p11-kit/releases/download/&p11-kit-version;/p11-kit-&p11-kit-version;.tar.xz">
8 <!ENTITY p11-kit-download-ftp " ">
9 <!ENTITY p11-kit-md5sum "67b2539bdca6b4bedaeecc12864d2796">
10 <!ENTITY p11-kit-size "820 KB">
11 <!ENTITY p11-kit-buildsize "44 MB (with tests)">
12 <!ENTITY p11-kit-time "0.5 SBU (with tests)">
13]>
14
15<sect1 id="p11-kit" xreflabel="p11-kit-&p11-kit-version;">
16 <?dbhtml filename="p11-kit.html"?>
17
18
19 <title>p11-kit-&p11-kit-version;</title>
20
21 <indexterm zone="p11-kit">
22 <primary sortas="a-p11-kit">p11-kit</primary>
23 </indexterm>
24
25 <sect2 role="package">
26 <title>Introduction to p11-kit</title>
27
28 <para>
29 The <application>p11-kit</application> package provides a way to load and
30 enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules.
31 </para>
32
33 &lfs112_checked;
34
35 <bridgehead renderas="sect3">Package Information</bridgehead>
36 <itemizedlist spacing="compact">
37 <listitem>
38 <para>
39 Download (HTTP): <ulink url="&p11-kit-download-http;"/>
40 </para>
41 </listitem>
42 <listitem>
43 <para>
44 Download (FTP): <ulink url="&p11-kit-download-ftp;"/>
45 </para>
46 </listitem>
47 <listitem>
48 <para>
49 Download MD5 sum: &p11-kit-md5sum;
50 </para>
51 </listitem>
52 <listitem>
53 <para>
54 Download size: &p11-kit-size;
55 </para>
56 </listitem>
57 <listitem>
58 <para>
59 Estimated disk space required: &p11-kit-buildsize;
60 </para>
61 </listitem>
62 <listitem>
63 <para>
64 Estimated build time: &p11-kit-time;
65 </para>
66 </listitem>
67 </itemizedlist>
68
69 <bridgehead renderas="sect3">p11-kit Dependencies</bridgehead>
70
71 <!-- There is a check for libsystemd. It seems to install a systemd service
72 in /usr/lib/systemd/user.-->
73 <bridgehead renderas="sect4">Recommended</bridgehead>
74 <para role="recommended">
75 <xref linkend="libtasn1"/> and
76 <xref role="runtime" linkend="make-ca"/> (runtime)
77 </para>
78
79 <bridgehead renderas="sect4">Optional</bridgehead>
80 <para role="optional">
81 <xref linkend="gtk-doc"/>,
82 <xref linkend="libxslt"/>, and
83 <xref role="runtime" linkend="nss"/> (runtime)
84 </para>
85
86 <para condition="html" role="usernotes">User Notes:
87 <ulink url="&blfs-wiki;/p11-kit"/>
88 </para>
89 </sect2>
90
91 <sect2 role="installation">
92 <title>Installation of p11-kit</title>
93
94 <para>
95 Prepare the distribution specific anchor hook:
96 </para>
97
98<screen><userinput>sed '20,$ d' -i trust/trust-extract-compat &amp;&amp;
99cat &gt;&gt; trust/trust-extract-compat &lt;&lt; "EOF"
100<literal># Copy existing anchor modifications to /etc/ssl/local
101/usr/libexec/make-ca/copy-trust-modifications
102
103# Update trust stores
104/usr/sbin/make-ca -r</literal>
105EOF</userinput></screen>
106
107 <para>
108 Install <application>p11-kit</application> by running the following
109 commands:
110 </para>
111
112<screen><userinput>mkdir p11-build &amp;&amp;
113cd p11-build &amp;&amp;
114
115meson --prefix=/usr \
116 --buildtype=release \
117 -Dtrust_paths=/etc/pki/anchors &amp;&amp;
118ninja</userinput></screen>
119
120 <para>
121 To test the results, issue: <command>ninja test</command>.
122 </para>
123
124 <para>
125 Now, as the <systemitem class="username">root</systemitem> user:
126 </para>
127
128<screen role="root"><userinput>ninja install &amp;&amp;
129ln -sfv /usr/libexec/p11-kit/trust-extract-compat \
130 /usr/bin/update-ca-certificates</userinput></screen>
131
132 </sect2>
133
134 <sect2 role="commands">
135 <title>Command Explanations</title>
136
137 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
138 href="../../xincludes/meson-buildtype-release.xml"/>
139
140 <para>
141 <parameter>-Dtrust_paths=/etc/pki/anchors</parameter>: this switch
142 sets the location of trusted certificates used by libp11-kit.so.
143 </para>
144
145 <para>
146 <option>-Dhash_impl=freebl</option>: Use this switch if you want to
147 use the Freebl library from <application>NSS</application> for SHA1 and
148 MD5 hashing.
149 </para>
150
151 <para>
152 <option>-Dgtk_doc=true</option>: Use this switch if you have installed
153 <xref linkend="gtk-doc"/> and <xref linkend="libxslt"/> and wish to
154 rebuild the documentation and generate manual pages.
155 </para>
156
157 </sect2>
158
159 <sect2 role="configuration">
160 <title>Configuring p11-kit</title>
161
162 <para>
163 The <application>p11-kit</application> trust module
164 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
165 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
166 transparently make the system CAs available to
167 <application>NSS</application> aware applications, rather than the static
168 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
169 <systemitem class="username">root</systemitem> user, execute the
170 following commands:
171 </para>
172
173<screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen>
174
175 </sect2>
176
177 <sect2 role="content">
178 <title>Contents</title>
179
180 <segmentedlist>
181 <segtitle>Installed Programs</segtitle>
182 <segtitle>Installed Libraries</segtitle>
183 <segtitle>Installed Directories</segtitle>
184
185 <seglistitem>
186 <seg>
187 p11-kit, trust, and update-ca-certificates
188 </seg>
189 <seg>
190 libp11-kit.so and p11-kit-proxy.so
191 </seg>
192 <seg>
193 /etc/pkcs11,
194 /usr/include/p11-kit-1,
195 /usr/lib/pkcs11,
196 /usr/libexec/p11-kit,
197 /usr/share/gtk-doc/html/p11-kit, and
198 /usr/share/p11-kit
199 </seg>
200 </seglistitem>
201 </segmentedlist>
202
203 <variablelist>
204 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
205 <?dbfo list-presentation="list"?>
206 <?dbhtml list-presentation="table"?>
207
208 <varlistentry id="p11-kit-prog">
209 <term><command>p11-kit</command></term>
210 <listitem>
211 <para>
212 is a command line tool that can be used to perform operations
213 on PKCS#11 modules configured on the system
214 </para>
215 <indexterm zone="p11-kit p11-kit-prog">
216 <primary sortas="b-p11-kit">p11-kit</primary>
217 </indexterm>
218 </listitem>
219 </varlistentry>
220
221 <varlistentry id="trust">
222 <term><command>trust</command></term>
223 <listitem>
224 <para>
225 is a command line tool to examine and modify the shared trust
226 policy store
227 </para>
228 <indexterm zone="p11-kit trust">
229 <primary sortas="b-trust">trust</primary>
230 </indexterm>
231 </listitem>
232 </varlistentry>
233
234 <varlistentry id="update-ca-certificates">
235 <term><command>update-ca-certificates</command></term>
236 <listitem>
237 <para>
238 is a command line tool to both extract local certificates from an
239 updated anchor store, and regenerate all anchors and certificate
240 stores on the system. This is done unconditionally on BLFS using
241 the <parameter>--force</parameter> and <parameter>--get</parameter>
242 flags to <command>make-ca</command> and should likely not be used
243 for automated updates
244 </para>
245 <indexterm zone="p11-kit update-ca-certificates">
246 <primary sortas="b-update-ca-certificates">update-ca-certificates</primary>
247 </indexterm>
248 </listitem>
249 </varlistentry>
250
251 <varlistentry id="libp11-kit">
252 <term><filename class="libraryfile">libp11-kit.so</filename></term>
253 <listitem>
254 <para>
255 contains functions used to coordinate initialization and
256 finalization of any PKCS#11 module
257 </para>
258 <indexterm zone="p11-kit libp11-kit">
259 <primary sortas="c-libp11-kit">libp11-kit.so</primary>
260 </indexterm>
261 </listitem>
262 </varlistentry>
263
264 <varlistentry id="p11-kit-proxy">
265 <term><filename class="libraryfile">p11-kit-proxy.so</filename></term>
266 <listitem>
267 <para>
268 is the PKCS#11 proxy module
269 </para>
270 <indexterm zone="p11-kit p11-kit-proxy">
271 <primary sortas="c-p11-kit-proxy">p11-kit-proxy.so</primary>
272 </indexterm>
273 </listitem>
274 </varlistentry>
275
276 </variablelist>
277
278 </sect2>
279
280</sect1>
Note: See TracBrowser for help on using the repository browser.