source: postlfs/security/p11-kit.xml@ fbcf83e1

10.1 11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since fbcf83e1 was 3b9da656, checked in by Pierre Labastie <pieere@…>, 3 years ago

in p11-kit, trust-extract-compat.in has been renamed trust-extract-compact

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@23984 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 8.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY p11-kit-download-http "https://github.com/p11-glue/p11-kit/releases/download/&p11-kit-version;/p11-kit-&p11-kit-version;.tar.xz">
8 <!ENTITY p11-kit-download-ftp " ">
9 <!ENTITY p11-kit-md5sum "03f93a4eb62127b5d40e345c624a0665">
10 <!ENTITY p11-kit-size "812 KB">
11 <!ENTITY p11-kit-buildsize "47 MB (add 169 MB for tests)">
12 <!ENTITY p11-kit-time "0.2 SBU (add 0.6 SBU for tests)">
13]>
14
15<sect1 id="p11-kit" xreflabel="p11-kit-&p11-kit-version;">
16 <?dbhtml filename="p11-kit.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>p11-kit-&p11-kit-version;</title>
24
25 <indexterm zone="p11-kit">
26 <primary sortas="a-p11-kit">p11-kit</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to p11-kit</title>
31
32 <para>
33 The <application>p11-kit</application> package provides a way to load and
34 enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules.
35 </para>
36
37 &lfs10_checked;
38
39 <bridgehead renderas="sect3">Package Information</bridgehead>
40 <itemizedlist spacing="compact">
41 <listitem>
42 <para>
43 Download (HTTP): <ulink url="&p11-kit-download-http;"/>
44 </para>
45 </listitem>
46 <listitem>
47 <para>
48 Download (FTP): <ulink url="&p11-kit-download-ftp;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download MD5 sum: &p11-kit-md5sum;
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download size: &p11-kit-size;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Estimated disk space required: &p11-kit-buildsize;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated build time: &p11-kit-time;
69 </para>
70 </listitem>
71 </itemizedlist>
72
73 <bridgehead renderas="sect3">p11-kit Dependencies</bridgehead>
74
75 <!-- There is a check for libsystemd. It seems to install a systemd service
76 in /usr/lib/systemd/user.-->
77 <bridgehead renderas="sect4">Recommended</bridgehead>
78 <para role="recommended">
79 <xref linkend="libtasn1"/> and
80 <xref role="runtime" linkend="make-ca"/> (runtime)
81 </para>
82
83 <bridgehead renderas="sect4">Optional</bridgehead>
84 <para role="optional">
85 <xref linkend="gtk-doc"/>,
86 <xref linkend="libxslt"/>, and
87 <xref role="runtime" linkend="nss"/> (runtime)
88 </para>
89
90 <para condition="html" role="usernotes">User Notes:
91 <ulink url="&blfs-wiki;/p11-kit"/>
92 </para>
93 </sect2>
94
95 <sect2 role="installation">
96 <title>Installation of p11-kit</title>
97
98 <para>
99 Prepare the distribution specific anchor hook:
100 </para>
101
102<screen><userinput>sed '20,$ d' -i trust/trust-extract-compat &amp;&amp;
103cat &gt;&gt; trust/trust-extract-compat &lt;&lt; "EOF"
104<literal># Copy existing anchor modifications to /etc/ssl/local
105/usr/libexec/make-ca/copy-trust-modifications
106
107# Generate a new trust store
108/usr/sbin/make-ca -f -g</literal>
109EOF</userinput></screen>
110
111 <para>
112 Install <application>p11-kit</application> by running the following
113 commands:
114 </para>
115
116<screen><userinput>./configure --prefix=/usr \
117 --sysconfdir=/etc \
118 --with-trust-paths=/etc/pki/anchors &amp;&amp;
119make</userinput></screen>
120
121 <para>
122 To test the results, issue: <command>make check</command>.
123 Many tests will fail if the test suite is run as the
124 <systemitem class="username"> root</systemitem> user.
125 </para>
126
127 <para>
128 Now, as the <systemitem class="username">root</systemitem> user:
129 </para>
130
131<screen role="root"><userinput>make install &amp;&amp;
132ln -sfv /usr/libexec/p11-kit/trust-extract-compat \
133 /usr/bin/update-ca-certificates</userinput></screen>
134
135 </sect2>
136
137 <sect2 role="commands">
138 <title>Command Explanations</title>
139
140 <para>
141 <parameter>--with-trust-paths=/etc/pki/anchors</parameter>: this switch
142 sets the location of trusted certificates used by libp11-kit.so.
143 </para>
144
145 <para>
146 <option>--with-hash-impl=freebl</option>: Use this switch if you want to
147 use the Freebl library from <application>NSS</application> for SHA1 and
148 MD5 hashing.
149 </para>
150
151 <para>
152 <option>--enable-doc</option>: Use this switch if you have installed
153 <xref linkend="gtk-doc"/> and <xref linkend="libxslt"/> and wish to
154 rebuild the documentation and generate manual pages.
155 </para>
156
157 </sect2>
158
159 <sect2 role="configuration">
160 <title>Configuring p11-kit</title>
161
162 <para>
163 The <application>p11-kit</application> trust module
164 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
165 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
166 transparently make the system CAs available to
167 <application>NSS</application> aware applications, rather than the static
168 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
169 <systemitem class="username">root</systemitem> user, execute the
170 following commands:
171 </para>
172
173<screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen>
174
175 </sect2>
176
177 <sect2 role="content">
178 <title>Contents</title>
179
180 <segmentedlist>
181 <segtitle>Installed Programs</segtitle>
182 <segtitle>Installed Libraries</segtitle>
183 <segtitle>Installed Directories</segtitle>
184
185 <seglistitem>
186 <seg>
187 p11-kit, trust, and update-ca-certificates
188 </seg>
189 <seg>
190 libp11-kit.so and p11-kit-proxy.so
191 </seg>
192 <seg>
193 /etc/pkcs11,
194 /usr/include/p11-kit-1,
195 /usr/lib/pkcs11,
196 /usr/libexec/p11-kit,
197 /usr/share/gtk-doc/html/p11-kit, and
198 /usr/share/p11-kit
199 </seg>
200 </seglistitem>
201 </segmentedlist>
202
203 <variablelist>
204 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
205 <?dbfo list-presentation="list"?>
206 <?dbhtml list-presentation="table"?>
207
208 <varlistentry id="p11-kit-prog">
209 <term><command>p11-kit</command></term>
210 <listitem>
211 <para>
212 is a command line tool that can be used to perform operations
213 on PKCS#11 modules configured on the system.
214 </para>
215 <indexterm zone="p11-kit p11-kit-prog">
216 <primary sortas="b-p11-kit">p11-kit</primary>
217 </indexterm>
218 </listitem>
219 </varlistentry>
220
221 <varlistentry id="trust">
222 <term><command>trust</command></term>
223 <listitem>
224 <para>
225 is a command line tool to examine and modify the shared trust
226 policy store.
227 </para>
228 <indexterm zone="p11-kit trust">
229 <primary sortas="b-trust">trust</primary>
230 </indexterm>
231 </listitem>
232 </varlistentry>
233
234 <varlistentry id="update-ca-certificates">
235 <term><command>update-ca-certificates</command></term>
236 <listitem>
237 <para>
238 is a command line tool to both extract local certificates from an
239 updated anchor store, and regenerate all anchors and certificate
240 stores on the system. This is done unconditionally on BLFS using
241 the <parameter>--force</parameter> and <parameter>--get</parameter>
242 flags to <command>make-ca</command> and should likely not be used
243 for automated updates.
244 </para>
245 <indexterm zone="p11-kit update-ca-certificates">
246 <primary sortas="b-update-ca-certificates">update-ca-certificates</primary>
247 </indexterm>
248 </listitem>
249 </varlistentry>
250
251 <varlistentry id="libp11-kit">
252 <term><filename class="libraryfile">libp11-kit.so</filename></term>
253 <listitem>
254 <para>
255 contains functions used to coordinate initialization and
256 finalization of any PKCS#11 module.
257 </para>
258 <indexterm zone="p11-kit libp11-kit">
259 <primary sortas="c-libp11-kit">libp11-kit.so</primary>
260 </indexterm>
261 </listitem>
262 </varlistentry>
263
264 <varlistentry id="p11-kit-proxy">
265 <term><filename class="libraryfile">p11-kit-proxy.so</filename></term>
266 <listitem>
267 <para>
268 is the PKCS#11 proxy module.
269 </para>
270 <indexterm zone="p11-kit p11-kit-proxy">
271 <primary sortas="c-p11-kit-proxy">p11-kit-proxy.so</primary>
272 </indexterm>
273 </listitem>
274 </varlistentry>
275
276 </variablelist>
277
278 </sect2>
279
280</sect1>
Note: See TracBrowser for help on using the repository browser.