Accepting request 289918 from home:posophe:branches:Base:System
Update OBS-URL: https://build.opensuse.org/request/show/289918 OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=21
This commit is contained in:
parent
dd52f351d7
commit
bbb0dddebe
@ -1,222 +0,0 @@
|
||||
From a7f02ca0a88019da353381a25d2e7c42150abb39 Mon Sep 17 00:00:00 2001
|
||||
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||
Date: Fri, 6 Dec 2013 10:00:32 +0100
|
||||
Subject: [PATCH] trust: allow to also add openssl style hashes to
|
||||
pem-directory
|
||||
|
||||
For backward compatibility with older openssl and other libs like
|
||||
gnutls /etc/ssl/certs needs to be created as pem-directory rather
|
||||
than openssl-directory on openSUSE. Therefore also allow to install
|
||||
openssl style hashes there to avoid having to call c_rehash with a
|
||||
script.
|
||||
---
|
||||
trust/extract-openssl.c | 76 ++++++++++++++++++++++++++-----------------------
|
||||
trust/extract-pem.c | 26 +++++++++++++----
|
||||
trust/extract.c | 1 +
|
||||
trust/extract.h | 5 ++++
|
||||
trust/tests/Makefile.am | 1 +
|
||||
5 files changed, 69 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c
|
||||
index 912c90d..16e12fd 100644
|
||||
--- a/trust/extract-openssl.c
|
||||
+++ b/trust/extract-openssl.c
|
||||
@@ -587,6 +587,46 @@ symlink_for_subject_old_hash (p11_enumerate *ex)
|
||||
|
||||
#endif /* OS_UNIX */
|
||||
|
||||
+
|
||||
+/*
|
||||
+ * The OpenSSL style c_rehash stuff
|
||||
+ *
|
||||
+ * Different versions of openssl build these hashes differently
|
||||
+ * so output both of them. Shouldn't cause confusion, because
|
||||
+ * multiple certificates can hash to the same link anyway,
|
||||
+ * and this is the reason for the trailing number after the dot.
|
||||
+ *
|
||||
+ * The trailing number is incremented p11_save_symlink_in() if it
|
||||
+ * conflicts with something we've already written out.
|
||||
+ *
|
||||
+ * On Windows no symlinks.
|
||||
+ */
|
||||
+bool
|
||||
+p11_openssl_symlink (p11_enumerate *ex,
|
||||
+ p11_save_dir *dir,
|
||||
+ const char *filename)
|
||||
+{
|
||||
+ bool ret = true;
|
||||
+#ifdef OS_UNIX
|
||||
+ char *linkname;
|
||||
+
|
||||
+ linkname = symlink_for_subject_hash (ex);
|
||||
+ if (linkname) {
|
||||
+ ret = p11_save_symlink_in (dir, linkname, ".0", filename);
|
||||
+ free (linkname);
|
||||
+ }
|
||||
+
|
||||
+ if (ret) {
|
||||
+ linkname = symlink_for_subject_old_hash (ex);
|
||||
+ if (linkname) {
|
||||
+ ret = p11_save_symlink_in (dir, linkname, ".0", filename);
|
||||
+ free (linkname);
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* OS_UNIX */
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
bool
|
||||
p11_extract_openssl_directory (p11_enumerate *ex,
|
||||
const char *destination)
|
||||
@@ -601,10 +641,6 @@ p11_extract_openssl_directory (p11_enumerate *ex,
|
||||
char *name;
|
||||
CK_RV rv;
|
||||
|
||||
-#ifdef OS_UNIX
|
||||
- char *linkname;
|
||||
-#endif
|
||||
-
|
||||
dir = p11_save_open_directory (destination, ex->flags);
|
||||
if (dir == NULL)
|
||||
return false;
|
||||
@@ -638,37 +674,7 @@ p11_extract_openssl_directory (p11_enumerate *ex,
|
||||
filename = p11_path_base (path);
|
||||
}
|
||||
|
||||
- /*
|
||||
- * The OpenSSL style c_rehash stuff
|
||||
- *
|
||||
- * Different versions of openssl build these hashes differently
|
||||
- * so output both of them. Shouldn't cause confusion, because
|
||||
- * multiple certificates can hash to the same link anyway,
|
||||
- * and this is the reason for the trailing number after the dot.
|
||||
- *
|
||||
- * The trailing number is incremented p11_save_symlink_in() if it
|
||||
- * conflicts with something we've already written out.
|
||||
- *
|
||||
- * On Windows no symlinks.
|
||||
- */
|
||||
-
|
||||
-#ifdef OS_UNIX
|
||||
- if (ret) {
|
||||
- linkname = symlink_for_subject_hash (ex);
|
||||
- if (linkname) {
|
||||
- ret = p11_save_symlink_in (dir, linkname, ".0", filename);
|
||||
- free (linkname);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- if (ret) {
|
||||
- linkname = symlink_for_subject_old_hash (ex);
|
||||
- if (linkname) {
|
||||
- ret = p11_save_symlink_in (dir, linkname, ".0", filename);
|
||||
- free (linkname);
|
||||
- }
|
||||
- }
|
||||
-#endif /* OS_UNIX */
|
||||
+ ret = p11_openssl_symlink(ex, dir, filename);
|
||||
|
||||
free (filename);
|
||||
free (path);
|
||||
diff --git a/trust/extract-pem.c b/trust/extract-pem.c
|
||||
index 1e1c857..04dc600 100644
|
||||
--- a/trust/extract-pem.c
|
||||
+++ b/trust/extract-pem.c
|
||||
@@ -42,6 +42,7 @@
|
||||
#include "message.h"
|
||||
#include "pem.h"
|
||||
#include "save.h"
|
||||
+#include "path.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
@@ -107,6 +108,8 @@ p11_extract_pem_directory (p11_enumerate *ex,
|
||||
p11_buffer buf;
|
||||
bool ret = true;
|
||||
char *filename;
|
||||
+ char *path;
|
||||
+ char *name;
|
||||
CK_RV rv;
|
||||
|
||||
dir = p11_save_open_directory (destination, ex->flags);
|
||||
@@ -121,14 +124,27 @@ p11_extract_pem_directory (p11_enumerate *ex,
|
||||
if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
|
||||
return_val_if_reached (false);
|
||||
|
||||
- filename = p11_enumerate_filename (ex);
|
||||
- return_val_if_fail (filename != NULL, false);
|
||||
+ name = p11_enumerate_filename (ex);
|
||||
+ return_val_if_fail (name != NULL, false);
|
||||
|
||||
- file = p11_save_open_file_in (dir, filename, ".pem");
|
||||
- free (filename);
|
||||
+ path = NULL;
|
||||
|
||||
- ret = p11_save_write_and_finish (file, buf.data, buf.len);
|
||||
+ file = p11_save_open_file_in (dir, name, ".pem");
|
||||
|
||||
+ ret = p11_save_write (file, buf.data, buf.len);
|
||||
+
|
||||
+ if (!p11_save_finish_file (file, &path, ret))
|
||||
+ ret = false;
|
||||
+
|
||||
+ /* XXX: getenv is a hack here, any better idea? */
|
||||
+ if (ret && getenv("P11_KIT_PEMDIR_HASH")) {
|
||||
+ filename = p11_path_base (path);
|
||||
+ ret = p11_openssl_symlink(ex, dir, filename);
|
||||
+ free (filename);
|
||||
+ }
|
||||
+
|
||||
+ free (path);
|
||||
+ free (name);
|
||||
if (!ret)
|
||||
break;
|
||||
}
|
||||
diff --git a/trust/extract.c b/trust/extract.c
|
||||
index 1a38f11..1a23967 100644
|
||||
--- a/trust/extract.c
|
||||
+++ b/trust/extract.c
|
||||
@@ -46,6 +46,7 @@
|
||||
#include "pkcs11x.h"
|
||||
#include "save.h"
|
||||
#include "tool.h"
|
||||
+#include "digest.h"
|
||||
|
||||
#include <assert.h>
|
||||
#include <ctype.h>
|
||||
diff --git a/trust/extract.h b/trust/extract.h
|
||||
index ca14238..d2e58c3 100644
|
||||
--- a/trust/extract.h
|
||||
+++ b/trust/extract.h
|
||||
@@ -39,6 +39,7 @@
|
||||
|
||||
#include "enumerate.h"
|
||||
#include "pkcs11.h"
|
||||
+#include "save.h"
|
||||
|
||||
enum {
|
||||
/* These overlap with the flags in save.h, so start higher */
|
||||
@@ -75,4 +76,8 @@ int p11_trust_extract (int argc,
|
||||
int p11_trust_extract_compat (int argc,
|
||||
char *argv[]);
|
||||
|
||||
+/* from extract-openssl.c but also used in extract-pem.c */
|
||||
+bool p11_openssl_symlink (p11_enumerate *ex,
|
||||
+ p11_save_dir *dir,
|
||||
+ const char *filename);
|
||||
#endif /* P11_EXTRACT_H_ */
|
||||
diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am
|
||||
index e53a6ae..6d81363 100644
|
||||
--- a/trust/tests/Makefile.am
|
||||
+++ b/trust/tests/Makefile.am
|
||||
@@ -105,6 +105,7 @@ test_bundle_SOURCES = \
|
||||
test-bundle.c \
|
||||
$(TRUST)/enumerate.c \
|
||||
$(TRUST)/extract-pem.c \
|
||||
+ $(TRUST)/extract-openssl.c \
|
||||
$(TRUST)/save.c \
|
||||
$(NULL)
|
||||
|
||||
--
|
||||
1.8.1.4
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:68405492fe466b33927d461302aa98e703db3b8a596411585508bc33084484d2
|
||||
size 986731
|
Binary file not shown.
3
p11-kit-0.23.1.tar.gz
Normal file
3
p11-kit-0.23.1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e57371669f3b157141b86c429bd9c29741994b2f5ff115fcb8a03e751b0f6ac4
|
||||
size 992924
|
BIN
p11-kit-0.23.1.tar.gz.sig
Normal file
BIN
p11-kit-0.23.1.tar.gz.sig
Normal file
Binary file not shown.
@ -1,3 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 8 18:56:55 UTC 2015 - p.drouand@gmail.com
|
||||
|
||||
- Update to version 0.23.1 (stable)
|
||||
* Use new PKCS#11 URI draft fields for URIs [fdo#86474 fdo#87582]
|
||||
* Add pem-directory-hash extract format
|
||||
* Build fixes
|
||||
- Remove 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff;
|
||||
fixed on upstream release
|
||||
- Remove autoconf, automake and libtool require; unneeded dependencies
|
||||
- Add gtk-doc require; needed to build html documentation
|
||||
- Remove redundant %clean section
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 13 16:09:09 UTC 2014 - lnussel@suse.de
|
||||
|
||||
|
20
p11-kit.spec
20
p11-kit.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package p11-kit
|
||||
#
|
||||
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -22,7 +22,7 @@
|
||||
%define trustdir_static %{pkidir_static}/trust
|
||||
|
||||
Name: p11-kit
|
||||
Version: 0.20.7
|
||||
Version: 0.23.1
|
||||
Release: 0
|
||||
Summary: Library to work with PKCS#11 modules
|
||||
License: BSD-3-Clause
|
||||
@ -32,12 +32,7 @@ Source0: http://p11-glue.freedesktop.org/releases/%{name}-%{version}.tar.
|
||||
Source1: http://p11-glue.freedesktop.org/releases/%{name}-%{version}.tar.gz.sig
|
||||
Source98: p11-kit.keyring
|
||||
Source99: baselibs.conf
|
||||
# patch proposed upstream. If it gets rejected, need to implement
|
||||
# this in ca-certificates.
|
||||
Patch0: 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: libtool
|
||||
BuildRequires: gtk-doc
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: pkgconfig(libffi) >= 3.0.0
|
||||
BuildRequires: pkgconfig(libtasn1) >= 2.3
|
||||
@ -95,10 +90,7 @@ to be installed intead of mozilla-nss-certs.
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
# just because of patch0
|
||||
autoreconf -f -i
|
||||
%configure %--with-trust-paths=%{trustdir_cfg}:%{trustdir_static}
|
||||
make %{?_smp_mflags} -C trust asn
|
||||
%configure --with-trust-paths=%{trustdir_cfg}:%{trustdir_static}
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
@ -132,9 +124,6 @@ rm %{buildroot}%{_libdir}/%{name}/trust-extract-compat
|
||||
ln -s ../../sbin/update-ca-certificates %{buildroot}%{_libdir}/%{name}/p11-kit-extract-trust
|
||||
export NO_BRP_STALE_LINK_ERROR=yes # *grr*
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
||||
%post -n libp11-kit0 -p /sbin/ldconfig
|
||||
|
||||
%postun -n libp11-kit0 -p /sbin/ldconfig
|
||||
@ -155,6 +144,7 @@ rm -rf %{buildroot}
|
||||
%{_datadir}/%{name}/modules/p11-kit-trust.module
|
||||
%{_libdir}/pkcs11/p11-kit-trust.so
|
||||
%dir %{_libdir}/%{name}
|
||||
%{_libdir}/%{name}/p11-kit-remote
|
||||
%{_libdir}/%{name}/p11-kit-extract-trust
|
||||
|
||||
%files -n libp11-kit0
|
||||
|
Loading…
Reference in New Issue
Block a user