nettle-static: add new package to [libre]

author: coadde [Márcio Alexandre Silva Delgado] <coadde@parabola.nu> 2016-04-18 10:29:03 -0300
committer: coadde [Márcio Alexandre Silva Delgado] <coadde@parabola.nu> 2016-04-18 12:53:23 -0300
commit: c1169c2a7aba84acf9aff2f61dd159343ec3679b (patch)
tree: 272ef178e49873b20c67e43e3051034500aae432 /libre/p11-kit-static
parent: 39c12e2fbdd5e54b8b4135b882f21c7ef1b52ea2 (diff)
2 files changed, 117 insertions, 0 deletions
diff --git a/libre/p11-kit-static/PKGBUILD b/libre/p11-kit-static/PKGBUILD
new file mode 100644
index 000000000..171146594
--- /dev/null
+++ b/libre/p11-kit-static/PKGBUILD
@@ -0,0 +1,60 @@
+# Maintainer: Márcio Silva <coadde@parabola.nu>
+# based of p11-kit
+
+_pkgname=p11-kit
+pkgname=p11-kit-static
+pkgver=0.23.2
+pkgrel=1
+pkgdesc="Library to work with PKCS#11 modules (static libraries only)"
+arch=(i686 x86_64 armv7h)
+url="http://p11-glue.freedesktop.org"
+license=('BSD')
+depends=('libtasn1-static' 'libffi-static' 'p11-kit')
+options=('staticlibs')
+source=($url/releases/$_pkgname-$pkgver.tar.gz{,.sig}
+        libnssckbi-compat.patch)
+sha256sums=('ba726ea8303c97467a33fca50ee79b7b35212964be808ecf9b145e9042fdfaf0'
+            'SKIP'
+            '8f763cdbc6c0ca6c5a7898f9fd6f3018b7ac5b1aca36f67c6c813343c2962962')
+validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF')
+
+prepare() {
+  cd $_pkgname-$pkgver
+
+  # Build and install an additional library (libnssckbi-p11-kit.so) which
+  # is a copy of p11-kit-trust.so but uses the same label for root certs as
+  # libnssckbi.so ("Builtin Object Token" instead of "Default Trust")
+  # https://bugs.freedesktop.org/show_bug.cgi?id=66161
+  patch -Np1 -i ../libnssckbi-compat.patch
+
+  autoreconf -vi
+
+  sed -i '\|^if[ ]test[ ]["][$]enable_static["][ ][=][ ]["]yes["][;][ ]then$|,+3 d
+         ' configure
+}
+
+build() {
+  cd $_pkgname-$pkgver
+
+  ./configure \
+    --prefix=/usr --enable-static \
+    --with-module-path=/usr/lib/pkcs11 \
+    --with-trust-paths=/etc/ca-certificates/trust-source:/usr/share/ca-certificates/trust-source
+  make
+}
+
+check() {
+  cd $_pkgname-$pkgver
+  make check
+}
+
+package() {
+  cd  $_pkgname-$pkgver
+  make DESTDIR="$pkgdir" install
+
+  # remove conflicting files
+  rm -vr ${pkgdir}/usr/{bin,etc,include,lib/{pkgconfig,$_pkgname},share}
+  rm -v ${pkgdir}/usr/lib/{,pkcs11/}*.so*
+}
+
+# vim:set ts=2 sw=2 et:
diff --git a/libre/p11-kit-static/libnssckbi-compat.patch b/libre/p11-kit-static/libnssckbi-compat.patch
new file mode 100644
index 000000000..d1b70a3bb
--- /dev/null
+++ b/libre/p11-kit-static/libnssckbi-compat.patch
@@ -0,0 +1,57 @@
+diff -upr p11-kit-0.23.1.orig/trust/Makefile.am p11-kit-0.23.1/trust/Makefile.am
+--- p11-kit-0.23.1.orig/trust/Makefile.am	2014-11-12 12:58:50.000000000 +0200
++++ p11-kit-0.23.1/trust/Makefile.am	2015-03-30 16:43:35.275993032 +0300
+@@ -61,6 +61,20 @@ p11_kit_trust_la_LDFLAGS = \
+ 
+ p11_kit_trust_la_SOURCES = $(TRUST_SRCS)
+ 
++libnssckbi_compatdir = $(libdir)
++libnssckbi_compat_LTLIBRARIES = \
++	libnssckbi-p11-kit.la
++
++libnssckbi_p11_kit_la_CFLAGS = \
++	-DLIBNSSCKBI_COMPAT \
++	$(p11_kit_trust_la_CFLAGS)
++
++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD)
++
++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS)
++
++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES)
++
+ libtrust_testable_la_LDFLAGS = \
+ 	-no-undefined
+ 
+diff -upr p11-kit-0.23.1.orig/trust/module.c p11-kit-0.23.1/trust/module.c
+--- p11-kit-0.23.1.orig/trust/module.c	2014-12-16 12:24:01.000000000 +0200
++++ p11-kit-0.23.1/trust/module.c	2015-03-30 16:48:41.370360130 +0300
+@@ -196,7 +196,11 @@ create_tokens_inlock (p11_array *tokens,
+ 		const char *label;
+ 	} labels[] = {
+ 		{ "~/", "User Trust" },
++#ifdef LIBNSSCKBI_COMPAT
++		{ DATA_DIR, "Builtin Object Token" },
++#else
+ 		{ DATA_DIR, "Default Trust" },
++#endif
+ 		{ SYSCONFDIR, "System Trust" },
+ 		{ NULL },
+ 	};
+@@ -521,9 +525,15 @@ sys_C_GetSlotInfo (CK_SLOT_ID id,
+ 		info->flags = CKF_TOKEN_PRESENT;
+ 		strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
+ 
+-		/* If too long, copy the first 64 characters into buffer */
+-		path = p11_token_get_path (token);
++#ifdef LIBNSSCKBI_COMPAT
++		/* Change description to match libnssckbi so HPKP works in Chromium */
++		if (strcmp (p11_token_get_label (token), "Builtin Object Token" ) == 0)
++			path = "NSS Builtin Objects";
++		else
++#endif
++			path = p11_token_get_path (token);
+ 		length = strlen (path);
++		/* If too long, copy the first 64 characters into buffer */
+ 		if (length > sizeof (info->slotDescription))
+ 			length = sizeof (info->slotDescription);
+ 		memset (info->slotDescription, ' ', sizeof (info->slotDescription));
author	coadde [Márcio Alexandre Silva Delgado] <coadde@parabola.nu>	2016-04-18 10:29:03 -0300
committer	coadde [Márcio Alexandre Silva Delgado] <coadde@parabola.nu>	2016-04-18 12:53:23 -0300
commit	c1169c2a7aba84acf9aff2f61dd159343ec3679b (patch)
tree	272ef178e49873b20c67e43e3051034500aae432 /libre/p11-kit-static
parent	39c12e2fbdd5e54b8b4135b882f21c7ef1b52ea2 (diff)