From owner-dev-commits-ports-all@freebsd.org Mon Apr 19 00:23:39 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A4A0A5DBD46; Mon, 19 Apr 2021 00:23:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FNnbv4FTYz4jJq; Mon, 19 Apr 2021 00:23:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 84AA3158E2; Mon, 19 Apr 2021 00:23:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 13J0NdWh091783; Mon, 19 Apr 2021 00:23:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 13J0NdUO091782; Mon, 19 Apr 2021 00:23:39 GMT (envelope-from git) Date: Mon, 19 Apr 2021 00:23:39 GMT Message-Id: <202104190023.13J0NdUO091782@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Yuri Victorovich Subject: git: a6d0c2f4e216 - main - New port: security/pkcs11-tools: Tools for managing PKCS11 cryptographic tokens MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: yuri X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a6d0c2f4e2167b4da1607f0b018a0e3985b7e729 Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Apr 2021 00:23:39 -0000 The branch main has been updated by yuri: URL: https://cgit.FreeBSD.org/ports/commit/?id=a6d0c2f4e2167b4da1607f0b018a0e3985b7e729 commit a6d0c2f4e2167b4da1607f0b018a0e3985b7e729 Author: Yuri Victorovich AuthorDate: 2021-04-19 00:21:30 +0000 Commit: Yuri Victorovich CommitDate: 2021-04-19 00:23:37 +0000 New port: security/pkcs11-tools: Tools for managing PKCS11 cryptographic tokens PR: 255058 Submitted by: Eric Devolder --- security/Makefile | 1 + security/pkcs11-tools/Makefile | 40 ++++++++++++++++++ security/pkcs11-tools/distinfo | 7 ++++ security/pkcs11-tools/files/patch-configure.ac | 56 ++++++++++++++++++++++++++ security/pkcs11-tools/pkg-descr | 8 ++++ security/pkcs11-tools/pkg-plist | 27 +++++++++++++ 6 files changed, 139 insertions(+) diff --git a/security/Makefile b/security/Makefile index 30707bf55f4b..ee477b98a030 100644 --- a/security/Makefile +++ b/security/Makefile @@ -803,6 +803,7 @@ SUBDIR += pkcs11-dump SUBDIR += pkcs11-gateway SUBDIR += pkcs11-helper + SUBDIR += pkcs11-tools SUBDIR += pkesh SUBDIR += pks SUBDIR += pktsuckers diff --git a/security/pkcs11-tools/Makefile b/security/pkcs11-tools/Makefile new file mode 100644 index 000000000000..0dd4386a6014 --- /dev/null +++ b/security/pkcs11-tools/Makefile @@ -0,0 +1,40 @@ +PORTNAME= pkcs11-tools +DISTVERSIONPREFIX= v +DISTVERSION= 2.3.0 +CATEGORIES= security + +MAINTAINER= eric.devolder@gmail.com +COMMENT= Tools for managing PKCS11 cryptographic tokens + +LICENSE= APACHE20 + +BUILD_DEPENDS= autoconf>0:devel/autoconf \ + autoconf-archive>0:devel/autoconf-archive \ + automake>0:devel/automake \ + flex:textproc/flex +RUN_DEPENDS= bash:shells/bash + +USES= bison compiler:c11 libtool:build pkgconfig ssl + +USE_GITHUB= yes +GH_ACCOUNT= Mastercard +GH_TUPLE= coreutils:gnulib:5b3a6f94f:gnulib \ + oasis-tcs:pkcs11:df530bf:oasis_pkcs11 + +GNU_CONFIGURE= yes + +MAKE_ENV= LIBCRYPTO_RPATH=${OPENSSLBASE}/lib + +LDFLAGS+= ${OPENSSLBASE}/lib/libcrypto.a # -lcrypto # fails to find symbol in the shared library: ld: error: undefined symbol: EVP_PKEY_meth_get_digestsign + +INSTALL_TARGET= install-strip + +post-extract: + @${RMDIR} ${WRKSRC}/.gnulib ${WRKSRC}/include/oasis-pkcs11 + @${MV} ${WRKSRC_gnulib} ${WRKSRC}/.gnulib + @${MV} ${WRKSRC_oasis_pkcs11} ${WRKSRC}/include/oasis-pkcs11 + +pre-configure: + @cd ${WRKSRC} && BUILD_PORT=1 ${WRKSRC}/bootstrap.sh + +.include diff --git a/security/pkcs11-tools/distinfo b/security/pkcs11-tools/distinfo new file mode 100644 index 000000000000..9393eb3a7a22 --- /dev/null +++ b/security/pkcs11-tools/distinfo @@ -0,0 +1,7 @@ +TIMESTAMP = 1618241897 +SHA256 (Mastercard-pkcs11-tools-v2.3.0_GH0.tar.gz) = a5a54b7e0cb4d2f94410e5de3246b3eed8db6c24561bc1e67672cc14017f3246 +SIZE (Mastercard-pkcs11-tools-v2.3.0_GH0.tar.gz) = 227365 +SHA256 (coreutils-gnulib-5b3a6f94f_GH0.tar.gz) = 93ab4c723fc482a531dc55a28c9da5d7907a3402bcef4e99f4d8168415ae3a71 +SIZE (coreutils-gnulib-5b3a6f94f_GH0.tar.gz) = 7293249 +SHA256 (oasis-tcs-pkcs11-df530bf_GH0.tar.gz) = a1e9203c463fe1187d89d2f29b5453f9bda84c55f31a91c12638d113fc2214cb +SIZE (oasis-tcs-pkcs11-df530bf_GH0.tar.gz) = 119448 diff --git a/security/pkcs11-tools/files/patch-configure.ac b/security/pkcs11-tools/files/patch-configure.ac new file mode 100644 index 000000000000..e1828dc20ac3 --- /dev/null +++ b/security/pkcs11-tools/files/patch-configure.ac @@ -0,0 +1,56 @@ +--- configure.ac.orig 2021-04-12 12:06:48 UTC ++++ configure.ac +@@ -75,24 +75,24 @@ PKG_PROG_PKG_CONFIG + dnl for libcrypto, we are first detecting libcrypo11, + dnl as older distros may still run on top of openssl 1.0, + dnl but have v1.1.x accessible through libcrypto11.pc file +-PKG_CHECK_MODULES([LIBCRYPTO], +- [libcrypto11 >= 1.1.1e], +- [ ac_save_CPPFLAGS=$CPPFLAGS +- CPPFLAGS="${CPPFLAGS} ${LIBCRYPTO_CFLAGS}" +- AC_CHECK_DECLS([OPENSSL_NO_RSA, OPENSSL_NO_DSA, OPENSSL_NO_DH, OPENSSL_NO_EC], +- [AC_MSG_FAILURE([The OpenSSL crypto library is missing features/algorithm to allow compilation])], +- [], +- [[ #include ]]) +- CPPFLAGS=${ac_save_CPPFLAGS} ], +- [ PKG_CHECK_MODULES([LIBCRYPTO], +- [libcrypto >= 1.1.1e], +- [ ac_save_CPPFLAGS=$CPPFLAGS +- CPPFLAGS="${CPPFLAGS} ${LIBCRYPTO_CFLAGS}" +- AC_CHECK_DECLS([OPENSSL_NO_RSA, OPENSSL_NO_DSA, OPENSSL_NO_DH, OPENSSL_NO_EC], +- [AC_MSG_FAILURE([The OpenSSL crypto library is missing features/algorithm to allow compilation])], +- [], +- [[ #include ]]) +- CPPFLAGS=${ac_save_CPPFLAGS} ])]) ++#PKG_CHECK_MODULES([LIBCRYPTO], ++# [libcrypto11 >= 1.1.1e], ++# [ ac_save_CPPFLAGS=$CPPFLAGS ++# CPPFLAGS="${CPPFLAGS} ${LIBCRYPTO_CFLAGS}" ++# AC_CHECK_DECLS([OPENSSL_NO_RSA, OPENSSL_NO_DSA, OPENSSL_NO_DH, OPENSSL_NO_EC], ++# [AC_MSG_FAILURE([The OpenSSL crypto library is missing features/algorithm to allow compilation])], ++# [], ++# [[ #include ]]) ++# CPPFLAGS=${ac_save_CPPFLAGS} ], ++# [ PKG_CHECK_MODULES([LIBCRYPTO], ++# [libcrypto >= 1.1.1e], ++# [ ac_save_CPPFLAGS=$CPPFLAGS ++# CPPFLAGS="${CPPFLAGS} ${LIBCRYPTO_CFLAGS}" ++# AC_CHECK_DECLS([OPENSSL_NO_RSA, OPENSSL_NO_DSA, OPENSSL_NO_DH, OPENSSL_NO_EC], ++# [AC_MSG_FAILURE([The OpenSSL crypto library is missing features/algorithm to allow compilation])], ++# [], ++# [[ #include ]]) ++# CPPFLAGS=${ac_save_CPPFLAGS} ])]) + + dnl on UNIX platforms, check for dynamic loader lib + AM_COND_IF( [TARGET_OS_MINGW32], +@@ -152,8 +152,8 @@ AS_IF([test "x$with_luna" != xno], + + dnl check if a specific rpath is provided when linking. + dnl this option is needed when openssl is not deployed to a system-wide location +-AC_ARG_VAR([LIBCRYPTO_RPATH], [provide RPATH to LIBCRYPTO, e.g. LIBCRYPTO_RPATH=/usr/local/ssl/lib (useful when openssl is not deployed to a system-wide location)]) +-AM_CONDITIONAL([HAS_LIBCRYPTO_RPATH], [test "x$LIBCRYPTO_RPATH" != "x"]) ++#AC_ARG_VAR([LIBCRYPTO_RPATH], [provide RPATH to LIBCRYPTO, e.g. LIBCRYPTO_RPATH=/usr/local/ssl/lib (useful when openssl is not deployed to a system-wide location)]) ++AM_CONDITIONAL([HAS_LIBCRYPTO_RPATH], [test "xx" != "x"]) + + + #### TODO HERE diff --git a/security/pkcs11-tools/pkg-descr b/security/pkcs11-tools/pkg-descr new file mode 100644 index 000000000000..4c281c4775ad --- /dev/null +++ b/security/pkcs11-tools/pkg-descr @@ -0,0 +1,8 @@ +pkcs11-tools is a toolkit containing a bunch of small utilities to perform key +management tasks on cryptographic tokens implementing a PKCS#11 interface. It +features a number of commands similar to the unix CLI utilities, such as ls, mv, +rm, od, and more. It also has specific commands to generate keys, generate CSRs, +import certificates and other files, in a fashion compatible with most +implementations, including both IBM and Oracle JVMs. + +WWW: https://github.com/Mastercard/pkcs11-tools diff --git a/security/pkcs11-tools/pkg-plist b/security/pkcs11-tools/pkg-plist new file mode 100644 index 000000000000..f4118cf4a442 --- /dev/null +++ b/security/pkcs11-tools/pkg-plist @@ -0,0 +1,27 @@ +bin/masqreq +bin/p11cat +bin/p11cp +bin/p11importcert +bin/p11importdata +bin/p11importpubk +bin/p11kcv +bin/p11keycomp +bin/p11keygen +bin/p11ls +bin/p11mkcert +bin/p11more +bin/p11mv +bin/p11od +bin/p11req +bin/p11rewrap +bin/p11rm +bin/p11setattr +bin/p11slotinfo +bin/p11unwrap +bin/p11wrap +bin/with_beid +bin/with_luna +bin/with_nfast +bin/with_nss +bin/with_softhsm +bin/with_utimaco