Date: Wed, 1 Feb 2023 11:06:09 GMT From: Tijl Coosemans <tijl@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 8672992ef7f0 - main - security/p11-kit: Use base system CA certificates Message-ID: <202302011106.311B69eg003549@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by tijl: URL: https://cgit.FreeBSD.org/ports/commit/?id=8672992ef7f072f87304e953231de77179143f1d commit 8672992ef7f072f87304e953231de77179143f1d Author: Tijl Coosemans <tijl@FreeBSD.org> AuthorDate: 2022-08-13 16:52:35 +0000 Commit: Tijl Coosemans <tijl@FreeBSD.org> CommitDate: 2023-02-01 11:05:18 +0000 security/p11-kit: Use base system CA certificates Drop dependency on ca_root_nss and use base system root certificates instead. This allows users to add their own certificates. trust_paths now points to a directory and that directory contains "anchors" and "blocklist" symlinks pointing to the base system certificate directories. This is based on the documentation from https://p11-glue.github.io/p11-glue/p11-kit/manual/trust-module.html. The list of certificates known to p11-kit can be verified by running "trust list". PR: 268841 Approved by: novel (maintainer) --- security/p11-kit/Makefile | 17 ++++++++++++----- security/p11-kit/pkg-plist | 2 ++ 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/security/p11-kit/Makefile b/security/p11-kit/Makefile index 268a528714b3..3c0f87d563c1 100644 --- a/security/p11-kit/Makefile +++ b/security/p11-kit/Makefile @@ -1,6 +1,6 @@ PORTNAME= p11-kit DISTVERSION= 0.24.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security devel MASTER_SITES= https://github.com/p11-glue/p11-kit/releases/download/${DISTVERSION}/ @@ -11,9 +11,7 @@ WWW= https://p11-glue.freedesktop.org/p11-kit.html LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING -BUILD_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss \ - bash-completion>=0:shells/bash-completion -RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss +BUILD_DEPENDS= bash-completion>=0:shells/bash-completion LIB_DEPENDS= libffi.so:devel/libffi \ libtasn1.so:security/libtasn1 @@ -26,7 +24,7 @@ MESON_ARGS= -Dbash_completion=enabled \ -Dlibffi=enabled \ -Dnls=false \ -Dtrust_module=enabled \ - -Dtrust_paths=${LOCALBASE}/share/certs/ca-root-nss.crt + -Dtrust_paths=${DATADIR}/certs OPTIONS_DEFINE= DOCS MANPAGES TEST OPTIONS_SUB= yes @@ -43,9 +41,18 @@ MANPAGES_MESON_TRUE= man TEST_MESON_TRUE= test +.include <bsd.port.options.mk> + post-install: ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} ${MV} ${STAGEDIR}${PREFIX}/etc/pkcs11/pkcs11.conf.example ${STAGEDIR}${EXAMPLESDIR} ${RMDIR} ${STAGEDIR}${PREFIX}/etc/pkcs11 + ${MKDIR} ${STAGEDIR}${DATADIR}/certs + ${LN} -s /usr/share/certs/trusted ${STAGEDIR}${DATADIR}/certs/anchors +.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1400024 + ${LN} -s /usr/share/certs/blacklisted ${STAGEDIR}${DATADIR}/certs/blocklist +.else + ${LN} -s /usr/share/certs/untrusted ${STAGEDIR}${DATADIR}/certs/blocklist +.endif .include <bsd.port.mk> diff --git a/security/p11-kit/pkg-plist b/security/p11-kit/pkg-plist index 7341c822cc7f..dac887134044 100644 --- a/security/p11-kit/pkg-plist +++ b/security/p11-kit/pkg-plist @@ -61,5 +61,7 @@ share/bash-completion/completions/trust %%DOCS%%share/gtk-doc/html/p11-kit/trust.html %%DOCS%%share/gtk-doc/html/p11-kit/up-insensitive.png %%DOCS%%share/gtk-doc/html/p11-kit/up.png +%%DATADIR%%/certs/anchors +%%DATADIR%%/certs/blocklist %%DATADIR%%/modules/p11-kit-trust.module %%EXAMPLESDIR%%/pkcs11.conf.example
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202302011106.311B69eg003549>