p11-kit-0.25.10

Introduction to p11-kit

The p11-kit package provides a way to load and enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules.

Package Information

Download (HTTP): https://github.comp11-glue/p11-kit/releases/download/0.25.10/p11-kit-0.25.10.tar.xz
Download SHA256 Sum: a62a137a966fb3a9bbfa670b4422161e369ddea216be51425e3be0ab2096e408
Download MD5 sum: 46fb4aa4faf0e18c036715f103e6c429
Download size: 1,053 KB
Estimated disk space required: 100 MB (with tests)
Estimated build time: 0.7 SBU (with tests)

p11-kit Dependencies

Recommended (runtime)

make-ca-1.16.1

Optional

"gtk-doc", libxslt-1.1.43 and nss-3.118.1 (runtime)

Installation of p11-kit

Prepare the distribution specific anchor hook:

sed '20,$ d' -i trust/trust-extract-compat &&

cat >> trust/trust-extract-compat << "EOF"
# Copy existing anchor modifications to /etc/ssl/local
/usr/libexec/make-ca/copy-trust-modifications

# Update trust stores
/usr/sbin/make-ca -r
EOF

Configure p11-kit by running the following commands:

meson setup p11-build     \
      --prefix=/usr       \
      --buildtype=release \
      -D trust_paths=/etc/pki/anchors

Now Compile p11-kit by running the following commands:

ninja -C p11-build

To test the results, issue:

ninja -C p11-build test

Now, Install p11-kit by running the following:

ninja -C p11-build install
ln -sfv /usr/libexec/p11-kit/trust-extract-compat \
        /usr/bin/update-ca-certificates
ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so

Note

The p11-kit trust module (/usr/lib/pkcs11/p11-kit-trust.so) can be used as a drop-in replacement for /usr/lib/libnssckbi.so to transparently make the system CAs available to NSS aware applications, rather than the static list provided by /usr/lib/libnssckbi.so.

Command Explanations

-D trust_paths=/etc/pki/anchors: this switch sets the location of trusted certificates used by libp11-kit.so.

-D hash_impl=freebl: Use this switch if you want to use the Freebl library from NSS for SHA1 and MD5 hashing.

Installed Programs: p11-kit, trust, and update-ca-certificates

Installed Libraries: libp11-kit.so and p11-kit-proxy.so

Installed Directories: /etc/pkcs11, /usr/include/p11-kit-1, /usr/lib/pkcs11, /usr/libexec/p11-kit, /usr/share/gtk-doc/html/p11-kit, and /usr/share/p11-kit

Short Descriptions

p11-kit	is a command line tool that can be used to perform operations on PKCS#11 modules configured on the system
trust	is a command line tool to examine and modify the shared trust policy store
update-ca-certificates	is a command line tool to both extract local certificates from an updated anchor store, and regenerate all anchors and certificate stores on the system. This is done unconditionally on BLFS using the `--force` and `--get` flags to make-ca and should likely not be used for automated updates
`libp11-kit.so`	contains functions used to coordinate initialization and finalization of any PKCS#11 module
`p11-kit-proxy.so`	is the PKCS#11 proxy module

Prev
libtasn1-4.20.0
Next
make-ca-1.16.1
Up
Home

Zirconium Linux From Scratch - Version r12.4-45-systemd

Chapter 7. System Utilities