diff options
| author | Tijl Coosemans <tijl@FreeBSD.org> | 2022-08-13 16:52:35 +0000 |
|---|---|---|
| committer | Tijl Coosemans <tijl@FreeBSD.org> | 2023-02-01 11:05:18 +0000 |
| commit | 8672992ef7f072f87304e953231de77179143f1d (patch) | |
| tree | d270bb6afa52ef887506c58e28924e8eb4dbdccf | |
| parent | d1207aa8bb174f0ecdfa319137a26b32d6ecd986 (diff) | |
| download | ports-8672992ef7f072f87304e953231de77179143f1d.tar.gz ports-8672992ef7f072f87304e953231de77179143f1d.zip | |
security/p11-kit: Use base system CA certificates
Drop dependency on ca_root_nss and use base system root certificates
instead. This allows users to add their own certificates.
trust_paths now points to a directory and that directory contains
"anchors" and "blocklist" symlinks pointing to the base system
certificate directories. This is based on the documentation from
https://p11-glue.github.io/p11-glue/p11-kit/manual/trust-module.html.
The list of certificates known to p11-kit can be verified by running
"trust list".
PR: 268841
Approved by: novel (maintainer)
| -rw-r--r-- | security/p11-kit/Makefile | 17 | ||||
| -rw-r--r-- | security/p11-kit/pkg-plist | 2 |
2 files changed, 14 insertions, 5 deletions
diff --git a/security/p11-kit/Makefile b/security/p11-kit/Makefile index 268a528714b3..3c0f87d563c1 100644 --- a/security/p11-kit/Makefile +++ b/security/p11-kit/Makefile @@ -1,6 +1,6 @@ PORTNAME= p11-kit DISTVERSION= 0.24.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security devel MASTER_SITES= https://github.com/p11-glue/p11-kit/releases/download/${DISTVERSION}/ @@ -11,9 +11,7 @@ WWW= https://p11-glue.freedesktop.org/p11-kit.html LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING -BUILD_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss \ - bash-completion>=0:shells/bash-completion -RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss +BUILD_DEPENDS= bash-completion>=0:shells/bash-completion LIB_DEPENDS= libffi.so:devel/libffi \ libtasn1.so:security/libtasn1 @@ -26,7 +24,7 @@ MESON_ARGS= -Dbash_completion=enabled \ -Dlibffi=enabled \ -Dnls=false \ -Dtrust_module=enabled \ - -Dtrust_paths=${LOCALBASE}/share/certs/ca-root-nss.crt + -Dtrust_paths=${DATADIR}/certs OPTIONS_DEFINE= DOCS MANPAGES TEST OPTIONS_SUB= yes @@ -43,9 +41,18 @@ MANPAGES_MESON_TRUE= man TEST_MESON_TRUE= test +.include <bsd.port.options.mk> + post-install: ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} ${MV} ${STAGEDIR}${PREFIX}/etc/pkcs11/pkcs11.conf.example ${STAGEDIR}${EXAMPLESDIR} ${RMDIR} ${STAGEDIR}${PREFIX}/etc/pkcs11 + ${MKDIR} ${STAGEDIR}${DATADIR}/certs + ${LN} -s /usr/share/certs/trusted ${STAGEDIR}${DATADIR}/certs/anchors +.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1400024 + ${LN} -s /usr/share/certs/blacklisted ${STAGEDIR}${DATADIR}/certs/blocklist +.else + ${LN} -s /usr/share/certs/untrusted ${STAGEDIR}${DATADIR}/certs/blocklist +.endif .include <bsd.port.mk> diff --git a/security/p11-kit/pkg-plist b/security/p11-kit/pkg-plist index 7341c822cc7f..dac887134044 100644 --- a/security/p11-kit/pkg-plist +++ b/security/p11-kit/pkg-plist @@ -61,5 +61,7 @@ share/bash-completion/completions/trust %%DOCS%%share/gtk-doc/html/p11-kit/trust.html %%DOCS%%share/gtk-doc/html/p11-kit/up-insensitive.png %%DOCS%%share/gtk-doc/html/p11-kit/up.png +%%DATADIR%%/certs/anchors +%%DATADIR%%/certs/blocklist %%DATADIR%%/modules/p11-kit-trust.module %%EXAMPLESDIR%%/pkcs11.conf.example |