%general-entities; ]> p11-kit The p11-kit package provides a way to load and enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules. &lfs121_checked; Package Information Download (HTTP): Download (FTP): Download MD5 sum: &p11-kit-md5sum; Download size: &p11-kit-size; Estimated disk space required: &p11-kit-buildsize; Estimated build time: &p11-kit-time; p11-kit Dependencies Required and Optional and Prepare the distribution specific anchor hook: sed '20,$ d' -i trust/trust-extract-compat && cat >> trust/trust-extract-compat << "EOF" # Copy existing anchor modifications to /etc/ssl/local /usr/libexec/make-ca/copy-trust-modifications # Update trust stores /usr/sbin/make-ca -r EOF Install p11-kit by running the following commands: mkdir p11-build && cd p11-build && meson setup .. \ --prefix=/usr \ --buildtype=release \ -Dtrust_paths=/etc/pki/anchors && ninja To test the results, issue: LC_ALL=C ninja test. Now, as the root user: ninja install && ln -sfv /usr/libexec/p11-kit/trust-extract-compat \ /usr/bin/update-ca-certificates -Dtrust_paths=/etc/pki/anchors: this switch sets the location of trusted certificates used by libp11-kit.so. -Dhash_impl=freebl: Use this switch if you want to use the Freebl library from NSS for SHA1 and MD5 hashing. -Dgtk_doc=true: Use this switch if you have installed and and wish to rebuild the documentation and generate manual pages. First clean the directory by running the following command: rm -rf * Install lib32-p11-kit by running the following commands: CC="gcc -m32" CXX="g++ -m32" \ PKG_CONFIG_PATH=/usr/lib32/pkgconfig \ meson setup .. \ --prefix=/usr \ --libdir=/usr/lib32 \ --buildtype=release \ -Dtrust_paths=/etc/pki/anchors && ninja Now, as the root user: DESTDIR=$PWD/DESTDIR ninja install cp -vr DESTDIR/usr/lib32/* /usr/lib32 rm -rf DESTDIR ldconfig Make system CAs available transparently to NSS aware applications by running the following commands as the root user: ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib32/libnssckbi.so Installed Programs Installed Libraries Installed Directories p11-kit, trust, and update-ca-certificates libp11-kit.so and p11-kit-proxy.so /etc/pkcs11, /usr/include/p11-kit-1, /usr/lib/pkcs11, /usr/libexec/p11-kit, /usr/share/gtk-doc/html/p11-kit, and /usr/share/p11-kit Short Descriptions p11-kit is a command line tool that can be used to perform operations on PKCS#11 modules configured on the system p11-kit trust is a command line tool to examine and modify the shared trust policy store trust update-ca-certificates is a command line tool to both extract local certificates from an updated anchor store, and regenerate all anchors and certificate stores on the system. This is done unconditionally on BLFS using the --force and --get flags to make-ca and should likely not be used for automated updates update-ca-certificates libp11-kit.so contains functions used to coordinate initialization and finalization of any PKCS#11 module libp11-kit.so p11-kit-proxy.so is the PKCS#11 proxy module p11-kit-proxy.so