diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | configure.ac | 1 | ||||
| -rw-r--r-- | doc/p11-kit-devel.xml | 23 | ||||
| -rw-r--r-- | doc/p11-kit.xml | 19 | ||||
| -rw-r--r-- | tools/Makefile.am | 4 | ||||
| -rwxr-xr-x | tools/p11-kit-extract-trust.in | 27 |
6 files changed, 75 insertions, 0 deletions
@@ -91,5 +91,6 @@ temp.txt /p11-kit/tests/uri-test /tools/p11-kit +/tools/p11-kit-extract-trust /p11-kit-?.? diff --git a/configure.ac b/configure.ac index e7e490a..8f67a84 100644 --- a/configure.ac +++ b/configure.ac @@ -422,6 +422,7 @@ AC_CONFIG_FILES([Makefile p11-kit/p11-kit-1.pc p11-kit/pkcs11.conf.example tools/Makefile + tools/p11-kit-extract-trust tools/tests/Makefile trust/Makefile trust/tests/Makefile diff --git a/doc/p11-kit-devel.xml b/doc/p11-kit-devel.xml index f3acde1..cfacbf8 100644 --- a/doc/p11-kit-devel.xml +++ b/doc/p11-kit-devel.xml @@ -58,6 +58,29 @@ $ <command>pkg-config p11-kit-1 --variable p11_module_path</command> </section> + <section id="devel-commands"> + <title>Customizing installed commands</title> + + <para>The <literal>p11-kit</literal> tool provides a + <literal>extract-trust</literal> command which extracts trust + policy information such as certificate anchors and so on + into files for use with libraries that cannot read this trust + information directly.</para> + + <para>In order to be useful the <literal>extract-trust</literal> + command needs to be customized per distribution or site. You can + find this file in at <literal>tools/p11-kit-trust-extract.in</literal> + in the p11-kit source code.</para> + + <para>The command is implemented as a simple script which + performs the various <literal>p11-kit extract</literal> commands + necessary to extract the information.</para> + + <para>Using this script as a standard way to extract this + information allows for consistency between distributions and ease + of system administration.</para> + </section> + <section id="devel-building"> <title>Compiling p11-kit from Source</title> <para>This describes how to compiling the p11-kit package from diff --git a/doc/p11-kit.xml b/doc/p11-kit.xml index 162563b..98f5da5 100644 --- a/doc/p11-kit.xml +++ b/doc/p11-kit.xml @@ -188,6 +188,25 @@ $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/dire </refsect1> <refsect1> + <title>Extract Trust</title> + + <para>Extract standard trust information files.</para> + +<programlisting> +$ p11-kit extract-trust +</programlisting> + + <para>OpenSSL, GnuTLS and Java cannot currently read trust information + directly from the trust policy module. This command extracts trust + information such as certificate anchors for use by these libraries.</para> + + <para>What this command does, and where it extracts the files is + distribution or site specific. Packagers or administrators are expected + customize this command.</para> + +</refsect1> + +<refsect1> <title>Bugs</title> <para> Please send bug reports to either the distribution bug tracker diff --git a/tools/Makefile.am b/tools/Makefile.am index 32cc21e..e28f15f 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -48,4 +48,8 @@ p11_kit_SOURCES += \ save.c save.h \ $(NULL) +externaldir = $(pkgdatadir) +external_SCRIPTS = \ + p11-kit-extract-trust + endif # WITH_ASN1 diff --git a/tools/p11-kit-extract-trust.in b/tools/p11-kit-extract-trust.in new file mode 100755 index 0000000..cc7e5fa --- /dev/null +++ b/tools/p11-kit-extract-trust.in @@ -0,0 +1,27 @@ +#!/bin/sh + +# This script is a placeholder designed to be replaced when this software +# has been customized for distribution. + +echo "WARNING: This placeholder extract-trust command has not been customized" +echo "by your distribution or administrator. Extracting trust infromation to" +echo "the following example locations:" +echo +echo " ~/extract-trust-example/openssl-bundle.pem" +echo " ~/extract-trust-example/server-auth-bundle.pem" +echo " ~/extract-trust-example/cacerts" + +DEST=~/extract-trust-example + +# These are nested autoconf variables +prefix=@prefix@ +exec_prefix=@exec_prefix@ + +mkdir -p $DEST + +@bindir@/p11-kit extract --format=openssl-bundle --filter=ca-anchors \ + --overwrite $DEST/openssl-bundle.pem +@bindir@/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite \ + --purpose server-auth $DEST/server-auth-bundle.pem +@bindir@/p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite \ + --purpose server-auth $DEST/cacerts |