From 8fd55c8089c90b52f00e4ffad572d1b9da72e6ba Mon Sep 17 00:00:00 2001
From: Stef Walter <stefw@gnome.org>
Date: Thu, 7 Mar 2013 18:53:50 +0100
Subject: p11-kit: New priority option and change trust-policy option

 * Sort loaded modules appropriately using the 'priority' option. This
   allows us to have a predictable order for callers, when callers
   iterate through modules.
 * Modules default to having an 'priority' option of '0'.
 * If modules have the same order value, then sort by name.
 * The above assumes the role of ordering trust-policy sources.
 * Change the trust-policy option to a boolean
 * Some of this code will be rearranged when the managed branch
   is merged.

https://bugs.freedesktop.org/show_bug.cgi?id=61978
---
 doc/manual/p11-kit-trust.xml |  5 +++--
 doc/manual/pkcs11.conf.xml   | 20 +++++++++++++++-----
 2 files changed, 18 insertions(+), 7 deletions(-)

(limited to 'doc')

diff --git a/doc/manual/p11-kit-trust.xml b/doc/manual/p11-kit-trust.xml
index 06f168e..198d5db 100644
--- a/doc/manual/p11-kit-trust.xml
+++ b/doc/manual/p11-kit-trust.xml
@@ -107,11 +107,12 @@ $ pkg-config --variable p11_trust_paths p11-kit-1
 		<listitem><para>Disable loading trust policy information
 		from this module by adding a file to <literal>/etc/pkcs11/modules</literal>
 		called <literal>p11-kit-trust.module</literal> containing a
-		<literal>trust-policy:</literal> line.</para></listitem>
+		<literal>trust-policy: no</literal> line.</para></listitem>
+
 		<listitem><para>Disable this module completely by
 		adding a file to <literal>/etc/pkcs11/modules</literal>
 		called <literal>p11-kit-trust.module</literal> containing a
-		<literal>enable-in:</literal> line.</para></listitem>
+		<literal>enable-in:</literal> line (without a value).</para></listitem>
 	</itemizedlist>
 
 </section>
diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml
index 3146f60..5ff0863 100644
--- a/doc/manual/pkcs11.conf.xml
+++ b/doc/manual/pkcs11.conf.xml
@@ -128,13 +128,23 @@ x-custom : text
 		</listitem>
 	</varlistentry>
 	<varlistentry>
+		<term><option>priority:</option></term>
+		<listitem>
+			<para>The value should be an integer. When lists of modules are
+			returned to a caller of p11-kit, modules with a higher number are sorted
+			first. When applications search modules for for certificates, keys and
+			trust policy information, this setting will affect what find
+			first.</para>
+			<para>This argument is optional, and defaults to zero. Modules
+			with the same <option>priority</option> option will be sorted
+			alphabetically.</para>
+		</listitem>
+	</varlistentry>
+	<varlistentry>
 		<term><option>trust-policy:</option></term>
 		<listitem>
-			<para>If this setting is present then this module is used to load
-			trust policy information such as certificate anchors and black lists.
-			The value should be an integer. Modules with a lower number are loaded
-			first. Trust policy information in modules loaded later overrides
-			those loaded first.</para>
+			<para>Set to <literal>yes</literal> to use use this module as a source
+			of trust policy information such as certificate anchors and black lists.</para>
 		</listitem>
 	</varlistentry>
 	</variablelist>
-- 
cgit v1.1