git: a6d0c2f4e216 - main - New port: security/pkcs11-tools: Tools for managing PKCS11 cryptographic tokens
Yuri Victorovich
yuri at FreeBSD.org
Mon Apr 19 00:23:39 UTC 2021
The branch main has been updated by yuri:
URL: https://cgit.FreeBSD.org/ports/commit/?id=a6d0c2f4e2167b4da1607f0b018a0e3985b7e729
commit a6d0c2f4e2167b4da1607f0b018a0e3985b7e729
Author: Yuri Victorovich <yuri at FreeBSD.org>
AuthorDate: 2021-04-19 00:21:30 +0000
Commit: Yuri Victorovich <yuri at FreeBSD.org>
CommitDate: 2021-04-19 00:23:37 +0000
New port: security/pkcs11-tools: Tools for managing PKCS11 cryptographic tokens
PR: 255058
Submitted by: Eric Devolder <eric.devolder at gmail.com>
---
security/Makefile | 1 +
security/pkcs11-tools/Makefile | 40 ++++++++++++++++++
security/pkcs11-tools/distinfo | 7 ++++
security/pkcs11-tools/files/patch-configure.ac | 56 ++++++++++++++++++++++++++
security/pkcs11-tools/pkg-descr | 8 ++++
security/pkcs11-tools/pkg-plist | 27 +++++++++++++
6 files changed, 139 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index 30707bf55f4b..ee477b98a030 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -803,6 +803,7 @@
SUBDIR += pkcs11-dump
SUBDIR += pkcs11-gateway
SUBDIR += pkcs11-helper
+ SUBDIR += pkcs11-tools
SUBDIR += pkesh
SUBDIR += pks
SUBDIR += pktsuckers
diff --git a/security/pkcs11-tools/Makefile b/security/pkcs11-tools/Makefile
new file mode 100644
index 000000000000..0dd4386a6014
--- /dev/null
+++ b/security/pkcs11-tools/Makefile
@@ -0,0 +1,40 @@
+PORTNAME= pkcs11-tools
+DISTVERSIONPREFIX= v
+DISTVERSION= 2.3.0
+CATEGORIES= security
+
+MAINTAINER= eric.devolder at gmail.com
+COMMENT= Tools for managing PKCS11 cryptographic tokens
+
+LICENSE= APACHE20
+
+BUILD_DEPENDS= autoconf>0:devel/autoconf \
+ autoconf-archive>0:devel/autoconf-archive \
+ automake>0:devel/automake \
+ flex:textproc/flex
+RUN_DEPENDS= bash:shells/bash
+
+USES= bison compiler:c11 libtool:build pkgconfig ssl
+
+USE_GITHUB= yes
+GH_ACCOUNT= Mastercard
+GH_TUPLE= coreutils:gnulib:5b3a6f94f:gnulib \
+ oasis-tcs:pkcs11:df530bf:oasis_pkcs11
+
+GNU_CONFIGURE= yes
+
+MAKE_ENV= LIBCRYPTO_RPATH=${OPENSSLBASE}/lib
+
+LDFLAGS+= ${OPENSSLBASE}/lib/libcrypto.a # -lcrypto # fails to find symbol in the shared library: ld: error: undefined symbol: EVP_PKEY_meth_get_digestsign
+
+INSTALL_TARGET= install-strip
+
+post-extract:
+ @${RMDIR} ${WRKSRC}/.gnulib ${WRKSRC}/include/oasis-pkcs11
+ @${MV} ${WRKSRC_gnulib} ${WRKSRC}/.gnulib
+ @${MV} ${WRKSRC_oasis_pkcs11} ${WRKSRC}/include/oasis-pkcs11
+
+pre-configure:
+ @cd ${WRKSRC} && BUILD_PORT=1 ${WRKSRC}/bootstrap.sh
+
+.include <bsd.port.mk>
diff --git a/security/pkcs11-tools/distinfo b/security/pkcs11-tools/distinfo
new file mode 100644
index 000000000000..9393eb3a7a22
--- /dev/null
+++ b/security/pkcs11-tools/distinfo
@@ -0,0 +1,7 @@
+TIMESTAMP = 1618241897
+SHA256 (Mastercard-pkcs11-tools-v2.3.0_GH0.tar.gz) = a5a54b7e0cb4d2f94410e5de3246b3eed8db6c24561bc1e67672cc14017f3246
+SIZE (Mastercard-pkcs11-tools-v2.3.0_GH0.tar.gz) = 227365
+SHA256 (coreutils-gnulib-5b3a6f94f_GH0.tar.gz) = 93ab4c723fc482a531dc55a28c9da5d7907a3402bcef4e99f4d8168415ae3a71
+SIZE (coreutils-gnulib-5b3a6f94f_GH0.tar.gz) = 7293249
+SHA256 (oasis-tcs-pkcs11-df530bf_GH0.tar.gz) = a1e9203c463fe1187d89d2f29b5453f9bda84c55f31a91c12638d113fc2214cb
+SIZE (oasis-tcs-pkcs11-df530bf_GH0.tar.gz) = 119448
diff --git a/security/pkcs11-tools/files/patch-configure.ac b/security/pkcs11-tools/files/patch-configure.ac
new file mode 100644
index 000000000000..e1828dc20ac3
--- /dev/null
+++ b/security/pkcs11-tools/files/patch-configure.ac
@@ -0,0 +1,56 @@
+--- configure.ac.orig 2021-04-12 12:06:48 UTC
++++ configure.ac
+@@ -75,24 +75,24 @@ PKG_PROG_PKG_CONFIG
+ dnl for libcrypto, we are first detecting libcrypo11,
+ dnl as older distros may still run on top of openssl 1.0,
+ dnl but have v1.1.x accessible through libcrypto11.pc file
+-PKG_CHECK_MODULES([LIBCRYPTO],
+- [libcrypto11 >= 1.1.1e],
+- [ ac_save_CPPFLAGS=$CPPFLAGS
+- CPPFLAGS="${CPPFLAGS} ${LIBCRYPTO_CFLAGS}"
+- AC_CHECK_DECLS([OPENSSL_NO_RSA, OPENSSL_NO_DSA, OPENSSL_NO_DH, OPENSSL_NO_EC],
+- [AC_MSG_FAILURE([The OpenSSL crypto library is missing features/algorithm to allow compilation])],
+- [],
+- [[ #include <openssl/opensslconf.h> ]])
+- CPPFLAGS=${ac_save_CPPFLAGS} ],
+- [ PKG_CHECK_MODULES([LIBCRYPTO],
+- [libcrypto >= 1.1.1e],
+- [ ac_save_CPPFLAGS=$CPPFLAGS
+- CPPFLAGS="${CPPFLAGS} ${LIBCRYPTO_CFLAGS}"
+- AC_CHECK_DECLS([OPENSSL_NO_RSA, OPENSSL_NO_DSA, OPENSSL_NO_DH, OPENSSL_NO_EC],
+- [AC_MSG_FAILURE([The OpenSSL crypto library is missing features/algorithm to allow compilation])],
+- [],
+- [[ #include <openssl/opensslconf.h> ]])
+- CPPFLAGS=${ac_save_CPPFLAGS} ])])
++#PKG_CHECK_MODULES([LIBCRYPTO],
++# [libcrypto11 >= 1.1.1e],
++# [ ac_save_CPPFLAGS=$CPPFLAGS
++# CPPFLAGS="${CPPFLAGS} ${LIBCRYPTO_CFLAGS}"
++# AC_CHECK_DECLS([OPENSSL_NO_RSA, OPENSSL_NO_DSA, OPENSSL_NO_DH, OPENSSL_NO_EC],
++# [AC_MSG_FAILURE([The OpenSSL crypto library is missing features/algorithm to allow compilation])],
++# [],
++# [[ #include <openssl/opensslconf.h> ]])
++# CPPFLAGS=${ac_save_CPPFLAGS} ],
++# [ PKG_CHECK_MODULES([LIBCRYPTO],
++# [libcrypto >= 1.1.1e],
++# [ ac_save_CPPFLAGS=$CPPFLAGS
++# CPPFLAGS="${CPPFLAGS} ${LIBCRYPTO_CFLAGS}"
++# AC_CHECK_DECLS([OPENSSL_NO_RSA, OPENSSL_NO_DSA, OPENSSL_NO_DH, OPENSSL_NO_EC],
++# [AC_MSG_FAILURE([The OpenSSL crypto library is missing features/algorithm to allow compilation])],
++# [],
++# [[ #include <openssl/opensslconf.h> ]])
++# CPPFLAGS=${ac_save_CPPFLAGS} ])])
+
+ dnl on UNIX platforms, check for dynamic loader lib
+ AM_COND_IF( [TARGET_OS_MINGW32],
+@@ -152,8 +152,8 @@ AS_IF([test "x$with_luna" != xno],
+
+ dnl check if a specific rpath is provided when linking.
+ dnl this option is needed when openssl is not deployed to a system-wide location
+-AC_ARG_VAR([LIBCRYPTO_RPATH], [provide RPATH to LIBCRYPTO, e.g. LIBCRYPTO_RPATH=/usr/local/ssl/lib (useful when openssl is not deployed to a system-wide location)])
+-AM_CONDITIONAL([HAS_LIBCRYPTO_RPATH], [test "x$LIBCRYPTO_RPATH" != "x"])
++#AC_ARG_VAR([LIBCRYPTO_RPATH], [provide RPATH to LIBCRYPTO, e.g. LIBCRYPTO_RPATH=/usr/local/ssl/lib (useful when openssl is not deployed to a system-wide location)])
++AM_CONDITIONAL([HAS_LIBCRYPTO_RPATH], [test "xx" != "x"])
+
+
+ #### TODO HERE
diff --git a/security/pkcs11-tools/pkg-descr b/security/pkcs11-tools/pkg-descr
new file mode 100644
index 000000000000..4c281c4775ad
--- /dev/null
+++ b/security/pkcs11-tools/pkg-descr
@@ -0,0 +1,8 @@
+pkcs11-tools is a toolkit containing a bunch of small utilities to perform key
+management tasks on cryptographic tokens implementing a PKCS#11 interface. It
+features a number of commands similar to the unix CLI utilities, such as ls, mv,
+rm, od, and more. It also has specific commands to generate keys, generate CSRs,
+import certificates and other files, in a fashion compatible with most
+implementations, including both IBM and Oracle JVMs.
+
+WWW: https://github.com/Mastercard/pkcs11-tools
diff --git a/security/pkcs11-tools/pkg-plist b/security/pkcs11-tools/pkg-plist
new file mode 100644
index 000000000000..f4118cf4a442
--- /dev/null
+++ b/security/pkcs11-tools/pkg-plist
@@ -0,0 +1,27 @@
+bin/masqreq
+bin/p11cat
+bin/p11cp
+bin/p11importcert
+bin/p11importdata
+bin/p11importpubk
+bin/p11kcv
+bin/p11keycomp
+bin/p11keygen
+bin/p11ls
+bin/p11mkcert
+bin/p11more
+bin/p11mv
+bin/p11od
+bin/p11req
+bin/p11rewrap
+bin/p11rm
+bin/p11setattr
+bin/p11slotinfo
+bin/p11unwrap
+bin/p11wrap
+bin/with_beid
+bin/with_luna
+bin/with_nfast
+bin/with_nss
+bin/with_softhsm
+bin/with_utimaco
More information about the dev-commits-ports-all
mailing list