Add libp11

msys2 · Nov 19, 2024 · bfe7023 · bfe7023
1 parent a2d39f8
commit bfe7023
Show file tree

Hide file tree

Showing 4 changed files with 128 additions and 0 deletions.
diff --git a/mingw-w64-libp11/PKGBUILD b/mingw-w64-libp11/PKGBUILD
@@ -0,0 +1,61 @@
+_realname=libp11
+pkgbase=mingw-w64-${_realname}
+pkgname=("${MINGW_PACKAGE_PREFIX}-${_realname}")
+pkgver=libp11.0.4.12.r103.g214b271
+pkgrel=1
+pkgdesc="A library implementing a small layer on top of the PKCS11 API (mingw-w64)"
+arch=('any')
+mingw_arch=('mingw64' 'ucrt64' 'clang64' 'clangarm64')
+url="https://github.com/OpenSC/libp11"
+license=('COPYING')
+makedepends=("${MINGW_PACKAGE_PREFIX}-openssl"
+             "${MINGW_PACKAGE_PREFIX}-autotools"
+             "${MINGW_PACKAGE_PREFIX}-cc"
+             'git')
+depends=("${MINGW_PACKAGE_PREFIX}-openssl")
+# optdepends("${MINGW_PACKAGE_PREFIX}-p11-kit: seamless PKCS#11 modules integration")
+_commit='214b271cdd066b40ad08e15ec3c19581c8dcd149'
+source=("${_realname}"::"git+https://github.com/OpenSC/libp11.git#commit=${_commit}"
+        "engine_h_win32.patch" "verinfo.patch" "readme.msys2")
+sha256sums=('d563f146009ffa22ecba600dafdfdb309f228a102ec276b31c2786eb53adc7e7'
+            '7e4a81e44543db66121ec3bd184f6677c961939a20911cc5d25018e38e56dc06'
+            '73e9cf87aedf418e34a7dd41e221aaacbbf505d80a89dc7b36028a32b605f415'
+            '73d7e42d25a6f109f089066e6e6c483471ab7b4f78e3401f9d3783a2fd151667')
+
+pkgver() {
+  cd "${_realname}"
+
+  git describe --long "${_commit}" | sed 's/\([^-]*-g\)/r\1/;s/-/./g;s/^v//g'
+}
+
+prepare() {
+  cd "${_realname}"
+  patch -p1 -i ${srcdir}/engine_h_win32.patch
+  patch -p1 -i ${srcdir}/verinfo.patch
+
+  autoreconf -fi
+}
+
+build() {
+  mkdir -p "build-${MSYSTEM}" && cd "build-${MSYSTEM}"
+  local ENGINESDIR=$(cygpath $(pkg-config --variable=enginesdir libcrypto))
+  ../${_realname}/configure \
+    --prefix="${MINGW_PREFIX}" \
+    --build="${MINGW_CHOST}" \
+    --host="${MINGW_CHOST}" \
+    --target="${MINGW_CHOST}" \
+    --with-enginesdir="$ENGINESDIR" \
+    --with-pkcs11-module=libp11-kit-0.dll # p11-kit lib/proxy module
+# FIXME: ls -l $(pkg-config.exe --variable=proxy_module p11-kit-1) # <= broken
+
+  make
+}
+
+package() {
+  cd "build-${MSYSTEM}"
+
+  make install DESTDIR="${pkgdir}"
+
+  install -Dm644 "${srcdir}/${_realname}/COPYING" "${pkgdir}${MINGW_PREFIX}/share/licenses/${_realname}/LICENSE"
+  install -Dm644 "${srcdir}/readme.msys2" "${pkgdir}${MINGW_PREFIX}/share/doc/${_realname}/readme.msys2"
+}
diff --git a/mingw-w64-libp11/engine_h_win32.patch b/mingw-w64-libp11/engine_h_win32.patch
@@ -0,0 +1,11 @@
+--- libp11/src/engine.h.orig	2024-11-19 08:37:42.895251700 -0600
++++ libp11/src/engine.h	2024-11-19 10:11:02.007447500 -0600
+@@ -28,7 +28,7 @@
+ #ifndef _ENGINE_PKCS11_H
+ #define _ENGINE_PKCS11_H
+
+-#ifndef _WIN32
++#ifndef _MSC_VER
+ #include "config.h"
+ #endif
+
diff --git a/mingw-w64-libp11/readme.msys2 b/mingw-w64-libp11/readme.msys2
@@ -0,0 +1,37 @@
+This package is built to leverage p11-kit proxy.
+
+Normally, one would specify PKCS#11 module to use explicitly, e.g. for YubiKey
+
+  $ PKCS11_MODULE_PATH=libykcs11.dll openssl pkeyutl -engine pkcs11 -keyform engine \
+  -inkey "pkcs11:object=Private key for PIV Authentication;type=private;pin-value=123456" \
+  -sign -in data.txt -out data.sig
+
+Note that libykcs11.dll along with its dependencies has to be on the PATH.
+
+However, this package is built with default PKCS#11 module libp11-kit-0.dll. That is if you
+have YOUR-ENV-p11-kit package installed, and say you use OpenSC installed in its default
+location along with a properly configured module, e.g. by creating a file
+/ucrt64/etc/pkcs11/modules/opensc.module with a single line
+
+  module: C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll
+
+then you would be able to use it implicitly, e.g.
+
+  $ openssl pkeyutl -engine pkcs11 -keyform engine \
+  -inkey "pkcs11:token=some_cn;type=private;pin-value=123456" \
+  -sign -in data.txt -out data.sig
+
+You should be able to check whether your module is set up properly by running
+
+  p11-kit list-modules
+
+You should see opensc module in there as well as your token.
+
+Note that pkg-config has an incorrect information about proxy on msys2. The following line
+will result in an error.
+
+  $ ls -l $(pkg-config.exe --variable=proxy_module p11-kit-1)
+  ls: cannot access 'C:/msys64/ucrt64/bin/../lib/p11-kit-proxy.dll': No such file or directory
+
+However the proxy and the main library (libp11-kit-0.dll) are essentially the same.  This is a
+bug in p11-kit packaging.
diff --git a/mingw-w64-libp11/verinfo.patch b/mingw-w64-libp11/verinfo.patch
@@ -0,0 +1,19 @@
+--- libp11/src/Makefile.am.orig	2024-11-19 14:51:29.900790900 -0600
++++ libp11/src/Makefile.am	2024-11-19 15:46:43.605107000 -0600
+@@ -15,13 +15,13 @@
+ libp11_la_SOURCES = libpkcs11.c p11_attr.c p11_cert.c p11_err.c p11_ckr.c \
+ 	p11_key.c p11_load.c p11_misc.c p11_rsa.c p11_ec.c p11_pkey.c \
+ 	p11_slot.c p11_front.c p11_atfork.c libp11.exports
++libp11_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_CFLAGS)
++libp11_la_LIBADD = $(OPENSSL_LIBS)
+ if WIN32
+-libp11_la_SOURCES += libp11.rc
++libp11_la_LIBADD += libp11.lo
+ else
+ dist_noinst_DATA = libp11.rc
+ endif
+-libp11_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_CFLAGS)
+-libp11_la_LIBADD = $(OPENSSL_LIBS)
+ libp11_la_LDFLAGS = $(AM_LDFLAGS) \
+ 	-version-info @LIBP11_LT_CURRENT@:@LIBP11_LT_REVISION@:@LIBP11_LT_AGE@
+