anchor: Prefer persistent format when storing anchor

[ueno]

When a new certificate is stored with "trust anchor --store" from a .p11-kit file, the command treated it as a PEM file, while it should
preserve extra fields in the file.

[ueno]

cc @t184256

[t184256]

Is 0714723 related to the change in question? If yes, how?

[ueno]

0714723 is for a CI failure in mingw64 cross build. Since the other one (autotools) is still failing, I'll split it to a separate PR.

[t184256]

I can't confirm that the test is being called. I've placed an assertion that should've failed and tried both ninja make or make check, both passed. Could you please confirm that it is invoked?

[ueno]

It needs to be called from the autotools build, something like:

./autogen.sh --without-systemd --without-bash-completion --with-trust-paths=$PWD/ca-trust-source --prefix=$PWD/prefix
make
make install
mkdir ca-trust-store
make installcheck

Unfortunately, the autotools CI job is currently failing because of the reasons I haven't investigated yet.

[ueno]

Unfortunately, the autotools CI job is currently failing because of the reasons I haven't investigated yet.

This should be fixed with #330 (the reason was that docker on the base system is not compatible with Fedora 33).

[coveralls]

Coverage increased (+1.2%) to 81.193% when pulling aeac5a2 on ueno:wip/dueno/anchor-persist into bd7702f on p11-glue:master.

[t184256]

Can confirm that the test now passes in CI, and that it fails with test-extract.sh: nss-server-distrust-after is not preserved if the change is reverted. Would be ideal if meson builds also triggered this, but that's probably a separate issue.

[ueno]

Thanks for checking!

Would be ideal if meson builds also triggered this, but that's probably a separate issue.

This is a bit difficult because we would need to tweak the paths embedded in the library.