Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p11-kit: Set proper proxy_module variable for pkg-config #22595

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+17 −3
Open

p11-kit: Set proper proxy_module variable for pkg-config #22595

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions mingw-w64-p11-kit/PKGBUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ _realname=p11-kit
pkgbase=mingw-w64-${_realname}
pkgname="${MINGW_PACKAGE_PREFIX}-${_realname}"
pkgver=0.25.5
pkgrel=1
pkgrel=2
pkgdesc="Library to work with PKCS#11 modules (mingw-w64)"
arch=('any')
mingw_arch=('mingw32' 'mingw64' 'ucrt64' 'clang64' 'clang32' 'clangarm64')
Expand Down Expand Up @@ -37,7 +37,8 @@ source=(https://github.com/p11-glue/p11-kit/releases/download/${pkgver}/${_realn
0011-p11-kit-spawn-external.patch
0012-no-version-script.patch
0013-fix-reallocarray-decl.patch
0014-fix-configure.patch)
0014-fix-configure.patch
proxy.patch)
validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF' # Stef Walter <[email protected]>
'462225C3B46F34879FC8496CD605848ED7E69871' # Daiki Ueno <[email protected]>
'5D46CB0F763405A7053556F47A75A648B3F9220C' # Zoltan Fridrich <[email protected]>
Expand All @@ -54,7 +55,8 @@ sha256sums=('04d0a86450cdb1be018f26af6699857171a188ac6d5b8c90786a60854e1198e5'
'3c4821c36f76fd45c0d1ec83474773e45ccefde4ac92ca88b8493425f7553cb9'
'15a2729f39e260f7fe8d55a91a399f2512854da626a69bc215470f902fc178cd'
'83ecf11aaf9a1c6f617790048e80febd7320edae6ba203958349264170956911'
'9b4831e585e4145f69fef34b371763e959587c23128167cd995c006cb9e1e0c2')
'9b4831e585e4145f69fef34b371763e959587c23128167cd995c006cb9e1e0c2'
'e2568ffd96d68046525a37b9e95fbfbcae14fa1033c9dfe5382d9879b2906e4e')

prepare() {
test ! -d "${startdir}/../mingw-w64-pathtools" || {
Expand All @@ -74,6 +76,7 @@ prepare() {
patch -p1 -i ${srcdir}/0012-no-version-script.patch
patch -p1 -i ${srcdir}/0013-fix-reallocarray-decl.patch
patch -p1 -i ${srcdir}/0014-fix-configure.patch
patch -p1 -i ${srcdir}/proxy.patch

autoreconf -vfi
gtkdocize
Expand Down
11 changes: 11 additions & 0 deletions mingw-w64-p11-kit/proxy.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
--- p11-kit-0.25.5/p11-kit/p11-kit-1.pc.in.orig 2023-10-24 07:58:49.000000000 -0500
+++ p11-kit-0.25.5/p11-kit/p11-kit-1.pc.in 2024-11-19 12:57:54.924556600 -0600
@@ -9,7 +9,7 @@
p11_module_configs=@p11_package_config_modules@
p11_module_path=@p11_module_path@
p11_trust_paths=@with_trust_paths@
-proxy_module=@libdir@/p11-kit-proxy@p11_shlext@
+proxy_module=libp11-kit-0.dll
Copy link
Member

@lazka lazka Nov 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
+proxy_module=libp11-kit-0.dll
+proxy_module=@exec_prefix@/bin/libp11-kit-0.dll

Wouldn't this be more correct?

Copy link
Contributor Author

@mlt mlt Nov 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was pondering about this. It does look good but I think it is impractical. If let be, applications that depend on it will likely compile the path in (C:/msys64/ucrt64/bin/libp11-kit-0.dll) thus making msys2 installation not so portable. Of course, one may patch up the application, but what is the point of having pkg-config then?
Here is somewhat related (portability) issue #22187 . It looks like MSYS2 build farm uses D:/a/MSYS64 prefix. However, for end user MSYS2 typically installs into C:/MSYS64. That implies proxy_module will be broken out of the gate for libp11 without more patching.
Also speaking of pkg-config, while building libp11, I stumbled on this

$ pkg-config --variable=enginesdir libcrypto
C:/msys64/ucrt64/lib/engines-3

mlt@DESKTOP-K26J5U0 UCRT64 /c/dev/MINGW-packages/mingw-w64-libp11
$ find . -name pkcs11.dll
./pkg/mingw-w64-ucrt-x86_64-libp11C:/msys64/ucrt64/lib/engines-3/pkcs11.dll

I'm sure there is a reason why pkg-config expands prefix Windows style, but it causes pain as well.

Copy link
Member

@lazka lazka Nov 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, hm. Hardcoding absolute path in binaries on Windows is a no-no in general, independent of pkg-config. Everything else works just as on Linux.

I'd say the real fix is to make libp11 relocatable, but I see that this here would be easier for now, hm... so guess this is fine.

Copy link
Member

@lazka lazka Nov 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that libp11 calls pkg-config incorrectly in configure.ac in multiple places and doesn't provide the configured prefix to it. That would be even wrong on Linux if installing into a different prefix there (which is rarely used there though..)

Every call to pkg-config that gets used as an install path needs to be passed --define-variable=prefix="${prefix}" so the paths get relocated to the install prefix.

That doesn't fix the hardcode issue, but fixes the wrong install paths.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My only concern is whether there are any security (or other) implications by allowing to load everything with same name on the PATH. I think here it is okayish.

Copy link
Member

@lazka lazka Nov 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, by not passing an absolute path it will even load from the current working dir before looking at PATH (with it using plain LoadLibrary), unless the exe is in the same dir.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is acceptable as one can just set PKCS11_MODULE_PATH environment variable in the first place.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Last but not least. Would it be better to use sed for a single line edits instead of a patch? Are patches the only acceptable norm?
Is there any easy way to infer -0 besides reading dlname from libp11-kit.la? I mean how stable is it? I understand it comes somewhere from libtool but I'm clueless at this point what could make it -1.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Usually it is SOVERSION IIRC


# This is for compatibility. Other packages were using this to determine
# the directory they should install their module configs to, so override