RubyGems - glib2 - Versions diffs - 3.2.5-x64-mingw32 → 3.2.6-x64-mingw32 - Mend

glib2 3.2.5-x64-mingw32 → 3.2.6-x64-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (325) hide show

data/vendor/local/share/gtk-doc/html/p11-kit/p11-kit-Utilities.html CHANGED

@@ -3,12 +3,12 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <title>Utilities: p11-kit</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
 <link rel="home" href="index.html" title="p11-kit">
 <link rel="up" href="reference.html" title="API Reference">
 <link rel="prev" href="p11-kit-PIN-Callbacks.html" title="PIN Callbacks">
 <link rel="next" href="p11-kit-Future.html" title="Future">
-<meta name="generator" content="GTK-Doc V1.25 (XML mode)">
+<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
 <link rel="stylesheet" href="style.css" type="text/css">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -133,7 +133,7 @@ The string is owned by the p11-kit library and is only valid on the same
 thread that the failed function executed on.</p>
 <div class="refsect3">
 <a name="p11-kit-message.returns"></a><h4>Returns</h4>
-<p> The last failure message, or <a href="/usr/share/gtk-doc/html/liboil/liboil-liboiljunk.html#NULL:CAPS"><code class="literal">NULL</code></a>.</p>
+<p> The last failure message, or <a href="../liboil/liboil-liboiljunk.html#NULL:CAPS"><code class="literal">NULL</code></a>.</p>
 </div>
 </div>
 <hr>
@@ -187,7 +187,7 @@ string. The result is owned by the caller.</p>
 </div>
 <div class="refsect3">
 <a name="p11-kit-space-strdup.returns"></a><h4>Returns</h4>
-<p> The newly allocated string, or <a href="/usr/share/gtk-doc/html/liboil/liboil-liboiljunk.html#NULL:CAPS"><code class="literal">NULL</code></a> if memory could not be allocated.</p>
+<p> The newly allocated string, or <a href="../liboil/liboil-liboiljunk.html#NULL:CAPS"><code class="literal">NULL</code></a> if memory could not be allocated.</p>
 </div>
 </div>
 <hr>
@@ -267,6 +267,6 @@ This is the default behavior, but can be changed using <a class="link" href="p11
 </div>
 </div>
 <div class="footer">
-<hr>Generated by GTK-Doc V1.25</div>
+<hr>Generated by GTK-Doc V1.27</div>
 </body>
 </html>

data/vendor/local/share/gtk-doc/html/p11-kit/p11-kit.devhelp2 CHANGED

@@ -11,6 +11,7 @@
       <sub name="Managed modules" link="sharing-managed.html"/>
     </sub>
     <sub name="Proxy Module" link="sharing.html"/>
+    <sub name="Remoting / Forwarding" link="remoting.html"/>
     <sub name="Trust Policy Module" link="trust-module.html">
       <sub name="Paths loaded by the Module" link="trust-module.html#trust-files"/>
       <sub name="Using the Trust Policy Module with NSS" link="trust-nss.html"/>
@@ -83,7 +84,7 @@
     <keyword type="function" name="p11_kit_uri_get_attribute ()" link="p11-kit-URIs.html#p11-kit-uri-get-attribute"/>
     <keyword type="function" name="p11_kit_uri_set_attribute ()" link="p11-kit-URIs.html#p11-kit-uri-set-attribute"/>
     <keyword type="function" name="p11_kit_uri_clear_attribute ()" link="p11-kit-URIs.html#p11-kit-uri-clear-attribute"/>
-    <keyword type="function" name="p11_kit_uri_set_unrecognized ()" link="p11-kit-URIs.html#p11-kit-uri-set-unrecognized" deprecated=""/>
+    <keyword type="function" name="p11_kit_uri_set_unrecognized ()" link="p11-kit-URIs.html#p11-kit-uri-set-unrecognized"/>
     <keyword type="function" name="p11_kit_uri_any_unrecognized ()" link="p11-kit-URIs.html#p11-kit-uri-any-unrecognized"/>
     <keyword type="function" name="p11_kit_uri_get_pin_value ()" link="p11-kit-URIs.html#p11-kit-uri-get-pin-value"/>
     <keyword type="function" name="p11_kit_uri_set_pin_value ()" link="p11-kit-URIs.html#p11-kit-uri-set-pin-value"/>
@@ -91,6 +92,12 @@
     <keyword type="function" name="p11_kit_uri_set_pin_source ()" link="p11-kit-URIs.html#p11-kit-uri-set-pin-source"/>
     <keyword type="function" name="p11_kit_uri_get_pinfile ()" link="p11-kit-URIs.html#p11-kit-uri-get-pinfile" deprecated="use p11_kit_uri_get_pin_source()."/>
     <keyword type="function" name="p11_kit_uri_set_pinfile ()" link="p11-kit-URIs.html#p11-kit-uri-set-pinfile" deprecated="use p11_kit_uri_set_pin_source()."/>
+    <keyword type="function" name="p11_kit_uri_get_module_name ()" link="p11-kit-URIs.html#p11-kit-uri-get-module-name" deprecated=""/>
+    <keyword type="function" name="p11_kit_uri_set_module_name ()" link="p11-kit-URIs.html#p11-kit-uri-set-module-name"/>
+    <keyword type="function" name="p11_kit_uri_get_module_path ()" link="p11-kit-URIs.html#p11-kit-uri-get-module-path"/>
+    <keyword type="function" name="p11_kit_uri_set_module_path ()" link="p11-kit-URIs.html#p11-kit-uri-set-module-path"/>
+    <keyword type="function" name="p11_kit_uri_get_vendor_query ()" link="p11-kit-URIs.html#p11-kit-uri-get-vendor-query"/>
+    <keyword type="function" name="p11_kit_uri_set_vendor_query ()" link="p11-kit-URIs.html#p11-kit-uri-set-vendor-query"/>
     <keyword type="function" name="p11_kit_uri_format ()" link="p11-kit-URIs.html#p11-kit-uri-format"/>
     <keyword type="function" name="p11_kit_uri_parse ()" link="p11-kit-URIs.html#p11-kit-uri-parse"/>
     <keyword type="function" name="p11_kit_uri_free ()" link="p11-kit-URIs.html#p11-kit-uri-free"/>
@@ -134,6 +141,7 @@
     <keyword type="function" name="p11_kit_iter_begin ()" link="p11-kit-Future.html#p11-kit-iter-begin"/>
     <keyword type="function" name="p11_kit_iter_begin_with ()" link="p11-kit-Future.html#p11-kit-iter-begin-with"/>
     <keyword type="function" name="p11_kit_iter_next ()" link="p11-kit-Future.html#p11-kit-iter-next"/>
+    <keyword type="function" name="p11_kit_iter_get_kind ()" link="p11-kit-Future.html#p11-kit-iter-get-kind"/>
     <keyword type="function" name="p11_kit_iter_get_module ()" link="p11-kit-Future.html#p11-kit-iter-get-module"/>
     <keyword type="function" name="p11_kit_iter_get_slot ()" link="p11-kit-Future.html#p11-kit-iter-get-slot"/>
     <keyword type="function" name="p11_kit_iter_get_slot_info ()" link="p11-kit-Future.html#p11-kit-iter-get-slot-info"/>
@@ -146,8 +154,11 @@
     <keyword type="function" name="p11_kit_iter_destroy_object ()" link="p11-kit-Future.html#p11-kit-iter-destroy-object"/>
     <keyword type="function" name="p11_kit_iter_free ()" link="p11-kit-Future.html#p11-kit-iter-free"/>
     <keyword type="function" name="p11_kit_remote_serve_module ()" link="p11-kit-Future.html#p11-kit-remote-serve-module"/>
+    <keyword type="function" name="p11_kit_remote_serve_token ()" link="p11-kit-Future.html#p11-kit-remote-serve-token" deprecated="use p11_kit_remote_serve_tokens()"/>
+    <keyword type="function" name="p11_kit_remote_serve_tokens ()" link="p11-kit-Future.html#p11-kit-remote-serve-tokens" deprecated=""/>
     <keyword type="typedef" name="P11KitIter" link="p11-kit-Future.html#P11KitIter"/>
     <keyword type="typedef" name="p11_kit_iter" link="p11-kit-Future.html#p11-kit-iter"/>
+    <keyword type="enum" name="enum P11KitIterKind" link="p11-kit-Future.html#P11KitIterKind"/>
     <keyword type="enum" name="enum P11KitIterBehavior" link="p11-kit-Future.html#P11KitIterBehavior"/>
     <keyword type="function" name="p11_kit_initialize_registered ()" link="p11-kit-Deprecated.html#p11-kit-initialize-registered" deprecated="Since: 0.19.0: Use p11_kit_modules_load() instead."/>
     <keyword type="function" name="p11_kit_finalize_registered ()" link="p11-kit-Deprecated.html#p11-kit-finalize-registered" deprecated="Since 0.19.0: Use p11_kit_modules_release() instead."/>
@@ -180,7 +191,16 @@
     <keyword type="constant" name="P11_KIT_PIN_FLAGS_RETRY" link="p11-kit-PIN-Callbacks.html#P11-KIT-PIN-FLAGS-RETRY:CAPS"/>
     <keyword type="constant" name="P11_KIT_PIN_FLAGS_MANY_TRIES" link="p11-kit-PIN-Callbacks.html#P11-KIT-PIN-FLAGS-MANY-TRIES:CAPS"/>
     <keyword type="constant" name="P11_KIT_PIN_FLAGS_FINAL_TRY" link="p11-kit-PIN-Callbacks.html#P11-KIT-PIN-FLAGS-FINAL-TRY:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_KIND_MODULE" link="p11-kit-Future.html#P11-KIT-ITER-KIND-MODULE:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_KIND_SLOT" link="p11-kit-Future.html#P11-KIT-ITER-KIND-SLOT:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_KIND_TOKEN" link="p11-kit-Future.html#P11-KIT-ITER-KIND-TOKEN:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_KIND_OBJECT" link="p11-kit-Future.html#P11-KIT-ITER-KIND-OBJECT:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_KIND_UNKNOWN" link="p11-kit-Future.html#P11-KIT-ITER-KIND-UNKNOWN:CAPS"/>
     <keyword type="constant" name="P11_KIT_ITER_BUSY_SESSIONS" link="p11-kit-Future.html#P11-KIT-ITER-BUSY-SESSIONS:CAPS"/>
     <keyword type="constant" name="P11_KIT_ITER_WANT_WRITABLE" link="p11-kit-Future.html#P11-KIT-ITER-WANT-WRITABLE:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_WITH_MODULES" link="p11-kit-Future.html#P11-KIT-ITER-WITH-MODULES:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_WITH_SLOTS" link="p11-kit-Future.html#P11-KIT-ITER-WITH-SLOTS:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_WITH_TOKENS" link="p11-kit-Future.html#P11-KIT-ITER-WITH-TOKENS:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_WITHOUT_OBJECTS" link="p11-kit-Future.html#P11-KIT-ITER-WITHOUT-OBJECTS:CAPS"/>
   </functions>
 </book>

data/vendor/local/share/gtk-doc/html/p11-kit/p11-kit.html CHANGED

@@ -3,12 +3,12 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <title>p11-kit: p11-kit</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
 <link rel="home" href="index.html" title="p11-kit">
 <link rel="up" href="tools.html" title="Manual Pages">
 <link rel="prev" href="tools.html" title="Manual Pages">
 <link rel="next" href="pkcs11-conf.html" title="pkcs11.conf">
-<meta name="generator" content="GTK-Doc V1.25 (XML mode)">
+<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
 <link rel="stylesheet" href="style.css" type="text/css">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -33,6 +33,8 @@
 <div class="cmdsynopsis"><p><code class="command">p11-kit list-modules</code> </p></div>
 <div class="cmdsynopsis"><p><code class="command">p11-kit extract</code>  ...
 	</p></div>
+<div class="cmdsynopsis"><p><code class="command">p11-kit server</code>  ...
+	</p></div>
 </div>
 <div class="refsect1">
 <a name="p11-kit-description"></a><h2>Description</h2>
@@ -77,6 +79,15 @@ $ p11-kit list-modules
 	for more information</p>
 </div>
 <div class="refsect1">
+<a name="p11-kit-server"></a><h2>Server</h2>
+<p>Run a server process that exposes PKCS#11 module remotely.</p>
+<pre class="programlisting">
+$ p11-kit server pkcs11:token1 pkcs11:token2 ...
+$ p11-kit server --provider /path/to/pkcs11-module.so pkcs11:token1 pkcs11:token2 ...
+</pre>
+<p>This launches a server that exposes the given PKCS#11 tokens on a local socket. The tokens must belong to the same module. To access the socket, use <code class="literal">p11-kit-client.so</code> module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: <code class="literal">P11_KIT_SERVER_ADDRESS</code> and <code class="literal">P11_KIT_SERVER_PID</code>.</p>
+</div>
+<div class="refsect1">
 <a name="p11-kit-extract-trust"></a><h2>Extract Trust</h2>
 <p>Extract standard trust information files.</p>
 <p>This operation has been moved to a separate command <span class="command"><strong>trust extract-compat</strong></span>.
@@ -88,29 +99,31 @@ $ p11-kit list-modules
 <p>Run a PKCS#11 module remotely.</p>
 <pre class="programlisting">
 $ p11-kit remote /path/to/pkcs11-module.so
+$ p11-kit remote pkcs11:token1 pkcs11:token2 ...
 </pre>
 <p>This is not meant to be run directly from a terminal. But rather in a
 	<code class="option">remote</code> option in a
 	<span class="citerefentry"><span class="refentrytitle">pkcs11.conf</span>(5)</span>
 	file.</p>
+<p>This exposes the given PKCS#11 module or tokens over standard input and output. Those two forms, whether to expose a module or tokens, are mutually exclusive and if the second form is used, the tokens must belong to the same module.</p>
 </div>
 <div class="refsect1">
 <a name="p11-kit-bugs"></a><h2>Bugs</h2>
 <p>
     Please send bug reports to either the distribution bug tracker
     or the upstream bug tracker at
-    <a class="ulink" href="https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&amp;component=p11-kit" target="_top">https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&amp;component=p11-kit</a>.
+    <a class="ulink" href="https://github.com/p11-glue/p11-kit/issues/" target="_top">https://github.com/p11-glue/p11-kit/issues/</a>.
   </p>
 </div>
 <div class="refsect1">
 <a name="p11-kit-see-also"></a><h2>See also</h2>
 <span class="simplelist"><span class="citerefentry"><span class="refentrytitle">pkcs11.conf</span>(5)</span></span><p>
     Further details available in the p11-kit online documentation at
-    <a class="ulink" href="http://p11-glue.freedesktop.org/doc/p11-kit/" target="_top">http://p11-glue.freedesktop.org/doc/p11-kit/</a>.
+    <a class="ulink" href="https://p11-glue.github.io/p11-glue/p11-kit/manual/" target="_top">https://p11-glue.github.io/p11-glue/p11-kit/manual/</a>.
   </p>
 </div>
 </div>
 <div class="footer">
-<hr>Generated by GTK-Doc V1.25</div>
+<hr>Generated by GTK-Doc V1.27</div>
 </body>
 </html>

data/vendor/local/share/gtk-doc/html/p11-kit/pkcs11-conf.html CHANGED

@@ -3,12 +3,12 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <title>pkcs11.conf: p11-kit</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
 <link rel="home" href="index.html" title="p11-kit">
 <link rel="up" href="tools.html" title="Manual Pages">
 <link rel="prev" href="p11-kit.html" title="p11-kit">
 <link rel="next" href="trust.html" title="trust">
-<meta name="generator" content="GTK-Doc V1.25 (XML mode)">
+<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
 <link rel="stylesheet" href="style.css" type="text/css">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -106,6 +106,7 @@ x-custom : text
 			for other programs using p11-kit. The base name of the process executable
 			should be used here, for example
 			<code class="literal">seahorse, ssh</code>.</p>
+<p>This option can also be used to control whether the module will be loaded by <a class="link" href="sharing.html" title="Sharing PKCS#11 modules">the proxy module</a>.  To enable loading only from the proxy module, specify <code class="literal">p11-kit-proxy</code> as the value.</p>
 <p>This is not a security feature. The argument is optional. If
 			not present, then any process will load the module.</p>
 </td>
@@ -118,6 +119,7 @@ x-custom : text
 			other programs using p11-kit. The base name of the process
 			executable should be used here, for example
 			<code class="literal">firefox, thunderbird-bin</code>.</p>
+<p>This option can also be used to control whether the module will be loaded by <a class="link" href="sharing.html" title="Sharing PKCS#11 modules">the proxy module</a>.  To disable loading from the proxy module, specify <code class="literal">p11-kit-proxy</code> as the value.</p>
 <p>This is not a security feature. The argument is optional. If
 			not present, then any process will load the module.</p>
 </td>
@@ -250,11 +252,11 @@ remote: |ssh user@remote p11-kit remote /path/to/module.so
 <div class="refsect1">
 <a name="pkcs11-conf-see-also"></a><h2>See also</h2>
 <span class="simplelist"><span class="citerefentry"><span class="refentrytitle">p11-kit</span>(8)</span></span><p>Further details available in the p11-kit online documentation at
-	<a class="ulink" href="http://p11-glue.freedesktop.org/doc/p11-kit/" target="_top">http://p11-glue.freedesktop.org/doc/p11-kit/</a>.
+	<a class="ulink" href="https://p11-glue.github.io/p11-glue/p11-kit/manual/" target="_top">https://p11-glue.github.io/p11-glue/p11-kit/manual/</a>.
 	</p>
 </div>
 </div>
 <div class="footer">
-<hr>Generated by GTK-Doc V1.25</div>
+<hr>Generated by GTK-Doc V1.27</div>
 </body>
 </html>

data/vendor/local/share/gtk-doc/html/p11-kit/reference.html CHANGED

@@ -3,12 +3,12 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <title>API Reference: p11-kit</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
 <link rel="home" href="index.html" title="p11-kit">
 <link rel="up" href="index.html" title="p11-kit">
 <link rel="prev" href="trust.html" title="trust">
 <link rel="next" href="p11-kit-Modules.html" title="Modules">
-<meta name="generator" content="GTK-Doc V1.25 (XML mode)">
+<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
 <link rel="stylesheet" href="style.css" type="text/css">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -57,6 +57,10 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-Future.html#P11KitIterKind" title="enum P11KitIterKind">P11KitIterKind</a>, enum in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-PIN-Callbacks.html#P11KitPin" title="P11KitPin">P11KitPin</a>, typedef in <a class="link" href="p11-kit-PIN-Callbacks.html" title="PIN Callbacks">PIN Callbacks</a>
 </dt>
 <dd></dd>
@@ -149,6 +153,10 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-Future.html#p11-kit-iter-get-kind" title="p11_kit_iter_get_kind ()">p11_kit_iter_get_kind</a>, function in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-Future.html#p11-kit-iter-get-module" title="p11_kit_iter_get_module ()">p11_kit_iter_get_module</a>, function in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
 </dt>
 <dd></dd>
@@ -341,6 +349,14 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-Future.html#p11-kit-remote-serve-token" title="p11_kit_remote_serve_token ()">p11_kit_remote_serve_token</a>, function in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
+</dt>
+<dd></dd>
+<dt>
+<a class="link" href="p11-kit-Future.html#p11-kit-remote-serve-tokens" title="p11_kit_remote_serve_tokens ()">p11_kit_remote_serve_tokens</a>, function in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-Future.html#p11-kit-set-progname" title="p11_kit_set_progname ()">p11_kit_set_progname</a>, function in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
 </dt>
 <dd></dd>
@@ -393,6 +409,14 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-get-module-name" title="p11_kit_uri_get_module_name ()">p11_kit_uri_get_module_name</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
+<dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-get-module-path" title="p11_kit_uri_get_module_path ()">p11_kit_uri_get_module_path</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-URIs.html#p11-kit-uri-get-pinfile" title="p11_kit_uri_get_pinfile ()">p11_kit_uri_get_pinfile</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
 </dt>
 <dd></dd>
@@ -417,6 +441,10 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-get-vendor-query" title="p11_kit_uri_get_vendor_query ()">p11_kit_uri_get_vendor_query</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-URIs.html#p11-kit-uri-match-attributes" title="p11_kit_uri_match_attributes ()">p11_kit_uri_match_attributes</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
 </dt>
 <dd></dd>
@@ -465,6 +493,14 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-set-module-name" title="p11_kit_uri_set_module_name ()">p11_kit_uri_set_module_name</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
+<dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-set-module-path" title="p11_kit_uri_set_module_path ()">p11_kit_uri_set_module_path</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-URIs.html#p11-kit-uri-set-pinfile" title="p11_kit_uri_set_pinfile ()">p11_kit_uri_set_pinfile</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
 </dt>
 <dd></dd>
@@ -484,6 +520,10 @@
 <a class="link" href="p11-kit-URIs.html#p11-kit-uri-set-unrecognized" title="p11_kit_uri_set_unrecognized ()">p11_kit_uri_set_unrecognized</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
 </dt>
 <dd></dd>
+<dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-set-vendor-query" title="p11_kit_uri_set_vendor_query ()">p11_kit_uri_set_vendor_query</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
 </div>
 <div class="glossary">
 <div class="titlepage"><div><div><h2 class="title">
@@ -512,6 +552,6 @@
 </div>
 </div>
 <div class="footer">
-<hr>Generated by GTK-Doc V1.25</div>
+<hr>Generated by GTK-Doc V1.27</div>
 </body>
 </html>

data/vendor/local/share/gtk-doc/html/p11-kit/remoting.html ADDED

@@ -0,0 +1,230 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Remoting / Forwarding: p11-kit</title>
+<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
+<link rel="home" href="index.html" title="p11-kit">
+<link rel="up" href="index.html" title="p11-kit">
+<link rel="prev" href="sharing.html" title="Proxy Module">
+<link rel="next" href="trust-module.html" title="Trust Policy Module">
+<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
+<link rel="stylesheet" href="style.css" type="text/css">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
+<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
+<td width="100%" align="left" class="shortcuts"></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
+<td><img src="up-insensitive.png" width="16" height="16" border="0"></td>
+<td><a accesskey="p" href="sharing.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
+<td><a accesskey="n" href="trust-module.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="chapter">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="remoting"></a>Remoting / Forwarding</h1></div></div></div>
+<p>Smartcards or hardware security modules (HSM) are technologies to
+	keep private keys on devices physically isolated to a device only available
+	to the user. That way only the intended user can use that device to authenticate,
+	authorize or perform other functions that involve the private keys. These come
+	usually in the form of a USB device or token which is plugged into the local computer.
+	</p>
+<p>In modern "cloud" computing, it is often desirable to virtually transfer such
+	a device on remote servers. For example, one can sign software or documents on a remote
+	server, use the local smart card to authorize itself to Kerberos, or any other
+	possible use. There are various approaches to tackle that problem, and on different
+	levels of the smart card application stack. It is possible to forward the USB
+	device holding the smart card, or forward the lower-level PC/SC protocol which
+	some smart cards talk, or forward the high-level interface used to communicate
+	with smart cards, the PKCS#11 interface.</p>
+<p>To address that problem, in p11-kit, we allow the forwarding of
+	the higher level smart card interface, PKCS#11. In the following paragraphs
+	we describe the approach and tools needed to perform that forwarding over SSH
+	secure communication channels.</p>
+<div class="refsect1">
+<a name="remoting-scenario"></a><h2>Scenario</h2>
+<p>We assume having a local workstation, and a remote server. On the local
+	computer we have inserted a smart card, in our examples we use a Nitrokey
+	card with the OpenSC drivers. We will forward the card
+	from the workstation to the remote server.</p>
+</div>
+<div class="refsect1">
+<a name="remoting-setup"></a><h2>Setting up the PKCS#11 forwarding server on a local client</h2>
+<p>To forward a smartcard to a remote server, we first need to identify which
+	smartcards are available. To list the smartcards currently attached to the local
+	computer, use the p11tool command from the gnutls package. For example:
+	</p>
+<pre class="programlisting">
+$ p11tool --list-tokens
+...
+Token 6:
+        URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29
+        Label: UserPIN (Daiki's token)
+        Type: Hardware token
+        Manufacturer: www.CardContact.de
+        Model: PKCS#15 emulated
+        Serial: DENK0000000
+        Module: opensc-pkcs11.so
+...
+</pre>
+<p>This is the entry for the card we'd like to forward to remote system. The important
+	pieces are the 'pkcs11:' URL listed above, and the module name. Once we determine which
+	smartcard to forward, we expose it to a local Unix domain socket, with the following
+	p11-kit server command.
+	</p>
+<pre class="programlisting">
+$ p11-kit server --provider /usr/lib64/pkcs11/opensc-pkcs11.so "pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29"
+</pre>
+<p>Here we provide to the server the module location (optional) with the --provider
+	option, as well as the URL of the card. We copied the values from the Module and URL
+	lines of the p11tool output above. When the p11-kit server command starts, it will
+	print the address of the PKCS#11 unix domain socket and the process ID of the server.
+	</p>
+<pre class="programlisting">
+P11_KIT_SERVER_ADDRESS=unix:path=/run/user/12345/p11-kit/pkcs11-12345
+P11_KIT_SERVER_PID=12345
+</pre>
+<p>For later use, set the variables output by the tool on your shell prompt
+	(e.g., copy and paste them or call the above p11-kit server command line with
+	<code class="literal">eval $(p11-kit server ...)</code>).
+	</p>
+</div>
+<div class="refsect1">
+<a name="remoting-forwarding-socket"></a><h2>Forwarding and using the PKCS#11 Unix socket on the remote server</h2>
+<p>On the remote server, we will initially forward the previously generated PKCS#11
+	unix socket, and then access the smart card through it. To access the forwarded socket
+	as if it were a smart card, a dedicated PKCS#11 module p11-kit-client.so is provided as
+	part of the p11-kit-server package.
+	</p>
+</div>
+<div class="refsect1">
+<a name="remoting-forwarding-socket-prep"></a><h2>Preparing the remote system for PKCS#11 socket forwarding</h2>
+<p>One important detail you should be aware of, is the file system location of the
+	forwarded socket. By convention, the p11-kit-client.so module utilizes the "user runtime
+	directory", managed by systemd; the directory is created when a user logs in, and removed
+	upon logout, so that the user doesn't need to manually clean up the socket file.
+	</p>
+<p>To locate your user runtime directory, do:
+	</p>
+<pre class="programlisting">
+$ systemd-path user-runtime
+/run/user/1000
+</pre>
+<p>The <code class="literal">p11-kit-client.so</code> module looks for the socket file under a
+	subdirectory (<code class="literal">/run/user/1000/p11-kit</code> in this example). To enable
+	auto-creation of the directory, do the following.
+	</p>
+<pre class="programlisting">
+$ systemctl --user enable p11-kit-client.service
+</pre>
+</div>
+<div class="refsect1">
+<a name="remoting-finally-forwarding"></a><h2>Forwarding the PKCS#11 socket</h2>
+<p>We will use ssh to forward the local PKCS#11 unix socket to the remote server.
+	Following the p11-kit-client convention, we will forward the socket to the remote user
+	run-time path so that cleaning up on disconnect is not required. The remote location
+	of the run-time path can be obtained as follows.
+	</p>
+<pre class="programlisting">
+$ ssh [user]@[remotehost] systemd-path user-runtime
+/run/user/1000
+</pre>
+<p>The number at the end of the path above is your user ID in that system
+	(and thus will vary from user to user). You can now forward the Unix domain socket
+	with the -R option of the ssh command, after replacing the example path with the
+	actual run-time path.
+	</p>
+<pre class="programlisting">
+$ ssh -R /run/user/[userID]/p11-kit/pkcs11:${P11_KIT_SERVER_ADDRESS#*=} [user]@[remotehost]
+</pre>
+<p>After successfully logging in to the remote host, you can use the forwarded
+	smartcard as if it were directly connected to the server using the
+	<code class="literal">p11-kit-client.so</code>. Note that if any error occurs during the forwarding
+	setup, you will see something like this on your terminal:
+	</p>
+<pre class="programlisting">
+Warning: remote port forwarding failed for listen path /run/user/...
+</pre>
+</div>
+<div class="refsect1">
+<a name="remoting-using"></a><h2>Using the forwarded PKCS#11 socket</h2>
+<p>Let's first make sure the smart card works on the remote system, by listing it:
+	</p>
+<pre class="programlisting">
+$ ls -l /run/user/1000/p11-kit/pkcs11
+$ p11tool --provider /usr/lib64/pkcs11/p11-kit-client.so --list-tokens
+...
+Token 0:
+        URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29
+        Label: UserPIN (Daiki's token)
+        Type: Hardware token
+        Manufacturer: www.CardContact.de
+        Model: PKCS#15 emulated
+        Serial: DENK0000000
+        Module: (null)
+...
+</pre>
+<p>We can similarly generate, copy objects or test certificates to the card using
+	the same command. Any applications which support PKCS#11 can perform cryptographic
+	operations through the client module.
+	</p>
+</div>
+<div class="refsect1">
+<a name="remoting-registering"></a><h2>Registering the client module for use with OpenSSL and GnuTLS apps</h2>
+<p>To utilize the p11-kit-client module with OpenSSL (via engine_pkcs11 provided
+	by the libp11 package) and GnuTLS applications, you have to register it in
+	p11-kit. To do it for the current user, use the following commands:
+	</p>
+<pre class="programlisting">
+$ mkdir .config/pkcs11/modules/
+$ echo "module: /usr/lib64/pkcs11/p11-kit-client.so" &gt;.config/pkcs11/modules/p11-kit-client.module
+</pre>
+<p>Once this is done both OpenSSL and GnuTLS applications should work, for example:
+	</p>
+<pre class="programlisting">
+$ URL="pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29"
+# Generate a key using gnutls’ p11tool
+$ p11tool --generate-ecc --login --label test-key "$URL"
+# generate a certificate request with the previous key using openssl
+$ openssl req -engine pkcs11 -new -key "$URL;;object=test-key;type=private;pin-value=XXXX" \
+         -keyform engine -out req.pem -text -subj "/CN=Test user"
+</pre>
+<p>Note that the token URL remains the same in the forwarded system as in the original one.
+	</p>
+</div>
+<div class="refsect1">
+<a name="remoting-ssh"></a><h2>Using the client module with OpenSSH</h2>
+<p>To re-use the already forwarded smartcard for authentication with another remote host, you can run ssh and provide the -I option with p11-kit-client.so. For example:
+	</p>
+<pre class="programlisting">
+$ ssh -I /usr/lib64/pkcs11/p11-kit-client.so [user]@[anotherhost]
+</pre>
+</div>
+<div class="refsect1">
+<a name="remoting-nss"></a><h2>Using the client module with NSS applications</h2>
+<p>To register the forwarded smartcard in NSS applications, you can set it up with
+	the modutil command, as follows.
+	</p>
+<pre class="programlisting">
+$ sudo modutil -dbdir /etc/pki/nssdb -add p11-kit-client -libfile /usr/lib64/pkcs11/p11-kit-client.so
+$ modutil -dbdir /etc/pki/nssdb -list
+...
+  3. p11-kit-client
+    library name: /usr/lib64/pkcs11/p11-kit-client.so
+       uri: pkcs11:library-manufacturer=OpenSC%20Project;library-description=OpenSC%20smartcard%20framework;library-version=0.17
+     slots: 1 slot attached
+    status: loaded
+     slot: Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
+    token: UserPIN (Daiki's token)
+      uri: pkcs11:token=UserPIN%20(Daiki's%20token);manufacturer=www.CardContact.de;serial=DENK0000000;model=PKCS%2315%20emulated
+</pre>
+</div>
+</div>
+<div class="footer">
+<hr>Generated by GTK-Doc V1.27</div>
+</body>
+</html>