RubyGems - glib2 - Versions diffs - 3.2.5-x86-mingw32 → 3.2.6-x86-mingw32 - Mend

glib2 3.2.5-x86-mingw32 → 3.2.6-x86-mingw32

Files changed (325) hide show

data/vendor/local/share/gtk-doc/html/p11-kit/p11-kit-Utilities.html CHANGED

@@ -3,12 +3,12 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <title>Utilities: p11-kit</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
 <link rel="home" href="index.html" title="p11-kit">
 <link rel="up" href="reference.html" title="API Reference">
 <link rel="prev" href="p11-kit-PIN-Callbacks.html" title="PIN Callbacks">
 <link rel="next" href="p11-kit-Future.html" title="Future">
-<meta name="generator" content="GTK-Doc V1.25 (XML mode)">
+<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
 <link rel="stylesheet" href="style.css" type="text/css">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -133,7 +133,7 @@ The string is owned by the p11-kit library and is only valid on the same
 thread that the failed function executed on.</p>
 <div class="refsect3">
 <a name="p11-kit-message.returns"></a><h4>Returns</h4>
-<p> The last failure message, or <a href="/usr/share/gtk-doc/html/liboil/liboil-liboiljunk.html#NULL:CAPS"><code class="literal">NULL</code></a>.</p>
+<p> The last failure message, or <a href="../liboil/liboil-liboiljunk.html#NULL:CAPS"><code class="literal">NULL</code></a>.</p>
 </div>
 </div>
 <hr>
@@ -187,7 +187,7 @@ string. The result is owned by the caller.</p>
 </div>
 <div class="refsect3">
 <a name="p11-kit-space-strdup.returns"></a><h4>Returns</h4>
-<p> The newly allocated string, or <a href="/usr/share/gtk-doc/html/liboil/liboil-liboiljunk.html#NULL:CAPS"><code class="literal">NULL</code></a> if memory could not be allocated.</p>
+<p> The newly allocated string, or <a href="../liboil/liboil-liboiljunk.html#NULL:CAPS"><code class="literal">NULL</code></a> if memory could not be allocated.</p>
 </div>
 </div>
 <hr>
@@ -267,6 +267,6 @@ This is the default behavior, but can be changed using <a class="link" href="p11
 </div>
 </div>
 <div class="footer">
-<hr>Generated by GTK-Doc V1.25</div>
+<hr>Generated by GTK-Doc V1.27</div>
 </body>
 </html>

data/vendor/local/share/gtk-doc/html/p11-kit/p11-kit.devhelp2 CHANGED

@@ -11,6 +11,7 @@
       <sub name="Managed modules" link="sharing-managed.html"/>
     </sub>
     <sub name="Proxy Module" link="sharing.html"/>
+    <sub name="Remoting / Forwarding" link="remoting.html"/>
     <sub name="Trust Policy Module" link="trust-module.html">
       <sub name="Paths loaded by the Module" link="trust-module.html#trust-files"/>
       <sub name="Using the Trust Policy Module with NSS" link="trust-nss.html"/>
@@ -83,7 +84,7 @@
     <keyword type="function" name="p11_kit_uri_get_attribute ()" link="p11-kit-URIs.html#p11-kit-uri-get-attribute"/>
     <keyword type="function" name="p11_kit_uri_set_attribute ()" link="p11-kit-URIs.html#p11-kit-uri-set-attribute"/>
     <keyword type="function" name="p11_kit_uri_clear_attribute ()" link="p11-kit-URIs.html#p11-kit-uri-clear-attribute"/>
-    <keyword type="function" name="p11_kit_uri_set_unrecognized ()" link="p11-kit-URIs.html#p11-kit-uri-set-unrecognized" deprecated=""/>
+    <keyword type="function" name="p11_kit_uri_set_unrecognized ()" link="p11-kit-URIs.html#p11-kit-uri-set-unrecognized"/>
     <keyword type="function" name="p11_kit_uri_any_unrecognized ()" link="p11-kit-URIs.html#p11-kit-uri-any-unrecognized"/>
     <keyword type="function" name="p11_kit_uri_get_pin_value ()" link="p11-kit-URIs.html#p11-kit-uri-get-pin-value"/>
     <keyword type="function" name="p11_kit_uri_set_pin_value ()" link="p11-kit-URIs.html#p11-kit-uri-set-pin-value"/>
@@ -91,6 +92,12 @@
     <keyword type="function" name="p11_kit_uri_set_pin_source ()" link="p11-kit-URIs.html#p11-kit-uri-set-pin-source"/>
     <keyword type="function" name="p11_kit_uri_get_pinfile ()" link="p11-kit-URIs.html#p11-kit-uri-get-pinfile" deprecated="use p11_kit_uri_get_pin_source()."/>
     <keyword type="function" name="p11_kit_uri_set_pinfile ()" link="p11-kit-URIs.html#p11-kit-uri-set-pinfile" deprecated="use p11_kit_uri_set_pin_source()."/>
+    <keyword type="function" name="p11_kit_uri_get_module_name ()" link="p11-kit-URIs.html#p11-kit-uri-get-module-name" deprecated=""/>
+    <keyword type="function" name="p11_kit_uri_set_module_name ()" link="p11-kit-URIs.html#p11-kit-uri-set-module-name"/>
+    <keyword type="function" name="p11_kit_uri_get_module_path ()" link="p11-kit-URIs.html#p11-kit-uri-get-module-path"/>
+    <keyword type="function" name="p11_kit_uri_set_module_path ()" link="p11-kit-URIs.html#p11-kit-uri-set-module-path"/>
+    <keyword type="function" name="p11_kit_uri_get_vendor_query ()" link="p11-kit-URIs.html#p11-kit-uri-get-vendor-query"/>
+    <keyword type="function" name="p11_kit_uri_set_vendor_query ()" link="p11-kit-URIs.html#p11-kit-uri-set-vendor-query"/>
     <keyword type="function" name="p11_kit_uri_format ()" link="p11-kit-URIs.html#p11-kit-uri-format"/>
     <keyword type="function" name="p11_kit_uri_parse ()" link="p11-kit-URIs.html#p11-kit-uri-parse"/>
     <keyword type="function" name="p11_kit_uri_free ()" link="p11-kit-URIs.html#p11-kit-uri-free"/>
@@ -134,6 +141,7 @@
     <keyword type="function" name="p11_kit_iter_begin ()" link="p11-kit-Future.html#p11-kit-iter-begin"/>
     <keyword type="function" name="p11_kit_iter_begin_with ()" link="p11-kit-Future.html#p11-kit-iter-begin-with"/>
     <keyword type="function" name="p11_kit_iter_next ()" link="p11-kit-Future.html#p11-kit-iter-next"/>
+    <keyword type="function" name="p11_kit_iter_get_kind ()" link="p11-kit-Future.html#p11-kit-iter-get-kind"/>
     <keyword type="function" name="p11_kit_iter_get_module ()" link="p11-kit-Future.html#p11-kit-iter-get-module"/>
     <keyword type="function" name="p11_kit_iter_get_slot ()" link="p11-kit-Future.html#p11-kit-iter-get-slot"/>
     <keyword type="function" name="p11_kit_iter_get_slot_info ()" link="p11-kit-Future.html#p11-kit-iter-get-slot-info"/>
@@ -146,8 +154,11 @@
     <keyword type="function" name="p11_kit_iter_destroy_object ()" link="p11-kit-Future.html#p11-kit-iter-destroy-object"/>
     <keyword type="function" name="p11_kit_iter_free ()" link="p11-kit-Future.html#p11-kit-iter-free"/>
     <keyword type="function" name="p11_kit_remote_serve_module ()" link="p11-kit-Future.html#p11-kit-remote-serve-module"/>
+    <keyword type="function" name="p11_kit_remote_serve_token ()" link="p11-kit-Future.html#p11-kit-remote-serve-token" deprecated="use p11_kit_remote_serve_tokens()"/>
+    <keyword type="function" name="p11_kit_remote_serve_tokens ()" link="p11-kit-Future.html#p11-kit-remote-serve-tokens" deprecated=""/>
     <keyword type="typedef" name="P11KitIter" link="p11-kit-Future.html#P11KitIter"/>
     <keyword type="typedef" name="p11_kit_iter" link="p11-kit-Future.html#p11-kit-iter"/>
+    <keyword type="enum" name="enum P11KitIterKind" link="p11-kit-Future.html#P11KitIterKind"/>
     <keyword type="enum" name="enum P11KitIterBehavior" link="p11-kit-Future.html#P11KitIterBehavior"/>
     <keyword type="function" name="p11_kit_initialize_registered ()" link="p11-kit-Deprecated.html#p11-kit-initialize-registered" deprecated="Since: 0.19.0: Use p11_kit_modules_load() instead."/>
     <keyword type="function" name="p11_kit_finalize_registered ()" link="p11-kit-Deprecated.html#p11-kit-finalize-registered" deprecated="Since 0.19.0: Use p11_kit_modules_release() instead."/>
@@ -180,7 +191,16 @@
     <keyword type="constant" name="P11_KIT_PIN_FLAGS_RETRY" link="p11-kit-PIN-Callbacks.html#P11-KIT-PIN-FLAGS-RETRY:CAPS"/>
     <keyword type="constant" name="P11_KIT_PIN_FLAGS_MANY_TRIES" link="p11-kit-PIN-Callbacks.html#P11-KIT-PIN-FLAGS-MANY-TRIES:CAPS"/>
     <keyword type="constant" name="P11_KIT_PIN_FLAGS_FINAL_TRY" link="p11-kit-PIN-Callbacks.html#P11-KIT-PIN-FLAGS-FINAL-TRY:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_KIND_MODULE" link="p11-kit-Future.html#P11-KIT-ITER-KIND-MODULE:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_KIND_SLOT" link="p11-kit-Future.html#P11-KIT-ITER-KIND-SLOT:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_KIND_TOKEN" link="p11-kit-Future.html#P11-KIT-ITER-KIND-TOKEN:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_KIND_OBJECT" link="p11-kit-Future.html#P11-KIT-ITER-KIND-OBJECT:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_KIND_UNKNOWN" link="p11-kit-Future.html#P11-KIT-ITER-KIND-UNKNOWN:CAPS"/>
     <keyword type="constant" name="P11_KIT_ITER_BUSY_SESSIONS" link="p11-kit-Future.html#P11-KIT-ITER-BUSY-SESSIONS:CAPS"/>
     <keyword type="constant" name="P11_KIT_ITER_WANT_WRITABLE" link="p11-kit-Future.html#P11-KIT-ITER-WANT-WRITABLE:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_WITH_MODULES" link="p11-kit-Future.html#P11-KIT-ITER-WITH-MODULES:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_WITH_SLOTS" link="p11-kit-Future.html#P11-KIT-ITER-WITH-SLOTS:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_WITH_TOKENS" link="p11-kit-Future.html#P11-KIT-ITER-WITH-TOKENS:CAPS"/>
+    <keyword type="constant" name="P11_KIT_ITER_WITHOUT_OBJECTS" link="p11-kit-Future.html#P11-KIT-ITER-WITHOUT-OBJECTS:CAPS"/>
   </functions>
 </book>

data/vendor/local/share/gtk-doc/html/p11-kit/p11-kit.html CHANGED

@@ -3,12 +3,12 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <title>p11-kit: p11-kit</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
 <link rel="home" href="index.html" title="p11-kit">
 <link rel="up" href="tools.html" title="Manual Pages">
 <link rel="prev" href="tools.html" title="Manual Pages">
 <link rel="next" href="pkcs11-conf.html" title="pkcs11.conf">
-<meta name="generator" content="GTK-Doc V1.25 (XML mode)">
+<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
 <link rel="stylesheet" href="style.css" type="text/css">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -33,6 +33,8 @@
 <div class="cmdsynopsis"><p><code class="command">p11-kit list-modules</code> </p></div>
 <div class="cmdsynopsis"><p><code class="command">p11-kit extract</code>  ...
 	</p></div>
+<div class="cmdsynopsis"><p><code class="command">p11-kit server</code>  ...
+	</p></div>
 </div>
 <div class="refsect1">
 <a name="p11-kit-description"></a><h2>Description</h2>
@@ -77,6 +79,15 @@ $ p11-kit list-modules
 	for more information</p>
 </div>
 <div class="refsect1">
+<a name="p11-kit-server"></a><h2>Server</h2>
+<p>Run a server process that exposes PKCS#11 module remotely.</p>
+<pre class="programlisting">
+$ p11-kit server pkcs11:token1 pkcs11:token2 ...
+$ p11-kit server --provider /path/to/pkcs11-module.so pkcs11:token1 pkcs11:token2 ...
+</pre>
+<p>This launches a server that exposes the given PKCS#11 tokens on a local socket. The tokens must belong to the same module. To access the socket, use <code class="literal">p11-kit-client.so</code> module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: <code class="literal">P11_KIT_SERVER_ADDRESS</code> and <code class="literal">P11_KIT_SERVER_PID</code>.</p>
+</div>
+<div class="refsect1">
 <a name="p11-kit-extract-trust"></a><h2>Extract Trust</h2>
 <p>Extract standard trust information files.</p>
 <p>This operation has been moved to a separate command <span class="command"><strong>trust extract-compat</strong></span>.
@@ -88,29 +99,31 @@ $ p11-kit list-modules
 <p>Run a PKCS#11 module remotely.</p>
 <pre class="programlisting">
 $ p11-kit remote /path/to/pkcs11-module.so
+$ p11-kit remote pkcs11:token1 pkcs11:token2 ...
 </pre>
 <p>This is not meant to be run directly from a terminal. But rather in a
 	<code class="option">remote</code> option in a
 	<span class="citerefentry"><span class="refentrytitle">pkcs11.conf</span>(5)</span>
 	file.</p>
+<p>This exposes the given PKCS#11 module or tokens over standard input and output. Those two forms, whether to expose a module or tokens, are mutually exclusive and if the second form is used, the tokens must belong to the same module.</p>
 </div>
 <div class="refsect1">
 <a name="p11-kit-bugs"></a><h2>Bugs</h2>
 <p>
     Please send bug reports to either the distribution bug tracker
     or the upstream bug tracker at
-    <a class="ulink" href="https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&amp;component=p11-kit" target="_top">https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&amp;component=p11-kit</a>.
+    <a class="ulink" href="https://github.com/p11-glue/p11-kit/issues/" target="_top">https://github.com/p11-glue/p11-kit/issues/</a>.
   </p>
 </div>
 <div class="refsect1">
 <a name="p11-kit-see-also"></a><h2>See also</h2>
 <span class="simplelist"><span class="citerefentry"><span class="refentrytitle">pkcs11.conf</span>(5)</span></span><p>
     Further details available in the p11-kit online documentation at
-    <a class="ulink" href="http://p11-glue.freedesktop.org/doc/p11-kit/" target="_top">http://p11-glue.freedesktop.org/doc/p11-kit/</a>.
+    <a class="ulink" href="https://p11-glue.github.io/p11-glue/p11-kit/manual/" target="_top">https://p11-glue.github.io/p11-glue/p11-kit/manual/</a>.
   </p>
 </div>
 </div>
 <div class="footer">
-<hr>Generated by GTK-Doc V1.25</div>
+<hr>Generated by GTK-Doc V1.27</div>
 </body>
 </html>

data/vendor/local/share/gtk-doc/html/p11-kit/pkcs11-conf.html CHANGED

@@ -3,12 +3,12 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <title>pkcs11.conf: p11-kit</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
 <link rel="home" href="index.html" title="p11-kit">
 <link rel="up" href="tools.html" title="Manual Pages">
 <link rel="prev" href="p11-kit.html" title="p11-kit">
 <link rel="next" href="trust.html" title="trust">
-<meta name="generator" content="GTK-Doc V1.25 (XML mode)">
+<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
 <link rel="stylesheet" href="style.css" type="text/css">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -106,6 +106,7 @@ x-custom : text
 			for other programs using p11-kit. The base name of the process executable
 			should be used here, for example
 			<code class="literal">seahorse, ssh</code>.</p>
+<p>This option can also be used to control whether the module will be loaded by <a class="link" href="sharing.html" title="Sharing PKCS#11 modules">the proxy module</a>.  To enable loading only from the proxy module, specify <code class="literal">p11-kit-proxy</code> as the value.</p>
 <p>This is not a security feature. The argument is optional. If
 			not present, then any process will load the module.</p>
 </td>
@@ -118,6 +119,7 @@ x-custom : text
 			other programs using p11-kit. The base name of the process
 			executable should be used here, for example
 			<code class="literal">firefox, thunderbird-bin</code>.</p>
+<p>This option can also be used to control whether the module will be loaded by <a class="link" href="sharing.html" title="Sharing PKCS#11 modules">the proxy module</a>.  To disable loading from the proxy module, specify <code class="literal">p11-kit-proxy</code> as the value.</p>
 <p>This is not a security feature. The argument is optional. If
 			not present, then any process will load the module.</p>
 </td>
@@ -250,11 +252,11 @@ remote: |ssh user@remote p11-kit remote /path/to/module.so
 <div class="refsect1">
 <a name="pkcs11-conf-see-also"></a><h2>See also</h2>
 <span class="simplelist"><span class="citerefentry"><span class="refentrytitle">p11-kit</span>(8)</span></span><p>Further details available in the p11-kit online documentation at
-	<a class="ulink" href="http://p11-glue.freedesktop.org/doc/p11-kit/" target="_top">http://p11-glue.freedesktop.org/doc/p11-kit/</a>.
+	<a class="ulink" href="https://p11-glue.github.io/p11-glue/p11-kit/manual/" target="_top">https://p11-glue.github.io/p11-glue/p11-kit/manual/</a>.
 	</p>
 </div>
 </div>
 <div class="footer">
-<hr>Generated by GTK-Doc V1.25</div>
+<hr>Generated by GTK-Doc V1.27</div>
 </body>
 </html>

data/vendor/local/share/gtk-doc/html/p11-kit/reference.html CHANGED

@@ -3,12 +3,12 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <title>API Reference: p11-kit</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
 <link rel="home" href="index.html" title="p11-kit">
 <link rel="up" href="index.html" title="p11-kit">
 <link rel="prev" href="trust.html" title="trust">
 <link rel="next" href="p11-kit-Modules.html" title="Modules">
-<meta name="generator" content="GTK-Doc V1.25 (XML mode)">
+<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
 <link rel="stylesheet" href="style.css" type="text/css">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -57,6 +57,10 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-Future.html#P11KitIterKind" title="enum P11KitIterKind">P11KitIterKind</a>, enum in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-PIN-Callbacks.html#P11KitPin" title="P11KitPin">P11KitPin</a>, typedef in <a class="link" href="p11-kit-PIN-Callbacks.html" title="PIN Callbacks">PIN Callbacks</a>
 </dt>
 <dd></dd>
@@ -149,6 +153,10 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-Future.html#p11-kit-iter-get-kind" title="p11_kit_iter_get_kind ()">p11_kit_iter_get_kind</a>, function in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-Future.html#p11-kit-iter-get-module" title="p11_kit_iter_get_module ()">p11_kit_iter_get_module</a>, function in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
 </dt>
 <dd></dd>
@@ -341,6 +349,14 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-Future.html#p11-kit-remote-serve-token" title="p11_kit_remote_serve_token ()">p11_kit_remote_serve_token</a>, function in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
+</dt>
+<dd></dd>
+<dt>
+<a class="link" href="p11-kit-Future.html#p11-kit-remote-serve-tokens" title="p11_kit_remote_serve_tokens ()">p11_kit_remote_serve_tokens</a>, function in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-Future.html#p11-kit-set-progname" title="p11_kit_set_progname ()">p11_kit_set_progname</a>, function in <a class="link" href="p11-kit-Future.html" title="Future">Future</a>
 </dt>
 <dd></dd>
@@ -393,6 +409,14 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-get-module-name" title="p11_kit_uri_get_module_name ()">p11_kit_uri_get_module_name</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
+<dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-get-module-path" title="p11_kit_uri_get_module_path ()">p11_kit_uri_get_module_path</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-URIs.html#p11-kit-uri-get-pinfile" title="p11_kit_uri_get_pinfile ()">p11_kit_uri_get_pinfile</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
 </dt>
 <dd></dd>
@@ -417,6 +441,10 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-get-vendor-query" title="p11_kit_uri_get_vendor_query ()">p11_kit_uri_get_vendor_query</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-URIs.html#p11-kit-uri-match-attributes" title="p11_kit_uri_match_attributes ()">p11_kit_uri_match_attributes</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
 </dt>
 <dd></dd>
@@ -465,6 +493,14 @@
 </dt>
 <dd></dd>
 <dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-set-module-name" title="p11_kit_uri_set_module_name ()">p11_kit_uri_set_module_name</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
+<dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-set-module-path" title="p11_kit_uri_set_module_path ()">p11_kit_uri_set_module_path</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
+<dt>
 <a class="link" href="p11-kit-URIs.html#p11-kit-uri-set-pinfile" title="p11_kit_uri_set_pinfile ()">p11_kit_uri_set_pinfile</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
 </dt>
 <dd></dd>
@@ -484,6 +520,10 @@
 <a class="link" href="p11-kit-URIs.html#p11-kit-uri-set-unrecognized" title="p11_kit_uri_set_unrecognized ()">p11_kit_uri_set_unrecognized</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
 </dt>
 <dd></dd>
+<dt>
+<a class="link" href="p11-kit-URIs.html#p11-kit-uri-set-vendor-query" title="p11_kit_uri_set_vendor_query ()">p11_kit_uri_set_vendor_query</a>, function in <a class="link" href="p11-kit-URIs.html" title="URIs">URIs</a>
+</dt>
+<dd></dd>
 </div>
 <div class="glossary">
 <div class="titlepage"><div><div><h2 class="title">
@@ -512,6 +552,6 @@
 </div>
 </div>
 <div class="footer">
-<hr>Generated by GTK-Doc V1.25</div>
+<hr>Generated by GTK-Doc V1.27</div>
 </body>
 </html>

data/vendor/local/share/gtk-doc/html/p11-kit/remoting.html ADDED

@@ -0,0 +1,230 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Remoting / Forwarding: p11-kit</title>
+<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
+<link rel="home" href="index.html" title="p11-kit">
+<link rel="up" href="index.html" title="p11-kit">
+<link rel="prev" href="sharing.html" title="Proxy Module">
+<link rel="next" href="trust-module.html" title="Trust Policy Module">
+<meta name="generator" content="GTK-Doc V1.27 (XML mode)">
+<link rel="stylesheet" href="style.css" type="text/css">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
+<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
+<td width="100%" align="left" class="shortcuts"></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
+<td><img src="up-insensitive.png" width="16" height="16" border="0"></td>
+<td><a accesskey="p" href="sharing.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
+<td><a accesskey="n" href="trust-module.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="chapter">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="remoting"></a>Remoting / Forwarding</h1></div></div></div>
+<p>Smartcards or hardware security modules (HSM) are technologies to
+	keep private keys on devices physically isolated to a device only available
+	to the user. That way only the intended user can use that device to authenticate,
+	authorize or perform other functions that involve the private keys. These come
+	usually in the form of a USB device or token which is plugged into the local computer.
+	</p>
+<p>In modern "cloud" computing, it is often desirable to virtually transfer such
+	a device on remote servers. For example, one can sign software or documents on a remote
+	server, use the local smart card to authorize itself to Kerberos, or any other
+	possible use. There are various approaches to tackle that problem, and on different
+	levels of the smart card application stack. It is possible to forward the USB
+	device holding the smart card, or forward the lower-level PC/SC protocol which
+	some smart cards talk, or forward the high-level interface used to communicate
+	with smart cards, the PKCS#11 interface.</p>
+<p>To address that problem, in p11-kit, we allow the forwarding of
+	the higher level smart card interface, PKCS#11. In the following paragraphs
+	we describe the approach and tools needed to perform that forwarding over SSH
+	secure communication channels.</p>
+<div class="refsect1">
+<a name="remoting-scenario"></a><h2>Scenario</h2>
+<p>We assume having a local workstation, and a remote server. On the local
+	computer we have inserted a smart card, in our examples we use a Nitrokey
+	card with the OpenSC drivers. We will forward the card
+	from the workstation to the remote server.</p>
+</div>
+<div class="refsect1">
+<a name="remoting-setup"></a><h2>Setting up the PKCS#11 forwarding server on a local client</h2>
+<p>To forward a smartcard to a remote server, we first need to identify which
+	smartcards are available. To list the smartcards currently attached to the local
+	computer, use the p11tool command from the gnutls package. For example:
+	</p>
+<pre class="programlisting">
+$ p11tool --list-tokens
+...
+Token 6:
+        URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29
+        Label: UserPIN (Daiki's token)
+        Type: Hardware token
+        Manufacturer: www.CardContact.de
+        Model: PKCS#15 emulated
+        Serial: DENK0000000
+        Module: opensc-pkcs11.so
+...
+</pre>
+<p>This is the entry for the card we'd like to forward to remote system. The important
+	pieces are the 'pkcs11:' URL listed above, and the module name. Once we determine which
+	smartcard to forward, we expose it to a local Unix domain socket, with the following
+	p11-kit server command.
+	</p>
+<pre class="programlisting">
+$ p11-kit server --provider /usr/lib64/pkcs11/opensc-pkcs11.so "pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29"
+</pre>
+<p>Here we provide to the server the module location (optional) with the --provider
+	option, as well as the URL of the card. We copied the values from the Module and URL
+	lines of the p11tool output above. When the p11-kit server command starts, it will
+	print the address of the PKCS#11 unix domain socket and the process ID of the server.
+	</p>
+<pre class="programlisting">
+P11_KIT_SERVER_ADDRESS=unix:path=/run/user/12345/p11-kit/pkcs11-12345
+P11_KIT_SERVER_PID=12345
+</pre>
+<p>For later use, set the variables output by the tool on your shell prompt
+	(e.g., copy and paste them or call the above p11-kit server command line with
+	<code class="literal">eval $(p11-kit server ...)</code>).
+	</p>
+</div>
+<div class="refsect1">
+<a name="remoting-forwarding-socket"></a><h2>Forwarding and using the PKCS#11 Unix socket on the remote server</h2>
+<p>On the remote server, we will initially forward the previously generated PKCS#11
+	unix socket, and then access the smart card through it. To access the forwarded socket
+	as if it were a smart card, a dedicated PKCS#11 module p11-kit-client.so is provided as
+	part of the p11-kit-server package.
+	</p>
+</div>
+<div class="refsect1">
+<a name="remoting-forwarding-socket-prep"></a><h2>Preparing the remote system for PKCS#11 socket forwarding</h2>
+<p>One important detail you should be aware of, is the file system location of the
+	forwarded socket. By convention, the p11-kit-client.so module utilizes the "user runtime
+	directory", managed by systemd; the directory is created when a user logs in, and removed
+	upon logout, so that the user doesn't need to manually clean up the socket file.
+	</p>
+<p>To locate your user runtime directory, do:
+	</p>
+<pre class="programlisting">
+$ systemd-path user-runtime
+/run/user/1000
+</pre>
+<p>The <code class="literal">p11-kit-client.so</code> module looks for the socket file under a
+	subdirectory (<code class="literal">/run/user/1000/p11-kit</code> in this example). To enable
+	auto-creation of the directory, do the following.
+	</p>
+<pre class="programlisting">
+$ systemctl --user enable p11-kit-client.service
+</pre>
+</div>
+<div class="refsect1">
+<a name="remoting-finally-forwarding"></a><h2>Forwarding the PKCS#11 socket</h2>
+<p>We will use ssh to forward the local PKCS#11 unix socket to the remote server.
+	Following the p11-kit-client convention, we will forward the socket to the remote user
+	run-time path so that cleaning up on disconnect is not required. The remote location
+	of the run-time path can be obtained as follows.
+	</p>
+<pre class="programlisting">
+$ ssh [user]@[remotehost] systemd-path user-runtime
+/run/user/1000
+</pre>
+<p>The number at the end of the path above is your user ID in that system
+	(and thus will vary from user to user). You can now forward the Unix domain socket
+	with the -R option of the ssh command, after replacing the example path with the
+	actual run-time path.
+	</p>
+<pre class="programlisting">
+$ ssh -R /run/user/[userID]/p11-kit/pkcs11:${P11_KIT_SERVER_ADDRESS#*=} [user]@[remotehost]
+</pre>
+<p>After successfully logging in to the remote host, you can use the forwarded
+	smartcard as if it were directly connected to the server using the
+	<code class="literal">p11-kit-client.so</code>. Note that if any error occurs during the forwarding
+	setup, you will see something like this on your terminal:
+	</p>
+<pre class="programlisting">
+Warning: remote port forwarding failed for listen path /run/user/...
+</pre>
+</div>
+<div class="refsect1">
+<a name="remoting-using"></a><h2>Using the forwarded PKCS#11 socket</h2>
+<p>Let's first make sure the smart card works on the remote system, by listing it:
+	</p>
+<pre class="programlisting">
+$ ls -l /run/user/1000/p11-kit/pkcs11
+$ p11tool --provider /usr/lib64/pkcs11/p11-kit-client.so --list-tokens
+...
+Token 0:
+        URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29
+        Label: UserPIN (Daiki's token)
+        Type: Hardware token
+        Manufacturer: www.CardContact.de
+        Model: PKCS#15 emulated
+        Serial: DENK0000000
+        Module: (null)
+...
+</pre>
+<p>We can similarly generate, copy objects or test certificates to the card using
+	the same command. Any applications which support PKCS#11 can perform cryptographic
+	operations through the client module.
+	</p>
+</div>
+<div class="refsect1">
+<a name="remoting-registering"></a><h2>Registering the client module for use with OpenSSL and GnuTLS apps</h2>
+<p>To utilize the p11-kit-client module with OpenSSL (via engine_pkcs11 provided
+	by the libp11 package) and GnuTLS applications, you have to register it in
+	p11-kit. To do it for the current user, use the following commands:
+	</p>
+<pre class="programlisting">
+$ mkdir .config/pkcs11/modules/
+$ echo "module: /usr/lib64/pkcs11/p11-kit-client.so" &gt;.config/pkcs11/modules/p11-kit-client.module
+</pre>
+<p>Once this is done both OpenSSL and GnuTLS applications should work, for example:
+	</p>
+<pre class="programlisting">
+$ URL="pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29"
+# Generate a key using gnutls’ p11tool
+$ p11tool --generate-ecc --login --label test-key "$URL"
+# generate a certificate request with the previous key using openssl
+$ openssl req -engine pkcs11 -new -key "$URL;;object=test-key;type=private;pin-value=XXXX" \
+         -keyform engine -out req.pem -text -subj "/CN=Test user"
+</pre>
+<p>Note that the token URL remains the same in the forwarded system as in the original one.
+	</p>
+</div>
+<div class="refsect1">
+<a name="remoting-ssh"></a><h2>Using the client module with OpenSSH</h2>
+<p>To re-use the already forwarded smartcard for authentication with another remote host, you can run ssh and provide the -I option with p11-kit-client.so. For example:
+	</p>
+<pre class="programlisting">
+$ ssh -I /usr/lib64/pkcs11/p11-kit-client.so [user]@[anotherhost]
+</pre>
+</div>
+<div class="refsect1">
+<a name="remoting-nss"></a><h2>Using the client module with NSS applications</h2>
+<p>To register the forwarded smartcard in NSS applications, you can set it up with
+	the modutil command, as follows.
+	</p>
+<pre class="programlisting">
+$ sudo modutil -dbdir /etc/pki/nssdb -add p11-kit-client -libfile /usr/lib64/pkcs11/p11-kit-client.so
+$ modutil -dbdir /etc/pki/nssdb -list
+...
+  3. p11-kit-client
+    library name: /usr/lib64/pkcs11/p11-kit-client.so
+       uri: pkcs11:library-manufacturer=OpenSC%20Project;library-description=OpenSC%20smartcard%20framework;library-version=0.17
+     slots: 1 slot attached
+    status: loaded
+     slot: Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
+    token: UserPIN (Daiki's token)
+      uri: pkcs11:token=UserPIN%20(Daiki's%20token);manufacturer=www.CardContact.de;serial=DENK0000000;model=PKCS%2315%20emulated
+</pre>
+</div>
+</div>
+<div class="footer">
+<hr>Generated by GTK-Doc V1.27</div>
+</body>
+</html>