[gnome-keyring/trust-store] [gcr] PKCS#11 conf file is now in /etc/xdg

[Stefan Walter <stefw src gnome org>]

commit e3438dc739ed076eef231b6f4946b0152bc7b801
Author: Stef Walter <stefw collabora co uk>
Date:   Wed Dec 22 16:00:28 2010 +0000

    [gcr] PKCS#11 conf file is now in /etc/xdg
    
    And install a pkcs11.conf.defaults file which is updated along
    with gnome-keyring, and then a pkcs11.conf file which is editable
    and can be overridden by admin/user.

 gcr/Makefile.am          |   17 +++++++++++++++--
 gcr/gcr-library.c        |   35 ++++++++++++++++-------------------
 gcr/pkcs11.conf.defaults |   13 +++++++++++++
 3 files changed, 44 insertions(+), 21 deletions(-)
---
diff --git a/gcr/Makefile.am b/gcr/Makefile.am
index fc77e2c..72d757a 100644
--- a/gcr/Makefile.am
+++ b/gcr/Makefile.am
@@ -9,6 +9,17 @@ ui_DATA = \
 	gcr-unlock-options-widget.ui
 
 # ------------------------------------------------------------------
+# CONFIG
+
+confdir = $(sysconfdir)/xdg
+
+PKCS11_DEFAULT_FILE =  pkcs11.conf.defaults
+PKCS11_CONFIG_FILE = pkcs11.conf
+
+conf_DATA = \
+	$(PKCS11_DEFAULT_FILE)
+
+# ------------------------------------------------------------------
 # HEADERS
 
 incdir = $(includedir)/gcr GCR_VERSION_SUFFIX@/gcr
@@ -75,7 +86,8 @@ libgcr GCR_VERSION_SUFFIX@_la_SOURCES = \
 	$(BUILT_SOURCES)
 
 libgcr GCR_VERSION_SUFFIX@_la_CFLAGS = \
-	-DPKCS11_CONF_PATH=\""$(sysconfdir)/pkcs11.conf"\" \
+	-DPKCS11_DEFAULT_PATH=\""$(confdir)/$(PKCS11_DEFAULT_FILE)"\" \
+	-DPKCS11_CONFIG_PATH=\""$(confdir)/$(PKCS11_CONFIG_FILE)"\" \
 	-DGCK_API_SUBJECT_TO_CHANGE \
 	-DGCR_API_SUBJECT_TO_CHANGE \
 	-DGCR_COMPILATION \
@@ -112,7 +124,8 @@ gcr-$(GCR_MAJOR).pc: gcr.pc
 EXTRA_DIST = \
 	gcr.pc.in \
 	gcr-marshal.list \
-	$(ui_DATA)
+	$(ui_DATA) \
+	$(conf_DATA)
 
 CLEANFILES = \
 	$(BUILT_SOURCES) \
diff --git a/gcr/gcr-library.c b/gcr/gcr-library.c
index 9ac37fa..aca6592 100644
--- a/gcr/gcr-library.c
+++ b/gcr/gcr-library.c
@@ -60,13 +60,6 @@ static GList *all_modules = NULL;
 static gchar *trust_store_uri = NULL;
 static gchar **trust_lookup_uris = NULL;
 
-const gchar DEFAULT_PKCS11_CONF[] =
-	"[trust-assertions]\n" \
-	"lookups=pkcs11:manufacturer=Gnome%20Keyring;serial=1:ROOTS:DEFAULT " \
-		"pkcs11:manufacturer=Gnome%20Keyring;serial=1:XDG:DEFAULT\n" \
-	"storage=pkcs11:manufacturer=Gnome%20Keyring;serial=1:XDG:DEFAULT\n" \
-;
-
 /* -----------------------------------------------------------------------------
  * ERRORS
  */
@@ -174,18 +167,22 @@ _gcr_initialize (void)
 		all_modules = gck_modules_initialize_registered (0);
 
 		key_file = g_key_file_new ();
-		if (g_file_test (PKCS11_CONF_PATH, G_FILE_TEST_EXISTS)) {
-			if (!g_key_file_load_from_file (key_file, PKCS11_CONF_PATH,
-			                                G_KEY_FILE_NONE, &error)) {
-				g_warning ("couldn't parse %s file: %s", PKCS11_CONF_PATH,
-				           egg_error_message (error));
-				g_clear_error (&error);
-			}
-		} else {
-			if (!g_key_file_load_from_data (key_file, DEFAULT_PKCS11_CONF,
-			                                strlen (DEFAULT_PKCS11_CONF),
-			                                G_KEY_FILE_NONE, NULL))
-				g_warn_if_reached ();
+
+		/* Load the defaults */
+		if (!g_key_file_load_from_file (key_file, PKCS11_DEFAULT_PATH,
+		                                G_KEY_FILE_NONE, &error)) {
+			g_warning ("couldn't parse %s file: %s", PKCS11_DEFAULT_PATH,
+			           egg_error_message (error));
+			g_clear_error (&error);
+		}
+
+		/* Load any changes */
+		if (g_file_test (PKCS11_CONFIG_PATH, G_FILE_TEST_EXISTS) &&
+		    !g_key_file_load_from_file (key_file, PKCS11_CONFIG_PATH,
+		                                G_KEY_FILE_NONE, &error)) {
+			g_warning ("couldn't parse %s file: %s", PKCS11_CONFIG_PATH,
+			           egg_error_message (error));
+			g_clear_error (&error);
 		}
 
 		trust_store_uri = g_key_file_get_string (key_file, "trust-assertions", "storage", NULL);
diff --git a/gcr/pkcs11.conf.defaults b/gcr/pkcs11.conf.defaults
new file mode 100644
index 0000000..6b8448e
--- /dev/null
+++ b/gcr/pkcs11.conf.defaults
@@ -0,0 +1,13 @@
+
+# Settings which control which PKCS#11 modules are used to lookup trust
+# assertions like anchor certificate authorities, or pinned certificates.
+#
+# These are PKCS#11 URI's and are described here:
+# http://tools.ietf.org/html/draft-pechanec-pkcs11uri-03
+#
+# Do not change the settings here. Put your changes or overrides in
+# a file called "pkcs11.conf" in the same directory.
+
+[trust-assertions]
+lookups=pkcs11:manufacturer=Gnome%20Keyring;serial=1:ROOTS:DEFAULT pkcs11:manufacturer=Gnome%20Keyring;serial=1:XDG:DEFAULT
+storage=pkcs11:manufacturer=Gnome%20Keyring;serial=1:XDG:DEFAULT