summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAmy Liffey <amynka@gentoo.org>2021-03-10 20:05:15 +0100
committerAmy Liffey <amynka@gentoo.org>2021-03-10 20:05:15 +0100
commit3b8a376e2734c94174127aa3ac6d1563e3555b28 (patch)
treea57ee97722d7ff694f332f4d081e311cab6a33db
parentapp-crypt/eid-mw: version bump 5.0.14 (diff)
downloadgentoo-3b8a376e2734c94174127aa3ac6d1563e3555b28.tar.gz
gentoo-3b8a376e2734c94174127aa3ac6d1563e3555b28.tar.bz2
gentoo-3b8a376e2734c94174127aa3ac6d1563e3555b28.zip
app-crypt/eid-mw: remove old 4.4.27, 5.0.11
Submitted-by: Vincent Hardy <vincent.hardy.be@gmail.com> Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Amy Liffey <amynka@gentoo.org>
-rw-r--r--app-crypt/eid-mw/Manifest2
-rw-r--r--app-crypt/eid-mw/eid-mw-4.4.27.ebuild108
-rw-r--r--app-crypt/eid-mw/eid-mw-5.0.11.ebuild111
-rw-r--r--app-crypt/eid-mw/files/eid-sign-test-4.4.19.patch272
-rw-r--r--app-crypt/eid-mw/metadata.xml3
5 files changed, 0 insertions, 496 deletions
diff --git a/app-crypt/eid-mw/Manifest b/app-crypt/eid-mw/Manifest
index 198a92e64add..0af6a4269427 100644
--- a/app-crypt/eid-mw/Manifest
+++ b/app-crypt/eid-mw/Manifest
@@ -1,3 +1 @@
-DIST eid-mw-4.4.27.tar.gz 7481892 BLAKE2B 5d1268946a62436eec74a7ed83e8391c1ceb0274ef8798b95bee2087e4e439d46ea5f88b8237cff1e925d31d1762fe979a959ce35efd4d6210dda580827bab3b SHA512 c4e9917907bb351b9dd427eb48c2124e55de0d8a73cfd142b9cb5e81c84f91e62a39a90bb1fbd109fb59aeb089898ffcd18ef5ccf2ab72c883b41ec4d9b9edf1
-DIST eid-mw-5.0.11.tar.gz 8928406 BLAKE2B 36358b758e1e865a7a99099f548b8e7acc045df73ab6290dc5ebf7e82c8b03566137340498e815cdb3458c63961233ef0e8530f75dfeed18e714b6fb4fcfbbcd SHA512 2753739797dbfe5b01c4538fca02f5a0833a3850a2b62cd4e7179a148b0459c9217311f44d1f03b9b9655187af7d90cbe53dd1e4a8318a0cba864d346f8c9324
DIST eid-mw-5.0.14.tar.gz 8971565 BLAKE2B d1e6997c089c72f6b6b15fafefa227d7341721c1fa52e446f0334c3915b2e16d84ccb27053dc2e12c0f932bb3cb96e1cbfadc0d6b203098734f74fa0dbffc6ab SHA512 97a4e1359c853f14e91d5ec6c3b13d97b3113106da1e7125b558d724aea76f8a15b289dd06ed13391896d9318daea0133eba9269b6103fb1b922e8b55ceaf9cc
diff --git a/app-crypt/eid-mw/eid-mw-4.4.27.ebuild b/app-crypt/eid-mw/eid-mw-4.4.27.ebuild
deleted file mode 100644
index 38d7672f996b..000000000000
--- a/app-crypt/eid-mw/eid-mw-4.4.27.ebuild
+++ /dev/null
@@ -1,108 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools desktop gnome2-utils xdg-utils
-
-DESCRIPTION="Electronic Identity Card middleware supplied by the Belgian Federal Government"
-HOMEPAGE="https://eid.belgium.be"
-SRC_URI="https://codeload.github.com/fedict/${PN}/tar.gz/v${PV} -> ${P}.tar.gz"
-
-LICENSE="LGPL-3"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~x86"
-IUSE="+dialogs +gtk +p11v220 p11-kit"
-
-RDEPEND=">=sys-apps/pcsc-lite-1.2.9
- gtk? (
- x11-libs/gdk-pixbuf[jpeg]
- x11-libs/gtk+:*
- dev-libs/libxml2
- net-misc/curl[ssl]
- net-libs/libproxy
- !app-misc/eid-viewer-bin
- )
- p11-kit? ( app-crypt/p11-kit )"
-
-DEPEND="${RDEPEND}
- virtual/pkgconfig"
-
-REQUIRED_USE="dialogs? ( gtk )"
-
-src_prepare() {
- default
-
- sed -i -e 's:/beid/rsaref220:/rsaref220:' configure.ac || die
- sed -i -e 's:/beid::' cardcomm/pkcs11/src/libbeidpkcs11.pc.in || die
-
- # Buggy internal versioning when autoreconf a tarball release.
- # Weird numbering is required otherwise we get a seg fault in
- # about-eid-mw program.
- echo "${PV}-v${PV}" > .version
- sed -i \
- -e '/^GITDESC/ d' \
- -e '/^VERCLEAN/ d' \
- scripts/build-aux/genver.sh
-
- # legacy xpi module : we don't want it anymore
- sed -i -e '/SUBDIRS/ s:plugins_tools/xpi ::' Makefile.am || die
- sed -i -e '/plugins_tools\/xpi/ d' configure.ac || die
-
- # hardcoded lsb_info
- sed -i \
- -e "s:get_lsb_info('i'):strdup(_(\"Gentoo\")):" \
- -e "s:get_lsb_info('r'):strdup(_(\"n/a\")):" \
- -e "s:get_lsb_info('c'):strdup(_(\"n/a\")):" \
- plugins_tools/aboutmw/gtk/about-main.c || die
-
- # Fix libdir for pkcs11_manifestdir
- sed -i \
- -e "/pkcs11_manifestdir/ s:prefix)/lib:libdir):" \
- cardcomm/pkcs11/src/Makefile.am || die
-
- # See bug #691308
- eapply "${FILESDIR}/eid-sign-test-4.4.19.patch"
-
- # See bug #732994
- sed -i \
- -e '/LDFLAGS="/ s:$CPPFLAGS:$LDFLAGS:' \
- configure.ac || die
-
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_enable dialogs) \
- $(use_enable p11v220) \
- $(use_enable p11-kit p11kit) \
- $(use_with gtk gtkvers 'detect') \
- --with-gnu-ld \
- --disable-static
-}
-
-src_install() {
- default
- rm -r "${ED}"/usr/$(get_libdir)/*.la || die
- if use gtk; then
- domenu plugins_tools/eid-viewer/eid-viewer.desktop
- doicon plugins_tools/eid-viewer/gtk/eid-viewer.png
- fi
-}
-
-pkg_postinst() {
- if use gtk; then
- gnome2_schemas_update
- xdg_desktop_database_update
- xdg_icon_cache_update
- fi
-}
-
-pkg_postrm() {
- if use gtk; then
- gnome2_schemas_update
- xdg_desktop_database_update
- xdg_icon_cache_update
- fi
-}
diff --git a/app-crypt/eid-mw/eid-mw-5.0.11.ebuild b/app-crypt/eid-mw/eid-mw-5.0.11.ebuild
deleted file mode 100644
index b0e0654fd5b0..000000000000
--- a/app-crypt/eid-mw/eid-mw-5.0.11.ebuild
+++ /dev/null
@@ -1,111 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools desktop gnome2-utils xdg-utils
-
-DESCRIPTION="Electronic Identity Card middleware supplied by the Belgian Federal Government"
-HOMEPAGE="https://eid.belgium.be"
-SRC_URI="https://codeload.github.com/fedict/${PN}/tar.gz/v${PV} -> ${P}.tar.gz"
-
-LICENSE="LGPL-3"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~x86"
-IUSE="+dialogs +gtk +p11v220 p11-kit"
-
-RDEPEND=">=sys-apps/pcsc-lite-1.2.9
- gtk? (
- x11-libs/gdk-pixbuf[jpeg]
- x11-libs/gtk+:3
- dev-libs/libxml2
- net-misc/curl[ssl]
- net-libs/libproxy
- app-crypt/pinentry[gtk]
- )
- p11-kit? ( app-crypt/p11-kit )"
-
-DEPEND="${RDEPEND}
- virtual/pkgconfig"
-
-REQUIRED_USE="dialogs? ( gtk )"
-
-src_prepare() {
- default
-
- # Buggy internal versioning when autoreconf a tarball release.
- # Weird numbering is required otherwise we get a seg fault in
- # about-eid-mw program.
- echo "${PV}-v${PV}" > .version
-
- # xpi module : we don't want it anymore
- sed -i -e '/SUBDIRS/ s:plugins_tools/xpi ::' Makefile.am || die
- sed -i -e '/plugins_tools\/xpi/ d' configure.ac || die
-
- # hardcoded lsb_info
- sed -i \
- -e "s:get_lsb_info('i'):strdup(_(\"Gentoo\")):" \
- -e "s:get_lsb_info('r'):strdup(_(\"n/a\")):" \
- -e "s:get_lsb_info('c'):strdup(_(\"n/a\")):" \
- plugins_tools/aboutmw/gtk/about-main.c || die
-
- # Fix libdir for pkcs11_manifestdir
- sed -i \
- -e "/pkcs11_manifestdir/ s:prefix)/lib:libdir):" \
- cardcomm/pkcs11/src/Makefile.am || die
-
- # See bug #732994
- sed -i \
- -e '/LDFLAGS="/ s:$CPPFLAGS:$LDFLAGS:' \
- configure.ac || die
-
- # See bug #751472
- eapply "${FILESDIR}/use-printf-in-Makefile.patch"
-
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_enable dialogs) \
- $(use_enable p11v220) \
- $(use_enable p11-kit p11kit) \
- $(use_with gtk gtkvers 'detect') \
- --with-gnu-ld \
- --disable-static
-}
-
-src_install() {
- default
- rm -r "${ED}"/usr/$(get_libdir)/*.la || die
- if use gtk; then
- domenu plugins_tools/eid-viewer/eid-viewer.desktop
- doicon plugins_tools/eid-viewer/gtk/eid-viewer.png
- fi
-}
-
-pkg_postinst() {
- if use gtk; then
- gnome2_schemas_update
- xdg_desktop_database_update
- xdg_icon_cache_update
-
- local peimpl=$(eselect --brief --colour=no pinentry show)
- case "${peimpl}" in
- *gtk*) ;;
- *) ewarn "The pinentry front-end currently selected is not supported by eid-mw."
- ewarn "You may be prompted for your pin code in an inaccessible shell!!"
- ewarn "Please select pinentry-gtk-2 as default pinentry provider:"
- ewarn " # eselect pinentry set pinentry-gtk-2"
- ;;
- esac
- fi
-}
-
-pkg_postrm() {
- if use gtk; then
- gnome2_schemas_update
- xdg_desktop_database_update
- xdg_icon_cache_update
- fi
-}
diff --git a/app-crypt/eid-mw/files/eid-sign-test-4.4.19.patch b/app-crypt/eid-mw/files/eid-sign-test-4.4.19.patch
deleted file mode 100644
index cf59f99a8ea7..000000000000
--- a/app-crypt/eid-mw/files/eid-sign-test-4.4.19.patch
+++ /dev/null
@@ -1,272 +0,0 @@
---- eid-mw-4.4.19/tests/unit/sign.c 2019-07-11 16:08:46.000000000 +0200
-+++ eid-mw-git/tests/unit/sign.c 2019-08-04 17:40:08.683942928 +0200
-@@ -19,10 +19,13 @@
- **************************************************************************** */
- #ifdef WIN32
- #include <win32.h>
-+#pragma pack(push, cryptoki, 1)
-+#include "pkcs11.h"
-+#pragma pack(pop, cryptoki)
- #else
- #include <unix.h>
--#endif
- #include <pkcs11.h>
-+#endif
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
-@@ -33,66 +36,88 @@
- #include <config.h>
- #endif
-
-+#include <stdbool.h>
-+
- #if HAVE_OPENSSL
--#include <openssl/rsa.h>
-+#include <openssl/opensslv.h>
-+#include <openssl/evp.h>
- #include <openssl/engine.h>
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
--static int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
-- if(!r || !n || !e) {
-- return 0;
-- }
-- r->n = n;
-- r->e = e;
-- r->d = d;
-- return 1;
--}
--#endif
--
--CK_BYTE digest_sha256[] = {
-- 0x2c, 0x26, 0xb4, 0x6b,
-- 0x68, 0xff, 0xc6, 0x8f,
-- 0xf9, 0x9b, 0x45, 0x3c,
-- 0x1d, 0x30, 0x41, 0x34,
-- 0x13, 0x42, 0x2d, 0x70,
-- 0x64, 0x83, 0xbf, 0xa0,
-- 0xf9, 0x8a, 0x5e, 0x88,
-- 0x62, 0x66, 0xe7, 0xae
--};
--
--int verify_sig(unsigned char* sig, CK_ULONG siglen, CK_BYTE_PTR modulus, CK_ULONG modlen, CK_BYTE_PTR exponent, CK_ULONG explen) {
-- RSA* rsa = RSA_new();
-- unsigned char* s = malloc(siglen);
-- int ret;
--
-- RSA_set0_key(rsa, BN_bin2bn(modulus, (int) modlen, NULL), BN_bin2bn(exponent, (int) explen, NULL), NULL);
--
-- int v = RSA_verify(NID_sha256, digest_sha256, sizeof(digest_sha256), sig, siglen, rsa);
--
-- printf("Signature verification returned: %d\n", v);
-- if(!v) {
-- unsigned long e = ERR_get_error();
-- printf("error %ld: %s\n", e, ERR_error_string(e, NULL));
-- ret = TEST_RV_FAIL;
-- } else {
-- ret = TEST_RV_OK;
-+// These were copied from eid-test-ca:derencode.c
-+int verify_sig(const unsigned char *sig_in, CK_ULONG siglen, const unsigned char *certificate, size_t certlen, bool is_rsa) {
-+#if OPENSSL_VERSION_NUMBER > 0x10100000L
-+ X509 *cert = NULL;
-+ EVP_PKEY *pkey = NULL;
-+ EVP_MD_CTX *mdctx;
-+ EVP_PKEY_CTX *pctx;
-+ const EVP_MD *md = EVP_get_digestbyname("sha256");
-+ unsigned char *sig = (unsigned char*)sig_in;
-+
-+ if(d2i_X509(&cert, &certificate, certlen) == NULL) {
-+ fprintf(stderr, "E: could not parse X509 certificate\n");
-+ return TEST_RV_FAIL;
-+ }
-+ pkey = X509_get0_pubkey(cert);
-+ if(pkey == NULL) {
-+ fprintf(stderr, "E: could not find public key in certificate\n");
-+ return TEST_RV_FAIL;
-+ }
-+ mdctx = EVP_MD_CTX_new();
-+ if(EVP_DigestVerifyInit(mdctx, &pctx, md, NULL, pkey) != 1) {
-+ fprintf(stderr, "E: initialization for signature validation failed!\n");
-+ return TEST_RV_FAIL;
-+ }
-+ if(EVP_DigestVerifyUpdate(mdctx, (const unsigned char*)"foo", 3) != 1) {
-+ fprintf(stderr, "E: hashing for signature failed!\n");
-+ return TEST_RV_FAIL;
- }
-
-- free(s);
-- RSA_free(rsa);
--
-- return ret;
-+ ECDSA_SIG* ec_sig;
-+ if(!is_rsa) {
-+ BIGNUM *r;
-+ BIGNUM *s;
-+ ec_sig = ECDSA_SIG_new();
-+ if((r = BN_bin2bn(sig, siglen / 2, NULL)) == NULL) {
-+ fprintf(stderr, "E: could not convert R part of ECDSA signature!\n");
-+ return TEST_RV_FAIL;
-+ }
-+ if((s = BN_bin2bn(sig + (siglen / 2), siglen / 2, NULL)) == NULL) {
-+ fprintf(stderr, "E: could not convert S part of ECDSA signature!\n");
-+ return TEST_RV_FAIL;
-+ }
-+ if(ECDSA_SIG_set0(ec_sig, r, s) == 0) {
-+ fprintf(stderr, "E: could not set ECDSA_SIG structure!\n");
-+ return TEST_RV_FAIL;
-+ }
-+ siglen = i2d_ECDSA_SIG(ec_sig, NULL);
-+ unsigned char *dersig = sig = malloc(siglen);
-+ siglen = i2d_ECDSA_SIG(ec_sig, &dersig);
-+ }
-+ if(EVP_DigestVerifyFinal(mdctx, sig, siglen) != 1) {
-+ fprintf(stderr, "E: signature fails validation!\n");
-+ return TEST_RV_FAIL;
-+ }
-+ if(!is_rsa) {
-+ free(sig);
-+ }
-+ printf("signature verified\n");
-+ return TEST_RV_OK;
-+#else
-+ printf("OpenSSL too old for verification\n");
-+#endif
- }
--
- #endif
-
--int test_key(char* label, CK_SESSION_HANDLE session, CK_SLOT_ID slot EIDT_UNUSED) {
-+int test_key(char* label, CK_SESSION_HANDLE session, CK_SLOT_ID slot) {
- CK_ATTRIBUTE attr[2];
- CK_MECHANISM mech;
-+ CK_MECHANISM_TYPE_PTR mechlist;
- CK_BYTE data[] = { 'f', 'o', 'o' };
- CK_BYTE_PTR sig, mod, exp;
- CK_ULONG sig_len, type, count;
-- CK_OBJECT_HANDLE privatekey, publickey;
-+ CK_OBJECT_HANDLE privatekey, publickey, certificate;
-+ bool is_rsa = false;
-+ int i;
-
- attr[0].type = CKA_CLASS;
- attr[0].pValue = &type;
-@@ -113,7 +138,22 @@
- return TEST_RV_SKIP;
- }
-
-- mech.mechanism = CKM_SHA256_RSA_PKCS;
-+ check_rv(C_GetMechanismList(slot, NULL_PTR, &count));
-+ mechlist = malloc(sizeof(CK_MECHANISM_TYPE) * count);
-+#undef CHECK_RV_DEALLOCATE
-+#define CHECK_RV_DEALLOCATE free(mechlist)
-+
-+ check_rv(C_GetMechanismList(slot, mechlist, &count));
-+
-+ for(i=0; i<count; i++) {
-+ if(mechlist[i] == CKM_SHA256_RSA_PKCS) {
-+ mech.mechanism = mechlist[i];
-+ i=count;
-+ is_rsa = true;
-+ break;
-+ }
-+ }
-+
- check_rv(C_SignInit(session, &mech, privatekey));
-
- check_rv(C_Sign(session, data, sizeof(data), NULL, &sig_len));
-@@ -124,42 +164,68 @@
-
- hex_dump((char*)sig, sig_len);
-
-- type = CKO_PUBLIC_KEY;
-- check_rv(C_FindObjectsInit(session, attr, 2));
-- check_rv(C_FindObjects(session, &publickey, 1, &count));
-- verbose_assert(count == 1);
-- check_rv(C_FindObjectsFinal(session));
-+ if(is_rsa) {
-+ type = CKO_PUBLIC_KEY;
-+ check_rv(C_FindObjectsInit(session, attr, 2));
-+ check_rv(C_FindObjects(session, &publickey, 1, &count));
-+ verbose_assert(count == 1);
-+ check_rv(C_FindObjectsFinal(session));
-
-- attr[0].type = CKA_MODULUS;
-- attr[0].pValue = NULL_PTR;
-- attr[0].ulValueLen = 0;
-+ attr[0].type = CKA_MODULUS;
-+ attr[0].pValue = NULL_PTR;
-+ attr[0].ulValueLen = 0;
-
-- attr[1].type = CKA_PUBLIC_EXPONENT;
-- attr[1].pValue = NULL_PTR;
-- attr[1].ulValueLen = 0;
-+ attr[1].type = CKA_PUBLIC_EXPONENT;
-+ attr[1].pValue = NULL_PTR;
-+ attr[1].ulValueLen = 0;
-
-- check_rv(C_GetAttributeValue(session, publickey, attr, 2));
-+ check_rv(C_GetAttributeValue(session, publickey, attr, 2));
-
-- verbose_assert(attr[0].ulValueLen == sig_len);
-+ verbose_assert(attr[0].ulValueLen == sig_len);
-
-- mod = malloc(attr[0].ulValueLen);
-- mod[0] = 0xde; mod[1] = 0xad; mod[2] = 0xbe; mod[3] = 0xef;
-- exp = malloc(attr[1].ulValueLen);
-- exp[0] = 0xde; exp[1] = 0xad; exp[2] = 0xbe; exp[3] = 0xef;
-+ mod = malloc(attr[0].ulValueLen);
-+ mod[0] = 0xde; mod[1] = 0xad; mod[2] = 0xbe; mod[3] = 0xef;
-+ exp = malloc(attr[1].ulValueLen);
-+ exp[0] = 0xde; exp[1] = 0xad; exp[2] = 0xbe; exp[3] = 0xef;
-
-- attr[0].pValue = mod;
-- attr[1].pValue = exp;
-+ attr[0].pValue = mod;
-+ attr[1].pValue = exp;
-
-- check_rv(C_GetAttributeValue(session, publickey, attr, 2));
-+ check_rv(C_GetAttributeValue(session, publickey, attr, 2));
-
-- printf("Received key modulus with length %lu:\n", attr[0].ulValueLen);
-- hex_dump((char*)mod, attr[0].ulValueLen);
-+ printf("Received key modulus with length %lu:\n", attr[0].ulValueLen);
-+ hex_dump((char*)mod, attr[0].ulValueLen);
-
-- printf("Received public exponent of key with length %lu:\n", attr[1].ulValueLen);
-- hex_dump((char*)exp, attr[1].ulValueLen);
-+ printf("Received public exponent of key with length %lu:\n", attr[1].ulValueLen);
-+ hex_dump((char*)exp, attr[1].ulValueLen);
-+ }
-
--#if HAVE_OPENSSL
-- return verify_sig(sig, sig_len, mod, attr[0].ulValueLen, exp, attr[1].ulValueLen);
-+#if HAVE_OPENSSL && OPENSSL_VERSION_NUMBER > 0x10100000L
-+ unsigned char cert[4096];
-+ attr[0].type = CKA_CLASS;
-+ attr[0].pValue = &type;
-+ type = CKO_CERTIFICATE;
-+ attr[0].ulValueLen = sizeof(CK_ULONG);
-+
-+ attr[1].type = CKA_LABEL;
-+ attr[1].pValue = label;
-+ attr[1].ulValueLen = strlen(label);
-+
-+ check_rv(C_FindObjectsInit(session, attr, 2));
-+ check_rv(C_FindObjects(session, &certificate, 1, &count));
-+ verbose_assert(count == 1);
-+ check_rv(C_FindObjectsFinal(session));
-+
-+ attr[0].type = CKA_VALUE;
-+ attr[0].pValue = cert;
-+ attr[0].ulValueLen = sizeof(cert);
-+
-+ check_rv(C_GetAttributeValue(session, certificate, attr, 1));
-+
-+ printf("Received certificate with length %lu:\n", attr[0].ulValueLen);
-+ hex_dump((char*)cert, attr[0].ulValueLen);
-+
-+ return verify_sig(sig, sig_len, cert, attr[0].ulValueLen, is_rsa);
- #else
- return TEST_RV_OK;
- #endif
diff --git a/app-crypt/eid-mw/metadata.xml b/app-crypt/eid-mw/metadata.xml
index 99549db6384a..1ef7d1fc9202 100644
--- a/app-crypt/eid-mw/metadata.xml
+++ b/app-crypt/eid-mw/metadata.xml
@@ -28,8 +28,5 @@ These three functions form the basis of the countless applications for your eID.
<flag name="p11-kit">
Support for app-crypt/p11-kit.
</flag>
- <flag name="p11v220">
- Enable PKCS#11 v2.20 features.
- </flag>
</use>
</pkgmetadata>