diff --git a/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg b/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..30cd72996164fbba16fd2ee7098b8d28633c03e8
Binary files /dev/null and b/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg differ
diff --git a/p11-kit-0.24.1.tar.xz b/p11-kit-0.24.1.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..13459397de519e243dcc058dd1a157ea2f6ca381
Binary files /dev/null and b/p11-kit-0.24.1.tar.xz differ
diff --git a/p11-kit-0.24.1.tar.xz.sig b/p11-kit-0.24.1.tar.xz.sig
new file mode 100644
index 0000000000000000000000000000000000000000..bfc093a7692f3e40039a2f4a8deab7160234168e
Binary files /dev/null and b/p11-kit-0.24.1.tar.xz.sig differ
diff --git a/p11-kit-client.service b/p11-kit-client.service
new file mode 100644
index 0000000000000000000000000000000000000000..c9b8e30b694259259c3c6032c083e2df0f5078b7
--- /dev/null
+++ b/p11-kit-client.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=p11-kit client
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+RuntimeDirectory=p11-kit
+ExecStart=/usr/bin/true
+
+[Install]
+WantedBy=default.target
diff --git a/p11-kit.spec b/p11-kit.spec
new file mode 100644
index 0000000000000000000000000000000000000000..3194f0dff2eca4460b7ad559c46a2fad7270aa3e
--- /dev/null
+++ b/p11-kit.spec
@@ -0,0 +1,150 @@
+%define anolis_release 1
+
+Version:	0.24.1
+Release: 	%{anolis_release}%{?dist}
+Name:           p11-kit
+Summary:        Library for loading and sharing PKCS#11 modules
+
+License:        BSD
+URL:            http://p11-glue.freedesktop.org/p11-kit.html
+Source0:        https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz
+Source1:        https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig
+Source2:        gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
+Source3:        trust-extract-compat
+Source4:        p11-kit-client.service
+
+BuildRequires:  gcc
+BuildRequires:  libtasn1-devel >= 2.3
+BuildRequires:  libffi-devel
+BuildRequires:  gettext
+BuildRequires:  gtk-doc
+BuildRequires:  meson
+BuildRequires:  systemd-devel
+BuildRequires:  bash-completion
+BuildRequires:  pkgconfig(glib-2.0)
+BuildRequires:  gnupg2
+BuildRequires:  /usr/bin/xsltproc
+
+%description
+p11-kit provides a way to load and enumerate PKCS#11 modules, as well
+as a standard configuration setup for installing PKCS#11 modules in
+such a way that they're discoverable.
+
+
+%package devel
+Summary:        Development files for %{name}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+
+%package trust
+Summary:            System trust module from %{name}
+Requires:           %{name}%{?_isa} = %{version}-%{release}
+Requires(post):     %{_sbindir}/update-alternatives
+Requires(postun):   %{_sbindir}/update-alternatives
+Conflicts:          nss < 3.14.3-9
+
+%description trust
+The %{name}-trust package contains a system trust PKCS#11 module which
+contains certificate anchors and black lists.
+
+
+%package server
+Summary:        Server and client commands for %{name}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description server
+The %{name}-server package contains command line tools that enable to
+export PKCS#11 modules through a Unix domain socket.  Note that this
+feature is still experimental.
+
+%define multilib_arches x86_64
+%ifarch %{multilib_arches}
+%define alt_ckbi  libnssckbi.so.%{_arch}
+%else
+%define alt_ckbi  libnssckbi.so
+%endif
+
+%prep
+gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
+
+%autosetup -p1
+
+%build
+%meson -Dgtk_doc=true -Dman=true -Dtrust_paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source
+%meson_build
+
+%install
+%meson_install
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules
+install -p -m 755 %{SOURCE3} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
+# Install the example conf with %%doc instead
+mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}
+mv $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example $RPM_BUILD_ROOT%{_docdir}/%{name}/pkcs11.conf.example
+mkdir -p $RPM_BUILD_ROOT%{_userunitdir}
+install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_userunitdir}
+%find_lang %{name}
+
+%check
+%meson_test
+
+
+%post trust
+%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \
+        %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30
+
+%postun trust
+if [ $1 -eq 0 ] ; then
+        # package removal
+        %{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
+fi
+
+
+%files -f %{name}.lang
+%{!?_licensedir:%global license %%doc}
+%license COPYING
+%doc AUTHORS NEWS README
+%{_docdir}/%{name}/pkcs11.conf.example
+%dir %{_sysconfdir}/pkcs11
+%dir %{_sysconfdir}/pkcs11/modules
+%dir %{_datadir}/p11-kit
+%dir %{_datadir}/p11-kit/modules
+%dir %{_libexecdir}/p11-kit
+%{_bindir}/p11-kit
+%{_libdir}/libp11-kit.so.*
+%{_libdir}/p11-kit-proxy.so
+%{_libexecdir}/p11-kit/p11-kit-remote
+%{_mandir}/man1/trust.1.gz
+%{_mandir}/man8/p11-kit.8.gz
+%{_mandir}/man5/pkcs11.conf.5.gz
+%{_datadir}/bash-completion/completions/p11-kit
+
+%files devel
+%{_includedir}/p11-kit-1/
+%{_libdir}/libp11-kit.so
+%{_libdir}/pkgconfig/p11-kit-1.pc
+%doc %{_datadir}/gtk-doc/
+
+%files trust
+%{_bindir}/trust
+%dir %{_libdir}/pkcs11
+%ghost %{_libdir}/libnssckbi.so
+%{_libdir}/pkcs11/p11-kit-trust.so
+%{_datadir}/p11-kit/modules/p11-kit-trust.module
+%{_libexecdir}/p11-kit/trust-extract-compat
+%{_datadir}/bash-completion/completions/trust
+
+%files server
+%{_libdir}/pkcs11/p11-kit-client.so
+%{_userunitdir}/p11-kit-client.service
+%{_libexecdir}/p11-kit/p11-kit-server
+%{_userunitdir}/p11-kit-server.service
+%{_userunitdir}/p11-kit-server.socket
+
+
+%changelog
+* Tue Mar 08 2022 liuzhilin <liuzhilin@uniontech.com> - 0.24.1-1
+- Init for Anolis OS 23
diff --git a/trust-extract-compat b/trust-extract-compat
new file mode 100755
index 0000000000000000000000000000000000000000..1976f22e832ce7c332faa869f8e4cd82b87ea58e
--- /dev/null
+++ b/trust-extract-compat
@@ -0,0 +1,15 @@
+#!/usr/bin/bash
+
+set -e
+
+if test "$UID" != "0"; then
+	echo "p11-kit: the 'extract-trust' command must be run as root" >&2
+	exit 2
+fi
+
+if test $# -gt 1; then
+	echo "p11-kit: no additional arguments are supported for this command" >&2
+	exit 2
+fi
+
+exec /usr/bin/update-ca-trust