1 Summary: System wide CA certificates resource
6 Group: Security/Certificate Management
7 Source0: %{name}-%{version}.tar.gz
9 BuildRequires: openssl1.1
10 BuildRequires: pkgconfig(libtzplatform-config)
12 BuildRequires: coreutils
13 BuildRequires: findutils
15 Requires: security-config
18 Utilities for system wide CA certificate installation
21 Summary: Devel package of ca-certificates which contains RPM macros
22 Group: Development/Libraries
24 Requires: %name = %version-%release
27 ca-certificates devel package which contains RPM macros
28 for ca-bundle and ssl certs directory
30 %define user_name security_fw
31 %define group_name security_fw
32 %define smack_domain_name System::Shared
35 %define var_dir %{?TZ_SYS_VAR:%TZ_SYS_VAR}%{!?TZ_SYS_VAR:/opt/var}
36 %define etc_dir %{?TZ_SYS_ETC:%TZ_SYS_ETC}%{!?TZ_SYS_ETC:/opt/etc}
37 %define ro_etc_dir %{?TZ_SYS_RO_ETC:%TZ_SYS_RO_ETC}%{!?TZ_SYS_RO_ETC:%_sysconfdir}
38 %define ssl_dir %{etc_dir}/ssl
39 %define ro_ssl_dir %{ro_etc_dir}/ssl
40 %define ro_data_dir %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir}
41 %define ro_ca_certs_root_dir %{ro_data_dir}/ca-certificates
44 %define ro_ca_certs_orig_dir %{ro_ca_certs_root_dir}/certs
45 %define ro_ca_certs_script_dir %{ro_ca_certs_root_dir}/scripts
46 %define ro_ca_certs_dir %{ro_ssl_dir}/certs
47 %define ca_certs_dir %{ssl_dir}/certs
50 %define ca_bundle_dir %{var_dir}/lib/ca-certificates
51 %define ca_bundle %{ca_bundle_dir}/ca-bundle.pem
52 %define ro_ca_bundle %{ro_ssl_dir}/ca-bundle.pem
53 %define old_ca_bundle_dir /opt/share/ca-certificates
56 %define macro_ca_certificates %{ro_etc_dir}/rpm/macros.ca-certificates
62 %cmake . -DVERSION=%version \
63 -DUSER_NAME=%user_name \
64 -DGROUP_NAME=%group_name \
65 -DSMACK_DOMAIN_NAME=%smack_domain_name \
66 -DTZ_SYS_CA_CERTS=%ca_certs_dir \
67 -DTZ_SYS_CA_BUNDLE=%ca_bundle \
68 -DTZ_SYS_RO_CA_BUNDLE=%ro_ca_bundle \
69 -DTZ_SYS_CA_BUNDLE_DIR=%ca_bundle_dir \
70 -DTZ_SYS_RO_CA_CERTS_ORIG=%ro_ca_certs_orig_dir \
71 -DTZ_SYS_RO_CA_CERTS_SCRIPT=%ro_ca_certs_script_dir \
72 -DRO_CA_CERTS_ROOT_DIR=%ro_ca_certs_root_dir \
73 -DOLD_CA_BUNDLE_DIR=%old_ca_bundle_dir
78 mkdir -p %{buildroot}%{ro_etc_dir}/rpm
79 touch %{buildroot}%{macro_ca_certificates}
80 echo "%TZ_SYS_RO_CA_CERTS_ORIG %{ro_ca_certs_orig_dir}" >> %{buildroot}%{macro_ca_certificates}
81 echo "%TZ_SYS_RO_CA_CERTS_SCRIPT %{ro_ca_certs_script_dir}" >> %{buildroot}%{macro_ca_certificates}
82 echo "%TZ_SYS_RO_CA_CERTS %{ro_ca_certs_dir}" >> %{buildroot}%{macro_ca_certificates}
83 echo "%TZ_SYS_CA_CERTS %{ca_certs_dir}" >> %{buildroot}%{macro_ca_certificates}
84 echo "%TZ_SYS_RO_CA_BUNDLE %{ro_ca_bundle}" >> %{buildroot}%{macro_ca_certificates}
85 echo "%TZ_SYS_CA_BUNDLE %{ca_bundle}" >> %{buildroot}%{macro_ca_certificates}
89 # generate directories
90 mkdir -p %{buildroot}%{ca_bundle_dir}
91 mkdir -p %{buildroot}%{ro_ssl_dir}
92 mkdir -p %{buildroot}%{ca_certs_dir}
94 # generate original CA bundle
95 %{buildroot}%{ro_ca_certs_script_dir}/concat-cacerts.sh \
96 %{buildroot}%{ro_ca_certs_orig_dir} \
97 %{buildroot}%{ca_bundle}
99 # link files and directory
100 %{buildroot}%{ro_ca_certs_script_dir}/gen-symlinks.sh \
104 %{ro_ca_certs_orig_dir} \
110 %manifest %{name}.manifest
112 # original CA Certificates
113 %dir %{ro_ca_certs_orig_dir}
114 %attr(444, root, root) %{ro_ca_certs_orig_dir}/*
115 # symbol Certificates : R0 area
117 # symbol Certificates : RW area
118 %dir %attr(775, %{user_name}, %{group_name}) %{ca_certs_dir}
121 %dir %{ca_bundle_dir}
122 %attr(664, root, %{group_name}) %{ca_bundle}
125 # scripts for managing certificates
126 %dir %{ro_ca_certs_script_dir}
127 %attr(744, root, root) %{ro_ca_certs_script_dir}/*
130 %config %{macro_ca_certificates}