packaging/cert-svc.spec

   1 %define certsvc_test_build 0
   2
   3 Name:    cert-svc
   4 Summary: Certification service
   5 Version: 2.2.1
   6 Release: 0
   7 Group:   Security/Certificate Management
   8 License: Apache-2.0
   9 Source0: %{name}-%{version}.tar.gz
  10 BuildRequires: cmake
  11 BuildRequires: coreutils
  12 BuildRequires: findutils
  13 BuildRequires: pkgconfig(dlog)
  14 BuildRequires: pkgconfig(klay)
  15 BuildRequires: openssl1.1
  16 BuildRequires: pkgconfig(openssl1.1)
  17 BuildRequires: pkgconfig(libpcrecpp)
  18 BuildRequires: pkgconfig(xmlsec1)
  19 BuildRequires: pkgconfig(libxml-2.0)
  20 BuildRequires: pkgconfig(libxslt)
  21 BuildRequires: pkgconfig(libsystemd-daemon)
  22 BuildRequires: pkgconfig(key-manager)
  23 BuildRequires: pkgconfig(libtzplatform-config)
  24 BuildRequires: pkgconfig(libsystemd-journal)
  25 BuildRequires: pkgconfig(sqlite3)
  26 BuildRequires: ca-certificates
  27 BuildRequires: ca-certificates-devel
  28 BuildRequires: ca-certificates-tizen-devel
  29 Requires: ca-certificates
  30 Requires: ca-certificates-tizen
  31 Requires: security-config
  32 # to prevent auto require lower version of libc including examples/resource/player/bin/player
  33 # https://fedoraproject.org/wiki/Packaging:AutoProvidesAndRequiresFiltering?rd=PackagingDrafts/AutoProvidesAndRequiresFiltering
  34 %global __requires_exclude_from examples/
  35
  36
  37 %global user_name security_fw
  38 %global group_name security_fw
  39 %global server_stream /tmp/.cert-server.socket
  40 %global smack_domain_name System
  41
  42 %global bin_dir                 %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir}
  43 %global etc_dir                 %{?TZ_SYS_ETC:%TZ_SYS_ETC}%{!?TZ_SYS_ETC:/opt/etc}
  44 %global rw_data_dir             %{?TZ_SYS_SHARE:%TZ_SYS_SHARE}%{!?TZ_SYS_SHARE:/opt/share}
  45 %global ro_data_dir             %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir}
  46 %global rw_app_dir              %{?TZ_SYS_RW_APP:%TZ_SYS_RW_APP}%{!?TZ_SYS_RW_APP:/opt/usr/apps}
  47
  48 %global cert_svc_path           %rw_data_dir/cert-svc
  49 %global cert_svc_ro_path        %ro_data_dir/cert-svc
  50 %global cert_svc_db_path        %cert_svc_path/dbspace
  51 %global cert_svc_pkcs12         %cert_svc_path/pkcs12
  52 %global cert_svc_ca_bundle      %cert_svc_path/ca-certificate.crt
  53 %global cert_svc_examples       %cert_svc_ro_path/examples
  54 %global cert_svc_tests          %rw_app_dir/cert-svc-tests
  55
  56 %description
  57 Certification service
  58
  59 %package devel
  60 Summary:    Certification service (development files)
  61 Group:      Development/Libraries
  62 Requires:   %{name} = %{version}-%{release}
  63
  64 %description devel
  65 Certification service (development files)
  66
  67 %if 0%{?certsvc_test_build}
  68 %package test
  69 Summary:  Certification service (tests)
  70 Group:    Security/Testing
  71 Requires: ca-certificates-tizen
  72 Requires: %{name} = %{version}-%{release}
  73 Requires: %{name}-test-binaries = %{version}-%{release}
  74
  75 %description test
  76 Certification service (tests)
  77
  78 %package test-binaries
  79 Summary:  Certification service (test binaries)
  80 Group:    Security/Testing
  81 AutoReq:  no
  82 Requires: %{name}-test = %{version}-%{release}
  83
  84 %description test-binaries
  85 Certification service (test binaries)
  86 %endif
  87
  88 %prep
  89 %setup -q
  90
  91 %build
  92 %if 0%{?sec_build_binary_debug_enable}
  93 export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
  94 export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE"
  95 export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE"
  96 %endif
  97
  98 %if 0%{?tizen_build_devel_mode}
  99 export CFLAGS="$CFLAGS -DTIZEN_ENGINEER_MODE"
 100 export CXXFLAGS="$CXXFLAGS -DTIZEN_ENGINEER_MODE"
 101 export FFLAGS="$FFLAGS -DTIZEN_ENGINEER_MODE"
 102 %endif
 103
 104 %ifarch %{ix86}
 105 export CFLAGS="$CFLAGS -DTIZEN_EMULATOR_MODE"
 106 export CXXFLAGS="$CXXFLAGS -DTIZEN_EMULATOR_MODE"
 107 export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE"
 108 %endif
 109
 110 # gcc v9 and new Tizen toolchain adds Wall and this code pretty much always checks string & buffer lenghts
 111 export CFLAGS="$CFLAGS -Wno-stringop-truncation -Wno-stringop-overflow"
 112 export CXXFLAGS="$CXXFLAGS -Wno-stringop-truncation -Wno-stringop-overflow"
 113
 114 %{!?build_type:%define build_type "Release"}
 115 %cmake . -DVERSION=%version \
 116          -DINCLUDEDIR=%_includedir \
 117          -DUSER_NAME=%user_name \
 118          -DGROUP_NAME=%group_name \
 119          -DSERVER_STREAM=%server_stream \
 120          -DSMACK_DOMAIN_NAME=%smack_domain_name \
 121          -DRO_DATA_DIR=%ro_data_dir \
 122          -DBIN_DIR=%bin_dir \
 123          -DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \
 124          -DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \
 125          -DTZ_SYS_CA_BUNDLE=%TZ_SYS_CA_BUNDLE \
 126          -DTZ_SYS_RO_CA_CERTS=%TZ_SYS_RO_CA_CERTS \
 127          -DTZ_SYS_RO_CA_BUNDLE=%TZ_SYS_RO_CA_BUNDLE \
 128          -DCERT_SVC_CA_BUNDLE=%cert_svc_ca_bundle \
 129          -DCERT_SVC_PATH=%cert_svc_path \
 130          -DCERT_SVC_RO_PATH=%cert_svc_ro_path \
 131          -DCERT_SVC_PKCS12=%cert_svc_pkcs12 \
 132          -DCERT_SVC_DB_PATH=%cert_svc_db_path \
 133 %if 0%{?certsvc_test_build}
 134          -DCERTSVC_TEST_BUILD=1 \
 135          -DCERT_SVC_TESTS=%cert_svc_tests \
 136          -DCERT_SVC_EXAMPLES=%cert_svc_examples \
 137 %endif
 138          -DCMAKE_BUILD_TYPE=%build_type \
 139          -DSYSTEMD_UNIT_DIR=%_unitdir
 140
 141 make %{?_smp_mflags}
 142
 143 %install
 144 %make_install
 145 %install_service sockets.target.wants cert-server.socket
 146
 147 mkdir -p %buildroot%cert_svc_pkcs12
 148
 149 touch %buildroot%cert_svc_db_path/certs-meta.db-journal
 150
 151 ln -sf %TZ_SYS_CA_BUNDLE %buildroot%cert_svc_ca_bundle
 152
 153 %preun
 154 # erase
 155 if [ $1 = 0 ]; then
 156     systemctl stop cert-server.service
 157 fi
 158
 159 %post
 160 /sbin/ldconfig
 161 systemctl daemon-reload
 162 # install
 163 if [ $1 = 1 ]; then
 164     systemctl start cert-server.socket
 165 fi
 166 # reinstall
 167 if [ $1 = 2 ]; then
 168     systemctl restart cert-server.socket
 169 fi
 170
 171 %postun -p /sbin/ldconfig
 172
 173 %files
 174 %manifest %name.manifest
 175 %license LICENSE
 176 %_unitdir/cert-server.service
 177 %_unitdir/cert-server.socket
 178 %_unitdir/sockets.target.wants/cert-server.socket
 179 %_libdir/libcert-svc-vcore.so.*
 180 %bin_dir/cert-server
 181 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_path
 182 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_pkcs12
 183 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path
 184 %attr(-, %{user_name}, %{group_name}) %cert_svc_ca_bundle
 185 %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db
 186 %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db-journal
 187 %attr(-, %{user_name}, %{group_name}) %cert_svc_ro_path
 188
 189 %files devel
 190 %_includedir/*
 191 %_libdir/pkgconfig/*
 192 %_libdir/libcert-svc-vcore.so
 193
 194 %if 0%{?certsvc_test_build}
 195 %files test
 196 %bin_dir/cert-svc-test*
 197 %dir %cert_svc_tests
 198 %cert_svc_tests/p12
 199 %cert_svc_tests/certs
 200 %_libdir/libcert-svc-validator-plugin.so
 201
 202 %bin_dir/cert-svc-example*
 203 %cert_svc_examples
 204
 205 %files test-binaries
 206 %cert_svc_tests/apps
 207
 208 %endif