1 %define certsvc_test_build 0
4 Summary: Certification service
7 Group: Security/Certificate Management
8 License: Apache-2.0 and OpenSSL
9 Source0: %{name}-%{version}.tar.gz
11 BuildRequires: coreutils
12 BuildRequires: findutils
13 BuildRequires: openssl
14 BuildRequires: pkgconfig(dlog)
15 BuildRequires: pkgconfig(klay)
16 BuildRequires: pkgconfig(openssl)
17 BuildRequires: pkgconfig(libpcrecpp)
18 BuildRequires: pkgconfig(xmlsec1)
19 BuildRequires: pkgconfig(libxml-2.0)
20 BuildRequires: pkgconfig(libxslt)
21 BuildRequires: pkgconfig(db-util)
22 BuildRequires: pkgconfig(libsystemd-daemon)
23 BuildRequires: pkgconfig(key-manager)
24 BuildRequires: pkgconfig(libtzplatform-config)
25 BuildRequires: pkgconfig(libsystemd-journal)
26 BuildRequires: pkgconfig(sqlite3)
27 BuildRequires: ca-certificates
28 BuildRequires: ca-certificates-devel
29 BuildRequires: ca-certificates-tizen-devel
30 Requires: ca-certificates
31 Requires: ca-certificates-tizen
32 Requires: security-config
35 %global user_name security_fw
36 %global group_name security_fw
37 %global server_stream /tmp/.cert-server.socket
38 %global smack_domain_name System
40 %global bin_dir %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir}
41 %global etc_dir %{?TZ_SYS_ETC:%TZ_SYS_ETC}%{!?TZ_SYS_ETC:/opt/etc}
42 %global rw_data_dir %{?TZ_SYS_SHARE:%TZ_SYS_SHARE}%{!?TZ_SYS_SHARE:/opt/share}
43 %global ro_data_dir %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir}
44 %global rw_app_dir %{?TZ_SYS_RW_APP:%TZ_SYS_RW_APP}%{!?TZ_SYS_RW_APP:/opt/usr/apps}
46 %global cert_svc_path %rw_data_dir/cert-svc
47 %global cert_svc_ro_path %ro_data_dir/cert-svc
48 %global cert_svc_db_path %cert_svc_path/dbspace
49 %global cert_svc_pkcs12 %cert_svc_path/pkcs12
50 %global cert_svc_transec %cert_svc_path/transec
51 %global cert_svc_transec_res %cert_svc_transec/res
52 %global cert_svc_transec_usr %cert_svc_transec/usr
53 %global cert_svc_transec_global %cert_svc_transec/global
54 %global cert_svc_transec_bundle %cert_svc_transec_res/ca-bundle.pem
55 %global cert_svc_ca_bundle %cert_svc_path/ca-certificate.crt
56 %global cert_svc_examples %cert_svc_ro_path/examples
57 %global cert_svc_tests %rw_app_dir/cert-svc-tests
59 %global cert_svc_old_db_path /opt/share/cert-svc/dbspace
60 %global upgrade_script_path %ro_data_dir/upgrade/scripts
61 %global upgrade_data_path %ro_data_dir/upgrade/data
67 Summary: Certification service (development files)
68 Group: Development/Libraries
69 Requires: %{name} = %{version}-%{release}
72 Certification service (development files)
74 %if 0%{?certsvc_test_build}
76 Summary: Certification service (tests)
77 Group: Security/Testing
78 Requires: ca-certificates-tizen
79 Requires: %{name} = %{version}-%{release}
82 Certification service (tests)
89 %if 0%{?sec_build_binary_debug_enable}
90 export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
91 export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE"
92 export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE"
95 %if 0%{?tizen_build_devel_mode}
96 export CFLAGS="$CFLAGS -DTIZEN_ENGINEER_MODE"
97 export CXXFLAGS="$CXXFLAGS -DTIZEN_ENGINEER_MODE"
98 export FFLAGS="$FFLAGS -DTIZEN_ENGINEER_MODE"
102 export CFLAGS="$CFLAGS -DTIZEN_EMULATOR_MODE"
103 export CXXFLAGS="$CXXFLAGS -DTIZEN_EMULATOR_MODE"
104 export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE"
107 %{!?build_type:%define build_type "Release"}
108 %cmake . -DVERSION=%version \
109 -DINCLUDEDIR=%_includedir \
110 -DUSER_NAME=%user_name \
111 -DGROUP_NAME=%group_name \
112 -DSERVER_STREAM=%server_stream \
113 -DSMACK_DOMAIN_NAME=%smack_domain_name \
114 -DRO_DATA_DIR=%ro_data_dir \
116 -DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \
117 -DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \
118 -DTZ_SYS_CA_BUNDLE=%TZ_SYS_CA_BUNDLE \
119 -DTZ_SYS_RO_CA_CERTS=%TZ_SYS_RO_CA_CERTS \
120 -DTZ_SYS_RO_CA_BUNDLE=%TZ_SYS_RO_CA_BUNDLE \
121 -DCERT_SVC_CA_BUNDLE=%cert_svc_ca_bundle \
122 -DFINGERPRINT_LIST_RW_PATH=%TZ_SYS_REVOKED_CERTS_FINGERPRINTS_RUNTIME \
123 -DCERT_SVC_PATH=%cert_svc_path \
124 -DCERT_SVC_RO_PATH=%cert_svc_ro_path \
125 -DCERT_SVC_PKCS12=%cert_svc_pkcs12 \
126 -DCERT_SVC_TRANSEC_USR=%cert_svc_transec_usr \
127 -DCERT_SVC_TRANSEC_GLOBAL=%cert_svc_transec_global \
128 -DCERT_SVC_TRANSEC_BUNDLE=%cert_svc_transec_bundle \
129 -DCERT_SVC_DB_PATH=%cert_svc_db_path \
130 -DCERT_SVC_OLD_DB_PATH=%cert_svc_old_db_path \
131 -DUPGRADE_SCRIPT_PATH=%upgrade_script_path \
132 -DUPGRADE_DATA_PATH=%upgrade_data_path \
133 %if 0%{?certsvc_test_build}
134 -DCERTSVC_TEST_BUILD=1 \
135 -DCERT_SVC_TESTS=%cert_svc_tests \
136 -DCERT_SVC_EXAMPLES=%cert_svc_examples \
138 -DCMAKE_BUILD_TYPE=%build_type \
139 -DSYSTEMD_UNIT_DIR=%_unitdir
145 %install_service sockets.target.wants cert-server.socket
147 mkdir -p %buildroot%cert_svc_pkcs12
148 mkdir -p %buildroot%cert_svc_transec_res
149 mkdir -p %buildroot%cert_svc_transec_usr
150 mkdir -p %buildroot%cert_svc_transec_global
152 touch %buildroot%cert_svc_db_path/certs-meta.db-journal
153 touch %buildroot%cert_svc_transec_bundle
155 ln -sf %TZ_SYS_CA_BUNDLE %buildroot%cert_svc_ca_bundle
160 systemctl stop cert-server.service
165 systemctl daemon-reload
168 systemctl start cert-server.socket
170 # upgrade / reinstall
172 systemctl restart cert-server.socket
175 %postun -p /sbin/ldconfig
178 %manifest %name.manifest
180 %license LICENSE.OpenSSL
181 %_unitdir/cert-server.service
182 %_unitdir/cert-server.socket
183 %_unitdir/sockets.target.wants/cert-server.socket
184 %_libdir/libcert-svc-vcore.so.*
185 %_libdir/libcert-svc-transec.so.*
187 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_path
188 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_pkcs12
189 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path
190 %attr(-, %{user_name}, %{group_name}) %cert_svc_ca_bundle
191 %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db
192 %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db-journal
193 %attr(-, %{user_name}, %{group_name}) %cert_svc_ro_path
194 %attr(-, %{user_name}, %{group_name}) %cert_svc_transec/*
196 %attr(755, root, root) %upgrade_script_path/202.cert-svc-db-upgrade.sh
197 %attr(755, root, root) %upgrade_script_path/203.cert-svc-disabled-certs-upgrade.sh
198 %upgrade_data_path/certs-meta.db
203 %_libdir/libcert-svc-vcore.so
204 %_libdir/libcert-svc-transec.so
206 %if 0%{?certsvc_test_build}
208 %bin_dir/cert-svc-test*
210 %_libdir/libcert-svc-validator-plugin.so
212 %attr(755, root, root) %upgrade_script_path/cert-svc-test-upgrade.sh
213 %upgrade_data_path/certs-meta-old.db
215 %bin_dir/cert-svc-example*