packaging/cert-svc.spec

   1 %define certsvc_test_build 0
   2
   3 Name:    cert-svc
   4 Summary: Certification service
   5 Version: 2.1.6
   6 Release: 0
   7 Group:   Security/Certificate Management
   8 License: Apache-2.0 and OpenSSL
   9 Source0: %{name}-%{version}.tar.gz
  10 BuildRequires: cmake
  11 BuildRequires: coreutils
  12 BuildRequires: findutils
  13 BuildRequires: openssl
  14 BuildRequires: pkgconfig(dlog)
  15 BuildRequires: pkgconfig(klay)
  16 BuildRequires: pkgconfig(openssl)
  17 BuildRequires: pkgconfig(libpcrecpp)
  18 BuildRequires: pkgconfig(xmlsec1)
  19 BuildRequires: pkgconfig(libxml-2.0)
  20 BuildRequires: pkgconfig(libxslt)
  21 BuildRequires: pkgconfig(db-util)
  22 BuildRequires: pkgconfig(libsystemd-daemon)
  23 BuildRequires: pkgconfig(key-manager)
  24 BuildRequires: pkgconfig(libtzplatform-config)
  25 BuildRequires: pkgconfig(libsystemd-journal)
  26 BuildRequires: pkgconfig(sqlite3)
  27 BuildRequires: ca-certificates
  28 BuildRequires: ca-certificates-devel
  29 BuildRequires: ca-certificates-tizen-devel
  30 Requires: ca-certificates
  31 Requires: ca-certificates-tizen
  32 Requires: security-config
  33 Requires: openssl
  34
  35 %global user_name security_fw
  36 %global group_name security_fw
  37 %global server_stream /tmp/.cert-server.socket
  38 %global smack_domain_name System
  39
  40 %global bin_dir                 %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir}
  41 %global etc_dir                 %{?TZ_SYS_ETC:%TZ_SYS_ETC}%{!?TZ_SYS_ETC:/opt/etc}
  42 %global rw_data_dir             %{?TZ_SYS_SHARE:%TZ_SYS_SHARE}%{!?TZ_SYS_SHARE:/opt/share}
  43 %global ro_data_dir             %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir}
  44 %global rw_app_dir              %{?TZ_SYS_RW_APP:%TZ_SYS_RW_APP}%{!?TZ_SYS_RW_APP:/opt/usr/apps}
  45
  46 %global cert_svc_path           %rw_data_dir/cert-svc
  47 %global cert_svc_ro_path        %ro_data_dir/cert-svc
  48 %global cert_svc_db_path        %cert_svc_path/dbspace
  49 %global cert_svc_pkcs12         %cert_svc_path/pkcs12
  50 %global cert_svc_transec        %cert_svc_path/transec
  51 %global cert_svc_transec_res    %cert_svc_transec/res
  52 %global cert_svc_transec_usr    %cert_svc_transec/usr
  53 %global cert_svc_transec_global %cert_svc_transec/global
  54 %global cert_svc_transec_bundle %cert_svc_transec_res/ca-bundle.pem
  55 %global cert_svc_ca_bundle      %cert_svc_path/ca-certificate.crt
  56 %global cert_svc_examples       %cert_svc_ro_path/examples
  57 %global cert_svc_tests          %rw_app_dir/cert-svc-tests
  58
  59 %global cert_svc_old_db_path    /opt/share/cert-svc/dbspace
  60 %global upgrade_script_path     %ro_data_dir/upgrade/scripts
  61 %global upgrade_data_path       %ro_data_dir/upgrade/data
  62
  63 %description
  64 Certification service
  65
  66 %package devel
  67 Summary:    Certification service (development files)
  68 Group:      Development/Libraries
  69 Requires:   %{name} = %{version}-%{release}
  70
  71 %description devel
  72 Certification service (development files)
  73
  74 %if 0%{?certsvc_test_build}
  75 %package test
  76 Summary:  Certification service (tests)
  77 Group:    Security/Testing
  78 Requires: ca-certificates-tizen
  79 Requires: %{name} = %{version}-%{release}
  80
  81 %description test
  82 Certification service (tests)
  83 %endif
  84
  85 %prep
  86 %setup -q
  87
  88 %build
  89 %if 0%{?sec_build_binary_debug_enable}
  90 export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
  91 export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE"
  92 export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE"
  93 %endif
  94
  95 %if 0%{?tizen_build_devel_mode}
  96 export CFLAGS="$CFLAGS -DTIZEN_ENGINEER_MODE"
  97 export CXXFLAGS="$CXXFLAGS -DTIZEN_ENGINEER_MODE"
  98 export FFLAGS="$FFLAGS -DTIZEN_ENGINEER_MODE"
  99 %endif
 100
 101 %ifarch %{ix86}
 102 export CFLAGS="$CFLAGS -DTIZEN_EMULATOR_MODE"
 103 export CXXFLAGS="$CXXFLAGS -DTIZEN_EMULATOR_MODE"
 104 export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE"
 105 %endif
 106
 107 %{!?build_type:%define build_type "Release"}
 108 %cmake . -DVERSION=%version \
 109          -DINCLUDEDIR=%_includedir \
 110          -DUSER_NAME=%user_name \
 111          -DGROUP_NAME=%group_name \
 112          -DSERVER_STREAM=%server_stream \
 113          -DSMACK_DOMAIN_NAME=%smack_domain_name \
 114          -DRO_DATA_DIR=%ro_data_dir \
 115          -DBIN_DIR=%bin_dir \
 116          -DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \
 117          -DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \
 118          -DTZ_SYS_CA_BUNDLE=%TZ_SYS_CA_BUNDLE \
 119          -DTZ_SYS_RO_CA_CERTS=%TZ_SYS_RO_CA_CERTS \
 120          -DTZ_SYS_RO_CA_BUNDLE=%TZ_SYS_RO_CA_BUNDLE \
 121          -DCERT_SVC_CA_BUNDLE=%cert_svc_ca_bundle \
 122          -DFINGERPRINT_LIST_RW_PATH=%TZ_SYS_REVOKED_CERTS_FINGERPRINTS_RUNTIME \
 123          -DCERT_SVC_PATH=%cert_svc_path \
 124          -DCERT_SVC_RO_PATH=%cert_svc_ro_path \
 125          -DCERT_SVC_PKCS12=%cert_svc_pkcs12 \
 126          -DCERT_SVC_TRANSEC_USR=%cert_svc_transec_usr \
 127          -DCERT_SVC_TRANSEC_GLOBAL=%cert_svc_transec_global \
 128          -DCERT_SVC_TRANSEC_BUNDLE=%cert_svc_transec_bundle \
 129          -DCERT_SVC_DB_PATH=%cert_svc_db_path \
 130          -DCERT_SVC_OLD_DB_PATH=%cert_svc_old_db_path \
 131          -DUPGRADE_SCRIPT_PATH=%upgrade_script_path \
 132          -DUPGRADE_DATA_PATH=%upgrade_data_path \
 133 %if 0%{?certsvc_test_build}
 134          -DCERTSVC_TEST_BUILD=1 \
 135          -DCERT_SVC_TESTS=%cert_svc_tests \
 136          -DCERT_SVC_EXAMPLES=%cert_svc_examples \
 137 %endif
 138          -DCMAKE_BUILD_TYPE=%build_type \
 139          -DSYSTEMD_UNIT_DIR=%_unitdir
 140
 141 make %{?_smp_mflags}
 142
 143 %install
 144 %make_install
 145 %install_service sockets.target.wants cert-server.socket
 146
 147 mkdir -p %buildroot%cert_svc_pkcs12
 148 mkdir -p %buildroot%cert_svc_transec_res
 149 mkdir -p %buildroot%cert_svc_transec_usr
 150 mkdir -p %buildroot%cert_svc_transec_global
 151
 152 touch %buildroot%cert_svc_db_path/certs-meta.db-journal
 153 touch %buildroot%cert_svc_transec_bundle
 154
 155 ln -sf %TZ_SYS_CA_BUNDLE %buildroot%cert_svc_ca_bundle
 156
 157 %preun
 158 # erase
 159 if [ $1 = 0 ]; then
 160     systemctl stop cert-server.service
 161 fi
 162
 163 %post
 164 /sbin/ldconfig
 165 systemctl daemon-reload
 166 # install
 167 if [ $1 = 1 ]; then
 168     systemctl start cert-server.socket
 169 fi
 170 # upgrade / reinstall
 171 if [ $1 = 2 ]; then
 172     systemctl restart cert-server.socket
 173 fi
 174
 175 %postun -p /sbin/ldconfig
 176
 177 %files
 178 %manifest %name.manifest
 179 %license LICENSE
 180 %license LICENSE.OpenSSL
 181 %_unitdir/cert-server.service
 182 %_unitdir/cert-server.socket
 183 %_unitdir/sockets.target.wants/cert-server.socket
 184 %_libdir/libcert-svc-vcore.so.*
 185 %_libdir/libcert-svc-transec.so.*
 186 %bin_dir/cert-server
 187 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_path
 188 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_pkcs12
 189 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path
 190 %attr(-, %{user_name}, %{group_name}) %cert_svc_ca_bundle
 191 %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db
 192 %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db-journal
 193 %attr(-, %{user_name}, %{group_name}) %cert_svc_ro_path
 194 %attr(-, %{user_name}, %{group_name}) %cert_svc_transec/*
 195
 196 %attr(755, root, root) %upgrade_script_path/202.cert-svc-db-upgrade.sh
 197 %attr(755, root, root) %upgrade_script_path/203.cert-svc-disabled-certs-upgrade.sh
 198 %upgrade_data_path/certs-meta.db
 199
 200 %files devel
 201 %_includedir/*
 202 %_libdir/pkgconfig/*
 203 %_libdir/libcert-svc-vcore.so
 204 %_libdir/libcert-svc-transec.so
 205
 206 %if 0%{?certsvc_test_build}
 207 %files test
 208 %bin_dir/cert-svc-test*
 209 %cert_svc_tests
 210 %_libdir/libcert-svc-validator-plugin.so
 211
 212 %attr(755, root, root) %upgrade_script_path/cert-svc-test-upgrade.sh
 213 %upgrade_data_path/certs-meta-old.db
 214
 215 %bin_dir/cert-svc-example*
 216 %cert_svc_examples
 217
 218 %endif