packaging/cert-svc.spec

   1 Name:    cert-svc
   2 Summary: Certification service
   3 Version: 2.2.2
   4 Release: 0
   5 Group:   Security/Certificate Management
   6 License: Apache-2.0
   7 Source0: %{name}-%{version}.tar.gz
   8 BuildRequires: cmake
   9 BuildRequires: coreutils
  10 BuildRequires: findutils
  11 BuildRequires: pkgconfig(dlog)
  12 BuildRequires: pkgconfig(klay)
  13 BuildRequires: openssl3
  14 BuildRequires: pkgconfig(openssl3)
  15 BuildRequires: pkgconfig(libpcrecpp)
  16 BuildRequires: pkgconfig(xmlsec1)
  17 BuildRequires: pkgconfig(libxml-2.0)
  18 BuildRequires: pkgconfig(libxslt)
  19 BuildRequires: pkgconfig(libsystemd)
  20 BuildRequires: pkgconfig(key-manager)
  21 BuildRequires: pkgconfig(libtzplatform-config)
  22 BuildRequires: pkgconfig(sqlite3)
  23 BuildRequires: ca-certificates
  24 BuildRequires: ca-certificates-devel
  25 BuildRequires: ca-certificates-tizen-devel
  26 BuildRequires: boost-devel
  27 Requires: ca-certificates
  28 Requires: ca-certificates-tizen
  29 Requires: security-config
  30 # to prevent auto require lower version of libc including examples/resource/player/bin/player
  31 # https://fedoraproject.org/wiki/Packaging:AutoProvidesAndRequiresFiltering?rd=PackagingDrafts/AutoProvidesAndRequiresFiltering
  32 %global __requires_exclude_from examples/
  33
  34
  35 %global user_name security_fw
  36 %global group_name security_fw
  37 %global server_stream /tmp/.cert-server.socket
  38 %global smack_domain_name System
  39
  40 %global bin_dir                 %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir}
  41 %global lib_dir                 %{?TZ_SYS_LIB:%TZ_SYS_LIB}%{!?TZ_SYS_LIB:%_libdir}
  42 %global etc_dir                 %{?TZ_SYS_ETC:%TZ_SYS_ETC}%{!?TZ_SYS_ETC:/opt/etc}
  43 %global rw_data_dir             %{?TZ_SYS_SHARE:%TZ_SYS_SHARE}%{!?TZ_SYS_SHARE:/opt/share}
  44 %global ro_data_dir             %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir}
  45 %global rw_app_dir              %{?TZ_SYS_RW_APP:%TZ_SYS_RW_APP}%{!?TZ_SYS_RW_APP:/opt/usr/apps}
  46
  47 %global cert_svc_path           %rw_data_dir/cert-svc
  48 %global cert_svc_ro_path        %ro_data_dir/cert-svc
  49 %global cert_svc_db_path        %cert_svc_path/dbspace
  50 %global cert_svc_pkcs12         %cert_svc_path/pkcs12
  51 %global cert_svc_ca_bundle      %cert_svc_path/ca-certificate.crt
  52 %global cert_svc_examples       %cert_svc_ro_path/examples
  53 %global cert_svc_tests          %rw_app_dir/cert-svc-tests
  54
  55 %description
  56 Certification service
  57
  58 %package devel
  59 Summary:    Certification service (development files)
  60 Group:      Development/Libraries
  61 Requires:   %{name} = %{version}-%{release}
  62
  63 %description devel
  64 Certification service (development files)
  65
  66 %package test
  67 Summary:  Certification service (tests)
  68 Group:    Security/Testing
  69 Requires: ca-certificates-tizen
  70 Requires: %{name} = %{version}-%{release}
  71 Requires: %{name}-test-binaries = %{version}-%{release}
  72
  73 %description test
  74 Certification service (tests)
  75
  76 %package test-binaries
  77 Summary:  Certification service (test binaries)
  78 Group:    Security/Testing
  79 AutoReq:  no
  80 Requires: %{name}-test = %{version}-%{release}
  81
  82 %description test-binaries
  83 Certification service (test binaries)
  84
  85 %prep
  86 %setup -q
  87
  88 %build
  89 %if 0%{?tizen_build_devel_mode}
  90 export CFLAGS="$CFLAGS -DTIZEN_ENGINEER_MODE"
  91 export CXXFLAGS="$CXXFLAGS -DTIZEN_ENGINEER_MODE"
  92 export FFLAGS="$FFLAGS -DTIZEN_ENGINEER_MODE"
  93 %endif
  94
  95 %ifarch %{ix86}
  96 export CFLAGS="$CFLAGS -DTIZEN_EMULATOR_MODE"
  97 export CXXFLAGS="$CXXFLAGS -DTIZEN_EMULATOR_MODE"
  98 export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE"
  99 %endif
 100
 101 # gcc v9 and new Tizen toolchain adds Wall and this code pretty much always checks string & buffer lenghts
 102 export CFLAGS="$CFLAGS -Wno-stringop-truncation -Wno-stringop-overflow"
 103 export CXXFLAGS="$CXXFLAGS -Wno-stringop-truncation -Wno-stringop-overflow"
 104
 105 %{!?build_type:%define build_type "Release"}
 106 %cmake . -DVERSION=%version \
 107          -DINCLUDEDIR=%_includedir \
 108          -DUSER_NAME=%user_name \
 109          -DGROUP_NAME=%group_name \
 110          -DSERVER_STREAM=%server_stream \
 111          -DSMACK_DOMAIN_NAME=%smack_domain_name \
 112          -DRO_DATA_DIR=%ro_data_dir \
 113          -DBIN_DIR=%bin_dir \
 114          -DLIB_DIR=%lib_dir \
 115          -DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \
 116          -DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \
 117          -DTZ_SYS_CA_BUNDLE=%TZ_SYS_CA_BUNDLE \
 118          -DTZ_SYS_RO_CA_CERTS=%TZ_SYS_RO_CA_CERTS \
 119          -DTZ_SYS_RO_CA_BUNDLE=%TZ_SYS_RO_CA_BUNDLE \
 120          -DCERT_SVC_CA_BUNDLE=%cert_svc_ca_bundle \
 121          -DCERT_SVC_PATH=%cert_svc_path \
 122          -DCERT_SVC_RO_PATH=%cert_svc_ro_path \
 123          -DCERT_SVC_PKCS12=%cert_svc_pkcs12 \
 124          -DCERT_SVC_DB_PATH=%cert_svc_db_path \
 125          -DCERT_SVC_TESTS=%cert_svc_tests \
 126          -DCERT_SVC_EXAMPLES=%cert_svc_examples \
 127          -DCMAKE_BUILD_TYPE=%build_type \
 128          -DSYSTEMD_UNIT_DIR=%_unitdir
 129
 130 make %{?_smp_mflags}
 131
 132 %install
 133 %make_install
 134 %install_service sockets.target.wants cert-server.socket
 135
 136 mkdir -p %buildroot%cert_svc_pkcs12
 137
 138 touch %buildroot%cert_svc_db_path/certs-meta.db-journal
 139
 140 ln -sf %TZ_SYS_CA_BUNDLE %buildroot%cert_svc_ca_bundle
 141
 142 %preun
 143 # erase
 144 if [ $1 = 0 ]; then
 145     systemctl stop cert-server.service
 146 fi
 147
 148 %post
 149 /sbin/ldconfig
 150 systemctl daemon-reload
 151 # install
 152 if [ $1 = 1 ]; then
 153     systemctl start cert-server.socket
 154 fi
 155 # reinstall
 156 if [ $1 = 2 ]; then
 157     systemctl restart cert-server.socket
 158 fi
 159
 160 %postun -p /sbin/ldconfig
 161
 162 %files
 163 %manifest %name.manifest
 164 %license LICENSE
 165 %_unitdir/cert-server.service
 166 %_unitdir/cert-server.socket
 167 %_unitdir/sockets.target.wants/cert-server.socket
 168 %_libdir/libcert-svc-vcore.so.*
 169 %bin_dir/cert-server
 170 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_path
 171 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_pkcs12
 172 %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path
 173 %attr(-, %{user_name}, %{group_name}) %cert_svc_ca_bundle
 174 %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db
 175 %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db-journal
 176 %attr(-, %{user_name}, %{group_name}) %cert_svc_ro_path
 177
 178 %files devel
 179 %manifest %name.manifest
 180 %_includedir/*
 181 %_libdir/pkgconfig/*
 182 %_libdir/libcert-svc-vcore.so
 183
 184 %files test
 185 %manifest %name.manifest
 186 %bin_dir/cert-svc-test*
 187 %dir %cert_svc_tests
 188 %cert_svc_tests/p12
 189 %cert_svc_tests/certs
 190 %_libdir/libcert-svc-validator-plugin.so
 191
 192 %bin_dir/cert-svc-example*
 193 %cert_svc_examples
 194
 195 %bin_dir/cert-svc-unit-tests
 196
 197 %files test-binaries
 198 %manifest %name.manifest
 199 %cert_svc_tests/apps