-%define certsvc_test_build 0
+%{!?build_type:%global build_type RELEASE}
Name: cert-svc
Summary: Certification service
-Version: 2.1.6
+Version: 2.2.2
Release: 0
Group: Security/Certificate Management
-License: Apache-2.0 and OpenSSL
+License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
BuildRequires: cmake
BuildRequires: coreutils
BuildRequires: findutils
-BuildRequires: openssl
BuildRequires: pkgconfig(dlog)
-BuildRequires: pkgconfig(openssl)
+BuildRequires: pkgconfig(klay)
+BuildRequires: openssl3
+BuildRequires: pkgconfig(openssl3)
BuildRequires: pkgconfig(libpcrecpp)
BuildRequires: pkgconfig(xmlsec1)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libxslt)
-BuildRequires: pkgconfig(db-util)
-BuildRequires: pkgconfig(libsystemd-daemon)
+BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(key-manager)
BuildRequires: pkgconfig(libtzplatform-config)
-BuildRequires: pkgconfig(libsystemd-journal)
BuildRequires: pkgconfig(sqlite3)
BuildRequires: ca-certificates
BuildRequires: ca-certificates-devel
BuildRequires: ca-certificates-tizen-devel
+BuildRequires: boost-devel
+
+%if "%{build_type}" == "COVERAGE"
+BuildRequires: lcov
+%endif
+
Requires: ca-certificates
Requires: ca-certificates-tizen
Requires: security-config
-Requires: openssl
-%if "%{?profile}" == "mobile"
-BuildRequires: pkgconfig(cert-checker)
-%endif
+# to prevent auto require lower version of libc including examples/resource/player/bin/player
+# https://fedoraproject.org/wiki/Packaging:AutoProvidesAndRequiresFiltering?rd=PackagingDrafts/AutoProvidesAndRequiresFiltering
+%global __requires_exclude_from examples/
+
%global user_name security_fw
%global group_name security_fw
%global server_stream /tmp/.cert-server.socket
%global smack_domain_name System
+%global coverage_dir %{_datadir}/cert-svc-coverage
%global bin_dir %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir}
+%global lib_dir %{?TZ_SYS_LIB:%TZ_SYS_LIB}%{!?TZ_SYS_LIB:%_libdir}
%global etc_dir %{?TZ_SYS_ETC:%TZ_SYS_ETC}%{!?TZ_SYS_ETC:/opt/etc}
%global rw_data_dir %{?TZ_SYS_SHARE:%TZ_SYS_SHARE}%{!?TZ_SYS_SHARE:/opt/share}
%global ro_data_dir %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir}
%global cert_svc_db_path %cert_svc_path/dbspace
%global cert_svc_pkcs12 %cert_svc_path/pkcs12
%global cert_svc_ca_bundle %cert_svc_path/ca-certificate.crt
+%global cert_svc_examples %cert_svc_ro_path/examples
%global cert_svc_tests %rw_app_dir/cert-svc-tests
-%global cert_svc_old_db_path /opt/share/cert-svc/dbspace
-%global upgrade_script_path %ro_data_dir/upgrade/scripts
-%global upgrade_data_path %ro_data_dir/upgrade/data
-
%description
Certification service
%description devel
Certification service (development files)
-%if 0%{?certsvc_test_build}
%package test
Summary: Certification service (tests)
Group: Security/Testing
Requires: ca-certificates-tizen
Requires: %{name} = %{version}-%{release}
+Requires: %{name}-test-binaries = %{version}-%{release}
%description test
Certification service (tests)
+
+%package test-binaries
+Summary: Certification service (test binaries)
+Group: Security/Testing
+AutoReq: no
+Requires: %{name}-test = %{version}-%{release}
+
+%description test-binaries
+Certification service (test binaries)
+
+%if "%{build_type}" == "COVERAGE"
+%package coverage
+Summary: Certification service code coverage data
+Group: Security/Testing
+Requires: cert-svc-test = %{version}-%{release}
+Requires: cert-svc-debugsource = %{version}-%{release}
+Requires: lcov
+Requires: gcc
+
+%description coverage
+Certification service code coverage data
%endif
%prep
%setup -q
%build
-export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
-export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE"
-export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE"
-
+%if 0%{?tizen_build_devel_mode}
export CFLAGS="$CFLAGS -DTIZEN_ENGINEER_MODE"
export CXXFLAGS="$CXXFLAGS -DTIZEN_ENGINEER_MODE"
export FFLAGS="$FFLAGS -DTIZEN_ENGINEER_MODE"
+%endif
%ifarch %{ix86}
export CFLAGS="$CFLAGS -DTIZEN_EMULATOR_MODE"
export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE"
%endif
-%{!?build_type:%define build_type "Release"}
+# gcc v9 and new Tizen toolchain adds Wall and this code pretty much always checks string & buffer lenghts
+export CFLAGS="$CFLAGS -Wno-stringop-truncation -Wno-stringop-overflow"
+export CXXFLAGS="$CXXFLAGS -Wno-stringop-truncation -Wno-stringop-overflow"
+
%cmake . -DVERSION=%version \
-DINCLUDEDIR=%_includedir \
-DUSER_NAME=%user_name \
-DSMACK_DOMAIN_NAME=%smack_domain_name \
-DRO_DATA_DIR=%ro_data_dir \
-DBIN_DIR=%bin_dir \
+ -DLIB_DIR=%lib_dir \
-DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \
-DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \
-DTZ_SYS_CA_BUNDLE=%TZ_SYS_CA_BUNDLE \
+ -DTZ_SYS_RO_CA_CERTS=%TZ_SYS_RO_CA_CERTS \
+ -DTZ_SYS_RO_CA_BUNDLE=%TZ_SYS_RO_CA_BUNDLE \
-DCERT_SVC_CA_BUNDLE=%cert_svc_ca_bundle \
- -DFINGERPRINT_LIST_RW_PATH=%TZ_SYS_REVOKED_CERTS_FINGERPRINTS_RUNTIME \
-DCERT_SVC_PATH=%cert_svc_path \
-DCERT_SVC_RO_PATH=%cert_svc_ro_path \
-DCERT_SVC_PKCS12=%cert_svc_pkcs12 \
-DCERT_SVC_DB_PATH=%cert_svc_db_path \
- -DCERT_SVC_OLD_DB_PATH=%cert_svc_old_db_path \
- -DUPGRADE_SCRIPT_PATH=%upgrade_script_path \
- -DUPGRADE_DATA_PATH=%upgrade_data_path \
-%if "%{?profile}" == "mobile"
- -DTIZEN_PROFILE_MOBILE:BOOL=ON \
-%else
- -DTIZEN_PROFILE_MOBILE:BOOL=OFF \
-%endif
-%if 0%{?certsvc_test_build}
- -DCERTSVC_TEST_BUILD=1 \
-DCERT_SVC_TESTS=%cert_svc_tests \
-%endif
+ -DCERT_SVC_EXAMPLES=%cert_svc_examples \
+ -DCOVERAGE_DIR=%{coverage_dir} \
-DCMAKE_BUILD_TYPE=%build_type \
-DSYSTEMD_UNIT_DIR=%_unitdir
if [ $1 = 1 ]; then
systemctl start cert-server.socket
fi
-# upgrade / reinstall
+# reinstall
if [ $1 = 2 ]; then
systemctl restart cert-server.socket
fi
%files
%manifest %name.manifest
%license LICENSE
-%license LICENSE.OpenSSL
%_unitdir/cert-server.service
%_unitdir/cert-server.socket
%_unitdir/sockets.target.wants/cert-server.socket
%attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db-journal
%attr(-, %{user_name}, %{group_name}) %cert_svc_ro_path
-%attr(755, root, root) %upgrade_script_path/202.cert-svc-db-upgrade.sh
-%attr(755, root, root) %upgrade_script_path/203.cert-svc-disabled-certs-upgrade.sh
-%upgrade_data_path/certs-meta.db
-
%files devel
+%manifest %name.manifest
%_includedir/*
%_libdir/pkgconfig/*
%_libdir/libcert-svc-vcore.so
-%if 0%{?certsvc_test_build}
%files test
+%manifest %name.manifest
%bin_dir/cert-svc-test*
-%cert_svc_tests
+%dir %cert_svc_tests
+%cert_svc_tests/p12
+%cert_svc_tests/certs
%_libdir/libcert-svc-validator-plugin.so
-%attr(755, root, root) %upgrade_script_path/cert-svc-test-upgrade.sh
-%upgrade_data_path/certs-meta-old.db
+
+%bin_dir/cert-svc-example*
+%cert_svc_examples
+
+%bin_dir/cert-svc-unit-tests
+
+%files test-binaries
+%manifest %name.manifest
+%cert_svc_tests/apps
+
+%if "%{build_type}" == "COVERAGE"
+%files coverage
+%manifest %{name}.manifest
+%license LICENSE
+%{bin_dir}/cert-svc-coverage.sh
+%coverage_dir
%endif