-#sbs-git:slp/pkgs/c/cert-svc cert-svc 1.0.1 ad7eb7efcefb37b06017c69cb2fc44e6f7b6cab7
+%{!?build_type:%global build_type RELEASE}
+
Name: cert-svc
Summary: Certification service
-Version: 1.0.1
-Release: 45
-Group: System/Libraries
+Version: 2.2.2
+Release: 0
+Group: Security/Certificate Management
License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
-Source1001: %{name}.manifest
BuildRequires: cmake
+BuildRequires: coreutils
+BuildRequires: findutils
BuildRequires: pkgconfig(dlog)
-BuildRequires: pkgconfig(openssl)
-BuildRequires: pkgconfig(evas)
-BuildRequires: pkgconfig(dpl-efl)
-BuildRequires: pkgconfig(libsoup-2.4)
-BuildRequires: pkgconfig(libpcre)
+BuildRequires: pkgconfig(klay)
+BuildRequires: openssl3
+BuildRequires: pkgconfig(openssl3)
BuildRequires: pkgconfig(libpcrecpp)
BuildRequires: pkgconfig(xmlsec1)
-BuildRequires: pkgconfig(secure-storage)
-BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libxslt)
+BuildRequires: pkgconfig(libsystemd)
+BuildRequires: pkgconfig(key-manager)
BuildRequires: pkgconfig(libtzplatform-config)
+BuildRequires: pkgconfig(sqlite3)
+BuildRequires: ca-certificates
+BuildRequires: ca-certificates-devel
+BuildRequires: ca-certificates-tizen-devel
+BuildRequires: boost-devel
+
+%if "%{build_type}" == "COVERAGE"
+BuildRequires: lcov
+%endif
+
Requires: ca-certificates
-Requires: libtzplatform-config
+Requires: ca-certificates-tizen
+Requires: security-config
+# to prevent auto require lower version of libc including examples/resource/player/bin/player
+# https://fedoraproject.org/wiki/Packaging:AutoProvidesAndRequiresFiltering?rd=PackagingDrafts/AutoProvidesAndRequiresFiltering
+%global __requires_exclude_from examples/
+
+
+%global user_name security_fw
+%global group_name security_fw
+%global server_stream /tmp/.cert-server.socket
+%global smack_domain_name System
+%global coverage_dir %{_datadir}/cert-svc-coverage
+
+%global bin_dir %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir}
+%global lib_dir %{?TZ_SYS_LIB:%TZ_SYS_LIB}%{!?TZ_SYS_LIB:%_libdir}
+%global etc_dir %{?TZ_SYS_ETC:%TZ_SYS_ETC}%{!?TZ_SYS_ETC:/opt/etc}
+%global rw_data_dir %{?TZ_SYS_SHARE:%TZ_SYS_SHARE}%{!?TZ_SYS_SHARE:/opt/share}
+%global ro_data_dir %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir}
+%global rw_app_dir %{?TZ_SYS_RW_APP:%TZ_SYS_RW_APP}%{!?TZ_SYS_RW_APP:/opt/usr/apps}
+
+%global cert_svc_path %rw_data_dir/cert-svc
+%global cert_svc_ro_path %ro_data_dir/cert-svc
+%global cert_svc_db_path %cert_svc_path/dbspace
+%global cert_svc_pkcs12 %cert_svc_path/pkcs12
+%global cert_svc_ca_bundle %cert_svc_path/ca-certificate.crt
+%global cert_svc_examples %cert_svc_ro_path/examples
+%global cert_svc_tests %rw_app_dir/cert-svc-tests
%description
Certification service
%description devel
Certification service (development files)
+%package test
+Summary: Certification service (tests)
+Group: Security/Testing
+Requires: ca-certificates-tizen
+Requires: %{name} = %{version}-%{release}
+Requires: %{name}-test-binaries = %{version}-%{release}
+
+%description test
+Certification service (tests)
+
+%package test-binaries
+Summary: Certification service (test binaries)
+Group: Security/Testing
+AutoReq: no
+Requires: %{name}-test = %{version}-%{release}
+
+%description test-binaries
+Certification service (test binaries)
+
+%if "%{build_type}" == "COVERAGE"
+%package coverage
+Summary: Certification service code coverage data
+Group: Security/Testing
+Requires: cert-svc-test = %{version}-%{release}
+Requires: cert-svc-debugsource = %{version}-%{release}
+Requires: lcov
+Requires: gcc
+
+%description coverage
+Certification service code coverage data
+%endif
+
%prep
%setup -q
-cp %{SOURCE1001} .
%build
-%{!?build_type:%define build_type "Release"}
-%cmake . -DPREFIX=%{_prefix} \
- -DEXEC_PREFIX=%{_exec_prefix} \
- -DBINDIR=%{_bindir} \
- -DINCLUDEDIR=%{_includedir} \
- -DCMAKE_BUILD_TYPE=%{build_type} \
- -DTZ_SYS_SHARE=%TZ_SYS_SHARE \
- -DTZ_SYS_BIN=%TZ_SYS_BIN
+%if 0%{?tizen_build_devel_mode}
+export CFLAGS="$CFLAGS -DTIZEN_ENGINEER_MODE"
+export CXXFLAGS="$CXXFLAGS -DTIZEN_ENGINEER_MODE"
+export FFLAGS="$FFLAGS -DTIZEN_ENGINEER_MODE"
+%endif
+
+%ifarch %{ix86}
+export CFLAGS="$CFLAGS -DTIZEN_EMULATOR_MODE"
+export CXXFLAGS="$CXXFLAGS -DTIZEN_EMULATOR_MODE"
+export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE"
+%endif
-make %{?jobs:-j%jobs}
+# gcc v9 and new Tizen toolchain adds Wall and this code pretty much always checks string & buffer lenghts
+export CFLAGS="$CFLAGS -Wno-stringop-truncation -Wno-stringop-overflow"
+export CXXFLAGS="$CXXFLAGS -Wno-stringop-truncation -Wno-stringop-overflow"
+
+%cmake . -DVERSION=%version \
+ -DINCLUDEDIR=%_includedir \
+ -DUSER_NAME=%user_name \
+ -DGROUP_NAME=%group_name \
+ -DSERVER_STREAM=%server_stream \
+ -DSMACK_DOMAIN_NAME=%smack_domain_name \
+ -DRO_DATA_DIR=%ro_data_dir \
+ -DBIN_DIR=%bin_dir \
+ -DLIB_DIR=%lib_dir \
+ -DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \
+ -DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \
+ -DTZ_SYS_CA_BUNDLE=%TZ_SYS_CA_BUNDLE \
+ -DTZ_SYS_RO_CA_CERTS=%TZ_SYS_RO_CA_CERTS \
+ -DTZ_SYS_RO_CA_BUNDLE=%TZ_SYS_RO_CA_BUNDLE \
+ -DCERT_SVC_CA_BUNDLE=%cert_svc_ca_bundle \
+ -DCERT_SVC_PATH=%cert_svc_path \
+ -DCERT_SVC_RO_PATH=%cert_svc_ro_path \
+ -DCERT_SVC_PKCS12=%cert_svc_pkcs12 \
+ -DCERT_SVC_DB_PATH=%cert_svc_db_path \
+ -DCERT_SVC_TESTS=%cert_svc_tests \
+ -DCERT_SVC_EXAMPLES=%cert_svc_examples \
+ -DCOVERAGE_DIR=%{coverage_dir} \
+ -DCMAKE_BUILD_TYPE=%build_type \
+ -DSYSTEMD_UNIT_DIR=%_unitdir
+
+make %{?_smp_mflags}
%install
-rm -rf %{buildroot}
-mkdir -p %{buildroot}%{TZ_SYS_SHARE}/license
-cp LICENSE.APLv2 %{buildroot}%{TZ_SYS_SHARE}/license/%{name}
%make_install
-ln -sf %{TZ_SYS_ETC}/ssl/certs %{buildroot}%{TZ_SYS_SHARE}/cert-svc/certs/ssl
-touch %{buildroot}%{TZ_SYS_SHARE}/cert-svc/pkcs12/storage
-chmod 766 %{buildroot}%{TZ_SYS_SHARE}/cert-svc/pkcs12/storage
+%install_service sockets.target.wants cert-server.socket
+
+mkdir -p %buildroot%cert_svc_pkcs12
-%clean
-rm -rf %{buildroot}
+touch %buildroot%cert_svc_db_path/certs-meta.db-journal
+
+ln -sf %TZ_SYS_CA_BUNDLE %buildroot%cert_svc_ca_bundle
+
+%preun
+# erase
+if [ $1 = 0 ]; then
+ systemctl stop cert-server.service
+fi
%post
/sbin/ldconfig
-%if 0%{?tizen_feature_certsvc_ocsp_crl}
-if [ -z ${2} ]; then
- echo "This is new install of wrt-security"
- echo "Calling %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh"
- %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh
-else
- # Find out old and new version of databases
- VCORE_OLD_DB_VERSION=`sqlite3 %{TZ_SYS_DB}/.cert_svc_vcore.db ".tables" | grep "DB_VERSION_"`
- VCORE_NEW_DB_VERSION=`cat %{TZ_SYS_SHARE}/cert-svc/cert_svc_vcore_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_`
- echo "OLD vcore database version ${VCORE_OLD_DB_VERSION}"
- echo "NEW vcore database version ${VCORE_NEW_DB_VERSION}"
-
- if [ ${VCORE_OLD_DB_VERSION} -a ${VCORE_NEW_DB_VERSION} ]; then
- if [ ${VCORE_OLD_DB_VERSION} = ${VCORE_NEW_DB_VERSION} ]; then
- echo "Equal database detected so db installation ignored"
- else
- echo "Calling %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh"
- %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh
- fi
- else
- echo "Calling %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh"
- %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh
- fi
+systemctl daemon-reload
+# install
+if [ $1 = 1 ]; then
+ systemctl start cert-server.socket
+fi
+# reinstall
+if [ $1 = 2 ]; then
+ systemctl restart cert-server.socket
fi
-chsmack -a 'User' %TZ_SYS_DB/.cert_svc_vcore.db*
-%endif #tizen_feature_certsvc_ocsp_crl
-%postun
-/sbin/ldconfig
+%postun -p /sbin/ldconfig
%files
-
-%defattr(-,root,root,-)
-%manifest %{name}.manifest
-%attr(0755,root,root) %{_bindir}/cert_svc_create_clean_db.sh
-%{_libdir}/*.so.*
-#%{_bindir}/dpkg-pki-sig
-%{TZ_SYS_SHARE}/cert-svc/targetinfo
-%if 0%{?tizen_feature_certsvc_ocsp_crl}
-%{_datadir}/cert-svc/cert_svc_vcore_db.sql
-%endif
-%{_datadir}/license/%{name}
-%dir %attr(0755,root,use_cert) %{TZ_SYS_SHARE}/cert-svc
-#%dir %attr(0755,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/ca-certs
-#%dir %attr(0755,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/ca-certs/code-signing
-#%dir %attr(0755,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/ca-certs/code-signing/native
-#%dir %attr(0755,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/ca-certs/code-signing/wac
-
-#%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/code-signing
-#%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/code-signing/wac
-#%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/code-signing/tizen
-%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc
-%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs
-%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/sim
-%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/sim/operator
-%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/sim/thirdparty
-%dir %attr(0777,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/user
-%dir %attr(0777,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/trusteduser
-%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/mdm
-%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/mdm/security
-%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/mdm/security/cert
-%dir %attr(0777,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/pkcs12
-#%{TZ_SYS_SHARE}/cert-svc/pin/.pin
-%{TZ_SYS_SHARE}/cert-svc/certs/ssl
-%{TZ_SYS_SHARE}/cert-svc/pkcs12/storage
-#%dir %attr(0700, root, root) %{TZ_SYS_SHARE}/cert-svc/pin
-%if 0%{?tizen_feature_certsvc_ocsp_crl}
-%attr(0755,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/fota/*
-%endif
-#%{TZ_SYS_SHARE}/cert-svc/pin/.pin
-%{TZ_SYS_SHARE}/cert-svc/certs/ssl
-%{TZ_SYS_SHARE}/cert-svc/pkcs12/storage
+%manifest %name.manifest
+%license LICENSE
+%_unitdir/cert-server.service
+%_unitdir/cert-server.socket
+%_unitdir/sockets.target.wants/cert-server.socket
+%_libdir/libcert-svc-vcore.so.*
+%bin_dir/cert-server
+%dir %attr(-, %{user_name}, %{group_name}) %cert_svc_path
+%dir %attr(-, %{user_name}, %{group_name}) %cert_svc_pkcs12
+%dir %attr(-, %{user_name}, %{group_name}) %cert_svc_db_path
+%attr(-, %{user_name}, %{group_name}) %cert_svc_ca_bundle
+%attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db
+%attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db-journal
+%attr(-, %{user_name}, %{group_name}) %cert_svc_ro_path
%files devel
+%manifest %name.manifest
+%_includedir/*
+%_libdir/pkgconfig/*
+%_libdir/libcert-svc-vcore.so
+
+%files test
+%manifest %name.manifest
+%bin_dir/cert-svc-test*
+%dir %cert_svc_tests
+%cert_svc_tests/p12
+%cert_svc_tests/certs
+%_libdir/libcert-svc-validator-plugin.so
+
+%bin_dir/cert-svc-example*
+%cert_svc_examples
+
+%bin_dir/cert-svc-unit-tests
+
+%files test-binaries
+%manifest %name.manifest
+%cert_svc_tests/apps
+
+%if "%{build_type}" == "COVERAGE"
+%files coverage
%manifest %{name}.manifest
-%defattr(-,root,root,-)
-%{_includedir}/*
-%{_libdir}/pkgconfig/*
-%{_libdir}/*.so
+%license LICENSE
+%{bin_dir}/cert-svc-coverage.sh
+%coverage_dir
+%endif