X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=packaging%2Fkey-manager.spec;h=ba3b79d3b324e4ea610e7a0ef5fd4c1f60d68187;hb=refs%2Ftags%2Faccepted%2Ftizen%2Ftv%2F20150911.091520;hp=f1ac51d862fbaf443cd34c51e817d21c217a376c;hpb=4df3687bb88d0b9793c9794696e163759e34dd3c;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec old mode 100755 new mode 100644 index f1ac51d..ba3b79d --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -1,10 +1,14 @@ Name: key-manager Summary: Central Key Manager and utilities -Version: 0.1.3 +Version: 0.1.16 Release: 1 Group: System/Security -License: Apache License, Version 2.0 +License: Apache-2.0 Source0: %{name}-%{version}.tar.gz +Source1001: key-manager.manifest +Source1002: key-manager-listener.manifest +Source1003: libkey-manager-client.manifest +Source1004: libkey-manager-common.manifest BuildRequires: cmake BuildRequires: zip BuildRequires: pkgconfig(dlog) @@ -12,20 +16,49 @@ BuildRequires: pkgconfig(openssl) BuildRequires: libattr-devel BuildRequires: pkgconfig(libsmack) BuildRequires: pkgconfig(libsystemd-daemon) -BuildRequires: pkgconfig(db-util) -BuildRequires: pkgconfig(capi-appfw-package-manager) -BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(vconf) +BuildRequires: pkgconfig(libsystemd-journal) +BuildRequires: pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(capi-system-info) +BuildRequires: pkgconfig(security-manager) +BuildRequires: pkgconfig(cynara-client-async) +BuildRequires: pkgconfig(cynara-creds-socket) BuildRequires: boost-devel -Requires: boost-test +Requires: libkey-manager-common = %{version}-%{release} %{?systemd_requires} %description -Central Key Manager and utilities +Central Key Manager daemon could be used as secure storage +for certificate and private/public keys. It gives API for +application to sign and verify (DSA/RSA/ECDSA) signatures. + +%package -n key-manager-listener +Summary: Package with listener daemon +Group: System/Security +BuildRequires: pkgconfig(vconf) +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(capi-appfw-package-manager) +Requires: libkey-manager-client = %{version}-%{release} + +%description -n key-manager-listener +Listener for central key manager. This daemon is responsible for +receive notification from dbus about uninstall application +and pass them to key-manager daemon. + +%package -n libkey-manager-common +Summary: Central Key Manager (common libraries) +Group: Development/Libraries +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libkey-manager-common +Central Key Manager package (common library) %package -n libkey-manager-client Summary: Central Key Manager (client) Group: Development/Libraries Requires: key-manager = %{version}-%{release} +Requires: libkey-manager-common = %{version}-%{release} Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig @@ -43,16 +76,37 @@ Requires: libkey-manager-client = %{version}-%{release} Central Key Manager package (client-devel) %package -n key-manager-tests -Summary: internal test for key-manager +Summary: Internal test for key-manager Group: Development +BuildRequires: pkgconfig(libxml-2.0) +Requires: boost-test Requires: key-manager = %{version}-%{release} %description -n key-manager-tests -Internal test for key-manager +Internal test for key-manager implementation. + +%package -n key-manager-pam-plugin +Summary: CKM login/password module to PAM. +Group: Development/Libraries +BuildRequires: pam-devel +Requires: key-manager = %{version}-%{release} +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n key-manager-pam-plugin +CKM login/password module to PAM. +It's used to monitor user login/logout and password change events from PAM. + %prep %setup -q +cp -a %{SOURCE1001} . +cp -a %{SOURCE1002} . +cp -a %{SOURCE1003} . +cp -a %{SOURCE1004} . +# optional password disabled temporary for milestone release +%define ckm_optional_password_enable 0 %build %if 0%{?sec_build_binary_debug_enable} @@ -62,11 +116,21 @@ Internal test for key-manager %endif -export LDFLAGS+="-Wl,--rpath=%{_libdir} " +export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions " %cmake . -DVERSION=%{version} \ -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \ - -DCMAKE_VERBOSE_MAKEFILE=ON + -DCMAKE_VERBOSE_MAKEFILE=ON \ +%if "%{sec_product_feature_security_mdfpp_enable}" == "1" + -DSECURITY_MDFPP_STATE_ENABLE=1 \ +%endif +%if 0%{?ckm_optional_password_enable} + -DOPTIONAL_PASSWORD_ENABLE=1 \ +%endif + -DSYSTEMD_UNIT_DIR=%{_unitdir} \ + -DSYSTEMD_ENV_FILE="/etc/sysconfig/central-key-manager" \ + -DMOCKUP_SM=%{?mockup_sm:%mockup_sm}%{!?mockup_sm:OFF} + make %{?jobs:-j%jobs} %install @@ -75,25 +139,37 @@ mkdir -p %{buildroot}/usr/share/license cp LICENSE %{buildroot}/usr/share/license/%{name} cp LICENSE %{buildroot}/usr/share/license/libkey-manager-client cp LICENSE %{buildroot}/usr/share/license/libkey-manager-control-client +mkdir -p %{buildroot}/opt/data/ckm/initial_values mkdir -p %{buildroot}/etc/security/ +mkdir -p %{buildroot}/usr/share/ckm/scripts +cp data/scripts/*.sql %{buildroot}/usr/share/ckm/scripts +cp doc/initial_values.xsd %{buildroot}/usr/share/ckm +mkdir -p %{buildroot}/usr/share/ckm-db-test +cp tests/testme_ver1.db %{buildroot}/usr/share/ckm-db-test/ +cp tests/testme_ver2.db %{buildroot}/usr/share/ckm-db-test/ +cp tests/testme_ver3.db %{buildroot}/usr/share/ckm-db-test/ +cp tests/XML_1_okay.xml %{buildroot}/usr/share/ckm-db-test/ +cp tests/XML_1_okay.xsd %{buildroot}/usr/share/ckm-db-test/ +cp tests/XML_1_wrong.xml %{buildroot}/usr/share/ckm-db-test/ +cp tests/XML_1_wrong.xsd %{buildroot}/usr/share/ckm-db-test/ +cp tests/XML_2_structure.xml %{buildroot}/usr/share/ckm-db-test/ +mkdir -p %{buildroot}/etc/gumd/userdel.d/ +cp data/gumd/10_key-manager.post %{buildroot}/etc/gumd/userdel.d/ %make_install -mkdir -p %{buildroot}/usr/lib/systemd/system/multi-user.target.wants -mkdir -p %{buildroot}/usr/lib/systemd/system/sockets.target.wants -ln -s ../central-key-manager.service %{buildroot}/usr/lib/systemd/system/multi-user.target.wants/central-key-manager.service -ln -s ../central-key-manager-echo.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/central-key-manager-echo.socket -ln -s ../central-key-manager-api-control.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/central-key-manager-api-control.socket -ln -s ../central-key-manager-api-storage.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/central-key-manager-api-storage.socket -ln -s ../central-key-manager-api-ocsp.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/central-key-manager-api-ocsp.socket +mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants +mkdir -p %{buildroot}%{_unitdir}/sockets.target.wants +ln -s ../central-key-manager.service %{buildroot}%{_unitdir}/multi-user.target.wants/central-key-manager.service +ln -s ../central-key-manager-listener.service %{buildroot}%{_unitdir}/multi-user.target.wants/central-key-manager-listener.service +ln -s ../central-key-manager-api-control.socket %{buildroot}%{_unitdir}/sockets.target.wants/central-key-manager-api-control.socket +ln -s ../central-key-manager-api-storage.socket %{buildroot}%{_unitdir}/sockets.target.wants/central-key-manager-api-storage.socket +ln -s ../central-key-manager-api-ocsp.socket %{buildroot}%{_unitdir}/sockets.target.wants/central-key-manager-api-ocsp.socket +ln -s ../central-key-manager-api-encryption.socket %{buildroot}%{_unitdir}/sockets.target.wants/central-key-manager-api-encryption.socket %clean rm -rf %{buildroot} %post -%if "%{sec_product_feature_security_mdfpp_enable}" == "1" -rm %{_libdir}/libkey-manager-key-provider.so.1.0.0 -ln -s %{_libdir}/libskmm.so %{_libdir}/libkey-manager-key-provider.so.1.0.0 -%endif systemctl daemon-reload if [ $1 = 1 ]; then # installation @@ -122,46 +198,85 @@ fi %postun -n libkey-manager-client -p /sbin/ldconfig +%post -n key-manager-listener +systemctl daemon-reload +if [ $1 = 1 ]; then + # installation + systemctl start central-key-manager-listener.service +fi +if [ $1 = 2 ]; then + # update + systemctl restart central-key-manager-listener.service +fi + +%preun -n key-manager-listener +if [ $1 = 0 ]; then + # unistall + systemctl stop central-key-manager-listener.service +fi + +%postun -n key-manager-listener +if [ $1 = 0 ]; then + # unistall + systemctl daemon-reload +fi + + %files -n key-manager -%manifest %{_datadir}/key-manager.manifest -%attr(755,root,root) /usr/bin/key-manager -%attr(755,root,root) /usr/bin/key-manager-listener -%{_libdir}/libkey-manager-commons.so* -%{_libdir}/libkey-manager-key-provider.so* -%attr(-,root,root) /usr/lib/systemd/system/multi-user.target.wants/central-key-manager.service -%attr(-,root,root) /usr/lib/systemd/system/central-key-manager.service -%attr(-,root,root) /usr/lib/systemd/system/central-key-manager.target -%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/central-key-manager-echo.socket -%attr(-,root,root) /usr/lib/systemd/system/central-key-manager-echo.socket -%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/central-key-manager-api-control.socket -%attr(-,root,root) /usr/lib/systemd/system/central-key-manager-api-control.socket -%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/central-key-manager-api-storage.socket -%attr(-,root,root) /usr/lib/systemd/system/central-key-manager-api-storage.socket -%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/central-key-manager-api-ocsp.socket -%attr(-,root,root) /usr/lib/systemd/system/central-key-manager-api-ocsp.socket +%manifest key-manager.manifest +%{_bindir}/key-manager +%{_unitdir}/multi-user.target.wants/central-key-manager.service +%{_unitdir}/central-key-manager.service +%{_unitdir}/central-key-manager.target +%{_unitdir}/sockets.target.wants/central-key-manager-api-control.socket +%{_unitdir}/central-key-manager-api-control.socket +%{_unitdir}/sockets.target.wants/central-key-manager-api-storage.socket +%{_unitdir}/central-key-manager-api-storage.socket +%{_unitdir}/sockets.target.wants/central-key-manager-api-ocsp.socket +%{_unitdir}/central-key-manager-api-ocsp.socket +%{_unitdir}/sockets.target.wants/central-key-manager-api-encryption.socket +%{_unitdir}/central-key-manager-api-encryption.socket %{_datadir}/license/%{name} +%{_datadir}/ckm/scripts/*.sql +%{_datadir}/ +%{_datadir}/ckm/initial_values.xsd +/opt/data/ckm/initial_values/ +%attr(444, root, root) %{_datadir}/ckm/scripts/*.sql +/etc/opt/upgrade/230.key-manager-migrate-dkek.patch.sh +/etc/gumd/userdel.d/10_key-manager.post +%attr(550, root, root) /etc/gumd/userdel.d/10_key-manager.post +%{_bindir}/ckm_tool + +%files -n key-manager-listener +%manifest key-manager-listener.manifest +%{_bindir}/key-manager-listener +%{_unitdir}/multi-user.target.wants/central-key-manager-listener.service +%{_unitdir}/central-key-manager-listener.service + +%files -n libkey-manager-common +%manifest libkey-manager-common.manifest +%{_libdir}/libkey-manager-common.so.* %files -n libkey-manager-client -%manifest %{_datadir}/libkey-manager-client.manifest -%manifest %{_datadir}/libkey-manager-control-client.manifest -%defattr(-,root,root,-) +%manifest libkey-manager-client.manifest %{_libdir}/libkey-manager-client.so.* %{_libdir}/libkey-manager-control-client.so.* %{_datadir}/license/libkey-manager-client %{_datadir}/license/libkey-manager-control-client - %files -n libkey-manager-client-devel %defattr(-,root,root,-) %{_libdir}/libkey-manager-client.so %{_libdir}/libkey-manager-control-client.so +%{_libdir}/libkey-manager-common.so %{_includedir}/ckm/ckm/ckm-manager.h +%{_includedir}/ckm/ckm/ckm-manager-async.h %{_includedir}/ckm/ckm/ckm-certificate.h %{_includedir}/ckm/ckm/ckm-control.h %{_includedir}/ckm/ckm/ckm-error.h -%{_includedir}/ckm/ckm/ckm-echo.h %{_includedir}/ckm/ckm/ckm-key.h %{_includedir}/ckm/ckm/ckm-password.h +%{_includedir}/ckm/ckm/ckm-pkcs12.h %{_includedir}/ckm/ckm/ckm-raw-buffer.h %{_includedir}/ckm/ckm/ckm-type.h %{_includedir}/ckm/ckmc/ckmc-manager.h @@ -173,3 +288,17 @@ fi %files -n key-manager-tests %defattr(-,root,root,-) %{_bindir}/ckm-tests-internal +%{_datadir}/ckm-db-test/testme_ver1.db +%{_datadir}/ckm-db-test/testme_ver2.db +%{_datadir}/ckm-db-test/testme_ver3.db +%{_datadir}/ckm-db-test/XML_1_okay.xml +%{_datadir}/ckm-db-test/XML_1_okay.xsd +%{_datadir}/ckm-db-test/XML_1_wrong.xml +%{_datadir}/ckm-db-test/XML_1_wrong.xsd +%{_datadir}/ckm-db-test/XML_2_structure.xml +%{_bindir}/ckm_so_loader +%{_bindir}/ckm_db_tool + +%files -n key-manager-pam-plugin +%defattr(-,root,root,-) +%{_libdir}/security/pam_key_manager_plugin.so*