Add migrate script for removed cert-svc store API

cert svc API in cert-service.h is removed and certificates saved by
those API could be used through key-manager API after certificates
migrated.
(related cert-svc commit:
    project  : platform/core/security/cert-svc
    commitid : 3f2d8b2afcbefa5d2668a08bcd2a3acd25ffe067)

For now added script only moves certs directory from old cert-svc path
to key-manager data directory. Reading those resources and save to
key-manager db when service loaded is TODO

Change-Id: I54019a31d8b7549a770d8acf0da8df28be6f99a6
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>

diff --git a/data/scripts/234.key-manager-move-certsvc-migratable-data.patch.sh.in b/data/scripts/234.key-manager-move-certsvc-migratable-data.patch.sh.in
new file mode 100755 (executable)
index 0000000..1126c70
--- /dev/null
+++ b/data/scripts/234.key-manager-move-certsvc-migratable-data.patch.sh.in
@@ -0,0 +1,36 @@
+#!/bin/bash
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#
+# @file        234.key-manager-move-certsvc-migratable-data.patch.sh.in
+# @author      Kyungwook Tak (k.tak@samsung.com)
+# @brief       Moves old cert-svc CAPI store to key-manager dir
+
+CERTSVC_STORE_PATH="/opt/share/cert-svc/certs"
+MIGRATED_CERTSVC_PATH="@RW_DATA_DIR@/certsvc"
+
+mv $CERTSVC_STORE_PATH $MIGRATED_CERTSVC_PATH
+
+if [[ -d ${MIGRATED_CERTSVC_PATH}/ssl ]] && [[ -h ${MIGRATED_CERTSVC_PATH}/ssl ]]; then
+       rm ${MIGRATED_CERTSVC_PATH}/ssl
+fi
+
+chsmack -a "@SMACK_DOMAIN_NAME@" $MIGRATED_CERTSVC_PATH -r
+chown -R @USER_NAME@:@GROUP_NAME@ $MIGRATED_CERTSVC_PATH
+chmod 770 $MIGRATED_CERTSVC_PATH
+
+# TODO: read migrated certsvc certs and store in key-manager system db if needed
+rm -rf $MIGRATED_CERTSVC_PATH

diff --git a/data/scripts/CMakeLists.txt b/data/scripts/CMakeLists.txt
index 5c07257..742ff21 100644 (file)
--- a/data/scripts/CMakeLists.txt
+++ b/data/scripts/CMakeLists.txt
@@ -33,11 +33,16 @@ CONFIGURE_FILE(233.key-manager-move-ss-migratable-data.patch.sh.in
                233.key-manager-move-ss-migratable-data.patch.sh
                @ONLY)
 
+CONFIGURE_FILE(234.key-manager-move-certsvc-migratable-data.patch.sh.in
+               234.key-manager-move-certsvc-migratable-data.patch.sh
+               @ONLY)
+
 INSTALL(FILES
         230.key-manager-change-data-dir.patch.sh
         231.key-manager-migrate-dkek.patch.sh
         232.key-manager-change-user.patch.sh
         233.key-manager-move-ss-migratable-data.patch.sh
+        234.key-manager-move-certsvc-migratable-data.patch.sh
     DESTINATION ${UPGRADE_SCRIPT_DIR}
     PERMISSIONS
         OWNER_READ

diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec
index 7217844..647e47d 100644 (file)
--- a/packaging/key-manager.spec
+++ b/packaging/key-manager.spec
@@ -253,6 +253,7 @@ fi
 %{upgrade_script_dir}/231.key-manager-migrate-dkek.patch.sh
 %{upgrade_script_dir}/232.key-manager-change-user.patch.sh
 %{upgrade_script_dir}/233.key-manager-move-ss-migratable-data.patch.sh
+%{upgrade_script_dir}/234.key-manager-move-certsvc-migratable-data.patch.sh
 %{ro_etc_dir}/gumd/userdel.d/10_key-manager.post
 %{bin_dir}/ckm_tool