%define smack_domain_name System::Shared
# prefix macro
+%define var_dir %{?TZ_SYS_VAR:%TZ_SYS_VAR}%{!?TZ_SYS_VAR:/opt/var}
%define etc_dir %{?TZ_SYS_ETC:%TZ_SYS_ETC}%{!?TZ_SYS_ETC:/opt/etc}
%define ro_etc_dir %{?TZ_SYS_RO_ETC:%TZ_SYS_RO_ETC}%{!?TZ_SYS_RO_ETC:%_sysconfdir}
%define ssl_dir %{etc_dir}/ssl
%define ca_certs_dir %{ssl_dir}/certs
# CA bundle macro
-%define ca_bundle_dir /var/lib/ca-certificates
-%define ca_bundle %{ca_bundle_dir}/ca-bundle.pem
-%define ro_ca_bundle %{ro_ssl_dir}/ca-bundle.pem
+%define ca_bundle_dir %{var_dir}/lib/ca-certificates
+%define ca_bundle %{ca_bundle_dir}/ca-bundle.pem
+%define ro_ca_bundle %{ro_ssl_dir}/ca-bundle.pem
+%define old_ca_bundle_dir /opt/share/ca-certificates
# define system macro
%define macro_ca_certificates %{ro_etc_dir}/rpm/macros.ca-certificates
# upgrade macro
-%define upgrade_dir %{ro_data_dir}
+%define upgrade_dir %{ro_data_dir}/upgrade
%define upgrade_script_dir %{upgrade_dir}/scripts
+%define upgrade_data_dir %{upgrade_dir}/data
%prep
%setup -q
-DSMACK_DOMAIN_NAME=%smack_domain_name \
-DTZ_SYS_CA_CERTS=%ca_certs_dir \
-DTZ_SYS_CA_BUNDLE=%ca_bundle \
+ -DTZ_SYS_RO_CA_BUNDLE=%ro_ca_bundle \
+ -DTZ_SYS_CA_BUNDLE_DIR=%ca_bundle_dir \
-DTZ_SYS_RO_CA_CERTS_ORIG=%ro_ca_certs_orig_dir \
- -DUPGRADE_SCRIPT_DIR=%upgrade_script_dir
+ -DOLD_CA_BUNDLE_DIR=%old_ca_bundle_dir \
+ -DUPGRADE_SCRIPT_DIR=%upgrade_script_dir \
+ -DUPGRADE_DATA_DIR=%upgrade_data_dir
%install
# link file : for bundle
ln -sf %{ca_bundle} %{buildroot}%{ro_ca_bundle}
+# data for platform upgrade (Tizen 2.4 -> 3.0)
+mkdir -p %{buildroot}%{upgrade_data_dir}
+cp %{buildroot}%{ca_bundle} %{buildroot}%{upgrade_data_dir}
+
%files
%manifest %{name}.manifest
%license LICENSE
%dir %{ca_bundle_dir}
%attr(664, root, %{group_name}) %{ca_bundle}
# symbol CA bundle
-%attr(664, root, %{group_name}) %{ro_ca_bundle}
-# script for platform upgrade (Tizen 2.4 -> 3.0)
+%{ro_ca_bundle}
+# support for platform upgrade (Tizen 2.4 -> 3.0)
%attr(755, root, root) %{upgrade_script_dir}/ca-certificates-certs-upgrade.sh
+%attr(755, root, root) %{upgrade_script_dir}/ca-certificates-bundle-upgrade.sh
+%attr(664, root, %{group_name}) %{upgrade_data_dir}/ca-bundle.pem
%files devel
%config %{macro_ca_certificates}
#
CONFIGURE_FILE(
- ca-certificates-certs-upgrade.sh.in
- ca-certificates-certs-upgrade.sh
- @ONLY
-)
+ ca-certificates-certs-upgrade.sh.in ca-certificates-certs-upgrade.sh
+ @ONLY)
+CONFIGURE_FILE(
+ ca-certificates-bundle-upgrade.sh.in ca-certificates-bundle-upgrade.sh
+ @ONLY)
-INSTALL(
- FILES
- ca-certificates-certs-upgrade.sh
- DESTINATION ${UPGRADE_SCRIPT_DIR}
-)
+INSTALL(FILES
+ ca-certificates-certs-upgrade.sh
+ ca-certificates-bundle-upgrade.sh
+ DESTINATION ${UPGRADE_SCRIPT_DIR})
--- /dev/null
+#!/bin/bash
+
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file ca-certificates-bundle-upgrade.sh.in
+# @author Sangwan Kwon (sangwan.kwon@samsung.com)
+# @brief CA bundle migration scripts for platform upgrade 2.4 -> 3.0
+#
+
+# delete old ca bundle
+rm -rf @OLD_CA_BUNDLE_DIR@
+
+# upgrade bundle file
+mkdir -p @TZ_SYS_CA_BUNDLE_DIR@
+cp @UPGRADE_DATA_DIR@/ca-bundle.pem @TZ_SYS_CA_BUNDLE_DIR@
+
+# change permission
+chsmack -a @SMACK_DOMAIN_NAME@ @TZ_SYS_CA_BUNDLE@
+chown root:@GROUP_NAME@ @TZ_SYS_CA_BUNDLE@
+chmod 664 @TZ_SYS_CA_BUNDLE@
+
+# make link files on RO area
+ln -sf @TZ_SYS_CA_BUNDLE@ @TZ_SYS_RO_CA_BUNDLE@
projects / platform / core / security / ca-certificates.git / commitdiff