SET(TARGET_VCORE_LIB "cert-svc-vcore")
SET(TARGET_CERT_SERVER "cert-server")
-SET(CERT_SVC_PATH ${TZ_SYS_SHARE}/cert-svc)
+SET(CERT_SVC_PATH ${TZ_SYS_RO_SHARE}/cert-svc)
+SET(CERT_SVC_DB_PATH ${TZ_SYS_SHARE}/cert-svc/dbspace)
ADD_DEFINITIONS("-DSIGNATURE_SCHEMA_PATH=\"${CERT_SVC_PATH}/schema.xsd\"")
-ADD_DEFINITIONS("-DCERTSVC_SYSTEM_STORE_DB=\"${CERT_SVC_PATH}/dbspace/certs-meta.db\"")
+ADD_DEFINITIONS("-DCERTSVC_SYSTEM_STORE_DB=\"${CERT_SVC_DB_PATH}/certs-meta.db\"")
ADD_DEFINITIONS("-DCERTSVC_DIR=\"${CERT_SVC_PATH}/certs/\"")
ADD_DEFINITIONS("-DCERTSVC_PKCS12_STORAGE_DIR=\"${CERT_SVC_PATH}/pkcs12/\"")
ADD_DEFINITIONS("-DTZ_SYS_CA_CERTS_ORIG=\"${TZ_SYS_CA_CERTS_ORIG}\"")
ADD_DEFINITIONS("-DTZ_SYS_CA_BUNDLE_RW=\"${TZ_SYS_CA_BUNDLE_RW}\"")
-SET(CA_CERTS_PATH ${TZ_SYS_SHARE}/ca-certificates)
+SET(CA_CERTS_PATH ${TZ_SYS_RO_SHARE}/ca-certificates)
ADD_DEFINITIONS("-DTZ_SYS_CA_CERTS_TIZEN=\"${CA_CERTS_PATH}/tizen\"")
ADD_DEFINITIONS("-DFINGERPRINT_LIST_PATH=\"${CA_CERTS_PATH}/fingerprint/fingerprint_list.xml\"")
ADD_DEFINITIONS("-DFINGERPRINT_LIST_SCHEMA_PATH=\"${CA_CERTS_PATH}/fingerprint/fingerprint_list.xsd\"")
ADD_DEFINITIONS("-DTESTAPP_RES_DIR=\"${TZ_SYS_RO_APP}/cert-svc-tests/\"")
ADD_SUBDIRECTORY(tests)
ENDIF (DEFINED CERTSVC_TEST_BUILD)
+
+CONFIGURE_FILE(packaging/cert-svc.manifest.in cert-svc.manifest @ONLY)
INSTALL(FILES
${ETC_DIR}/schema.xsd
- DESTINATION ${TZ_SYS_SHARE}/cert-svc
+ DESTINATION ${CERT_SVC_PATH}
)
MESSAGE("Add ssl table to certs-meta.db")
INSTALL(FILES
${ETC_DIR}/certs-meta.db
${ETC_DIR}/certs-meta.db-journal
- DESTINATION ${TZ_SYS_SHARE}/cert-svc/dbspace
+ DESTINATION ${CERT_SVC_DB_PATH}
)
+++ /dev/null
-<manifest>
- <request>
- <domain name="_" />
- </request>
- <assign>
- <filesystem path="/usr/share/cert-svc" label="System" type="transmutable" />
- <filesystem path="/usr/share/cert-svc/ca-certificate.crt" label="_" />
- <filesystem path="/usr/share/cert-svc/schema.xsd" label="_" />
- </assign>
-</manifest>
--- /dev/null
+<manifest>
+ <request>
+ <domain name="_" />
+ </request>
+ <assign>
+ <filesystem path="@CERT_SVC_PATH@" label="System" type="transmutable" />
+ </assign>
+</manifest>
Group: Security/Libraries
License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
-Source1001: %{name}.manifest
BuildRequires: cmake
BuildRequires: findutils
BuildRequires: openssl
Requires: ca-certificates
Requires: ca-certificates-tizen
+%global TZ_SYS_BIN %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir}
+%global TZ_SYS_SHARE %{?TZ_SYS_SHARE:%TZ_SYS_SHARE}%{!?TZ_SYS_SHARE:/opt/share}
+%global TZ_SYS_RO_SHARE %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir}
+%global TZ_SYS_RO_APP %{?TZ_SYS_RO_APP:%TZ_SYS_RO_APP}%!?TZ_SYS_RO_APP:/usr/apps}
+%global TZ_SYS_CA_CERTS %{?TZ_SYS_CA_CERTS:%TZ_SYS_CA_CERTS}%{!?TZ_SYS_CA_CERTS:/etc/ssl/certs}
+%global TZ_SYS_CA_CERTS_ORIG %{?TZ_SYS_CA_CERTS_ORIG:%TZ_SYS_CA_CERTS_ORIG}%{!?TZ_SYS_CA_CERTS_ORGIN:%TZ_SYS_RO_SHARE/ca-certificates/certs}
+%global TZ_SYS_CA_BUNDLE_RW %{?TZ_SYS_CA_BUNDLE_RW:%TZ_SYS_CA_BUNDLE_RW}%{!?TZ_SYS_CA_BUNDLE_RW:/var/lib/ca-certificates/ca-bundle.pem}
+
%description
Certification service
%prep
%setup -q
-cp -a %SOURCE1001 .
%build
export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
%cmake . -DVERSION=%version \
-DINCLUDEDIR=%_includedir \
-DTZ_SYS_SHARE=%TZ_SYS_SHARE \
+ -DTZ_SYS_RO_SHARE=%TZ_SYS_RO_SHARE \
-DTZ_SYS_BIN=%TZ_SYS_BIN \
-DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \
-DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \
%install_service multi-user.target.wants cert-server.service
%install_service sockets.target.wants cert-server.socket
-mkdir -p %buildroot%TZ_SYS_SHARE/cert-svc/pkcs12
+mkdir -p %buildroot%TZ_SYS_RO_SHARE/cert-svc/pkcs12
mkdir -p %buildroot%TZ_SYS_SHARE/cert-svc/dbspace
-ln -s %TZ_SYS_CA_BUNDLE_RW %buildroot%TZ_SYS_SHARE/cert-svc/ca-certificate.crt
+ln -s %TZ_SYS_CA_BUNDLE_RW %buildroot%TZ_SYS_RO_SHARE/cert-svc/ca-certificate.crt
%preun
# erase
%_unitdir/sockets.target.wants/cert-server.socket
%_libdir/libcert-svc-vcore.so.*
%TZ_SYS_BIN/cert-server
-%attr(-, system, system) %TZ_SYS_SHARE/cert-svc
+%attr(-, system, system) %TZ_SYS_RO_SHARE/cert-svc
%files devel
%_includedir/*
+SET(CERT_SERVER "cert-server")
+
+CONFIGURE_FILE(${CERT_SERVER}.service.in ${CERT_SERVER}.service @ONLY)
+
INSTALL(
FILES
- ${PROJECT_SOURCE_DIR}/systemd/cert-server.socket
- ${PROJECT_SOURCE_DIR}/systemd/cert-server.service
+ ${PROJECT_SOURCE_DIR}/systemd/${CERT_SERVER}.socket
+ ${PROJECT_SOURCE_DIR}/systemd/${CERT_SERVER}.service
DESTINATION ${SYSTEMD_UNIT_DIR}
)
Description=Start cert server for cert-svc managing root ssl certs
[Service]
-ExecStart=/usr/bin/cert-server
+ExecStart=@TZ_SYS_BIN@/cert-server
User=system
Group=system
Sockets=cert-server.socket
# @brief This package provides bacis check of internal OpenSSL's PKCS#12 routines.
#
+PKG_CHECK_MODULES(PKCS12_TEST_DEP
+ REQUIRED
+ libtzplatform-config
+ )
+
SET(PKCS12_TEST_SOURCES
pkcs12_test.cpp
new_test_cases.cpp
)
INCLUDE_DIRECTORIES(
+ ${PKCS12_TEST_DEP_INCLUDE_DIRS}
${PROJECT_SOURCE_DIR}/vcore/src
.
)
TARGET_LINK_LIBRARIES(${TARGET_PKCS12_TEST}
${TARGET_VCORE_LIB}
${TEST_DEP_LIBRARIES}
+ ${PKCS12_TEST_DEP_LIBRARIES}
)
INSTALL(TARGETS ${TARGET_PKCS12_TEST}
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <tzplatform_config.h>
+
#include <cert-svc/cinstance.h>
#include <cert-svc/ccert.h>
#include <cert-svc/cpkcs12.h>
RUNNER_TEST(CERTSVC_PKCS12_1018_get_duplicate_private_key)
{
- const char *privatekey_path = "/usr/share/cert-svc/pkcs12/temp.txt";
+// FIXME : Delete macro when tizen 3.0 directory structure is fully updated
+#ifdef TZ_SYS_RO_SHARE
+ const char *privatekey_path = tzplatform_mkpath(TZ_SYS_RO_SHARE, "cert-svc/pkcs12/temp.txt");
+#else
+ const char *privatekey_path = tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/pkcs12/temp.txt");
+#endif
+
int result;
CREATE_INSTANCE
result = certsvc_certificate_dup_x509(user_certificate, &x509);
char user_cert_path[512];
- sprintf(user_cert_path, "/usr/share/cert-svc/pkcs12/file_%d", count++);
+
+// FIXME : Delete macro when tizen 3.0 directory structure is fully updated
+#ifdef TZ_SYS_RO_SHARE
+ const char *output_template = tzplatform_mkpath(TZ_SYS_RO_SHARE, "cert-svc/pkcs12/file_%d");
+#else
+ const char *output_template = tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/pkcs12/file_%d");
+#endif
+
+ sprintf(user_cert_path, output_template, count++);
FILE *fp = fopen(user_cert_path, "w");
RUNNER_ASSERT_MSG(fp != NULL, "Failed to open the file for writing");