DESTINATION ${CERT_SVC_DB_PATH}
)
-CONFIGURE_FILE(cert-svc-db-upgrade.sh.in cert-svc-db-upgrade.sh @ONLY)
-CONFIGURE_FILE(
- cert-svc-disabled-certs-upgrade.sh.in
- cert-svc-disabled-certs-upgrade.sh @ONLY
- )
-
-INSTALL(FILES
- ${ETC_DIR}/cert-svc-db-upgrade.sh
- ${ETC_DIR}/cert-svc-disabled-certs-upgrade.sh
- DESTINATION ${UPGRADE_SCRIPT_PATH}
- )
+ADD_SUBDIRECTORY(upgrade)
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file cert-svc-db-upgrade.sh.in
-# @author Sangwan Kwon (sangwan.kwon@samsung.com)
-# @brief cert-svc db migration scripts for platform upgrade 2.4 -> 3.0
-#
-
-OLD_DB=@CERT_SVC_OLD_DB_PATH@/certs-meta-old.db
-NEW_DB=@CERT_SVC_DB_PATH@/certs-meta.db
-
-# backup old database
-mv @CERT_SVC_OLD_DB_PATH@/certs-meta.db $OLD_DB
-rm -rf @CERT_SVC_OLD_DB_PATH@/certs-meta.db-journal
-
-# install new database
-cp @UPGRADE_DATA_PATH@/certs-meta.db $NEW_DB
-
-# update disabled certs on db
-disabled_certs_cnt=`sqlite3 $OLD_DB "SELECT count(*) FROM disabled_certs;"`
-if [ "$disabled_certs_cnt" != "0" ]
-then
- @UPGRADE_SCRIPT_PATH@/cert-svc-disabled-certs-upgrade.sh $OLD_DB $NEW_DB
-fi
-
-rm -rf $OLD_DB
-
-# generate blank journal file newly
-touch $NEW_DB-journal
-
-# change permission
-chsmack -a @SMACK_DOMAIN_NAME@ @CERT_SVC_DB_PATH@/*
-chown @USER_NAME@:@GROUP_NAME@ @CERT_SVC_DB_PATH@/*
-chmod 644 @CERT_SVC_DB_PATH@/*
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file cert-svc-disabled-certs-upgrade.sh.in
-# @author Sangwan Kwon (sangwan.kwon@samsung.com)
-# @brief cert-svc disabled certs upgrade for platform upgrade 2.4 -> 3.0
-#
-
-# TODO(sangwan.kwon) Migration user certs(WIFI, VPN, EMAIL)
-
-# check this script invoked by cert-svc-db-upgrade
-if [ "$#" != "2" ]
-then
- exit 0
-fi
-
-OLD_DB=$1
-NEW_DB=$2
-OLD_GNAME_LIST=@CERT_SVC_DB_PATH@/old-gname-list
-OLD_CERTS_DIR=@CERT_SVC_DB_PATH@/old-certs
-
-rm -rf $OLD_CERTS_DIR
-mkdir -p $OLD_CERTS_DIR
-
-# get disabled ceritificates list from old db
-sqlite3 $OLD_DB "SELECT gname FROM disabled_certs;" > $OLD_GNAME_LIST
-
-# since gname is different between Tizen 2.4 and 3.0, compare certicate
-index=1
-for gname in `cat $OLD_GNAME_LIST`
-do
- sqlite3 $OLD_DB "SELECT certificate FROM disabled_certs
- WHERE gname='$gname';" > $OLD_CERTS_DIR/$index
- index=$(expr $index + 1)
-done
-
-# restore disabled certs to new db
-for fname in `find $OLD_CERTS_DIR/* | sort`
-do
- certs=`cat $fname`
- # check certificate's existence on new db
- ret=`sqlite3 $NEW_DB "SELECT EXISTS (
- SELECT certificate
- FROM ssl
- WHERE certificate='$certs');"`
-
- if [ "$ret" == "1" ]
- then
- # TODO(sangwan.kwon) Consider is_root_app column (it depends on master app)
- # update ssl, disabled_certs table
- gname=`sqlite3 $NEW_DB "SELECT gname FROM ssl WHERE certificate='$certs';"`
- sqlite3 $NEW_DB "INSERT INTO disabled_certs VALUES ('$gname', '$certs');"
- sqlite3 $NEW_DB "UPDATE ssl SET enabled=0 WHERE gname='$gname';"
-
- # TODO(sangwan.kwon) unlink file between rw & ro area
- fi
-done
-
-rm -rf $OLD_GNAME_LIST
-rm -rf $OLD_CERTS_DIR
--- /dev/null
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Sangwan Kwon (sangwan.kwon@samsung.com)
+#
+
+CONFIGURE_FILE(
+ cert-svc-db-upgrade.sh.in
+ cert-svc-db-upgrade.sh @ONLY)
+CONFIGURE_FILE(
+ cert-svc-disabled-certs-upgrade.sh.in
+ cert-svc-disabled-certs-upgrade.sh @ONLY)
+
+INSTALL(FILES
+ cert-svc-db-upgrade.sh
+ cert-svc-disabled-certs-upgrade.sh
+ DESTINATION ${UPGRADE_SCRIPT_PATH}
+)
--- /dev/null
+#!/bin/bash
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file cert-svc-db-upgrade.sh.in
+# @author Sangwan Kwon (sangwan.kwon@samsung.com)
+# @brief cert-svc db migration scripts for platform upgrade 2.4 -> 3.0
+#
+
+OLD_DB=@CERT_SVC_OLD_DB_PATH@/certs-meta-old.db
+NEW_DB=@CERT_SVC_DB_PATH@/certs-meta.db
+
+# backup old database
+mv @CERT_SVC_OLD_DB_PATH@/certs-meta.db $OLD_DB
+rm -rf @CERT_SVC_OLD_DB_PATH@/certs-meta.db-journal
+
+# install new database
+cp @UPGRADE_DATA_PATH@/certs-meta.db $NEW_DB
+
+# update disabled certs on db
+disabled_certs_cnt=`sqlite3 $OLD_DB "SELECT count(*) FROM disabled_certs;"`
+if [ "$disabled_certs_cnt" != "0" ]
+then
+ @UPGRADE_SCRIPT_PATH@/cert-svc-disabled-certs-upgrade.sh $OLD_DB $NEW_DB
+fi
+
+rm -rf $OLD_DB
+
+# generate blank journal file newly
+touch $NEW_DB-journal
+
+# change permission
+chsmack -a @SMACK_DOMAIN_NAME@ @CERT_SVC_DB_PATH@/*
+chown @USER_NAME@:@GROUP_NAME@ @CERT_SVC_DB_PATH@/*
+chmod 644 @CERT_SVC_DB_PATH@/*
--- /dev/null
+#!/bin/bash
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file cert-svc-disabled-certs-upgrade.sh.in
+# @author Sangwan Kwon (sangwan.kwon@samsung.com)
+# @brief cert-svc disabled certs upgrade for platform upgrade 2.4 -> 3.0
+#
+
+# TODO(sangwan.kwon) Migration user certs(WIFI, VPN, EMAIL)
+
+# check this script invoked by cert-svc-db-upgrade
+if [ "$#" != "2" ]
+then
+ exit 0
+fi
+
+OLD_DB=$1
+NEW_DB=$2
+OLD_GNAME_LIST=@CERT_SVC_DB_PATH@/old-gname-list
+OLD_CERTS_DIR=@CERT_SVC_DB_PATH@/old-certs
+
+rm -rf $OLD_CERTS_DIR
+mkdir -p $OLD_CERTS_DIR
+
+# get disabled ceritificates list from old db
+sqlite3 $OLD_DB "SELECT gname FROM disabled_certs;" > $OLD_GNAME_LIST
+
+# since gname is different between Tizen 2.4 and 3.0, compare certicate
+index=1
+for gname in `cat $OLD_GNAME_LIST`
+do
+ sqlite3 $OLD_DB "SELECT certificate FROM disabled_certs
+ WHERE gname='$gname';" > $OLD_CERTS_DIR/$index
+ index=$(expr $index + 1)
+done
+
+# restore disabled certs to new db
+for fname in `find $OLD_CERTS_DIR/* | sort`
+do
+ certs=`cat $fname`
+ # check certificate's existence on new db
+ ret=`sqlite3 $NEW_DB "SELECT EXISTS (
+ SELECT certificate
+ FROM ssl
+ WHERE certificate='$certs');"`
+
+ if [ "$ret" == "1" ]
+ then
+ # TODO(sangwan.kwon) Consider is_root_app column (it depends on master app)
+ # update ssl, disabled_certs table
+ gname=`sqlite3 $NEW_DB "SELECT gname FROM ssl WHERE certificate='$certs';"`
+ sqlite3 $NEW_DB "INSERT INTO disabled_certs VALUES ('$gname', '$certs');"
+ sqlite3 $NEW_DB "UPDATE ssl SET enabled=0 WHERE gname='$gname';"
+
+ # TODO(sangwan.kwon) unlink file between rw & ro area
+ fi
+done
+
+rm -rf $OLD_GNAME_LIST
+rm -rf $OLD_CERTS_DIR
%attr(-, %{USER_NAME}, %{GROUP_NAME}) %CERT_SVC_DB_PATH/certs-meta.db-journal
%attr(-, %{USER_NAME}, %{GROUP_NAME}) %CERT_SVC_RO_PATH
-%attr(755, root, root) %{UPGRADE_SCRIPT_PATH}/cert-svc-db-upgrade.sh
-%attr(755, root, root) %{UPGRADE_SCRIPT_PATH}/cert-svc-disabled-certs-upgrade.sh
+%attr(755, root, root) %UPGRADE_SCRIPT_PATH/cert-svc-db-upgrade.sh
+%attr(755, root, root) %UPGRADE_SCRIPT_PATH/cert-svc-disabled-certs-upgrade.sh
%{UPGRADE_DATA_PATH}/certs-meta.db
%files devel
%TZ_SYS_BIN/cert-svc-test*
%CERT_SVC_TESTS
%_libdir/libcert-svc-validator-plugin.so
+%attr(755, root, root) %UPGRADE_SCRIPT_PATH/cert-svc-test-upgrade.sh
+%{UPGRADE_DATA_PATH}/certs-meta-old.db
%endif
ADD_SUBDIRECTORY(pkcs12)
ADD_SUBDIRECTORY(vcore)
ADD_SUBDIRECTORY(plugin)
+ADD_SUBDIRECTORY(upgrade)
--- /dev/null
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Sangwan Kwon (sangwan.kwon@samsung.com)
+#
+
+CONFIGURE_FILE(
+ cert-svc-test-upgrade.sh.in
+ cert-svc-test-upgrade.sh @ONLY)
+
+INSTALL(FILES
+ cert-svc-test-upgrade.sh
+ DESTINATION ${UPGRADE_SCRIPT_PATH}
+)
+
+INSTALL(FILES
+ certs-meta-old.db
+ DESTINATION ${UPGRADE_DATA_PATH}
+)
--- /dev/null
+#!/bin/bash
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file cert-svc-test-upgrade.sh.in
+# @author Sangwan Kwon (sangwan.kwon@samsung.com)
+# @brief test script for platform upgrade Tizen 2.4 -> 3.0
+#
+
+NEW_DB=@CERT_SVC_DB_PATH@/certs-meta.db
+
+# set test old database
+rm -rf @CERT_SVC_OLD_DB_PATH@/*
+cp @UPGRADE_DATA_PATH@/certs-meta-old.db @CERT_SVC_OLD_DB_PATH@/certs-meta.db
+
+# run db upgrade
+@UPGRADE_SCRIPT_PATH@/cert-svc-db-upgrade.sh
+
+# testcase 1. disabled_certs table should have 2 column
+disabled_certs_cnt=`sqlite3 $NEW_DB "SELECT count(*) FROM disabled_certs;"`
+if [ "$disabled_certs_cnt" != "2" ]
+then
+ echo "Failed to upgrade disabled_cers table."
+fi
+
+# testcase 2. below gname's enabled column should off
+enabled_column=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='6410666e.0';"`
+if [ "$enabled_column" != "0" ]
+then
+ echo "Failed to upgrade ssl table."
+fi
projects / platform / core / security / cert-svc.git / commitdiff