)
ADD_SUBDIRECTORY(db)
-ADD_SUBDIRECTORY(upgrade)
RENAME certs-meta.db
)
- INSTALL(FILES
- resource/certs-meta-0.0.4.db
- DESTINATION ${UPGRADE_DATA_PATH}
- RENAME certs-meta.db
- )
-
ELSE (${CURRENT_DIGEST} STREQUAL ${CA_BUNDLE_DIGEST})
MESSAGE("${CURRENT_DIGEST} digest is not match with static db.")
MESSAGE("Add ssl table to certs-meta.db")
DESTINATION ${CERT_SVC_DB_PATH}
)
- INSTALL(FILES
- ${PWD}/certs-meta.db
- DESTINATION ${UPGRADE_DATA_PATH}
- )
-
ENDIF (${CURRENT_DIGEST} STREQUAL ${CA_BUNDLE_DIGEST})
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file 242.cert-svc-db-upgrade.sh.in
-# @author Sangwan Kwon (sangwan.kwon@samsung.com)
-# @brief cert-svc db migration scripts for platform upgrade 2.4 -> 3.0
-#
-
-OLD_DB=@CERT_SVC_OLD_DB_PATH@/certs-meta-old.db
-NEW_DB=@CERT_SVC_DB_PATH@/certs-meta.db
-
-MIGRATION_USER_TABLE=@CERT_SVC_DB_PATH@/migration-user-table.sql
-
-# backup old database
-mv @CERT_SVC_OLD_DB_PATH@/certs-meta.db $OLD_DB
-rm -rf @CERT_SVC_OLD_DB_PATH@/certs-meta.db-journal
-
-# remove deprecated dir
-rm -rf @CERT_SVC_PKCS12@/storage
-
-# install new database
-cp @UPGRADE_DATA_PATH@/certs-meta.db $NEW_DB
-
-# migration user certs db
-touch $MIGRATION_USER_TABLE
-echo "ATTACH DATABASE '$OLD_DB' as 'tmp';" >> $MIGRATION_USER_TABLE
-echo "INSERT INTO wifi SELECT * FROM tmp.wifi;" >> $MIGRATION_USER_TABLE
-echo "INSERT INTO vpn SELECT * FROM tmp.vpn;" >> $MIGRATION_USER_TABLE
-echo "INSERT INTO email SELECT * FROM tmp.email;" >> $MIGRATION_USER_TABLE
-echo "DETACH DATABASE 'tmp';" >> $MIGRATION_USER_TABLE
-sqlite3 $NEW_DB ".read $MIGRATION_USER_TABLE"
-rm -rf $MIGRATION_USER_TABLE
-
-# update schema version to 2.4 (this is for bundle upgrade)
-sqlite3 $NEW_DB "UPDATE schema_info SET version='1', description='Tizen 2.4' \
- WHERE version='2';"
-
-# update disabled certs on db
-disabled_certs_cnt=`sqlite3 $OLD_DB "SELECT count(*) FROM disabled_certs;"`
-if [ "$disabled_certs_cnt" != "0" ]
-then
- @UPGRADE_SCRIPT_PATH@/243.cert-svc-disabled-certs-upgrade.sh $OLD_DB $NEW_DB
-fi
-
-rm -rf $OLD_DB
-
-# generate blank journal file newly
-touch $NEW_DB-journal
-
-# support backward compatablity
-ln -sf @TZ_SYS_CA_BUNDLE@ @CERT_SVC_CA_BUNDLE@
-chown -h @USER_NAME@:@GROUP_NAME@ @CERT_SVC_CA_BUNDLE@
-
-# change permission
-chsmack -a @SMACK_DOMAIN_NAME@ @CERT_SVC_DB_PATH@/*
-chown @USER_NAME@:@GROUP_NAME@ @CERT_SVC_DB_PATH@/*
-chmod 644 @CERT_SVC_DB_PATH@/*
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file 243.cert-svc-disabled-certs-upgrade.sh.in
-# @author Sangwan Kwon (sangwan.kwon@samsung.com)
-# @brief cert-svc disabled certs upgrade for platform upgrade 2.4 -> 3.0
-#
-
-# check this script invoked by cert-svc-db-upgrade
-if [ "$#" != "2" ]
-then
- exit 0
-fi
-
-OLD_DB=$1
-NEW_DB=$2
-OLD_GNAME_LIST=@CERT_SVC_DB_PATH@/old-gname-list
-OLD_CERTS_DIR=@CERT_SVC_DB_PATH@/old-certs
-
-rm -rf $OLD_CERTS_DIR
-mkdir -p $OLD_CERTS_DIR
-
-# get disabled ceritificates list from old db
-sqlite3 $OLD_DB "SELECT gname FROM disabled_certs;" > $OLD_GNAME_LIST
-
-# since gname is different between Tizen 2.4 and 3.0, compare certicate
-index=1
-for gname in `cat $OLD_GNAME_LIST`
-do
- sqlite3 $OLD_DB "SELECT certificate FROM disabled_certs
- WHERE gname='$gname';" > $OLD_CERTS_DIR/$index
- index=$(expr $index + 1)
-done
-
-# restore disabled certs to new db
-for fname in `find $OLD_CERTS_DIR/* | sort`
-do
- certs=`cat $fname`
- # check certificate's existence on new db
- ret=`sqlite3 $NEW_DB "SELECT EXISTS (
- SELECT certificate
- FROM ssl
- WHERE certificate='$certs');"`
-
- if [ "$ret" == "1" ]
- then
- # update ssl, disabled_certs table
- gname=`sqlite3 $NEW_DB "SELECT gname FROM ssl WHERE certificate='$certs';"`
- sqlite3 $NEW_DB "INSERT INTO disabled_certs VALUES ('$gname', '$certs');"
- sqlite3 $NEW_DB "UPDATE ssl SET enabled=0 WHERE gname='$gname';"
-
- # unlink disabled certs on rw area(symbol file)
- link_path="@TZ_SYS_CA_CERTS@/$gname"
- if [ -h $link_path ]
- then
- unlink $link_path
- else
- echo "Failed to find $link_path."
- fi
- fi
-done
-
-# re-make bundle file
-if [ -s @TZ_SYS_CA_BUNDLE@ ]
-then
- rm @TZ_SYS_CA_BUNDLE@
-fi
-
-for i in `find @TZ_SYS_CA_CERTS@ -maxdepth 1 -type l | sort`
-do
- openssl x509 -in $i -outform PEM >> @TZ_SYS_CA_BUNDLE@
-done
-
-rm -rf $OLD_GNAME_LIST
-rm -rf $OLD_CERTS_DIR
+++ /dev/null
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Sangwan Kwon (sangwan.kwon@samsung.com)
-#
-
-CONFIGURE_FILE(
- 242.cert-svc-db-upgrade.sh.in
- 242.cert-svc-db-upgrade.sh @ONLY)
-CONFIGURE_FILE(
- 243.cert-svc-disabled-certs-upgrade.sh.in
- 243.cert-svc-disabled-certs-upgrade.sh @ONLY)
-
-INSTALL(FILES
- 242.cert-svc-db-upgrade.sh
- 243.cert-svc-disabled-certs-upgrade.sh
- DESTINATION ${UPGRADE_SCRIPT_PATH}
-)
%global cert_svc_examples %cert_svc_ro_path/examples
%global cert_svc_tests %rw_app_dir/cert-svc-tests
-%global cert_svc_old_db_path /opt/share/cert-svc/dbspace
-%global upgrade_script_path %ro_data_dir/upgrade/scripts
-%global upgrade_data_path %ro_data_dir/upgrade/data
-
%description
Certification service
-DCERT_SVC_RO_PATH=%cert_svc_ro_path \
-DCERT_SVC_PKCS12=%cert_svc_pkcs12 \
-DCERT_SVC_DB_PATH=%cert_svc_db_path \
- -DCERT_SVC_OLD_DB_PATH=%cert_svc_old_db_path \
- -DUPGRADE_SCRIPT_PATH=%upgrade_script_path \
- -DUPGRADE_DATA_PATH=%upgrade_data_path \
%if 0%{?certsvc_test_build}
-DCERTSVC_TEST_BUILD=1 \
-DCERT_SVC_TESTS=%cert_svc_tests \
if [ $1 = 1 ]; then
systemctl start cert-server.socket
fi
-# upgrade / reinstall
+# reinstall
if [ $1 = 2 ]; then
systemctl restart cert-server.socket
fi
%attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db-journal
%attr(-, %{user_name}, %{group_name}) %cert_svc_ro_path
-%attr(755, root, root) %upgrade_script_path/242.cert-svc-db-upgrade.sh
-%attr(755, root, root) %upgrade_script_path/243.cert-svc-disabled-certs-upgrade.sh
-%upgrade_data_path/certs-meta.db
-
%files devel
%_includedir/*
%_libdir/pkgconfig/*
%cert_svc_tests
%_libdir/libcert-svc-validator-plugin.so
-%attr(755, root, root) %upgrade_script_path/cert-svc-test-upgrade.sh
-%upgrade_data_path/certs-meta-old.db
-
%bin_dir/cert-svc-example*
%cert_svc_examples
ADD_SUBDIRECTORY(pkcs12)
ADD_SUBDIRECTORY(vcore)
ADD_SUBDIRECTORY(plugin)
-ADD_SUBDIRECTORY(upgrade)
+++ /dev/null
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Sangwan Kwon (sangwan.kwon@samsung.com)
-#
-
-CONFIGURE_FILE(
- cert-svc-test-upgrade.sh.in
- cert-svc-test-upgrade.sh @ONLY)
-
-INSTALL(FILES
- cert-svc-test-upgrade.sh
- DESTINATION ${UPGRADE_SCRIPT_PATH}
-)
-
-INSTALL(FILES
- certs-meta-old.db
- DESTINATION ${UPGRADE_DATA_PATH}
-)
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file cert-svc-test-upgrade.sh.in
-# @author Sangwan Kwon (sangwan.kwon@samsung.com)
-# @brief test script for platform upgrade Tizen 2.4 -> 3.0
-#
-
-NEW_DB=@CERT_SVC_DB_PATH@/certs-meta.db
-TEST_GNAME1="6410666e.0"
-TEST_GNAME2="790a7190.0"
-
-# set test old database
-rm -rf @CERT_SVC_OLD_DB_PATH@/*
-cp @UPGRADE_DATA_PATH@/certs-meta-old.db @CERT_SVC_OLD_DB_PATH@/certs-meta.db
-
-before_upgrade_certs_cnt=`ls -l @TZ_SYS_CA_CERTS@ | grep ^l | wc -l`
-before_upgrade_bundle_line=`cat @TZ_SYS_CA_BUNDLE@ | wc -l`
-
-# run db upgrade
-@UPGRADE_SCRIPT_PATH@/242.cert-svc-db-upgrade.sh
-
-# testcase 1. disabled_certs table should have 2 column
-disabled_certs_cnt=`sqlite3 $NEW_DB "SELECT count(*) FROM disabled_certs;"`
-if [ "$disabled_certs_cnt" != "2" ]
-then
- echo "[-] Failed to upgrade disabled_certs table."
-else
- echo "[+] Success to upgrade disabled_certs table."
-fi
-
-# testcase 2. below gname's enabled column should off
-enabled_column1=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='$TEST_GNAME1';"`
-if [ "$enabled_column1" != "0" ]
-then
- echo "[-] Failed to upgrade ssl table."
-else
- echo "[+] Success to upgrade ssl table."
-fi
-enabled_column2=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='$TEST_GNAME2';"`
-if [ "$enabled_column2" != "0" ]
-then
- echo "[-] Failed to upgrade ssl table."
-else
- echo "[+] Success to upgrade ssl table."
-fi
-
-# testcase 3. check to exist disabled certs on rw area
-link_path1="@TZ_SYS_CA_CERTS@/$TEST_GNAME1"
-if [ -f $link_path1 ]
-then
- echo "[-] Failed to unlink disabled certs."
-else
- echo "[+] Success to unlink disabled certs."
-fi
-link_path2="@TZ_SYS_CA_CERTS@/$TEST_GNAME2"
-if [ -f $link_path1 ]
-then
- echo "[-] Failed to unlink disabled certs."
-else
- echo "[+] Success to unlink disabled certs."
-fi
-
-# check certificate's count was reduced
-after_upgrade_certs_cnt=`ls -l @TZ_SYS_CA_CERTS@ | grep ^l | wc -l`
-diff_cnt=$(expr $before_upgrade_certs_cnt - $after_upgrade_certs_cnt)
-if [ "$diff_cnt" != "2" ]
-then
- echo "[-] Failed to unlink disabled certs."
- echo "[-] Check ca-certificate package's upgrade has done."
-else
- echo "[+] Success to unlink disabled certs."
-fi
-
-# testcase 4. bundle file should update
-after_upgrade_bundle_line=`cat @TZ_SYS_CA_BUNDLE@ | wc -l`
-diff_line1=$(expr $before_upgrade_bundle_line - $after_upgrade_bundle_line)
-if [ "$diff_line1" != "56" ]
-then
- echo "[-] Failed to update bundle file."
- echo "[-] Check ca-certificate package's upgrade has done."
-else
- echo "[+] Success to update bundle file."
-fi
-
-after_symbol_bundle_line=`cat @CERT_SVC_CA_BUNDLE@ | wc -l`
-diff_line2=$(expr $after_upgrade_bundle_line - $after_symbol_bundle_line)
-if [ "$diff_line2" != "0" ]
-then
- echo "[-] Failed to sync bundle file with CERT_SVC_CA_BUNDLE."
-else
- echo "[+] Success to sync bundle file with CERT_SVC_CA_BUNDLE."
-fi
-
-# testcase 5. user table migration
-wifi_certs_cnt=`sqlite3 $NEW_DB "SELECT count(*) FROM wifi;"`
-if [ "$wifi_certs_cnt" != "1" ]
-then
- echo "[-] Failed to migrate wifi table."
-else
- echo "[+] Success to migrate wifi table."
-fi
-
-vpn_certs_cnt=`sqlite3 $NEW_DB "SELECT count(*) FROM vpn;"`
-if [ "$vpn_certs_cnt" != "1" ]
-then
- echo "[-] Failed to migrate vpn table."
-else
- echo "[+] Success to migrate vpn table."
-fi
-
-email_certs_cnt=`sqlite3 $NEW_DB "SELECT count(*) FROM email;"`
-if [ "$email_certs_cnt" != "1" ]
-then
- echo "[-] Failed to migrate email table."
-else
- echo "[+] Success to migrate email table."
-fi
projects / platform / core / security / cert-svc.git / commitdiff