- Trust-anchor certificate file directory has fixed.
- Make symbolic link when given pkg type is wgt or hybrid.
- When updating wgt/hybrid pkg, previous symlink will be removed.
- Register and update trust anchor have integrated.
Related changes:
[pkgmgr-info] : https://review.tizen.org/gerrit/149784
[wgt-backend] : https://review.tizen.org/gerrit/149978
[tpk-manifest-handlers] : https://review.tizen.org/gerrit/150060
[wgt-manifest-handlers] : https://review.tizen.org/gerrit/150136
Change-Id: Ibdfc760bcb15da324e7237b8b0a5a9103effc129
Signed-off-by: Junghyun Yeon <jungh.yeon@samsung.com>
if (!trust_anchor_info)
return true;
- if (trust_anchor_info->get_certs_dir().empty() ||
- trust_anchor_info->get_use_system_certs().empty()) {
+ if (trust_anchor_info->get_use_system_certs().empty()) {
LOG(ERROR) << "Invalid trust anchor data";
return false;
}
- manifest->pkg_certs_dir =
- strdup((context_->pkg_path.get() /
- trust_anchor_info->get_certs_dir()).c_str());
manifest->use_system_certs =
strdup(trust_anchor_info->get_use_system_certs().c_str());
#include <trust-anchor.h>
#include <boost/filesystem.hpp>
+
#include <string>
+#include "common/utils/file_util.h"
+
namespace common_installer {
namespace security {
namespace bf = boost::filesystem;
+namespace {
+
+const char kTpkTrustAnchorPath[] = "res/.trust-anchor";
+const char kWgtTrustAnchorPath[] = ".trust-anchor";
+const char kWgt[] = "wgt";
+
+bool RemoveWgtTrustAnchorSymLinks(const bf::path& path) {
+ for (bf::directory_iterator file(path);
+ file != bf::directory_iterator(); ++file) {
+ bf::path current(file->path());
+ if (bf::is_symlink(symlink_status(current)))
+ if (!Remove(current))
+ return false;
+ }
+ return true;
+}
+
+} // namespace
+
+StepRegisterTrustAnchor::StepRegisterTrustAnchor(
+ InstallerContext* context, RegisterType register_type)
+ : Step(context),
+ register_type_(register_type) {
+}
+
Step::Status StepRegisterTrustAnchor::precheck() {
if (!context_->manifest_data.get()) {
LOG(ERROR) << "manifest_data attribute is empty";
}
Step::Status StepRegisterTrustAnchor::process() {
+ int ret;
+ bf::path pkg_certs_path = context_->pkg_path.get() / kTpkTrustAnchorPath;
+ if (register_type_ == RegisterType::UPDATE) {
+ ret = trust_anchor_uninstall(context_->pkgid.get().c_str(),
+ context_->uid.get());
+ if (ret != TRUST_ANCHOR_ERROR_NONE) {
+ LOG(ERROR) << "Failed to unregister trust anchor. error : " << ret;
+ return Step::Status::SECURITY_ERROR;
+ }
+
+ if (!context_->pkg_type.get().compare(kWgt)) {
+ if (!common_installer::CreateDir(pkg_certs_path))
+ return Step::Status::APP_DIR_ERROR;
+ if (!RemoveWgtTrustAnchorSymLinks(pkg_certs_path))
+ return Step::Status::APP_DIR_ERROR;
+ }
+ }
+
manifest_x* manifest = context_->manifest_data.get();
- if (!manifest->pkg_certs_dir && !manifest->use_system_certs)
+ if (!manifest->use_system_certs)
return Step::Status::OK;
- if (!manifest->pkg_certs_dir || !manifest->use_system_certs)
- return Step::Status::INVALID_VALUE;
+ if (!context_->pkg_type.get().compare(kWgt)) {
+ // For wgt package, create
+ // [pkg_root]/res/.trust-anchor directory and create symbolic link
+ if (!common_installer::CreateDir(pkg_certs_path))
+ return Step::Status::APP_DIR_ERROR;
+ bf::path pkg_certs_src_path =
+ context_->pkg_path.get() / "res/wgt" / kWgtTrustAnchorPath;
+ for (bf::directory_iterator file(pkg_certs_src_path);
+ file != bf::directory_iterator(); ++file) {
+ bf::path current(file->path());
+ try {
+ bf::create_symlink(current, pkg_certs_path / current.filename());
+ } catch (const bf::filesystem_error& error) {
+ LOG(ERROR) << "Failed to make trust anchor symlink : " << error.what();
+ return Step::Status::APP_DIR_ERROR;
+ }
+ }
+ }
- int ret;
- bool use_system_certs =
- (strcasecmp(manifest->use_system_certs, "true") == 0) ? true : false;
ret = trust_anchor_install(context_->pkgid.get().c_str(),
- context_->uid.get(), manifest->pkg_certs_dir, use_system_certs);
+ context_->uid.get(), pkg_certs_path.string().c_str(),
+ (strcasecmp(manifest->use_system_certs, "true") == 0) ? true : false);
if (ret != TRUST_ANCHOR_ERROR_NONE) {
LOG(ERROR) << "Failed to register trust anchor. error : " << ret;
class StepRegisterTrustAnchor : public Step {
public:
+ enum class RegisterType {
+ INSTALL, // Register trust anchor with new package
+ UPDATE // Update trust anchor with existing package
+ };
+
+ explicit StepRegisterTrustAnchor(common_installer::InstallerContext* context,
+ RegisterType register_type);
+
using Step::Step;
Status process() override;
Status clean() override { return Status::OK; }
Status precheck() override;
+ private:
+ RegisterType register_type_;
+
STEP_NAME(StepRegisterTrustAnchor)
};
Step::Status StepUnregisterTrustAnchor::process() {
manifest_x* manifest = context_->manifest_data.get();
- if (!manifest->pkg_certs_dir && !manifest->use_system_certs)
+ if (!manifest->use_system_certs)
return Step::Status::OK;
- if (!manifest->pkg_certs_dir || !manifest->use_system_certs)
- return Step::Status::INVALID_VALUE;
-
int ret = trust_anchor_uninstall(context_->pkgid.get().c_str(),
context_->uid.get());
if (ret != TRUST_ANCHOR_ERROR_NONE) {
+++ /dev/null
-// Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
-// Use of this source code is governed by a apache 2.0 license that can be
-// found in the LICENSE file.
-
-#include "common/step/security/step_update_trust_anchor.h"
-
-#include <trust-anchor.h>
-#include <boost/filesystem.hpp>
-#include <string>
-
-namespace common_installer {
-namespace security {
-
-namespace bf = boost::filesystem;
-
-Step::Status StepUpdateTrustAnchor::precheck() {
- if (!context_->manifest_data.get()) {
- LOG(ERROR) << "manifest_data attribute is empty";
- return Step::Status::INVALID_VALUE;
- }
-
- return Step::Status::OK;
-}
-
-Step::Status StepUpdateTrustAnchor::process() {
- int ret;
- manifest_x* manifest = context_->manifest_data.get();
- if (manifest->pkg_certs_dir && manifest->use_system_certs) {
- bool use_system_certs =
- (strcasecmp(manifest->use_system_certs, "true") == 0) ? true : false;
- ret = trust_anchor_install(context_->pkgid.get().c_str(),
- context_->uid.get(), manifest->pkg_certs_dir, use_system_certs);
- if (ret != TRUST_ANCHOR_ERROR_NONE) {
- LOG(ERROR) << "Failed to register trust anchor. error : " << ret;
- return Step::Status::SECURITY_ERROR;
- }
- } else if (!manifest->pkg_certs_dir && !manifest->use_system_certs) {
- ret = trust_anchor_uninstall(context_->pkgid.get().c_str(),
- context_->uid.get());
- if (ret != TRUST_ANCHOR_ERROR_NONE) {
- LOG(ERROR) << "Failed to unregister trust anchor. error : " << ret;
- return Step::Status::SECURITY_ERROR;
- }
- } else {
- return Step::Status::INVALID_VALUE;
- }
-
- return Step::Status::OK;
-}
-
-} // namespace security
-} // namespace common_installer
+++ /dev/null
-// Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
-// Use of this source code is governed by a apache 2.0 license that can be
-// found in the LICENSE file.
-
-#ifndef COMMON_STEP_SECURITY_STEP_UPDATE_TRUST_ANCHOR_H_
-#define COMMON_STEP_SECURITY_STEP_UPDATE_TRUST_ANCHOR_H_
-
-#include <manifest_parser/utils/logging.h>
-
-#include "common/step/step.h"
-
-namespace common_installer {
-namespace security {
-
-class StepUpdateTrustAnchor : public Step {
- public:
- using Step::Step;
-
- Status process() override;
- Status undo() override { return Status::OK; }
- Status clean() override { return Status::OK; }
- Status precheck() override;
-
- STEP_NAME(StepUpdateTrustAnchor)
-};
-
-} // namespace security
-} // namespace common_installer
-
-#endif // COMMON_STEP_SECURITY_STEP_UPDATE_TRUST_ANCHOR_H_
projects / platform / core / appfw / app-installers.git / commitdiff