ADD_DEFINITIONS("-DUSER_NAME=\"${USER_NAME}\"")
ADD_DEFINITIONS("-DGROUP_NAME=\"${GROUP_NAME}\"")
ADD_DEFINITIONS("-DSMACK_DOMAIN_NAME=\"${SMACK_DOMAIN_NAME}\"")
+ADD_DEFINITIONS("-DRW_DATA_DIR=\"${RW_DATA_DIR}\"")
+ADD_DEFINITIONS("-DRO_DATA_DIR=\"${RO_DATA_DIR}\"")
+ADD_DEFINITIONS("-DINITIAL_VALUES_DIR=\"${INITIAL_VALUES_DIR}\"")
IF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
ADD_DEFINITIONS("-DTIZEN_DEBUG_ENABLE")
SET(TARGET_TEST_MERGED "ckm-tests-internal")
-INSTALL(FILES
- ${CMAKE_CURRENT_BINARY_DIR}/data/scripts/230.key-manager-migrate-dkek.patch.sh
- ${CMAKE_CURRENT_BINARY_DIR}/data/scripts/231.key-manager-change-user.patch.sh
- DESTINATION /etc/opt/upgrade
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE)
+CONFIGURE_FILE(packaging/key-manager.manifest.in key-manager.manifest @ONLY)
+ADD_SUBDIRECTORY(data/scripts)
ADD_SUBDIRECTORY(src)
ADD_SUBDIRECTORY(build)
ADD_SUBDIRECTORY(systemd)
--- /dev/null
+#!/bin/bash
+
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file 230.key-manager-change-data-dir.patch.sh.in
+# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+# @brief Moves key-manager data to a location specified at compilation time
+#
+
+CKM_DATA_PATH_OLD=/opt/data/ckm
+
+# move data from old path to new one
+if [ -d "$CKM_DATA_PATH_OLD" ] && [ "@RW_DATA_DIR@" != "$CKM_DATA_PATH_OLD" ]
+then
+ cp -a $CKM_DATA_PATH_OLD/. @RW_DATA_DIR@ && rm -rf $CKM_DATA_PATH_OLD
+fi
\ No newline at end of file
+++ /dev/null
-#!/bin/bash
-
-CKM_DATA_PATH=/opt/data/ckm
-VERSION_INFO_PATH=${CKM_DATA_PATH}/version-info
-CURRENT_VERSION=1
-
-migrate_from_0_to_1()
-{
- ARR_UID=()
- ARR_IDX=()
-
- # Extract uids from DKEK files
- for uid in `ls ${CKM_DATA_PATH} | grep "^key-[0-9]*-[0-9]*$" | awk 'BEGIN { FS = "-" }; { print $2 }' | awk '!x[$0]++'`
- do
- ARR_UID+=($uid)
- done
-
- for (( i = 0; i < ${#ARR_UID[@]}; i++ ))
- do
- idx_max=0
- idx_submax=0
-
- uid=${ARR_UID[$i]}
- ARR_IDX=()
- # Extract autoincremented index per uids
- for file in `ls ${CKM_DATA_PATH} | grep "^key-${uid}-[0-9]*$"`
- do
- idx=`echo $file | awk 'BEGIN { FS = "-" }; { print $3 }'`
- ARR_IDX+=($idx)
- done
-
- # Find max index(for key-<uid>) and submax index(for key-backup-<uid>)
- for idx in ${ARR_IDX[@]}
- do
- if [ $idx -gt $idx_max ]
- then
- idx_submax=$idx_max
- idx_max=$idx
- fi
- done
-
- # Rename file
- # smack label setting isn't needed.
- # (Because not remove/add new file, but just rename file)
- mv "${CKM_DATA_PATH}/key-${uid}-${idx_max}" "${CKM_DATA_PATH}/key-${uid}"
- if [ -f "${CKM_DATA_PATH}/key-${uid}-${idx_submax}" ]
- then
- mv "${CKM_DATA_PATH}/key-${uid}-${idx_submax}" "${CKM_DATA_PATH}/key-backup-${uid}"
- fi
-
- # [Optional] Remove other key-<uid>-<numeric> files.
- for file in `ls ${CKM_DATA_PATH} | grep "^key-${uid}-[0-9]*$"`
- do
- rm ${CKM_DATA_PATH}/${file}
- done
- done
-}
-
-if [ ! -f ${VERSION_INFO_PATH} ]
-then
- echo "CKM VERSION_INFO NOT EXIST."
- echo "$CURRENT_VERSION" > $VERSION_INFO_PATH
- migrate_from_0_to_1
-fi
+++ /dev/null
-#!/bin/bash
-
-USER_NAME=key-manager
-GROUP_NAME=key-manager
-CKM_DATA_PATH=/opt/data/ckm
-SMACK_LABEL=System
-
-id -g $GROUP_NAME > /dev/null 2>&1
-if [ $? -eq 1 ]; then
- groupadd $GROUP_NAME -r > /dev/null 2>&1
-fi
-
-id -u $USER_NAME > /dev/null 2>&1
-if [ $? -eq 1 ]; then
- useradd -d /var/lib/empty -s /sbin/nologin -r -g $GROUP_NAME $USER_NAME > /dev/null 2>&1
-fi
-
-# In ckm version <= 0.1.18 all files were owned by root.
-find /opt/data/ckm -exec chsmack -a $SMACK_LABEL {} \;
-chown ${USER_NAME}:${GROUP_NAME} -R ${CKM_DATA_PATH}
-
--- /dev/null
+#!/bin/bash
+
+# Copyright (c) 2015-2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file 231.key-manager-migrate-dkek.patch.sh.in
+# @author Kyungwook Tak (k.tak@samsung.com)
+# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+# @brief Changes ckm key files naming convention
+#
+
+VERSION_INFO_PATH=@RW_DATA_DIR@/version-info
+CURRENT_VERSION=1
+
+migrate_from_0_to_1()
+{
+ ARR_UID=()
+ ARR_IDX=()
+
+ # Extract uids from DKEK files
+ for uid in `ls @RW_DATA_DIR@ | grep "^key-[0-9]*-[0-9]*$" | awk 'BEGIN { FS = "-" }; { print $2 }' | awk '!x[$0]++'`
+ do
+ ARR_UID+=($uid)
+ done
+
+ for (( i = 0; i < ${#ARR_UID[@]}; i++ ))
+ do
+ idx_max=0
+ idx_submax=0
+
+ uid=${ARR_UID[$i]}
+ ARR_IDX=()
+ # Extract autoincremented index per uids
+ for file in `ls @RW_DATA_DIR@ | grep "^key-${uid}-[0-9]*$"`
+ do
+ idx=`echo $file | awk 'BEGIN { FS = "-" }; { print $3 }'`
+ ARR_IDX+=($idx)
+ done
+
+ # Find max index(for key-<uid>) and submax index(for key-backup-<uid>)
+ for idx in ${ARR_IDX[@]}
+ do
+ if [ $idx -gt $idx_max ]
+ then
+ idx_submax=$idx_max
+ idx_max=$idx
+ fi
+ done
+
+ # Rename file
+ # smack label setting isn't needed.
+ # (Because not remove/add new file, but just rename file)
+ mv "@RW_DATA_DIR@/key-${uid}-${idx_max}" "@RW_DATA_DIR@/key-${uid}"
+ if [ -f "@RW_DATA_DIR@/key-${uid}-${idx_submax}" ]
+ then
+ mv "@RW_DATA_DIR@/key-${uid}-${idx_submax}" "@RW_DATA_DIR@/key-backup-${uid}"
+ fi
+
+ # [Optional] Remove other key-<uid>-<numeric> files.
+ for file in `ls @RW_DATA_DIR@ | grep "^key-${uid}-[0-9]*$"`
+ do
+ rm @RW_DATA_DIR@/${file}
+ done
+ done
+}
+
+if [ ! -f ${VERSION_INFO_PATH} ]
+then
+ echo "CKM VERSION_INFO NOT EXIST."
+ echo "$CURRENT_VERSION" > $VERSION_INFO_PATH
+ migrate_from_0_to_1
+fi
--- /dev/null
+#!/bin/bash
+
+# Copyright (c) 2015-2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file 232.key-manager-change-user.patch.sh.in
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+# @brief Changes ckm data owner to key-manager:key-manager and smack label to "System"
+#
+
+USER_NAME=key-manager
+GROUP_NAME=key-manager
+SMACK_LABEL=System
+
+id -g $GROUP_NAME > /dev/null 2>&1
+if [ $? -eq 1 ]; then
+ groupadd $GROUP_NAME -r > /dev/null 2>&1
+fi
+
+id -u $USER_NAME > /dev/null 2>&1
+if [ $? -eq 1 ]; then
+ useradd -d /var/lib/empty -s /sbin/nologin -r -g $GROUP_NAME $USER_NAME > /dev/null 2>&1
+fi
+
+# In ckm version <= 0.1.18 all files were owned by root.
+find @RW_DATA_DIR@ -exec chsmack -a $SMACK_LABEL {} \;
+chown ${USER_NAME}:${GROUP_NAME} -R @RW_DATA_DIR@
+
--- /dev/null
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+# @brief
+#
+
+CONFIGURE_FILE(230.key-manager-change-data-dir.patch.sh.in
+ 230.key-manager-change-data-dir.patch.sh
+ @ONLY)
+
+CONFIGURE_FILE(231.key-manager-migrate-dkek.patch.sh.in
+ 231.key-manager-migrate-dkek.patch.sh
+ @ONLY)
+
+CONFIGURE_FILE(232.key-manager-change-user.patch.sh.in
+ 232.key-manager-change-user.patch.sh
+ @ONLY)
+
+INSTALL(FILES
+ ${CMAKE_CURRENT_BINARY_DIR}/230.key-manager-change-data-dir.patch.sh
+ ${CMAKE_CURRENT_BINARY_DIR}/231.key-manager-migrate-dkek.patch.sh
+ ${CMAKE_CURRENT_BINARY_DIR}/232.key-manager-change-user.patch.sh
+ DESTINATION /etc/opt/upgrade
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE)
\ No newline at end of file
<domain name="_" />
</request>
<assign>
- <filesystem path="/opt/data/ckm" label="System" type="transmutable" />
+ <filesystem path="@RW_DATA_DIR@" label="System" type="transmutable" />
</assign>
</manifest>
Group: System/Security
License: Apache-2.0 and BSL-1.0
Source0: %{name}-%{version}.tar.gz
-Source1001: key-manager.manifest
Source1002: key-manager-pam-plugin.manifest
Source1003: key-manager-listener.manifest
Source1004: libkey-manager-client.manifest
BuildRequires: pkgconfig(security-manager)
BuildRequires: pkgconfig(cynara-client-async)
BuildRequires: pkgconfig(cynara-creds-socket)
+BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: boost-devel
Requires(pre): pwdutils
+Requires(pre): tizen-platform-config-tools
Requires(postun): pwdutils
Requires: libkey-manager-common = %{version}-%{release}
%{?systemd_requires}
%global service_name key-manager
%global _rundir /run
%global smack_domain_name System
+%global rw_data_dir %{?TZ_SYS_DATA:%TZ_SYS_DATA/ckm/}%{!?TZ_SYS_DATA:/opt/data/ckm/}
+%global ro_data_dir %{?TZ_SYS_SHARE:%TZ_SYS_SHARE/ckm/}%{!?TZ_SYS_SHARE:/usr/share/ckm/}
+%global db_test_dir %{?TZ_SYS_SHARE:%TZ_SYS_SHARE/ckm-db-test/}%{!?TZ_SYS_SHARE:/usr/share/ckm-db-test/}
+%global initial_values_dir %{rw_data_dir}initial_values/
%description
Central Key Manager daemon could be used as secure storage
%prep
%setup -q
-cp -a %{SOURCE1001} .
cp -a %{SOURCE1002} .
cp -a %{SOURCE1003} .
cp -a %{SOURCE1004} .
-DUSER_NAME=%{user_name} \
-DGROUP_NAME=%{group_name} \
-DSMACK_DOMAIN_NAME=%{smack_domain_name} \
- -DMOCKUP_SM=%{?mockup_sm:%mockup_sm}%{!?mockup_sm:OFF}
+ -DMOCKUP_SM=%{?mockup_sm:%mockup_sm}%{!?mockup_sm:OFF} \
+ -DRW_DATA_DIR=%{rw_data_dir} \
+ -DRO_DATA_DIR=%{ro_data_dir} \
+ -DINITIAL_VALUES_DIR=%{initial_values_dir} \
+ -DDB_TEST_DIR=%{db_test_dir}
make %{?jobs:-j%jobs}
%install
rm -rf %{buildroot}
-mkdir -p %{buildroot}/opt/data/ckm/initial_values
+mkdir -p %{buildroot}%{initial_values_dir}
mkdir -p %{buildroot}/etc/security/
-mkdir -p %{buildroot}/usr/share/ckm/scripts
+mkdir -p %{buildroot}%{ro_data_dir}/scripts
mkdir -p %{buildroot}/etc/gumd/userdel.d/
-cp data/scripts/*.sql %{buildroot}/usr/share/ckm/scripts
-cp doc/initial_values.xsd %{buildroot}/usr/share/ckm
-cp doc/sw_key.xsd %{buildroot}/usr/share/ckm
+cp data/scripts/*.sql %{buildroot}%{ro_data_dir}/scripts
+cp doc/initial_values.xsd %{buildroot}%{ro_data_dir}
+cp doc/sw_key.xsd %{buildroot}%{ro_data_dir}
cp data/gumd/10_key-manager.post %{buildroot}/etc/gumd/userdel.d/
-mkdir -p %{buildroot}/usr/share/ckm-db-test
-cp tests/testme_ver1.db %{buildroot}/usr/share/ckm-db-test/
-cp tests/testme_ver2.db %{buildroot}/usr/share/ckm-db-test/
-cp tests/testme_ver3.db %{buildroot}/usr/share/ckm-db-test/
-cp tests/XML_1_okay.xml %{buildroot}/usr/share/ckm-db-test/
-cp tests/XML_1_okay.xsd %{buildroot}/usr/share/ckm-db-test/
-cp tests/XML_1_wrong.xml %{buildroot}/usr/share/ckm-db-test/
-cp tests/XML_1_wrong.xsd %{buildroot}/usr/share/ckm-db-test/
-cp tests/XML_2_structure.xml %{buildroot}/usr/share/ckm-db-test/
-cp tests/XML_3_encrypted.xml %{buildroot}/usr/share/ckm-db-test/
-cp tests/XML_3_encrypted.xsd %{buildroot}/usr/share/ckm-db-test/
-cp tests/XML_4_device_key.xml %{buildroot}/usr/share/ckm-db-test/
-cp tests/XML_4_device_key.xsd %{buildroot}/usr/share/ckm-db-test/
-cp tests/encryption-scheme/db/db-7654 %{buildroot}/usr/share/ckm-db-test/db-7654
-cp tests/encryption-scheme/db/db-key-7654 %{buildroot}/usr/share/ckm-db-test/db-key-7654
-cp tests/encryption-scheme/db/key-7654 %{buildroot}/usr/share/ckm-db-test/key-7654
+mkdir -p %{buildroot}%{db_test_dir}
+cp tests/testme_ver1.db %{buildroot}%{db_test_dir}
+cp tests/testme_ver2.db %{buildroot}%{db_test_dir}
+cp tests/testme_ver3.db %{buildroot}%{db_test_dir}
+cp tests/XML_1_okay.xml %{buildroot}%{db_test_dir}
+cp tests/XML_1_okay.xsd %{buildroot}%{db_test_dir}
+cp tests/XML_1_wrong.xml %{buildroot}%{db_test_dir}
+cp tests/XML_1_wrong.xsd %{buildroot}%{db_test_dir}
+cp tests/XML_2_structure.xml %{buildroot}%{db_test_dir}
+cp tests/XML_3_encrypted.xml %{buildroot}%{db_test_dir}
+cp tests/XML_3_encrypted.xsd %{buildroot}%{db_test_dir}
+cp tests/XML_4_device_key.xml %{buildroot}%{db_test_dir}
+cp tests/XML_4_device_key.xsd %{buildroot}%{db_test_dir}
+cp tests/encryption-scheme/db/db-7654 %{buildroot}%{db_test_dir}/db-7654
+cp tests/encryption-scheme/db/db-key-7654 %{buildroot}%{db_test_dir}/db-key-7654
+cp tests/encryption-scheme/db/key-7654 %{buildroot}%{db_test_dir}/key-7654
%make_install
%install_service multi-user.target.wants central-key-manager.service
%install_service sockets.target.wants central-key-manager-api-encryption.socket
%pre
+# fail if runtime dir variable is different than compilation time variable
+if [ `tzplatform-get TZ_SYS_DATA | cut -d'=' -f2` != %{TZ_SYS_DATA} ]
+then
+ echo "Runtime value of TZ_SYS_DATA is different than the compilation time value. Aborting"
+ exit 1
+fi
+if [ `tzplatform-get TZ_SYS_SHARE | cut -d'=' -f2` != %{TZ_SYS_SHARE} ]
+then
+ echo "Runtime value of TZ_SYS_SHARE is different than the compilation time value. Aborting"
+ exit 1
+fi
+
# User/group (key-manager/key-manager) should be already added in passwd package.
# This is our backup plan if passwd package will not be configured correctly.
id -g %{group_name} > /dev/null 2>&1
rm -rf %{buildroot}
%post
+# move data from old path to new one
+# we have to assume that in case of TZ_SYS_DATA change some upgrade script will move all the data
+if [ -d "/opt/data/ckm" ]
+then
+ cp -a /opt/data/ckm/. %{rw_data_dir} && rm -rf /opt/data/ckm
+fi
+
systemctl daemon-reload
if [ $1 = 1 ]; then
# installation
# update
# In ckm version <= 0.1.18 all files were owned by root.
- find /opt/data/ckm -exec chsmack -a %{smack_domain_name} {} \;
- chown %{user_name}:%{group_name} -R /opt/data/ckm
+ find %{rw_data_dir} -exec chsmack -a %{smack_domain_name} {} \;
+ chown %{user_name}:%{group_name} -R %{rw_data_dir}
systemctl restart central-key-manager.service
fi
%dir %{_datadir}/ckm
%{_datadir}/ckm/initial_values.xsd
%{_datadir}/ckm/sw_key.xsd
-%attr(770, %{user_name}, %{group_name}) /opt/data/ckm/
-%attr(770, %{user_name}, %{group_name}) /opt/data/ckm/initial_values/
+%attr(770, %{user_name}, %{group_name}) %{rw_data_dir}
+%attr(770, %{user_name}, %{group_name}) %{initial_values_dir}
%{_datadir}/ckm/scripts/*.sql
-/etc/opt/upgrade/230.key-manager-migrate-dkek.patch.sh
-/etc/opt/upgrade/231.key-manager-change-user.patch.sh
+/etc/opt/upgrade/230.key-manager-change-data-dir.patch.sh
+/etc/opt/upgrade/231.key-manager-migrate-dkek.patch.sh
+/etc/opt/upgrade/232.key-manager-change-user.patch.sh
/etc/gumd/userdel.d/10_key-manager.post
%{_bindir}/ckm_tool
namespace
{
-const char * const DEVICE_KEY_XSD = "/usr/share/ckm/sw_key.xsd";
-const char * const DEVICE_KEY_SW_FILE = "/opt/data/ckm/device_key.xml";
+const char * const DEVICE_KEY_XSD = RO_DATA_DIR "sw_key.xsd";
+const char * const DEVICE_KEY_SW_FILE = RW_DATA_DIR "device_key.xml";
}
Store::Store(CryptoBackend backendId)
#include <InitialValuesFile.h>
namespace {
-const char * const INIT_VALUES_DIR = "/opt/data/ckm/initial_values/";
-const char * const INIT_VALUES_XSD = "/usr/share/ckm/initial_values.xsd";
+const char * const INIT_VALUES_XSD = RO_DATA_DIR "initial_values.xsd";
const char * const INIT_VALUES_FILE_SUFFIX = ".xml";
} // namespace anonymous
{
try {
std::vector<std::string> filesToParse;
- DIR *dp = opendir(INIT_VALUES_DIR);
+ DIR *dp = opendir(INITIAL_VALUES_DIR);
if (dp) {
struct dirent *entry;
while ((entry = readdir(dp))) {
if (lowercaseFilename.find(INIT_VALUES_FILE_SUFFIX) == std::string::npos)
continue;
- filesToParse.push_back(std::string(INIT_VALUES_DIR) + filename);
+ filesToParse.push_back(std::string(INITIAL_VALUES_DIR) + filename);
}
closedir(dp);
}
const CKM::PermissionMask DEFAULT_PERMISSIONS =
static_cast<CKM::PermissionMask>(CKM::Permission::READ | CKM::Permission::REMOVE);
- const char *SCRIPTS_PATH = "/usr/share/ckm/scripts/";
+ const char *SCRIPTS_PATH = RO_DATA_DIR "/scripts/";
enum DBVersion : int {
DB_VERSION_1 = 1,
namespace {
-const std::string CKM_DATA_PATH = "/opt/data/ckm/";
const std::string CKM_KEY_PREFIX = "key-";
const std::string CKM_DB_KEY_PREFIX = "db-key-";
const std::string CKM_DB_PREFIX = "db-";
std::string FileSystem::getDBPath() const
{
std::stringstream ss;
- ss << CKM_DATA_PATH << CKM_DB_PREFIX << m_uid;
+ ss << RW_DATA_DIR << CKM_DB_PREFIX << m_uid;
return ss.str();
}
std::string FileSystem::getDKEKPath() const
{
std::stringstream ss;
- ss << CKM_DATA_PATH << CKM_KEY_PREFIX << m_uid;
+ ss << RW_DATA_DIR << CKM_KEY_PREFIX << m_uid;
return ss.str();
}
std::string FileSystem::getDBDEKPath() const
{
std::stringstream ss;
- ss << CKM_DATA_PATH << CKM_DB_KEY_PREFIX << m_uid;
+ ss << RW_DATA_DIR << CKM_DB_KEY_PREFIX << m_uid;
return ss.str();
}
std::string FileSystem::getRemovedAppsPath() const
{
std::stringstream ss;
- ss << CKM_DATA_PATH << CKM_REMOVED_APP_PREFIX << m_uid;
+ ss << RW_DATA_DIR << CKM_REMOVED_APP_PREFIX << m_uid;
return ss.str();
}
int FileSystem::init()
{
errno = 0;
- if ((mkdir(CKM_DATA_PATH.c_str(), 0700)) && (errno != EEXIST)) {
+ if ((mkdir(RW_DATA_DIR, 0700)) && (errno != EEXIST)) {
int err = errno;
- LogError("Error in mkdir " << CKM_DATA_PATH << ". Reason: " << GetErrnoString(err));
+ LogError("Error in mkdir " << RW_DATA_DIR << ". Reason: " << GetErrnoString(err));
return -1; // TODO set up some error code
}
return 0;
{
UidVector uids;
std::unique_ptr<DIR, std::function<int(DIR*)>>
- dirp(::opendir(CKM_DATA_PATH.c_str()), ::closedir);
+ dirp(::opendir(RW_DATA_DIR), ::closedir);
if (!dirp.get()) {
int err = errno;
return UidVector();
}
- size_t len = offsetof(struct dirent, d_name) + pathconf(CKM_DATA_PATH.c_str(), _PC_NAME_MAX) + 1;
+ size_t len = offsetof(struct dirent, d_name) + pathconf(RW_DATA_DIR, _PC_NAME_MAX) + 1;
std::unique_ptr<struct dirent, std::function<void(void*)>>
pEntry(static_cast<struct dirent*>(::malloc(len)), ::free);
FIND_PACKAGE(Threads REQUIRED)
ADD_DEFINITIONS( "-DBOOST_TEST_DYN_LINK" )
+ADD_DEFINITIONS("-DDB_TEST_DIR=\"${DB_TEST_DIR}\"")
SET(KEY_MANAGER_SRC_PATH ${PROJECT_SOURCE_DIR}/src)
SET(KEY_MANAGER_PATH ${PROJECT_SOURCE_DIR}/src/manager)
INSTALL(TARGETS ${TARGET_CKM_GENERATOR} DESTINATION bin)
-
-INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/encryption-scheme.p12 DESTINATION /usr/share/ckm-db-test)
\ No newline at end of file
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/encryption-scheme.p12 DESTINATION ${DB_TEST_DIR})
\ No newline at end of file
void restoreFile(const string& filename) {
static uid_t CKM_UID = getUid(USER_NAME);
static gid_t CKM_GID = getGid(GROUP_NAME);
- string sourcePath = "/usr/share/ckm-db-test/" + filename;
- string targetPath = "/opt/data/ckm/" + filename;
+ string sourcePath = string(DB_TEST_DIR) + filename;
+ string targetPath = string(RW_DATA_DIR) + filename;
int err, ret;
void SchemeTest::FillDb() {
// pkcs
- ifstream is("/usr/share/ckm-db-test/encryption-scheme.p12");
+ ifstream is(DB_TEST_DIR "/encryption-scheme.p12");
if(!is)
throw runtime_error("Failed to read pkcs");
istreambuf_iterator<char> begin(is), end;
struct DBVer1Migration : public DBFixture
{
- DBVer1Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver1.db")
+ DBVer1Migration() : DBFixture(DB_TEST_DIR "/testme_ver1.db")
{}
};
struct DBVer2Migration : public DBFixture
{
- DBVer2Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver2.db")
+ DBVer2Migration() : DBFixture(DB_TEST_DIR "/testme_ver2.db")
{}
};
struct DBVer3Migration : public DBFixture
{
- DBVer3Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver3.db")
+ DBVer3Migration() : DBFixture(DB_TEST_DIR "/testme_ver3.db")
{}
};
}
std::string format_test_path(const char *file)
{
- return std::string("/usr/share/ckm-db-test/") + std::string(file);
+ return std::string(DB_TEST_DIR) + std::string(file);
}
bool startCallbackFlag = false;
cout << endl;
cout << "Usage: ckm_db_tool uid [password] [sql_command]" << endl;
cout << endl;
- cout << "uid (mandatory) User id as in /opt/data/ckm/db-<uid>" << endl;
+ cout << "uid (mandatory) User id as in <TZ_SYS_DATA>/ckm/db-<uid>" << endl;
cout << "password (optional) Password used for database encryption. For system database (uid < 5000) no password should be used." << endl;
cout << "sql_command (optional) Sqlite3 command to execute on database. If empty the tool will enter interactive mode." << endl;
cout << endl;