RW update script for Tizen 2.4 (to 3.0) is not necessary in Tizen 4.0.
Remove this file to avoid being executed during Tizen 4.0 update.
Change-Id: I3eef635dec6a8712d74d83fb6dce96e604dd1bb4
ADD_DEFINITIONS("-DINITIAL_VALUES_DIR=\"${INITIAL_VALUES_DIR}\"")
ADD_DEFINITIONS("-DCA_CERTS_DIR=\"${CA_CERTS_DIR}\"")
ADD_DEFINITIONS("-DSYSTEMD_ENV_FILE=\"${SYSTEMD_ENV_FILE}\"")
-ADD_DEFINITIONS("-DUPGRADE_DATA_DIR=\"${UPGRADE_DATA_DIR}\"")
IF (DEFINED WATCHDOG_ENABLED)
MESSAGE("WATCHDOG ENABELD!")
ADD_SUBDIRECTORY(scripts)
INSTALL(DIRECTORY DESTINATION ${INITIAL_VALUES_DIR})
-INSTALL(DIRECTORY DESTINATION ${UPGRADE_DATA_DIR}/key-manager/initial_values)
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file 230.key-manager-change-data-dir.patch.sh.in
-# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
-# @brief Moves key-manager data to a location specified at compilation time
-#
-
-# move data from old path to new one
-if [ -d "@OLD_RW_DATA_DIR@" ] && [ "@RW_DATA_DIR@" != "@OLD_RW_DATA_DIR@" ]
-then
- mkdir -p @RW_DATA_DIR@
- chmod 770 @RW_DATA_DIR@
-
- cp -a @OLD_RW_DATA_DIR@/. @RW_DATA_DIR@ && rm -rf @OLD_RW_DATA_DIR@
-fi
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2015-2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file 231.key-manager-migrate-dkek.patch.sh.in
-# @author Kyungwook Tak (k.tak@samsung.com)
-# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
-# @brief Changes ckm key files naming convention
-#
-
-VERSION_INFO_PATH=@RW_DATA_DIR@/version-info
-CURRENT_VERSION=1
-
-migrate_from_0_to_1()
-{
- ARR_UID=()
- ARR_IDX=()
-
- # Extract uids from DKEK files
- for uid in `ls @RW_DATA_DIR@ | grep "^key-[0-9]*-[0-9]*$" | awk 'BEGIN { FS = "-" }; { print $2 }' | awk '!x[$0]++'`
- do
- ARR_UID+=($uid)
- done
-
- for (( i = 0; i < ${#ARR_UID[@]}; i++ ))
- do
- idx_max=0
- idx_submax=0
-
- uid=${ARR_UID[$i]}
- ARR_IDX=()
- # Extract autoincremented index per uids
- for file in `ls @RW_DATA_DIR@ | grep "^key-${uid}-[0-9]*$"`
- do
- idx=`echo $file | awk 'BEGIN { FS = "-" }; { print $3 }'`
- ARR_IDX+=($idx)
- done
-
- # Find max index(for key-<uid>) and submax index(for key-backup-<uid>)
- for idx in ${ARR_IDX[@]}
- do
- if [ $idx -gt $idx_max ]
- then
- idx_submax=$idx_max
- idx_max=$idx
- fi
- done
-
- # Rename file
- # smack label setting isn't needed.
- # (Because not remove/add new file, but just rename file)
- mv "@RW_DATA_DIR@/key-${uid}-${idx_max}" "@RW_DATA_DIR@/key-${uid}"
- if [ -f "@RW_DATA_DIR@/key-${uid}-${idx_submax}" ]
- then
- mv "@RW_DATA_DIR@/key-${uid}-${idx_submax}" "@RW_DATA_DIR@/key-backup-${uid}"
- fi
-
- # [Optional] Remove other key-<uid>-<numeric> files.
- for file in `ls @RW_DATA_DIR@ | grep "^key-${uid}-[0-9]*$"`
- do
- rm @RW_DATA_DIR@/${file}
- done
- done
-}
-
-if [ ! -f ${VERSION_INFO_PATH} ]
-then
- echo "CKM VERSION_INFO NOT EXIST."
- echo "$CURRENT_VERSION" > $VERSION_INFO_PATH
- migrate_from_0_to_1
-fi
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2015-2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file 232.key-manager-change-user.patch.sh.in
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
-# @brief Changes ckm data owner to key-manager:key-manager and smack label to "System"
-#
-id -g @GROUP_NAME@ > /dev/null 2>&1
-if [ $? -eq 1 ]; then
- groupadd @GROUP_NAME@ -r > /dev/null 2>&1
-fi
-
-id -u @USER_NAME@ > /dev/null 2>&1
-if [ $? -eq 1 ]; then
- useradd -d /var/lib/empty -s @SBIN_DIR@/nologin -r -g @GROUP_NAME@ @USER_NAME@ > /dev/null 2>&1
-fi
-
-# In ckm version <= 0.1.18 all files were owned by root.
-find @RW_DATA_DIR@ -exec chsmack -a @SMACK_DOMAIN_NAME@ {} \;
-chown @USER_NAME@:@GROUP_NAME@ -R @RW_DATA_DIR@
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file 233.key-manager-move-ss-migratable-data.patch.sh.in
-# @author Kyungwook Tak (k.tak@samsung.com)
-# @brief Moves old secure-storage data to key-manager dir to be
-# readable/writable/removable
-
-OLD_SS_PATH="/opt/share/secure-storage"
-MIGRATED_SS_PATH="@RW_DATA_DIR@/secure-storage"
-
-mv ${OLD_SS_PATH} ${MIGRATED_SS_PATH}
-
-for d in `ls ${MIGRATED_SS_PATH}`
-do
- chsmack -a "@SMACK_DOMAIN_NAME@" "${MIGRATED_SS_PATH}/${d}"
- chmod 770 ${MIGRATED_SS_PATH}/${d}
-
- for f in `ls ${MIGRATED_SS_PATH}/${d}`
- do
- chsmack -a "@SMACK_DOMAIN_NAME@" "${MIGRATED_SS_PATH}/${d}/${f}"
- done
-done
-
-chown -R @USER_NAME@:@GROUP_NAME@ ${MIGRATED_SS_PATH}
-chmod 770 ${MIGRATED_SS_PATH}
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file 234.key-manager-move-certsvc-migratable-data.patch.sh.in
-# @author Kyungwook Tak (k.tak@samsung.com)
-# @brief Moves old cert-svc CAPI store to key-manager dir
-
-CERTSVC_STORE_PATH="/opt/share/cert-svc/certs"
-MIGRATED_CERTSVC_PATH="@RW_DATA_DIR@/certsvc"
-
-mv $CERTSVC_STORE_PATH $MIGRATED_CERTSVC_PATH
-
-if [[ -d ${MIGRATED_CERTSVC_PATH}/ssl ]] && [[ -h ${MIGRATED_CERTSVC_PATH}/ssl ]]; then
- rm ${MIGRATED_CERTSVC_PATH}/ssl
-fi
-
-chsmack -a "@SMACK_DOMAIN_NAME@" $MIGRATED_CERTSVC_PATH -r
-chown -R @USER_NAME@:@GROUP_NAME@ $MIGRATED_CERTSVC_PATH
-chmod 770 $MIGRATED_CERTSVC_PATH
-
-# TODO: read migrated certsvc certs and store in key-manager system db if needed
-rm -rf $MIGRATED_CERTSVC_PATH
+++ /dev/null
-#!/bin/bash
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file 235.key-manager-move-rw-from-upgrade-dir.patch.sh.in
-# @author Kyungwook Tak (k.tak@samsung.com)
-# @brief Moves newly added directory / file from upgrade dir
-#
-
-RW_DATA_DIR=@RW_DATA_DIR@
-UPGRADE_DATA_DIR=@UPGRADE_DATA_DIR@/key-manager
-
-if [ ! -d "${RW_DATA_DIR}/initial_values" ]; then
- cp -rf ${UPGRADE_DATA_DIR}/initial_values ${RW_DATA_DIR}/
- chmod -R 770 ${RW_DATA_DIR}/initial_values
- chown -R @USER_NAME@:@GROUP_NAME@ ${RW_DATA_DIR}/initial_values
- chsmack -r -a "@SMACK_DOMAIN_NAME@" ${RW_DATA_DIR}/initial_values
-fi
# @brief
#
-CONFIGURE_FILE(230.key-manager-change-data-dir.patch.sh.in
- 230.key-manager-change-data-dir.patch.sh
- @ONLY)
-
-CONFIGURE_FILE(231.key-manager-migrate-dkek.patch.sh.in
- 231.key-manager-migrate-dkek.patch.sh
- @ONLY)
-
-CONFIGURE_FILE(232.key-manager-change-user.patch.sh.in
- 232.key-manager-change-user.patch.sh
- @ONLY)
-
-CONFIGURE_FILE(233.key-manager-move-ss-migratable-data.patch.sh.in
- 233.key-manager-move-ss-migratable-data.patch.sh
- @ONLY)
-
-CONFIGURE_FILE(234.key-manager-move-certsvc-migratable-data.patch.sh.in
- 234.key-manager-move-certsvc-migratable-data.patch.sh
- @ONLY)
-
-CONFIGURE_FILE(235.key-manager-move-rw-from-upgrade-dir.patch.sh.in
- 235.key-manager-move-rw-from-upgrade-dir.patch.sh
- @ONLY)
-
-INSTALL(FILES
- 230.key-manager-change-data-dir.patch.sh
- 231.key-manager-migrate-dkek.patch.sh
- 232.key-manager-change-user.patch.sh
- 233.key-manager-move-ss-migratable-data.patch.sh
- 234.key-manager-move-certsvc-migratable-data.patch.sh
- 235.key-manager-move-rw-from-upgrade-dir.patch.sh
- DESTINATION ${UPGRADE_SCRIPT_DIR}
- PERMISSIONS
- OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE)
-
INSTALL(FILES
create_schema.sql
drop_all.sql
%global initial_values_dir %{rw_data_dir}/initial_values
%global ca_certs_dir %{?TZ_SYS_CA_CERTS:%TZ_SYS_CA_CERTS}%{!?TZ_SYS_CA_CERTS:%ro_etc_dir/ssl/certs}
-%global upgrade_dir %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir}/upgrade
-%global upgrade_script_dir %{upgrade_dir}/scripts
-%global upgrade_data_dir %{upgrade_dir}/data
-
%description
Central Key Manager daemon could be used as secure storage
for certificate and private/public keys. It gives API for
-DRO_ETC_DIR=%{ro_etc_dir} \
-DBIN_DIR=%{bin_dir} \
-DINITIAL_VALUES_DIR=%{initial_values_dir} \
- -DTEST_DIR=%{test_dir} \
-DCA_CERTS_DIR=%{ca_certs_dir} \
%if 0%{?watchdog_enabled}
-DWATCHDOG_ENABLED=%{watchdog_enabled} \
-DWATCHDOG_TIMEOUT_SEC=%{watchdog_timeout_sec} \
-DWATCHDOG_NOTIFY_SEC=%{watchdog_notify_sec} \
%endif
- -DUPGRADE_DATA_DIR=%{upgrade_data_dir} \
- -DUPGRADE_SCRIPT_DIR=%{upgrade_script_dir}
+ -DTEST_DIR=%{test_dir}
make %{?jobs:-j%jobs}
%dir %attr(770, %{user_name}, %{group_name}) %{rw_data_dir}
%dir %attr(770, %{user_name}, %{group_name}) %{initial_values_dir}
-%dir %{upgrade_data_dir}/key-manager/initial_values
-%{upgrade_script_dir}/230.key-manager-change-data-dir.patch.sh
-%{upgrade_script_dir}/231.key-manager-migrate-dkek.patch.sh
-%{upgrade_script_dir}/232.key-manager-change-user.patch.sh
-%{upgrade_script_dir}/233.key-manager-move-ss-migratable-data.patch.sh
-%{upgrade_script_dir}/234.key-manager-move-certsvc-migratable-data.patch.sh
-%{upgrade_script_dir}/235.key-manager-move-rw-from-upgrade-dir.patch.sh
%{ro_etc_dir}/gumd/userdel.d/10_key-manager.post
%{bin_dir}/ckm_tool