From: Kyungwook Tak Date: Mon, 9 Nov 2015 07:28:55 +0000 (+0900) Subject: Make certs-meta.db in build time X-Git-Tag: accepted/tizen/mobile/20151112.232401~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1dde2aa324adf1ab36c8d982b69adba216ad47ce;p=platform%2Fcore%2Fsecurity%2Fcert-svc.git Make certs-meta.db in build time Change-Id: I928deccdc89f970d0d542e2512ac987ae83dcf2a Signed-off-by: Kyungwook Tak --- diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt index cdfb1be..f5b4d64 100644 --- a/etc/CMakeLists.txt +++ b/etc/CMakeLists.txt @@ -1,28 +1,43 @@ -SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc) +SET(ETC_DIR ${CMAKE_CURRENT_SOURCE_DIR}) INSTALL(FILES ${ETC_DIR}/schema.xsd DESTINATION ${TZ_SYS_RO_WRT_ENGINE} ) -INSTALL(FILES - ${ETC_DIR}/make-ca-certificate.sh - DESTINATION ${TZ_SYS_BIN} - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE +MESSAGE("Add ssl table to certs-meta.db") + +EXECUTE_PROCESS( + COMMAND + ${ETC_DIR}/cert_svc_create_clean_store_db.sh + ${ETC_DIR}/cert_svc_store_db.sql + ${ETC_DIR}/certs-meta.db + RESULT_VARIABLE ERROR_CODE + ) + +IF (ERROR_CODE) + MESSAGE(FATAL_ERROR "[${ERROR_CODE}] Failed to create clean store db") +ENDIF (ERROR_CODE) + +EXECUTE_PROCESS( + COMMAND + ${ETC_DIR}/initialize_store_db.sh + ${ETC_DIR}/certs-meta.db + ${ETC_DIR}/ca-certificate.crt + RESULT_VARIABLE ERROR_CODE ) +IF (ERROR_CODE) + MESSAGE(FATAL_ERROR "[${ERROR_CODE}] Failed to initialize store db") +ENDIF (ERROR_CODE) + INSTALL(FILES - ${ETC_DIR}/initialize_store_db.sh - ${ETC_DIR}/cert_svc_create_clean_store_db.sh - DESTINATION ${TZ_SYS_BIN} - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE + ${ETC_DIR}/certs-meta.db + ${ETC_DIR}/certs-meta.db-journal + DESTINATION ${TZ_SYS_SHARE}/cert-svc/dbspace ) INSTALL(FILES - ${ETC_DIR}/cert_svc_store_db.sql + ${ETC_DIR}/ca-certificate.crt DESTINATION ${TZ_SYS_SHARE}/cert-svc ) diff --git a/etc/cert_svc_create_clean_store_db.sh b/etc/cert_svc_create_clean_store_db.sh old mode 100644 new mode 100755 index d73be31..fa45234 --- a/etc/cert_svc_create_clean_store_db.sh +++ b/etc/cert_svc_create_clean_store_db.sh @@ -13,26 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. # -source /etc/tizen-platform.conf +INIT_SQL=$1 +DB_PATH=$2 -DB_PATH=${TZ_SYS_SHARE}/cert-svc/dbspace -name="certs-meta.db" +sqlite3 $DB_PATH "PRAGMA journal_mode = PERSIST;" +sqlite3 $DB_PATH ".read $INIT_SQL" -rm -f ${DB_PATH}/$name -rm -f ${DB_PATH}/$name-journal - -SQL="PRAGMA journal_mode = PERSIST;" -sqlite3 ${DB_PATH}/$name "$SQL" - -SQL=".read ${TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql" -sqlite3 ${DB_PATH}/$name "$SQL" - -touch ${DB_PATH}/$name-journal - -chown system:system ${DB_PATH}/$name -chown system:system ${DB_PATH}/$name-journal - -chmod 664 ${DB_PATH}/$name -chmod 664 ${DB_PATH}/$name-journal - -echo "cert_svc_create_clean_store_db.sh done" +touch $DB_PATH-journal diff --git a/etc/empty/.gitignore b/etc/empty/.gitignore deleted file mode 100644 index e69de29..0000000 diff --git a/etc/initialize_store_db.sh b/etc/initialize_store_db.sh old mode 100644 new mode 100755 index 2f77179..50b7df3 --- a/etc/initialize_store_db.sh +++ b/etc/initialize_store_db.sh @@ -1,18 +1,18 @@ #!/bin/bash source /etc/tizen-platform.conf -ROOT_CERT_SQL=${TZ_SYS_SHARE}/cert-svc/root-cert.sql -CERT_LIST_CRT=${TZ_SYS_SHARE}/cert-svc/ca-certificate.crt +DB_PATH=$1 +CRT_PATH=$2 -MOZILLA_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/mozilla -TIZEN_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/tizen +ROOT_CERT_SQL=root-cert.sql +MOZILLA_SSL_DIRECTORY=$TZ_SYS_SHARE/ca-certificates/mozilla +TIZEN_SSL_DIRECTORY=$TZ_SYS_SHARE/ca-certificates/tizen function initialize_store_in_dir { for i in `find $1/* -name '*'` do - cert=`openssl x509 -in $i` - echo $cert >> ${CERT_LIST_CRT} - echo >> ${CERT_LIST_CRT} + openssl x509 -in $i -outform PEM >> $CRT_PATH +# echo >> $CRT_PATH gname=`echo $i | cut -f 6 -d '/'` filehash=`openssl x509 -in $i -hash -noout` @@ -31,27 +31,15 @@ function initialize_store_in_dir { commonname=${commonname:1} # cut first whitespace - echo "INSERT INTO ssl (gname, certificate, file_hash, subject_hash, common_name, enabled, is_root_app_enabled) values (\"$gname\", \"$cert\", \"$filehash\", \"$subjecthash\", \"$commonname\", 1, 1);" >> ${ROOT_CERT_SQL} + echo "INSERT INTO ssl (gname, certificate, file_hash, subject_hash, common_name, enabled, is_root_app_enabled) values (\"$gname\", \"$cert\", \"$filehash\", \"$subjecthash\", \"$commonname\", 1, 1);" >> $ROOT_CERT_SQL done } -if [[ -e $ROOT_CERT_SQL ]] -then - rm $ROOT_CERT_SQL -fi - -if [[ -e $CERT_LIST_CRT ]] -then - rm $CERT_LIST_CRT -fi - touch $ROOT_CERT_SQL -touch $CERT_LIST_CRT +touch $CRT_PATH initialize_store_in_dir $MOZILLA_SSL_DIRECTORY initialize_store_in_dir $TIZEN_SSL_DIRECTORY -chown system:system ${CERT_LIST_CRT} -chmod 644 ${CERT_LIST_CRT} - -echo "initialize_store_db.sh done" +cat $ROOT_CERT_SQL | sqlite3 $DB_PATH +rm $ROOT_CERT_SQL diff --git a/etc/make-ca-certificate.sh b/etc/make-ca-certificate.sh deleted file mode 100755 index 9bd2c60..0000000 --- a/etc/make-ca-certificate.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -source /etc/tizen-platform.conf - -MOZILLA_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/mozilla -TIZEN_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/tizen - -CRT_PATH=${TZ_SYS_SHARE}/cert-svc/ca-certificate.crt - -function append_to_crt_file { - for i in `find $1/* -name '*'` - do - openssl x509 -in $i -outform PEM >> $CRT_PATH - done -} - -if [ -e $CRT_PATH ] -then - rm $CRT_PATH -fi - -touch $CRT_PATH - -append_to_crt_file $MOZILLA_SSL_DIRECTORY -append_to_crt_file $TIZEN_SSL_DIRECTORY - -chown system:system ${CRT_PATH} -chmod 644 ${CRT_PATH} - -echo "make-ca-certificate.sh done" diff --git a/packaging/cert-svc.spec b/packaging/cert-svc.spec index 77f1afd..8ac991d 100644 --- a/packaging/cert-svc.spec +++ b/packaging/cert-svc.spec @@ -8,8 +8,9 @@ Group: Security/Libraries License: Apache-2.0 Source0: %{name}-%{version}.tar.gz Source1001: %{name}.manifest -Requires(post): findutils BuildRequires: cmake +BuildRequires: findutils +BuildRequires: openssl BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(libpcrecpp) @@ -21,11 +22,9 @@ BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(key-manager) BuildRequires: pkgconfig(libtzplatform-config) BuildRequires: pkgconfig(libsystemd-journal) -Requires: pkgconfig(libtzplatform-config) -Requires: ca-certificates-tizen -Requires: ca-certificates-mozilla -Requires: ca-certificates -Requires: openssl +BuildRequires: pkgconfig(sqlite3) +BuildRequires: ca-certificates-tizen +BuildRequires: ca-certificates-mozilla %description Certification service @@ -115,22 +114,6 @@ if [ $1 == 1 ]; then systemctl restart cert-server.service fi -echo "make ca-certificate.crt" -%{TZ_SYS_BIN}/make-ca-certificate.sh -rm %{TZ_SYS_BIN}/make-ca-certificate.sh - -echo "create certs-meta.db" -rm -rf %{TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db -%{TZ_SYS_BIN}/cert_svc_create_clean_store_db.sh %{TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql -%{TZ_SYS_BIN}/initialize_store_db.sh -if [[ -e %{TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db ]]; then - cat %{TZ_SYS_SHARE}/cert-svc/root-cert.sql | sqlite3 %{TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db -fi -rm %{TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql -rm %{TZ_SYS_SHARE}/cert-svc/root-cert.sql -rm %{TZ_SYS_BIN}/cert_svc_create_clean_store_db.sh -rm %{TZ_SYS_BIN}/initialize_store_db.sh - %postun /sbin/ldconfig @@ -146,15 +129,11 @@ rm %{TZ_SYS_BIN}/initialize_store_db.sh %attr(755,root,root) %{_libdir}/libcert-svc-vcore.so.* %attr(644,root,root) %{TZ_SYS_SHARE}/license/%{name} %attr(644,root,root) %{TZ_SYS_RO_WRT_ENGINE}/schema.xsd -%attr(644,root,root) %{TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql -%attr(755,root,root) %{TZ_SYS_BIN}/cert_svc_create_clean_store_db.sh -%attr(755,root,root) %{TZ_SYS_BIN}/make-ca-certificate.sh -%attr(755,root,root) %{TZ_SYS_BIN}/initialize_store_db.sh # Resource files install as system %{TZ_SYS_SHARE}/cert-svc/pkcs12 -%{TZ_SYS_SHARE}/cert-svc/dbspace - +%{TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db* +%{TZ_SYS_SHARE}/cert-svc/ca-certificate.crt %files devel %defattr(-,root,root,-)