summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Tomasz Swierczek [Wed, 17 Jan 2024 07:58:35 +0000 (08:58 +0100)]
Update certs as usual
Change-Id: I051c41cc49c9e6c56dd4db867e9d1d5f210395a5
Tomasz Swierczek [Tue, 23 May 2023 07:46:00 +0000 (09:46 +0200)]
Updated root CA's & removed expired ones
Change-Id: I0b684def9ef0e74fdf089ae7305a68ac828db076
Tomasz Swierczek [Tue, 28 Mar 2023 12:03:42 +0000 (14:03 +0200)]
Updated root CAs & removed expired ones
Change-Id: Ia0f1b1d5d009066acc95d95ebfee060ce191ec75
Tomasz Swierczek [Wed, 26 Oct 2022 10:29:34 +0000 (12:29 +0200)]
Update latest certificates from Mozilla source
Also, add simple script to parse Mozilla's certificates.
Change-Id: I7742b0801c4d955b0d2b7dbee7e9429c6e230aef
Tomasz Swierczek [Mon, 24 Oct 2022 09:12:39 +0000 (11:12 +0200)]
Update CA root certificates & remove expired ones
Added also digicert G5 root certificates.
Change-Id: I1fa68a1db3e1335924a9643ab1c852bc98b668b9
Tomasz Swierczek [Mon, 27 Sep 2021 10:22:52 +0000 (12:22 +0200)]
Removed expired certificate
Change-Id: I80620dc0cb06b639fc79131eb698a4ca25966fa4
Tomasz Swierczek [Tue, 2 Mar 2021 08:52:28 +0000 (09:52 +0100)]
Update list of certificates
Change-Id: I74dbf60873ef5c1a336290db0facc8e88c3ddcd1
Tomasz Swierczek [Tue, 23 Feb 2021 09:28:00 +0000 (10:28 +0100)]
Add error reporting in case of malformed cert file
Previously the error log didn't contain the name of file,
which was problematic when preparing an update.
Change-Id: I35f91a6a88becfc292fee823e31055fbf1e2a2a4
Tomasz Swierczek [Thu, 5 Nov 2020 10:05:23 +0000 (11:05 +0100)]
Fix update script re-setting the Smack label to System::Privileged
The ca-bundle.pem file, acc. to smack manifest of the package, should
be labeled as System::Shared. The concat-cacerts.sh script, when encountered
exsting bundle, was removing it, creating new file which resulted in the
smack label to be (possibly) changed to the label under the script was run.
With this change, the file is no longer removed, preserving its Smack label.
Change-Id: Ieb230151f064689585f980e231781dded3dc3c2f
Tomasz Swierczek [Fri, 18 Sep 2020 09:12:55 +0000 (11:12 +0200)]
Add updarte script - 500.ca-certificates_upgrade.sh
Update script will re-create the concatenated CA bundle
and re-make links to certs on RW partition.
The update script uses openssl binary to parse certificates,
so the line:
Requires: openssl1.1
was added to spec file. CA bundle could be created during
ca-certificate package build, but it looks like the scripts
to manage certificates were already installed together with
the package, so current logic (of creating the bundle
on actual image) was preserved with this "Requires",
at the expense of some additional disk usage for openssl binary.
Change-Id: I4bc44e945ca6592ead02a94c363d984a9982fe05
Tomasz Swierczek [Fri, 18 Sep 2020 07:19:06 +0000 (09:19 +0200)]
Remove expired certificage
Change-Id: I4a4d5ff590be01fbbbc72ccb3ca139fd0d449cd5
Dongsun Lee [Thu, 4 Jun 2020 06:02:45 +0000 (15:02 +0900)]
Define TZ_SYS_RO_CA_DIR
Change-Id: I15a37fa86293ed2fccd7bd9757d4b3ef619dedc3
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Tomasz Swierczek [Fri, 17 Apr 2020 09:26:03 +0000 (11:26 +0200)]
Remove expired certificate
Change-Id: I04f7c986e7ecb6b471bd3a4165d7650cab5a45ef
yan11.meng [Sat, 4 Jan 2020 16:53:59 +0000 (01:53 +0900)]
fix build error with rpm 4.14 version and fix warning:Explicit %attr() mode not applicable to symlink
Change-Id: Ia05be6dc7b0bf1ee89c7835ee118b9068ab293d8
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
Tomasz Swierczek [Mon, 21 Oct 2019 04:49:02 +0000 (06:49 +0200)]
Update certificates & remove expired ones
- The KISA certificate,
0996ae1d.0, is left.
Additionally, the patch unifies access mode to all certificates.
Change-Id: Ie0917773f0faf83eae1d5fe0f04658a0081b9569
Dongsun Lee [Wed, 14 Aug 2019 01:40:51 +0000 (10:40 +0900)]
Add PATH variable in script file
Change-Id: I5a3c0f4186f8c4f30a040bd9085709c1ba8334d7
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Thu, 14 Feb 2019 04:34:11 +0000 (13:34 +0900)]
add script files for ca-certificates-ext package
Change-Id: I394a46bffd8e719eb5bfed4529e9f382fae6b057
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Konrad Lipinski [Tue, 28 May 2019 14:16:20 +0000 (16:16 +0200)]
Migrate to openssl 1.1
Change-Id: If638185b9fe174aa062c9c8c697ab013599ec8e9
Tomasz Swierczek [Tue, 24 Jul 2018 08:34:52 +0000 (10:34 +0200)]
Fix python update scripts to store multiple certs for same subject
It was not an issue as we didn't had such certificates, but it may happen
in the future that for one subject, there may be many certs.
This pach restores previous certificate naming scheme in the repository.
Change-Id: I5b69410af5a7588124bb18d20ffc9310f32d3d00
Tomasz Swierczek [Wed, 16 May 2018 09:31:34 +0000 (11:31 +0200)]
Updated CA certificates
Change-Id: I9d0467f67bc1f7e868f5fe5b7ab1bb7c7d5955a5
Tomasz Swierczek [Wed, 16 May 2018 08:52:18 +0000 (10:52 +0200)]
Added new scripts for managing certificate data
Change-Id: I03f5d7d70dcfc483f1c67b546a0cf5dc3f8f1f22
Sunmin Lee [Tue, 5 Sep 2017 07:42:50 +0000 (16:42 +0900)]
Remove old update script
RW update script for Tizen 2.4 (to 3.0) is not necessary.
There is no big change between 3.0 and 4.0. So no migration script is required.
Change-Id: I8febbb73df31c31bb7ee1662224ab8fb0eb03b6b
(cherry picked from commit
a2f804cb30d7c50457d94ab7c0d4c3aaf64d05aa)
sangwan.kwon [Fri, 30 Jun 2017 08:15:24 +0000 (17:15 +0900)]
Fix upgrade script number
* Accordig to OS upgrade team's guide, these scripts would be run as 241, 242.
Change-Id: I98910774e82a0029a58248a4caa85bd504a2b7a5
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
(cherry picked from commit
0856f8f4506c2f0c2a0465b6709b5b253db095eb)
sangwan.kwon [Thu, 22 Jun 2017 07:00:32 +0000 (16:00 +0900)]
Refine upgrade script for support previous versions
* Support both platform and product Tizen 2.4
Change-Id: Ifc0d340dcfc5eb506c0e7e061cb9929b22ae61bd
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
(cherry picked from commit
071e0d121d6958b7dc3e7570970b5acd7e9ad0ca)
sangwan.kwon [Mon, 5 Dec 2016 08:30:58 +0000 (17:30 +0900)]
Add number to upgrade scripts
Change-Id: I73b0d4b5bf40abcc3f0b9623f1809d5907b82c06
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Sunmin Lee [Wed, 30 Nov 2016 05:35:32 +0000 (14:35 +0900)]
Upgrade: do not make symlink during upgrade
RO partition cannot be modified during upgrade process.
The change of RO partition should be included in RO image itself.
Change-Id: Ieae6aff145e749b17c0170336203d26d423039f2
(cherry picked from commit
4efb3bf24a2a26b35422d796eaaefc1dbdbc2ef1)
sangwan.kwon [Tue, 15 Nov 2016 06:40:42 +0000 (15:40 +0900)]
Upgrade version to 0.0.4
* changes : Remove expired ssl certificates
Change-Id: Icf812811efe74ecf6541e5599ec0318304929f73
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 15 Nov 2016 05:42:53 +0000 (14:42 +0900)]
Remove expired ssl certificates
* deleted: certs/
039c618a.0
* deleted: certs/
1bc668cc.0
* deleted: certs/
20533f91.0
* deleted: certs/
3b2716e5.0
* deleted: certs/
476182b1.0
* deleted: certs/
6a680ea5.0
* deleted: certs/
72de6920.0
* deleted: certs/
73881aed.0
* deleted: certs/
804c2a3a.0
* deleted: certs/
84009bc3.0
* deleted: certs/
88f89ea7.0
* deleted: certs/
8f111d69.0
* deleted: certs/
94010abc.0
* deleted: certs/
9c472bf7.0
* deleted: certs/
b42ff584.0
* deleted: certs/
b6c5745d.0
* deleted: certs/
c75dd286.0
* deleted: certs/
c75dd286.1
* deleted: certs/
c75dd286.2
* deleted: certs/
cc154c6e.0
* deleted: certs/
ce486240.0
* deleted: certs/
cee8e824.0
* deleted: certs/
cfa1c2ee.0
* deleted: certs/
eeaa6d5c.0
* deleted: certs/
fcac10e3.0
Change-Id: Ide5268f5a35ce264c8b25ac78eee8cc2a186b80b
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 15 Nov 2016 04:55:50 +0000 (13:55 +0900)]
Add check ceritifcate-expiration-date script
[e.g.] $./check-expired-certs.sh ../certs/ 2016-12-31
Change-Id: I0fd9e143bed65edd5e9a9b044c008853bd8befd3
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 2 Sep 2016 04:29:32 +0000 (13:29 +0900)]
Add absolute bin path on script
Change-Id: I089f679099f214a722e3eef4a0a444945cbe71eb
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 31 Aug 2016 09:14:09 +0000 (18:14 +0900)]
Restore certificates permission on RW area
* cert-svc needs same DAC to read certificates on RW.
* TZ_SYS_CA_CERTS should have read permission for others.
Change-Id: I4eecba97817b3853b48f432f1da4a850a8ac6a17
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 29 Aug 2016 01:19:54 +0000 (10:19 +0900)]
Upgrade version to 0.0.3
* It supports platform upgrade (Tizen 2.4 -> 3.0)
Change-Id: Id18c847c61cec3ee1be76a7327d75274be0f8535
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 26 Aug 2016 05:55:38 +0000 (14:55 +0900)]
Add platform upgrade script on ca-bundle
* About Tizen 2.4 -> 3.0
Change-Id: Ib6833fe51c57da4b647ef810466a9f9517c374ee
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 26 Aug 2016 05:09:42 +0000 (14:09 +0900)]
Adjust permission about TZ_SYS_CA_CERTS
[AS-IS]
* Whole certs on RW area have smack label(System::Shared), 775 mode.
[TO-BE]
* Only ceritificates rw dir have smack label and 770 mode
* since security_fw group should have permission about ADD, DEL.
* Each certificates's(symlink) permission doesn't matter.
Change-Id: Ic794d1eb2ae6850de47f5f7a8834c30270aea43d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 26 Aug 2016 04:45:24 +0000 (13:45 +0900)]
Move concat-cacerts script to scripts
Change-Id: Ic9f6dd0519225aabfe31b7dd5880518c9f759514
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 25 Aug 2016 02:28:34 +0000 (11:28 +0900)]
Add platform upgrade script on certificates
* About Tizen 2.4 -> 3.0
Change-Id: Ifc17b11a633beef01d1e1ff2962bca37797c1c8f
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 24 Aug 2016 07:05:08 +0000 (16:05 +0900)]
Add gitignore file
Change-Id: I5e8d67d67ef5fb27445fba37f74caf0f5ad7027a
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 22 Aug 2016 02:22:46 +0000 (11:22 +0900)]
Sort the certificates on making bundle file
[Problem]
'find' will be traversing the directory tree in the order
items are stored within the directory entries.
However, some file systems will re-order directory entries
as part of compaction operations or when the size of the entry
needs to be expanded
[Solution]
Feed the output through an extra sorting stage.
Change-Id: I4c896caea30a26e808cc64d8bab88202c1871179
Dongsun Lee [Thu, 14 Apr 2016 02:56:47 +0000 (11:56 +0900)]
change a user from system to security_fw
Change-Id: Ib3a58c8b6ed86a3c6b009d9cdbcae69807d3094f
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
sangwan.kwon [Tue, 15 Mar 2016 01:47:24 +0000 (10:47 +0900)]
Upgrade version to 0.0.2
Change-Id: I46e1ffba66212253aef31978e3b33fc5bfd836a5
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 11 Mar 2016 09:11:26 +0000 (18:11 +0900)]
Update Tizen 3.0 CA certs hierarchy
* RO area : TZ_SYS_RO_CA_CERTS_ORIG, TZ_SYS_RO_CA_CERTS,
TZ_SYS_RO_CA_BUNDLE
* RW area : TZ_SYS_CA_CERTS, TZ_SYS_CA_BUNDLE
Change-Id: Iac25e00c4d2020c5b9cbc9d46dffcc13b48fd12c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 3 Mar 2016 08:58:17 +0000 (17:58 +0900)]
Fix the macro commonly
Change-Id: I1cf6f7cc0ff90022b2eb5081cbc32c21bf1b14dd
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 2 Mar 2016 08:40:09 +0000 (17:40 +0900)]
Update tizen directory structure
* TZ_SYS_SHARE -> TZ_SYS_RO_SHARE
* TZ_SYS_ETC -> TZ_SYS_RO_ETC
Change-Id: Ifc8bea2166711c97ae5faff1e8664e363528689e
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 08:05:42 +0000 (17:05 +0900)]
Requires filesystem to be installed after
Change-Id: I7cc8ec9a7ca624097709655e865d0b5b0cdc738d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 08:04:46 +0000 (17:04 +0900)]
Declare buildarch as noarch
Change-Id: Ib0f5143730d3328da3e96044418d3e318cafdf3b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Mon, 4 Jan 2016 08:56:11 +0000 (17:56 +0900)]
Add CA certs resource
Change-Id: Ice2438195fd23ffd0990de54c674e233c82c4120
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 28 Dec 2015 05:50:36 +0000 (14:50 +0900)]
Release initial root CA certs resource
Change-Id: I7accfa1efd3af6ceedd45b3ce7c20c9dd6c8b734
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Jinkun Jang [Mon, 28 Dec 2015 01:07:12 +0000 (17:07 -0800)]
Initial empty repository