From 4779cd32052649ffaacd6e649b6b0163adf72b47 Mon Sep 17 00:00:00 2001
From: Keebong <keebong.bahn@samsung.com>
Date: Mon, 29 Jul 2013 16:22:21 +0900
Subject: [PATCH] Added signing for obs/gbs build

Change-Id: I470c3293947bade4f412e26172840887cdf72786
Signed-off-by: Keebong <keebong.bahn@samsung.com>
---
 ChangeLog                 |   4 +
 packaging/FtApp.spec      |  28 +++++
 util/gen_priv_pkg_spec.sh | 259 ++++++++++++++++++++++++++++++++++++++++++++++
 util/privileges.list      | 156 ++++++++++++++++++++++++++++
 4 files changed, 447 insertions(+)
 mode change 100755 => 100644 packaging/FtApp.spec
 create mode 100755 util/gen_priv_pkg_spec.sh
 create mode 100644 util/privileges.list

diff --git a/ChangeLog b/ChangeLog
index c3bdabe..9c21e08 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2013/07/29
+----------
+* Added signing for obs/gbs build.
+
 2013/07/18
 ----------
 * Fixed memory leak on UnloadSo.
diff --git a/packaging/FtApp.spec b/packaging/FtApp.spec
old mode 100755
new mode 100644
index abf9dbf..a97d160
--- a/packaging/FtApp.spec
+++ b/packaging/FtApp.spec
@@ -15,6 +15,8 @@ BuildRequires:  pkgconfig(osp-uifw)
 BuildRequires:  pkgconfig(osp-image-core)
 BuildRequires:  pkgconfig(chromium)
 BuildRequires:  pkgconfig(minizip)
+BuildRequires:  zip
+BuildRequires:  hash-signer
 
 %description
 FtApp application
@@ -27,6 +29,14 @@ Requires:   %{name} = %{version}-%{release}
 %description debug
 FtApp application (DEV)
 
+%package privilege
+Summary:    FtApp application (Privilege)
+Group:      TO_BE/FILLED_IN
+Requires:   %{name} = %{version}-%{release}
+
+%description privilege
+FtApp application (Privilege)
+
 %prep
 %setup -q
 
@@ -44,6 +54,21 @@ make %{?jobs:-j%jobs}
 %install
 rm -rf %{buildroot}
 %make_install
+PKG_ID=2s4jm6firv
+%define tizen_sign 1
+%define tizen_sign_base /opt/usr/apps/${PKG_ID}
+%define tizen_sign_level platform
+%define tizen_author_sign 1
+%define tizen_dist_sign 1
+
+
+mkdir -p /tmp/FtApp-original
+curDir=$(pwd)
+cp -r %{buildroot}/opt/usr/apps/${PKG_ID}/* /tmp/FtApp-original
+mkdir -p %{buildroot}/opt/share/FtApp
+./util/gen_priv_pkg_spec.sh /tmp/FtApp-original %{buildroot}/opt/share/FtApp util/privileges.list
+rm /tmp/FtApp-original -rf
+
 
 %post
 /sbin/ldconfig
@@ -63,3 +88,6 @@ echo "/usr/etc/package-manager/backend/tpk -u "${APP_ID}
 
 %files debug
 /opt/usr/apps/debug/*
+
+%files privilege
+/opt/share/FtApp/*
diff --git a/util/gen_priv_pkg_spec.sh b/util/gen_priv_pkg_spec.sh
new file mode 100755
index 0000000..07d288f
--- /dev/null
+++ b/util/gen_priv_pkg_spec.sh
@@ -0,0 +1,259 @@
+#!/bin/bash
+
+SRC_PATH=$(readlink -e $1)
+TARGET_PATH=$(readlink -e $2)
+LIST_FILE=$(readlink -e $3)
+
+PATH="${PATH}:/usr/bin/hash-signer"
+AUTHOR_PRIVATEKEY_FILE="/tmp/tizen_author.key"
+DISTRIBUTOR_PRIVATEKEY_FILE="/tmp/tizen-distributor-partner-manufacturer-signer.key"
+
+delete_signature()
+{
+    rm $SRC_PATH/author-signature.xml
+    rm $SRC_PATH/signature1.xml
+}
+
+get_privatekey_file()
+{
+    openssl pkcs12 -in /opt/usr/share/certs/signer/tizen-distributor-partner-manufacturer-signer.p12  \
+            -nocerts  -out "$DISTRIBUTOR_PRIVATEKEY_FILE" -passin pass:tizenpkcs12passfordsigner -passout pass:tttttt
+
+    openssl pkcs12 -in /opt/usr/share/certs/signer/tizen_author.p12  \
+            -nocerts  -out "$AUTHOR_PRIVATEKEY_FILE" -passin pass:tizenauthor -passout pass:tttttt
+}
+
+generate_new_signature()
+{
+    # Author signature
+    manifest_hash=$(openssl sha256 -binary $SRC_PATH/info/manifest.xml \
+                    | base64)
+    xmlstarlet ed -L -N s="http://www.w3.org/2000/09/xmldsig#" \
+                    -u "/s:Signature/s:SignedInfo/s:Reference[@URI='info%2Fmanifest.xml']/s:DigestValue" \
+                    -v $manifest_hash \
+                    "$SRC_PATH/author-signature.xml"
+    objectHash=$(xmlstarlet sel -N s="http://www.w3.org/2000/09/xmldsig#" \
+                    -t -c "/s:Signature/s:Object" \
+                    "$SRC_PATH/author-signature.xml" \
+                    | xmlstarlet c14n \
+                    | openssl sha256 -binary \
+                    | base64)
+    xmlstarlet ed -L -N s="http://www.w3.org/2000/09/xmldsig#" \
+                        -u "/s:Signature/s:SignedInfo/s:Reference[@URI='#prop']/s:DigestValue" \
+                        -v $objectHash \
+                        "$SRC_PATH/author-signature.xml"
+    calSignature=$(xmlstarlet sel  -N s="http://www.w3.org/2000/09/xmldsig#" \
+                -t -c "/s:Signature/s:SignedInfo" "$SRC_PATH/author-signature.xml" \
+                | xmlstarlet c14n  \
+                | openssl sha256 -sign "$AUTHOR_PRIVATEKEY_FILE" -passin pass:tttttt \
+                | base64)
+    xmlstarlet ed  -P -L -N s="http://www.w3.org/2000/09/xmldsig#" \
+                    -u "/s:Signature/s:SignatureValue" -v "$calSignature" \
+                    "$SRC_PATH/author-signature.xml"
+
+    # Distributor signature
+    xmlstarlet ed -L -N s="http://www.w3.org/2000/09/xmldsig#" \
+                    -u "/s:Signature/s:SignedInfo/s:Reference[@URI='info/manifest.xml']/s:DigestValue" \
+                    -v $manifest_hash \
+                    "$SRC_PATH/signature1.xml"
+    objectHash=$(xmlstarlet sel -N s="http://www.w3.org/2000/09/xmldsig#" \
+                    -t -c "/s:Signature/s:Object" \
+                    "$SRC_PATH/signature1.xml" \
+                    | xmlstarlet c14n \
+                    | openssl sha256 -binary \
+                    | base64)
+    xmlstarlet ed -L -N s="http://www.w3.org/2000/09/xmldsig#" \
+                        -u "/s:Signature/s:SignedInfo/s:Reference[@URI='#prop']/s:DigestValue" \
+                        -v $objectHash \
+                        "$SRC_PATH/signature1.xml"
+    author_signature_hash=$(openssl sha256 -binary $SRC_PATH/author-signature.xml \
+                    | base64)
+    xmlstarlet ed -L -N s="http://www.w3.org/2000/09/xmldsig#" \
+                        -u "/s:Signature/s:SignedInfo/s:Reference[@URI='author-signature.xml']/s:DigestValue" \
+                        -v $author_signature_hash \
+                        "$SRC_PATH/signature1.xml"
+    calSignature=$(xmlstarlet sel  -N s="http://www.w3.org/2000/09/xmldsig#" \
+                -t -c "/s:Signature/s:SignedInfo" "$SRC_PATH/signature1.xml" \
+                | xmlstarlet c14n  \
+                | openssl sha256 -sign "$DISTRIBUTOR_PRIVATEKEY_FILE" -passin pass:tttttt\
+                | base64)
+    xmlstarlet ed  -P -L -N s="http://www.w3.org/2000/09/xmldsig#" \
+                    -u "/s:Signature/s:SignatureValue" -v "$calSignature" \
+                    "$SRC_PATH/signature1.xml"
+
+}
+
+check_error()
+{
+	if [ "$1" -ne "0" ]; then
+		echo "============================================================="
+		echo "ERROR : $2 - exit code ($1) "
+		echo "============================================================="
+		exit $1
+	fi
+}
+
+# get the current working directory
+current_path=$PWD
+
+
+automationpriv="<Privilege>http://tizen.org/privilege/testautomation"
+automationprivcmd=" /<Privileges>$/ a $automationpriv"
+powerpriv="<Privilege>http://tizen.org/privilege/power"
+powerprivcmd=" /<Privileges>$/ a $powerpriv"
+settingpriv="<Privilege>http://tizen.org/privilege/setting"
+settingprivcmd=" /<Privileges>$/ a $settingpriv"
+endcmd="</Privilege>"
+
+#get_privatekey_file
+#hash-signer.sh -a -d -p platform $SRC_PATH
+# function for create basic tpk
+
+create_basic_tpk()
+{
+    delete_signature
+    # First create zip
+    hash-signer.sh -a -d -p platform $SRC_PATH
+    echo
+    echo "------------------------"
+    echo "Basic TPK"
+    echo "FtApp: $1"
+    echo "------------------------"
+
+    #generate_new_signature
+    #echo Zipping : $TARGET_PATH, $SRC_PATH
+    CUR_DIR=$(pwd)
+    cd $SRC_PATH
+    zip -r -q $TARGET_PATH/$1.zip bin data info res shared author-signature.xml signature1.xml
+    # Rename the zip file in tpk
+    mv $TARGET_PATH/$1.zip $TARGET_PATH/$1.tpk
+    # giving permission
+    chmod +x $TARGET_PATH/$1.tpk
+    cd $CUR_DIR
+}
+
+set_hwacc_on()
+{
+    sed  -i 's/HwAcceleration="On"/HwAcceleration="Off"/g' $SRC_PATH/info/manifest.xml
+}
+
+set_hwacc_off()
+{
+    sed  -i 's/HwAcceleration="Off"/HwAcceleration="On"/g' $SRC_PATH/info/manifest.xml
+}
+
+set_privilege()
+{
+    sed  -i /\<Privilege\>/d $SRC_PATH/info/manifest.xml
+    for PRIV in $*
+    do
+        echo "Add privilege: $PRIV"
+        tmp="<Privilege>http://tizen.org/privilege/$PRIV"
+        cmd="/<Privileges>$/ a $tmp"
+        sed -i "${cmd}${endcmd}" $SRC_PATH/info/manifest.xml
+    done
+    sed -i "${automationprivcmd}${endcmd}" $SRC_PATH/info/manifest.xml
+    sed -i "${powerprivcmd}${endcmd}" $SRC_PATH/info/manifest.xml
+    sed -i "${settingprivcmd}${endcmd}" $SRC_PATH/info/manifest.xml
+}
+
+set_black_theme()
+{
+sed  -i 's/SystemTheme="Black"/SystemTheme="White"/g' $SRC_PATH/info/manifest.xml
+}
+
+set_white_theme()
+{
+sed  -i 's/SystemTheme="White"/SystemTheme="Black"/g' $SRC_PATH/info/manifest.xml
+}
+
+
+# Change the current working directory to 2s4jm6firv folder.
+cd $SRC_PATH
+#cp ${current_path}/author-signature.xml ${current_path}/signature1.xml ./
+
+# insert attribute and value in mainfest.xml file
+set_black_theme
+set_hwacc_off
+sed  -i 's/<ApiVersion/<ApiVersion OspCompat="True"/g' $SRC_PATH/info/manifest.xml
+sed  -i 's/>2.2/>2.0/g' $SRC_PATH/info/manifest.xml
+create_basic_tpk "FtAppCompat-hwon"
+
+set_hwacc_on
+create_basic_tpk "FtAppCompat"
+
+sed  -i 's/<ApiVersion OspCompat="True"/<ApiVersion/g' $SRC_PATH/info/manifest.xml
+sed  -i 's/>2.0/>2.2/g' $SRC_PATH/info/manifest.xml
+create_basic_tpk "FtApp-all-priv"
+
+set_hwacc_off
+create_basic_tpk "FtApp-hwon-all-priv"
+
+sed -i "${automationprivcmd}${endcmd}" $SRC_PATH/info/manifest.xml
+sed -i "${powerprivcmd}${endcmd}" $SRC_PATH/info/manifest.xml
+sed -i "${settingprivcmd}${endcmd}" $SRC_PATH/info/manifest.xml
+set_hwacc_on
+sed  -i /\<Privilege\>/d $SRC_PATH/info/manifest.xml
+sed -i "${automationprivcmd}${endcmd}" $SRC_PATH/info/manifest.xml
+sed -i "${powerprivcmd}${endcmd}" $SRC_PATH/info/manifest.xml
+sed -i "${settingprivcmd}${endcmd}" $SRC_PATH/info/manifest.xml
+create_basic_tpk "FtApp"	
+create_basic_tpk "FtApp-power"
+create_basic_tpk "FtApp-setting"
+
+set_white_theme
+create_basic_tpk "FtApp-black-theme"
+
+set_black_theme
+set_hwacc_off
+create_basic_tpk "FtApp-hwon"
+create_basic_tpk "FtApp-hwon-power"
+create_basic_tpk "FtApp-hwon-setting"
+
+# Create tpk with given privilege.list file
+while read line
+do
+    CUR_DIR=$(pwd)
+    cd $SRC_PATH
+
+    APP_NAME=${line%%:*}
+    if test -z `echo $line |grep ":"`
+    then
+        PRIV_LIST="$APP_NAME"
+    else
+        PRIV_LIST=${line##*:}
+    fi
+    echo `expr length $PRIV_LIST`
+    FTAPP_NAME=FtApp-${APP_NAME}
+    FTAPP_HWON_NAME=FtApp-hwon-${APP_NAME}
+    echo
+    echo "------------------------"
+    echo "FtApp: $FTAPP_NAME"
+    echo "Privileges: $PRIV_LIST"
+    echo "------------------------"
+
+    #make a hardware accel on
+	set_hwacc_on
+	set_privilege $PRIV_LIST
+    delete_signature
+    hash-signer.sh -a -d -p platform $SRC_PATH
+#    generate_new_signature
+	zip -r -q $TARGET_PATH/"$FTAPP_NAME".zip bin data info res shared author-signature.xml signature1.xml
+	pkg_name=`echo ../"$FTAPP_NAME".zip | awk -F.zip '{print $1}' | sed 's/\./-/g' | awk -F/ '{print $2}'`
+	mv $TARGET_PATH/$FTAPP_NAME.zip $TARGET_PATH/${pkg_name}.tpk
+	chmod +x $TARGET_PATH/${pkg_name}.tpk
+
+    #make a hardware accel off
+	set_hwacc_off
+    delete_signature
+    hash-signer.sh -a -d -p platform $SRC_PATH
+#    generate_new_signature
+	zip -r -q $TARGET_PATH/$FTAPP_HWON_NAME.zip bin data info res shared author-signature.xml signature1.xml
+	pkg_name=`echo ../$FTAPP_HWON_NAME.zip | awk -F.zip '{print $1}' | sed 's/\./-/g' | awk -F/ '{print $2}'`
+	mv $TARGET_PATH/$FTAPP_HWON_NAME.zip $TARGET_PATH/${pkg_name}.tpk
+	chmod +x $TARGET_PATH/${pkg_name}.tpk
+    cd $CUR_DIR 
+
+done < $LIST_FILE
+
+echo "call gen_multi_priv_pkg.sh"
diff --git a/util/privileges.list b/util/privileges.list
new file mode 100644
index 0000000..1649c5d
--- /dev/null
+++ b/util/privileges.list
@@ -0,0 +1,156 @@
+account.read
+account.write
+alarm
+antivirus
+application.kill
+application.launch
+appmanager.certificate
+appmanager.kill
+appmanager.launch
+appmanager.setting
+appsetting
+appusage
+appwidgetprovider.install
+audiomanager.route
+audiorecorder
+bluetooth.admin
+bluetooth.gap
+bluetooth.health
+bluetooth.opp
+bluetooth.spp
+bluetoothmanager
+bookmark.read
+bookmark.write
+calendar.read
+calendar.write
+callforward
+callhistory.read
+callhistory.write
+camera
+cellbroadcast
+certificate.read
+certificate.write
+contact.read
+contact.write
+content.read
+content.write
+customnetaccount
+datacontrol.consumer
+datasync
+dns
+download
+drmservice
+filesystem.read
+filesystem.write
+geolocationpermission.read
+geolocationpermission.write
+http
+ime
+imemanager
+inputmanager
+internet
+location
+lockmanager
+messageport
+messaging.email
+messaging.mms
+messaging.read
+messaging.sms
+messaging.write
+netstatisticsmanager
+network.account
+network.connection
+network.statistics
+network.statistics.read
+networkbearerselection
+networkmanager
+nfc.admin
+nfc.common
+nfc.p2p
+nfc.tag
+nfcmanager
+notification
+notificationmanager
+package.info
+packageinfo
+packagemanager.info
+packagemanager.install
+packagemanager.setting
+packagesetting
+platforminfo
+privacymanager.read
+privacymanager.write
+privilegemanager.read
+push
+secureelement
+settingmanager.read
+settingmanager.write
+shortcut.install
+smstrigger
+socket
+system
+systeminfo
+systemmanager
+systemsetting.read
+systemsetting.write
+telephony
+telephonymanager
+uimanager
+useridentity
+userprofile.read
+userprofile.write
+vibrator
+videorecorder
+wappush
+web.privacy
+web.service
+wifi.admin
+wifi.read
+wifi.wifidirect.admin
+wifi.wifidirect.read
+wifimanager
+2account-rw:account.read account.write
+4accountrw-contactrw:account.read account.write contact.read contact.write
+6accrw-contactrw-userprofrw:account.read account.write contact.read contact.write userprofile.read userprofile.write
+2app-launchkill:application.launch appmanager.kill
+3appwidgetprov-packman-install:appwidgetprovider.install packagemanager.install package.info
+2bluetooth-admingap:bluetooth.admin bluetooth.gap
+2bluetooth-adminmanager:bluetooth.admin bluetoothmanager
+2bluetooth-adminopp:bluetooth.admin bluetooth.opp
+2bookmark-rw:bookmark.read bookmark.write
+2calendar-rw:calendar.read calendar.write
+2callfwd-settingw:callforward settingmanager.write
+2camera-video:camera videorecorder
+2certificate-rw:certificate.read certificate.write
+2contact-rw:contact.read contact.write
+4contact-userprofile-rw:contact.read contact.write userprofile.read userprofile.write
+2content-rw:content.read content.write
+2dns-netconn:dns network.connection
+3geoloc-permissionrw-service:geolocationpermission.read geolocationpermission.write web.service
+2http-netconn:http network.connection
+2http-push:http push
+2imemanager-packageinfo:imemanager package.info
+2loc-power:location power
+2netconn-sock:network.connection socket
+5netconn-sock-wifiadmin-directr:network.connection socket wifi.admin wifi.wifidirect.admin wifi.wifidirect.read
+2nfcmanager-p2p:nfc.p2p nfcmanager
+2nfctag-admin:nfc.admin nfc.tag
+2noti-man:notificationmanager notification
+2package-settinginfo:packagesetting packageinfo
+2privacyr-accountr:privacymanager.read account.read
+2privacyw-accountr:privacymanager.write account.read
+2setting-manager-w:setting settingmanager.write
+3setting-manager-rw:setting settingmanager.read settingmanager.write
+3settingw-sysm-telephony:settingmanager.write systemmanager telephony
+3settingw-telephony-telem:settingmanager.write telephony telephonymanager
+2settingw-telephony:settingmanager.write telephony
+2settingw-telephonym:settingmanager.write telephonymanager
+2settingw-useridentity:settingmanager.write useridentity
+2system-manager:system systemmanager
+2userprofile-rw:userprofile.read userprofile.write
+2service-wifiadmin:web.service wifi.admin
+3service-privacy-wifiadmin:web.privacy web.service wifi.admin
+3service-inputmanager-wifiadmin:web.service inputmanager wifi.admin
+2wifiadmin-read:wifi.admin wifi.read
+2wifiadmin-direct:wifi.admin wifi.wifidirect.admin
+3wifiadmin-directr:wifi.admin wifi.wifidirect.admin wifi.wifidirect.read
-- 
2.7.4