From 8ccec6785ee30fb7c9e06a3421f5b460364b2968 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Tue, 6 Sep 2016 15:55:08 +0900 Subject: [PATCH] Add upgrade script Change-Id: I4d38443cf3880b50215aa36e084445cc8bbb60be Signed-off-by: Kyungwook Tak --- CMakeLists.txt | 1 + packaging/libwebappenc.manifest.in | 5 +++++ packaging/libwebappenc.spec | 23 +++++++++++++++++---- resources/CMakeLists.txt | 35 +++++++++++++++++++++++++------- scripts/CMakeLists.txt | 16 +++++++++++++++ scripts/wae-upgrade.sh.in | 30 +++++++++++++++++++++++++++ systemd/CMakeLists.txt | 24 ++++++++++++++-------- systemd/webappenc-initializer.service.in | 8 ++++---- 8 files changed, 119 insertions(+), 23 deletions(-) create mode 100644 scripts/CMakeLists.txt create mode 100755 scripts/wae-upgrade.sh.in diff --git a/CMakeLists.txt b/CMakeLists.txt index 436eb74..96efdbe 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -93,3 +93,4 @@ ADD_SUBDIRECTORY(resources) ADD_SUBDIRECTORY(include) ADD_SUBDIRECTORY(tests) ADD_SUBDIRECTORY(systemd) +ADD_SUBDIRECTORY(scripts) diff --git a/packaging/libwebappenc.manifest.in b/packaging/libwebappenc.manifest.in index 86dbb26..5451c22 100644 --- a/packaging/libwebappenc.manifest.in +++ b/packaging/libwebappenc.manifest.in @@ -2,4 +2,9 @@ + + + + + diff --git a/packaging/libwebappenc.spec b/packaging/libwebappenc.spec index 7d796f9..9f8faef 100644 --- a/packaging/libwebappenc.spec +++ b/packaging/libwebappenc.spec @@ -37,8 +37,14 @@ Requires: %{name} = %{version}-%{release} %description test Web application encryption and decryption service (test) -%define bin_dir %TZ_SYS_BIN -%define rw_share_dir %TZ_SYS_SHARE +%define user_name security_fw +%define group_name security_fw +%define smack_domain System +%define bin_dir %TZ_SYS_BIN +%define rw_share_dir %TZ_SYS_SHARE +%define upgrade_dir %TZ_SYS_RO_SHARE/upgrade +%define upgrade_script_dir %{upgrade_dir}/scripts +%define upgrade_data_dir %{upgrade_dir}/data %prep %setup -q @@ -52,6 +58,11 @@ Web application encryption and decryption service (test) -DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DCMAKE_BUILD_TYPE=%{build_type} \ -DRW_SHARE_DIR=%rw_share_dir \ + -DUPGRADE_DATA_DIR=%upgrade_data_dir \ + -DUPGRADE_SCRIPT_DIR=%upgrade_script_dir \ + -DUSER_NAME=%user_name \ + -DGROUP_NAME=%group_name \ + -DSMACK_DOMAIN=%smack_domain \ -DBINDIR=%bin_dir make %{?jobs:-j%jobs} @@ -88,8 +99,12 @@ fi %{_unitdir}/webappenc-initializer.service %{_unitdir}/multi-user.target.wants/webappenc-initializer.service %{bin_dir}/wae_initializer -%{rw_share_dir}/wae/app_dek/WAE_APPDEK_KEK_PrivateKey.pem -%{rw_share_dir}/wae/app_dek/WAE_APPDEK_KEK_PublicKey.pem +%dir %attr(770, %user_name, %group_name) %{rw_share_dir}/wae +%dir %attr(770, %user_name, %group_name) %{rw_share_dir}/wae/app_dek +%attr(660, %user_name, %group_name) %{rw_share_dir}/wae/app_dek/* + +%attr(775,root,root) %{upgrade_script_dir}/wae-upgrade.sh +%{upgrade_data_dir}/wae/app_dek/* %files devel %{_includedir}/* diff --git a/resources/CMakeLists.txt b/resources/CMakeLists.txt index ae2bc8b..030553c 100644 --- a/resources/CMakeLists.txt +++ b/resources/CMakeLists.txt @@ -1,12 +1,33 @@ -################################################################################ -# for resource install -################################################################################ - +# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Dongsun Lee (ds73.lee@samsung.com) +# @brief Resource install cmake +# INSTALL(FILES - ${PROJECT_SOURCE_DIR}/resources/WAE_APPDEK_KEK_PublicKey.pem - ${PROJECT_SOURCE_DIR}/resources/WAE_APPDEK_KEK_PrivateKey.pem - DESTINATION ${RW_SHARE_DIR}/wae/app_dek/ + WAE_APPDEK_KEK_PublicKey.pem + WAE_APPDEK_KEK_PrivateKey.pem + DESTINATION ${RW_SHARE_DIR}/wae/app_dek PERMISSIONS OWNER_READ OWNER_WRITE ) +INSTALL(FILES + WAE_APPDEK_KEK_PublicKey.pem + WAE_APPDEK_KEK_PrivateKey.pem + DESTINATION ${UPGRADE_DATA_DIR}/wae/app_dek + PERMISSIONS OWNER_READ + OWNER_WRITE +) diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt new file mode 100644 index 0000000..c73467e --- /dev/null +++ b/scripts/CMakeLists.txt @@ -0,0 +1,16 @@ +# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +CONFIGURE_FILE(wae-upgrade.sh.in wae-upgrade.sh @ONLY) +INSTALL(FILES wae-upgrade.sh DESTINATION ${UPGRADE_SCRIPT_DIR}) diff --git a/scripts/wae-upgrade.sh.in b/scripts/wae-upgrade.sh.in new file mode 100755 index 0000000..652962b --- /dev/null +++ b/scripts/wae-upgrade.sh.in @@ -0,0 +1,30 @@ +#!/bin/bash +PATH=/bin:/usr/bin:/sbin:/usr/sbin + +# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file wae-upgrade.sh.in +# @author Kyungwook Tak (k.tak@samsung.com) +# @brief Platform upgrade support + +WAE_DIR=@RW_SHARE_DIR@/wae + +mv @UPGRADE_DATA_DIR@/wae $WAE_DIR + +chsmack -a "@SMACK_DOMAIN@" $WAE_DIR -r +chown -R @USER_NAME@:@GROUP_NAME@ $WAE_DIR +chmod 770 $WAE_DIR +chmod 770 $WAE_DIR/app_dek +chmod 660 $WAE_DIR/app_dek/* diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt index bf7bb79..99eafd5 100644 --- a/systemd/CMakeLists.txt +++ b/systemd/CMakeLists.txt @@ -1,8 +1,16 @@ -CONFIGURE_FILE(${CMAKE_SOURCE_DIR}/systemd/webappenc-initializer.service.in - ${CMAKE_SOURCE_DIR}/systemd/webappenc-initializer.service @ONLY) - -INSTALL(FILES - ${CMAKE_SOURCE_DIR}/systemd/webappenc-initializer.service - DESTINATION - ${SYSTEMD_UNIT_DIR} -) +# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +CONFIGURE_FILE(webappenc-initializer.service.in webappenc-initializer.service @ONLY) +INSTALL(FILES webappenc-initializer.service DESTINATION ${SYSTEMD_UNIT_DIR}) diff --git a/systemd/webappenc-initializer.service.in b/systemd/webappenc-initializer.service.in index 768552e..ed0bebe 100644 --- a/systemd/webappenc-initializer.service.in +++ b/systemd/webappenc-initializer.service.in @@ -5,11 +5,11 @@ Requires=central-key-manager.service After=central-key-manager.service [Service] -User=security_fw -Group=security_fw +User=@USER_NAME@ +Group=@GROUP_NAME@ Type=oneshot -ExecStart=/usr/bin/wae_initializer -SmackProcessLabel=System +ExecStart=@BINDIR@/wae_initializer +SmackProcessLabel=@SMACK_DOMAIN@ [Install] WantedBy=multi-user.target -- 2.7.4