From e9187f8c437a8e88bff935c7011e8890bb861cdf Mon Sep 17 00:00:00 2001 From: "sangwan.kwon" Date: Mon, 14 Mar 2016 09:17:44 +0900 Subject: [PATCH] Fix path accoriding to updated CA hierarchy Change-Id: Ia96cad62e263d795cc1f353db991699628a28f43 Signed-off-by: sangwan.kwon --- CMakeLists.txt | 13 ++++------- etc/CMakeLists.txt | 4 ++-- packaging/cert-svc.manifest.in | 2 +- packaging/cert-svc.spec | 45 ++++++++++++++++++++++-------------- tests/capi/CMakeLists.txt | 2 +- tests/pkcs12/CMakeLists.txt | 2 +- tests/pkcs12/new_test_cases.cpp | 10 -------- tests/vcore/CMakeLists.txt | 2 +- vcore/server/src/cert-server-logic.c | 6 ++--- 9 files changed, 42 insertions(+), 44 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index f7c510c..4fbe446 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -27,17 +27,14 @@ ADD_DEFINITIONS("-Werror") SET(TARGET_VCORE_LIB "cert-svc-vcore") SET(TARGET_CERT_SERVER "cert-server") -SET(CERT_SVC_PATH ${TZ_SYS_RO_SHARE}/cert-svc) -SET(CERT_SVC_RW_PATH ${TZ_SYS_SHARE}/cert-svc) -SET(CERT_SVC_DB_PATH ${CERT_SVC_RW_PATH}/dbspace) -ADD_DEFINITIONS("-DSIGNATURE_SCHEMA_PATH=\"${CERT_SVC_PATH}/schema.xsd\"") +ADD_DEFINITIONS("-DSIGNATURE_SCHEMA_PATH=\"${CERT_SVC_RO_PATH}/schema.xsd\"") -ADD_DEFINITIONS("-DCERTSVC_SYSTEM_STORE_DB=\"${CERT_SVC_DB_PATH}/certs-meta.db\"") -ADD_DEFINITIONS("-DCERTSVC_PKCS12_STORAGE_DIR=\"${CERT_SVC_RW_PATH}/pkcs12/\"") +ADD_DEFINITIONS("-DCERTSVC_SYSTEM_STORE_DB=\"${CERT_SVC_DB}/certs-meta.db\"") +ADD_DEFINITIONS("-DCERTSVC_PKCS12_STORAGE_DIR=\"${CERT_SVC_PKCS12}/\"") ADD_DEFINITIONS("-DTZ_SYS_CA_CERTS=\"${TZ_SYS_CA_CERTS}\"") ADD_DEFINITIONS("-DTZ_SYS_CA_CERTS_ORIG=\"${TZ_SYS_CA_CERTS_ORIG}\"") -ADD_DEFINITIONS("-DTZ_SYS_CA_BUNDLE_RW=\"${TZ_SYS_CA_BUNDLE_RW}\"") +ADD_DEFINITIONS("-DTZ_SYS_CA_BUNDLE=\"${TZ_SYS_CA_BUNDLE}\"") SET(CA_CERTS_PATH ${TZ_SYS_RO_SHARE}/ca-certificates) ADD_DEFINITIONS("-DTZ_SYS_CA_CERTS_TIZEN=\"${CA_CERTS_PATH}/tizen\"") @@ -55,7 +52,7 @@ ADD_SUBDIRECTORY(systemd) ADD_SUBDIRECTORY(etc) IF (DEFINED CERTSVC_TEST_BUILD) -ADD_DEFINITIONS("-DTESTAPP_RES_DIR=\"${TZ_SYS_RO_APP}/cert-svc-tests/\"") +ADD_DEFINITIONS("-DTESTAPP_RES_DIR=\"${CERT_SVC_TESTS}/\"") ADD_SUBDIRECTORY(tests) ENDIF (DEFINED CERTSVC_TEST_BUILD) diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt index a474f85..43dca8b 100644 --- a/etc/CMakeLists.txt +++ b/etc/CMakeLists.txt @@ -2,7 +2,7 @@ SET(ETC_DIR ${CMAKE_CURRENT_SOURCE_DIR}) INSTALL(FILES ${ETC_DIR}/schema.xsd - DESTINATION ${CERT_SVC_PATH} + DESTINATION ${CERT_SVC_RO_PATH} ) MESSAGE("Add ssl table to certs-meta.db") @@ -34,5 +34,5 @@ ENDIF (ERROR_CODE) INSTALL(FILES ${ETC_DIR}/certs-meta.db ${ETC_DIR}/certs-meta.db-journal - DESTINATION ${CERT_SVC_DB_PATH} + DESTINATION ${CERT_SVC_DB} ) diff --git a/packaging/cert-svc.manifest.in b/packaging/cert-svc.manifest.in index 1e13931..aed0ebd 100644 --- a/packaging/cert-svc.manifest.in +++ b/packaging/cert-svc.manifest.in @@ -3,6 +3,6 @@ - + diff --git a/packaging/cert-svc.spec b/packaging/cert-svc.spec index d4d954b..143cf1a 100644 --- a/packaging/cert-svc.spec +++ b/packaging/cert-svc.spec @@ -27,13 +27,22 @@ BuildRequires: ca-certificates-devel Requires: ca-certificates Requires: ca-certificates-tizen -%global TZ_SYS_BIN %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir} -%global TZ_SYS_SHARE %{?TZ_SYS_SHARE:%TZ_SYS_SHARE}%{!?TZ_SYS_SHARE:/opt/share} -%global TZ_SYS_RO_SHARE %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir} -%global TZ_SYS_RO_APP %{?TZ_SYS_RO_APP:%TZ_SYS_RO_APP}%!?TZ_SYS_RO_APP:/usr/apps} -%global TZ_SYS_CA_CERTS %{?TZ_SYS_CA_CERTS:%TZ_SYS_CA_CERTS}%{!?TZ_SYS_CA_CERTS:/etc/ssl/certs} -%global TZ_SYS_CA_CERTS_ORIG %{?TZ_SYS_CA_CERTS_ORIG:%TZ_SYS_CA_CERTS_ORIG}%{!?TZ_SYS_CA_CERTS_ORGIN:%TZ_SYS_RO_SHARE/ca-certificates/certs} -%global TZ_SYS_CA_BUNDLE_RW %{?TZ_SYS_CA_BUNDLE_RW:%TZ_SYS_CA_BUNDLE_RW}%{!?TZ_SYS_CA_BUNDLE_RW:/var/lib/ca-certificates/ca-bundle.pem} +%global TZ_SYS_BIN %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir} +%global TZ_SYS_ETC %{?TZ_SYS_ETC:%TZ_SYS_ETC}%{!?TZ_SYS_ETC:/opt/etc} +%global TZ_SYS_SHARE %{?TZ_SYS_SHARE:%TZ_SYS_SHARE}%{!?TZ_SYS_SHARE:/opt/share} +%global TZ_SYS_RO_SHARE %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir} +%global TZ_SYS_RW_APP %{?TZ_SYS_RW_APP:%TZ_SYS_RW_APP}%!?TZ_SYS_RW_APP:/opt/usr/apps} + +%global TZ_SYS_CA_CERTS %{?TZ_SYS_CA_CERTS:%TZ_SYS_CA_CERTS}%{!?TZ_SYS_CA_CERTS:%TZ_SYS_ETC/ssl/certs} +%global TZ_SYS_RO_CA_CERTS_ORIG %{?TZ_SYS_RO_CA_CERTS_ORIG:%TZ_SYS_RO_CA_CERTS_ORIG}%{!?TZ_SYS_CA_RO_CERTS_ORGIN:%TZ_SYS_RO_SHARE/ca-certificates/certs} +%global TZ_SYS_CA_BUNDLE %{?TZ_SYS_CA_BUNDLE:%TZ_SYS_CA_BUNDLE}%{!?TZ_SYS_CA_BUNDLE:/var/lib/ca-certificates/ca-bundle.pem} + +%global CERT_SVC_PATH %TZ_SYS_SHARE/cert-svc +%global CERT_SVC_RO_PATH %TZ_SYS_RO_SHARE/cert-svc +%global CERT_SVC_DB %CERT_SVC_PATH/dbspace +%global CERT_SVC_PKCS12 %CERT_SVC_PATH/pkcs12 +%global CERT_SVC_CA_BUNDLE %CERT_SVC_PATH/ca-certificate.crt +%global CERT_SVC_TESTS %TZ_SYS_RW_APP/cert-svc-tests %description Certification service @@ -83,10 +92,14 @@ export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE" -DTZ_SYS_BIN=%TZ_SYS_BIN \ -DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \ -DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \ - -DTZ_SYS_CA_BUNDLE_RW=%TZ_SYS_CA_BUNDLE_RW \ + -DTZ_SYS_CA_BUNDLE=%TZ_SYS_CA_BUNDLE \ + -DCERT_SVC_PATH=%CERT_SVC_PATH \ + -DCERT_SVC_RO_PATH=%CERT_SVC_RO_PATH \ + -DCERT_SVC_DB=%CERT_SVC_DB \ + -DCERT_SVC_PKCS12=%CERT_SVC_PKCS12 \ %if 0%{?certsvc_test_build} -DCERTSVC_TEST_BUILD=1 \ - -DTZ_SYS_RO_APP=%TZ_SYS_RO_APP \ + -DCERT_SVC_TESTS=%CERT_SVC_TESTS \ %endif -DCMAKE_BUILD_TYPE=%build_type \ -DSYSTEMD_UNIT_DIR=%_unitdir @@ -98,9 +111,9 @@ make %{?_smp_mflags} %install_service multi-user.target.wants cert-server.service %install_service sockets.target.wants cert-server.socket -mkdir -p %buildroot%TZ_SYS_SHARE/cert-svc/pkcs12 -mkdir -p %buildroot%TZ_SYS_SHARE/cert-svc/dbspace -ln -s %TZ_SYS_CA_BUNDLE_RW %buildroot%TZ_SYS_RO_SHARE/cert-svc/ca-certificate.crt +mkdir -p %buildroot%CERT_SVC_PKCS12 +mkdir -p %buildroot%CERT_SVC_DB +ln -sf %TZ_SYS_CA_BUNDLE %buildroot%CERT_SVC_CA_BUNDLE %preun # erase @@ -131,10 +144,8 @@ fi %_unitdir/sockets.target.wants/cert-server.socket %_libdir/libcert-svc-vcore.so.* %TZ_SYS_BIN/cert-server -%attr(-, system, system) %TZ_SYS_RO_SHARE/cert-svc -%dir %attr(-, system, system) %TZ_SYS_SHARE/cert-svc -%attr(-, system, system) %TZ_SYS_SHARE/cert-svc/pkcs12 -%attr(-, system, system) %TZ_SYS_SHARE/cert-svc/dbspace +%attr(-, system, system) %CERT_SVC_PATH +%attr(-, system, system) %CERT_SVC_RO_PATH %files devel %_includedir/* @@ -144,6 +155,6 @@ fi %if 0%{?certsvc_test_build} %files test %TZ_SYS_BIN/cert-svc-test* -%TZ_SYS_RO_APP/cert-svc-tests +%CERT_SVC_TESTS %_libdir/libcert-svc-validator-plugin.so %endif diff --git a/tests/capi/CMakeLists.txt b/tests/capi/CMakeLists.txt index d9c5afe..3950cdd 100644 --- a/tests/capi/CMakeLists.txt +++ b/tests/capi/CMakeLists.txt @@ -55,7 +55,7 @@ INSTALL(TARGETS ${TARGET_CAPI_TEST} INSTALL(FILES ${CERT_SVC_CAPI_TESTS_DIR}/data/root_cacert0.pem - DESTINATION ${TZ_SYS_RO_APP}/cert-svc-tests/certs + DESTINATION ${CERT_SVC_TESTS}/certs PERMISSIONS OWNER_READ GROUP_READ WORLD_READ diff --git a/tests/pkcs12/CMakeLists.txt b/tests/pkcs12/CMakeLists.txt index 64a729f..5fc78fd 100644 --- a/tests/pkcs12/CMakeLists.txt +++ b/tests/pkcs12/CMakeLists.txt @@ -63,5 +63,5 @@ INSTALL( wifi-server.pem wifiserver.pfx wifiuser.p12 - DESTINATION ${TZ_SYS_RO_APP}/cert-svc-tests/p12 + DESTINATION ${CERT_SVC_TESTS}/p12 ) diff --git a/tests/pkcs12/new_test_cases.cpp b/tests/pkcs12/new_test_cases.cpp index 78292ed..d93e63e 100644 --- a/tests/pkcs12/new_test_cases.cpp +++ b/tests/pkcs12/new_test_cases.cpp @@ -671,12 +671,7 @@ RUNNER_TEST(CERTSVC_PKCS12_1017_load_cert_list_from_store) RUNNER_TEST(CERTSVC_PKCS12_1018_get_duplicate_private_key) { -// FIXME : Delete macro when tizen 3.0 directory structure is fully updated -#ifdef TZ_SYS_RO_SHARE - const char *privatekey_path = tzplatform_mkpath(TZ_SYS_RO_SHARE, "cert-svc/pkcs12/temp.txt"); -#else const char *privatekey_path = tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/pkcs12/temp.txt"); -#endif int result; @@ -990,12 +985,7 @@ RUNNER_TEST(CERTSVC_PKCS12_1027_get_alias_name_from_gname_from_store) char user_cert_path[512]; -// FIXME : Delete macro when tizen 3.0 directory structure is fully updated -#ifdef TZ_SYS_RO_SHARE - const char *output_template = tzplatform_mkpath(TZ_SYS_RO_SHARE, "cert-svc/pkcs12/file_%d"); -#else const char *output_template = tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/pkcs12/file_%d"); -#endif snprintf(user_cert_path, sizeof(user_cert_path), output_template, count++); FILE *fp = fopen(user_cert_path, "w"); diff --git a/tests/vcore/CMakeLists.txt b/tests/vcore/CMakeLists.txt index 2dc7622..c5b23db 100644 --- a/tests/vcore/CMakeLists.txt +++ b/tests/vcore/CMakeLists.txt @@ -68,5 +68,5 @@ INSTALL( resource/attacked-tpk-with-userdata DESTINATION - ${TZ_SYS_RO_APP}/cert-svc-tests/apps + ${CERT_SVC_TESTS}/apps ) diff --git a/vcore/server/src/cert-server-logic.c b/vcore/server/src/cert-server-logic.c index b6e5639..adb07f8 100644 --- a/vcore/server/src/cert-server-logic.c +++ b/vcore/server/src/cert-server-logic.c @@ -203,8 +203,8 @@ int write_to_ca_cert_crt_file(const char *mode, const char *cert) return CERTSVC_WRONG_ARGUMENT; } - if (!(fp = fopen(TZ_SYS_CA_BUNDLE_RW, mode))) { - SLOGE("Failed to open the file for writing, [%s].", TZ_SYS_CA_BUNDLE_RW); + if (!(fp = fopen(TZ_SYS_CA_BUNDLE, mode))) { + SLOGE("Failed to open the file for writing, [%s].", TZ_SYS_CA_BUNDLE); return CERTSVC_FAIL; } @@ -516,7 +516,7 @@ int enable_disable_cert_status( stmt = NULL; if (records == SQLITE_ROW) { - SLOGE("Selected certificate identifier is already disabled.", gname); + SLOGE("Selected certificate identifier is already disabled. [%s]", gname); return CERTSVC_FAIL; } -- 2.7.4