2 PATH=/bin:/usr/bin:/sbin:/usr/sbin
4 # Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
18 # @file 203.cert-svc-disabled-certs-upgrade.sh.in
19 # @author Sangwan Kwon (sangwan.kwon@samsung.com)
20 # @brief cert-svc disabled certs upgrade for platform upgrade 2.4 -> 3.0
23 # check this script invoked by cert-svc-db-upgrade
31 OLD_GNAME_LIST=@CERT_SVC_DB_PATH@/old-gname-list
32 OLD_CERTS_DIR=@CERT_SVC_DB_PATH@/old-certs
35 mkdir -p $OLD_CERTS_DIR
37 # get disabled ceritificates list from old db
38 sqlite3 $OLD_DB "SELECT gname FROM disabled_certs;" > $OLD_GNAME_LIST
40 # since gname is different between Tizen 2.4 and 3.0, compare certicate
42 for gname in `cat $OLD_GNAME_LIST`
44 sqlite3 $OLD_DB "SELECT certificate FROM disabled_certs
45 WHERE gname='$gname';" > $OLD_CERTS_DIR/$index
46 index=$(expr $index + 1)
49 # restore disabled certs to new db
50 for fname in `find $OLD_CERTS_DIR/* | sort`
53 # check certificate's existence on new db
54 ret=`sqlite3 $NEW_DB "SELECT EXISTS (
57 WHERE certificate='$certs');"`
61 # update ssl, disabled_certs table
62 gname=`sqlite3 $NEW_DB "SELECT gname FROM ssl WHERE certificate='$certs';"`
63 sqlite3 $NEW_DB "INSERT INTO disabled_certs VALUES ('$gname', '$certs');"
64 sqlite3 $NEW_DB "UPDATE ssl SET enabled=0 WHERE gname='$gname';"
66 # unlink disabled certs on rw area(symbol file)
67 link_path="@TZ_SYS_CA_CERTS@/$gname"
72 echo "Failed to find $link_path."
78 if [ -s @TZ_SYS_CA_BUNDLE@ ]
83 for i in `find @TZ_SYS_CA_CERTS@ -maxdepth 1 -type l | sort`
85 openssl x509 -in $i -outform PEM >> @TZ_SYS_CA_BUNDLE@
88 rm -rf $OLD_GNAME_LIST