#sbs-git:slp/pkgs/s/security-server security-server 0.0.37
Name:       wrt-security
Summary:    Wrt security daemon
Version:    0.0.67
Release:    0
Group:      Security/Access Control
License:    Apache-2.0
URL:        N/A
Source0:    %{name}-%{version}.tar.gz
Source1001: %{name}.manifest
BuildRequires: cmake
BuildRequires: zip
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(openssl)
BuildRequires: libattr-devel
BuildRequires: pkgconfig(libsmack)
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(dpl-efl)
BuildRequires: pkgconfig(dpl-utils-efl)
BuildRequires: pkgconfig(dpl-dbus-efl)
BuildRequires: pkgconfig(libpcrecpp)
BuildRequires: pkgconfig(icu-i18n)
BuildRequires: pkgconfig(libsoup-2.4)
BuildRequires: pkgconfig(xmlsec1)
BuildRequires: pkgconfig(capi-appfw-app-manager)
BuildRequires: pkgconfig(capi-appfw-package-manager)
BuildRequires: pkgconfig(privacy-manager-client)
BuildRequires: pkgconfig(privacy-manager-server)
BuildRequires: pkgconfig(capi-security-privacy-manager)
BuildRequires: pkgconfig(dpl-wrt-dao-ro)
BuildRequires: pkgconfig(libsystemd-daemon)
BuildRequires:  pkgconfig(libtzplatform-config)
Requires: libtzplatform-config
%{?systemd_requires}

%description
Wrt security daemon and utilities.

%package -n wrt-security-devel
Summary:    Header files for client libraries
Group:      Development/Libraries
Requires:   wrt-security = %{version}-%{release}

%description -n wrt-security-devel
Developer files for client libraries.

%package -n security-server-certs
Summary:    Certificates for web applications
Group:      Development/Libraries
Requires:   security-server

%description -n security-server-certs
Certificates for wrt.

%prep
%setup -q
cp %{SOURCE1001} .

%build
export LDFLAGS+="-Wl,--rpath=%{_libdir}"

%cmake . -DDPL_LOG="ON" \
        -DVERSION=%{version} \
        -DCMAKE_BUILD_TYPE=%{?build_type:%build_type} \
	-DTZ_SYS_ACE_CONF=%{TZ_SYS_ACE_CONF} \
	-DTZ_SYS_SHARE=%{TZ_SYS_SHARE}
make %{?jobs:-j%jobs}


%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/usr/share/license
cp LICENSE %{buildroot}/usr/share/license/%{name}

%make_install
mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants
mkdir -p %{buildroot}%{_unitdir}/sockets.target.wants
ln -sf %{_unitdir}/wrt-security-daemon.service %{buildroot}%{_unitdir}/multi-user.target.wants/wrt-security-daemon.service
ln -sf %{_unitdir}/wrt-security-daemon.socket  %{buildroot}%{_unitdir}/sockets.target.wants/wrt-security-daemon.socket

%clean
rm -rf %{buildroot}

%post
if [ ! -e %TZ_SYS_DB"/.ace.db" ]; then
    echo "This is new install of wrt-security"
    echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
    %{_bindir}/wrt_security_create_clean_db.sh
else
    # Find out old and new version of databases
    ACE_OLD_DB_VERSION=`sqlite3 %TZ_SYS_DB/.ace.db ".tables" | grep "DB_VERSION_"`
    ACE_NEW_DB_VERSION=`cat %TZ_SYS_RO_WRT_ENGINE/ace_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_`
    echo "OLD ace database version ${ACE_OLD_DB_VERSION}"
    echo "NEW ace database version ${ACE_NEW_DB_VERSION}"

    if [ ${ACE_OLD_DB_VERSION} -a ${ACE_NEW_DB_VERSION} ]
    then
        if [ ${ACE_NEW_DB_VERSION} = ${ACE_OLD_DB_VERSION} ]
        then
            echo "Equal database detected so db installation ignored"
        else
            echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
            %{_bindir}/wrt_security_create_clean_db.sh
        fi
    else
        echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
        %{_bindir}/wrt_security_create_clean_db.sh
    fi
fi

chsmack -a 'User' /opt/dbspace/.ace.db*

/sbin/ldconfig
echo "[WRT] wrt-security postinst done ..."

%postun
/sbin/ldconfig

%files -n wrt-security
%manifest %{name}.manifest
%defattr(-,root,root,-)
%attr(755,root,root) %{_bindir}/wrt-security-daemon
%{_libdir}/libace*.so
%{_libdir}/libace*.so.*
%{_libdir}/libwrt-ocsp.so
%{_libdir}/libwrt-ocsp.so.*
/usr/share/wrt-engine/*
%attr(755,root,root) %{_bindir}/wrt_security_create_clean_db.sh
%attr(755,root,root) %{_bindir}/wrt_security_change_policy.sh
%attr(664,root,root) %{_datadir}/dbus-1/system-services/*
%attr(664,root,root) %TZ_SYS_ACE_CONF/bondixml*
%attr(664,root,root) %TZ_SYS_ACE_CONF/UnrestrictedPolicy.xml
%attr(664,root,root) %TZ_SYS_ACE_CONF/WAC2.0Policy.xml
%attr(664,root,root) %TZ_SYS_ACE_CONF/TizenPolicy.xml
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/wac/wac.publisherid.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen.root.preproduction.cert.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/wac/wac.root.production.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/wac/wac.root.preproduction.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-developer-root-ca.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-partner.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-public.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-partner-manufacturer.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-partner-operator.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-developers-root.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-partner-class-developer-root.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-partner-class-root-authority.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-platform-class-developer-root.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-platform-class-root-authority.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-public-class-developer-root.pem
%attr(664,root,root) %TZ_SYS_SHARE/cert-svc/certs/code-signing/tizen/tizen-public-class-root-authority.pem
%{_datadir}/license/%{name}
%{_unitdir}/*

%files -n wrt-security-devel
%manifest %{name}.manifest
%defattr(-,root,root,-)
%{_includedir}/wrt-security/*
%{_includedir}/ace/*
%{_includedir}/ace-client/*
%{_includedir}/ace-settings/*
%{_includedir}/ace-install/*
%{_includedir}/ace-common/*
%{_includedir}/ace-popup-validation/*
%{_includedir}/wrt-ocsp/*
%{_libdir}/pkgconfig/security-client.pc
%{_libdir}/pkgconfig/security-communication-client.pc
%{_libdir}/pkgconfig/security-core.pc
%{_libdir}/pkgconfig/security-dao-ro.pc
%{_libdir}/pkgconfig/security-dao-rw.pc
%{_libdir}/pkgconfig/security-install.pc
%{_libdir}/pkgconfig/security-popup-validation.pc
%{_libdir}/pkgconfig/security-settings.pc
%{_libdir}/pkgconfig/security-wrt-ocsp.pc
%{_libdir}/pkgconfig/security.pc