summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKyungwook Tak <k.tak@samsung.com>2016-07-07 20:07:51 +0900
committerKyungwook Tak <k.tak@samsung.com>2016-07-08 17:00:24 +0900
commit635c4d71b142896e7519e28b1e5b886bf4d7e7c0 (patch)
treebf8ad7b499eb2dc852fba488e50cf5eb6b9c481f
parent2ab6036cbfa6be92bb8a6e5f19b6016efa9adb6b (diff)
downloadca-certificates-tizen-635c4d71b142896e7519e28b1e5b886bf4d7e7c0.tar.gz
ca-certificates-tizen-635c4d71b142896e7519e28b1e5b886bf4d7e7c0.tar.bz2
ca-certificates-tizen-635c4d71b142896e7519e28b1e5b886bf4d7e7c0.zip
Add revoked category on rw fingerprint listsubmit/tizen/20160711.025941
Requirement: Certificate can be revoked without platform upgrade, just by writing some fingerprint in xml which is in RW partition. Change-Id: Ie26f00656645c67da4298efce905660016af0147 Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Diffstat
-rw-r--r--certificates/mobile/emul/CMakeLists.txt1
-rw-r--r--certificates/mobile/emul/revoked/README1
-rw-r--r--certificates/mobile/eng/CMakeLists.txt1
-rw-r--r--certificates/mobile/eng/revoked/README1
-rw-r--r--certificates/mobile/usr/CMakeLists.txt1
-rw-r--r--certificates/mobile/usr/revoked/README1
-rw-r--r--certificates/tv/emul/CMakeLists.txt1
-rw-r--r--certificates/tv/emul/revoked/README1
-rw-r--r--certificates/tv/eng/CMakeLists.txt1
-rw-r--r--certificates/tv/eng/revoked/README1
-rw-r--r--certificates/tv/usr/CMakeLists.txt1
-rw-r--r--certificates/tv/usr/revoked/README1
-rw-r--r--certificates/wearable/emul/CMakeLists.txt1
-rw-r--r--certificates/wearable/emul/revoked/README1
-rw-r--r--certificates/wearable/eng/CMakeLists.txt1
-rw-r--r--certificates/wearable/eng/revoked/README1
-rw-r--r--certificates/wearable/usr/CMakeLists.txt1
-rw-r--r--certificates/wearable/usr/revoked/README1
-rw-r--r--packaging/ca-certificates-tizen.spec32
-rw-r--r--tools/CMakeLists.txt28
-rwxr-xr-xtools/add-fingerprint.sh2
-rw-r--r--tools/fingerprint_list_runtime.xml4
22 files changed, 75 insertions, 9 deletions
diff --git a/certificates/mobile/emul/CMakeLists.txt b/certificates/mobile/emul/CMakeLists.txt
index 5aa2128..eb5e2b9 100644
--- a/certificates/mobile/emul/CMakeLists.txt
+++ b/certificates/mobile/emul/CMakeLists.txt
@@ -3,6 +3,7 @@ INSTALL(DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/public/
${CMAKE_CURRENT_SOURCE_DIR}/partner/
${CMAKE_CURRENT_SOURCE_DIR}/platform/
+ ${CMAKE_CURRENT_SOURCE_DIR}/revoked/
DESTINATION
${TIZEN_DIR}
FILES_MATCHING
diff --git a/certificates/mobile/emul/revoked/README b/certificates/mobile/emul/revoked/README
new file mode 100644
index 0000000..a84bf6a
--- /dev/null
+++ b/certificates/mobile/emul/revoked/README
@@ -0,0 +1 @@
+Add revoked Tizen app-signing root certificate here with "pem" suffix.
diff --git a/certificates/mobile/eng/CMakeLists.txt b/certificates/mobile/eng/CMakeLists.txt
index 5aa2128..eb5e2b9 100644
--- a/certificates/mobile/eng/CMakeLists.txt
+++ b/certificates/mobile/eng/CMakeLists.txt
@@ -3,6 +3,7 @@ INSTALL(DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/public/
${CMAKE_CURRENT_SOURCE_DIR}/partner/
${CMAKE_CURRENT_SOURCE_DIR}/platform/
+ ${CMAKE_CURRENT_SOURCE_DIR}/revoked/
DESTINATION
${TIZEN_DIR}
FILES_MATCHING
diff --git a/certificates/mobile/eng/revoked/README b/certificates/mobile/eng/revoked/README
new file mode 100644
index 0000000..a84bf6a
--- /dev/null
+++ b/certificates/mobile/eng/revoked/README
@@ -0,0 +1 @@
+Add revoked Tizen app-signing root certificate here with "pem" suffix.
diff --git a/certificates/mobile/usr/CMakeLists.txt b/certificates/mobile/usr/CMakeLists.txt
index 5aa2128..eb5e2b9 100644
--- a/certificates/mobile/usr/CMakeLists.txt
+++ b/certificates/mobile/usr/CMakeLists.txt
@@ -3,6 +3,7 @@ INSTALL(DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/public/
${CMAKE_CURRENT_SOURCE_DIR}/partner/
${CMAKE_CURRENT_SOURCE_DIR}/platform/
+ ${CMAKE_CURRENT_SOURCE_DIR}/revoked/
DESTINATION
${TIZEN_DIR}
FILES_MATCHING
diff --git a/certificates/mobile/usr/revoked/README b/certificates/mobile/usr/revoked/README
new file mode 100644
index 0000000..a84bf6a
--- /dev/null
+++ b/certificates/mobile/usr/revoked/README
@@ -0,0 +1 @@
+Add revoked Tizen app-signing root certificate here with "pem" suffix.
diff --git a/certificates/tv/emul/CMakeLists.txt b/certificates/tv/emul/CMakeLists.txt
index 5aa2128..eb5e2b9 100644
--- a/certificates/tv/emul/CMakeLists.txt
+++ b/certificates/tv/emul/CMakeLists.txt
@@ -3,6 +3,7 @@ INSTALL(DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/public/
${CMAKE_CURRENT_SOURCE_DIR}/partner/
${CMAKE_CURRENT_SOURCE_DIR}/platform/
+ ${CMAKE_CURRENT_SOURCE_DIR}/revoked/
DESTINATION
${TIZEN_DIR}
FILES_MATCHING
diff --git a/certificates/tv/emul/revoked/README b/certificates/tv/emul/revoked/README
new file mode 100644
index 0000000..a84bf6a
--- /dev/null
+++ b/certificates/tv/emul/revoked/README
@@ -0,0 +1 @@
+Add revoked Tizen app-signing root certificate here with "pem" suffix.
diff --git a/certificates/tv/eng/CMakeLists.txt b/certificates/tv/eng/CMakeLists.txt
index 5aa2128..eb5e2b9 100644
--- a/certificates/tv/eng/CMakeLists.txt
+++ b/certificates/tv/eng/CMakeLists.txt
@@ -3,6 +3,7 @@ INSTALL(DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/public/
${CMAKE_CURRENT_SOURCE_DIR}/partner/
${CMAKE_CURRENT_SOURCE_DIR}/platform/
+ ${CMAKE_CURRENT_SOURCE_DIR}/revoked/
DESTINATION
${TIZEN_DIR}
FILES_MATCHING
diff --git a/certificates/tv/eng/revoked/README b/certificates/tv/eng/revoked/README
new file mode 100644
index 0000000..a84bf6a
--- /dev/null
+++ b/certificates/tv/eng/revoked/README
@@ -0,0 +1 @@
+Add revoked Tizen app-signing root certificate here with "pem" suffix.
diff --git a/certificates/tv/usr/CMakeLists.txt b/certificates/tv/usr/CMakeLists.txt
index 5aa2128..eb5e2b9 100644
--- a/certificates/tv/usr/CMakeLists.txt
+++ b/certificates/tv/usr/CMakeLists.txt
@@ -3,6 +3,7 @@ INSTALL(DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/public/
${CMAKE_CURRENT_SOURCE_DIR}/partner/
${CMAKE_CURRENT_SOURCE_DIR}/platform/
+ ${CMAKE_CURRENT_SOURCE_DIR}/revoked/
DESTINATION
${TIZEN_DIR}
FILES_MATCHING
diff --git a/certificates/tv/usr/revoked/README b/certificates/tv/usr/revoked/README
new file mode 100644
index 0000000..a84bf6a
--- /dev/null
+++ b/certificates/tv/usr/revoked/README
@@ -0,0 +1 @@
+Add revoked Tizen app-signing root certificate here with "pem" suffix.
diff --git a/certificates/wearable/emul/CMakeLists.txt b/certificates/wearable/emul/CMakeLists.txt
index 5aa2128..eb5e2b9 100644
--- a/certificates/wearable/emul/CMakeLists.txt
+++ b/certificates/wearable/emul/CMakeLists.txt
@@ -3,6 +3,7 @@ INSTALL(DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/public/
${CMAKE_CURRENT_SOURCE_DIR}/partner/
${CMAKE_CURRENT_SOURCE_DIR}/platform/
+ ${CMAKE_CURRENT_SOURCE_DIR}/revoked/
DESTINATION
${TIZEN_DIR}
FILES_MATCHING
diff --git a/certificates/wearable/emul/revoked/README b/certificates/wearable/emul/revoked/README
new file mode 100644
index 0000000..a84bf6a
--- /dev/null
+++ b/certificates/wearable/emul/revoked/README
@@ -0,0 +1 @@
+Add revoked Tizen app-signing root certificate here with "pem" suffix.
diff --git a/certificates/wearable/eng/CMakeLists.txt b/certificates/wearable/eng/CMakeLists.txt
index 5aa2128..eb5e2b9 100644
--- a/certificates/wearable/eng/CMakeLists.txt
+++ b/certificates/wearable/eng/CMakeLists.txt
@@ -3,6 +3,7 @@ INSTALL(DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/public/
${CMAKE_CURRENT_SOURCE_DIR}/partner/
${CMAKE_CURRENT_SOURCE_DIR}/platform/
+ ${CMAKE_CURRENT_SOURCE_DIR}/revoked/
DESTINATION
${TIZEN_DIR}
FILES_MATCHING
diff --git a/certificates/wearable/eng/revoked/README b/certificates/wearable/eng/revoked/README
new file mode 100644
index 0000000..a84bf6a
--- /dev/null
+++ b/certificates/wearable/eng/revoked/README
@@ -0,0 +1 @@
+Add revoked Tizen app-signing root certificate here with "pem" suffix.
diff --git a/certificates/wearable/usr/CMakeLists.txt b/certificates/wearable/usr/CMakeLists.txt
index 5aa2128..eb5e2b9 100644
--- a/certificates/wearable/usr/CMakeLists.txt
+++ b/certificates/wearable/usr/CMakeLists.txt
@@ -3,6 +3,7 @@ INSTALL(DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/public/
${CMAKE_CURRENT_SOURCE_DIR}/partner/
${CMAKE_CURRENT_SOURCE_DIR}/platform/
+ ${CMAKE_CURRENT_SOURCE_DIR}/revoked/
DESTINATION
${TIZEN_DIR}
FILES_MATCHING
diff --git a/certificates/wearable/usr/revoked/README b/certificates/wearable/usr/revoked/README
new file mode 100644
index 0000000..a84bf6a
--- /dev/null
+++ b/certificates/wearable/usr/revoked/README
@@ -0,0 +1 @@
+Add revoked Tizen app-signing root certificate here with "pem" suffix.
diff --git a/packaging/ca-certificates-tizen.spec b/packaging/ca-certificates-tizen.spec
index 7341aba..d02f3eb 100644
--- a/packaging/ca-certificates-tizen.spec
+++ b/packaging/ca-certificates-tizen.spec
@@ -9,13 +9,28 @@ Source: %{name}-%{version}.tar.gz
Source1001: %{name}.manifest
BuildRequires: cmake
BuildRequires: openssl
+BuildRequires: pkgconfig(libtzplatform-config)
+
+%description
+Used for the installation of Tizen-specific CA certificates.
+
+%package devel
+Summary: Devel package of %{name} which contains RPM macros
+Group: Development/Libraries
+License: Apache-2.0
+Requires: %name = %version-%release
+
+%description devel
+%{name} devel package which contains RPM macros for runtime revoked certs fingerprint
%define ro_data_dir %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir}
+%define rw_data_dir %{?TZ_SYS_SHARE:%TZ_SYS_SHARE}%{!?TZ_SYS_SHARE:/opt/share}
%define tizen_dir %{ro_data_dir}/ca-certificates/tizen
%define fingerprint_dir %{ro_data_dir}/ca-certificates/fingerprint
+%define fingerprint_rw_dir %{rw_data_dir}/ca-certificates/fingerprint
+%define ro_etc_dir %{?TZ_SYS_RO_ETC:%TZ_SYS_RO_ETC}%{!?TZ_SYS_RO_ETC:%_sysconfdir}
-%description
-Used for the installation of Tizen-specific CA certificates.
+%define macro_ca_certificates_tizen %{ro_etc_dir}/rpm/macros.ca-certificates-tizen
%prep
%setup -q
@@ -37,15 +52,18 @@ echo "release engineering mode"
%cmake . -DRELMODE=%{REL_MODE} \
-DTIZEN_DIR=%{tizen_dir} \
-DFINGERPRINT_DIR=%{fingerprint_dir} \
+ -DFINGERPRINT_RW_DIR=%{fingerprint_rw_dir} \
-DPROFILE_TARGET=%{?profile}
make %{?_smp_mflags}
%install
-rm -fr %{buildroot}
%make_install
-mkdir -p %{buildroot}%{tizen_dir}
-mkdir -p %{buildroot}%{fingerprint_dir}
+
+mkdir -p %{buildroot}%{ro_etc_dir}/rpm
+touch %{buildroot}%{macro_ca_certificates_tizen}
+echo "%TZ_SYS_REVOKED_CERTS_FINGERPRINTS_RUNTIME %{fingerprint_rw_dir}/fingerprint_list_runtime.xml" >> %{buildroot}%{macro_ca_certificates_tizen}
+
%files
%defattr(-,root,root,-)
@@ -53,3 +71,7 @@ mkdir -p %{buildroot}%{fingerprint_dir}
%license LICENSE
%{tizen_dir}/*
%{fingerprint_dir}/*
+%{fingerprint_rw_dir}/fingerprint_list_runtime.xml
+
+%files devel
+%config %{macro_ca_certificates_tizen}
diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt
index 95e8b31..8fe0139 100644
--- a/tools/CMakeLists.txt
+++ b/tools/CMakeLists.txt
@@ -4,6 +4,11 @@ GET_FILENAME_COMPONENT(
REALPATH
)
GET_FILENAME_COMPONENT(
+ FINGERPRINT_LIST_RW_XML
+ ${CMAKE_CURRENT_SOURCE_DIR}/fingerprint_list_runtime.xml
+ REALPATH
+ )
+GET_FILENAME_COMPONENT(
FINGERPRINT_LIST_XSD
${CMAKE_CURRENT_SOURCE_DIR}/fingerprint_list.xsd
REALPATH
@@ -16,10 +21,27 @@ EXECUTE_PROCESS(
${FINGERPRINT_LIST_XML}
RESULT_VARIABLE ERROR_CODE
)
+
IF(ERROR_CODE)
MESSAGE(FATAL_ERROR "Failed to generate fingerprint list")
ENDIF(ERROR_CODE)
-INSTALL(FILES ${FINGERPRINT_LIST_XML}
- ${FINGERPRINT_LIST_XSD}
- DESTINATION ${FINGERPRINT_DIR})
+EXECUTE_PROCESS(
+ COMMAND
+ ${CMAKE_CURRENT_SOURCE_DIR}/add-fingerprint.sh
+ ${CMAKE_SOURCE_DIR}/certificates/${PROFILE_TARGET}/${RELMODE}
+ ${FINGERPRINT_LIST_RW_XML}
+ RESULT_VARIABLE ERROR_CODE
+)
+
+IF(ERROR_CODE)
+ MESSAGE("Failed to generate fingerprint list rw")
+ENDIF(ERROR_CODE)
+
+INSTALL(FILES ${FINGERPRINT_LIST_XML} ${FINGERPRINT_LIST_XSD}
+ DESTINATION ${FINGERPRINT_DIR}
+)
+
+INSTALL(FILES ${FINGERPRINT_LIST_RW_XML}
+ DESTINATION ${FINGERPRINT_RW_DIR}
+)
diff --git a/tools/add-fingerprint.sh b/tools/add-fingerprint.sh
index 65d8804..91bd38c 100755
--- a/tools/add-fingerprint.sh
+++ b/tools/add-fingerprint.sh
@@ -9,7 +9,7 @@ then
exit 2
fi
-for CATEGORY in developer public partner platform test verify store
+for CATEGORY in developer public partner platform test verify store revoked
do
if [ -d "$CERT_ROOT/$CATEGORY" ]
then
diff --git a/tools/fingerprint_list_runtime.xml b/tools/fingerprint_list_runtime.xml
new file mode 100644
index 0000000..e71251a
--- /dev/null
+++ b/tools/fingerprint_list_runtime.xml
@@ -0,0 +1,4 @@
+<CertificateSet>
+ <CertificateDomain name="tizen-revoked">
+ </CertificateDomain>
+</CertificateSet>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 15:38:19 +0000