diff options
author | sangwan.kwon <sangwan.kwon@samsung.com> | 2016-09-05 16:06:14 +0900 |
---|---|---|
committer | sangwan.kwon <sangwan.kwon@samsung.com> | 2016-09-06 10:23:35 +0900 |
commit | 81cfa67ea1c80c7fc62dec27050e867d81095707 (patch) | |
tree | 779711d663adcc0a2ea05c4908ef3004f77f21b6 | |
parent | b208273260f93a97147b1f4167fea9163699aab6 (diff) | |
download | cert-svc-81cfa67ea1c80c7fc62dec27050e867d81095707.tar.gz cert-svc-81cfa67ea1c80c7fc62dec27050e867d81095707.tar.bz2 cert-svc-81cfa67ea1c80c7fc62dec27050e867d81095707.zip |
Unlink disabled certificate at upgrade and add TC
* If db migration has done at platform upgrade,
* system certificate should be unlink.
Change-Id: I27225b6d8bb1a13a134ab10544d85a74d2791636
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
-rwxr-xr-x | etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in | 9 | ||||
-rwxr-xr-x | tests/upgrade/cert-svc-test-upgrade.sh.in | 48 |
2 files changed, 52 insertions, 5 deletions
diff --git a/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in b/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in index 91f0805..4eacba4 100755 --- a/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in +++ b/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in @@ -66,7 +66,14 @@ do sqlite3 $NEW_DB "INSERT INTO disabled_certs VALUES ('$gname', '$certs');" sqlite3 $NEW_DB "UPDATE ssl SET enabled=0 WHERE gname='$gname';" - # TODO(sangwan.kwon) unlink file between rw & ro area + # unlink disabled certs on rw area(symbol file) + link_path="@TZ_SYS_CA_CERTS@/$gname" + if [ -h $link_path ] + then + unlink $link_path + else + echo "Failed to find $link_path." + fi fi done diff --git a/tests/upgrade/cert-svc-test-upgrade.sh.in b/tests/upgrade/cert-svc-test-upgrade.sh.in index 00b8de3..f7ea6b1 100755 --- a/tests/upgrade/cert-svc-test-upgrade.sh.in +++ b/tests/upgrade/cert-svc-test-upgrade.sh.in @@ -26,6 +26,8 @@ NEW_DB=@CERT_SVC_DB_PATH@/certs-meta.db rm -rf @CERT_SVC_OLD_DB_PATH@/* cp @UPGRADE_DATA_PATH@/certs-meta-old.db @CERT_SVC_OLD_DB_PATH@/certs-meta.db +before_upgrade_certs_cnt=`ls -l @TZ_SYS_CA_CERTS@ | grep ^l | wc -l` + # run db upgrade @UPGRADE_SCRIPT_PATH@/cert-svc-db-upgrade.sh @@ -33,12 +35,50 @@ cp @UPGRADE_DATA_PATH@/certs-meta-old.db @CERT_SVC_OLD_DB_PATH@/certs-meta.db disabled_certs_cnt=`sqlite3 $NEW_DB "SELECT count(*) FROM disabled_certs;"` if [ "$disabled_certs_cnt" != "2" ] then - echo "Failed to upgrade disabled_cers table." + echo "[-] Failed to upgrade disabled_certs table." +else + echo "[+] Success to upgrade disabled_certs table." fi # testcase 2. below gname's enabled column should off -enabled_column=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='6410666e.0';"` -if [ "$enabled_column" != "0" ] +enabled_column1=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='6410666e.0';"` +if [ "$enabled_column1" != "0" ] +then + echo "[-] Failed to upgrade ssl table." +else + echo "[+] Success to upgrade ssl table." +fi +enabled_column2=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='790a7190.0';"` +if [ "$enabled_column2" != "0" ] +then + echo "[-] Failed to upgrade ssl table." +else + echo "[+] Success to upgrade ssl table." +fi + +# testcase 3. check to exist disabeld certs on rw area +link_path1="@TZ_SYS_CA_CERTS@/6410666e.0" +if [ -f $link_path1 ] +then + echo "[-] Failed to unlink disabled certs." +else + echo "[+] Success to unlink disabled certs." +fi +link_path2="@TZ_SYS_CA_CERTS@/790a7190.0" +if [ -f $link_path1 ] +then + echo "[-] Failed to unlink disabled certs." +else + echo "[+] Success to unlink disabled certs." +fi + +# check certificate's count was reduced +after_upgrade_certs_cnt=`ls -l @TZ_SYS_CA_CERTS@ | grep ^l | wc -l` +diff=$(expr $before_upgrade_certs_cnt - $after_upgrade_certs_cnt) +if [ "$diff" != "2" ] then - echo "Failed to upgrade ssl table." + echo "[-] Failed to unlink disabled certs." + echo "[-] Check ca-certificate package's upgrade has done." +else + echo "[+] Success to unlink disabled certs." fi |