summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsangwan.kwon <sangwan.kwon@samsung.com>2016-09-05 16:06:14 +0900
committersangwan.kwon <sangwan.kwon@samsung.com>2016-09-06 10:23:35 +0900
commit81cfa67ea1c80c7fc62dec27050e867d81095707 (patch)
tree779711d663adcc0a2ea05c4908ef3004f77f21b6
parentb208273260f93a97147b1f4167fea9163699aab6 (diff)
downloadcert-svc-81cfa67ea1c80c7fc62dec27050e867d81095707.tar.gz
cert-svc-81cfa67ea1c80c7fc62dec27050e867d81095707.tar.bz2
cert-svc-81cfa67ea1c80c7fc62dec27050e867d81095707.zip
Unlink disabled certificate at upgrade and add TC
* If db migration has done at platform upgrade, * system certificate should be unlink. Change-Id: I27225b6d8bb1a13a134ab10544d85a74d2791636 Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Diffstat
-rwxr-xr-xetc/upgrade/cert-svc-disabled-certs-upgrade.sh.in9
-rwxr-xr-xtests/upgrade/cert-svc-test-upgrade.sh.in48
2 files changed, 52 insertions, 5 deletions
diff --git a/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in b/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in
index 91f0805..4eacba4 100755
--- a/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in
+++ b/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in
@@ -66,7 +66,14 @@ do
sqlite3 $NEW_DB "INSERT INTO disabled_certs VALUES ('$gname', '$certs');"
sqlite3 $NEW_DB "UPDATE ssl SET enabled=0 WHERE gname='$gname';"
- # TODO(sangwan.kwon) unlink file between rw & ro area
+ # unlink disabled certs on rw area(symbol file)
+ link_path="@TZ_SYS_CA_CERTS@/$gname"
+ if [ -h $link_path ]
+ then
+ unlink $link_path
+ else
+ echo "Failed to find $link_path."
+ fi
fi
done
diff --git a/tests/upgrade/cert-svc-test-upgrade.sh.in b/tests/upgrade/cert-svc-test-upgrade.sh.in
index 00b8de3..f7ea6b1 100755
--- a/tests/upgrade/cert-svc-test-upgrade.sh.in
+++ b/tests/upgrade/cert-svc-test-upgrade.sh.in
@@ -26,6 +26,8 @@ NEW_DB=@CERT_SVC_DB_PATH@/certs-meta.db
rm -rf @CERT_SVC_OLD_DB_PATH@/*
cp @UPGRADE_DATA_PATH@/certs-meta-old.db @CERT_SVC_OLD_DB_PATH@/certs-meta.db
+before_upgrade_certs_cnt=`ls -l @TZ_SYS_CA_CERTS@ | grep ^l | wc -l`
+
# run db upgrade
@UPGRADE_SCRIPT_PATH@/cert-svc-db-upgrade.sh
@@ -33,12 +35,50 @@ cp @UPGRADE_DATA_PATH@/certs-meta-old.db @CERT_SVC_OLD_DB_PATH@/certs-meta.db
disabled_certs_cnt=`sqlite3 $NEW_DB "SELECT count(*) FROM disabled_certs;"`
if [ "$disabled_certs_cnt" != "2" ]
then
- echo "Failed to upgrade disabled_cers table."
+ echo "[-] Failed to upgrade disabled_certs table."
+else
+ echo "[+] Success to upgrade disabled_certs table."
fi
# testcase 2. below gname's enabled column should off
-enabled_column=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='6410666e.0';"`
-if [ "$enabled_column" != "0" ]
+enabled_column1=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='6410666e.0';"`
+if [ "$enabled_column1" != "0" ]
+then
+ echo "[-] Failed to upgrade ssl table."
+else
+ echo "[+] Success to upgrade ssl table."
+fi
+enabled_column2=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='790a7190.0';"`
+if [ "$enabled_column2" != "0" ]
+then
+ echo "[-] Failed to upgrade ssl table."
+else
+ echo "[+] Success to upgrade ssl table."
+fi
+
+# testcase 3. check to exist disabeld certs on rw area
+link_path1="@TZ_SYS_CA_CERTS@/6410666e.0"
+if [ -f $link_path1 ]
+then
+ echo "[-] Failed to unlink disabled certs."
+else
+ echo "[+] Success to unlink disabled certs."
+fi
+link_path2="@TZ_SYS_CA_CERTS@/790a7190.0"
+if [ -f $link_path1 ]
+then
+ echo "[-] Failed to unlink disabled certs."
+else
+ echo "[+] Success to unlink disabled certs."
+fi
+
+# check certificate's count was reduced
+after_upgrade_certs_cnt=`ls -l @TZ_SYS_CA_CERTS@ | grep ^l | wc -l`
+diff=$(expr $before_upgrade_certs_cnt - $after_upgrade_certs_cnt)
+if [ "$diff" != "2" ]
then
- echo "Failed to upgrade ssl table."
+ echo "[-] Failed to unlink disabled certs."
+ echo "[-] Check ca-certificate package's upgrade has done."
+else
+ echo "[+] Success to unlink disabled certs."
fi
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-17 14:36:52 +0000