diff options
| author | sangwan.kwon <sangwan.kwon@samsung.com> | 2016-09-05 17:57:05 +0900 |
|---|---|---|
| committer | sangwan.kwon <sangwan.kwon@samsung.com> | 2016-09-06 11:53:03 +0900 |
| commit | b58b9697d4b078da9b134ea719a7358d9daf7427 (patch) | |
| tree | 6e088cfda342f2a8cef1e8e229b782ee4d9426cb | |
| parent | 81cfa67ea1c80c7fc62dec27050e867d81095707 (diff) | |
| download | cert-svc-b58b9697d4b078da9b134ea719a7358d9daf7427.tar.gz cert-svc-b58b9697d4b078da9b134ea719a7358d9daf7427.tar.bz2 cert-svc-b58b9697d4b078da9b134ea719a7358d9daf7427.zip | |
Remake bundle file at db migration
* If db migration is done, check to update disabled_certs table
* and remake bundle file.
* Link CERT_SVC_CA_BUNDLE too.
Change-Id: Id7a2495ae2bb4f97cd34eab94d15de3eb8755d81
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
| -rwxr-xr-x | etc/upgrade/cert-svc-db-upgrade.sh.in | 4 | ||||
| -rwxr-xr-x | etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in | 11 | ||||
| -rw-r--r-- | packaging/cert-svc.spec | 2 | ||||
| -rwxr-xr-x | tests/upgrade/cert-svc-test-upgrade.sh.in | 37 |
4 files changed, 47 insertions, 7 deletions
diff --git a/etc/upgrade/cert-svc-db-upgrade.sh.in b/etc/upgrade/cert-svc-db-upgrade.sh.in index 395c42b..0fdd3c0 100755 --- a/etc/upgrade/cert-svc-db-upgrade.sh.in +++ b/etc/upgrade/cert-svc-db-upgrade.sh.in @@ -42,6 +42,10 @@ rm -rf $OLD_DB # generate blank journal file newly touch $NEW_DB-journal +# support backward compatablity +ln -sf @TZ_SYS_CA_BUNDLE@ @CERT_SVC_CA_BUNDLE@ +chown -h @USER_NAME@:@GROUP_NAME@ @CERT_SVC_CA_BUNDLE@ + # change permission chsmack -a @SMACK_DOMAIN_NAME@ @CERT_SVC_DB_PATH@/* chown @USER_NAME@:@GROUP_NAME@ @CERT_SVC_DB_PATH@/* diff --git a/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in b/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in index 4eacba4..6090624 100755 --- a/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in +++ b/etc/upgrade/cert-svc-disabled-certs-upgrade.sh.in @@ -77,5 +77,16 @@ do fi done +# re-make bundle file +if [ -s @TZ_SYS_CA_BUNDLE@ ] +then + rm @TZ_SYS_CA_BUNDLE@ +fi + +for i in `find @TZ_SYS_CA_CERTS@ -maxdepth 1 -type l | sort` +do + openssl x509 -in $i -outform PEM >> @TZ_SYS_CA_BUNDLE@ +done + rm -rf $OLD_GNAME_LIST rm -rf $OLD_CERTS_DIR diff --git a/packaging/cert-svc.spec b/packaging/cert-svc.spec index 62b2b34..d23c8e6 100644 --- a/packaging/cert-svc.spec +++ b/packaging/cert-svc.spec @@ -29,6 +29,7 @@ BuildRequires: ca-certificates-tizen-devel Requires: ca-certificates Requires: ca-certificates-tizen Requires: security-config +Requires: openssl %if "%{?profile}" == "mobile" BuildRequires: pkgconfig(cert-checker) %endif @@ -110,6 +111,7 @@ export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE" -DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \ -DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \ -DTZ_SYS_CA_BUNDLE=%TZ_SYS_CA_BUNDLE \ + -DCERT_SVC_CA_BUNDLE=%CERT_SVC_CA_BUNDLE \ -DFINGERPRINT_LIST_RW_PATH=%TZ_SYS_REVOKED_CERTS_FINGERPRINTS_RUNTIME \ -DCERT_SVC_PATH=%CERT_SVC_PATH \ -DCERT_SVC_RO_PATH=%CERT_SVC_RO_PATH \ diff --git a/tests/upgrade/cert-svc-test-upgrade.sh.in b/tests/upgrade/cert-svc-test-upgrade.sh.in index f7ea6b1..bbdce60 100755 --- a/tests/upgrade/cert-svc-test-upgrade.sh.in +++ b/tests/upgrade/cert-svc-test-upgrade.sh.in @@ -21,12 +21,15 @@ PATH=/bin:/usr/bin:/sbin:/usr/sbin # NEW_DB=@CERT_SVC_DB_PATH@/certs-meta.db +TEST_GNAME1="6410666e.0" +TEST_GNAME2="790a7190.0" # set test old database rm -rf @CERT_SVC_OLD_DB_PATH@/* cp @UPGRADE_DATA_PATH@/certs-meta-old.db @CERT_SVC_OLD_DB_PATH@/certs-meta.db before_upgrade_certs_cnt=`ls -l @TZ_SYS_CA_CERTS@ | grep ^l | wc -l` +before_upgrade_bundle_line=`cat @TZ_SYS_CA_BUNDLE@ | wc -l` # run db upgrade @UPGRADE_SCRIPT_PATH@/cert-svc-db-upgrade.sh @@ -41,14 +44,14 @@ else fi # testcase 2. below gname's enabled column should off -enabled_column1=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='6410666e.0';"` +enabled_column1=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='$TEST_GNAME1';"` if [ "$enabled_column1" != "0" ] then echo "[-] Failed to upgrade ssl table." else echo "[+] Success to upgrade ssl table." fi -enabled_column2=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='790a7190.0';"` +enabled_column2=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='$TEST_GNAME2';"` if [ "$enabled_column2" != "0" ] then echo "[-] Failed to upgrade ssl table." @@ -56,15 +59,15 @@ else echo "[+] Success to upgrade ssl table." fi -# testcase 3. check to exist disabeld certs on rw area -link_path1="@TZ_SYS_CA_CERTS@/6410666e.0" +# testcase 3. check to exist disabled certs on rw area +link_path1="@TZ_SYS_CA_CERTS@/$TEST_GNAME1" if [ -f $link_path1 ] then echo "[-] Failed to unlink disabled certs." else echo "[+] Success to unlink disabled certs." fi -link_path2="@TZ_SYS_CA_CERTS@/790a7190.0" +link_path2="@TZ_SYS_CA_CERTS@/$TEST_GNAME2" if [ -f $link_path1 ] then echo "[-] Failed to unlink disabled certs." @@ -74,11 +77,31 @@ fi # check certificate's count was reduced after_upgrade_certs_cnt=`ls -l @TZ_SYS_CA_CERTS@ | grep ^l | wc -l` -diff=$(expr $before_upgrade_certs_cnt - $after_upgrade_certs_cnt) -if [ "$diff" != "2" ] +diff_cnt=$(expr $before_upgrade_certs_cnt - $after_upgrade_certs_cnt) +if [ "$diff_cnt" != "2" ] then echo "[-] Failed to unlink disabled certs." echo "[-] Check ca-certificate package's upgrade has done." else echo "[+] Success to unlink disabled certs." fi + +# testcase 4. bundle file should update +after_upgrade_bundle_line=`cat @TZ_SYS_CA_BUNDLE@ | wc -l` +diff_line1=$(expr $before_upgrade_bundle_line - $after_upgrade_bundle_line) +if [ "$diff_line1" != "56" ] +then + echo "[-] Failed to update bundle file." + echo "[-] Check ca-certificate package's upgrade has done." +else + echo "[+] Success to update bundle file." +fi + +after_symbol_bundle_line=`cat @CERT_SVC_CA_BUNDLE@ | wc -l` +diff_line2=$(expr $after_upgrade_bundle_line - $after_symbol_bundle_line) +if [ "$diff_line2" != "0" ] +then + echo "[-] Failed to sync bundle file with CERT_SVC_CA_BUNDLE." +else + echo "[+] Success to sync bundle file with CERT_SVC_CA_BUNDLE." +fi |