From f5b162f5d6a8e5eca8723eada8c8bc4eb0a3d6f2 Mon Sep 17 00:00:00 2001
From: fengweihao <fengweihao@iie.ac.cn>
Date: Fri, 11 Sep 2020 14:29:29 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9RPM=E7=A8=8B=E5=BA=8F?=
 =?UTF-8?q?=E5=AE=89=E8=A3=85=E8=B7=AF=E5=BE=84=20=E6=94=AF=E6=8C=81?=
 =?UTF-8?q?=E6=97=A5=E5=BF=97=E5=AE=9A=E6=97=B6=E5=88=A0=E9=99=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CMakeLists.txt                         |   2 +-
 cmake/Package.cmake                    |  23 +++++++++++------------
 cmake/PostInstall.in                   |   3 +++
 cmake/PostUninstall.in                 |   3 +++
 cmake/PreInstall.in                    |   0
 cmake/PreUninstall.in                  |   2 ++
 resource/conf/cert_store.ini           |   7 ++++++-
 script/{ => service}/certstore.service |   4 ++--
 script/{ => tarball}/tarball.sh        |   0
 script/tmpfiles/cert_store.conf        |   5 +++++
 script/{ => tool}/signssl.sh           |   0
 script/{ => tool}/x509                 | Bin
 12 files changed, 33 insertions(+), 16 deletions(-)
 create mode 100644 cmake/PostInstall.in
 create mode 100644 cmake/PostUninstall.in
 delete mode 100644 cmake/PreInstall.in
 create mode 100644 cmake/PreUninstall.in
 rename script/{ => service}/certstore.service (64%)
 rename script/{ => tarball}/tarball.sh (100%)
 create mode 100644 script/tmpfiles/cert_store.conf
 rename script/{ => tool}/signssl.sh (100%)
 rename script/{ => tool}/x509 (100%)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index bf404ff..821c7d9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -15,7 +15,7 @@ if(NOT CMAKE_BUILD_TYPE)
 endif()
 
 if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
-	set (CMAKE_INSTALL_PREFIX "/home/tsg/certstore" CACHE PATH "default install path" FORCE )
+	set (CMAKE_INSTALL_PREFIX "/opt/tsg/certstore" CACHE PATH "default install path" FORCE )
 endif()
 
 # Global compile options
diff --git a/cmake/Package.cmake b/cmake/Package.cmake
index a4183e7..86fc9bc 100644
--- a/cmake/Package.cmake
+++ b/cmake/Package.cmake
@@ -5,6 +5,7 @@ else()
 endif()
 
 set(CPACK_PACKAGE_VENDOR "MESASOFT")
+set(CMAKE_INSTALL_PREFIX "/opt/tsg/certstore")
 set(CPACK_PACKAGE_VERSION_MAJOR "${TARGET_MAJOR}")
 set(CPACK_PACKAGE_VERSION_MINOR "${TARGET_MINOR}")
 set(CPACK_PACKAGE_VERSION_PATCH "${TARGET_PATCH}.${TARGET_DESCRIBE}")
@@ -17,24 +18,22 @@ set(CPACK_RPM_FILE_NAME "RPM-DEFAULT")
 set(CPACK_RPM_PACKAGE_AUTOREQPROV "no")
 set(CPACK_RPM_PACKAGE_RELEASE_DIST on)
 set(CPACK_RPM_DEBUGINFO_PACKAGE on)
-set(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreInstall.in)
-#set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostInstall.in)
-#set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostUninstall.in)
-#set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreUninstall.in)
+set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostInstall.in)
+set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostUninstall.in)
+set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreUninstall.in)
+
 
-set(CMAKE_INSTALL_PREFIX "/home/tsg/certstore")
 set(CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX /home/tsg)
 
-install(PROGRAMS build/program/certstore DESTINATION ./)
+install(PROGRAMS build/program/certstore DESTINATION ./bin)
 install(DIRECTORY resource/cert DESTINATION ./) 
 install(DIRECTORY resource/conf DESTINATION ./)
-#install(FILES resource/package/r2_certstore DESTINATION ./)
-#install(FILES resource/package/r3_certstore DESTINATION ./)
-#install(FILES resource/package/Makefile DESTINATION ./)
 
-install(FILES script/signssl.sh DESTINATION ./tool)
-install(FILES script/x509 DESTINATION ./tool)
-install(FILES script/certstore.service DESTINATION /usr/lib/systemd/system/)
+install(FILES script/tool/signssl.sh DESTINATION ./tool)
+install(FILES script/tool/x509 DESTINATION ./tool)
+
+install(FILES script/service/certstore.service DESTINATION /usr/lib/systemd/system/)
+install(FILES script/tmpfiles/cert_store.conf DESTINATION /usr/lib/tmpfiles.d/)
 
 # Must uninstall the debug package before install release package
 if(CMAKE_BUILD_TYPE STREQUAL "Debug")
diff --git a/cmake/PostInstall.in b/cmake/PostInstall.in
new file mode 100644
index 0000000..00d79b7
--- /dev/null
+++ b/cmake/PostInstall.in
@@ -0,0 +1,3 @@
+%sysctl_apply
+%tmpfiles_create
+/sbin/ldconfig
diff --git a/cmake/PostUninstall.in b/cmake/PostUninstall.in
new file mode 100644
index 0000000..00d79b7
--- /dev/null
+++ b/cmake/PostUninstall.in
@@ -0,0 +1,3 @@
+%sysctl_apply
+%tmpfiles_create
+/sbin/ldconfig
diff --git a/cmake/PreInstall.in b/cmake/PreInstall.in
deleted file mode 100644
index e69de29..0000000
diff --git a/cmake/PreUninstall.in b/cmake/PreUninstall.in
new file mode 100644
index 0000000..a3325d5
--- /dev/null
+++ b/cmake/PreUninstall.in
@@ -0,0 +1,2 @@
+%sysctl_apply
+%tmpfiles_create
diff --git a/resource/conf/cert_store.ini b/resource/conf/cert_store.ini
index ef0b2ee..cf49563 100644
--- a/resource/conf/cert_store.ini
+++ b/resource/conf/cert_store.ini
@@ -15,7 +15,8 @@ expire_after = 30
 #Local default root certificate path
 local_debug = 0
 ca_path = ./cert/tango-ca-v3-trust-ca.pem
-untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
+untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem
+
 [MAAT]
 #Configure the load mode,
 #0: using the configuration distribution network
@@ -32,18 +33,22 @@ inc_cfg_dir=./rule/inc/index
 full_cfg_dir=./rule/full/index
 #Json file path when json schema is used
 pxy_obj_keyring=./conf/pxy_obj_keyring.json
+
 [LIBEVENT]
 #Local monitor port number, default is 9991
 port = 9991
+
 [CERTSTORE_REDIS]
 #The Redis server IP address and port number where the certificate is stored locally
 ip = 127.0.0.1
 port = 6379
+
 [MAAT_REDIS]
 #Maat monitors the Redsi server IP address and port number
 ip = 192.168.11.243
 port = 6379
 dbindex = 4
+
 [stat]
 statsd_server=192.168.10.72
 statsd_port=8126
diff --git a/script/certstore.service b/script/service/certstore.service
similarity index 64%
rename from script/certstore.service
rename to script/service/certstore.service
index 280d2b9..71a6e5c 100644
--- a/script/certstore.service
+++ b/script/service/certstore.service
@@ -3,8 +3,8 @@ Description=Certificate Signing Engine
 After=redis.service
 
 [Service]
-WorkingDirectory=/home/tsg/certstore
-ExecStart=/home/tsg/certstore/certstore
+WorkingDirectory=/opt/tsg/certstore
+ExecStart=/opt/tsg/certstore/bin/certstore
 Restart=always
 RestartSec=5s
 
diff --git a/script/tarball.sh b/script/tarball/tarball.sh
similarity index 100%
rename from script/tarball.sh
rename to script/tarball/tarball.sh
diff --git a/script/tmpfiles/cert_store.conf b/script/tmpfiles/cert_store.conf
new file mode 100644
index 0000000..f084a44
--- /dev/null
+++ b/script/tmpfiles/cert_store.conf
@@ -0,0 +1,5 @@
+#Type Path        Mode User Group Age Argument
+d /var/log/certstore/          	    0755 - -   7d -
+d /run/certstore/foreign_files			0755 - - - -
+L /opt/tsg/certstore/logs  			- - - -   /var/log/certstore
+L /opt/tsg/certstore/foreign_files		- - - -   /run/certstore/foreign_files
diff --git a/script/signssl.sh b/script/tool/signssl.sh
similarity index 100%
rename from script/signssl.sh
rename to script/tool/signssl.sh
diff --git a/script/x509 b/script/tool/x509
similarity index 100%
rename from script/x509
rename to script/tool/x509