From 14bd2d514e44aa46326cede67f198716def2d067 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Thu, 1 Mar 2012 16:38:27 -0800 Subject: [PATCH] debian: Move PKI directory to FHS-compliant location. The PKI directory is mutable state, so it should be in /var, not in /usr. This commit changes its location and, on systems upgraded from earlier versions, moves the existing PKI and leaves behind a symlink. CC: 661090@bugs.debian.org Reported-by: Andreas Beckmann Signed-off-by: Ben Pfaff --- AUTHORS | 1 + debian/automake.mk | 1 + debian/openvswitch-controller.postinst | 10 +++++++++- debian/openvswitch-pki.dirs | 1 + debian/openvswitch-pki.postinst | 10 +++++++++- debian/openvswitch-pki.postrm | 5 +++++ m4/openvswitch.m4 | 6 +++--- 7 files changed, 29 insertions(+), 5 deletions(-) create mode 100644 debian/openvswitch-pki.dirs diff --git a/AUTHORS b/AUTHORS index 84908a9a..6a83514b 100644 --- a/AUTHORS +++ b/AUTHORS @@ -68,6 +68,7 @@ Alan Shieh ashieh@nicira.com Alban Browaeys prahal@yahoo.com Alex Yip alex@nicira.com Alexey I. Froloff raorn@altlinux.org +Andreas Beckmann debian@abeckmann.de Ben Basler bbasler@nicira.com Bob Ball bob.ball@citrix.com Brad Hall brad@nicira.com diff --git a/debian/automake.mk b/debian/automake.mk index e18d47a2..4425750d 100644 --- a/debian/automake.mk +++ b/debian/automake.mk @@ -31,6 +31,7 @@ EXTRA_DIST += \ debian/openvswitch-ipsec.dirs \ debian/openvswitch-ipsec.init \ debian/openvswitch-ipsec.install \ + debian/openvswitch-pki.dirs \ debian/openvswitch-pki.postinst \ debian/openvswitch-pki.postrm \ debian/openvswitch-switch.README.Debian \ diff --git a/debian/openvswitch-controller.postinst b/debian/openvswitch-controller.postinst index 51acfb1a..3073dc04 100755 --- a/debian/openvswitch-controller.postinst +++ b/debian/openvswitch-controller.postinst @@ -21,8 +21,16 @@ set -e case "$1" in configure) cd /etc/openvswitch-controller + + # If cacert.pem is a symlink to the old location for cacert.pem, + # remove it so that we can symlink it to the new location. + if test -h cacert.pem && \ + test X"`readlink cacert.pem`" = X/usr/share/openvswitch/pki/switchca/cacert.pem; then + rm -f cacert.pem + fi + if ! test -e cacert.pem; then - ln -s /usr/share/openvswitch/pki/switchca/cacert.pem cacert.pem + ln -s /var/lib/openvswitch/pki/switchca/cacert.pem cacert.pem fi if ! test -e privkey.pem || ! test -e cert.pem; then oldumask=$(umask) diff --git a/debian/openvswitch-pki.dirs b/debian/openvswitch-pki.dirs new file mode 100644 index 00000000..84f7b370 --- /dev/null +++ b/debian/openvswitch-pki.dirs @@ -0,0 +1 @@ +/var/lib/openvswitch diff --git a/debian/openvswitch-pki.postinst b/debian/openvswitch-pki.postinst index ab25795f..f4705e94 100755 --- a/debian/openvswitch-pki.postinst +++ b/debian/openvswitch-pki.postinst @@ -19,8 +19,16 @@ set -e case "$1" in configure) + # Move the pki directory from its previous, non FHS-compliant location, + # to its new location, leaving behind a symlink for compatibility. + if test -d /usr/share/openvswitch/pki && \ + test ! -e /var/lib/openvswitch/pki; then + mv /usr/share/openvswitch/pki /var/lib/openvswitch + ln -s /var/lib/openvswitch/pki /usr/share/openvswitch/pki + fi + # Create certificate authorities. - if test ! -d /usr/share/openvswitch/pki; then + if test ! -e /var/lib/openvswitch/pki; then ovs-pki init fi ;; diff --git a/debian/openvswitch-pki.postrm b/debian/openvswitch-pki.postrm index 5db4d6be..bc91e13d 100755 --- a/debian/openvswitch-pki.postrm +++ b/debian/openvswitch-pki.postrm @@ -22,6 +22,11 @@ set -e case "$1" in purge) rm -f /var/log/openvswitch/ovs-pki.log* || true + + # Remove backward compatibility symlink, if present. + if test -h /usr/share/openvswitch/pki; then + rm -f /usr/share/openvswitch/pki + fi ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4 index c59d5d4c..9b2a5baf 100644 --- a/m4/openvswitch.m4 +++ b/m4/openvswitch.m4 @@ -1,6 +1,6 @@ # -*- autoconf -*- -# Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks. +# Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira Networks. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -106,9 +106,9 @@ AC_DEFUN([OVS_CHECK_PKIDIR], [AC_ARG_WITH( [pkidir], AC_HELP_STRING([--with-pkidir=DIR], - [PKI hierarchy directory [[DATADIR/openvswitch/pki]]]), + [PKI hierarchy directory [[LOCALSTATEDIR/lib/openvswitch/pki]]]), [PKIDIR=$withval], - [PKIDIR='${pkgdatadir}/pki']) + [PKIDIR='${localstatedir}/lib/openvswitch/pki']) AC_SUBST([PKIDIR])]) dnl Checks for the directory in which to store pidfiles. -- 2.30.2