[ovs-dev] Bug#661090: Bug#661090: [PATCH] debian: Move PKI directory to FHS-compliant location.
Ben Pfaff
blp at nicira.com
Fri Mar 2 00:39:29 UTC 2012
On Thu, Mar 01, 2012 at 04:10:55PM -0800, Chris Wright wrote:
> * Ben Pfaff (blp at nicira.com) wrote:
> > On Fri, Mar 02, 2012 at 12:35:09AM +0100, Andreas Beckmann wrote:
> > > On 2012-03-02 00:11, Ben Pfaff wrote:
> > > > + mv /usr/share/openvswitch/pki /var/lib/openvswitch
> > > > + ln -s /usr/share/openvswitch/pki /var/lib/openvswitch
> > >
> > > That link goes in the wrong direction ...
> >
> > I get that wrong on the first try about half the time. Thanks.
> > (Obviously I haven't tested this yet.)
> >
> > > Should the compat symlink be removed during purge?
> >
> > Sounds like a good idea, thanks, I made that change. Incremental
> > patch follows:
> >
> > diff --git a/debian/openvswitch-pki.postinst b/debian/openvswitch-pki.postinst
> > index 40fff04..7cd6bbb 100755
> > --- a/debian/openvswitch-pki.postinst
> > +++ b/debian/openvswitch-pki.postinst
> > @@ -24,7 +24,7 @@ case "$1" in
> > if test -d /usr/share/openvswitch/pki && \
> > test ! -e /var/lib/openvswitch/pki; then
> > mv /usr/share/openvswitch/pki /var/lib/openvswitch
> > - ln -s /usr/share/openvswitch/pki /var/lib/openvswitch
> > + ln -s /var/lib/openvswitch /usr/share/openvswitch/pki
>
> Should it be:
>
> - ln -s /usr/share/openvswitch/pki /var/lib/openvswitch
> + ln -s /var/lib/openvswitch/pki /usr/share/openvswitch
>
> $ ls -l /usr/share/openvswitch/pki
> /usr/share/openvswitch/pki -> /var/lib/openvswitch/pki
Sheesh.
I fixed that, actually tested the thing, and pushed the following
final commit out to master.
--8<--------------------------cut here-------------------------->8--
>From 14bd2d514e44aa46326cede67f198716def2d067 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp at nicira.com>
Date: Thu, 1 Mar 2012 16:38:27 -0800
Subject: [PATCH] debian: Move PKI directory to FHS-compliant location.
The PKI directory is mutable state, so it should be in /var, not in /usr.
This commit changes its location and, on systems upgraded from earlier
versions, moves the existing PKI and leaves behind a symlink.
CC: 661090 at bugs.debian.org
Reported-by: Andreas Beckmann <debian at abeckmann.de>
Signed-off-by: Ben Pfaff <blp at nicira.com>
---
AUTHORS | 1 +
debian/automake.mk | 1 +
debian/openvswitch-controller.postinst | 10 +++++++++-
debian/openvswitch-pki.dirs | 1 +
debian/openvswitch-pki.postinst | 10 +++++++++-
debian/openvswitch-pki.postrm | 5 +++++
m4/openvswitch.m4 | 6 +++---
7 files changed, 29 insertions(+), 5 deletions(-)
create mode 100644 debian/openvswitch-pki.dirs
diff --git a/AUTHORS b/AUTHORS
index 84908a9..6a83514 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -68,6 +68,7 @@ Alan Shieh ashieh at nicira.com
Alban Browaeys prahal at yahoo.com
Alex Yip alex at nicira.com
Alexey I. Froloff raorn at altlinux.org
+Andreas Beckmann debian at abeckmann.de
Ben Basler bbasler at nicira.com
Bob Ball bob.ball at citrix.com
Brad Hall brad at nicira.com
diff --git a/debian/automake.mk b/debian/automake.mk
index e18d47a..4425750 100644
--- a/debian/automake.mk
+++ b/debian/automake.mk
@@ -31,6 +31,7 @@ EXTRA_DIST += \
debian/openvswitch-ipsec.dirs \
debian/openvswitch-ipsec.init \
debian/openvswitch-ipsec.install \
+ debian/openvswitch-pki.dirs \
debian/openvswitch-pki.postinst \
debian/openvswitch-pki.postrm \
debian/openvswitch-switch.README.Debian \
diff --git a/debian/openvswitch-controller.postinst b/debian/openvswitch-controller.postinst
index 51acfb1..3073dc0 100755
--- a/debian/openvswitch-controller.postinst
+++ b/debian/openvswitch-controller.postinst
@@ -21,8 +21,16 @@ set -e
case "$1" in
configure)
cd /etc/openvswitch-controller
+
+ # If cacert.pem is a symlink to the old location for cacert.pem,
+ # remove it so that we can symlink it to the new location.
+ if test -h cacert.pem && \
+ test X"`readlink cacert.pem`" = X/usr/share/openvswitch/pki/switchca/cacert.pem; then
+ rm -f cacert.pem
+ fi
+
if ! test -e cacert.pem; then
- ln -s /usr/share/openvswitch/pki/switchca/cacert.pem cacert.pem
+ ln -s /var/lib/openvswitch/pki/switchca/cacert.pem cacert.pem
fi
if ! test -e privkey.pem || ! test -e cert.pem; then
oldumask=$(umask)
diff --git a/debian/openvswitch-pki.dirs b/debian/openvswitch-pki.dirs
new file mode 100644
index 0000000..84f7b37
--- /dev/null
+++ b/debian/openvswitch-pki.dirs
@@ -0,0 +1 @@
+/var/lib/openvswitch
diff --git a/debian/openvswitch-pki.postinst b/debian/openvswitch-pki.postinst
index ab25795..f4705e9 100755
--- a/debian/openvswitch-pki.postinst
+++ b/debian/openvswitch-pki.postinst
@@ -19,8 +19,16 @@ set -e
case "$1" in
configure)
+ # Move the pki directory from its previous, non FHS-compliant location,
+ # to its new location, leaving behind a symlink for compatibility.
+ if test -d /usr/share/openvswitch/pki && \
+ test ! -e /var/lib/openvswitch/pki; then
+ mv /usr/share/openvswitch/pki /var/lib/openvswitch
+ ln -s /var/lib/openvswitch/pki /usr/share/openvswitch/pki
+ fi
+
# Create certificate authorities.
- if test ! -d /usr/share/openvswitch/pki; then
+ if test ! -e /var/lib/openvswitch/pki; then
ovs-pki init
fi
;;
diff --git a/debian/openvswitch-pki.postrm b/debian/openvswitch-pki.postrm
index 5db4d6b..bc91e13 100755
--- a/debian/openvswitch-pki.postrm
+++ b/debian/openvswitch-pki.postrm
@@ -22,6 +22,11 @@ set -e
case "$1" in
purge)
rm -f /var/log/openvswitch/ovs-pki.log* || true
+
+ # Remove backward compatibility symlink, if present.
+ if test -h /usr/share/openvswitch/pki; then
+ rm -f /usr/share/openvswitch/pki
+ fi
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4
index c59d5d4..9b2a5ba 100644
--- a/m4/openvswitch.m4
+++ b/m4/openvswitch.m4
@@ -1,6 +1,6 @@
# -*- autoconf -*-
-# Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks.
+# Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira Networks.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -106,9 +106,9 @@ AC_DEFUN([OVS_CHECK_PKIDIR],
[AC_ARG_WITH(
[pkidir],
AC_HELP_STRING([--with-pkidir=DIR],
- [PKI hierarchy directory [[DATADIR/openvswitch/pki]]]),
+ [PKI hierarchy directory [[LOCALSTATEDIR/lib/openvswitch/pki]]]),
[PKIDIR=$withval],
- [PKIDIR='${pkgdatadir}/pki'])
+ [PKIDIR='${localstatedir}/lib/openvswitch/pki'])
AC_SUBST([PKIDIR])])
dnl Checks for the directory in which to store pidfiles.
--
1.7.2.5
More information about the dev
mailing list