[ovs-dev] Bug#661090: Bug#661090: [PATCH] debian: Move PKI directory to FHS-compliant location.

Ben Pfaff blp at nicira.com
Fri Mar 2 00:39:29 UTC 2012 

On Thu, Mar 01, 2012 at 04:10:55PM -0800, Chris Wright wrote:
> * Ben Pfaff (blp at nicira.com) wrote:
> > On Fri, Mar 02, 2012 at 12:35:09AM +0100, Andreas Beckmann wrote:
> > > On 2012-03-02 00:11, Ben Pfaff wrote:
> > > > +            mv /usr/share/openvswitch/pki /var/lib/openvswitch
> > > > +            ln -s /usr/share/openvswitch/pki /var/lib/openvswitch
> > > 
> > > That link goes in the wrong direction ...
> > 
> > I get that wrong on the first try about half the time.  Thanks.
> > (Obviously I haven't tested this yet.)
> > 
> > > Should the compat symlink be removed during purge?
> > 
> > Sounds like a good idea, thanks, I made that change.  Incremental
> > patch follows:
> > 
> > diff --git a/debian/openvswitch-pki.postinst b/debian/openvswitch-pki.postinst
> > index 40fff04..7cd6bbb 100755
> > --- a/debian/openvswitch-pki.postinst
> > +++ b/debian/openvswitch-pki.postinst
> > @@ -24,7 +24,7 @@ case "$1" in
> >          if test -d /usr/share/openvswitch/pki && \
> >             test ! -e /var/lib/openvswitch/pki; then
> >              mv /usr/share/openvswitch/pki /var/lib/openvswitch
> > -            ln -s /usr/share/openvswitch/pki /var/lib/openvswitch
> > +            ln -s /var/lib/openvswitch /usr/share/openvswitch/pki
> 
> Should it be:
> 
> -            ln -s /usr/share/openvswitch/pki /var/lib/openvswitch
> +            ln -s /var/lib/openvswitch/pki /usr/share/openvswitch
> 
> $ ls -l /usr/share/openvswitch/pki
> /usr/share/openvswitch/pki -> /var/lib/openvswitch/pki

Sheesh.

I fixed that, actually tested the thing, and pushed the following
final commit out to master.

--8<--------------------------cut here-------------------------->8--

>From 14bd2d514e44aa46326cede67f198716def2d067 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp at nicira.com>
Date: Thu, 1 Mar 2012 16:38:27 -0800
Subject: [PATCH] debian: Move PKI directory to FHS-compliant location.

The PKI directory is mutable state, so it should be in /var, not in /usr.
This commit changes its location and, on systems upgraded from earlier
versions, moves the existing PKI and leaves behind a symlink.

CC: 661090 at bugs.debian.org
Reported-by: Andreas Beckmann <debian at abeckmann.de>
Signed-off-by: Ben Pfaff <blp at nicira.com>
---
 AUTHORS                                |    1 +
 debian/automake.mk                     |    1 +
 debian/openvswitch-controller.postinst |   10 +++++++++-
 debian/openvswitch-pki.dirs            |    1 +
 debian/openvswitch-pki.postinst        |   10 +++++++++-
 debian/openvswitch-pki.postrm          |    5 +++++
 m4/openvswitch.m4                      |    6 +++---
 7 files changed, 29 insertions(+), 5 deletions(-)
 create mode 100644 debian/openvswitch-pki.dirs

diff --git a/AUTHORS b/AUTHORS
index 84908a9..6a83514 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -68,6 +68,7 @@ Alan Shieh              ashieh at nicira.com
 Alban Browaeys          prahal at yahoo.com
 Alex Yip                alex at nicira.com
 Alexey I. Froloff       raorn at altlinux.org
+Andreas Beckmann        debian at abeckmann.de
 Ben Basler              bbasler at nicira.com
 Bob Ball                bob.ball at citrix.com
 Brad Hall               brad at nicira.com
diff --git a/debian/automake.mk b/debian/automake.mk
index e18d47a..4425750 100644
--- a/debian/automake.mk
+++ b/debian/automake.mk
@@ -31,6 +31,7 @@ EXTRA_DIST += \
 	debian/openvswitch-ipsec.dirs \
 	debian/openvswitch-ipsec.init \
 	debian/openvswitch-ipsec.install \
+	debian/openvswitch-pki.dirs \
 	debian/openvswitch-pki.postinst \
 	debian/openvswitch-pki.postrm \
 	debian/openvswitch-switch.README.Debian \
diff --git a/debian/openvswitch-controller.postinst b/debian/openvswitch-controller.postinst
index 51acfb1..3073dc0 100755
--- a/debian/openvswitch-controller.postinst
+++ b/debian/openvswitch-controller.postinst
@@ -21,8 +21,16 @@ set -e
 case "$1" in
     configure)
         cd /etc/openvswitch-controller
+
+        # If cacert.pem is a symlink to the old location for cacert.pem,
+        # remove it so that we can symlink it to the new location.
+        if test -h cacert.pem && \
+           test X"`readlink cacert.pem`" = X/usr/share/openvswitch/pki/switchca/cacert.pem; then
+            rm -f cacert.pem
+        fi
+
         if ! test -e cacert.pem; then
-            ln -s /usr/share/openvswitch/pki/switchca/cacert.pem cacert.pem
+            ln -s /var/lib/openvswitch/pki/switchca/cacert.pem cacert.pem
         fi
         if ! test -e privkey.pem || ! test -e cert.pem; then
             oldumask=$(umask)
diff --git a/debian/openvswitch-pki.dirs b/debian/openvswitch-pki.dirs
new file mode 100644
index 0000000..84f7b37
--- /dev/null
+++ b/debian/openvswitch-pki.dirs
@@ -0,0 +1 @@
+/var/lib/openvswitch
diff --git a/debian/openvswitch-pki.postinst b/debian/openvswitch-pki.postinst
index ab25795..f4705e9 100755
--- a/debian/openvswitch-pki.postinst
+++ b/debian/openvswitch-pki.postinst
@@ -19,8 +19,16 @@ set -e
 
 case "$1" in
     configure)
+        # Move the pki directory from its previous, non FHS-compliant location,
+        # to its new location, leaving behind a symlink for compatibility.
+        if test -d /usr/share/openvswitch/pki && \
+           test ! -e /var/lib/openvswitch/pki; then
+            mv /usr/share/openvswitch/pki /var/lib/openvswitch
+            ln -s /var/lib/openvswitch/pki /usr/share/openvswitch/pki
+        fi
+
         # Create certificate authorities.
-        if test ! -d /usr/share/openvswitch/pki; then
+        if test ! -e /var/lib/openvswitch/pki; then
             ovs-pki init
         fi
         ;;
diff --git a/debian/openvswitch-pki.postrm b/debian/openvswitch-pki.postrm
index 5db4d6b..bc91e13 100755
--- a/debian/openvswitch-pki.postrm
+++ b/debian/openvswitch-pki.postrm
@@ -22,6 +22,11 @@ set -e
 case "$1" in
     purge)
         rm -f /var/log/openvswitch/ovs-pki.log* || true
+
+        # Remove backward compatibility symlink, if present.
+        if test -h /usr/share/openvswitch/pki; then
+            rm -f /usr/share/openvswitch/pki
+        fi
         ;;
 
     remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4
index c59d5d4..9b2a5ba 100644
--- a/m4/openvswitch.m4
+++ b/m4/openvswitch.m4
@@ -1,6 +1,6 @@
 # -*- autoconf -*-
 
-# Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks.
+# Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira Networks.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -106,9 +106,9 @@ AC_DEFUN([OVS_CHECK_PKIDIR],
   [AC_ARG_WITH(
      [pkidir], 
      AC_HELP_STRING([--with-pkidir=DIR], 
-                    [PKI hierarchy directory [[DATADIR/openvswitch/pki]]]),
+                    [PKI hierarchy directory [[LOCALSTATEDIR/lib/openvswitch/pki]]]),
      [PKIDIR=$withval],
-     [PKIDIR='${pkgdatadir}/pki'])
+     [PKIDIR='${localstatedir}/lib/openvswitch/pki'])
    AC_SUBST([PKIDIR])])
 
 dnl Checks for the directory in which to store pidfiles.
-- 
1.7.2.5

More information about the dev mailing list