debian: Move PKI directory to FHS-compliant location.

The PKI directory is mutable state, so it should be in /var, not in /usr.
This commit changes its location and, on systems upgraded from earlier
versions, moves the existing PKI and leaves behind a symlink.

CC: 661090@bugs.debian.org
Reported-by: Andreas Beckmann <debian@abeckmann.de>
Signed-off-by: Ben Pfaff <blp@nicira.com>

AUTHORS

@@ -68,6 +68,7 @@ Alan Shieh              ashieh@nicira.com
 Alban Browaeys          prahal@yahoo.com
 Alex Yip                alex@nicira.com
 Alexey I. Froloff       raorn@altlinux.org
+Andreas Beckmann        debian@abeckmann.de
 Ben Basler              bbasler@nicira.com
 Bob Ball                bob.ball@citrix.com
 Brad Hall               brad@nicira.com

debian/automake.mk

@@ -31,6 +31,7 @@ EXTRA_DIST += \
 	debian/openvswitch-ipsec.dirs \
 	debian/openvswitch-ipsec.init \
 	debian/openvswitch-ipsec.install \
+	debian/openvswitch-pki.dirs \
 	debian/openvswitch-pki.postinst \
 	debian/openvswitch-pki.postrm \
 	debian/openvswitch-switch.README.Debian \

debian/openvswitch-controller.postinst

@@ -21,8 +21,16 @@ set -e
 case "$1" in
     configure)
         cd /etc/openvswitch-controller
+
+        # If cacert.pem is a symlink to the old location for cacert.pem,
+        # remove it so that we can symlink it to the new location.
+        if test -h cacert.pem && \
+           test X"`readlink cacert.pem`" = X/usr/share/openvswitch/pki/switchca/cacert.pem; then
+            rm -f cacert.pem
+        fi
+
         if ! test -e cacert.pem; then
-            ln -s /usr/share/openvswitch/pki/switchca/cacert.pem cacert.pem
+            ln -s /var/lib/openvswitch/pki/switchca/cacert.pem cacert.pem
         fi
         if ! test -e privkey.pem || ! test -e cert.pem; then
             oldumask=$(umask)

debian/openvswitch-pki.dirs

@@ -0,0 +1 @@
+/var/lib/openvswitch

debian/openvswitch-pki.postinst

@@ -19,8 +19,16 @@ set -e
 
 case "$1" in
     configure)
+        # Move the pki directory from its previous, non FHS-compliant location,
+        # to its new location, leaving behind a symlink for compatibility.
+        if test -d /usr/share/openvswitch/pki && \
+           test ! -e /var/lib/openvswitch/pki; then
+            mv /usr/share/openvswitch/pki /var/lib/openvswitch
+            ln -s /var/lib/openvswitch/pki /usr/share/openvswitch/pki
+        fi
+
         # Create certificate authorities.
-        if test ! -d /usr/share/openvswitch/pki; then
+        if test ! -e /var/lib/openvswitch/pki; then
             ovs-pki init
         fi
         ;;

debian/openvswitch-pki.postrm

@@ -22,6 +22,11 @@ set -e
 case "$1" in
     purge)
         rm -f /var/log/openvswitch/ovs-pki.log* || true
+
+        # Remove backward compatibility symlink, if present.
+        if test -h /usr/share/openvswitch/pki; then
+            rm -f /usr/share/openvswitch/pki
+        fi
         ;;
 
     remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)

m4/openvswitch.m4

@@ -1,6 +1,6 @@
 # -*- autoconf -*-
 
-# Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks.
+# Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira Networks.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -106,9 +106,9 @@ AC_DEFUN([OVS_CHECK_PKIDIR],
   [AC_ARG_WITH(
      [pkidir], 
      AC_HELP_STRING([--with-pkidir=DIR], 
-                    [PKI hierarchy directory [[DATADIR/openvswitch/pki]]]),
+                    [PKI hierarchy directory [[LOCALSTATEDIR/lib/openvswitch/pki]]]),
      [PKIDIR=$withval],
-     [PKIDIR='${pkgdatadir}/pki'])
+     [PKIDIR='${localstatedir}/lib/openvswitch/pki'])
    AC_SUBST([PKIDIR])])
 
 dnl Checks for the directory in which to store pidfiles.