Move cache directory to /var/cache (#2254)

In order to avoid namespace issues, and for better compliance with the
FHS.

Only the default configs are changed.

Makefile

@@ -96,6 +96,9 @@ APACHEFILENOTIFDIR=$(DATADIR)/notifications
 # LL::NG captcha dir
 CAPTCHADIR=$(DATADIR)/captcha
 
+# LL::NG cache dir
+CACHEDIR=$(DATADIR)/cache
+
 # Apache user/group
 APACHEUSER=
 APACHEGROUP=
@@ -178,6 +181,7 @@ RAPACHEPSESSIONFILEDIR=$(DESTDIR)/$(APACHEPSESSIONFILEDIR)
 RAPACHEPSESSIONFILELOCKDIR=$(DESTDIR)/$(APACHEPSESSIONFILELOCKDIR)
 RFILENOTIFDIR=$(DESTDIR)/$(APACHEFILENOTIFDIR)
 RCAPTCHADIR=$(DESTDIR)/$(CAPTCHADIR)
+RCACHEDIR=$(DESTDIR)/$(CACHEDIR)
 RFASTCGISOCKDIR=$(DESTDIR)/$(FASTCGISOCKDIR)
 
 VERSION=`head -n1 changelog |sed -e 's/lemonldap-ng (//' -e 's/).*$$//'`
@@ -747,7 +751,7 @@ install_site:	install_manager_site install_portal_site install_handler_site inst
 	@echo "5 - Connect to Manager at http://manager.${DNSDOMAIN}/ to edit configuration"
 	@echo
 	@if [ ! "$(APACHEUSER)" ]; then \
-		echo;echo "    Warning, since APACHEUSER was not set, $(APACHESESSIONFILEDIR), $(APACHEPSESSIONFILEDIR), $(CAPTCHADIR) and $(CONFDIR) have permissive permissions."; \
+		echo;echo "    Warning, since APACHEUSER was not set, $(APACHESESSIONFILEDIR), $(APACHEPSESSIONFILEDIR), $(CAPTCHADIR), $(CACHEDIR) and $(CONFDIR) have permissive permissions."; \
 		echo "    Fix them by yourself to restrict their view to apache process only"; \
 	fi
 	@echo
@@ -904,7 +908,7 @@ install_doc_site:
 		rm -rvf $(DOCLIBSTOREMOVEFORDEBIAN); \
 	fi && cd -
 
-install_conf_dir:	install_sessions_dir install_notif_dir install_captcha_dir
+install_conf_dir:	install_sessions_dir install_notif_dir install_captcha_dir install_cache_dir
 	# Configuration files install
 	@install -v -d $(RCONFDIR) $(RFILECONFIGDIR) $(RTOOLSDIR)
 	@if [ "$(ERASECONFIG)" -eq "1" ]; then \
@@ -915,7 +919,8 @@ install_conf_dir:	install_sessions_dir install_notif_dir install_captcha_dir
 	@$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g;\
 		s#__SESSIONDIR__#$(APACHESESSIONFILEDIR)#g;\
 		s#__PSESSIONDIR__#$(APACHEPSESSIONFILEDIR)#g;\
-		s#__NOTIFICATIONDIR__#$(APACHEFILENOTIFDIR)#g;' $(RFILECONFIGDIR)/lmConf-1.json
+		s#__NOTIFICATIONDIR__#$(APACHEFILENOTIFDIR)#g;\
+		s#__CACHEDIR__#$(CACHEDIR)#g;' $(RFILECONFIGDIR)/lmConf-1.json
 	@if [ "$(APACHEUSER)" != "" ]; then \
 		chown $(APACHEUSER) $(RFILECONFIGDIR) || exit 1; \
 		if [ "$(APACHEGROUP)" != "" ]; then \
@@ -927,7 +932,8 @@ install_conf_dir:	install_sessions_dir install_notif_dir install_captcha_dir
 	fi
 	@cp $(SRCCOMMONDIR)/tools/lmConfig.* $(SRCCOMMONDIR)/tools/apache-session-mysql.sql $(RTOOLSDIR)
 	@cp $(SRCCOMMONDIR)/tools/sso.schema $(RTOOLSDIR)
-	$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g' $(RCONFDIR)/$(CONFFILENAME)
+	$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g; s#__CACHEDIR__#$(CACHEDIR)#g;' \
+		$(RCONFDIR)/$(CONFFILENAME)
 	@rm -rf $$(find $(RCONFDIR) $(RFILECONFIGDIR) $(RTOOLSDIR) -type d -name .svn)
 
 install_sessions_dir:
@@ -969,6 +975,19 @@ install_captcha_dir:
 		chmod 777 $(RCAPTCHADIR); \
 	fi
 
+install_cache_dir:
+	@install -m 777 -v -d $(RCACHEDIR)
+	# Fix captcha directory permissions
+	@if [ "$(APACHEUSER)" != "" ]; then \
+		chown $(APACHEUSER) $(RCACHEDIR) || exit 1; \
+		if [ "$(APACHEGROUP)" != "" ]; then \
+			chgrp $(APACHEGROUP) $(RCACHEDIR) || exit 1; \
+		fi; \
+		chmod 770 $(RCACHEDIR); \
+	else \
+		chmod 777 $(RCACHEDIR); \
+	fi
+
 postconf_hosts:
 	@cat ${CONFDIR}/for_etc_hosts >> /etc/hosts
 	@echo "/etc/hosts was updated"

debian/liblemonldap-ng-common-perl.dirs

@@ -1,3 +1,4 @@
+/var/cache/lemonldap-ng
 /var/lib/lemonldap-ng/conf
 /var/lib/lemonldap-ng/sessions/lock
 /var/lib/lemonldap-ng/psessions/lock

debian/rules

@@ -5,6 +5,7 @@
 
 LMSHAREDIR=/usr/share/lemonldap-ng
 LMVARDIR  =/var/lib/lemonldap-ng
+LMCACHEDIR  =/var/cache/lemonldap-ng
 TMP       = $(CURDIR)/debian/tmp
 
 CONFDIR=/etc/lemonldap-ng
@@ -22,6 +23,7 @@ CAPTCHADIR=$(LMVARDIR)/captcha
 override_dh_auto_configure:
 	$(MAKE) configure STORAGECONFFILE=/etc/lemonldap-ng/lemonldap-ng.ini \
 		DATADIR=$(LMVARDIR) \
+		CACHEDIR=$(LMCACHEDIR) \
 		PERLOPTIONS="INSTALLDIRS=vendor"
 
 override_dh_auto_build:
@@ -45,6 +47,7 @@ override_dh_auto_install:
 			CONFDIR=/etc/lemonldap-ng \
 			CRONDIR=/etc/cron.d \
 			DATADIR=$(LMVARDIR) \
+			CACHEDIR=$(LMCACHEDIR) \
 			APACHEUSER=www-data \
 			APACHEGROUP=www-data \
 			DEFDOCDIR=/usr/share/doc/lemonldap-ng-doc \
@@ -70,6 +73,7 @@ override_dh_fixperms:
 		debian/*/$(PSESSIONSDIR)/lock \
 		debian/*/$(NOTIFICATIONSDIR) \
 		debian/liblemonldap-ng-common-perl/$(CONFSTORAGEDIR) \
+		debian/liblemonldap-ng-common-perl/$(LMCACHEDIR) \
 		debian/liblemonldap-ng-portal-perl/$(CAPTCHADIR)
 	chgrp www-data debian/liblemonldap-ng-common-perl/$(LMINIFILE) \
 		debian/liblemonldap-ng-common-perl/$(FIRSTCONFFILE)
@@ -77,6 +81,7 @@ override_dh_fixperms:
 	        debian/*/$(PSESSIONSDIR) debian/*/$(PSESSIONSDIR)/lock \
 		debian/*/$(NOTIFICATIONSDIR) \
 		debian/liblemonldap-ng-portal-perl/$(CAPTCHADIR)
-	chmod 750 debian/liblemonldap-ng-common-perl/$(CONFSTORAGEDIR)
+	chmod 750 debian/liblemonldap-ng-common-perl/$(CONFSTORAGEDIR) \
+		debian/liblemonldap-ng-common-perl/$(LMCACHEDIR)
 	chmod 640 debian/liblemonldap-ng-common-perl/$(FIRSTCONFFILE) \
 		debian/liblemonldap-ng-common-perl/$(LMINIFILE)

doc/sources/admin/selinux.rst

@@ -9,13 +9,13 @@ Disk cache (sessions an configuration)
 
 ::
 
-   chcon -R -t httpd_sys_rw_content_t /tmp
+   chcon -R -t httpd_sys_rw_content_t /var/cache/lemonldap-ng
 
 To persist the rule:
 
 ::
 
-   semanage fcontext -a -t http_sys_content_t /tmp
+   semanage fcontext -a -t http_sys_content_t /var/cache/lemonldap-ng
 
 LDAP
 ----

lemonldap-ng-common/lemonldap-ng.ini

@@ -167,7 +167,7 @@ dirName=/var/lib/lemonldap-ng/conf
 ;               'namespace'          => 'lemonldap-ng-config',\
 ;               'default_expires_in' => 600,                  \
 ;               'directory_umask'    => '007',                \
-;               'cache_root'         => '/tmp',               \
+;               'cache_root'         => '__CACHEDIR__',       \
 ;               'cache_depth'        => 3,                    \
 ;           }
 localStorage=Cache::FileCache
@@ -175,7 +175,7 @@ localStorageOptions={                             \
     'namespace'          => 'lemonldap-ng-config',\
     'default_expires_in' => 600,                  \
     'directory_umask'    => '007',                \
-    'cache_root'         => '/tmp',               \
+    'cache_root'         => '__CACHEDIR__',       \
     'cache_depth'        => 3,                    \
 }
 
@@ -325,7 +325,7 @@ languages    = en, fr, vi, it, ar, de, fi, tr, pl
 ;              'namespace'          => 'lemonldap-ng-sessions', \
 ;              'default_expires_in' => 600,                     \
 ;              'directory_umask'    => '007',                   \
-;              'cache_root'         => '/tmp',                  \
+;              'cache_root'         => '__CACHEDIR__',          \
 ;              'cache_depth'        => 3,                       \
 ;          }
 

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -152,7 +152,7 @@ sub defaultValues {
         'localSessionStorage'        => 'Cache::FileCache',
         'localSessionStorageOptions' => {
             'cache_depth'        => 3,
-            'cache_root'         => '/tmp',
+            'cache_root'         => '/var/cache/lemonldap-ng',
             'default_expires_in' => 600,
             'directory_umask'    => '007',
             'namespace'          => 'lemonldap-ng-sessions'

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -1739,7 +1739,7 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
         'localSessionStorageOptions' => {
             'default' => {
                 'cache_depth'        => 3,
-                'cache_root'         => '/tmp',
+                'cache_root'         => '/var/cache/lemonldap-ng',
                 'default_expires_in' => 600,
                 'directory_umask'    => '007',
                 'namespace'          => 'lemonldap-ng-sessions'

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -1336,7 +1336,7 @@ sub attributes {
                 'namespace'          => 'lemonldap-ng-sessions',
                 'default_expires_in' => 600,
                 'directory_umask'    => '007',
-                'cache_root'         => '/tmp',
+                'cache_root'         => '/var/cache/lemonldap-ng',
                 'cache_depth'        => 3,
             },
             documentation => 'Sessions cache module options',

rpm/lemonldap-ng.spec

@@ -5,6 +5,7 @@
 %global lm_sharedir %{_datadir}/lemonldap-ng
 %global lm_examplesdir %{lm_sharedir}/examples
 %global lm_vardir %{_localstatedir}/lib/lemonldap-ng
+%global lm_cachedir %{_localstatedir}/cache/lemonldap-ng
 %global lm_confdir %{_sysconfdir}/lemonldap-ng
 %global lm_storagefile %{lm_confdir}/lemonldap-ng.ini
 %global lm_bindir %{_libexecdir}/%{name}/bin
@@ -368,6 +369,7 @@ This package installs the authentication portal.
 make %{?_smp_mflags} configure \
     STORAGECONFFILE=%{lm_storagefile} \
     DATADIR=%{lm_vardir} \
+    CACHEDIR=%{lm_cachedir} \
     PERLOPTIONS="INSTALLDIRS=vendor"
 make %{?_smp_mflags}
 
@@ -390,6 +392,7 @@ make %{?_smp_mflags} install \
     CONFDIR=%{lm_confdir} \
     CRONDIR=%{_sysconfdir}/cron.d \
     DATADIR=%{lm_vardir} \
+    CACHEDIR=%{lm_cachedir} \
     INITDIR=%{_sysconfdir}/init.d \
     ETCDEFAULTDIR=%{_sysconfdir}/default \
     DNSDOMAIN=%{lm_dnsdomain} \
@@ -454,6 +457,7 @@ chmod 770 %{buildroot}%{lm_vardir}/sessions/lock
 chmod 770 %{buildroot}%{lm_vardir}/psessions
 chmod 770 %{buildroot}%{lm_vardir}/psessions/lock
 chmod 770 %{buildroot}%{lm_vardir}/notifications
+chmod 770 %{buildroot}%{lm_cachedir}
 chmod 770 %{buildroot}%{lm_vardir}/captcha
 chmod 775 %{buildroot}%{lm_sbindir}/llng-fastcgi-server
 
@@ -584,6 +588,7 @@ fi
 %dir %{lm_vardir}/psessions
 %dir %{lm_vardir}/psessions/lock
 %dir %{lm_vardir}/notifications
+%dir %{lm_cachedir}
 %config(noreplace) %{lm_vardir}/conf/lmConf-1.json
 
 %files doc