Move the account and certificate default directories

Those directories were located in /etc/acmed/, which is not the best choice. According to the Filesystem Hierarchy Standard, they should be located in /var/lib/acmed/. Because systems may have different conventions, those values are now configuration at build time. https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard
sraabe · Apr 16, 2021 · 9028248 · 9028248
1 parent 2a2e743
commit 9028248
Show file tree

Hide file tree

Showing 7 changed files with 108 additions and 22 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Allow the configuration of some default values at compile time using environment variables.
 
+### Changed
+- The default account directory now is `/var/lib/acmed/accounts`.
+- The default certificates and private keys directory now is `/var/lib/acmed/certs`.
+
 
 ## [0.16.0] - 2020-11-11
 

diff --git a/Makefile b/Makefile
@@ -6,6 +6,8 @@ DATADIR = $(DATAROOTDIR)
 MAN5DIR = $(DATADIR)/man/man5
 MAN8DIR = $(DATADIR)/man/man8
 SYSCONFDIR = /etc
+VARLIBDIR = /var/lib
+RUNSTATEDIR = /var/run
 TARGET_DIR = ./target/$(TARGET)/release
 MAN_SRC_DIR = ./man/en
 MAN_DST_DIR = $(TARGET_DIR)/man
@@ -19,19 +21,19 @@ update:
 
 acmed: man_dir
 	if test -n "$(TARGET)"; then \
-	    cargo build --release --manifest-path "acmed/Cargo.toml" --no-default-features --features "$(FEATURES)" --target "$(TARGET)"; \
+	    VARLIBDIR="$(VARLIBDIR)" SYSCONFDIR="$(SYSCONFDIR)" RUNSTATEDIR="$(RUNSTATEDIR)" cargo build --release --manifest-path "acmed/Cargo.toml" --no-default-features --features "$(FEATURES)" --target "$(TARGET)"; \
 	else \
-	    cargo build --release --manifest-path "acmed/Cargo.toml" --no-default-features --features "$(FEATURES)"; \
+	    VARLIBDIR="$(VARLIBDIR)" SYSCONFDIR="$(SYSCONFDIR)" RUNSTATEDIR="$(RUNSTATEDIR)" cargo build --release --manifest-path "acmed/Cargo.toml" --no-default-features --features "$(FEATURES)"; \
 	fi
 	strip "$(TARGET_DIR)/acmed"
 	gzip <"$(MAN_SRC_DIR)/acmed.8" >"$(MAN_DST_DIR)/acmed.8.gz"
 	gzip <"$(MAN_SRC_DIR)/acmed.toml.5" >"$(MAN_DST_DIR)/acmed.toml.5.gz"
 
 tacd: man_dir
 	if test -n "$(TARGET)"; then \
-	    cargo build --release --manifest-path "tacd/Cargo.toml" --no-default-features --features "$(FEATURES)" --target "$(TARGET)"; \
+	    VARLIBDIR="$(VARLIBDIR)" SYSCONFDIR="$(SYSCONFDIR)" RUNSTATEDIR="$(RUNSTATEDIR)" cargo build --release --manifest-path "tacd/Cargo.toml" --no-default-features --features "$(FEATURES)" --target "$(TARGET)"; \
 	else \
-	    cargo build --release --manifest-path "tacd/Cargo.toml" --no-default-features --features "$(FEATURES)"; \
+	    VARLIBDIR="$(VARLIBDIR)" SYSCONFDIR="$(SYSCONFDIR)" RUNSTATEDIR="$(RUNSTATEDIR)" cargo build --release --manifest-path "tacd/Cargo.toml" --no-default-features --features "$(FEATURES)"; \
 	fi
 	strip "$(TARGET_DIR)/tacd"
 	gzip <"$(MAN_SRC_DIR)/tacd.8" >"$(MAN_DST_DIR)/tacd.8.gz"
@@ -44,8 +46,8 @@ install:
 	install -d -m 0755 $(DESTDIR)$(MAN8DIR)
 	if test -f "$(TARGET_DIR)/acmed"; then \
 	    install -d -m 0755 $(DESTDIR)$(MAN5DIR); \
-	    install -d -m 0755 $(DESTDIR)$(SYSCONFDIR)/acmed/certs; \
-	    install -d -m 0700 $(DESTDIR)$(SYSCONFDIR)/acmed/accounts; \
+	    install -d -m 0755 $(DESTDIR)$(VARLIBDIR)/acmed/certs; \
+	    install -d -m 0700 $(DESTDIR)$(VARLIBDIR)/acmed/accounts; \
 	    install -m 0755 $(TARGET_DIR)/acmed $(DESTDIR)$(BINDIR)/acmed; \
 	    install -m 0644 $(TARGET_DIR)/man/acmed.8.gz $(DESTDIR)$(MAN8DIR)/acmed.8.gz; \
 	    install -m 0644 $(TARGET_DIR)/man/acmed.toml.5.gz $(DESTDIR)$(MAN5DIR)/acmed.toml.5.gz; \

diff --git a/README.md b/README.md
@@ -110,13 +110,29 @@ For example, you can build statically linked binaries using the `openssl_vendore
 make FEATURES="openssl_vendored" TARGET="x86_64-unknown-linux-musl"
 ```
 
-The following environment variables can be used to change default values at compile time:
+The following environment variables can be used to change default values at compile and/or install time:
+
+- `PREFIX` (install): system user prefix (default to `/usr`)
+- `BINDIR` (install): system binary directory (default to `$PREFIX/bin`)
+- `DATADIR` (install): system data directory (default to `$PREFIX/share`)
+- `MAN5DIR` (install): system directory where pages 5 manuals are located (default to `$DATADIR/man/man5`)
+- `MAN8DIR` (install): system directory where pages 8 manuals are located (default to `$DATADIR/man/man8`)
+- `SYSCONFDIR` (compile and install): system configuration directory (default to `/etc`)
+- `VARLIBDIR` (compile and install): directory for persistent data modified by ACMEd (default to `/var/lib`)
+- `RUNSTATEDIR` (compile): system run-time variable data (default to `/var/run`)
+- `ACMED_DEFAULT_ACCOUNTS_DIR` (compile): directory where account files are stored (default to `$VARLIBDIR/acmed/accounts`)
+- `ACMED_DEFAULT_CERT_DIR` (compile): directory where certificates and private keys are stored (default to `$VARLIBDIR/acmed/certs`)
+- `ACMED_DEFAULT_CERT_FORMAT` (compile): format for certificates and private keys files names (default to `{{name}}_{{key_type}}.{{file_type}}.{{ext}}`)
+- `ACMED_DEFAULT_CONFIG_FILE` (compile): main configuration file (default to `$SYSCONFDIR/acmed/acmed.toml`)
+- `ACMED_DEFAULT_PID_FILE` (compile): PID file for the main acmed process (default to `$RUNSTATEDIR/acmed.pid`)
+- `TACD_DEFAULT_PID_FILE` (compile): PID file for the tacd process (default to `$RUNSTATEDIR/tacd.pid`)
+
+For example, the following will compile a binary that will use the `/usr/share/etc/acmed/acmed.toml` configuration file and will be installed in the `/usr/local/bin` directory :
 
-- `ACMED_DEFAULT_ACCOUNTS_DIR`: directory where account files are stored (default to `/etc/acmed/accounts`)
-- `ACMED_DEFAULT_CERT_DIR`: directory where certificates and private keys are stored (default to `/etc/acmed/certs`)
-- `ACMED_DEFAULT_CERT_FORMAT`: format for certificates and private keys files names (default to `{{name}}_{{key_type}}.{{file_type}}.{{ext}}`)
-- `ACMED_DEFAULT_CONFIG_FILE`: main configuration file (default to `/etc/acmed/acmed.toml`)
-- `ACMED_DEFAULT_PID_FILE`: main process PID file (default to `/var/run/acmed.pid`)
+```
+make SYSCONFDIR="/usr/share/etc"
+make BINDIR="/usr/local/bin" install
+```
 
 ### Packaging
 

diff --git a/acmed/build.rs b/acmed/build.rs
@@ -7,6 +7,12 @@ use std::fs::File;
 use std::io::prelude::*;
 use std::path::PathBuf;
 
+macro_rules! set_rustc_env_var {
+    ($name: expr, $value: expr) => {{
+        println!("cargo:rustc-env={}={}", $name, $value);
+    }};
+}
+
 macro_rules! set_env_var_if_absent {
     ($name: expr, $default_value: expr) => {{
         if let Err(_) = env::var($name) {
@@ -15,9 +21,34 @@ macro_rules! set_env_var_if_absent {
     }};
 }
 
-macro_rules! set_rustc_env_var {
-    ($name: expr, $value: expr) => {{
-        println!("cargo:rustc-env={}={}", $name, $value);
+macro_rules! set_specific_path_if_absent {
+    ($env_name: expr, $env_default: expr, $with_dir: expr, $name: expr, $default_value: expr) => {{
+        let prefix = env::var($env_name).unwrap_or(String::from($env_default));
+        let mut value = PathBuf::new();
+        value.push(prefix);
+        if ($with_dir) {
+            value.push("acmed");
+        }
+        value.push($default_value);
+        set_env_var_if_absent!($name, value.to_str().unwrap());
+    }};
+}
+
+macro_rules! set_data_path_if_absent {
+    ($name: expr, $default_value: expr) => {{
+        set_specific_path_if_absent!("VARLIBDIR", "/var/lib", true, $name, $default_value);
+    }};
+}
+
+macro_rules! set_cfg_path_if_absent {
+    ($name: expr, $default_value: expr) => {{
+        set_specific_path_if_absent!("SYSCONFDIR", "/etc", true, $name, $default_value);
+    }};
+}
+
+macro_rules! set_runstate_path_if_absent {
+    ($name: expr, $default_value: expr) => {{
+        set_specific_path_if_absent!("RUNSTATEDIR", "/var/run", false, $name, $default_value);
     }};
 }
 
@@ -82,14 +113,14 @@ fn set_target() {
 }
 
 fn set_default_values() {
-    set_env_var_if_absent!("ACMED_DEFAULT_ACCOUNTS_DIR", "/etc/acmed/accounts");
-    set_env_var_if_absent!("ACMED_DEFAULT_CERT_DIR", "/etc/acmed/certs");
+    set_data_path_if_absent!("ACMED_DEFAULT_ACCOUNTS_DIR", "accounts");
+    set_data_path_if_absent!("ACMED_DEFAULT_CERT_DIR", "certs");
     set_env_var_if_absent!(
         "ACMED_DEFAULT_CERT_FORMAT",
         "{{name}}_{{key_type}}.{{file_type}}.{{ext}}"
     );
-    set_env_var_if_absent!("ACMED_DEFAULT_CONFIG_FILE", "/etc/acmed/acmed.toml");
-    set_env_var_if_absent!("ACMED_DEFAULT_PID_FILE", "/var/run/acmed.pid");
+    set_cfg_path_if_absent!("ACMED_DEFAULT_CONFIG_FILE", "acmed.toml");
+    set_runstate_path_if_absent!("ACMED_DEFAULT_PID_FILE", "acmed.pid");
 }
 
 fn main() {

diff --git a/man/en/acmed.toml.5 b/man/en/acmed.toml.5
@@ -671,13 +671,13 @@ and
 both represents a period of one day and forty-two seconds.
 .Sh FILES
 .Bl -tag
-.It Pa /etc/acmed/accounts
+.It Pa /var/lib/acmed/accounts
 Default accounts private and public keys directory.
 .It Pa /etc/acmed/acmed.toml
 Default
 .Xr acmed 8
 configuration file.
-.It Pa /etc/acmed/certs
+.It Pa /var/lib/acmed/certs
 Default certificates and associated private keys directory.
 .El
 .Sh EXAMPLES

diff --git a/tacd/build.rs b/tacd/build.rs
@@ -1,7 +1,40 @@
 use std::env;
+use std::path::PathBuf;
+
+macro_rules! set_rustc_env_var {
+    ($name: expr, $value: expr) => {{
+        println!("cargo:rustc-env={}={}", $name, $value);
+    }};
+}
+
+macro_rules! set_env_var_if_absent {
+    ($name: expr, $default_value: expr) => {{
+        if let Err(_) = env::var($name) {
+            set_rustc_env_var!($name, $default_value);
+        }
+    }};
+}
+
+macro_rules! set_specific_path_if_absent {
+    ($env_name: expr, $env_default: expr, $name: expr, $default_value: expr) => {{
+        let prefix = env::var($env_name).unwrap_or(String::from($env_default));
+        let mut value = PathBuf::new();
+        value.push(prefix);
+        value.push($default_value);
+        set_env_var_if_absent!($name, value.to_str().unwrap());
+    }};
+}
+
+macro_rules! set_runstate_path_if_absent {
+    ($name: expr, $default_value: expr) => {{
+        set_specific_path_if_absent!("RUNSTATEDIR", "/var/run", $name, $default_value);
+    }};
+}
 
 fn main() {
     if let Ok(target) = env::var("TARGET") {
         println!("cargo:rustc-env=TACD_TARGET={}", target);
     };
+
+    set_runstate_path_if_absent!("TACD_DEFAULT_PID_FILE", "tacd.pid");
 }
diff --git a/tacd/src/main.rs b/tacd/src/main.rs
@@ -14,7 +14,7 @@ use std::io::{self, Read};
 
 const APP_NAME: &str = env!("CARGO_PKG_NAME");
 const APP_VERSION: &str = env!("CARGO_PKG_VERSION");
-const DEFAULT_PID_FILE: &str = "/var/run/tacd.pid";
+const DEFAULT_PID_FILE: &str = env!("TACD_DEFAULT_PID_FILE");
 const DEFAULT_LISTEN_ADDR: &str = "127.0.0.1:5001";
 const DEFAULT_CRT_KEY_TYPE: KeyType = KeyType::EcdsaP256;
 const DEFAULT_CRT_DIGEST: HashFunction = HashFunction::Sha256;