webmap-download: Use --lockdir=%t/lock/webmap/cache

2 files changed, 8 insertions, 7 deletions

diff --git a/files/etc/systemd/system/webmap-download@.service b/files/etc/systemd/system/webmap-download@.service
index e6b7f44..d7a49dc 100644
--- a/files/etc/systemd/system/webmap-download@.service
+++ b/files/etc/systemd/system/webmap-download@.service
@@ -15,8 +15,8 @@ IOSchedulingClass=idle
 
 Type=oneshot
 ExecStart=/usr/local/bin/webmap-download \
-    --cachedir=/var/cache/webmap \
-    --lockdir=%t/lock/webmap/download \
+    --cachedir=%C/webmap \
+    --lockdir=%t/lock/webmap/cache \
     --no-exit-code \
     --quiet \
     -- %I
@@ -30,8 +30,8 @@ ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-ReadWritePaths=/var/cache/webmap
-ReadWritePaths=%t/lock/webmap/download
+ReadWritePaths=%C/webmap
+ReadWritePaths=%t/lock/webmap/cache
 
 [Install]
 WantedBy=webmap-update@%i.target
diff --git a/files/etc/tmpfiles.d/webmap.conf b/files/etc/tmpfiles.d/webmap.conf
index 620cd24..b6fa8be 100644
--- a/files/etc/tmpfiles.d/webmap.conf
+++ b/files/etc/tmpfiles.d/webmap.conf
@@ -1,7 +1,8 @@
-d %t/lock/webmap            0755 root root
+d %t/lock/webmap            00755 root root
 
-# for webmap-download's --lockdir
-d %t/lock/webmap/download   0755 _webmap-download _webmap
+# for `webmap-download --lockdir` *and* `webmap-import --lockdir-sources`
+# (hence the set-group-ID bit and g+w)
+d %t/lock/webmap/cache      02775 _webmap-download _webmap
 
 # for webmap-import's *and* webmap-publish's --lockfile (hence the
 # ownership and g+w)