On Wed, Dec 14, 2016 at 06:05:42PM +0100, Jonas Meurer wrote: > Hi Dominic, > > Am 11.12.2016 um 13:10 schrieb Dominic Hargreaves: > > Package: lurker > > Version: 2.3-5+b1 > > Severity: serious > > Justification: Policy 9.1.1 > > > > As of 2.3-1 the Debian package of lurker unfortunately started > > violating the FHS, because it moved its HTML generation output to > > /usr/share/lurker/www. According to the FHS[1] /usr must not be > > written to in normal operations. > > Thanks a lot for the bugreport. You're indeed right, that current lurker > package violated the FHS. > > > I discovered this whilst migrating a lurker installation to a new host. > > As far as I can tell, this is a genuine cache, and so I rsynced > > /usr/share/lurker/www/ to /var/cache/lurker/www/ and updated the > > config file reference, and everything still worked. > > > > Fixing this in the package would also involve cleaning up any > > left-over cache in /usr/share/lurker/www. It's probably not safe > > to do this in an automated way, so a similar news item as the one > > used in 2.3-1 would be needed. > > In your patch you suggest to move the htdocs dir to > /var/cache/lurker/www. The Problem with this directory is that it's not > guaranteed to be kept. /var/cache is allowed to be a volatile > filesystem. See Section 5.5.1 of the FHS: > > "The application must be able to regenerate or restore the data. Unlike > /var/spool, the cached files can be deleted without data loss. The data > must remain valid between invocations of the application and rebooting > the system." > > (http://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varcacheApplicationCacheData) > > Thus I suggest to move the htdocs to /var/lib/lurker/www instead. I'll > modify your patch accordingly.
Well, it is definitely a cache, so it would be nice to put it in /var/cache to avoid being backed up. The only problem is that the initial hierachy is not created on the fly by lurker, right? If the permissions are tweaked so that the web server user can write out the hierachy including image symlink, maybe that can be done. Cheers, Dominic.
