Package: debian-policy Version: 4.3.0.1 Tags: patch It's well-established in Debian (but not documented in Policy) that packages must not install files or directories under /var/cache.
The FHS explicitly states that "Files located under /var/cache may be expired in an application specific manner, by the system administrator, or both. The application must always be able to recover from manual deletion of these files"; the FHS also states that "The application must be able to regenerate or restore the data.". Given that the sysadmin is free to delete /var/cache at any time, or not back it up, or even put it on an ephemeral filesystem such as a tmpfs, packages must not ship files or directories there. (Among other things, debsums and other tools would flag deleted files.) Packages must create such files or directories at runtime as needed, and must not fail if those files or directories don't exist. I checked the Contents file, and found only three packages installing files there. One of those packages is orphaned, and another cropped up only just recently by installing a CACHEDIR.TAG file (which shouldn't be the domain of individual packages to install in /var/cache). The attached patch makes this explicit in Policy. I refrained from duplicating statements from the FHS (e.g. "must always be able to recover"), and just stated the normative requirement that packages must not install files there.
>From 463182f3a365fff6610d4e94eca4860fe51994f6 Mon Sep 17 00:00:00 2001 From: Josh Triplett <j...@joshtriplett.org> Date: Mon, 28 Jan 2019 11:39:10 +0100 Subject: [PATCH] Packages must not install files or directories into /var/cache --- policy/ch-files.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/policy/ch-files.rst b/policy/ch-files.rst index 48410be..1cdcb18 100644 --- a/policy/ch-files.rst +++ b/policy/ch-files.rst @@ -722,6 +722,15 @@ The name of the files and directories installed by binary packages outside the system PATH must be encoded in UTF-8 and should be restricted to ASCII when it is possible to do so. +.. _s-cache: + +Cache +----- + +Packages must not install files or directories into ``/var/cache``. The +system administrator may delete any or all files from this directory at +any time, or may choose to put it on an ephemeral filesystem. + .. [#] If you are using GCC, ``-fPIC`` produces code with relocatable position independent code, which is required for most architectures -- 2.20.1