Bug#920692: Packages must not install files or directories into /var/cache
On Wed, Jan 30, 2019 at 02:09:19AM +0100, Josh Triplett wrote: > It's worth documenting things that some packages have gotten wrong > when the reason why they're wrong isn't obvious and isn't currently > documented anywhere. this in mind... On Mon, Jan 28, 2019 at 12:06:31PM +0100, Josh Triplett wrote: > From 463182f3a365fff6610d4e94eca4860fe51994f6 Mon Sep 17 00:00:00 2001 > From: Josh Triplett > Date: Mon, 28 Jan 2019 11:39:10 +0100 > Subject: [PATCH] Packages must not install files or directories into > /var/cache > > --- > policy/ch-files.rst | 9 + > 1 file changed, 9 insertions(+) > > diff --git a/policy/ch-files.rst b/policy/ch-files.rst > index 48410be..1cdcb18 100644 > --- a/policy/ch-files.rst > +++ b/policy/ch-files.rst > @@ -722,6 +722,15 @@ The name of the files and directories installed by > binary packages > outside the system PATH must be encoded in UTF-8 and should be > restricted to ASCII when it is possible to do so. > > +.. _s-cache: > + > +Cache > +- > + > +Packages must not install files or directories into ``/var/cache``. The > +system administrator may delete any or all files from this directory at > +any time, or may choose to put it on an ephemeral filesystem. > + > .. [#] > If you are using GCC, ``-fPIC`` produces code with relocatable > position independent code, which is required for most architectures > -- > 2.20.1 seconded. -- tschüß, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#920692: Packages must not install files or directories into /var/cache
On Tue, Jan 29, 2019 at 01:18:53PM +, Ian Jackson wrote:
> Josh Triplett writes ("Bug#920692: Packages must not install files or
> directories into /var/cache"):
> > It's well-established in Debian (but not documented in Policy) that
> > packages must not install files or directories under /var/cache.
>
> I think `install' is a bit less clear than it should be. I think it's
> clearer when you say `ship'.
Policy currently uses "must not install" and "should not install" many
times over, with the same meaning.
If you're suggesting an ambiguity between "must not install" (as part of
the package) and "must not write" (at runtime), as far as I can tell
Policy generally uses "write" for things done by software at runtime,
and in such cases refers to things like "applications", "programs", or
"software", rather than "packages".
Bug#920692: Packages must not install files or directories into /var/cache
On Tue, Jan 29, 2019 at 01:20:31PM +, Ian Jackson wrote:
> Ian Jackson writes ("Re: Bug#920692: Packages must not install files or
> directories into /var/cache"):
> > Josh Triplett writes ("Bug#920692: Packages must not install files or
> > directories into /var/cache"):
> > > It's well-established in Debian (but not documented in Policy) that
> > > packages must not install files or directories under /var/cache.
> >
> > I think `install' is a bit less clear than it should be. I think it's
> > clearer when you say `ship'.
>
> Also: do we really need to say this in policy ? Those three packages
> are almost certainly violating the FHS rule, which is imported by
> reference,
I carefully read the FHS, and while it mentions that software must
recover from deletion of files in /var/cache, it doesn't suggest
anything about not shipping files in /var/cache. While it's possible to
reason your way to "this is probably not a good idea" (don't ship files
that the sysadmin is allowed to delete, as that would lead tools like
debsums to flag them as missing from the package), as far as I can tell,
there's nothing in Policy *or* the FHS that proscribes this.
> and probably just filing bugs will fix it.
I have filed bugs already on the packages that didn't already have them.
In one such bug, the response asked where this was documented.
> It only *needs*
> to state things which are not otherwise clear,
I don't believe this is "otherwise clear" from existing policy.
> though it is of course
> useful for it to mention *common* bugs. 3x in Debian doesn't seem
> common to me.
Policy changes should not in general make packages instantly buggy; if
this were more common it wouldn't yet be appropriate to propose this
policy change. :)
It's worth documenting things that some packages have gotten wrong when
the reason why they're wrong isn't obvious and isn't currently
documented anywhere.
Bug#920692: Packages must not install files or directories into /var/cache
Ian Jackson writes ("Re: Bug#920692: Packages must not install files or
directories into /var/cache"):
> Josh Triplett writes ("Bug#920692: Packages must not install files or
> directories into /var/cache"):
> > It's well-established in Debian (but not documented in Policy) that
> > packages must not install files or directories under /var/cache.
>
> I think `install' is a bit less clear than it should be. I think it's
> clearer when you say `ship'.
Also: do we really need to say this in policy ? Those three packages
are almost certainly violating the FHS rule, which is imported by
reference, and probably just filing bugs will fix it.
Policy does not need to document every possible bug. It only *needs*
to state things which are not otherwise clear, though it is of course
useful for it to mention *common* bugs. 3x in Debian doesn't seem
common to me.
Ian.
--
Ian JacksonThese opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Bug#920692: Packages must not install files or directories into /var/cache
Josh Triplett writes ("Bug#920692: Packages must not install files or
directories into /var/cache"):
> It's well-established in Debian (but not documented in Policy) that
> packages must not install files or directories under /var/cache.
I think `install' is a bit less clear than it should be. I think it's
clearer when you say `ship'.
Regards,
Ian.
Bug#920692: Packages must not install files or directories into /var/cache
Package: debian-policy Version: 4.3.0.1 Tags: patch It's well-established in Debian (but not documented in Policy) that packages must not install files or directories under /var/cache. The FHS explicitly states that "Files located under /var/cache may be expired in an application specific manner, by the system administrator, or both. The application must always be able to recover from manual deletion of these files"; the FHS also states that "The application must be able to regenerate or restore the data.". Given that the sysadmin is free to delete /var/cache at any time, or not back it up, or even put it on an ephemeral filesystem such as a tmpfs, packages must not ship files or directories there. (Among other things, debsums and other tools would flag deleted files.) Packages must create such files or directories at runtime as needed, and must not fail if those files or directories don't exist. I checked the Contents file, and found only three packages installing files there. One of those packages is orphaned, and another cropped up only just recently by installing a CACHEDIR.TAG file (which shouldn't be the domain of individual packages to install in /var/cache). The attached patch makes this explicit in Policy. I refrained from duplicating statements from the FHS (e.g. "must always be able to recover"), and just stated the normative requirement that packages must not install files there. >From 463182f3a365fff6610d4e94eca4860fe51994f6 Mon Sep 17 00:00:00 2001 From: Josh Triplett Date: Mon, 28 Jan 2019 11:39:10 +0100 Subject: [PATCH] Packages must not install files or directories into /var/cache --- policy/ch-files.rst | 9 + 1 file changed, 9 insertions(+) diff --git a/policy/ch-files.rst b/policy/ch-files.rst index 48410be..1cdcb18 100644 --- a/policy/ch-files.rst +++ b/policy/ch-files.rst @@ -722,6 +722,15 @@ The name of the files and directories installed by binary packages outside the system PATH must be encoded in UTF-8 and should be restricted to ASCII when it is possible to do so. +.. _s-cache: + +Cache +- + +Packages must not install files or directories into ``/var/cache``. The +system administrator may delete any or all files from this directory at +any time, or may choose to put it on an ephemeral filesystem. + .. [#] If you are using GCC, ``-fPIC`` produces code with relocatable position independent code, which is required for most architectures -- 2.20.1
