[DRE-maint] Bug#570308: redmine: Expects to write to plugin_assets in /usr

Adrian Irving-Beer wisq-deb at wisq.net
Wed Feb 17 23:49:37 UTC 2010 

Package: redmine
Version: 0.9.2-2
Severity: serious
Justification: Policy 9.1.1 FHS chapter 4

The plugin_assets directory is expected to be writable by the user
running Redmine.  In the Debian redmine package, this is currently
/usr/share/redmine/public/plugin_assets.

The package scripts acknowledge this by making directory writable by
www-data, but writing to /usr at runtime is not allowed per the FHS,
and will cause problems on systems where /usr is mounted read-only
(which is acceptable per Debian policy).

I expect the solution would be to put plugin_assets somewhere in /var
and create a symbolic link pointing to it.  This may cause problems on
Apache systems where symbolic links are disallowed, but this could be
worked around using an "Alias" directive in the example Apache
configurations.


On a related note:

This part isn't a policy violation (that I know of), but I
figured I should mention that the package also creates
"/usr/share/redmine/public/plugin_assets/README" and
"/usr/share/redmine/db/schema.db" at config time, untracked by dpkg.

These files get removed at "purge" time via "rm -rf /usr/share/redmine",
but this seems a bit heavy-handed, since people might have installed
plugins there.  I wonder if it would be better to delete these
files, perhaps as part of the "prerm" script (or even at the end of
the "config" script), such that dpkg can clean up /usr/share/redmine
on its own?

(Just throwing this out there.  It's minor and optional enough that I
didn't want to bother you with a second "wishlist" bug.)

-- System Information:
Debian Release: 5.0.3
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages redmine depends on:
ii  dbconfig-common              1.8.39      common framework for packaging dat
ii  debconf [debconf-2.0]        1.5.24      Debian configuration management sy
ii  libjs-prototype              1.6.1-1     JavaScript Framework for dynamic w
ii  libjs-scriptaculous          1.8.3-1     JavaScript library for dynamic web
ii  rails                        2.2.3-2     MVC ruby based framework geared fo
ii  rake                         0.8.7-1     a ruby build program
ii  redmine-pgsql                0.9.2-2     metapackage providing PostgreSQL d
ii  ruby                         4.2         An interpreter of object-oriented 
ii  ruby1.8                      1.8.7.249-1 Interpreter of object-oriented scr

Versions of packages redmine recommends:
pn  libapache2-mod-fcgid          <none>     (no description available)
ii  libfcgi-ruby1.8 [libfcgi-ruby 0.8.7-4.1  FastCGI library for Ruby

Versions of packages redmine suggests:
pn  libopenid-ruby                <none>     (no description available)
ii  librmagick-ruby               2.5.2-1    ImageMagick API for Ruby
pn  libsvn-ruby                   <none>     (no description available)
ii  thin                          1.2.4-1    fast and very simple Ruby web serv

-- debconf information excluded
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20100217/13e2d32b/attachment-0001.pgp>

More information about the Pkg-ruby-extras-maintainers mailing list