Source: dacs
Version: 1.4.38a-1
Severity: serious
Justification: Policy 9.1.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Upstream autoconf oddly ties the --prefix option with a custom
- --dacs_home option which gets hardwired into the installed tools and is
a root directory for both static and variable parts.
dacs 1.4.38a-1 sets --prefix which effectively tells the build routines
to use /usr as the root of both binaries, configuration files (e.g.
debugging hint file debug_dacs_acs), admin-editable web content (dtds)
and variable data (e.g. a sequence file).
In other words, setting --prefix=/usr violates FHS! Weird, yes.
It is sort-of possible to setup a working dacs with current package, by
going through the configuration and replace ${Conf::DACS_HOME} when used
for anything else than binaries - i.e. sequence file, logfiles, content
dtds, and (autogenerated concatenations of) acls. Some parts, however,
remain hardcoded - e.g. debugging without restarting apache by use of a
$DACS_HOME/debug_dacs_acs file as documented in dacs_acs man page, now
possible only by creating /usr/debug_dacs_acs as sysadmin which is BAD.
I have not yet tested, but it seems the solution is to instead set
- --prefix=/usr/lib/dacs and populate that directory with symlinks to the
various places the files are actually getting installed, matching FHS.
In addition to obeying FHS, that should make it possible to setup DACS
by following upstream quickstart - "man dacs.quick", or
https://dacs.dss.ca/man/dacs.quick.7.html
For inspiration, I believe mailman is installed in a similar manner.
- Jonas
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlkr+VEACgkQLHwxRsGg
ASGGPQ/7BXuoPrXe3xuJ/k0inrGTXXWg6ate8KXp0RjTK8lJ0V59KsXppUk8irnV
Tm6nQ7GRIr7ip/BaW7Lr3uwYEOf9iJw6Vs8wU7TbLkjk8xKqqLBAbs3oCNQnzU8J
uUeFM2xCXV/GkjSwvsTKit9hGnJG0K5FHZGChXXgLK1SKcCI+zkH5NEC9g8xHkWR
HmVoxfwB7H/Plf+g4JCe3//lCTHTgog4SmJ5NtdNpI6V6v2u0z+KN+IhtuFwy+wm
9FmwpzwGNEllbjHYZOPnuMXKfY18CCdEaKbT9MYbIadSI2FnfD8KlrOKemVGgffe
oVxgxvUQnZMVN4WoLlPpL77n+PSmQAqs9uEY7/l4rH35X7JXPYiw7fVpRAbNxVJ1
1c+8GR/L2ZlqAQBZVqM9FhX5l2N1p/GEjJUENyCOu95Q18Ruz7gXzazzZ61lG6ZX
9nqL/7GrafxjnFbVbJa/W4mFF4dp7CAuhLEEVms0AA+qLSrr6Gcxv8GRxVbAMY1e
ysvQWLC9dqs+PE9zZPbItpOBt9X1QQzBzZ2tRYwO1fI37ZYetq0fEi62naSnGRes
LDuesWaXBW/xEAK/OxwDR2ApB+/wI9IKVFE9oDTdOpeDFM+Bei+JKmdc27lDjh/E
RTOm9tKoFQeUdYOR4LRLdbPPU1gcJ8B3Sho3A8x++XpLLcw6aoc=
=cBLQ
-----END PGP SIGNATURE-----
