On 18/02/2010 00:49, Adrian Irving-Beer wrote: > Package: redmine > Version: 0.9.2-2 > Severity: serious > Justification: Policy 9.1.1 FHS chapter 4 > > The plugin_assets directory is expected to be writable by the user > running Redmine. In the Debian redmine package, this is currently > /usr/share/redmine/public/plugin_assets. > > The package scripts acknowledge this by making directory writable by > www-data, but writing to /usr at runtime is not allowed per the FHS, > and will cause problems on systems where /usr is mounted read-only > (which is acceptable per Debian policy). > > I expect the solution would be to put plugin_assets somewhere in /var > and create a symbolic link pointing to it. This may cause problems on > Apache systems where symbolic links are disallowed, but this could be > worked around using an "Alias" directive in the example Apache > configurations.
I identified how to patch config/environment.rb : ... # Load Engine plugin if available begin require File.join(File.dirname(__FILE__), '../vendor/plugins/engines/boot') Engines::public_directory = '/var/lib/redmine/plugin_assets' rescue LoadError # Not available end ... The maintainer scripts will take care of that directory properly, and examples modified accordingly with Alias directive. > > On a related note: > > This part isn't a policy violation (that I know of), but I > figured I should mention that the package also creates > "/usr/share/redmine/public/plugin_assets/README" and > "/usr/share/redmine/db/schema.db" at config time, untracked by dpkg. > > These files get removed at "purge" time via "rm -rf /usr/share/redmine", > but this seems a bit heavy-handed, since people might have installed > plugins there. I wonder if it would be better to delete these > files, perhaps as part of the "prerm" script (or even at the end of > the "config" script), such that dpkg can clean up /usr/share/redmine > on its own? > > (Just throwing this out there. It's minor and optional enough that I > didn't want to bother you with a second "wishlist" bug.) IMO there are actually two other important bugs reports you could open here : - don't create "/usr/share/redmine/db/schema.db" at config time (that was on my todo list) - don't force remove /usr/share/redmine at purge time (i've been harsh here) Thanks for your reports. Jérémy.
signature.asc
Description: OpenPGP digital signature
