[DRE-maint] Bug#570308: redmine: Expects to write to plugin_assets in /usr

Thu Feb 18 01:06:33 UTC 2010

On 18/02/2010 00:49, Adrian Irving-Beer wrote:
> Package: redmine
> Version: 0.9.2-2
> Severity: serious
> Justification: Policy 9.1.1 FHS chapter 4
> 
> The plugin_assets directory is expected to be writable by the user
> running Redmine.  In the Debian redmine package, this is currently
> /usr/share/redmine/public/plugin_assets.
> 
> The package scripts acknowledge this by making directory writable by
> www-data, but writing to /usr at runtime is not allowed per the FHS,
> and will cause problems on systems where /usr is mounted read-only
> (which is acceptable per Debian policy).
> 
> I expect the solution would be to put plugin_assets somewhere in /var
> and create a symbolic link pointing to it.  This may cause problems on
> Apache systems where symbolic links are disallowed, but this could be
> worked around using an "Alias" directive in the example Apache
> configurations.

I identified how to patch config/environment.rb :

...
# Load Engine plugin if available
begin
  require File.join(File.dirname(__FILE__), '../vendor/plugins/engines/boot')
  Engines::public_directory = '/var/lib/redmine/plugin_assets'
rescue LoadError
  # Not available
end
...

The maintainer scripts will take care of that directory properly,
and examples modified accordingly with Alias directive.

> 
> On a related note:
> 
> This part isn't a policy violation (that I know of), but I
> figured I should mention that the package also creates
> "/usr/share/redmine/public/plugin_assets/README" and
> "/usr/share/redmine/db/schema.db" at config time, untracked by dpkg.
> 
> These files get removed at "purge" time via "rm -rf /usr/share/redmine",
> but this seems a bit heavy-handed, since people might have installed
> plugins there.  I wonder if it would be better to delete these
> files, perhaps as part of the "prerm" script (or even at the end of
> the "config" script), such that dpkg can clean up /usr/share/redmine
> on its own?
> 
> (Just throwing this out there.  It's minor and optional enough that I
> didn't want to bother you with a second "wishlist" bug.)

IMO there are actually two other important bugs reports you could open here :
- don't create "/usr/share/redmine/db/schema.db" at config time (that was on my todo list)
- don't force remove /usr/share/redmine at purge time (i've been harsh here)

Thanks for your reports.

Jérémy.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20100218/47231b39/attachment-0001.pgp>