I have been packaging a small cgi webapp (for accounting). This has generated some queries about webapp packaging. Do we have policy on this? Or a place to disuss such things other than here? The app consists of one main program file (boc.pl), a config file, and a set of resource files (html, images and some internal perl modules). Upstream intends all the files to be dropped into one location which is made cgi-executable (for *.pl), (and www-data readable) but this doesn't really fit very well with debian policy/default config, where the config file in in /etc and the the cgi-bin file is in /usr/lib/cgi-bin and the rest is in /usr/share/package. It also uses a git repo as a data store. (which needs to be r/w by www-data). The root of that is set in the config file. So. To my questions: 1) This won't work without cgi enabled in apache. Cgi (mod_cgi or mod_cgid) is installed but disabled in a fresh install of apache. However none of the packages I looked at that install things in /usr/lib/cgi-bin turns mod_cgi or mod_cgid on. Is it in fact policy that packages should not enable webserver features like this, and it has to be an admin task? Currently I have a postinst that works out which module is needed (with a2query -M) and then enables it with a2enmod. Should it in fact not do this? 2) Where should a default data dir for a web-app live? /var/www/package? /var/lib/package? Somewhere else? And for the app itself? dwww puts stuff in /var/www/dwww and /usr/share/dwww as well as the binary in /usr/lib/cgi-bin. I'm really not quite sure how one decides what goes where. 3) There is some tension between heavily debianfying such a package (so it just works after install and looks debian-packagey' and leaving it more like upstream 'all in one dir, sort out your own config'. One doesn't know how the webserver will be set up (vhosts etc). Especially if having things in different dirs meand significnat patching of upstream - that seems like a maintenance burden and potential bug-source. 4) It's nicer (in 2019) to have a URL like http://localhost/package/ or http://localhost/package/boc.pl than one with cgi-bin in it: http://localhost/cgi-bin/boc.pl Is there policy on this or other guidelines? Other packages seem to do all sorts of things. 5) Should a package support other web-server configs than apache? That'll do for now. not-quite finished package is here: http://wookware.org/files/bankofcucc/ Cheers for any clues. Wookey -- Principal hats: Linaro, Debian, Wookware, ARM http://wookware.org/
Attachment:
signature.asc
Description: PGP signature