Bug#698012: debian-policy: Please update 10.6 "Device files" for udev and the like
On Mon, Feb 20, 2017 at 04:12:53PM -0800, Russ Allbery wrote:
> I propose the following section to completely replace this section. This
> preserves what I think are the still-useful requirements while making it
> clear that nearly all packages should keep their hands off of /dev
> entirely. It also takes notice of device files outside of /dev, which are
> more like named pipes than regular device files and which packages may
> need to create for various jailing reasons (like creating a /dev/null
> inside your file system namespace).
>
> Comments, seconds?
>
> (Also attached in the form of a patch.)
>
> <sect>
> <heading>Device files</heading>
>
> <p>
> Packages must not include device files or named pipes in the
> package file tree.
> </p>
>
> <p>
> Debian packages should assume that device files
> in <file>/dev</file> are dynamically managed by the kernel or
> some other system facility and do not have to be explicitly
> created or managed by the package. Debian packages other than
> those whose purpose is to manage the <file>/dev</file> device
> file tree must not attempt to create or remove device files
> in <file>/dev</file> when a dynamic device management facility
> is in use.
> </p>
>
> <p>
> If named pipes or device files outside of <file>/dev</file> are
> required by a package, they should normally be created when
> necessary by the programs in the package, by init scripts or
> systemd unit files, or by similar on-demand mechanisms. If such
> files need to be created during package installation, they must
> be created in the <pgrn>postinst</pgrn> maintainer
> script<footnote>
> It's better to use <prgn>mkfifo</prgn> rather
> than <prgn>mknod</prgn> to create named pipes to avoid false
> positives from automated checks for packages incorrectly
> creating device files.
> </footnote>
> and removed in either the <pgrn>prerm</pgrn> or
> the <pgrn>postrm</pgrn> maintainer script.
> </p>
> </sect>
>
> --
> Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
>
> From d575df9af106f837c3783e5c829abeef60484790 Mon Sep 17 00:00:00 2001
> From: Russ Allbery <rra@debian.org>
> Date: Mon, 20 Feb 2017 16:05:15 -0800
> Subject: [PATCH] Rewrite the Device files section
>
> Remove the requirement to call MAKEDEV and prohibit attempting to
> create or remove device files if a dynamic management facility is in
> place. Packages should assume device files in /dev are dynamically
> managed. Point people towards dynamic creation of named pipes and
> document that creation in postinst is not the usual approach. Extend
> that discussion to device files outside of /dev, which are required
> for some chroot or file system namespace approaches.
>
> Remove the reference to old serial devices, which are now so old that
> it's highly unlikely anyone will care.
> ---
> policy.sgml | 55 ++++++++++++++++++++++++-------------------------------
> 1 file changed, 24 insertions(+), 31 deletions(-)
>
> diff --git a/policy.sgml b/policy.sgml
> index 200712a..4f02240 100644
> --- a/policy.sgml
> +++ b/policy.sgml
> @@ -9131,38 +9131,31 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
> </p>
>
> <p>
> - If a package needs any special device files that are not
> - included in the base system, it must call
> - <prgn>MAKEDEV</prgn> in the <prgn>postinst</prgn> script,
> - after notifying the user<footnote>
> - This notification could be done via a (low-priority)
> - debconf message, or an echo (printf) statement.
> - </footnote>.
> - </p>
> -
> - <p>
> - Packages must not remove any device files in the
> - <prgn>postrm</prgn> or any other script. This is left to the
> - system administrator.
> - </p>
> -
> - <p>
> - Debian uses the serial devices
> - <file>/dev/ttyS*</file>. Programs using the old
> - <file>/dev/cu*</file> devices should be changed to use
> - <file>/dev/ttyS*</file>.
> - </p>
> -
> - <p>
> - Named pipes needed by the package must be created in
> - the <prgn>postinst</prgn> script<footnote>
> + Debian packages should assume that device files
> + in <file>/dev</file> are dynamically managed by the kernel or
> + some other system facility and do not have to be explicitly
> + created or managed by the package. Debian packages other than
> + those whose purpose is to manage the <file>/dev</file> device
> + file tree must not attempt to create or remove device files
> + in <file>/dev</file> when a dynamic device management facility
> + is in use.
> + </p>
> +
> + <p>
> + If named pipes or device files outside of <file>/dev</file> are
> + required by a package, they should normally be created when
> + necessary by the programs in the package, by init scripts or
> + systemd unit files, or by similar on-demand mechanisms. If such
> + files need to be created during package installation, they must
> + be created in the <pgrn>postinst</pgrn> maintainer
> + script<footnote>
> It's better to use <prgn>mkfifo</prgn> rather
> - than <prgn>mknod</prgn> to create named pipes so that
> - automated checks for packages incorrectly creating device
> - files with <prgn>mknod</prgn> won't have false positives.
> - </footnote> and removed in
> - the <prgn>prerm</prgn> or <prgn>postrm</prgn> script as
> - appropriate.
> + than <prgn>mknod</prgn> to create named pipes to avoid false
> + positives from automated checks for packages incorrectly
> + creating device files.
> + </footnote>
> + and removed in either the <pgrn>prerm</pgrn> or
> + the <pgrn>postrm</pgrn> maintainer script.
> </p>
> </sect>
>
> --
> 2.11.0
>
(Seems my previous reply dissapeared, so again...)
Seconded.
Regards,
Andreas Henriksson
Reply to: