Bug#920692: Packages must not install files or directories into /var/cache
It's well-established in Debian (but not documented in Policy) that
packages must not install files or directories under /var/cache.
The FHS explicitly states that "Files located under /var/cache may be
expired in an application specific manner, by the system administrator,
or both. The application must always be able to recover from manual
deletion of these files"; the FHS also states that "The application must
be able to regenerate or restore the data.".
Given that the sysadmin is free to delete /var/cache at any time, or not
back it up, or even put it on an ephemeral filesystem such as a tmpfs,
packages must not ship files or directories there. (Among other things,
debsums and other tools would flag deleted files.) Packages must create
such files or directories at runtime as needed, and must not fail if
those files or directories don't exist.
I checked the Contents file, and found only three packages installing
files there. One of those packages is orphaned, and another cropped up
only just recently by installing a CACHEDIR.TAG file (which shouldn't be
the domain of individual packages to install in /var/cache).
The attached patch makes this explicit in Policy. I refrained from
duplicating statements from the FHS (e.g. "must always be able to
recover"), and just stated the normative requirement that packages must
not install files there.
>From 463182f3a365fff6610d4e94eca4860fe51994f6 Mon Sep 17 00:00:00 2001
From: Josh Triplett <email@example.com>
Date: Mon, 28 Jan 2019 11:39:10 +0100
Subject: [PATCH] Packages must not install files or directories into
policy/ch-files.rst | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/policy/ch-files.rst b/policy/ch-files.rst
index 48410be..1cdcb18 100644
@@ -722,6 +722,15 @@ The name of the files and directories installed by binary packages
outside the system PATH must be encoded in UTF-8 and should be
restricted to ASCII when it is possible to do so.
+Packages must not install files or directories into ``/var/cache``. The
+system administrator may delete any or all files from this directory at
+any time, or may choose to put it on an ephemeral filesystem.
If you are using GCC, ``-fPIC`` produces code with relocatable
position independent code, which is required for most architectures