[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#562194: hplip: hp-plugin writes to /usr/share

Package: hplip
Version: 3.9.10-4
Severity: serious
Justification: Policy 9.1.1

hp-plugin downloads firmware and plugins into
/usr/share/hplip/data/{firmware,plugins}.  To quote the FHS:

  /var is specified here in order to make it possible to mount /usr
  read-only. Everything that once went into /usr that is written to
  during system operation (as opposed to installation and software
  maintenance) must be in /var.

http://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html#THEVARHIERARCHY

So those two directories break Policy 9.1.1.  For instance, /usr could
be read-only when dpkg is not being used, as proposed in the Securing
Debian Manual.

http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.9.2

So I propose that hp-plugin should be modified to download firmware to
/var/lib/hplip/data/{firmware,plugins} and symbolic links added in
/usr/share/hplip/data/.  (I suspect the downloaded firmware is
variable data, anyway.)  An alternative might be /var/cache ?

Thanks,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages hplip depends on:
ii  adduser                   3.111          add and remove users and groups
ii  coreutils                 8.0-2          GNU core utilities
ii  cups                      1.4.1-5        Common UNIX Printing System(tm) - 
ii  cups-client               1.4.2-6        Common UNIX Printing System(tm) - 
ii  hplip-data                3.9.10-4       HP Linux Printing and Imaging - da
ii  libc6                     2.10.2-2       GNU C Library: Shared libraries
ii  libcups2                  1.4.2-6        Common UNIX Printing System(tm) - 
ii  libdbus-1-3               1.2.16-2       simple interprocess messaging syst
ii  libsane                   1.0.20-10      API library for scanners
ii  libsnmp15                 5.4.2.1~dfsg-5 SNMP (Simple Network Management Pr
ii  libssl0.9.8               0.9.8k-7       SSL shared libraries
ii  libusb-0.1-4              2:0.1.12-13    userspace USB programming library
ii  lsb-base                  3.2-23         Linux Standard Base 3.2 init scrip
ii  policykit-1               0.95-1         framework for managing administrat
ii  python                    2.5.4-4        An interactive high-level object-o
ii  python-dbus               0.83.0-1       simple interprocess messaging syst
ii  python-imaging            1.1.7-1        Python Imaging Library
ii  python-pexpect            2.3-1          Python module for automating inter

Versions of packages hplip recommends:
ii  hplip-cups                    3.9.10-4   HP Linux Printing and Imaging - CU
ii  sane-utils                    1.0.20-10  API library for scanners -- utilit

Versions of packages hplip suggests:
pn  hplip-doc                     <none>     (no description available)
pn  hplip-gui                     <none>     (no description available)
pn  kdeprint | gtklp | xpp        <none>     (no description available)
pn  openprinting-ppds             <none>     (no description available)

-- no debconf information
Reply to: