Your message dated Sat, 26 Dec 2009 17:47:18 +1100 with message-id <200912261747.22546.msp@debian.org> and subject line Re: [Pkg-hpijs-devel] Bug#562194: hplip: hp-plugin writes to /usr/share has caused the Debian Bug report #562194, regarding hplip: hp-plugin writes to /usr/share to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 562194: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562194 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: hplip: hp-plugin writes to /usr/share
- From: Tim Retout <tim@retout.co.uk>
- Date: Wed, 23 Dec 2009 18:30:25 +0000
- Message-id: <[🔎] 20091223183025.11907.15458.reportbug@arneb.retout.co.uk>
Package: hplip Version: 3.9.10-4 Severity: serious Justification: Policy 9.1.1 hp-plugin downloads firmware and plugins into /usr/share/hplip/data/{firmware,plugins}. To quote the FHS: /var is specified here in order to make it possible to mount /usr read-only. Everything that once went into /usr that is written to during system operation (as opposed to installation and software maintenance) must be in /var. http://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html#THEVARHIERARCHY So those two directories break Policy 9.1.1. For instance, /usr could be read-only when dpkg is not being used, as proposed in the Securing Debian Manual. http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.9.2 So I propose that hp-plugin should be modified to download firmware to /var/lib/hplip/data/{firmware,plugins} and symbolic links added in /usr/share/hplip/data/. (I suspect the downloaded firmware is variable data, anyway.) An alternative might be /var/cache ? Thanks, -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages hplip depends on: ii adduser 3.111 add and remove users and groups ii coreutils 8.0-2 GNU core utilities ii cups 1.4.1-5 Common UNIX Printing System(tm) - ii cups-client 1.4.2-6 Common UNIX Printing System(tm) - ii hplip-data 3.9.10-4 HP Linux Printing and Imaging - da ii libc6 2.10.2-2 GNU C Library: Shared libraries ii libcups2 1.4.2-6 Common UNIX Printing System(tm) - ii libdbus-1-3 1.2.16-2 simple interprocess messaging syst ii libsane 1.0.20-10 API library for scanners ii libsnmp15 5.4.2.1~dfsg-5 SNMP (Simple Network Management Pr ii libssl0.9.8 0.9.8k-7 SSL shared libraries ii libusb-0.1-4 2:0.1.12-13 userspace USB programming library ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip ii policykit-1 0.95-1 framework for managing administrat ii python 2.5.4-4 An interactive high-level object-o ii python-dbus 0.83.0-1 simple interprocess messaging syst ii python-imaging 1.1.7-1 Python Imaging Library ii python-pexpect 2.3-1 Python module for automating inter Versions of packages hplip recommends: ii hplip-cups 3.9.10-4 HP Linux Printing and Imaging - CU ii sane-utils 1.0.20-10 API library for scanners -- utilit Versions of packages hplip suggests: pn hplip-doc <none> (no description available) pn hplip-gui <none> (no description available) pn kdeprint | gtklp | xpp <none> (no description available) pn openprinting-ppds <none> (no description available) -- no debconf information
--- End Message ---
--- Begin Message ---
- To: Tim Retout <tim@retout.co.uk>, 562194-done@bugs.debian.org
- Subject: Re: [Pkg-hpijs-devel] Bug#562194: hplip: hp-plugin writes to /usr/share
- From: Mark Purcell <msp@debian.org>
- Date: Sat, 26 Dec 2009 17:47:18 +1100
- Message-id: <200912261747.22546.msp@debian.org>
- In-reply-to: <[🔎] 20091223183025.11907.15458.reportbug@arneb.retout.co.uk>
- References: <[🔎] 20091223183025.11907.15458.reportbug@arneb.retout.co.uk>
On Thursday 24 December 2009 05:30:25 Tim Retout wrote: > hp-plugin downloads firmware and plugins into > /usr/share/hplip/data/{firmware,plugins}. To quote the FHS: > > /var is specified here in order to make it possible to mount /usr > read-only. Everything that once went into /usr that is written to > during system operation (as opposed to installation and software > maintenance) must be in /var. Tim, The firmware downloaded is only used during installation of specific new printers. Once you have installed your printer you can mount /usr read-only and your system will operate correctly. > So those two directories break Policy 9.1.1. For instance, /usr could > be read-only when dpkg is not being used, as proposed in the Securing > Debian Manual. You can mount /usr read only, except when doing maintenance on the printers. > So I propose that hp-plugin should be modified to download firmware to > /var/lib/hplip/data/{firmware,plugins} and symbolic links added in > /usr/share/hplip/data/. (I suspect the downloaded firmware is > variable data, anyway.) An alternative might be /var/cache ? The firmware isn't variable data, it doesn't change over time. You just need to download the firmware, as install time, for specific printers, thus I'm closing this bug report. MarkAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---