On Sun, 14 Feb 2016 16:02:03 +0100 Johannes Schauer <jo...@debian.org> wrote: > Control: found -1 8.4.3+dfsg-6 > > Hi, > > Quoting Debian Bug Tracking System (2016-02-13 18:24:16) > > This is an automatic notification regarding your Bug report > > which was filed against the gitlab package: > > > > #814476: gitlab writes into /usr/share/gitlab during operation > > > > It has been closed by Pirate Praveen <prav...@debian.org>. > > sorry but this bug is still not fixed. > > As you can read in my initial report, this bug is about violation of Debian > policy §9.1.1 and gitlab is still writing files into /usr/share/gitlab during > operation or stores host-specific configuration in /usr/share/gitlab. Let me > quote chapter 4 of the FHS again: > > "/usr is the second major section of the filesystem. /usr is shareable, > read-only data. That means that /usr should be shareable between various > FHS-compliant hosts and must not be written to. Any information that is > host-specific or varies with time is stored elsewhere." > > Since you seem to have thought that only the log files were a problem, here > are > some more offenders:
Thanks for digging deeper. > - /usr/share/gitlab/.ssh/authorized_keys > - /usr/share/gitlab/.secret yes, I should move those too. > - /usr/share/gitlab/config/database.yml > - /usr/share/gitlab/config/gitlab.yml > - /usr/share/gitlab/config/resque.yml There are symbolic links to /etc, ~$ ls -l /usr/share/gitlab/config/*.yml lrwxrwxrwx 1 gitlab gitlab 24 Feb 13 23:54 /usr/share/gitlab/config/database.yml -> /etc/gitlab/database.yml -rw-r--r-- 1 gitlab gitlab 1817 Jan 14 18:14 /usr/share/gitlab/config/gitlab.teatro.yml lrwxrwxrwx 1 gitlab gitlab 22 Feb 13 23:54 /usr/share/gitlab/config/gitlab.yml -> /etc/gitlab/gitlab.yml -rw-r--r-- 1 gitlab gitlab 997 Jan 14 18:14 /usr/share/gitlab/config/mail_room.yml -rw-r--r-- 1 gitlab gitlab 298 Jan 14 18:14 /usr/share/gitlab/config/newrelic.yml lrwxrwxrwx 1 gitlab gitlab 22 Feb 13 23:54 /usr/share/gitlab/config/resque.yml -> /etc/gitlab/resque.yml -rw------- 1 gitlab gitlab 160 Feb 4 15:53 /usr/share/gitlab/config/secrets.yml > - /usr/share/gitlab/config/secrets.yml This and remaining yml files should be moved to /etc as well. > - /usr/share/gitlab/config/unicorn.rb $ ls -l /usr/share/gitlab/config/unicorn.rb lrwxrwxrwx 1 gitlab gitlab 22 Feb 13 23:54 /usr/share/gitlab/config/unicorn.rb -> /etc/gitlab/unicorn.rb > - /usr/share/gitlab/Gemfile.lock > - /usr/share/gitlab/.gitconfig > - /usr/share/gitlab/.gitlab_shell_secret > - /usr/share/gitlab/information_schema > - /usr/share/gitlab/public/uploads > - /usr/share/gitlab/.secret > - /usr/share/gitlab/shared/cache/archive/ > - /usr/share/gitlab/.ssh > > A possible offender might be /usr/share/gitlab/public/assets/. I do not know > whether this content is host and/or configuration specific or not. > > I think one big problem is, that you set the home directory of the gitlab user > to /usr/share/gitlab. But user's home directories are definitely host-specific > and thus it would violate the FHS to store them in /usr. Also, it can be > usually expected that one has write access to the home directory but according > to the FHS, /usr might be mounted read-only during operation. So maybe you > should move the home directory to something host specific like something in > /var. yes, I think it should be moved to /var, I need to think how best to organize all of it then. > The second problem is, that there are still lots of configuration files in > /usr/share/gitlab. But configurations are host-specific and should be in /etc > or also in /var in certain cases. They are symlink to /etc. > Lastly, there seem to be upload and cache directories in /usr/share/gitlab > which definitely mustn't be there, like /usr/share/gitlab/public/uploads or uploads is also a symlink, will move cache also to /var $ ls -l /usr/share/gitlab/public/uploads lrwxrwxrwx 1 gitlab gitlab 23 Feb 13 13:24 /usr/share/gitlab/public/uploads -> /var/lib/gitlab/uploads
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
