Archive:PackagingDrafts/UnownedDirectories


 * This is a clarification of existing Guidelines and does not require a vote unless objections are raised
 * Source for this is Michael Schwendt's post: https://www.redhat.com/archives/fedora-devel-list/2008-September/msg00381.html
 * This will live at Packaging/UnownedDirectories
 * It will be linked from http://fedoraproject.org/wiki/Packaging/ReviewGuidelines
 * We will replace the brief paragraph in http://fedoraproject.org/wiki/Packaging/Guidelines will be replaced:

"In all cases we are guarding against unowned directories being present on a system. Unowned directories are affected by the umask of the user installing the package and thus can be a security risk or lead to packages which won't run."

will become:

"In all cases we are guarding against unowned directories being present on a system. Please see Packaging/UnownedDirectories for the details."

= Unowned Directories =

The term "unowned directory" (or "orphaned directory") refers to a packaging mistake where these three things happen:


 * a package includes files within a directory it creates, but not the directory itself
 * none of the package's dependencies provide the directory either
 * the directory belongs to your package and does not belong to any core package or base filesystem package that is considered essential/fundamental to any Fedora System.

Issues
Unowned directories can cause the following problems.

Inaccessible Directories
A restrictive superuser umask during package installation can create inaccessible directories. For instance, if the superuser does this:

umask 077 yum update [or] rpm -ivh PACKAGE

Unowned directories within the updated or installed packages will only be readable and executable by root. This prevents other users from using the files within those directories.

This causes run-time problems for users. For example, unreadable subdirs below %_libdir disable plugins. Unreadable subdirs below %_datadir prevent application data, help texts, and graphics from being accessed.

Several sorts of users fix such permission problems with chmod instead of taking the time to report it as a bug. It is common belief that such bugs are so obvious they would be found by the package maintainer or will be reported by other users.

Directories not Removed
Upon uninstalling the package (or upgrading to another version), the old directory is not removed from the file system because it does not belong in the package in the RPM database.

Especially if directories contain a version number, they clutter up the file system with every update which doesn't remove old directories.

Directories cannot be Verified
Unowned/orphaned directories cannot be checked with rpm -V and not with rpm -qf either.

./configure Scripts can Fail
Upstream source tarball configuration can fail, because it detects the presence of an old but empty versioned header directories or because it is trying to use multiple versioned directories instead of just the latest valid one.

Tools to Help
It's easy to find unowned directories with  from rpmdevtools or. Just a bit of carefulness is needed to not include core filesystem directories, such as %_bindir, %_libdir (and obvious others, e.g. from the "filesystem" pkg) which don't belong into your package.

Common Mistakes
Here are some examples of common packaging mistakes in spec %files lists to avoid

Unversioned
%{_datadir}/foo/*

This includes everything _in_ "foo", but not "foo" itself. "rpm -qlv pkgname" will show a missing drwxr-xr-x entry for "foo". Correct would be:

%{_datadir}/foo/

to include the directory _and_ the entire tree below it.

Versioned
%{_docdir}/%{name}-%{version}/* %{_includedir}/%{name}-%{version}/*.h

This is the same as the unversioned scenario with the addition that everytime the package is upgraded to a new version the old directory will remain on the filesystem. Correct would be:

%{_docdir}/%{name}-%{version}/ %dir %{_includedir}/%{name}-%{version} %{_includedir}/%{name}-%{version}/*.h

Forgetting to Include a Toplevel Directory
%dir %{_libdir}/foo-2/fu %dir %{_libdir}/foo-2/bar %{_libdir}/foo-2/fu/*.so %{_libdir}/foo-2/bar/config*

Here it is an attempt at including the directories explicitly with the %dir macro. However, while "bar" is included, "foo-2" is not. Typically packagers run into that mistake if all installed files are stored only in subdirs of the parent "foo-2" directory. Correct would be:

%dir %{_libdir}/foo-2 %dir %{_libdir}/foo-2/fu %dir %{_libdir}/foo-2/bar %{_libdir}/foo-2/fu/*.so %{_libdir}/foo-2/bar/config*

Only Including Files
%{_datadir}/%{name}/db/raw/*.db %{_datadir}/%{name}/pixmaps/*.png

Here only specific data files are included, and all 4 directories below %_datadir are unowned. Correct would be:

%dir %{_datadir}/%{name} %dir %{_datadir}/%{name}/db %dir %{_datadir}/%{name}/db/raw %dir %{_datadir}/%{name}/pixmaps %{_datadir}/%{name}/db/raw/*.db %{_datadir}/%{name}/pixmaps/*.png