PHP packaging guidelines
Andreas Thienemann
andreas at bawue.net
Fri May 26 09:49:31 UTC 2006
On Thu, 25 May 2006, Mike McGrath wrote:
> At this point my vote is for /usr/share/.
This point is not really open for discussion anymore.
We already talked about that at last weeks fesco meeting and
/usr/share/%{name} was it for normal php-web-apps.
This of course means that the packager would have to fiddle a bit with
selinux-permission, but it is managable.
There are some examples flying around and I plan to flesh out the
packaging guidelines with them. Time permitting of course.
> Why does /var/www/* even exist? Also, we should probably put in there
> a little note that says that just because its a web app doesn't mean it
> can break FHS. (I've been guilty of this on more than one occasion).
> Its the packagers job to put logs in /var/log, cache or any other files
> that get written to in their appropriate /var/ directory. Exceptions to
> this should be rare.
Naturally. Especially as it is not such a big problem to do so.
A little patchfile and everything is fine.
Something else I want to strongly suggest when finishing the guidelines:
There _SHOULD_ be a 'die("Please configure this application in
/etc/%{name}")' at the start of the configuration file (as long as it's
php-code and called via include() or something similar).
This prevents security problems in case the application is unconfigured.
The alternative would be to set the /usr/share/foo mapping to only accept
connections from localhost for the webapp in question. This is done in
/etc/httpd/conf.d/%{name}.conf.
This should probably be required for webapps which offer these darned
"installation-wizards". (Ohhh, how I hate them...)
> We've talked about this a bit on the list before but should we also
> mention a "All web apps should be available to localhost only by
> default" guideline. I know most of what I'm talking about is general
> web app guidelines, perhaps its time to re-evaluate them. Unless
> they're already out there and I'm not seeing them :-D
See above.
My plans are actually going further than just localhost.
regards,
andreas
More information about the fedora-extras-list
mailing list