tech-pkg: Re: pkg-vulnverabilities location

Subject: Re: pkg-vulnverabilities location
To: Eric Haszlakiewicz <erh@nimenees.com>
From: Alistair Crooks <agc@pkgsrc.org>
List: tech-pkg
Date: 02/08/2005 11:22:28
On Mon, Feb 07, 2005 at 09:20:53PM -0600, Eric Haszlakiewicz wrote:
> On Mon, Feb 07, 2005 at 10:44:01PM +0000, Alistair Crooks wrote:
> > On Sat, Feb 05, 2005 at 01:36:36PM -0600, Eric Haszlakiewicz wrote:
> > > 
> > > 	I've been getting a bit annoyed that I need to keep creating a
> > > /usr/pkgsrc/distfiles directory on machine without pkgsrc just to provide
> > > a location for download-vulnerability-list to put it's list.  I know
> > > I can change that by setting PKGVULNDIR, but it seems like a poor default.
> > > 
> > > 	How about if we change that to /var/db or /var/tmp?
> > > (or even ${PREFIX}/var/db, if there's an easy way for a script to know
> > >  where it happens to get installed into)
> > 
> > Please don't change it from ${PKGVULNDIR}.  The DISTFILES directory
> > was chosen for a purpose, and you can modify it with PKGVULNDIR, as
> > you say. Far from it being a "poor default", there isn't really a
> > better one.
> 
> 	So why was $DISTDIR used as the default?  As far as I know, nothing
> else places runtime files in a source directory.  Even outside of pkgsrc
> that rule is followed.  e.g. /usr/src isn't used by the base system to hold
> config/generated files.  If there isn't a better location we should define
> one, and include it as part of the package so installing the package
> ensures that the directory exists.

Because ${DISTDIR} is, by definition, writable, and you can't say that
about any other directory that I can think of in pkgsrc (and, besides,
we were on a read-only pkgsrc kick at the time).
 	
> > /var/tmp is not meant for things like that, and we have been
> > overloading /var/db for too long for it to be viewed as a viable
> > alternative.
> 	From hier(7):
> /var/
> 	db/	miscellaneous automatically generated system-spe-
> 		cific database files, and persistent files used in
> 		the maintenance of third party software.
> 
> Isn't that _exactly_ what pkg-vulnerabilities is?  

/var/db was originally meant to be for runtime database files, like
the kvm "database", and was not meant to be for persistent storage. 

The bit you quote above was added at a later date (January 2004, in
revision 1.59), to rationalise the choice that had already been made
for us when we imported the pkgsrc system from FreeBSD.  Specifically,
I added the text

	...and persistent files used in the maintenance of third party
	software.

(related to /var/db/pkg).  But I still don't think that PKG_DBDIR
defaults to the right place, according to the hier(7) as it used to
be.

I'm still less than enthusiastic about using /var to store persistent
databases, but I customise ${PKG_DBDIR} anyway.

Regards,
Alistair