[Bro-Dev] Script reorg proposal
jsiwek at ncsa.illinois.edu
Tue Aug 2 09:38:07 PDT 2011
> - That said, we still need a default for the source install of
> course. I'm not sure I like ~/.bro for that, it's not where I'd
> intuitivelely look for local scripts, in particular when working
> as root.
Yeah, that's not a good place to install anything by default, but my understanding was it would just be an additional place to search by default. So it doesn't hurt anything, but it's also not extremely useful seeing as a BROPATH can just be customized to include it. I don't have a strong opinion either way.
> Does anybody have a good idea where the different OSs/distros want
> such local scripts files to be located? I'd say let's just pick
> one of those as the default for the src install as well.
All the binary packages use an install prefix of "/opt/bro" as per FHS. And except for Mac, variable/run-time related data (BroControl's spool and log dirs) are set to go into "/var/opt/bro" (for Mac it seemed reasonable to think users expect stuff to be installed in a single self-contained place -- the "app" mentality). Currently the site-specific scripts would go in "/opt/bro/share/bro/site".
According to the FHS, "No other package files may exist outside the /opt, /var/opt, and /etc/opt", so that limits the options for where local scripts would go. /etc/opt would be for static, host-specific config files, which doesn't seem entirely suitable. /var/opt is also not an exact match because that tends to be more for data that varies *during* operation. My interpretation is that we're not really violating any rule with the current placement of them, although in a similar case, people more familiar with packaging would probably recommend something under "/var/opt".
The standard recommendation for a manual build/install is to put stuff in /usr/local, but the specific place that's appropriate for local scripts is again ambiguous. Or maybe this issue is just outside the scope of FHS, which says "Local placement of local files is a local issue, so FHS does not attempt to usurp system administrators."
Our current approach might be adequate since the admin has an easy way (change default BROPATH) to choose the best place for their local files.
More information about the bro-dev